Configuration Manager Distribution Point in trusted forest

Bojan Zivkovic 486 Reputation points
2024-12-08T20:19:04.7133333+00:00

For security reasons, I might have to implement 2-way forest trust with selective authentication between management forest hosting Configuration Manager primary site and managed forest. I have installed Distribution Point in managed forest and assigned that site system to Boundary Group containing IP Range Boundary of managed forest servers. Now I see issues with Defender AV definition updates compliance status on all servers in managed forest with error:

GetUpdateInfo - failed to get targeted update, error = 0x87d00215. UpdatesDeploymentAgent 12/8/2024 1:04:54 PM 2144 (0x0860)

Am I missing something here? Having assigned Distribution Point in management forest to Boundary Group containing IP Range Boundary of managed forest servers, Defender AV definition updates have been successfully installed.

NOTE: Defender Definition AV Updates package has been distributed successfully to Distribution Point in managed forest prior to assigning that site system to Boundary Group mentioned above.

Microsoft Configuration Manager
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Simon Ren-MSFT 37,401 Reputation points Microsoft Vendor
    2024-12-09T02:46:18.99+00:00

    Hi,

    Hope everything is going well.

    From your description, I know the issue you encounter is that the AV definition updates have been successfully installed managed forest servers, but the compliance status on these servers is shown with error 0x87d00215. Seems like that the updates appear to be installed but not reporting back to Configuration Manager correctly. If I have misunderstood anything, feel free to let me know.

    1,The error 0x87d00215 is a general error that means "Item not found". Please kindly help check the WindowsUpdate.log and UpdatesDeployment.log on the target devices for any errors related to the update installation.

    2,What version of SCCM and Windows OS are you using? Does this issue also happen on the main Configuration Manager primary site?

    Hope it helps. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.