SCEP2012 Remediation stauts unkown

Hi

In my scenario, we have more than 2000 servers installed with scep2012 & most of servers while checking in report it shows "Active client is at risk status" and further if I go inside of that report under Endpoint Remediation protection tab under it Endpoint protection status:unknown . I don't know what was the exact issue can anyone help me on

March 26th, 2015 12:41am

Hi,

Please check ExternalEventAgent.log on a client to find more information.

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
March 27th, 2015 1:31am

Hi

I have checked the log in one of affected server with EP remediation status unknown.

The log says:

Start to renew notification. ExternalEventAgent 26-03-2015 19:47:00 2644 (0x0A54)
CExternalEventEndpoint::HandleMessage finished. ExternalEventAgent 26-03-2015 19:47:00 2644 (0x0A54)
CExternalEventEndpoint::HandleMessage. ExternalEventAgent 26-03-2015 22:34:00 2420 (0x0974)
Start to execute action for hint TestAndEnableEndpointNotification ExternalEventAgent 26-03-2015 22:34:00 2420 (0x0974)
Start to test and renew notification for group: EndpointProtection ExternalEventAgent 26-03-2015 22:34:00 2420 (0x0974)
WMI callback for machine notification (SELECT * FROM __InstanceOperationEvent WITHIN 30 WHERE TargetInstance ISA "AntimalwareHealthStatus") in scope (\\.\root\Microsoft\SecurityClient) for group 'EndpointProtection' is not registered. ExternalEventAgent 26-03-2015 22:34:00 2420 (0x0974)
Start to renew notification. ExternalEventAgent 26-03-2015 22:34:00 2420 (0x0974)
CExternalEventEndpoint::HandleMessage finished. ExternalEventAgent 26-03-2015 22:34:00 2420 (0x0974)

March 27th, 2015 1:50am

Hi

Also this one missed in previous thread

Failed to get the wmi query result for error = 80010105 ExternalEventAgent 26-03-2015 01:39:28 280 (0x0118)
Sent 0 state messages successfully and skipped 0 input entries. ExternalEventAgent 26-03-2015 01:39:28 280 (0x0118)
Send State Message finished. ExternalEventAgent 26-03-2015 01:39:28 280 (0x0118)
Failed to get the wmi query result for error = 800106F7 ExternalEventAgent 26-03-2015 01:39:28 280 (0x0118)
Sent 0 state messages successfully and skipped 0 input entries. ExternalEventAgent 26-03-2015 01:39:28 280 (0x0118)
Send State Message finished. ExternalEventAgent 26-03-2015 01:39:28 280 (0x0118)
Sent 0 state messages successfully and skipped 0 input entries. ExternalEventAgent 26-03-2015 01:39:29 280 (0x0118)
Send State Message finished. ExternalEventAgent 26-03-2015 01:39:29 280 (0x0118)
CExternalEventEndpoint::HandleMessage. ExternalEventAgent 26-03-2015 04:45:00 300 (0x012C)
Start to execute action for hint TestAndEnableEndpointNotification ExternalEventAgent 26-03-2015 04:45:00 300 (0x012C)
Start to test and renew notification for group: EndpointProtection ExternalEventAgent 26-03-2015 04:45:00 300 (0x012C)

Free Windows Admin Tool Kit Click here and download it now
March 27th, 2015 1:53am

Hi,

It seems to be a WMI issue. Please try to restart the WMI service.

Start > Run > services.msc > Find Windows Management Instrumentation > and Click Restart

Best Regards,

Joyce

March 31st, 2015 5:12am

Hi

Reboot of server has fixed my issues rather I dint try WMI service restart . Thanks for your help.

Free Windows Admin Tool Kit Click here and download it now
March 31st, 2015 7:55am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics