Hi All,

In our environment we are using SCCM 2012 SP1 and we planned to deploy the built in antivirus solution SCEP 2012 and when it comes to definitions updates deployment , I am having a lot of queries for achieving the same.

1. ADR rule can be targeted to collections so I have multiple collections do I need create separate ADR for each collections if so it would be complex.

2.Average size of the definition update is around 25 MB which is downloaded on daily basis and distributed to distribution point. How can I delete the old definition updates from update store and Distribution point or is there any option to overwrite the old definition updates with the new definition updates.

Is there any best practices for SCEP 2012 deployment.

Another query is about IBCM Public certificates requirement. which type of certificate (wildcard or SAN) is supported and recommended. Is there any link to clarify the certificates requirements and deployment method.

Thanks in Advance,

ThanksSiva Aadhi-CIT. MCITP

Hi

I have installed SCCM 2012. 

While viewing a report for software metering date and year are not available for selection. they are blank. 

please refer to my pics:

#1

pic #2

Pic #1, does this mean that only 25 or 27 client machines received the updates ? If so......<o:p></o:p>

a) where can I check which client machines these are, that's is, ones that got the updates ? <o:p></o:p>

b) where can I check the client machines that didn't get the updates ?<o:p></o:p>

c) Does pic #2 indicate that 399 clients are communication w/ sccm/wsus  and other 93 are not ?

d) from client end, is there a way to test whether client is connecting to sccm/wsus ?

Thanks !<o:p></o:p>

Hi Experts

I am currently having issues getting the SCEP2012 clients on the clients to get Endpoint Protection Definition updates from the System Center Configuration SP1 CU2. It keeps going connecting to Microsoft Update to update. The System Configuration server runs an ADR every 9 hours. The clients showed they have later updates than the EndPoint definition updates deployed by the Configuration Manager

Things configured

1. Clients are pointed to the WSUS server for Windows Updates
2. In Configuration Manager, for Antimalware Policies, Definition Updates, "Set sources and updates for Endpoint Protection definition updates" to Configuration Manager only. This policy has been deployed to the client computers.

3. Checked WindowsUpdate logs on the clients, there is no error message.
4. SUP has been set to Intranet clients
5. Clients have been updated to a new version to match the version on the Configuration Manager

The SUP was working fine until SP1 is applied
Please advise, thanks.

Hello All,

I am trying to figure out how to remedy a bunch of expired Microsoft updates (1,000+) that Is showing up in my SCCM console

after I ran my first sync once WSUS and SUP was installed. Below are the steps take so far:

1. Removed SUP role from my site server (SCCM)
2. Removed WSUS from Server 2012
3. Restarted server
4. Reinstalled WSUS (I noticed that the 2 previous synchronizations I performed from the WSUS console on the server was still there as if I never deleted WSUS.)
5. Reinstalled SUP on the site server (SCCM). This time from the product list I only selected Security updates as opposed to: Security, Critical, and just plain old updates, which is why I think I have over 1,000 expired updates

Also I elected to delete the expired updates as soon as they are superseded.

I then let the synced the updates from the SCCM and let it run over night. I went to check the All updates section under application management node and there are about 648 new none-expired updates but the old expired updates are still there (over 1,000) I did notice also that the previous syncs that I performed on the WSUS console are still there even after I removed the WSUS role Hmmm, scratching my head.

Phil Balderos

In SCCM  I previously have had software updates displayed under  'All software updates' on first attempt a couple of weeks ago. This list then diminished significantly (from 591)  after a week or so to just one update (I assume because that update had been deployed and the remaining updates had become obsolete or because the product selection had reduced).

I'm finding now I'm having very little luck in getting any updates appear in 'All Software  updates'  despite widening the product criteria and I'm not sure if this is because I need  to wait until next patch Tuesday or that WSUS doesn't feel very charitable.

I've also gone into WSUS  -The home page informs me I have  approx. 8,000 updates waiting to be approved!. I've approved a number of these updates  (e.g. windows server 2003, xp ) purely in an attempt to get something into my 'All Software updates' in SCCM.  In Update Service no updates appear under 'All updates' (with the default approval: 'approved' and status 'Failed or Needed') unless I changed the status to 'no status' -not sure if this is why I don't have any appearing in SCCM?

wsyncmgr.log reports its 'syncronising WSUS server' -so one assume that's working ok...

