How to use the Forefront Server Security Management Console diagnostic tool


Diagnostic logging is helpful information that can be used by Microsoft support technicians to help troubleshoot problems that are occurring while Forefront Security Management Console (FSSMC) is not working properly. To accurately diagnose a problem, support engineers typically need a variety of information about FSSMC and the Forefront servers it is managing.


This information consists of diagnostic logs, third-party scan engine updates, registry settings and deployment agent information, among other things.


 


 Gathering this information is a major effort that can hinder the troubleshooting process.


To make it easier for you to collect this information, the FSSMC tool (FSSMC Diagnostics) automates the process, assembling all the necessary data in one file that can then be uploaded to Microsoft. When you contact Microsoft support, you will be told where to upload the file.


 


Information Collected on the FSSMC Server


 


After installing FSSMC, there will be 4 shortcuts created in the Start menu under Microsoft Forefront Server Management Console Diagnostics. They are “Clear Forefront log”, “Disable Forefront log”, “Enable Forefront log” and “Forefront Diagnostic”. If you click on one of these shortcuts, a pop-up DOS window will appear that shows the progress of the tool.


 


FSSMC Diagnostic Shortcuts:


 


Forefront Diagnostic: Collects diagnostic information from the FSSMC server. When the program finishes, it creates a zip file named SEMInfo.zip that includes the files listed below. The SEMInfo.zip file is placed in the Microsoft Forefront Security\Server\Server Management\Diagnostics folder.


Enable Forefront log: Turns on the Forefront log by setting the value of “TraceEventLog” registry to 1.


Disable Forefront log: Turns off the Forefront log by setting the value of “TraceEventLog” registry to 0.


Clear Forefront log: Removes all Forefront logs except the logs in SEMInfo.zip.


 


SEMInfo.zip:


This compressed file contains the following files – unless otherwise stated, these logs are generated by the diagnostics utility.


 


·     COM+_Users.txt: Collects all users associated with the following COM+ FSSMC services:


          Microsoft.SEM.Services


          Microsoft.SEM.NotificationSender



  • GeneralInfo.txt: Provides general information on FSSMC and the system, such as operating system version, FSSMC version, SQL version, Global Assembly Cache.

  • NetShare.txt: Contains the output of “Net Share”.

  • Registry_Software.txt: Collects the FSSMC registry

  • Registry_System.txt: Collects the system registry

  • EventLog_Application: Collects the Application Event Log in .evt format

  • EventLog_Security: Collects the Security Event Log in .evt format

  • EventLog_System: Collects the System Event Log in .evt format

  • DirPermission.txt: Contains access permission information for the directories that FSSMC requires access to.

  • IISInfo.txt: Contains IIS information such as Semconsole path, AppRoot etc.

  • LocalPolicy.inf: Exports User logon rights and privileges to the file.

  • FSSMCInstall.log if it exists. This log exists under system root path and contains FSSMC installation information.

·         Microsoft.FSSMC.installationhelper.InstallLog If it exists, this log is located under the Microsoft Forefront Security\Server\Server Management\Install folder. Provides logging of the .Net installation/registration.



  • FSSMCLog.txt if it exists. This log exists under “Microsoft Forefront Security\Server\Server Management\LogFiles” subfolder of the All User’s “Application Data” path. Provides diagnostic logging for FSSMC. Similar to the Programlog.txt in the Forefront Server products.

  • RedistributionAgent.txt If it exists, this log contains FSS signature update information and is located under “Microsoft Forefront Security\Server\Server Management\LogFiles” subfolder of the All User’s “Application Data” path.

  • SchedulerService.txt: Contains FSSMC scheduled job information. This log exists under “Microsoft Forefront Security\Server\Server Management\LogFiles” subfolder of the All User’s “Application Data” path.

  • LastGood.xml If it exists, this log is located under “Program Files\Microsoft Forefront Security\Server\Server Management\Services\” path. Contains last good engine update information.

·         dirtree.txt: This log generated by this tool. Logs the dir tree under the \\Redistribution\\Cache directory to this file.


·         DownloadEngineFiles.txt If it exists, this log is located under “Documents and Settings\All Users\Application Data\Microsoft Forefront Security\Server\Server Management\LogFiles” path. Provides logging from the DownloadEngineFiles module which downloads all scan engine updates.


·         DeploymentAgent.txt Provides logging for the deploymentagent module.


·         BootStrapper.txt Provides logging from bootstrapper module used  during the installation.


 


Information Collected on the Forefront Server Security Server


 


After deploying an agent to the FSE/FSSP managed server, 4 shortcuts will be created in the Start menu under Microsoft Forefront Server Management Console Remote Diagnostics\Forefront remote log generator\. They are “Clear Forefront log”, “Disable Forefront log”, “Enable Forefront log” and “Forefront Diagnostic”. If you click on one of these shortcuts, a pop-up DOS window will appear that shows the progress of the tool.


 


FSE Diagnostic Shortcuts:


 


Forefront Diagnostic: Collects diagnostic information from the FSSMC server. When the program finishes, it creates a zip file named SEMInfo.zip that includes the files listed below. The SEMInfo.zip file is placed in the Microsoft\FSSMC DeploymentAgent-number folder.


Enable Forefront log: Turns on the Forefront log by setting the value of “TraceEventLog” registry to 1.


Disable Forefront log: Turns off the Forefront log by setting the value of “TraceEventLog” registry to 0.


Clear Forefront log: Removes all Forefront logs except the logs in SEMInfo.zip.


 


SEMInfo_Remote.zip:


This compressed file contains the following files – unless otherwise stated, these logs are generated by the diagnostics utility.


 



  • EventLog_Application: Collects the Application Event Log in .evt format


  • EventLog_Security: Collects the Security Event Log in .evt format

  • EventLog_System: Collects the System Event Log in .evt format

  • ForefrontInstall.log If it exists, this log is located under system root path.

  • SybariCacheDirInfo.txt: Contains all files and sub-directories’ name in C:\WINDOWS\Temp\SybariCache directory.

  • Registry_Software.txt:

  • GeneralInfo.txt: Provides general system and FSSMC/FSS related information such as OS version, Antigen Statistics Service status, FSSMC Deployment account privilege.

  • DeploymentAgent.txt: Contains agent deployment related information. This log exists under “Microsoft Forefront Security\Server\Server Management\LogFiles” subfolder of the All User’s “Application Data” path.

  • FSCStatsServ.txt: Contains information about the FSS calls FSCStatisticsService service to update statistics data. This log exists under “Microsoft Forefront Security\Server\Server Management\LogFiles” subfolder of the All User’s “Application Data” path. Provides logging information for the Statistics module. This module processes the statistics information from FSS

  • PushInstaller.txt: Contains information about PushInstaller service process which is used in the progress of agent deployment. This log exists under “Microsoft Forefront Security\Server\Server Management\LogFiles” subfolder of the All User’s “Application Data” path.

  • StatisticsManagerServer.txt: Contains information about updating statistics data for FSSMC to use. This log exists under “Microsoft Forefront Security\Server\Server Management\LogFiles” subfolder of the All User’s “Application Data” path.

  • HRLog.txt: This log exists under “Microsoft Forefront Security\Exchange Server\Data” folder.

  • ProgramLog.txt: This log exists under “Microsoft Forefront Security\Exchange Server\Data” folder.

·         AEXMLAdapter.txt Provides logging for the aexmladapter module.


·         StatisticsManagerClient.txt Provides logging for the statistics service module.


 


 


Collecting diagnostic data


To collect the diagnostic data to upload to Microsoft for troubleshooting:


 


1.       On the FSSMC server, click the Enable Forefront Log shortcut to enable diagnostic logging.


2.       From FSSMC, deploy an Agent to the FSS server.


3.       On the FSS server, click the Enable Forefront Log shortcut to enable diagnostic logging.


4.       Reproduce the issue.


5.       On the FSSMC server, click the Forefront Diagnostic shortcut to collect the diagnostic logs (SEMInfo.zip).


6.       On the FSS server, click the Forefront Diagnostic shortcut to collect the diagnostic logs (SEMInfo_Remote.zip).


7.       Upload the two compressed files to Microsoft.


 


 


 


Holly Kipp


Microsoft CSS Security Senior Support Engineer


 

Comments (2)

  1. nice blog says:

    Showbox apk download strategy is suitable for all Smartphone brands like Sony, HTC, Samsung, Lenovo and Asus and so on. Showbox App is for these mobiles, as well as works for all Android based telephones. This instructional exercise is about, how to download
    Showbox apk record for your Android.

    http://showboxappdownloads.net/
    http://showboxappdownloads.net/showbox-apk/

    Showbox App takes a shot at Laptop too. Yes, this (Showbox.apk) document additionally underpins your PC by the utilization of an emulator. I’ll post an alternate instructional exercise for that also, yet for the time being this is for the people who are having
    Smartphones. Here is a brief introduction with respect to Showbox application.

    http://showboxappk.com/
    http://showboxappk.com/showbox-android-install-show-box/

    Showbox is not a standard Android application, it’s a stunning wellspring of stimulation. This announcement is given by me, as well as the general population who are utilizing it. It gives heaps of TV appears and motion pictures to watch at no expense.

    http://showboxandroids.com/
    http://showboxandroids.com/showbox-apk/
    http://showboxandroids.com/showbox-for-pc/

    Such a variety of variants were discharged in 2015 and first and foremost of 2016, a large portion of them are working great. Showbox 4.27 apk is one among them and the most recent variant is likewise profit here. Be that as it may, you can watch them in three
    distinct routes as indicated by clarity. They are Low, Medium and High qualities. Take after the strides orchestrated underneath to introduce the application.

    http://blogs.technet.com/b/fssnerds/

  2. Showbox apk download strategy is suitable for all Smartphone brands like Sony, HTC, Samsung, Lenovo and Asus and so on. Showbox App is for these mobiles, as well as works for all Android based telephones. This instructional exercise is about, how to download
    Showbox apk record for your Android.

    http://showboxappdownloads.net/
    http://showboxappdownloads.net/showbox-apk/

    Showbox App takes a shot at Laptop too. Yes, this (Showbox.apk) document additionally underpins your PC by the utilization of an emulator. I’ll post an alternate instructional exercise for that also, yet for the time being this is for the people who are having
    Smartphones. Here is a brief introduction with respect to Showbox application.

    http://showboxappk.com/
    http://showboxappk.com/showbox-android-install-show-box/

    Showbox is not a standard Android application, it’s a stunning wellspring of stimulation. This announcement is given by me, as well as the general population who are utilizing it. It gives heaps of TV appears and motion pictures to watch at no expense.

    http://showboxandroids.com/
    http://showboxandroids.com/showbox-apk/
    http://showboxandroids.com/showbox-for-pc/

    Such a variety of variants were discharged in 2015 and first and foremost of 2016, a large portion of them are working great. Showbox 4.27 apk is one among them and the most recent variant is likewise profit here. Be that as it may, you can watch them in three
    distinct routes as indicated by clarity. They are Low, Medium and High qualities. Take after the strides orchestrated underneath to introduce the application.

    http://blogs.technet.com/b/fssnerds/