You are browsing the archive for 2011 June.

Forefront Endpoint Protection 2010 : Update Rollup 1 available for download

7:29 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, embedded, FEP, FEP2010, Installation, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, WES2009 by Kenny Buntinx [MVP]

Update Rollup 1 for Microsoft Forefront Endpoint Protection 2010 introduces new features and updates. These new features and updates are summarized below.

The following list is a summary of the updates in FEP Update Rollup 1 for server functionality.

Finally the Forefront team came up with a solution that since the release of the product they really missed .The following Microsoft website explains how to auto deploy forefront client security definition in a step-by-step guide. aka

In this step-by-step guide, they essentially go into the WSUS Console to create an Auto-Acceptance rule. First of all this should make any ConfigMgr admin shiver, as it should have been drilled into your head that you are supposed to do software updates management from the ConfigMgr administrator console. Now, I and many other SCCM admins have never understood why they didn’t solve that in a more elegant manner. The solution works, however has a couple of major drawbacks.

Additionally in a multi distribution point environment, the actual definition updates will always come from the Software update point, whereas normal software updates come from the distribution points. In other words, this impacts scale quite a bit, and forefront definitions come out at a very frequent pace meaning they are hitting you software update point harder than anything else.

The main problem, is that in SCCM 2007 we have no "easy" way to create an Auto-Approval rule. This will be solved in CM12 , until then , for the CM07 they will fix that mistake by update rollup 1. Soon I will launch a blog post to see if this is a real workable solution. So now you will have with Update Rollup 1 a tool that facilitates the use of the Configuration Manager software updates functionality to download FEP definition updates and make them available to client computers running the FEP client software.

In order to use the software updates feature for definition updates, you must perform the following high-level steps:

    • Download and install the Update Rollup 1 package.
    • Configure software updates to download definitions for FEP.
    • Configure the package by which the definition updates will be distributed, and configure the distribution settings for it.
    • Install and configure the FEP Software Update Automation tool.


  1. Addition of support for the FEP client software for Windows Embedded 7 and Windows Server 2008 Server Core. For more information on the added client support, see Prerequisites for Deploying Forefront Endpoint Protection on a Client
  2. The following list is a summary of the updates to FEP policies included with Update Rollup 1.
  • Update Rollup 1 for FEP 2010 adds a new FEP policy option to configure definition updates for FEP client computers. After installing Update Rollup 1 for FEP, you can configure FEP policies to update definitions from a Configuration Manager software update point.

    To configure FEP policies to update definitions from a Configuration Manager software update point

    • When you create a new FEP policy or edit an existing FEP policy, the new definition update options appears as follows:

      • When creating a new FEP policy, in the New Policy Wizard, on the Updates page, select the check box for Enable updates from Configuration Manager.
      • When editing an existing FEP policy in a Configuration Manager console that on which you installed the Update Rollup 1 for FEP, in the properties for a FEP policy, on the Updates tab, select the check box for Use Configuration Manager as primary source for definition updates.
  • Addition of two new preconfigured policy templates for the following server workloads:

    • Microsoft Forefront Threat Management Gateway
    • Microsoft Lync 2010


You will find the Forefront Endpoint Protection 2010  Update Rollup 1to download at the following location :


Hope it Helps ,


Kenny Buntinx

Got SCCM 2007? Take a look at this XenApp Connector Tech Preview!

2:35 pm in citrix, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, Xenapp by Kenny Buntinx [MVP]

You’ve probably seen XenApp Connector for SCCM in XenApp 6. Now we’re taking it one step further – Along with the Citrix XenApp Tech Preview release, we’re pleased to announce the availability of the next version of the XenApp Connector for Microsoft SCCM 2007, as a Tech Preview release. This XenApp Connector Tech Preview represents another milestone in the ongoing partnership with Microsoft to bring you a powerful joint solution that lets you manage your entire XenApp environment using the SCCM management console. XenApp Connector extends the reach of ConfigMgr 2007 to virtual environments like Citrix without any downtime for users.

For those not familiar with XenApp Connector for SCCM, you can read more about it here and watch the video here.

This release of the XenApp Connector contains the following features:

1. Support for SCCM 2007 R2 and R3.
2. Support for WSUS – Windows Server Update Services. So now you can deliver not just applications, but also keep your entire XenApp infrasructure up-to-date with the latest Windows Updates without any user downtime.
3. Quality improvements including several bug fixes (such as seamless FTA for App-V packages)
4. Scalability improvements
5. Setup & Configuration Simplification – wizard detects connectivity and setup problems early on and automatically suggests solutions.
6. Firewall friendly changes – Communication between the Connector and the hosts (XenApp, PCM and SCCM) now make use of PowerShell V2 remoting over HTTP/HTTPS.
7. Improved Security – The option to enable SSL encryption in the Configuration Wizard and Digital signing of the Connector PowerShell script files.
8. Full Section 508 compliance
9. Logging and diagnostic improvements (rolling log file support, SMS Trace format compatibility)


This release can be found on the ISO image of the XenApp Tech Preview release under the ‘Connector for ConfigMgr’ folder.


Hope it Helps

Kenny Buntinx

Opalis 6.3 : Integration pack error solution – “Failed to CoCreate IOpalisServerExtension"

6:49 am in Opalis, Opalis 6.3 by Kenny Buntinx [MVP]

At my customer , we had a weird issue when running our workflow. We had a workflow with a custom start that fired off , but failed at the moment we hit to “add resource to SCCM”.


It failed with a error message “Failed to CoCreate IOpalisServerExtension" as shown in the screenshot below.


It seems that sometimes the deploy action server wizard does not function fully. The action server will work for most things but you could get error message that the server could not create extension and so on. Probably the wizard fails in registering some components and you get error messages like this. In our case, it was only when using items from the SCCM integration pack.

Below you will find the log file on the “RunbookServers” :


But you can overcome this by doing a manual install First of the “runbook” server en then overwrite doing an install trough the deployment console.

Start the installer.



This is the welcome screen, follow the instructions of the next screenshots.


Now we still need to install the same management server through the Deployment console as you normally would. Start up the deployment manager with the “run as administrator” option.




After this procedure, all IP’s will work correctly.

Hope it Helps ,

Kenny Buntinx

Opalis 6.3 : Operator console and “Ghost” workflows/policies that seems to keep running for ever !

10:18 am in Opalis, Opalis 6.3 by Kenny Buntinx [MVP]

Today at my customer , we had a weird issue thru our operator console in Opalis 6.3. We had a workflow with a custom start that fired off , but failed with a error message “Failed to CoCreate IOpalisServerExtension". This issue had nothing to do with the fact that those workflows kept running in the Opalis Operator Console for eternity as shown in the screenshot below. We had no possibility even when we had the right to delete or stop those running policies. When you tried to stop those running policies , they said there where “No policies found that could be stopped”.



First thought was that it had something to do with Java cache as I am so in love with Java Smile . Answer after clearing cache was the same …

The answer to this is that there is a “known” issue ( I don’t know if its is a “known” issue as I found it after a long search on the internet ) where the log will retain "ghost" entries for running workflows.

So basically it will look like a workflow is running (in the designer and Operator Console) but no workflow is running. This is an operational issue that doesn’t effect runtime, meaning that although it LOOKS like these are running workflows… even though they aren’t… they don’t take up a request queue or impact runtime in any way.

If you call PSS they can give you a procedure to clean up these "ghost" entries or you can simply go into the OPALIS designer, right-click on the bogus instances, and delete them manually as shown in the screenshot below :




After you have cleaned out your "ghost" entries , you will see that there are no ghost entries left any more :




Hope it Helps ,


Kenny Buntinx