Just for background info, I'm not interested in deploying the updates to clients I just need to have updates available for some testing/investigation I'm doing with powershell (i.e. create SUG, edit membership, add criteria etc).

thanks for reading any thoughts appreciated.

Users begin complain on AutoCad virus Virus.Acad.Bursted.an. In Microsoft security encyclopedia this virus is Virus:ALisp/Bursted.A http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Virus%3AALisp%2FBursted.A

The virus was discovered first in October 2008 (Definition ver. 1.45.287.0)

But SCEP 2012 with updates up to 07.08.2013 (Definition ver. 1.155.1705.0) can not find the virus in the problem file. Please help me understand why?

Hello together,

Since we updated our SCCM 2012 to SP1 the client wont download the wsus policy from the server. Also the Windows Update settings on the client aren´t greyd out. Did anybody of you discovered the same problem after updating to SP1.

Regards

SCCM_Master

Hello,

I developped a SCCM 2012 configuration item based on two PowerShell scripts... Below is the generic structure:

1. The discovery part works fine. Based on several tests, the right result is always sent back to SCCM
2. In my specific case, it is expected that the remediation script is not always successfull (for instance, I could attempt to free up some disk space and it might not be possible to go back above the specified thresold to be compliant)... In such a case, my problem is that the remediation script reports a status "OK" while I am expecting to get "not ok (even after remediation trial)"

Does anybody see something wrong in my script structure ? Or do I misunderstand how to properly handle return code for configuration item scripts ?

Regards.

Discovery.ps1

if ("test if compliant") {

    "ok"

} else {

   "not ok"

}

Remediation.ps1

### Execute commands here to remediate the configuration ###

### Test again to see if the client is now compliant

if ("test if compliant") {

    "ok"

} else {

   "not ok (even after remediation)"

}

So I am finding some very weird activity and I am just trying to understand it if not determine that it is a bug..

If I run this query on machine in my environment:

SELECT
  v_UpdateInfo.ArticleID
  , v_UpdateInfo.BulletinID
  , v_UpdateInfo.Title
  , v_StateNames.StateName
  , v_UpdateComplianceStatus.LastStatusCheckTime
  , v_UpdateComplianceStatus.LastEnforcementMessageTime
FROM v_R_System
  INNER JOIN v_UpdateComplianceStatus ON v_R_System.ResourceID = v_UpdateComplianceStatus.ResourceID
  INNER JOIN v_UpdateInfo ON v_UpdateComplianceStatus.CI_ID = v_UpdateInfo.CI_ID
  INNER JOIN v_StateNames ON v_UpdateComplianceStatus.LastEnforcementMessageID = v_StateNames.StateID
WHERE
  v_StateNames.TopicType = 402
  AND v_R_System.Netbios_Name0 LIKE '<Computername Here>'
ORDER BY v_StateNames.StateName, v_UpdateInfo.DateLastModified

It returns the following results..:

2798162		Update for Windows 7 for x64-based Systems (KB2798162)	Pending system restart	2013-08-07 21:31:12.000	2013-07-22 18:27:55.000
2804579	MS13-040	Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2804579)	Pending system restart	2013-08-07 21:31:12.000	2013-07-22 18:32:08.000
2820197		Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2820197)	Pending system restart	2013-08-07 21:31:12.000	2013-07-22 18:31:56.000
2830290	MS13-046	Security Update for Windows 7 for x64-based Systems (KB2830290)	Pending system restart	2013-08-07 21:31:12.000	2013-07-22 18:32:36.000
2813430		Security Update for Windows 7 for x64-based Systems (KB2813430)	Pending system restart	2013-08-07 21:31:12.000	2013-07-22 18:36:45.000
2839894	MS13-050	Security Update for Windows 7 for x64-based Systems (KB2839894)	Pending system restart	2013-08-07 21:31:12.000	2013-07-22 18:36:19.000
2845690	MS13-049	Security Update for Windows 7 for x64-based Systems (KB2845690)	Pending system restart	2013-08-07 21:31:12.000	2013-07-22 18:41:21.000
2487367	MS11-066	Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2487367)	Successfully installed update	2013-08-08 16:05:44.000	2013-07-30 13:36:41.000
2533523		Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2468871		Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 02:24:50.000
2656351	MS11-100	Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)	Successfully installed update	2013-08-07 21:31:12.000	2013-07-29 18:57:01.000
2600217		Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-22 21:53:09.000
2604121	MS12-035	Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121)	Successfully installed update	2013-08-08 16:05:44.000	2013-07-30 14:18:25.000
2553091	MS11-072	Security Update for Microsoft Office 2010 (KB2553091), 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:08:27.000
2685813		Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2685811		Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2566458		Update for Microsoft Office 2010 (KB2566458), 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:08:27.000
2761217		Update for Windows 7 for x64-based Systems (KB2761217)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2737019	MS12-074	Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019)	Successfully installed update	2013-08-07 21:31:12.000	2013-07-30 14:18:25.000
2589320	MS11-089	Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:08:27.000
2553447	MS12-046	Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition	Successfully installed update	2013-08-08 16:05:44.000	2013-05-11 00:07:08.000
2729449	MS12-074	Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449)	Successfully installed update	2013-08-08 16:05:44.000	2013-07-30 14:18:25.000
2687510	MS12-057	Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:07:08.000
2726535		Update for Windows 7 for x64-based Systems (KB2726535)	Successfully installed update	2013-08-08 16:05:44.000	2013-05-23 14:11:44.000
2763523		Update for Windows 7 for x64-based Systems (KB2763523)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 02:15:22.000
2729094		Update for Windows 7 for x64-based Systems (KB2729094)	Successfully installed update	2013-08-08 16:05:44.000	2013-05-23 02:15:22.000
2574819		Update for Windows 7 for x64-based Systems (KB2574819)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2779562		Update for Windows 7 for x64-based Systems (KB2779562)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2598242		Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:07:08.000
2553310		Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 01:35:43.000
2758694	MS13-002	Security Update for Microsoft XML Core Services 4.0 Service Pack 3 for x64-based Systems (KB2758694)	Successfully installed update	2013-08-07 21:31:12.000	2013-07-31 14:47:03.000
2786400		Update for Windows 7 for x64-based Systems (KB2786400)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 02:15:22.000
2565063	MS11-025	Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-14 18:08:07.000
2598243	MS12-046	Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:07:08.000
2732487		Update for Windows 7 for x64-based Systems (KB2732487)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 02:15:22.000
2773072		Update for Windows 7 for x64-based Systems (KB2773072)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2592687		Update for Windows 7 for x64-based Systems (KB2592687)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2750841		Update for Windows 7 for x64-based Systems (KB2750841)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2742595	MS13-004	Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595)	Successfully installed update	2013-08-07 21:31:12.000	2013-07-30 13:36:41.000
2687501	MS12-057	Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:07:08.000
2736428	MS13-007	Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2736428)	Successfully installed update	2013-08-07 21:31:12.000	2013-07-30 13:36:41.000
2647753		Update for Windows 7 for x64-based Systems (KB2647753)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2687509		Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:06:06.000
2553181		Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 01:35:43.000
2596964		Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:08:27.000
2732500		Update for Windows 7 for x64-based Systems (KB2732500)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2589371		Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 01:35:43.000
2789642	MS13-015	Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642)	Successfully installed update	2013-08-07 21:31:12.000	2013-07-30 13:36:41.000
2760631		Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:07:28.000
2553378		Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 00:07:28.000
2687493		Update for Microsoft Office 2007 suites (KB2687493)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-22 21:46:41.000
2687503		Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition	Successfully installed update	2013-08-08 16:05:44.000	2013-05-22 21:46:57.000
2807986	MS13-027	Security Update for Windows 7 for x64-based Systems (KB2807986)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 02:02:23.000
2791765		Update for Windows 7 for x64-based Systems (KB2791765)	Successfully installed update	2013-08-08 16:05:44.000	2013-05-23 02:15:35.000
2760600	MS13-025	Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 01:52:27.000
2553501	MS13-023	Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition	Successfully installed update	2013-08-08 16:05:44.000	2013-05-11 01:52:27.000
2823180		Update for Windows 7 for x64-based Systems (KB2823180)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-22 21:46:21.000
2799926		Update for Windows 7 for x64-based Systems (KB2799926)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 14:11:44.000
2813170	MS13-031	Security Update for Windows 7 for x64-based Systems (KB2813170)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 02:02:23.000
2813347	MS13-029	Security Update for Windows 7 for x64-based Systems (KB2813347)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 02:02:23.000
2840149	MS13-036	Security Update for Windows 7 for x64-based Systems (KB2840149)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-11 02:02:23.000
931125		Update for Root Certificates for Windows 7 for x64-based Systems [May 2013] (KB931125)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 02:24:57.000
2820331		Update for Windows 7 for x64-based Systems (KB2820331)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 02:15:22.000
2813956		Update for Windows 7 for x64-based Systems (KB2813956)	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 02:15:22.000
2804576	MS13-040	Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2804576)	Successfully installed update	2013-08-07 21:31:12.000	2013-07-30 13:36:41.000
2597971	MS13-042	Security Update for Microsoft Office Publisher 2007 (KB2597971)	Successfully installed update	2013-08-07 21:31:12.000	2013-07-22 18:32:26.000
982726		Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition	Successfully installed update	2013-08-07 21:31:12.000	2013-05-23 02:17:39.000
2810068	MS13-044	Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition	Successfully installed update	2013-08-08 16:05:44.000	2013-07-22 18:36:59.000
2817327		Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327)	Successfully installed update	2013-08-07 21:31:12.000	2013-07-22 18:42:53.000
2687309	MS13-054	Security Update for Microsoft Office 2007 suites (KB2687309)	Successfully installed update	2013-08-08 15:35:41.000	2013-08-08 15:35:45.000
2817563		Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563)	Successfully installed update	2013-08-08 16:05:44.000	2013-08-08 15:30:25.000

There is a small handful of systems that are stuck in a "Pending System Restart" State.

But if you run the following query:

select
s.Name0
,a.AssignmentName as DeploymentName
,a.StartTime as Available
,a.EnforcementDeadline as Deadline
,sn.StateName as LastEnforcementState
from v_CIAssignment a
join v_AssignmentState_Combined assc on a.AssignmentID=assc.AssignmentID
join v_StateNames sn on assc.StateType = sn.TopicType and sn.StateID=isnull(assc.StateID,0)
join v_R_System s on assc.ResourceID = s.ResourceID
where
s.Name0 like '<Computername Here>'
group by s.Name0, a.AssignmentName, a.StartTime, a.EnforcementDeadline, sn.StateName
order by s.Name0

It returns:

<ComputerName Here>	OS - Workstation - Office Family - Security Updates and Critical Updates - <20130630	2013-08-01 23:00:00.000	2013-08-05 12:00:00.000	Compliant<ComputerName Here>	OS - Workstation - SQL Server Family - Security Updates and Critical Updates - <20130630	2013-08-01 23:00:00.000	2013-08-05 12:00:00.000	Compliant<ComputerName Here>	OS - Workstation - Visual Studio Family - Security Updates and Critical Updates - <20130630	2013-08-01 23:00:00.000	2013-08-05 12:00:00.000	Compliant<ComputerName Here>	OS - Workstation - Windows 7 - Windows 7 - Security Updates and Critical Updates - <20130630	2013-08-01 23:00:00.000	2013-08-05 12:00:00.000	Compliant<ComputerName here>	OU - /Workstations/1_TST - Office Family - Security Updates and Critical Updates - 201307	2013-08-07 17:21:00.000	2013-08-09 10:00:00.000	Downloaded update(s)

It Shows Compliant for each deployment.???

So then I run a query on the CCM_StateMSG for the machine in question and it shows exactly what the first SQL query shows, that there are a small handful of patches in a Pending System Restart state:

PS C:\WINDOWS\system32> Get-WmiObject -Namespace "root\ccm\statemsg" -Class CCM_StateMsg -Filter "TopicType = 402 and stateid = 9" | Format-Table TopicID, TopicType, StateID -autosize

TopicID                                                                            TopicType StateID
-------                                                                            --------- -------
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_687892d3-db53-4ca2-a750-7f35a73c192a       402       9
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_ad5ef900-cff4-47ac-b9b4-4e63d0a156f5       402       9
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_a448dd32-c91b-414d-9efe-465a92ac4642       402       9
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_32964bf2-1c68-4d57-ae68-f7bc038cb108       402       9
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_6202ae82-5789-4e5f-996d-bb4ed6f708b5       402       9
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_e0840035-6b21-4554-a6e9-2ffebc99d9aa       402       9
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_53f2cc17-4951-4d4c-920f-4e44445f1ee2       402       9
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_ae1e5ce2-3070-4fee-b702-86c6a5b65708       402       9
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_da611128-914c-433d-80fa-ddd6b6bfb10c       402       9
Site_B458387A-88C0-481F-9F16-F367A6849181/SUM_8e422254-0b41-4725-87de-b8523cfba9ff       402       9

This finally brings me to my two questions that hopefully a MS Dev will see and answer.

