Understanding FEP 2010 Deployment Status Collections
Starting from this month, you can either install FEP platform updates through Microsoft Update or standalone FEP hotfix. https://blogs.technet.com/b/configmgrteam/archive/2014/03/27/anti-malware-platform-updates-for-endpoint-protection-will-be-released-to-mu.aspx. The latest FEP platform updates on MU is of version 4.5.0215.0. The latest standalone FEP hotfix is also of version 4.5.0.215.0: https://support.microsoft.com/kb/2952678.
You can validating the FEP deployment using dashboard: https://technet.microsoft.com/en-us/library/ff823784.aspx. You might already know that the deployment dashboard is actually a representation
of the deployment status collections. The number of each category in the deployment dashboard is the count of the corresponding FEP deployment status collections. So if you feel that the dashboard is not as expected, you should check the collections.
This article will explain what each FEP 2010 Deployment status collection is and what the criteria for each collections is.
There are total 6 deployment status collections:
Deployment Succeeded: This collection will show all systems that have the latest FEP client agent installed.
Out of Date: This collection will show all systems that have an out-of-date FEP client installed
Not Target: This collection will show all systems that don’t have FEP client installed and is not targeted by the deployment advertisement.
Locally Removed: This collection will show all systems that whose FEP client agent is removed locally (either by a user with local administrator permission or by another software, eg: malware).
Deployment Pending: This collection will show all systems that are targeted by the deployment advertisement, but not yet started installing. This could be because the system is offline.
Deployment Failed: This collection will show all systems that the FEP deployment advertisement is failed.
Collection Name |
Criteria |
Deployment Succeeded |
ClientDeployed = 1 |
Out of Date |
ClientOutDated = 1 & (LastOperationInstall = 0 || Last State = 13) |
Not Target |
ClientDeployed = 0 and ClientOutdated = 0 and LastOperationIsInstall = 0 |
Locally Removed |
ClientDeployed = 0 and ClientOutdated = 0 and LastOperationIsInstall = 1 and LastState = 13 |
Deployment Pending |
ClientDeployed = 0 and LastOperationIsInstall = 1 and LastState not in (4,7,11,13) |
Deployment Failed |
ClientDeployed = 0 and LastOperationIsInstall = 1 and LastState in (4,7,11,13) |
Note:
ClientDeployed & ClientOutDated information is get from v_Add_Removed_Programs. This view is populated by the hardware inventory data.
It will look for record whose DsiplayName00 = ‘Microsoft Forefront Endpoint Protection 2010 Server Management’.
If the record exists and version is >= expected version, then ClientDeployed = 1 else 0
If the record exists and version is < expected version, then ClientOutDated =1 else 0
If the program is not found, then it’s null, both are set to 0 (as in the Locally Removed scenario)
LastOperationIsInstall & LastState information is get from v_ClientAdvertisementStatus
LastOperationIsInstall: check whether the last program from the FEP – Deployment packages that run on the client is the “Install” program.
LastState: check the last return code for the FEP deployment program: match by Package MIFName = “FEP – Deployment”.
If you install standalone FEP hotfix, it will update the expected version in the collections query and the FEP installation bits on the server. So whenever a new CCM client comes, it will install the new FEP client.
If you depend on MU to install FEP platform update, then the expected version on FEP server will not be changed. And whenever a new CCM client comes, it will still install the old FEP client and wait for SUM to
install the new FEP platform update.
So now back to the real problem:
What you would expect, when you deploy FEP client update through hotfix?
After site server install the hotfix and before the client re-run the advertisement to update FEP agent: ClientDeployed = 0; ClientOutDated = 1;
Depending on the last advertisement run status, it could be in any of the following catalogs:
Out of Date
Deployment Pending – I’d expect most will fall into this catalog
Deployment Failed
What you would expect, when you deploy FEP client update through MU:
If you install the update through MU and not install the FEP hotfix on site server, so that the expected version will not change, then a client has been in the Deployment Succeded collection before, it should be
still there;
If a client is in other collections, then it should be moved into the Deployment Succeeded collection after the latest hardware inventory information is sent back to server.