The servers have the CCM and EP client installed on them. The local F/W has the EP client allowed for inbound connections. Internet explorer has the Microsoft Update sites listed in the trusted site list. The Automatic Deployment rules have been setup for the servers to down load the updates automatically.  The windows servers can manually download the windows updates from Microsoft, so it is not a connectivity problem. The EP client was able to update the definition files the first time it was installed, but nothing since. I have seen this https://support.microsoft.com/en-us/kb/935934 and have manually updated the definition files on each server, but that does not solve the automatic deployment problem.

The error messages is: System Center Endpoint Protection:

The app couldn't check for Virus and spyware definition updates.

Check your internet or network connections and try again.

Support information:

Error code 0x80248014

The definition updates could not be installed.

I will try to cut and past the a screen shot in the next posting.  So far it was not allowed, body warning 4 - 6000 Characters long.

Hi

For the last two month we have experienced strange behavior in SCCM 2012 (R2) when we deploy the new software updates (patch Tuesday)

Updates are getting synchronized from WSUS into SCCM and I can see them i All software updates tab, here starts the strange part. When the workstations do a software update scan, almost 2500 of the workstations say the patch is not needed, I cannot believe this to be true, we are talking about the new Win7 patch for May (like MS15-054 and 055) - see screenshot. Only about 1100 workstations requires the new patch. This is the view even before we start deploy

We had the same problem for patch in April. I cannot see any error in the log files on the workstations

When we deploy, we deploy to collection "all workstation" which is about 4200 workstations (mix of win 7 x86 and x64)

Do anymore experience same problem, or have any idea to what the problem is?

Thanks

if scheduled required updates have failed to install for some reason, you will see them in software center, right

but is it true that those failed updates will NOT be attempted to install again, unless done so by the operator manually from the software center?

Hi,

     We handle more than 50000 clients for a customer and recently we are having problems in some machines when we deploy the patches.The patches(Security and office) get stuck at 0% or getting failed in some machines. We tried uninstall and then re install client(2012 R2) or WMI rebuild. But still the issue persist.  Could some one help me how to fix this issue.

Thanks,

Natthom.

Hi,

Simple question, for App-V: should or should we not exclude C:\ProgramData\App-V  (= root for package) from SCEP (Sytem Center Endpoint Protection)?

J.

Jan Hoedt

WUAHandler.log

Going to search using WSUS update source. WUAHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Synchronous searching started using filter: 'UpdateID = 'c66ef728-47a2-4c13-9516-fc96bb81a51d' AND DeploymentAction = *'... WUAHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Successfully completed synchronous searching of updates. WUAHandler 5/20/2015 10:44:52 AM 1932 (0x078C)
1. Update: c66ef728-47a2-4c13-9516-fc96bb81a51d, 200   BundledUpdates: 1 WUAHandler 5/20/2015 10:44:52 AM 1932 (0x078C)
       Update: dfec7099-fbb9-46f6-8127-656969dc95a8, 200   BundledUpdates: 0 WUAHandler 5/20/2015 10:44:52 AM 1932 (0x078C)
1. Update (Missing): Security Update for Microsoft Silverlight (KB3056819) (c66ef728-47a2-4c13-9516-fc96bb81a51d, 200) WUAHandler 5/20/2015 10:44:52 AM 1932 (0x078C)
Async installation of updates started. WUAHandler 5/20/2015 10:44:52 AM 1932 (0x078C)
Update 1 (c66ef728-47a2-4c13-9516-fc96bb81a51d) finished installing (0x80070643), Reboot Required? No WUAHandler 5/20/2015 10:45:42 AM 5132 (0x140C)
Async install completed. WUAHandler 5/20/2015 10:45:42 AM 5132 (0x140C)
Installation job encountered some failures. Error = 0x80240022. WUAHandler 5/20/2015 10:45:42 AM 1932 (0x078C)
Installation of updates completed. WUAHandler 5/20/2015 10:45:42 AM 1932 (0x078C)

UpdatesHandler.log

Initiating updates scan for checking applicability. UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Successfully initiated scan. UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Updates scan completion received, result = 0x0. UpdatesHandler 5/20/2015 10:44:39 AM 4204 (0x106C)
Method (Apply) called from SDM. UpdatesHandler 5/20/2015 10:44:39 AM 4068 (0x0FE4)
Starting job with id = {6A70B998-7D8F-41DD-B8C0-1EF104ED32ED} UpdatesHandler 5/20/2015 10:44:39 AM 4068 (0x0FE4)
Initiating Scan. Forced = (0) UpdatesHandler 5/20/2015 10:44:39 AM 4068 (0x0FE4)
Successfully initiated scan for job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:44:39 AM 4068 (0x0FE4)
Scan completion received for job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Evaluating status of the updates for the job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Initiating download for the job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Check contents availability. UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Bundle update (c66ef728-47a2-4c13-9516-fc96bb81a51d) is requesting download from child updates for action (INSTALL) UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
CUpdate::CheckLocations - Checking locations on action (INSTALL) for Update (dfec7099-fbb9-46f6-8127-656969dc95a8) UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Ignoring update state (DOWNLOAD_READY) change in job state (2) UpdatesHandler 5/20/2015 10:44:39 AM 4068 (0x0FE4)
Starting download on action (INSTALL) for Update (dfec7099-fbb9-46f6-8127-656969dc95a8) UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Contents already available. UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
StateCore - bundle update (c66ef728-47a2-4c13-9516-fc96bb81a51d) state changed from (WAIT_CONTENTS) to (EXECUTE_READY) as child update state changed UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Download completed for the job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:44:39 AM 4068 (0x0FE4)
Download already completed for the job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Job in ready state. Triggering software update policy. UpdatesHandler 5/20/2015 10:44:39 AM 4068 (0x0FE4)
IMaintenanceCoordinator::GetTaskState failed because MTC job has not been created yet. UpdatesHandler 5/20/2015 10:44:39 AM 4068 (0x0FE4)
Request a MTC task for execution request request id: {71E37AAE-AB16-4377-9175-EC970C051DD8} UpdatesHandler 5/20/2015 10:44:39 AM 4068 (0x0FE4)
MTC task with id {71E37AAE-AB16-4377-9175-EC970C051DD8}, changed state from 0 to 4 UpdatesHandler 5/20/2015 10:44:39 AM 4504 (0x1198)
Job {6A70B998-7D8F-41DD-B8C0-1EF104ED32ED} is starting execution UpdatesHandler 5/20/2015 10:44:39 AM 4504 (0x1198)
Sending ack to MTC for task with id: {71E37AAE-AB16-4377-9175-EC970C051DD8} UpdatesHandler 5/20/2015 10:44:39 AM 4504 (0x1198)
Job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}) already connected, start processing UpdatesHandler 5/20/2015 10:44:39 AM 4504 (0x1198)
Initiating Scan. Forced = (0) UpdatesHandler 5/20/2015 10:44:39 AM 4504 (0x1198)
Successfully initiated scan for job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:44:39 AM 4504 (0x1198)
MTC task with id {71E37AAE-AB16-4377-9175-EC970C051DD8}, changed state from 4 to 5 UpdatesHandler 5/20/2015 10:44:39 AM 4504 (0x1198)
No change in the handle state. Ignoring. UpdatesHandler 5/20/2015 10:44:39 AM 4504 (0x1198)
Scan completion received for job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
Evaluating status of the updates for the job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
CDeploymentJob::InstallUpdatesInBatch - Batch or non-batch install is not in progress for the job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). So allowing install.. UpdatesHandler 5/20/2015 10:44:39 AM 1932 (0x078C)
CDeploymentJob::InstallUpdatesInBatch - Resetting install flag to false as method is complete UpdatesHandler 5/20/2015 10:44:52 AM 1932 (0x078C)
WSUS update (c66ef728-47a2-4c13-9516-fc96bb81a51d) installation result = 0x80070643, Reboot State = NoReboot UpdatesHandler 5/20/2015 10:45:42 AM 5132 (0x140C)
Update execution failed. UpdatesHandler 5/20/2015 10:45:42 AM 5132 (0x140C)
Starting non batched updates processing UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)
CDeploymentJob::ExecuteUpdates - Batch or non-batch install is not in progress for the job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). So allowing install.. UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)
Executing the updates for the job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)
CDeploymentJob::ExecuteUpdates - Resetting install flag to false as method is complete UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)
Execution completed for the job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}). UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)
Requesting MTC to delete task with id: {71E37AAE-AB16-4377-9175-EC970C051DD8} UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)
Successfully sent job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}) success completion to the SdmAgent UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)
Deployment Job not found for the supplied MTC Task id: {71E37AAE-AB16-4377-9175-EC970C051DD8} UpdatesHandler 5/20/2015 10:45:42 AM 2136 (0x0858)
CompleteJob received from SDM. UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)
Complete - Job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}) Cleanup. UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)
CompleteJob - Job ({6A70B998-7D8F-41DD-B8C0-1EF104ED32ED}) removed from job manager list. UpdatesHandler 5/20/2015 10:45:42 AM 3892 (0x0F34)

Event Viewer Application Log:

Fault bucket 1668350456, type 21

Event Name: WindowsUpdateFailure3

Response: Not available

Cab Id: 0

Problem signature:

P1: 7.6.7601.18804

P2: 80070643

P3: C66EF728-47A2-4C13-9516-FC96BB81A51D

P4: Install

P5: 200

P6: 0

P7: 64c

P8: CcmExec

P9: {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}

P10: 0

Hi All,

I am looking for some solution where SCCM can sense Whether Trend Micro anti-virus is patched with latest definition update or not.

Please guide how can we achieve this from compliance in SCCM

Thanks Rahul$

I recently set up criteria under software updates. I then wanted to exclude a couple other updates. I added the Title criteria and selected "does not contain". I then added the KB number and it worked fine. I added a second Title criteria and did the same thing with another KB number. When I added the second Title criteria it broke and returned the two updates I told it I didn't want.

I see the same results using the Article ID and Bulletin ID. Apparently anything that uses a "does not contain". The second added entry for a criteria that is configured with a does not contain breaks the search.

Can someone verify they are seeing the same thing or am I doing something wrong?

Hi all

as usual, what I think is a pretty non-standard question (sorry) This comes from a customer with some pretty specific security requirements, so please bear with this, and only respond to it rather than question the rationalle behind it

So the ideal design from the security authority is 

Windows Server 2012 R2 , SCCM 2012 R2

MS Updates -HTTPS-> WSUS workgroup Server in DMZ-HTTPS -> WSUS on  SCCM primary site server (not DMZ) - HTTP->Clients

We really dont want to use certificates for clients so is the above actually possible ?

They may accept this as an alternative 

MS Updates -HTTPS> WSUS workgroup Server in DMZ-HTTP -> WSUS  on  SCCM primary site server - HTTP->Clients

would that work ?  my obvious gut feel is that once you use HTTPs on one WSUS, it can only communicate with another WSUS server over HTTPS  ??

HUGE thanks for your time 

Nick B

Solutions Architect

Hello,

My WSUS refuses to syncronize the updates we all know has been released this Tuesday. Also expressed as, nothing gets synced down besides a few SCEP definitions. (yes, I have selected the correct products and classifications on my SUP)

I can see a few other people reporting similar behaviour, but I have the feeling that this forum can add further to that.

https://social.technet.microsoft.com/Forums/en-US/a323d2f9-a1ac-48e3-978a-054915c3f1ea/wsus-april-2015-updates-not-synced-from-microsoft?forum=winserverwsus

Anyone that can shed more light on this, anyone seeing something similar?

My WSUS has been working for years, all green lights in component status, and no errors in wsyncmgr or wsusctrl.log. :-(

Martin Bengtsson | www.imab.dk

Hi All,

I am looking for a query in which I have to found those machines which has memory changes done.

As this is default report of SCCM, but I require time stamp to keep track when this change happened in that report only.

Thanks Rahul$

Hi All,

Could you please let me know whether any kind of fix available for the following vulnerabilities . I have 2003,2008,2008R2 and 2012 servers listing the same vulnerabilities . 

I ran a qualys scan and i found that these are the items that are not fixed yet . 

SSL/TLS use of weak RC4 cipher
SSL/TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)
SSL Server Has SSLv3 Enabled Vulnerability

Thanks In Advance

Hey guys, i had a problem with sup/wsus so I unistalled both deleted susdb on sql and deleted wsus content. Then installed clean wsus and added sup. Sync started with MS and it showed me about 10700 updates. Then it started to sync updates like this:

Skipped update eadb0f9b-28eb-43c8-b5e1-12238fb21e9d - Microsoft .NET Framework 1.1 Service Pack 1 for Windows Server 2003 because it is up to date.SMS_WSUS_SYNC_MANAGER2015-05-20 22:41:466232 (0x1858)
Skipped update 65fb8f2b-1437-4409-bce9-56e394631bdc - Critical Update for Windows XP Media Center Edition 2004 (KB838358) because it is up to date.SMS_WSUS_SYNC_MANAGER2015-05-20 22:41:476232 (0x1858)
Skipped update ee732b80-17ce-4e2b-836d-7194b6a9e0b7 - Security Update for Windows XP (KB824146) because it was superseded.SMS_WSUS_SYNC_MANAGER2015-05-20 22:41:476232 (0x1858)
Synchronizing update c329c92d-195d-493a-8888-1b1d7b0cff95 - Security Update for Windows XP (KB810217)SMS_WSUS_SYNC_MANAGER2015-05-20 22:41:486232 (0x1858)
sync: SMS synchronizing updates, processed 72 out of 10714 items (0%), ETA in 1.18:17:19SMS_WSUS_SYNC_MANAGER2015-05-20 22:47:406232 (0x1858)

Now it is at 212 out of 10714 and its says ETA is about 7 days!!!! Some updates takes about 5 min to sync- it is not beign dowloaded just synced... Whats wrong. What can i do about that?

Hi,

I have Sccm 2012 sp1 which configured as one site, and 5 servers which hold DP SUP etc.

I create an updates package, which was deployed to all my DP servers.
Moreover, most of the clients received the updates, and installed them with no problem.

However, some of the clients were stucked in "Wating to install", for some of the updates. Other updates were install successfully.
It's seem that all the problematic clients are from the same DP.

All the updates were downloaded to the client in c:\windows\ccmcache with no errors.

I check the windowsupdate.log:

2015-05-20 21:26:46:257  868 2e4 Misc WARNING: Send failed with hr = 80072ee7.
2015-05-20 21:26:46:257  868 2e4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2015-05-20 21:26:46:258  868 2e4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/msdownload/update/v5/eula/use terms_retail_windows internet explorer 9 supp_0.0_hebrew_unicode-2bdf0ddc-2897-4252-8b63-5aee30ae9947.txt>. error 0x8024402c
2015-05-20 21:26:46:258  868 2e4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2015-05-20 21:26:46:258  868 2e4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2015-05-20 21:26:46:258  868 2e4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2015-05-20 21:26:58:521  868 2e4 Misc WARNING: Send failed with hr = 80072ee7.
2015-05-20 21:26:58:521  868 2e4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2015-05-20 21:26:58:521  868 2e4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/msdownload/update/v5/eula/use terms_retail_windows internet explorer 9 supp_0.0_hebrew_unicode-2bdf0ddc-2897-4252-8b63-5aee30ae9947.txt>. error 0x8024402c
2015-05-20 21:26:58:521  868 2e4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2015-05-20 21:26:58:521  868 2e4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2015-05-20 21:26:58:522  868 2e4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2015-05-20 21:27:08:452  868 2e4 Misc WARNING: Send failed with hr = 80072ee7.
2015-05-20 21:27:08:452  868 2e4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2015-05-20 21:27:08:452  868 2e4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/msdownload/update/v5/eula/use terms_retail_windows internet explorer 9 supp_0.0_hebrew_unicode-2bdf0ddc-2897-4252-8b63-5aee30ae9947.txt>. error 0x8024402c
2015-05-20 21:27:08:452  868 2e4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2015-05-20 21:27:08:452  868 2e4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2015-05-20 21:27:08:452  868 2e4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2015-05-20 21:27:18:421  868 2e4 Misc WARNING: Send failed with hr = 80072ee7.
2015-05-20 21:27:18:421  868 2e4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2015-05-20 21:27:18:421  868 2e4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/msdownload/update/v5/eula/use terms_retail_windows internet explorer 9 supp_0.0_hebrew_unicode-2bdf0ddc-2897-4252-8b63-5aee30ae9947.txt>. error 0x8024402c
2015-05-20 21:27:18:421  868 2e4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c

By the way, none of the clients have access to the internet.
Only the main server has access in order to download the updates from Microsoft Updates

Any ideas?

