LionelB

Hello, I am looking for some design recommendations for my test environment that I would like to apply to one production environment. I am working with 2 domains (2 forests) with no trust relationships. Domain A : internal Domain B : DMZ From a firewall point of view, only the ports from the internal to the DMZ will be opened. From the internet to the DMZ, only HTTPS will be opened. Currently, I only manage the clients connected to the internal domain. I would like to deploy a new management point in DMZ that will allow me to manage my DMZ clients and my Internet clients. Should I use 2 management points : - one for the DMZ clients - one dedicated to my internet clients If I use only one MP, should I allow Intranet and Internet clients ? The only documents I can find on Technet require too many ports to be opened in the firewall (From DMZ to Internal) and can't be applied to my environment. Thanks.

Hi, For IE11, I removed it manually from my initial software update group and from my package. You can also use "IE11 blocker" that basically creates a registry key that prevents the automatic installation of IE11 (http://www.microsoft.com/en-us/download/details.aspx?id=40722). Yes I use ADR for the monthy updates.

Thanks. In the control panel, when I was clicking on "Check updates", I could see a list of updates whereas I didn't advertise any updates to the collection which the computer belongs to. For testing, I installed one of the updates and ran a network trace with wireshark. I could identify (with the IP address) that the computer was downloading the updates from the WSUS server and not from my local distribution point.

Hi, You were right, clients were using WSUS directly instead of the SUP. Apparently ,the WSUS role had been configured directly... To make it work properly, I had to uninstall WSUS and SUP and then re-install the role WSUS and SUP. Everything is back to normal now. Thanks

Ok, from what I see, it looks like if I click on "Check for updates", it going to send a request directly to the WSUS and don't use the software update point. Moreover if I try to install an update, it is downloaded directly from WSUS and not from the distribution point. I didn't install WSUS and SCCM, do you think SUP/WSUS could have been installed incorrectly or something is missing ? Thanks.

Hi everyone, I have an issue with IE 11, IE blocker and Windows updates. I want to prevent users from installing IE11 from Windows Updates (We have SCCM 2012 R2 and SUP is deployed). I created a software update group that contains all Windows 7 updates but excludes IE11. Our users are local administrators of their computers. I tried to add the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\11.0\ DWORD DoNotAllowIE11 value 1 but it doesn’t seem to work. If a user clicks on Windows updates, he will see the IE11 update available. I attached some screenshots. I also don’t understand why so many updates are available whereas I have not deployed any of them to any collection? Is it because users are administrators and they can see all the updates available on the SUP ? Internet explorer 11 is not available neither in the software group nor in the package. Thank you for your help !

Post deleted

To complete the previous post, If i reboot the primary site, the distribution works fine for 10 minutes then I keep getting the following message *** [42000][229][Microsoft][SQL Server Native Client 11.0][SQL Server]The EXECUTE permission was denied on the object 'fnGetRelatedContentID', database 'CM_AAA', schema 'dbo'. and with the SQL trace I get the message exec sp_InsStatusMessageInsStr 3,72057594038598327,0,N'229',72057594038598327,1,N'14',72057594038598327,2,N'[42000][229][Microsoft][SQL Server Native Client 11.0][SQL Server]The EXECUTE permission was denied on the object ''fnGetRelatedContentID'', database ''XXXXX'', schema ''dbo''.' Do you have any ideas ? Thank you.

Hello, I'm using SCCM 2012 SP1 and sometimes I've got a problem when I distribute a package. In the console, the package distribution is displayed as "In progress". In the PkgXferMgr.log, i can find the following information. It looks like some rights are missing ("selection permission denied") but the computer account (my Management point) is sysadmin of the database. And if i redistribute the package, sometimes It works. Have you already met this problem ? Do you have any ideas about that ? Thank you for your help. Completed post-actions for remote DP SERVER $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.521-120><thread=6828 (0x1AAC)> ~Sending completed successfully $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.522-120><thread=6828 (0x1AAC)> ~Deleting remote file 101BCAAA.PCK $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.523-120><thread=6828 (0x1AAC)> Notifying pkgXferJobMgr~ $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.523-120><thread=6828 (0x1AAC)> COutbox::TakeNextToSend(pszSiteCode) $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.531-120><thread=6828 (0x1AAC)> *** [42000][229][Microsoft][SQL Server Native Client 11.0][SQL Server]The SELECT permission was denied on the object 'vSMS_Program', database 'CM_AAA', schema 'dbo'. $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.534-120><thread=6828 (0x1AAC)> Failed to send status to the distribution manager for pkg AAA0006A, version 0, status 3 and distribution point ["Display=\\SERVER\"]MSWNET:["SMS_SITE=AAA"]\\SERVER\~ $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.536-120><thread=6828 (0x1AAC)> *** SELECT SC.SiteType FROM SMSData S INNER JOIN SC_SiteDefinition SC ON SC.SiteCode = S.ThisSiteCode $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.540-120><thread=6828 (0x1AAC)> *** [42000][229][Microsoft][SQL Server Native Client 11.0][SQL Server]The SELECT permission was denied on the object 'SC_SiteDefinition', database 'CM_AAA', schema 'dbo'. $$<SMS_PACKAGE_TRANSFER_MANAGER><08-07-2013 02:38:39.540-120><thread=6828 (0x1AAC)>

Well I think it's because of my Network Access Account but It's already defined in the SCCM configuration and I still get the following message in the DataTransferService.log. I am going to change my network access account, I hope It will work [CCMHTTP] ERROR: URL=http://XXXXXXXXX:80/SMS_DP_SMSPKG$/Content_45b86d06-8f1e-4f13-a62b-53d97255501b.1, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE DataTransferService 24/04/2013 17:59:11 1592 (0x0638) Raising event: instance of CCM_CcmHttp_Status { ClientID = "GUID:F0AA71BE-B432-4EBC-97D0-B14D87477EB2"; DateTime = "20130424155911.015000+000"; HostName = "XXXXXXXXX"; HRESULT = "0x87d0027e"; ProcessID = 1504; StatusCode = 401; ThreadID = 1592; }; DataTransferService 24/04/2013 17:59:11 1592 (0x0638) Successfully sent location services HTTP failure message. DataTransferService 24/04/2013 17:59:11 1592 (0x0638) Error sending DAV request. HTTP code 401, status 'Unauthorized' DataTransferService 24/04/2013 17:59:11 1592 (0x0638) GetDirectoryList_HTTP('http://XXXXXXXXX:80/SMS_DP_SMSPKG$/Content_45b86d06-8f1e-4f13-a62b-53d97255501b.1') failed with code 0x80070005. DataTransferService 24/04/2013 17:59:11 1592 (0x0638) Job {21180503-3F08-4FF6-819F-5FF0DEA33707} impersonating Network Access Account. DataTransferService 24/04/2013 17:59:11 1592 (0x0638) [CCMHTTP] ERROR: URL=http://XXXXXXXXX:80/SMS_DP_SMSPKG$/Content_45b86d06-8f1e-4f13-a62b-53d97255501b.1, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE DataTransferService 24/04/2013 17:59:13 1592 (0x0638)

Hello, I have pretty much the same problem (SCCM 2012 SP1) I can not install any application during my build and capture task sequence. I attached some content from the smsts.log and clientmsi.log If anyone has an idea ? Thank you.

Hello, I have an Office 2010 32 bits package, I deploy this package on 32 and 64 bits OS with SCCM 2012. I want to convert this package into an application and I would like to know if I should check the "run installation program as 32-bit process on 64-bit clients" box in the installation program ? If yes, should I do the same thing for all my 32 bits applications ? Thank you.

Thank you.

Hello, I have to deploy an executable program with SCCM 2012 and I would like to create an application. I was wondering which deployment type I was supposed to use: - script installer - msi and what is the difference between them ? If the one I choose doesn't work, can I change it after ? Thank you.

Hello, Well it took a long time but for the most of the packages and applications got synchronized. But I still have the problem with the packages migrated from sccm 2007 which are tagged as unknown...

Hello, I am migrating my sccm environment from 2007 to 2010 SP1 and I have a problem with distribution points. The migration went fine (I migrated the packages, collections, updated the distribution points : some of them still use windows Server 2003) I was able to distribute contents for applications and i migrated some packages to the new application model with package conversion manager. I had to remove some "content locations" for some packages then I had to add them again. But the content distribution is still "in progress" (Message: "Content transfer was instructed to send content to the distribution point") Even if the DP is on the LAN, the packages are still not copied. I do not find any information about the closest DP in the distmgr.log file In the PkgXFerMgr.log, I can see the send request is pending. Send Request 100ED100~ Job: J6NLAPWB Destination: SRV-XXX ~ State: Pending Status: Action: None~ Total size: 0 k Remaining: 0 k Heartbeat: 14:00~ Start: 12:00 Finish: 12:00 Retry: ~ SWD PkgID: 00000051 SWD Pkg Version: 20 You can find attached an example for a test package. I tried to change the distribution priority to high but it doesn't change anything. Is SCCM supposed to give a higher priority to a nearer distribution point ? Can i have an idea of how SCCM schedules its package distribution queue ? Is there a maximum number of packages that I can distribute at the same time ? Thank you for your help.

Thank you for your answer. I had to save the user data on a SMP as you advised. (I am answering late...I was away for a while )

Hello, I am currently working on a project and I have to migrate workstations from Windows Xp (32 bits) to Windows 7 (64 bits). We are using SCCM 2007. The Windows XP workstations have 2 partitions and the main user profile is stored on the second partition (D disk). The registry was modified… For the “new” Windows 7 workstations, I would like to keep only one partition with the users profile and datas on the C disk. I tried to do that: - TS - Capture User State (With MigXmlHelper.RelativeMove in a specific xml file to modify data folders) - TS - Apply the OS - TS – Restore User State The Restore User State doesn’t work because the computer association uses the previous configmr uuid and a new one is applied when the SCCM Client is reinstalled on the computer. Should I keep doing that way and how can I modify the computer association so I can restore the user data? Or is it possible to use a Refresh Scenario with hardlink and modify the partitions (because I want only one partition on my Windows 7 workstations) Thank you for your answers and sorry for my English.