SCCM Client not installing on computers

[Quincy R]

So.. let me explain:

 

I work at a school district with three campuses and many domains. I installed SCCM back in November on a child domain. Deployed Endpoint protection, used WSUS, everything worked fine - Except WDS. I couldn't get that to work. I decided that I need to reinstall SCCM anyway at the parent domain level. So I did that, I figured I would have one PRI at the main campus, and a DP at each of the other two campuses.

 

So we have Main campus, campus 2 and campus 3.

 

I have the old SCCM installed at campus 2 currently pushing updates to Endpoint Protection

I have the new SCCM at Main campus, I'm just now comfiguring it by the guides.

In the new configuration I have PRI at Main campus, and a DP at campus 2 (so far.. will add campus three later)

 

I have a boundary group with iprange for the Main campus - it's DP is PRI

I have a boundary group with iprange for campus 3 - it's DP is PRI

I have a boundary group with iprange for campus 2- it's DP is the DP I have at campus 2.

 

So here I am, I installed SCCM, configured WSUS and Endpoint Protection. I set up my boundary groups (they're all right) and my device and user collections. All devices are discovered.

When I try to deploy the client to a test computer in the Main campus collection, it doesn't work. Nothing happens. No CCM folder in %windir%.

 

When I try to deploy the client to a test computer at campus 2 (which has NOT been deployed to by my first install) The client installs and SCEP installs. I also get the updates for SCEP.

 

I figure it's something to do with GPOs, as I have already configured GPOs for (child) Domain 2 (which resides at Campus 2). However, I DID also create a GPO for (parent) Domain 1 (that resides at Campus 1).

 

Under Windows Components/Windows Update

Specify Intranet Microsoft update service location: Enabled

http://server.domain.org:8530

 

I did set everything up for WSUS as the default (except that second bubble for customized ports, making them 8530 and 8531 [as in your guide]). This should work? However, when I go to http://server.domain.org:8530 on my test computer I cannot display the webpage. I get the same error on the SCCM/WSUS server as well. How do I check to see if this is right?

 

In GPO I also have

 

Network/Network Connections/Windows Firewall/Domain Profile

Windows Firewall: Allow File and Print Sharing Exception: Enabled

(Note I'm running on Server 2003)

I guess the WMI one isn't available on 2003?

 

Either way, I have the exact same things in both GPOs (On my Child domain - which works, and on my parent domain - which doesn't)

EXCEPT on the child domain I have:

 

Allow signed content from intranet Microsoft update service location:Enabled.

 

On my parent domain that option is not available.

 

Is it GPO? Are the two SCCM installations effecting eachother? The reason I don't want to take down the old SCCM install at campus 2 is because I want them to be good and updated with SCEP until I get Main campus working.

[Quincy R]

Got it.

(the client - still working on getting SCEP installed in the parent domain I can install SCEP in the child domain)

http://heineborn.com/tech/sccm-client-installation-error-53/

SCCM seems to be the program where I don't really know what works.

I added a bunch of ports to my parent DC GP. I also followed that link above. I feel stupid really... I forgot to add the accounts! Now the client is installing on the computers - for now!

Only problem is I need to go from my old SCCM to new SCCM.

I figured I would just take the DPs off my boundary groups off of my old SCCM.
Deploy the client to the computers that already have the old client on them. - I mean deploy the client from the NEW SCCM (and hope it overwrites?)
Deploy my client settings that state uninstall any other virus protection before installing Endpoint Protection. - I mean deploy from the new SCCM and hope, again, it overwrites.

Well, I did that. I do not get any errors when deploying the client. The site changes to my new PRI. However, when I go to Details of the Software Center, I see that the new one was not installed over the old one. The old one just stayed there.

When I run the Machine Policy Retrieval & Evaluation Cycle SCEP still does not install. I go to add/remove programs and I can see that the old SCEP is still installed. I deployed the new ADR for updates to the test group anyway, just to see if it still updates. I'm thinking maybe the old Software Center and SCEP is supposed to stay on there?

 

So in essence here's what I can do:

 

On the test computer in the parent domain I can install the client, but SCEP isn't installing.

EndpointProtectionAngent.log states that it's unable to query the reg key, so EP is NOT installed (... cool. So install it!)

Am Policy SML is ready.

Service startup notification received.

Endpoint is triggered by CCMTask Execute.

EP State and Error Code didn't get changed, skip resend state message

State 1 is NOT changed. Skip update registry value

-Then it starts all over with the same thing.

I'll add, this test machine is on the same HyperV as my SQL server. I added SQL server to the same test group and pushed the client. The client and SCEP both installed. Both on the parent domain.

Could it be something with permissions? I installed SQL on a separate server from SCCM, but I still added the SCCM comptuer to the local admins on SQL.

I tried it anyway. Added SCCM computer to local admins on my test computer. Didn't work. Also, I am NOT using SP1 (guess I got this install right before SP1).

 

On the test computer in the child domain (and the DP, I've done both) the client and SCEP will install.

Sweet!

 

On MY computer in that same child domain, I already have the client and SCEP from the OLD SCCM. When trying to install over those with the NEW SCCM, it looks like it's not working.

EndpointProtectionAgent.log states "EP version 2.2.903.0 is already installed.

Expected Version 2.2.903.0 is exactly same with installed version 2.2.903.0

 

(this is in "campus 2" on the child domain) When installing the client on an XP computer (of which I did NOT install the old SCCM client on) it works fine. I have SCEP set up to uninstall any other antivirus. I have (on all of my XP computers) either Vexira Antivirus, or AVG. This one in particular has Vexira. The error 0x8007064e pops up right away. I've researched it:

http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/microsoft-mse-0x8007064e-error-constantly-occurs/b2a8c5cf-49ce-410a-b9da-6505ebd8654a

Would you say that Vexira will not automatically get uninstalled and I have to do it manually on every computer?

Edit* If you leave the message up (to research it ) It'll eventually go away and SCEP will install. Unfortunately, Vexira still did not uninstall. We all know how two AVs work side by side - Bad News.

I restarted the computer, same thing. Vexira and EP were both there, the computer is just running slower now. I'll deploy a batch to uninstall Vex I guess.

 

 

I guess I just don't know the process. I can't seem to google anything on it either.