Custom policy not applied to some clients...

Friday, February 25, 2011 2:08 PM

I use SCCM to deploy the FEP client.

Saturday, February 26, 2011 7:36 PM

Hi,

On the DP tab of the FEP deployment advertisement, you use "Run program from ..." or "Download content from ..." ? Also the UAC is it disabled on Windows 7/Vista if you have these OS.

Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/

Monday, February 28, 2011 10:58 AM

0

Hi Bechir.

Thanks for your answer!

On the FEP deployment advertisement I use Download content from.... But I have noticed on two servers that the UAC is enabled. I will try to disable it on both servers and restart the servers tonight.

I found out that I got another errror on some others workstations, the error is:

Creating SCCM MIF file (FepPolicy) in windows folder. Status is : Failed

Status description is : Microsoft Security Client failed to apply policy "FEP Policy - Workstations - Default WSUS-MU - v1". Error: Failed to open the local machine Group Policy. Error code: 0x80004005.

cscript.exe exited on ccs13 with error code -2147467259.

Do you know about that error?

Regards

Morten

Proposed As Answer by znakeormen Friday, January 13, 2012 9:25 AM

Monday, February 28, 2011 1:45 PM

0

Error: Failed to open the local machine Group Policy. Error code: 0x80004005.

Look at the event viewer, no errors about group policies like for example the event id 1096 or others ??? It seems there is an access denied to the local group policy !!!

Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/

Monday, February 28, 2011 8:30 PM

0

Hi Bechir.

I have restarted the two servers where I had disabled UAC. I still get this error when I try to apply the policy manually:

Failed parsing policy precedence from ISV data
Creating SCCM MIF file (FepPolicy) in windows folder. Status is : Failed
Status description is : FEP failed using Package ISV data to calculate precedence from CCM_ISV_SoftwarePolicy. It is required for applying policy. Error:
Error parsing the package ISV data: XML document must have a top level element.

Regards
Morten

Tuesday, April 12, 2011 2:50 PM

0

Hey Morten - did you ever find a fix for this?

Wednesday, April 13, 2011 2:27 PM

0

Hi.

No I still have the problem. I have tried almost everything :-(

Proposed As Answer by dennisD567 Friday, April 15, 2011 6:03 PM

Monday, April 25, 2011 10:29 PM

0

Same issue with one of my machines. Two things I have noticed about the machine though...

1/. The machine was upgraded from Server 2008 SP2 to Server 2008 R2 SP1 not long ago

2/. The machine will not accept the Windows Filtering Platform (WFP) hotfix, no matter how I try to install it (e.g. via FEP package, extracted hotfix 981889, or via requested hotfix URL). I have tried the R2 and non-R2 versions and they both say they are not applicable, however looking in Installed Updates there is no sign of 981889?

The initial FEP package deployment via SCCM failed, however a manual install worked but I think the initial failure is because it tries to apply a default policy first which fails.

No policies will apply using any method (SCCM deployment or command-line).

Monday, April 25, 2011 11:46 PM

0

Same issue with one of my machines. Two things I have noticed about the machine though...

1/. The machine was upgraded from Server 2008 SP2 to Server 2008 R2 SP1 not long ago

2/. The machine will not accept the Windows Filtering Platform (WFP) hotfix, no matter how I try to install it (e.g. via FEP package, extracted hotfix 981889, or via requested hotfix URL). I have tried the R2 and non-R2 versions and they both say they are not applicable, however looking in Installed Updates there is no sign of 981889?

The initial FEP package deployment via SCCM failed, however a manual install worked but I think the initial failure is because it tries to apply a default policy first which fails.

No policies will apply using any method (SCCM deployment or command-line).

fyi on #2 - the hotfix is included in 2008 R2 and win7 SP1... so indeed it is not applicable

an update on this isv parsing issue - i have a case in with msoft and its currently being looked at by the developers... they think an issue with the applypolicy.vbs on machines with some sort of combo of patches/hotfixes/msxml versions... who knows... its been bounced around several times now and finally escalated

Tuesday, April 26, 2011 12:09 AM

0

Ah SP1 - that makes sense (thanks!) :)

Wednesday, April 27, 2011 10:13 PM

0

Any update on this? Having this error on a few clients when running ApplyPolicy.vbs

Thursday, April 28, 2011 10:36 AM

0

I'm also seeing this on some of my clients, and more and more are getting this error. Still it's only 1 out of 15 or 20 that get it. Most of them are newly installed with the same Win7 SP1 x64 image as the ones that don't get the error.

Tuesday, May 03, 2011 5:39 PM

1

OK the latest in this saga, excerpt from Microsoft support case (fyi this did not work for me, but i only have this issue on one machine... maybe it will help one of you):

"After debugging the script and running thru each phase, a senior FEP2010 engineer says that the problem is with the ISV class in the ccm\Policy\machine namespace in WMI.

While there are no errors in creating the class, the problem is that the "class" is not created in the machine namespace!

The following script contains error trapping on the existence of the class, but it is not resulting in getting any errors:

Set policyISVinstances = objWMIService.ExecQuery("Select * from CCM_ISV_SoftwarePolicy where PKG_PackageID='P810000B'", "WQL", wbemFlagReturnWhenComplete)

If (Err <> 0) Then

CreateErrorMif("FEP cannot find policies assigned to the FEP client, so a policy cannot be applied. The Configuration Manager client WMI provider returned the following error message. Error message: " & Err.Description & " (0x" & hex(Err.Number) & ")")

WScript.quit(Err)

End If

The FEP developers state that the ISV class is created correctly in the ccm\policy namespace according to ConfigMgr PG guidelines. However, it is the " ConfigMg client agent" that creates the class in the machine namespace. And, on the two clients it would appear that this does not happen and the required class is not created, which indicates a problem with the ConfigMgr Clients.

Of the errors found, the one of consequence is: C00CE558 (-1072896680) This error is caused by some problem with the registration of VBScript or MSXML dlls on client machine.

The general fix would be:

1. Uninstall the ConfigMgr client

2. Register MSXML Dlls: To re-register MSXML, click Start, click Run, type the following command, and then click OK:

Regsvr32 "C:\WINDOWS\system32\msxml3.dll"

Note This command assumes that you want to reregister MSXML 3.0 and that the .dll file is located in the C:\WINDOWS\system32\ folder.

Requested the customer to push the Client Agent again to these systems to re-install it and then to rerun the FEP2010 advertisement.

3. Re-register the client's Scripting Libraries: Use the Fix-It from http://support.microsoft.com/kb/949140 (which you did in the past) or perform the registration manualy:

To manually register the scripting components on your computer, use one of the following sets of steps, as appropriate for your situation.

You are running a 32-bit version of the Windows operating system

1. Click Start, click Run, type cmd, and then click OK.

2. Type regsvr32 %systemroot%\system32\vbscript.dll, and then press ENTER.

3. Type regsvr32 %systemroot%\system32\jscript.dll, and then press ENTER.

4. Type regsvr32 %systemroot%\system32\dispex.dll, and then press ENTER.

5. Type regsvr32 %systemroot%\system32\scrobj.dll, and then press ENTER.

6. Type regsvr32 %systemroot%\system32\scrrun.dll, and then press ENTER.

7. Type regsvr32 %systemroot%\system32\wshext.dll, and then press ENTER.

8. Type regsvr32 %systemroot%\system32\wshom.ocx, and then press ENTER.

You are running a 64-bit version of the Windows operating system, and you receive the error message that is mentioned in the "Symptoms" section while you are using the 64-bit scripting components

1. Click Start, click Run, type cmd, and then click OK.

2. Type %systemroot%\system32\regsvr32 %systemroot%\system32\vbscript.dll, and then press ENTER.

3. Type %systemroot%\system32\regsvr32 %systemroot%\system32\jscript.dll, and then press ENTER.

4. Type %systemroot%\system32\regsvr32 %systemroot%\system32\dispex.dll, and then press ENTER.

5. Type %systemroot%\system32\regsvr32 %systemroot%\system32\scrobj.dll, and then press ENTER.

6. Type %systemroot%\system32\regsvr32 %systemroot%\system32\scrrun.dll, and then press ENTER.

7. Type %systemroot%\system32\regsvr32 %systemroot%\system32\wshext.dll, and then press ENTER.

8. Type %systemroot%\system32\regsvr32 %systemroot%\system32\wshom.ocx, and then press ENTER.

4. Re-install the CCMgr Client software

5. Push the Client Agent again to these clients

6. Re-run the FEP2010 advertisement."

Proposed As Answer by Kiwifulla Wednesday, May 04, 2011 12:54 AM

Wednesday, May 04, 2011 12:59 AM

0

Above worked for me thanks to Sumradagnoth - I did get errors on registering items 7. and 8. but the overall fix worked.

"The module "C:\Windows\systems32\wshext.dll" was loaded but the call to DLLRegisterServer failed with error code 0x80040201"

Thanks for the fix however, much appreciated!

FYI - my client with the issue was x64 2008 R2

Steve

Tuesday, May 10, 2011 8:31 PM

0

Folks, see below... this has not been published yet, but I believe it is the fix for the ISV error issue:

Symptom

Forefront Endpoint Protection Clients fail to apply policy and display the following errors in the C:\Windows\Temp\FEP-ApplyPolicy-<machinename>.log and C:\Windows\System32\CCM\Logs\execmgr.log files:

FEP-ApplyPolicy-<machinename>.log file errors:
ERROR Error parsing the package ISV data: XML document must have a top level element.
ERROR Failed parsing policy precedence from ISV data
Creating SCCM MIF file (FepPolicy) in windows folder. Status is : Failed
Status description is : FEP failed using Package ISV data to calculate precedence from CCM_ISV_SoftwarePolicy. It is required for applying policy. Error: Error parsing the package ISV data: XML document must have a top level element.

execmgr.log file errors:
Raised Program Started Event for Ad:<Advertisement ID>, Package:<Package ID>, Program: <FEP Policy Name>
rogram exit code 9
Failed parsing MIF file C:\Windows\FepPolicy.mif
Script for Package:<Package ID>, Program: <FEP Policy Name> failed with exit code 9

Also noted that CCM_ISV_SoftwarePolicy class was not getting created in WMI

Cause

PATH did not include C:\Windows\System32\Wbem to allow proper compilation of CCM_ISV.MOF file to create CCM_ISV_SoftwarePolicy class to host the FEP Policy XMLs

Resolution

Start Powershell on the client by opening Command Prompt and typing Powershell

Run the following Powershell WMI query to check if the CCM_ISV_SoftwarePolicy class exists in WMI:

get-wmiobject -namespace "root/ccm/policy/machine" -class CCM_ISV_SoftwarePolicy

This resulted in the following error:

Get-WmiObject : Invalid class

At line:1 char:14

+ get-wmiobject <<<< -namespace "root/ccm/policy/machine" -class CCM_ISV_SoftwarePolicy

CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException

+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Attempts to manually compile the CCM_ISV.MOF file located in the ConfigMgr Client's cache folder C:\Windows\System32\CCM\Cache\<Package ID> using the following command produced the error below because the mofcomp.exe could not be found:

mofcomp CCM_ISV.MOF

'mofcomp' is not recognized as an internal or external command, operable program or batch file.

