Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

  • Days Won


PH25 last won the day on January 20 2017

PH25 had the most liked content!

PH25's Achievements


Newbie (1/14)

  • Reacting Well Rare
  • First Post Rare
  • Collaborator Rare
  • Conversation Starter Rare
  • Week One Done Rare

Recent Badges



  1. No. Nothing. I thought that the reports would be visible by default since the upgrade. If they don't appear until you start enabling bitlocker management, then maybe that's my answer for why I can't see them.
  2. Ah thanks for this. I'll take a look. I didn't get a notification for this for some reason (they are turned on), so sorry for the slow reply. I don't see the BitLocker category under 'Reports' at all. I know that we do not use PKI certificates, so having had a quick glance at your posts, I guess this could cause a problem down the line with using the integrated BitLocker features, but shouldn't the reports at least be visible since I upgraded to 2107?
  3. I'm looking to use the built in BitLocker reports. https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/view-reports I am running config mgr 2107, so believe they should be there, but I don't see them. Does anyone know how I make them appear? I've only just enabled the Bitlocker Management feature. Is this a factor? We do not use config mgr to administer BitLocker but I'm hoping that I can still access the reports. It doesn't look like I have any new reports available since upgrading to 2107. Thanks!
  4. Since upgrading to Endpoint Configuration Manager 2107, our Win 8.1 laptops have not been communicating with Config manager. It looks like they upgraded to the new client, then stopped communicating. We do not use PKI certificates and since the upgrade, I believe I've made the correct changes to use enhanced http. The problem laptops show Client Certificate: None, rather than Self-Signed. Some reading has led me to believe that this is something to do with a new feature of 2107 that states "When you update the site and clients to version 2107, the client stores its certificate from the site in a hardware-bound key storage provider (KSP). This KSP is typically the trusted platform module (TPM) at least version 2.0". Examples of errors in client logs are - Failed to get certificate. Error: 0x80004005 Failed to set ACL to key, 0x80090029 The primary key is not found from provider Microsoft Platform Crypto Provider Does anyone have any idea how to fix this, so that clients speak to config manager again? Some forum posts suggest using a reg key HKLM\Software\Microsoft\CCM\DWORD:UseSoftwareKSP=1, but I don't want to apply that without properly understanding the implications.
  5. I am testing what happens when users enter their bitlocker PIN wrong too many times, but cannot find a way to access the password to unlock the TPM. I believe all that is visible is a hash of it. Does anyone have any info on this? At the moment, all i can do is leave the computer logged in with recovery key and left active until the TPM reset period passes.
  6. I have SCCM deploying Windows 8.1 via a task sequence using x64 boot image but it only works when i set BIOS to legacy. This is an issue as we have some newer PCs which use TPM 2.0 and require UEFI. When i change bios to UEFI, i cannot PXE boot. I get the message 'Start PXE over ipv4' then it moves onto 'Start PXE over ipv6', but never actually PXE boots and just loops. Can anyone help?
  7. Hi Anyweb, I tried using your steps, but i can't distribute the empty package to the DP, as it is greyed out, presumably because it is an empty package. Is there a way around this? I only want to run two lines of powershell, is the package method the best way and how can i make it work? Task sequence fails with 0x80070002 error, because it can't find the package.
  8. Is it possible for me to use a task sequence to pre provision and setup bitlocker on an existing drive? I don't want to have to reinstall OS on existing machines in order to get this working. So, we have OS already installed and i want to use a task sequence to perhaps shrink volume and create a new bitlocker volume, then enable bitlocker.
  9. Hi Garth, I'm not sure at what point i had posted the original query but it was either the firewall or the fact that we only ever had one Active Directory Site in Sites and Services. Recently, our Network administrator created new sites and hadn't added our subnets into Sites and services, so i think this was causing an issue trying to contact the DP. Thanks for your help.
  10. I'm hoping this should be a fairly easy one for someone to help with. When my task sequence finishes and OS is installed, i see the folder C:\Users\ADMINI~1 What is this folder used for? I set the administrator account to active and set a password in my task sequence and it works fine, so is this folder just something used by SCCM? I saw this article https://social.technet.microsoft.com/Forums/en-US/d4a29c47-0d1f-4069-8160-e0b8c10f296f/cusersadmini1?forum=configmanagerosd but, my logs are definitely in the location C:\Windows\CCM\Logs, so i don't think it's that the logs are trying to be copied somewhere else. It is confusing, because our task sequence is very basic, we really aren't doing very much customisation at all in it. We have a captured WIM and apply licence key and administrator password and not very much else.
  11. Solved. We only ever had one Active Directory Site in Sites and Services. Recently, our Network administrator created new sites and hadn't added our subnets into Sites and services, so i think this was causing an issue trying to contact the DP.
  12. My task sequence fails with - "this task sequence cannot run because the program files for 00100002 cannot be located on a distribution point" (00100002 is config manager client). Does anyone have any idea why? I notice that my client package says 0 programs and has DEPLOY greyed out, so cant be deployed. Has anyone seen this before? the 'version' field is also blank
  13. Thank you. I think this thread can now be closed.
  14. I recently upgraded from R2 to 1511 and set the hierachy settings to auto update clients. This worked on a couple of test machines but failed on two others. The scheduled task appears after a policy retreival but when it runs it fails with the errors below. Can anyone help? i'm new to SCCM and struggling with this one. It seems to be failing with pre reqs (.NET i think). Thanks.
  • Create New...