jeffpoling

Tay, Thanks. I made that adjustment to our policy and will see if that makes a difference. I don't know why the clients would be seen as offline, but it is definitely a possibility as a cause for the extra scans. Thanks again, Jeff

Thanks. I generated the CAB file and poured over the log files. I can clearly see the "Extra" scan kicking off, but there is absolutely no explanation as to why, I am sure I must be missing something or perhaps encountered a bug. As for the state of the systems during the actual scheduled scan, they were all on and available. The client GUI showed that the last scan completed successfully and the "extra" scan kicked off any way. Thanks again, Jeff

Ok. I verified in the EndpointProtectionAgent.log file that the correct antimalware policy is applying to the machines. I also looked at the MPLog*.log in C:\ProgramData\Microsoft\Microsoft Antimalware\Support. One thing that stands out in that log is a statement about "Run lost scheduled job" Here is a snip of that log: **************************END RTP Perf Log************************* Signature updated on ?Wed ?Oct ?24 ?2012 03:14:31 Product Version: 3.0.8410.0 Service Version: 3.0.8410.0 Engine Version: 1.1.8904.0 AS Signature Version: 1.139.410.0 AV Signature Version: 1.139.410.0 ************************************************************ 2012-10-24T08:14:31.176Z Process scan started. 2012-10-24T08:14:33.298Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1) 2012-10-24T08:14:33.298Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1) 2012-10-24T08:14:36.121Z Process scan completed. 2012-10-24T09:41:51.200Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2012-10-24T09:46:51.205Z AutoPurgeWorker triggered with dwWork=0x3 2012-10-24T09:46:51.205Z Product supports installmode: 2 2012-10-24T09:46:51.205Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) 2012-10-24T09:46:51.205Z Task(Scan -ScheduleJob -RestrictPrivileges) launched 2012-10-24T09:46:51.205Z Run lost scheduled job: Scan -ScheduleJob -RestrictPrivileges 2012-10-24T09:46:53.608Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1) 2012-10-24T09:46:53.608Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1) Any thoughts on why the scheduled job would be "lost"? Thanks, Jeff

We are piloting System Center Endpoint Protection 2012 in our environment. On several of the pilot PCs, a scheduled scan runs per our antimalware policy; however, two days later, another full scan kicks off and runs through the day. Our policy is configured for a full scan to happen on Sundays at Midnight. Has anyone experienced this? How do I troubleshoot why the scan is initiating outside of the parameters in the policy? Thanks, Jeff

For the last several days, past USMT migration data is not being cleaned up from the state migration point. Looking at the SMP log, I found this: CheckAndDeleteSMPStores failed with error code (80070003) A quick search revealed this to be a problem in COnfigMgr 2007, but I can't find anything related to 2012. Has anyone seen this? Any ideas on what to do? Thanks, Jeff

We had an issue with our StateMigrationPoint today that caused one machine to have an issue with the USMT capture and restore process. The error returned on the PC was: The task sequence execution engine failed executing the action (Release State Store) in the group (USMT Capture) with the error code 16389 Action output: anced RSA and AES Cryptographic Provider (Prototype). Successfully set the client certificate provider to Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype) Successfully set the client certificate provider to Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype) Requesting public key information from http://server.mydomain.com:0. Received 2164 byte response. Verifying certificate signature. Signature matches Certificate is a self signed certificate. It will not be checkedfor revocation or expiration. Successfuly retrieved public key and verified signature. Sending SMP request to http://server.mydomain.com:0. Received 4915 byte response. SMP request to "http://server.mydomain.com" failed with error: E_SMPERROR_FAILURE(99) Request to SMP 'http://server.mydomain.com' failed with error (Code 0x80004005). Trying next SMP. OSDSMPClient finished: 0x00004005 Failed to find an SMP that can serve request after trying 4 attempts. ExecuteStatusRequest failed (0x80004005).. As a result of this error, no computer association was created and the migration does not show up in the admin console; however, a USMT MIG file was created. I looked at the StateMigration table in the DB and found what I think is the entry for the failed migration. It does not have values for the statestore or other fields, but it does have an entry for the StateEncryptDecryptKey. I am trying to manually restore the data in the MIG file using the loadstate command, but it fails when I specify the key that is in the database. The key does not appear to be in the format that typically shows in the View REcovery Information. How do I use the StateEncryptDecryptKey from the database to restore the mgiration data manually? Hopefully that all makes sense. Thanks! Jeff

Yes, I exported the certificate on the SCCM server and imported it on the workstation where I am running the report. Are you familiar with using the certificates MMC? A quick summary: To export the certificate on the SCCM server: 1. Open MMC on the SCCM server 2. Add the certificates snap-in for the local computer 3. Browse to the personal node 4. Find the machine certificate for the sccm server 5. Right click and choose export. No need to export the private key 6. Step through the wizard, saving the cert in CER format 7. Copy the exported certificate to your work station. To import the certificate on you workstation, follow the basic process above to open MMC, add the certificates, snap-in, etc. However, you want to import the certificate into the Trusted Root Certificate Authorities node. I know those directions are a rough outline and assume some knowledge. Let me know if you need more details. Thanks, Jeff

In my case it was related to SSL certificates. Our SCCM deployment is using a self-signed cert. So, I had to export it and import it to the trusted root certificate authority node on my PC where I am running the report.

I am running into this as well. Did you resolve it? Thanks, Jeff

I am experiencing something similar. Did you ever resolve this?

I ended up combining the images into a single WIM file. Doing so worked around the issue. Thanks, Jeff

I have a task sequence that includes two operating system images. Variables are used to determine which image gets applied. I need to create task sequence media for this task sequence; however, it is failing when it stages the second operating system image: Staging OS Image Package SAL00017 CreateTsMedia 7/2/2012 3:58:18 PM 584 (0x0248) Media Remaining Space before executing state is 33667 Mb CreateTsMedia 7/2/2012 3:58:18 PM 584 (0x0248) File splitting is required because file size exceeds max file size. CreateTsMedia 7/2/2012 3:58:18 PM 584 (0x0248) Total file size is 8905 MB, max ISO file size is 4095 MB CreateTsMedia 7/2/2012 3:58:18 PM 584 (0x0248) Failed to create media (0x800700b7) CreateTsMedia 7/2/2012 3:58:18 PM 584 (0x0248) CreateTsMedia failed with error 0x800700b7, details='SAL00017' CreateTsMedia 7/2/2012 3:58:18 PM 584 (0x0248) MediaGenerator::~MediaGenerator() CreateTsMedia 7/2/2012 3:58:18 PM 584 (0x0248) Error deleting files in temp directory (0x80070091). Retrying after delay. CreateTsMedia 7/2/2012 3:58:19 PM 584 (0x0248) Media creation process that was started from command line completed. CreateTsMedia 7/2/2012 3:58:22 PM 7156 (0x1BF4) CreateMedia.exe finished with error code 800700b7 CreateTsMedia 7/2/2012 3:58:22 PM 7156 (0x1BF4) Is there a way to create TS media and include both images? Has anyone done/seen this? Thanks, Jeff