Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, October 23, 2013 1:45 PM
Since a couple of weeks a lot of clients aren't updating the scep policies. The log EndpointProtectionAgent.log says:
Create Process Command line: "c:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".
Failed to apply the policy C:\Windows\CCM\EPAMPolicy.xml with error (0x80004005).
Save new policy state 2 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState
State 2 and ErrorCode -2147467259 and ErrorMsg Failed to save the local machine Group Policy and PolicyName Antimalware Policy and GroupResolveResultHash 66710FA7810907856F6BE09F07F878807D075CEE is NOT changed.
I've search the internet and found 1 site with the same problem: http://www.mbaeker.de/author/markus/page/3/
The fix doesn't work for me. The Registry.pol file is re-created but the errors still remain.
Is there an easy way to fix this?
All replies (9)
Thursday, January 23, 2014 7:58 AM âś…Answered | 2 votes
MS support helped me fixing this issue. The cause of the problem was a corrupt gpt.ini in c:\windows\system32\grouppolicy
After replacing the file with one that wasn't corrupt from another machine, the problem was gone! All scep policies are now applied fine!
Wednesday, October 23, 2013 2:04 PM
While connected to your network, reboot the machine and let it sit at the login screen. Remotely connect to the event viewer and check for event log entries showing errors applying group policy. They may lead you to other potential causes besides registry.pol becoming corrupted.
Nash Pherson, Senior Systems Consultant
Now Micro - My Blog Posts
<-- If this post was helpful, please click "Vote as Helpful".
Wednesday, October 23, 2013 2:50 PM
I've checked it already but the only error in the eventlog after the reboot is:
Eventid: 1001
Source: Microsoft Security Client
Microsoft Security Client failed to apply security policy: "Antimalware Policy". Error: Failed to save the local machine Group Policy. Error Code: 0x80004005.
Friday, October 25, 2013 10:23 AM
When I check what is inside the registry.pol, it contains al the scep settings en some remote control settings. All these are defined by SCCM.
I'm out of options and have no clue why it suddenly stopped working.
Saturday, November 2, 2013 1:46 PM
Yes, I know this is an old post, but did you figure this out? If so how?
Saturday, November 2, 2013 2:08 PM
Yes, I know this is an old post, but did you figure this out? If so how?
Well the post isn't that old, only a week or so. I'm still searching what is causing the errors. No clue!
Saturday, November 2, 2013 6:06 PM
I clean up any post older that a week. Honestly if you haven't got an answer within a week, you are most likely never going to get one, without calling Microsoft support. (CSS)
BTW, I agree with Nash this is going to be a GPO / Sec policy corruption issue. Personally I would try to reset the local Sec db and see if that fixes the issue.
Tuesday, September 30, 2014 8:43 PM
Hi Jopperd, I tried this and it did not resolve my issue. Would you have another suggestion? Thank you.
Tuesday, July 14, 2015 12:02 PM | 1 vote
Try this:
To fix the error there are a few steps needed:
-Browse to the Windows\System32\GroupPolicy\Machine folder on the client and delete the file: Registry.pol
-Then restart the "SMS Agent Host" service to enforce ConfigMgr download all policies again. Sometimes this is not enough and re-installation of the ConfigMgr client is needed.
After that policies must be applied again well.
http://henkhoogendoorn.blogspot.nl/2013/09/failed-to-open-local-machine-group.html