SCCM 2012 Client Deployment – SCEP Installation Craziness

I just finished an SCCM 2012 deployment and began upgrading all of the systems from the 2007 client to the new SCCM 2012 client.

First batch of 30 or so went fine.  Then, all of a sudden, a good sized handful (about 40 servers) failed to install SCEP.

Basically, no errors.  The only thing I saw was an entry in the \\<machinename>\admin$\ccm\logs\EndpointProtectionAgent.log was the following message:

“Unable to query registry key (SOFTWARE\Microsoft\Microsoft Security Client), return (0x80070002) means EP client is NOT installed.”

The closest I came to seeing an example of my issue was explained here:

http://social.technet.microsoft.com/Forums/en-US/configmanagersecurity/thread/872a5efc-8544-449a-8eda-777d606ac07b/

So, why not try that? It didn’t exactly fit my problem. In my case, the systems were both 2003 R2 and 2008 R2. So, I gave it a try. Won’t hurt.

Unfortunately, it didn’t work.

I’ve had stranger things happen, so I got to thinking, why not create the key and see what happens. Here’s what I did:

  • Uninstalled SCCM “ccmsetup.exe /uninstall”
  • Create the key “HKLM\Software\Microsoft\Microsoft Security Client”
  • Reinstall the SCCM client from the console

\
VOILA! The SCEP client installs just fine.

I’ve tried just creating the key and re-installing the agent, but that doesn’t seem to work.

Just as an FYI, I originally wrote this post on the 01/07/2013. The next day, I added a package, no files, with the command line:
reg add "HKLM\SOFTWARE\Microsoft\Microsoft Security Client"

I deployed that to a direct membership collection.

Within just a few minutes, the SCEP client installed on it’s own. So, I found it wasn’t necessary to uninstall the SCCM client.

Try either method. See what works. We noticed this does not always work on Windows 7 workstations.

Advertisements

One Response to SCCM 2012 Client Deployment – SCEP Installation Craziness

  1. Mark says:

    I was really hoping this would work for me. EndpointProtectionAgent.Log doesn’t even exist after I installed the SCCM client. It’s a shame this product is so buggy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: