Solved

SCCM 2012 SP1 Endpoint Protection definition update issue

Posted on 2013-11-20
7
5,415 Views
Last Modified: 2013-11-28
I recently setup SCCM 2012 SP1 and was successfully deploying updates, packages, and definition updates to my clients until I decided to tidy up my ADRs so that I only had one relating to Endpoint Protection definition updates rather than 10. After doing this the clients now find 0 definition updates when checking with the site server/DP even though the latest definition has been successfully deployed and is available from the DP and assigned to the correct device collection. When I perform a manual update on a client it goes straight to the internet and downloads the latest definitions from Microsoft even though I have specifically set the config manager as the only source in the client's settings. There are no errors in any of the log files that I have looked at and all other updates are deploying successfully.

I have been pulling my hair out with this for over a week now so any help would be appreciated.
0
Comment
Question by:zeetec
  • 4
  • 3
7 Comments
 
LVL 31

Expert Comment

by:merowinger
Comment Utility
0
 

Author Comment

by:zeetec
Comment Utility
Yes it does sound similar as my clients are now all at 4.3.215.0. I will keep an eye on your thread also. Thanks.

I am not sure if it is relevant but I did notice that the client's endpoint protection agent logs state

Endpoint is triggered by WMI notification.
File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.
EP version 4.3.215.0 is already installed.
EP 4.3.215.0 is installed, version is higher than expected installer version 4.1.522.0.

Why is it trying to re-install the client at all and why is the version of the installer wrong?
0
 
LVL 31

Expert Comment

by:merowinger
Comment Utility
I think thats ok. Its always checking the Client Version with the file located in C:\windows\ccmsetup.  Seems that you did not Exchange the SCEPinstall.exe on your Client Installation Share on the Server, which is synced with the local file location. This is automatically be done with the Cumulative Update 3 for SCCM:
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 31

Expert Comment

by:merowinger
Comment Utility
Could you please check out the following Directory on the Server:
<SCCM Install Dir>\inboxes\auth\dataldr.box\BADMIFS

In my case there were a lot of BadMifs which exceeded the size limit, after i removed them, one of my Clients just started downloading some definitions....don't know if this depends from each other...but maybe you got similar Problems.
0
 

Author Comment

by:zeetec
Comment Utility
Thanks but I don't have that problem.
0
 

Accepted Solution

by:
zeetec earned 0 total points
Comment Utility
I figured out my own problem here and it turned out to be due to the fact that a maintenance window being applied to another collection other than the one the definition updates were being deployed to was preventing the installation of the updates. All I needed to do to fix the problem was change the option on the User Experience tab of the automatic deployment rule relating to allowing software installation outside of maintenance windows. It seems that machines can only receive one maintenance window and they can't be set for each individual collection that a deployment is targeted at as I expected.
0
 

Author Closing Comment

by:zeetec
Comment Utility
I figured out the solution without assistance or direction from anyone else.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

How can you create a game plan that lets you focus on special projects instead of running from cubicle to cubicle every day and feeling like you’ve accomplished nothing? Try these strategies for prioritizing your tasks, offloading what you can, and …
Email signature management is something that is often overlooked in many organizations or is simply not implemented effectively. Let's take a look at what methods are available for managing this important piece of corporate branding.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now