Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. The issue I'm describing is VERY FRUSTRATING. We are decommissioning a proxy server yet our firewall is still showing windows 7 computers hitting the proxy server. Here are the steps that I've taken and what I've looked at on one of the computers in question. DESELECTED "Automatically Detect Settings" Set "Use automatic configuration script" to reference the CORRECT proxy server that is currently in use DESELECTED AND CLEARED the entry under the "Proxy Server" entry for "Use a proxy server for your LAN......" Fields are blank and UNCHECKED Edited the registry and removed ALL references to the proxy server that we DO NOT want to reference (the one being decommissioned) both IP address and the hostname that references the proxy server. Changed the one installed application to point to the correct proxy server. Flushed the DNS cache on the workstation. With ALL these steps taken, can someone tell me where to look or tell me why the machine is still trying to reach out to the proxy that we're decommissioning?
  3. Still no resolution to this but it appears that the desktops have been upgraded to SSD. Could this affect deployments? Microsoft have been looking at the server and they are saying its all running OK. Bitsadmin shows that jobs have errors, clearing the bits jobs /allusers then clearing the CCMCACHE they start again and deploy correctly.
  4. Great article, very clear! One thing I`m wandering, is it possible to block devices which don`t use WIP? I have been playing with WIP, but Windows 10 (and older) devices are still able to access all the files even if they don`t use WIP. So I`m looking for some setting/ policy to force WIP. Thanks!
  5. Hello. I have DPM 2016 and SQL 2012. I add new bases, then i change available group to add this bases in backup, DPM doesnt't see their. How i can add this SQL bases to backup? Of course i made "Refresh" Thak you.
  6. Last week
  7. Hi all, Just wanted to post the resolution to this... Stage one: upgrade BIOS that supports the TPM FW Switch feature However when flashing the bios the process needed to shutdown afterwards to complete so I added into the TS a shutdown command whilst in WinPe, but inbetween that I displayed a message to the PXE booter informing that this will happen to then re-run the task sequence: The group only ran if the model was correct and the BIOS version was out of date: Then once the BIOS was flashed, the instructions to the engineers were to re-run the task sequence again and obviously this time it skipped the BIOS upgrade as the WMI query was no longer valid, as the TPM chip defaulted to 2.0, I had to set the chip to 'Enabled' then change to 1.2 and then set the security chip to 'active' in that order, now I'm not sure if all of the reboot steps are required but the reboot after the TPM switch is 100% required, here's the steps in order: Sources: BIOS Tools package: https://support.lenovo.com/ec/en/solutions/ht100612 Display message in WinPE (you have to add the 'Use Toolkit Package' before running this): https://blogs.technet.microsoft.com/deploymentguys/2011/07/01/message-box-script-for-lite-touch-task-sequences/ Now you cannot change the TPM version using the above tools as Lenovo purposely disable changing it via WMI due to security concerns, so there's a utility to change this: https://pcsupport.lenovo.com/ec/en/products/DESKTOPS-AND-ALL-IN-ONES/THINKCENTRE-M-SERIES-DESKTOPS/M810Z/downloads/DS121000 (download the BIOS Windows BIOS setting tool), documentation is attached in the tool to help you. I'm sure there might be a way to streamline the above but this worked for me and the client. Hopefully this might help someone in the future.
  8. I've found browsing https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-scanstate-syntax That there is a TS variable you can utilize to run command line options OSDMigrateAdditionalCaptureOptions However, I cannot figure out how to utilize the following command to modify my Capture User State Task Sequence The scanstate switch below is what I want to add into my TS so that it captures the installed application registry settings. The goal is to prevent having to manually configure some of the software for each user. /apps scans the image for apps and includes them and their associated registry settings Any help would be great
  9. Are you using the right KMS client key on your Win10 machines to activate them on the right version? https://technet.microsoft.com/en-us/library/jj612867(v=ws.11).aspx
  10. Not sure if i am in the right sub-forum, but i`ll give it a shot. I`ve updated our KMS server with the Windows Srv 2012R2 DataCtr/Std KMS for Windows 10 key from our VLSC site, and the clients have been set the KMS key in advance for Win10 enterprise. I noticed that when doing slmgr.vbs /ato on the windows clients, they activate, but the version of Windows changes from Enterprise to Pro. Any ideas or input would be greatly appreciated. Thanks
  11. hi we are deploying Windows 10 v 1607 (and v1703) just fine with ADK 1703, don't be afraid to move to the new versions, there's lot of benefits
  12. I have created a Kiosk Package for our environment however can't get the PC's to accept the package and go into Kiosk mode. I have tried several different how to's but none of them seem to work any ideas?
  13. Looking to upgrade current SCCM environment from 1610 and skip over 1702 going directly to 1706. Current Configuration Below SCCM Current Branch 1610 ADK 1607 MDT 8443 Actively Deploying Windows 10 1607 and light Testing with Windows 10 1703 deployments. Looking at current support docs it looks like ADK 1607 is not compatible with SCCM Current Branch 1706. https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/support-for-windows-10 However, it is recommended that if you are actively deploying Windows 10 1607 via OSD that you stay on ADK 1607. Trying to determine what are the best steps to upgrading without breaking the OSD/Task Sequences environment. 1. Should I only upgrade the environment to SCCM 1702 Current Branch and stay on ADK 1607 till our Client team(handles OSD) is comfortable moving to Windows 1703 Deployments? The article above says SCCM CB 1702 is backwards compatible for ADK 1607. 2. Or is it recommended, even though we are still actively deploying Windows 10 1607 for Prod, to upgrade the ADK to 1703 and then move to SCCM CB 1706? Trying to better understand, if the recommendation is to stay on ADK 1607 if you are actively deploying Windows 10 1607 in your environment, what are potential risks in upgrading to ADK 1703. 3. Final concern to list here is the what are the risks in upgrading to the either SCCM CB 1702 or 1706 as it relates to MDT 8443. What has the potential in breaking? Any info would greatly be appreciated. Just want to move forward with a better educated decision. I have been reading articles and going through forums to confirm potential risks but looking for a little advice based in the current environment setup.
  14. I think we found the problem a sitesystem was incorrectly set in the global assignment boundary group . I apologize
  15. Hi anyweb, no we dont use ip helper, the workstations to deploy are on the same subnet than the DHCP/DP server.
  16. has there been any change on the switch level, i.e. have iphelpers been configured ?
  17. SCCM clients rolling back components

    Hi I have a similar issue upgrading SCCM 2012 from client version 5.00.7804.1000 to the current branch client version 5.00.8412.1307. Also other machines their clients in the control panel "General", "Action" etc everything is showing blank and the console shows that the machines have been assigned to the correct Site Code but no client installed. Many posts out there point to WMI issues...Have you been able to resolve this? thanks
  18. Hi all, this is my first message here, hope you can guide me cause this driving me nuts for days ! config summary : SCCM 1702, 1 primary site, 2 MP , 800+ sitesytems ans DP Since few days, on some of ours DPs (windows 2008R2) we cannot PXE boot computer set up as UEFI, while it still boot for BIOS computers. We receive the following error : PXE-E16 No Offer received We have allready uninstall and reinstall PXE from scmm console, restart the server but same issue. Also tried to disable netbios over TCP/IP as seen on some forum with no change. The system seems to hang at "looking for bootimage <pkgID> , please see attached file. Any help would be much appreciated ! smspxe.log
  19. Good to know. And good point. The only change I made was the edit of the IPs to check, but I probably got a little ambitious by replacing the IPs with a DNS hostname. I'll try swapping it out with the IP. Thanks, == Matt Edit: Actually it looks like I messed up the wim injection. Disregard!