1. Why after MULTIPLE restarts over the course of two weeks are this still in a "Pending System Restart" state?

2. Why if the system is showing in a pending system restart state for these patches, why is the system showing as Compliant in the second sql query...

Thanks,

B

We have a CAS setup with our SCCM 2012 SP1 and I would like to setup MBAM 2.0 integration to this structure.  The ConfigMgr SSRS is running off a the standalone SQL on the CAS. I was some instruction on the MBAM 2.0 integration with SCCM 2012 but not with CAS (http://myitforum.com/myitforumwp/2013/06/10/how-to-install-mbam-2-0-with-configmgr-integration/#!prettyPhoto).  I would like some help on determining what MBAM features i will need to install on the CAS, primary site server, and whether I need a seperate combination of MBAM self-service web server or MBAM SQL Server (and what MBAM feature to install on it).

The end goal is to have as much of the management and reporting running directly off the SCCM 2012 console with minimal additional server/sql overhead.

Thank you!

Since upgrading to SCCM 2012 Sp1 with Cu2 we have found that when we use wakeup to deploy patches, the machines boot up and prompt for a recovery bitlocker key. We can reboot the machines and they continue on.

What has changed pre Sp1 as we didn't encounter this issue with base level SCCM 2012

I've found an article which mentions enabling WoL Follow Boot Order in the BIOS of the effected machines, which is all laptops with Bitlocker.

sccmghost@hotmail.com

sccmghost@hotmail.com

sccmghost@hotmail.com

Hi,

We're using SCCM 2012 Sp1. We just have a primary site, no CAS & Secondary site. I'm not getting Endpoint protection updates after KB2461484 (Definition 1.155.1620.0) on WSUS. The Sync is scheduled at 7:00 AM every day and log say's 

Skipped update 27aabad3-2734-49ef-8a0e-cf583ff0790d - Definition Update for Windows Defender - KB915597 (Definition 1.155.1346.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:22 AM5232 (0x1470)
Skipped update cd3cb3a7-ebb6-46b8-b520-fe22b0aae6e3 - Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.155.1508.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:22 AM5232 (0x1470)
Skipped update 63d7894d-41e9-47d9-b1a3-61ddda680cb9 - Definition Update for Windows Defender - KB2267602 (Definition 1.155.1508.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:22 AM5232 (0x1470)
Skipped update 776647ea-4e2d-403b-8525-a901ba502e39 - Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.155.1522.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update a644c837-4e72-4d7c-8a01-def423e3c9a3 - Definition Update for Windows Defender - KB2267602 (Definition 1.155.1522.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update 8677bf8b-b7d4-4a21-8f54-ecc7e1177030 - Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.155.1548.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update 1277db29-f314-42e6-a6d6-b28cf77c7017 - Definition Update for Windows Defender - KB2267602 (Definition 1.155.1548.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update b036c1a9-cbf4-4fe6-93d8-f370d322027a - Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.155.1567.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update 6a55c6b9-4295-4149-a27a-f21f24397306 - Definition Update for Windows Defender - KB2267602 (Definition 1.155.1567.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update 355fa2d2-2a98-4b42-abd5-6dc3f9182d4d - Security Update for Internet Explorer 8 for Windows Server 2008 (KB2847204) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update 170aadf6-11fd-413e-818c-7b0b75cddf02 - Definition Update for Windows Defender - KB915597 (Definition 1.155.1598.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update 72c7c21e-1946-4edf-9bd4-f5750031ee46 - Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.155.1606.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update 2c0f1023-5e1e-4316-ad20-173ec744ed84 - Definition Update for Windows Defender - KB2267602 (Definition 1.155.1606.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update 86d7c51e-cdd7-4f90-933a-146e1104ebfc - Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.155.1620.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
Skipped update 0099d02c-d75a-4f47-9ff5-39dea4fc8ded - Definition Update for Windows Defender - KB2267602 (Definition 1.155.1620.0) because it is up to date.SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
sync: SMS synchronizing updates, processed 8624 out of 8624 items (100%)SMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)
sync: SMS performing cleanupSMS_WSUS_SYNC_MANAGER8/9/2013 7:20:23 AM5232 (0x1470)

I'm able to update using normal Windows update process and got new definitions version "1.155.1782.0"

. Any help would be appreciated.

Thanks,

Silvester

sccmghost@hotmail.com

sccmghost@hotmail.com

Hi everybody,
I have very unusual request: I NEED HELP ;) I worked unsuccessfully with this problem for two weeks already.
My goal is: functioning SCCM 2012 SP1 (yesterday installed CU1).

