locked
SCEP 2012R2 - как узнать, почему на клиенте не обновились определения EP ? RRS feed

  • Вопрос

  • Имеется SCEP 2012R2, у некоторых клиентов стоит очень старая дата обновления антивирусных баз.

    Собственно вопрос - как узнать, почему перестало или не обновилось? Может есть какой-то лог по клиенту или отчет?

    18 июля 2016 г. 7:15

Ответы

Все ответы

  • День добрый

    Запускайте "обновление определений" и  смотрите логи

    %Windir%\WindowsUpdate.log
    %Windir%\Temp\MpCmdRun.log

    %Windir%\CCM\Logs\EndpointProtectionAgent.log


    Грамотоная постановка вопроса - уже 50% решения. "SCCM User Group Russia" на FaceBook https://www.facebook.com/groups/sccm.russia/ " SCCM User Group" в Telegram: https://telegram.me/configmgr

    18 июля 2016 г. 7:26
  • MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -ManagedUpdate
     Start Time: ‎Пн ‎июл ‎18 ‎2016 08:33:17
    
    Start: Signatures Update Service
    Update Started
    Search Started (WSUS update) (Path: http://CMHQ1.xxxx.ru:8530)...
    Search Completed 
    Update completed succesfully. no updates needed
    End: Signatures Update Service
    
    Страно, почему - "no updates needed", когда дата сигнатур - 1.06.2016 ! И на других компах обновляет!
    18 июля 2016 г. 10:03
  • А в WindowsUpdate.log?

    Грамотоная постановка вопроса - уже 50% решения. "SCCM User Group Russia" на FaceBook https://www.facebook.com/groups/sccm.russia/ " SCCM User Group" в Telegram: https://telegram.me/configmgr

    18 июля 2016 г. 10:14
  • 2016-07-18	08:33:17:800	78448	130a0	Misc	===========  Logging initialized (build: 7.6.7601.19161, tz: +0300)  ===========
    2016-07-18	08:33:17:800	78448	130a0	Misc	  = Process: C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    2016-07-18	08:33:17:800	78448	130a0	Misc	  = Module: C:\Windows\system32\wuapi.dll
    2016-07-18	08:33:17:800	78448	130a0	COMAPI	-------------
    2016-07-18	08:33:17:800	78448	130a0	COMAPI	-- START --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:33:17:800	78448	130a0	COMAPI	---------
    2016-07-18	08:33:17:816	78448	130a0	COMAPI	<<-- SUBMITTED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:33:17:863	1072	12f78	Agent	*************
    2016-07-18	08:33:17:863	1072	12f78	Agent	** START **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:33:17:863	1072	12f78	Agent	*********
    2016-07-18	08:33:17:863	1072	12f78	Agent	  * Online = Yes; Ignore download priority = No
    2016-07-18	08:33:17:863	1072	12f78	Agent	  * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6911a52c34a3' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
    2016-07-18	08:33:17:863	1072	12f78	Agent	  * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2016-07-18	08:33:17:863	1072	12f78	Agent	  * Search Scope = {Machine}
    2016-07-18	08:33:17:987	1072	12f78	PT	WARNING: Cached cookie has expired or new PID is available
    2016-07-18	08:33:17:987	1072	12f78	PT	Initializing simple targeting cookie, clientId = 4363df89-1c0a-4886-85de-4bdc68ff72ce, target group = , DNS name = 23-s02-pc046.xxxx.ru
    2016-07-18	08:33:17:987	1072	12f78	PT	  Server URL = http://CMHQ1.xxxx.ru:8530/SimpleAuthWebService/SimpleAuth.asmx
    2016-07-18	08:33:20:624	1072	12f78	PT	+++++++++++  PT: Starting category scan  +++++++++++
    2016-07-18	08:33:20:624	1072	12f78	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://CMHQ1.xxxx.ru:8530/ClientWebService/client.asmx
    2016-07-18	08:33:21:638	1072	12f78	PT	+++++++++++  PT: Synchronizing server updates  +++++++++++
    2016-07-18	08:33:21:638	1072	12f78	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://CMHQ1.xxxx.ru:8530/ClientWebService/client.asmx
    2016-07-18	08:33:21:654	1072	12f78	PT	WARNING: Cached cookie has expired or new PID is available
    2016-07-18	08:33:21:654	1072	12f78	PT	Initializing simple targeting cookie, clientId = 4363df89-1c0a-4886-85de-4bdc68ff72ce, target group = , DNS name = 23-s02-pc046.xxxx.ru
    2016-07-18	08:33:21:654	1072	12f78	PT	  Server URL = http://CMHQ1.xxxx.ru:8530/SimpleAuthWebService/SimpleAuth.asmx
    2016-07-18	08:33:22:839	1072	12f78	PT	+++++++++++  PT: Synchronizing extended update info  +++++++++++
    2016-07-18	08:33:22:839	1072	12f78	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://CMHQ1.xxxx.ru:8530/ClientWebService/client.asmx
    2016-07-18	08:33:22:964	1072	87c	AU	Can not perform non-interactive scan if AU is interactive-only
    2016-07-18	08:33:23:042	1072	12f78	Agent	  * Found 0 updates and 4 categories in search; evaluated appl. rules of 67 out of 86 deployed entities
    2016-07-18	08:33:23:666	1072	12f78	Agent	*********
    2016-07-18	08:33:23:666	1072	12f78	Agent	**  END  **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:33:23:666	1072	12f78	Agent	*************
    2016-07-18	08:33:23:666	78448	12904	COMAPI	>>--  RESUMED  -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:33:23:666	78448	12904	COMAPI	  - Updates found = 0
    2016-07-18	08:33:23:666	78448	12904	COMAPI	---------
    2016-07-18	08:33:23:666	78448	12904	COMAPI	--  END  --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:33:23:666	78448	12904	COMAPI	-------------
    2016-07-18	08:33:23:713	76792	12a18	Misc	===========  Logging initialized (build: 7.6.7601.19161, tz: +0300)  ===========
    2016-07-18	08:33:23:713	76792	12a18	Misc	  = Process: C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    2016-07-18	08:33:23:713	76792	12a18	Misc	  = Module: C:\Windows\system32\wuapi.dll
    2016-07-18	08:33:23:713	76792	12a18	COMAPI	-------------
    2016-07-18	08:33:23:713	76792	12a18	COMAPI	-- START --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:33:23:713	76792	12a18	COMAPI	---------
    2016-07-18	08:33:23:728	76792	12a18	COMAPI	<<-- SUBMITTED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:33:23:728	1072	12f78	Agent	*************
    2016-07-18	08:33:23:728	1072	12f78	Agent	** START **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:33:23:728	1072	12f78	Agent	*********
    2016-07-18	08:33:23:728	1072	12f78	Agent	  * Online = Yes; Ignore download priority = No
    2016-07-18	08:33:23:728	1072	12f78	Agent	  * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6911a52c34a3' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
    2016-07-18	08:33:23:728	1072	12f78	Agent	  * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
    2016-07-18	08:33:23:728	1072	12f78	Agent	  * Search Scope = {Machine}
    2016-07-18	08:33:23:760	1072	12f78	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab with dwProvFlags 0x00000080:
    2016-07-18	08:34:03:791	1072	12f78	Misc	 Microsoft signed: NA
    2016-07-18	08:34:03:791	1072	12f78	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\TMP6019.tmp with dwProvFlags 0x00000080:
    2016-07-18	08:34:33:807	1072	12f78	Misc	 Microsoft signed: NA
    2016-07-18	08:34:33:823	1072	12f78	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\v6-win7sp1-wuredir.cab with dwProvFlags 0x00000080:
    2016-07-18	08:34:33:838	1072	12f78	Misc	 Microsoft signed: NA
    2016-07-18	08:35:18:332	1072	12f78	Misc	WARNING: Send failed with hr = 80072ee2.
    2016-07-18	08:35:18:332	1072	12f78	Misc	WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2016-07-18	08:35:18:332	1072	12f78	Misc	WARNING: WinHttp: SendRequestUsingProxy failed for <http://ds.download.windowsupdate.com/v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab>. error 0x80072ee2
    2016-07-18	08:35:18:332	1072	12f78	Misc	WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2016-07-18	08:35:18:332	1072	12f78	Misc	WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2016-07-18	08:35:18:332	1072	12f78	Misc	WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2016-07-18	08:35:18:332	1072	12f78	Misc	WARNING: DownloadFileInternal failed for http://ds.download.windowsupdate.com/v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab: error 0x80072ee2
    2016-07-18	08:35:18:332	1072	12f78	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\v6-win7sp1-wuredir.cab with dwProvFlags 0x00000080:
    2016-07-18	08:35:18:332	1072	12f78	Misc	 Microsoft signed: NA
    2016-07-18	08:35:41:858	1072	12f78	Misc	WARNING: Send failed with hr = 80072ee2.
    2016-07-18	08:35:41:858	1072	12f78	Misc	WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2016-07-18	08:35:41:858	1072	12f78	Misc	WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab>. error 0x80072ee2
    2016-07-18	08:35:41:858	1072	12f78	Misc	WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2016-07-18	08:35:41:858	1072	12f78	Misc	WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2016-07-18	08:35:41:858	1072	12f78	Misc	WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2016-07-18	08:35:41:858	1072	12f78	Misc	WARNING: DownloadFileInternal failed for http://download.microsoft.com/v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab: error 0x80072ee2
    2016-07-18	08:35:41:858	1072	12f78	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\v6-win7sp1-wuredir.cab with dwProvFlags 0x00000080:
    2016-07-18	08:35:41:858	1072	12f78	Misc	 Microsoft signed: NA
    2016-07-18	08:36:47:334	1072	12f78	Misc	WARNING: Send failed with hr = 80072ee2.
    2016-07-18	08:36:47:334	1072	12f78	Misc	WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2016-07-18	08:36:47:334	1072	12f78	Misc	WARNING: WinHttp: SendRequestUsingProxy failed for <http://fe2.update.microsoft.com/v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab>. error 0x80072ee2
    2016-07-18	08:36:47:334	1072	12f78	Misc	WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2016-07-18	08:36:47:334	1072	12f78	Misc	WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2016-07-18	08:36:47:334	1072	12f78	Misc	WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2016-07-18	08:36:47:334	1072	12f78	Misc	WARNING: DownloadFileInternal failed for http://fe2.update.microsoft.com/v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab: error 0x80072ee2
    2016-07-18	08:36:47:334	1072	12f78	Agent	WARNING: Failed to obtain the authorization cab URLs, hr=0x80072ee2
    2016-07-18	08:36:47:334	1072	12f78	Agent	  * WARNING: Online service registration/service ID resolution failed, hr=0x80072EE2
    2016-07-18	08:36:47:334	1072	12f78	Agent	  * WARNING: Exit code = 0x80072EE2
    2016-07-18	08:36:47:334	1072	12f78	Agent	*********
    2016-07-18	08:36:47:334	1072	12f78	Agent	**  END  **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:36:47:334	1072	12f78	Agent	*************
    2016-07-18	08:36:47:334	1072	12f78	Agent	WARNING: WU client failed Searching for update with error 0x80072ee2
    2016-07-18	08:36:47:334	1072	12f78	Report	REPORT EVENT: {A920B270-079B-4B54-B79F-6547A28DDB5E}	2016-07-18 08:33:23:666+0300	1	147	101	{00000000-0000-0000-0000-000000000000}	0	0	System Center Endpoint Protecti	Success	Software Synchronization	Windows Update Client successfully detected 0 updates.
    2016-07-18	08:36:47:350	76792	1319c	COMAPI	>>--  RESUMED  -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:36:47:350	76792	1319c	COMAPI	  - Updates found = 0
    2016-07-18	08:36:47:350	76792	1319c	COMAPI	  - WARNING: Exit code = 0x00000000, Result code = 0x80072EE2
    2016-07-18	08:36:47:350	76792	1319c	COMAPI	---------
    2016-07-18	08:36:47:350	76792	1319c	COMAPI	--  END  --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2016-07-18	08:36:47:350	76792	1319c	COMAPI	-------------
    2016-07-18	08:36:47:350	76792	13358	COMAPI	WARNING: Operation failed due to earlier error, hr=80072EE2
    2016-07-18	08:36:47:350	76792	13358	COMAPI	FATAL: Unable to complete asynchronous search. (hr=80072EE2)
    2016-07-18	08:36:52:342	1072	12f78	Report	REPORT EVENT: {B922C2A7-1A92-474B-8D73-EF9EC84AA0A7}	2016-07-18 08:36:47:334+0300	1	148	101	{00000000-0000-0000-0000-000000000000}	0	80072ee2	System Center Endpoint Protecti	Failure	Software Synchronization	Windows Update Client failed to detect with error 0x80072ee2.
    2016-07-18	08:36:52:358	1072	12f78	Report	CWERReporter::HandleEvents - WER report upload completed with status 0x8
    2016-07-18	08:36:52:358	1072	12f78	Report	WER Report sent: 7.6.7601.19161 0x80072ee2(0) 0000000-0000-0000-0000-000000000000 Scan 0 1 System Center Endpoint Protecti {7971F918-A847-4430-9279-4A52D1EFE18D} 0
    2016-07-18	08:38:38:397	1072	12f78	Report	Uploading 1 events using cached cookie, reporting URL = http://CMHQ1.xxxx.ru:8530/ReportingWebService/ReportingWebService.asmx
    2016-07-18	08:38:38:896	1072	12f78	Report	Reporter successfully uploaded 1 events.
    


