Installing Microsoft Forefront Endpoint Protection 2010 Beta

On July 19th, 2010 Microsoft released Microsoft Forefront Endpoint Protection 2010 Beta or as I like to say say FEP.  This is a drastic change from the current Microsoft Forefront Client Security (FCS) that is in production.  FCS used a special version of Microsoft Operations Manager 2005 (MOM).  MOM in FCS was used for the clients to report back to the Forefront server on their status.  FEP got rid of MOM and is now using System Center Configuration Manager 2007 (SCCM).  Exactly how this is different will be discussed in future blogs.  This blog today will focus on the install of FEP.

The requirements can be found here but basically you need a fully functionally SCCM 2007 environment.  This means SQL and SCCM.  For my test environment I’m using a Hyper-V server with a single Windows Server 2008 R2 server acting as the the DC, SQL, SCCM, and FEP roles.  Of course best practices and common sense says never to have all of those roles on a DC but hey, it’s a test environment.

Let’s spice up the blog with some photos won’t we?

The first thing to do is to run Serversetup.exe.

screenshot.1

Of course you’ll want to run the file so click Run.

screenshot.2

Fill in your Name and Organization then click Next.

screenshot.3

You’re going to have to put a check in I accept the software license terms.  When you do Next will be available so click Next.

screenshot.4

Now this is where you’re be choosing your topology.  For this example we’ll go ahead and chose a Basic topology.  This will install Microsoft Forefront Endpoint Protection 2010 Database, Site Server Extension, Console Extension, Reporting components, and Reporting database based on your current Configuration Manager deployment.  Maybe in future blogs I’ll go through other deployment options.  Don’t forget to click Next.

screenshot.5

Here is where you will setup the Reporting server account information.  Mostly it will be filled out by the user running setup but you can change the domainusername.  Click Next.

screenshot.6

If the password you typed doesn’t match the domainusername you’ll get the error below.
Microsoft Forefront Endpoint Protection 2010
Error: The password is incorrect, or this account is not valid.  Account : domainusername

screenshot.7

After I corrected my intentional typo FEP is now warning me that I shouldn’t use my domain admin account.

Microsoft Forefront Endpoint Protection 2010
For security reasons, it is not recommended to use a domain administrator account ‘domainusername’ as the reporting account.

screenshot.8

I’m going to OK this because it’s just a test lab.

By default FEP will want to Join the Customer Experience Improvement Program.  I recommend keeping this checked.  I also checked User Microsoft Update to keep my products up to date.

screenshot.9

Join Microsoft Spynet Basic is checked by default.  I changed mine to Advanced SpyNet.

screenshot.10

Location and disk space requirements blah blah blah.

screenshot.11

Oh no!  It looks like my Verifying SQL Server prerequisite Failed with an Error. 

screenshot.12

When I click the More link I see the error below

Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Warning: Forefront Endpoint Protection 2010 requires the following services to be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01

Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SE
RVER01

Warning: Forefront Endpoint Protection 2010 requires the following services to be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01

Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

screenshot.13

Fixing the error was simple.  I set the SQL Server Agent to Automatic and started it.

screenshot.14

When I ran the Prerequisites Verification again (by clicking back then next) I got a warning.

screenshot.15

Clicking more gave me the message below.

Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

screenshot.16

I like the fact that it’s encouraging you to enable SQL server encryption but since this is for testing and and on the same box this isn’t required.  I’m going to ignore this warning.

The final screen is where you’ll get a summery of what the setup application will do.

Microsoft Forefront Endpoint Protection 2010

General Settings

Local Computer Name: server01.fep.local
Location of Setup media files: C:UsersAdministrator.SERVER01Desktopevalcdmedia_en_amd64
Installation Directory: C:Program FilesMicrosoft Forefront
Configuration Manager Console Directory: C:Program Files (x86)Microsoft Configuration ManagerAdminUIbin

Updates, Spy Net and Customer Experience Options

Windows Update: Enabled
Participation in Customer Experience Improvement Program: Enabled
Participation Microsoft SpyNet: Join with an advanced membership

