SCEP role fails to install after Server OS upgrade

Pavel yannara Mirochnitchenko 12,411 Reputation points MVP

We did Server 2012 R2 upgrade to Server 2019 few weeks ago and now I noticed that the Endpoint Protection role in CM keeps attempting to re-install itself. We do distribute Defender AV client update definitions via CM, so that's we need it. I already ensured, that Defender AV is running in Server 2019.


Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,007 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jason Sandys 31,186 Reputation points Microsoft Employee

    My guess here is that the scepinstall.exe is failing because it's already installed on the system. Checking EndpointProtectionAgent.log may give you more info.

    For reference, my lab has the role running on Server 2019 and did not have any issue installing.

    Also, for future log posting, please post the actual text -- it is a text log file after all. Images can be difficult to read and can't be searched or copied from.

    0 comments No comments

  2. Pavel yannara Mirochnitchenko 12,411 Reputation points MVP

    The problem is there, that seeing from Site Status messaging, the site tries to re-install the role every hour....