This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 51%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Yes it's old and no it won't be upgraded anytime soon..
Anyways Server 2008 Standard with SCEP 4.10.209.0. Event id 20, 2003, 2001 in System Event log.
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Intelligence Update for Microsoft Endpoint Protection - KB2461484 (Version 1.323.201.0). Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.17400.5 Previous Engine Version: Engine Type: Antimalware User: ************** Error Code: 0x8007007f Error description: The specified procedure could not be found.
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.323.188.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: ************ Current Engine Version: 1.1.17400.5 Previous Engine Version: Error code: 0x8007007f
Detail of each of the above events ids respectively.
Software distribution folder renamed etc and SCEP uninstalled restarted and installed again same issue.
Anyone else with the same issue in the last 6 days ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 40%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Any lucky with this? experiencing the same issue with 2008 Standard, R2 member servers have updated fine... standard has constant failed scep update within software centre
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 5%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBK%3C/text%3E%3C/svg%3E)
Worked with Microsoft support and found a solution. Its posted in the answers below.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 47%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Has anyone verified this dll worked and that this is indeed a official fix?
Has anyone verified BenK-9145's dll worked and that this is indeed a official fix?
I used BenKs fix, it worked.
I'm assuming anyone can install the "2020-02 Extended Security Updates (ESU) Licensing Preparation Package for Windows Server 2008 for x86-based Systems (KB4538484)" update but whether the License on the server actually permits it or not.
How can I tell if the license has been extended by the customer ?
Hi,
Thank you for your actions and provide detailed information about what you did.
We could run command line "slmgr /dlv" as administrator to check the license type. You could also post it here and hide personal data before upload capture.
Bests,
Which part of the information do you require and i will post it ?
here's a small snippet from top!
Hi,
Seems like you have not brought ESU product key.
Here is the capture which have brought and activated with ESU key.
Thankyou JoyQiao.
I will advise the different customers that they have not bought the Extended License.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 42%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMZ%3C/text%3E%3C/svg%3E)
Is there any official document from Microsoft where they mentioned that SCEP updates are no longer available for Windows Server 2008? and you need to buy ESU for that? I am unable to find any. Please share if you have any.
Struggling to find this as well
FYI, my servers do not show the ESU info on this screen either, but after working with Microsoft and applying their patch, the definitions are updating again as expected.
We are seeing the same thing. 2008 NON R2. Last Definition update happened on 8/24. 8/25 they started failing with the same errors as above.
2008 R2 servers are working normally
I tried to run the ESU updates to verify and they all just say its not applicable to the servers.
Just an update, I have opened a case with Microsoft on this and they are currently investigating. They have acknowledged there is an issue, and they tried a fix that did not solve the issue so they are back with engineering to try and come up with a new fix.
Would you be able to keep us updated if any of the fixes work? :)
As soon as I have any update I will post here.
thankyou :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 96%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPF%3C/text%3E%3C/svg%3E)
Hi,
I don't suppose you've had any further update from MS on this issue please? Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 54%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWW%3C/text%3E%3C/svg%3E)
Same issue, but also want to note that the updates are being downloaded repeatedly to the server, adding 220MB of data each time. Depending on how frequently you're set to check for updates (we check hourly), this can fill up the hard disk pretty quickly.
If you're suddenly seeing space issues on your 2008 (non-R2) servers, check C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates
OK, I got a new fix for when the first one fails.
If you can find a working server, you'll grab the files from it, and copy it over.
Working server files:
C:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup
Copy all the .vdm files and the mpengine.dll file from here, and paste them to the below location on the broken server.
C:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates
Wait a few minutes and the files will disappear and the definitions should update on their own. Don't manually try to do the update or it will try and update normally again and fail.
After this I now have all my systems back up to date.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 28.999999999999996%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWN%3C/text%3E%3C/svg%3E)
hi Ben, thanks for keeping us updated (no pun intended ;-))
Copying the vdm's and dll from the Backup folder of a working server (Win2008R2) to the Updates folder of our 7 remaining Win2008s doesn't seem to work. I see the files disappearing one by one, but SCEP still says its definitions are 27 days old.
The system log mentions an error for both engine and definition updates:
Error code: 0x8007007f
Error description: The specified procedure could not be found.
Any word on when MS is going to release a public fix for this? You mentioned they would, so I'm waiting a bit before logging my own support case.
As these are servers running an OS that's EOL, it's not my highest priority to get their AV up-to-date, but I can't wait for too much longer.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 72%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
The way we've resolved the issue if you've removed the SCEP client is similar to Ben's by copying
Working server files:
C:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup (remember to copy and check if it's 32bit or 64bit OS)
Copy to same location on non-working server: C:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup
Run command prompt as admin then go to the directory of: "C:\Program Files\Microsoft Security Client" and run MpCmdRun.exe -RemoveDefinitions -Engine
This will then reset the definitions and bring your SCEP client up to date and also bring the SCCM console up to date and no longer showing at risk.
We have tested this on two of our servers with no issues.
Still the same behavior as mentioned earlier after I first remove the engine and definitions...
The one I tried on is x64, and the donor is Win2008R2 (so x64).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 3%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJV%3C/text%3E%3C/svg%3E)
Ben , first off , thank you for doing the hard work here. I have used both of your fixes on several of my affected servers and saved a lot of hassle.
Yesterday as I was going through a few more, I did note that there is a new update in the queue released on 9/15
Update for System Center Endpoint Protection 2012 Client - 4.10.209.0 (KB3209361) which seemingly resolves the issue without the manual process.
I did have to free up space on the drive by deleting some of the superfluous definition updates, but once the Windows update completed , the remaining definitions were removed.
edit - If you have modified files on a system previously but had not corrected the error , the patch will not correct it alone.
I just had an example where I ran the update , the client came up with errors and I still had to copy the backup folder from one of the working systems and then run the commands provided by RichIT
Jason
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 48%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERF%3C/text%3E%3C/svg%3E)
The above ended-up working for me:
1) Take the four .vdm from a working machine (I grabbed mine from a 2008R2 server) and mpengine.dll from the link attached in the original fix.
2) Place in "C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup"
3) Run "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" -RemoveDefinitions -Engine
This got the client into a working state with definitions from when I took them from the old machine (the 22nd). After this point I'm now able to update normally and have definitions from today.
This was on a machine which just had SCEP installed last week - so I've never been able to install any definitions until now.
You need to use files from the same OS. You're using files from an R2 OS which won't work. They run different versions.
My case with Microsoft is now closed, however they did mention that an official engine fix for this will be coming at the beginning of October. That was the only info he could give me on the official fix. So if you are still having issues, you'll either need to wait for that official published fix, or open a support case with Microsoft.
One thing to note in that backup folder of a working machine, it should have 4 vdm files, and the mpengine.dll file. Another thing you can try is to use the updated mpengine.dll from my post above if it doesn't work just so you know for sure its the correct version with the fix included just incase the working server had the older unpatched dll file.
