Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by fj40ratt

  1. Script attached. Like I said, all of this was working before the 2203 upgrade. Still digging on my end. Thanks for all of the help. AddMeToCollection.vbs
  2. This is the TS section that fails. The vbs script is one I pulled from online. I can share the script if necessary.
  3. I did. Still the same result. It's almost like this months Windows server security updates are causing my grief. Two Windows updates were installed this month. KB5010460 on 7/12/22 and KB4486129 on 7/8/22. I upgraded SCCM on 7/11/22. It doesn't mean the problem wasn't happening before that but I was not aware of it until after the 11th. My field techs are pretty good about letting me know when things aren't working that are typically automated, believe me.
  4. So I found where it is failing, just can't figure out why. For over a year now the vbs script that adds the laptop to my bitlocker policy collection has worked flawlessly. Now all of a sudden it is throwing an access denied error when attempting to run the script against my site server. The account used to run the script within the TS hasn't changed or it's password. Only change I know of is I upgraded SCCM to the latest version.
  5. Good afternoon all. Hopefully I'm not going crazy here but I recently updated MECM to 2203. In the past if my memory serves me correctly, the smsts.log files used to display the individual steps within the TS groups and whether they were successful or not. I have a step in one of my groups that runs a script to add devices to automatically add the device being imaged to the collection I have my Bitlocker policy deployed to. Since the upgrade, that step has stopped working or at least the newly imaged laptops are not getting automatically added to the collection anymore. When looking at the smsts.log file on the device, there is no reference to that particular step or any of the other steps like I've seen in the past. Did that information get moved to a different log? I did enable the TS debugger feature during the upgrade. Is that why I'm not getting the detail I'm used to? Thanks.
  6. In my case with 20H2 there was still a pending cumulative Microsoft update KB5014699 that needed to be installed. After installing that update, I was able to connect through the admin console.
  7. Having the same issue but what is really odd is most of my folks are still running 20H2 and their consoles work just fine.
  8. Hey everyone. Hoping someone can help me with this. I have been working from home since Covid started. I have a laptop I carry back and forth with me when I do need to go into the office but I also have a laptop permanently sitting on my desk that I remote into for large jobs. Both laptops have no issues running the Admin console. I recently convinced my boss to get me a high end machine to park on my desk to run multiple VMs so I don't have to spend my days logging on and off. On the new machine, the SCCM admin console will not connect no matter what I do. The SMSAdminUI.log file just gives me the insufficient privilege message Access Denied which in turn is triggering a dcom event id 10036 on the site server. I know it isn't a privilege issue because I have no problem on my other machines. I have seen posts where a Windows update has caused some problems but they appear to be old posts. It just isn't making any sense to me. Any help is greatly appreciated. Thanks.
  9. I've been trying to remove this update on a test device for the last 3 days using a task sequence with the command line wusa.exe /uninstall /kb:5005565 /quiet /norestart or inserting the .msu file. Neither attempt will work. I have been successful in the past removing troublesome Windows updates using this method but this one is driving me crazy. Has anyone else had to remove this particular update and been successful using SCCM? Thanks.
  10. I've tried both creating a TS from scratch and copying from another TS. Neither has been successful. I even tried just making it a simple 8 character password containing nothing but letters with no luck. Crazy thing is that when I verify the account and password connection to the OU within the TS it verifies just fine and that same account and password will manually join a device to the domain successfully. Might be time to get Microsoft involved.
  11. Jumped the gun. The new password works for one of my task sequences but not for any of my other TS's including any new from scratch TS's. This is crazy.
  12. I seem to be running into this more often as of late. I've created a basic OSD task sequence but when I attempt to deploy it the collection I wish to direct it to, it does not appear in my list. I know it is there because I have deployed other OSD task sequences to the same collection previously without issue and I can see the collection. I also run into this when I create a new device collection and try to deploy an existing TS to it. Thoughts? Thanks.
  13. Update: New 15 character password that utilized all 4 of the complexity rules in AD worked successfully. The previous attempts that were failing were only matching 3 of the 4 requirements which should have still worked since the password rule states you must have at least 3 of the 4. Really odd. Thanks for the input and willingness to help test everyone.
  14. Will try to get that info to you sometime today or tomorrow. Attempting another password change today.
  15. The computer name has 8 characters. I won't be able to get a smsts.log file to you until Monday. I have people imaging this week so I can't test a password change until they are finished.
  16. It was not integrated. Thanks Niall. Good luck. I'm trying to do more testing this week myself.
  17. Update: A 15 character pwd with nothing but upper and lowercase letters and numbers caused the device to not join the domain. Also double checked to make sure the password was meeting the domain complexity requirements and it is. This one is really odd.
  18. Thanks pzov, appreciate the input. I've run up against that type of issue with other systems in the past as well. I believe this is the first time I've attempted that complex of a password with SCCM. You would like to believe that Microsoft would make sure their complexity requirements were standard across the company. If Active Directory accepts that long of a password from a user, their own systems should allow it when they talk to each other. lol I will test with a long password avoiding any special characters and update here with the results.
  19. Version 2002 Console Version: 5.2002.1083.2000 Site Verison: 5.0.8968.1000
  20. Always appreciate your advice Niall. I have. I'm actually using it in the Apply Network Settings task. I don't have a Join Domain section in the TS anywhere. Another test I just ran is I added an additional character to the original password to create a new password of 9 characters. Old password that worked prior was only 8 characters. I then changed the pwd in the TS to the new 9 character pwd and it still works as intended. When my AD admin changed the password earlier on the domain join account, he changed it to a 20 character password and that is the TS would fail to join the device to the domain. Is there a password length restriction that anyone is aware of?
  21. Good morning SCCM brains. Here is one that has me about ready to trade mine in for a beer. Last week our AD admin changed the password for the account that does our AD joins during task sequence image deployments. I have entered the new password in the TS, verified it's access to the OU in AD successfully, and can use the new password to manually join a device to the domain without issue. Unfortunately when the TS now runs the device fails to join the domain. I've looked in the netsetup.log, setuperr.log and setupact.log to verify the correct account is present which it is but the error indicates it is still a bad username or password. I had our AD admin change the password back to the original password in AD and imaging works perfectly with the device joining the domain as expected. Is there somewhere else in SCCM I should be looking for that password to be changed? Thanks in advance.
  22. I'm trying to deploy an application that has multiple dependencies. One of the dependencies is Visual C. The application deployment fails because it states that Visual C already exists and it must be uninstalled through control panel for the deployment to succeed. Is there a way during application deployment to bypass a dependency if it already exists on the target computer? Thanks in advance.
  23. Thanks for the reply Niall. I totally understand not using the capture method but I don't know of another way get a single WIM file to the company that will be doing our imaging of new machines and still maintain the multiple partitions needed for BitLocker. These machines need to be as close to end user ready when they arrive here. The goal is to eliminate as much customization work as possible for our field techs. It's unfortunate that SCCM lets you create the multiple partitions during the TS but it doesn't provide a way to then capture the machine exactly as it is once you have it customized just for situations like this unless I'm missing something.
  • Create New...