Link to home
Start Free TrialLog in
Avatar of mark-199
mark-199Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Forefront Endpoint Protection 2010 not updating on Server 2008 R2

We have nearly twenty servers and our file and print server suddenly stopped updating FEP 2010.
I have pasted in below all error messages I've encountered:


The error message when manually trying to update it is:
Forefront Endpoint Protection could not check for virus and spyware definition updates due to an Internet or network connectivity issue... Error code: 0x80070490"


The Event Viewer logs an error with ID 2001:
Microsoft Antimalware has encountered an error trying to update signatures.
       New Signature Version:
       Previous Signature Version: 1.137.911.0
       Update Source: Microsoft Update Server
       Update Stage: Search
       Source Path: http://www.microsoft.com
       Signature Type: AntiVirus
       Update Type: Full
       User: NT AUTHORITY\SYSTEM
       Current Engine Version:
       Previous Engine Version: 1.1.8800.0
       Error code: 0x80248014
       Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.


And %Windir%\WindowsUpdate.log shows the following:
2012-10-04      11:55:17:595      2260      98c      Misc      ===========  Logging initialized (build: 7.6.7600.256, tz: +0100)  ===========
2012-10-04      11:55:17:595      2260      98c      Misc        = Process: C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
2012-10-04      11:55:17:595      2260      98c      Misc        = Module: C:\Windows\system32\wuapi.dll
2012-10-04      11:55:17:595      2260      98c      COMAPI      -------------
2012-10-04      11:55:17:595      2260      98c      COMAPI      -- START --  COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
2012-10-04      11:55:17:595      2260      98c      COMAPI      ---------
2012-10-04      11:55:17:595      2260      98c      COMAPI      <<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
2012-10-04      11:55:17:595       872      7d4      Agent      *************
2012-10-04      11:55:17:595       872      7d4      Agent      ** START **  Agent: Finding updates [CallerId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
2012-10-04      11:55:17:595       872      7d4      Agent      *********
2012-10-04      11:55:17:595       872      7d4      Agent        * Online = Yes; Ignore download priority = No
2012-10-04      11:55:17:595       872      7d4      Agent        * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6911a52c34a3' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
2012-10-04      11:55:17:595       872      7d4      Agent        * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2012-10-04      11:55:17:595       872      7d4      Agent        * Search Scope = {Machine}
2012-10-04      11:55:17:595       872      7d4      Misc      Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-10-04      11:55:17:610       872      7d4      Misc       Microsoft signed: Yes
2012-10-04      11:55:17:719       872      7d4      Misc      WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2012-10-04      11:55:17:719       872      7d4      Misc      WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04      11:55:17:719       872      7d4      Misc      WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2012-10-04      11:55:17:719       872      7d4      Misc      Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-10-04      11:55:17:719       872      7d4      Misc       Microsoft signed: Yes
2012-10-04      11:55:17:735       872      7d4      Misc      WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2012-10-04      11:55:17:735       872      7d4      Misc      WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04      11:55:17:735       872      7d4      Misc      WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2012-10-04      11:55:17:735       872      7d4      Misc      Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-10-04      11:55:17:735       872      7d4      Misc       Microsoft signed: Yes
2012-10-04      11:55:18:030       872      7d4      Misc      Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-10-04      11:55:18:030       872      7d4      Misc       Microsoft signed: Yes
2012-10-04      11:55:18:046       872      7d4      Agent      Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
2012-10-04      11:55:18:046       872      7d4      Misc      Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2012-10-04      11:55:18:046       872      7d4      Misc       Microsoft signed: Yes
2012-10-04      11:55:18:062       872      7d4      Misc      Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2012-10-04      11:55:18:062       872      7d4      Misc       Microsoft signed: Yes
2012-10-04      11:55:18:062       872      7d4      PT      WARNING: PTError: 0x80248014
2012-10-04      11:55:18:062       872      7d4      Agent        * WARNING: Exit code = 0x80248014
2012-10-04      11:55:18:062       872      7d4      Agent      *********
2012-10-04      11:55:18:062       872      7d4      Agent      **  END  **  Agent: Finding updates [CallerId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
2012-10-04      11:55:18:062       872      7d4      Agent      *************
2012-10-04      11:55:18:062       872      7d4      Agent      WARNING: WU client failed Searching for update with error 0x80248014
2012-10-04      11:55:18:062      2260      678      COMAPI      >>--  RESUMED  -- COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
2012-10-04      11:55:18:062      2260      678      COMAPI        - Updates found = 0
2012-10-04      11:55:18:062      2260      678      COMAPI        - WARNING: Exit code = 0x00000000, Result code = 0x80248014
2012-10-04      11:55:18:062      2260      678      COMAPI      ---------
2012-10-04      11:55:18:062      2260      678      COMAPI      --  END  --  COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection 2010 (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
2012-10-04      11:55:18:062      2260      678      COMAPI      -------------
2012-10-04      11:55:18:062      2260      898      COMAPI      WARNING: Operation failed due to earlier error, hr=80248014
2012-10-04      11:55:18:062      2260      898      COMAPI      FATAL: Unable to complete asynchronous search. (hr=80248014)
2012-10-04      11:55:23:042       872      7d4      Report      REPORT EVENT: {7ABBA0BB-C003-4756-9012-FCCA07EB3F9A}      2012-10-04 11:55:18:062+0100      1      148      101      {00000000-0000-0000-0000-000000000000}      0      80248014      Microsoft Forefront Endpoint Pr      Failure      Software Synchronization      Windows Update Client failed to detect with error 0x80248014.
2012-10-04      11:55:23:058       872      7d4      Report      CWERReporter::HandleEvents - WER report upload completed with status 0x8
2012-10-04      11:55:23:058       872      7d4      Report      WER Report sent: 7.6.7600.256 0x80248014 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2012-10-04      11:55:23:058       872      7d4      Report      CWERReporter finishing event handling. (00000000)
2012-10-04      13:17:16:457       872      6f8      AU      AU setting next sqm report timeout to 2012-10-05 12:17:16

Thank you for your time and input.
ASKER CERTIFIED SOLUTION
Avatar of serchlop
serchlop
Flag of Mexico image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Russell_Venable
Russell_Venable
Flag of United States of America image
Have you tried doing a manual signature update after all of this?
Avatar of mark-199
mark-199
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Serchlop, Windows updates work fine.

Russell_Venable, manually updating FEP work fine too.

We are currently experiencing some issues with the certificate service on the SAME server. It could have something to do with that.

By looking at the logs, does anyone have any ideas what is going on?

This is interesting:

2012-10-04      11:55:17:719       872      7d4      Misc      WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2012-10-04      11:55:17:719       872      7d4      Misc      WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04      11:55:17:719       872      7d4      Misc      WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2012-10-04      11:55:17:719       872      7d4      Misc      Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-10-04      11:55:17:719       872      7d4      Misc       Microsoft signed: Yes
2012-10-04      11:55:17:735       872      7d4      Misc      WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2012-10-04      11:55:17:735       872      7d4      Misc      WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2012-10-04      11:55:17:735       872      7d4      Misc      WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
Avatar of Russell_Venable
Russell_Venable
Flag of United States of America image
Still looks to be a connectivity issue. Is your router blocking traffic that is vital for this to work? The file signatures from this log check out, not sure what signature service your talking about in your last message. Can you clarify?
Avatar of mark-199
mark-199
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

It's the certificate service that we're struggling with, nothing to do with signatures.
I have just run some tests on our frewall and there aren't any internet connectivity restrictions either.
SOLUTION
Avatar of Russell_Venable
Russell_Venable
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mark-199
mark-199
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

I didn't try the first solution because Windows updates worked fine... but I tried it now and it  it fixed the FEP issue.

Thank you all for your contribution.