Unable to update to SCCM 2012 R2 SCEP client

In this case I was upgrading SCCM 2012 SP1 infrastructure to SCCM 2012 R2, and one of my tasks was to upgrade SCCM client to SCCM 2012 R2 version 5.00.7958.1000. During SCCM 2012 R2 client upgrade procedure, SCEP client upgrading is part of the upgrading process to version 4.3.220.0. SCCM 2012 R2 client together with SCEP client were upgrading without any issues on most of the clients, but there were some clients where SCCM client was successfully upgraded to R2 version, but SCEP client was still with old version. SCCM 2012 R2 console for those clients was reporting the following information:

Deployment State: Failed 
Deployment Return Code: 0x80004005 
Deployment Description: Failed to trigger EP Installer to install.

On Client Side EndpointProtectionAgent.log was having following info:
![LOG[Failed to load xml from string <?xml version="1.0"?><SecurityPolicy xmlns="http://forefront.microsoft.com/FEP/2010/01/PolicyData" .........(truncated) > 
<![LOG[Failed to generate AM policy settings for SCEP installation with error code 0x80004005]LOG]!>

The reason for this behavior was that the Antimalware Policy assigned to client was having the ampersand "&" sign. After removing the "&" from the Antimalware policy, the SCEP client was successfully upgraded to version 4.3.220.0.

1 comment:

How to check EMBG (Unique Master Citizen Number) using regex

In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo...