No or limited data written to Programlog.txt
Ever seen the programlog.txt just stop logging? Me neither until the last couple of days.
To backtrack a bit, the programlog.txt is the most used and most important of all of the Antigen/Forefront Server logs. It lives in the \Data subfolder of any Forefront Server installation and in the main installation folder for Antigen for Exchange/SMTP. It is essentially a kind of extended event log for Antigen/Forefront only. It’s critical that information can be written to this log, since if something goes wrong this is the first point of reference for troubleshooting (at least amongst CSS engineers).
Getting back to the problem...I was troubleshooting a customer issue the other day and found that I could not get the Transport Diagnostics to work at all (in Forefront for Exchange). No DIAGNOSTICS: entries were being written to programlog.txt as they should have been.
In the end, it turned out that the processes trying to write to the programlog (instances of FSCTransportScanner.exe) were running under the Network Service (this is normal for these processes), which in turn did not have write access to the Program Files (x86)\Forefront Server Security directory, nor its subfolders/files. Once the Network Service was granted write access to this directory (and permissions were inherited by all subfolders/files), Forefront was able to write DIAGNOSTICS: (and other) entries to the programlog.
Checking the account for FSCTransportScanner.exe in Task Manager
In the above screenshot, the FSCTransportScanner.exe process is running under the Network Service.
Adding the Network Service with Write access to the Forefront install directory
If you are experiencing the issue and do not see the account that runs the process with the above permissions, add it.
So, if you ever do notice that the programlog (or other Antigen/Forefront files) have stopped logging, or seem to be missing some information, check that the User Names under which Antigen/Forefront Server processes are running do have write access to files in the install directory and subfolders/files. Task Manager is a quick way to do this.
Easy when you know how...hopefully this will save some time for one of ye in the future.
Cheers,
Andy Day