I’ve been working on getting System Center Endpoint Protection (SCEP) installed on some Macs via SCCM. I followed this handy blog from Microsoft: https://docs.microsoft.com/en-gb/archive/blogs/jchalfant/deploying-system-center-endpoint-protection-to-mac-os-x-using-configuration-manager and everything went well… except that SCCM reported that the SCEP client wasn’t getting installed.
On the Mac itself, SCEP was present, but SCCM had error in the Deployment Status: “The application was not detected after installation completed successfully.”
Well, that’s annoying. The install worked, but SCCM can’t confirm it. So, something was awry with the application’s detection method. That information is populated from the package that is created using Microsoft’s toolset for this exact process, so I had hoped it’d be accurate. Unfortunately, I was wrong.
Since the detection methods are based on package IDs, I did some digging on the Mac using “pkgutil –pkgs” to determine what the Mac believed it had installed and got this:
com.microsoft.systemCenterEndpointProtection.com.microsoft.scep_daemon.pkg
com.microsoft.systemCenterEndpointProtection.GUI_startup.pkg
com.microsoft.systemCenterEndpointProtection.pkgid.pkg
com.microsoft.systemCenterEndpointProtection.scep_kac_64_106.pkg
com.microsoft.systemCenterEndpointProtection.scepbkp.pkg
com.microsoft.systemCenterEndpointProtection.SystemCenterEndpointProtection.pkg
I also used “pkgutil –pkginfo” to confirm appropriate versions (which all came back good).
So, next was to compare against what SCCM was looking for:
I reviewed each clause to make sure the package ID matched what the Mac was reporting, and found a discrepancy. The second clause was looking for:
com.microsoft.systemCenterEndpointProtection.scep.pkg
But none were looking for:
com.microsoft.systemCenterEndpointProtection.SystemCenterEndpointProtection.pkg
So, I changed the clause to match and tried again, but that didn’t work either. Finally, I also removed the Application Bundle ID clause as well (since I had confirmed that all other clauses were correct).
After that, SCCM was able to detect that SCEP was installed on the Mac and reported the installation as a success.
Shane Skriletz, PEI
