This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 55.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Hello,
I have the following errors in EndpointProtectionAgent.log
Service startup notification received 3/6/2023 9:36:51 AM 5480 (0x1568) Endpoint is triggered by CCMTask Execute. 3/6/2023 9:36:51 AM 1968 (0x07B0) This machine is not a workstation, returning false for MDMIsExternallyManaged. 3/6/2023 9:36:51 AM 1968 (0x07B0) Not RS3+, this device is SCCM managed. 3/6/2023 9:36:51 AM 1968 (0x07B0) Endpoint protection workload is NOT migrated to Intune. SCCM will apply policy. 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) EP State and Error Code didn't get changed, skip resend state message. 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) State 1, error code 0 and detail message are not changed, skip updating registry value 3/6/2023 9:36:51 AM 1968 (0x07B0) Defender detected 3/6/2023 9:36:51 AM 1968 (0x07B0)
Where to look for more information?
The CM agent seems working fine.
SCEP is running on the Client.
The definition updates are up-to-date.
But there is no report on the CM Console
2023-03-06_9-43-07 VIDDEWEb01 - SCEP.pdf
There is the registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\ExternalEventAgent which is missing...
I tried uninstalling the SCEP Agent rebooting the machine reinstalling and still the same issue...
Any idea?
Thanks,
Dom
1, Have you enabled the https in your environment?
2, We may need to confirm that if the account “VRPCALCLOUDCAP2$” has full permission. We may try to set a domain admin account.
Looking forward to your reply.
Best regards,
Cherry
Hello,
Adding another log information: ExternalEventAgent.log
CExternalEventEndpoint::HandleMessage. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Start to execute action for hint MDM_WindowsAdvancedThreatProtection_HealthState01 ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Could not open the registry key SOFTWARE\Microsoft\CCM\ExternalEventAgent\Criterias\Differentiation\ATPHealthStatusStateMessage\SyncStatus with error 0x80070002. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Could not open the registry key SOFTWARE\Microsoft\CCM\ExternalEventAgent\Criterias\Differentiation\ATPHealthStatusStateMessage with error 0x80070002. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Failed to load previous values of Differentiation criteria ATPHealthStatusStateMessage with error 0x80070002. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Failed to load criteria before processing input. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC) Sent 0 state messages successfully and skipped 0 input entries. ExternalEventAgent 3/6/2023 8:38:00 PM 5292 (0x14AC)
I have a lot of this clients having CM Agent running, SCEP installed but the columns Endpoint Protection Definition Last version and Endpoint Protection Engine Version in the console remain blank....
2023-03-06_17-20-46 SCEP Missing registry.pdf
Thanks,
Dom
Hello,
Could not open the registry key SOFTWARE\Microsoft\CCM\ExternalEventAgent\Criterias\Differentiation\ATPHealthStatusStateMessage\SyncStatus with error 0x80070002.
I do not see this registry on the client!!!
2023-03-06_17-20-46 SCEP Missing registry.pdf
Any idea,
Thanks,
Dom
1, For screenshot 2023-03-06_9-43-07 VIDDEWEb01 - SCEP.pdf, the client icon is show as gray X. Is this normal in your environment? By default, the gray X is mean that the device is offline.
2, What is the client OS version you are using? The log error you mentioned may appear on clients of Windows 10 and later OS versions. These are common errors. Please help upload the full logs for our reference.
3, Please refer to the following article to check whether your SCEP deployment is successful.
Install Endpoint Protection Role In SCCM - An Easy Guide (prajwaldesai.com)
Note: Microsoft provides third-party contact information to help you understand the problem. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Looking forward to your feedback.
Best regards,
Cherry
1, We have several clients with gray X but they are online as I was accessing them locally. It is often a communication issue time to tiem.
2, I checked several servers Windows Server 2016 and Windows Server 2019.
3, Checking :
Install Endpoint Protection Role In SCCM - An Easy Guide (prajwaldesai.com)
Client Settings are deployed to 1200 servers and only 100 are the missing information...
Antimalware Policy are deployed to all of them I confirmed by checking the registries HKLM > SOFTWARE > Policies > Microsoft > Microsoft Antimalware ...
I noticed that the one failing so far are missing another registry, this registry does not exist ...
SOFTWARE\Microsoft\CCM*ExternalEventAgent*
Any idea,
Thanks,
Dom