Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SCCM 2012 SP1 Endpoint Protection definition update issue

Posted on 2013-11-20
7
Medium Priority
?
6,479 Views
Last Modified: 2013-11-28
I recently setup SCCM 2012 SP1 and was successfully deploying updates, packages, and definition updates to my clients until I decided to tidy up my ADRs so that I only had one relating to Endpoint Protection definition updates rather than 10. After doing this the clients now find 0 definition updates when checking with the site server/DP even though the latest definition has been successfully deployed and is available from the DP and assigned to the correct device collection. When I perform a manual update on a client it goes straight to the internet and downloads the latest definitions from Microsoft even though I have specifically set the config manager as the only source in the client's settings. There are no errors in any of the log files that I have looked at and all other updates are deploying successfully.

I have been pulling my hair out with this for over a week now so any help would be appreciated.
0
Comment
Question by:zeetec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 

Author Comment

by:zeetec
ID: 39665243
Yes it does sound similar as my clients are now all at 4.3.215.0. I will keep an eye on your thread also. Thanks.

I am not sure if it is relevant but I did notice that the client's endpoint protection agent logs state

Endpoint is triggered by WMI notification.
File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.
EP version 4.3.215.0 is already installed.
EP 4.3.215.0 is installed, version is higher than expected installer version 4.1.522.0.

Why is it trying to re-install the client at all and why is the version of the installer wrong?
0
 
LVL 31

Expert Comment

by:merowinger
ID: 39665289
I think thats ok. Its always checking the Client Version with the file located in C:\windows\ccmsetup.  Seems that you did not Exchange the SCEPinstall.exe on your Client Installation Share on the Server, which is synced with the local file location. This is automatically be done with the Cumulative Update 3 for SCCM:
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 31

Expert Comment

by:merowinger
ID: 39665434
Could you please check out the following Directory on the Server:
<SCCM Install Dir>\inboxes\auth\dataldr.box\BADMIFS

In my case there were a lot of BadMifs which exceeded the size limit, after i removed them, one of my Clients just started downloading some definitions....don't know if this depends from each other...but maybe you got similar Problems.
0
 

Author Comment

by:zeetec
ID: 39665441
Thanks but I don't have that problem.
0
 

Accepted Solution

by:
zeetec earned 0 total points
ID: 39672290
I figured out my own problem here and it turned out to be due to the fact that a maintenance window being applied to another collection other than the one the definition updates were being deployed to was preventing the installation of the updates. All I needed to do to fix the problem was change the option on the User Experience tab of the automatic deployment rule relating to allowing software installation outside of maintenance windows. It seems that machines can only receive one maintenance window and they can't be set for each individual collection that a deployment is targeted at as I expected.
0
 

Author Closing Comment

by:zeetec
ID: 39683160
I figured out the solution without assistance or direction from anyone else.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
Multi-threading long-running processes can have a significant increase in overall performance and drastically decrease over time it takes for a process to complete. Unfortunately, not all applications support native multi-threading, some by design a…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question