    18 июля 2016 г. 13:02
  • В свойстах устройства, на вкладке Deployment, есть назначенные обновления на это устройство?
    http://c2n.me/3AjH3rY
    Дополнительно:

    1. И проверьте что политика на устройство включает SCEP (Открыть коллекцию All Devices / Правой кнопкой на компе / Client Setting / Resultant Client Setting / Endpoint Protection)
    2. Политика самого антивируса для этого устройства уставливает порядок источников обновления правильно, например: 1-й -SCCM, 2-й WSUS сервер и т.д.


    Гра&#1084;отоная постановка вопроса - уже 50% решения. &quot;SCCM User Group Russia&quot; на FaceBook https://www.facebook.com/groups/sccm.russia/ &quot; SCCM User Group&quot; в Telegram: https://telegram.me/configmgr

    18 июля 2016 г. 13:57
  • Вчера как раз статейку написали, для большего понимая как работает обновления SCEP, может пригодится

    https://blogs.technet.microsoft.com/askpfeplat/2016/07/18/endpoint-protection-updates-configuration-manager/


    Грамотная постановка вопроса - уже 50% решения.
    SCCM User Group Russia на FaceBook и в Telegram

    19 июля 2016 г. 6:14
  • В свойстах устройства, на вкладке Deployment, есть назначенные обновления на это устройство?

    Целая куча!
    Дополнительно:

    1. И проверьте что политика на устройство включает SCEP (Открыть коллекцию All Devices / Правой кнопкой на компе / Client Setting / Resultant Client Setting / Endpoint Protection)
    2. Политика самого антивируса для этого устройства уставливает порядок источников обновления правильно, например: 1-й -SCCM, 2-й WSUS сервер и т.д.



    Да Да Все равно не обновляет! :(
    19 июля 2016 г. 12:33
  • Ну х.з
    Попробуйте пересоздать правило ADR для SCEP-а

    Грамотная постановка вопроса - уже 50% решения.
    SCCM User Group Russia на FaceBook и в Telegram

    19 июля 2016 г. 13:01