Thursday, June 16, 2011

Kaspersky 8 Update Availability – forefront SP2 Rollup

The below are some information for the exchange administrators on up gradation of forefront SP2 rollup3 for getting the Kaspersky engine 8 update.

1. Upgradation is an straight forward process, don’t panic after the up gradation also the engine folder name and in GUI mgt console it shows as kaspersky5 though the engine kaspersky8. As per Microsoft “The Kaspersky engine's names incorporates the version number '5'. Even after installing this hotfix rollup, the engine name for Kaspersky will still be "Kaspersky5" in both logs and within the Forefront Administrator client. This is purely a cosmetic issue and does not affect functionality.” So it’s fine.

2. New Engine updates are quite bigger in size compared to the old engines. So the default scan engine update time needs to be increased in the server through regedit. Also the incremental type of engine download is not available with rollup2, whereas rollup3 does have incremental type engine update

HKLM\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
•Open Regedit
•Navigate to the following key:
HKLM\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
•Click New DWORD Value
•Type EngineDownloadTimeout, and then press ENTER
•Right-click the new value and select Modify
•Select Decimal as the base, enter 600 in the Value data box, and then click OK. This setting causes the scan engine download process to time out after 600 seconds (10 minutes, instead of 5 minutes)
•Exit Regedit

3. On cluster make sure LocalEngineMapping.cab has been copied to the shared resource location else the engine update will fail in the clustered mailbox servers. For other roles, the file will be automatically updated in the correct installation folder itself.

As mentioned in the Microsoft site,

To install the hotfix rollup on a SCC cluster, choose one of the following methods:
Method 1
To install this particular hotfix on a SCC cluster, you should perform upgrades on all active nodes first. Setup will prompt you to allow it to take resources offline and bring them back online automatically. Check that all resources are online, and that all Forefront and Exchange services have been started afterwards. You should manually bring resources online / start services, if necessary. Once you have upgraded the active nodes, do not failover. Finally, upgrade each passive node in turn.
Installing on all active nodes first means that Forefront will be able to access the DatabasePath location, where it needs to copy a file to (LocalEngineMapping.cab).

Method 2
If you prefer not to upgrade on active nodes, you may perform a “rolling upgrade” where you install on each node only when it is in a passive state. This involves performing a series of failovers, so that each node has a chance to become passive. Once all nodes have been upgraded, you must copy LocalEngineMapping.cab from each active node’s local installation to the shared disk folder for the CMS. Forefront needs this file in the following shared disk location, in order to be able to upgrade the Kaspersky engine to version 8.
Copy LocalEngineMapping.cab from each active node’s local installation (source) to its shared disk folder (target):
Source location: \Program Files (x86)\Microsoft Forefront Security\Exchange Server
Target location: \ForefrontCluster\Engines\
Notes:
a. There is no need to restart any services or failover the cluster after you have copied LocalEngineMapping.cab to the shared disk folder.
b. If you do not copy LocalEngineMapping.cab to the shared disk folder, Forefront will continue to try to update version 5 of the Kaspersky engine (which will be retired by Microsoft after 31st January 2011).

4. After the up gradation, if the old obsolete engines are still showing, then try renaming the scandisk.fdb and template.fdb (after stopping the forefront services). On restarting the service rebuild the two files, thereby will get the latest working engines alone.

5. In case of any engine update failure, check progromlog.txt which captures the complete engine update events with timestamp and neat descriptions.

Hope the information is useful.

Thanks
Logan

2 comments:

Iain Powell said...

Thank you so so so much.. This has been bugging me for the last couple of months. Problem resolved. :0)

Anonymous said...

things hard to build, difficult to replace, and сostly to substitute.
Тhe Jοurnal article goes on tο point out "Corn is up 44%, milk is up 6. What do you think when a new potential supplier approaches you with the selling phrase, "I'm as good as the one you use now".

Look at my website ... dominos pizza