Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 6. Adding the Endpoint Protection role, configure Alerts and custom Antimalware Policies.

Recommended Posts

Yes I did. Still nothing. I have a core issue wrong I believe. I just can't figure out where.

1. I can't deploy the configuration manager agent (it says it works. I even have the service running on my machine , but nothing is reported back to SCCM)

2. I can't get my collections to work for things like desktops, dhcp clients, SCCM servers, etc. It works for all systems, and queries for windows versions, etc

3. On the Endpoint Protection Status, it always say zero active clients, zero not yet installed, etc.

 

Although, I have client push installation configured and Software Update-Based Client installation configured, and the client settings configured to push the endpoint agent..

 

Any ideas? Where would you look for an issue? Here's a piece of the CCM.log after I initiated a client install to a collection of three PC's... I marked the lines in error in RED

 

Execute query exec [sp_CP_GetNewPushMachines] N'100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152053, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152052, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152015, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachine] 2097152015 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Successfully retrieved information for machine ASHITS03 from DB SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineIP] 2097152015 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineResource] 2097152015 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushMachineName] 2097152015 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Received request: "2097152015" for machine name: "ASHITS03" on queue: "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Stored request "2097152015", machine name "ASHITS03", in queue "Processing". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152015, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:11 AM 8252 (0x203C)
----- Started a new CCR processing thread. Thread ID is 0xb14. There are now 1 processing threads SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Getting a new request from queue "Incoming" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Found CCR "2097152052.CCR" in queue "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
======>Begin Processing request: "2097152015", machine name: "ASHITS03" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 2836 (0x0B14)
Execute query exec [sp_IsMPAvailable] N'100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 2836 (0x0B14)
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 2836 (0x0B14)
---> Attempting to connect to administrative share '\\ASHITS03\admin$' using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 2836 (0x0B14)
Execute query exec [sp_CP_GetPushRequestMachine] 2097152052 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Successfully retrieved information for machine ASHITS01 from DB SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineIP] 2097152052 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineResource] 2097152052 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushMachineName] 2097152052 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Received request: "2097152052" for machine name: "ASHITS01" on queue: "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Stored request "2097152052", machine name "ASHITS01", in queue "Processing". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152052, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:13 AM 8252 (0x203C)
----- Started a new CCR processing thread. Thread ID is 0x2f6c. There are now 2 processing threads SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
======>Begin Processing request: "2097152052", machine name: "ASHITS01" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 12140 (0x2F6C)
Execute query exec [sp_IsMPAvailable] N'100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 12140 (0x2F6C)
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 12140 (0x2F6C)
---> Attempting to connect to administrative share '\\ASHITS01\admin$' using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 12140 (0x2F6C)
Getting a new request from queue "Incoming" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Found CCR "2097152053.CCR" in queue "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachine] 2097152053 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Successfully retrieved information for machine ASHITS02 from DB SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineIP] 2097152053 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushRequestMachineResource] 2097152053 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_GetPushMachineName] 2097152053 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Received request: "2097152053" for machine name: "ASHITS02" on queue: "Incoming". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Stored request "2097152053", machine name "ASHITS02", in queue "Processing". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152053, 1 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:15 AM 8252 (0x203C)
---> The 'best-shot' account has now succeeded 3 times and failed 0 times. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:16 AM 2836 (0x0B14)
---> Connected to administrative share on machine ASHITS03 using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:16 AM 2836 (0x0B14)
---> Attempting to make IPC connection to share <\\ASHITS03\IPC$> SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:16 AM 2836 (0x0B14)
---> Searching for SMSClientInstall.* under '\\ASHITS03\admin$\' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:16 AM 2836 (0x0B14)
----- Started a new CCR processing thread. Thread ID is 0x2dc4. There are now 3 processing threads SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 8252 (0x203C)
Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 8252 (0x203C)
======>Begin Processing request: "2097152053", machine name: "ASHITS02" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 11716 (0x2DC4)
Execute query exec [sp_IsMPAvailable] N'100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 11716 (0x2DC4)
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 11716 (0x2DC4)
---> Attempting to connect to administrative share '\\ASHITS02\admin$' using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 11716 (0x2DC4)
