none
SCEP definitions are not updated on clients

    Question

  • Hi,

    I have a ConfigMgr 2012 hierarchy with a CAS and one primary server. Boundary and boundary groups are setup with the correct IP range and the group include the primary server with the DP.

    I have installed the SUP and the EP roles on the CAS server and created an automatic deployment rule that finds the latest EP definition and makes it available to the clients.

    I have created a custom Client policy that enables EP and an AntiMalware policy that sets the client to check for updates every 4 hours.

    My problem is now that the client will not check for updates.

    I can see on the CAS server that the automatic deployment rule finds the new definition updates. The update is placed in a software update package and distributed to a DP on the primary site and a deployment is created.

    On the client I can see in the EndpointProtectionAgent.log (and in the registry) that the policy is applied but the client still has an more than two days old date in the “Definitions Last checked” field.

    If I manually update the definition by using the “update” button on the client the definition is updated to the latest version. I can see in the windowsupdate.log that it is downloaded from windowsupdate.com.

    What have I forgotten since the client will not download the definition updates automatically from SCCM?


    Thomas Forsmark Soerensen


    • Edited by Forsmark Wednesday, May 23, 2012 6:46 AM
    Tuesday, May 22, 2012 12:04 PM

Answers

  • Hi,

    yes, I had forgotten to install the SUP role on the primary SCCM server and had only installed it on the CAS server.

    Therefore the clients could not contact a primary server with the SUP role installed and therefore could not install the new definition updates.

    After installing the SUP role on the primary server I could see in the registry on the clients that they were directed to the SCCM Primary server to look for updates.

    A silly mistake with big consequences :-S


    Thomas Forsmark Soerensen

    Monday, July 23, 2012 2:00 PM

All replies

  • In your Antimalware Policies under the Definition Updates, did you Configure Definition Update Sources to include "Updates Distributed from Configuration Manager" as your primary source for updates?

    Mike...

    Tuesday, May 22, 2012 2:20 PM
  • Hi Mike,

    yes I did set "Updates Distributed from Configuration Manager" as the primary source for definition updates.


    Thomas Forsmark Soerensen


    • Edited by Forsmark Wednesday, May 23, 2012 6:46 AM
    Wednesday, May 23, 2012 6:45 AM
  • and have you checked whether the client has received your custom policies?

    because otherwise it will take the default policy (maybe that one isn't configured to use config manager as update source)

    you can check the policy on the client frontend also, if you go to the help/about section

    Wednesday, May 23, 2012 7:50 AM
  • As I wrote in the first post:

    On the client I can see in the EndpointProtectionAgent.log (and in the registry) that the policy is applied but the client still has an more than two days old date in the “Definitions Last checked” field.

    If I look in the help/about section it states that too. (Thanks for this tip. Didn't know that)

    So I think the right policy is applied.


    Thomas Forsmark Soerensen

    Wednesday, May 23, 2012 8:03 AM
  • ok,

    then what about the automatic deployment rule

    can you enforce it again and trace its log in the ruleengine.log on the server

    we should be able to find a trace somewhere

    Wednesday, May 23, 2012 8:55 AM
  • If I on the collection with all my "clients" right click and select "Endpoint Protection" -> "Update Definitions" the definition is updated on all my clients.

    So the update procedure IS working it’s just that the clients refuses to automatically check for any new definitions.


    Thomas Forsmark Soerensen

    Wednesday, May 23, 2012 10:01 AM
  • Forsmark,

    Were you ever able to figure this out?  I'm having the same problem.  Definitions are correct on SCCM 2012 but the Forefront clients do not pull down the latest updates.

    Thursday, June 14, 2012 1:10 PM
  • I'm also facing same problem. Furthermore, I think that the whole update process is not clear at all, between Windows Updates and SCCM Updates, as figured out in http://social.technet.microsoft.com/Forums/en-US/FCSNext/thread/866ea1df-1c7c-4a54-9139-159038bb0d7e.
    Friday, June 22, 2012 6:18 AM
  • I too am facing the same issue but I think the problem lies with the EP client not updating the details on the "Update" page. From what I can see the definitions are installed and updated.

    On a standard client that has had the EP client installed the Update tab shows the following:

    SCCM shows the correct definitions as being installed (1.129.1411.0 at the time of this post) so I'm fairly confident that the definitions have been deployed and applied but its annoying that the client does not display this info. However what is more annoying is when someone manually updates the definitions this date is displayed on the update tab even though the client has received numerous updates since the manual update (see below).

     This erronious date causes concern because our customers call our helpdesk concerned that the definitions are weeks out of date.

    Regards

    Paul

    Wednesday, July 11, 2012 2:41 PM
  • Hi,

    yes, I had forgotten to install the SUP role on the primary SCCM server and had only installed it on the CAS server.

    Therefore the clients could not contact a primary server with the SUP role installed and therefore could not install the new definition updates.

    After installing the SUP role on the primary server I could see in the registry on the clients that they were directed to the SCCM Primary server to look for updates.

    A silly mistake with big consequences :-S


    Thomas Forsmark Soerensen

    Monday, July 23, 2012 2:00 PM
  • Hi,

    I have the same issue but I don't have CAS server.

    My configuration:
    • WSUS SERVER: Sotfware Update point.
    • SCCM SERVER (primary site): Endpoint Protection point and Distribution point.

    Regards,

    Saturday, September 22, 2012 7:34 AM
  • Any errors in windowsupdate.log, u*.log, scanagent.log?

    Torsten Meringer | http://www.mssccmfaq.de

    Saturday, September 22, 2012 2:53 PM
  • Hi,

    Below: the windowsupdate.log from start of manual update until error message:

