Jump to content


All Activity

This stream auto-updates     

  1. Today
  2. Hi, i hope you didnt take that as a bad vibe. Im just unexperienced and learning sccm now. And since i cant copy paste on the server and also want to understand most of the things i just do it manually
  3. Seems to have been an AD admin starting Client FW by accident via GPO´s But would be good to know if anything changes Windows FW wise if Remote Control is enabled on the clients.
  4. Hello Peter, No proxy involved, but thank you for suggesting this. There is one more thing though thay I have spotted, there are old objects in AD System Management from previous SCCM infras (2007 & 2012), the MP publishing records were never cleand in the decomm process. I need to clean this up and try again. Also, planning to install HFRU to MECM 1910.
  5. Yesterday
  6. sure it will work, but you might have to do additional tasks, i will modify the two parts that refer to this and point out that if you don't run the PowerShell script to automatically create users and ou's, that you'll have to do that manually otherwise other steps may prompt errors. I already tell users to manually create the users, but i didn't mention to manually create OU's, i just assumed they would understand that based on the screenshots, I'll update it. thanks for your two cents.
  7. Hi all, We don´t use the Windows Firewall at the moment. I enabled the Remote Tools feature in the ConfigMgr client. Does this start the Windows Firewall, all clients now have Windows FW enabled. Regards Niklas
  8. Last week
  9. Hi Martinez, if you are running a Proxy server in your environment run these command on your Management Point in an admin cmd. netsh winhttp set proxy proxy.fqdn:port "<local>;*.fqdn" bitsadmin /util /setieproxy localsystem NO_PROXY bitsadmin /util /setieproxy localsystem proxy.fqdn:port "<local>;*.fqdn" iisreset I was struggeling with the same problem for a long time. The IIS server has some serious problems when the IEProxy for local system is configured with AUTODETECT. That can result in various errors in Config Manager. The settings above also fixed my installation errors for MDOP Bitlocker and Cache Server for delivery optimization. So long Peter
  10. Sorry, I don't know how to read the logs. I put the mtrmgr.log file in pastebin. https://pastebin.com/Su1pZ5vL https://pastebin.com/Su1pZ5vL
  11. Have you confirmed that the Rules are collecting results on a computer by reviewing the log mtrmgr.log? Until you do this step it doesn't matter how old the rules are.
  12. i feel your pain, if you'd like to pm me some numbers of users affected i can ask Lenovo Engineering to take a look cheers niall
  13. I know this is a really old thread... but I'm struggling here trying to test this out. For our initial Windows 10 deployments, we are using an English (en-us) image and we install language packs offline and use the unnattend to set the language. Now we're trying to upgrade them using feature updates in SCCM and the method described here. However, when I deploy the Feature Update to 1909 (en-us) to these machines, they do not show in Software Center. On the monitoring of the deployment, it shows that they are compliant (even though they are still 1809). If I deploy it to an English machine, it shows up in Software Center to install. Microsoft has told me that it shows compliant because the language of the feature update is English, but the machine is in Spanish. In using this method, do we have to deploy each language-specific feature update? Or should we be able to deploy English and have the LP stuff local on the machine with the setupconfig file? Why has MS made multilanguage for enterprises so difficult?!?!
  14. Hi everyone, I hope that someone may be able to shed some light on this topic. We've been getting reports from users who have a specific model that see spikes in CPU activity on 100% when the quick scan from Windows Defender starts. The notebook gets practically unusable in the next 10-20 minutes because of a huge lag in responsiveness. I've noticed that even though Defender will report the scan as finished, the sluggishness continues for several more minutes and finally ends after some time. The odd thing is that this is widely reported only on a specific model from Lenovo (ThinkPad P1 Gen2) We are using SCCM 1806 and Windows 10 1809 The CPU usage for the antimalware scan is limited to 30% by SCCM and the usage stays around this number, but the scan causes other processes to spike We've noticed the scan to cause other processes to spike: Skype for Business, Windows interrupts (this struck me as quite odd), Chrome, IntelliJ and others We've tried excluding the whole drive from the scans - still happens We've tried excluding some processes used daily by some users (browser, development IDE, etc...) - still happens Updated everything from the Lenovo System Update tool 2-3 weeks ago with one user - still happens Windows event log shows nothing of value I was not able to find anything in EndpointProtectionAgent.log that would indicate an issue What is really confusing to me: Out of all devices, only some users with P1 Gen2 models are reporting this issue Some users experience this on a daily basis, while others have seen it only a handful of times in the past several months The spike of CPU load for System interrupts in some cases leads me towards a possible driver issue, but I cannot pinpoint what exactly I was not able to find any relevant information in the event viewer. The log files at C:\ProgramData\Microsoft\Windows Defender\Support do not seem much of use as well. I was not able to find information on the path of the scanned items or a way to produce a log with increased verbosity that is in readable format. Is there any way we can troubleshoot this further with more details and pinpoint the exact cause of this problem?
  15. Has it been 30 days since you created those rules? That report will take time to populate.
  16. Yes, I have, the pasted error above is from the re-installation attempt. One one I have uninstalled completed, and now it doesn't want to install at all. Yes, the client receive the auto-enrollment cert via group policy. Also tried to delete it and refresh policies, cert appears, but on agent reinstallation attempt it fails.
  17. have you tried reinstalling the configmgr client agent on some of the problem devices? have you also verified that the clients have received the certificate(s) from your group policy ?
  18. Hello, We are on SCCM CB 1910 since end of January [WS 2016], single primary site and 20+ DPs. Last week, we have moved to PKI based certificates, all required cert templates are in place, GPO; Two new certs were also requested on every site system with IIS role, reconfiguration of MP to HTTPS, IIS bindings on every site system plus additional IIS config on SUP, certs imported to DPs. On Primary site I haven't switched to HTTPS only, yet, due to issues with PXE (resolved now). I have check all the configuration as per the guides ohere on wn and recordings of Justin from PatchMyPC on yt, all matches. The problem we have is that out of 3600 computers, approx 85 % switched to PKI, rest is on self-signed, as one of the consequences, they do not install software updates. I have tried deleting it and requesting new certs [Workstation authentication], checking if these systems have access to CRL list [they do), it they can open https://MP.FQDN site (they can), IIS reset on MP, CCM agent reinstallation with mp:https:// command, but nothing changes. ClientIDManagerStartup:[RegTask] - Client is not registered. Sending registration request for GUID:RegTask: Failed to send registration request message. Error: 0x87d00231 RegTask: Failed to send registration request. Error: 0x87d00231[RegTask] - Sleeping for 480 seconds ...CCMMessaging.logSuccessfully queued event on HTTP/HTTPS failure for server 'MP.FQDN'.Post to https://MP.FQDN/ccm_system/request failed with 0x87d00231. Failed to open to WMI namespace '\\.\root\ccm' (80041003) Failed in WinHttpReceiveResponse API, ErrorCode = 0x2f78 [CCMHTTP] ERROR: URL=https://MP.FQDN/ccm_system_windowsauth/request, Port=443, Options=480, Code=12152, Text=ERROR_WINHTTP_INVALID_SERVER_RESPONSE [CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText= Raising event:instance of CCM_CcmHttp_Status{ClientID = "GUID:xxxxx";DateTime = "20200602111635.355000+000";HostName = "MP.FQDN";HRESULT = "0x80072f78";ProcessID = 4904;StatusCode = 0;ThreadID = 7160;};CcmMessaging 6/2/2020 4:16:35 AM 7160 (0x1BF8)LocationServices.logFailed to send management point list Location Request Message to MP.FQDN4 assigned MP errors in the last 10 minutes, threshold is 5.Current AD site of machine is AD-SITE LocationServicesCurrent AD site of machine is AD-SITE LocationServicesAssigned MP error threshold reached, moving to next MP. CCMSetup.logFailed in WinHttpReceiveResponse API, ErrorCode = 0x2f78[CCMHTTP] ERROR: URL=https://MP.FQDN/ccm_system/request, Port=443, Options=480, Code=12152, Text=ERROR_WINHTTP_INVALID_SERVER_RESPONSE[CCMHTTP] ERROR INFO: StatusCode=200 StatusText=Raising event:instance of CCM_CcmHttp_Status{ClientID = "GUID:xxxxx";DateTime = "20200602103445.016000+000";HostName = "MP.FQDN";HRESULT = "0x80072f78";ProcessID = 2972;StatusCode = 200;ThreadID = 8076;};Failed to submit event to the Status Agent. Attempting to create pending event. Raising pending event:instance of CCM_CcmHttp_Status{ClientID = "GUID:e2ea64fd-5790-4d63-99ba-24c870cf2387";DateTime = "20200602103445.016000+000";HostName = "MP.FQDN";HRESULT = "0x80072f78";ProcessID = 2972;StatusCode = 200;ThreadID = 8076;};Successfully submitted pending event to WMI. Failed (0x80072f78) to send location request to 'MP.FQDN'. StatusCode 200, StatusText ''Failed to send location message to 'https://MP.FQDN'. Status text '' GetDPLocations failed with error 0x80072f78 Failed to get DP locations as the expected version from MP 'https://MP.FQDN'. Error 0x80072f78Failed to find DP locations from MP 'https://MP.FQDN' with error 0x80072f78, status code 200. Check next MP. Only one MP https://MP.FQDN is specified. Use it.Have already tried all MPs. Couldn't find DP locations. The computers on self-signes are Windows 10 (1809), WS2008R2, 2012 R2, 2016 and 2019, across different sites. At the same time, other computers with the same systems and locations are on PKI. I am running out of ideas what else I can try/configure to sort this out. Any help is appreciated. Thank you.
  19. Turns out no Software Update point is needed, just needed to add an Operating System Upgrade package and point it to the CORRECT folder...
  20. Hi there, In years previous we've always created a new image with the latest updates and programs, but as we're not installing anything new, we wanted to deploy the windows 10 2004 update out to the machines. We aren't using a Software Update Point so i was wondering if there's anyway to accomplish the upgrade without needing this server role? Our Sccm server is updated to the latest version. Thanks for any guidance/advise.
  21. Introduction Microsoft recently release the mother of all Technical Previews, TP2005 with so much amazing cloud friendly content, and in this blog post I want to look closer at task sequence media support for cloud-based content. Here are the instructions for getting it going (and of course you’ll need a working CMG before starting this). Enable the following client setting in the Cloud Services group: Allow access to cloud distribution point. Make sure the client setting is deployed to the target clients. For more information, see the following articles: How to configure client settings About client settings – Cloud services For the boundary group that the client is in, associate the content-enabled CMG or cloud distribution point site systems. For more information, see Configure a boundary group. On the same boundary group, enable the following option: Prefer cloud based sources over on-premise sources. For more information, see Boundary group options for peer downloads. Distribute the content referenced by the task sequence to the content-enabled CMG or cloud distribution point. Start the task sequence from boot media or PXE on the client. Ok once the above is done and you have distributed your content for your task sequence to your CMG, PXE boot a computer that will get an IP address that falls within the range defined for the boundary of your CMG. As you can see above, this IP address falls within the boundary of our CMG boundary. It will first download the policy of your task sequence(s) from the local management point (not the CMG), but as soon as you start the task sequence and it needs to download content, you’ll see messages within smsts.log revealing this provided that your task sequence content is indeed on the CMG. Look for lines that read Found location https://<YOURCMGNAMEURL>/downloadrestservice.svc... and IsCloudDP = 1, PreferCloudDPOverOnPrem=1 later it starts downloading the content !, noticed that the prioritized location is your CMG including drivers…(much slower than downloading from a local distribution point though…) then downloads and installs the configmgr client agent, again from your CMG Now isn’t that awesome ! cheers niall
  22. Introduction Configuration Manager technical preview version 2005 is out and here’s a look at some of the features. This is one amazing release, so many great features ! Tenant attach: Install an application from the admin center You need the following setup.. Enable the optional feature Approve application requests for users per device. For more information, see Enable optional features from updates. At least one application deployed to a device collection with the An administrator must approve a request for this application on the device option set on the deployment. For more information, see Approve applications. User targeted applications or applications without the approval option set don’t appear in the application list. In the Admin center, locate your device and click on Applications. If your application matches the pre-reqs above then it should be listed. Click the app will bring up options to Install or Retry installation. In addition, it will list the status of whether it’s installed or not. After clicking Install the app should install (or display an error if something went wrong). Totally awesome ! read the rest > https://www.niallbrady.com/2020/05/30/microsoft-endpoint-manager-configuration-manager-technical-preview-version-2005-is-out/
  23. Do you have any custom script to add/modify Remote Tools in default client settings. I am looking and trying to create custom client settings with selected settings like Remote Tools, Hardware Inventory etc., Please help on this
  24. Hello, Wonderful article with detailed information however; I got one small question, how do you import IIS and DP cert in Core OS DP? I am building Core OS DP and MP and not able to import cert in it yet. Have tried remote MMC since there is no native MMC into core OS. Any recommendations?
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...