Updating #FEP or #SCEP definitions gives error 0x80248014 – small fix required when using Windows Update as source

If you update Forefront Endpoint Protection from the agent shown below, it will sometime not update its definitions from Microsoft Update unless you have allowed the OS to receive updates from other products than Microsoft.


If you encounter something like the error code 0x80248014 below when updating FEP – Forefront Endpoint Protection or SCEP – System Center Endpoint Protection definitions, you need to make a small adjustment.

Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: Microsoft Update Server
Update Stage: Search
Source Path: http://www.microsoft.com
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10502.0
Error code: 0x80248014
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Forefront Endpoint Protection cannot get Definition updates from Microsoft Update unless you check this box “Give me updates for other Microsoft Products when I update Windows”:



If SCCM 2012 show this Antimalware Policy configuration, the “Updates distributed from Microsoft Update” will not work until you have checked the box.


You can use a VB script to change it:

Save the text below in a file with a VBS extension.

Set ServiceManager = CreateObject(“Microsoft.Update.ServiceManager”)
ServiceManager.ClientApplicationID = “My App”
‘add the Microsoft Update Service, GUID
Set NewUpdateService = ServiceManager.AddService2(“7971f918-a847-4430-9279-4a52d1efe18d”,7,””)

Run the below command in an elevated command prompt: cscript optinMU.vbs


The reverse step is also possible with a simple alteration:

Set ServiceManager = CreateObject(“Microsoft.Update.ServiceManager”)
ServiceManager.ClientApplicationID = “My App”
‘remove the Microsoft Update Service by GUID

Source: http://support.microsoft.com/kb/2832355

Windows Intune & Configuration Manager – Free Trail Getting Started Guide

There is a way to get started with Windows Intune and Configuration Manager without creating a paid Microsoft Developer Account and buying a Symantec Certificat.

If you would like to try out Windows Intune with Configuration Manager 2012 R2 for Windows Phone 8, Android, IOS and Windows 8 PC’s for 30 days, this is what you will need.

Intune subscription and configuration login: http://account.manage.microsoft.com

Intune configuration login: http://manage.microsoft.com

If you would like to change the PoC to a production environment, you will allso need these:

If you would like to install your own Microsoft Store apps on Windows 8 or 8.1 without showing them to the public inside the store, and making the installation forced, this can be done by the term “Sideloading”.

You would need to look into Sideloading Keys HERE and HERE


The Windows Intune Team have written a blog regarding the Support Tool for Windows Intune Trail Management of Windows Phone 8 HERE

Solution – Error: Service health log: WP appStoreURI is missing for account 73dab792-979c-40be-947b-b7c8040e725b and userId

Solution – Error: We weren’t able to set up this company account on your phone

Changing Mobile Device Management Authority

System Center Tech

Managing mobile devices is possible through the use of Windows Intune in Standalone mode or through ConfigMgr 2012 SP1 or R2, with Intune integrated through the Intune Connector. During the initial configuration process, you have to select a mobile device management authority. When configuring Intune in standalone mode, this is performed through the Intune Admin Console, or in ConfigMgr integrated mode, this is performed through the ConfigMgr Console. Unfortunately, once this has been configured, you can’t switch the management authority through the provided tools, should your requirements change. Luckily there is another option.

View original post 59 more words

Intune Company Portal gives 401 acces denied – SOLVED

When trying to logon to the Intune Company Portal app on Android, IOS or Windows Phone it will give you an 401 Acces Denied error on the integrated webpage.

This is because Intune cannot handle the ADFS “integrated windows authentication” form page for authentication, which is the small popup box that is shown on webpages where you use your ADFS server for authentication.

You need to change the ADFS Authentication Type to “Forms authentication”

You can change the authentication type by locating the web.config of adfs\ls\ virtual directory on ADFS server. Change the order of the localAuthenticationTypes element so the “Forms authentication” is at the top shown below.

Authentication Types

  • Forms authentication
  • Integrated windows authentication
  • Client certificate authentication
  • Basic authentication

Forms authentication will look like below


Did it help?, please let me know.

ADFS logon redirection loops on Intune Company Portal – SOLVED

I encountered this issue when using Windows Intune. When I tried to login to the company portal application on workstations or mobile phones on both Android, IOS and Windows using company\username and password, the ADFS page would blink shortly and return to the login screen once more.

Microsoft support instructed to check if our ADFS server had KB2843638 installed by running this powershell command “Get-Hotfix -id “KB2843638”

If it is possitive, request this hotfix from Microsoft and install on your ADFS server


All issues was solved and the Company Portal login worked perfectly in Windows Intune.