Deploying DLP Endpoint Enforce Agent using SCCM Fails.
Originally Published: 2014-12-08
Article Number
Applies To
RSA Product/Service Type: Endpoint Enforce Agent
Platform: SCCM
Issue
How-to deploy DLP Endpoint Enforce Agent using SCCM.
The problem occurs because of the SCCM translation that is automatically applied to the install string supplied for the EP install, results in and install string that is exceeding a limitation of characters.
We have been seeing an increase in reports where deployment via SCCM will install the Agent however the agent is unable to communicate to the intended resource (rEPC). Typically we will see errors in the EP messages log referencing the failure to find a joinkey.dat, however the error observed as a result can vary depending on where the string is getting cut off.
Resolution
(Please note: for this to work you must first make sure the EP is no longer installed on the target.)
The following, is an example batch script with preliminary checking.
@ECHO OFF
REM --- Check for an existing installation (the 'Endpoint Enforce Service' process)
IF EXIST "%ProgramFiles%\RSA\Enforce\bin\EPEnforceSrv.exe" goto _End
REM --- Check for an existing installation on 64-bit
IF EXIST "%ProgramFiles(x86)%\RSA\Enforce\bin\EPEnforceSrv.exe" goto _End
REM --- Check for an existing installation of DLP EC, rEPC, GW, or SC
IF EXIST "%ProgramFiles(x86)%\RSA\Discovery\" goto _End
IF EXIST "%ProgramFiles%\RSA\Discovery\" goto _End
REM --- Deploy to Windows XP/2003/Vista/Windows7-8/2008/2008-R2
Agent.msi /qn SERVER=rEPC.ribeye.com JOIN_PARAMS=Default;786b6057-209c-4535-ab79-e737d691d58b;8d59e1ad84daa7d48401d17c2ee6852e4500e2fb;k5PqP52jysuuxm+boVpzcP2QFia5AG/yqG2YF8K2jko=
REM --- End of the script
:_End
The following is a trimmed version of the script without preliminary checking. Only the install string of the agent is called.
@ECHO OFF
REM --- Deploy to Windows XP/2003/Vista/Windows7-8/2008/2008-R2
Agent.msi /qn SERVER=rEPC.ribeye.com JOIN_PARAMS=Default;786b6057-209c-4535-ab79-e737d691d58b;8d59e1ad84daa7d48401d17c2ee6852e4500e2fb;k5PqP52jysuuxm+boVpzcP2QFia5AG/yqG2YF8K2jko=
REM --- End of the script
:_End
Insert the relevant value names as follows:
· Agent.msi | replace with the name of the Agent installer.
· SERVER=rEPC.ribeye.com | replace rEPC.ribeye.com with the name of the intended 'Root Endpoint Coordinator' server for your deployment environment (FQDN format is recommended).
(Tip: obtain the Agent.msi string from the EM UI on the "Generate Agent Installer page." Simply replacing the /i switch with /qn for a quite, non-interactive install.)
Related Articles
How to configure private key settings for Internet Explorer on Microsoft Vista Number of Views How to manual deploy Federated Identity Manager (FIM) 2.5 / 2.6 Number of Views How to run the RegisterUserExample Admin API example code in RSA Mobile Authentication Server 1.5 Number of Views Error: 'C:\WINNT\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applicatio… Number of Views How to use RSA Mobile Administration API Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
