mark-199
asked on
Forefront Endpoint Protection 2010 not updating on Server 2008 R2
We have nearly twenty servers and our file and print server suddenly stopped updating FEP 2010.
I have pasted in below all error messages I've encountered:
The error message when manually trying to update it is:
Forefront Endpoint Protection could not check for virus and spyware definition updates due to an Internet or network connectivity issue... Error code: 0x80070490"
The Event Viewer logs an error with ID 2001:
Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.137.911.0
Update Source: Microsoft Update Server
Update Stage: Search
Source Path: http://www.microsoft.com
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.8800.0
Error code: 0x80248014
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
And %Windir%\WindowsUpdate.log shows the following:
2012-10-04 11:55:17:595 2260 98c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2012-10-04 11:55:17:595 2260 98c Misc = Process: C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRu n.exe
2012-10-04 11:55:17:595 2260 98c Misc = Module: C:\Windows\system32\wuapi. dll
2012-10-04 11:55:17:595 2260 98c COMAPI -------------
2012-10-04 11:55:17:595 2260 98c COMAPI -- START -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C 4B4A23928E 3)]
2012-10-04 11:55:17:595 2260 98c COMAPI ---------
2012-10-04 11:55:17:595 2260 98c COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C 4B4A23928E 3)]
2012-10-04 11:55:17:595 872 7d4 Agent *************
2012-10-04 11:55:17:595 872 7d4 Agent ** START ** Agent: Finding updates [CallerId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C 4B4A23928E 3)]
2012-10-04 11:55:17:595 872 7d4 Agent *********
2012-10-04 11:55:17:595 872 7d4 Agent * Online = Yes; Ignore download priority = No
2012-10-04 11:55:17:595 872 7d4 Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6 911a52c34a 3' and CategoryIDs contains 'e0789628-ce08-4437-be74-2 495b842f43 b')"
2012-10-04 11:55:17:595 872 7d4 Agent * ServiceID = {7971F918-A847-4430-9279-4 A52D1EFE18 D} Third party service
2012-10-04 11:55:17:595 872 7d4 Agent * Search Scope = {Machine}
2012-10-04 11:55:17:595 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib ution\WuRe dir\9482F4 B4-E343-43 B6-B170-9A 65BC822C77 \muv4wured ir.cab:
2012-10-04 11:55:17:610 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: WinHttp: SendRequestToServerForFile Informatio n failed with 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib ution\WuRe dir\9482F4 B4-E343-43 B6-B170-9A 65BC822C77 \muv4wured ir.cab:
2012-10-04 11:55:17:719 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: WinHttp: SendRequestToServerForFile Informatio n failed with 0x80190194
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2012-10-04 11:55:17:735 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib ution\WuRe dir\9482F4 B4-E343-43 B6-B170-9A 65BC822C77 \muv4wured ir.cab:
2012-10-04 11:55:17:735 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:18:030 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib ution\WuRe dir\9482F4 B4-E343-43 B6-B170-9A 65BC822C77 \muv4wured ir.cab:
2012-10-04 11:55:18:030 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:18:046 872 7d4 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a 52d1efe18d at http://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
2012-10-04 11:55:18:046 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib ution\Auth Cabs\authc ab.cab:
2012-10-04 11:55:18:046 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:18:062 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib ution\Auth Cabs\authc ab.cab:
2012-10-04 11:55:18:062 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:18:062 872 7d4 PT WARNING: PTError: 0x80248014
2012-10-04 11:55:18:062 872 7d4 Agent * WARNING: Exit code = 0x80248014
2012-10-04 11:55:18:062 872 7d4 Agent *********
2012-10-04 11:55:18:062 872 7d4 Agent ** END ** Agent: Finding updates [CallerId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C 4B4A23928E 3)]
2012-10-04 11:55:18:062 872 7d4 Agent *************
2012-10-04 11:55:18:062 872 7d4 Agent WARNING: WU client failed Searching for update with error 0x80248014
