Tuesday, June 3, 2014

Reboot needed after automatic update of Endpoint Protection

Yesterday I did some troubleshooting on Endpoint Protection (SCEP). This because SCEP was out-of-date (more then 30 days) on multiple servers. ConfigMgr has downloaded updates by Automatic Deployment Rule (ADR), but no updates were installed. No monitoring messages were seen on the SCEP dashboard, so strange issue indeed. Nothing to see in the different logfiles either..
  • C:\Windows\WindowsUpdate.log
  • C:\Windows\CCM\Logs\UpdatesDeployment.log
  • C:\Windows\CCM\Logs\UpdatesHandler.log
  • C:\Windows\CCM\Logs\UpdatesStore.log
  • C:\Windows\CCM\Logs\WUAHandler.log

Long story short, there was an "Update for System Center Endpoint Protection 2012 Client" installed last month, and because a reboot was suppressed in ADR, definition updates couldn't be installed anymore. After reboot of servers everything was working fine again. Pity that this couldn't be seen on the SCEP dashboard!

Note: Doing a repair on the ConfigMgr client (Console Extensions) did the trick also, so no need to reboot every server.

Source: Microsoft TechNet


  1. Watch out for this issue again today (Feb 10th) the 4.7 client update does the same thing.