Results 1 to 2 of 2

Thread: Forefront TMG 2010 Malware Definition Updates fail

  1. 23-03-2012 #1
    Matt_44
    Matt_44 is offline Member
    Join Date
    Mar 2012
    Posts
    1

    Forefront TMG 2010 Malware Definition Updates fail

    On a single Windows 2008 R2 Forefront TMG 2010 server, I have been experiencing routine problems with malware definition updates failing. This happened for about 2 days a couple months ago but fixed itself. Now it is happening again, for about 3 days. Other TMG servers (all stand-alone and at different sites) in our organization receive updates OK. The updates should check/install every 4 hours, but failed at least a dozen times in a row. NIS updates download/install OK. I found warnings Event ID 62 in the Event Viewer Bits-Client operational log:

    "The BITS job named "WU Client Download" belonging to user NT AUTHORITY\SYSTEM received inconsistent data while downloading. The URL was "http://download.windowsupdate.com/msdownload/update/software/defu/2012/03/mpam-fe_9c8ae6133e4c7b7cca85a35b6eba53c7a560968a.exe". The transfer will continue using a different server. If the problem occurs often, an administrator should scan the peer server for viruses or corruption in its hard drive.) "

    In the WindowsUpdateClient - operational log I found errors Event ID 31:

    "Windows Update failed to download an update."


    There does not appear to be any hard drive issues on this server or infections.

    I checked WindowsUpdate.log and here is the entry:

    2012-03-23 09:02:01:806 6300 1ae8 Misc =========== Logging initialized (build: 7.3.7600.16385, tz: -0400) ===========
    2012-03-23 09:02:01:806 6300 1ae8 Misc = Process: C:\Program Files\Microsoft Forefront Threat Management Gateway\UpdateAgent.exe
    2012-03-23 09:02:01:806 6300 1ae8 Misc = Module: C:\Windows\system32\wuapi.dll
    2012-03-23 09:02:01:805 6300 1ae8 COMAPI -------------
    2012-03-23 09:02:01:806 6300 1ae8 COMAPI -- START -- COMAPI: Search [ClientId = Forefront TMG]
    2012-03-23 09:02:01:806 6300 1ae8 COMAPI ---------
    2012-03-23 09:02:01:810 6300 1ae8 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = Forefront TMG]
    2012-03-23 09:02:01:810 912 1be4 Agent *************
    2012-03-23 09:02:01:810 912 1be4 Agent ** START ** Agent: Finding updates [CallerId = Forefront TMG]
    2012-03-23 09:02:01:811 912 1be4 Agent *********
    2012-03-23 09:02:01:811 912 1be4 Agent * Online = Yes; Ignore download priority = No
    2012-03-23 09:02:01:811 912 1be4 Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '84a54ea9-e574-457a-a750-17164c1d1679' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
    2012-03-23 09:02:01:811 912 1be4 Agent * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
    2012-03-23 09:02:01:811 912 1be4 Agent * Search Scope = {Machine}
    2012-03-23 09:02:01:814 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2012-03-23 09:02:01:818 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:02:912 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2012-03-23 09:02:02:916 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:02:924 912 1be4 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://download.windowsupdate.com/v9...dir/muauth.cab
    2012-03-23 09:02:02:924 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
    2012-03-23 09:02:02:928 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:02:964 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
    2012-03-23 09:02:02:968 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:03:065 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-03-23 09:02:03:069 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:03:106 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-03-23 09:02:03:110 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:03:114 912 1be4 PT WARNING: Cached cookie has expired or new PID is available
    2012-03-23 09:02:04:412 912 1be4 PT +++++++++++ PT: Starting category scan +++++++++++
    2012-03-23 09:02:04:413 912 1be4 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/...ce/client.asmx
    2012-03-23 09:02:04:512 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-03-23 09:02:04:515 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:04:551 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-03-23 09:02:04:555 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:04:558 912 1be4 PT +++++++++++ PT: Synchronizing server updates +++++++++++
    2012-03-23 09:02:04:558 912 1be4 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/...ce/client.asmx
    2012-03-23 09:02:04:708 912 1be4 Agent Update {D9B0EA0D-FA6A-4408-B186-F88C601DD8CA}.100 is pruned out due to potential supersedence
    2012-03-23 09:02:04:708 912 1be4 Agent Update {C084F4FB-9A72-43FB-9298-765CA7276390}.100 is pruned out due to potential supersedence
    2012-03-23 09:02:04:708 912 1be4 Agent Update {6413E4AF-61A7-48E6-B72E-0C0DCD9FDA95}.100 is pruned out due to potential supersedence
    2012-03-23 09:02:04:708 912 1be4 Agent * Added update {F9B987F2-AE1E-4905-B217-897E884E3038}.100 to search result
    2012-03-23 09:02:04:708 912 1be4 Agent * Found 1 updates and 4 categories in search; evaluated appl. rules of 21 out of 25 deployed entities
    2012-03-23 09:02:04:752 912 1be4 Agent *********
    2012-03-23 09:02:04:752 912 1be4 Agent ** END ** Agent: Finding updates [CallerId = Forefront TMG]
    2012-03-23 09:02:04:752 912 1be4 Agent *************
    2012-03-23 09:02:04:753 6300 1b5c COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = Forefront TMG]
    2012-03-23 09:02:04:755 6300 1b5c COMAPI - Updates found = 1
    2012-03-23 09:02:04:755 6300 1b5c COMAPI ---------
    2012-03-23 09:02:04:755 6300 1b5c COMAPI -- END -- COMAPI: Search [ClientId = Forefront TMG]
    2012-03-23 09:02:04:755 6300 1b5c COMAPI -------------
    2012-03-23 09:02:09:751 912 1be4 Report REPORT EVENT: {E9AB83DD-94E9-409A-8AA7-62819E7D21B1} 2012-03-23 09:02:04:752-0400 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Forefront TMG Success Software Synchronization Windows Update Client successfully detected 1 updates.
    2012-03-23 09:02:09:751 912 1be4 Report CWERReporter finishing event handling. (00000000)
    2012-03-23 09:02:38:384 6608 db8 Misc =========== Logging initialized (build: 7.3.7600.16385, tz: -0400) ===========
    2012-03-23 09:02:38:384 6608 db8 Misc = Process: C:\Program Files\Microsoft Forefront Threat Management Gateway\UpdateAgent.exe
    2012-03-23 09:02:38:384 6608 db8 Misc = Module: C:\Windows\system32\wuapi.dll
    2012-03-23 09:02:38:384 6608 db8 COMAPI -------------
    2012-03-23 09:02:38:384 6608 db8 COMAPI -- START -- COMAPI: Search [ClientId = Forefront TMG]
    2012-03-23 09:02:38:384 6608 db8 COMAPI ---------
    2012-03-23 09:02:38:388 912 1be4 Agent *************
    2012-03-23 09:02:38:388 6608 db8 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = Forefront TMG]
    2012-03-23 09:02:38:388 912 1be4 Agent ** START ** Agent: Finding updates [CallerId = Forefront TMG]
    2012-03-23 09:02:38:388 912 1be4 Agent *********
    2012-03-23 09:02:38:388 912 1be4 Agent * Online = Yes; Ignore download priority = No
    2012-03-23 09:02:38:389 912 1be4 Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '84a54ea9-e574-457a-a750-17164c1d1679' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b') or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'ae4483f4-f3ce-4956-ae80-93c18d8886a6' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
    2012-03-23 09:02:38:389 912 1be4 Agent * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
    2012-03-23 09:02:38:389 912 1be4 Agent * Search Scope = {Machine}
    2012-03-23 09:02:38:391 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2012-03-23 09:02:38:396 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:38:435 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2012-03-23 09:02:38:439 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:38:449 912 1be4 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://download.windowsupdate.com/v9...dir/muauth.cab
    2012-03-23 09:02:38:449 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
    2012-03-23 09:02:38:453 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:38:489 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
    2012-03-23 09:02:38:493 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:38:590 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-03-23 09:02:38:594 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:38:630 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-03-23 09:02:38:634 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:38:638 912 1be4 PT +++++++++++ PT: Starting category scan +++++++++++
    2012-03-23 09:02:38:638 912 1be4 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/...ce/client.asmx
    2012-03-23 09:02:38:702 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-03-23 09:02:38:706 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:38:742 912 1be4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-03-23 09:02:38:747 912 1be4 Misc Microsoft signed: Yes
    2012-03-23 09:02:38:750 912 1be4 PT +++++++++++ PT: Synchronizing server updates +++++++++++
    2012-03-23 09:02:38:750 912 1be4 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/...ce/client.asmx
    2012-03-23 09:02:38:888 912 1be4 Agent Update {D9B0EA0D-FA6A-4408-B186-F88C601DD8CA}.100 is pruned out due to potential supersedence
    2012-03-23 09:02:38:888 912 1be4 Agent Update {C084F4FB-9A72-43FB-9298-765CA7276390}.100 is pruned out due to potential supersedence
    2012-03-23 09:02:38:888 912 1be4 Agent Update {6413E4AF-61A7-48E6-B72E-0C0DCD9FDA95}.100 is pruned out due to potential supersedence
    2012-03-23 09:02:38:888 912 1be4 Agent * Added update {F9B987F2-AE1E-4905-B217-897E884E3038}.100 to search result
    2012-03-23 09:02:38:888 912 1be4 Agent * Found 1 updates and 5 categories in search; evaluated appl. rules of 26 out of 35 deployed entities
    2012-03-23 09:02:38:890 912 1be4 Agent *********
    2012-03-23 09:02:38:890 912 1be4 Agent ** END ** Agent: Finding updates [CallerId = Forefront TMG]
    2012-03-23 09:02:38:890 912 1be4 Agent *************
    2012-03-23 09:02:38:891 6608 18b0 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = Forefront TMG]
    2012-03-23 09:02:38:893 6608 18b0 COMAPI - Updates found = 1
    2012-03-23 09:02:38:893 6608 18b0 COMAPI ---------
    2012-03-23 09:02:38:893 6608 18b0 COMAPI -- END -- COMAPI: Search [ClientId = Forefront TMG]
    2012-03-23 09:02:38:893 6608 18b0 COMAPI -------------
    2012-03-23 09:02:38:897 6608 db8 COMAPI -------------
    2012-03-23 09:02:38:897 6608 db8 COMAPI -- START -- COMAPI: Download [ClientId = Forefront TMG]
    2012-03-23 09:02:38:897 6608 db8 COMAPI ---------
    2012-03-23 09:02:38:897 6608 db8 COMAPI - Forced: No; Download priority: 3
    2012-03-23 09:02:38:897 6608 db8 COMAPI - Updates in request: 1
    2012-03-23 09:02:38:897 6608 db8 COMAPI - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
    2012-03-23 09:02:38:899 6608 db8 COMAPI <<-- SUBMITTED -- COMAPI: Download [ClientId = Forefront TMG]
    2012-03-23 09:02:38:901 912 1be4 DnldMgr *************
    2012-03-23 09:02:38:901 912 1be4 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = Forefront TMG]
    2012-03-23 09:02:38:901 912 1be4 DnldMgr *********
    2012-03-23 09:02:38:901 912 1be4 DnldMgr * Call ID = {8BD558E1-6252-408C-9897-0D526C308469}
    2012-03-23 09:02:38:901 912 1be4 DnldMgr * Priority = 3, Interactive = 1, Owner is system = 1, Explicit proxy = 1, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
    2012-03-23 09:02:38:901 912 1be4 DnldMgr * Updates to download = 1
    2012-03-23 09:02:38:901 912 1be4 Agent * Title = HTTP Malware Definition Update for Microsoft Forefront Threat Management Gateway (Antimalware 1.123.212.0)
    2012-03-23 09:02:38:901 912 1be4 Agent * UpdateId = {F9B987F2-AE1E-4905-B217-897E884E3038}.100
    2012-03-23 09:02:38:901 912 1be4 Agent * Bundles 1 updates:
    2012-03-23 09:02:38:901 912 1be4 Agent * {BC2AB1C3-D4F4-4449-976E-0935B97FBB44}.100
    2012-03-23 09:02:38:901 912 1be4 DnldMgr *********** DnldMgr: New download job [UpdateId = {BC2AB1C3-D4F4-4449-976E-0935B97FBB44}.100] ***********
    2012-03-23 09:02:38:904 912 1be4 DnldMgr * BITS job initialized, JobId = {8887BC28-04F1-46F1-8E14-C90B5B777C80}
    2012-03-23 09:02:38:904 912 1be4 DnldMgr BITS job {8887BC28-04F1-46F1-8E14-C90B5B777C80} using proxy = localhost:8080, bypass = <local>
    2012-03-23 09:02:38:907 912 1be4 DnldMgr * Downloading from http://download.windowsupdate.com/ms...c7a560968a.exe to C:\Windows\SoftwareDistribution\Download\414b2632d86103cfe5dffe71c7552af7\9c8ae6133e4c7b7cca85a35b6e ba53c7a560968a (full file).
    2012-03-23 09:02:38:909 912 1be4 Agent *********
    2012-03-23 09:02:38:909 912 1be4 Agent ** END ** Agent: Downloading updates [CallerId = Forefront TMG]
    2012-03-23 09:02:38:910 912 1be4 Agent *************
    2012-03-23 09:02:43:896 912 1be4 Report REPORT EVENT: {18FA734C-00FF-4BC4-BE1F-BC7B9475C15C} 2012-03-23 09:02:38:890-0400 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Forefront TMG Success Software Synchronization Windows Update Client successfully detected 1 updates.
    2012-03-23 09:02:43:896 912 1be4 Report CWERReporter finishing event handling. (00000000)
    2012-03-23 09:07:40:460 912 f34 DnldMgr WARNING: BITS job {8887BC28-04F1-46F1-8E14-C90B5B777C80} failed, updateId = {BC2AB1C3-D4F4-4449-976E-0935B97FBB44}.100, hr = 0x80200053, BG_ERROR_CONTEXT = 4
    2012-03-23 09:07:40:460 912 f34 DnldMgr Progress failure bytes total = 63753920, bytes transferred = 0
    2012-03-23 09:07:40:460 912 f34 DnldMgr Failed job file: URL = http://download.windowsupdate.com/ms...c7a560968a.exe, local path = C:\Windows\SoftwareDistribution\Download\414b2632d86103cfe5dffe71c7552af7\9c8ae6133e4c7b7cca85a35b6e ba53c7a560968a
    2012-03-23 09:07:40:482 912 f34 DnldMgr Error 0x80200053 occurred while downloading update; notifying dependent calls.
    2012-03-23 09:07:40:490 6608 18b0 COMAPI >>-- RESUMED -- COMAPI: Download [ClientId = Forefront TMG]
    2012-03-23 09:07:40:490 6608 18b0 COMAPI - Download call complete (succeeded = 0, succeeded with errors = 0, failed = 1, unaccounted = 0)
    2012-03-23 09:07:40:491 6608 18b0 COMAPI - WARNING: Exit code = 0x00000000; Call error code = 0x80240022
    2012-03-23 09:07:40:491 6608 18b0 COMAPI ---------
    2012-03-23 09:07:40:491 6608 18b0 COMAPI -- END -- COMAPI: Download [ClientId = Forefront TMG]
    2012-03-23 09:07:40:491 6608 18b0 COMAPI -------------
    2012-03-23 09:07:45:490 912 1be4 Report REPORT EVENT: {D4126EAE-C710-4FAD-9501-EF105956BC79} 2012-03-23 09:07:40:490-0400 1 161 101 {F9B987F2-AE1E-4905-B217-897E884E3038} 100 80200053 Forefront TMG Failure Content Download Error: Download failed.
    2012-03-23 09:07:45:509 912 1be4 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
    2012-03-23 09:07:45:509 912 1be4 Report WER Report sent: 7.3.7600.16385 0x80200053 F9B987F2-AE1E-4905-B217-897E884E3038 Download 101 Unmanaged
    2012-03-23 09:07:45:509 912 1be4 Report CWERReporter finishing event handling. (00000000)
    Last edited by Matt_44; 23-03-2012 at 08:49 PM.
    Reply With Quote Reply With Quote
  2. 24-03-2012 #2
    SpearMan
    SpearMan is offline Member
    Join Date
    Apr 2008
    Posts
    586

    Re: Forefront TMG 2010 Malware Definition Updates fail

    Can you use the RTM copy of TMG . Eval version is available for download http://technet.microsoft.com/en-us/e.../ee423778.aspx

    Do you have Proxy auth turned on ? Can you check whether WU works directly from the machine? Also check whether you have selected " use the Microsoft Update Service to check for updates" in the "Microsoft update" of update center properties.
    Reply With Quote Reply With Quote
« Want to add router in Windows server 2008 r2 | When Trying SSTP VPN getting Certificate Error »

Similar Threads

  1. Migrating to FCS EFF Forefront EndPoint Protection with SCCM 2010
    By Inigo in forum Windows Server Help
    Replies: 3
    Last Post: 01-02-2011, 07:23 PM
  2. Forefront TMG 2010: Add a 2nd server to an array EMS
    By Spy$Eyes in forum Tips & Tweaks
    Replies: 1
    Last Post: 12-01-2011, 11:11 AM
  3. Microsoft Forefront Identity Manager 2010
    By Monty1 in forum Windows Software
    Replies: 5
    Last Post: 06-01-2011, 07:32 AM
  4. Microsoft Forefront - The Unified Access Gateway 2010
    By Induhasan in forum Windows Software
    Replies: 4
    Last Post: 06-01-2011, 05:54 AM
  5. Microsoft Forefront Server Security 2010
    By Spy$Eyes in forum Networking & Security
    Replies: 2
    Last Post: 06-01-2011, 12:32 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 1,713,486,902.25814 seconds with 17 queries