You cannot install Client Security from a network share unless you have granted permission to the application. For more information, see How to deploy a .NET Framework application to run from a network location (http://go.microsoft.com/fwlink/?LinkID=87921). Instead of granting permission, you can copy Client Security to your local server before installing it.

This version of Client Security requires that, in a three-server topology, you give permissions for the account under which the SQL Server Agent runs on the reporting database to the management, collection, and reporting server. By doing so, you enable the Client Security DTS account (which runs by default as a local system account on the reporting database server) to access the collection database (located on the management, collection, and reporting server).

To grant permissions:

• On the management, collection, and reporting server, add the computer account for the reporting database server (if the SQL Server Agent runs under the local system) or the domain account that the agent runs under to the SQLServer2005ReportServerUser$computername$MSSQLSERVER group.
  
  

To find out what account the SQL Server Agent runs under:

• On the reporting database server, open the Services console and double-click SQL Server Agent (MSSQLSERVER), and then click the Log On tab.
  
  

For more information about permissions, see the Client Security Deployment Guide (http://go.microsoft.com/fwlink/?LinkID=73723).

In a one-server topology, the DAS account must be part of the same domain as the server.

After installing Client Security with SQL Server Reporting services secured via Secure Sockets Layer (SSL) security (https://servername/reports), you may find the following error in the results page in the Configuration wizard: "Failure to import reports." In this case, the log file for the Configuration wizard (ServerConfig_YYYYMMDD_HHMMSS.log) also contains the following error message: "The request failed with HTTP status 413: Request Entity Too Large".

To resolve this issue, on the reporting server, open a Command Prompt and run the following command:

cscript adsutil.vbs set w3svc/1/uploadreadaheadsize 500000.

For more information, see Client cannot renegotiate request and returns an HTTP 413 error (IIS 6.0) (http://go.microsoft.com/fwlink/?LinkId=87921)).

Your reporting server will throw unhandled exceptions if your management server name contains international characters. To avoid this issue, do one of the following: name your management server using only ANSI characters, use "localhost," or if you use a static IP for your server, use the IP address.

If you already named your server using international characters, rename your server using only ANSI characters.

If you are installing Windows Server Update Services (WSUS) 2.0 for your distribution server, do not enable SetupAndConfigTracing during installation of the distribution server. Enabling SetupAndConfigTracing in this case will cause server setup to crash.

Furthermore, do not enable UpdateAssistantTracing and UpdateAssistantConfigTracing on the WSUS 2.0 distribution server at any point. Doing so may cause other services to crash.

When installing Client Security on a client computer with Windows Vista 64-bit operating system installed and User Account Control (UAC) enabled, you will receive the following error message: "Installation failed. Failed to initialize log file…Make sure that the log path and file and/or install path is valid and accessible." In this case, client setup will fail. To avoid this issue, you must run client setup from an elevated command prompt.

Before installing the Update Rollup 1 for Windows 2000 with SP4, make sure that you have installed Windows 2000 SP4.

To install Update Rollup 1:

• On the client computer, download and install Update Rollup 1 for Windows 2000 with SP4 from Windows Update (http://go.microsoft.com/fwlink/?LinkId=87920).
  
  

If you see this log entry after installing the Client Security agent on a client computer, you need to reboot that computer. After installing the agent, you will receive a log report that the client setup failed and that you should look at fcsam.log. However, fcsam.log states correctly that the installation completed successfully. To verify that there are no failures, reboot the client computer.

The issue will occur if you recently installed the Filter Manager QFE but have not yet rebooted.

If you currently use WSUS in your Client Security deployment to distribute only definitions and not patches, the SSA patch checks will fail.

To avoid this issue, you must configure WSUS to download and automatically approve installation of all patches. The level of control that the client has over installing patches is still based on the automatic update settings in the policy.

A computer running Windows XP stops logging events when the log file exceeds 512KB. This issue occurs because the default event log size for Windows XP is 512KB. To avoid losing event data, change the default event log size on the computer.

The 14-Day History section of the Client Security Dashboard tab might not display when the reporting server role is on a separate server from the management server role.

There are two possible causes for this issue:

• The user opening the Client Security console has not been granted Client Security Report Viewer permissions. For more information, see Working with user roles in the Client Security Administrator's Guide (http://go.microsoft.com/fwlink/?LinkID=86555).
  
  
• The SQL Server Reporting Services site needs to be added to the list of trusted sites in Windows Internet Explorer®.
  
  

For more information, see Console issues in the Client Security Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkID=86109).

When upgrading a Client Security client computer from Windows XP to Windows Vista, you might find that the Windows Defender service remains enabled. Use Group Policy to disable Defender on the client computers.