someone please help me i have configured DCM settings with rules just to find out folder/application existing or not. but after deployment client machine shows that non compliant even folder is there i am clear what could be wrong
sccmghost@hotmail.com
I've been slowly setting up SCCM 2012 Config Manager to manage all of our Software Updates. First thing I did was create Groups of all the old updates (by quarter) and Deploy them to make sure the workstations are up to a baseline (before working on testing the process for new updates coming in). Mostly things are going well but I have one group of updates that gives me the error message "CI Version Timed Out" with an error code of 0x87D00314 for all three machines in my test group (2 Windows 7 machines and one XP machine). When I look at the details for these workstations I see a few updates (out of about 30) that still say "required" instead of "installed". Each machine has two .NET updates that have failed and the Windows 7 machines have two other general Windows 7 updates. Any ideas why this is happening and what is holding things up. Or better yet, what logs to look through to try and get an idea?
Any help would be appreciated
Steve
Hi
The time is 12:00 on the 20/06/2013 (20th of June) and I have 17 machines in the "Up to 3 Days old" collection that have the
1.153.161.0 definiton listed in the "Endpoint Protection Definition Last Version" Column why is this?
As you can see below in the image of the Update Group the Date released is 19/06/2013 17:01 yesterday clearly less then 24 hours ago so shouldn't they be in the current collection? Actually weired things have been happening over the last few days with microsoft releasing multiple defintion updates with only hours between them and clients not installing the latest definiton even though it is in the software update group and available. I tried to stop this happening by changing the ADR Software update setting from 1 day for "Date Released or Revised to 16 Hours.
Any help would be appreciated
Thanks
Simon
Hey,
i am trying to install the update KB2770917 for Windows 8 x64 through sccm2012 sp1. All other updates are working fine but this ones shows up as "not required" in the SCCM Console. Updates in the same deployment and group get installed.
Installing the .msu file manually is working on the client.
Any ideas on this?
best regards
Philipp
Hey guys,
I'm in a situation where I need to push out several registry key settings to multiple computers. On some of these computers the registry keys and values already exist, on others they do not. I know that you can use COnfiguration Baselines to remediate existing registry keys and values, but what about pushing them out? Is there a way to use Configuration Baselines to CREATE the keys and values?
When I check in the deployment of a baseline, every computer seems to report Non-Compliant. If I click on one and view the asset message every value in the Actual Value column is NULL.
And when I look at the DCMAgent.log I keep seeing the line -
Raising client SDK event for class CCM_Application, instance NULL, actionType 28l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l
What could be the issue as it seems like it is not actually evaluating the rules?
Good day,
I am having some issues with a Configuration Baseline i created in my ConfigMgr 2012 setup.
i) I created a configuration item which lookup the start page of internet explorer by registry.
ii)I created a Baseline to remediate the latter if not compliant.
iii)I deployed the Configuration Base line to a user collection. The Problem is that the Deployment status is left on "Not Compliant" but does not remediate the start page of internet explorer. The user is logging on Windows 7 Enterprise machine with Internet Explorer 9. Any ideas what am doing wrong. I know these kinds are things are done via GPO but i would love this to work via ConfigMgr.
I cant seem to post pictures as my account is not yet verified. Any help would be very helpful.
Thanks for your time.
Kind Regards,
Mathieu
P.S - I am using ConfigMgr 2012 and not SP1.
SCCM 2012 errror when run Automatic Deployment Rules For Endpoint Protection 2010.
I have given full internet access and read-write access to Source package folder.
error
SMS Rule Engine
Failed to download one or more content files
On 20-07-2013 16:19:33, component SMS_RULE_ENGINE on computer SCCM.abc.com reported:
Is it possible to change the Default "Security Scope" chosen for new or copied objects from "default"? For example when creating a new task sequence the default scope is set to "default" and I would like to change that default choice so I do not have to change the scope for all new TS's, or more importantly I do not want to forget to change the scope from "default". This is also a problem when you copy a TS with an already defined Security Scope the copied TS does not copy the Security Scope it assigns "default" as the security scope.
I have Sever 2012 and currently managing Windows update manually on Windows 7 and Windows XP clients only as I am not ready yet to use ADR.
I want to achieve the following
I want to do it for some of critical server, like SharePoint, Exchange, and Dynamic etc. (I have a separate Collection for Critical Servers Only. Could someone tell me, how I can achieve these please?
We've been having a lot of problems with machines running slow, and doing some troubleshooting we found that resetting the WMI repository resolved the problem. This led us into looking at SCCM deployments as the potential culprit. It looks like some machines are getting 30+ deployments of the same Windows update. I looked into our deployments and there may have been two deployments from SCCM that were sending duplicate Windows Updates but certainly shouldn't have resulted in 30+ duplicate updates to the clients.
Anybody know what causes this or where I can even begin to troubleshoot the problem?
I'm testing updates for Office 2013 ProPlus x64 that was installed using the admin through SCCM 2012 SP1
All the updates are installed successfully except for two updates that have the same behavior on all test machines,
KB2817468: stuck at 50% download
KB2760587: stuck at 0% download
I read some stuff about similar issues that required extra languages, but when I try to add languages from SCCM console it just says done without actually installing any thing.
any ideas how to work around this issue?
Hi
We have setup SCCM 2012 SP1 (post the 2012 SP1 republish) and i'm having issues with the SCEP policy applying.
Basically the policies are setup within the config manager console and are distributing out to the clients, the config manager console displays the correctly assigned policy and discovering the various policies applid via checking registry or powershell commands also reflects this from the client end.
the endpointprotectionagent.log is telling me that the EPAMPolicy.xml policy has been successfully applied and the contents of EPAMPolicy.xml correctly reflects the settings i have defined via config manager.
yet when i open the actual client it does not reflect any of these settings and appears to just have the default settings.
any suggestions?
Hi all,
I was trying to deploy Win 7 SP1 update using SCCM but the updates are not deployed successfully.
it appears in the software center & when i click on install it shows installing but never install the update.
The report shows "Generic Failure" in Deployment status.
This is happening with Win 7 SP1 update other updates are deployed fine.
Thanks,
Pranay.
I am curious of anyone here has any details on a specific RBA issue we are encountering.
My environment for CM 2012 includes high level management (my team) and several sub-departmental IT groups that are delegated access to CM 2012 via RBA. One of our goals in the design of our RBA schema is to allow the sub-departmental groups read-only access to some of our high level produced Applications, Packages, etc. such that they can deploy and target them as desired.
We noticed recently that when we granted 'Move Object' permissions to a group's specific security scope, that group also gained permissions to move ANY object of that type, regardless of security scope. This is very counter intuitive based on the documentation for RBAC and the console views.
After doing some more research, I have determined that the SMS_RbacSecuredObject WMI Class, which contains operations that exist on specific types of secured objects (boot images, OS images, task sequences, Appications, etc.) defines an array of SMS_Operation WMI class objects that represent the types of operations that apply to that type of object. Inside the SMS_Operation WMI class, there is a property defined that is 'IsTypeWideOperation', which appears to correspond to the resulting behavior we were seeing.
My question is why is this a value at all? Is there a technical reason why some operations cannot be limited to the RBA scope they are applied to? Is there any way through custom programming or modification of the CM 2012 DB or backend that I can adjust this behavior for certain operations/object types? Also, more secondarily, what reason does Microsoft have for not documenting this behavior thoroughly? Is it assumed that people will not delegate deployment control to subdivisions of they organization and still desire to maintain correct organizational structure without users 'accidentally' or arbitrarily moving objects?
Thanks for reading.
I am having problems getting SCEP to work on 7 non-domain joined clients, in the configmgr console against the client and under endpoint protection remediation information I have this message:
Service started without any malware protection engine; AV signatures out of date; AS signatures out of date
I have got the configmgr client installed on these devices and it looks like scep is installed (as I can see it in the system tray) but it will not download updates or report back to the console.
I've uninstalled/reinstalled a few times but still am having no luck. Clients are running Windows XP (POS version, not sure what service pack, if any)
Any have any ideas what I am missing?
I have a odd issue, I think. My updates are getting applied. but, it shows in the history correctly. but, the "Updates were installed" is different. I have other users that show the same thing. The "Updates were installed" can be like a month or so later.
In this example: it says my updates were installed 6/27/2013, but my history shown below, shows the correct date 7/15/2013 which is correct.
Received the following error in the "%temp%\SCUP.log":
"Publish: Update server does not appear to be configured with a certificate for publishing, publishing aborted."
I got past this by running the SCUP 2011 as Administrator. Then I got the following error:
"PublishItem: InvalidException occurred during publishing: Verification of file signature failed for file: \\sccm01\UpdateServicesPackages\dc9038d0-b965-4cee-a259-7dbc8c457e17\c489d65c-3ccf-4abc-8b9d-7fd826c77afc_1.cab"
"Publish: A fatal error occurred during publishing :Signature verification exception during publish, verify the WSUS certificates and advanced timestamp setting are properly configured."
So to try and understand the environment:
(if wrong forum move me please, saw no "software update" or "update publisher" categories.
Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.
I have an issue, I can not figure out..
Originally, I had SUP obtain windows updates directly from Microsoft. Things worked very well.
We purchased Retina CS to mitigate WIndows & 3rd Party updates.
So, for this to work, we had to point SUP to an existing Upstream WSUS Server.
The Architecture is as follows;
SCCM Server 2012 - 2012 server, has a Back-End SQL Server 2012 Server.
The SCCM Server SUP connects to the Upstream WSUS Server [2008 server R2], that has a Backend 2008 SQL Server
The SCCM Server 2012 is a Automonus,
WSYNCMGR Log:
Sometimes in the WSYNCMGR, I get succeeded; mostly I get Failed as show here..
Sync failed: The operation has timed out. Source: Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse $$<SMS_WSUS_SYNC_MANAGER><08-09-2013 06:17:09.689+300><thread=5944 (0x1738)>
Software Update Point Synchronization Status
Synchronization source: BR-WSUS
Synchronization: failed
Code: 0X80131509
Thank you for your help..