SCEP definition update through Automate Deployment Rule
Hi all. Got a question on deploying SCEP 2012 definition updates to client PC through SCCM2012 R2 by using Automate Deployment Rule. It looks like the client PC is not receiving the definition updates immediately. The ADR seems working
fine, it completed the synchronization successfully, no error on "PatchDownloader.log" and "ruleengine.log"; deployment folder got filled up with new definition updates. However, the client is not receiving the new SCEP definition
updates immediately, although I've configured ADR to install the update as soon as possible, yet nothing happens for the past 2 hours. I ended up launch the SCEP console on the client PC and then click the "update" button manually, and this
launch the update process. I just wondering how much time we need to wait for the SCEP definition update to apply onto the client PC. Microsoft seems release 3 - 4 definition update per day, I am afraid we might not using the latest definition
update due to the time waiting issue. Thank you.
I've configured the polling interval to take place every 3 hours. I guess this contribute to the waiting time. I will keep an eye on it to see if the definition in deed installs automatically.
Yes that's one of the delay which is the major Contribution also there would be some delay for the updates when they are downloading and getting updated to the distribution points. You can check the 'Content Status' for that package to verify if it got updated.
Umair Khan
Microsoft Support Escalation Engineer
Blog: http://blogs.technet.com/umairkhan
Facebook:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Similar Messages
-
SCEP definition updates for clients in DMZ
Hello,
I do want to enable SCEP definition updates for small group of clients in DMZ (apprx 30 -40)
I have created a separate AD OU and SCCM collection for such computers.
Google shows me different ways like using Definition Update Automation Tool, WSUS, scripts, shares etc, and I am quite confused for which way to adopt.
can any one suggest me which is the best automated way?
I do have SCCM 2012 sp1 and all win 8 cleints.
Thanks in AdvanceYou can use whathever method you prefer. All will most likely work. As there's already Configmgr in place I'd use it to do this job. ADRs (automatic deployment rules) can be used to automate this process.
Torsten Meringer | http://www.mssccmfaq.de -
SCEP Definition update from Microsoft Malware Protection Center vs WindowsUpdate?
Hi,
SCEP Definition update from Microsoft Malware Protection Center vs WindowsUpdate? What is the different?
/SaiTechIf I remember correctly - definitions for A/V and NIS will be the same from either location. I think MMPC might give you the ability to download partial, not yet released definitions for added zero-day protection. I don't remember
if you have to be part of MAPS to get that benefit, sorry.
With the integration of WSUS with SCCM 2012, I've found that using updates distributed from ConfigMgr to be sufficient. I do have those other methods available, but at lower priorities so that remote users who don't VPN as often as they should, have
a fallback until we can get PKI/HTTPS or an Azure DP, or Direct Access.
Again, I'm not 100% sure, but I do know that getting updates from SCCM's built in WSUS (via Automatic Deployment Rules), has worked really well for us, and having those extra methods enabled in your policy definitely makes for some extra fallback options. -
SCEP Definition Updates not updating
Hi!
Our topology consists in one Head Quarter Office Server and 6 Branch Office Servers.
All systems are updated, except for the systems on one Branch Office.
I have checked step by step the blog http://blogs.msdn.com/b/scstr/archive/2012/05/31/how-to-scep-amp-settings-amp-automatic-deploymnet-rule.aspx
Its everything fine, but the systems persist not updated on that branch office.
When I checked the Content Status of FEP Definition Update Deployment Package, it has a status of "In Progress".
The target server does have enought disk space to receive the content, once I created a prestaged content file and it has about 600MB.
I removed that content location and then distributed again. How can I follow the logs of that distribution?
Any suggestion on checking this problem out?
Thanks in advance.
Fabio Martins MCDST/MCSA Brasil!!!Hi,
What's the content status of the update package? In progress?
1.You could try to increase the number of Maximum threads per package in
Software distribution component properties under
Sites ->choose your site -> Configure site components -> Software Distribution.
Reference:Packages content status stuck on “in Progress” in SCCM 2012
http://silentcrash.com/2013/08/packages-content-status-stuck-on-in-progress-in-sccm-2012/
2.You could also try to cancel the package distribution, then prestage the content.
