none
Defintion Updates failing over Windows Update

    Question

  • Good day,

    This is the second time I am having this problem.

    I have FEP 2010 and FEP 2012 clients deployed. I am deploying definition updates with WSUS. Policy for clients is also set that updates should be downloaded directly from Micorosft if they fail from WSUS.

    The problem is that when Windows Update tries to update the definitions it failes with an error: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.129.167.0).

    A big amount of computers have this same error. I can not get any info on this error, even though I tried anything at all that I could find by searching the web. If I manually click to install the updates in Windows Update (latest definition updates that WSUS downloaded are offered which is ok) it failes with 80070666 error.

    The first time I had this issue I could go manually into FEP interface and click UPDATE, then it would manage to install the latest definition and after that there would be no more problems with the new definitions (on that computer). I thought that the problem was only with that single definition that all computers had problem with, and it would simply be a solution to manually update all the clients and after that all will be fine.

    But now, I am having this problem AGAIN. Now, I can not even manually update through the FEP interface. I get the error that connection has failed and that there is problem with Internet connectivity (which actually is not correct since other applications can connect online without problems).

    I am stuck, so need some fresh thoughts, help please.

    Thursday, June 21, 2012 10:23 AM

Answers

  • Hi Vedran,

    Thank you for the post.

    The error means client need a full engine definition update (mpam-fe.exe) to install the delta definition update (mpam-d.exe). You need to created a package for the mpam-fe.exe and sent it out to the clients and after that they were able to install the delta definition updates.

    http://support.microsoft.com/kb/935934

    If there are more inquiries on this issue, please feel free to let us know.
     
    Regards


    Rick Tan

    TechNet Community Support

    Wednesday, June 27, 2012 2:19 AM

All replies

  • Check the C:\Windows\WindowsUpdate.log and see where it's trying to pull the updates from. For example, when I click the update button in FEP, the log shows that it's connecting to http://download.windowsupdate.com/msdownload/update/software/defu/2012/06/am_delta_patch*

    Also, check the following registry settings for correct values:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

    WUServer

    WUStatusServer

    and

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

    UseWUServer

    Those entries should be set by the SCCM client through local Group Policy but if you have some other GPO setting them, they could conflict and cause issues.

    Thursday, June 21, 2012 2:23 PM
  • Hi thanks for reply!

    Only UseWUServer is set to 1.

    On hosts that fail to install definitions I found in event viewer error about windows update:

    Log Name:      System
    Source:        Microsoft Antimalware
    Date:          26.06.12 11:10:10
    Event ID:      2001
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      ALGODC2.algoritam.hr
    Description:
    Microsoft Antimalware has encountered an error trying to update signatures.
         New Signature Version: 1.129.441.0
         Previous Signature Version: 1.127.2174.0
         Update Source: User
         Update Stage: Install
         Source Path:
         Signature Type: AntiVirus
         Update Type: Delta
         User: NT AUTHORITY\SYSTEM
         Current Engine Version: 1.1.8403.0
         Previous Engine Version: 1.1.8403.0
         Error code: 0x80070666
         Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

    This error obvioulsy happens for all the definitions that computer downloads from WSUS. In the log I can clearly read that updates are downloaded and ready for install, but when they try to install automatically (as they should beacause of the GPO setting) they fail with the mentioned errors.

    Interesting thing is that I can now manually install updates through the FEP client interface, just like 1st time, but it fails with WU.

    Both FEP 2012 and FEP 2010 have the issue. FEP 2012 was upgraded from 2010 by SCCM 2012.

    I also have to mention that this only happens for FEP updates... connection to WSUS and other updates install without error.


    Tuesday, June 26, 2012 10:51 AM
  • Hi Vedran,

    Thank you for the post.

    The error means client need a full engine definition update (mpam-fe.exe) to install the delta definition update (mpam-d.exe). You need to created a package for the mpam-fe.exe and sent it out to the clients and after that they were able to install the delta definition updates.

    http://support.microsoft.com/kb/935934

    If there are more inquiries on this issue, please feel free to let us know.
     
    Regards


    Rick Tan

    TechNet Community Support

    Wednesday, June 27, 2012 2:19 AM
  • Hi Rick thanks for posting,

    Why did this happen and how can I ensure that it does not happen again in the future?

    I came to the idea myself to try and manually push those updates but I am still having trouble deploying mpam-fe.exe with a script to my clients.

    Although I am not sure what you meant with mpam-d.exe.

    Wednesday, June 27, 2012 8:56 AM
  • Hi Vedran,

    It could be caused by DP not update full engine definition update file (mpam-fe.exe).
    Try to install update manually in the following sequence:
    1. Install NIS update
    2. Install full FEP definition package (MPAM-FE.exe)
    3. Install the Delta package  (MPAM-D.exe)

    Please read File-Share-Based Definition Updates article to know the MPAM-D.exe download URL.
    http://technet.microsoft.com/en-us/library/gg398041.aspx  

    Regards


    Rick Tan

    TechNet Community Support

    Thursday, June 28, 2012 6:59 AM
  • Hi Rick,

    Thanks for the advice, it is working for now, well at least for those clients that installed manually FE definitions.

    I just hope it does not happen again, because this is the second time in 30 days. Whish I could prevent it somehow.

    Monday, July 02, 2012 8:35 AM
  • This is happening again.

    All computers were updating fine after deploying mpam-fe.exe, and now again they are failing with the same error. It passed about 2-3 weeks since the last incident.

    This can not be normal behaviour?

    Wednesday, July 25, 2012 7:23 AM
  • Hi Vedran

    have you ever solved this issue

    thx Mike

    Wednesday, October 10, 2012 8:35 AM
  • Can anyone help me with this issue??

    Few servers wont update by any means. (Neither through WSUS, nor through shared drive not even manually)

    I get the below error message. Connectivity to the shared drive servers and the WSUS looks fine as the telnetting to these servers works fine.

    Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.139.2153.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.8904.0

    Error code: 0x80072efd


    System Security analyst at CapG


    • Edited by Tushar_SCCM Friday, November 16, 2012 7:20 AM
    Friday, November 16, 2012 7:20 AM