locked
DMZ servers connecting to internal MP RRS feed

  • Question

  • I'm trying to get a group of DMZ workgroup servers to connect to an internal MP for the purpose of Windows Updates and SCEP. I've got as far as the clients being visible in the ConfigMgr Console, and right click approved, but not much farther. They still do not show the correct Antimalware policy being applied (just at default) and don't seem to be connecting properly. Also many of the fields in the ConfigMgr console are blank (such as: Endpoint Protection Definition Last Update Time).

    What logs should I be checking? And what steps for troubleshooting? I feel as though I'm going around in circles and may be looking at the wrong things.

    Tuesday, October 4, 2016 3:54 PM

Answers

  • So (as a sanity check), are you sure the policy is even set to be deployed to this client?

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, October 4, 2016 9:56 PM
  • Fixed!

    Though I had the Antimalware Policy deployed to the DMZ group, inadvertently I had overlooked the DMZ group getting the client settings under Endpoint Protection that specify EP be managed by SCCM. Therefore it went with the default Client Settings which leave EP unmanaged. :)

    Thanks for helping me whittle this down.

    Wednesday, October 5, 2016 2:25 PM

All replies

  • Have you validated that these systems can communicate with the site over port 80?

    How did you install the client agents on these systems?

    Start by checking ccmmessaging.log, clientlocation.log, and locationservices.log.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, October 4, 2016 4:06 PM
  • Ok, I reviewed all 3 of the logs you mentioned.

    I'll paste snippets below, but I'm thinking from the locationservices.log something isn't right with using DNS, right?


    CCMMessaging.log---------------------------------------------

    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004110504.001000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 2312;
    };
    CcmMessaging 10/4/2016 6:05:04 AM 2312 (0x0908)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004115607.004000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 3680;
    };
    CcmMessaging 10/4/2016 6:56:07 AM 3680 (0x0E60)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004125606.882000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 2548;
    };
    CcmMessaging 10/4/2016 7:56:06 AM 2548 (0x09F4)
    Could not load logging configuration for component CcmTask. Using default values. CcmMessaging 10/4/2016 7:57:35 AM 2548 (0x09F4)
    Could not load logging configuration for component FileSystemFile. Using default values. CcmMessaging 10/4/2016 7:57:35 AM 2548 (0x09F4)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004132735.156000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 2748;
    };
    CcmMessaging 10/4/2016 8:27:35 AM 2748 (0x0ABC)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004133521.753000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 1112;
    };
    CcmMessaging 10/4/2016 8:35:21 AM 1112 (0x0458)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004135023.622000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 2388;
    };
    CcmMessaging 10/4/2016 8:50:23 AM 2388 (0x0954)



    ClientLocation.log -------------------------------------------------------
    seems to be reassiging itself once a day?---------------------------------

    Assigned MP changed from <vcm003.somewhere.local> to <vcm003.somewhere.local>. ClientLocation 9/27/2016 6:59:50 PM 3916 (0x0F4C)
    Client is set to use HTTPS when available. The current state is 224. ClientLocation 9/28/2016 12:04:01 AM 2932 (0x0B74)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20160928050401.589000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 2932;
    };
    ClientLocation 9/28/2016 12:04:01 AM 2932 (0x0B74)
    Failed to submit event to the Status Agent. Attempting to create pending event. ClientLocation 9/28/2016 12:04:01 AM 2932 (0x0B74)
    Raising pending event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20160928050401.589000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 2932;
    };
    ClientLocation 9/28/2016 12:04:01 AM 2932 (0x0B74)
    Workgroup client is in Intranet ClientLocation 9/28/2016 12:04:01 AM 2932 (0x0B74)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20160928050415.583000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 2888;
    };
    ClientLocation 9/28/2016 12:04:15 AM 2888 (0x0B48)
    Workgroup client is in Intranet ClientLocation 9/28/2016 12:04:15 AM 2888 (0x0B48)
    Rotating assigned management point, new management point [1] is: vcm003.somewhere.local (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities> ClientLocation 9/28/2016 12:04:16 AM 2888 (0x0B48)
    Assigned MP changed from <vcm003.somewhere.local> to <vcm003.somewhere.local>. ClientLocation 9/28/2016 12:04:16 AM 2888 (0x0B48)


    LocationServices.log---------------------------------------------------------------
    Several things seem amiss here, but not exactly sure how to interpret--------------

    Calling back with the following WSUS locations LocationServices 10/3/2016 8:37:35 AM 1048 (0x0418)
    WSUS Path='http://vcm003.somewhere.local:80', Server='vcm003.somewhere.local', Version='1977' LocationServices 10/3/2016 8:37:35 AM 1048 (0x0418)
    Calling back with locations for WSUS request {74B13274-3219-4EC7-AB71-29E085D22166} LocationServices 10/3/2016 8:37:35 AM 1048 (0x0418)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 9:04:58 AM 2560 (0x0A00)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 10:04:58 AM 3704 (0x0E78)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 11:04:58 AM 3152 (0x0C50)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 12:04:58 PM 3352 (0x0D18)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 1:04:58 PM 284 (0x011C)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 2:04:58 PM 3472 (0x0D90)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 3:04:58 PM 1928 (0x0788)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 4:04:58 PM 3068 (0x0BFC)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 5:04:58 PM 2356 (0x0934)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 6:04:58 PM 2472 (0x09A8)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 7:04:58 PM 1312 (0x0520)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 8:04:58 PM 2772 (0x0AD4)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 9:04:58 PM 3104 (0x0C20)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 10:04:58 PM 3164 (0x0C5C)
    Executing Task LSRefreshLocationsTask LocationServices 10/3/2016 11:04:58 PM 1784 (0x06F8)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 12:04:58 AM 3808 (0x0EE0)
    Executing Task LSSiteRoleCycleTask LocationServices 10/4/2016 12:18:05 AM 892 (0x037C)
    1 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 10/4/2016 12:18:05 AM 892 (0x037C)
    Executing Task LSSiteRoleCycleTask LocationServices 10/4/2016 12:19:55 AM 892 (0x037C)
    2 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 10/4/2016 12:19:55 AM 892 (0x037C)
    Executing Task LSMPCommSuccessTask LocationServices 10/4/2016 12:21:50 AM 3336 (0x0D08)
    Reset assigned MP error count LocationServices 10/4/2016 12:21:50 AM 3336 (0x0D08)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 1:05:05 AM 3596 (0x0E0C)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 2:05:05 AM 3360 (0x0D20)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 3:05:05 AM 4080 (0x0FF0)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 4:05:05 AM 3840 (0x0F00)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 5:05:05 AM 328 (0x0148)
    Executing Task LSRefreshDefaultMPTask LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Retrieved MP [vcm003.somewhere.local] from Registry LocationServices 10/4/2016 6:05:03 AM 3740 (0x0E9C)
    Attempting to retrieve lookup MP(s) from DNS LocationServices 10/4/2016 6:05:03 AM 3740 (0x0E9C)
    DNS Suffix not specified LocationServices 10/4/2016 6:05:03 AM 3740 (0x0E9C)
    No lookup MP(s) from DNS LocationServices 10/4/2016 6:05:03 AM 3740 (0x0E9C)
    Policy prevents failover to WINS for lookup LocationServices 10/4/2016 6:05:03 AM 3740 (0x0E9C)
    Attempting to retrieve site information from lookup MP(s) via HTTP LocationServices 10/4/2016 6:05:03 AM 3740 (0x0E9C)
    LSGetSiteInformationFromManagementPoint('SOM'): Assignment Site Code [SOM], Version [5.00.7958.1000], Capabilities [<Capabilities SchemaVersion="1.0"/>], Client Operational Settings [<ClientOperationalSettings><Version>5.00.7958.1501</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>224</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers></CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202F4308201DCA003020102021053410F60BE1E7BA7418DAD566800AB07300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3132313130373137343730365A180F32313132313031353137343730365A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100AF86399619297440AD23D1AE26467EC30551855046B503F5FDC7EE52C6B7FA21B97136B23B767664284203FCA7826A58B6FA77344D18CC5A9BDF032BEC05F91F371D22CC15D034AC8813C8874FE654938259B44FD20D19CA0FC82AB15A0E764CCFA0DC0DB17B1912A1EEFB6F6AD8F2A274FCE39C4E0DF16D61CF3A60BD55B6E5AB23587DBF735702FDFED33EF4898E1FFEA74114DB9B139C5618C11BD7128E36BAEEE1487FC9F03E2D714F10AEFBED7CADBE705D2FB42197845D9B990B7670602DC78BCA7C9BF1A89991A9A6BA90A6D521932B6C9F6923D9403437A4EAB25C8C4B75617194B14BED496010005F02F16FC3AD7D0977525851406433BB8002F6AD0203010001A33C303A30220603551D11041B30198217707277696E76636D3030332E75746D73612E6C6F63616C30140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B0500038201010000DF6235978EE916EBB141D475E6ED5AFBF606B812417F1FFF2277ADE12451B5DFFA68800E33F7E23A3ABA035781695E2BC6774DBDCADDC0E7B9B033057EC67652CA77D4F51C06693A4D0324085D79E0ADE06561AB02A7F6AC717EFE60B66615C9F2073CE667D54FA8D3733AD2D96552C789CBE8753908E6C6A03E12A54752B2FF08B6612714513F78F7FADFB0ED4898FD5221284672065CDFF4D656C3B0A2702A88169543105783D360E2F1FE5595A98DDD8ECAF0D4391C1070BFEC0E190530CA3A1C6BE06C9411B122B10EC6510576278446A6E7EE38EBD8A9942BEE0609844498224F55EA7B9780880E1864F668BF3E1E11730DA81F74081AE8F1375E95C9</SiteSigningCert></SecurityConfiguration></ClientOperationalSettings>]. LocationServices 10/4/2016 6:05:03 AM 3740 (0x0E9C)
    Refreshed security settings over MP LocationServices 10/4/2016 6:05:03 AM 3740 (0x0E9C)
    No security settings update detected. LocationServices 10/4/2016 6:05:03 AM 3740 (0x0E9C)
