Jump to content


RS1

Established Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by RS1

  1. We had an external consultant in to perform our upgrade about 6 weeks ago. Everything seemed to go well with the single exception that one of the Task Sequences was broken in one of our primary sites ( our SCCM environment has 3 primary sites ) We did a number of tests making little changes to the TS and repeatedly deploying it until, one morning about 3 weeks after the upgrade, all machines refused to PXE boot. Turns out WDS was no longer installed on the main server. Attempting to re-enable it causes the console to crash and the role is not installed. We logged a case with MS who are still working on it. It appears to be SQL related and, since then, our DB has grown tenfold to the point where it is now 500gb in size and constantly swallowing any space we give it. This morning, another of our primary sites has fallen over. WDS has uninstalled itself and machines in this site wont PXE boot. I haven't attempted any troubleshooting yet as I need to push it back to the consultant who did the install and don't want to be accused of making changes which broke things. However, I'd be interested to see if anyone has seen anything similar?
  2. I've been following some of the guides over the past few weeks to make changes to our SCCM environment at work, a 2012 SP1 installation with a CAS and three primary sites. I am trying to enable a distribution point in one of our satellite offices and attempted to follow one of the guides linked in this forum. However, all the guides ( aimed at lab builds as they are ) assume a basic HTTP configuration whereas our sites as set up using our internal PKI. Can anyone point me in the right direction of an amended guide which specifies what certificates I need to generate and where they need to go please? Regards and thanks in advance.
  3. An external consultant recently installed SCCM 2012 ( SP1 ) in our US office. This runs with a Server 2012 PKI issuing certificates via GPO> Windows 7 and Windows 8 machines receive the certificate correctly. Everything looked great until the manager announced that there were 120+ XP machines he had not previously disclosed. The XP machines did not receive the certificate until we changed the Intermediate CA with the certutil -setreg CA\InterfaceFlags -IF_ENFORCECRYPTICREQUEST command as documented in a Microsoft forum. Once that change was made certificates began to issue to Windows XP machines. However, the client shows a Certificate of NONE. Investigating the certificate I found a message in the general tab which states; The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered. When I look at the Certification Path of the certificate I can see the following ROOTCA The cert is OK. Intermediate CA This cert is OK. PCName.domain.com - This cert has a big red X on it with the message un the status box which reads "This certificate has an nonvalid digital signature" We have developed a number of packages for an upcoming migration ( we travel to the US at the weekend ) and, without a fix here, the manual work will prevent the trip from occurring. Ultimately we'd say "XP isn't supported next week. You should have decommissioned these machines" but that cant happen with all flights and hotels booked. Can anyone point me in the right direction please? What do I need to do to get these to accept the certificate?
  4. We brought in a consultant for our SCCM 2012 SP1 install and he advised that, because we have two child domains, we have three primary sites pointing to our CAS. My access as Domain Admin of the parent domain is to the CAS and the first primary site. Today I have started adding in applications and collections but have struggled because I've been advised, many times, that I cannot create a collection or application because the name must be unique. We later on found that one of our other primary sites have these collections. Who knew HR, IT and Finance would be such common names? So my question is this...if you can deploy applications from any site to pretty much anywhere else, if you have to create every app, report, folder, collection with unique names, what is the actual point of having multiple primary sites at all? The only difference I can see is where the actual database is stored but given this was never going to be an issue for us I'm not sure why we have so many sites. Should I even bother creating applications in each site when I can just link the various collections elsewhere? I can't help but feeling I'm missing something and I could do with a little advice on how best to manage multiple sites. Thanks in advance.
  5. Our SCCM installation is set up to service internet based clients and our development team has designed a piece of Windows 8 'Metro' software which is being deployed to our field users. We are now pushing out updates to that application and things have been working, I think, very well. The problem is that our management team want to know which users have not got the updates 2 hours after the deployment. Most of our field users could be in cars with no internet access! is there any way to create a report or alert which can provide a list of users who not checked in for a policy update so that I can provide that list. The intention is that the service desk will then contact the users and ask them why it's not worked,....are they on holiday, is the machine on, is there an internet connection. Oh, and Im sorry. I know this is a stupid request.
