spgsitsupport

Anybody? The workaround can be extended to scheduled task using appcmd to run every xx minutes, but surely this subfolder should NOT be accessed in FULL OS %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/NOCERT_SMS_DP_SMSPKG$" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:"True" /commit:apphost

This is a workable temporary workaround, as I believe the Anonymous Authentication get periodically (nightly) reset back to defaults (which is Disabled for the Virtual directory) Seb

And for the ie Intel chipset you ONLY want to use the ones that are actually used on the very hardware. Otherwise SCCM makes a mess of it. By default it can create 600Mb package from 11.4 Mb driver set (as it multiples 11.4 by as many inf as exists in the folder) Awful beahviour! Setup.exe –AONLY -OVERALL –p C:\temp\chipset from this blog combats this behaviour

Step after Setup Windows and ConfigMgr Workstation restarts & next Group is Install Packages At which point we are in FULL OS Yet InstallSoftware wants to download the package from /NOCERT_SMS_DP_SMSPKG$/ instead of /SMS_DP_SMSPKG$/ (using SSL certificate) In SSL, but with no client cert is TOTALLY wrong, as it registered CM client to MP using machine certificate! Retrieving value from TSEnv for '_SMSTSPolicySP1000B8_Install' ::DecompressBuffer(65536) Decompression (zlib) succeeded: original size 3064, uncompressed size 38564. ADV_AdvertisementID=SP1200E3 PKG_PSF_ContainsSourceFiles=TRUE ResolveSource flags: 0x00000000 SMSTSPersistContent: . The content for package SP1000B8 will be persisted DownloadOnDemand flag is true. Attempting to download content locally for Package SP1000B8. Locations: Multicast = 0, HTTP = 1, SMB = 0. Package Flags: 0x01000000 Multicast is not enabled for the package. Trying https://sccm.domain.local/NOCERT_SMS_DP_SMSPKG$/SP1000B8. GetDirectoryListing() entered Initializing HTTP transport. Setting URL = https://sccm.domain.local/NOCERT_SMS_DP_SMSPKG$/SP1000B8. Address=https://sccm.domain.local, Scheme=https, Object=/NOCERT_SMS_DP_SMSPKG$/SP1000B8, Port=443. Setting Authenticator. Set authenticator in transport Setting Media Certificate. WinHttp credentials set CLibSMSMessageWinHttpTransport::Send: URL: sccm.domain.local:443 PROPFIND /NOCERT_SMS_DP_SMSPKG$/SP1000B8 In SSL, but with no client cert 401 - Unsuccessful with anonymous access. Retrying with context credentials. Using thread token for request Error. Status code 404 returned dwHttpResultCode >= 200 && dwHttpResultCode <= 299, HRESULT=80190194 (e:\qfe\nts\sms\framework\tscore\downloadcontent.cpp,832) Http result: 404 Anybody has any idea why it goes so wonky? Seb

Yeh, I have it doing it TWICE as well on 2012 R2 SP1 on bog standard

Access to either: https://SCCM_SERVER_FDDN/sms_mp/.sms_aut?mplist https://SCCM_SERVER_FDDN/sms_mp/.sms_aut?mpcert is ONLY allowed if correct certificate is installed in user's MY store for the user that accesses the very site So if one does it as logged in user, it certificate my be in THIS USER MY store

Did you ever get this sorted? Seb

Days & days of testing & it always fails the same What is the purpose of client setup trying to download components from server when local copy is already available? Seb

Still no joy! Added certificate during Windows setup as per this or this Lost all https errors in the log, but client install still errors out. It still insist on downloading the source files INSTEAD of using the lot on the local drive (even the setup line specifies this!) Command line: "C:\_SMSTaskSequence\OSD\SP1000D6\ccmsetup.exe" /useronly /source:C:\_SMSTaskSequence\OSD\SP1000D6 /config:MobileClient.TCF /status:572 Copying config file from C:\_SMSTaskSequence\OSD\SP1000D6\MobileClient.TCF to folder C:\WINDOWS\ccmsetup\. Return result: 0x0 SslState value: 224 CCMHTTPPORT: 80 CCMHTTPSPORT: 443 CCMHTTPSSTATE: 31 CCMHTTPSCERTNAME: Lookup MP: HTTPS://sccm.sccm.domain.LOCAL FSP: sccm.domain.LOCAL CCMFIRSTCERT: 1 Config file: C:\WINDOWS\ccmsetup\MobileClientUnicode.tcf Retry time: 10 minute(s) MSI log file: C:\WINDOWS\ccmsetup\Logs\client.msi.log MSI properties: INSTALL="ALL" FSP="sccm.domain.LOCAL" SMSMP="HTTPS://sccm.domain.LOCAL" CCMDEBUGLOGGING="1" CCMLOGLEVEL="0" CCMLOGMAXSIZE="52488000" CCMLOGMAXHISTORY="5" CCMHTTPSSTATE="31" SMSCACHEFLAGS="PERCENTDISKSPACE;NTFSONLY" SMSCACHESIZE="15" SMSPROVISIONINGMODE="1" SMSSITECODE="SP1" CCMHTTPPORT="80" CCMHTTPSPORT="443" SMSSLP="HTTPS://sccm.domain.LOCAL" CCMFIRSTCERT="1" Source List: \\sccm.domain.local\SMSClient C:\_SMSTaskSequence\OSD\SP1000D6 \\sccm.domain.LOCAL\SMSClient MPs: https://sccm.domain.local No version of the client is currently detected. . . . . PROPFIND 'https://sccm.domain.local/NOCERT_SMS_DP_SMSPKG$/SP100017' Got 401 challenge Retrying with Windows Auth... PROPFIND 'https://sccm.domain.local/NOCERT_SMS_DP_SMSPKG$/SP100017' No transform available for this locale. Installation will proceed with no transformation. File 'C:\WINDOWS\ccmsetup\vcredist_x86.exe' doesn't exist. File 'C:\WINDOWS\ccmsetup\vcredist_x64.exe' doesn't exist. File 'C:\WINDOWS\ccmsetup\vc50727_x64.exe' doesn't exist. File 'C:\WINDOWS\ccmsetup\MicrosoftPolicyPlatformSetup.msi' doesn't exist. File 'C:\WINDOWS\ccmsetup\WindowsFirewallConfigurationProvider.msi' doesn't exist. File 'C:\WINDOWS\ccmsetup\Silverlight.exe' doesn't exist. File 'C:\WINDOWS\ccmsetup\SCEPInstall.exe' doesn't exist. Failed to download client files by BITS. Error 0x800704dd Failed to get client version for sending state messages. Error 0x8004100e Enumerated all 2 local DP locations but none of them is good. Fallback to MP. Failed to download client files by BITS. Error 0x800704dd Deleted file C:\WINDOWS\ccmsetup\ccmsetup.xml CcmSetup failed with error code 0x800704dd

So much take on this, that I will answer myself... Just edited the last step (Capture WIM) in TS to cmd /c net use L: \\mdtserver\deploymemntshare$\captures && Dism /Capture-Image /ImageFile:L:\Win7Img.wim /CaptureDir:D:\ /Name:"Windows 7 x64 Sysprep" /Compress:MAX /configfile:L\config.ini Seb

Anybody? After domain join (it is without reboot, as Setup Windows and ConfigMgr step does NOT have it programmed), CCM client setup insists on downloading setup files from https:// (instead of using local package) Download fails: Begin to select client certificate The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. There are no certificates in the 'MY' store. GetSSLCertificateContext failed with error 0x87d00280 Failed to get client version for sending state messages. Error 0x8004100e Params to send '5.0.8239.1203 Deployment Error: 0x87d00280, A Fallback Status Point has not been specified and no client was installed. Message with STATEID='315' will not be sent. Failed to send status 315. Error (87D00215) GetHttpRequestObjects failed for verb: 'CCM_POST', url: 'https://domain.local/ccm_system/request' GetDPLocations failed with error 0x87d00280 Failed to get DP locations as the expected version from MP 'https://domain.local'. Error 0x87d00280 Failed to get client version for sending state messages. Error 0x8004100e Params to send '5.0.8239.1203 Deployment Error: 0x87d00280, A Fallback Status Point has not been specified and no client was installed. Message with STATEID='101' will not be sent. Failed to send status 101. Error (87D00215) I can F8 & at command prompt import, import reg file Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment] "AEPolicy"=dword:00000007 run certutil -pulse to obtain certificates, but by then I get error from ccmsetup: Downloading C:\_SMSTaskSequence\Packages\SP1000D6\ccmsetup.exe to C:\WINDOWS\ccmsetup\ccmsetup.exe Running as user "SYSTEM" Only one MP https://domain.local is specified. Use it. Domain joined client is in Intranet >>> Client selected the PKI Certificate [Thumbprint 5363BAB0A1546520B9D7C824F0154BF6EB883DEB] issued to 'MAINT-JVZHQ52.DOMAIN.local' File 'C:\WINDOWS\ccmsetup\vc50727_x64.exe' doesn't exist. File 'C:\WINDOWS\ccmsetup\MicrosoftPolicyPlatformSetup.msi' doesn't exist. File 'C:\WINDOWS\ccmsetup\WindowsFirewallConfigurationProvider.msi' doesn't exist. File 'C:\WINDOWS\ccmsetup\Silverlight.exe' doesn't exist. File 'C:\WINDOWS\ccmsetup\SCEPInstall.exe' doesn't exist. Failed to download client files by BITS. Error 0x800704dd Failed to get client version for sending state messages. Error 0x8004100e Params to send '5.0.8239.1203 Deployment Error 0x800704dd. Path https://domain.local/NOCERT_SMS_DP_SMSPKG$/SP100017' A Fallback Status Point has not been specified and no client was installed. Message with STATEID='309' will not be sent. Failed to send status 309. Error (87D00215) ccmsetup 10/11/2015 12:20:57 1864 (0x0748) Failed to download from DP 'https://domain.local/NOCERT_SMS_DP_SMSPKG$/SP100017', error 0x800704dd. PROPFIND 'https://domain.local/SMS_DP_SMSPKG$/SP100017' Using DP location https://domain.local/SMS_DP_SMSPKG$/SP100017 Failed to download client files by BITS. Error 0x800704dd Failed to download from DP 'https://domain.local/SMS_DP_SMSPKG$/SP100017', error 0x800704dd. Enumerated all 2 local DP locations but none of them is good. Fallback to MP. Failed to download client files by BITS. Error 0x800704dd Deleted file C:\WINDOWS\ccmsetup\ccmsetup.xml CcmSetup failed with error code 0x800704dd Obviously something is not happy (including me) How do people deal with SSL on MP? Is there a way to specify /source: switch for Setup Windows and ConfigMgr step? Or is that another design quirk? Seb

MDT assisted TS. I can see that client package is downloaded during TS, but when the install happens (in Setup Windows and ConfigMgr step), it does not use local source, but tries to pull it via https:// I would expect it to install from existing local source (as it is all there) Anybody has any ideas why? Seb

Followed rather simple guide Pause works OK, one can do "by hand" customization of the OS. On resume all works OK till the actual capture process, which fails with FAILURE (5456): Unable to determine Destination Disk, Partition, and/or Drive The are references to this error like ie here, but that relates to image RESTORE, while I have it in the CAPTURE process I can of course do F8 & run capture by hand, which works fine Dism /Capture-Image /ImageFile:L:\Win7Img.wim /CaptureDir:D:\ /Name:"Windows 7 x64 Sysprep" /Compress:MAX Also, last step in MDT TS is Create WIM = cscript.exe "%SCRIPTROOT%\ZTIBackup.wsf" but ZTIBackup.wsf does NOT even exists in MDT created LiteTouchPE_x64.wim Anybody having any idea what does actually fail? I expect that one reason as missing variables %SCRIPTROOT% does not exists The bdd.log has no entries of any value Seb

And what difference virtual or physical? None as far as I can see Do it from command line (not GUI), so you will get at least output that means something Seb

Just keep Updates folder in Office installation upto date & ALL updates will be installed during setup Just name them in numerical order Use ie. WHDownloader Makes life so much easier... This is a nice read

Give him a chance Garth...

Sadly batch files are the only way to do it, as it is one of many CM shortfalls (proper registry management, with visual selection - something that would just work, without possibility of an error)

For my own benefit (and maybe somebodys' else) tha plan should really involve: deciding if to use (YES) MDT with SCCM - Quick Start Guide for System Center 2012 R2 Configuration Manager and/or MDT or SCCM decide what kind of image one wants to be able to deploy - thick, thin, hybrid learn what Task Sequence Steps in Configuration Manager are & what they are actually doing learn the same for MDT (if/when integrated to SCCM) - Toolkit Reference Task Sequence Steps read up ie Customizing the Default User Profile in Windows 7 or A Better Way to Customize the Windows Default Profile decide if using SCEP and if so if Endpoint Protection client is embedded in the OS image or Operating System Deployment and Endpoint Protection Client Installation or Installing Endpoint Protection During A Task Sequence learn CustomSettings.ini – Explained And then test, read log files, test again. It will eventually come perfect. Then one can start adding any other clever steps like ie SCCM 2012 Task Sequence Success Email Notifications I am sure most of the guides are on this site as well Seb

The course is a total waste of time & money I see that providing tons of possible options & commands, but without any practical examples makes SCCM extremely unhelpful Also moving from ZCM (management decision) I am not going with anything fancy. Take existing image, apply it, join AD, install client, register with SCCM, install a package - that is for start Seb

Still can not get my head round the way SCCM works. SCCM 2012 R2 with MDT 2013 SP1 integrated Syspreped reference image W7 x64, captured to wim I need to deploy it to a Collection, so during the build correct drivers (already in SCCM) get applied, domain is joined, SCCM client is installed & maybe a single package is installed. Really can not get correct TS working (created TS using MDT Task Sequence) with boot image created using MDT) PXE boots fine, and what I get is now what I would expect. Is there any exported sample TS that would be handy for checking? Thanks Seb

No, there is NOTHING there (at least visible). Sysnative is an alias as per this - File System Redirector Which could explain why "A subdirectory or file c:\windows\sysnative already exists" come up, but if that is so then it should come up in both cases .cmd can NOT behave different (or at least SHOULD NOT) if invoked from CM agent or by hand from same security context Seb The whole point of this is that I have a new (Sibelius 8) software that comes as a single .exe but is a mess Comes with silent install switches for install, but no extraction switch exe installer is 32-bit Inside this Installshield executable there are few bits (that I can not extract): prereqs (like runtimes & own set of fonts that gets installed) and two separate msi One msi is 32-bit, second is 64-bit. So when exe runs, it installs prereqs WITHOUT them being explicitly extracted, and then extracts both msi to %userprofile%/Appdata/local/Downloaded Installations As the Package/Program is run with administrative privileges the msi are extracted to: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Downloaded Installations due to the redirector (32-bit exe on 64-bit OS) But when the msiexec is invoked it wants to run the msi from C:\Windows\System32\config\systemprofile\AppData\Local\Downloaded Installations as at this point it is 64-bit program on 64-bit OS Of course it fails, as the msi is not in there So I need to force the exe to run as native & extract it to System32 If I do create c:\windows\sysnative by hand with above batch file and then run program via CM c:\windows\sysnative\cmd /c executable_to_install_what I need it works fine! But if I use (without anything being created) in CM %systemroot%\sysnative\cmd /c executable_to_install_what I need it does behave in same way as if it was just run directly (with extraction to SysWOW64) (almost as if CM parses the command for execution in some odd way) I even tried the "recommended way" (running batch file) IF "%PROCESSOR_ARCHITEW6432%"=="" GOTO native %SystemRoot%\Sysnative\cmd.exe /c %0 %* Exit :native command_to_execute_goes_here Still lands up in SysWOW64 Ofcourse I can do it via Application (but that is not the point here) In the end I extracted the exe with MSI Based (may not result in a usable image for an InstallScript MSI installation): setup.exe /a /s /v"/qn TARGETDIR=\"choose-a-location\"" or, to also extract prerequisites (for versions where it works), setup.exe /a"choose-another-location" /s /v"/qn TARGETDIR=\"choose-a-location\""