OS Platform: Windows Server 2008 R2 Enterprise SP1
Client OS: Windows7 Enterprise
SCCM client version: 5.00.7804.1000, yesterday upgraded to 5.00.7804.1202 with CU1
SCEP (Antimalware Client) Version: 4.2.223.0

History. What I did:
 - Installed SCCM 2012 (single site, three servers);
 - Configured it;
 - Upgraded to SP1 (SCCM client also changed theirs versions to 5.00.7804.1000 ) ;

Two important / problematic things for me is:
 - SCEP: antimalware policy doesn't work
 - SCCM client: WMI subsystem periodically broke.

I don't think that these two problems are related to each other so I separate them to two different threads. Here I'll describe SCEP problem.

---------------------
SCEP.
It was successfully installed (through SCCM policy) and it is working - scanning client, reporting to  server. Problem is that SCEP "Default Client Antimalware Policy" doesn't affect SCEP client.

What I found:

 - I changed "Default Client Antimalware Policy" (e.g. changed scanning time to: full scan on Friday 1PM and "Microsoft Active Protection Service" - to "Basic membership")

 - I see that C:\Windows\CCM\EPAMPolicy.xml is regenerated. I compared it to previous version and I see that settings from Antimalware policy came here. IT WORKS.

 - Registry: HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastApplietPolicy: all values are set to "2". In this case I have only default antimalware policy, but if I setup additional custom antimalware policy, I see it here also. So, IT WORKS.

 - Client log file "EndpointProtectionAgent.log". I see command "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml" and later there is status "applied … successfully". I even tried to launch this command manually (both - with double slash and without it). IT WORKS. I inserted excerpt from this log file in the bottom.

 - I look at SCEP client interface. Settings are not changed. Before reboot, after reboot. In one minute, in one hour, in one day..  IT DOESN'T WORK

What do I miss??

What I did additionally:
 - I found that after upgrade to SP1 Antimalware policies should be recreated. I recreated them.
 - I changed  "custom device settings" in SCCM: "Manage Endpoint protection client on client computers" to No, uninstalled SCEP clients manually, and changed this setting to "YES" and waited for SCEP reinstallation
 - I installed all Windows citical and security updates, all Office critical and security updates;
 - I installed:
 - -SCCM server: KB2828233
 - - SCCM server: SCCM SP1 cumulative update (KB2817245) (including database upgrade, SCCM clients upgrade); It was yesterday, but it doesn't seem to me that it helps.

What Is a little bit strange for me - that EndpointProtectionAgent.Log writes:
State 1 and ErrorCode 0 and ErrorMsg  and PolicyName Antimalware Policy and GroupResolveResultHash 5A5FA4F7C17A202B0805794FA754FA7F37B8AA84 is NOT changed
 
I would mind that if AntimalvarePolicy is changed also hash should be changed.. But I'm not sure..

----------------

Additional info:
Excerpt from EndpointProtectionAgent.Log exactly after changing Antimalware policy (setting Microsoft Active Protection Service" = "Basic membership" was changed)

<![LOG[Endpoint is triggered by WMI notification.]LOG]!><time="12:42:39.804-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="fepsettingendpoint.cpp:154">
<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.2.223.0.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:519">
<![LOG[EP version 4.2.223.1 is already installed.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:232">
<![LOG[EP 4.2.223.1 is installed, version is higher than expected installer version 4.2.223.0.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:265">
<![LOG[Handle EP AM policy.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="fepsettingendpoint.cpp:183">
<![LOG[Apply AM Policy.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:1192">
<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:42:40.036-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:607">
<![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="12:42:43.672-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:659">
<![LOG[Save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="12:42:43.690-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:267">
<![LOG[State 1 and ErrorCode 0 and ErrorMsg  and PolicyName Antimalware Policy and GroupResolveResultHash 5A5FA4F7C17A202B0805794FA754FA7F37B8AA84 is NOT changed.]LOG]!><time="12:42:43.690-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:339">
<![LOG[Skip sending state message due to same state message already exists.]LOG]!><time="12:42:43.788-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:1239">
<![LOG[Firewall provider is installed.]LOG]!><time="12:42:43.818-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:779">
<![LOG[Installed firewall provider meet the requirements.]LOG]!><time="12:42:43.818-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:800">