yukis1

anyone?

Hi guys, I have been dealing with this issue for quite some time now with no luck! The setting: I have an intranet CM2012 server with all the roles installed on it - everything is working great! I deploy packages, installed software updates and etc... I also have a server located on the DMZ and I have a MP and DP installed on it to manage clients located on the internet. PKI was setup and everything is working great! Client located on the internet connect to the external MP, get new policies, download packages and etc... really nice! Now the issue. I want to be able to manage software updates on clients located on the internet. To make it happen I have installed a NON-Active SUP on the DMZ server. When I did that a new tab appeared on the 'Configure Site Components - Software Updates' wizard called 'Internet-Based'. I used this tab to configure the DMZ server as the Active Software Update point for clients located on the internet. This according to this link: http://technet.micro...nternetBasedSUP And thats not working :-( I have investigated it for quite some time now and from what I can see is that the internet client is simply not changing its policy to meet the new setting and connect to the SUP located on the DMZ server. It still tries to connect to the internal server. Have I done something wrong with the configuration? Should it work in the first place? Has anyone installed a setting like it and could give me tips? Thx!

Problem solved!!! The problem was that the 'CNG Key Isolation' Service was disabled. Setting the service to Manual solved the issue. I believe that the service is only used during the installation process - to create the Self-Signed certificate, and can be disabled after the installation. I've now disabled it, and will continue monitoring the server and report back with results.

Hi guys, I have been working on a new installation of SCCM 2012 in a DMZ environment which includes many servers that are not in the domain, part of a different Forest and etc… Most of the installation is doing great except some of the servers have very strict security policies. On those servers I have a problem when installing the client. When I install the client I can see it finds the site code (manually registered ‘hosts’ and ‘lmhosts’ files), but once the client is installed I have the following errors: 1. When looking on the client in control panel I see it has no certificate and the connection type is unknown 2. CertificateMaintenance.log on the client throws several errors: Failed to create certificate 80090020 CertificateMaintenance 30/05/2012 11:29:55 36952 (0x9058) CCMDoCertificateMaintenance() failed (0x80090020). CertificateMaintenance 30/05/2012 11:29:55 36952 (0x9058) Raising pending event: instance of CCM_ServiceHost_CertificateOperationsFailure { DateTime = "20120530082955.356000+000"; HRESULT = "0x80090020"; ProcessID = 36532; ThreadID = 36952; }; CertificateMaintenance 30/05/2012 11:29:55 36952 (0x9058) CCMDoCertificateMaintenance() raised CCM_ServiceHost_CertificateOperationsFailure status event. CertificateMaintenance 30/05/2012 11:29:55 36952 (0x9058) 3. ClientIDManagerStartup.log on the client also shows many errors: [----- STARTUP -----] ClientIDManagerStartup 30/05/2012 12:51:05 3604 (0x0E14) Machine: Server ClientIDManagerStartup 30/05/2012 12:51:05 3604 (0x0E14) OS Version: 6.1 Service Pack 1 ClientIDManagerStartup 30/05/2012 12:51:05 3604 (0x0E14) SCCM Client Version: 5.00.7711.0000 ClientIDManagerStartup 30/05/2012 12:51:05 3604 (0x0E14) Client is set to use HTTPS when available. The current state is 224. ClientIDManagerStartup 30/05/2012 12:51:05 3604 (0x0E14) 'RDV' Identity store does not support backup. ClientIDManagerStartup 30/05/2012 12:51:05 3604 (0x0E14) CCM Identity is in sync with Identity stores ClientIDManagerStartup 30/05/2012 12:51:05 3604 (0x0E14) [RegTask] - Executing registration task synchronously. ClientIDManagerStartup 30/05/2012 12:51:09 2556 (0x09FC) RegTask: Failed to get certificate. Error: 0x80004005 ClientIDManagerStartup 30/05/2012 12:51:10 2556 (0x09FC) Read SMBIOS (encoded): 56004D0077006100720065002D00340032002000320061002000390065002000610066002000660032002000620033002000610037002000630063002D0064003100200038006200200064003000200065003100200039003000200038003800200037006600200062003500 ClientIDManagerStartup 30/05/2012 12:51:10 2556 (0x09FC) Evaluated SMBIOS (encoded): 56004D0077006100720065002D00340032002000320061002000390065002000610066002000660032002000620033002000610037002000630063002D0064003100200038006200200064003000200065003100200039003000200038003800200037006600200062003500 ClientIDManagerStartup 30/05/2012 12:51:10 2556 (0x09FC) No SMBIOS Changed ClientIDManagerStartup 30/05/2012 12:51:10 2556 (0x09FC) SMBIOS unchanged ClientIDManagerStartup 30/05/2012 12:51:10 2556 (0x09FC) SID unchanged ClientIDManagerStartup 30/05/2012 12:51:10 2556 (0x09FC) HWID unchanged ClientIDManagerStartup 30/05/2012 12:51:14 2556 (0x09FC) RegTask: Failed to get certificate. Error: 0x80004005 ClientIDManagerStartup 30/05/2012 12:51:16 2556 (0x09FC) RegTask: Failed to get certificate. Error: 0x80004005 ClientIDManagerStartup 30/05/2012 12:51:18 2556 (0x09FC) RegTask: Failed to get certificate. Error: 0x80004005 ClientIDManagerStartup 30/05/2012 12:51:22 2556 (0x09FC) RegTask: Failed to get certificate. Error: 0x80004005 ClientIDManagerStartup 30/05/2012 12:51:26 2556 (0x09FC) RegTask: Failed to get certificate. Error: 0x80004005 ClientIDManagerStartup 30/05/2012 12:51:32 2556 (0x09FC)

Hi guys, I have installed SCCM 2012 RC2 on top of SQL 2008 R2 SP1 CU4. Everything was working well, when all of the sudden I started experiencing very strange errors. For instance, when I try to create an application, i fails with a SMS Provider error, and the SMSPROV.log says: *** *** Unknown SQL Error! SMS Provider 26/03/2012 18:19:22 4188 (0x105C) *** if (object_id('tempdb..#sp_setupci_resultstr') IS NOT NULL) select * from #sp_setupci_resultstr; else select N''; SMS Provider 26/03/2012 18:19:22 4188 (0x105C) *** [24000][0][Microsoft] Invalid cursor state SMS Provider 26/03/2012 18:19:22 4188 (0x105C)*** if (object_id('tempdb..#sp_setupci_resultstr') IS NOT NULL) select * from #sp_setupci_resultstr; else select N'';;~ if (object_id('tempdb..#sp_setupci_resultstr') IS NOT NULL) drop table #sp_setupci_resultstr; SMS Provider 26/03/2012 18:19:22 4188 (0x105C) *** [24000][0][Microsoft][sql Server Native Client 10.0]Invalid cursor state SMS Provider 26/03/2012 18:19:22 4188 (0x105C) *~*~e:\nts_sccm_release\sms\siteserver\sdk_provider\smsprov\ssputility.cpp(2105) : SQL command failed: if (object_id('tempdb..#sp_setupci_resultstr') IS NOT NULL) drop table #sp_setupci_resultstr;~*~* SMS Provider 26/03/2012 18:19:22 4188 (0x105C) *~*~SQL command failed: if (object_id('tempdb..#sp_setupci_resultstr') IS NOT NULL) drop table #sp_setupci_resultstr; ~*~* SMS Provider 26/03/2012 18:19:22 4188 (0x105C) ERROR: SQL command failed: if (object_id('tempdb..#sp_setupci_resultstr') IS NOT NULL) drop table #sp_setupci_resultstr; SMS Provider 26/03/2012 18:19:22 4188 (0x105C) Also, when I try to synchronize the WSUS, it fails and the WSYNCMGR.log says: *** declare @rc int, @errxml xml; EXEC @rc=sp_SetupCI 16821644, 0, @errxml out; select @rc, @errxml SMS_WSUS_SYNC_MANAGER 26/03/2012 18:23:56 3972 (0x0F84) *** *** Unknown SQL Error! SMS_WSUS_SYNC_MANAGER 26/03/2012 18:23:56 3972 (0x0F84) Failed to sync update c6c5daa4-1aeb-409d-b5d2-fe71e3012b5e. Error: Failed to save update d2579ed4-3818-4fce-b2db-6481b004cae0. CCISource error: -1. Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.UpdatesManager.UpdatesManagerClass.DefineUpdate SMS_WSUS_SYNC_MANAGER 26/03/2012 18:23:57 3972 (0x0F84) From what I understand, every time SCCM tries to write something into the SCCM it fails, and its really weird because I can create collection for examples. I have tried re installing the SQL server but that didn't help, I've tryed re installing the SMS Provider with no luck... It looks like some kind of an issue with permission, but nothing changed. I see the SCCM computer account has access rights to the DB on SQL. Could it be something with the NTFS permissions? Any help will be appreciated.

Sorry for the late response, had a rough week! Thx, I will try that and get back with the results.

Hi, Thx for the reply. Believe me, I read almost every one of your guides through and thourgh! The thing is, I have it installed and its working pretty well but I'm missing some actions - I have a client who decided to try the product and we installed it on couple of machines. Now he wants to know couple of things - how can he remove an installation on a certain machine? If I choose to disable Endpoint Protection policy it does not remove the client from the machine. Also, how can I re-install a client machine? I mean, those tasks were available on the SCCM 2007, why are they gone??

Hi guys, I know that there a lot of built-in collections in SCCM 2007 when you deploy FEP 2010 - collections for Deployed Clients, Manually removed Clients and etc... Also, there are a lot of operations (packages) that are automatically added to the console once FEP is installed - Deploy Client and etc... I have SCCM 2012 RC2 in a lab, I added the Endpoint Protection role on it and I can see that clients that get the Client Settings i configured have FEP installed. But i can see any collection, I dont see any Packages/Programs. I dont even know how to get the client uninstalled. How do I get the collections to appear in the console? How do I get the Programs added? Any help would be appreciated!