ADR Rules Hits 60% updates for Endpoint Protection
Hi,
I have an ADR rule that is working correctly, the only thing its not hitting is all the servers for the Updates of the AV, I have about a 60% success rate.
I have checked my policies and everything is the same, I have some servers in the same collection not updating the AV an the have the exact same policies and in the same site controlled by the same management point and Distribution Point same Domain.
Can you assist me in telling me where to check what is the blockage of the updates, My ADR rules are running fine no errors in the ruleengine.log, I seem to constantly fix this issue and cant find the issue,
any assistance will do.
I am still having issues with this,
Did not seen anything in the logs all say its downloaded and installed the new updates, but it doesn't reflect on the Endpoint Console on the host even after reboots, I am now using a Remediation script to keep them updated.
As it looks like the normal ADR is failing me, but gives me time to still investigate now with the Remediation.
Similar Messages
-
Configuring SMTP account for Endpoint protection alerts
Hi all
I am using SCCM 2012 R2 Endpoint protection. I want to configure email alerts for Endpoint protection. I have mail server in Windows 2008 R2 server in a WORKGROUP. Since mail server is not in domain , how can i configure SMTP server setting. What account
i need to use for SMTP?You can get advice from others on the forum Ashok but ultimately you are the only one that will be able to figure this out. You need to look at your mail server (or talk to the person that manages it) and see how it is configured to allow email relay from
the firewall, for example. It could be that the mail server is configured with a rule to allow relays anonymously from that specific IP address.
You then need to configure the email server to allow the requests from the ConfigMgr server in exactly the same way. It might be as simple as adding the IP address to the above rule. You will NOT need to configure an Endpoint Protection SMTP Server Connection
Account. As Joyce says this is only required if the mail server REQUIRES authenticated access (but you can configure the rule so that it doesn't).
"they just use SMTP server and a email address for authentication"
This isn't the case Ashok. This is not authentication. The email address is just a label so that you can see where the alert is coming from.
I hope this is all clear. This isn't a ConfigMgr issue as such. It's email relaying so is specific to the email product you use.
Gerry Hampson | Blog:
www.gerryhampsoncm.blogspot.ie | LinkedIn:
Gerry Hampson | Twitter:
@gerryhampson -
Collection Alerting for Endpoint Protection and Client Status
both for the Client Status alerts and for the Endpoint Protection alerts I have set these up on one collection each,
the thing is if you go to the Client Status node under monitoring, by default the collection 'All desktop and server clients' is selected, while this one doesn't even have the alert configured
same goes for endpoint protection, where by default the collection 'All client Systems' is selected ...
what is the purpose of configuring a specific collection for the alerting, if you have to select this every time you look at the monitoring?
try to explain that to customers..The purpose of configuring alerts for different Collections is that you can have e-mails send to different Groups. When you create subscriptions you can select the different alerts and configure them to mailed to different Groups.
Kent Agerlund | My blogs: blog.coretech.dk/kea and
SCUG.dk/ | Twitter:
@Agerlund | Linkedin: Kent Agerlund |
Mastering ConfigMgr 2012 The Fundamentals -
Help with Application for Endpoint Protection
I created an application to install System Center Endpoint Protection, because we are using Symantec Endpoint Protection 12.1.3, which is unsupported for SCEP to remove. With the application I set it to supersede our SEP 12.1 client and remove
any previous software. I created a previous thread, located here:
http://social.technet.microsoft.com/Forums/en-US/38a476b3-0e71-4e80-b348-81143fa5cefe/creating-an-application-for-sc-endpoint-protection?forum=configmanagergeneral.
The initial test works, our SEP is removed and SCEP is installed, however the client takes anywhere from 3-5 hours before SCEP pulls down the correct Anti-Malware policy and applies the latest definitions. The time frame for this is longer then
we want, rebooting the computer or going into the SCCM client and running the actions does not seem to speed up the process.
At the moment, the command that works is "scepinstall.exe" /s /q,
what I attempted to do was export the current anti-malware policy and run the command
"scepinstall.exe" /s /q /policy "Malware.xml", however this does not seem to work, in SCCM or running the command via a command prompt. The only way it would is if I fully defined the path the of the xml such
as, scepinstall.exe /s /q /policy C:\Windows\CCMCache\2\malware.xml, but this command does not work in SCCM, only via the command prompt. As well defining the policy doesn't seem to do anything, when I open SCEP, I cannot enter the history
or settings tab. Even if it did I could not guarantee that the path would remain constant.
It seems odd that it can take 3-5 hours before SCEP pulls down its policy, is this normal when installing without a defined policy?
Is there a setting that I need to change somewhere that is defining when the client can check in for a new Anti-malware policy? The SCCM client is checking the default time of 60 mins.
Is there a way to define the policy on the install any other way?
Is there something I am missing?Hi,
I normally use a custom task sequence when swithing the antivirus, here is a great way of doing it solving the initial download of the definition updates as well from a package works great for OSD as well.
http://www.chrisnackers.com/2012/10/18/configuration-manager-2012-installing-endpoint-protection-during-a-task-sequence/
using the cache\2 is not a really good idea as it will not be same between computer, put the command line in a .cmd file and use the %~dp0 variable for current directory "scepinstall.exe /s /q /policy %~dp0EPAMPolicy2.xml" .
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec -
Locally check how Endpoint Protection client gets updates
Hi,
I'm in the middle of a large deployment of SCEP (ahem) System Center 2012 Endpoint Protection, and I've come across an interesting question. Is it possible to determine the method the local SCEP client used to obtain it's most recent definitions update?
The background here is that our clients are set to obtain updates from the SCCM server, and only from the Internet as a last resort after 12 hours of failure. However, during one recent deployment, the local team reported a spike in their Internet traffic
and believe several hundred SCEP clients updated via the Internet. Is it possible to verify this locally from log files on the computer or some other method?
This is an issue for some of our locations where Internet bandwidth is at a premium, but we have good internal WAN links.
Kind regards,
MattHi,
We could configure Definition Update sources under Antimalware Policy.
How to Configure Definition Updates for Endpoint Protection in Configuration Manager
Best Regards,
Joyce Li
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Deploying SCCM EndPoint Protection Client with updates?
Am using SCCM 2012 r2 and need to get the EndPoint Protection Client built int o my image.
If I deploy it post-imaging the laptop, how do I get the latest definitions?
Because it shows up with a red icon in the system tray and I have to go in and manually update the definitions after I install it.
Is there a task that could be done in an OSD to update the definitions?
Otherwise only way I can think of is preinstall and update and get the full scan done before capturing an image of my system to deploy to other systems.Hi,
If you use Endpoint Protection on all computer including the latest definitions in your Build and Capture saves time.
Otherwise ,the command line in windows works fine ,trigger an update of SCEP at the end of the task sequence:
"%Program Files%\Microsoft Security Client\mpcmdrun.exe" -SignatureUpdate
Here are some great articles for you reference:
Operating System Deployment and Endpoint Protection Client Installation
http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx
How to Configure Definition Updates for Endpoint Protection in Configuration Manager
http://technet.microsoft.com/en-us/library/jj822983.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hi,
I followed this manual to configure forefront endpoint protection on clients: http://www.windows-noob.com/forums/index.php?/topic/6106-using-system-center-2012-configuration-manager-part-6-adding-the-endpoint-protection-role-configure-alerts-and-custom-antimalware-policies/
Now in short: everything works fine ... as long as I trigger the audomatic deployment rules.
Current situation:
1. ADR ran fine (3:30 this night)
2.Software update group is NOT ok
3.I run ADR manually (right click on ADR, run)
4.software update group is ok (green icon)
Then virusupdates are succesfull. This means that clients only update their virus definitions when I manually run the ADR-rule.
I'm missing something here.
Please advise.
J.
Jan HoedtProbably this issue: http://social.technet.microsoft.com/Forums/en-US/c6109678-785b-4c6d-9cb4-c9dfc1e34b2e/sccm-2012-automatic-deployment-rule-not-executing-updates-for-scep?forum=configmanagerapps
Iow: wsus updates were scheduled at 3, automatic update rules at 3:15, probably sync wasn't done yet so it doesn't find updates. "The day after" updates are marked as expired.
Jan Hoedt -
Endpoint Protection not updating
Hi all,
Not sure if this is the right forum but I couldn't see one for Endpoint Protection
I've been having some troubles updating EP on 2 of my 40 of so machines for a while and I can't work it out. Basically they aren't seeing that EP updates are available to install for them.
I've uninstalled EP and the CM client. They re-installed fine. The 2 machines are getting the same policies as the others. I've deleted the Software Distribution directory, reset BITS, deleted the qr*.dat files.
When I initiate a Software Updates scan from the Configuration Mgr client this is what appears in my WindowsUpdate.log
2013-05-13 09:18:15:205 5704 19b8 COMAPI -------------
2013-05-13 09:18:15:205 5704 19b8 COMAPI -- START -- COMAPI: Search [ClientId = CcmExec]
2013-05-13 09:18:15:205 5704 19b8 COMAPI ---------
2013-05-13 09:18:15:210 948 a04 Agent *************
2013-05-13 09:18:15:210 5704 19b8 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec]
2013-05-13 09:18:15:210 948 a04 Agent ** START ** Agent: Finding updates [CallerId = CcmExec]
2013-05-13 09:18:15:210 948 a04 Agent *********
2013-05-13 09:18:15:210 948 a04 Agent * Include potentially superseded updates
2013-05-13 09:18:15:210 948 a04 Agent * Online = Yes; Ignore download priority = Yes
2013-05-13 09:18:15:210 948 a04 Agent * Criteria = "(DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')"
2013-05-13 09:18:15:210 948 a04 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2013-05-13 09:18:15:210 948 a04 Agent * Search Scope = {Machine}
2013-05-13 09:18:15:538 948 a04 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2013-05-13 09:18:15:538 948 a04 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
HTTP://%FQDN%8530/ClientWebService/client.asmx
2013-05-13 09:19:16:523 948 a04 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <%PROXYIP%> Bypass List used : <(null)> Auth Schemes used : <>
2013-05-13 09:19:16:523 948 a04 PT + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
2013-05-13 09:19:16:523 948 a04 PT + Caller provided proxy = No
2013-05-13 09:19:16:523 948 a04 PT + Proxy list used = %PROXYIP%
2013-05-13 09:19:16:523 948 a04 PT + Bypass list used = <NULL>
2013-05-13 09:19:16:523 948 a04 PT + Caller provided credentials = No
2013-05-13 09:19:16:523 948 a04 PT + Impersonate flags = 0
2013-05-13 09:19:16:523 948 a04 PT + Possible authorization schemes used =
2013-05-13 09:19:16:523 948 a04 PT WARNING: GetConfig failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
2013-05-13 09:19:16:524 948 a04 PT WARNING: PTError: 0x80072ee2
2013-05-13 09:19:16:524 948 a04 PT WARNING: GetConfig_WithRecovery failed: 0x80072ee2
2013-05-13 09:19:16:524 948 a04 PT WARNING: RefreshConfig failed: 0x80072ee2
2013-05-13 09:19:16:524 948 a04 PT WARNING: RefreshPTState failed: 0x80072ee2
2013-05-13 09:19:16:524 948 a04 PT WARNING: Sync of Updates: 0x80072ee2
2013-05-13 09:19:16:524 948 a04 PT WARNING: SyncServerUpdatesInternal failed: 0x80072ee2
2013-05-13 09:19:16:524 948 a04 Agent * WARNING: Failed to synchronize, error = 0x80072EE2
2013-05-13 09:19:16:525 948 a04 Agent * WARNING: Exit code = 0x80072EE2
2013-05-13 09:19:16:525 948 a04 Agent *********
2013-05-13 09:19:16:525 948 a04 Agent ** END ** Agent: Finding updates [CallerId = CcmExec]
2013-05-13 09:19:16:525 948 a04 Agent *************
2013-05-13 09:19:16:525 948 a04 Agent WARNING: WU client failed Searching for update with error 0x80072ee2
2013-05-13 09:19:16:526 5704 19b8 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = CcmExec]
2013-05-13 09:19:16:527 5704 19b8 COMAPI - Updates found = 0
2013-05-13 09:19:16:527 5704 19b8 COMAPI - WARNING: Exit code = 0x00000000, Result code = 0x80072EE2
2013-05-13 09:19:16:527 5704 19b8 COMAPI ---------
2013-05-13 09:19:16:527 5704 19b8 COMAPI -- END -- COMAPI: Search [ClientId = CcmExec]
2013-05-13 09:19:16:527 5704 19b8 COMAPI -------------
2013-05-13 09:19:16:527 5704 19b8 COMAPI WARNING: Operation failed due to earlier error, hr=80072EE2
2013-05-13 09:19:16:527 5704 19b8 COMAPI FATAL: Unable to complete asynchronous search. (hr=80072EE2)
2013-05-13 09:19:21:526 948 a04 Report REPORT EVENT: {4F1FD932-6FB2-4909-BB14-B58ECB839A4B} 2013-05-13 09:19:16:524+1000 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 CcmExec Failure Software
Synchronization Windows Update Client failed to detect with error 0x80072ee2.
2013-05-13 09:19:21:543 948 a04 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-05-13 09:19:21:543 948 a04 Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000 Scan 101 Managed
2013-05-13 09:19:21:543 948 a04 Report CWERReporter finishing event handling. (00000000)
From my research this indicates to me that these computers are trying to access the internet to perform their updates. They should be going to Config Mgr as specified in the policy and then WSUS (MS Updates is not selected in my policy). These
machines do not have internet access. The machines that are updating correctly also don't have internet access
Below is the WUAHandler.log
Its a WSUS Update Source type ({E6405AF2-4712-4848-8E46-A6AFF1872B0A}), adding it. WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Existing WUA Managed server was already set (%FQDN%:8530), skipping Group Policy registration. WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Added Update Source ({E6405AF2-4712-4848-8E46-A6AFF1872B0A}) of content type: 2 WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Scan results will include superseded updates only when they are superseded by service packs and definition updates. WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver') WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Async searching of updates using WUAgent started. WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Async searching completed. WUAHandler 13/05/2013 9:19:16 AM 5152 (0x1420)
OnSearchComplete - Failed to end search job. Error = 0x80072ee2. WUAHandler 13/05/2013 9:19:16 AM 6584 (0x19B8)
Scan failed with error = 0x80072ee2. WUAHandler 13/05/2013 9:19:16 AM 6584 (0x19B8)
Any help would be awesome
ThanksThanks for the reply.
It shouldn't be a proxy issue as the computers aren't configured to use a proxy. Nothing is ticked in IE settings about connecting to the Internet and the netsh winhttp show proxy gives me a direct connection
Nothing in bypass list as well
I check these settings on a machine that is working and the settings are the same
I looked in the scanagent.log and got this
- -Processing Scan Job TTL invalidity request ScanAgent 16/05/2013 3:02:17 PM 4376 (0x1118)
Message received: '<?xml version='1.0' ?> <UpdateSourceMessage MessageType='ScanByUpdateSource'>
<ForceScan>TRUE</ForceScan>
<UpdateSourceIDs>
<ID>{E6405AF2-4712-4848-8E46-A6AFF1872B0A} </ID>
</UpdateSourceIDs>
</UpdateSourceMessage>'
ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
*****ScanByUpdateSource request received with ForceReScan=2, ScanOptions=0x0000000a, WSUSLocationTimeout = 604800 ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
Sources are not current ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): - - - - - -Locations requested for ScanJobID={9B789A83-3229-4658-99E4-0FD797B48AB0} (LocationRequestID={5D090B44-18AC-4153-AEB4-55CE285A7CD1}), will process the scan request once locations are available. ScanAgent 16/05/2013
3:02:19 PM 5348 (0x14E4)
*****WSUSLocationUpdate received for location request guid={5D090B44-18AC-4153-AEB4-55CE285A7CD1} ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
Sources are not current ScanAgent 16/05/2013 3:02:19 PM 3680 (0x0E60)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): CScanJob::OnScanComplete -Scan Failed with Error=0x80244019 ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): CScanJob::ScheduleScanRetry- ScanRetry Timer task successfully scheduled. Will wake up in next 1800 seconds ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): CScanJob::OnScanComplete - Scan Retry successfully scheduled ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): CScanJobManager::OnScanComplete- Scan has failed, scan request will be pending for scan retry cycle. ScanAgent 16/05/2013 3:02:20 PM 5348 (0x14E4)
CScanAgent::ScanCompleteCallback - failed at OnScanComplete with error=0x87d00631 ScanAgent 16/05/2013 3:02:20 PM 5348 (0x14E4)
Doesn't make any sense to me
I can use IE to hit the wsus/sccm server (roles installed on same machine). It will prompt me to download or save the *.cab files as well. -
Endpoint Protection clients no getting updates from SCCM 2012 in new Secondary Site
I recently stood up a secondary site behind a PCI firewall to manage PCI in-scope systems. All of my boundaries are properly configured and there are no overlaps. I am able to push packages to these clients and the clients are reporting as healthy however
I am not able to get updates to the SCEP clients. There is no internet access from these systems so I have to rely on updates from SCCM. From what I can see in the WindowsUpdate log it is only trying to go to Microsoft for the definitions. Here is the Log:
2014-04-30 11:05:09:739
828 da8
Misc WARNING: Send failed with hr = 80072ee2.
2014-04-30 11:05:09:739
828 da8
Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
2014-04-30 11:05:09:739
828 da8
Misc WARNING: Send request failed, hr:0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
error 0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-04-30 11:05:09:739
828 da8
SLS FATAL: GetResponse failed with hresult 0x80072ee2...
2014-04-30 11:05:09:739
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
2014-04-30 11:05:09:739
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetEndpointFromSLS - Failed to get client data and init parser, error = 0x80072EE2
2014-04-30 11:05:09:739
828 da8
EP FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL, error = 0x80072EE2
2014-04-30 11:05:09:739
828 da8
Agent WARNING: Failed to obtain the authorization cab URL for service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0
2014-04-30 11:05:09:739
828 da8
Agent FATAL: Caller <NULL> failed to opt in to service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0X80072EE2
2014-04-30 11:05:09:739
828 da8
SLS Retrieving SLS response from server...
2014-04-30 11:05:09:739
828 da8
SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422
2014-04-30 11:05:30:742
828 da8
Misc WARNING: Send failed with hr = 80072ee2.
2014-04-30 11:05:30:742
828 da8
Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
2014-04-30 11:05:30:742
828 da8
Misc WARNING: Send request failed, hr:0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
error 0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-04-30 11:05:30:742
828 da8
SLS FATAL: GetResponse failed with hresult 0x80072ee2...
2014-04-30 11:05:30:742
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
2014-04-30 11:05:30:742
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetSecondaryServicesEnabledState - Failed to get client data and init parser, error = 0x80072EE2
2014-04-30 11:05:30:742
828 da8
Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80248014
2014-04-30 11:05:30:742
828 da8
Agent * WARNING: Exit code = 0x80248014
2014-04-30 11:05:30:742
828 da8
Agent *********
2014-04-30 11:05:30:742
828 da8
Agent ** END ** Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB) Id = 9]
2014-04-30 11:05:30:742
828 da8
Agent *************
2014-04-30 11:05:30:742
828 da8
Agent WARNING: WU client failed Searching for update with error 0x80248014
2014-04-30 11:05:30:742
828 da8
IdleTmr WU operation (CSearchCall::Init ID 9, operation # 99) stopped; does use network; is not at background priority
2014-04-30 11:05:30:742
828 da8
IdleTmr Decremented PDC RefCount for Network to 0
2014-04-30 11:05:30:742
828 da8
IdleTmr Decremented idle timer priority operation counter to 0
2014-04-30 11:05:30:743
576 12c0
COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-04-30 11:05:30:743
576 12c0
COMAPI - Updates found = 0
2014-04-30 11:05:30:743
576 12c0
COMAPI - WARNING: Exit code = 0x00000000, Result code = 0x80248014
2014-04-30 11:05:30:743
576 12c0
COMAPI ---------
2014-04-30 11:05:30:743
576 12c0
COMAPI -- END -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-04-30 11:05:30:743
576 12c0
COMAPI -------------
2014-04-30 11:05:30:743
576 1254
COMAPI WARNING: Operation failed due to earlier error, hr=80248014
2014-04-30 11:05:30:743
576 1254
COMAPI FATAL: Unable to complete asynchronous search. (hr=80248014)
The log is from a Server 2012 R2 Client. The only thing I was able to find was this Article which did not resolve my issue. Anyone else encounter anything similar? Any help would be appreciated.
Regards, Evan Mills - Systems AdministratorEvery two hours is too aggressive for the ADR. Definitions are only released 2-3 times a day so every 8 hours is what most consider best practice. Is your WSUS sync occurring every two hours as well? If not, then the ADR wouldn't have anything new to pick
up anyway. It's best to set the WSUS sync for every 8 hours and then set the ADR to run after any successful WSUS sync.
So the EP definitions are caching but not installing? What does the WUAHandler.log show? One of my machines shows the following which indicates a successful installation from the ConfigMgr delivered update:
1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.933.0) (0a156122-d4f8-4215-9e63-8f0f1e32c9c6, 200) WUAHandler 4/30/2014 6:49:33 AM 11080 (0x2B48)
Async installation of updates started. WUAHandler 4/30/2014 6:49:34 AM 11080 (0x2B48)
Update 1 (0a156122-d4f8-4215-9e63-8f0f1e32c9c6) finished installing (0x00000000), Reboot Required? No WUAHandler 4/30/2014 6:50:23 AM 8664 (0x21D8)
Async install completed. WUAHandler 4/30/2014 6:50:23 AM 8664 (0x21D8)
Installation of updates completed. WUAHandler 4/30/2014 6:50:23 AM 11032 (0x2B18)
It sounds like if you set "Check for Endpoint Protection definitions at a specific interval" to 0 then it would prevent the WindowsUpdate.log activity you're seeing when the EP client tries to reach out for updates. -
We upgraded SCCM SP1 to CU5. We got one primary site, on which we had no problems with running the CU setup. After the upgrade we pushed the new administrator console and client.
SP1 CU5 - console update -> Updated on all administrator users (50 computers)
SP1 CU5- x64 and x86 client update -> Updated on pilot group (50 computers)
No problems so far.
We are having troubles updating the Endpoint Protection Client version. This was V4.1.522.0 before the upgrade. When we enroll a new computer, it receives the new V4.5.216.0, which is the last version.
But we can't update our older clients. We try to deploy the software update (Update for Forefront Endpoint Protection 2010 Client - 4.5.216.0 (KB2952678)) but it doesn't install. After 20 minutes, if I look in the Deployment logs, it says the installation
was successfull; but it isn't, it's still the old version.
Strange thing is, we can upgrade to an inbetween version (Update for Forefront Endpoint Protection 2010 Client - 4.3.215.0 (KB2864366)). Which installs on a test client.
If I look to the cache files of the new EP Client update, and use the UpdateInstall.exe manually, the update does install. Then I see in the logfile EndpointProtectionAgent.log it still refers to the version 4.1.522.0.
EP 4.5.216.0 is installed, version is higher than expected installer version 4.1.522.0. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
Re-apply EP AM policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
Apply AM Policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml". EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
Save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
State 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash D277339FA77A9017801399D96266BAD42DE74F38 is NOT changed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
Skip sending state message due to same state message already exists. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
Firewall provider is installed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
Installed firewall provider meet the requirements. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
This is the WindowsUpdate.log when I try to push the new EP client.
2015-01-14 11:24:13:651 7416 1c44 Handler :::::::::
2015-01-14 11:24:13:651 7416 1c44 Handler : Updates to install = 1
2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Command line install completed. Return code = 0x8004ff25, Result = Failed, Reboot required = false
2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Exit code = 0x8024200B
2015-01-14 11:24:21:716 7416 1c44 Handler :::::::::
2015-01-14 11:24:21:716 7416 1c44 Handler :: END :: Handler: Command Line Install
2015-01-14 11:24:21:732 7416 1c44 Handler :::::::::::::
2015-01-14 11:24:21:794 1096 c18 Agent *********
2015-01-14 11:24:21:794 1096 edc AU Can not perform non-interactive scan if AU is interactive-only
2015-01-14 11:24:21:794 1096 c18 Agent ** END ** Agent: Installing updates [CallerId = CcmExec]
2015-01-14 11:24:21:794 1096 c18 Agent *************
2015-01-14 11:24:21:794 2296 fac COMAPI >>-- RESUMED -- COMAPI: Install [ClientId = CcmExec]
2015-01-14 11:24:21:794 2296 fac COMAPI - Install call complete (succeeded = 0, succeeded with errors = 0, failed = 1, unaccounted = 0)
2015-01-14 11:24:21:794 2296 fac COMAPI - Reboot required = No
2015-01-14 11:24:21:794 2296 fac COMAPI - WARNING: Exit code = 0x00000000; Call error code = 0x80240022
2015-01-14 11:24:21:794 2296 fac COMAPI ---------
2015-01-14 11:24:21:794 2296 fac COMAPI -- END -- COMAPI: Install [ClientId = CcmExec]
2015-01-14 11:24:21:794 2296 fac COMAPI -------------
2015-01-14 11:24:21:794 1096 1620 AU Can not perform non-interactive scan if AU is interactive-only
2015-01-14 11:24:26:739 1096 1424 Report REPORT EVENT: {ED287668-4BEF-46FD-BB57-CA17680E5D3B} 2015-01-14 11:24:21:732+0100 1 182 101 {A90C3005-7B59-4268-8B11-12D9BE5C8EA0} 201 80070643 CcmExec Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Update for System Center Endpoint Protection 2012 Client - 4.5.216.0 (KB2952678).
2015-01-14 11:24:27:207 1096 1424 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2015-01-14 11:24:27:207 1096 1424 Report WER Report sent: 7.5.7601.17514 0x80070643 A90C3005-7B59-4268-8B11-12D9BE5C8EA0 Install 101 Managed
2015-01-14 11:24:27:207 1096 1424 Report CWERReporter finishing event handling. (00000000)
Thanks in advance!Hello,
According to
kb2952678:
To apply this update, you must have one of the following installed:
System Center 2012 R2 Configuration Manager Cumulative Update 4 for System Center 2012
Configuration Manager Service Pack
Service Pack 2 for System Center Configuration Manager 2007 and Update Rollup 1 for
Forefront Endpoint Protection 2010
Do you have Update Rollup 1 for Forefront Endpoint Protection 2010?
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Endpoint Protection error: The source folder for content does not exist.
I have a single SCCM 2012 SP1 CU4 server running on Windows Server 2012.
I have been using this for a little more than a month for Endpoint Protection and Windows Updates.
I just recently started seeing that my Endpoint Deployment Package has Failed. I click on "Content Status" and select the Endpoint package (which again shows Failed). I click on "View Status" and I get this
message in the "Error" tab:
The source folder for content does not exist.
The Asset Details point to the exact location that does not exist:
The source directory "\\<server>\updates\endpoint\6bd81fde-3a3f-4aa9-bf70-ba007891ca68" for package "<package>" does not exist.
I didn't change anything related to this, and that directory path (\\server\updates\endpoint) is
shared and is populated with a lot of other folders.
Is this possibly just a bad update file? Should I manually create that sub-folder that it says is missing?
Any help would be great! Thanks!Thanks for the quick reply, Torsten. (I often forget which logs to check for certain things).
There are six lines (3 errors -- in italics below) in the log around the same time frame. They read:
The source directory \\sccm-corp\updates\endpoint\6bd81fde-3a3f-4aa9-bf70-ba007891ca68 doesn't exist or the SMS service cannot access it, Win32 last error = 2 SMS_DISTRIBUTION_MANAGER 5/27/2014 11:54:46 AM
5920 (0x1720)
STATMSG: ID=2306 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SCCM-Corp.pdcarea.lcl SITE=PDC PID=6008 TID=5920 GMTDATE=Tue May 27 16:54:46.962 2014 ISTR0="\\sccm-corp\updates\endpoint\6bd81fde-3a3f-4aa9-bf70-ba007891ca68" ISTR1="PDC00063"
ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PDC00063" SMS_DISTRIBUTION_MANAGER 5/27/2014 11:54:46 AM 5920 (0x1720)
Failed to take snapshot of one or more contents in package PDC00063 SMS_DISTRIBUTION_MANAGER 5/27/2014 11:54:46 AM 5920 (0x1720)
CDistributionSrcSQL::UpdateAvailableVersion PackageID=PDC00063, Version=10, Status=2302 SMS_DISTRIBUTION_MANAGER 5/27/2014 11:54:46 AM 5920 (0x1720)
STATMSG: ID=2302 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SCCM-Corp.pdcarea.lcl SITE=PDC PID=6008 TID=5920 GMTDATE=Tue May 27 16:54:46.990 2014 ISTR0="Endpoint Protection Definition Updates" ISTR1="PDC00063" ISTR2="" ISTR3=""
ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PDC00063" SMS_DISTRIBUTION_MANAGER 5/27/2014 11:54:46 AM 5920 (0x1720)
Failed to process package PDC00063 after 33 retries, will retry 67 more times SMS_DISTRIBUTION_MANAGER 5/27/2014 11:54:47 AM 5920 (0x1720) -
SCCM Server says Forefront Endpoint Protection failed to install update(s)
I have a single SCCM 2012 SP1 CU4 server running on Windows Server 2012. I primarily use this for Endpoint Protection and Windows Updates.
Recently I started seeing a lot of errors in the Endpoint Protection deployments. This one has me baffled because the Endpoint Protection client on the machine says that it is up-to-date. However, when I go to
Monitoring --> Deployments on the server, I see tons of errors that read "Failed to install update(s)."
Under the "Last Enforcement Error Code" heading, it reads:
0x80070643.
I have spent several days searching about this, but the only info I can find is about Endpoint Protection
installation problems. In my case, though, I have Endpoint Protection installed...it is the
update(s) that are showing the errors.
Server screen-shot:
Client screen-shot:
Thanks in advance for any help.I see these entries starting at 6:19 PM last night and ending at 6:09 AM today: I put in
bold what kind of stands out to me.
