The SharePoint Service is running but the Forefront VSAPI Library is not registered

I have received several queries from customers regarding issues where Forefront is reporting the following error message:-

"The SharePoint Service is running but the Forefront VSAPI Library is not registered"

Normally you would like to know why this is occurring and how to address this error.

Before I begin to provide possible causes for the error message, I would like to give a quick overview of what is the function that this component performs.

The VSAPI (Virus Scanning API) is a way for Microsoft products to interface with Anti-Virus products. This takes the form of a DLL, in Forefronts’ case this is “SPVsapi.dll”, and is referenced in the Sharepoint registry via a Class ID.

This Class ID is registered with Windows and refers to our DLL. This can then be called by any process within Windows.

 

SharePoint will then call this DLL and load it into all w3wp.exe processes that Sharepoint controls, all SharePoint application pools and all apps that use the SharePoint Object Model (OM). This is loaded when the SharePoint object/process is loaded and receives its first call.

We can see the Forefront VSAPI DLL loaded within the w3wp.exe in the following image:-

This can also occur if any of the requirements above are not 100% correct; i.e. the CLSID is incorrect or missing, the DLL is not accessible, the entry within the SharePoint registry is not correctly configured, etc.

The Forefront Controller process runs as a DCOM server:-

A DCOM server will automatically start if any attempt is made to access it. This can happen for various reasons, but normally these are if the Forefront console is started or a monitoring package, such as SCOM, makes a call to this DCOM server.

The entries within the Sharepoint registry and all dependencies between SharePoint and Forefront services and processes are removed when “FSCUtility /disable” is run, and recreated when “FSCUtility /enable” is run. As such, when we are faced with situations where we believe that something within this chain is incorrect or the chain is broken for some reason, we request that the customer runs “FSCUtility /disable” followed by “FSCUtility /enable” as this will force all the chain to be recreated.

I hope you find this useful. Any comment are greatfully received.