|
Post by matt5150 on May 22, 2019 22:47:18 GMT
Having trouble getting UI++ to run on Win10x64 1903 (within Windows, in and out of TS, with and without ServiceUI64.exe).
Freezes while gathering information: "Collecting values from system.. Retrieving Security Information..."
Log does not seem to capture any errors, it just stops at:
+ Set the task sequence variable 'XServiceStartModeWindowsUpdate' to the value 'Auto' UI++ 5/22/2019 5:36:21 PM 5452 (0x154C)
+ Set the task sequence variable 'XWindowsUpdatesEnabled' to the value 'False' UI++ 5/22/2019 5:36:21 PM 5452 (0x154C)
+ Set the task sequence variable 'XWindowsUpdateDefaultService' to the value 'Windows Server Update Service' UI++ 5/22/2019 5:36:21 PM 5452 (0x154C)
+ Set the task sequence variable 'XWindowsUpdateServer' to the value 'https://-------------:xxxx' UI++ 5/22/2019 5:36:21 PM 5452 (0x154C)
* Getting Windows Defender information... UI++ 5/22/2019 5:36:21 PM 5452 (0x154C)
+ Set the task sequence variable 'XServiceStateWindowsDefenderAntivirusService' to the value 'Stopped' UI++ 5/22/2019 5:36:21 PM 5452 (0x154C)
+ Set the task sequence variable 'XServiceStartModeWindowsDefenderAntivirusService' to the value 'Manual' UI++ 5/22/2019 5:36:21 PM 5452 (0x154C)
Thanks,
-Matt
|
|
|
Post by Jason on May 23, 2019 15:48:00 GMT
Ugh. You're going to make me load 1903 somewhere now. :-)
|
|
|
Post by matt5150 on May 28, 2019 18:38:38 GMT
Sorry. If you need any other information, let me know how I can help!
|
|
|
Post by matt5150 on Jun 27, 2019 18:23:52 GMT
Hi Jason, any update on the 1903 issue?
|
|
|
Post by Jason on Jun 28, 2019 18:33:25 GMT
No sorry. I've unfortunately had limited bandwidth recently. I will make time this next week though.
|
|
|
Post by Jason on Jul 1, 2019 21:39:04 GMT
Hi Matt,
I can't reproduce this on my test system. The next activity that the Action is doing is checking the MSFT_MpComputerStatus WMI class in the root\Microsoft\Windows\Defender namespace. Do this class and namespace exist on your system?
Also, why is the Defender service stopped at all? That's not a good thing at all (and is unsupported to my knowledge). If you have a third-party AV installed, Defender will automatically enter passive mode.
|
|
|
Post by matt5150 on Jul 1, 2019 22:16:15 GMT
Well heck, just re-tested on a 1903 VM, but now with the latest Win CU, and it's working fine! I'd have to redeploy one to check prior to the Cumulative Update, but I'd have to guess at this point that fixed it. False alarm then! Thanks Jason.
|
|
|
Post by Jason on Jul 4, 2019 21:18:00 GMT
Cool. Let me know if anything changes though. Thanks.
|
|
|
Post by dsrichmond on Jul 26, 2019 22:10:43 GMT
FYI, I'm experiencing this after having updated to 1903, currently rocking the .239 (July) update.... * Getting Windows Defender information... UI++ 7/26/2019 4:05:50 PM 33368 (0x8258) + Set the task sequence variable 'XServiceStateWindowsDefenderAntivirusService' to the value 'Stopped' UI++ 7/26/2019 4:05:50 PM 33368 (0x8258) + Set the task sequence variable 'XServiceStartModeWindowsDefenderAntivirusService' to the value 'Manual' UI++ 7/26/2019 4:05:50 PM 33368 (0x8258)
Same behavior matt described - stalls and will not continue.
The Windows Defender service is stopped and will not start. 3rd party A/V is active and healthy. I don't believe this is necessarily an issue, but maybe!
So turning to WMI, the indicated class in the WMI namespace root\Microsoft\Windows\Defender does not appear to exist.
Very interestingly, querying this WMI class with Powershell on the affected computer... stalls out for eternity! Can't cancel out of it or anything lol. Maybe if someone else (OP?) could replicate this?
Get-WmiObject -Namespace root\Microsoft\Windows\Defender -Class MSFT_MpComputerStatus
Now I also have a VM (one of many) running 1903 - same CU version, essentially the same environment - and the issue cannot be replicated on it. UI++ works just fine. However I do notice in the log that it was able to proceed past this step despite not having that class... * Getting Windows Defender information... UI++ 7/26/2019 1:07:07 PM 10256 (0x2810) + Set the task sequence variable 'XServiceStateWindowsDefenderAntivirusService' to the value 'Stopped' UI++ 7/26/2019 1:07:07 PM 10256 (0x2810) + Set the task sequence variable 'XServiceStartModeWindowsDefenderAntivirusService' to the value 'Manual' UI++ 7/26/2019 1:07:07 PM 10256 (0x2810) x A error occured retrieving a default value: This method is not implemented in any class . UI++ 7/26/2019 1:07:07 PM 10256 (0x2810)
So on this VM UI++ receives an error during the WMI query and doesn't just get stuck waiting for a response, despite the WinDefender service having the same status.
This leads me to suspect there's something up with WMI apparently not returning an error from whatever WQL query UI++ is sending... reaching the limits of my WMI knowledge unfortunately, maybe this is a Known Issue™ around that bit of WMI?
Any of this helpful? Doesn't seem very prevalent but then it is the same thing Matt posted so maybe it's hitting others too.
¯\_(ツ)_/¯
|
|
|
Post by matt5150 on Jul 26, 2019 22:18:00 GMT
Ah, we also run 3rd Party AV and disable Windows Defender. I bet the machine I initially tested on was a "production test" machine, and the one I confirmed on was a test VM (No McAfee).
I haven't been back to revisit this, as we're waiting on McAfee HIPS Patch 13 to be re-re-released to support 1903 before we begin any real testing.
|
|
|
Post by matt5150 on Aug 20, 2019 3:47:08 GMT
Ah, we also run 3rd Party AV and disable Windows Defender. I bet the machine I initially tested on was a "production test" machine, and the one I confirmed on was a test VM (No McAfee). I haven't been back to revisit this, as we're waiting on McAfee HIPS Patch 13 to be re-re-released to support 1903 before we begin any real testing. I was able to test this tonight, and replicate the results. Without McAfee installed: + Set the task sequence variable 'XServiceStateWindowsUpdate' to the value 'Running' UI++ 8/19/2019 10:04:55 PM 368 (0x0170)
+ Set the task sequence variable 'XServiceStartModeWindowsUpdate' to the value 'Manual' UI++ 8/19/2019 10:04:55 PM 368 (0x0170)
+ Set the task sequence variable 'XWindowsUpdatesEnabled' to the value 'False' UI++ 8/19/2019 10:04:55 PM 368 (0x0170)
+ Set the task sequence variable 'XWindowsUpdateDefaultService' to the value 'Windows Server Update Service' UI++ 8/19/2019 10:04:55 PM 368 (0x0170)
+ Set the task sequence variable 'XWindowsUpdateServer' to the value 'http://sccm.server.com:8530' UI++ 8/19/2019 10:04:55 PM 368 (0x0170)
* Getting Windows Defender information... UI++ 8/19/2019 10:04:55 PM 368 (0x0170)
+ Set the task sequence variable 'XServiceStateWindowsDefenderAntivirusService' to the value 'Running' UI++ 8/19/2019 10:04:55 PM 368 (0x0170)
+ Set the task sequence variable 'XServiceStartModeWindowsDefenderAntivirusService' to the value 'Auto' UI++ 8/19/2019 10:04:55 PM 368 (0x0170)
+ Set the task sequence variable 'XDefenderAVEnabled' to the value 'False' UI++ 8/19/2019 10:04:56 PM 368 (0x0170)
+ Set the task sequence variable 'XDefenderASEnabled' to the value 'False' UI++ 8/19/2019 10:04:56 PM 368 (0x0170)
+ Set the task sequence variable 'XDefenderNISEnabled' to the value 'False' UI++ 8/19/2019 10:04:56 PM 368 (0x0170)
+ Set the task sequence variable 'XDefenderFullScanAge' to the value '-1' UI++ 8/19/2019 10:04:56 PM 368 (0x0170)
+ Set the task sequence variable 'XDefenderEngineVersion' to the value '1.1.13701.0' UI++ 8/19/2019 10:04:56 PM 368 (0x0170)
+ Set the task sequence variable 'XDefenderAVSignatureAge' to the value '846' UI++ 8/19/2019 10:04:56 PM 368 (0x0170)
Found <UserAuth> Action: UI++ 8/19/2019 10:04:56 PM 8832 (0x2280)
Initiating <UserAuth> Action: UI++ 8/19/2019 10:04:56 PM 8832 (0x2280)
> Cancel button pushed ... exiting UI++. UI++ 8/19/2019 10:05:21 PM 8832 (0x2280)
-- UI++ Finished ---------------------------------------- UI++ 8/19/2019 10:05:21 PM 8832 (0x2280)
Services without McAfee installed: With McAfee Installed: + Set the task sequence variable 'XServiceStateWindowsUpdate' to the value 'Running' UI++ 8/19/2019 10:36:41 PM 5188 (0x1444)
+ Set the task sequence variable 'XServiceStartModeWindowsUpdate' to the value 'Manual' UI++ 8/19/2019 10:36:41 PM 5188 (0x1444)
+ Set the task sequence variable 'XWindowsUpdatesEnabled' to the value 'False' UI++ 8/19/2019 10:36:41 PM 5188 (0x1444)
+ Set the task sequence variable 'XWindowsUpdateDefaultService' to the value 'Windows Server Update Service' UI++ 8/19/2019 10:36:41 PM 5188 (0x1444)
+ Set the task sequence variable 'XWindowsUpdateServer' to the value 'https://sccm.server.com:8531' UI++ 8/19/2019 10:36:41 PM 5188 (0x1444)
* Getting Windows Defender information... UI++ 8/19/2019 10:36:41 PM 5188 (0x1444)
+ Set the task sequence variable 'XServiceStateWindowsDefenderAntivirusService' to the value 'Stopped' UI++ 8/19/2019 10:36:41 PM 5188 (0x1444)
+ Set the task sequence variable 'XServiceStartModeWindowsDefenderAntivirusService' to the value 'Manual' UI++ 8/19/2019 10:36:41 PM 5188 (0x1444)
Services with McAfee installed:
|
|
|
Post by matt5150 on Sept 24, 2019 19:38:02 GMT
Hi Jason, do you need additional information on this issue?
|
|
|
Post by matt5150 on Nov 13, 2019 3:16:18 GMT
FYI - This is happening with 1909 as well. Only way I can find around it, is uninstalling McAfee. I could script that, but would rather not. If I set ValueType to exclude "Security", what information is lost to UI++ ? Anything I might miss?
|
|
|
Post by matt5150 on Jan 30, 2020 18:41:59 GMT
FYI - We recently migrated everything from McAfee products to Crowd Strike. I'm no longer able to test this issue.
|
|