Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 6. Adding the Endpoint Protection role, configure Alerts and custom Antimalware Policies.

Recommended Posts

Yes I did. Still nothing. I have a core issue wrong I believe. I just can't figure out where.

1. I can't deploy the configuration manager agent (it says it works. I even have the service running on my machine , but nothing is reported back to SCCM)

2. I can't get my collections to work for things like desktops, dhcp clients, SCCM servers, etc. It works for all systems, and queries for windows versions, etc

3. On the Endpoint Protection Status, it always say zero active clients, zero not yet installed, etc.

 

Although, I have client push installation configured and Software Update-Based Client installation configured, and the client settings configured to push the endpoint agent..

 

Any ideas? Where would you look for an issue? Here's a piece of the CCM.log after I initiated a client install to a collection of three PC's... I marked the lines in error in RED

 

Execute query exec [sp_CP_GetNewPushMachines] N'100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152053, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152052, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152015, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachine] 2097152015 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Successfully retrieved information for machine ASHITS03 from DB SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineIP] 2097152015 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineResource] 2097152015 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushMachineName] 2097152015 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Received request: "2097152015" for machine name: "ASHITS03" on queue: "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Stored request "2097152015", machine name "ASHITS03", in queue "Processing". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152015, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
----- Started a new CCR processing thread. Thread ID is 0xb14. There are now 1 processing threads SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Getting a new request from queue "Incoming" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Found CCR "2097152052.CCR" in queue "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
======>Begin Processing request: "2097152015", machine name: "ASHITS03" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 2836 (0x0B14)
Execute query exec [sp_IsMPAvailable] N'100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 2836 (0x0B14)
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 2836 (0x0B14)
---> Attempting to connect to administrative share '\\ASHITS03\admin$' using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 2836 (0x0B14)
Execute query exec [sp_CP_GetPushRequestMachine] 2097152052 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Successfully retrieved information for machine ASHITS01 from DB SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineIP] 2097152052 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineResource] 2097152052 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushMachineName] 2097152052 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Received request: "2097152052" for machine name: "ASHITS01" on queue: "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Stored request "2097152052", machine name "ASHITS01", in queue "Processing". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152052, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
----- Started a new CCR processing thread. Thread ID is 0x2f6c. There are now 2 processing threads SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
======>Begin Processing request: "2097152052", machine name: "ASHITS01" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 12140 (0x2F6C)
Execute query exec [sp_IsMPAvailable] N'100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 12140 (0x2F6C)
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 12140 (0x2F6C)
---> Attempting to connect to administrative share '\\ASHITS01\admin$' using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 12140 (0x2F6C)
Getting a new request from queue "Incoming" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Found CCR "2097152053.CCR" in queue "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachine] 2097152053 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Successfully retrieved information for machine ASHITS02 from DB SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineIP] 2097152053 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineResource] 2097152053 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushMachineName] 2097152053 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Received request: "2097152053" for machine name: "ASHITS02" on queue: "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Stored request "2097152053", machine name "ASHITS02", in queue "Processing". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152053, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
---> The 'best-shot' account has now succeeded 3 times and failed 0 times. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:16 AM 2836 (0x0B14)
---> Connected to administrative share on machine ASHITS03 using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:16 AM 2836 (0x0B14)
---> Attempting to make IPC connection to share <\\ASHITS03\IPC$> SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:16 AM 2836 (0x0B14)
---> Searching for SMSClientInstall.* under '\\ASHITS03\admin$\' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:16 AM 2836 (0x0B14)
----- Started a new CCR processing thread. Thread ID is 0x2dc4. There are now 3 processing threads SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 8252 (0x203C)
Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 8252 (0x203C)
======>Begin Processing request: "2097152053", machine name: "ASHITS02" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 11716 (0x2DC4)
Execute query exec [sp_IsMPAvailable] N'100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 11716 (0x2DC4)
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 11716 (0x2DC4)
---> Attempting to connect to administrative share '\\ASHITS02\admin$' using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 11716 (0x2DC4)
Getting a new request from queue "Incoming" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 8252 (0x203C)
Waiting for change in directory "C:\Program Files\Microsoft Configuration Manager\inboxes\ccr.box" for queue "Incoming", (30 minute backup timeout). SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 8252 (0x203C)
---> The 'best-shot' account has now succeeded 4 times and failed 0 times. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:18 AM 12140 (0x2F6C)
---> Connected to administrative share on machine ASHITS01 using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:18 AM 12140 (0x2F6C)
---> Attempting to make IPC connection to share <\\ASHITS01\IPC$> SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:18 AM 12140 (0x2F6C)
---> Searching for SMSClientInstall.* under '\\ASHITS01\admin$\' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:18 AM 12140 (0x2F6C)
---> The 'best-shot' account has now succeeded 5 times and failed 0 times. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 11716 (0x2DC4)
---> Connected to administrative share on machine ASHITS02 using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 11716 (0x2DC4)
---> Attempting to make IPC connection to share <\\ASHITS02\IPC$> SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 11716 (0x2DC4)
---> Searching for SMSClientInstall.* under '\\ASHITS02\admin$\' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 11716 (0x2DC4)
---> System OS version string "6.2.9200" converted to 6.20 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 2836 (0x0B14)
---> System OS version string "6.1.7600" converted to 6.10 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:22 AM 12140 (0x2F6C)
---> Unable to connect to WMI (root\ccm) on remote machine "ASHITS03", error = 0x8004100e. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Creating \ VerifyingCopying exsistance of destination directory \\ASHITS03\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Copying client files to \\ASHITS03\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\MobileClient.tcf" to "MobileClient.tcf" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\ccmsetup.exe" to "ccmsetup.exe" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Updated service "ccmsetup" on machine "ASHITS03". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Started service "ccmsetup" on machine "ASHITS03". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Deleting SMS Client Install Lock File '\\ASHITS03\admin$\SMSClientInstall.100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
Execute query exec [sp_CP_SetLastErrorCode] 2097152015, 0 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Completed request "2097152015", machine name "ASHITS03". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
Deleted request "2097152015", machine name "ASHITS03" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152015, 4 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
Execute query exec [sp_CP_SetLatest] 2097152015, N'03/13/2013 12:07:23', 107 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
<======End request: "2097152015", machine name: "ASHITS03". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> System OS version string "6.2.9200" converted to 6.20 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:24 AM 11716 (0x2DC4)
---> Unable to connect to WMI (root\ccm) on remote machine "ASHITS01", error = 0x8004100e. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Creating \ VerifyingCopying exsistance of destination directory \\ASHITS01\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Copying client files to \\ASHITS01\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\MobileClient.tcf" to "MobileClient.tcf" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\ccmsetup.exe" to "ccmsetup.exe" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Unable to connect to WMI (root\ccm) on remote machine "ASHITS02", error = 0x8004100e. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Creating \ VerifyingCopying exsistance of destination directory \\ASHITS02\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Copying client files to \\ASHITS02\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\MobileClient.tcf" to "MobileClient.tcf" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\ccmsetup.exe" to "ccmsetup.exe" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Updated service "ccmsetup" on machine "ASHITS01". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
---> Started service "ccmsetup" on machine "ASHITS01". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
---> Deleting SMS Client Install Lock File '\\ASHITS01\admin$\SMSClientInstall.100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
Execute query exec [sp_CP_SetLastErrorCode] 2097152052, 0 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
---> Completed request "2097152052", machine name "ASHITS01". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
Deleted request "2097152052", machine name "ASHITS01" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152052, 4 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
Execute query exec [sp_CP_SetLatest] 2097152052, N'03/13/2013 12:07:28', 107 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
<======End request: "2097152052", machine name: "ASHITS01". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
---> Created service "ccmsetup" on machine "ASHITS02". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
---> Started service "ccmsetup" on machine "ASHITS02". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
---> Deleting SMS Client Install Lock File '\\ASHITS02\admin$\SMSClientInstall.100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
Execute query exec [sp_CP_SetLastErrorCode] 2097152053, 0 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
---> Completed request "2097152053", machine name "ASHITS02". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
Deleted request "2097152053", machine name "ASHITS02" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152053, 4 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
Execute query exec [sp_CP_SetLatest] 2097152053, N'03/13/2013 12:07:29', 113 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
<======End request: "2097152053", machine name: "ASHITS02". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)

Share this post


Link to post
Share on other sites

the client push questions should really be raised as a separate post to keep on topic, however client push requires several things in place like firewall ports opened and a client push account which has local administrative permissions on the computer you are pushing the client on...

Share this post


Link to post
Share on other sites

Could you elaborate on this

 

In addition Everytime this ADR runs it will want to create a new deployment package as specified above, we do not want this to happen so after running the ADR once, retire it by right clicking on the rule and select Disable and create a new ADR except this time point the deployment package to the package which is now created called Endpoint Protection Definition Updates.

I'm not understanding what to do after disabling the ADR. Is the new ADR the exact copy of the one created? Can I use the template created? How is the sources\windowsupdates\endpointprotection folder getting updated.

Share this post


Link to post
Share on other sites

basically we use the first created ADR to create the Endpoint Protection Definition Updates package, once created, we then disable that ADR (because of the way we created it purely to create a NEW deployment package...) then we create another ADR practically matching the first except instead of creating a new package we point it to the package created in the first (now disabled) ADR.

 

does that help ?

Share this post


Link to post
Share on other sites

you specify the previously created package as explained in the Guide, and you keep all the other settings the same..

Share this post


Link to post
Share on other sites

Hi, i have a question,

What is the best way to create a Antimalware Policies with quick scan daily and a full scan one time per week.

Create two Antimalware Policies with the same definitions excepted the scan type? and deploy the two policies to the same collection.

This is going to work?

 

Thanks

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.