Hi,

I recently applied SCCM 2012 R2 SP1 and the updates to my client systems have been rolling out of the last 2 weeks.  The new client (version 5.00.8239.100) is now installed on all my active client systems.  And for about 95 percent of my systems there are no issues.

But it seems that all my Windows 8 and 8.1 systems aren't reporting the version of the SCEP updates that they have installed.  The SCCM client is reporting correctly as active and I can see that status but if I look at the SCEP definition version or SCEP definition update time it is showing a version from over a week ago in some cases. 

But if I go to one of these systems and bring up the SCEP client it shows that the SCEP definitions are the most up to date ones.  I can also see in the windowsupdate.log file that the CCMEXEC process is succeeding in installing the SCEP updates as it has before.

It appears that something is blocking SCEP or the SCCM client from reporting it's status back to the SCCM server.  Any idea that might be or where to look?

Thanks in advance,

Nick

Hi,

What's your SCEP client version? Have you checked the Endpointprotectionagent.log?

Hi,

I'm running with SCEP 4.8.204.0.  I reviewed the Endpointprotectionagent.log on one of the failing systems and I don't see anything that looks out of the ordinary.  This is the log for today so far:

Endpoint is triggered by message. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.7.213.0. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
EP version 4.8.204.0 is already installed. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
EP 4.8.204.0 is installed, version is higher than expected installer version 4.7.213.0. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
Check and enforce EP Deployment state. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
EP Client is already installed, will NOT trigger reinstallation. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
Sending message to external event agent to test and enable notification EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
Sending message to endpoint ExternalEventAgent EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
EP Policy Custom Antimalware Policy - Endpoint Protection Managed Clients - Laptops
Default Client Antimalware Policy is already applied. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
Firewall provider is installed. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
Installed firewall provider meet the requirements. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000 EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
Skip sending state message due to same state message already exists. EndpointProtectionAgent 9/14/2015 4:59:00 AM 444 (0x01BC)
Endpoint is triggered by message. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.7.213.0. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
EP version 4.8.204.0 is already installed. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
EP 4.8.204.0 is installed, version is higher than expected installer version 4.7.213.0. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
Check and enforce EP Deployment state. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
EP Client is already installed, will NOT trigger reinstallation. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
Sending message to external event agent to test and enable notification EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
Sending message to endpoint ExternalEventAgent EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
EP Policy Custom Antimalware Policy - Endpoint Protection Managed Clients - Laptops
Default Client Antimalware Policy is already applied. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
Firewall provider is installed. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
Installed firewall provider meet the requirements. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000 EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)
Skip sending state message due to same state message already exists. EndpointProtectionAgent 9/14/2015 7:17:00 AM 3952 (0x0F70)

Hi,

This issue appears to be a bug. I saw a similar case that client works just fine as long as the update 4.8.204.0 is not installed on the machine. Once installed the client no longer send its definition versions in the console.

I recommend you open a case with Microsoft for futher troubleshooting.