Integrating FEP 2010 with SCCM 2007 R3
-
Montag, 20. Juni 2011 16:55
Hi,
I'm trying to integrate Forefront Endpoint Protection 2010 with Configuration Manager.
I have the two products installed and configured and all seems to be working fine.
I want that the signature updates are downloaded and installed automatically so i followed the next link: (automatically deploy FEP updates via SCCM)
The problem comes when i try to execute the script, the script doesn't download the definitions and i get the following error in the log:
==================== 20/06/2011 16:30:00 Download Session started ====================
> Download of http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6903.0&avdelta=1.105.2019.0&asdelta=1.105.2019.0 started at: 20/06/2011 16:30:00
20/06/2011 16:30:00 Error # -2147012889 The server name or address could not be resolved
Source: WinHttp.WinHttpRequest
> Download of http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.6903.0&avdelta=1.105.2019.0&asdelta=1.105.2019.0 started at: 20/06/2011 16:30:00
20/06/2011 16:30:00 Error # -2147012889 The server name or address could not be resolved
Source: WinHttp.WinHttpRequest
===================== 20/06/2011 16:30:00 Download Session ended =====================I have been reading that it seems that there are some tricks with URLs depending if the update is a full update or a delta update.
The URLs defined on the script are:
strMSEx86URLDelta = "http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=" & Engine & "&avdelta=" & AVDelta & "&asdelta=" & ASDelta
strMSEx64URLDelta = "http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=" & Engine & "&avdelta=" & AVDelta & "&asdelta=" & ASDeltaCan anyone try to clarify all this?
Is this the only way to automate the download and distribution of the latest definition throught SCCM?
Kind Regards and thanks in advance!
Monguitronik
Alle Antworten
-
Montag, 20. Juni 2011 19:47
Is this the only way to automate the download and distribution of the latest definition throught SCCM?
Hi,
You can use the WSUS based method http://technet.microsoft.com/en-us/library/gg412502.aspx
Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/ | Time zone : GMT+1 -
Dienstag, 21. Juni 2011 06:24
Thanks Bechir,
Only a question, with this method, the distribution is automatically deployed to FEP Clients? Or I have to create a update package in SCCM and assign it to a collection? The deployment is made through SCCM?
Talking about the error in the script, i think that the problem is coming on the scheduled task, because the URL that fails is working fine if i put it in a Internet explorer Window, but when it's executed in a script it fails... any idea?
Thanks in advance,
Monguitronik -
Dienstag, 21. Juni 2011 12:47
Hi,
Through the WSUS method the updates deistribution is automatically. Personnaly I never tried the scheduled task method.
Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/ | Time zone : GMT+1 -
Samstag, 31. März 2012 18:54
nice pic bechir
hello exarchbcn
silly question : do you deploy FEP rollup1, that is required to use the tool to do the automatic FEP definition updates from SCCM
i wont recommend you anything what to use either WSUS or SCCM for FEP definition updates i mostly prefer and use WSUS Server to push the automatic definition updates on all the systems that has either FEP or Forefront client Security.
WSUS is the easiest method from my perspective to push the definition updates automatically to clients.
Syed Kasif
-
Montag, 2. April 2012 07:14
hello
you can create a auto approval rule, wsus console in SCCM server. this does not change your current software update configurations. i'm currently using this with 500 computers and its works without any concern.
Configuring Update Synchronization
You must configure Software Updates in Configuration Manager to synchronize the appropriate updates for the FEP client.
To synchronize FEP definition updates in Configuration Manager
- In the Configuration Manager Console, in the tree, expand Site Management, expand the site name, expand Site Settings, and then click Component Configuration.
- In the details pane, right-click Software Update Point Component, and then click Properties.
- On the Classifications tab, ensure that the Definition Updates check box and the Updates check box are selected.
- On the Products tab, ensure that the product Forefront Endpoint Protection 2010 check box is selected, and then click OK.
You should also set an Automatic Approval rule for definition updates and FEP updates, which configures WSUS to automatically approve for install any definition updates or FEP updates downloaded by WSUS.
To configure an automatic approval rule
- In the WSUS Administration console, click Options, and then click Automatic Approvals.
- On the Update Rules tab, click New Rule.
- On the Add Rule dialog box, under Step 1: Select properties, select the When an update is in a specific classification check box.
- Under Step 2: Edit the properties, click any classification.
- Clear all check boxes except Definition Updates, and then click OK.
- On the Add Rule dialog box, under Step 1: Select properties, select the When an update is in a specific product check box.
- Under Step 2: Edit the properties, click any product.
- Clear all check boxes except Forefront Endpoint Protection, and then click OK.
- In the Step 3: Specify a name box, enter a name for the Forefront Endpoint Protection Definition Updates rule, and then click OK.
- In the Automatic Approvals dialog box, make sure that the newly create rule Forefront Endpoint Protection 2010 Definition Updates check box is selected and then click Run rule.
http://technet.microsoft.com/en-us/library/gg398036.aspx
Asitha
- Bearbeitet Asitha De Silva Montag, 2. April 2012 07:15 update infomation
- Als Antwort vorgeschlagen Asitha De Silva Montag, 2. April 2012 07:15
.png)
.png)