Please see the below mentioned Microsoft link

http://support.microsoft.com/kb/2868725

We have followed that and updated the system with all the updates. the necessary updates mentioned in the above url have been applied.

however, the only thing that is left are the below mentioned registry entries:

• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
  "Enabled"=dword:00000000
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
  "Enabled"=dword:00000000
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
  "Enabled"=dword:00000000

Please provide an input on this case 

Hi All,

we are getting the below error when trying to install the software updates after the build using a TSQ, could you please help me.

smsts.log

Policy evaluation initiated 
Successfully initiated RefreshUpdates operation  
Waiting for RefreshUpdates complete notification from Updates Deployment Agent 
Timedout waiting for updates refresh complete notification  
Process completed with exit code 2147943860 
!--------------------------------------------------------------------------------------------! 
Failed to run the action: Install Software Updates.
This operation returned because the timeout period expired. (Error: 800705B4; Source: Windows) 
Set authenticator in transport 
Set a global environment variable _SMSTSLastActionRetCode=-2147023436 
Set a global environment variable _SMSTSLastActionSucceeded=false 
Clear local default environment 
Let the parent group (Post Build patching) decides whether to continue execution 
The execution of the group (Post Build patching) has failed and the execution has been aborted. An action failed.
Operation aborted (Error: 80004004; Source: Windows) 
Failed to run the last action: Install Software Updates. Execution of task sequence failed.
This operation returned because the timeout period expired. (Error: 800705B4; Source: Windows) 
Set authenticator in transport 
Task Sequence Engine failed! Code: enExecutionFail 
**************************************************************************** 
Task sequence execution failed with error code 80004005 
Cleaning Up. 
Removing Authenticator 
Cleaning up task sequence folder 
Unable to delete file C:\_SMSTaskSequence\TSEnv.dat (0x80070005). Continuing. 
Failed to delete directory 'C:\_SMSTaskSequence' 
SetNamedSecurityInfo() failed. 
SetObjectOwner() failed. 0x80070005. 
RemoveFile() failed for C:\_SMSTaskSequence\TSEnv.dat. 0x80070005. 
RemoveDirectoryW failed (0x80070091) for C:\_SMSTaskSequence 
Deleting volume ID file C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca ... 

Prashanth Kumar System Center Administrator

Hello,

Running the report Scan 3 - Clients of a collection reporting a specific state, I noticed a lot of this kind of error :