Run the SET PATH command from the command prompt to determine if the folder, C:\Windows\System32\Wbem, exists and if not add it to the PATH.After adding this path, the application of the FEP policies was successful.

Proposed As Answer by Sumradagnoth Tuesday, May 17, 2011 12:58 PM

Wednesday, May 18, 2011 4:36 PM

0

Perfect, this was the issue and fixed it no problem by simply adding C:\Windows\System32\Wbem to the PATH variable.

Thursday, September 29, 2011 3:36 PM

0

Have the same issue and c:\Windows\Systems32\Wbem is part of the path:

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\Windows Imaging\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1

Proposed As Answer by znakeormen Friday, January 13, 2012 9:27 AM
Unproposed As Answer by znakeormen Friday, January 13, 2012 9:28 AM

Thursday, March 22, 2012 12:56 PM

0

I too have this issue on two machines and C:\Windows\System32\Wbem is in the path. One machine does give me the error above when I run get-wmiobject -namespace "root/ccm/policy/machine" -class CCM_ISV_SoftwarePolicy and the other returns all kinds of information when I run the powershell query. Maybe I have two different problems but the logs on the two computer have the same errors.

Friday, March 30, 2012 3:10 PM

0

This solution does notsolvemy problem.

Here is thelog-FEP-ApplyPolicy<hostname>.Log

27/03/2012 09:37:03: ************* FEP apply policy session started *************
27/03/2012 09:37:03: Class CCM_ISV_SoftwarePolicy already exist in client no need to recompile mof
27/03/2012 09:37:03: Starting polling for ISV instances. Max Wait = 600000 ms
27/03/2012 09:37:03: Polling for ISV instances. Remaining wait time is 600000 ms
27/03/2012 09:37:03: No need to wait for more ISV class to appear since count of ISV instance equals count of policy advertisements: 2
27/03/2012 09:37:03: Populating precedence dictionary Using CCM_SoftwareDistribution Package ISV data
27/03/2012 09:37:03: Parsing precedence XML and modification time of advertised program 'FEP Service Policy' :
27/03/2012 09:37:03: <SecurityPolicyPackage.PolicyPackageData xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://forefront.microsoft.com/2010/01/PolicyPackageData"><LastModificationTime>2012-03-21T12:15:09.2468903Z</LastModificationTime><PrecedenceList xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><d2p1:string>teste policy</d2p1:string><d2p1:string>FEP Other Servers - 9deJulho</d2p1:string><d2p1:string>FEP Other Servers - Cotia</d2p1:string><d2p1:string>FEP Domain Controller - Cotia</d2p1:string><d2p1:string>FEP Default Desktop Policy - Cotia</d2p1:string><d2p1:string>FEP Default Desktop Policy - 9deJulho</d2p1:string><d2p1:string>FEP Configuration Manager 2007 - 9deJulho</d2p1:string><d2p1:string>FEP Domain Controller - 9deJulho</d2p1:string><d2p1:string>Desktop Policy UNC</d2p1:string><d2p1:string>FEP Always-Internet Desktop - Internet</d2p1:string><d2p1:string>FEP Always-Internet DCs - Internet</d2p1:string><d2p1:string>FEP SharePoint 2010 Database - EC</d2p1:string><d2p1:string>FEP IIS 6-7 including Defaults</d2p1:string><d2p1:string>FEP Lync Servers - EC</d2p1:string><d2p1:string>FEP TMG - EC</d2p1:string><d2p1:string>FEP DC.DHCP.DNS - EC</d2p1:string><d2p1:string>FEP TS Server - EC</d2p1:string><d2p1:string>FEP SharePoint and FPSP including Defaults</d2p1:string><d2p1:string>FEP SharePoint 2010 Application - EC</d2p1:string><d2p1:string>FEP OCS - EC</d2p1:string><d2p1:string>FEP File Server - EC</d2p1:string><d2p1:string>FEP DNS Server including Defaults</d2p1:string><d2p1:string>FEP DHCP Server including Defaults</d2p1:string><d2p1:string>FEP Exchange 2010 Hub Function - EC</d2p1:string><d2p1:string>FEP Exchange 2010 CAS Server - EC</d2p1:string><d2p1:string>FEP Operations Manager 2007 - EC</d2p1:string><d2p1:string>FEP Hyper-V Host - EC</d2p1:string><d2p1:string>FEP Domain Controller - EC</d2p1:string><d2p1:string>FEP Configuration Manager 2007 - EC</d2p1:string><d2p1:string>FEP SQL 2005 - EC</d2p1:string><d2p1:string>FEP SQL 2008 - EC</d2p1:string><d2p1:string>Default Server Policy</d2p1:string><d2p1:string>Default Desktop Policy</d2p1:string></PrecedenceList></SecurityPolicyPackage.PolicyPackageData>
27/03/2012 09:37:03: Last modification time is 2012-03-21T12:15:09.2468903Z
27/03/2012 09:37:03: Precedence XML last modification time of 'FEP Service Policy' is the latest so far, trying to populate according it
27/03/2012 09:37:03: Clearing existing dictionary
27/03/2012 09:37:03: Adding: teste policy, 33
27/03/2012 09:37:03: Adding: FEP Other Servers - 9deJulho, 32
27/03/2012 09:37:03: Adding: FEP Other Servers - Cotia, 31
27/03/2012 09:37:03: Adding: FEP Domain Controller - Cotia, 30
27/03/2012 09:37:03: Adding: FEP Default Desktop Policy - Cotia, 29
27/03/2012 09:37:03: Adding: FEP Default Desktop Policy - 9deJulho, 28
27/03/2012 09:37:03: Adding: FEP Configuration Manager 2007 - 9deJulho, 27
27/03/2012 09:37:03: Adding: FEP Domain Controller - 9deJulho, 26
27/03/2012 09:37:03: Adding: Desktop Policy UNC, 25
27/03/2012 09:37:03: Adding: FEP Always-Internet Desktop - Internet, 24
27/03/2012 09:37:03: Adding: FEP Always-Internet DCs - Internet, 23
27/03/2012 09:37:03: Adding: FEP SharePoint 2010 Database - EC, 22
27/03/2012 09:37:03: Adding: FEP IIS 6-7 including Defaults, 21
27/03/2012 09:37:03: Adding: FEP Lync Servers - EC, 20
27/03/2012 09:37:03: Adding: FEP TMG - EC, 19
27/03/2012 09:37:03: Adding: FEP DC.DHCP.DNS - EC, 18
27/03/2012 09:37:03: Adding: FEP TS Server - EC, 17
27/03/2012 09:37:03: Adding: FEP SharePoint and FPSP including Defaults, 16
27/03/2012 09:37:03: Adding: FEP SharePoint 2010 Application - EC, 15
27/03/2012 09:37:03: Adding: FEP OCS - EC, 14
27/03/2012 09:37:03: Adding: FEP File Server - EC, 13
27/03/2012 09:37:03: Adding: FEP DNS Server including Defaults, 12
27/03/2012 09:37:03: Adding: FEP DHCP Server including Defaults, 11
27/03/2012 09:37:03: Adding: FEP Exchange 2010 Hub Function - EC, 10
27/03/2012 09:37:03: Adding: FEP Exchange 2010 CAS Server - EC, 9
27/03/2012 09:37:03: Adding: FEP Operations Manager 2007 - EC, 8
27/03/2012 09:37:03: Adding: FEP Hyper-V Host - EC, 7
27/03/2012 09:37:03: Adding: FEP Domain Controller - EC, 6
27/03/2012 09:37:03: Adding: FEP Configuration Manager 2007 - EC, 5
27/03/2012 09:37:03: Adding: FEP SQL 2005 - EC, 4
27/03/2012 09:37:03: Adding: FEP SQL 2008 - EC, 3
27/03/2012 09:37:03: Adding: Default Server Policy, 2
27/03/2012 09:37:03: Adding: Default Desktop Policy, 1
27/03/2012 09:37:03: Parsing precedence XML and modification time of advertised program 'FEP Hyper-V Host - EC' :
27/03/2012 09:37:03: <SecurityPolicyPackage.PolicyPackageData xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://forefront.microsoft.com/2010/01/PolicyPackageData"><LastModificationTime>2012-03-21T12:15:09.2468903Z</LastModificationTime><PrecedenceList xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><d2p1:string>teste policy</d2p1:string><d2p1:string>FEP Other Servers - 9deJulho</d2p1:string><d2p1:string>FEP Other Servers - Cotia</d2p1:string><d2p1:string>FEP Domain Controller - Cotia</d2p1:string><d2p1:string>FEP Default Desktop Policy - Cotia</d2p1:string><d2p1:string>FEP Default Desktop Policy - 9deJulho</d2p1:string><d2p1:string>FEP Configuration Manager 2007 - 9deJulho</d2p1:string><d2p1:string>FEP Domain Controller - 9deJulho</d2p1:string><d2p1:string>Desktop Policy UNC</d2p1:string><d2p1:string>FEP Always-Internet Desktop - Internet</d2p1:string><d2p1:string>FEP Always-Internet DCs - Internet</d2p1:string><d2p1:string>FEP SharePoint 2010 Database - EC</d2p1:string><d2p1:string>FEP IIS 6-7 including Defaults</d2p1:string><d2p1:string>FEP Lync Servers - EC</d2p1:string><d2p1:string>FEP TMG - EC</d2p1:string><d2p1:string>FEP DC.DHCP.DNS - EC</d2p1:string><d2p1:string>FEP TS Server - EC</d2p1:string><d2p1:string>FEP SharePoint and FPSP including Defaults</d2p1:string><d2p1:string>FEP SharePoint 2010 Application - EC</d2p1:string><d2p1:string>FEP OCS - EC</d2p1:string><d2p1:string>FEP File Server - EC</d2p1:string><d2p1:string>FEP DNS Server including Defaults</d2p1:string><d2p1:string>FEP DHCP Server including Defaults</d2p1:string><d2p1:string>FEP Exchange 2010 Hub Function - EC</d2p1:string><d2p1:string>FEP Exchange 2010 CAS Server - EC</d2p1:string><d2p1:string>FEP Operations Manager 2007 - EC</d2p1:string><d2p1:string>FEP Hyper-V Host - EC</d2p1:string><d2p1:string>FEP Domain Controller - EC</d2p1:string><d2p1:string>FEP Configuration Manager 2007 - EC</d2p1:string><d2p1:string>FEP SQL 2005 - EC</d2p1:string><d2p1:string>FEP SQL 2008 - EC</d2p1:string><d2p1:string>Default Server Policy</d2p1:string><d2p1:string>Default Desktop Policy</d2p1:string></PrecedenceList></SecurityPolicyPackage.PolicyPackageData>
27/03/2012 09:37:03: Last modification time is 2012-03-21T12:15:09.2468903Z
27/03/2012 09:37:03: Ignoring precedence XML last modification time of 'FEP Hyper-V Host - EC' since it is not later than latest so far 2012-03-21T12:15:09.2468903Z
27/03/2012 09:37:03: Completed mandatory stage of parse precedence from ISV successfully
27/03/2012 09:37:03: Found policy: PKG_PackageID=LE100088; PRG_ProgramID=FEP Service Policy
27/03/2012 09:37:03: precedence=0;
27/03/2012 09:37:03: Updated highest precedence policy (precedence=0, name=FEP Service Policy)
27/03/2012 09:37:03: Found policy: PKG_PackageID=LE100088; PRG_ProgramID=FEP Hyper-V Host - EC
27/03/2012 09:37:03: precedence=7;
27/03/2012 09:37:03: Updated highest precedence policy (precedence=7, name=FEP Hyper-V Host - EC)
27/03/2012 09:37:03: Creating policy file from program ISV data
27/03/2012 09:37:03: Policy Xml:
27/03/2012 09:37:03: <?xml version="1.0" encoding="us-ascii"?><SecurityPolicy Name="FEP Hyper-V Host - EC" Version="5" Description="Política para hyper-v host servers do site LE1 - legecesc01.arcadislogos.net" ProductVersion="1.0.0.0" IsBuiltIn="false" LastModifiedBy="ARCADISLOGOS\jefferson.adm" CreatedBy="ARCADISLOGOS\wesley.adm" LastModificationTime="2012-03-08T15:28:17.766914Z" CreationTime="2011-10-06T19:47:45.5822861Z" xmlns="http://forefront.microsoft.com/FEP/2010/01/PolicyData"><PolicySection Name="FEP.AmPolicy" Disabled="false"><LocalGroupPolicySettings><IgnoreKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware" /><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Real-Time Protection"><AddValue Name="DisableRealtimeMonitoring" Type="REG_DWORD">0</AddValue><AddValue Name="DisableOnAccessProtection" Type="REG_DWORD">0</AddValue><AddValue Name="RealTimeScanDirection" Type="REG_DWORD">0</AddValue><AddValue Name="LocalSettingOverrideDisableRealTimeMonitoring" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableIntrusionPreventionSystem" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableOnAccessProtection" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableIOAVProtection" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableBehaviorMonitoring" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideRealTimeScanDirection" Type="REG_DWORD">1</AddValue><AddValue Name="DisableIntrusionPreventionSystem" Type="REG_DWORD">1</AddValue><AddValue Name="DisableIOAVProtection" Type="REG_DWORD">0</AddValue><AddValue Name="DisableBehaviorMonitoring" Type="REG_DWORD">1</AddValue><AddValue Name="DisableScriptScanning" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableScriptScanning" Type="REG_DWORD">0</AddValue></AddKey><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction"><AddValue Name="1" Type="REG_DWORD">2</AddValue><AddValue Name="2" Type="REG_DWORD">2</AddValue><AddValue Name="4" Type="REG_DWORD">2</AddValue><AddValue Name="5" Type="REG_DWORD">2</AddValue></AddKey><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware"><AddValue Name="DisableRoutinelyTakingAction" Type="REG_DWORD">0</AddValue><AddValue Name="RandomizeScheduleTaskTimes" Type="REG_DWORD" Disabled="true">0</AddValue><AddValue Name="DisableLocalAdminMerge" Type="REG_DWORD">0</AddValue></AddKey><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\UX Configuration"><AddValue Name="CustomDefaultActionToastString" Type="REG_SZ" Disabled="true"></AddValue><AddValue Name="Notification_Suppress" Type="REG_DWORD">1</AddValue></AddKey><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Scan"><AddValue Name="ScheduleQuickScanTime" Type="REG_DWORD" PreviousValue="60">0</AddValue><AddValue Name="ScanParameters" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="ScheduleTime" Type="REG_DWORD" Disabled="true">120</AddValue><AddValue Name="ScheduleDay" Type="REG_DWORD" PreviousValue="7">8</AddValue><AddValue Name="LocalSettingOverrideScheduleTime" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideScheduleQuickScanTime" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideScheduleDay" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideScanParameters" Type="REG_DWORD">1</AddValue><AddValue Name="DisableCatchupQuickScan" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="DisableCatchupFullScan" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="CheckForSignaturesBeforeRunningScan" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="ScanOnlyIfIdle" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="LocalSettingOverrideAvgCPULoadFactor" Type="REG_DWORD">1</AddValue><AddValue Name="AvgCPULoadFactor" Type="REG_DWORD">30</AddValue><AddValue Name="DisableScanningNetworkFiles" Type="REG_DWORD">1</AddValue><AddValue Name="DisableScanningMappedNetworkDrivesForFullScan" Type="REG_DWORD">1</
27/03/2012 09:37:03: Highest precedence policy Name: FEP Hyper-V Host - EC
27/03/2012 09:37:03: Only set policy
27/03/2012 09:37:03: ConfigSecurityPolicy exists in C:\Program Files\Microsoft Security Client
27/03/2012 09:37:03: Executing "C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe" "C:\Windows\SysWOW64\CCM\Cache\LE100088.1.System\FEP Hyper-V Host - EC.xml"
27/03/2012 09:37:03: Creating SCCM MIF file (FepPolicy) in windows folder. Status is : Failed
27/03/2012 09:37:03: Status description is : Microsoft Security Client failed to apply policy "FEP Hyper-V Host - EC". Error: Failed to open the local machine Group Policy. Error code: 0x80004005.

MyLocalGPOconsoledoes not open, I thinkthis hasadirect relationshipin the installationofthe FEPpolicy.

Wednesday, May 02, 2012 11:17 PM

1

This solution does notsolvemy problem.

Here is thelog-FEP-ApplyPolicy<hostname>.Log

27/03/2012 09:37:03: ************* FEP apply policy session started *************
27/03/2012 09:37:03: Class CCM_ISV_SoftwarePolicy already exist in client no need to recompile mof
27/03/2012 09:37:03: Starting polling for ISV instances. Max Wait = 600000 ms
27/03/2012 09:37:03: Polling for ISV instances. Remaining wait time is 600000 ms
27/03/2012 09:37:03: No need to wait for more ISV class to appear since count of ISV instance equals count of policy advertisements: 2
27/03/2012 09:37:03: Populating precedence dictionary Using CCM_SoftwareDistribution Package ISV data
27/03/2012 09:37:03: Parsing precedence XML and modification time of advertised program 'FEP Service Policy' :
27/03/2012 09:37:03: <SecurityPolicyPackage.PolicyPackageData xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://forefront.microsoft.com/2010/01/PolicyPackageData"><LastModificationTime>2012-03-21T12:15:09.2468903Z</LastModificationTime><PrecedenceList xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><d2p1:string>teste policy</d2p1:string><d2p1:string>FEP Other Servers - 9deJulho</d2p1:string><d2p1:string>FEP Other Servers - Cotia</d2p1:string><d2p1:string>FEP Domain Controller - Cotia</d2p1:string><d2p1:string>FEP Default Desktop Policy - Cotia</d2p1:string><d2p1:string>FEP Default Desktop Policy - 9deJulho</d2p1:string><d2p1:string>FEP Configuration Manager 2007 - 9deJulho</d2p1:string><d2p1:string>FEP Domain Controller - 9deJulho</d2p1:string><d2p1:string>Desktop Policy UNC</d2p1:string><d2p1:string>FEP Always-Internet Desktop - Internet</d2p1:string><d2p1:string>FEP Always-Internet DCs - Internet</d2p1:string><d2p1:string>FEP SharePoint 2010 Database - EC</d2p1:string><d2p1:string>FEP IIS 6-7 including Defaults</d2p1:string><d2p1:string>FEP Lync Servers - EC</d2p1:string><d2p1:string>FEP TMG - EC</d2p1:string><d2p1:string>FEP DC.DHCP.DNS - EC</d2p1:string><d2p1:string>FEP TS Server - EC</d2p1:string><d2p1:string>FEP SharePoint and FPSP including Defaults</d2p1:string><d2p1:string>FEP SharePoint 2010 Application - EC</d2p1:string><d2p1:string>FEP OCS - EC</d2p1:string><d2p1:string>FEP File Server - EC</d2p1:string><d2p1:string>FEP DNS Server including Defaults</d2p1:string><d2p1:string>FEP DHCP Server including Defaults</d2p1:string><d2p1:string>FEP Exchange 2010 Hub Function - EC</d2p1:string><d2p1:string>FEP Exchange 2010 CAS Server - EC</d2p1:string><d2p1:string>FEP Operations Manager 2007 - EC</d2p1:string><d2p1:string>FEP Hyper-V Host - EC</d2p1:string><d2p1:string>FEP Domain Controller - EC</d2p1:string><d2p1:string>FEP Configuration Manager 2007 - EC</d2p1:string><d2p1:string>FEP SQL 2005 - EC</d2p1:string><d2p1:string>FEP SQL 2008 - EC</d2p1:string><d2p1:string>Default Server Policy</d2p1:string><d2p1:string>Default Desktop Policy</d2p1:string></PrecedenceList></SecurityPolicyPackage.PolicyPackageData>
27/03/2012 09:37:03: Last modification time is 2012-03-21T12:15:09.2468903Z
27/03/2012 09:37:03: Precedence XML last modification time of 'FEP Service Policy' is the latest so far, trying to populate according it
27/03/2012 09:37:03: Clearing existing dictionary
27/03/2012 09:37:03: Adding: teste policy, 33
27/03/2012 09:37:03: Adding: FEP Other Servers - 9deJulho, 32
27/03/2012 09:37:03: Adding: FEP Other Servers - Cotia, 31
27/03/2012 09:37:03: Adding: FEP Domain Controller - Cotia, 30
27/03/2012 09:37:03: Adding: FEP Default Desktop Policy - Cotia, 29
27/03/2012 09:37:03: Adding: FEP Default Desktop Policy - 9deJulho, 28
27/03/2012 09:37:03: Adding: FEP Configuration Manager 2007 - 9deJulho, 27
27/03/2012 09:37:03: Adding: FEP Domain Controller - 9deJulho, 26
27/03/2012 09:37:03: Adding: Desktop Policy UNC, 25
27/03/2012 09:37:03: Adding: FEP Always-Internet Desktop - Internet, 24
27/03/2012 09:37:03: Adding: FEP Always-Internet DCs - Internet, 23
27/03/2012 09:37:03: Adding: FEP SharePoint 2010 Database - EC, 22
27/03/2012 09:37:03: Adding: FEP IIS 6-7 including Defaults, 21
27/03/2012 09:37:03: Adding: FEP Lync Servers - EC, 20
27/03/2012 09:37:03: Adding: FEP TMG - EC, 19
27/03/2012 09:37:03: Adding: FEP DC.DHCP.DNS - EC, 18
27/03/2012 09:37:03: Adding: FEP TS Server - EC, 17
27/03/2012 09:37:03: Adding: FEP SharePoint and FPSP including Defaults, 16
27/03/2012 09:37:03: Adding: FEP SharePoint 2010 Application - EC, 15
27/03/2012 09:37:03: Adding: FEP OCS - EC, 14
27/03/2012 09:37:03: Adding: FEP File Server - EC, 13
27/03/2012 09:37:03: Adding: FEP DNS Server including Defaults, 12
27/03/2012 09:37:03: Adding: FEP DHCP Server including Defaults, 11