Assignment {7b642d5f-623d-4c44-a902-a414bef0adf7} has total CI = 1 UpdatesDeploymentAgent 5/15/2014 6:19:29 PM 1232 (0x04D0)
OnPolicyModify for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})... UpdatesDeploymentAgent 5/15/2014 6:19:29 PM 1232 (0x04D0)
Starting forced trigger (TriggerActivate) for assignment {7b642d5f-623d-4c44-a902-a414bef0adf7} UpdatesDeploymentAgent 5/15/2014 6:19:29 PM 1232 (0x04D0)
Detection job ({F7A501B7-38F4-458B-AA62-F32212D3B614}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:19:29 PM 1232 (0x04D0)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:20:02 PM 1072 (0x0430)
DetectJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:20:02 PM 4632 (0x1218)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/15/2014 6:20:02 PM 4632 (0x1218)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/15/2014 6:20:02 PM 4632 (0x1218)
DownloadCIContents Job ({8C3E7548-DA29-48EB-B3C3-12B96B31D492}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:20:02 PM 4632 (0x1218)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:20:03 PM 4632 (0x1218)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:20:03 PM 4508 (0x119C)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0 UpdatesDeploymentAgent 5/15/2014 6:20:03 PM
4508 (0x119C)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0 UpdatesDeploymentAgent 5/15/2014 6:20:03 PM
4508 (0x119C)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:20:03 PM 4508 (0x119C)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:20:03 PM 4508 (0x119C)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:20:03 PM 4508 (0x119C)
DownloadJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:20:03 PM 1128 (0x0468)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/15/2014 6:20:03 PM 1128 (0x0468)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/15/2014 6:20:03 PM 1128 (0x0468)
Message received: '<?xml version='1.0' ?>
<CIAssignmentMessage MessageType='Activation'>
<AssignmentID>{7b642d5f-623d-4c44-a902-a414bef0adf7}</AssignmentID>
</CIAssignmentMessage>' UpdatesDeploymentAgent 5/15/2014 6:37:00 PM 452 (0x01C4)
Assignment {7b642d5f-623d-4c44-a902-a414bef0adf7} has total CI = 2 UpdatesDeploymentAgent 5/15/2014 6:37:00 PM 452 (0x01C4)
Assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) received activation trigger UpdatesDeploymentAgent 5/15/2014 6:37:00 PM 452 (0x01C4)
Detection job ({726D8962-0690-46DB-B9A0-FF5D979AE3CF}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:00 PM 452 (0x01C4)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:00 PM 620 (0x026C)
DetectJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 4496 (0x1190)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 4496 (0x1190)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 4496 (0x1190)
DownloadCIContents Job ({7EEA627C-B1B3-457D-BE69-6F3A8DDDA692}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 4496 (0x1190)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 452 (0x01C4)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 1648 (0x0670)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0 UpdatesDeploymentAgent 5/15/2014 6:37:01 PM
1648 (0x0670)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0 UpdatesDeploymentAgent 5/15/2014 6:37:01 PM
1648 (0x0670)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 1648 (0x0670)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 1648 (0x0670)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 1648 (0x0670)
DownloadJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 1648 (0x0670)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 1648 (0x0670)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/15/2014 6:37:01 PM 1648 (0x0670)
CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event UpdatesDeploymentAgent 5/15/2014 10:00:00 PM 3736 (0x0E98)
Suspend activity in presentation mode is selected UpdatesDeploymentAgent 5/15/2014 10:00:00 PM 3736 (0x0E98)
Atleast one user has elected to suspend non-business hours activity when in presentation mode. Checking for presentation mode. UpdatesDeploymentAgent 5/15/2014 10:00:00 PM 3736 (0x0E98)
Proceeding to non-business hours activites as presentation mode is off. UpdatesDeploymentAgent 5/15/2014 10:00:00 PM 3736 (0x0E98)
Auto install during non-business hours is disabled or never set, selecting only scheduled updates. UpdatesDeploymentAgent 5/15/2014 10:00:00 PM 3736 (0x0E98)
A user-defined service window(non-business hours) is available. We will attempt to install any scheduled updates. UpdatesDeploymentAgent 5/15/2014 10:00:00 PM 3736 (0x0E98)
Attempting to install 0 updates UpdatesDeploymentAgent 5/15/2014 10:00:00 PM 3736 (0x0E98)
No actionable updates for install task. No attempt required. UpdatesDeploymentAgent 5/15/2014 10:00:00 PM 3736 (0x0E98)
Updates could not be installed at this time. Waiting for the next maintenance window. UpdatesDeploymentAgent 5/15/2014 10:00:00 PM 3736 (0x0E98)
CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event UpdatesDeploymentAgent 5/16/2014 5:00:00 AM 3500 (0x0DAC)
No current service window available to run updates assignment with time required = 1 UpdatesDeploymentAgent 5/16/2014 5:00:00 AM 3500 (0x0DAC)
Attempting to cancel any job started at non-business hours. UpdatesDeploymentAgent 5/16/2014 5:00:00 AM 3500 (0x0DAC)
Message received: '<?xml version='1.0' ?>
<CIAssignmentMessage MessageType='EnforcementDeadline'>
<AssignmentID>{7b642d5f-623d-4c44-a902-a414bef0adf7}</AssignmentID>
</CIAssignmentMessage>' UpdatesDeploymentAgent 5/16/2014 6:09:00 AM 2768 (0x0AD0)
Assignment {7b642d5f-623d-4c44-a902-a414bef0adf7} has total CI = 2 UpdatesDeploymentAgent 5/16/2014 6:09:00 AM 2768 (0x0AD0)
Deadline received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:00 AM 2768 (0x0AD0)
Detection job ({41BE2786-E548-429E-9590-5102B1F8DE2A}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:00 AM 2768 (0x0AD0)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:00 AM 4660 (0x1234)
DetectJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 4660 (0x1234)
UpdateAssginment Download: CCM_CONTENT_WF_DEADLINE_DOWNLOAD set UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 4660 (0x1234)
DownloadCIContents Job ({D484DF2D-C472-478E-A75F-1C50DACF6A5D}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 4660 (0x1234)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 4660 (0x1234)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 748 (0x02EC)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:01 AM
748 (0x02EC)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:01 AM