Reference:How to Stop in progress Package Content Distribution to a DP in SCCM 2012 R2
http://anoopcnair.com/2014/02/25/stop-progress-package-content-distribution-dp-sccm-2012-r2/
(Note: Microsoft provides third-party contact information to help you find technical support. This contact
information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Trying to comprehend the use of Automatic Deployment Rules
I am having a hard time trying to conceptualize ADRs. I would appreciate it if someone can let me know if I am on the right track here.
The way I see it is I can set up an ADR for every 2nd Tuesday of every month (Patch Tuesday) to run to build my initial deployment to a pilot test group. Then I have to build subsequent deployments after that since ADRs can only build one deployment (the
one for my pilot test group).
My question is, should an ADR be used only for a pilot test deployment and not a production deployment?
Thank you very much everyone, I appreciate your helpI thought during the wizard it allows you to specify which type of patches you want to deploy such as Security, etc?
You select the update filter and criteria in the ADR wizard:
http://blogs.technet.com/b/configmgrdogs/archive/2012/05/08/configmgr-2012-automatic-deployment-rules.aspx
An example scenario:
http://technet.microsoft.com/en-us/library/jj134348.aspx#BKMK_Step2
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Some clients not receiving SCEP definition updates
I have a collection for some of our application servers that is used in conjunction with an ADR to deploy the SCEP definition updates. 12 of the servers in this collection recently had the SCCM 2012 R2 client installed on them. (The collection has a total
of 23 servers in it)
I can see that these 12 servers have the Antimalware policy applied, but are not getting the SCEP updates. The summary for SCEP is: Service started without any malware protection engine; AV signatures out of date; AS signatures out
of date.
The policy application state is "Succeeded" with the recent date and time.
When I view the status of the deployment, the enforcement state is "Failed to install update(s) " with an error code of 0X87D00667 - No current or future service window exists to install software updates.
These servers are members of another collection that is used for deploying the Monthly updates. This "update" collection does have a maintenance window on it specific to software updates, with no recurrence schedule.
Do maintenance windows apply to the machine then, regardless of what collection they are in?
These 12 servers, for the Endpoint Protection client settings have the "Allow EP client installation and restarts outside MW" set to No, and the Suppress any required computer restarts after the EP client is installed set to Yes.
For the Software Updates client setting, the update scan schedule and deployment re-evaluation is set to every 7 days.
So, in looking at this, it appears that these servers will never get any SCEP updates because they are members of another collection that has a MW, even though the SCEP collection does not have a MW?
Is that correct?I added a MW on the collection that is used for SCEP updates. I made the MW effective yesterday, but the MW hours were from 5:30am-7:30am daily (which should have started this morning, 1/30, at 5:30am).
In the updatesdeployment.log, I see the MW starting:
CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event UpdatesDeploymentAgent 1/30/2015 5:30:00 AM 3004 (0x0BBC)
No current service window available to run updates assignment with time required = 1 UpdatesDeploymentAgent 1/30/2015 5:30:00 AM 3004 (0x0BBC)
CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event UpdatesDeploymentAgent 1/30/2015 7:30:00 AM 3312 (0x0CF0)
No current service window available to run updates assignment with time required = 1 UpdatesDeploymentAgent 1/30/2015 7:30:00 AM 3312 (0x0CF0)
Attempting to cancel any job started at non-business hours. UpdatesDeploymentAgent 1/30/2015 7:30:00 AM 3312 (0x0CF0)
However, the definitions are not installed. These 12 servers have the SCEP client, but no definitions installed.
There are 11 servers in this collection that are getting the definition updates, but the 12 servers in this collection that have recently had the SCCM client installed on it are not getting the updates. So I know that the ADR is working.
What am I missing to get these 12 servers to install/update the definitions? -
SCCM 202 R2 - Automatic Deployment Rules
Hi all,
just got a question about the way in which the Automatic Deployment Rules work in SCCM 2012 R2. I've got a number of patching collections configured with different types of machines in (Pilot Group, Desktops, Test Servers, Prod Servers etc...) and was
hoping to set up a corresponding ADR for each of these collections.
Having had a quick test of the ADR, it seems to work well. When the Evaluation Schedule deadline hits, I see the updates are downloaded (watching RuleEngine.log) and then a new Software Update Group is created and is deployed to the machines
in the collection.
My question is, what's the best way to set up the ADRs to patch these collections? Does each patching collection need it's own ADR? If so, does this mean I will end up downloading the same updates multiple times since most of the ADRs will have the
same Products/Classifications selected?
Realise this is probably a fairly simple question but can't quite get my head round it so any help/info would be much appreciated!
CheersThere really are three possible strategies here:
- Use an ADR for each collection. This will of course cause duplicate update groups but will be fully automated.
- Use a single ADR for each OS type; e.g., one for workstations and one for servers. Then manually add deployments to the appropriate ADR for each collection. This requires a bit of manual intervention but its not much and offers a QA checkpoint.
- Use a single ADR targeting a master collection and then use maintenance windows to control deployment times to "sub-collections". This is fully automated as well but does require some manipulation of the maintenance windows on a month to month
basis.
I often do a combination of the above depending upon the exact needs of the environment.
Jason | http://blog.configmgrftw.com | @jasonsandys -
System Center 2012 Error on Automatic Deployment Rule
Good day,
I have created and Automatic Deployment Rule to deploy my EndPoint Protection updates. So far, I have been able to deploy the agents, and the Antivirus to all my network computers. The problem I have is when the update rule runs. I have checked the SMSProv.log
file, and this I what I get:
Execute SQL =select all SMS_AutoDeployment.AutoDeploymentEnabled,SMS_AutoDeployment.AutoDeploymentID,SMS_AutoDeployment.SecurityKey,SMS_AutoDeployment.Description,SMS_AutoDeployment.LastErrorCode,SMS_AutoDeployment.LastErrorTime,SMS_AutoDeployment.LastRunTime,SMS_AutoDeployment.LocaleID,SMS_AutoDeployment.Name,SMS_AutoDeployment.Schedule
from vSMS_AutoDeployments AS SMS_AutoDeployment where SMS_AutoDeployment.AutoDeploymentID = 1
I am running System Center 2012 R2 on Windows Server 2012 R2. With this, I run SQL Server 2012 Sp1.
Thanks
ChrisHi,
UpdatesHandler.log on the client records about the download and installation of software updates on the client.
Best Regards,
Joyce Li
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
SCEP definition updates for clients in DMZ via UNC is not working.
Hello,
I have configured SCEP definition updates via UNC method for my Win 8.1 clients in DMZ and its not working.
Script is properly associated with task scheduler and downloading definition to shared folder properly.
Even running the mpcmdrun.exe -SignatureUpdate, gives the below error:
C:\Program Files\Microsoft Security Client>mpcmdrun.exe -SignatureUpdate
Signature update started . . .
ERROR: Signature Update failed with hr=80070002
CmdTool: Failed with hr = 0x80070002.
MpCmdRun: Command Line: mpcmdrun.exe -SignatureUpdate
Start Time: Sun Jul 06 2014 11:05:09
Start: MpSignatureUpdate()
Update started
Search Started (UNC share) (Path: \\sccm\SCEP_UNC_DEFS\Updates\x64)...
Search Completed
Download Started...
Download Completed
Installation Started...
Installation Completed
Update completed with hr: 0x80070002
ERROR: Signature Update failed with hr=80070002
MpCmdRun: End Time: Sun Jul 06 2014 11:05:17Hi,
Please check logs on the client to see whether there are any helpful information.(ScanAgent.log, Windowsupdate.log and UpdatesHandler.log)
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
SCCM Automatic Deployment Rule Schedule
Dear All,
I have SCCM 2012 R2 running on Win2008 R2 Sp1. When I create an automatic rule, and later on I decide to change the Deployment Schedule, it wont save the changes.
I wonder if this is some sort of bug.
Thank yoiuHi,
Could you reproduce this situation on the same site?(create a new Automatic deployment rule, then edit it)
How about on the another site with the same infrastructures?
Best Regards,
Joyce Li
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Automatic Deployment Rule - Error 5
Hello,
I'm experiencing an odd issue with setting up an automatic deployment rules. Everything looks like it's fine, but it's running into a permissions error on the location of the package. I enabled auditing and gave EVERYONE full access to the share and everything
runs fine and verify that my admin account is the one writing. When I remove EVERYONE and designate the admin account with full share and full security permissions it gives back error 5 for permissions. Any ideas?An ADR runs with SYSTEM credentials and not with your admin credentials.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Automatic Deployment Rule for SCEP Definitions growing too large.
See the deployment package for SCEP definition is now 256MB and growing. How can we make sure it stays small? The ADR creating the package is leaving 26 Definition in there right now.
The method that Kevin suggests above is what is implemented as part of a default deployment template included with SP1. This limits the number of definitions in the update group to the latest eight (I think).
As a supplemental note here, whenever an ADR runs and is configured to use an existing update group, it first wipes that update group.
Jason | http://blog.configmgrftw.com -
SCEP Definition Updates showing as 'not required'
I've seen this posted a couple of times by other people already, but in both cases there was never any response - so I'm trying again in the hope that somebody has seen it and figured it out now...
I have set-up and ADR for SCEP 2012 definition updates and it is fully working as expected.
However - if I do a Run Summarization on the Software Updates node, all the definition updates report 100% compliance BUT report back as 'not required' for all machines. Surely these should report as 'Installed'?
Other updates are correctly showing as 'Installed' - it's just the defs delivered through the ADR process that are wrong.Yes, I know this is an old post, but I’m trying to clean them up. Did you solve this problem, if so what was the solution?
Personally I never look at the console for numbers, I only look at the report, the console will always be behind. The report will always reflect the current situation.
Remember that SCEP SU are released 3 or 4 times a day, as soon as a new SU is released for SCEP the old SU will be no required. Since the console only get updated once every 24 hours, IMO it is easy to see why the number within the console will show as not
required.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ -
SCEP definition updates trying to pull from the Internet - poor behaviour
Most of our clients do NOT have the ability to just head out to the internet to get things (via proxy or otherwise) and as such, I have configured my Malware policy to use "Updates distributed from Configuration Manager" ONLY
I do NOT want it trying to get updates from ANYWHERE ELSE.
Some aren't behaving. :(
I am seeing log entries that indicate that the client is trying to go out to the Internet to get the updates.
Here is a cycle of the machine's more recent attempt:
2014-01-27 19:51:43:096 3616 e38 Misc =========== Logging initialized (build: 7.6.7600.256, tz: -0000) ===========
2014-01-27 19:51:43:096 3616 e38 Misc = Process: c:\Program Files\Microsoft Security Client\MpCmdRun.exe
2014-01-27 19:51:43:096 3616 e38 Misc = Module: C:\Windows\system32\wuapi.dll
2014-01-27 19:51:43:096 3616 e38 COMAPI -------------
2014-01-27 19:51:43:096 3616 e38 COMAPI -- START -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:51:43:096 3616 e38 COMAPI ---------
2014-01-27 19:51:43:096 3616 e38 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:51:43:096 1032 e7c Agent *************
2014-01-27 19:51:43:096 1032 e7c Agent ** START ** Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:51:43:096 1032 e7c Agent *********
2014-01-27 19:51:43:096 1032 e7c Agent * Online = Yes; Ignore download priority = No
2014-01-27 19:51:43:112 1032 e7c Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6911a52c34a3' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
2014-01-27 19:51:43:112 1032 e7c Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2014-01-27 19:51:43:112 1032 e7c Agent * Search Scope = {Machine}
2014-01-27 19:51:43:112 1032 e7c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-01-27 19:51:43:128 1032 e7c Misc Microsoft signed: Yes
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: DownloadFileInternal failed for
http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-01-27 19:54:40:358 1032 e7c Misc Microsoft signed: Yes
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: DownloadFileInternal failed for
http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-01-27 19:57:37:619 1032 e7c Misc Microsoft signed: Yes
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: DownloadFileInternal failed for
http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80072EE2
2014-01-27 19:59:10:891 1032 e7c Agent * WARNING: Exit code = 0x80072EE2
2014-01-27 19:59:10:891 1032 e7c Agent *********
2014-01-27 19:59:10:891 1032 e7c Agent ** END ** Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:59:10:891 1032 e7c Agent *************
2014-01-27 19:59:10:891 1032 e7c Agent WARNING: WU client failed Searching for update with error 0x80072ee2
2014-01-27 19:59:10:906 3616 458 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:59:10:922 3616 458 COMAPI - Updates found = 0
2014-01-27 19:59:10:922 3616 458 COMAPI - WARNING: Exit code = 0x00000000, Result code = 0x80072EE2
2014-01-27 19:59:10:922 3616 458 COMAPI ---------
2014-01-27 19:59:10:922 3616 458 COMAPI -- END -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:59:10:922 3616 458 COMAPI -------------
2014-01-27 19:59:10:922 3616 5d0 COMAPI WARNING: Operation failed due to earlier error, hr=80072EE2
2014-01-27 19:59:10:922 3616 5d0 COMAPI FATAL: Unable to complete asynchronous search. (hr=80072EE2)
2014-01-27 19:59:15:891 1032 e7c Report REPORT EVENT: {45AA9823-28E9-4632-92BE-AF48B4BB8710} 2014-01-27 19:59:10:891-0000 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 System Center
Endpoint Protecti Failure Software Synchronization Windows Update Client failed to detect with error 0x80072ee2.
