Jump to content


Established Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


glen8 last won the day on July 21 2011

glen8 had the most liked content!

Community Reputation

3 Neutral

About glen8

  • Rank
    Advanced Member
  1. Hi Everyone, We have not looked into bitlocker before but would like to start encrypting our laptops. There is SCCM 2002 already in place and configured for PKI. I've added the bitlocker feature to SCCM and packaged up the MBAM deployment scripts. During the OSD task sequence it's coming up with 0x0000001 during the powershell command phase. Running this manually from F8 it's showing 0x803d0013. The event logs on the SCCM server / MBAM has this: An error occurred while adding volume information to the Recovery database. Details: Cannot insert the value NULL into c
  2. Did you ever figure this out? I'm really struggling with getting the keys passed back into the DB from the task sequence. AD is fine, just the DB is empty. Thanks
  3. Thanks very much, In nearly every guide I've read on IBCM, there is only ever the mention of creating the certs yourself. I did wonder if you could mix a 3rd party certificates on the server, with internal ones for clients. Now I know you can, we'll get one ordered and installed.
  4. Hi Everyone, We have an SCCM CB IBCM server within our DMZ serving up updates for our internet based laptop users. Today we ran an external vulnerability scan to health check the security of our network. The report flagged up a red mark against our IBCM server due to not using third party certificates. "Due to using an internally generated certificate the server is unable to verify it" or words to that effect. I'm sure I'm correct in saying that each an every client much have a unique certificate for SCCM to work, and using a third party cert would be incredibly expensive if we h
  5. Think there is a bug with the latest CU update on servers which have the hyperv role installed (which mine does)
  6. Hi All, I have just built a new server from an SCCM task sequence. Something isn't right with the windows updates. It looks like it's got some updates, but not the latest one. also, we are unable to rdp to the server due to a credssp error (I think it's because its missing an update). The SCCM deployments do actually contain this months update, but it's not on the server. Help!!!
  7. Thanks Andy, Just managed to get it fixed. Stumbled across a similar post on technet. I had to tick the "allow anonymous access" on the DP. It's super fast now. It seems for whatever reason the MDT toolkit package takes ages with this unticked. Even the MS engineer who initially found the fix was stumped as to why.
  8. Hi Everyone, This is such a pain!!!! We have an old physical server running Windows Server 2008 R2 with an old SCCM install on it. Working great and OSD takes about 45mins, but we need a new one to support Windows 10. We have built a new SCCM server on Windows Server 2016 running SCCM 1710 (latest updates, ADK, MDT etc etc). This server has way more CPU and RAM than the old one, and using it is super fast. The only issue is with imaging new machines, booting from PXE. We have ensured the HV server has the latest nic drivers, disabled virtual machine queues, set TFTP window a
  9. ok, ill open port 445 and watch on the firewall for traffic thanks for your help
  10. How would the certificate server (lan) update the crl point (dmz)
  11. If I modified our root CA to include a new CRL DP pointing to the SCCM server already living in the DMZ, what ports do I need to open between the certificate server (LAN) to the DMZ? This is something the network team don't like doing though (opening ports I mean) also, how do I quickly and easily get all clients to renew their certificates?
  12. Hi Everyone, We are managing clients on the LAN, DMZ (Domain joined and workgroup) and Internet. Currently everything is running over SSL and we have only enabled the correct ports for SCCM between our DMZ and LAN. There is one niggle though. Currently there is only one root CA server with no subordinates. Obviously this server is not accessible from outside of the LAN. Due to this, CRL checking has been disabled for clients and 443 IIS management sites on both the primary sccm server and an additional site server living in the DMZ. Microsoft say this on their website:
  13. Hi all, I have built a site server in the DMZ running (MP, DP, SUP) which uses an RODC and is for deploying software updates to both internet clients and clients within the DMZ. There are two additional servers in the DMZ. One is domain joined and is working great, the second is on a workgroup. I have created and deployed workgroup certificates and everything seemed to go ok. I installed the sccm client on the workgroup server using these switches: ccmsetup ccmhostname:extservername.domain.com SMSMP:extservername.domain.com SMSSITECODE:XXX CCMALWAYSINF=1 SMSSIGNCERT:RootCertif
  14. Hi all, I have put a site server in our DMZ running DP, MP and SUP so we can update clients across the internet. It all looks like it's working, but I have noticed in the windowsupdate.log that when the client is on the internet it is pulling the updates down from a microsoft location. When it's back on the internal network, it switches over to the site server fine. The auto deployment rule does allow content to be pulled from the internet. I'm just wondering if a client on the internet uses the microsoft location as it's primary source rather than the DMZ server? also, a lot
  • Create New...