Share via


CM12 Endpoint protection agent cannot be installed on the clients

Some times, you may fall into the following situation on your ConfMgr2012 environment:

You are trying to install the Endpoint Protection agent on a collection of clients, but .... nothing happens.
If you check the logs you may see the following lines:

EndpointProtectionAgent.log

Service startup notification received EndpointProtectionAgent        
Endpoint is triggered by CCMTask Execute. EndpointProtectionAgent       
Deployment WMI is NOT ready. EndpointProtectionAgent
Endpoint is triggered by WMI notification. EndpointProtectionAgent        
Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent
Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent
EP State and Error Code didn't get changed, skip resend state message. EndpointProtectionAgent
Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent
Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent
State 1, error code 0 and detail message are not changed, skip updating registry value EndpointProtectionAgent
Endpoint is triggered by WMI notification. EndpointProtectionAgent        File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0. EndpointProtectionAgent
Unable to query registry key (SOFTWARE\Microsoft\Microsoft Security Client), return (0x80070002) means EP client is NOT installed. EndpointProtectionAgent
Generate AM Policy XML while EP is disabled. EndpointProtectionAgent
start to send State Message with topic type = 2001, state id = 2, and error code =0x00000000 EndpointProtectionAgent
Skip sending state message due to same state message already exists. EndpointProtectionAgent
Endpoint is triggered by message. EndpointProtectionAgent
File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0. EndpointProtectionAgent
Unable to query registry key (SOFTWARE\Microsoft\Microsoft Security Client), return (0x80070002) means EP client is NOT installed. EndpointProtectionAgent
Check and enforce EP Deployment state. EndpointProtectionAgent
FW Provider is NOT installed yet. EndpointProtectionAgent        

Rebootcoordinator.log
User S-1###-### is getting pending reboot information... RebootCoordinator       

From the above, it seems that this “could” be just a long delay in the installation process or need for a reboot!
By that said, you need to try to reboot some of those machines and monitor them for some time. Then see if the issue remains..

 ………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..

If that is not successful, please check first, if the below prerequisites are met (to uninstall an older version first):

When you configure the Endpoint Protection client setting Automatically remove previously installed antimalware software before Endpoint Protection is installed, Symantec Antivirus Corporate Edition version 10 and Symantec Endpoint Protection version 11 are not automatically uninstalled on 64-bit computers.

WORKAROUND: Manually uninstall these products. Or, install System Center 2012 Configuration Manager SP1.

From <https://technet.microsoft.com/en-us/library/hh691020.aspx>

If the Endpoint Protection client is already installed, selecting False or No will not uninstall the Endpoint Protection client. To uninstall the Endpoint Protection client, set
the Manage Endpoint Protection client on client computers client setting to False or No, and then deploy a package and program to uninstall the Endpoint Protection client.

From https://technet.microsoft.com/en-us/library/gg682067.aspx

………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..

 If also the prerequisites are met (so, no previously installed EP client / or, if existed > at first, uninstall), then you will need to follow the below troubleshooting steps:

1. Create a new customized client setting > Disable “manage Endpoint Protection on the client computers” in this client setting.

2. Create a collection to list those affected clients.

3. Deploy the client settings to this customized collection.

4. After 2 hours, ensure all the client get this machine policy (you may manually trigger the “machine policy retrieval and evaluation cycle” on the CM client). They should
report the state message to CM server.

5. Change the customized client setting to Enable “manage endpoint protection on the client computers”.

6. After another 2 hours, the client can get the policy and upload the correct state to the CM server.

Or even these steps:

Step 1: Remove any existing security programs

1. Completely uninstall any existing Internet security programs by following the steps in the topic: How do I uninstall existing antivirus or antispyware programs?

2. Restart your computer.

3. Install Endpoint Protection again. If this does not resolve the issue, continue to the next step.

Step 2: Ensure that the Windows Installer service is running

1. In Windows XP, click Start, click Run, type services.msc, and then press Enter.

–or–

In Windows Vista, click Start. In the Start Search box, type services.msc, and then press Enter.

–or–

In Windows 7, click Start. In the Search programs and files box, type services.msc, and then press Enter.

2. Right-click Windows Installer, and then click Start. If Start is unavailable and the Stop and Restart options are available, this tells you that the service is already started.

3. On the Services page, on the File menu, click Exit.

4. In Windows XP, click Start, click Run, type cmd, and then press Enter.

–or–

In Windows Vista, click Start. In the Start Search box, type command prompt. Right-click Command Prompt, and then click Run as administrator.

–or–

In Windows 7, click Start. In the Search programs and files box, type command prompt. Right-click Command Prompt, and then click Run as administrator.

5. Type MSIEXEC /REGSERVER, and then press Enter.

Note: There is no indication that this command has succeeded or failed.

 

6. Install Endpoint Protection again. If this does not resolve the issue, continue to the next step.

Step 3: If your computer is running Windows XP SP2, verify that it has the required prerequisites

1. If you are running Windows XP and Windows Installer 3.1 is not installed on your computer, download and install Windows Installer 3.1 from Windows
Installer 3.1 v2 (3.1.4000.2435) is available
(https://go.microsoft.com/fwlink/?LinkId=110600).

2. Download and install the required hotfix for client computers running Windows XP SP2:

1. Go to Forefront Client Security Filter Manager QFE for Windows XP/SP2 (https://www.microsoft.com/downloads/details.aspx?FamilyID=B18A6BA9-AF43-4B0A-BABD-1E60A2D5E08A&amp;amp;amp;displaylang=en&displaylang=en).

2. On the Web page, click the link for the download package that is the same language as the version of Windows XP running on the client computer.

3. Follow the instructions to download and install the hotfix package.

4. Restart your computer.

5. Install Endpoint Protection. If this does not resolve the issue, continue to the next step.

Step 4: Start Windows in Selective Startup mode

1. In Windows XP, click Start, click Run, type msconfig, and then press Enter.

–or–

In Windows Vista, click Start. In the Start Search box, type msconfig, and then press Enter.

–or–

In Windows 7, click Start. In the Search programs and files box, type msconfig, and then press Enter.

2. On the General tab, click Selective Startup, and then clear the Load Startup Items check box.

3. On the Services tab, select the Hide All Microsoft Services check box, and then clear all the check boxes for the services that remain in the list.

4. Click OK, and then click Restart to restart the computer.

5. Try to install Endpoint Protection again.

From <https://technet.microsoft.com/en-us/library/ff823833.aspx>