Jump to content


Chadddada

EP 4.2.223.1 is installed, version is higher than expected installer version 4.1.522.0

Recommended Posts

EP 4.2.223.1 is installed, version is higher than expected installer version 4.1.522.0

 

Has anyone see that in the EndpointProtectionAgent.log on a system they have been trying to push the SCCM client to before? We have a number of servers that haven't reported back to SCCM that their Endpoint Protection is being managed. Looking at the log noted above has that error.

 

A snipped from the log:

 

<![LOG[service startup notification received]LOG]!><time="16:43:43.819+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="1" thread="3924" file="fepsettingendpoint.cpp:291">
<![LOG[Endpoint is triggered by CCMTask Execute.]LOG]!><time="16:43:43.819+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="1" thread="2804" file="fepsettingendpoint.cpp:265">
<![LOG[Deployment WMI is NOT ready.]LOG]!><time="16:43:43.835+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="1" thread="2804" file="epagentimpl.cpp:725">
<![LOG[Endpoint is triggered by WMI notification.]LOG]!><time="16:43:59.482+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="1" thread="3556" file="fepsettingendpoint.cpp:154">
<![LOG[Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="16:43:59.498+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="2" thread="3556" file="epagentimpl.cpp:1334">
<![LOG[Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="16:43:59.498+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="2" thread="3556" file="epagentimpl.cpp:1339">
<![LOG[EP State and Error Code didn't get changed, skip resend state message.]LOG]!><time="16:43:59.498+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="1" thread="3556" file="epagentimpl.cpp:153">
<![LOG[Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="16:43:59.498+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="2" thread="3556" file="epagentimpl.cpp:1334">
<![LOG[Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="16:43:59.498+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="2" thread="3556" file="epagentimpl.cpp:1339">
<![LOG[state 1, error code 0 and detail message are not changed, skip updating registry value]LOG]!><time="16:43:59.498+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="1" thread="3556" file="epagentimpl.cpp:205">
<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="16:43:59.498+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="1" thread="3556" file="epagentutil.cpp:519">
<![LOG[EP version 4.2.223.1 is already installed.]LOG]!><time="16:43:59.498+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="1" thread="3556" file="epagentutil.cpp:232">
<![LOG[EP 4.2.223.1 is installed, version is higher than expected installer version 4.1.522.0.]LOG]!><time="16:43:59.498+240" date="06-26-2013" component="EndpointProtectionAgent" context="" type="1" thread="3556" file="epagentutil.cpp:265">

 

 

A few of these systems were previously manged under a dev SCCM 2012 SP1 install, and some under FEP 2010. Now we are deploying from a new SCCM site that we have setup to these servers. Does this indicate that we need to update the EP install that we are pushing out?

 

Share this post


Link to post
Share on other sites

I'm starting to have this issue in my environment as well. Created an account just to reply to this thread. I haven't found an answer yet.

 

What I've noticed so far is the version on my management point is 4.1.522.0. If I manually install this version, I get my definition updates correctly. However, one of the windows updates pushed out is the newer version of the SCEP Client, 4.2.223. Once this version is installed, I get constant pop-ups for definition updates over and over. Even though my ADR says to disable all notifications, and install the definition updates outside of a maintenance window, the installs are failing.

 

I was wondering if maybe there was a way to update the SCEP file on the management point itself?

 

 

 

EP 4.2.223.1 is installed, version is higher than expected installer version 4.1.522.0. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)

Check and enforce EP Deployment state. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
EP Client is already installed, will NOT trigger reinstallation. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Sending message to external event agent to test and enable notification EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Sending message to endpoint ExternalEventAgent EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
EP Policy Antimalware Policy is already applied. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Firewall provider is installed. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Installed firewall provider meet the requirements. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000 EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Skip sending state message due to same state message already exists. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Endpoint is triggered by message. EndpointProtectionAgent 6/27/2013 10:39:00 AM 6356 (0x18D4)
File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0. EndpointProtectionAgent 6/27/2013 10:39:00 AM 6356 (0x18D4)

 

Share this post


Link to post
Share on other sites

Figured out what our problem was, but trying to replicate the issue. We took the EP settings out of default and moved them to their own client setting policy. That client setting was applying to the collection but for some reason wasn't taking. We re-linked it and it seems to be working now <buggy?>.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.