I'm having several issues with SCCM 2012 R2.
I have inherited an existing SCCM 2012 R2 installation. The company does not want me to rebuild it from the ground using best practices, so I'm doing what I can with it.
Issue #1: SCEP does not auto deploy to new systems;
Issue #2: Client policies do not update;
Issue #3: Anti-malware policies do not update.
Starting out, I guess I need to look at issue #2 before I look at the others.
The client is auto-deploying as far as I can tell. I do not have any GPOs that push the software to the clients, so it appears that the system wide deployment of the client is working correctly.
As for the policies not being updated, I have created a new policy that is assigned to newly defined device collections. I have check the membership of the collections and it is populating/selecting the assets correctly.
I have picked a handful of computers out of the collection to use for information gathering. Looking at the log files, it shows that it is applying policies, but it does not identify which policy from the SCCM server.
With the new policies that Ive created, Ive enabled Endpoint Proection, Hardware Inventory, Power Management, Remote Tools, Software Deployment, Software Metering, and User and Device Affinity. After 13 days, the options within the policy have not taken effect as I have check the clients and the settings from the Remote Tools and Power Management havent been applied. I waited this long since several of the settings were set at 7 days before re-evaluation.
Im not sure where to go next on this issue.
On the issue #1 & 3, the computers that did get the initial config push and SCEP install, before I came on, are operating and reporting back to the SCCM manager that they are in a managed state, which is fine, but they are not applying any newly defined
policies. Checking the logs on the clients show that they are applying the Default Client Settings and not any of the other policies that are set to deploy to All systems or any other collection Ive defined.
Also checking the anti-malware policy logs on the clients, they are also still applying the Default Client Antimalware Policy, not any of the custom policies, just like the SCCM client issue. In the EndpointProtectionAgent.log, i have several lines
showing "Deployment WMI is NOT ready." The same is in several of the other log files, so I've check that all the WMI services are running and I have tested management with the PoshCat utility and all of the commands are working in there and
the output reports all seem to be reporting correctly.
Any pointers or starting points would be greatly appreciated.