Managing Standalone SCEP Client in Workgroup Computer

Similar Messages

• Manage 10.8 clients with workgroup manager

  Previously using Mac OS X 10.6.8 server with workgroup manager to manage clients.
  Installed new server running 10.8.
  I downloaded and am using the Workgroup Manager application for 10.8.
  I set up a client running 10.7.  Used the "Users and Groups" pref pane to join my directory server, and was able to then add that computer to a new group in wgm and manage the preferences.
  I set up another client running 10.8.   Used the "Users and Groups" pref pain to join my directory server, and it does not appear in my list of available clients when I browse for it to add it to the computer group.
  Does this functionality no longer work with 10.8 clients?  Was hoping to avoid profile manager for one more year....
  Thanks for any help,
  Chris

  I'm curious to know if you're still having this issue, I'm seeing the same thing here in our setup.  We have no problems with any of these users actually logging in, but we're certainly seeing a lot of them show up as "not found" ... and once they have been "lost" they seem to be lost for good!
  I'm not sure if it's something stuck in cache or if our overworked AD server doesn't respond properly and breaks something ...

• SCCM Client and SCEP Client Uninstall

  Hi, I have below questions with regard to the SCCM client software and the SCEP client software.
  Does SCCM client uninstallation removes SCEP client as well? If not, how does the Endpoint Protection get the updates after SCCM client is removed? How to remove/uninstall SCEP client?
  If the SCCM client uninstallation removes the SCEP client as well (by running ccmsetup.exe /uninstall), how to make it to NOT uninstall the SCEP client?
  Thanks.
  NM

  Yes, your SCEP client should still be able to update.
  If you're installing the ConfigMgr client again, and have manage SCEP client enabled in the ConfigMgr client settings, it does more then just adding the update source. It allows you to manage the SCEP client configuration (like scan settings, exclusions,
  etc), perform remote actions (like initiating a scan) and report about them.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Installing and Managing SCCM 2012 R2 client in workgroup

  Hi,
  I'm trying to install sccm 2012 r2 client on a workgroup workstation, but i can't manage to put the client working.
  Already tried this solutions
  http://blogs.technet.com/b/anilm/archive/2012/05/06/managing-workgroup-clients-in-configuration-manager-2012.aspx
  http://eskonr.com/2013/08/sccm-configmgr-2012-manage-workgroup-computers-for-deploymentremote-tools-etc/
  if i use this commands to install the client the client don't install.
  ccmsetup.exe /source:C:\client SMSSITECODE=PRI SMSMP=sgcmcen.cm12lab.com DNSSUFFIX=cm12lab.com
  if i use this one same happens
  Ccmsetup.exe /mp:sccmserver SMSSITECODE=XXX FSP=sccmserver DNSSUFFIX=dnssuffix
  If i use this one the client gets installed and the site code assigned but nothing more. It shows at the sccm console, but don't receive informations from sccm i think
  Ccmsetup.exe /mp:sccmserver SMSSITECODE=XXX SMSSLP=sccmserver DNSSUFFIX=dnssuffix
  on the client, clicking in Site tab and configure settings, the site code is there, clicking in Find Site returns error saying that cant find the site. on the locationservices log i'm getting
  Policy prevents failover to WINS for lookup
  Unable to retrieve AD Site membership
  No Location reply received from xxxxxx.domain.xxx
  No location reply received from xxxxxx
  thks in advance

  It should work just by:
  Copy the client files (the whole directory) to the workgroup computer (c:\tmp\Client)
  Run ccmsetup.exe /source:c:\tmp\Client SMSSITECODE=PRI SMSMP=sgcmcen.cm12lab.com DNSSUFFIX=CM12LAB.COM
  Examine %windir%\ccmsetup\logs\ccmsetup.log for more information if the client doesn't install at all, possible causes might be corrupted WMI, lack of BITS (if running Windows 2003 server).. in these cases you could run WMIDiag (http://www.microsoft.com/en-us/download/details.aspx?id=7684)
  to get more info on the errors and how to fix them.
  Couple of checks:
  DNS is working correctly both ways? Workgroup machine can find ConfigMgr server and ConfigMgr server can find workgroup machine by name? You can test this by running
  nslookup <target.fqdn> on both
  Workgroup computer is in the boundary / boundary group that has a site server assigned

• SCEP manager is not showing current logs for any SCEP clients

  I have installed SCEP manager on one machine and it is managing one client, which is on another machine.
  Client is showing virus detected logs in SCEP client UI, but the same events/logs are not getting stored in SCEP manager database, i tried pulling out records from database, there is no entry for detected viruses in the database, and SCEP manager UI monitor
  tab is also not showing any detected events.

  Hi,
  Active means that it has been active and communicated with the MP within the last 7 days, not that it is active now.
  That means that you either haven't extended the Active Directory or created the System Management container in AD and delegated permission to that container and all the child object to the ConfigMgr Primary Site Server Computer account. But that isn't a
  requirement only a rekommendation.
  If you look in the client in ClientLocation.log file can the client find an MP to communicate with? Any more errors in the MPcontrol.log file on the server?
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Error in oim Role creation using Role Manager Service API from Standalone Java client

  Hi,
    Facing the following error when trying to create Role using Role Manager Service API from a standalone java client .
  Tried with the solution of changing ,
  Login into the Web Logic Admin Console --> Servers --> OIM Server --> Protocols --> Modify the Maximum Message from 100000000 to 1000000000, but still the problem persists.
  Exception in thread "main" org.omg.CORBA.BAD_PARAM:   vmcid: 0x0  minor code: 0  completed: No
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at java.lang.Class.newInstance0(Unknown Source)
  at java.lang.Class.newInstance(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
  at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
  at com.sun.org.omg.SendingContext._CodeBaseStub.meta(Unknown Source)
  at com.sun.corba.se.impl.encoding.CachedCodeBase.meta(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.getOrderedDescriptions(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.inputObjectUsingFVD(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.simpleReadObject(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValueInternal(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValue(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_value(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream.read_value(Unknown Source)
  at oracle.iam.identity.rolemgmt.api._RoleManager_ogut7n_RoleManagerRemoteRIntf_Stub.createx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy2.createx(Unknown Source)
  at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.subject.SubjectProxy.doAs(SubjectProxy.java:64)
  at weblogic.security.subject.SubjectManager.runAs(SubjectManager.java:262)
  at weblogic.security.Security.runAs(Security.java:48)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at $Proxy3.create(Unknown Source)
  at com.idm.role.CreateRole.createRole(CreateRole.java:113)
  at com.idm.role.CreateRole.main(CreateRole.java:167)
  Thanks In Advance

  Hi , I have used OIM 11g  R2.
  Please find below the code we have used,
  package com.idm.role;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.Hashtable;
  import java.util.Iterator;
  import java.util.Set;
  import java.util.logging.Logger;
  import javax.security.auth.login.LoginException;
  import oracle.iam.identity.exception.NoSuchRoleException;
  import oracle.iam.identity.exception.RoleAlreadyExistsException;
  import oracle.iam.identity.exception.RoleCreateException;
  import oracle.iam.identity.exception.RoleLookupException;
  import oracle.iam.identity.exception.RoleModifyException;
  import oracle.iam.identity.exception.SearchKeyNotUniqueException;
  import oracle.iam.identity.exception.ValidationFailedException;
  import oracle.iam.identity.rolemgmt.api.RoleManager;
  import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
  import oracle.iam.identity.rolemgmt.vo.Role;
  import oracle.iam.platform.OIMClient;
  import oracle.iam.platform.authz.exception.AccessDeniedException;
  public class CreateRole {
  private final static Logger LOGGER = Logger.getLogger(CreateRole.class .getName());
  OIMClient oimClient = null;
  public OIMClient connectToOIM() {
    LOGGER.info("In connectToOIM ");
    Hashtable env = new Hashtable();
    env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
      "weblogic.jndi.WLInitialContextFactory");
    env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
      "t3://V-hydidm1.itig.co.in:14000");
    System.setProperty("java.security.auth.login.config",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\authwl.conf");
    System.setProperty("java.security.policy",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\xl.policy");
    System.setProperty("OIM.AppServerType", "wls");
    System.setProperty("APPSERVER_TYPE", "wls");
    System.setProperty("weblogic.Name", "oim_server1");
    oimClient = new OIMClient(env);
    try {
     oimClient.login("xelsysadm", "Passw0rd".toCharArray());
    } catch (LoginException e) {
     e.printStackTrace();
    System.out.println("Connected");
    return oimClient;
  public void readRoleMetadata() {
    LOGGER.info("in readRoleMetadata ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    try {
     Role roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     Set attributeNameSet = roleVo.getAttributeNames();
     Iterator it = attributeNameSet.iterator();
     while (it.hasNext()) {
      System.out.println("Attribute Name :: " + it.next());
     // roleVo.setAttribute("ADentitlements", "Security Admin access");
     String adEntitlements = "" + roleVo.getAttribute("ADentitlements");
     System.out.println("AD Entitlements :: " + adEntitlements);
     System.out.println("DB Entitlements :: " + ""
       + roleVo.getAttribute("DBEntitlements"));
     System.out.println("Unix Entitlements :: " + ""
       + roleVo.getAttribute("UnixWindows"));
     System.out.println("VPN :: " + "" + roleVo.getAttribute("VPN"));
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void createRole() {
    LOGGER.info(" in Create role ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_NAME, "API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DESCRIPTION,
      "This Role is created using API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DISPLAY_NAME,
      "API Role1");
    roleCreationAttrMap.put("ADentitlements", "API Role1 AD Entitlements");
    roleCreationAttrMap.put("DBEntitlements", "API Role1 DB Entitlements");
    roleCreationAttrMap.put("VPN", "No");
    roleCreationAttrMap.put("UnixWindows", "API Role1 Unix Entitlements");
    Role roleVo = new Role(roleCreationAttrMap);
    try {
     System.out.println(" Before Create role *********************************************");
     roleManagerService.create(roleVo);
     System.out.println("Role Created .. ");
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleAlreadyExistsException e) {
     e.printStackTrace();
    } catch (RoleCreateException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void modifyRole() {
    LOGGER.info(" in modifyRole ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    Role roleVo;
    try {
     roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     String roleKey = roleVo.getEntityId();
     HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
     roleCreationAttrMap.put("ADentitlements",
       "Updated API Role1 AD Entitlements");
     Set roleKeySet = new HashSet<String>();
     roleKeySet.add(roleKey);
     Role roleVoNew = new Role(roleCreationAttrMap);
     roleManagerService.modify(roleKeySet, roleVoNew);
     System.out.println("Role Modified ..");
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleModifyException e) {
     e.printStackTrace();
  public static void main(String args[]) {
    CreateRole miscObj = new CreateRole();
    miscObj.connectToOIM();
    miscObj.createRole();
    //miscObj.readRoleMetadata();
  Thanks In Advance .

• How to convert Unmanaged SCEP clients to Managed in SCCM 2012 SP1

  We recently started installing SCEP clients from the .exe and a preconfigured .xml file to client machines in a domain setting.  This was done from a USB drive, going from machine to machine, with a  .bat file.
  This was a stop-gap until we were able to install and configure SCCM 2012 SP1.
  PCs that already had the SCEP client (prior to SCCM coming into production) are showing up as unmanaged.  PCs that have had SCCM install SCEP all are listed as managed.
  I've searched, but have yet to find a definitive answer as to how get the manually installed SCEP clients to register as managed in SCCM.
  AD Domain with WIN 2008 R2 DC, SQL 2012 Standard, SCCM 2012 SP1

  Also, make sure the Endpoint Protection Point is installed properly on SCCM and the Client Setting for SCEP is enabled.
  Juke Chou
  TechNet Community Support

• Workgroup Computer name will showed as "#Error" - Logical Disk Extension Management Pack By David Allen

  Anyone is applying the Logical Disk Extension Management Pack By David Allen?
  I have the issue whereby the Computer name will showed as "#Error" on the managed computer which is in
  Workgroup environment.
  Refer to this screenshot --> https://skydrive.live.com/?cid=75e44d0edffe5025#cid=75E44D0EDFFE5025&id=75E44D0EDFFE5025%21942.
  Is anyone know the way to fix this?
  Thanks!
  regards, Han Seen.

  The solution I used is to edit the management pack: the report displays the computer name only for computers that contains suffix in its name. if in SCOM the computer name is hostname.domain.net, only hostname will be shown as computer name.
  you can change it by editing the management pack:
  replace line number 2230 instead of
  <Value>=Left(Fields!Computer.Value,(instr(Fields!Computer.Value,".")-1))</Value>
  replace it with
  <Value>=Fields!Computer.Value</Value>
  now it will show you the full computer name under computer name area, and workgroup computer will be shown as well.

• Installation sccm client on workgroup client in DMZ

  Hi Guys,
  i tried to install the sccm client on workgroup clients in a DMZ environment.
  First I created a client certifikate for the workgroup client on the sccm server and installed the certifikate on the workgroup computer with certutil.exe.
  commandline for installation:
  ccmsetup.exe /usePKICert /NOCRLCheck SMSMP=servername.bla.com SMSSITECODE=BLA
  i get this errors in the ccmsetup.log:
  Unexpected row count (0) retrieved from AD.
  Failed to get site version from AD with error 0x80004005
  thanks for your support,
  Chris

  Refer these Pls
  http://eskonr.com/2013/08/sccm-configmgr-2012-manage-workgroup-computers-for-deploymentremote-tools-etc/  (An Excellent article)
  Client installation in DMZ step by step :
  http://myitforum.com/cs2/blogs/cstauffer/archive/2009/02/06/sccm-client-install-in-a-dmz.aspx
  http://blogs.technet.com/b/keithmayer/archive/2012/07/30/planning-system-center-configuration-manager-across-dmz-and-protected-subnets-sysctr-configmgr.aspx
  http://nikifoster.wordpress.com/2011/01/31/installing-configmgr-clients-on-servers-in-a-dmz/
  Thanks, Prabha G

• Including SCEP client in an image

  My manager would like us to include the SCEP Client in our base image. I did not find any best practices articles on this. If the computer image being captured is not managed in any way are there any GUID files to remove before capture?

  Unfortunately, my manager wants us to include the actual agent in the image, not deploy it as part of a TS. We are creating a shared base image and have to account for distributed support (who may not add SCEP deployment to their task sequences). We followed some
  steps in a presentation from TechEd last year (it involves cleaning up reg keys).
  @BryanCP:  Could you explain what you did to have the Endpoint Protection client in you base WIM.  I messed up and captured a 20 GB WIM with the client and don't want to redo it.  I normally install it during task sequence.  With it installed
  in my messes up my task at the SCEP install step.  I don't just want to assume and skip the step.
  I follow the steps laid out here normally to install during task. 
  http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx  At the bottom he talks about registry keys if it is included but no detail.  Can I just delete them during
  the task sequence?  He says SYSPREP, but I don't get that.
  Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.

• Where is the download link for SCEP Client Offline installer for x86 & x64 altest greatest version (4.6.305 as of today)

  Where is the download link for SCEP Client Offline installer for x86 & x64 latest greatest version (4.6.305 as of today)?
  The answer IS NOT IT AND NEVER WILL BE "DOES NOT EXIST"!!!!!! MUST NEVER NEED TO RUN UPDATES TO GET IT!!!!!!!!! THE ONLY ACCEPTABLE ANSWER IS THE LINK!!!!! DUH GET YOUR ACT IN GEAR MS!!!!!!!!!!
  Ralph

  Thanks to all for the information. I work in higher ed. We have SCCM latest version, fully licensed. Unfortunately the individual who manages the SC does not have a clue as to where to find the SCEP installer. I sent him links from MS that shows him where
  it is supposed to be. The version he say's is on our SC Management server is 4.3. I, in the past, was able to get 4.5 independent of him and it has been working well for me but it is time to use the latest greatest version instead. I should just as easily
  be able to get 4.6. As far as licensing goes, if the product was correctly designed it should just work itself out just like it does for the 4.5 version I was able to easily find and download.
  As for the link given by KevinMJohnston, thanks by the way, its the closest I have come to getting what I need but all I get is a spinning wheel in Firefox, the only browser one should ever need. In IE I get prompted for an email address, which it should
  NEVER EVER DO!!!!!!!!!! I did give them my address, but alas, after waiting over 30 mins. I still don't have a link to the update or the CU4 Config MGR update mentioned. (Another reason I am not very nice to MS, along with, see below...) Please send me the
  link that they are suppose to send me in the email.
  As for the intensity of the request it comes from not being able to find the update on my own. (Amongst a million other complaints as MS makes my job harder and harder, just think of all the lost productivity and extra repair efforts needed because MS stopped
  allowing you to do upgrade/repair installs from the install discs. You have to have a working OS to do it, or you will lose your settings etc and will have to re-install all of your software etc. How STUPID IS THAT! Can't use it to fix a blown driver or BSOD
  problem like you could in XP.  There is no excuse for that, I know better. So you can see why I have nothing good to say about MS etc etc.) There is no excuse for that! If the MS updater has it available then IT MUST BE MADE AVAILABLE FOR STANDALONE DOWNLOAD
  PERIOD. That goes for ALL updates PERIOD.  I use these updates and many others etc so that once I seal an image for a PC it has the latest greatest version of everything. It is quicker to get it stand alone in advance and installing than waiting for MS
  updates to do so. Also I prefer to config my images so that the Av installs after first boot. These are cloned PCs. Many of these PC are used in labs and are frozen. Here, the settings for the SCEP AV being pushed from above can cause major problems for the
  users i.e. the scheduled scan feature. If it is on when students are taking tests and they take more than 5 or 10 mins on question MS is stupid enough to start scanning causing the system to become unresponsive. This has caused students to breakdown in tears
  thinking the system is hosed and they just lost their tests. I have to do some creative reg hack, setting owner as "Guest", a disabled account, etc. to keep these settings from being changed. (Our SC managers push policies that work for the faculty
  but break the lab systems which are frozen, so I have to out hack them, should not be, but it is, we are trying to get that fixed, but bureaucracy and people afraid to share power etc makes it hard.)  These settings unfortunately will prevent the AV from
  installing so I need to be able to manually do it after I have set the reg to allow it.  And I could go on. Who knows when or why someone may need to do a manual update of something. I just had 3 systems fail 12 updates, yet when I manually downloaded
  them and installed them they ALL installed without failure. I did NOTHING in between the auto update and the manual, yet it was the manual way that worked. Maybe if MS could fix those kind of issues then no one would need to get stand alone update files.)
  That is not for MS to worry about. It is, however, their responsibility to make it so that I can choose what will work best for my environment, which only I could know. DUH. I have had issues in the past with MS AV and other brands being installed before "sealing"
  the images. etc. etc. etc.
  As you can see, there is not enough space on the world wide web to list all thousands of legitimate reasons to give Microsoft a hard time so I will do so on a case by case bases knowing I am probably spitting in to the wind, but hey somebody has to have
  the guts to do it. MS MUST NEVER BE ALLOWED TO SIMPLY GET AWAY WITH IT! They Must be called to the proverbial carpet.
  Maybe if people who are MVPs would not be afraid to join the choruses they would be embarrassed, (though it should be done out of moral obligation not embarrassment), enough to fix these obviously fixable problems etc. etc. etc. I have over 30 years in the
  IT business, the IBM XT did not exist until my senior year in college. You are not going to be able to convince me that there is a legitimate reason, copy protection IS NOT IT, to prevent me from fixing blown OS via re-install using install disc when OS will
  not boot. Nor are you going to be able to find legitimate reason for the SCEP 4.6.305 update to be so hard to get.
  Thanks again for the help, still waiting for email from MS, NOT COOL MS! NO EXCUSE!!!!!
  Ralph

• How to insert message in OC4J JMS from standalone java client.

  Hi,
  I have been following available examples for creating standalone java clients to insert messages in JMS queues.
  I am able to insert using java client when the SOA suite and the standalone java code are on same machine.
  package producerconsumerinjava;
  import javax.jms.*;
  import javax.naming.*;
  import java.util.Hashtable;
  public class QueueProducer
  public static void main(String[] args)
  String queueName = "jms/demoQueue";
  String queueConnectionFactoryName = "jms/QueueConnectionFactory";
  Context jndiContext = null;
  QueueConnectionFactory queueConnectionFactory = null;
  QueueConnection queueConnection = null;
  QueueSession queueSession = null;
  Queue queue = null;
  QueueSender queueSender = null;
  TextMessage message = null;
  int noMessages = 5;
  * Set the environment for a connection to the OC4J instance
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, "oracle.j2ee.rmi.RMIInitialContextFactory");
  env.put(Context.SECURITY_PRINCIPAL, "oc4jadmin");
  env.put(Context.SECURITY_CREDENTIALS, "mypass");
  env.put(Context.PROVIDER_URL,"ormi://myserver.company.com:12402"); //12402 is the rmi port
  * Set the Context Object.
  * Lookup the Queue Connection Factory.
  * Lookup the JMS Destination.
  try
  jndiContext = new InitialContext(env);
  queueConnectionFactory =
  (QueueConnectionFactory) jndiContext.lookup(queueConnectionFactoryName);
  queue = (Queue) jndiContext.lookup(queueName);
  catch (NamingException e)
  System.out.println("JNDI lookup failed: " + e.toString());
  System.exit(1);
  * Create connection.
  * Create session from connection.
  * Create sender.
  * Create text message.
  * Send messages.
  * Send non text message to end text messages.
  * Close connection.
  try
  queueConnection = queueConnectionFactory.createQueueConnection();
  queueSession =
  queueConnection.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
  queueSender = queueSession.createSender(queue);
  message = queueSession.createTextMessage();
  for (int i = 0; i < noMessages; i++)
  message.setText("Message " + (i + 1));
  System.out.println("Producing message: " + message.getText());
  queueSender.send(message);
  queueSender.send(queueSession.createBytesMessage());
  catch (JMSException e)
  System.out.println("Exception occurred: " + e.toString());
  finally
  if (queueConnection != null)
  try
  queueConnection.close();
  catch (JMSException e)
  System.out.println("Closing error: " + e.toString());
  But when the SOA Suite is remote, I am struggling to get the settings correct
  Till now, here is what I have figured out from looking at blogs/tars etc on the Net:
  1. I need to use ApplicationClientInitialContextFactory instead of RMIInitialContextFactory (http://download.oracle.com/docs/cd/E14101_01/doc.1013/e13975/jndi.htm)
  2. The project should have a META-INF/application-client.xml file, which may be dummy (http://www.wever.org/java/space/Oracle/JmsTar1). Question is, my code is there in a single absolutely standalone code..how I can use this application-client.xml and where it has to be placed.
  Errors:
  When trying to run exact same code on local server that tries to enqueue JMS on remotee serverer
  Exception occurred: javax.jms.JMSException: Unable to create a connection to "xxxxxxx.yyyyyy01.dev.com/10.42.456.11:12,602" as user "null".
  Any help is greatly welcome.
  As an exercise, I copied this complete code on the server and then ran locally using a telnet client...it worked. So the problem is coming when accessing the server remotely.
  Rgds,
  Amit

  1. I need to use ApplicationClientInitialContextFactory instead of RMIInitialContextFactoryNot necessarily.
  2. The project should have a META-INF/application-client.xml fileThat's only necessary if going the ApplicationClientInitialContextFactory route.
  There are two types of JMS client applications you can write -- a pure/plain Java app, and an "AppClient". That first is your everyday run-of-the-mill Java application, nothing special. That latter is a special, complicated beast that tries to act as a part of the whole client/server/J2EE architecture which provides you with a semi-managed environment. Either can be made to work, but if all you need is JMS access (using plain OC4J JMS factory/queue names and not JMS Connector names), then the first is easier to get working (and performs a tiny bit better as well due to being a lighter-weight solution).
  I think the problem you are having might be: When you use the plain Java client solution, you do not have any type of management, and that includes user management. With no user management (and if the JMS server is not configured to allow anonymous connections) you need to include the username and password in the call to createConnection. (I think it may be that this is actually true in the AppClient case as well -- I avoid using the AppClient model as much as possible so my memory there is weaker.)
  If you prefer to go the AppClient route, I would point you to a demo I wrote which had a functioning example, but Oracle seems to have removed it (and all of the 10.1.3 demos?) from OTN. :-(
  Hmm, it seems to still be available on the wayback machine:
  http://web.archive.org/web/20061021064014/www.oracle.com/technology/tech/java/oc4j/1013/how_to/index.html
  (Just look down the page for "With OEMS JMS (In-Memory and File-Based)" -- there is an .html document with info, and there is a .zip file with source code.)
  Question is, my code is there in a single absolutely standalone code..how I can use this application-client.xml and where it has to be placed.The app client in my demo had the following directory structure:
  myjavaclient.class
  jndi.properties
  META-INF\MANIFEST.MF
  META-INF\application-client.xml
  META-INF\orion-application-client.xml
  When you use ApplicationClientInitialContextFactory I think it just looks under .\META-INF for the .xml files.
  -Jeff

• SCEP client not updating settings after policy retrieval

  I have a computer assigned a SCEP policy, that seems to have been found and Applied fine by the SCCM Client, looking at the registry.
  I find the policy in the regkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent\GeneratedPolicy, With the DWORD values
  Just a test to my computer (Excluded)                   REG_DWORD         0x00000002 (2)
  Just a test to my computer (Scan Schedule)           REG_DWORD         0x00000002 (2)
  What I have configured in this test policy is just "Limit CPU usage during scan to: 10%" and "Start the scheduled scan only when my PC is on but not in use"
  But the SCEP Client, in the settings, do not show the correct settings. The CPU limit setting is set to 20% and the "Start the scheduled scan" setting is unchecked, these settings come from the "Default Client Antimalware Policy"
  The EndpointProtectionAgent.log says:
  Endpoint is triggered by WMI notification. EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  EP State and Error Code didn't get changed, skip resend state message. EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  State 1, error code 0 and detail message are not changed, skip updating registry value EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  Previous state is same with current one: 1, skip notification. EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.5.216.0. EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  EP version 4.6.305.0 is already installed. EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  EP 4.6.305.0 is installed, version is higher than expected installer version 4.5.216.0. EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  The trigger 10 doesn't make ANY state change. EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  Handle EP AM policy. EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  Policy group lose, group name: Scan Schedule, settingKey: {d6961d76-070d-46af-b898-6d24562fb219}_201_201 EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  Policy deployment result: <?xml version="1.0"?><Group Name="Scan Schedule">    <Policy Name="Just a test to my computer" State=2/>    <Policy Name="Default Client Antimalware
  Policy" State=1/></Group><Group Name="Threat Default Action">    <Policy Name="Default Client Antimalware Policy" State=2/></Group><Group Name="Excluded">   
  <Policy Name="Default Client Antimalware Policy" State=2/>    <Policy Name="Just a test to my computer" State=2/></Group><Group Name="Realtime Config">    <Policy Name="Default
  Client Antimalware Policy" State=2/></Group><Group Name="Advance Setting">    <Policy Name="Default Client Antimalware Policy" State=2/></Group><Group Name="Spynet">   
  <Policy Name="Default Client Antimalware Policy" State=2/></Group><Group Name="Signature Update">    <Policy Name="Default Client Antimalware Policy" State=2/></Group><Group Name="Scan">   
  <Policy Name="Default Client Antimalware Policy" State=2/></Group> EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  Generate Policy XML successfully at C:\Windows\CCM\EPAMPolicy.xml EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  Generate AM Policy XML while EP is disabled. EndpointProtectionAgent 28.10.2014 16:54:39 3504 (0x0DB0)
  Any idea what happened to the New settings?
  Freddy

