Jump to content


nodiaque

Established Members
  • Content Count

    22
  • Joined

  • Last visited

Everything posted by nodiaque

  1. Hello, I'm currently using a wsus server on my domain. It is used with SCCM 2012 R2 (as per the sccm 2012 installation documentation to use SCCM to deploy updates). On a machine running Windows 10 enterprise, I'm trying to get some language pack installed. Problem is, it's checking the WSUS server and it's saying that no language pack are available. I launch the admin console and downloaded all language pack and deployed them as available to my workstation. Still no language pack available. I got the same problem if I try to add a feature, it want to download something from Microsoft Update but since I have a WSUS server set, it doesn't work. For now, I delete the policies key that set the wsus and do it online, but I'd like to fix this. What do I need to do on my WSUS/SCCM to be able to download language pack and others from my local wsus? Thank you
  2. Well, for anyone reading this, don't do what I said! Doing that apply the GPO to everyone... It seems authenticated users is also the computer itself.... So, back to square one...
  3. Ok, I got it! PRoblem is, the user that log on the computer also need to have apply right in the security filtering. I added authenticated users (since this gpo isn'T applied to any users, I don't need to filter it) and now it work.
  4. Hello, I'm trying to set a GPO to disable the screensaver for all user on specific computer. My AD is configured liked that: Root + - Computers (OU) + - - GPO_Computer - Windows + + - Users (OU) + - - GPO_Users - Windows All my users reside into the users OU, same for computers with the computers OU. Inside my "GPO_Users - Windows", I got these settings: User configuration + Administrative templates + - Control panel \ Personalisation Strategy Activate Screensaver - Active Timeout: 610 sec Force specific screensaver: scrsave.scr rRotect screemsaver with password: Active (the name of the strategy policies might not be accurate, I translate them from my own language). Now, this enable the screensaver "scrnsave.scr" (blank) for everyone in the OU "users" after 610 sec. This work. I want to have an exception on specific computer. Right now, the way we do this is another GPO which disabled the screensaver on specific users. Thus, the screensaver is disable on any computer they go, not what we want. So I tried creating a new computer gpo. Root + - Computers (OU) + - - GPO_Computer - Windows + - - GPO_Computer - Disable Screen saver + + - Users (OU) + - - GPO_Users - Windows I put "GPO_Computer - Disable Screen saver" in first priority. I put a security filtering on an AD Group. The AD Group contain the computer I want to have the screensaver disabled. I also added "Authenticated users" for read only. In the GPO, I set this: Computer Configuration + Administrative templates + - System \ Group Policy Strategy Configure loopback processing: Merge User configuration + Administrative templates + - Control panel \ Personalisation Strategy Activate Screensaver - Disable Timeout: 0 sec Force specific screensaver: "" (empty) Protect screemsaver with password: Disable Now, when I log onto the computer and check Windows configuration, I see the screensaver still set for blank after 610 sec with password. When I run a gpresult, I see the loopback set to merge from "GPO_Computer - Disable screensaver", but the screensaver policy is winned by the gpo "GPO_Users - Windows". Aren't the computer suppose to win it over? What am I missing? Thank you
  5. Hello, I have a little bug right now that's pestering my user. Everyday, they get a popup saying a new software is available. Thing is, yes, in the software center, there is a software available, but why does it notify user everyday about it (and every logging)? I notice something. Let's say a user goes to the software catalog and install a software from there. Then, later, he decide to uninstall it from the software center. For an unknown reason, the software will be in the software center forever, annoying the user with notification about new software available. Is there a way to clear the list of these software that were installed from the software catalog (meaning there's no actual deployment targeting the pc, it's from the user profile which he requested). Thanks
  6. Hello, I'm having an issue with some computer. These computer have maintenance windows. When looking with Client Center for Configuration Manager, I see my maintenance window. Also, in the servicewindowmanager.log, I see my maintenance window for all deployment. The window is 8h00pm to 5h00am, everyday. I have users calling saying they had to restart there computer in the middle of the day because of updates. When looking at updateshandler.log and wuahandler.log, I clearly see that the update have scanned at 8h34 this morning, installed at 8h45 and rebooted at 9h13. I've checked the software updates deployment and both checkbox for "installed outside maintenance window" are disabled. The deadline for the installation was yesterday at 7h00am. The computer was probably off during the maintenance window, but that should simply reschedule the update for the next maintenance window, no? Someone know what's going on? Thank you
  7. Hello everyone, I'm having a weird issue. On a specific computer, running Windows XP SP3 and SCCM 2012 R2 CU1, when there's a pop-up from software center for software updates and the user click on it, all screens turn blank and you have to reset the computer or kill the session using remote desktop. I've tried update graphic cards, Windows Update, SCCM Update, bios update, nothing work. Does anyone have an idea? Thank you
  8. hmmm, but that computer as quite enough memory (Specially for a 100 mb file). Disabling Intel MEI allow the task to succesfully run and install the remaining software/drivers. From what I've read, it means "file not found" but if I send the same package through the software center, it installed without any problem
  9. Hello everyone, I'm having a hard time with a package in a task sequence. Here's what's happening: I run the task sequence without the package, everything work but when I activate it, it downloads it, then run it but failed. If I try to run it manually, everything run fine. I tried recreating the package from scratch, didn't work. The package I'm trying to install is Intel Management Engine 9.5.24. I've attached my smsts.log file, what we can see is that: Thanks smsts.log
  10. well, we didn't migrate the old collection, we just made a new SCCM server and installed the new agent on them. New structure, new database....
  11. Ok, I just tested with the maintenance window by removing the computer from a collection and it did lost the maintenance. What I think is happening is that it came from SCCM 2007 maintenance window that were migrated to 2012, a bit like this guy: http://blog.tyang.org/2011/08/16/orphaned-maintenance-windows-for-sccm-clients/ I'm currently investigating to see if there's other computer in that boat. Still, I'm still struggling to understand why the other computer (previous post) have installed updates at 6 am this morning.
  12. Well, microsoft said on technet that it is by design in 2007: http://blogs.technet.com/b/configurationmgr/archive/2011/09/26/removing-computers-from-a-collection-in-system-center-configuration-manager-2007-may-cause-an-unexpected-reboot.aspx Near the middle I'm having another headache relating to that (but not with ghost service window) I have a computer with 12 service windows in servicewindowmanager.log. Service Window with ID = 7cb56688-692f-4fae-b398-0e3ff4413adb having Starttime=2038-01-01 00:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 00 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = {2F75E1C8-644B-4944-B744-327E065E936C} having Starttime=2014-05-15 03:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 01 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = 45dca355-3249-4845-b8aa-72d0e604548e having Starttime=2014-05-14 22:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 07 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = 87e4759c-2884-45e6-9261-c33ba53f596c having Starttime=2014-05-15 22:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 07 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = 36da6950-3d1e-4027-be0e-7b16a4daee7e having Starttime=2014-05-16 22:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 02 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = 028bfbc0-7120-4081-a268-0e664a92ac4a having Starttime=2014-05-17 00:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 1 days, 00 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = {84F7DA98-6A89-4D8E-A008-0C8FCC65525E} having Starttime=2014-05-19 03:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 01 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = 90a5f436-364c-48c7-8dc7-c5014abcbea8 having Starttime=2014-05-18 00:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 1 days, 05 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = {E00EF57C-D58D-4457-9AD5-70611A2C22FD} having Starttime=2014-05-20 03:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 01 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = ad27b0ca-8c74-43c7-8200-1f601880bd75 having Starttime=2014-05-19 22:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 07 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = {224E48DF-F10B-4C17-AEB5-A95530ADCC41} having Starttime=2014-05-21 03:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 01 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Service Window with ID = 49fd80be-ac4b-4877-974d-ecd09958926d having Starttime=2014-05-20 22:00:00 ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) Duration is 0 days, 07 hours, 00 mins, 00 secs ServiceWindowManager 2014-05-14 05:28:47 1380 (0x0564) The first one is a dummy (that is there for everyone) Then, we can easily sees all Business Hours maintenance windows (the IDs isn't included between {} ). There's 7 of these, and are related to business hours monday to friday 5 am to 10 pm, default settings. Then, I have my maintenance windows, where IDs are between {}. There is 4 maintenance windows on my collection, from 3 am to 4 am on monday, tuesday, wednesday and thursday. This is cleared showed there. Now, if my understanding is correct, and by the blog here: http://blogs.technet.com/b/server-cloud/archive/2012/03/28/business-hours-vs-maintenance-windows-with-system-center-2012-configuration-manager.aspx When you deploy required something with a deadline on a computer with no maintenance window, it will be enforced at the deadline and install. If there's business hours, it will install outside of business hours or at deadline, the first occurence. If there's a maintenance window, it will wait for the maintenance windows even if it's after the deadline. Now, since business hours are also maintenance window, my understanding on how the agent determine the difference is with the {} in the IDs. Regardless of all that, here is what's happening with the computer with the maintenance windows stated up. If I check the WUAHandler.log, I get this: Going to search using WSUS update source. WUAHandler 2014-05-14 06:00:30 3488 (0x0DA0) Synchronous searching of all updates started... WUAHandler 2014-05-14 06:00:30 3488 (0x0DA0) Successfully completed synchronous searching of updates. WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 1. Update: 0d9343d5-ff78-41d0-bd18-a5015660955e, 202 BundledUpdates: 1 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) Update: b435bfc6-5ba8-43a1-8b7e-d7cc33c8c981, 202 BundledUpdates: 0 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 2. Update: 2c8a94fa-4412-4ac7-b4b7-69ecc74019cb, 203 BundledUpdates: 1 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) Update: 094b52b7-9deb-4dda-bd7a-84fb03387037, 201 BundledUpdates: 0 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 3. Update: 8c7053f7-3db5-4a84-895e-8768930e3f2b, 201 BundledUpdates: 1 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) Update: f4f2574d-ea00-4780-8175-06f8ee5f045b, 201 BundledUpdates: 0 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 4. Update: 8ef4b78f-599e-4b8a-88d6-69ca408339d8, 201 BundledUpdates: 1 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) Update: 283292ff-52ea-42a3-b47f-cfe404d3b558, 201 BundledUpdates: 0 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 5. Update: c6bf131f-be90-438c-ba58-a732368d8a96, 201 BundledUpdates: 1 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) Update: 5cb57cd5-b3c6-4659-9fc2-76968a465999, 201 BundledUpdates: 0 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 6. Update: f4971089-6267-4e29-8c7b-2515659dfec7, 201 BundledUpdates: 1 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) Update: 38fd9300-89a7-4baf-b207-3f3800fcd6f1, 201 BundledUpdates: 0 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 7. Update: fe81ecb6-6b64-450b-a2a6-f3bf4b124556, 201 BundledUpdates: 1 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) Update: e0bbbb82-b620-4494-b2f7-6ed7891eae45, 201 BundledUpdates: 0 WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 1. Update (Missing): Mise à jour de sécurité cumulative pour Internet Explorer 7 pour Windows XP (KB2936068) (0d9343d5-ff78-41d0-bd18-a5015660955e, 202) WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 2. Update (Missing): Mise à jour de sécurité pour Windows XP (KB2922229) (2c8a94fa-4412-4ac7-b4b7-69ecc74019cb, 203) WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 3. Update (Missing): Mise à jour de sécurité pour Word 2003 (KB2878303) (8c7053f7-3db5-4a84-895e-8768930e3f2b, 201) WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 4. Update (Missing): Mise à jour de sécurité pour Internet Explorer 7 pour Windows XP (KB2964358) (8ef4b78f-599e-4b8a-88d6-69ca408339d8, 201) WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 5. Update (Missing): Mise à jour de sécurité pour Microsoft Silverlight (KB2932677) (c6bf131f-be90-438c-ba58-a732368d8a96, 201) WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 6. Update (Missing): Mise à jour de sécurité pour Windows XP (KB2930275) (f4971089-6267-4e29-8c7b-2515659dfec7, 201) WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) 7. Update (Missing): Mise à jour de sécurité pour Windows XP (KB2929961) (fe81ecb6-6b64-450b-a2a6-f3bf4b124556, 201) WUAHandler 2014-05-14 06:01:43 3488 (0x0DA0) Async installation of updates started. WUAHandler 2014-05-14 06:01:48 3488 (0x0DA0) Update 1 (0d9343d5-ff78-41d0-bd18-a5015660955e) finished installing (0x00000000), Reboot Required? Yes WUAHandler 2014-05-14 06:02:33 2360 (0x0938) Update 2 (2c8a94fa-4412-4ac7-b4b7-69ecc74019cb) finished installing (0x00000000), Reboot Required? Yes WUAHandler 2014-05-14 06:02:36 3540 (0x0DD4) Update 3 (8c7053f7-3db5-4a84-895e-8768930e3f2b) finished installing (0x00000000), Reboot Required? Yes WUAHandler 2014-05-14 06:03:02 2504 (0x09C8) Update 4 (8ef4b78f-599e-4b8a-88d6-69ca408339d8) finished installing (0x00000000), Reboot Required? Yes WUAHandler 2014-05-14 06:03:05 484 (0x01E4) Update 5 (c6bf131f-be90-438c-ba58-a732368d8a96) finished installing (0x00000000), Reboot Required? No WUAHandler 2014-05-14 06:03:50 1852 (0x073C) Update 6 (f4971089-6267-4e29-8c7b-2515659dfec7) finished installing (0x00000000), Reboot Required? Yes WUAHandler 2014-05-14 06:03:56 3760 (0x0EB0) Update 7 (fe81ecb6-6b64-450b-a2a6-f3bf4b124556) finished installing (0x00000000), Reboot Required? No WUAHandler 2014-05-14 06:03:59 3992 (0x0F98) Async install completed. WUAHandler 2014-05-14 06:03:59 2108 (0x083C) Installation of updates completed. WUAHandler 2014-05-14 06:03:59 2612 (0x0A34) Scan results will include all superseded updates. WUAHandler 2014-05-14 06:03:59 2196 (0x0894) Search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '1403F223-A63F-F572-82BA-C92391218055')) WUAHandler 2014-05-14 06:03:59 2196 (0x0894) Async searching of updates using WUAgent started. WUAHandler 2014-05-14 06:03:59 2196 (0x0894) Async searching completed. WUAHandler 2014-05-14 06:04:49 1204 (0x04B4) Successfully completed scan. WUAHandler 2014-05-14 06:04:51 3864 (0x0F18) Its a WSUS Update Source type ({5E1E7D40-2D08-43CA-A97F-997750FC54C2}), adding it. WUAHandler 2014-05-14 07:18:17 2516 (0x09D4) As we can see, it installed update at 6 am this morning, from a deployment I made where the deadline is in 5 days. Why would he do that? It's right into the business hours, outside maintenance windows and outside deadline. The only thing I could think that the update installed is if the user clicked on "install now", but I can't find where this would be logged.
  13. Hello everyone, I found a bug with the maintenance windows and reading on the web, it seems it existed in SCCM 07 (MS says it was by design) and now, it's has flooded my company. Here's the deal: Let's say you have a computer named ABC. It's a new computer, you deploy it via task sequence and it get into the "all system" collection. You then create a new collection, let's call it "MW-A". You then add ABC to MW-A. Then, you add a maintenance windows to MW-A, let's say monday 2:00-3:00 am. The computer get the MW (showned in policyspy and servicewindowmanagement.log). Here, everything is fine. Then you create a new collection, let's call it "MW-B". You add ABC to the this new collection. Then, you add a new maintenance windows to MW-B, let's say tuesday 2:00-3:00 am. Now, the computer have two maintenance windows. Here, still no problem. Then, you remove the computer from MW-A. You woud normally thing that the computer now has only 1 maintenance windows, from MW-B which is on tuesday, but no, it has kept the maintenance windows from MW-A. If you do a policyspy check or servicewindowsmagament.log check, you'll see it's still there even after a policy refresh. To remove the maintenance windows from the computer, you have to first remove the mw from the collection, wait for refresh, remove the computer from the collection then put back the mw on the collection. Microsoft says it work as design in 2007. Now, the problem is that we didn't knew that. Because of that, I have system with like 11 maintenance windows instead of 1. Even worst, the report from SCCM to get the maintenance windows on one computer is only checking what is attributed from the collection, not what is left on the computer. Since SCCM 2012 was used in prod when testing, all my computers are affected with MW that doesn't exist anymore (a check in the database shows no entry with these IDs). Does anyone know a way to fix that beside going one computer at a time with policyspy and deleting them?
  14. Hello everyone, I have a query that I'm unable to make. Here's the situation. I have a collection which contain x number of computer (let's say 200). I want a query that return the top x computer from the list (let's say 33% of it or top 50 computers) and put them into a collection. The idea is to have a way to distribute update to specific computers based on there name order (like serial number), but I want it to be dynamic and always have the same ratio (33% or a top 50, something like that). In SQL, I would use "select top (33) PERCENT", but I can't find the equivalent in WQL. Thank you!
  15. Hello, I have SCCM 2012 R2 installed. Everything work great except the SCCM remote tools doesn't work. I can use microsoft remote desktop without any problem, I can use windows remote assistance without any problem, but not the sccm remote tools. I don't have any firewall on either workstation. I have configured SCCM client as per the doc on this forum. It used to work when I was on SCCM 2012 but when I upgraded to SCCM 2012 R2, it doesn't work anymore. I have a gpo enabling windows remote assistance and rdp, with a gpp adding some user in it (same as sccm client). Any clue what's going on? Thank you
  16. Great tutorial, everything work. I have a question. I've seen the application getting downloaded to the client and then installed. Is there a way to prevent that? I have some huge app (like autocad) and I would like them to simply run them from there distribution folder instead. Is there a way to do that? As I recall, I was able to do that with 2007. Thanks
  17. Can I use Wsus to push windows update and SCUP to push software? I saw that in Wsus console, all computer are accounted for. What's weird is SCUP work since I'm able to push applications. Which log do you want, because there's quite a lot of logs?
  18. Still not working for me... When I open software center, nothing in it. Forefront does get updated, but windows doesn't get any patch.
  19. Hello, I have a question. If everything is setup to use SSL and https, should I change the connection for my client to https://server:8530 or it's not needed? edit: I just checked my local GPO and it seems my SCCM client configured my local GPO to https://server:8531/ is that normal? My gpo push http://server:8530/. I do have HTTPS only activated on all of my installation. Should I change the gpo? THanks
  20. Hello, there is something I don't get. We have configured the server to be able to send email alert, but we haven't configured anywhere at which address it send these alert O_O
  21. Hello everyone, I'm currently having a headache with SCUP. We used to have SCCM 2007 with WSUS (not SCUP) which was working fine until both server crash. I then decided to follow your guide on how to install SCCM 2012 with SCUP. All my ADR rules work great, the package get new update, they get update on the DP. My configuration is a standalone Primary Server with all the required role on it, running SCCM 2012 SP1, Server 2012 standard and SQL Server 2012 SP1 Enterprise. Now, what I don't get is my package was updated yesterday with new updates (both windows 7 updates and endpoint updates). But when I run windows update or software center, there's nothing in it. The first update I saw was 2 minutes ago on my SCCM server and it was for an outdated endpoint update (it downloaded the 1.155.1661.0 definition while the 1.155.1705.0 is available). All the updates are into a group and package, and those packages are on collection. I've checked and my computer are in that collection. Is there anyway to solve that? Can we use both wsus and scup on the server? If I understand now, updates will now be "software" from the software center and not from windows update, right? Can I use windows update for, well, windows update and use SCUP for the reste (real software like quicktime updates, flash updates, etc...)? I feel WSUS was working better then SCUP, unless I don't get the concep. Also, is there a way to get rid of replaced update? Thanks
×
×
  • Create New...