    Retrieved MP [vcm003.somewhere.local] from Registry LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Attempting to retrieve lookup MP(s) from DNS LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    DNS Suffix not specified LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    No lookup MP(s) from DNS LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Policy prevents failover to WINS for lookup LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Attempting to retrieve default management points from lookup MP(s) via HTTP LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Unable to retrieve AD site membership LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Default Management Points from MP: LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Name: 'vcm003.somewhere.local' HTTPS: 'N' ForestTrust: 'N' LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    LSUpdateInternetManagementPoints LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Unable to retrieve AD site membership LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    LSUpdateInternetManagementPoints: No internet MPs were retrieved from MP vcm003.somewhere.local, clearing previous list. LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Persisting the default management points in WMI LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Default Management Points from MP: LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Name: 'vcm003.somewhere.local' HTTPS: 'N' ForestTrust: 'N' LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Persisted Default Management Point Locations locally LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Unable to retrieve AD site membership LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Attempting to retrieve local MPs from the assigned MP LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Unable to retrieve AD site membership LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Refreshing the Management Point List for site SOM LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004110503.767000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 2312;
    };
    LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Refreshing trusted key information LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004110503.798000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 2312;
    };
    LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Persisting the management point authentication information in WMI LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Persisted Management Point Authentication Information locally LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Unable to retrieve AD site membership LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Unable to retrieve AD site membership LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004110503.892000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 3924;
    };
    LocationServices 10/4/2016 6:05:03 AM 3924 (0x0F54)
    Unexpected row count (0) retrieved from AD. LocationServices 10/4/2016 6:05:03 AM 2312 (0x0908)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004110503.939000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 3924;
    };
    LocationServices 10/4/2016 6:05:03 AM 3924 (0x0F54)
    Refreshing Certifcate Information over HTTP LocationServices 10/4/2016 6:05:03 AM 3884 (0x0F2C)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004110504.001000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 3884;
    };
    LocationServices 10/4/2016 6:05:04 AM 3884 (0x0F2C)
    Refreshed Certificate Information over HTTP LocationServices 10/4/2016 6:05:04 AM 3884 (0x0F2C)
    Received reply of type PortalCertificateReply LocationServices 10/4/2016 6:05:04 AM 2312 (0x0908)
    The reply from location manager contains 0 certificates LocationServices 10/4/2016 6:05:04 AM 2312 (0x0908)
    Updating portal certificates LocationServices 10/4/2016 6:05:04 AM 2312 (0x0908)
    There are no certificates available to install LocationServices 10/4/2016 6:05:04 AM 2312 (0x0908)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 6:05:05 AM 2312 (0x0908)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 7:05:06 AM 1148 (0x047C)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 8:05:06 AM 3224 (0x0C98)
    Unable to retrieve AD site membership LocationServices 10/4/2016 8:27:35 AM 3276 (0x0CCC)
    Created and Sent Location Request '{59829506-18AA-4DC2-A76C-9CA453CB8F46}' for package {F4B00E40-6116-4075-AE74-8CA45658FC04} LocationServices 10/4/2016 8:27:35 AM 3276 (0x0CCC)
    Calling back with the following WSUS locations LocationServices 10/4/2016 8:27:35 AM 2392 (0x0958)
    WSUS Path='http://vcm003.somewhere.local:80', Server='vcm003.somewhere.local', Version='1978' LocationServices 10/4/2016 8:27:35 AM 2392 (0x0958)
    Calling back with locations for WSUS request {59829506-18AA-4DC2-A76C-9CA453CB8F46} LocationServices 10/4/2016 8:27:35 AM 2392 (0x0958)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 9:05:06 AM 3460 (0x0D84)
    Unable to retrieve AD site membership LocationServices 10/4/2016 9:35:15 AM 3536 (0x0DD0)
    Unable to retrieve AD site membership LocationServices 10/4/2016 9:35:15 AM 3536 (0x0DD0)
    Received reply of type PortalCertificateReply LocationServices 10/4/2016 9:35:17 AM 4068 (0x0FE4)
    The reply from location manager contains 0 certificates LocationServices 10/4/2016 9:35:17 AM 4068 (0x0FE4)
    Updating portal certificates LocationServices 10/4/2016 9:35:17 AM 4068 (0x0FE4)
    There are no certificates available to install LocationServices 10/4/2016 9:35:17 AM 4068 (0x0FE4)
    Executing Task LSRefreshLocationsTask LocationServices 10/4/2016 10:05:06 AM 3512 (0x0DB8)

