Installation System Center Endpoint Protection on Standalone servers

Duchemin, Dominique 2,006 Reputation points
2022-11-04T00:13:50.317+00:00

Hello,

I am trying to install System Center Endpoint Protection on a Windows Server 2012 standalone:

I copied the files:

  1. scepinstall.exe
  2. Standalone.xml

then run
C:\source\scepinstall.exe /policy C:\source\standalone-Domain_Controller.xml
or
C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe C:\source\standalone-Domain_Controller.xml

but I could not see where to change the source of the Definition Updates which should be the WSUS server and no more the Configuration Manager Server with its software updates.

So when opening the GUI locally I have an error:
256983-2022-11-03-17-09-37-standalone-01.png

then if I click "Update definitions"

256984-2022-11-03-17-10-19-standalone-02.png

Where should I change the source of the definitions?

Thanks,
Dom

Microsoft Configuration Manager
0 comments

14 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Duchemin, Dominique 2,006 Reputation points
    2022-11-16T16:03:13.947+00:00

    Hello,

    Still waiting for the Definition Updates as so far it is still 1.379.406.0 even there are several new Definitions Updates listed in WSUS and Software Updates as well:
    1.379.409.0
    1.379.421.0
    1.379.429.0
    1.379.432.0
    1.379.444.0

    Checking WindowsUpdates.log file...

    2022-11-15 18:14:10:022 884 784 Misc =========== Logging initialized (build: 7.9.9600.19915, tz: -0800) ===========

    2022-11-15 18:14:10:022 884 784 Misc = Process: C:\Windows\system32\svchost.exe
    2022-11-15 18:14:10:022 884 784 Misc = Module: c:\windows\system32\wuaueng.dll
    2022-11-15 18:14:10:022 884 784 Service *************
    2022-11-15 18:14:10:022 884 784 Service ** START ** Service: Service startup
    2022-11-15 18:14:10:022 884 784 Service *********
    2022-11-15 18:14:10:026 884 784 IdleTmr Non-AoAc machine. Aoac operations will be ignored.
    2022-11-15 18:14:10:026 884 784 Agent * WU client version 7.9.9600.19915
    2022-11-15 18:14:10:026 884 784 Agent WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
    2022-11-15 18:14:10:026 884 784 Agent * Base directory: C:\Windows\SoftwareDistribution
    2022-11-15 18:14:10:026 884 784 Agent * Access type: No proxy
    2022-11-15 18:14:10:026 884 784 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 0.
    2022-11-15 18:14:10:026 884 784 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
    2022-11-15 18:14:10:027 884 784 Agent * Network state: Connected
    2022-11-15 18:14:10:029 884 784 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 0.
    2022-11-15 18:14:10:029 884 784 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
    2022-11-15 18:14:10:049 884 784 Agent *********** Agent: Initializing global settings cache ***********
    2022-11-15 18:14:10:049 884 784 Agent * Endpoint Provider: 00000000-0000-0000-0000-000000000000
    2022-11-15 18:14:10:049 884 784 Agent * WSUS server: http://vopwsus2k12:8530
    2022-11-15 18:14:10:049 884 784 Agent * WSUS status server: http://vopwsus2k12:8530
    2022-11-15 18:14:10:049 884 784 Agent * Target group: Manual Installation
    2022-11-15 18:14:10:049 884 784 Agent * Windows Update access disabled: No
    2022-11-15 18:14:10:049 884 784 Misc WARNING: Network Cost is assumed to be not supported as something failed with trying to get handles to wcmapi.dll
    2022-11-15 18:14:10:053 884 784 WuTask WuTaskManager delay initialize completed successfully..
    2022-11-15 18:14:10:054 884 784 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2022-11-16 02:15:36, not idle-only, not network-only
    2022-11-15 18:14:10:054 884 784 AU Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2022-11-16 22:25:55, not idle-only, not network-only
    2022-11-15 18:14:10:054 884 784 AU Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2022-11-16 22:25:55, not idle-only, not network-only
    2022-11-15 18:14:10:058 884 784 Report WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
    2022-11-15 18:14:10:058 884 784 Report CWERReporter::Init succeeded
    2022-11-15 18:14:10:058 884 784 Agent *********** Agent: Initializing Windows Update Agent ***********
    2022-11-15 18:14:10:058 884 784 DnldMgr Download manager restoring 0 downloads
    2022-11-15 18:14:10:059 884 784 AU ########### AU: Initializing Automatic Updates ###########
    2022-11-15 18:14:10:059 884 784 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-download notify} added to AU services list
    2022-11-15 18:14:10:059 884 784 AU AIR Mode is disabled
    2022-11-15 18:14:10:059 884 784 AU # Policy Driven Provider: http://vopwsus2k12:8530
    2022-11-15 18:14:10:059 884 784 AU # Detection frequency: 4
    2022-11-15 18:14:10:059 884 784 AU # Target group: Manual Installation
    2022-11-15 18:14:10:059 884 784 AU # Approval type: Pre-install notify (Policy)
    2022-11-15 18:14:10:059 884 784 AU # Auto-install minor updates: Yes (Policy)
    2022-11-15 18:14:10:059 884 784 AU # ServiceTypeDefault: Service 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 Approval type: (Pre-download notify)
    2022-11-15 18:14:10:059 884 784 AU # Will interact with non-admins (Non-admins are elevated (User preference))
    2022-11-15 18:14:10:060 884 784 Misc WARNING: IsSessionRemote: WinStationQueryInformationW(WTSIsRemoteSession) failed for session 2, GetLastError=2250
    2022-11-15 18:14:10:061 884 784 Misc WARNING: IsSessionRemote: WinStationQueryInformationW(WTSIsRemoteSession) failed for session 3, GetLastError=2250
    2022-11-15 18:14:10:061 884 784 AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037
    2022-11-15 18:14:10:061 884 784 AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
    2022-11-15 18:14:10:064 884 784 AU AU finished delayed initialization
    2022-11-15 18:14:10:064 884 784 AU Currently AUX is enabled - so not show any WU Upgrade notifications.
    2022-11-15 18:14:10:065 884 784 AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
    2022-11-15 18:14:10:066 884 784 AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
    2022-11-15 18:14:10:069 884 784 AU Adding timer:
    2022-11-15 18:14:10:069 884 784 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2022-11-16 02:15:36, not idle-only, not network-only
    2022-11-15 18:14:10:071 884 df4 DnldMgr Asking handlers to reconcile their sandboxes
    2022-11-15 18:15:36:000 884 784 AU #############
    2022-11-15 18:15:36:000 884 784 AU ## START ## AU: Search for updates
    2022-11-15 18:15:36:000 884 784 AU #########
    2022-11-15 18:15:36:000 884 784 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-download notify} added to AU services list
    2022-11-15 18:15:36:001 884 784 IdleTmr WU operation (CSearchCall::Init ID 1) started; operation # 7; does use network; is at background priority
    2022-11-15 18:15:37:510 884 784 Report *********** Report: Initializing static reporting data ***********
    2022-11-15 18:15:37:510 884 784 Report * OS Version = 6.3.9600.0.0.196880
    2022-11-15 18:15:37:510 884 784 Report * OS Product Type = 0x00000007
    2022-11-15 18:15:37:515 884 784 Report * Computer Brand = VMware, Inc.
    2022-11-15 18:15:37:515 884 784 Report * Computer Model = VMware Virtual Platform
    2022-11-15 18:15:37:515 884 784 Report * Platform Role = 1
    2022-11-15 18:15:37:515 884 784 Report * AlwaysOn/AlwaysConnected (AOAC) = 0
    2022-11-15 18:15:37:517 884 784 Report * Bios Revision = 6.00
    2022-11-15 18:15:37:517 884 784 Report * Bios Name = PhoenixBIOS 4.0 Release 6.0
    2022-11-15 18:15:37:517 884 784 Report * Bios Release Date = 2018-12-12T00:00:00
    2022-11-15 18:15:37:517 884 784 Report * Bios Sku Number unavailable.
    2022-11-15 18:15:37:517 884 784 Report * Bios Vendor = Phoenix Technologies LTD
    2022-11-15 18:15:37:517 884 784 Report * Bios Family unavailable.
    2022-11-15 18:15:37:517 884 784 Report * Bios Major Release = 4
    2022-11-15 18:15:37:517 884 784 Report * Bios Minor Release = 6
    2022-11-15 18:15:37:517 884 784 Report * Locale ID = 1033
    2022-11-15 18:15:37:517 884 784 Handler Calculating current update level for this session
    2022-11-15 18:15:38:558 884 784 Handler UH: Current cumulative update level calculated: package identity Package_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8, display name KB3000850, support URL http://support.microsoft.com/?kbid=3000850, timestamp 01d00612ee58ae04
    2022-11-15 18:15:38:559 884 784 Handler Done calculating current update level for this session
    2022-11-15 18:15:38:982 884 784 Agent START Queueing Finding updates [CallerId = AutomaticUpdates Id = 1]
    2022-11-15 18:15:38:982 884 784 AU <<## SUBMITTED ## AU: Search for updates [CallId = {C3CC614C-291E-4404-B137-89B9EFA54220} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
    2022-11-15 18:15:38:983 884 784 Agent SkipSelfUpdateCheck search flag set for serverId: 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782
    2022-11-15 18:15:38:983 884 784 IdleTmr WU operation (CSearchCall::Init ID 2) started; operation # 9; does use network; is at background priority
    2022-11-15 18:15:38:983 884 784 Agent START Queueing Finding updates [CallerId = AutomaticUpdates Id = 2]
    2022-11-15 18:15:38:983 884 784 AU <<## SUBMITTED ## AU: Search for updates [CallId = {8093AA06-8A86-4D47-A95B-B54137C0112F} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
    2022-11-15 18:15:38:983 884 1100 Agent END Queueing Finding updates [CallerId = AutomaticUpdates Id = 1]
    2022-11-15 18:15:38:983 884 210 Agent END Queueing Finding updates [CallerId = AutomaticUpdates Id = 2]
    2022-11-15 18:15:38:984 884 1100 Agent *************
    2022-11-15 18:15:38:985 884 210 Agent *************
    2022-11-15 18:15:38:987 884 1100 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 1]
    2022-11-15 18:15:38:988 884 210 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 2]
    2022-11-15 18:15:38:989 884 1100 Agent *********
    2022-11-15 18:15:38:990 884 210 Agent *********
    2022-11-15 18:15:38:991 884 1100 Agent * Online = Yes; Ignore download priority = No
    2022-11-15 18:15:38:992 884 210 Agent * Online = Yes; Ignore download priority = No
    2022-11-15 18:15:38:993 884 1100 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2022-11-15 18:15:38:994 884 210 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2022-11-15 18:15:38:995 884 1100 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2022-11-15 18:15:38:996 884 210 Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2022-11-15 18:15:38:997 884 1100 Agent * Search Scope = {Machine & All Users}
    2022-11-15 18:15:38:998 884 210 Agent * Search Scope = {Machine & All Users}
    2022-11-15 18:15:39:000 884 1100 Agent * Caller SID for Applicability: S-1-5-18
    2022-11-15 18:15:39:001 884 210 Agent * Caller SID for Applicability: S-1-5-18
    2022-11-15 18:15:39:002 884 1100 Agent * RegisterService is set
    2022-11-15 18:15:39:003 884 210 Agent * RegisterService is set
    2022-11-15 18:15:39:005 884 1100 SLS Retrieving SLS response from server using ETAG "16IMgThQPatW3gLvl1IedEpqN3G7onUum7nRv4bGmwI=_1440"...
    2022-11-15 18:15:39:006 884 1100 SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=750&L=en-US&P=&PT=0x7&WUA=7.9.9600.19915
    2022-11-15 18:15:39:331 884 210 SLS Retrieving SLS response from server using ETAG "16IMgThQPatW3gLvl1IedEpqN3G7onUum7nRv4bGmwI=_1440"...
    2022-11-15 18:15:39:331 884 1100 EP Got WSUS Client/Server URL: "http://vopwsus2k12:8530/ClientWebService/client.asmx"
    2022-11-15 18:15:39:344 884 210 SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=750&L=en-US&P=&PT=0x7&WUA=7.9.9600.19915
    2022-11-15 18:15:39:346 884 1100 Setup Checking for agent SelfUpdate
    2022-11-15 18:15:39:347 884 1100 Setup Client version: Core: 7.9.9600.19915 Aux: 7.9.9600.19915
    2022-11-15 18:15:39:348 884 1100 EP Got WSUS SelfUpdate URL: "http://vopwsus2k12:8530/selfupdate"
    2022-11-15 18:15:39:363 884 1100 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
    2022-11-15 18:15:39:368 884 1100 Misc Microsoft signed: NA
    2022-11-15 18:15:39:369 884 1100 Misc Infrastructure signed: Yes
    2022-11-15 18:15:39:373 884 1100 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\TMP965D.tmp with dwProvFlags 0x00000080:
    2022-11-15 18:15:39:377 884 1100 Misc Microsoft signed: NA
    2022-11-15 18:15:39:378 884 1100 Misc Infrastructure signed: Yes
    2022-11-15 18:15:39:396 884 1100 Setup FATAL: GetClientUpdateUrl failed, err = 0x8024D009
    2022-11-15 18:15:39:397 884 1100 Setup Skipping SelfUpdate check based on the /SKIP directive in wuident
    2022-11-15 18:15:39:399 884 1100 Setup SelfUpdate check completed. SelfUpdate is NOT required.
    2022-11-15 18:15:39:426 884 210 EP Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "117cab2d-82b1-4b5a-a08c-4d62dbee7782"
    2022-11-15 18:15:39:496 884 210 EP Got 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 redir Client/Server URL: "https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx"
    2022-11-15 18:15:39:539 884 210 PT +++++++++++ PT: Synchronizing server updates +++++++++++
    2022-11-15 18:15:39:540 884 210 PT + ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}, Server URL = https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx
    2022-11-15 18:15:39:541 884 210 Agent Reading cached app categories using lifetime 604800 seconds
    2022-11-15 18:15:39:543 884 210 Agent Read 0 cached app categories
    2022-11-15 18:15:39:544 884 210 Agent SyncUpdates adding 0 visited app categories
    2022-11-15 18:15:39:651 884 210 PT + SyncUpdates round trips: 0
    2022-11-15 18:15:39:692 884 210 Agent * Added update {C21E26AB-BFEE-425B-BD0B-C0043B81B034}.1 to search result
    2022-11-15 18:15:39:705 884 210 Agent * Added update {F944750C-BED6-4116-BFC4-91361F87CE97}.1 to search result
    2022-11-15 18:15:39:706 884 210 Agent * Added update {AE53F50B-1F53-4E10-93A2-7005AD671608}.100 to search result
    2022-11-15 18:15:39:707 884 210 Agent * Added update {17A599BB-6485-4405-89C1-77A260C078D9}.100 to search result
    2022-11-15 18:15:39:708 884 210 Agent * Added update {1E536662-7256-42FA-9373-7A009A14400B}.100 to search result
    2022-11-15 18:15:39:710 884 210 Agent * Added update {DE323AF5-28CA-4BAB-A85B-B074001783BF}.1 to search result
    2022-11-15 18:15:39:711 884 210 Agent * Added update {D87FA2B6-A04D-4920-92AE-7C6586F98ED4}.1 to search result
    2022-11-15 18:15:39:712 884 210 Agent * Added update {00563009-B9BF-43A4-8B4E-5ACE3172912B}.2 to search result
    2022-11-15 18:15:39:712 884 210 Agent * Added update {BB8EED48-5EB9-481D-A043-D8BE51942055}.1 to search result
    2022-11-15 18:15:39:714 884 210 Agent * Added update {4849182B-70A4-4A3F-9FF9-054D8BCDCDDD}.1 to search result
    2022-11-15 18:15:39:715 884 210 Agent * Added update {A44878FB-450F-4C78-AC58-0F32712DDA1A}.1 to search result
    2022-11-15 18:15:39:716 884 210 Agent * Added update {5DBBEA84-90D6-42A4-B8EE-CA2BA1A42B1C}.1 to search result
    2022-11-15 18:15:39:717 884 210 Agent * Added update {2A4D62A5-450B-450C-A44E-65E9CC5DBD45}.1 to search result
    2022-11-15 18:15:39:718 884 210 Agent Update {A646B27E-937C-419F-B2A0-8817A4D1D5FD}.1 is pruned out due to potential supersedence
    2022-11-15 18:15:39:719 884 210 Agent * Added update {58045100-5E56-41CE-B7AD-8A306A21F9CB}.1 to search result
    2022-11-15 18:15:39:720 884 210 Agent * Added update {70B92375-9E4C-4A44-B6DC-F08A7BC989A1}.1 to search result
    2022-11-15 18:15:39:721 884 210 Agent * Added update {900900EA-A7F1-4335-996F-D64E78085B0F}.1 to search result
    2022-11-15 18:15:39:722 884 210 Agent * Found 16 updates and 26 categories in search; evaluated appl. rules of 81 out of 98 deployed entities
    2022-11-15 18:15:39:728 884 210 Agent *********
    2022-11-15 18:15:39:728 884 210 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 2]
    2022-11-15 18:15:39:753 884 210 Agent *************
    2022-11-15 18:15:39:757 884 df4 Report REPORT EVENT: {1B3D51BF-919F-497A-8301-D7810723483F} 2022-11-15 18:15:39:727-0800 1 147 [AGENT_DETECTION_FINISHED] 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 16 updates.
    2022-11-15 18:15:39:764 884 210 Agent Removing per user update {900900EA-A7F1-4335-996F-D64E78085B0F} from search result since it applies to no users
    2022-11-15 18:15:39:909 884 210 Agent Removing per user update {70B92375-9E4C-4A44-B6DC-F08A7BC989A1} from search result since it applies to no users
    2022-11-15 18:15:39:936 884 210 Agent Removing per user update {58045100-5E56-41CE-B7AD-8A306A21F9CB} from search result since it applies to no users
    2022-11-15 18:15:39:939 884 df4 Report CWERReporter finished handling 10 events. (00000000)
    2022-11-15 18:15:39:940 884 210 Agent Removing per user update {2A4D62A5-450B-450C-A44E-65E9CC5DBD45} from search result since it applies to no users
    2022-11-15 18:15:39:955 884 210 Agent Removing per user update {5DBBEA84-90D6-42A4-B8EE-CA2BA1A42B1C} from search result since it applies to no users
    2022-11-15 18:15:39:956 884 210 Agent Removing per user update {A44878FB-450F-4C78-AC58-0F32712DDA1A} from search result since it applies to no users
    2022-11-15 18:15:39:957 884 210 Agent Removing per user update {4849182B-70A4-4A3F-9FF9-054D8BCDCDDD} from search result since it applies to no users
    2022-11-15 18:15:39:958 884 210 Agent Removing per user update {BB8EED48-5EB9-481D-A043-D8BE51942055} from search result since it applies to no users
    2022-11-15 18:15:39:959 884 210 Agent Removing per user update {00563009-B9BF-43A4-8B4E-5ACE3172912B} from search result since it applies to no users
    2022-11-15 18:15:39:961 884 210 Agent Removing per user update {D87FA2B6-A04D-4920-92AE-7C6586F98ED4} from search result since it applies to no users
    2022-11-15 18:15:39:962 884 210 Agent Removing per user update {DE323AF5-28CA-4BAB-A85B-B074001783BF} from search result since it applies to no users
    2022-11-15 18:15:39:964 884 210 Agent Removing per user update {1E536662-7256-42FA-9373-7A009A14400B} from search result since it applies to no users
    2022-11-15 18:15:39:966 884 210 Agent Removing per user update {17A599BB-6485-4405-89C1-77A260C078D9} from search result since it applies to no users
    2022-11-15 18:15:39:968 884 210 Agent Removing per user update {AE53F50B-1F53-4E10-93A2-7005AD671608} from search result since it applies to no users
    2022-11-15 18:15:39:969 884 210 Agent Removing per user update {F944750C-BED6-4116-BFC4-91361F87CE97} from search result since it applies to no users
    2022-11-15 18:15:39:971 884 210 Agent Removing per user update {C21E26AB-BFEE-425B-BD0B-C0043B81B034} from search result since it applies to no users
    2022-11-15 18:15:39:972 884 210 IdleTmr WU operation (CSearchCall::Init ID 2, operation # 9) stopped; does use network; is at background priority
    2022-11-15 18:15:39:973 884 b3c AU >>## RESUMED ## AU: Search for updates [CallId = {8093AA06-8A86-4D47-A95B-B54137C0112F} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
    2022-11-15 18:15:39:975 884 b3c AU # 0 updates detected
    2022-11-15 18:15:39:976 884 b3c AU #########
    2022-11-15 18:15:39:977 884 b3c AU ## END ## AU: Search for updates [CallId = {8093AA06-8A86-4D47-A95B-B54137C0112F} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
    2022-11-15 18:15:39:978 884 b3c AU #############
    2022-11-15 18:15:40:026 884 1100 PT +++++++++++ PT: Synchronizing server updates +++++++++++
    2022-11-15 18:15:40:027 884 1100 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://vopwsus2k12:8530/ClientWebService/client.asmx
    2022-11-15 18:15:40:028 884 1100 PT WARNING: Cached cookie has expired or new PID is available
    2022-11-15 18:15:40:029 884 1100 EP Got WSUS SimpleTargeting URL: "http://vopwsus2k12:8530"
    2022-11-15 18:15:40:030 884 1100 IdleTmr WU operation (CAuthorizationCookieWrapper::InitializeSimpleTargetingCookie) started; operation # 11; does use network; is at background priority
    2022-11-15 18:15:40:031 884 1100 PT Initializing simple targeting cookie, clientId = 18e1c80f-93ae-4224-8d21-b807a6cbbb7d, target group = Manual Installation, DNS name = addcrh4.ad
    2022-11-15 18:15:40:033 884 1100 PT Server URL = http://vopwsus2k12:8530/SimpleAuthWebService/SimpleAuth.asmx
    2022-11-15 18:15:40:051 884 1100 IdleTmr WU operation (CAuthorizationCookieWrapper::InitializeSimpleTargetingCookie, operation # 11) stopped; does use network; is at background priority
    2022-11-15 18:15:40:052 884 1100 IdleTmr WU operation (CAgentProtocolTalker::GetCookie_WithRecovery) started; operation # 12; does use network; is at background priority
    2022-11-15 18:15:40:067 884 1100 IdleTmr WU operation (CAgentProtocolTalker::GetCookie_WithRecovery, operation # 12) stopped; does use network; is at background priority
    2022-11-15 18:15:40:076 884 1100 Agent Reading cached app categories using lifetime 604800 seconds
    2022-11-15 18:15:40:077 884 1100 Agent Read 0 cached app categories
    2022-11-15 18:15:40:078 884 1100 Agent SyncUpdates adding 0 visited app categories
    2022-11-15 18:15:40:807 884 1100 IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover) started; operation # 13; does use network; is at background priority
    2022-11-15 18:15:40:850 884 1100 IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover, operation # 13) stopped; does use network; is at background priority
    2022-11-15 18:15:40:852 884 1100 Agent Reading cached app categories using lifetime 604800 seconds
    2022-11-15 18:15:40:853 884 1100 Agent Read 0 cached app categories
    2022-11-15 18:15:40:854 884 1100 Agent SyncUpdates adding 0 visited app categories
    2022-11-15 18:15:40:869 884 1100 IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover) started; operation # 14; does use network; is at background priority
    2022-11-15 18:15:40:918 884 1100 IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover, operation # 14) stopped; does use network; is at background priority
    2022-11-15 18:15:40:919 884 1100 PT + SyncUpdates round trips: 2
    2022-11-15 18:15:43:791 884 1100 Agent * Found 0 updates and 92 categories in search; evaluated appl. rules of 1324 out of 2110 deployed entities
    2022-11-15 18:15:43:806 884 1100 Agent Reporting status event with 28 installable, 66 installed, 0 installed pending, 0 failed and 0 downloaded updates
    2022-11-15 18:15:43:810 884 1100 Agent *********
    2022-11-15 18:15:43:811 884 df4 Report REPORT EVENT: {13683B1C-73B6-405B-8541-C096A860FC66} 2022-11-15 18:15:43:806-0800 1 147 [AGENT_DETECTION_FINISHED] 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 0 updates.
    2022-11-15 18:15:43:812 884 1100 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 1]
    2022-11-15 18:15:43:814 884 df4 Report WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
    2022-11-15 18:15:43:814 884 1100 Agent *************
    2022-11-15 18:15:43:816 884 df4 Report WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
    2022-11-15 18:15:43:817 884 1100 IdleTmr WU operation (CSearchCall::Init ID 1, operation # 7) stopped; does use network; is at background priority
    2022-11-15 18:15:43:818 884 df4 Report WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
    2022-11-15 18:15:43:819 884 b3c AU >>## RESUMED ## AU: Search for updates [CallId = {C3CC614C-291E-4404-B137-89B9EFA54220} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
    2022-11-15 18:15:43:821 884 b3c AU # 0 updates detected
    2022-11-15 18:15:43:847 884 b3c AU #########
    2022-11-15 18:15:43:850 884 b3c AU ## END ## AU: Search for updates [CallId = {C3CC614C-291E-4404-B137-89B9EFA54220} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
    2022-11-15 18:15:43:875 884 b3c AU #############
    2022-11-15 18:15:43:877 884 df4 Report CWERReporter finished handling 8 events. (00000000)
    2022-11-15 18:15:43:878 884 b3c AU All AU searches complete.
    2022-11-15 18:15:43:881 884 b3c AU AU setting next detection timeout to 2022-11-16 05:42:05
    2022-11-15 18:15:43:883 884 b3c AU Adding timer:
    2022-11-15 18:15:43:885 884 b3c AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2022-11-16 05:42:05, not idle-only, not network-only
    2022-11-15 18:15:43:888 884 b3c AU # Publishing WNF Per user update count event Count: 0 SID {S-1-5-21-473757874-2086356406-1990561379-500} Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}
    2022-11-15 18:15:43:902 884 b3c AU Currently AUX is enabled - so not show any WU Upgrade notifications.
    2022-11-15 18:15:43:904 884 b3c AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
    2022-11-15 18:15:43:910 884 b3c AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
    2022-11-15 18:15:48:812 884 df4 Report REPORT EVENT: {398E7342-F8E9-40D1-A1BF-5B7960421247} 2022-11-15 18:15:43:809-0800 1 156 [AGENT_STATUS_30] 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
    2022-11-15 18:15:48:817 884 df4 Report CWERReporter finished handling 1 events. (00000000)

    Thanks,
    Dom

    0 comments
  2. Duchemin, Dominique 2,006 Reputation points
    2022-11-17T00:04:45.51+00:00

    Hello,

    Apparently the updates are added then removed !!! why? is it a setting?

    Removing per user update {AE53F50B-1F53-4E10-93A2-7005AD671608} from search result since it applies to no users

    Thanks,
    Dom

    0 comments
  3. Duchemin, Dominique 2,006 Reputation points
    2022-11-18T17:49:05.277+00:00

    Hi @CherryZhang-MSFT

    1. Yes the Antimalware policy exists as it is an xml file copied from Configuration Manager to the client. Anything to be checked inside the XML? Fallback order for example.
    2. WSUS approved does not have the KB2461484 but only the KB2267602
      262013-2022-11-18-8-55-17-definition-updates-in-wsus.png
      1. On the Client I do not see anything for the Security Intelligence!!! I see only the regular patches… under Control Panel\System and Security\Windows Update\Windows update history
        261975-2022-11-18-9-16-50-addcrh4-windows-updates.png
      2. On the client nothing in the Windowsupdate.log file … I see several days but nothing related to our definitions…
        262014-2022-11-18-9-19-08-windowsupdate-log.png
      3. Updates distributed from Microsoft Update
        This is the settings in Configuration manager for the Antimalware policy:
        261976-2022-11-18-9-31-55-addcrh4-antimalwarepolicy.png

    On the Client I transferred, the policy create in Configuration Manager:
    261992-2022-11-18-9-38-51-addcrh4-xml-transfer-policy.png

    Thanks,
    Dom

    0 comments
  4. Duchemin, Dominique 2,006 Reputation points
    2022-11-18T21:27:42.573+00:00

    Hello,

    Finally I found the issue, there was a Product " System Center Endpoint Protection" which was not selected on the WSUS Server. 262084-2022-11-18-13-02-08-wsus-scep-product.png
    After the selection was done by checking the product, doing an approval on new Definition Updates downloaded it works fine...
    Verifying the scheduling now.

    Thanks,
    Dom