SCCM run .cmd file gives: C:\Windows\system32>mkdir c:\windows\sysnative & copy c:\windows\system32\cmd. exe c:\windows\sysnative\ A subdirectory or file c:\windows\sysnative already exists. Access is denied. 0 file(s) copied. Same .cmd run by hand from NT AUTHORITY\\SYSTEM CMD gives perfect: C:\Windows\system32>mkdir c:\windows\sysnative & copy c:\windows\system32\cmd. exe c:\windows\sysnative\ 1 file(s) copied.

I have a single liner: that SCCM manages to fail: Command line arguments when parsed cmd.exe execmgr 23/10/2015 15:52:19 3156 (0x0C54) Command line arguments when parsed /c execmgr 23/10/2015 15:52:19 3156 (0x0C54) Command line arguments when parsed "mkdir c:\windows\sysnative & copy c:\windows\system32\cmd.exe c:\windows\sysnative\" execmgr 23/10/2015 15:52:19 3156 (0x0C54) WTSQueryUserToken[2](SessionID=1) retried 0 times! execmgr 23/10/2015 15:52:19 3156 (0x0C54) !sTempString.empty(), HRESULT=80070057 (e:\qfe\nts\sms\framework\core\ccmcore\string.cpp,1109) execmgr 23/10/2015 15:52:19 3156 (0x0C54) !sTempString.empty(), HRESULT=80070057 (e:\qfe\nts\sms\framework\core\ccmcore\string.cpp,1109) execmgr 23/10/2015 15:52:19 3156 (0x0C54) CProgramExecution::CProgramExecution execmgr 23/10/2015 15:52:19 3156 (0x0C54) Executing program as a script execmgr 23/10/2015 15:52:19 3156 (0x0C54) File cmd.exe is not a valid executable file execmgr 23/10/2015 15:52:19 3156 (0x0C54) Successfully prepared command line "c:\windows\system32\cmd.exe" /c "mkdir c:\windows\sysnative & copy c:\windows\system32\cmd.exe c:\windows\sysnative\" execmgr 23/10/2015 15:52:19 3156 (0x0C54) Command line = "c:\windows\system32\cmd.exe" /c "mkdir c:\windows\sysnative & copy c:\windows\system32\cmd.exe c:\windows\sysnative\", Working Directory = c:\windows\system32\ execmgr 23/10/2015 15:52:19 3156 (0x0C54) Running "c:\windows\system32\cmd.exe" /c "mkdir c:\windows\sysnative & copy c:\windows\system32\cmd.exe c:\windows\sysnative\" with 32bitLauncher execmgr 23/10/2015 15:52:19 3156 (0x0C54) Created Process for the passed command line execmgr 23/10/2015 15:52:19 3156 (0x0C54) Raising event: [SMS_CodePage(850), SMS_LocaleID(2057)] instance of SoftDistProgramStartedEvent { AdvertisementId = "SP1200D3"; ClientID = "GUID:1EB73940-EDF2-4306-A7FB-B3134C80FE41"; CommandLine = "\"c:\\windows\\system32\\cmd.exe\" /c \"mkdir c:\\windows\\sysnative & copy c:\\windows\\system32\\cmd.exe c:\\windows\\sysnative\\\""; DateTime = "20151023145219.802000+000"; MachineName = "E5520-xxxxxx"; PackageName = "SP1000A5"; ProcessID = 3048; ProgramName = "Sysnative"; SiteCode = "SP1"; ThreadID = 3156; UserContext = "NT AUTHORITY\\SYSTEM"; WorkingDirectory = "c:\\windows\\system32\\"; }; execmgr 23/10/2015 15:52:19 3156 (0x0C54) Script for Package:SP1000A5, Program: Sysnative failed with exit code 1 execmgr 23/10/2015 15:52:19 4624 (0x1210) Running it from NT AUTHORITY\\SYSTEM (with psexec) works perfectly fine (how could it fail) Yet it does fail while running from Software Center Anybody any ideas? Thanks Seb