  6. OK. This is not quite doing what we'd like, if indeed that is possible. The client no longer goes out to these machines but they still show in collections and we'd like to avoid that. Still some way to go I think but a definite improvement so thanks for that,
  7. Our Software Development team has just started creating Windows 8 apps which use the .appx format. In order to do that three conditions must be met ( in a domain environment ); Group policy must be amended to allow all trusted applications to install. The application must be signed using a certificate which the computer trusts. A sideloading key must be installed. We have successfully fulfilled objectives 1 and 2 but installing the key is proving to be an issue and I wondered if anyone had a neat way of doing this. SCCM 2012 seems to have some support for deploying Windows RT Sideloading keys so I'm hoping they've thought a little bit more about the Enterprise side.
  8. Nobody found a way around this yet? I would imagine it was a fairly common issue. Any help very gratefully received.
  9. In our environment we name our web servers like this; UKWEB-SVR01A UKWEB-SVR01B Then we create a NLB cluster named UKWEB-SVR01 So, for example, the cluster UKSQL-SVR03 is formed from UKSQL-SVR03A, UKSQL-SVR03B and UKSQL-SVR03C. The individual machines are all getting the agent correctly. However, SCCM also discovers the NLB cluster and attempts to install the client to that too. How do I stop SCCM trying to do this?
  10. Incidentally, I had this same issue in my deployment and the OSDPreserveDrive letter did not fix the issue. We had to get our consultant back in. he spent a day on it with no luck before eventually fudging it. The system deploys as D drive and then, at the end, changes the drive letter.
  11. Can anyone help with a few questions please? Firstly, when we do this the system keeps installing to the D Drive. It's picked up during the UDI regardless of what we select elsewhere. We have certain custom apps which reference this location so we have to change it. Secondly, the PE image is in US English which is causing some issues. Please help! Edit : I should point out Ive done the OSDPreserveDriveLetter thing and still no luck. The problem seems to come much earlier on when it detects what partitions are available. Edit 2 : If, before I select the task sequence, I hit F8 and run diskpart, I can clean the disk and allow the TS to partition it, I can install to drive C. Figured this might help the troubleshooting.
  12. All of the machines will be added to the domain at the deployment stage so I can arrange for them to have the certificate fairly quickly. The computers will then go offsite and most of those machines will not come back onto the network again. They go out with our field reps and only come back in when that person leaves the company and the laptop is allocated to another user. That's really what made me think I might need to have a CA in the DMZ, so that the CRLs are available.
  13. I guess I can worry about that nearer the time, once I've done my own research. The key thing is that, when I put the PKI in next week ( focusing primarily on smart cards ) that it's going to allow me to do what I need with SCCM. I can imagine the look on my boss's face if I were to go in and say "Hey, you know that PKI I built before Christmas? Well I need to build a new one now and decommission the old one" He'd outright kill me!
  14. Right, so the only thing we require is to have an SCCM server in the DMZ to which the Internet Based Clients can connect? Thanks for your answer.
  15. I implemented a basic SCCM 2007 install for my company quite early on this year and the majority of my learning came from various web-sites and books. I've been asked to replace the system in the first quarter of 2013 and, after Christmas, will begin the necessary research and study to put this into place. However, we've run up against a small snag here and it has become apparant that we'll need to replace our PKI much sooner - perhaps as early as next week. Can anyone advise me please on what sort of design I'd need to be looking at for my PKI so that, when the time comes to implement SCCM 2012, that we're all ready to go? We need to implement an offline root CA and an intermediate CA within our private network. Will we need a third CA in our DMZ for the internet based clients and if so what type? Also, are we OK using Windows Server 2012 for the CA and for the SCCM install or should we be sticking to 2008 R2? Any help here will be appreciated because, as I mentioned, the SCCM install is not something I can dedicate much research time to at the moment as it's not an immediate requirement. Many thanks in advance.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.