Leaderboard

Thanks for your guidance, it is a very helpful! I did all the steps on my test infrastructure, though I had a reduced set of virtual machines. It seems to me that there is an error in section 5 (maybe my comment will help other people) You suggest to execute the command: certutil -f -dspublish "E: \ ROOTCA_windows noob Root CA.crt" RootCA Where RootCA , as you write, is the host name of offline Root CA, however certutil helps us: CertUtil [Options] -dsPublish CertFile [NTAuthCA | RootCA | SubCA | CrossCA | KRA | User | Machine] ... CertFile - certificate file to

Hi, I reviewed the Task Sequence (for which thanks a million!) and I believe the reason for 'error 87:parameter is not correct' in two of the steps you disabled for the time being is the wrong dism parameter: DISM.exe /image:%OSDisk%\ /Set-UILanguage:%OSDUILanguage% that should be-> DISM.exe /image:%OSDisk%\ /Set-UILang:%OSDUILanguage% Similarly Set-UILanguageFallback should be changed to Set-UILangFallback. I did not have enough time to test that one myself yet but according to DISM documentation Set-UILang is the parameter name that exists.

I was able to Solve my authenticate issue. While running the site install Powershell script, I had to give the group names as the Pre-Windows 2000 as they differed slightly.

I can definitely confirm that this guide works. In truth, there aren't many alternative ways to install this, just a few. But it would be practically the same with hopefully the same result. Do not install the PKI on DC and for simlpe deplyoments forget the OID and use the standard one.

Make sure the MW is ENABLED. If you have these configured, but the checkbox is not checked, the MW is disabled and ignored. I was able to find this by running this report : Monitoring=> Overview=> Reporting => Reports =>Software Distribution -Collections => Maintenance windows available to a specified Client Here I saw that the MW was DISABLED, et voila, I had the explanation why my clients ignored the MW.

This first thing you are going to what to do is understand where the data that you want existing within CM. These two links will help you with that. https://docs.microsoft.com/en-us/mem/configmgr/develop/core/understand/sqlviews/software-updates-views-configuration-manager https://www.informit.com/store/system-center-configuration-manager-reporting-unleashed-9780134466811 .

this site will show you how to create the .ISO then use rufus to put the .iso on boot media.. I use USB drives http://www.sccm.ie/configure-sccm-2012/17-create-a-boot-image-for-os-deployment-without-pxe-environment

Introduction This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1902 as of April the 10th 2019. I blogged how to upgrade to 1902 here. This guide is aimed a new installations of SCCM. Baseline media is used to install new ConfigMgr sites or to upgrade from supported versions, for more information about baseline media please see my blog post here. This series is broken down into the following parts:- Part 1 -

Introduction This is part 3 in a series of guides about cloud attach in Microsoft Endpoint Manager, with the aim of getting you up and running with all things cloud attach. This part will focus on creating a Cloud Management Gateway (CMG). This series is co-written by Niall & Paul, both of whom are Enterprise Mobility MVP’s with broad experience in the area of modern management. Paul is 4 times Enterprise Mobility MVP based in the UK and Niall is 10 times Enterprise Mobility MVP based in Sweden. In part 1 we configured Azure AD connect to sync accounts from the on premise infrast

Introduction This is part 2 in a series of guides about cloud attach in Microsoft Endpoint Manager, with the aim of getting you up and running with all things cloud attach. This part will focus on preparing your environment for a Cloud Management Gateway (CMG). This series is co-written by Niall & Paul, both of whom are Enterprise Mobility MVP’s with broad experience in the area of modern management. Paul is 4 times Enterprise Mobility MVP based in the UK and Niall is 10 times Enterprise Mobility MVP based in Sweden. In part 1 we configured Azure AD connect to sync accounts from

This series is comprised of different parts, listed below. Part 1 - Introduction and server setup Part 2 - Install and do initial configuration on the Standalone Offline Root CA Part 3 - Prepare the HTTP Web server for CDP and AIA Publication Part 4 - Post configuration on the Standalone Offline Root CA Part 5 - Installing the Enterprise Issuing CA Part 6 - Perform post installation tasks on the Issuing CA Part 7 - Install and configure the OCSP Responder role service Part 8 - Configure AutoEnroll and Verify PKI health (this part) In part 1

awesome to hear it ! spread the word 🙂

Yeh whilst an option i just decided to go the destroy way so we have packages to remove all the unneeded software and as mentioned above modified the office install to attempt to remove office whilst also supressing error codes. PSAPPDEPLOY code is Execute-Process -Path "$dirFiles\setup.exe" -Parameters "/CONFIGURE remove.xml" -ContinueOnError $true -IgnoreExitCodes '*' and remove xml is below - not sure i need the remove all true whilst also calling out products but the reality sometimes doesnt match the documentation with Microsoft <?xml version="1.0"

Awesome, I'm glad to hear it ! now make sure you check out the rest of my guides 🙂 There is plenty to learn (such as PKI, Tenant Attach, Bitlocker Management and more)

actually everything is now working! your guides worked perfectly, i just needed to back and understand and re-read the scripts! I am new to SQL so my understanding of media, service accounts etc was very very small. After using updated ssm18, new CU22 update, and making sure i am using the domain specified account mentioned my script.....Config Mgr passed with NO errors. Genuinely appreciate the time you dedicated into your guides, respect. -

Yes, 66 and 67 must be set to see the actual situation of the device When the number of VLANs is relatively small or when the switch setting does not support ip helper, You can set a distribution point for each vlan to solve the OSD problem.

