Yes I now understand that is how it is supposed to work, here is a good writeup (it is not totally obvious in the CU1 KB-article though ;)
http://blogs.technet.com/b/configmgr _geek_speak/archive/2013/09/09/using-configuration-manager-automatic-client-upgrade-to-upgrade-to-the-latest-system-center-endpoint-protection-client. aspx But I have this Active and still the clients don't seem to get the scepupdate part. On my clients there is no scheduled task as described in the article above. Have that behavior changed in R2? If i go to a client manually and delete the ccmsetup.cab under c:\windows\ccmsetup and then trigger the ccmeval scheduled task the client understands that there is a new scepinstall.exe file to download, but otherwise it just uses the local (old) version. Have I missed something or have I not waited long enough? I have updated the configmanager Client packages, but not the hidden update package since that is not available in the GUI it feels like that should not be needed? Regards Mattias Benninge http://myitforum.com/myitforumwp/author/matbe/ On Sat, Apr 5, 2014 at 8:22 PM, Jason Sandys <[email protected]> wrote: > Yes. The key point here is that the ConfigMgr client agent and the SCEP > agent are truly two different agents that have nothing in common. ccmsetup > and client.msi in no way install SCEP; Ccmsetup will copy scepinstall.exe > to the client system, but it never installs it. This goes for the CU1 > update as well - the MSP has nothing to do with SCEP itself. > Scepinstall.exe is only invoked by the actual client agent because of > machine policies as dictated by your client agent settings. You can update > an existing scep installation using the KB published in the WSUS catalog > (and thus also available in ConfigMgr software updates) or by enabling the > auto-agent upgrade feature in ConfigMgr (which of course doesn't upgrade > the ConfigMgr client agent, just the SCEP agent). > > > > J > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Mattias Benninge > *Sent:* Saturday, April 5, 2014 12:43 PM > *To:* [email protected]; [email protected] > *Subject:* [MDT-OSD] SCCM 2012 R2 CU1 SCEP update important information. > > > > Hi, > > > > Just installed CU1 patch on our SCCM 2012 R2 Environment and noticed that > the antimalware update discussed here is not part of the msp client patch: > > > > > http://blogs.technet.com/b/configmgrteam/archive/2014/03/27/anti-malware-platform-updates-for-endpoint-protection-will-be-released-to-mu.aspx > > > > This update gets replaced directly in the sccm client folder. Comparing > the original and cu1 updated one you notice that both ccmsetup.cab and > scepinstall.exe gets updated. This might not be an issue for some of you, > but if you have copied your installation files somewhere else to use them > with a startupscript or something else you will have to updates those files > manually or otherwise the scep client wont be updated as expected. > > > > If you dont update these files and use the "PATCH" property when > installing new clients only the SCCM client will be updated to the new > version but the scep client wont. Even rerunning the msp patch after the > scep client have been installed won't update the SCEP client. > > > > Hope this helps someone! > > > Regards > > Mattias Benninge > > http://myitforum.com/myitforumwp/author/matbe/ > > > >
