Jump to content


PH25

Established Members
 View Profile  See their activity

  • Posts

    27

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Posts posted by PH25

  2. Failed to create/backup SQL SSB certificate error when moving SCCM database

    in System Center Configuration Manager (Current Branch)

    Posted

    Hi,

    Has anyone come across this before? I am moving our SCCM database from SQL 2012 on a 2012r2 server to SQL 2019 on a 2019 server, by recovering from a backup.  All seems to have gone fine, until the final step of running config manager setup again to choose the site maintenance option, to 'modify SQL server configuration', in order to point SCCM to the new server that is now hosting the database.
     

     ERROR: SQL Server error: [42000][137][Microsoft][SQL Server Native Client 11.0][SQL Server]Must declare the scalar variable "@String". : dbo.spCreateAndBackupSQLCert
    Create_BackupSQLCert : Failed to execute spCreateAndBackupSQLCert
    CSiteControlSetup::SetupCertificateForSSB : Failed to create/backup SQL SSB certificate.
    ERROR: Failed to set up SQL Server certificate for service broker on "SERVER NAME" .


    I have enabled broker, set trustworthy on and honor broker priority on, on the new instance before running setup.exe again.  

    From some reading online, I believe it could be something to do with setting up SCCM initially with one account, but then changing it to another domain account running the service(s) and now somehow not being able to unlock the master key for the database certs.  Sorry if this is making no sense, I am no SQL expert.

    Being right at the final stage of moving the database, I'm really stuck with this issue now, so any advice/pointers would be greatly welcomed, even if it's just to point me in the direction of which account I need to try to figure out was initially running things - I'm not clear whether that means the account running the config mgr console, the database instance, or the running the sql or sccm services.

    Thanks
    Paul

  4. SCCM BUILT IN BITLOCKER REPORTS

    in Reports

    Posted

    Ah thanks for this. I'll take a look.

    I didn't get a notification for this for some reason (they are turned on), so sorry for the slow reply.

    I don't see the BitLocker category under 'Reports' at all.  I know that we do not use PKI certificates, so having had a quick glance at your posts, I guess this could cause a problem down the line with using the integrated BitLocker features, but shouldn't the reports at least be visible since I upgraded to 2107?

    image.png.f069b44e6980d5eb06ea47011fd8914b.png

  5. SCCM BUILT IN BITLOCKER REPORTS

    in Reports

    Posted

    I'm looking to use the built in BitLocker reports.
    https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/view-reports

    I am running config mgr 2107, so believe they should be there, but I don't see them.

    Does anyone know how I make them appear? 
    I've only just enabled the Bitlocker Management feature.  Is this a factor? We do not use config mgr to administer BitLocker but I'm hoping that I can still access the reports.  It doesn't look like I have any new reports available since upgrading to 2107.

    Thanks!

     

  6. Win 8.1 "Failed to get certificate" since 2107 upgrade

    in System Center Configuration Manager (Current Branch)

    Posted

    Since upgrading to Endpoint Configuration Manager 2107, our Win 8.1 laptops have not been communicating with Config manager.
    It looks like they upgraded to the new client, then stopped communicating.  We do not use PKI certificates and since the upgrade, I believe I've made the correct changes to use enhanced http.

    The problem laptops show Client Certificate: None, rather than Self-Signed.

    Some reading has led me to believe that this is something to do with a new feature of 2107 that states "When you update the site and clients to version 2107, the client stores its certificate from the site in a hardware-bound key storage provider (KSP). This KSP is typically the trusted platform module (TPM) at least version 2.0".

    Examples of errors in client logs are -

    Failed to get certificate. Error: 0x80004005

    Failed to set ACL to key, 0x80090029

    The primary key is not found from provider Microsoft Platform Crypto Provider

    Does anyone have any idea how to fix this, so that clients speak to config manager again?
    Some forum posts suggest using a reg key HKLM\Software\Microsoft\CCM\DWORD:UseSoftwareKSP=1, but I don't want to apply that without properly understanding the implications.

  7. How to access TPM reset password

    in Windows 8

    Posted

    I am testing what happens when users enter their bitlocker PIN wrong too many times, but cannot find a way to access the password to unlock the TPM. I believe all that is visible is a hash of it.

    Does anyone have any info on this? At the moment, all i can do is leave the computer logged in with recovery key and left active until the TPM reset period passes.

  8. PXE works with Legacy but not UEFI

    in Deploy 8

    Posted

    I have SCCM deploying Windows 8.1 via a task sequence using x64 boot image but it only works when i set BIOS to legacy.

    This is an issue as we have some newer PCs which use TPM 2.0 and require UEFI. When i change bios to UEFI, i cannot PXE boot. I get the message 'Start PXE over ipv4' then it moves onto 'Start PXE over ipv6', but never actually PXE boots and just loops.

    Can anyone help?

    • Like 1

  12. C:\Users\ADMINI~1 Folder

    in Deploy 8

    Posted

    I'm hoping this should be a fairly easy one for someone to help with.

    When my task sequence finishes and OS is installed, i see the folder C:\Users\ADMINI~1

    What is this folder used for?

    I set the administrator account to active and set a password in my task sequence and it works fine, so is this folder just something used by SCCM?

    I saw this article https://social.technet.microsoft.com/Forums/en-US/d4a29c47-0d1f-4069-8160-e0b8c10f296f/cusersadmini1?forum=configmanagerosd

     

    but, my logs are definitely in the location C:\Windows\CCM\Logs, so i don't think it's that the logs are trying to be copied somewhere else. It is confusing, because our task sequence is very basic, we really aren't doing very much customisation at all in it. We have a captured WIM and apply licence key and administrator password and not very much else.

  15. Task sequence cannot run because the program files cannot be located on a distribution point

    in Deploy 8

    Posted

    My task sequence fails with - "this task sequence cannot run because the program files for 00100002 cannot be located on a distribution point" (00100002 is config manager client).

    Does anyone have any idea why?

    I notice that my client package says 0 programs and has DEPLOY greyed out, so cant be deployed. Has anyone seen this before? the 'version' field is also blank

    post-30630-0-01386300-1460562922.jpg

     

     

     

     

  19. Move PXE boot from WDS to SCCM

    in Deploy 8

    Posted

    Hi,

    We currently have a server which handles DHCP and WDS (lets say server A)

    I've set up a new SCCM server (server B ) and would like PXE boot request to be handled by the new SCCM server, whilst keeping DHCP on the old server (A). At the moment, DHCP points PXE requests to the same server (A).

    Despite deselecting the option in WDS to use this server for PXE, im not sure what changes i have to make to make server A give a DHCP IP offer then send to server B for handling PXE boot.

    I'm also unclear whether i need to use WDS at all on the new SCCM server, in conjunction with system center, or whether system center can handle PXE all by itself.

    Sorry to unclear; i'm a newbie to SCCM.

    Paul

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.