locked
Custom agent settings are not getting applied and SCEP is unmanaged state! RRS feed

  • Question

  • Hi all,

    We did update our SCCM to the latest available version, the agent upgrade option was checked in the config. 

    But it seems like that the agents are not getting the correct  custom agent settings or DP settings like Organization name ...and the header color .. the custom settings is set to Priority 1, next to this custum agent settings  there is a SCEP Agent settings as well enabled with prio 2 to have SCEP installed next to the custom confg manager agent. 

    SCEP is getting installed but the agent part is showing it as UNMANAGED. 

    Pls advise hoe we can get these two issues fixed ? 


    • Edited by EF75 Monday, December 2, 2019 3:53 PM
    Monday, December 2, 2019 3:53 PM

All replies

  • Hi,

    Please review EndpointProtectionAgent.log on the target machine, we are able to see if the policy is applied.

    SCCM, SCEP and Defender – Making it All Work


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 4, 2019 9:38 AM
  • this is what we are getting :

    <![LOG[Device is not MDM enrolled yet. All workloads are managed by SCCM.]LOG]!><time="13:57:39.675-60" date="11-29-2019" component="EndpointProtectionAgent" context="" type="1" thread="4328" file="CcmUtilLib.cpp:3625">
    <![LOG[Endpoint protection workload is NOT migrated to Intune. SCCM will apply policy.]LOG]!><time="13:57:39.675-60" date="11-29-2019" component="EndpointProtectionAgent" context="" type="1" thread="4328" file="epagentutil.cpp:1347">
    <![LOG[Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="13:57:39.675-60" date="11-29-2019" component="EndpointProtectionAgent" context="" type="2" thread="4328" file="epagentimpl.cpp:1425">
    <![LOG[Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="13:57:39.675-60" date="11-29-2019" component="EndpointProtectionAgent" context="" type="2" thread="4328" file="epagentimpl.cpp:1430">
    <![LOG[EP State and Error Code didn't get changed, skip resend state message.]LOG]!><time="13:57:39.675-60" date="11-29-2019" component="EndpointProtectionAgent" context="" type="1" thread="4328" file="epagentimpl.cpp:162">
    <![LOG[Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="13:57:39.675-60" date="11-29-2019" component="EndpointProtectionAgent" context="" type="2" thread="4328" file="epagentimpl.cpp:1425">
    <![LOG[Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="13:57:39.675-60" date="11-29-2019" component="EndpointProtectionAgent" context="" type="2" thread="4328" file="epagentimpl.cpp:1430">
    <![LOG[State 1, error code 0 and detail message are not changed, skip updating registry value]LOG]!><time="13:57:39.675-60" date="11-29-2019" component="EndpointProtectionAgent" context="" type="1" thread="4328" file="epagentimpl.cpp:215">
    <![LOG[Service startup notification received]LOG]!><time="08:03:37.860-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="1" thread="6888" file="fepsettingendpoint.cpp:297">
    <![LOG[Endpoint is triggered by CCMTask Execute.]LOG]!><time="08:03:37.860-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="1" thread="6888" file="fepsettingendpoint.cpp:266">
    <![LOG[This device is not enrolled into Intune.]LOG]!><time="08:03:37.938-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="1" thread="6888" file="MdmRegLib.cpp:1050">
    <![LOG[Device is not MDM enrolled yet. All workloads are managed by SCCM.]LOG]!><time="08:03:37.938-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="1" thread="6888" file="CcmUtilLib.cpp:3625">
    <![LOG[Endpoint protection workload is NOT migrated to Intune. SCCM will apply policy.]LOG]!><time="08:03:37.938-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="1" thread="6888" file="epagentutil.cpp:1347">
    <![LOG[Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="08:03:37.938-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="2" thread="6888" file="epagentimpl.cpp:1425">
    <![LOG[Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="08:03:37.938-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="2" thread="6888" file="epagentimpl.cpp:1430">
    <![LOG[EP State and Error Code didn't get changed, skip resend state message.]LOG]!><time="08:03:37.938-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="1" thread="6888" file="epagentimpl.cpp:162">
    <![LOG[Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="08:03:37.938-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="2" thread="6888" file="epagentimpl.cpp:1425">
    <![LOG[Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="08:03:37.938-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="2" thread="6888" file="epagentimpl.cpp:1430">
    <![LOG[State 1, error code 0 and detail message are not changed, skip updating registry value]LOG]!><time="08:03:37.938-60" date="12-02-2019" component="EndpointProtectionAgent" context="" type="1" thread="6888" file="epagentimpl.cpp:215">
    <![LOG[Service startup notification received]LOG]!><time="07:07:18.969-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="1" thread="4956" file="fepsettingendpoint.cpp:297">
    <![LOG[Endpoint is triggered by CCMTask Execute.]LOG]!><time="07:07:18.969-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="1" thread="4956" file="fepsettingendpoint.cpp:266">
    <![LOG[This device is not enrolled into Intune.]LOG]!><time="07:07:19.016-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="1" thread="4956" file="MdmRegLib.cpp:1050">
    <![LOG[Device is not MDM enrolled yet. All workloads are managed by SCCM.]LOG]!><time="07:07:19.016-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="1" thread="4956" file="CcmUtilLib.cpp:3625">
    <![LOG[Endpoint protection workload is NOT migrated to Intune. SCCM will apply policy.]LOG]!><time="07:07:19.016-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="1" thread="4956" file="epagentutil.cpp:1347">
    <![LOG[Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="07:07:19.016-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="2" thread="4956" file="epagentimpl.cpp:1425">
    <![LOG[Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="07:07:19.016-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="2" thread="4956" file="epagentimpl.cpp:1430">
    <![LOG[EP State and Error Code didn't get changed, skip resend state message.]LOG]!><time="07:07:19.016-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="1" thread="4956" file="epagentimpl.cpp:162">
    <![LOG[Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="07:07:19.016-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="2" thread="4956" file="epagentimpl.cpp:1425">
    <![LOG[Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent]LOG]!><time="07:07:19.016-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="2" thread="4956" file="epagentimpl.cpp:1430">
    <![LOG[State 1, error code 0 and detail message are not changed, skip updating registry value]LOG]!><time="07:07:19.016-60" date="12-04-2019" component="EndpointProtectionAgent" context="" type="1" thread="4956" file="epagentimpl.cpp:215">

    Wednesday, December 4, 2019 2:19 PM
  • The Strange thing is, once we did enable SCEP on the DEFAULT Client settings all the systems did get SCEP installed and enabled !this is what happend with The Computer agent settings as well, it looks like the DEFAULT Computer agent and SECP setting are overriding the Custom settings ? We did enable Computer Agent installation and SCEP based on two different  Agent settings with higher prio and did deployed them to devices collections.

    Wednesday, December 4, 2019 2:43 PM
  • By default it has a 10000 priority value (This is the lower priority). All others custom client settings can have a priority value of 1 to 9999 which will always override the Default Client Settings. (The higher Priority is 1).

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 5, 2019 9:39 AM
  • I agree , but why all the systems got Endpoint Enabled  ( Manage EP clinet on client was set to yes on default agent settings ) ?  as this was also set on yes as well on the custom agent settings but deployed to limited sets of device collections. 

    OR should I disable as much as possible the options on the default agent settings ? what is the best practice ? 

    Thursday, December 5, 2019 10:30 AM
  • Modify the default settings when you want to configure settings for all users and devices in the hierarchy that do not have any custom settings applied. If you want to apply different settings to just some users or devices, create custom settings and deploy to collections.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 6, 2019 8:18 AM
  • Here is a summary for your issue.
     
    Issue Symptoms
    ===================
    Custom agent settings are not getting applied and SCEP is unmanaged state! 
     
    Action Plan
    ===================
    Modify the default settings when you want to configure settings for all users and devices in the hierarchy that do not have any custom settings applied. If you want to apply different settings to just some users or devices, create custom settings and deploy to collections.
     
    If there is any update, feel free to feedback.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 14, 2020 2:51 AM