SCCM 2012 R2 - Endpoint - Definitions Not Applied

Hi. Hope someone can help. I have implemented SCCM 2012 R2 and have added the Endpoint Role. SUP is installed on the same server and is downloading new definitions. The SCCM client has been pushed successfully to all relevant Physical and Virtual servers. The issue is that on some servers the definition files are not being applied automatically and even not when I click the update button in Endpoint Protection.

The automatic Deployment rule seems to be working and all servers in the Device Collection have Yes in the Client and Client Activity columns.

Any help would be very much appreciated.

September 2nd, 2015 5:31am

What does the monitoring node tell for that deployment?
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 5:46am

Hi Torsten. It states that all clients are protected. However when I look on one of the severs I see that the definition was last updated 5 days ago which is when the client was installed. Should also mention that I am using WSUS from another server to push all other updates and all servers are configured to download but not install. I have just checked a few servers again and the definitions are not being applied now on those either. 

Could the setting on the server to not apply immediately be casing this?  I dont want to apply other updates like security and critical automatically as these I do during the maintenance window.

September 2nd, 2015 7:32am

 It states that all clients are protected

That is no valid state for the deployment of an software update group. It's either, success, failure, warning or unknown.
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 7:41am

Hi. All clients show as Managed, Endpoint policy state as succeeded but the definition version of each is different as the latest has not been applied. When I click on Automatic deployment rule under monitoring I see no clients. The Auto Deployment Rule shows success. Thanks so far for your help.
September 2nd, 2015 7:58am

Hi Torsten. It states that all clients are protected. However when I look on one of the severs I see that the definition was last updated 5 days ago which is when the client was installed. Should also mention that I am using WSUS from another server to push all other updates and all servers are configured to download but not install. I have just checked a few servers again and the definitions are not being applied now on those either. 

Could the setting on the server to not apply immediately be casing this?  I dont want to apply other updates like security and critical automatically as these I do during the maintenance window.

  • Edited by AdminIT1963 Wednesday, September 02, 2015 11:32 AM
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 11:29am

Hi. All clients show as Managed, Endpoint policy state as succeeded but the definition version of each is different as the latest has not been applied. When I click on Automatic deployment rule under monitoring I see no clients. The Auto Deployment Rule shows success. Thanks so far for your help.
  • Edited by AdminIT1963 Wednesday, September 02, 2015 12:00 PM
September 2nd, 2015 11:55am

Hi,

Please check the definition updates deployment status(Monitoring->Overview->Deployments->Right-click the specific deployment->View Status).

Please also check Windowsupdate.log on a problem computer.

>>The issue is that on some servers the definition files are not being applied automatically and even not when I click the update button in Endpoint Protection.

I had a simialr problem before. These definition updates are not being applied and even not when I click the update button. In my Windowsupdate.log, I got error-"WARNING: WU client failed Searching for update with error 0x80248014". Then I check the checkbox "Give me updates for other Microsoft products when I update Windows" in Control Panel. It resolved my problem.

For more information:Updating the antimalware definitions in FEP/SCEP fails with error 0x80248014

Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 11:32pm

what does the windowsupdate.log say?
September 3rd, 2015 1:08am

Hi. The status shows as 20 unknown and all clients as Client check passed/active. The collection id is BES0000E. On a problem server I see no entries in the windows log for when then definitions that should be downloaded so therefore the issue seems to be with the SCCM server.

"Give me updates for other Microsoft products when I update Windows" is already checked.

Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2015 10:59am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics