Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

LionelB's Achievements


Newbie (1/14)



  1. Hello, I am looking for some design recommendations for my test environment that I would like to apply to one production environment. I am working with 2 domains (2 forests) with no trust relationships. Domain A : internal Domain B : DMZ From a firewall point of view, only the ports from the internal to the DMZ will be opened. From the internet to the DMZ, only HTTPS will be opened. Currently, I only manage the clients connected to the internal domain. I would like to deploy a new management point in DMZ that will allow me to manage my DMZ clients and my Internet clients. Should I use 2 management points : - one for the DMZ clients - one dedicated to my internet clients If I use only one MP, should I allow Intranet and Internet clients ? The only documents I can find on Technet require too many ports to be opened in the firewall (From DMZ to Internal) and can't be applied to my environment. Thanks.
  2. Hi, For IE11, I removed it manually from my initial software update group and from my package. You can also use "IE11 blocker" that basically creates a registry key that prevents the automatic installation of IE11 (http://www.microsoft.com/en-us/download/details.aspx?id=40722). Yes I use ADR for the monthy updates.
  3. Thanks. In the control panel, when I was clicking on "Check updates", I could see a list of updates whereas I didn't advertise any updates to the collection which the computer belongs to. For testing, I installed one of the updates and ran a network trace with wireshark. I could identify (with the IP address) that the computer was downloading the updates from the WSUS server and not from my local distribution point.
  4. Hi, You were right, clients were using WSUS directly instead of the SUP. Apparently ,the WSUS role had been configured directly... To make it work properly, I had to uninstall WSUS and SUP and then re-install the role WSUS and SUP. Everything is back to normal now. Thanks
  5. Ok, from what I see, it looks like if I click on "Check for updates", it going to send a request directly to the WSUS and don't use the software update point. Moreover if I try to install an update, it is downloaded directly from WSUS and not from the distribution point. I didn't install WSUS and SCCM, do you think SUP/WSUS could have been installed incorrectly or something is missing ? Thanks.
  6. Hi everyone, I have an issue with IE 11, IE blocker and Windows updates. I want to prevent users from installing IE11 from Windows Updates (We have SCCM 2012 R2 and SUP is deployed). I created a software update group that contains all Windows 7 updates but excludes IE11. Our users are local administrators of their computers. I tried to add the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\11.0\ DWORD DoNotAllowIE11 value 1 but it doesn’t seem to work. If a user clicks on Windows updates, he will see the IE11 update available. I attached some screenshots. I also don’t understand why so many updates are available whereas I have not deployed any of them to any collection? Is it because users are administrators and they can see all the updates available on the SUP ? Internet explorer 11 is not available neither in the software group nor in the package. Thank you for your help !
  7. To complete the previous post, If i reboot the primary site, the distribution works fine for 10 minutes then I keep getting the following message *** [42000][229][Microsoft][SQL Server Native Client 11.0][SQL Server]The EXECUTE permission was denied on the object 'fnGetRelatedContentID', database 'CM_AAA', schema 'dbo'. and with the SQL trace I get the message exec sp_InsStatusMessageInsStr 3,72057594038598327,0,N'229',72057594038598327,1,N'14',72057594038598327,2,N'[42000][229][Microsoft][SQL Server Native Client 11.0][SQL Server]The EXECUTE permission was denied on the object ''fnGetRelatedContentID'', database ''XXXXX'', schema ''dbo''.' Do you have any ideas ? Thank you.
  8. Hello, I'm using SCCM 2012 SP1 and sometimes I've got a problem when I distribute a package. In the console, the package distribution is displayed as "In progress". In the PkgXferMgr.log, i can find the following information. It looks like some rights are missing ("selection permission denied") but the computer account (my Management point) is sysadmin of the database. And if i redistribute the package, sometimes It works. Have you already met this problem ? Do you have any ideas about that ? Thank you for your help. Completed post-actions for remote DP SERVER $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.521-120><thread=6828 (0x1AAC)> ~Sending completed successfully $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.522-120><thread=6828 (0x1AAC)> ~Deleting remote file 101BCAAA.PCK $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.523-120><thread=6828 (0x1AAC)> Notifying pkgXferJobMgr~ $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.523-120><thread=6828 (0x1AAC)> COutbox::TakeNextToSend(pszSiteCode) $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.531-120><thread=6828 (0x1AAC)> *** [42000][229][Microsoft][SQL Server Native Client 11.0][SQL Server]The SELECT permission was denied on the object 'vSMS_Program', database 'CM_AAA', schema 'dbo'. $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.534-120><thread=6828 (0x1AAC)> Failed to send status to the distribution manager for pkg AAA0006A, version 0, status 3 and distribution point ["Display=\\SERVER\"]MSWNET:["SMS_SITE=AAA"]\\SERVER\~ $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.536-120><thread=6828 (0x1AAC)> *** SELECT SC.SiteType FROM SMSData S INNER JOIN SC_SiteDefinition SC ON SC.SiteCode = S.ThisSiteCode $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.540-120><thread=6828 (0x1AAC)> *** [42000][229][Microsoft][SQL Server Native Client 11.0][SQL Server]The SELECT permission was denied on the object 'SC_SiteDefinition', database 'CM_AAA', schema 'dbo'. $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.540-120><thread=6828 (0x1AAC)>
  9. Well I think it's because of my Network Access Account but It's already defined in the SCCM configuration and I still get the following message in the DataTransferService.log. I am going to change my network access account, I hope It will work [CCMHTTP] ERROR: URL=http://XXXXXXXXX:80/SMS_DP_SMSPKG$/Content_45b86d06-8f1e-4f13-a62b-53d97255501b.1, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE DataTransferService 24/04/2013 17:59:11 1592 (0x0638) Raising event: instance of CCM_CcmHttp_Status { ClientID = "GUID:F0AA71BE-B432-4EBC-97D0-B14D87477EB2"; DateTime = "20130424155911.015000+000"; HostName = "XXXXXXXXX"; HRESULT = "0x87d0027e"; ProcessID = 1504; StatusCode = 401; ThreadID = 1592; }; DataTransferService 24/04/2013 17:59:11 1592 (0x0638) Successfully sent location services HTTP failure message. DataTransferService 24/04/2013 17:59:11 1592 (0x0638) Error sending DAV request. HTTP code 401, status 'Unauthorized' DataTransferService 24/04/2013 17:59:11 1592 (0x0638) GetDirectoryList_HTTP('http://XXXXXXXXX:80/SMS_DP_SMSPKG$/Content_45b86d06-8f1e-4f13-a62b-53d97255501b.1') failed with code 0x80070005. DataTransferService 24/04/2013 17:59:11 1592 (0x0638) Job {21180503-3F08-4FF6-819F-5FF0DEA33707} impersonating Network Access Account. DataTransferService 24/04/2013 17:59:11 1592 (0x0638) [CCMHTTP] ERROR: URL=http://XXXXXXXXX:80/SMS_DP_SMSPKG$/Content_45b86d06-8f1e-4f13-a62b-53d97255501b.1, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE DataTransferService 24/04/2013 17:59:13 1592 (0x0638)
  10. Hello, I have pretty much the same problem (SCCM 2012 SP1) I can not install any application during my build and capture task sequence. I attached some content from the smsts.log and clientmsi.log If anyone has an idea ? Thank you.
  11. Hello, I have an Office 2010 32 bits package, I deploy this package on 32 and 64 bits OS with SCCM 2012. I want to convert this package into an application and I would like to know if I should check the "run installation program as 32-bit process on 64-bit clients" box in the installation program ? If yes, should I do the same thing for all my 32 bits applications ? Thank you.
  12. Hello, I have to deploy an executable program with SCCM 2012 and I would like to create an application. I was wondering which deployment type I was supposed to use: - script installer - msi and what is the difference between them ? If the one I choose doesn't work, can I change it after ? Thank you.
  13. Hello, Well it took a long time but for the most of the packages and applications got synchronized. But I still have the problem with the packages migrated from sccm 2007 which are tagged as unknown...
  • Create New...