Issue of the Week 9/17

  • Article

Missed a week.

This is for the following error

 

Event Type:        Error

Event Source:    GetEngineFiles

Event Category:                Engine Error

Event ID:              6012

Date:                     #/##/####

Time:                     #:##:## ##

User:                     N/A

Computer:          Testlab01

Description:

Microsoft Forefront Server Security encountered an error while performing a scan engine update.

   Scan Engine: Microsoft

   Error Code: 0x80070102

   Description: Unable to acquire the scan engine update mutex within the    designated timeout period.

 

This is a timeout and there is a KB (https://support.microsoft.com/kb/939411)  that discusses increasing the download scan timeout but it does not take into account the other issues you will see with longer download times. Our mutex timeout is hardcoded at 3 minutes.

 

If you have increased your InternetDownloadtimeout to match the longest download times you see in your programlog you need to take into consideration that you can run into a situation where you have scan engine updates timing out because we timeout waiting for the current download.

For example

if the following engines are set to download at these times

 

Ahlab at 07 min after the hour Repeat every 1 hours

Kaspersky at 09 min after the hour Repeat every 1 hours

Norman at 34 min after the hour Repeat every 1 hours

Microsoft at 39 min after the hour Repeat every 1 hours

Vbuster at 48 min after the hour Repeat every 1 hours

Sophos at 44 min after the hour Repeat every 1 hours

CAVet at 49 min after the hour Repeat every 1 hours

Command at 54 min after the hour Repeat every 1 hours

 

And the engines take 15-25 minutes to download

This is never going to work correctly.

If it takes 15-30 minutes for you to download an engine you need to make sure that no engine downloads in that timeframe.

 

Here is a suggestion (1800 minutes for the download setting)

8:00 AM Ahnlab update Repeat every 4 hours

8:32 AM Kaspersky update Repeat every 4 hours

9:04 AM Norman Update Repeat every 4 hours

9:36 AM Microsoft Update Repeat every 4 hours

10:08 AM VBuster Update Repeat every 4 hours

10:40 AM Sophos Update Repeat every 4 hours

11:12 AM CaVet Update Repeat every 4 hours

11:44 AM Command update Repeat every 4 hours

 

This would ensure that you never have two engines fighting for the download at the same time. If your downloads are faster you can repeat the update faster.

 

Let me know if this helps you out.