SOLVED

Cannot configure Endpoint Protection Alert thresholds in collections

Copper Contributor

Hi all - here's a weird issue I'm having.  Having very little luck with finding the issue online as well.

 

So I set up a new instance of SCCM Current Version 1810.  Zero issues installing.  I also set up a secondary site.  (I have 1 primary, 1 secondary site).  Most of the Roles are installed on the Primary machine, including the Endpoint Protection point.  I went through and set up the email notifications for the primary and successfully tested the settings.  I set up the Anti-malware policies for our workstations and servers and pushed them to their collections.  I confirmed that the machines are receiving the policies.   Now for the issue I have:

 

When browsing to the Device Collections within Assets and Compliance, selecting "All Windows Workstations" > properties > Alerts.  The "View this collection in the Endpoint Protection Dashboard" is checked.  HOWEVER the "ADD" button under the Configure the alert thresholds section is greyed out and has nothing listed in the conditions section.  I have tried a completely different collection, one that I manually created, and the "add" button is still greyed out.  I have attempted removing and re-adding the Endpoint Protection point role from the primary server.  I have tried rebooting the Primary and secondary machines associated with the deployment (because i read somewhere that this could be due to a pending upgrade/reboot), same issue.

 

I feel like this is a simple issue and something that I may have overlooked, but I've checked everywhere and now I'm at a loss.  Any help would be greatly appreciated! Can the community save my sanity?  Thanks in advance!!!

 

(Screenshot attached).

 

-Robert

13 Replies

To add...  Logs from EPSetup.log had no issues.  From the reinstall:

 

<02/14/19 10:44:24> SMSEP Setup Started....
<02/14/19 10:44:24> Parameters: C:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /install /siteserver:ORWMGTCCM320 SMSEP 0
<02/14/19 10:44:24> Installing Pre Reqs for SMSEP
<02/14/19 10:44:24> ======== Installing Pre Reqs for Role SMSEP ========
<02/14/19 10:44:24> Found 1 Pre Reqs for Role SMSEP
<02/14/19 10:44:24> Pre Req SqlNativeClient found.
<02/14/19 10:44:24> SqlNativeClient is already installed (Product Code: {49D665A2-4C2A-476E-9AB8-FCC425F526FC}). But to support TLS1.2, a newe version with Product Code: {B9274744-8BAE-4874-8E59-2610919CD419} needs to be manually installed
<02/14/19 10:44:24> Pre Req SqlNativeClient is already installed. Skipping it.
<02/14/19 10:44:24> ======== Completed Installation of Pre Reqs for Role SMSEP ========
<02/14/19 10:44:24> Installing the SMSEP
<02/14/19 10:44:24> Passed OS version check.
<02/14/19 10:44:24> File C:\Program Files\Microsoft Configuration Manager\Client\SCEPInstall.exe version is 4.7.214.0.
<02/14/19 10:44:24> EP version 4.7.214.0 is already installed.
<02/14/19 10:44:24> Expected Version 4.7.214.0 is exactly same with installed version 4.7.214.0.
<02/14/19 10:44:24> Common Client is already installed
<02/14/19 10:44:24> ~RoleSetup().

@RobMFVila 

We have exactly the same issue, did you find a fix?

Thanks

 

@dude1882 

 

Still have not found a solution :(  I'm to the point of just reinstalling everything, but I've already put in so much time configuring this site.  I am torn.  Please let me know if you find something!

@RobMFVila 

Incidently, I removed the role last night and rebooted.

Without the role installed, the options are now there:?

 

Updates.PNG

@dude1882 

 

That's very interesting....I tried doing the same thing and it did not work for me when it was uninstalled.  Did yours stop working again when you re-installed the role?

 

It's frustrating as everything else works perfectly.  Thanks for sharing your experience.

-Robert

best response confirmed by RobMFVila (Copper Contributor)
Solution

@dude1882@RobMFVila

@RobMFVila 

 

As an FYI, I fixed this issue, but I had to uninstall and reinstall the entire SCCM instance.  But YAY! its working!  If you do go this route, do as I did and export all your Device/User/Antimalware/Application Collections before uninstalling.  It will speed up the reinstall to get you back in action.

 

Wish I had a real fix, but it is what it is!

Was your secondary site the same version as your primary?

Where we had been upgrading the primary site we hadn't done the secondary, so we also did that the day before it started working...

@dude1882 

 

Our secondary was the same version.  I had gone through and updated our SCCM primary & secondary to the latest and greatest, with all the hotfixes, to hopefully fix whatever was wrong with the Malware piece.  After upgrading, it was still broken.  So I bit the bullet and just did the reinstall.

 

When performing the upgrades to your Primary, it *should* have gone and updated the secondary site itself, as that is a part of the upgrade process, and would have given an upgrade error if it did not upgrade your Secondary site.  

HI, can you tell me what's your site version when you came across this problem@RobMFVila 

@v-xueyzh 

Hello, 

My version with the issue was Current Branch, version 1810.

Thank you RobMFVila!   Can you tell me what your client version is? You can go to Assets and Compliance\Device and collections\All Desktop and Server Clients, add a column named 'client version', then you will see it@RobMFVila 

@v-xueyzh 

 

My apologies!  The client version is 5.00.8740.1012

1 best response

Accepted Solutions
best response confirmed by RobMFVila (Copper Contributor)
Solution

@dude1882@RobMFVila

@RobMFVila 

 

As an FYI, I fixed this issue, but I had to uninstall and reinstall the entire SCCM instance.  But YAY! its working!  If you do go this route, do as I did and export all your Device/User/Antimalware/Application Collections before uninstalling.  It will speed up the reinstall to get you back in action.

 

Wish I had a real fix, but it is what it is!

View solution in original post