    Tuesday, October 4, 2016 4:28 PM
  • I don't see anything causing any issues in the above and its mostly normal]. There are a couple of errors connecting to the MP but it looks like it recovered from those.

    MP rotation every 25 hours is normal.

    What happens if you initiate a machine policy retrieval & eval cycle?

    Specifically, what is shown in ccmmessaging.log, policyagent.log, and policyagentprovider.log?


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, October 4, 2016 5:43 PM
  • Ok, I just ran it again (although I've done this after just about every change I test and try). The snippets are below from the logs. I don't see anything interesting. In fact, the policyagentprovider.log didn't even have any recent activity.

    ccmmessaging.log-------------------------------------
    result 0 I take to mean, ok--------------------------

    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004181721.465000+000";
    HostName = "vcm003.somewhere.local";
    HRESULT = "0x00000000";
    ProcessID = 2908;
    StatusCode = 0;
    ThreadID = 3596;
    };
    CcmMessaging 10/4/2016 1:17:21 PM 3596 (0x0E0C)



    policyagent.log---------------------------------------

    Requesting Machine policy assignments PolicyAgent_RequestAssignments 10/4/2016 1:17:21 PM 3596 (0x0E0C)
    Requesting Machine policy from authority 'SMS:SOM' PolicyAgent_RequestAssignments 10/4/2016 1:17:21 PM 3596 (0x0E0C)
    Raising event:
    instance of CCM_PolicyAgent_AssignmentsRequested
    {
    AuthorityName = "SMS:SOM";
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004181721.465000+000";
    ProcessID = 2908;
    ResourceName = "VESF003";
    ResourceType = "Machine";
    ThreadID = 3596;
    };
    PolicyAgent_RequestAssignments 10/4/2016 1:17:21 PM 3596 (0x0E0C)


    policyagentprovider.log---------------------------------------------------------------------------
    --- no recent activity after issuing an action to run machine policy retrieval and eval cycle ----