2014-01-27 19:59:15:969 1032 e7c Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2014-01-27 19:59:15:969 1032 e7c Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2014-01-27 19:59:15:969 1032 e7c Report CWERReporter finishing event handling. (00000000)
Anyone have any suggestions? I don't want the machines to EVER try to go out to the internet when they are trying to update their SCEP defs.Stop SCEP from downloading over the internet, uncheck the following locations:
1. SCFEP Def Deployment (ADR if you have one) -
Download Setting: If software updates are not available on preferred distribution point or remote distribution point, download content from Microsoft Updates
2. Client Setting (Endpoint Protection) [check your priority if you have more than 1]
Disable Alternet Sources (such as Microsoft Windows Update, ....) for the inital definition update on client computers.
3. Asset and Compliance :Endpoint Protection, Antimalware Policies (check all that you have and priority)
Defintion Updates: If Configuration Manager is used as a source for definition update, clients will only update from alternate sources if definition is older than (hours) Set this to 720. This is the max, after this the machine will be forced
to pull from Microsoft to protect the machine.
http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com -
SCEP Definition Updates from WSUS
I am currently using ConfigMgr (SUP) for all update patching including SCEP definitions (the 3 times a day scenario) but I was wondering if I can configure the clients so they just get their SCEP definitions from a stand-alone WSUS yet continue to receive
all other updates from ConfigMgr (SUP)? I've been successful with pointing the clients to Microsoft Update, Microsoft Malware Protection Center and UNC file shares by changing the Definition Update Source using a custom Antimalware Policy but
I haven't figured out how to point the SCEP client to a WSUS server? There is a setting in the Antimalware policy to set the UNC path so I was expecting to see a setting to set the WSUS URL. It's hard for me to believe the SCEP client can't be independaly
re-directed to a local WSUS since you can configure the SCEP client it to go directly to Microsoft or the Protection Center which is basically the WSUS mothership.
I understand that. I just assumed that since I can change the Definition Update Source and pull the definitions down from "Updates distributed from Microsoft Update" or "Updates distributed from Microsoft Malware Protection Center"
or "Updates distributed from UNC file shares", all which worked fine for me providing the SCEP client (using WUA) can pull definitions down from a different source
while all other updates come down normally via the SUP/WSUS, that the "Updates distributed from WSUS" option would allow a separate WSUS to work as well.
Jason: You asked "What's your end goal or reason for wanting to have separate sources?"
I would rather not discuss this via the forum so feel free to contact me at
[email protected] and we can continue this conversation and update the thread at a later time.
Maybe you are looking for
-
Can i generically change the "send from" email address in mavericks 10.9.2?
I have my regular email address and another that I'd prefer to be sending from. That one doesn't have password as it's a simple forwarding email. Can I send from it? Can't see how without setting it up as full email address.
-
ITunes wont recognise any of my devices
Whenever i plug my iPhone 4s or iPad2 into the USB and connect it to my iMAc, the iMac won't recognise it. Nothing at all happens - it will only charge. Usually iTunes or iPhoto will open up and recognise my device, but not now. I am running the late
-
Adding video to iTunes but keeping it in a folder when iTunes organizes your folder automaticly
Hi, I've recently added a video to my iTunes librariry (on Windows 7) so that I can view it through my AppleTV, I was able to add it to the library and change it's type from Movie to TV Show but when I look at the folder structure, it puts it to the
-
Not getting enough performance out of Msi GT60 0NC
Hello there guys! Since I've got my laptop I have been getting the feeling that I am not getting enough power out of my toy. I dont know if its me who have too big expectations about this laptop or it really should be performing better?:( I have done
-
Adobe Flash 12 for windows 7 : Seems infected by a Virus or Trojan
Adobe 12 seems infected with a virus. After installing Adobe Flash 12 my computer is controlled by some program that tries to immediately connect to the internet and play VERY IRRITATING sounds that sound like someone is changing a radio station co