none
Is it required to restart the SMS Agent Host service weekly? RRS feed

  • Question

  • Hi,

    I am on the latest version of config manager and for a couple years now, if I don't restart the ccmexec/sms agent host service weekly on the servers in my environment they will not get defender updates. Is there some requirement where this is a necessary thing to do? Any reason why the service stops communicating after a week or so? Its not on a specific date usually its about a week from whenever the service was last restarted on a server. Any one else experience this? TIA

    Tuesday, October 8, 2019 6:41 PM

Answers

  • Hello,
     
    I have to ask that how you set the update source of Windows Defender. Refer to the following screenshots. 
     
    On the server side:

      
    On the client side (Windows 10, Server 2016):


     
    1> Check that if there are Windows updates or Defender GPOs applied to the clients which may change the updating behavior of EP agent.
     
    2> If the source is set to Windows update, try manually check updates for Windows Defender and check the windowsupdate.log to see if there are errors.
     
    3> If the source is set to CM or WSUS, troubleshoot your issue like other updates, such as if clients receive the deployment, if client get the update files, etc.
     
    Hope my answer could help you and look forward to your feedback.
     
    Best Regards,
    Ray

    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by GibsonLP2012 Wednesday, October 9, 2019 6:43 PM
    Wednesday, October 9, 2019 9:15 AM
  • No, the GPO is not required.

    Have you reviewed the client side logs when issues start happening? Keep in mind that reviewing logs isn't just about looking for errors. You often need to read them and identify differences, missing items, or other out of the ordinary indicators. It's by no means an exact science.

    Ultimately, a support case may be in order here to help identify the issue. My guess would be that there's external force (software most likely) that conflicts in some way, but that is really just a guess. Given that this seems to be isolate to your environment though, it follows that the issue is related to something unique in your environment.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by GibsonLP2012 Wednesday, October 9, 2019 6:43 PM
    Wednesday, October 9, 2019 3:27 PM

All replies

  • No, there is no requirement and this is nothing I've ever seen, heard of, or had to do. Assuming that you are on 1906, you will almost certainly need to perform some deeper troubleshooting and investigation here.

    WUAHandler.log is always the place I start for software update issues.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, October 8, 2019 6:52 PM
  • Thank you for the reply, I have checked all the logs and dont see any errors or reasons why. Just that the line in the wuahandler log that says Successfully completed synchronous searching of updates. Is no longer logged as an event when the machine stops getting antivirus updates.
    Tuesday, October 8, 2019 7:02 PM
  • Just to confirm, you say that the site is CB 1906. Have the clients also been upgraded? What version are they running?
    Wednesday, October 9, 2019 12:18 AM
  • Hello,
     
    I have to ask that how you set the update source of Windows Defender. Refer to the following screenshots. 
     
    On the server side:

      
    On the client side (Windows 10, Server 2016):


     
    1> Check that if there are Windows updates or Defender GPOs applied to the clients which may change the updating behavior of EP agent.
     
    2> If the source is set to Windows update, try manually check updates for Windows Defender and check the windowsupdate.log to see if there are errors.
     
    3> If the source is set to CM or WSUS, troubleshoot your issue like other updates, such as if clients receive the deployment, if client get the update files, etc.
     
    Hope my answer could help you and look forward to your feedback.
     
    Best Regards,
    Ray

    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by GibsonLP2012 Wednesday, October 9, 2019 6:43 PM
    Wednesday, October 9, 2019 9:15 AM
  • Yes 1906, server client is on 5.00.8740.1024
    Wednesday, October 9, 2019 1:03 PM
  • Thank you for your reply. For the antimalware policy we have it set to "Updates distributed from Configuration Manager" only. We don't use MS update.

    On the server side this GPO is not configured. Should it be?

    Its just very strange everything works fine for a week and then the service seems to stop working correctly. Restart it and everything good again.

    Wednesday, October 9, 2019 1:10 PM
  • No, the GPO is not required.

    Have you reviewed the client side logs when issues start happening? Keep in mind that reviewing logs isn't just about looking for errors. You often need to read them and identify differences, missing items, or other out of the ordinary indicators. It's by no means an exact science.

    Ultimately, a support case may be in order here to help identify the issue. My guess would be that there's external force (software most likely) that conflicts in some way, but that is really just a guess. Given that this seems to be isolate to your environment though, it follows that the issue is related to something unique in your environment.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by GibsonLP2012 Wednesday, October 9, 2019 6:43 PM
    Wednesday, October 9, 2019 3:27 PM
  • Hello,
     
    Here is a summary for this post.
     

    Issue Definition:
    ========================
    IF OP don't restart the ccmexec/sms agent host service weekly on the servers in my environment they will not get defender updates.
     
    Possible Cause:
    ========================
    There's external force that conflicts in some way.

    Solution:
    ========================
    Troubleshoot it like other software update deployment, check if clients could receive the policy, get the content, etc. A support case may be in order here to help identify the issue.
     
    Best Regards,
    Ray


    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 14, 2019 7:16 AM