This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am noticing that SMS agent host is getting disabled after a successful 20H2 OS upgrade. I am using an IPU with TS variable OSDSetupAdditionalUpgradeOptions to add /reflectdrivers to allow the automatic deployment to work with Symantec Encryption Desktop 10.4.2. MP5.
Also, after the OS upgrade completes, the provision mode is being left as TRUE which is also causing issues. The device doesn't check back in with MP and the TS never completes. This obviously affects are deployment compliance.
So far the workaround has been enabling the SMS agent host service, changing the provision mode to FALSE and doing a remediation of the Configmgr agent. Any idea why is this happening? Details on infrastructure -
CB 2010
Co-Managed with Defender policies applying from Intune.
Join type - Hybrid
One thing I have noticed is that if we decrypt the disks before the OS upgrade, then everything works. PGP team are refusing to support citing reasons that they only support manual installs and not mass scale installs through a 3rd party tool.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 24%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
@Rahul Jindal [MVP]
Thanks for your sharing on this forum.
One thing I have noticed is that if we decrypt the disks before the OS upgrade, then everything works.
It seems that the issue is related with the encryption. According to your introduction above, the case involves tripartite tool. But forum has limited resource to help to test. It is suggested to submit a service request to MS Professional tech support service so that a dedicated Support Professional can further assist with this request.
Here is a link for your reference:
https://support.microsoft.com/en-us/help/13948/global-customer-service-phone-numbers
Thanks for your time and have a great day.
Regards,
Rita
Hi
I have the same issues and i do not have any disk decrypt \disk encryption or any bit locker .
hope you will post how you fix it .
Elad
The case with Broadcom has resulted in nothing really. I am still investigating, but I have implemented a remediation script using Intune for the time being.
I have a case opened with Broadcom, but wanted to cover this issue from all possible angles.