How does the SCEP 2012 agent definition update process work? RRS feed

  • Question

  • I have configured SCEP 2012 in CM 2012.  Some of the clients are not getting definition updates consistently.

    My configuration looks like this:

    • Custom Device client settings for SCEP2012 deployed to "All Desktop and Server Clients" collection (Default Client Settings is not deployed)
    • Automatic Deployment rule configured to check for definition updates 4x daily (offset 2 hours from SUP sync)
    • ADR Software Update Group deployed to collection containing all SCEP 2012 clients
    • Custom Antimalware policies created and deployed to collections - all policies set to use only CM as definition source and set to check for definition updates every 4 hours

    Some SCEP2012 clients stay current.  Other clients are between 4 - 10 definition updates behind.  The TechNet documentation does not detail how the SCEP 2012 client definition update process works.  I have dug through the client side logs and have not found anything of use.

    Can anyone describe the process for me so I can troubleshoot what is happening?

    Wednesday, May 30, 2012 5:24 PM

All replies

  • Hello,
    Thank you for your question.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.


    Rick Tan

    TechNet Community Support

    Monday, June 4, 2012 2:25 AM
  • I had to shut the CM server and clients down a few days ago for server maintenance.  Since I brought everything back online, all but 1 client has been successfully keeping up with the definition updates.  I just uninstalled and reinstalled the SCEP client on the problem server.  It pulled the latest update from CM after the reinstall.  We'll see if it keeps up the definition updates.
    Monday, June 4, 2012 5:59 PM
  • Hi!

    I see that things appear to be clearing up in your environment, but wanted to share the process flow of logs that you could review when deploying defintion/software updates via Configuration Manager 2012 to your clients. Below are client-side logs that you can review.  Many times, you can review the WindowsUpdate.log and/or the EndPoint Protection logs and decipher the issue, but wanted to provide the Configuration Manager logs as well.

    Configuration Manager 2012 specific logs (C:\Windows\CCM\Logs):

    • ccmexec.log
    • updatesdeployment.log
    • execmgr.log
    • ciagent.log
    • updateshandler.log
    • scanagent.log
    • wuahandler.log

    Windows Update Agent log (C:\Windows):

    • WindowsUpdate.log - shows download and installation of defintion/software updates

    EndPoint Protection logs (C:\ProgramData\Microsoft\Microsoft Antimalware\Support):

    • MPDetection-<date-timestamp>.log
    • MPLog-<date-timestamp>.log
    • MPCacheStats.log

    Hope this helps!

    Tuesday, June 5, 2012 6:58 PM
  • Wednesday, September 11, 2013 10:49 AM