FredBainbridge

Endpoint Protection Installation Failing during OSD after 2012 R2 CU4

After updating to ConfigMgr 2012 R2 CU4 I ran into some issues with task sequences that were deploying System Center Endpoint Protection (SCEP). The nis_full.exe (Network Inspection Service definition updates) were not installing and failing with a vague error in the event viewer.

SCEP_Error

Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Update Stage: Install
Source Path:
Signature Type: Network Inspection System
Update Type: Full
User: ******
Current Engine Version:
Previous Engine Version:
Error code: 0x80004005
Error description: Unspecified error

First things first – read these three articles for background information if you are curious about how to get started with SCEP installation during OSD Task Sequences. They outline the exact process pretty well.

  1. http://www.chrisnackers.com/2012/10/18/configuration-manager-2012-installing-endpoint-protection-during-a-task-sequence/
  2. http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx
  3. https://www.microsoft.com/security/portal/definitions/adl.aspx

The Chris Nackers (2) article is a great outline of how to create the SCEP packages in ConfigMgr and have them automatically update via a scheduled task. Great stuff.

The problem in my case is that I was trying to install an outdated NIS_Full.exe. The script that article 1 and 2 reference needs to be updated to download a different source for x86/x64 nis_full.exe. See article three at the bottom for the reasoning why. With the newest SCEP engine you need a newer NIS_Full.exe to run. The first few lines of the ep_definitions.vbs script need to be updated to reflect the change. Remember – this is only for if you are running SCEP engine 4.1.522.0 or higher. Which you should be by this point.

The newest NIS definitions can be found below. These are different URL than the legacy definitions.
http://definitionupdates.microsoft.com/download/DefinitionUpdates/NRI/x86/nis_full.exe
http://definitionupdates.microsoft.com/download/DefinitionUpdates/NRI/amd64/nis_full.exe

The first 8 lines of the ep_definitions.vbs should look similar to this. Your location strings should be different.

strMSEx86URL = "http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86"   
strMSEx86Location = "D:\Apps\Microsoft\EP_Definitions\Updates\x86\mpam-fe.exe"   
strNISX86URL = "http://definitionupdates.microsoft.com/download/DefinitionUpdates/NRI/x86/nis_full.exe"   
strNISX86Location = "D:\Apps\Microsoft\EP_Definitions\Updates\x86\nis_full.exe"   
strMSEx64URL = "http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64"   
strMSEx64Location = "D:\Apps\Microsoft\EP_Definitions\Updates\x64\mpam-fe.exe"   
strNISX64URL = "http://definitionupdates.microsoft.com/download/DefinitionUpdates/NRI/amd64/nis_full.exe"   
strNISX64Location = "D:\Apps\Microsoft\EP_Definitions\Updates\x64\nis_full.exe"

An updated ep_definitions.vbs script can be found here:
ep_definitions


Share