Almost all of the machines in my company are running into this issue where they will install the latest definition, you can see that it is installed, but then minutes later it will try to install again and fails. In the WUAHandler log it never shows the definition update installing successfully it gives the error "Installation job encountered some failures. Error = 0x80240022"
. In the event viewer I can see Event 1150(or 2000, like in the screenshot) and it says the client is up and running in a healthy state with the correct platform, engine, and latest definition update(or that the latest signature has installed, like in event 2000)
then minutes later I will see event 20 that says "Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Endpoint Protection - " with the version it failed to install, the very same version that event 1150(or 2000) told me is currently installed
.
Looking at the deployment under monitoring I can see that almost all of the machines the ADR is pushing this definition to are failing, most with the error 0x80070643(fatal error) or 0x87D00668(Software update is still detected as actionable after apply). From what I can see the actual definitions are installing, they are just not being detected properly on almost all of my machines, where as some machines are installing it and showing as compliant(though it is very few). I have stopped the WUAUSERV service on a pc, renamed the softwaredistribution folder and started the WUAUSERV service. I have uninstalled SCEP and the client and then reinstalled the client and SCEP and the issue still persists.
This issue seemingly started out of nowhere, we had an Automatic Deployment Rule that had been set up for a long time before this issue started. I have deleted and recreated the ADR, waited a day before enabling the rule and saw the issue start right away.
Please let me know if you need any other info, and thank you everyone in advance for taking time to read this.
. In the event viewer I can see Event 1150(or 2000, like in the screenshot) and it says the client is up and running in a healthy state with the correct platform, engine, and latest definition update(or that the latest signature has installed, like in event 2000) then minutes later I will see event 20 that says "Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Endpoint Protection - " with the version it failed to install, the very same version that event 1150(or 2000) told me is currently installed .Looking at the deployment under monitoring I can see that almost all of the machines the ADR is pushing this definition to are failing, most with the error 0x80070643(fatal error) or 0x87D00668(Software update is still detected as actionable after apply). From what I can see the actual definitions are installing, they are just not being detected properly on almost all of my machines, where as some machines are installing it and showing as compliant(though it is very few). I have stopped the WUAUSERV service on a pc, renamed the softwaredistribution folder and started the WUAUSERV service. I have uninstalled SCEP and the client and then reinstalled the client and SCEP and the issue still persists.
This issue seemingly started out of nowhere, we had an Automatic Deployment Rule that had been set up for a long time before this issue started. I have deleted and recreated the ADR, waited a day before enabling the rule and saw the issue start right away.
Please let me know if you need any other info, and thank you everyone in advance for taking time to read this.
