Solved

SCCM 2012 SP1 Endpoint Protection definition update issue

Posted on 2013-11-20
7
5,922 Views
Last Modified: 2013-11-28
I recently setup SCCM 2012 SP1 and was successfully deploying updates, packages, and definition updates to my clients until I decided to tidy up my ADRs so that I only had one relating to Endpoint Protection definition updates rather than 10. After doing this the clients now find 0 definition updates when checking with the site server/DP even though the latest definition has been successfully deployed and is available from the DP and assigned to the correct device collection. When I perform a manual update on a client it goes straight to the internet and downloads the latest definitions from Microsoft even though I have specifically set the config manager as the only source in the client's settings. There are no errors in any of the log files that I have looked at and all other updates are deploying successfully.

I have been pulling my hair out with this for over a week now so any help would be appreciated.
0
Comment
Question by:zeetec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 31

Expert Comment

by:merowinger
ID: 39665145
0
 

Author Comment

by:zeetec
ID: 39665243
Yes it does sound similar as my clients are now all at 4.3.215.0. I will keep an eye on your thread also. Thanks.

I am not sure if it is relevant but I did notice that the client's endpoint protection agent logs state

Endpoint is triggered by WMI notification.
File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.
EP version 4.3.215.0 is already installed.
EP 4.3.215.0 is installed, version is higher than expected installer version 4.1.522.0.

Why is it trying to re-install the client at all and why is the version of the installer wrong?
0
 
LVL 31

Expert Comment

by:merowinger
ID: 39665289
I think thats ok. Its always checking the Client Version with the file located in C:\windows\ccmsetup.  Seems that you did not Exchange the SCEPinstall.exe on your Client Installation Share on the Server, which is synced with the local file location. This is automatically be done with the Cumulative Update 3 for SCCM:
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 31

Expert Comment

by:merowinger
ID: 39665434
Could you please check out the following Directory on the Server:
<SCCM Install Dir>\inboxes\auth\dataldr.box\BADMIFS

In my case there were a lot of BadMifs which exceeded the size limit, after i removed them, one of my Clients just started downloading some definitions....don't know if this depends from each other...but maybe you got similar Problems.
0
 

Author Comment

by:zeetec
ID: 39665441
Thanks but I don't have that problem.
0
 

Accepted Solution

by:
zeetec earned 0 total points
ID: 39672290
I figured out my own problem here and it turned out to be due to the fact that a maintenance window being applied to another collection other than the one the definition updates were being deployed to was preventing the installation of the updates. All I needed to do to fix the problem was change the option on the User Experience tab of the automatic deployment rule relating to allowing software installation outside of maintenance windows. It seems that machines can only receive one maintenance window and they can't be set for each individual collection that a deployment is targeted at as I expected.
0
 

Author Closing Comment

by:zeetec
ID: 39683160
I figured out the solution without assistance or direction from anyone else.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Not many admins are aware that GPOs can be activated and deactivated time-based. Time to change that :)
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question