Jump to content


Sign in to follow this  
techgurl

Endpoint Client install statusnot updating to server

Recommended Posts

I had a client that was unable to download the Endpoint Protection Policy. I browsed to the Windows\System32\GroupPolicy\Machine folder and delete the file: Registry.pol then rebooted. It seems to be fixed, but it won't report back to the SCCM server.

 

 

His EnpointProtectionAgent.log states

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="13:28:00.005+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:58">
<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:519">
<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:232">
<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:251">
<![LOG[Re-apply EP AM policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:107">
<![LOG[Apply AM Policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:1192">
<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:28:00.542+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:607">
<![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="13:28:02.786+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:659">
<![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="13:28:02.870+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:267">
<![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="13:28:02.871+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:339">
<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="13:28:03.014+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:1239">
<![LOG[Firewall provider is installed.]LOG]!><time="13:28:03.022+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:779">
<![LOG[installed firewall provider meet the requirements.]LOG]!><time="13:28:03.074+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:800">

 

It seems that the issue is that it won't send a state message because it already exists. How do I force it to send the message?

 

Share this post


Link to post
Share on other sites

I am thinking it is not reporting back to the server because of the message that it won't send the state message, because it already exists. My client looks good when I look at his computer (excerpt of log above), but in SCCM it says it failed to get the policy. I want to know if there is a way to clear the state message on the server so that the client will send the state message. Hope this makes sense.

Share this post


Link to post
Share on other sites

Thanks for your help. Here are the logs:

 

EPSETUP.log

 

<09/05/13 09:49:42> ====================================================================

 

<09/05/13 09:49:42> SMSEP Setup Started....

 

<09/05/13 09:49:42> Parameters: D:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /install /siteserver:4FESSCCM02 SMSEP 0

 

<09/05/13 09:49:42> Installing Pre Reqs for SMSEP

 

<09/05/13 09:49:42> ======== Installing Pre Reqs for Role SMSEP ========

 

<09/05/13 09:49:42> Found 1 Pre Reqs for Role SMSEP

 

<09/05/13 09:49:42> Pre Req SqlNativeClient found.

 

<09/05/13 09:49:42> SqlNativeClient already installed (Product Code: {D9DDE0F8-0CFD-4C0F-8A07-C815DE47FF4D}). Would not install again.

 

<09/05/13 09:49:42> Pre Req SqlNativeClient is already installed. Skipping it.

 

<09/05/13 09:49:42> ======== Completed Installation of Pre Reqs for Role SMSEP ========

 

<09/05/13 09:49:42> Installing the SMSEP

 

<09/05/13 09:49:42> Passed OS version check.

 

<09/05/13 09:49:43> File D:\Program Files\Microsoft Configuration Manager\Client\SCEPInstall.exe version is 4.1.522.0.

 

<09/05/13 09:49:43> Unable to query registry key (SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client), return (0x00000002) means EP client is NOT installed.

 

<09/05/13 09:49:43> Invoking process "D:\Program Files\Microsoft Configuration Manager\Client\SCEPInstall.exe" /s /q /noreplace /policy "D:\Program Files\Microsoft Configuration Manager\Client\EP_DefaultPolicy.xml"

 

<09/05/13 09:49:43> CreateProcess: D:\Program Files\Microsoft Configuration Manager, "D:\Program Files\Microsoft Configuration Manager\Client\SCEPInstall.exe" /s /q /noreplace /policy "D:\Program Files\Microsoft Configuration Manager\Client\EP_DefaultPolicy.xml"

 

<09/05/13 09:49:56> CreateProcess: 0

 

<09/05/13 09:49:56> Installation was successful.

 

<09/05/13 09:49:56> ~RoleSetup().

Share this post


Link to post
Share on other sites

Logs were long and having trouble posting, so I am doing them in groups.

