Jump to content


techgurl

Established Members
  • Content Count

    10
  • Joined

  • Last visited

Community Reputation

0 Neutral

About techgurl

  • Rank
    Member
  1. I am looking for a resource to tell me what the different options for state messages mean for System Center Configuration Manager 2012. I saw a tech doc for 2007, but it doesn't go as high as topic type 2001. For example I have seen a lot of State Message with "topic type = 2001, state id = 3, and error code = 0x00000000" I found something that said definition of Topic type 2001 was the following: SCEP SU2 Deployment state: Installation status (installed, failed, Restart required, Unmanaged, Pending, not supported) and error details My questions. Is above explanation correct and does the list follow the numbers? meaning..... 2001 state id=1 means installed 2001 state id=2 means failed 2001 state id=3 means restart 2001 state id=4 means unmanaged....etc. Thanks for your help.
  2. I still would like to know if there is a way to force a state message to be sent. I have several clients showing that they are not sending state messages. Client looks ok on machine, but on server it is showing at risk and has old information like failed install or failed to download policy.
  3. Yes I had. Last thing I did was Browse to the Windows\System32\GroupPolicy\Machine folder and delete the file: Registry.pol Reboot It took several days but now his computer account is showing up correctly in SCCM. I'm trying it with another computer to see if it will work again.
  4. EndpointProtectionAgent.log <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="09:43:34.969+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="5612" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 3 after 60 second.]LOG]!><time="09:43:35.102+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="09:44:35.105+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="09:44:35.845+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="5612" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 4 after 60 second.]LOG]!><time="09:44:35.847+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="09:45:35.850+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="09:45:36.537+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="5612" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 5 after 60 second.]LOG]!><time="09:45:36.539+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="09:46:36.542+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="09:46:37.159+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="5612" file="epagentimpl.cpp:647"> <![LOG[save new policy state 2 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="09:46:37.212+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:267"> <![LOG[state 2 and ErrorCode -2147467259 and ErrorMsg Failed to open the local machine Group Policy and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="09:46:37.212+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:339"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="09:46:37.239+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:1239"> <![LOG[Firewall provider is installed.]LOG]!><time="09:46:37.241+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="09:46:37.242+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:800"> <![LOG[Endpoint is triggered by message.]LOG]!><time="13:57:00.182+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="13:57:00.341+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="13:57:00.345+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="13:57:00.395+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:251"> <![LOG[Check and enforce EP Deployment state.]LOG]!><time="13:57:00.445+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="fepsettingendpoint.cpp:101"> <![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="13:57:00.445+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:940"> <![LOG[sending message to external event agent to test and enable notification]LOG]!><time="13:57:00.445+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:946"> <![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="13:57:00.446+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:1146"> <![LOG[Failed to get successfully applied EP Policy Name under registry key SOFTWARE\Microsoft\Microsoft Security Client\LastSuccessfullyAppliedPolicy. EP client might be installed manually.]LOG]!><time="13:57:00.647+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentutil.cpp:538"> <![LOG[Apply AM policy when the applied AM policy is the expected one.]LOG]!><time="13:57:00.701+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:952"> <![LOG[Apply AM Policy.]LOG]!><time="13:57:00.752+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:1192"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:57:01.169+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="13:57:02.117+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 1 after 60 second.]LOG]!><time="13:57:02.182+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:58:02.260+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="13:58:02.889+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 2 after 60 second.]LOG]!><time="13:58:02.891+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:59:02.894+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="13:59:03.519+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 3 after 60 second.]LOG]!><time="13:59:03.521+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:00:03.524+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:00:04.240+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 4 after 60 second.]LOG]!><time="14:00:04.291+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:01:04.294+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:01:04.992+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 5 after 60 second.]LOG]!><time="14:01:04.994+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:02:04.997+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:02:05.623+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647"> <![LOG[save new policy state 2 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="14:02:05.625+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:267"> <![LOG[state 2 and ErrorCode -2147467259 and ErrorMsg Failed to open the local machine Group Policy and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="14:02:05.627+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:339"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="14:02:05.914+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:1239"> <![LOG[Firewall provider is installed.]LOG]!><time="14:02:06.083+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="14:02:06.133+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:800"> <![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="14:02:06.183+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:1309"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="14:02:06.208+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:1239"> <![LOG[Endpoint is triggered by message.]LOG]!><time="14:53:35.169+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="14:53:35.383+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="14:53:35.386+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="14:53:35.436+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:251"> <![LOG[Re-apply EP AM policy.]LOG]!><time="14:53:35.486+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="fepsettingendpoint.cpp:107"> <![LOG[Apply AM Policy.]LOG]!><time="14:53:35.486+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:1192"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:53:35.877+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:53:36.708+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 1 after 60 second.]LOG]!><time="14:53:36.727+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:54:36.731+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:54:37.500+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 2 after 60 second.]LOG]!><time="14:54:37.501+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:55:37.505+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:55:38.169+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 3 after 60 second.]LOG]!><time="14:55:38.171+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:56:38.185+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:56:38.809+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 4 after 60 second.]LOG]!><time="14:56:38.811+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:57:38.814+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:57:39.566+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647"> <![LOG[Failed to apply policy with error 0x80004005, retry number : 5 after 60 second.]LOG]!><time="14:57:39.567+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:58:39.564+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607"> <![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:58:40.324+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647"> <![LOG[save new policy state 2 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="14:58:40.326+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:267"> <![LOG[state 2 and ErrorCode -2147467259 and ErrorMsg Failed to open the local machine Group Policy and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="14:58:40.380+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:339"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="14:58:40.659+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:1239"> <![LOG[Firewall provider is installed.]LOG]!><time="14:58:40.829+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="14:58:40.879+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:800"> <![LOG[service startup notification received]LOG]!><time="16:36:57.464+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="3972" file="fepsettingendpoint.cpp:291"> <![LOG[Endpoint is triggered by CCMTask Execute.]LOG]!><time="16:36:57.467+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="fepsettingendpoint.cpp:265"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="16:36:57.601+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="16:36:57.603+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="16:36:57.603+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentutil.cpp:251"> <![LOG[EP State and Error Code didn't get changed, skip resend state message.]LOG]!><time="16:36:57.603+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentimpl.cpp:153"> <![LOG[state 3, error code 0 and detail message are not changed, skip updating registry value]LOG]!><time="16:36:57.604+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentimpl.cpp:205"> <![LOG[service startup notification received]LOG]!><time="09:24:19.743+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2152" file="fepsettingendpoint.cpp:291"> <![LOG[Endpoint is triggered by CCMTask Execute.]LOG]!><time="09:24:19.901+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="fepsettingendpoint.cpp:265"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:251"> <![LOG[EP State and Error Code didn't get changed, skip resend state message.]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:153"> <![LOG[state 3, error code 0 and detail message are not changed, skip updating registry value]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:205"> <![LOG[Endpoint is triggered by message.]LOG]!><time="09:24:25.019+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="09:24:25.036+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="09:24:25.107+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="09:24:25.157+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:251"> <![LOG[Check and enforce EP Deployment state.]LOG]!><time="09:24:25.160+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="fepsettingendpoint.cpp:101"> <![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="09:24:25.237+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:940"> <![LOG[sending message to external event agent to test and enable notification]LOG]!><time="09:24:25.337+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:946"> <![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="09:24:25.341+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:1146"> <![LOG[Failed to get successfully applied EP Policy Name under registry key SOFTWARE\Microsoft\Microsoft Security Client\LastSuccessfullyAppliedPolicy. EP client might be installed manually.]LOG]!><time="09:24:25.672+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="3" thread="2872" file="epagentutil.cpp:538"> <![LOG[Apply AM policy when the applied AM policy is the expected one.]LOG]!><time="09:24:25.674+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:952"> <![LOG[Apply AM Policy.]LOG]!><time="09:24:25.674+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:1192"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="09:24:26.114+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:607"> <![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="09:24:29.343+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:659"> <![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="09:24:29.410+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:267"> <![LOG[start to send State Message with topic type = 2002, state id = 1, error code = 0x00000000, and message = <Instance><AppliedAmPolicies><Policy ID="{1c419bf1-9105-41b1-b2a8-66d40d476292}"/><Policy ID="{03C7F7FE-B800-4F88-84AC-F6187B3B98BC}/200"/></AppliedAmPolicies></Instance> ]LOG]!><time="09:24:29.411+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:349"> <![LOG[start to send state message.]LOG]!><time="09:24:29.411+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:1246"> <![LOG[send state message successfully]LOG]!><time="09:24:29.556+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:1248"> <![LOG[Firewall provider is installed.]LOG]!><time="09:24:29.612+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="09:24:29.612+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:800"> <![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="09:24:29.613+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:1309"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="09:24:29.627+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:1239"> <![LOG[Endpoint is triggered by message.]LOG]!><time="16:00:00.102+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="fepsettingendpoint.cpp:58"> <![LOG[Endpoint is triggered by message.]LOG]!><time="16:00:00.101+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="16:00:00.280+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="16:00:00.281+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="16:00:00.281+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:251"> <![LOG[Check and enforce EP Deployment state.]LOG]!><time="16:00:00.282+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="fepsettingendpoint.cpp:101"> <![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="16:00:00.283+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentimpl.cpp:940"> <![LOG[sending message to external event agent to test and enable notification]LOG]!><time="16:00:00.283+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:946"> <![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="16:00:00.284+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:1146"> <![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="16:00:00.386+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:540"> <![LOG[Firewall provider is installed.]LOG]!><time="16:00:00.497+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="16:00:00.498+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:800"> <![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="16:00:00.498+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentimpl.cpp:1309"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="16:00:00.647+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:1239"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="16:00:00.655+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="16:00:00.706+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="16:00:00.706+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:251"> <![LOG[Re-apply EP AM policy.]LOG]!><time="16:00:00.707+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="fepsettingendpoint.cpp:107"> <![LOG[Apply AM Policy.]LOG]!><time="16:00:00.707+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentimpl.cpp:1192"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="16:00:01.092+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:607"> <![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="16:00:03.480+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentimpl.cpp:659"> <![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="16:00:03.568+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentimpl.cpp:267"> <![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="16:00:03.620+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentimpl.cpp:339"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="16:00:03.644+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:1239"> <![LOG[Firewall provider is installed.]LOG]!><time="16:00:03.648+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="16:00:03.648+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:800"> <![LOG[Endpoint is triggered by message.]LOG]!><time="11:28:04.040+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="11:28:04.202+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="11:28:04.203+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="11:28:04.203+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:251"> <![LOG[Check and enforce EP Deployment state.]LOG]!><time="11:28:04.204+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="fepsettingendpoint.cpp:101"> <![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="11:28:04.204+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentimpl.cpp:940"> <![LOG[sending message to external event agent to test and enable notification]LOG]!><time="11:28:04.205+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:946"> <![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="11:28:04.205+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:1146"> <![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="11:28:04.484+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:540"> <![LOG[Firewall provider is installed.]LOG]!><time="11:28:04.495+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="11:28:04.545+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:800"> <![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="11:28:04.596+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentimpl.cpp:1309"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="11:28:04.755+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:1239"> <![LOG[Endpoint is triggered by message.]LOG]!><time="12:57:00.002+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="12:57:00.184+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="12:57:00.234+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="12:57:00.234+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:251"> <![LOG[Check and enforce EP Deployment state.]LOG]!><time="12:57:00.234+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="fepsettingendpoint.cpp:101"> <![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="12:57:00.235+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentimpl.cpp:940"> <![LOG[sending message to external event agent to test and enable notification]LOG]!><time="12:57:00.235+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:946"> <![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="12:57:00.235+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:1146"> <![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="12:57:00.337+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:540"> <![LOG[Firewall provider is installed.]LOG]!><time="12:57:00.348+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="12:57:00.398+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:800"> <![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="12:57:00.448+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentimpl.cpp:1309"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="12:57:00.538+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:1239"> <![LOG[Endpoint is triggered by message.]LOG]!><time="13:28:00.005+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:251"> <![LOG[Re-apply EP AM policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:107"> <![LOG[Apply AM Policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:1192"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:28:00.542+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:607"> <![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="13:28:02.786+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:659"> <![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="13:28:02.870+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:267"> <![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="13:28:02.871+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:339"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="13:28:03.014+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:1239"> <![LOG[Firewall provider is installed.]LOG]!><time="13:28:03.022+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="13:28:03.074+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:800"> <![LOG[Endpoint is triggered by message.]LOG]!><time="09:52:27.050+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="09:52:27.184+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="09:52:27.184+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="09:52:27.185+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:251"> <![LOG[Check and enforce EP Deployment state.]LOG]!><time="09:52:27.185+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="fepsettingendpoint.cpp:101"> <![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="09:52:27.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentimpl.cpp:940"> <![LOG[sending message to external event agent to test and enable notification]LOG]!><time="09:52:27.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:946"> <![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="09:52:27.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:1146"> <![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="09:52:27.339+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:540"> <![LOG[Firewall provider is installed.]LOG]!><time="09:52:27.452+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="09:52:27.453+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:800"> <![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="09:52:27.453+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentimpl.cpp:1309"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="09:52:27.580+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:1239"> <![LOG[Endpoint is triggered by message.]LOG]!><time="12:37:00.069+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="12:37:00.184+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="12:37:00.185+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="12:37:00.185+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:251"> <![LOG[Re-apply EP AM policy.]LOG]!><time="12:37:00.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="fepsettingendpoint.cpp:107"> <![LOG[Apply AM Policy.]LOG]!><time="12:37:00.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentimpl.cpp:1192"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:37:00.627+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:607"> <![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="12:37:02.762+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentimpl.cpp:659"> <![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="12:37:02.829+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentimpl.cpp:267"> <![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="12:37:02.904+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentimpl.cpp:339"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="12:37:03.055+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:1239"> <![LOG[Firewall provider is installed.]LOG]!><time="12:37:03.071+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="12:37:03.072+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:800"> <![LOG[Endpoint is triggered by message.]LOG]!><time="14:05:00.064+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="14:05:00.187+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="14:05:00.187+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="14:05:00.188+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:251"> <![LOG[Check and enforce EP Deployment state.]LOG]!><time="14:05:00.188+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="fepsettingendpoint.cpp:101"> <![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="14:05:00.188+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentimpl.cpp:940"> <![LOG[sending message to external event agent to test and enable notification]LOG]!><time="14:05:00.188+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:946"> <![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="14:05:00.189+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:1146"> <![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="14:05:00.392+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:540"> <![LOG[Firewall provider is installed.]LOG]!><time="14:05:00.506+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="14:05:00.506+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:800"> <![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="14:05:00.507+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentimpl.cpp:1309"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="14:05:00.638+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:1239"> <![LOG[Endpoint is triggered by message.]LOG]!><time="16:50:55.122+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="16:50:55.303+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="16:50:55.303+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="16:50:55.303+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:251"> <![LOG[Check and enforce EP Deployment state.]LOG]!><time="16:50:55.304+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="fepsettingendpoint.cpp:101"> <![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="16:50:55.304+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentimpl.cpp:940"> <![LOG[sending message to external event agent to test and enable notification]LOG]!><time="16:50:55.305+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:946"> <![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="16:50:55.305+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:1146"> <![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="16:50:55.507+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:540"> <![LOG[Firewall provider is installed.]LOG]!><time="16:50:55.618+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="16:50:55.668+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:800"> <![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="16:50:55.718+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentimpl.cpp:1309"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="16:50:55.863+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:1239">
  5. Logs were long and having trouble posting, so I am doing them in groups. EPMGR.Log Alerts will be checked in 29 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 27 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate outbreak alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 1 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate multiple infection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate reinfection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 31 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC) Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
  6. Thanks for your help. Here are the logs: EPSETUP.log <09/05/13 09:49:42> ==================================================================== <09/05/13 09:49:42> SMSEP Setup Started.... <09/05/13 09:49:42> Parameters: D:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /install /siteserver:4FESSCCM02 SMSEP 0 <09/05/13 09:49:42> Installing Pre Reqs for SMSEP <09/05/13 09:49:42> ======== Installing Pre Reqs for Role SMSEP ======== <09/05/13 09:49:42> Found 1 Pre Reqs for Role SMSEP <09/05/13 09:49:42> Pre Req SqlNativeClient found. <09/05/13 09:49:42> SqlNativeClient already installed (Product Code: {D9DDE0F8-0CFD-4C0F-8A07-C815DE47FF4D}). Would not install again. <09/05/13 09:49:42> Pre Req SqlNativeClient is already installed. Skipping it. <09/05/13 09:49:42> ======== Completed Installation of Pre Reqs for Role SMSEP ======== <09/05/13 09:49:42> Installing the SMSEP <09/05/13 09:49:42> Passed OS version check. <09/05/13 09:49:43> File D:\Program Files\Microsoft Configuration Manager\Client\SCEPInstall.exe version is 4.1.522.0. <09/05/13 09:49:43> Unable to query registry key (SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client), return (0x00000002) means EP client is NOT installed. <09/05/13 09:49:43> Invoking process "D:\Program Files\Microsoft Configuration Manager\Client\SCEPInstall.exe" /s /q /noreplace /policy "D:\Program Files\Microsoft Configuration Manager\Client\EP_DefaultPolicy.xml" <09/05/13 09:49:43> CreateProcess: D:\Program Files\Microsoft Configuration Manager, "D:\Program Files\Microsoft Configuration Manager\Client\SCEPInstall.exe" /s /q /noreplace /policy "D:\Program Files\Microsoft Configuration Manager\Client\EP_DefaultPolicy.xml" <09/05/13 09:49:56> CreateProcess: 0 <09/05/13 09:49:56> Installation was successful. <09/05/13 09:49:56> ~RoleSetup().
  7. I am thinking it is not reporting back to the server because of the message that it won't send the state message, because it already exists. My client looks good when I look at his computer (excerpt of log above), but in SCCM it says it failed to get the policy. I want to know if there is a way to clear the state message on the server so that the client will send the state message. Hope this makes sense.
  8. I had a client that was unable to download the Endpoint Protection Policy. I browsed to the Windows\System32\GroupPolicy\Machine folder and delete the file: Registry.pol then rebooted. It seems to be fixed, but it won't report back to the SCCM server. His EnpointProtectionAgent.log states <![LOG[Endpoint is triggered by message.]LOG]!><time="13:28:00.005+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:251"> <![LOG[Re-apply EP AM policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:107"> <![LOG[Apply AM Policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:1192"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:28:00.542+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:607"> <![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="13:28:02.786+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:659"> <![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="13:28:02.870+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:267"> <![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="13:28:02.871+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:339"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="13:28:03.014+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:1239"> <![LOG[Firewall provider is installed.]LOG]!><time="13:28:03.022+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="13:28:03.074+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:800"> It seems that the issue is that it won't send a state message because it already exists. How do I force it to send the message?
  9. I ended up changing my affected DP's to use prestaged content and then I was able to get the applications to show up in SCCM correctly and they would deploy to clients.
  10. I have two distribution points that will not receive packages. When I distribute content, I will get an error on the pkgtxfrmgr.log that PullDPQueryResult() failed to execute WMI Query SELECT * FROM SMS_PullDPState WHERE PackageID='xxx00011' AND PackageVersion='4'. error = 80004005 Unspecified error Here is what I have tried. 1) redistribute content, 2) validate content, 3) remove dp, uninstall wds, delete sccm folders from the distribution point, left overnight then reinstalled dp role (and it was a success, the client config manager did download to it), 4) ran winmgmt /verifyrepository on both dp's (came up consistent). I also distributed the content to a third and fourth dp and they worked. The problem distribution points had been working. They stopped working when I tried to send a package for SCEP and updates. Any help would be much appreciated.
×
×
  • Create New...