+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Enterprise Software Thread, SCCM 2012 and FEP 2012 in Technical; Still not had any luck! We're using HTTP (eg. whatever is default out of the box). Driving me mad now!...
  1. #16

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Still not had any luck! We're using HTTP (eg. whatever is default out of the box).

    Driving me mad now!

  2. #17

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,964
    Thank Post
    139
    Thanked 291 Times in 211 Posts
    Rep Power
    193
    Your setup looked like it completed OK (according to your ccmsetup.log) but it doesn't reference scep at all, it just references the client.msi.

    Can you confirm your site server has the endpoint protection role? is it ok in monitoring/system status/component status?

    The ccmsetup.log should the following in this order but with loads of rubbish in between:

    *Item 'SCEPInstall.exe' is applicable. Add to the list.
    *Discovering whether item 'SCEPInstall.exe' exists.
    *Item SCEPInstall.exe has not been installed yet. Put to pending install list.
    *Adding file 'http://someserver:80/SMS_DP_SMSPKG$/sitecode00002/SCEPInstall.exe' to BITS job, saving as 'C:\Windows\ccmsetup\SCEPInstall.exe'.
    *C:\Windows\ccmsetup\SCEPInstall.exe is Microsoft trusted.

    In 2012 it downloads scep and dumps it in C:\windows\ccmsetup. On another machine, do an install and keep an eye in the windows\ccmsetup\ folder for the files are you tell it to install and keep an eye on the ccmseup.log. Does it copy over all the content? for instance it grabs silverlight, then scep, then windowsfirewallconfigurationprovider just after the client has downloaded.

    Try doing a manual install by getting the files off the server (handy to have anyway), you have something you can compare logs with.
    Last edited by Theblacksheep; 24th July 2012 at 04:08 PM. Reason: 1603

  3. Thanks to Theblacksheep from:

    localzuk (26th July 2012)

  4. #18

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,375
    Thank Post
    958
    Thanked 1,630 Times in 1,103 Posts
    Blog Entries
    47
    Rep Power
    711
    I can't remember how I told the EP client agent to install but I suspect that's because it happens automatically once you add the role. It happens automatically for me now on Windows 7 computers so try this... (this is a step towards production but I'm still halfway twixt XP and 7 so it's workable as a test environment still)

    * Set up your discovery methods if you haven't already (ask if you're not sure but there are links about, search Google for windows-noob.com results for some good stuff)
    * Set up a GPO that only applies to Windows 7 computers with a WMI filter:
    Code:
    select * from Win32_OperatingSystem where Version like "6.1%" and ProductType = "1"
    - use this GPO to set your SCCm server as the WSUS server under Windows Update]
    * In SCCM, under Administration, expand Site Configuration, click on Sites and click on Client Installation Settings in the ribbon abd choose Software Update-Based Client Installation. Tick the box and OK.
    * Just below that, cick Servers and Site System Roles and make sure your server is set up as an Endpoint Protection Point (right click and Add Site System Roles if it's not listed at the bottom)
    * After that it should all just... work. It does here, anyway, and I faffed about doing it the HTTPS way.

    As @Theblacksheep says, you should see hints of it in ccmsetup.log that's in c:\windows\ccmsetup. It sometimes takes a while to download stuff using BITS but once you've set a computer running windows update (gpupdate /force, then wuauclt /reportnow then wuauclt/detectnow) it will just do it all quietly in the background, you'll just have to check the systray and look for the green shield to see if it's worked.

    Further reading (including automatic approval & deployment of definition updates): using SCCM 2012 RC in a LAB - Part 5. Enable the Endpoint Protection Role and configure Endpoint Protection settings - Configuration Manager 2012 - Release Candidate - www.windows-noob.com

    EDIT: further check: has FEP installed on your SCCM server? It should do as part of setup, if it's not running on that server yet then it won't deploy to clients

  5. Thanks to sonofsanta from:

    localzuk (26th July 2012)

  6. #19

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Right. An update on this. I'm currently resolving some issues caused by the fact that we have a domain forest here, and the SCCM server was failing to publish to the AD as the permissions it had weren't good enough.

    Also, there is an issue with our group policy somewhere as no registry settings are being applied for some reason. So, I'll work through those 2 issues and come back when it all works, with a description of exactly what caused all this!

  7. #20

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Aannddd.... Its working

    I had to fix the AD publishing, and then add a Boundary Group.

    I didn't at all do a fist pump or dance in the office...

  8. #21

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,375
    Thank Post
    958
    Thanked 1,630 Times in 1,103 Posts
    Blog Entries
    47
    Rep Power
    711
    Quote Originally Posted by localzuk View Post
    Aannddd.... Its working

    I had to fix the AD publishing, and then add a Boundary Group.

    I didn't at all do a fist pump or dance in the office...
    Gratz

    (I should add, as well, that the only reason I used the Windows 7 WMI filter earlier was because I'm rolling Win7 out at the moment and don't want to clog SCCM up with old XP clients that are about to die. It's not necessary)

  9. #22

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Quote Originally Posted by sonofsanta View Post
    Gratz

    (I should add, as well, that the only reason I used the Windows 7 WMI filter earlier was because I'm rolling Win7 out at the moment and don't want to clog SCCM up with old XP clients that are about to die. It's not necessary)
    Indeed, I ignored it, as I don't care which machines get it. They'll all be Windows 7 by the end of next week.

    Also found that something in our default domain policy was being weird too. Now fixed and all is as it should be. I shall reward myself with beer tonight!

  10. #23

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,964
    Thank Post
    139
    Thanked 291 Times in 211 Posts
    Rep Power
    193
    Quote Originally Posted by localzuk View Post
    Aannddd.... Its working

    I had to fix the AD publishing, and then add a Boundary Group.

    I didn't at all do a fist pump or dance in the office...
    Glad you got it working.

    The boundary group got me even after setting up. I had one range for testing and couldnt work out why a PC in new range (vlan) wasn't receiving the software. Low an behold SCCM2012 uses boundary groups to detect distribution groups and in turn content delivery. No boundary group, no content.
    Last edited by Theblacksheep; 26th July 2012 at 03:21 PM.



SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. SCCM 2012 FEP
    By HMCTech in forum Enterprise Software
    Replies: 0
    Last Post: 27th April 2012, 10:47 AM
  2. Anyone got an idea of the release date for SCCM 2012?
    By pete in forum Enterprise Software
    Replies: 1
    Last Post: 7th June 2011, 02:17 PM
  3. Replies: 9
    Last Post: 23rd April 2011, 10:57 PM
  4. SCCM 2007 and Images
    By jj99 in forum O/S Deployment
    Replies: 3
    Last Post: 30th March 2010, 04:33 PM
  5. [SCCM 2007] SCCM, WSUS and ForeFront
    By azrael78 in forum O/S Deployment
    Replies: 0
    Last Post: 3rd December 2009, 08:30 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •