Jump to content


All Activity

This stream auto-updates     

  1. Today
  2. kevinnns

    Hi from NL

    Hi all, Just saying Hello from The Netherlands! I've been lurking a bit on the forum via my RSS reader and saw some topics where I could try to share some of my solutions on the posted problems. So, time to register for that account πŸ˜€. It's great to see the information exchange on the forum and I hope to be able and share some ideas and off-course, pick up some new ones! I've got experience from Infrastructure (Storage Systems, Hypervisors) to Application layers(Exchange, Skype, SCCM), on-premise (VMware) to cloud (Azure, AWS, GCP) and I've been messing with SCCM for quite some years now. Earlier this year my focus has shifted a lot more to SCCM/MEM and has given me quite more time to get a better understanding of the underlying system, but still lots to learn! Cheers!
  3. @fj40ratt Is that dependency MS Visual C++ Redist 2015 or higher by any chance? The older versions just install older/newer versions next to each other as far as I've seen till now, but the 2015 and later was giving me a bit of a pain. This is mostly because MS has now made a bundle of the whole 2015-2019 C++ Redist. If a newer versions is installed -> Big fat error code, install failed and all that. So I was in need of a different detection method because each version has a different (MSI) GUID in the Uninstall hive of the registry (or used with the MSI detection). In the end I came up with this Powershell dection and it has been working well until now for us: $software = 'Microsoft Visual C*2015*Redistributable (x86)*'; $minimalversion = 14.0.24212 $installed = $null $installed = (Get-ItemProperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -like $software }) -ne $null $Result = "Not Installed" If($installed) { $AppVersion = $null $AppVersion = (Get-ItemProperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -like $software }) If($AppVersion.DisplayVersion -ge $minimalversion) { $Result = "Installed" } } $Installed = $null $installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -like $software }) -ne $null If($installed) { $AppVersion = $null $AppVersion = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -like $software }) If($AppVersion.DisplayVersion -ge $minimalversion) { $Result = "Installed" } } Write-Host $Result Change the (x86) to (x64) if you need the other one. I'm looking on both WOW6432Node and the "normal" Uninstall registry because it seems MS made a boo-boo with their current Redists 2015-2019, no matter of the architecture x86/x64, the registration always ends up in WOW6432Node, and I wanted to be sure that I got it covered if/when they wise up. Hope it helps you out a bit, or gives you an Idea of direction.
  4. You could use a Configuration Item + Baseline to build something that does this, pending on what you're looking for exactly. It's not Ideal, but possible. With the WFH I've hacked a Powershell script together to check if the SCCM Client cert on the system is about to expire. $Compliance = 'Compliant' $templateName = 'SCCM Client Certificate' $Check = Get-ChildItem 'Cert:\LocalMachine\My' | Where-Object{ $_.Extensions | Where-Object{ ($_.Oid.FriendlyName -eq 'Certificate Template Information') -and ($_.Format(0) -match $templateName) }} | where { $_.notafter -le (get-date).AddDays(24)} If ($Check) {$Compliance = 'NonCompliant'} $Compliance I've got the Data type set as a string and Compliance Rule to Equal "Compliant". In above case we're checking on days validity left, you can change it as you like off course, and make sure to match the TemplateName to your actual Template name for the Cert from your certificate server. We've deployed this on our workstations and put all non-compliant marked clients in a collection twice a day and based on that give our end-users some "attention" to connect to the VPN and get their cert renewed. Preferably we wouldn't be in this situation and we would have all the machine AzureAD joined so that with the CMG Client cert authentication wasn't needed, but for now alas it still is (but not for long anymore). Hope it helps or at least gives you a start to build what you need πŸ˜‰!
  5. Yesterday
  6. if you have two package sharing the same source files then yes it will clean up. and remove SU that don't below to the package. aka the other package. make sure that this isn't the case and everything will be fine.
  7. just came across this old post and it seems like we are having the exact same issue. I created a new software update package for our servers on Tuesday i patched our DEV servers without any issues. it is now saturday and we just discovered that the update files have mysteriously been deleted... we have no idea how this happened or why as nobody has been deleting anything. we blame SCCM for this but its hard to say as theres no indication anywhere as to what is happening. i know this is an old post but did anybody ever find a root cause for this?
  8. Last week
  9. Thanks, radish. I am pretty sure that both methods (automatically-triggered and via Software Center) use the system account, but if anybody knows different, I'd like to hear it. Understanding the exact difference between the two will help troubleshoot and explain it to the developer. Thanks.
  10. AlwaysOn server multi-instance, 2 member servers W2019-SCCMDB1\MSSQLSERVER 1433,4022 W2019-SCCMDB1\MSSQLSERVER2 1633,4023 W2019-SCCMDB2\MSSQLSERVER 1433,4022 W2019-SCCMDB2\MSSQLSERVER2 1633,4023 AlwayOn-DB 192.168.160.122 5022 5044 port AlwayOn-DB2 192.168.160.123 5023 5045 port First migrate the management center site to W2019-SCCMDB1\MSSQLSERVER2. Everything is fine, even if the members of the alwayson database are restarted. After the management center site completes the restoration of active replication status, I am migrating the main site database to W2019-SCCMDB1\MSSQLSERVER. If the AlwaysOn database member server is restarted at this time, this situation will reappear, and I discovered this problem when I shut down the failover. Once the AlwaysOn database member server is restarted, the management center site must fail to connect, and the SQL cannot be connected. It seems that it is caused by the SQL certificate problem? If you clear the certificate in the sql configuration tool, the MSSQLSERVER2 instance can be connected, but then the CAS console cannot be connected. Don't know what is going on here? At present, the W2019-SCCMDB2 server has been restarted and the SQL connection login failure occurs. W2019-SCCMDB1 can still be used normally because it has not been restarted. Whether SCCM cannot host the SCCM site database in the AlwaysON environment with multiple instances, this problem will surely recur. I don’t know how to check the problem. Is it the SCCM certificate problem or the SQL AlwaysON problem? It is guessed that it is caused by the SQL certificate. Since the main site was the last to migrate, the SQL certificate generated by the main site will invalidate the SQL certificate generated by the previous management center site?
  11. Need to write a script to achieve, when there is an old system, it should be installed on the old system partition Here is a video tutorial to install to the original system disk location without formatting other partitions, but it seems to be a paid video https://edu.51cto.com/center/course/lesson/index?id=567096
  12. Yes, 66 and 67 must be set to see the actual situation of the device When the number of VLANs is relatively small or when the switch setting does not support ip helper, You can set a distribution point for each vlan to solve the OSD problem.
  13. Make sure that the hard disk partitions are checked. This partition is set as the boot partition. In the SCCM OSD, only bios is recognized as the first boot method of a certain hard disk. Otherwise, an error will occur in the application operating system and the WIM image package cannot be released If there are two hard disks, disk number 0 HDD and disk number 1 SSD, you need to install the operating system to the SSD, pay attention! ! ! The bios sets the HDD hard disk as the first boot hard disk first. Then in the task sequence step, the disk 1 partition step must be set as the boot partition, which prevents IT technicians from manually adjusting the bios settings, which is suitable for automated OSD. The traditional MBR boot method to install the operating system is affected by this, UEFI is not affected by this rule. See if it is caused by this problem.
  14. Agree with this view, system computer account installation and user installation of some software will cause installation errors
  15. There is a user voice for it, I would not hold my breath that it will happen anytime soon. As it only has 0 votes. https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/40878685-hardware-inventory-to-collect-certificates
  16. When the application starts it evaluates the detection (presence) of your dependency apps. Maybe you need to add an extra detection method on your dependency app to skip installation of the new C++ when a certain version is found OR create in your installation program an uninstall first of the previous version.
  17. thanks - hope Microsoft will include in the future .
  18. Introduction These are my notes from a session shown today @ Microsoft Ignite 2020, the session was hosted by Steve Dispensa (Director of Program Management at Microsoft Endpoint Manager) and Ramya Chitrakar (Director of Engineering at Microsoft Endpoint Manager). For the last couple of years at Ignite I blog my notes for sessions I'm interested in as I always find it nice to later refer to this reading material and punctuate it with content I've covered, and sometimes the videos just flow by too fast and you miss out on important points. Where appropriate I'll link to content that I've covered that is referred to in the video. Agenda This is part 1 of a two part session and below is the agenda. MEM and the new normal What's new in Microsoft Endpoint Manager Demos Takeaways and next steps MEM and the new normal A year ago we all started our day in the usual way, grabbing coffee, going to the office, and interacting directly with our fellow colleagues but Covid 19 changed that very quickly as businesses shut their doors all around the world. I know this myself as I've been working from home since mid-March this year and as a direct result of that I upgraded my home office to make the work environment more appealing. Now many of us are working from home either full time or most of the time, and that involves changes in how we access and use company resources. We are working across more devices, more scenarios and often without the traditional safety net of onsite support or help desks that you can visit directly for assistance. This rapid change has guaranteed one thing, all businesses must have a remote working plan that lets employees work with 100% productivity from home. "Businesses need users to be fully effective when working remotely and need to be able to switch between remote work and office work without missing a beat" Last year at Ignite Microsoft released Microsoft Endpoint Manager, the integrated solution between all the endpoints in your estate. MEM brings together Intune (intelligent cloud) for all of your cloud attached endpoints, Configuration Manager (Intelligent Edge) for all your on-premises endpoints and other endpoint management tools suchs as Windows Autopilot, Desktop Analytics and Proactive Remediations to bring the power of the cloud to your whole enterprise. Microsoft have seen exponential growth in cloud attachment in the last year. "Massive customer adoption" MEM brings together the most comprehensive set of endpoint management capabilities in the industry. Starting with security it integrates with the most sophisticated solutions in the market and lets you establish baselines and implement policy for your users and devices. Risk based controls like Conditional Access lets you make sure that your endpoints are secure and compliant before gaining access to sensitive company resources. Unified management has deep integration with Microsoft 365 apps and the new Microsoft Edge. Zero touch provisioning works across different platforms to deliver unprecedented efficiency for IT Pros. And of course there is advanced analytics with Desktop Analytics, Log Analytics, real time advanced threat detection and more, and of course it's all deeply integrated with Microsoft 365 and can utilize RBAC (role based access control), Microsoft Graph (to automate tasks), PowerShell, auditing and cloud content optimization. So how does it all fit together ? "Tenant attach" Microsoft's goal is to bring the power of the cloud to your whole enterprise. Microsoft released tenant attach which allows you to have an easy and low risk path to cloud attached Configuration Manager to start gaining cloud benefits. I blogged about tenant attach when it was first released in Endpoint Manager technical preview below: Enabling tenant attach Utilizing tenant attach Organizations can also use co-management to manage Windows 10 using both Config Manager and Intune at the same time, this capability is unique in the industry. New customers can go directly to the cloud with Intune or migrate over time with co-management of Config Manager and Intune. Below you can see the increase in numbers of Windows 10 devices managed in the cloud (Intune) in the last year. The target for next year is 35% managed by Intune and by 2022 they are forecasting 50% of Windows 10 devices will be cloud attached. Nobody had it easy through this crisis, but customers that had modern management definitely had a smoother run. The pandemic drove permanent changes in the way modern workplaces worked, customers deployed CMG's, VPN usage went crazy. At this point however most customers have made it through the initial problems and are focusing on rebuilding for the future. So let's focus on the new capabilities in Microsoft Endpoint Manager. What's new MEM will support virtual endpoints so you can support Windows Virtual Desktop and later this year, third party VDI right alongside your physical pc's. They will preview this capability later in the year. Customers want to manage all their endpoints with MEM and Microsoft have a first class management experience of MacOS. New capabilities there as well including the ability to deploy scripts to devices, new enrollment experiences that utilize Single Sign-on improvements across applications and new managed life-cycle features. Shared iPad for Business support. Will let customers deploy shared iPads to users, login with their Azure AD work accounts in separate partitions on the device including having each user having a separate device passcode on the device. Introducing Microsoft Tunnel. Customers have been asking for this literally for years. Tunnel allows you to connect your users on iOS and Android to apps and services. Full device and per app VPN with split tunneling. Natively integrated with Microsoft 365 and Conditional Access so you can protect your sensitive company resources. This is now available in preview to a broad audience over the next couple of days. Please check it out. "Zero Trust" Cloud attached management is critical to Zero Trust Security and Endpoints are trusted only when identity is securely established. MEM si growing fast, and it also offers the following areas of investment in new classes of shared devices. Today Microsoft will announce the general availability of Endpoint Analytics which is one of the fastest growing new capabilities in MEM. Every cloud attachment is unique and there are several different on-ramps to cloud management and (according to Microsoft) it's just a couple of clicks, but in reality you do have to satisfy prerequisites and those take some time to setup prior to those clicks. Demos As Steve already mentioned there's been a massive shift towards remote work and a strong indication that this trend will continue even in the long term. Ensuring business continuity and resilience is going to be key for IT. Microsoft Productivity score and Endpoint Analytics enable the IT Pro to understand how organizations are working, how technology is supporting them and how productive their end users are. "Microsoft Productivity score and Endpoint Analytics enable the IT Pro to understand how organizations are working, how technology is supporting them and how productive their end users are." Analytics really makes the IT Pro the hero. Endpoint Analytics is release to general availability at Ignite, Microsoft Productivity Score will be released in October. Below you can see the productivity score and how it displays employee experience and technology experience. Endpoint analytics is part of Technology experience, last year Microsoft announced some cool new features in that area to measure startup performance. It also offers Proactive remediations, recommended software and application health reports. Application health (new) is based on the 0-100 paradigm. Shows you top applications that affect your performance over the last 14 days. Overlays crash data over the usage of each app and the number of devices that are using this app. This let's you focus on the top applications that are impacting productivity. Conditional access Conditional access enables zero trust access control where identity is the parameter and all endpoints are treated equally regardless of the network that they attach to. Customers are telling Microsoft that they have some legacy applications that are simply not ready for modern authentication and conditional access. "Microsoft Tunnel is a mobile access gateway. Microsoft Tunnel is a vpn gateway to allow your iOS and Android users to access apps and on premise resources using modern authentication, single sign-on (sso) and conditional access." Microsoft Tunnel is a mobile access gateway to take care of this. Microsoft Tunnel is a vpn gateway to allow your iOS and Android users to access apps and on premise resources using modern authentication, single sign-on (sso) and conditional access. This is setup by the IT admin. There are three main steps. Configure the gateway Deploy VPN profile for Tunnel Deploy Edge and Tunnel apps for these devices You can find this new functionality under Tenant Administration in the Endpoint Manager console. Key takeaways Recommended reading Working from home - the new reality Introducing Microsoft Tunnel Microsoft Productivity Score https://adoption.microsoft.com/productivity-score/ Endpoint Analytics https://docs.microsoft.com/en-us/mem/analytics/overview Microsoft Endpoint Manager https://endpoint.microsoft.com
  19. ok i've connected to your lab just now and fixed the internal issues, basically to summarize your internal lab was not following my lab setup, and you had DNS configured incorrectly, so your srv0001 server (dc01) was 192.168.3.1 or something, when it should have been 192.168.11.101 and so on, so when i pinged from the sccm server to the dc it replied back with 192.168.3.1 (or whatever ip it was, i forget), in addition, your webserver had ip address of 192.168.11.100 so it was not going to work, ive fixed dns by deleting the stale entries, and manually configuring the ip on the dc and on the sccm server and lastly disabled ipv6 on all 3 servers, rebooted them, and verified all could ping each other, that's the first thing you need to have working before trying anything else, don't reuse labs from something else, they will break, always build labs from scratch as per the offered guide, then it will work 100% lastly, i confirmed that your smoothwall was configured correctly, it looked ok, then i checked port 80 on your internet ip address with canyouseeme.org and it didn't work, that means that more than likely your internet provider or router/adsl/whatever is blocking port 80, so please check that
  20. Since Certs are not inventory by ConfigMgr, you will not be able to query on cert templates either.
  21. thank you is there a way to create a query base on certificate template ?
  22. Hi, We have this behavior when upgrading the Config Manager client and i'm just curious if someone recognizes it and dealt with it before. This is what happens; After a Client upgrade of the Config Manager client to 1910 some desktops fall into sleep mode, they shouldn't because their powersettings are set with Collection based power scheme. If you reboot the device everthing works again. With the upgrade to 1810 i noticed something similiar, client temporary unaware of settings, with surpressed reboots for workstations on the Deployment of Software Updates. These devices had pending reboots and rebooted directly after the upgrade of the client. It was not supressed at that time. The upgrade of the client is done via the build in Pre-production Client Deployment collection. I'm now thinking of another approach next time. Create a custom deployment of the CCM client with triggered communication between client and server. But you'd expect this as something default... Is there a way to prevent this?
  23. There are no built in inventory task for Certs and therefore no reports for this either.
  24. hi is there a way to find/display specific certificate that is on client side is there and rdl for the sccm report server ? can i see the certificate in resource explorer ? roni
  25. Thank you. Personally, I can't see anything of note in those logs. The only relevant clue is in Windows application logs, which record the installer's executable crashing: Exception code 0xc0000005 is a memory violation, and the exit code in AppEnforce (3221225477) seems to mean the same thing. I'll speak to the developers, but it's just strange how this only happens when triggered automatically. All these logs are from a VM with Windows 10 1909, and no software installed. The only antivirus is Windows Defender, which I disabled by local Group Policy. AppLogs.zip
  26. Hi. What does your Format and Partition Disk task sequence step look like?
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...