Getting a new request from queue "Incoming" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 8252 (0x203C)
Waiting for change in directory "C:\Program Files\Microsoft Configuration Manager\inboxes\ccr.box" for queue "Incoming", (30 minute backup timeout). SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:17 AM 8252 (0x203C)
---> The 'best-shot' account has now succeeded 4 times and failed 0 times. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:18 AM 12140 (0x2F6C)
---> Connected to administrative share on machine ASHITS01 using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:18 AM 12140 (0x2F6C)
---> Attempting to make IPC connection to share <\\ASHITS01\IPC$> SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:18 AM 12140 (0x2F6C)
---> Searching for SMSClientInstall.* under '\\ASHITS01\admin$\' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:18 AM 12140 (0x2F6C)
---> The 'best-shot' account has now succeeded 5 times and failed 0 times. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 11716 (0x2DC4)
---> Connected to administrative share on machine ASHITS02 using account 'Domain\Administrator' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 11716 (0x2DC4)
---> Attempting to make IPC connection to share <\\ASHITS02\IPC$> SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 11716 (0x2DC4)
---> Searching for SMSClientInstall.* under '\\ASHITS02\admin$\' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 11716 (0x2DC4)
---> System OS version string "6.2.9200" converted to 6.20 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:20 AM 2836 (0x0B14)
---> System OS version string "6.1.7600" converted to 6.10 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:22 AM 12140 (0x2F6C)
---> Unable to connect to WMI (root\ccm) on remote machine "ASHITS03", error = 0x8004100e. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Creating \ VerifyingCopying exsistance of destination directory \\ASHITS03\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Copying client files to \\ASHITS03\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\MobileClient.tcf" to "MobileClient.tcf" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\ccmsetup.exe" to "ccmsetup.exe" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Updated service "ccmsetup" on machine "ASHITS03". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Started service "ccmsetup" on machine "ASHITS03". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Deleting SMS Client Install Lock File '\\ASHITS03\admin$\SMSClientInstall.100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
Execute query exec [sp_CP_SetLastErrorCode] 2097152015, 0 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> Completed request "2097152015", machine name "ASHITS03". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
Deleted request "2097152015", machine name "ASHITS03" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152015, 4 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
Execute query exec [sp_CP_SetLatest] 2097152015, N'03/13/2013 12:07:23', 107 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
<======End request: "2097152015", machine name: "ASHITS03". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:23 AM 2836 (0x0B14)
---> System OS version string "6.2.9200" converted to 6.20 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:24 AM 11716 (0x2DC4)
---> Unable to connect to WMI (root\ccm) on remote machine "ASHITS01", error = 0x8004100e. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Creating \ VerifyingCopying exsistance of destination directory \\ASHITS01\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Copying client files to \\ASHITS01\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\MobileClient.tcf" to "MobileClient.tcf" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\ccmsetup.exe" to "ccmsetup.exe" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:25 AM 12140 (0x2F6C)
---> Unable to connect to WMI (root\ccm) on remote machine "ASHITS02", error = 0x8004100e. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Creating \ VerifyingCopying exsistance of destination directory \\ASHITS02\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Copying client files to \\ASHITS02\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\MobileClient.tcf" to "MobileClient.tcf" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\ccmsetup.exe" to "ccmsetup.exe" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:27 AM 11716 (0x2DC4)
---> Updated service "ccmsetup" on machine "ASHITS01". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
---> Started service "ccmsetup" on machine "ASHITS01". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
---> Deleting SMS Client Install Lock File '\\ASHITS01\admin$\SMSClientInstall.100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
Execute query exec [sp_CP_SetLastErrorCode] 2097152052, 0 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
---> Completed request "2097152052", machine name "ASHITS01". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
Deleted request "2097152052", machine name "ASHITS01" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152052, 4 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
Execute query exec [sp_CP_SetLatest] 2097152052, N'03/13/2013 12:07:28', 107 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
<======End request: "2097152052", machine name: "ASHITS01". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:28 AM 12140 (0x2F6C)
---> Created service "ccmsetup" on machine "ASHITS02". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
---> Started service "ccmsetup" on machine "ASHITS02". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
---> Deleting SMS Client Install Lock File '\\ASHITS02\admin$\SMSClientInstall.100' SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
Execute query exec [sp_CP_SetLastErrorCode] 2097152053, 0 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
---> Completed request "2097152053", machine name "ASHITS02". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
Deleted request "2097152053", machine name "ASHITS02" SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152053, 4 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
Execute query exec [sp_CP_SetLatest] 2097152053, N'03/13/2013 12:07:29', 113 SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)
<======End request: "2097152053", machine name: "ASHITS02". SMS_CLIENT_CONFIG_MANAGER 3/13/2013 7:07:29 AM 11716 (0x2DC4)

