Endpoint protection not reporting to SCCM console

My endpoint protection clients not reporting right definition version or malware found back to SCCM 2012. Definition updates are working just fine and get pushed out every day. CM client also works fine and APP deployment works fine.

Some of the newly installed clients are showing as unmanaged when deployed using SCCM OS deployment but have all policies applied for endpoint and client installed.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
may want to see if this help by reviewing the client log for any specific errors and ensure the clients are in the correct OU setting https://kickthatcomputer.wordpress.com/2013/12/11/endpoint-protection-not-managed-or-installed-on-configmgr-clients/
Likewise the following sharing is useful to check out
This problem only occurs after deploying a system image, the packaged is installed and the endpoint client does pick up the policy, defs and reports but still un-managed .  

I've managed to sort once client out by deleting the client from Sccm then by running the redicovery, however this hasn't worked for one machine in particular.  For this i will perform a manual install of the client.
At this point it is over a week that they have been like that.  We are pushing a Package not an Application.  scepinstall.exe /s /q /policy %CURRENT_PATH%\EPAMPolicy.xml.  That seems to work pretty well.  If you go to about on the client the policy is listed.  and yes there is an endpoint policy applied to the collection.

The Log locations are as below.
•%allusersprofile%\Microsoft\Microsoft Antimalware\Support—Log files specific for the antimalware service
•%allusersprofile%\Microsoft\Microsoft Security Client\Support—Log files specific for the SCEP client software
•%windir%\WindowsUpdate.log—Windows Update log files, which include information about definition updates
•%windir%\CCM\Logs\EndpointProtectionagent.log – Shows Endpoint version and policies applied
•%windir%\temp\MpCmdRun.log – Activity when performing scans and signature updates
•%windir%\temp\MpSigStub.log – Update progress for signature and Engine updates
thomaschalmersAuthor Commented:
Tried all of this already but unfortunately no progress. PC's still showing "Unmanaged" even after removing and re-discovering. And logs on client machine are normal, showing no errors. Current definition and status of client still not showing in SCCM console.
btanExec ConsultantCommented:
not sure if you also try having to create a new collection and get those problematic into this new collection and do discovery - hopefully it can be recognized as managed again. Otherwise, reinstall agent is another means but I believe you already done it but to no avail
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

thomaschalmersAuthor Commented:
To be honest couple of unmanaged clients is not that much of a problem. The bigger issue for me is that all other clients are reporting wrong definition update (old) and not reporting viruses found instantly.

This issue only started since upgrade to SP 1, all components are healthy but the issue is there.
btanExec ConsultantCommented:
Really quite non-trivial...

one thing is also to ensure following is set to False
- Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial definition update on client computers.
- select Updates distributed from Configuration Manager as OK only for uses of SCCM software updates to deliver definition and engine updates to computers in your hierarchy.

Remember, a Custom Device Setting policy must be deployed to a collection before it can take affect.

By default, managed computers check for changes to their deployed policies and software every 60 minutes. When testing different types of deployments the need may arise to force a client to check immediately.

<Forcing a client policy check update with SCCM>
On the manged computer do the following:
Windows 7: Click Start > Control Panel > System and Security > Configuration Manager.
Click the Actions tab.
Highlight Machine Policy Retrieval & Evaluation Cycle and click Run Now.

<Forcing a membership update on a collection in SCCM>
You may need to force a collection to reevaluate its membership immediately rather than wait for it to do so at its scheduled time. To do so, do the following:

Launch the SCCM 2012 management console and browse to the collection you want to update.
Right-click the collection and click Update Membership.
It may take a few minutes for the collection update it's membership. When membership is being evaluated the icon for the collection will have an hour glass next to it when.

Important: The items in the collection list do not automatically refresh. To refresh the status of a collection, click it and press F5. When the collection has finished updating its membership the hourglass icon will be disappear.
thomaschalmersAuthor Commented:
It looks like CU1 update for SCCM 2012 R2 SP1 fixed the issue. I will post again if that is not the case.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Applications

From novice to tech pro — start learning today.