I have created an Endpoint Protection Site System role Point.

I created a Client Setting for Endpoint Protection.  Settings:

Manage Endpoint Protection client on client computer's - Yes

Install Endpoint Protection client on client computer's - Yes

Deployed to:  Device Collections

21 members of these collections are visible on Site.  They never get the client automatically installed. 

If I select one of these clients and select Install Client, it does.  The ccm log shows "Connected to administrative share on machine C10048 using account 'CSD\****' and all is correct and successful.  It also gets the correct custom antimalware policy I created, and gets the definition updates from the Automatic Deployment Rule I created.

I cannot find out why the automatic client install for Endpoint Protection does not happen.  Thank you for any help.

KAC

Check and see if you have any maintenance windows configured that could be preventing the EP client from installing. If you want the EP client to install regardless of MWs, go into your client policy and set "Allow Endpoint Protection client installation and restarts outside maintenance windows. Maintenance windows must be at least 30 minutes long for client installation" to YES.

Hi Kevin,

Great suggestion, but unfortunately it is already set to Yes.  However, I do not have a "Maintenance window" time set.  maybe this is the problem?  Where do I set that?  I will research.

thank you for your help with this!

KAC

I just added a 23:58 hour every day Maintenance Window to my Device Collections. Even though the auto deploy rule is set to, Yes outside this window, we shall see if this helps.

EP clients are still not installing to my Device Collection. 

I double checked all site and client pre-reqs and can find nothing wrong.  The clients local firewall is off, file and print sharing on, admin share is accessible. 

When I installed the EP point site system role, it installed the EP client on the server as expected.

When I install a EP client manually, they get a policy and updates as expected.

Is there a service not running, or something else I am missing?

thank you, KAC

Hi,

Have you checked the EndpointProtectionAgent.log? Any error?

Best Regards,

Joyce

Hi Joyce,

I actually cannot because there is no client, thus no client logs to check.  I have only configured a custom client setting for Endpoint Protection, and it is not working.  The server ccm.log does not show any attempt to install clients.  It does show clients connecting when I manually tell a computer in a collection to install the client.  Then of course the clients EndpointProtectionAgent.log is all good.  Thank you for the response.  I will create a new custom client setting to test.

KAC

Hi,

What does it mean for "The server ccm.log does not show any attempt to install clients"? Do you mean installing ccm client? If that is the case, which the method you configured to install ccm clients? Endpoint Protection only can be installed automatically when there is a client on the computer. Please have a look at the article below about ccm client install methods.

How to Install Clients on Windows-Based Computers in Configuration Manager

Besrt Regards,

Joyce

Good morning Joyce,

I thought these EP settings would install the client.

Manage Endpoint Protection client on client computer's - Yes

Install Endpoint Protection client on client computer's - Yes

I added Forest Discovery for IP Address Ranges, then added a Boundary Group with these Addresses.  I also Enabled Automatic site-wide client push installation on my primary site. 

Well now clients are installing! After the first night 363 default clients installed on discovered computers, and EP client installed on the device collections I set.  I turned off site-wide, but realize it keeps trying for seven days.  856 clients have installed out of 1295 discovered.  This is great but now I see I want to setup Software update-based client installation. 

thank you for your help.

KAC

I also had to set a maintenance windows on each collection and select View the collection in the EP dashboard.