2015-05-19 16:19:08:335 1480 cf8 AU Triggering AU detection through DetectNow API
2015-05-19 16:19:08:335 1480 cf8 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
2015-05-19 16:19:08:335 1480 cf8 AU Triggering Online detection (interactive)
2015-05-19 16:19:08:335 1480 cf8 AU Adding timer:
2015-05-19 16:19:08:335 1480 cf8 AU     Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2015-05-19 15:19:08, not idle-only, not network-only
2015-05-19 16:19:08:335 1480 bc8 AU #############
2015-05-19 16:19:08:335 1480 bc8 AU ## START ##  AU: Search for updates
2015-05-19 16:19:08:335 1480 bc8 AU #########
2015-05-19 16:19:08:335 1480 bc8 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
2015-05-19 16:19:08:335 1480 bc8 IdleTmr WU operation (CSearchCall::Init ID 18) started; operation # 224; does use network; is not at background priority
2015-05-19 16:19:08:335 1480 bc8 IdleTmr Incremented idle timer priority operation counter to 2
2015-05-19 16:19:08:335 1480 bc8 Agent *** START ***  Queueing Finding updates [CallerId = AutomaticUpdatesWuApp  Id = 18]
2015-05-19 16:19:08:335 1480 bc8 AU <<## SUBMITTED ## AU: Search for updates  [CallId = {D023DBFE-C8C5-4E40-B88D-0C6A8304F539} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2015-05-19 16:19:08:335 1480 628 Agent ***  END  ***  Queueing Finding updates [CallerId = AutomaticUpdatesWuApp  Id = 18]
2015-05-19 16:19:08:335 1480 628 Agent *************
2015-05-19 16:19:08:335 1480 628 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdatesWuApp  Id = 18]
2015-05-19 16:19:08:335 1480 628 Agent *********
2015-05-19 16:19:08:335 1480 628 Agent   * Online = Yes; Ignore download priority = No
2015-05-19 16:19:08:335 1480 628 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2015-05-19 16:19:08:335 1480 628 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2015-05-19 16:19:08:335 1480 628 Agent   * Search Scope = {Machine & All Users}
2015-05-19 16:19:08:335 1480 628 Agent   * Caller SID for Applicability: S-1-5-21-2821014886-3934871671-2542969025-500
2015-05-19 16:19:08:335 1480 628 Agent   * RegisterService is set
2015-05-19 16:19:08:351 1480 628 EP Got WSUS Client/Server URL: "http://SCCM-CLOUDW-PS2.CloudW.net:8530/ClientWebService/client.asmx"
2015-05-19 16:19:08:351 1480 628 Setup Checking for agent SelfUpdate
2015-05-19 16:19:08:351 1480 628 Setup Client version: Core: 7.9.9600.17489  Aux: 7.9.9600.17489
2015-05-19 16:19:08:351 1480 628 EP Got WSUS SelfUpdate URL: "http://SCCM-CLOUDW-PS2.CloudW.net:8530/selfupdate"
2015-05-19 16:19:08:382 1480 628 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
2015-05-19 16:19:08:413 1480 628 Misc  Microsoft signed: NA
2015-05-19 16:19:08:413 1480 628 Misc  Infrastructure signed: Yes
2015-05-19 16:19:08:413 1480 628 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\TMP6C48.tmp with dwProvFlags 0x00000080:
2015-05-19 16:19:08:429 1480 628 Misc  Microsoft signed: NA
2015-05-19 16:19:08:429 1480 628 Misc  Infrastructure signed: Yes
2015-05-19 16:19:08:429 1480 628 Setup FATAL: GetClientUpdateUrl failed, err = 0x8024D009
2015-05-19 16:19:08:429 1480 628 Setup Skipping SelfUpdate check based on the /SKIP directive in wuident
2015-05-19 16:19:08:429 1480 628 Setup SelfUpdate check completed.  SelfUpdate is NOT required.
2015-05-19 16:19:08:679 1480 628 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
2015-05-19 16:19:08:679 1480 628 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =http://SCCM-CLOUDW-PS2.CloudW.net:8530/ClientWebService/client.asmx
2015-05-19 16:19:08:679 1480 628 PT WARNING: Cached cookie has expired or new PID is available
2015-05-19 16:19:08:679 1480 628 EP Got WSUS SimpleTargeting URL: "http://SCCM-CLOUDW-PS2.CloudW.net:8530"
2015-05-19 16:19:08:694 1480 628 IdleTmr WU operation (CAuthorizationCookieWrapper::InitializeSimpleTargetingCookie) started; operation # 225; does use network; is at background priority
2015-05-19 16:19:08:694 1480 628 PT Initializing simple targeting cookie, clientId = 764620ad-4497-4fda-8c94-09edddd2dc69, target group = , DNS name = testvm-lc-x86.lc.local
2015-05-19 16:19:08:694 1480 628 PT   Server URL = http://SCCM-CLOUDW-PS2.CloudW.net:8530/SimpleAuthWebService/SimpleAuth.asmx
2015-05-19 16:19:08:710 1480 628 WS WARNING: Nws Failure: errorCode=0x803d0013
2015-05-19 16:19:08:710 1480 628 WS WARNING: Soap fault info:
2015-05-19 16:19:08:710 1480 628 WS WARNING: reason: Server was unable to process request. ---> Access is denied
2015-05-19 16:19:08:710 1480 628 WS WARNING: code: Server
2015-05-19 16:19:08:710 1480 628 WS WARNING: detail: <detail/>
2015-05-19 16:19:08:710 1480 628 WS FATAL: OnCallFailure failed with hr=0X80244007
2015-05-19 16:19:08:710 1480 628 WS FATAL: NwsCallWithRetries<Functor>( Functor(_clientId, _targetGroupName, _dnsName, &_result)) failed with hr=0x80244007
2015-05-19 16:19:08:710 1480 628 IdleTmr WU operation (CAuthorizationCookieWrapper::InitializeSimpleTargetingCookie, operation # 225) stopped; does use network; is at background priority
2015-05-19 16:19:08:710 1480 628 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80244007
2015-05-19 16:19:08:710 1480 628 PT WARNING: PopulateAuthCookies failed: 0x80244007
2015-05-19 16:19:08:710 1480 628 PT WARNING: RefreshCookie failed: 0x80244007
2015-05-19 16:19:08:710 1480 628 PT WARNING: RefreshPTState failed: 0x80244007
2015-05-19 16:19:08:710 1480 628 PT   + SyncUpdates round trips: 0
2015-05-19 16:19:08:710 1480 628 PT WARNING: Sync of Updates: 0x80244007
2015-05-19 16:19:08:710 1480 628 PT WARNING: SyncServerUpdatesInternal failed: 0x80244007
2015-05-19 16:19:08:710 1480 628 Agent   * WARNING: Failed to synchronize, error = 0x80244007
2015-05-19 16:19:08:710 1480 628 Agent   * WARNING: Exit code = 0x80244007
2015-05-19 16:19:08:710 1480 628 Agent *********
2015-05-19 16:19:08:710 1480 628 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdatesWuApp  Id = 18]
2015-05-19 16:19:08:710 1480 628 Agent *************
2015-05-19 16:19:08:710 1480 628 Agent WARNING: WU client failed Searching for update with error 0x80244007
2015-05-19 16:19:08:710 1480 628 IdleTmr WU operation (CSearchCall::Init ID 18, operation # 224) stopped; does use network; is not at background priority
2015-05-19 16:19:08:710 1480 628 IdleTmr Decremented idle timer priority operation counter to 1
2015-05-19 16:19:08:726 1480 b10 AU >>##  RESUMED  ## AU: Search for updates [CallId = {D023DBFE-C8C5-4E40-B88D-0C6A8304F539} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2015-05-19 16:19:08:726 1480 b10 AU   # WARNING: Search callback failed, result = 0x80244007
2015-05-19 16:19:08:726 1480 b10 AU #########
2015-05-19 16:19:08:726 1480 b10 AU ##  END  ##  AU: Search for updates  [CallId = {D023DBFE-C8C5-4E40-B88D-0C6A8304F539} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2015-05-19 16:19:08:726 1480 b10 AU #############
2015-05-19 16:19:08:726 1480 b10 AU All AU searches complete.
2015-05-19 16:19:08:726 1480 b10 AU   # WARNING: Failed to find updates with error code 80244007
2015-05-19 16:19:08:726 1480 b10 AU AU setting next detection timeout to 2015-05-19 20:19:08
2015-05-19 16:19:08:726 1480 b10 AU Adding timer:
2015-05-19 16:19:08:726 1480 b10 AU     Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2015-05-19 20:19:08, not idle-only, not network-only

Can anyone help me with this error please?

We are an organization of about 25000 machines and recently began moving form Symantec AV to SCEP. I have been asked if there is a report that could be built to that shows the link the malware is trying to take the user to. Below is an example of the report we get and then an image of the information we want to gather.

1. Computer name: 123

Domain: xyz

Detection time(UTC time): 5/19/2015 12:34:49 AM Malware file path: webscript:_http://thechronicleherald.ca/news/metro

Remediation action: Quarantine

Action status: Succeeded

what we want to gather is this

Any info would be greatly appreciated.

Hello there,

I redesigned the SCCM-Console for non administrative users. Which works fine, but now i have a problem with some subfolders of the "Device Collections". I, as an Administrator see all five folders, the users also see five, but they should only see one of them, is it possible to do that, with the role based access modell, or another method?