We recently installed the Forefront client on ~100 machines, and deployed policies to them using .reg files and the import tool, automated using a script.
In the deployment summary report, and all drill down reports, linked from it over 40 machines were listed as having deployment problems. Some of the problems were related to an unknown policy version, and some related to an unknown policy. Some machines were correctly reporting the current policy. The registry of a sample for each case was inspected, and in fact, there were the appropriate registry settings as per policy. Addionally, on the machines, the policy appeared to be enforced.
During investigation, one machine with "unknown policy" was rebooted, and on another, the import tool was executed.
After a few minutes, the report was refreshed, and ALL ~40 machines that had been previously reporting deployment problems were no longer reporting deployment problems. They were correctly reporting the name of the policy.
The deployment was done by 2:30am, and the reports were first investigated at around 9am. The report "fixed" itself around noon.
Has anybody seen such behaviour, or could anybody explain such behaviour?
I've seen some instances where you get some delay before the clients & FCS mgmt console update each other, MOM has to send over the info to the FCS mgmt server, and then process etc...
Friday, January 18, 2008 9:36 AM
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.