- Jamf Nation Community
- Products
- Jamf Pro
- Latest DATs appear to break SCEP
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Latest DATs appear to break SCEP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2016 03:29 AM
Is anyone seeing issues with Microsoft SCEP not functioning correctly?
As far as I can tell it's fine until you let it install the latest DAT updates. Once it's done that it will just start producing random crash reports, the green taskbar icon will vanish and it will add lots of log entries claiming that the scep_daemon cannot be initialized.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2016 08:47 AM
Tracked this down a dodgy dat file that when replaced stopped it from crashing. I can only blame Microsoft for this...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2016 04:55 PM
I'm seeing the same -- looks like it started about a week ago. @allanp81 -- can you provide specifics on this dat file?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-07-2016 12:00 AM
The dodgy dat appears to be em002_32.dat located in /Library/Application Support/Microsoft/scep/modules
I noticed that on a broken machine it was ~43Mb whereas on a working machine it was about ~48Mb so I copied this dat to a broken machine and then stopped and restarted the com.microsoft.scep_daemon and it seems to instantly fix it.
We have a mixture of 10.10.x and 10.11.x machines with different versions of scep and it appears to have broken most of them so I'll be rolling out a policy to just copy down the new file and restart the daemon on login most likely.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-07-2016 07:32 AM
Nice, worked perfectly for me. Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2016 03:15 AM
Awesome, good to hear it sorted it for you.
How are you pushing out your fix to all of your clients? I couldn't easily tell what was working and what wasn't as we have about 600 macs so I wrote the following script and pushed out as a once a day policy to all computers:
#!/bin/bash
#checks whether scep is running and if not, fixes it
if ( ps axco pid,command | grep scep_ctl )
then
echo "Scep is running, nothing needs doing"
else
echo "Scep not running, must be broken so reinstalling"
echo "Killing System Center Endpoint Protection if running"
ps axco pid,command | grep scep_gui | awk '{ print$1; }' | xargs kill -9
sleep 3
echo "Removing and reinstalling the app then running it"
mkdir /Volumes/scep/
mount -t smbfs //my.path /Volumes/scep
echo "Copying dat file over"
cp /Volumes/scep/em002_32.dat /Library/Application Support/Microsoft/scep/modules
echo "Set owner to root"
chown root:wheel /Library/Application Support/Microsoft/scep/modules/em002_32.dat
echo "Stopping scep daemon and waiting 5 seconds to confirm stopped"
launchctl stop com.microsoft.scep_daemon
sleep 5
echo "Restarting daemon"
launchctl start com.microsoft.scep_daemon
umount /Volumes/scep
fiOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2016 09:30 AM
This may come in useful, thanks. But I've found that anything that has a def date of October seems to have missed the bad update. So luckily, I only had a handful to fix. Still, knowing this will likely happen again, I suspect the script will be used at some point!
