Wednesday, December 7, 2011

Microsoft FEP 2010 Deployment Health Alert

I ran into this issue almost immediately after importing the management pack for Forefront Endpoint Protection 2010. Our FEP 2010 Deployment State was showing Critical. It turns out that the Microsoft documentation is incomplete on the subject. The issue we encountered was with the DB perms.





We needed to grant the account that FEP runs under some limited perms to the following databases. For us that was the Network Service acct.

  • Master
    • public
    • RSExecRole
  • msdb
    • public
    • RSExecRole
  • FEPDB_<site code>
    • db_AgentPermissions
    • db_SCCMDataExtractors
    • public
  • FEPDW_<site code>
    • db_AgentPermissions
    • db_OlapPermissions
    • db_ServicePermissions
    • public

This is just what the Microsoft support tech set the perms to. I can't vouch for all of it being completely necessary but it started working immediately for us.

I started with this which I would definitely recommend going through. Be sure to review that everything is done for pre-reqs before anything else. Perms, management packs, etc.

http://technet.microsoft.com/en-us/library/gg508724.aspx


One thing to note is that the FEP Date Warehouse state is really sort of redundant because the SQL pack would monitor it to (a recommended pre-req for FEP MP). Even so, I hate errors and wanted it fixed!

-Shep

No comments:

Post a Comment