748 (0x02EC)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 748 (0x02EC)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 748 (0x02EC)
Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 748 (0x02EC)
DownloadJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:01 AM 748 (0x02EC)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/16/2014 6:09:02 AM 748 (0x02EC)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})
UpdatesDeploymentAgent 5/16/2014 6:09:02 AM 748 (0x02EC)
Starting install for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) UpdatesDeploymentAgent 5/16/2014 6:09:02 AM 748 (0x02EC)
ApplyCIs - JobId = {24FEF2A6-EFAB-4675-B3DE-E357BD4D7384} UpdatesDeploymentAgent 5/16/2014 6:09:02 AM 748 (0x02EC)
Raising client SDK event for class NULL, instance NULL, actionType 13l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l UpdatesDeploymentAgent 5/16/2014 6:09:02 AM 748 (0x02EC)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDetecting, PercentComplete = 0, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:02
AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDetecting, PercentComplete = 0, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:02
AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDownloading, PercentComplete = 0, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:02
AM 2788 (0x0AE4)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDownloading, PercentComplete = 0, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:02
AM 2788 (0x0AE4)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateWaitInstall, PercentComplete = 0, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:02
AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateWaitInstall, PercentComplete = 0, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:02
AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateInstalling, PercentComplete = 0, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:22
AM 2788 (0x0AE4)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateInstalling, PercentComplete = 100, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:22
AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateVerifying, PercentComplete = 0, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:22
AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateInstalling, PercentComplete = 100, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:22
AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateVerifying, PercentComplete = 0, DownloadSize = 0, Result = 0x0 UpdatesDeploymentAgent 5/16/2014 6:09:22
AM 2788 (0x0AE4)
CUpdatesJob({24FEF2A6-EFAB-4675-B3DE-E357BD4D7384}): Job completion received. UpdatesDeploymentAgent 5/16/2014 6:09:51 AM 4660 (0x1234)
Update (Site_A0C81BE8-8706-4378-B3C3-9149D17
I did not specifically specify any maintenance windows. It looks like the default business hours are set on the client though:
Is this maybe causing my problems??? Is it possible to change that default value from the SCCM console??
Thanks again for all of your help! -
SCEP updates for servers without internet access
I have servers that are Windows Server 2012 and Windows Server 2008 R2 that CANNOT have internet access. I pushed the CM client to them and the SCEP client but they cannot get the SCEP updates. The error in the WindowsUpdate.log is:
2014-04-25 09:13:59:695 992 b94 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
error 0x8024402c
I think the Windows Update Agent is trying to update from MS.
When I run RSOP.msc, I do see that the CM server is listed as the WSUS server and was updated in local group policy which is what the CM client is expected to do.
What do I do in a situation where the machine does not have internet access and I need to update the WU agent?
Thanks,
MikeMake sure that Disable alternative sources is set to
Yes in the ConfigMgr client settings and make sure that in the antimalware policy
Set sources and order for Endpoint Protection definition does not included Microsoft Update.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Why my app store shows the update for other account which i don't know
Why my app store shows a Itsy updates for [email protected]? I've no idea about what it is.
That is her standard answer to this known problem. And it is not a bug!
You have a pirated app that is from the MAS and the app has been cracked with the MAS receipt from an app acquired with this person's MAS account. Get rid of your pirated apps to get rid of the issue.
Whichever was that last app that you downloaded for free from somewhere, rather than paying for it in the MAS, is likely the culprit. -
Log file for manual download Endpoint Protection Definition Updates
Hi,
I am downloading manually endpoint protection definition updates from SCCM 2012 R2, which log file I have to check for download progress.
Regards,
Manzoor AhmedIf you are downloading updates manually you will need to have an alternate source other than ConfigMgr for definition updates.
https://support.microsoft.com/en-us/kb/2831244?wa=wsignin1.0
Here is a list of the logs for SCEP.
http://chadstech.net/scep-2012-client-log-files/
The logs depend on which sources you have set for updates, if you have updates coming from windows update or WSUS then you could look at WindowsUpdate.log
Maybe you are looking for
-
Reverse Proxy and Load Balancer for SMP 2.3 and Agentry Application
Hi Expert, I'm putting in place a mobile solution composed by SMP 2.3 SPS 4 and SAP ECC 6.0. In the SMP 2.3 I created the agentry server and I have deployed my agentry application. My SMP/Agentry infrastructure is composed by two servers therefore I
-
Previous versions allowed you to keep the list of Playlists on the left and List all the songs individually on the right. Now if you're building a new playlist, it puts it on the right and lists the songs by albums instead of alphabetically by each s
-
Where is the settings to speed up the filter
When I go to the interactive form, click on the first column to filter, it just hangs, just the spinning circle at the top, it never does the drop down.
-
Tree GUI .. without JTree
I am expected to provide a windows explorer like GUI (expand,collapse,folder view) without using JTree .. I have an NTree data structure from which is populated and i have to display that in a tree structure P.S : no JTree is to be used .. what basic
-
How can I found out how much is left on a card without redeeming it
I have a bunch of itunes cards, how can i find out how much is on them without redeeming them