Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by PH25

  1. No. Nothing. I thought that the reports would be visible by default since the upgrade. If they don't appear until you start enabling bitlocker management, then maybe that's my answer for why I can't see them.
  2. Ah thanks for this. I'll take a look. I didn't get a notification for this for some reason (they are turned on), so sorry for the slow reply. I don't see the BitLocker category under 'Reports' at all. I know that we do not use PKI certificates, so having had a quick glance at your posts, I guess this could cause a problem down the line with using the integrated BitLocker features, but shouldn't the reports at least be visible since I upgraded to 2107?
  3. I'm looking to use the built in BitLocker reports. https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/view-reports I am running config mgr 2107, so believe they should be there, but I don't see them. Does anyone know how I make them appear? I've only just enabled the Bitlocker Management feature. Is this a factor? We do not use config mgr to administer BitLocker but I'm hoping that I can still access the reports. It doesn't look like I have any new reports available since upgrading to 2107. Thanks!
  4. Since upgrading to Endpoint Configuration Manager 2107, our Win 8.1 laptops have not been communicating with Config manager. It looks like they upgraded to the new client, then stopped communicating. We do not use PKI certificates and since the upgrade, I believe I've made the correct changes to use enhanced http. The problem laptops show Client Certificate: None, rather than Self-Signed. Some reading has led me to believe that this is something to do with a new feature of 2107 that states "When you update the site and clients to version 2107, the client stores its certificate from the site in a hardware-bound key storage provider (KSP). This KSP is typically the trusted platform module (TPM) at least version 2.0". Examples of errors in client logs are - Failed to get certificate. Error: 0x80004005 Failed to set ACL to key, 0x80090029 The primary key is not found from provider Microsoft Platform Crypto Provider Does anyone have any idea how to fix this, so that clients speak to config manager again? Some forum posts suggest using a reg key HKLM\Software\Microsoft\CCM\DWORD:UseSoftwareKSP=1, but I don't want to apply that without properly understanding the implications.
  5. I am testing what happens when users enter their bitlocker PIN wrong too many times, but cannot find a way to access the password to unlock the TPM. I believe all that is visible is a hash of it. Does anyone have any info on this? At the moment, all i can do is leave the computer logged in with recovery key and left active until the TPM reset period passes.
  6. I have SCCM deploying Windows 8.1 via a task sequence using x64 boot image but it only works when i set BIOS to legacy. This is an issue as we have some newer PCs which use TPM 2.0 and require UEFI. When i change bios to UEFI, i cannot PXE boot. I get the message 'Start PXE over ipv4' then it moves onto 'Start PXE over ipv6', but never actually PXE boots and just loops. Can anyone help?
  7. Hi Anyweb, I tried using your steps, but i can't distribute the empty package to the DP, as it is greyed out, presumably because it is an empty package. Is there a way around this? I only want to run two lines of powershell, is the package method the best way and how can i make it work? Task sequence fails with 0x80070002 error, because it can't find the package.
  8. Is it possible for me to use a task sequence to pre provision and setup bitlocker on an existing drive? I don't want to have to reinstall OS on existing machines in order to get this working. So, we have OS already installed and i want to use a task sequence to perhaps shrink volume and create a new bitlocker volume, then enable bitlocker.
  9. Hi Garth, I'm not sure at what point i had posted the original query but it was either the firewall or the fact that we only ever had one Active Directory Site in Sites and Services. Recently, our Network administrator created new sites and hadn't added our subnets into Sites and services, so i think this was causing an issue trying to contact the DP. Thanks for your help.
  10. I'm hoping this should be a fairly easy one for someone to help with. When my task sequence finishes and OS is installed, i see the folder C:\Users\ADMINI~1 What is this folder used for? I set the administrator account to active and set a password in my task sequence and it works fine, so is this folder just something used by SCCM? I saw this article https://social.technet.microsoft.com/Forums/en-US/d4a29c47-0d1f-4069-8160-e0b8c10f296f/cusersadmini1?forum=configmanagerosd but, my logs are definitely in the location C:\Windows\CCM\Logs, so i don't think it's that the logs are trying to be copied somewhere else. It is confusing, because our task sequence is very basic, we really aren't doing very much customisation at all in it. We have a captured WIM and apply licence key and administrator password and not very much else.
  11. Solved. We only ever had one Active Directory Site in Sites and Services. Recently, our Network administrator created new sites and hadn't added our subnets into Sites and services, so i think this was causing an issue trying to contact the DP.
  12. My task sequence fails with - "this task sequence cannot run because the program files for 00100002 cannot be located on a distribution point" (00100002 is config manager client). Does anyone have any idea why? I notice that my client package says 0 programs and has DEPLOY greyed out, so cant be deployed. Has anyone seen this before? the 'version' field is also blank
  13. Thank you. I think this thread can now be closed.
  14. I recently upgraded from R2 to 1511 and set the hierachy settings to auto update clients. This worked on a couple of test machines but failed on two others. The scheduled task appears after a policy retreival but when it runs it fails with the errors below. Can anyone help? i'm new to SCCM and struggling with this one. It seems to be failing with pre reqs (.NET i think). Thanks.
  15. What does "wdsnbp started using dhcp referral" mean when doing a PXE boot? I've got DHCP on a seperate server to SCCM, is this message normal?
  16. Hi, We currently have a server which handles DHCP and WDS (lets say server A) I've set up a new SCCM server (server B ) and would like PXE boot request to be handled by the new SCCM server, whilst keeping DHCP on the old server (A). At the moment, DHCP points PXE requests to the same server (A). Despite deselecting the option in WDS to use this server for PXE, im not sure what changes i have to make to make server A give a DHCP IP offer then send to server B for handling PXE boot. I'm also unclear whether i need to use WDS at all on the new SCCM server, in conjunction with system center, or whether system center can handle PXE all by itself. Sorry to unclear; i'm a newbie to SCCM. Paul
  17. Hi, It's looking like this might have been a central firewall issue, it's been flagged up and a firmware upgrade is taking place, so fingers crossed it might kick into life tomorrow. I don't think the rules in place were actually taking effect. Thanks for all your help, i'll write back if this is solved.
  18. Yes, the IP of the client does appear in the logs
  19. It will be for that client, as i've only deployed to one client so far as a test. I'm confused how this part can look ok, yet im getting 'failed to send management point list location request' and 'GetDpLocations failed'. What's the next thing for me to check? Thanks again for your help
  20. Thanks. Do these lines suggest the request meets the MP or not?
  21. I've also tried with local firewalls on server and client turned off. Config manager on the client has a site code but seems to not be talking to the MP (everything is on one box in our setup) - despite config manager properties saying 'Assigned Management Point - <SERVER NAME>'
  22. I can't seem to find IIS logs. Shouldn't they be in %WINDIR%\System32\logfiles\W3SVC1 ? i can't see this folder - perhaps i dont have IIS logging turned on?
  23. We have opened everything up on central firewall and windows firewall for it, so that should be ok. MP installation seems to have completed successfully and client does have site code assigned. What can i check with regards to cert? I'm not sure im permitted to send full logs over i'm afraid (ill check that), but ClientLocation.log looks clear and states that 'client is now assigned to site 001'. However, LocationServices log is showing on of the errors from my original post 'failed to send management point list location request' Attached is the error from ccmsetup Thanks for your help with this
  24. I have set up a fresh instance of SCCM for the first time. Everything looks in order, just the one boundary (AD site) and boundary group. Client deploy but only shows 2 tasks (machine cycle and user cycle) and doesn't talk back to SCCM, therefore shows as clients 'none' in the console. I can see the following errors: failed to send management point list location request failed to send registration request 0x87d00231 GetDPLocations failed with error 0x80072efe Failed to get DP locations as the expected versions from MP 'ServerName' error 0x80072efe I've been looking into this for some time to no avail. Help would be massively appreciated.
  • Create New...