If you have ever tried to shut down Forefront services on an Exchange server you have found that it will shut down your Exchange… so don’t do that.
I recently worked with a Microsoft tech who explained the following simply command line to (temporarily) unhook Exchange from Forefront:
- Open a comand prompt
- Change to the Forefront directory which in my case was:
- cd “C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server\”
- type FSCUTILITY /DISABLE
To re-enable Forefront after you are done whatever you were doing (troubleshooting in my case) go back to the same command prompt and type FSCUTILITY /ENABLE .
Other switches for the FSCUTILITY are:
- /statusUse this option to display the status of Forefront Security and of the Exchange server or the SharePoint server.
- /enableUse this option to enable Forefront Security if the Exchange server or the SharePoint server services have been stopped.
- /disableUse this option to disable Forefront Security if the Exchange server or the SharePoint server services have been stopped.
- /remove Use this option to remove Microsoft Forefront Security’s registry keys.
- /regmon Use this option to register FSCMonitor.
- /unregmon Use this option to unregister FSCMonitor.
If you want to confirm Forfront is unhooked in or unhooked, open an Exchange Power Shell and type:
It should result in something like:
Identity Enabled Prior
——– ——- —–
Connection Filtering Agent True 1
Content Filter Agent False 2
Protocol Analysis Agent True 3
Transport Rule Agent True 4
Journaling Agent True 5
AD RMS Prelicensing Agent False 6
Sender Id Agent True 7
Sender Filter Agent True 8
Recipient Filter Agent True 9
FSE Routing Agent True 10
FSE Connection Filtering Agent True 11
FSE Content Filter Agent True 12
If the last three items (FSE…) show, then the Forefront is still connected to Exchange, if they are absent, then Forefront is unhooked from Exchange.
Note that you can also manually turn off each of the filter agents using an Exchange Command Prompt command:
Disable-FSE Connection Filtering Agent
Disable-FSE Content Filter Agent
This article will help if you have more questions support.microsoft.com/kb/929076.
You might also find the NETSTAT -E command useful in detecting network errors.