  20. Site problems today

    hi, this morning I performed a site upgrade (security update to version 4.2.4) which completed successfully (according to the upgrade process), except, it didn't. As a result, new users could not join, and people could not reply to posts or edit posts or start new posts, this affected users throughout Europe, Middle-East and Africa, but was resolved a few hours ago so US users probably didn't notice. I apologize for any inconvenience caused by this downtime, on the plus side, all blog posts (and other posts) were still readable during this time thanks to @hybrid (Peter) for fixing the problem this evening, cheers niall
  21. hi well this is not covering an upgrade, it's a clean install so please raise this as a separate topic, thanks
  22. Hi, All I wondering if anyone has seen this error before, if so is there a known fix for it, the strange thing is that the WSUS is working fine downloading updates, I see them in the WSUS console but once it finishes syncing and try’s to populate the SCCM SUP I get this error, this sever has been working for last 2 years with no issues then one day the error started showing up in the logs. Also the database is WID not SQL. Uninstalled Re-installed WSUS and SUP with the same results. So any help with this would be greatly appreciated. *** declare @Error int; exec spProcessSUMSyncStateMessage N'2017-09-13 15:25:48', N'LP2', N'{A9D53A25-27B9-41C4-8D6B-D894251BC4BE}', 1, 0, '81', @Error output, N'LP-SMS.**Domain Name** SMS_WSUS_SYNC_MANAGER 9/13/2017 10:25:48 AM 13636 (0x3544) *** [42000][8114][Microsoft] Error converting data type nvarchar to int. : spProcessSUMSyncStateMessage SMS_WSUS_SYNC_MANAGER 9/13/2017 10:25:48 AM 13636 (0x3544) Sync failed: SQL error. Source: SqlExec SMS_WSUS_SYNC_MANAGER 9/13/2017 10:25:48 AM 13636 (0x3544) STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=LP-SMS.legacycpas.com SITE=LP2 PID=12932 TID=13636 GMTDATE=Wed Sep 13 15:25:48.810 2017 ISTR0="SqlExec" ISTR1="SQL error" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 9/13/2017 10:25:48 AM 13636 (0x3544) Sync failed. Will retry in 60 minutes SMS_WSUS_SYNC_MANAGER 9/13/2017 10:25:48 AM 13636 (0x3544)
  23. I've got a lot more home based users coming in over VPN these days. Our VPN group wants to make sure that anyone connecting has all their updates. The problem is, our environment is ... slow. For users in the office it's not a problem. Updates are downloading in the background, they install when they're done. For people having their update compliance checked in the VPN client, this is a problem as they can't work until updates download and install. I could set up internet based client management by putting an MP/DP in the DMZ, but the networking group would rather the users disconnect and get their updates from Microsoft if possible rather than use our bandwidth. After reading this is page I was thinking about turning his problem into my solution, but I'm wondering if anyone else here has tried it? https://sccmcanuck.wordpress.com/2017/05/25/sccm-software-updates-a-lesson-in-humility/ If I'm reading this correctly, I should be able to do the following: Create a collection of the machines that need to pass the compliance check. Exclude that collection from my regular update deployment. Create a separate update deployment to them with the option checked for "If software updates are not available on distribution point in current, neighbor, or site boundary groups, download content from Microsoft Updates." Have the networking people set their VPN compliance check so that it disconnects them from the VPN if they aren't compliant. If I'm understanding the setting correctly, the client should go straight to Microsoft and download updates, even though it doesn't have access to a management point? Is that correct? Yes, I could just set it up and test it, but I'm hoping someone else has already gone through this. If
  24. So this month I'm still seeing new updates as not required by clients, when I know they are. I've eliminated what I thought was causing it last time (we had problems with the anti virus client on the main site server monopolizing processor time). Right now I'm manually downloading the updates I know I will need and adding them to the deployment package. Based on last month, I expect the required and installed fields for 9/12 to populate sometime tonight. Does anyone know if it's normal to have a 24-36 hour delay between the updates showing up in the catalog under All Software Updates and the Required field populating?
  1. Load more activity