 

EPMGR.Log

Alerts will be checked in 29 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 27 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate outbreak alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 1 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate multiple infection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate reinfection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 31 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
generate detection alerts SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)
Alerts will be checked in 60 seconds... SMS_ENDPOINT_PROTECTION_MANAGER 1/1/1601 12:00:00 AM 4556 (0x11CC)

Share this post


Link to post
Share on other sites

EndpointProtectionAgent.log

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="09:43:34.969+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="5612" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 3 after 60 second.]LOG]!><time="09:43:35.102+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="09:44:35.105+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="09:44:35.845+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="5612" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 4 after 60 second.]LOG]!><time="09:44:35.847+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="09:45:35.850+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="09:45:36.537+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="5612" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 5 after 60 second.]LOG]!><time="09:45:36.539+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="09:46:36.542+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="09:46:37.159+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="5612" file="epagentimpl.cpp:647">

 

<![LOG[save new policy state 2 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="09:46:37.212+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:267">

 

<![LOG[state 2 and ErrorCode -2147467259 and ErrorMsg Failed to open the local machine Group Policy and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="09:46:37.212+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentimpl.cpp:339">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="09:46:37.239+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:1239">

 

<![LOG[Firewall provider is installed.]LOG]!><time="09:46:37.241+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="09:46:37.242+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="5612" file="epagentutil.cpp:800">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="13:57:00.182+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="13:57:00.341+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="13:57:00.345+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="13:57:00.395+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:251">

 

<![LOG[Check and enforce EP Deployment state.]LOG]!><time="13:57:00.445+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="fepsettingendpoint.cpp:101">

 

<![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="13:57:00.445+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:940">

 

<![LOG[sending message to external event agent to test and enable notification]LOG]!><time="13:57:00.445+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:946">

 

<![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="13:57:00.446+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:1146">

 

<![LOG[Failed to get successfully applied EP Policy Name under registry key SOFTWARE\Microsoft\Microsoft Security Client\LastSuccessfullyAppliedPolicy. EP client might be installed manually.]LOG]!><time="13:57:00.647+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentutil.cpp:538">

 

<![LOG[Apply AM policy when the applied AM policy is the expected one.]LOG]!><time="13:57:00.701+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:952">

 

<![LOG[Apply AM Policy.]LOG]!><time="13:57:00.752+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:1192">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:57:01.169+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="13:57:02.117+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 1 after 60 second.]LOG]!><time="13:57:02.182+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:58:02.260+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="13:58:02.889+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 2 after 60 second.]LOG]!><time="13:58:02.891+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:59:02.894+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="13:59:03.519+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 3 after 60 second.]LOG]!><time="13:59:03.521+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:00:03.524+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:00:04.240+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 4 after 60 second.]LOG]!><time="14:00:04.291+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:01:04.294+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:01:04.992+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 5 after 60 second.]LOG]!><time="14:01:04.994+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:02:04.997+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:02:05.623+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="7020" file="epagentimpl.cpp:647">

 

<![LOG[save new policy state 2 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="14:02:05.625+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:267">

 

<![LOG[state 2 and ErrorCode -2147467259 and ErrorMsg Failed to open the local machine Group Policy and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="14:02:05.627+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:339">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="14:02:05.914+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:1239">

 

<![LOG[Firewall provider is installed.]LOG]!><time="14:02:06.083+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="14:02:06.133+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:800">

 

<![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="14:02:06.183+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentimpl.cpp:1309">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="14:02:06.208+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="7020" file="epagentutil.cpp:1239">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="14:53:35.169+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="14:53:35.383+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="14:53:35.386+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="14:53:35.436+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:251">

 

<![LOG[Re-apply EP AM policy.]LOG]!><time="14:53:35.486+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="fepsettingendpoint.cpp:107">

 

<![LOG[Apply AM Policy.]LOG]!><time="14:53:35.486+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:1192">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:53:35.877+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:53:36.708+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 1 after 60 second.]LOG]!><time="14:53:36.727+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:54:36.731+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:54:37.500+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 2 after 60 second.]LOG]!><time="14:54:37.501+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:55:37.505+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:55:38.169+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 3 after 60 second.]LOG]!><time="14:55:38.171+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:56:38.185+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:56:38.809+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 4 after 60 second.]LOG]!><time="14:56:38.811+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:57:38.814+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:57:39.566+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647">

 

<![LOG[Failed to apply policy with error 0x80004005, retry number : 5 after 60 second.]LOG]!><time="14:57:39.567+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:690">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="14:58:39.564+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:607">

 

<![LOG[Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).]LOG]!><time="14:58:40.324+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="3" thread="2484" file="epagentimpl.cpp:647">

 

<![LOG[save new policy state 2 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="14:58:40.326+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:267">

 

<![LOG[state 2 and ErrorCode -2147467259 and ErrorMsg Failed to open the local machine Group Policy and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="14:58:40.380+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentimpl.cpp:339">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="14:58:40.659+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:1239">

 

<![LOG[Firewall provider is installed.]LOG]!><time="14:58:40.829+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="14:58:40.879+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="2484" file="epagentutil.cpp:800">

 

<![LOG[service startup notification received]LOG]!><time="16:36:57.464+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="3972" file="fepsettingendpoint.cpp:291">

 

<![LOG[Endpoint is triggered by CCMTask Execute.]LOG]!><time="16:36:57.467+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="fepsettingendpoint.cpp:265">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="16:36:57.601+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="16:36:57.603+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="16:36:57.603+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentutil.cpp:251">

 

<![LOG[EP State and Error Code didn't get changed, skip resend state message.]LOG]!><time="16:36:57.603+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentimpl.cpp:153">

 

<![LOG[state 3, error code 0 and detail message are not changed, skip updating registry value]LOG]!><time="16:36:57.604+360" date="02-10-2014" component="EndpointProtectionAgent" context="" type="1" thread="9812" file="epagentimpl.cpp:205">

 

<![LOG[service startup notification received]LOG]!><time="09:24:19.743+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2152" file="fepsettingendpoint.cpp:291">

 

<![LOG[Endpoint is triggered by CCMTask Execute.]LOG]!><time="09:24:19.901+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="fepsettingendpoint.cpp:265">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:251">

 

<![LOG[EP State and Error Code didn't get changed, skip resend state message.]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:153">

 

<![LOG[state 3, error code 0 and detail message are not changed, skip updating registry value]LOG]!><time="09:24:19.908+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:205">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="09:24:25.019+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="09:24:25.036+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="09:24:25.107+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="09:24:25.157+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:251">

 

<![LOG[Check and enforce EP Deployment state.]LOG]!><time="09:24:25.160+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="fepsettingendpoint.cpp:101">

 

<![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="09:24:25.237+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:940">

 

<![LOG[sending message to external event agent to test and enable notification]LOG]!><time="09:24:25.337+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:946">

 

<![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="09:24:25.341+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:1146">

 

<![LOG[Failed to get successfully applied EP Policy Name under registry key SOFTWARE\Microsoft\Microsoft Security Client\LastSuccessfullyAppliedPolicy. EP client might be installed manually.]LOG]!><time="09:24:25.672+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="3" thread="2872" file="epagentutil.cpp:538">

 

<![LOG[Apply AM policy when the applied AM policy is the expected one.]LOG]!><time="09:24:25.674+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:952">

 

<![LOG[Apply AM Policy.]LOG]!><time="09:24:25.674+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:1192">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="09:24:26.114+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:607">

 

<![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="09:24:29.343+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:659">

 

<![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="09:24:29.410+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:267">

 

<![LOG[start to send State Message with topic type = 2002, state id = 1, error code = 0x00000000, and message = <Instance><AppliedAmPolicies><Policy ID="{1c419bf1-9105-41b1-b2a8-66d40d476292}"/><Policy ID="{03C7F7FE-B800-4F88-84AC-F6187B3B98BC}/200"/></AppliedAmPolicies></Instance>

 

]LOG]!><time="09:24:29.411+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:349">

 

<![LOG[start to send state message.]LOG]!><time="09:24:29.411+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:1246">

 

<![LOG[send state message successfully]LOG]!><time="09:24:29.556+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:1248">

 

<![LOG[Firewall provider is installed.]LOG]!><time="09:24:29.612+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="09:24:29.612+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:800">

 

<![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="09:24:29.613+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentimpl.cpp:1309">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="09:24:29.627+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="2872" file="epagentutil.cpp:1239">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="16:00:00.102+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="fepsettingendpoint.cpp:58">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="16:00:00.101+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="16:00:00.280+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="16:00:00.281+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="16:00:00.281+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:251">

 

<![LOG[Check and enforce EP Deployment state.]LOG]!><time="16:00:00.282+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="fepsettingendpoint.cpp:101">

 

<![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="16:00:00.283+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentimpl.cpp:940">

 

<![LOG[sending message to external event agent to test and enable notification]LOG]!><time="16:00:00.283+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:946">

 

<![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="16:00:00.284+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:1146">

 

<![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="16:00:00.386+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:540">

 

<![LOG[Firewall provider is installed.]LOG]!><time="16:00:00.497+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="16:00:00.498+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:800">

 

<![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="16:00:00.498+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentimpl.cpp:1309">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="16:00:00.647+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="9680" file="epagentutil.cpp:1239">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="16:00:00.655+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="16:00:00.706+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="16:00:00.706+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:251">

 

<![LOG[Re-apply EP AM policy.]LOG]!><time="16:00:00.707+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="fepsettingendpoint.cpp:107">

 

<![LOG[Apply AM Policy.]LOG]!><time="16:00:00.707+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentimpl.cpp:1192">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="16:00:01.092+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:607">

 

<![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="16:00:03.480+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentimpl.cpp:659">

 

<![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="16:00:03.568+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentimpl.cpp:267">

 

<![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="16:00:03.620+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentimpl.cpp:339">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="16:00:03.644+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:1239">

 

<![LOG[Firewall provider is installed.]LOG]!><time="16:00:03.648+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="16:00:03.648+360" date="02-11-2014" component="EndpointProtectionAgent" context="" type="1" thread="10188" file="epagentutil.cpp:800">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="11:28:04.040+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="11:28:04.202+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="11:28:04.203+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="11:28:04.203+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:251">

 

<![LOG[Check and enforce EP Deployment state.]LOG]!><time="11:28:04.204+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="fepsettingendpoint.cpp:101">

 

<![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="11:28:04.204+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentimpl.cpp:940">

 

<![LOG[sending message to external event agent to test and enable notification]LOG]!><time="11:28:04.205+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:946">

 

<![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="11:28:04.205+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:1146">

 

<![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="11:28:04.484+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:540">

 

<![LOG[Firewall provider is installed.]LOG]!><time="11:28:04.495+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="11:28:04.545+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:800">

 

<![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="11:28:04.596+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentimpl.cpp:1309">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="11:28:04.755+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="472" file="epagentutil.cpp:1239">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="12:57:00.002+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="12:57:00.184+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="12:57:00.234+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="12:57:00.234+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:251">

 

<![LOG[Check and enforce EP Deployment state.]LOG]!><time="12:57:00.234+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="fepsettingendpoint.cpp:101">

 

<![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="12:57:00.235+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentimpl.cpp:940">

 

<![LOG[sending message to external event agent to test and enable notification]LOG]!><time="12:57:00.235+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:946">

 

<![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="12:57:00.235+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:1146">

 

<![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="12:57:00.337+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:540">

 

<![LOG[Firewall provider is installed.]LOG]!><time="12:57:00.348+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="12:57:00.398+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:800">

 

<![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="12:57:00.448+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentimpl.cpp:1309">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="12:57:00.538+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="9128" file="epagentutil.cpp:1239">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="13:28:00.005+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:251">

 

<![LOG[Re-apply EP AM policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:107">

 

<![LOG[Apply AM Policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:1192">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:28:00.542+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:607">

 

<![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="13:28:02.786+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:659">

 

<![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="13:28:02.870+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:267">

 

<![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="13:28:02.871+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:339">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="13:28:03.014+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:1239">

 

<![LOG[Firewall provider is installed.]LOG]!><time="13:28:03.022+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="13:28:03.074+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:800">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="09:52:27.050+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="09:52:27.184+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="09:52:27.184+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="09:52:27.185+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:251">

 

<![LOG[Check and enforce EP Deployment state.]LOG]!><time="09:52:27.185+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="fepsettingendpoint.cpp:101">

 

<![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="09:52:27.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentimpl.cpp:940">

 

<![LOG[sending message to external event agent to test and enable notification]LOG]!><time="09:52:27.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:946">

 

<![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="09:52:27.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:1146">

 

<![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="09:52:27.339+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:540">

 

<![LOG[Firewall provider is installed.]LOG]!><time="09:52:27.452+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="09:52:27.453+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:800">

 

<![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="09:52:27.453+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentimpl.cpp:1309">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="09:52:27.580+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="1184" file="epagentutil.cpp:1239">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="12:37:00.069+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="12:37:00.184+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="12:37:00.185+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="12:37:00.185+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:251">

 

<![LOG[Re-apply EP AM policy.]LOG]!><time="12:37:00.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="fepsettingendpoint.cpp:107">

 

<![LOG[Apply AM Policy.]LOG]!><time="12:37:00.186+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentimpl.cpp:1192">

 

<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:37:00.627+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:607">

 

<![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="12:37:02.762+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentimpl.cpp:659">

 

<![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="12:37:02.829+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentimpl.cpp:267">

 

<![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="12:37:02.904+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentimpl.cpp:339">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="12:37:03.055+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:1239">

 

<![LOG[Firewall provider is installed.]LOG]!><time="12:37:03.071+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="12:37:03.072+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="11056" file="epagentutil.cpp:800">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="14:05:00.064+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="14:05:00.187+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="14:05:00.187+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="14:05:00.188+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:251">

 

<![LOG[Check and enforce EP Deployment state.]LOG]!><time="14:05:00.188+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="fepsettingendpoint.cpp:101">

 

<![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="14:05:00.188+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentimpl.cpp:940">

 

<![LOG[sending message to external event agent to test and enable notification]LOG]!><time="14:05:00.188+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:946">

 

<![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="14:05:00.189+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:1146">

 

<![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="14:05:00.392+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:540">

 

<![LOG[Firewall provider is installed.]LOG]!><time="14:05:00.506+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="14:05:00.506+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:800">

 

<![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="14:05:00.507+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentimpl.cpp:1309">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="14:05:00.638+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="8924" file="epagentutil.cpp:1239">

 

<![LOG[Endpoint is triggered by message.]LOG]!><time="16:50:55.122+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="fepsettingendpoint.cpp:58">

 

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="16:50:55.303+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:519">

 

<![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="16:50:55.303+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:232">

 

<![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="16:50:55.303+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:251">

 

<![LOG[Check and enforce EP Deployment state.]LOG]!><time="16:50:55.304+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="fepsettingendpoint.cpp:101">

 

<![LOG[EP Client is already installed, will NOT trigger reinstallation.]LOG]!><time="16:50:55.304+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentimpl.cpp:940">

 

<![LOG[sending message to external event agent to test and enable notification]LOG]!><time="16:50:55.305+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:946">

 

<![LOG[sending message to endpoint ExternalEventAgent]LOG]!><time="16:50:55.305+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:1146">

 

<![LOG[EP Policy Antimalware Policy is already applied.]LOG]!><time="16:50:55.507+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:540">

 

<![LOG[Firewall provider is installed.]LOG]!><time="16:50:55.618+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:779">

 

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="16:50:55.668+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:800">

 

<![LOG[start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="16:50:55.718+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentimpl.cpp:1309">

 

<![LOG[skip sending state message due to same state message already exists.]LOG]!><time="16:50:55.863+360" date="02-13-2014" component="EndpointProtectionAgent" context="" type="1" thread="9800" file="epagentutil.cpp:1239">

Share this post


Link to post
Share on other sites

Yes I had. Last thing I did was

  1. Browse to the Windows\System32\GroupPolicy\Machine folder and delete the file: Registry.pol
  2. Reboot

It took several days but now his computer account is showing up correctly in SCCM. I'm trying it with another computer to see if it will work again.

Share this post


Link to post
Share on other sites

I still would like to know if there is a way to force a state message to be sent. I have several clients showing that they are not sending state messages. Client looks ok on machine, but on server it is showing at risk and has old information like failed install or failed to download policy.

Share this post


Link to post
Share on other sites

Run this batch (By dragging it into cmd) where %1 is your PC name you want to apply the fix on. You need to stop/start the ccmexec service for it to report back. Not sure how quickly it does this but I used this below

 

ping %1 -n 1
if "%errorlevel%"=="1" goto end
del \\%1\C$\Windows\system32\grouppolicy\machine\Registry.pol
sc \\%1 stop ccmexec
ping 192.0.2.2 -n 1 -w 10000 > nul
sc \\%1 start ccmexec
sc \\%1 query ccmexec
:end

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...