I have it setup this way using Syslinux 4.0.6 (seems that 6.0.1/2 do not work due to chainload freezes as per this): pxelinux.0 being served from SCCM PXE (DHCP entry), which presents menu via RemoteInstall\SMSBoot\x86\default (boot local HD, boot SCCM, boot to my OTHER menu where I boot iPXE undionly.0 (undionly.kpxe * created with specific internal script using make EMBEDDED_IMAGE= to autoload pxelinux.cfg\default from my other server) & then boot anything via IIS http (way faster then tftp) #!ipxe dhcp net0 set 209:string pxelinux.cfg/default set 210:string http://10.0.0.55/tftpboot/ chain ${210:string}pxelinux.0 * .kkpxe: PXE NBP payload which keeps vendor-provided (non-[g|i]PXE) UNDI and vendor-provided (non-[g|i]PXE) PXE intact "pxe http iso boot" search on reboot.pro will give even more info, and also forum.ipxe.org # default on SCCM server DEFAULT vesamenu.c32 PROMPT 0 timeout 80 TOTALTIMEOUT 9000 MENU TITLE PXE Boot Menu (x86) MENU INCLUDE pxelinux.cfg/graphics.conf MENU AUTOBOOT Starting Local System in 8 seconds label localboot MENU LABEL Boot from first hard drive COM32 chain.c32 APPEND hd0 0 timeout 80 label sccm menu label Start SCCM 2012 R2 COM32 pxechn.c32 APPEND 10.0.0.86::smsboot\x86\wdsnbp.com -W label tftp-other menu label Back to SPGS default PXE menu COM32 pxechn.c32 APPEND 10.0.0.55::undionly.0 LABEL Abort MENU LABEL Exit KERNEL abortpxe.0 # default on my OTHER server DEFAULT vesamenu.c32 menu hshift 0 menu width 59 menu margin 8 menu color title * #FFFFFFFF * menu color border * #00000000 #00000000 none menu color sel * #ffffffff #999999ff * menu color hotsel 1;7;37;40 #ffffffff #999999ff * menu color tabmsg * #ffffffff #00000000 * menu vshift 8 menu rows 16 menu helpmsgrow 16 prompt 0 allowoptions 1 MENU BACKGROUND pxelinux.cfg/boot.png MENU TITLE SPGS PXE Boot Menu LABEL localboot MENU LABEL Boot from first hard drive COM32 chain.c32 APPEND hd0 0 timeout 80 LABEL TinyCore-Ghost MENU LABEL TinyCore with Ghost kernel tinycore/withGhost/vmlinuz append initrd=tinycore/withGhost/core.gz cde vga=791 nozswap LABEL HTTP-grub.exe-win7pe MENU PASSWD *********************** MENU label http Win7PE iso - command line LINUX grub.exe INITRD http://10.0.0.55/tftpboot/isos/win7pe.iso APPEND --config-file="map (rd)+1 (hd32); map --hook; root (hd32); chainloader (hd32)" LABEL wimboot MENU PASSWD *********************** MENU label wimboot multiWin7PE - Gui KERNEL ipxe.lkrn initrd wim-boot.ipxe where wim-boot.ipxe is: #!ipxe dhcp net0 && echo IP address: ${net0/ip} ; echo Subnet mask: ${net0/netmask} kernel http://10.0.0.55/tftpboot/wimboot initrd http://10.0.0.55/tftpboot/BOOTMGR BOOTMGR initrd http://10.0.0.55/tftpboot/BOOT/BCD BCD initrd http://10.0.0.55/tftpboot/BOOT/BOOT.SDI BOOT.SDI initrd http://10.0.0.55/tftpboot/boot/WINPE.WIM BOOT.WIM boot One could read more here or here

Go with local AD CA (easiest to manage, cheapest etc) Seb