Share this post


Link to post
Share on other sites

the client push questions should really be raised as a separate post to keep on topic, however client push requires several things in place like firewall ports opened and a client push account which has local administrative permissions on the computer you are pushing the client on...

Share this post


Link to post
Share on other sites

Could you elaborate on this

 

In addition Everytime this ADR runs it will want to create a new deployment package as specified above, we do not want this to happen so after running the ADR once, retire it by right clicking on the rule and select Disable and create a new ADR except this time point the deployment package to the package which is now created called Endpoint Protection Definition Updates.

I'm not understanding what to do after disabling the ADR. Is the new ADR the exact copy of the one created? Can I use the template created? How is the sources\windowsupdates\endpointprotection folder getting updated.

Share this post


Link to post
Share on other sites

basically we use the first created ADR to create the Endpoint Protection Definition Updates package, once created, we then disable that ADR (because of the way we created it purely to create a NEW deployment package...) then we create another ADR practically matching the first except instead of creating a new package we point it to the package created in the first (now disabled) ADR.

 

does that help ?

Share this post


Link to post
Share on other sites

via the ADR, when it runs if any updates are found they are placed in that package

Share this post


Link to post
Share on other sites

What is selected on the new ADR? I assume we select "Select Deployment package" and choose the disabled A

DR? Does anything go in the Package Source field?

post-1-0-89279100-1344249512.png

Share this post


Link to post
Share on other sites

you specify the previously created package as explained in the Guide, and you keep all the other settings the same..

Share this post


Link to post
Share on other sites

Hi, i have a question,

What is the best way to create a Antimalware Policies with quick scan daily and a full scan one time per week.

Create two Antimalware Policies with the same definitions excepted the scan type? and deploy the two policies to the same collection.

This is going to work?

 

Thanks

Share this post


Link to post
Share on other sites

I haven't tried it, please do and report back :)

Share this post


Link to post
Share on other sites

Hi Niall,

 

Thanks for your guides they have been a great help. I have a question about endpoint updates failing if there are multiple updates available. My ADR is set to check for updates released/revised in the last 1 day as per your guide. What happens is the first update is installed successfully and any subsequent updates fail to install.

 

WUAHandler.log

 

 

1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.149.1295.0) (bbf865e4-3ff0-40e5-b13e-df186cc63063, 200) WUAHandler 7/05/2013 4:52:32 AM 11048 (0x2B28)
2. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.149.1332.0) (f301ceba-a8d0-4429-9fc8-93342a234acd, 200) WUAHandler 7/05/2013 4:52:32 AM 11048 (0x2B28)
Async installation of updates started. WUAHandler 7/05/2013 4:52:32 AM 11048 (0x2B28)
Update 1 (bbf865e4-3ff0-40e5-b13e-df186cc63063) finished installing (0x00000000), Reboot Required? No WUAHandler 7/05/2013 4:52:40 AM 8860 (0x229C)
Update 2 (f301ceba-a8d0-4429-9fc8-93342a234acd) finished installing (0x80070643), Reboot Required? No WUAHandler 7/05/2013 4:52:41 AM 9504 (0x2520)
Async install completed. WUAHandler 7/05/2013 4:52:41 AM 9504 (0x2520)
Installation of updates completed. WUAHandler 7/05/2013 4:52:41 AM 4236 (0x108C)
WindowsUpdate.log
2013-05-07 04:52:32:422 1076 f94 Agent * Updates to install = 2
2013-05-07 04:52:32:423 1076 f94 Agent * Title = Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.149.1295.0)
2013-05-07 04:52:32:423 1076 f94 Agent * UpdateId = {BBF865E4-3FF0-40E5-B13E-DF186CC63063}.200
2013-05-07 04:52:32:423 1076 f94 Agent * Bundles 12 updates:
2013-05-07 04:52:32:423 1076 f94 Agent * {F31E6554-4C24-41F5-A8A5-208278248343}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {8C88FF64-9417-41F4-B246-8122584867A5}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {6B386754-D41B-4AAA-838B-D30D8FAF2B1C}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {8B643E13-DB55-4AA4-859B-F93E835E74FB}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {6B592150-B614-406A-B274-83482BC346CE}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {D1BD04C9-E57C-4807-A9F0-858B92696D5E}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {BAF05577-E3B4-4A3A-8634-681910527EBC}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {81B4C990-BBBB-45F9-B958-4AE27BCDC6F0}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2B6ED6D2-F70B-432B-B3A0-FA7DA64BA52A}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {3C2FFBD1-FD4D-41D6-9BED-5C0050E4C282}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2D9905CF-827E-4DA6-AB89-8E7AB2BFC25C}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2122E472-E363-4990-9348-2B55C0980C14}.200
2013-05-07 04:52:32:423 1076 f94 Agent * Title = Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.149.1332.0)
2013-05-07 04:52:32:423 1076 f94 Agent * UpdateId = {F301CEBA-A8D0-4429-9FC8-93342A234ACD}.200
2013-05-07 04:52:32:423 1076 f94 Agent * Bundles 12 updates:
2013-05-07 04:52:32:423 1076 f94 Agent * {F31E6554-4C24-41F5-A8A5-208278248343}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {8C88FF64-9417-41F4-B246-8122584867A5}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {6B386754-D41B-4AAA-838B-D30D8FAF2B1C}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {8B643E13-DB55-4AA4-859B-F93E835E74FB}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {6B592150-B614-406A-B274-83482BC346CE}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {D1BD04C9-E57C-4807-A9F0-858B92696D5E}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {BAF05577-E3B4-4A3A-8634-681910527EBC}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {81B4C990-BBBB-45F9-B958-4AE27BCDC6F0}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2B6ED6D2-F70B-432B-B3A0-FA7DA64BA52A}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {3C2FFBD1-FD4D-41D6-9BED-5C0050E4C282}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2D9905CF-827E-4DA6-AB89-8E7AB2BFC25C}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {4C3EE25D-4654-42E8-9406-2140775B9993}.200
2013-05-07 04:52:32:448 1076 f94 DnldMgr Preparing update for install, updateId = {2122E472-E363-4990-9348-2B55C0980C14}.200.
2013-05-07 04:52:32:453 2696 35c0 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0800) ===========
2013-05-07 04:52:32:453 2696 35c0 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-05-07 04:52:32:453 2696 35c0 Misc = Module: C:\Windows\system32\wuaueng.dll
2013-05-07 04:52:32:453 2696 35c0 Handler :::::::::::::
2013-05-07 04:52:32:453 2696 35c0 Handler :: START :: Handler: Command Line Install
2013-05-07 04:52:32:453 2696 35c0 Handler :::::::::
2013-05-07 04:52:32:453 2696 35c0 Handler : Updates to install = 1
2013-05-07 04:52:40:562 2696 35c0 Handler : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
2013-05-07 04:52:40:563 2696 35c0 Handler :::::::::
2013-05-07 04:52:40:563 2696 35c0 Handler :: END :: Handler: Command Line Install
2013-05-07 04:52:40:563 2696 35c0 Handler :::::::::::::
2013-05-07 04:52:40:567 1076 f94 DnldMgr Preparing update for install, updateId = {4C3EE25D-4654-42E8-9406-2140775B9993}.200.
2013-05-07 04:52:40:719 2696 35c0 Handler :::::::::::::
2013-05-07 04:52:40:719 2696 35c0 Handler :: START :: Handler: Command Line Install
2013-05-07 04:52:40:719 2696 35c0 Handler :::::::::
2013-05-07 04:52:40:719 2696 35c0 Handler : Updates to install = 1
2013-05-07 04:52:41:013 2696 35c0 Handler : WARNING: Command line install completed. Return code = 0x80070670, Result = Failed, Reboot required = false
2013-05-07 04:52:41:013 2696 35c0 Handler : WARNING: Exit code = 0x8024200B
2013-05-07 04:52:41:013 2696 35c0 Handler :::::::::
2013-05-07 04:52:41:013 2696 35c0 Handler :: END :: Handler: Command Line Install
2013-05-07 04:52:41:013 2696 35c0 Handler :::::::::::::
2013-05-07 04:52:41:016 1076 f94 Agent *********
2013-05-07 04:52:41:016 1076 1070 AU Can not perform non-interactive scan if AU is interactive-only
2013-05-07 04:52:41:016 1076 f94 Agent ** END ** Agent: Installing updates [CallerId = CcmExec]
2013-05-07 04:52:41:016 1076 f94 Agent *************
2013-05-07 04:52:41:016 3788 1200 COMAPI >>-- RESUMED -- COMAPI: Install [ClientId = CcmExec]
2013-05-07 04:52:41:016 3788 1200 COMAPI - Install call complete (succeeded = 1, succeeded with errors = 0, failed = 1, unaccounted = 0)
2013-05-07 04:52:41:016 3788 1200 COMAPI - Reboot required = No

 

All my clients seem to have this problem. This means the deployment compliance is very low because of the installation errors. It also means the majority of my clients report the definition status as "up to 3 days old"
Thanks,
Curns.

Share this post


Link to post
Share on other sites

does the above problem happen every day the same way or just this once ? if you reboot the client does it behave any differently ?

Share this post


Link to post
Share on other sites

basically we use the first created ADR to create the Endpoint Protection Definition Updates package, once created, we then disable that ADR (because of the way we created it purely to create a NEW deployment package...) then we create another ADR practically matching the first except instead of creating a new package we point it to the package created in the first (now disabled) ADR.

 

What would happen if you don't disable the ADR that created a new package, and don't create a new one that points to the existing package?

If I understand correctly, the ADR would create a new package everytime. However I don't see that happening in our environment.

I created a new ADR with new package and didn't disable it. Don't see any errors?

Share this post


Link to post
Share on other sites

 

Hi Niall,

 

Thanks for your guides they have been a great help. I have a question about endpoint updates failing if there are multiple updates available. My ADR is set to check for updates released/revised in the last 1 day as per your guide. What happens is the first update is installed successfully and any subsequent updates fail to install.

 

WUAHandler.log

 

 

1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.149.1295.0) (bbf865e4-3ff0-40e5-b13e-df186cc63063, 200) WUAHandler 7/05/2013 4:52:32 AM 11048 (0x2B28)
2. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.149.1332.0) (f301ceba-a8d0-4429-9fc8-93342a234acd, 200) WUAHandler 7/05/2013 4:52:32 AM 11048 (0x2B28)
Async installation of updates started. WUAHandler 7/05/2013 4:52:32 AM 11048 (0x2B28)
Update 1 (bbf865e4-3ff0-40e5-b13e-df186cc63063) finished installing (0x00000000), Reboot Required? No WUAHandler 7/05/2013 4:52:40 AM 8860 (0x229C)
Update 2 (f301ceba-a8d0-4429-9fc8-93342a234acd) finished installing (0x80070643), Reboot Required? No WUAHandler 7/05/2013 4:52:41 AM 9504 (0x2520)
Async install completed. WUAHandler 7/05/2013 4:52:41 AM 9504 (0x2520)
Installation of updates completed. WUAHandler 7/05/2013 4:52:41 AM 4236 (0x108C)
WindowsUpdate.log

2013-05-07 04:52:32:422 1076 f94 Agent * Updates to install = 2
2013-05-07 04:52:32:423 1076 f94 Agent * Title = Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.149.1295.0)
2013-05-07 04:52:32:423 1076 f94 Agent * UpdateId = {BBF865E4-3FF0-40E5-B13E-DF186CC63063}.200
2013-05-07 04:52:32:423 1076 f94 Agent * Bundles 12 updates:
2013-05-07 04:52:32:423 1076 f94 Agent * {F31E6554-4C24-41F5-A8A5-208278248343}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {8C88FF64-9417-41F4-B246-8122584867A5}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {6B386754-D41B-4AAA-838B-D30D8FAF2B1C}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {8B643E13-DB55-4AA4-859B-F93E835E74FB}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {6B592150-B614-406A-B274-83482BC346CE}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {D1BD04C9-E57C-4807-A9F0-858B92696D5E}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {BAF05577-E3B4-4A3A-8634-681910527EBC}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {81B4C990-BBBB-45F9-B958-4AE27BCDC6F0}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2B6ED6D2-F70B-432B-B3A0-FA7DA64BA52A}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {3C2FFBD1-FD4D-41D6-9BED-5C0050E4C282}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2D9905CF-827E-4DA6-AB89-8E7AB2BFC25C}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2122E472-E363-4990-9348-2B55C0980C14}.200
2013-05-07 04:52:32:423 1076 f94 Agent * Title = Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.149.1332.0)
2013-05-07 04:52:32:423 1076 f94 Agent * UpdateId = {F301CEBA-A8D0-4429-9FC8-93342A234ACD}.200
2013-05-07 04:52:32:423 1076 f94 Agent * Bundles 12 updates:
2013-05-07 04:52:32:423 1076 f94 Agent * {F31E6554-4C24-41F5-A8A5-208278248343}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {8C88FF64-9417-41F4-B246-8122584867A5}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {6B386754-D41B-4AAA-838B-D30D8FAF2B1C}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {8B643E13-DB55-4AA4-859B-F93E835E74FB}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {6B592150-B614-406A-B274-83482BC346CE}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {D1BD04C9-E57C-4807-A9F0-858B92696D5E}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {BAF05577-E3B4-4A3A-8634-681910527EBC}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {81B4C990-BBBB-45F9-B958-4AE27BCDC6F0}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2B6ED6D2-F70B-432B-B3A0-FA7DA64BA52A}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {3C2FFBD1-FD4D-41D6-9BED-5C0050E4C282}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {2D9905CF-827E-4DA6-AB89-8E7AB2BFC25C}.200
2013-05-07 04:52:32:423 1076 f94 Agent * {4C3EE25D-4654-42E8-9406-2140775B9993}.200
2013-05-07 04:52:32:448 1076 f94 DnldMgr Preparing update for install, updateId = {2122E472-E363-4990-9348-2B55C0980C14}.200.
2013-05-07 04:52:32:453 2696 35c0 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0800) ===========
2013-05-07 04:52:32:453 2696 35c0 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-05-07 04:52:32:453 2696 35c0 Misc = Module: C:\Windows\system32\wuaueng.dll
2013-05-07 04:52:32:453 2696 35c0 Handler :::::::::::::
2013-05-07 04:52:32:453 2696 35c0 Handler :: START :: Handler: Command Line Install
2013-05-07 04:52:32:453 2696 35c0 Handler :::::::::
2013-05-07 04:52:32:453 2696 35c0 Handler : Updates to install = 1
2013-05-07 04:52:40:562 2696 35c0 Handler : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
2013-05-07 04:52:40:563 2696 35c0 Handler :::::::::
2013-05-07 04:52:40:563 2696 35c0 Handler :: END :: Handler: Command Line Install
2013-05-07 04:52:40:563 2696 35c0 Handler :::::::::::::
2013-05-07 04:52:40:567 1076 f94 DnldMgr Preparing update for install, updateId = {4C3EE25D-4654-42E8-9406-2140775B9993}.200.
2013-05-07 04:52:40:719 2696 35c0 Handler :::::::::::::
2013-05-07 04:52:40:719 2696 35c0 Handler :: START :: Handler: Command Line Install
2013-05-07 04:52:40:719 2696 35c0 Handler :::::::::
2013-05-07 04:52:40:719 2696 35c0 Handler : Updates to install = 1
2013-05-07 04:52:41:013 2696 35c0 Handler : WARNING: Command line install completed. Return code = 0x80070670, Result = Failed, Reboot required = false
2013-05-07 04:52:41:013 2696 35c0 Handler : WARNING: Exit code = 0x8024200B
2013-05-07 04:52:41:013 2696 35c0 Handler :::::::::
2013-05-07 04:52:41:013 2696 35c0 Handler :: END :: Handler: Command Line Install
2013-05-07 04:52:41:013 2696 35c0 Handler :::::::::::::
2013-05-07 04:52:41:016 1076 f94 Agent *********
2013-05-07 04:52:41:016 1076 1070 AU Can not perform non-interactive scan if AU is interactive-only
2013-05-07 04:52:41:016 1076 f94 Agent ** END ** Agent: Installing updates [CallerId = CcmExec]
2013-05-07 04:52:41:016 1076 f94 Agent *************
2013-05-07 04:52:41:016 3788 1200 COMAPI >>-- RESUMED -- COMAPI: Install [ClientId = CcmExec]
2013-05-07 04:52:41:016 3788 1200 COMAPI - Install call complete (succeeded = 1, succeeded with errors = 0, failed = 1, unaccounted = 0)
2013-05-07 04:52:41:016 3788 1200 COMAPI - Reboot required = No

 

All my clients seem to have this problem. This means the deployment compliance is very low because of the installation errors. It also means the majority of my clients report the definition status as "up to 3 days old"
Thanks,
Curns.

 

 

 

does the above problem happen every day the same way or just this once ? if you reboot the client does it behave any differently ?

 

I've noticed this from the beginning of implementing EndPoint Protection, but usually it is on one or two clients. Today, it showed up on over half (we don't have too many in the heirarcy yet). It's really a false positive because the most recent definitions available in my environment are installed on the client. Why doesn't ConfigMgr just install the latest definition and forget about the older updates? The clients only need the latest one right? I did have one server that successfully installed all three updates so I don't understand what's up. Is there a way to get more information on why the update isntallation fails?

Share this post


Link to post
Share on other sites

Sorry. After looking at it again, it's not necessarily the latest updates that get installed. I'm changing my Managed Laptop ADR to look back only 8 hours. That should get only the latest update. My laptop is the only device in that collection right now so good for testing.

 

If that works, I plan to change the Software Update Point to sync every 8 hours. I'm on ConfigMgr 2012 SP1 so my ADR's can use the evaluation period "After Software Udpate Point Sync"

 

Then I'll get updates 3x per day which is supported in SP1 - NOT recommended for RTM.

 

I'll let you know how it goes

Share this post


Link to post
Share on other sites

OK. Today, all my servers applied all three updates without issue (except one that I'll get to in a minute) I don't understand why it failed the day before.

 

The change in the ADR targeted to my laptop did what I hoped, it only deployed the latest update becasue it only searched back 8 hours.

 

I'm going to change the SUP to sync every 8 hours and see how that goes.

 

I have only one server client in a remote site accross a WAN. It did not update it's definitions last night. It is a distribution point at that site and I checked and it is looking to itself for content source. The distribution status of the EndPoint protection updates was successful so I'm not sure why it did not update it's definitions last night. It would see that it doesn't see that it has a deployment that is needed. It did successfully apply the EndPoint protection updates 3 days ago through the SUP. I'm looking at what the issue might be.

Share this post


Link to post
Share on other sites

Changing the SUP to every 8 hours worked like a charm. The SUP kicked off, 1 hour later the deployment deadline hit and so far every system I checked updated their definitions on schedule - including that pesky server in the remote site. (I did take a look at that server and ended up rebooting it earlier today so maybe there was something funky going on with it - I'll continue to monitor it)

 

I think I won't have to change my ADR's to only go back 8 hours either because each time the deployment goes, there should only be one definition update that needs applied no matter what.

  • Like 1

Share this post


Link to post
Share on other sites

Sorry for late reply. I also ended up changing my SUP to sync more frequently. I also changed my ADR from 1 day to 12 hours. This seems to have resolved most of the issues. Thanks.

Share this post


Link to post
Share on other sites

First off, I have to say that I am TRULY impressed with how well and clearly defined this step-by-step tutorial is. I am a first-time user of System Center, so I had to jump straight into the foray with v.2012 SP1. Despite the differences in screenshots and some other tweaks, I got through an installation after only two tries (I love VMs). That all said ...

 

[NEW TOPIC]

 

If anyone (Admin included) can help guide me through the following, I would greatly appreciate it. I have SCCM 2012 running and can do Client Pushes of the Configuration Manager client to domain-bound systems (via intranet), as well as push and update Endpoint Protection (EP), thereafter. I can even uninstall non-standard antivirus programs prior to EP installation without forcing system reboots (though the process takes longer to complete). However:

 

1. I need to create a deployment package (e.g. a ZIP, an MSI or an EXE) independent of the Client Push system (e.g. for workgroup or other systems not yet on the domain; workstations joined to a child domain; domain workstations using public Internet or currently out of reach from a domain hub). Once installed, the clients could ping via intranet or Internet to get updates, policy changes, etc.

 

2. I need some guidance on how to configure SCCM to use HTTP and/or HTTPS (preferably ONLY the latter) to update the Configuration Manager client, Endpoint Protection client and so on. I followed the instructions presented here to set up certificate calls and WSUS updates, but it looks like I broke my Client Push, in the process.

 

Those are my key issues, and I would appreciate ANY and ALL relevant assistance, as I am stuck like Chuck, right now - THX !!

  • Like 1

Share this post


Link to post
Share on other sites

I just discovered this site.. WOW what a great resource. Thanks for putting this together!!!

 

Parts of the links in the Recommended Reading section are missing parts of the path.

 

Thanks

Share this post


Link to post
Share on other sites

I just discovered this site.. WOW what a great resource. Thanks for putting this together!!!

 

 

you are welcome !

 

glad you found it and i've fixed the links along with some missing text in the guide (it must have got dropped during an edit)

Share this post


Link to post
Share on other sites

First off, I have to say that I am TRULY impressed with how well and clearly defined this step-by-step tutorial is. I am a first-time user of System Center, so I had to jump straight into the foray with v.2012 SP1. Despite the differences in screenshots and some other tweaks, I got through an installation after only two tries (I love VMs). That all said ...

 

[NEW TOPIC]

 

If anyone (Admin included) can help guide me through the following, I would greatly appreciate it. I have SCCM 2012 running and can do Client Pushes of the Configuration Manager client to domain-bound systems (via intranet), as well as push and update Endpoint Protection (EP), thereafter. I can even uninstall non-standard antivirus programs prior to EP installation without forcing system reboots (though the process takes longer to complete). However:

 

1. I need to create a deployment package (e.g. a ZIP, an MSI or an EXE) independent of the Client Push system (e.g. for workgroup or other systems not yet on the domain; workstations joined to a child domain; domain workstations using public Internet or currently out of reach from a domain hub). Once installed, the clients could ping via intranet or Internet to get updates, policy changes, etc.

 

2. I need some guidance on how to configure SCCM to use HTTP and/or HTTPS (preferably ONLY the latter) to update the Configuration Manager client, Endpoint Protection client and so on. I followed the instructions presented here to set up certificate calls and WSUS updates, but it looks like I broke my Client Push, in the process.

 

Those are my key issues, and I would appreciate ANY and ALL relevant assistance, as I am stuck like Chuck, right now - THX !!

 

I'd like to help you offline as there is potentially a lot wrapped up in your request :) and it would be difficult to write a post that addresses it in enough detail to be helpful

 

One quick thing. Workgroup computer installations need to be done manually. You could write a script to make it less painful.

Share this post


Link to post
Share on other sites

Hello,

 

there is something I don't get. We have configured the server to be able to send email alert, but we haven't configured anywhere at which address it send these alert O_O

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...