FEP 2010 Site Extension for Configuration Manager

Configuration Manager Site Server: server01.fep.local

FEP 2010 Reporting and Monitoring components

Configuration Manager Site Server: server01.fep.local
Configuration Manager Database Server: SERVER01
Configuration Manager Database Instance Name: MSSQLSERVER
Configuration Manager Database Name: SMS_AAA
FEP 2010 Database Name: FEPDB_AAA
FEP 2010 Reporting Database Server: SERVER01
FEP 2010 Reporting Database Instance Name: MSSQLSERVER
FEP 2010 Reporting Database Name: FEPDW_AAA
Liveness checking URL for SQL Reporting Service: <a href="http://server01.fep.local/ReportServer/ReportService2005.asmx">http://server01.fep.local/ReportServer/ReportService2005.asmx</a&gt;
User account used for accessing of FEP 2010 Reports: FEPAdministrator

Configuration Manager Console Extensions for Forefront Endpoint Protection 2010

No additional properties for this component

screenshot.18

Clicking Next will start the install so sit back and take a break.  I know I did.

screenshot.19

screenshot.20

Hello.  Why are you popping up?

screenshot.21

It appears a hotfix got installed and is asking for a reboot.  I’m not sure if it’s because of the FEP install or not. 
http://support.microsoft.com/kb/981889
A Windows Filtering Platform (WFP) driver hotfix rollup package is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

screenshot.22

The install was successful.

screenshot.23.

I’m going to view the log.

[7/26/2010 1:55:43 PM] Setup Started
[7/26/2010 1:55:44 PM] Product ID validation succeeded (Product ID: 03116-270-0001260-04309)
[7/26/2010 1:56:28 PM] For security reasons, it is not recommended to use a domain administrator account ‘FEPAdministrator’ as the reporting account.
[7/26/2010 1:56:33 PM] Error: The password is incorrect, or this account is not valid. Account: FEPAdministrator
[7/26/2010 1:56:45 PM] For security reasons, it is not recommended to use a domain administrator account ‘FEPAdministrator’ as the reporting account.
[7/26/2010 1:57:19 PM] Setup Log has been relocated from ‘C:UsersAdministrator.SERVER01AppDataLocalTemp1ServerSetup_26072010_135543.log’
[7/26/2010 1:57:21 PM] [7/26/2010 1:57:21 PM] Verifications
started:

[7/26/2010 1:57:21 PM]
[7/26/2010 1:57:21 PM] Verification(Verifying hardware requirements) passed

[7/26/2010 1:57:21 PM]
[7/26/2010 1:57:21 PM] Verification(Verifying .NET Framework 3.5 SP1 prerequisite) passed

[7/26/2010 1:57:41 PM]
[7/26/2010 1:57:41 PM] Verification(Verifying SQL Server prerequisite) failed
Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Warning: Forefront Endpoint Protection 2010 requires the following services to be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01

Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Warning: Forefront Endpoint Protection 2010 requires the following services to be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01

Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

[7/26/2010 1:58:05 PM]
[7/26/2010 1:58:05 PM] Verification(Verifying SQL Reporting Services prerequisite) passed

[7/26/2010 1:58:06 PM]
[7/26/2010 1:58:06 PM] Verification(Verifying Configuration Manager version) passed
About to compare required version ‘4.0.6487.2000’ to installed version ‘4.0.6487.2000’

[7/26/2010 1:58:06 PM]
[7/26/2010 1:58:06 PM] Verification(Verifying Configuration Manager Site Server permissions) passed
About to verify Configuration Manager Site Server permissions

[7/26/2010 1:58:08 PM]
[7/26/2010 1:58:08 PM] Verification(Verifying Configuration Manager client components) passed
About to verify client component ‘Configuration Management Agent’ is enabled

About to verify client component ‘Hardware Inventory Agent’ is enabled

About to verify client component ‘Software Distribution’ is enabled

[7/26/2010 1:58:08 PM]
[7/26/2010 1:58:08 PM] Finished running verifications.

[7/26/2010 1:59:52 PM] [7/26/2010 1:59:52 PM] Verifications started:

[7/26/2010 1:59:52 PM]
[7/26/2010 1:59:52 PM] Verification(Verifying hardware requirements) passed

[7/26/2010 1:59:52 PM]
[7/26/2010 1:59:52 PM] Verification(Verifying .NET Framework 3.5 SP1 prerequisite) passed

[7/26/2010 2:00:08 PM]
[7/26/2010 2:00:08 PM] Verification(Verifying SQL Server prerequisite) failed
Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

[7/26/2010 2:00:09 PM]
[7/26/2010 2:00:09 PM] Verification(Verifying SQL Reporting Services prerequisite) passed

[7/26/2010 2:00:09 PM]
[7/26/2010 2:00:09 PM] Verification(Verifying Configuration Manager version) passed
About to compare required version ‘4.0.6487.2000’ to installed version ‘4.0.6487.2000’

[7/26/2010 2:00:10 PM]
[7/26/2010 2:00:10 PM] Verification(Verifying Configuration Manager Site Server permissions) passed
About to verify Configuration Manager Site Server permissions

[7/26/2010 2:00:11 PM]
[7/26/2010 2:00:11 PM] Verification(Verifying Configuration Manager client components) passed
About to verify client component ‘Configuration Management Agent’ is enabled

About to verify client component ‘Hardware Inventory Agent’ is enabled

About to verify client component ‘Software Distribution’ is enabled

[7/26/2010 2:00:11 PM]
[7/26/2010 2:00:11 PM] Finished running verifications.

[7/26/2010 2:00:52 PM] [7/26/2010 2:00:52 PM] Verifications started:

[7/26/2010 2:00:52 PM]
[7/26/2010 2:00:52 PM] Verification(Verifying hardware requirements) passed

[7/26/2010 2:00:53 PM]
[7/26/2010 2:00:53 PM] Verification(Verifying .NET Framework 3.5 SP1 prerequisite) passed

[7/26/2010 2:01:08 PM]
[7/26/2010 2:01:08 PM] Verification(Verifying SQL Server prerequisite) warning
Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

[7/26/2010 2:01:09 PM]
[7/26/2010 2:01:09 PM] Verification(Verifying SQL Reporting Services prerequisite) passed

[7/26/2010 2:01:09 PM]
[7/26/2010 2:01:09 PM] Verification(Verifying Configuration Manager version) passed
About to compare required version ‘4.0.6487.2000’ to installed version ‘4.0.6487.2000’

[7/26/2010 2:01:10 PM]
[7/26/2010 2:01:10 PM] Verification(Verifying Configuration Manager Site Server permissions) passed
About to verify Configuration Manager Site Server permissions

[7/26/2010 2:01:11 PM]
[7/26/2010 2:01:11 PM] Verification(Verifying Configuration Manager client components) passed
About to verify client component ‘Configuration Management Agent’ is enabled

About to verify client component ‘Hardware Inventory Agent’ is enabled

About to verify client component ‘Software Distribution’ is enabled

[7/26/2010 2:01:11 PM]
[7/26/2010 2:01:11 PM] Finished running verifications.

[7/26/2010 2:23:20 PM]
[7/26/2010 2:23:20 PM] Installation tasks started:
Root Folder: C:UsersAdministrator.SERVER01Desktopevalcdmedia_en_amd64
Current Folder: C:UsersAdministrator.SERVER01Desktopevalcdmedia_en_amd64

[7/26/2010 2:25:04 PM]
[7/26/2010 2:25:04 PM] Installation(Installing the Microsoft Forefront Endpoint Protection 2010 Security Client) completed

Installing FepInstall.exe.

completed

[7/26/2010 2:25:42 PM]
[7/26/2010 2:25:42 PM] Installation(Installing Microsoft Forefront Endpoint Protection 2010 Console Extensions for Configuration Manager) completed

Installing FEPUX.msi.

completed

[7/26/2010 2:29:45 PM]
[7/26/2010 2:29:45 PM] Installation(Installing Microsoft Forefront Endpoint Protection 2010 Site Server Extension for Configuration Manager) completed

Installing FEPExt.msi.

completed

[7/26/2010 2:40:03 PM]
[7/26/2010 2:40:03 PM] Installation(Installing Microsoft Forefront Endpoint Protection 2010 Reporting) completed

Installing FepReport.msi.

completed

[7/26/2010 2:40:04 PM]
[7/26/2010 2:40:04 PM] Finished running installation tasks.

[7/26/2010 2:40:05 PM] Setup has completed successfully.

Here’s the
final screen in the setup program.  I really want to see the Console and check for updates so I’ll leave them both checked and click Finish.

screenshot.24

As I’m waiting for SCCM to open I’ll look and see what databases FEP created.
It appears it created a FEPDB_AAA and FEPDW_AAA database.  AAA being my SCCM site code.

screenshot.25

Well there it is.  FEP installed and in SCCM.  FEP looks like it’s going to be completely different than FCS so in my upcoming blogs I’ll talk about the differences.

screenshot.26

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s