@dreddric it's done now see >

i presume the collection is setup using a query, can you share the query so we can see what you are looking for... also, have you checked that the computer is actually present in that specific OU prior to ending up in the collection ?

That is cuz you are one crazy awesome dude Niall!!! Still have my fingers crossed that we get to have that drink this summer!! Waiting to find out if we are still going to have our CTG Summit in August! 🤙

if i had a vote left Marc i'd vote for it, did you tweet it yet ?

Added this a week ago: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/40637050-provide-support-for-bitlocker-management-with-ibcm It could use some attention and more importantly some votes! 🤙

Having your Bitlocker Management keys stored on your on premise database (ConfigMgr) is an asset to many customers, and also gives you time to migrate to Intune and see the different ways it can manage your recovery keys, you could create an Azure web app proxy to connect back to the on-premise server handling the requests.

Hi Niall, I'm currently running MECM 2002 and I have followed your guides but I want to use the bitlocker encryption certificate so I have followed the Microsoft documentation. I have created the cert but I get and error when trying to produce the policy in MECM. The error is Plain text storage of recovery information required when the Bitlocker Management encryption certificate has not been deployed. Where do I have to deploy it too? I have two management points both on prem one is an IBCM both using HTTPS. Thank you EDIT: I had the policy open while I created the cert. Clo

Hi, i hope you didnt take that as a bad vibe. Im just unexperienced and learning sccm now. And since i cant copy paste on the server and also want to understand most of the things i just do it manually

Hi Martinez, if you are running a Proxy server in your environment run these command on your Management Point in an admin cmd. netsh winhttp set proxy proxy.fqdn:port "<local>;*.fqdn" bitsadmin /util /setieproxy localsystem NO_PROXY bitsadmin /util /setieproxy localsystem proxy.fqdn:port "<local>;*.fqdn" iisreset I was struggeling with the same problem for a long time. The IIS server has some serious problems when the IEProxy for local system is configured with AUTODETECT. That can result in various errors in Config Manager. The settin

Turns out no Software Update point is needed, just needed to add an Operating System Upgrade package and point it to the CORRECT folder...

Hello Shashi, you're very welcome and stay safe yourself too. So long Peter

I tried this. There was no change.

Make sure you have a valid certificate bound to your IIS default site for the Distribution Point.

yup, for anyone wondering, in part 4 of my series you'll see how to do this silently, https://www.niallbrady.com/2019/11/13/want-to-learn-about-the-new-bitlocker-management-in-microsoft-endpoint-manager-configuration-manager/

are all packages failing to get to the dp ? or only some packages ? i'm confused about you mentioning PXe, what has that to do with packages getting to the dp, you need to fix the packages getting to the dp first and then concentrate on your other issues

you need to provide more detail about this distribution point, was it ever working ? have you tried to reinstall the DP role on this server ? you mention 'during the reimage of the device' what do you mean by that ?

did you look at your logs ? there are some errors in there, i've highlighted one for you

have you seen this yet ? https://techcommunity.microsoft.com/t5/configuration-manager-blog/cloud-management-gateway-addressing-common-challenges/ba-p/1351262?utm_source=dlvr.it&utm_medium=twitter

To answer your questions directly about one or two SQL instances for WSUS. Is that it will cause conflicts between the two WSUS Servers if they share a db. Aka if some deploys an software update (SU) on WSUS, it will get installed on CM clients too (outside of CM control). From the CM standpoint, CM will change that products and classifications existing within WSUS, including declining SU too. Thereby stopping any WSU deployment of that SU.

This will not be supported and you WILL have problem when you manage WSUS outside of SCCM for non-SCCM computer. There is NO problem having WSUS installed on the CM server with its own clean db.

Start with a Clean WSUS server using full SQL server.

you can use these guides to get going for server 2016 see below for server 2019 see below

you don't want to use an existing WSUS server. You want a fresh one that is use SQL database not WID.

Hi - link to the scripts.zip file no longer seems valid. I'm looking to do this can someone provide the link to the files? All sorted - Login first!! What a dummy!

Solution:

Hi all - The title states it all, really. I have created and been maintaining my site's SCCM environment for the past 9 years, with no training or aid beyond what I have gained from reading information presented by a number of patrons of this site and similar (Niall Brady, Garth Jones, Anoop Nair, and Mikael Nystrom to name some), and I was wondering what options there are for gaining some accreditation. I am based in the UK, in case this removes some options from the list!

You can import the module by exploiting the environment variables to keep it less static. Import-Module -Name "$(split-path $Env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1"

Updating the boot media and redistributing the content to the DP after it was configured properly for PXE did the trick for me. Thanks for the tip.

Have you set up boundaries and boundary groups and made sure you've added your server in the Content location box?

On the SCCM Side, You can follow this guide to extend the schema For the rest, we have used SCCM and VMware clusters alot and find very few issues with them once you get teething issues out of the way, this includes things like vlan's/trunking etc. it can be a pain especially if your using the newer Nexus V1000 vSwitch for vSphere.. basic things i assume you'll sort out when thinking logically about it.... We separate our SCCM Central Servers from DP's as this is going to cause you alot of traffic, for our first deployment we have a couple of DP's sitting beside our SCCM Provider to

they are not there because they have been removed, see https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures

First off SW inventory is NOT reliable, you should be using CI for this. Secondly, if your SW inventory runs for more than 4 hours it will NEVER send up update results. Yes is it very common for SW inventory to run for more than 4 hours runtime (not real time). Third did you review the inventoryagent.log file to see how long it takes for SW? Did it complete? Are you sure?