SCEP not reporting to CM Console

Duchemin, Dominique 1,461 Reputation points
2023-03-06T17:45:11.81+00:00

Hello,

I have the following errors in EndpointProtectionAgent.log

Service startup notification received 3/6/2023 9:36:51 AM 5480 (0x1568) Endpoint is triggered by CCMTask Execute. 3/6/2023 9:36:51 AM 1968 (0x07B0) This machine is not a workstation, returning false for MDMIsExternallyManaged. 3/6/2023 9:36:51 AM 1968 (0x07B0) Not RS3+, this device is SCCM managed. 3/6/2023 9:36:51 AM 1968 (0x07B0) Endpoint protection workload is NOT migrated to Intune. SCCM will apply policy. 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) EP State and Error Code didn't get changed, skip resend state message. 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) State 1, error code 0 and detail message are not changed, skip updating registry value 3/6/2023 9:36:51 AM 1968 (0x07B0) Defender detected 3/6/2023 9:36:51 AM 1968 (0x07B0)

Where to look for more information?

The CM agent seems working fine.

SCEP is running on the Client.

The definition updates are up-to-date.

But there is no report on the CM Console

2023-03-06_9-43-07 VIDDEWEb01 - SCEP.pdf

There is the registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\ExternalEventAgent which is missing...

I tried uninstalling the SCEP Agent rebooting the machine reinstalling and still the same issue...

Any idea?

Thanks,
Dom

Microsoft Configuration Manager
Microsoft System Center
Microsoft System Center
A suite of Microsoft systems management products that offer solutions for managing datacenter resources, private clouds, and client devices.
344 questions

10 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Duchemin, Dominique 1,461 Reputation points
    2023-03-07T01:16:33.0833333+00:00

    Hello,

    Adding another log information: ExternalEventAgent.log

    CExternalEventEndpoint::HandleMessage. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Start to execute action for hint MDM_WindowsAdvancedThreatProtection_HealthState01 ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Could not open the registry key SOFTWARE\Microsoft\CCM\ExternalEventAgent\Criterias\Differentiation\ATPHealthStatusStateMessage\SyncStatus with error 0x80070002. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Could not open the registry key SOFTWARE\Microsoft\CCM\ExternalEventAgent\Criterias\Differentiation\ATPHealthStatusStateMessage with error 0x80070002. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Failed to load previous values of Differentiation criteria ATPHealthStatusStateMessage with error 0x80070002. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Failed to load criteria before processing input. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Sent 0 state messages successfully and skipped 0 input entries. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC)

    I have a lot of this clients having CM Agent running, SCEP installed but the columns Endpoint Protection Definition Last version and Endpoint Protection Engine Version in the console remain blank....

    2023-03-06_17-20-46 SCEP Missing registry.pdf

    Thanks,

    Dom

  2. Duchemin, Dominique 1,461 Reputation points
    2023-03-07T01:19:16.36+00:00

    Hello,

    Could not open the registry key SOFTWARE\Microsoft\CCM\ExternalEventAgent\Criterias\Differentiation\ATPHealthStatusStateMessage\SyncStatus with error 0x80070002.

    I do not see this registry on the client!!!

    2023-03-06_17-20-46 SCEP Missing registry.pdf

    Any idea,

    Thanks,

    Dom

  3. CherryZhang-MSFT 5,061 Reputation points Microsoft Vendor
    2023-03-07T05:43:50.6133333+00:00

    Hi @Duchemin, Dominique

    1, For screenshot 2023-03-06_9-43-07 VIDDEWEb01 - SCEP.pdf, the client icon is show as gray X. Is this normal in your environment? By default, the gray X is mean that the device is offline.

    2, What is the client OS version you are using?  The log error you mentioned may appear on clients of Windows 10 and later OS versions. These are common errors. Please help upload the full logs for our reference.

    3, Please refer to the following article to check whether your SCEP deployment is successful.

    Install Endpoint Protection Role In SCCM - An Easy Guide (prajwaldesai.com)

    Note: Microsoft provides third-party contact information to help you understand the problem. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    Looking forward to your feedback.

    Best regards,
    Cherry

  4. Duchemin, Dominique 1,461 Reputation points
    2023-03-07T07:18:45.9066667+00:00

    Hi @CherryZhang-MSFT

    1, We have several clients with gray X but they are online as I was accessing them locally. It is often a communication issue time to tiem.

    2, I checked several servers Windows Server 2016 and Windows Server 2019.

    3, Checking :

    Install Endpoint Protection Role In SCCM - An Easy Guide (prajwaldesai.com)

    Client Settings are deployed to 1200 servers and only 100 are the missing information...

    Antimalware Policy are deployed to all of them I confirmed by checking the registries HKLM > SOFTWARE > Policies > Microsoft > Microsoft Antimalware ...

    I noticed that the one failing so far are missing another registry, this registry does not exist ...

    SOFTWARE\Microsoft\CCM*ExternalEventAgent*

    Any idea,

    Thanks,

    Dom

  5. Duchemin, Dominique 1,461 Reputation points
    2023-03-07T07:41:22.76+00:00

    1234567890