Home
  •  

Forefront Agent State Monitor

Microsoft.ForefrontProtection.FPE.WorkloadIntegration.UnitMonitor.EdgeTransportHook (UnitMonitor)

Checks if the Forefront Transport agent is successfully registered and scanning

Knowledge Base article:

Summary

This monitor checks if the Forefront Transport agent is registered. If the Forefront Transport agent is not registered, an alert is generated.

Causes

The Forefront agent is not registered with Exchange correctly.

• You are running a build of Exchange that is unsupported by your current version of Forefront Protection 2010 for Exchange Server.

• Unable to open Exchange's setup registry key or query Exchange's MSI Install Path from within the registry.

• The registration of the Forefront agent using PowerShell failed or timed out.

Resolutions

• Make sure you are using a build of Exchange that is supported by Forefront Protection 2010 for Exchange Server (FPE) or update your version of FPE to support the build of Exchange you are running.

• Make sure Exchange's registry settings correctly exist and that the Microsoft Forefront Server Protection Registration Service (which runs as NetworkService) has access to them.

• Refer to the program log to retrieve the exact cause of why the agent failed to register or contact support for help in pinpointing the error.

Element properties:

TargetMicrosoft.ForefrontProtection.FPE.WorkloadIntegration
Parent MonitorSystem.Health.AvailabilityState
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.2SingleEventLog2StateMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Forefront Agent
The Forefront Transport agent failed to register completely.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ForefrontProtection.FPE.WorkloadIntegration.UnitMonitor.EdgeTransportHook" Accessibility="Public" Enabled="true" Target="Microsoft.ForefrontProtection.FPE.WorkloadIntegration" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.ForefrontProtection.FPE.WorkloadIntegration.UnitMonitor.EdgeTransportHook_AlertMessageResourceID">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="UIGeneratedOpStateId080fdd037e6f4d318eff2c6eed6949ca" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>

    <OperationalState ID="UIGeneratedOpStateId85a0a63b0b2b42538e8521a80ce4f6c8" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <FirstComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>

    <FirstLogName>Application</FirstLogName>

    <FirstExpression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">7025</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Microsoft Forefront Protection</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </FirstExpression>

    <SecondComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>

    <SecondLogName>Application</SecondLogName>

    <SecondExpression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">7024</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Microsoft Forefront Protection</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </SecondExpression>

  </Configuration>

</UnitMonitor>