  Antimalware Client Version: 4.6.305.0
  Engine Version: 1.1.11104.0
  Antivirus definition: 1.187.618.0
  Antispyware definition: 1.187.618.0
  Network Inspection System Engine Version: 2.1.11005.0
  Network Inspection System Definition Version: 113.5.0.0
  Policy Name: Antimalware Policy
  Policy Applied: 02.09.2014 at 14:16
  The above is information in "About"
  This is the information about the Antimalware policies assigned to this computer
  Name                                             
  Collection name       Priority    Policy Application state Last update time         Policy Application Return code
  Default Client Antimalware Policy                                   10000     
  Succeeded                     02.09.2014 16:16:00      0x00000000  
  Just a test to my computer              VITN-SC-OSL-112  1
  This tells me that there is no policy Application Return code for the custom policy i am testing, and that is something I would like to solve. Any ideas? Thank you

• Managing the Mobility preference at the computer list level

  Hi,
  I'd like to get a confirm about my understanding of the role of the Mobility preference in computer lists.
  Since the Mobility preference could be managed at the computer list level, it has effect both on the clients' local and network accounts. I tried to manage the preference for a computer list that contains clients with only local accounts and set it to "Synchronize account for offline use".
  I saw no effect on clients' local account, but I think this is expected because portable home directories requires a network home folder to be set, and obviously local accounts cannot have it set.
  Could anyone confirm?
  If the above reasoning is correct, the only point of managing the Mobility preference at the computer lists level is to allow or disallow network users with network home folders to create mobile accounts on specific computers.
  Am I right?
  TIA.

  I tried to
  manage the preference for a computer list that
  contains clients with only local accounts and set it
  to "Synchronize account for offline use".
  I saw no effect on clients' local account,
  That is the expecetd behavior.
  If the above reasoning is correct, the only point of
  managing the Mobility preference at the computer
  lists level is to allow or disallow network users
  with network home folders to create mobile accounts
  on specific computers.
  Am I right?
  Yes, you are right.
  b.

• FEP and SCEP Client updates

  There multible versions of client deployed at same time. I'm using stadard software updates deployment process to keep clients up to date. NOT talking about definitions, but client version!
  I have FEP and SCEP clients out there. When I go to All software updates and search for "endpoint protection client" I will have four FEP (4.1.552.0, 4.3.215.0, 4.5.236.0, 4.6.305.0) updates and three SCEP updates (4.3.215.0, 4.5.216.0, 4.6.305.0)
  to client deployed in the same update packages! All of them with various number of Required and Installed status.
  The obious reason for this is that older client update packages are not marked as superseeded updates. Any thoughts on why? I am going to exclude old ones with custom severity method, but is there a automatic method available?
  .Marko

  Multiple SCEP/FEP updates are required, because SCEP/FEP agent can update only N-2 versions e.g. you cannot install SCEP version 4.6.305.0 to a computer with SCEP 4.3.215.0. You need first to upgrade 4.3 to 4.5 and then to 4.6.Because there might be earlier
  versions in the environment, there must be multiple SCEP/FEP versions available.
  Check the following blog article for more details:
  http://blogs.technet.com/b/configmgrteam/archive/2014/03/27/anti-malware-platform-updates-for-endpoint-protection-will-be-released-to-mu.aspx
  Panu