Clicking the Update button in the System Center 2012 Endpoint Protection client user interface fails with error 0x8024402c

Article ID: 2831244 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Consider the following scenario:

  • The System Center Configuration Manager Administrator manages all updates in the environment.
  • Users have no access to the Windows Update website.
  • The Configuration Manager Software Update Point is configured and synchronizing.
  • The Automatic Deployment Rule for Definition Updates is configured and appears to deliver updates nightly with no problem.

In this scenario, when a new client is deployed and the local Administrator clicks the Update button in the System Center 2012 Endpoint Protection client user interface (SCEP UI), the search for updates eventually times out and the following error is displayed:

0x8024402c – System Center Endpoint Protection couldn’t install the definition updates because the proxy server or target server names can’t be resolved

Analysis of the C:\Windows\WindowsUpdate.log file also indicates that the SCEP client is attempting to access the Microsoft Update Website.

Cause

The Updates Distributed from Configuration Manager source setting is not like any of the other definition update source settings in SCEP policies. You cannot pull definitions from this source by clicking Update in the SCEP UI.

Resolution

To work around this issue, set up another Definition Update source such as WSUS to fall back to when a client attempts to manually update definitions via the SCEP UI. Alternatively, you can hide the SCEP UI from the end user so they cannot click Update in the client UI using the Disable the client user interface policy setting introduced in System Center 2012 Configuration Manager SP1. The Disable the client user interface option is located in the Advanced area of the Antimalware policy setting in the Configuration Manager administration console.

More Information

When you click Update in the SCEP UI, the client looks for a FallbackOrder registry key in HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates. The client will check each update source in the FallbackOrder registry key in the order that they are listed until it locates a source that has available definitions. If it goes through all sources without detecting available definitions, it returns an error and the update attempt is unsuccessful. Configuration Manager is never listed in the FallbackOrder registry key, as the SCEP client does not recognize a Configuration Manger Software Update Point agent (and associated infrastructure) as a valid definition source and cannot pull definitions from Configuration Manager. FallbackOrder sources can include InternalDefinitionUpdateServer (WSUS), MicrosoftUpdateServer (Microsoft Update Website), FileShares (One or more UNC file shares whose location is determined by policy), and MMPC (Microsoft Malware Protection Center alternate download location).

Configuration Manager definition updates are handled entirely by the CCM client Software Updates Agent and are downloaded and installed by the CCM software update agent. The schedule for these updates is determined when configuring the deployment rule during server side setup. See http://technet.microsoft.com/en-us/library/jj822983.aspx for more information.

When you select Updates Distributed from Configuration Manager in your SCEP policy, it does not modify the FallbackOrder registry key. Instead, this update source option sets the AuGracePeriod registry key in HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates. This registry setting suppresses the SCEP client from attempting to automatically pull definitions from sources defined in the FallbackOrder key for a set length of time determined by SCEP policy which is 72 hours by default, or 4320 minutes. This is designed to give the CCM client Software Update process sufficient time to complete the definition update process independently of the SCEP client.

If Updates Distributed from Configuration Manager is the only update source defined in your policy, then the FallbackOrder registry key will be blank. In this case, clicking Update in the SCEP UI will cause the client to revert to behavior similar to Microsoft Security Essentials and the client will attempt to update from the Microsoft Update website.

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2831244 - Last Review: April 3, 2013 - Revision: 1.0
Applies to
  • Microsoft System Center 2012 Endpoint Protection Service Pack 1
  • Microsoft System Center 2012 Endpoint Protection
  • Microsoft System Center 2012 Configuration Manager
  • Microsoft System Center 2012 Configuration Manager Service Pack 1
Keywords: 
KB2831244

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com