    2012-09-21 14:05:29:879 1744 197c Misc ===========  Logging initialized (build: 7.6.7600.256, tz: +0200)  ===========
    2012-09-21 14:05:29:879 1744 197c Misc   = Process: C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    2012-09-21 14:05:29:879 1744 197c Misc   = Module: C:\Windows\system32\wuapi.dll
    2012-09-21 14:05:29:879 1744 197c COMAPI -------------
    2012-09-21 14:05:29:879 1744 197c COMAPI -- START --  COMAPI: Search [ClientId = System Center 2012 Endpoint Protection (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
    2012-09-21 14:05:29:879 1744 197c COMAPI ---------
    2012-09-21 14:05:29:949  884 ff8 Agent *************
    2012-09-21 14:05:29:949  884 ff8 Agent ** START **  Agent: Finding updates [CallerId = System Center 2012 Endpoint Protection (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
    2012-09-21 14:05:29:950  884 ff8 Agent *********
    2012-09-21 14:05:29:950  884 ff8 Agent   * Online = Yes; Ignore download priority = No
    2012-09-21 14:05:29:950  884 ff8 Agent   * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6911a52c34a3' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
    2012-09-21 14:05:29:950  884 ff8 Agent   * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
    2012-09-21 14:05:29:950  884 ff8 Agent   * Search Scope = {Machine}
    2012-09-21 14:05:29:950 1744 197c COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = System Center 2012 Endpoint Protection (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
    2012-09-21 14:05:30:000  884 ff8 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2012-09-21 14:05:30:038  884 ff8 Misc  Microsoft signed: Yes
    2012-09-21 14:06:35:311  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:06:35:311  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:06:35:311  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.wind...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:06:35:311  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:06:35:311  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:06:35:311  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:07:40:585  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:07:40:585  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:07:40:585  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.wind...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:07:40:585  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:07:40:585  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:07:40:585  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:08:45:866  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:08:45:866  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:08:45:866  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.wind...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:08:45:866  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:08:45:866  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:08:45:866  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:09:51:138  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:09:51:138  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:09:51:138  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.wind...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:09:51:138  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:09:51:138  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:09:51:138  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:09:51:138  884 ff8 Misc WARNING: DownloadFileInternal failed for http://download.wind...muv4wuredir.cab: error 0x80072ee2
    2012-09-21 14:09:51:138  884 ff8 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2012-09-21 14:09:51:141  884 ff8 Misc  Microsoft signed: Yes
    2012-09-21 14:10:35:395  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:10:35:395  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:10:35:395  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.micr...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:10:35:395  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:10:35:395  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:10:35:395  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:11:19:654  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:11:19:654  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:11:19:654  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.micr...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:11:19:654  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:11:19:654  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:11:19:654  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:12:03:920  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:12:03:920  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:12:03:920  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.micr...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:12:03:920  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:12:03:920  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:12:03:920  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:12:48:176  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:12:48:176  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:12:48:176  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.micr...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:12:48:176  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:12:48:176  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:12:48:176  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:12:48:176  884 ff8 Misc WARNING: DownloadFileInternal failed for http://download.micr...muv4wuredir.cab: error 0x80072ee2
    2012-09-21 14:12:48:176  884 ff8 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2012-09-21 14:12:48:179  884 ff8 Misc  Microsoft signed: Yes
    2012-09-21 14:13:11:438  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:13:11:438  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:13:11:438  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.mi...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:13:11:438  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:13:11:438  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:13:11:438  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:13:34:698  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:13:34:698  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:13:34:698  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.mi...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:13:34:698  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:13:34:698  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:13:34:698  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:13:57:958  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:13:57:958  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:13:57:958  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.mi...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:13:57:958  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:13:57:958  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:13:57:958  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:14:21:220  884 ff8 Misc WARNING: Send failed with hr = 80072ee2.
    2012-09-21 14:14:21:220  884 ff8 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2012-09-21 14:14:21:220  884 ff8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.mi...muv4wuredir.cab>. error 0x80072ee2
    2012-09-21 14:14:21:220  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2012-09-21 14:14:21:220  884 ff8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2012-09-21 14:14:21:220  884 ff8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2012-09-21 14:14:21:220  884 ff8 Misc WARNING: DownloadFileInternal failed for http://www.update.mi...muv4wuredir.cab: error 0x80072ee2
    2012-09-21 14:14:21:220  884 ff8 Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80072ee2
    2012-09-21 14:14:21:220  884 ff8 Agent   * WARNING: Online service registration/service ID resolution failed, hr=0x80072EE2
    2012-09-21 14:14:21:314  884 ff8 Agent   * WARNING: Exit code = 0x80072EE2
    2012-09-21 14:14:21:314  884 ff8 Agent *********
    2012-09-21 14:14:21:314  884 ff8 Agent **  END  **  Agent: Finding updates [CallerId = System Center 2012 Endpoint Protection (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
    2012-09-21 14:14:21:314  884 ff8 Agent *************
    2012-09-21 14:14:21:314  884 ff8 Agent WARNING: WU client failed Searching for update with error 0x80072ee2
    2012-09-21 14:14:21:315 1744 f70 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = System Center 2012 Endpoint Protection (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
    2012-09-21 14:14:21:316 1744 f70 COMAPI   - Updates found = 0
    2012-09-21 14:14:21:316 1744 f70 COMAPI   - WARNING: Exit code = 0x00000000, Result code = 0x80072EE2
    2012-09-21 14:14:21:316 1744 f70 COMAPI ---------
    2012-09-21 14:14:21:316 1744 f70 COMAPI --  END  --  COMAPI: Search [ClientId = System Center 2012 Endpoint Protection (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
    2012-09-21 14:14:21:316 1744 f70 COMAPI -------------
    2012-09-21 14:14:21:316 1744 434 COMAPI WARNING: Operation failed due to earlier error, hr=80072EE2
    2012-09-21 14:14:21:316 1744 434 COMAPI FATAL: Unable to complete asynchronous search. (hr=80072EE2)
    2012-09-21 14:14:26:335  884 ff8 Report REPORT EVENT: {D1C5A894-8C00-4B4F-853B-7EE51A386FD3} 2012-09-21 14:14:21:314+0200 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 System Center 2012 Endpoint Pro Failure Software Synchronization Windows Update Client failed to detect with error 0x80072ee2.
    2012-09-21 14:14:26:390  884 ff8 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
    2012-09-21 14:14:26:390  884 ff8 Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
    2012-09-21 14:14:26:390  884 ff8 Report CWERReporter finishing event handling. (00000000)


    Thanks in advance.

    cheers,         

    Saturday, September 22, 2012 4:23 PM