Internet Explorer version 6 and 7 will use Integrated Windows Authentication whether you have the checkbox enabled or disabled. The big difference lies in the type of authentication which is kerberos or NTLM. If the option is checked IE will first try Kerberos and then will fallback to NTLM, if the option is unchecked it will just use NTLM. So Microsoft labeled the option wrong, it should say Negotiate Windows Authentication or so. Checking or unchecking this option just sets the registry key “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate” to 1 or 0.

Microsoft Forefront Security for Exchange Server integrates multiple scan engines from industry-leading security firms into a comprehensive, layered solution, helping businesses protect their Microsoft Exchange Server messaging environments from viruses, worms, spam, and inappropriate content.

• start forefrontexchangesetup.exe
• Accept the License Agreement and click on [Next]

  

• You will be warned with the fact that “Microsoft Exchange Transport” will be restarted, so if this isn’t possible, abort the setup. Else just click [Next]

  

• The next screen prompts you for the installation locations. If you want to change this do so, then click [Next]

  

• If you use a Proxy Server fill in the details, then click [Next]

  

• Enable the Antispam feature (if needed), then click [Next]

  

• The next screen is about joining the CEIP (Customer Experience Improvement Program), if you want to be part of it, check the checkbox. Click [Next]

   

• Verify your information, and then click [Next] to begin installation

  

• After the installation, click [Finish]

  

• Your start menu should now contain the “Forefront Protection for Exchange Server Console”. Fire it up.

  

• Activate your license, or continue with the evaluation (only valid for 119 days).

  

• If you have a Activation Key, you will be prompted to supply your License Agreement Number. Click on the link provided in the dialog screen.

   

You can resolve it by editing the the registry.

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.

http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx

I copied the installation files for FCS to a local temp folder, and executed the command CLIENTSETUP.EXE /NOMOM (to install FCS with the MOM agent). Keep in mind that if you are using a x64 system, execute the clientsetup.exe inside the x64 folder
This installation failed because of UAC.
I changed my UAC settings to low by launching the “Change UAC Settings”, under the tool tab in MSConfig.

Again I tried to execute the CLIENTSETUP.EXE /NOMOM.
This time FCS installed correctly.
After installation I pressed the “Check for Updates Now” inside FCS, but it reported that there we’re now updates….strange, because the definition files are from September 14th 2006.

I then found this webpage: http://support.microsoft.com/kb/935934/ you can download the antimalware definition files manually and install them. This solved it for me.

http://agilebi.com/cs/blogs/jwelch/archive/2009/07/10/view-permissions-for-reporting-services-in-sharepoint-integrated-mode.aspx

Unable to retrieve external data for the following connections:
[ODC File]
The data sources may be unreachable, may not be responding, or may have denied you access.
Verify that data refresh is enabled for the trusted file location and that the workbook data authentication is correctly set.

Here is a screenshot:

Finally today I got this error resolved.

First of all I did all the action that MVP – Ton Stegeman did in his blog about this subject. Check it out here (follow all 4 parts). He ends in part 3 with the error I have, but there was no solution provided.

First of all I needed to make sure that Kerberos is working and did not have a double hop problem, and that I could access the SSAS server and his cube. For that I added a SQL Server 2005 Analysis Services Filter Web Part and specified the same ODC file. It worked great (I could select a dimension and a Hierarchy).

The problem with this error is that I am running MOSS and SSAS both on a Windows 2008 Server (2 different servers btw.). You might think that it should not be any different than a 2003 server, but Server 2008 is “AES aware” (Advanced Encryption System). There is a problem with AES aware systems like W2K8, Vista and the use of Kerberos.
To get it to work, you will have to follow the steps below:

1. Open the following file in Notepad: “c:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Config\msmdsrv.ini”
2. There is a section called Security, which looks like this:

       <Security>
           <DataProtection>
               <RequiredProtectionLevel>1</RequiredProtectionLevel>
           </DataProtection>
           <AdministrativeDataProtection>
               <RequiredProtectionLevel>1</RequiredProtectionLevel>
           </AdministrativeDataProtection>
           <RequireClientAuthentication>1</RequireClientAuthentication>
           <SecurityPackageList/>
           <DisableClientImpersonation>0</DisableClientImpersonation>
           <BuiltinAdminsAreServerAdmins>1</BuiltinAdminsAreServerAdmins>
           <ServiceAccountIsServerAdmin>1</ServiceAccountIsServerAdmin>
           <ErrorMessageMode>2</ErrorMessageMode>
           <CellPermissionMode>0</CellPermissionMode>
       </Security>

3. Change the tag <DataProtection> and <AdministrativeDataProtection>, so it looks like this:
   

       <Security>
           <DataProtection>
               <RequiredProtectionLevel>0</RequiredProtectionLevel>
           </DataProtection>
           <AdministrativeDataProtection>
               <RequiredProtectionLevel>0</RequiredProtectionLevel>
           </AdministrativeDataProtection>
           <RequireClientAuthentication>1</RequireClientAuthentication>
           <SecurityPackageList/>
           <DisableClientImpersonation>0</DisableClientImpersonation>
           <BuiltinAdminsAreServerAdmins>1</BuiltinAdminsAreServerAdmins>
           <ServiceAccountIsServerAdmin>1</ServiceAccountIsServerAdmin>
           <ErrorMessageMode>2</ErrorMessageMode>
           <CellPermissionMode>0</CellPermissionMode>
       </Security>

4. Stop and restart Analysis Services
5. Then edit your ODC file and add the following to the connection strong:
   
   ”;SSPI=Kerberos;Protection Level=Connect” (without the quotes)

Now try again.

Tip: 
-  restart IIS every time you make a change in your ODC file.

• I needed to disable a menu item in Excel 2007.

Resolution:

• First of all download the ADM(X) templates for Office 2007 (keep in mind I am using server 2008). You can download them here
• Extract it to a folder, and then copy the contents of the admx folder to C:\Windows\PolicyDefinitions
• Open your Group Policy Editor (gpmc.msc), and make a new Group Policy (I named it “Office GPO”
• If you browse to [User Configuration], [Administrative Templates], you will see all the Office Policy Definitions.
  
• My task was to disable the Menu Items “From Other Sources”, “Existing Connections” and “Connection”.
  You can disable menu items under the group policy setting:
  [Administrative Templates\Microsoft Office Excel 2007\Disable Items in User Interface\Custom\Disable Commands\
• The Disable Commands works with ID numbers, you can find these here
  For my problem I had to disable ID’s: 11205, 12495 and 12496

  

Why is this?

This is because whenever for example IE asks AD: “which account has a SPN registration for kerberos.marcvalk.net”, and kerberos.marcvalk.net is an CNAME for IIS_Server.marcvalk.net, the reply will be IIS_Server.marcvalk.net and not the service account.

So you’ll probably see an pop-up authentication box, with a title of IIS_Server.marcvalk.net and not the correct hostheader kerberos.marcvalk.net.