Home
  •  

UpdateFailGeneric

UpdateFailGeneric_2_Rule (Rule)

Knowledge Base article:

Management Pack
Summary

This is a general scan engine update or revert error which occurs if the information required to perform a scan engine update or scan engine revert is not available or incorrect.

 
Causes

1. The scan engine license has expired or the license information is unavailable.
2. The FSCController could not to be notified about the scan engine update.
3. The update path passed to the scan engine update was incorrect.

 
Resolutions

1. Verify that the Forefront Server Security license has not expired and that the license file exists in the install directory.
2. Restart the Forefront Server Security Services
3. Verify that the update path passed to the scan engine update was correct.

 
© 2006 Microsoft Corporation, all rights reserved.

Element properties:

TargetFSMPack2007_FSE.Forefront_Security_for_Exchange_Server___All_Servers_Installation
CategoryEventCollection
EnabledTrue
Event SourceGetEngineFiles
Alert GenerateTrue
Alert SeverityError
Alert PriorityLow
RemotableTrue
Alert Message
UpdateFailGeneric
Event LogApplication
CommentMom2005ID='{F6C9170E-E9D2-41F2-BAC1-868C9F6A23FF}';MOM2005ComputerGroupID={868E5B4E-34B8-4B10-9055-C4074AF41790}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="UpdateFailGeneric_2_Rule" Comment="Mom2005ID='{F6C9170E-E9D2-41F2-BAC1-868C9F6A23FF}';MOM2005ComputerGroupID={868E5B4E-34B8-4B10-9055-C4074AF41790}" Enabled="true" Target="FSMPack2007_FSE.Forefront_Security_for_Exchange_Server___All_Servers_Installation" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>GetEngineFiles</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005RegularExpression</Operator>

              <Pattern>^(6012|2013)$</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="HealthLibrary!System.Health.GenerateAlert">

      <Priority>0</Priority>

      <Severity>2</Severity>

      <AlertName/>

      <AlertDescription/>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="UpdateFailGeneric_2_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters/>

      <Suppression/>

      <Custom1>Microsoft Forefront Server Security</Custom1>

      <Custom2/>

      <Custom3>EngineUpdateFailure</Custom3>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>