If you have ever tried to shut down Forefront services on an Exchange server you have found that it will shut down your Exchange… so don’t do that.

I recently worked with a Microsoft tech who explained the following simply command line to (temporarily) unhook Exchange from Forefront:

  1. Open a comand prompt
  2. Change to the Forefront directory which in my case was:
    • cd “C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server\”
  3. type FSCUTILITY /DISABLE

To re-enable Forefront after you are done whatever you were doing (troubleshooting in my case) go back to the same command prompt and type FSCUTILITY /ENABLE .

Other switches for the FSCUTILITY are:

  • /statusUse this option to display the status of Forefront Security and of the Exchange server or the SharePoint server.
  • /enableUse this option to enable Forefront Security if the Exchange server or the SharePoint server services have been stopped.
  • /disableUse this option to disable Forefront Security if the Exchange server or the SharePoint server services have been stopped.
  • /remove Use this option to remove Microsoft Forefront Security’s registry keys.
  • /regmon Use this option to register FSCMonitor.
  • /unregmon Use this option to unregister FSCMonitor.

If you want to confirm Forfront is unhooked in or unhooked, open an Exchange Power Shell and type:

Get-TransportAgent

It should result in something like:

[PS] C:\Windows\system32>Get-TransportAgent

Identity                                           Enabled         Prior
——–                                           ——-         —–
Connection Filtering Agent                         True            1
Content Filter Agent                               False           2
Protocol Analysis Agent                            True            3
Transport Rule Agent                               True            4
Journaling Agent                                   True            5
AD RMS Prelicensing Agent                          False           6
Sender Id Agent                                    True            7
Sender Filter Agent                                True            8
Recipient Filter Agent                             True            9
FSE Routing Agent                                  True            10
FSE Connection Filtering Agent                     True            11
FSE Content Filter Agent                           True            12

If the last three items (FSE…) show, then the Forefront is still connected to Exchange, if they are absent, then Forefront is unhooked from Exchange.

Note that you can also manually turn off each of the filter agents using an Exchange Command Prompt command:

Disable-TransportAgent
Disable-FSE Connection Filtering Agent
Disable-FSE Content Filter Agent

This article will help if you have more questions support.microsoft.com/kb/929076.

You might also find the NETSTAT -E command useful in detecting network errors.


3 Comments

Exchange 2010 SP2 – Forefront Dependancies on Exchange Services « willcode4foodblog · April 12, 2014 at 11:37 am

[…] sharp co-worker of mine pointed me to this post which adds a few more bits of info on how to identify the dependencies. Good […]

Uninstallation of incorrectly installed package / RU | FICILITY.NET · February 5, 2013 at 4:56 pm

[…] Disable Forefront if installed (FSCUTILITY /DISABLE) – nice article for example here: http://www.urtech.ca/2012/03/solved-how-to-disable-forefront-for-exchange-without-killing-exchange/ 2. Run installation of new RU (This will automatically uninstall prevous RU and install new one) 3. […]

Uninstallation of incorrectly installed package / RU « exkb · August 12, 2012 at 4:32 am

[…] Disable Forefront if installed (FSCUTILITY /DISABLE) – nice article for example here: http://www.urtech.ca/2012/03/solved-how-to-disable-forefront-for-exchange-without-killing-exchange/2. Run installation of new RU (This will automatically uninstall prevous RU and install new one)3. […]

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *