Deploying DLP Endpoint Enforce Agent using SCCM Fails.
Originally Published: 2014-12-08
Article Number
Applies To
RSA Product/Service Type: Endpoint Enforce Agent
Platform: SCCM
Issue
How-to deploy DLP Endpoint Enforce Agent using SCCM.
The problem occurs because of the SCCM translation that is automatically applied to the install string supplied for the EP install, results in and install string that is exceeding a limitation of characters.
We have been seeing an increase in reports where deployment via SCCM will install the Agent however the agent is unable to communicate to the intended resource (rEPC). Typically we will see errors in the EP messages log referencing the failure to find a joinkey.dat, however the error observed as a result can vary depending on where the string is getting cut off.
Resolution
(Please note: for this to work you must first make sure the EP is no longer installed on the target.)
The following, is an example batch script with preliminary checking.
@ECHO OFF
REM --- Check for an existing installation (the 'Endpoint Enforce Service' process)
IF EXIST "%ProgramFiles%\RSA\Enforce\bin\EPEnforceSrv.exe" goto _End
REM --- Check for an existing installation on 64-bit
IF EXIST "%ProgramFiles(x86)%\RSA\Enforce\bin\EPEnforceSrv.exe" goto _End
REM --- Check for an existing installation of DLP EC, rEPC, GW, or SC
IF EXIST "%ProgramFiles(x86)%\RSA\Discovery\" goto _End
IF EXIST "%ProgramFiles%\RSA\Discovery\" goto _End
REM --- Deploy to Windows XP/2003/Vista/Windows7-8/2008/2008-R2
Agent.msi /qn SERVER=rEPC.ribeye.com JOIN_PARAMS=Default;786b6057-209c-4535-ab79-e737d691d58b;8d59e1ad84daa7d48401d17c2ee6852e4500e2fb;k5PqP52jysuuxm+boVpzcP2QFia5AG/yqG2YF8K2jko=
REM --- End of the script
:_End
The following is a trimmed version of the script without preliminary checking. Only the install string of the agent is called.
@ECHO OFF
REM --- Deploy to Windows XP/2003/Vista/Windows7-8/2008/2008-R2
Agent.msi /qn SERVER=rEPC.ribeye.com JOIN_PARAMS=Default;786b6057-209c-4535-ab79-e737d691d58b;8d59e1ad84daa7d48401d17c2ee6852e4500e2fb;k5PqP52jysuuxm+boVpzcP2QFia5AG/yqG2YF8K2jko=
REM --- End of the script
:_End
Insert the relevant value names as follows:
· Agent.msi | replace with the name of the Agent installer.
· SERVER=rEPC.ribeye.com | replace rEPC.ribeye.com with the name of the intended 'Root Endpoint Coordinator' server for your deployment environment (FQDN format is recommended).
(Tip: obtain the Agent.msi string from the EM UI on the "Generate Agent Installer page." Simply replacing the /i switch with /qn for a quite, non-interactive install.)
Related Articles
How to run the RegisterUserExample Admin API example code in RSA Mobile Authentication Server 1.5 Number of Views How to configure private key settings for Internet Explorer on Microsoft Vista Number of Views How to manual deploy Federated Identity Manager (FIM) 2.5 / 2.6 Number of Views Error: 'C:\WINNT\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applicatio… Number of Views Browser locale problems for administration Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