2012-10-04 11:55:18:062 2260 678 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C 4B4A23928E 3)]
2012-10-04 11:55:18:062 2260 678 COMAPI - Updates found = 0
2012-10-04 11:55:18:062 2260 678 COMAPI - WARNING: Exit code = 0x00000000, Result code = 0x80248014
2012-10-04 11:55:18:062 2260 678 COMAPI ---------
2012-10-04 11:55:18:062 2260 678 COMAPI -- END -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C 4B4A23928E 3)]
2012-10-04 11:55:18:062 2260 678 COMAPI -------------
2012-10-04 11:55:18:062 2260 898 COMAPI WARNING: Operation failed due to earlier error, hr=80248014
2012-10-04 11:55:18:062 2260 898 COMAPI FATAL: Unable to complete asynchronous search. (hr=80248014)
2012-10-04 11:55:23:042 872 7d4 Report REPORT EVENT: {7ABBA0BB-C003-4756-9012-F CCA07EB3F9 A} 2012-10-04 11:55:18:062+0100 1 148 101 {00000000-0000-0000-0000-0 0000000000 0} 0 80248014 Microsoft Forefront Endpoint Pr Failure Software Synchronization Windows Update Client failed to detect with error 0x80248014.
2012-10-04 11:55:23:058 872 7d4 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2012-10-04 11:55:23:058 872 7d4 Report WER Report sent: 7.6.7600.256 0x80248014 00000000-0000-0000-0000-00 0000000000 Scan 101 Unmanaged
2012-10-04 11:55:23:058 872 7d4 Report CWERReporter finishing event handling. (00000000)
2012-10-04 13:17:16:457 872 6f8 AU AU setting next sqm report timeout to 2012-10-05 12:17:16
Thank you for your time and input.
I have pasted in below all error messages I've encountered:
The error message when manually trying to update it is:
Forefront Endpoint Protection could not check for virus and spyware definition updates due to an Internet or network connectivity issue... Error code: 0x80070490"
The Event Viewer logs an error with ID 2001:
Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.137.911.0
Update Source: Microsoft Update Server
Update Stage: Search
Source Path: http://www.microsoft.com
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.8800.0
Error code: 0x80248014
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
And %Windir%\WindowsUpdate.log
2012-10-04 11:55:17:595 2260 98c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2012-10-04 11:55:17:595 2260 98c Misc = Process: C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRu
2012-10-04 11:55:17:595 2260 98c Misc = Module: C:\Windows\system32\wuapi.
2012-10-04 11:55:17:595 2260 98c COMAPI -------------
2012-10-04 11:55:17:595 2260 98c COMAPI -- START -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C
2012-10-04 11:55:17:595 2260 98c COMAPI ---------
2012-10-04 11:55:17:595 2260 98c COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C
2012-10-04 11:55:17:595 872 7d4 Agent *************
2012-10-04 11:55:17:595 872 7d4 Agent ** START ** Agent: Finding updates [CallerId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C
2012-10-04 11:55:17:595 872 7d4 Agent *********
2012-10-04 11:55:17:595 872 7d4 Agent * Online = Yes; Ignore download priority = No
2012-10-04 11:55:17:595 872 7d4 Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6
2012-10-04 11:55:17:595 872 7d4 Agent * ServiceID = {7971F918-A847-4430-9279-4
2012-10-04 11:55:17:595 872 7d4 Agent * Search Scope = {Machine}
2012-10-04 11:55:17:595 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib
2012-10-04 11:55:17:610 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: WinHttp: SendRequestToServerForFile
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib
2012-10-04 11:55:17:719 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: WinHttp: SendRequestToServerForFile
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2012-10-04 11:55:17:735 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib
2012-10-04 11:55:17:735 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:18:030 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib
2012-10-04 11:55:18:030 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:18:046 872 7d4 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a
2012-10-04 11:55:18:046 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib
2012-10-04 11:55:18:046 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:18:062 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib
2012-10-04 11:55:18:062 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:18:062 872 7d4 PT WARNING: PTError: 0x80248014
2012-10-04 11:55:18:062 872 7d4 Agent * WARNING: Exit code = 0x80248014
2012-10-04 11:55:18:062 872 7d4 Agent *********
2012-10-04 11:55:18:062 872 7d4 Agent ** END ** Agent: Finding updates [CallerId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C
2012-10-04 11:55:18:062 872 7d4 Agent *************
2012-10-04 11:55:18:062 872 7d4 Agent WARNING: WU client failed Searching for update with error 0x80248014
2012-10-04 11:55:18:062 2260 678 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C
2012-10-04 11:55:18:062 2260 678 COMAPI - Updates found = 0
2012-10-04 11:55:18:062 2260 678 COMAPI - WARNING: Exit code = 0x00000000, Result code = 0x80248014
2012-10-04 11:55:18:062 2260 678 COMAPI ---------
2012-10-04 11:55:18:062 2260 678 COMAPI -- END -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C
2012-10-04 11:55:18:062 2260 678 COMAPI -------------
2012-10-04 11:55:18:062 2260 898 COMAPI WARNING: Operation failed due to earlier error, hr=80248014
2012-10-04 11:55:18:062 2260 898 COMAPI FATAL: Unable to complete asynchronous search. (hr=80248014)
2012-10-04 11:55:23:042 872 7d4 Report REPORT EVENT: {7ABBA0BB-C003-4756-9012-F
2012-10-04 11:55:23:058 872 7d4 Report CWERReporter::HandleEvents
2012-10-04 11:55:23:058 872 7d4 Report WER Report sent: 7.6.7600.256 0x80248014 00000000-0000-0000-0000-00
2012-10-04 11:55:23:058 872 7d4 Report CWERReporter finishing event handling. (00000000)
2012-10-04 13:17:16:457 872 6f8 AU AU setting next sqm report timeout to 2012-10-05 12:17:16
Thank you for your time and input.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have you tried doing a manual signature update after all of this?
ASKER
Serchlop, Windows updates work fine.
Russell_Venable, manually updating FEP work fine too.
We are currently experiencing some issues with the certificate service on the SAME server. It could have something to do with that.
By looking at the logs, does anyone have any ideas what is going on?
This is interesting:
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: WinHttp: SendRequestToServerForFile Informatio n failed with 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib ution\WuRe dir\9482F4 B4-E343-43 B6-B170-9A 65BC822C77 \muv4wured ir.cab:
2012-10-04 11:55:17:719 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: WinHttp: SendRequestToServerForFile Informatio n failed with 0x80190194
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
Russell_Venable, manually updating FEP work fine too.
We are currently experiencing some issues with the certificate service on the SAME server. It could have something to do with that.
By looking at the logs, does anyone have any ideas what is going on?
This is interesting:
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: WinHttp: SendRequestToServerForFile
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2012-10-04 11:55:17:719 872 7d4 Misc Validating signature for C:\Windows\SoftwareDistrib
2012-10-04 11:55:17:719 872 7d4 Misc Microsoft signed: Yes
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: WinHttp: SendRequestToServerForFile
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04 11:55:17:735 872 7d4 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
Still looks to be a connectivity issue. Is your router blocking traffic that is vital for this to work? The file signatures from this log check out, not sure what signature service your talking about in your last message. Can you clarify?
ASKER
It's the certificate service that we're struggling with, nothing to do with signatures.
I have just run some tests on our frewall and there aren't any internet connectivity restrictions either.
I have just run some tests on our frewall and there aren't any internet connectivity restrictions either.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I didn't try the first solution because Windows updates worked fine... but I tried it now and it it fixed the FEP issue.
Thank you all for your contribution.
Thank you all for your contribution.