OpsMgr 2007 Quick Fix: Forefront TMG Objects are Not Discovered

toolsignHere's a somewhat obscure issue that took me a little bit of time to figure out so I thought I'd post it here to save you some trouble in case you ran across it as well.  In this scenario, once the Forefront Threat Management Gateway Management Pack was installed into a System Center Operations Manager 2007 environment, none of the associated Forefront objects were discovered.  Examination of the event logs on some of the Forefront servers revealed the following errors:

Data was found in the output, but has been dropped because the Event Policy for the process started at <time> has detected errors.
The 'ExitCode' policy expression:
matched the following output:
Command executed: "C:\Windows\system32\cscript.exe" /nologo "ISPRedundancyComponentDiscovery.vbs" {EF019280-5829-91F5-D82E-
7965B8F26B98} {28DF88FD-49A5-4B7C-5AED-2034958796C4} name.com 9 ISPRedundancyComponentDiscovery.vbs TraceOff ISP-Redundancy
Working Directory: C:\Program Files\System Center Operations Manager 2007\Health Service State\Monitoring Host Temporary Files 6\5856\
One or more workflows were affected by this.
Workflow name: Microsoft.Forefront.TMG.ISPRedundancy.ServerComponent.Discovery
Instance name: server1.contoso.com - Firewall Role
Instance ID: {28DF88FD-49A5-4B7C-5AED-2034958796C4}
Management group: ContosoMS


In order to determine the root cause of the Discovery script failures, the Discovery script itself was exported from the Management Pack. With the script exported, it was then executed manually using the same parameters passed during the Discovery process.

As these were workgroup servers, the script was first run under the context of a Local Administrator. This returned the following results:

<DataItem type="System.DiscoveryData" time="2010-11-08T19:26:52.5309728-05:00" s
ity><ClassInstances><ClassInstance TypeId="$MPElement[Name='Microsoft.Forefront.
alue>Local Host</Value></Setting><Setting><Name>$MPElement[Name='System!System.E
ntity']/DisplayName$</Name><Value>ISP-Redundancy - fr01wfwz01</Value></Setting><

The script was then run under the context of Local System. This returned the following results:

<DataItem type="System.DiscoveryData" time="2010-11-10T10:50:51.4956975-05:00" s

There is a clear difference in the XML data that was returned when running under two different accounts. The data returned when run as Local Administrator clearly had a number of objects defined and identified. Upon further examination of the Forefront TMG Management Pack Guide, it would appear that Local Administrator rights are required.

The following was taken directly from the Management Pack Guide:

Security Considerations

All the management pack tasks require that the Action Account have Admin user rights on the Forefront TMG agent computer. No tasks can be run using a low-privilege account.


Ultimately this was resolved by creating a Standard Local Administrator account on each of the Workgroup Forefront TMG servers. With the Local Administrator Account in place on the servers, a new RunAs account was defined using these credentials and distributed to the Forefront TMG servers within the environment. Once the updated configuration was received the Forefront objects were discovered and monitored accordingly.

More Information

Additionally, as a test we added the Local System account to the Local Administrators group on the Forefront TMG servers. This did not resolve the issue and the discoveries continued to fail accordingly.

Hope this helps,

Nicholas Dodge | Senior Support Escalation Engineer

The App-V Team blog: http://blogs.technet.com/appv/
The WSUS Support Team blog: http://blogs.technet.com/sus/
The SCMDM Support Team blog: http://blogs.technet.com/mdm/
The ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
The SCOM 2007 Support Team blog: http://blogs.technet.com/operationsmgr/
The SCVMM Team blog: http://blogs.technet.com/scvmm/
The MED-V Team blog: http://blogs.technet.com/medv/
The DPM Team blog: http://blogs.technet.com/dpm/
The OOB Support Team blog: http://blogs.technet.com/oob/
The Opalis Team blog: http://blogs.technet.com/opalis
The Service Manager Team blog: http: http://blogs.technet.com/b/servicemanager
The AVIcode Team blog: http: http://blogs.technet.com/b/avicode

clip_image001 clip_image002

Comments (1)

  1. show box says:

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    Latest version of Showbox App download for all android smart phones and tablets.
    http://movieboxappdownloads.com/ – It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    Showbox for PC articles:
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings.
    http://www.showboxforipad.org/showbox-apk/ Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above
    all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.
    Movie Box, an esteemed movies application in which you can find stacks of programs and films. The guide is given here to download Movie Box app to Android and to Apple iOS 9.0.2, iOS 8.4/8.3 and also for the lower versions without Jailbreak.
    Please do login to Showbox application with the help of Ymail. You can login in Ymail from here –
    Sign Up & Do registration for latest movies on Showbox application

Skip to main content