Itian Posted October 13, 2013 Report post Posted October 13, 2013 Hello, I've been deploying EndPoint 2012 Client now for a good few weeks, the servers clients are updating fine but just checking the desktops and there are a number of them which are not updating and saying there almost 6 days out date! Checking one of the desktops event viewer I can see the following:- Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1249.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072efd Error description: A connection with the server could not be established Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1249.0 Update Source: File Share Update Stage: Search Source Path: \\server.domain.internal\sources$\scep\definitions\x86 Signature Type: AntiVirus Update Type: Full User: DOMAIN\Username Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80070002 Error description: The system cannot find the file specified. Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1249.0 Update Source: File Share Update Stage: Search Source Path: \\server.domain.internal\sources$\scep\definitions\x86 Signature Type: AntiSpyware Update Type: Full User: DOMAIN\Username Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80070002 Error description: The system cannot find the file specified. I can browse to that UNC location fine. We do have a proxy server, the exceptions are in there. WindowsUpdate.log from client:- 2013-10-13 02:04:17:629 3712 e08 COMAPI ---------2013-10-13 02:04:17:630 1044 eb0 Agent *************2013-10-13 02:04:17:630 1044 eb0 Agent ** START ** Agent: Finding updates [CallerId = System Center 2012 Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]2013-10-13 02:04:17:630 3712 e08 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = System Center 2012 Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]2013-10-13 02:04:17:630 1044 eb0 Agent *********2013-10-13 02:04:17:630 1044 eb0 Agent * Online = Yes; Ignore download priority = No2013-10-13 02:04:17:630 1044 eb0 Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6911a52c34a3' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"2013-10-13 02:04:17:630 1044 eb0 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed2013-10-13 02:04:17:630 1044 eb0 Agent * Search Scope = {Machine}2013-10-13 02:04:17:711 1044 eb0 PT +++++++++++ PT: Starting category scan +++++++++++2013-10-13 02:04:17:711 1044 eb0 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://server.domain.internal:8530/ClientWebService/client.asmx2013-10-13 02:04:17:762 1044 eb0 PT +++++++++++ PT: Synchronizing server updates +++++++++++2013-10-13 02:04:17:762 1044 eb0 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://server.domain.internal.INTERNAL:8530/ClientWebService/client.asmx2013-10-13 02:04:17:918 1044 eb0 Agent * Found 0 updates and 4 categories in search; evaluated appl. rules of 57 out of 69 deployed entities2013-10-13 02:04:17:919 1044 eb0 Agent *********2013-10-13 02:04:17:919 1044 eb0 Agent ** END ** Agent: Finding updates [CallerId = System Center 2012 Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]2013-10-13 02:04:17:919 1044 eb0 Agent *************2013-10-13 02:04:17:920 3712 fc0 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = System Center 2012 Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]2013-10-13 02:04:17:920 3712 fc0 COMAPI - Updates found = 02013-10-13 02:04:17:921 3712 fc0 COMAPI ---------2013-10-13 02:04:17:921 3712 fc0 COMAPI -- END -- COMAPI: Search [ClientId = System Center 2012 Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]2013-10-13 02:04:17:921 3712 fc0 COMAPI -------------2013-10-13 02:04:22:500 1044 eb0 Report REPORT EVENT: {1D18B9C9-C9E0-4327-BFBD-76B68E6EA387} 2013-10-13 02:04:17:500+0100 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072efd System Center 2012 Endpoint Pro Failure Software Synchronization Windows Update Client failed to detect with error 0x80072efd.2013-10-13 02:04:22:500 1044 eb0 Report REPORT EVENT: {B8E5393B-3EDD-47C8-ABF0-CE974675AC7C} 2013-10-13 02:04:17:919+0100 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 System Center 2012 Endpoint Pro Success Software Synchronization Windows Update Client successfully detected 0 updates.2013-10-13 02:04:22:508 1044 eb0 Report CWERReporter::HandleEvents - WER report upload completed with status 0x82013-10-13 02:04:22:508 1044 eb0 Report WER Report sent: 7.6.7600.256 0x80072efd 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged2013-10-13 02:04:22:508 1044 eb0 Report CWERReporter finishing event handling. (00000000) Anything else to check? Quote Share this post Link to post Share on other sites More sharing options...
Itian Posted October 13, 2013 Report post Posted October 13, 2013 Update:- Interesting test, If I go proxyless the updates download fine BUT I thought EndPoint was talking direct to the SCCM Server for update? Quote Share this post Link to post Share on other sites More sharing options...
