Jump to content


anyweb

using SCCM 2012 in a LAB - Part 5. Enable the Endpoint Protection Role and configure Endpoint Protection settings

Recommended Posts

I am new to SCCM but having been following all these guides and managed to get most things working, eventually.

 

I'm also having problems with the Endpoint Protection ADR returning 0x87D20417. This only happens periodically so I am eventually able to get it to run and only appear to be a problem for one set of devices. The error code in the RuleEngine log is 3.

 

Looking in the PatchDownloader log I can't see anything that looks like an error apart from for some downloads I get the following

 

Download http://download.windowsupdate.com/msdownload/update/software/defu/2012/11/am_delta_patch_1.141.28.0_0801713781a21b0854c26c2f718b0607d866b353.exe to C:\Windows\TEMP\CABF044.tmp returns 0 $$<Software Updates Patch Downloader><11-22-2012 09:47:42.650+00><thread=16652 (0x410C)>

 

Any ideas please?

Share this post


Link to post
Share on other sites

I have a pretty basic question, I think.

 

I have a collection that ended up with three antimaleware policies on it. The Default Policy an Admin-type policy and the custom policy (laptops policy) that applied to the clients before I created the admin collection. I probably should have created the collection first, but that's in the past. :)

 

The way I'm thinking about the priority level of each dictates that the policy i created for the collection is the one actually applying custom settings and then other settings are applied as the policies with the other priorities are "filtered" in.

 

So-

admin policy priority 1 - applies custom settings for admin collection

Laptop policy priortiy 3 - applies custom settings that aren't accounted for in the admin policy

Default policy priority 10,000 - applies everything else that hasn't been accounted for in the other two

 

Is that the correct way to think about that and secondly can I remove the laptops policy and is it even necessary?

Share this post


Link to post
Share on other sites

SO I was able to get most of this done, but when I go to set up an Automatic Deployment I dont any \\MSSC\source\update location. Is there a piece i am missing that creates that repository? When trying to syncronize with my WSUS service (on the same machine) the log never says "Done syncronizing" it just says:

 

Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.0.6000.273, Major Version = 0x30000, Minor Version = 0x17700111 SMS_WSUS_CONTROL_MANAGER 3/5/2013 11:29:42 AM 1444 (0x05A4)

 

Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.1.6001.1, Major Version = 0x30001, Minor Version = 0x17710001 SMS_WSUS_CONTROL_MANAGER 3/5/2013 11:29:42 AM 1444 (0x05A4)

 

The installed WSUS build has the valid and supported WSUS Administration DLL assembly version (3.1.7600.226) SMS_WSUS_CONTROL_MANAGER 3/5/2013 11:29:42 AM 1444 (0x05A4)

 

Successfully connected to local WSUS server SMS_WSUS_CONTROL_MANAGER 3/5/2013 11:29:42 AM 1444 (0x05A4)

 

Local WSUS Server Proxy settings are correctly configured as Proxy Name and Proxy Port 80 SMS_WSUS_CONTROL_MANAGER 3/5/2013 11:29:42 AM 1444 (0x05A4)

 

Successfully connected to local WSUS server SMS_WSUS_CONTROL_MANAGER 3/5/2013 11:29:42 AM 1444 (0x05A4)

 

There are no unhealthy WSUS Server components on WSUS Server MSSC.pub.com SMS_WSUS_CONTROL_MANAGER 3/5/2013 11:29:42 AM 1444 (0x05A4)

 

Successfully checked database connection on WSUS server MSSC.pub.com SMS_WSUS_CONTROL_MANAGER 3/5/2013 11:29:42 AM 1444 (0x05A4)

 

Waiting for changes for 57 minutes SMS_WSUS_CONTROL_MANAGER 3/5/2013 11:29:42 AM 1444 (0x05A4)


Any ideas? It might be two separate issues. I'm just not sure how to add a deployment package or if WSUS is even working.

Share this post


Link to post
Share on other sites

I am new to this Forum so please forgive me if I'm in the wrong place, but I think I have a similar issue to the above post. I have followed the guides up through Part 5. Enable the Endpoint Protection Role and configure settings. The Software Update Point seems to be working. I can perform a "Synchronize Software Updates" from the Software Library successfully. I can see the updates listed under All Software Updates, but when it comes to distributing the Endpoint Package I don't have the "Sources\WSUS...\EndpointProtection" folder. I setup the sources share as the instructions say, and I setup WSUS to use sources, but where is the endpoint protection client? I feel like I've missed a core step somewhere.

 

Thanks in advance!

Share this post


Link to post
Share on other sites

Hi,

I'm not sure if this is the right place but I'll give it a whirl anyhow!

 

I basically have followed this guide and everything seems okay. I can now deploy the FEP client but it never actually updates. The ADRs are all running and everything seems happy and on a couple of machines they all seem fine and update regularly. However the Windows 7 ones never update.

 

However FEP on the clients doesn't seem to want to update. On the Endpoint Policy I've told clients that 'Updates distributed from Configuration Manager' as the only update source yet it still looks like it's trying to go out to the internet.

Any ideas? There is the Windows Update log below where I can see it trying to go out - we have a proxy in place but it doesn't look like it's configured (any ideas where I can configure this??) This is from a non-working Windows 7 client:

From WindowsUpdate.log:
2014-07-10 10:11:54:272 1072 115c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-07-10 10:11:54:272 1072 115c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1...uv4wuredir.cab. error 0x80072ee2
2014-07-10 10:11:54:272 1072 115c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-07-10 10:11:54:272 1072 115c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-07-10 10:11:54:272 1072 115c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-07-10 10:11:54:272 1072 115c Misc WARNING: DownloadFileInternal failed for <same path as above> error 0x80072ee2
2014-07-10 10:11:54:272 1072 115c Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80072ee22014-07-10 10:11:54:272 1072 115c Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80072EE2
2014-07-10 10:11:54:288 1072 115c Agent * WARNING: Exit code = 0x80072EE2

 

We do have a proxy internally to access the internet and I'm wondering if I configure that will it work? More importantly how do I configure it?

 

TIA!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.