This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Phil_Melvin
Participant
‎2018-07-13 02:14 AM

E80.83 Deployment issues

Since updating our clients to 80.83 (from a very outdated 8.4) I have been having issues with deployment, in particular on freshly imaged computers.

I image our computers using SCCM and as part of the imaging process SCCM installs the CheckPoint Initial Client. What used to happen is that after imaging, upon first boot the initial client would connect to the CheckPoint server and automatically install the appropriate blades for the computer according to deployment rules.

Since updating the clients this no longer happens - the blades do not automatically install. When the computer is first booted after imaging I can see that the initial client is there, it says "connected" and I keep seeing a system tray bubble which says "Package Verification Succeeded" but the blades do not install.

When I look up the computer in the management console under Reporting/Software Deployment Status it shows as "scheduled" with a deployment time of the next day, so it seems as though it is being automatically postponed for 24 hours, but I cannot understand why.

Can anybody help shed any light on this? Am I deploying incorrectly, or is the some setting somewhere telling it to postpone the blade installation?

For information this is happening on a mixture of Windows 7 and Windows 10 computers and the blades I am wanting to install are MEPP and FDE.

0 Kudos
7 Replies
Phil_Melvin
Participant
‎2018-07-13 07:27 AM

Well I have done some more investigation and I'm starting to wonder if this might be a bug.

I have found that if I go into the Policy tab, expand out my Client Settings and edit the shared action "Default installation and upgrade settings" there is an option labelled "Enable the user to postpone the client installation or upgrade"

After some testing I found that the delay described in my original post always matches what is specified under this setting. 

The wording of this setting would suggest that this postponement should only apply when a user actually postpones the installation, but it seems that the delay is applying as default to all client installations, even when there is no user intervention to postpone the installation.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-16 09:20 AM
In response to Phil_Melvin

Curious if you see the same behavior with E80.85, which came out recently.

0 Kudos
Marina_Lachtarn
Employee Alumnus
Employee Alumnus
‎2018-07-16 09:52 AM
In response to Phil_Melvin

Yes, this is correct. It is related to Client SEttings Policy. Installation will start according to postpone tiomeout defined in this policy. The behavior was not changed and does not depend on client version.

0 Kudos
Phil_Melvin
Participant
‎2018-07-17 01:54 AM

Well I have been doing some testing with the old client (8.4) and the behaviour is definitely different. The blades install immediately on first boot after reimaging when the old client is installed, while computers with the 80.83 initial client installed get hit with the 24 hour delay. I only have one client setting policy, so whichever client I'm using the same policy is applied.

What confuses me is that the setting in question suggests that the delay should only happen when the user chooses to postpone, but that itsn't happening here, there is no prompt to postpone and no user intervention.

Phil_Melvin
Participant
‎2018-07-17 08:13 AM

I'm just wondering if there is any way around this? I'd like to give users the ability to postpone installation when I push out a client upgrade, but then I can't have my technicians waiting hours for the installation to kick in when they are imaging computers! Is there a solution that I'm not seeing?

Sean_Van_Loon
Contributor
‎2019-01-21 07:00 AM
In response to Phil_Melvin

Were you able to resolve the issue?

I seem to have the same issue, however with other (newer) version.

New deployment.

Check Point Security Management Server: R80.20 (JHF 17)

Endpoint Package: E80.90 (Windows Client)

Installed initial packet onto the computer (Windows 10 Pro 1809).

Rebooted the PC and then it became stuck on "Package present and verified".

In the SmartEndpoint the status is "Scheduled", but if you drill down on the computer itself, then it states under "Users & Computers" > PC: "<user> on <pc> has some issues in progress".

Software deployment: Blade status: Scheduled: "The software installation is postponed" .

All help is appreciated. Smiley Happy

0 Kudos
Sean_Van_Loon
Contributor
‎2019-01-21 08:30 AM
In response to Sean_Van_Loon

I think I found the issue, by default the PC image contained a Endpoint Connect VPN client, older than the one I'm trying to install.

Thus I suspect it was not capable of handling that.

I changed the Software Deployment Rule to uninstall all blade, modified the policy and manually uninstalled the Endpoint VPN client.

After a reboot and putting only one software blade on the Software deployment rule, it started to deploy the software blade. Smiley Happy

Hooray!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events