thomaschalmers
asked on
Endpoint protection not reporting to SCCM console
My endpoint protection clients not reporting right definition version or malware found back to SCCM 2012. Definition updates are working just fine and get pushed out every day. CM client also works fine and APP deployment works fine.
Some of the newly installed clients are showing as unmanaged when deployed using SCCM OS deployment but have all policies applied for endpoint and client installed.
Some of the newly installed clients are showing as unmanaged when deployed using SCCM OS deployment but have all policies applied for endpoint and client installed.
ASKER
Tried all of this already but unfortunately no progress. PC's still showing "Unmanaged" even after removing and re-discovering. And logs on client machine are normal, showing no errors. Current definition and status of client still not showing in SCCM console.
not sure if you also try having to create a new collection and get those problematic into this new collection and do discovery - hopefully it can be recognized as managed again. Otherwise, reinstall agent is another means but I believe you already done it but to no avail
ASKER
To be honest couple of unmanaged clients is not that much of a problem. The bigger issue for me is that all other clients are reporting wrong definition update (old) and not reporting viruses found instantly.
This issue only started since upgrade to SP 1, all components are healthy but the issue is there.
This issue only started since upgrade to SP 1, all components are healthy but the issue is there.
Really quite non-trivial...
one thing is also to ensure following is set to False
- Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial definition update on client computers.
- select Updates distributed from Configuration Manager as OK only for uses of SCCM software updates to deliver definition and engine updates to computers in your hierarchy.
Remember, a Custom Device Setting policy must be deployed to a collection before it can take affect.
By default, managed computers check for changes to their deployed policies and software every 60 minutes. When testing different types of deployments the need may arise to force a client to check immediately.
<Forcing a client policy check update with SCCM>
On the manged computer do the following:
Windows 7: Click Start > Control Panel > System and Security > Configuration Manager.
Click the Actions tab.
Highlight Machine Policy Retrieval & Evaluation Cycle and click Run Now.
<Forcing a membership update on a collection in SCCM>
You may need to force a collection to reevaluate its membership immediately rather than wait for it to do so at its scheduled time. To do so, do the following:
Launch the SCCM 2012 management console and browse to the collection you want to update.
Right-click the collection and click Update Membership.
It may take a few minutes for the collection update it's membership. When membership is being evaluated the icon for the collection will have an hour glass next to it when.
Important: The items in the collection list do not automatically refresh. To refresh the status of a collection, click it and press F5. When the collection has finished updating its membership the hourglass icon will be disappear.
one thing is also to ensure following is set to False
- Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial definition update on client computers.
- select Updates distributed from Configuration Manager as OK only for uses of SCCM software updates to deliver definition and engine updates to computers in your hierarchy.
Remember, a Custom Device Setting policy must be deployed to a collection before it can take affect.
By default, managed computers check for changes to their deployed policies and software every 60 minutes. When testing different types of deployments the need may arise to force a client to check immediately.
<Forcing a client policy check update with SCCM>
On the manged computer do the following:
Windows 7: Click Start > Control Panel > System and Security > Configuration Manager.
Click the Actions tab.
Highlight Machine Policy Retrieval & Evaluation Cycle and click Run Now.
<Forcing a membership update on a collection in SCCM>
You may need to force a collection to reevaluate its membership immediately rather than wait for it to do so at its scheduled time. To do so, do the following:
Launch the SCCM 2012 management console and browse to the collection you want to update.
Right-click the collection and click Update Membership.
It may take a few minutes for the collection update it's membership. When membership is being evaluated the icon for the collection will have an hour glass next to it when.
Important: The items in the collection list do not automatically refresh. To refresh the status of a collection, click it and press F5. When the collection has finished updating its membership the hourglass icon will be disappear.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Likewise the following sharing is useful to check out https://social.technet.microsoft.com/Forums/en-US/dc4b3992-de63-4ba4-8e8a-0c360c1c8ab3/scep-2012-client-deployment-state-unmanaged?forum=configmanagersecurity
The Log locations are as below.
•%allusersprofile%\Microso
•%allusersprofile%\Microso
•%windir%\WindowsUpdate.lo
•%windir%\CCM\Logs\Endpoin
•%windir%\temp\MpCmdRun.lo
•%windir%\temp\MpSigStub.l