27/03/2012 09:37:03: Adding: FEP Exchange 2010 Hub Function - EC, 10
27/03/2012 09:37:03: Adding: FEP Exchange 2010 CAS Server - EC, 9
27/03/2012 09:37:03: Adding: FEP Operations Manager 2007 - EC, 8
27/03/2012 09:37:03: Adding: FEP Hyper-V Host - EC, 7
27/03/2012 09:37:03: Adding: FEP Domain Controller - EC, 6
27/03/2012 09:37:03: Adding: FEP Configuration Manager 2007 - EC, 5
27/03/2012 09:37:03: Adding: FEP SQL 2005 - EC, 4
27/03/2012 09:37:03: Adding: FEP SQL 2008 - EC, 3
27/03/2012 09:37:03: Adding: Default Server Policy, 2
27/03/2012 09:37:03: Adding: Default Desktop Policy, 1
27/03/2012 09:37:03: Parsing precedence XML and modification time of advertised program 'FEP Hyper-V Host - EC' :
27/03/2012 09:37:03: <SecurityPolicyPackage.PolicyPackageData xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://forefront.microsoft.com/2010/01/PolicyPackageData"><LastModificationTime>2012-03-21T12:15:09.2468903Z</LastModificationTime><PrecedenceList xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><d2p1:string>teste policy</d2p1:string><d2p1:string>FEP Other Servers - 9deJulho</d2p1:string><d2p1:string>FEP Other Servers - Cotia</d2p1:string><d2p1:string>FEP Domain Controller - Cotia</d2p1:string><d2p1:string>FEP Default Desktop Policy - Cotia</d2p1:string><d2p1:string>FEP Default Desktop Policy - 9deJulho</d2p1:string><d2p1:string>FEP Configuration Manager 2007 - 9deJulho</d2p1:string><d2p1:string>FEP Domain Controller - 9deJulho</d2p1:string><d2p1:string>Desktop Policy UNC</d2p1:string><d2p1:string>FEP Always-Internet Desktop - Internet</d2p1:string><d2p1:string>FEP Always-Internet DCs - Internet</d2p1:string><d2p1:string>FEP SharePoint 2010 Database - EC</d2p1:string><d2p1:string>FEP IIS 6-7 including Defaults</d2p1:string><d2p1:string>FEP Lync Servers - EC</d2p1:string><d2p1:string>FEP TMG - EC</d2p1:string><d2p1:string>FEP DC.DHCP.DNS - EC</d2p1:string><d2p1:string>FEP TS Server - EC</d2p1:string><d2p1:string>FEP SharePoint and FPSP including Defaults</d2p1:string><d2p1:string>FEP SharePoint 2010 Application - EC</d2p1:string><d2p1:string>FEP OCS - EC</d2p1:string><d2p1:string>FEP File Server - EC</d2p1:string><d2p1:string>FEP DNS Server including Defaults</d2p1:string><d2p1:string>FEP DHCP Server including Defaults</d2p1:string><d2p1:string>FEP Exchange 2010 Hub Function - EC</d2p1:string><d2p1:string>FEP Exchange 2010 CAS Server - EC</d2p1:string><d2p1:string>FEP Operations Manager 2007 - EC</d2p1:string><d2p1:string>FEP Hyper-V Host - EC</d2p1:string><d2p1:string>FEP Domain Controller - EC</d2p1:string><d2p1:string>FEP Configuration Manager 2007 - EC</d2p1:string><d2p1:string>FEP SQL 2005 - EC</d2p1:string><d2p1:string>FEP SQL 2008 - EC</d2p1:string><d2p1:string>Default Server Policy</d2p1:string><d2p1:string>Default Desktop Policy</d2p1:string></PrecedenceList></SecurityPolicyPackage.PolicyPackageData>
27/03/2012 09:37:03: Last modification time is 2012-03-21T12:15:09.2468903Z
27/03/2012 09:37:03: Ignoring precedence XML last modification time of 'FEP Hyper-V Host - EC' since it is not later than latest so far 2012-03-21T12:15:09.2468903Z
27/03/2012 09:37:03: Completed mandatory stage of parse precedence from ISV successfully
27/03/2012 09:37:03: Found policy: PKG_PackageID=LE100088; PRG_ProgramID=FEP Service Policy
27/03/2012 09:37:03: precedence=0;
27/03/2012 09:37:03: Updated highest precedence policy (precedence=0, name=FEP Service Policy)
27/03/2012 09:37:03: Found policy: PKG_PackageID=LE100088; PRG_ProgramID=FEP Hyper-V Host - EC
27/03/2012 09:37:03: precedence=7;
27/03/2012 09:37:03: Updated highest precedence policy (precedence=7, name=FEP Hyper-V Host - EC)
27/03/2012 09:37:03: Creating policy file from program ISV data
27/03/2012 09:37:03: Policy Xml:
27/03/2012 09:37:03: <?xml version="1.0" encoding="us-ascii"?><SecurityPolicy Name="FEP Hyper-V Host - EC" Version="5" Description="Política para hyper-v host servers do site LE1 - legecesc01.arcadislogos.net" ProductVersion="1.0.0.0" IsBuiltIn="false" LastModifiedBy="ARCADISLOGOS\jefferson.adm" CreatedBy="ARCADISLOGOS\wesley.adm" LastModificationTime="2012-03-08T15:28:17.766914Z" CreationTime="2011-10-06T19:47:45.5822861Z" xmlns="http://forefront.microsoft.com/FEP/2010/01/PolicyData"><PolicySection Name="FEP.AmPolicy" Disabled="false"><LocalGroupPolicySettings><IgnoreKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware" /><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Real-Time Protection"><AddValue Name="DisableRealtimeMonitoring" Type="REG_DWORD">0</AddValue><AddValue Name="DisableOnAccessProtection" Type="REG_DWORD">0</AddValue><AddValue Name="RealTimeScanDirection" Type="REG_DWORD">0</AddValue><AddValue Name="LocalSettingOverrideDisableRealTimeMonitoring" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableIntrusionPreventionSystem" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableOnAccessProtection" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableIOAVProtection" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableBehaviorMonitoring" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideRealTimeScanDirection" Type="REG_DWORD">1</AddValue><AddValue Name="DisableIntrusionPreventionSystem" Type="REG_DWORD">1</AddValue><AddValue Name="DisableIOAVProtection" Type="REG_DWORD">0</AddValue><AddValue Name="DisableBehaviorMonitoring" Type="REG_DWORD">1</AddValue><AddValue Name="DisableScriptScanning" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideDisableScriptScanning" Type="REG_DWORD">0</AddValue></AddKey><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction"><AddValue Name="1" Type="REG_DWORD">2</AddValue><AddValue Name="2" Type="REG_DWORD">2</AddValue><AddValue Name="4" Type="REG_DWORD">2</AddValue><AddValue Name="5" Type="REG_DWORD">2</AddValue></AddKey><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware"><AddValue Name="DisableRoutinelyTakingAction" Type="REG_DWORD">0</AddValue><AddValue Name="RandomizeScheduleTaskTimes" Type="REG_DWORD" Disabled="true">0</AddValue><AddValue Name="DisableLocalAdminMerge" Type="REG_DWORD">0</AddValue></AddKey><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\UX Configuration"><AddValue Name="CustomDefaultActionToastString" Type="REG_SZ" Disabled="true"></AddValue><AddValue Name="Notification_Suppress" Type="REG_DWORD">1</AddValue></AddKey><AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Scan"><AddValue Name="ScheduleQuickScanTime" Type="REG_DWORD" PreviousValue="60">0</AddValue><AddValue Name="ScanParameters" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="ScheduleTime" Type="REG_DWORD" Disabled="true">120</AddValue><AddValue Name="ScheduleDay" Type="REG_DWORD" PreviousValue="7">8</AddValue><AddValue Name="LocalSettingOverrideScheduleTime" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideScheduleQuickScanTime" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideScheduleDay" Type="REG_DWORD">1</AddValue><AddValue Name="LocalSettingOverrideScanParameters" Type="REG_DWORD">1</AddValue><AddValue Name="DisableCatchupQuickScan" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="DisableCatchupFullScan" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="CheckForSignaturesBeforeRunningScan" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="ScanOnlyIfIdle" Type="REG_DWORD" Disabled="true">1</AddValue><AddValue Name="LocalSettingOverrideAvgCPULoadFactor" Type="REG_DWORD">1</AddValue><AddValue Name="AvgCPULoadFactor" Type="REG_DWORD">30</AddValue><AddValue Name="DisableScanningNetworkFiles" Type="REG_DWORD">1</AddValue><AddValue Name="DisableScanningMappedNetworkDrivesForFullScan" Type="REG_DWORD">1</
27/03/2012 09:37:03: Highest precedence policy Name: FEP Hyper-V Host - EC
27/03/2012 09:37:03: Only set policy
27/03/2012 09:37:03: ConfigSecurityPolicy exists in C:\Program Files\Microsoft Security Client
27/03/2012 09:37:03: Executing "C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe" "C:\Windows\SysWOW64\CCM\Cache\LE100088.1.System\FEP Hyper-V Host - EC.xml"
27/03/2012 09:37:03: Creating SCCM MIF file (FepPolicy) in windows folder. Status is : Failed
27/03/2012 09:37:03: Status description is : Microsoft Security Client failed to apply policy "FEP Hyper-V Host - EC". Error: Failed to open the local machine Group Policy. Error code: 0x80004005.

MyLocalGPOconsoledoes not open, I thinkthis hasadirect relationshipin the installationofthe FEPpolicy.

Problem:

In my case the problem was with the local group policy, it was not accessible, preventing the FEP policy was signed.

Resolution:

Go to the %windir%\System32\GroupPolicy\Machine\ and delete the file "Registry.pol"

Note:

This procedure should be performed at computers that do not have local policies configured.

Proposed As Answer by Jefferson Inocente Wednesday, May 02, 2012 11:17 PM

Tuesday, May 07, 2013 8:15 PM

0

Thanks for the info. This was helpful. This exactly what I did to solve my problem:

Uninstall Endpoint from Client Computer (add/remove).
Uninstall SCCM agent on the computer using the Right Click tool on SCCM.
Rename current registry.pol at C:\Windows\System32\GroupPolicy\Machine to registry.old
Install SCCM client via SCCM
Let it install the agent and Endpoint and it will automatically recreate registry.pol
Now, Antimalware Policy should be back.

Proposed As Answer by SwissMiss123 Wednesday, May 08, 2013 3:32 PM
Edited by SwissMiss123 Wednesday, May 08, 2013 3:33 PM

Custom policy not applied to some clients...

All Replies

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?