    policyevaluator.log ----------------------------------------
    threw this in for good measure -----------------------------
    Evaluating User policy for 'S-1-5-21-3435462614-3583281180-916232581-500' PolicyAgent_PolicyEvaluator 10/4/2016 1:20:15 PM 540 (0x021C)
    Evaluating policy in \\.\ROOT\ccm\Policy\S_1_5_21_3435462614_3583281180_916232581_500\RequestedConfig PolicyAgent_PolicyEvaluator 10/4/2016 1:20:15 PM 540 (0x021C)
    Raising event:
    instance of CCM_PolicyAgent_PolicyEvaluationComplete
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004182015.857000+000";
    PolicyNamespace = "\\\\.\\ROOT\\ccm\\Policy\\S_1_5_21_3435462614_3583281180_916232581_500\\RequestedConfig";
    ProcessID = 2908;
    ThreadID = 540;
    };
    PolicyAgent_PolicyEvaluator 10/4/2016 1:20:15 PM 540 (0x021C)
    Evaluating policy in \\.\ROOT\ccm\Policy\Machine\RequestedConfig PolicyAgent_PolicyEvaluator 10/4/2016 1:20:21 PM 1528 (0x05F8)
    Evaluation not required. No changes detected. PolicyAgent_PolicyEvaluator 10/4/2016 1:20:21 PM 1528 (0x05F8)
    Raising event:
    instance of CCM_PolicyAgent_PolicyEvaluationComplete
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004182021.551000+000";
    PolicyNamespace = "\\\\.\\ROOT\\ccm\\Policy\\Machine\\RequestedConfig";
    ProcessID = 2908;
    ThreadID = 1528;
    };
    PolicyAgent_PolicyEvaluator 10/4/2016 1:20:21 PM 1528 (0x05F8)
    Updating settings in \\.\root\ccm\policy\s_1_5_21_3435462614_3583281180_916232581_500\actualconfig PolicyAgent_PolicyEvaluator 10/4/2016 1:22:15 PM 540 (0x021C)
    Raising event:
    instance of CCM_PolicyAgent_SettingsEvaluationComplete
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004182219.628000+000";
    PolicyNamespace = "\\\\.\\root\\ccm\\policy\\s_1_5_21_3435462614_3583281180_916232581_500\\actualconfig";
    ProcessID = 2908;
    ThreadID = 540;
    };
    PolicyAgent_PolicyEvaluator 10/4/2016 1:22:19 PM 540 (0x021C)
    Updating settings in \\.\root\ccm\policy\machine\actualconfig PolicyAgent_PolicyEvaluator 10/4/2016 1:22:21 PM 540 (0x021C)
    Settings update not required. No changes detected. PolicyAgent_PolicyEvaluator 10/4/2016 1:22:21 PM 540 (0x021C)
    Raising event:
    instance of CCM_PolicyAgent_SettingsEvaluationComplete
    {
    ClientID = "GUID:7C467D88-784F-4C1A-80B7-701D08A7C65B";
    DateTime = "20161004182221.562000+000";
    PolicyNamespace = "\\\\.\\root\\ccm\\policy\\machine\\actualconfig";
    ProcessID = 2908;
    ThreadID = 540;
    };
    PolicyAgent_PolicyEvaluator 10/4/2016 1:22:21 PM 540 (0x021C)







    Tuesday, October 4, 2016 6:33 PM
  • Maybe it's worth saying though that earlier (9:44 am this morning) the policyagentprovider.log did show a bunch of queued changes, many of which were microsoft antimalware related. But when I check SCEP it still shows the default policy and when I check the ConfigMgr console it still has no info about the machine's SCEP status.

    [000000000178FD58] 17 settings change(s) detected. PolicyAgentProvider 10/4/2016 9:44:27 AM 3468 (0x0D8C)
    [000000000178FD58] Queued worker to process these 17 settings change(s) PolicyAgentProvider 10/4/2016 9:44:27 AM 3468 (0x0D8C)
    --- Processing 17 settings change(s). PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [1] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_202_202". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [2] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_203_203". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [3] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_204_204". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [4] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_205_205". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [5] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_206_206_13052". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [6] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_206_206_16555". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [7] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_206_206_17523". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [8] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_206_206_7480". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [9] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_207_207". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [10] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_208_208". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [11] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200_209_209". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [12] __InstanceCreationEvent settings change on object CCM_AntiMalwarePolicyPlaceHolder.SiteSettingsKey="{D5DBDD1C-DD8B-4E26-901B-9E543BB9E134}/200". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [13] __InstanceModificationEvent settings change on object InventoryDataItem.DataItemID="{06f26b1c-0dc2-440f-ba56-1788ae1d4f62}",ItemClass="FileSystemFile",Namespace="\\\\.\\root\\ccm\\invagt". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [14] __InstanceModificationEvent settings change on object InventoryDataItem.DataItemID="{4C2A07D7-C48A-44F5-8719-9C25485E71FF}",ItemClass="Win32Reg_SMSGuestVirtualMachine64",Namespace="\\\\.\\root\\cimv2". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [15] __InstanceModificationEvent settings change on object InventoryDataItem.DataItemID="{51F8E3C3-602D-4407-81AB-D00D28A543DC}",ItemClass="Win32Reg_SMSGuestVirtualMachine",Namespace="\\\\.\\root\\cimv2". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [16] __InstanceModificationEvent settings change on object InventoryDataItem.DataItemID="{8F36F298-EF07-47F9-A65A-1ECE0FE767BB}",ItemClass="Win32Reg_AddRemovePrograms",Namespace="\\\\localhost\\root\\cimv2". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- [17] __InstanceModificationEvent settings change on object InventoryDataItem.DataItemID="{9F27B2AE-0C6E-4316-B613-01179DFF24A8}",ItemClass="Win32Reg_AddRemovePrograms64",Namespace="\\\\localhost\\root\\cimv2". PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- Begin Indicating 17 settings change(s). PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)
    --- Completed Indicating 17 settings change(s). PolicyAgentProvider 10/4/2016 9:44:27 AM 3248 (0x0CB0)

    Tuesday, October 4, 2016 6:41 PM
  • Everything above looks normal and all communication looks like its happening normally.

    What if you change another setting in the client settings targeted at the system -- does that get applied?

    How about an available deployment for something small, does that show in Software Center?


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, October 4, 2016 8:34 PM
  • Yeah, I made a client setting change to slightly change the organization name in software center - that went through ok. And I deployed a small application and that went through ok. Perhaps something SCEP specific isn't working?
    Tuesday, October 4, 2016 9:34 PM
  • Just to clarify, the small application was showing as available in software center, then I manually ran the install from there. So yeah, that worked.
    Tuesday, October 4, 2016 9:35 PM
  • So (as a sanity check), are you sure the policy is even set to be deployed to this client?

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, October 4, 2016 9:56 PM
  • I like sanity checks. ;)

    Yes, it is. I just looked again. Plus SCEP doesn't even say the usual 'some settings are being managed by your administrator' thing, and nothing is grayed out like it should be. Also, the SCEP information doesn't show up in the columns when I view the device in the ConfigMgr console - such as Last Definition Update time, scan time, etc.

    I do appreciate your help by the way. At least we've ruled somethings out thus far.

    I should also say, I saw from looking at the endpointprotectionagent.log that two versions of SCEP were installed the old and the new that I installed recently. So I ran the uninstaller, reinstalled only the new and rebooted. (maybe should have rebooted in between?). Anyway that got rid of the errors in the endpointprotectionagent.log.

    This may be a wildshot, but are there other ports that are SCEP specific that need to be opened for DMZ servers?

    Tuesday, October 4, 2016 10:03 PM
  • Based on what is and isn't working should this post be renamed or moved to something more SCEP specific? I think you've basically convinced me SCCM is more or less working, just the SCEP part is not being managed.
    Wednesday, October 5, 2016 1:37 PM
  • Latest entries / failures from this morning in the endpointprotectionagent.log... interesting:

    Thoughts on this?

    Endpoint is triggered by WMI notification. EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    EP State and Error Code didn't get changed, skip resend state message. EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    State 1, error code 0 and detail message are not changed, skip updating registry value EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.6.305.0. EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    EP version 4.6.305.0 is already installed. EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    Expected Version 4.6.305.0 is exactly same with installed version 4.6.305.0. EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    Handle EP AM policy. EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)
    Generate AM Policy XML while EP is disabled. EndpointProtectionAgent 10/5/2016 8:11:19 AM 3624 (0x0E28)

    Wednesday, October 5, 2016 2:02 PM
  • Fixed!

    Though I had the Antimalware Policy deployed to the DMZ group, inadvertently I had overlooked the DMZ group getting the client settings under Endpoint Protection that specify EP be managed by SCCM. Therefore it went with the default Client Settings which leave EP unmanaged. :)

    Thanks for helping me whittle this down.

    Wednesday, October 5, 2016 2:25 PM
  • Glad you found it as I was pretty much out of ideas.

    I did notice the last above said "Generate AM Policy XML while EP is disabled" so was hoping that was it as well.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, October 5, 2016 2:28 PM