Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

Chadddada's Achievements


Newbie (1/14)



  1. I seem to be getting a fairly common generic error but with possibly with a slight difference then some of the other problems/answers I have seen. Generally it looks like this is a DNS issue but I am not sure in my case. Let me 1st describe my infrastructure and what I am trying to accomplish. We use PKI on the main MPs/DPs. I have another DP that I will use for OSD content that won’t use PKI. I am 1st attempting to use boot media, vs PXE, to image a computer. I have distributed the content to the DP, created a boot media USB and everything looks good there as far as I can tell. My boot media selects the PKI MP and we have created the client cert and I direct it to the non-http DP. The process seems to accept the certificate and the boot media creation completes. Next boot off the media on the computer and drop into Windows PE where I can manually enter the IP information. When I click next the process fails. Error: Failed to Run Task Sequence An error occurred while retrieving policy for this computer (0x80004005). So starting some of the troubleshooting I F8. -Can I ping the SCCM site servers? Yes, I can ping, both short and FQDN, the primary, MP, DP. Looking at the SMSTSLog I see the following lines/errors. 1)Failed to open PXE registry key. Not a PXE boot. 2)Failed to find the source drive where WinPE was booted from But then the next line is: Executing from Media WinPE These 2 are at the top of the log and the process seems to continue on with the IP and variable information. These are the lines of information later in the log with the error(s): -CLibSMSMessageWinHTTPTransport::Send:URL: (my MP) -In SSL, but with no client cert -Error. Received 0x80072ee7 from WinHttpSendRequest. -Hr,HRESULT=80072ee7 -sending with winhttp failed, 80072ee7 -m_pHttp Transport -> (etc….) -MPKeyInformation.RequestMPKeyInformationForMedia -Failed to get information of MP: https//(my MP) So I am wondering where I start. I don’t see that unknown host line that seems to indicate that it is a DNS issue. I see some stuff about the in SSL but with no cert. Does this mean that the cert we had to create isn’t working correctly? We pretty much followed http://www.jamesbannanit.com/2012/05/how-to-build-and-capture-in-configuration-manager-2012-using-https/ I have also looked through this http://blogs.technet.com/b/configurationmgr/archive/2009/07/27/a-step-by-step-for-using-osd-through-system-center-configuration-manager-2007.aspx And I have pretty much everything done there except a network access account. Looking at my settings I am set to, “Use the computer account of the Configuration Manager client” However, my computer I am trying to image is a “WORKGROUP” and not joining the domain. But.. am I really getting that far in the process? Would I be failing to get policy because of this or does this just come into play when I try to get the OS from the DP?
  2. I just stood up a SCDPM 2012 SP1 server and I am having an issue pushing an agent. I suspect that it is a firewall issue in the datacenter, between different subnets, but I am trying to verify that. I have been using a helpful guide that I found http://blogs.technet.com/b/dpm/archive/2012/02/06/data-protection-manager-agent-network-troubleshooting.aspx . I seem to be OK going from the DPM server to the computer I want to protect, but there seems to be an error communicating back. Should I have a successful WBEMTEST going from the protected server to the DPM server? That part fails. I pre-installed the agent to try and see if that was the issue, but it's still not working. ------------------------------------------------------------- Event Logs: On the DPM server: 1)In the DPM Alerts application Windows log - The agent operation failed because the DPM Agent Coordinator service on <to be protected server> did not respond: (ID: 324) 2)In the DPM console I get - Error - the protection agent operation on <to be protected server> failed because the servcie did not respond. One of the recommended actions is to look at the log on the protected server. On the protected server: 1)In the System logs - DCOM was unable to communicate with the computer <DPM server> using any of the configured protocols. --------------------------------------------------------------------------- Here is the firewall request I put through... does this communication look correct? Source: DPM / Target: Protected / Port TCP 135 Source: Protected / Target: DPM / Port RPC Dynamic 1024-65535 Allow bi-directional communication between the source DPM server to the target server on 5718/TCP, 5719/TCP, 445/TCP Let me know if I can provide anymore information
  3. Figured out what our problem was, but trying to replicate the issue. We took the EP settings out of default and moved them to their own client setting policy. That client setting was applying to the collection but for some reason wasn't taking. We re-linked it and it seems to be working now <buggy?>.
  4. Giving this a bump as I am seeing / having this issue as well. Any thoughts out there on this?
  5. EP is installed, version is higher than expected installer version 4.1.522.0 Has anyone see that in the EndpointProtectionAgent.log on a system they have been trying to push the SCCM client to before? We have a number of servers that haven't reported back to SCCM that their Endpoint Protection is being managed. Looking at the log noted above has that error. A snipped from the log: A few of these systems were previously manged under a dev SCCM 2012 SP1 install, and some under FEP 2010. Now we are deploying from a new SCCM site that we have setup to these servers. Does this indicate that we need to update the EP install that we are pushing out?
  6. It looks like this might be a version of EP for sharepoint that is being left behind...
  7. I should see "Microsoft Forefront Server Protection" disappear after SCEP installs, right? After AV is being managed by SCCM?
  8. Yes, I have the client settings configured to remove previously installed AV. Looking at one of the managed servers now, I see 'Microsoft Forefront Server Protection' listed under programs as well as 'System Center 2012 Endpoint Protection'.
  9. Hello, I have been installing Config manager clients on servers I want to manage. These servers already had Forefront 2010 installed and being managed by the FEP server. When I log into a server I see that FEP 2010 is still listed under programs as well as the ConfigManger stuff. Is the FEP 2010 supposed to be manually removed or is this supposed to be automatically overwritten / uninstalled when I elect to use SCEP? Please let me know if you need more information.
  • Create New...