locked
Endpoint Protection Not Deploying to Servers Via SCCM RRS feed

  • Question

  • I have recently added a few test servers (2003, 2008) to our Endpoint Protection 2010 security group which is tied to our SCCM collection for Forefront deployment. This collection works fine for XP clients but not for server systems. I have checked the SCCM package details and everything is set to install on any Window's platform. I'm not sure which logs to check to find an error message regarding why the deployment isn't working. Can anyone shed any light on this?

     

    So in summary, when trying to use the same setup we have to deploy Forefront to our desktops which use XP, the system fails to deploy to our servers WIN 2003, 2008. The servers have correctly installed the SCCM client and they are not using their firewalls.


    • Edited by PCC007 Monday, November 21, 2011 9:42 AM
    Monday, November 21, 2011 9:42 AM

Answers

  • Hi,

    Content source might not be available because the advertisement is configured with the option Run program from distribution point on one or more branch distribution points and is not available on a standard distribution point. Branch distribution points do not support advertisements that are configured with the option Run program from distribution point.

    The log say branch DP not support run program from DP, so try to change advertisement to Download content from DP and run locally on fast/slow network. Then refresh DP in ConfigMgr Packages.
    Here is article about run program from DP, just refer to the settings UI.

    Regards,
    Rick Tan

    • Marked as answer by Rick Tan Monday, December 5, 2011 3:15 AM
    Wednesday, November 30, 2011 7:36 AM

All replies

  • Hi,

    Thank you for your post.

    1.Rerun the FEP deployment advertisements or select the server in collection--right click--Distribute software--select FEP deployment packet
    2.Click ConfigMgr--System status--Advertisement status--FEP deployment--show message, check if any errors there
    3.On FEP client, look at C:\windows\system32\ccm\logs\execmgr.log for ConfigMgr advertisment
    4.On FEP client, look at FEP setup log, %allusersprofile%\Microsoft\Microsoft Security Client\Support\EppSetup.log
    5.Copy FEPinstall.exe to client, test to manually run it to install FEP

    If there are more inquiries on this issue, please feel free to let us know.

    Regards,
    Rick Tan

    Tuesday, November 22, 2011 9:23 AM
  • few more tips that help you to resolve your issue

    FEP log location

    %allusersprofile%\Microsoft\Microsoft Antimalware\Support: log files specific for the antimalware service

    %allusersprofile%\Microsoft\Microsoft Security Client\Support: log files specific for the FEP client software

    %windir%\WindowsUpdate.log: Windows Update log files, which include information about definition updates

     

    Verify KB981889 is installed on your servers

    FEP 2010 clients require the Windows Filtering Platform (WFP) rollup package KB981889 on Windows Vista, 2008, 2008 R2, and Windows 7.


    Syed Kasif | My blogs: http://syedtechblog.wordpress.com | Linkedin: /syedkashif
    Tuesday, November 22, 2011 6:55 PM
  • Thanks for the replies guys this is what i have found so far.

    This error regarding a failed FEP server deployment:

    The program for advertisement "PCC20004 has failed because download of the content "PCC00004" - "Install" has failed. The download failed because the content downloaded to the client does not match the content specified in the content source. Possible causes: The content on the distribution point has been manually modified, or a local administrator on the computer has modified the content in the computer's hash. Solution: Refresh the content on the distribution point and retry the download.

    When I try to execute the FEP installer manually via the 'Run Advertised Programs' option i get the following error:

    The program Microsoft Corporation FEP - Deployment 1.0 - Install cannot be run because the program files were not successfully downloaded.

    Another failed server install states:

    The content for "PCC00004" - "5" could not be located. This SMS client will no longer attempt to locate this content.
    Possible cause: The content source might not be available on any distribution servers, or the advertisement may have been marked not to run program when no local Distribution Point is available and this SMS client is in remote roaming boundaries of the site. Content source might not be available because the advertisement is configured with the option Run program from distribution point on one or more branch distribution points and is not available on a standard distribution point. Branch distribution points do not support advertisements that are configured with the option Run program from distribution point.
    Solution: Use the Manage Distribution Points wizard to distribute the content to a distribution point. If this SMS client is expected to stay in remote roaming binderies then change the advertisement to allow running program from remote Distribution Point. Use the Manage Distribution Points wizard to distribute the content to a standard distribution point if you want to use the option Run program from distribution point.

    The issues appears to be with the install files, but i'm not sure why. Can you shed any light?

    Thursday, November 24, 2011 2:53 PM
  • Bump
    Tuesday, November 29, 2011 10:01 AM
  • Hi,

    Content source might not be available because the advertisement is configured with the option Run program from distribution point on one or more branch distribution points and is not available on a standard distribution point. Branch distribution points do not support advertisements that are configured with the option Run program from distribution point.

    The log say branch DP not support run program from DP, so try to change advertisement to Download content from DP and run locally on fast/slow network. Then refresh DP in ConfigMgr Packages.
    Here is article about run program from DP, just refer to the settings UI.

    Regards,
    Rick Tan

    • Marked as answer by Rick Tan Monday, December 5, 2011 3:15 AM
    Wednesday, November 30, 2011 7:36 AM