Jump to content


Lagamorph

Established Members
  • Posts

    48
  • Joined

  • Last visited

Recent Profile Visitors

1,384 profile views

Lagamorph's Achievements

Newbie

Newbie (1/14)

3

Reputation

  1. Unfortunately the reason I'm using standalone media is that the servers are more often than not connected to networks where DHCP is disabled at the switch level for security, so the task sequence can't contact any external server at all. And we have so many different internal network ranges that putting a script into the task sequence to configure a temporary manual IP isn't possible.
  2. Hi all, So I'm possibly looking to do the impossible here but thought I would ask the question. At the moment my standalone media prompts with a UDI wizard to complete details such as hostname, OU and security policies, but I'm currently working on a Powershell script to automate Offline/Standalone SCCM builds of physical servers which aren't able to connect back to the SCCM infrastructure, but where the iLO can be reached remotely. This script will prompt a user to input details such as a hostname and some other custom variables that are in the UDI wizard at the moment, then using HPEiLOCmdlets it will connect to the iLO, mount an ISO and boot from it. Now I realise that the script won't be able to pass variables into the task sequence directly once the iLO boots from the ISO, but I'm wondering if there's any kind of alternative methods I can use to do this. One thought I had was, is it possible for these variables to be stored in a file on the ISO itself somewhere that the task sequence can then reference? My thinking is that the script will take a temporary copy of the 'Master' ISO, mount it, create and inject a file with the details input into the script to the ISO, then mount that onto the iLO. Once the build is complete the temporary copy of the ISO is deleted. Is anything like that possible? Or is there another possible way of doing what I'm trying to do? For most things I could even have separate ISOs for things like which security packages to apply and such, the main thing that I'd need to be able to control from the script is the hostname the server is built with, rather than it being built with a generic hostname that needs to be changed later.
  3. Bit of a long shot and I suspect this isn't something that can't be done (at least not easily) but is there any way to find out what collections a machine in SCCM used to be a member of but is no longer? I've got a server that appears to have been part of a patching collection with a maintenance window, but isn't any longer, and I'm wanting to confirm it was indeed a part of that collection. Even more I'd like to see when the server was removed from the collection and by who if it were at all possible. Is there any record, either within SCCM itself or in the logs on the actual server, of collections that the server used to be a member of?
  4. Looking at the ClientLocation.log I think I see that it's a certificate issue, there are errors for, Failed in WinHttpReceiveResponse API, ErrorCode = 0x2f0c [CCMHTTP] ERROR: URL=https://<MPFQDN>/SMS_MP/.sms_aut?SITESIGNCERT, Port=443, Options=31, Code=12044, Text=ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED Looks like I'll need to speak to some people who aren't back in the office until Friday
  5. Hi all, I've created a Task Sequence to deploy a non-domain joined Windows Server 2016 build however it fails whenever trying to install an Application with the following error, "Failed to run the action: Install Nagios Opsview. Required management point not found (Error: 87D00269; Source: CCM)" I've found this thread on the issue, https://www.windows-noob.com/forums/topic/10746-error-0x87d00269-when-installing-application/ , and I've put a step into the task sequence before the Install Application step to set SMSTSMPListRequestTimeout to 20 minutes (So the value was set to 12000000 as it's in milliseconds) but the error still persists. I'd also seen another mention that when a machine is not domain joined it's not enough to set an SCCM Boundary based on AD sites so I've created an IP Address range boundary for the /23 subnet that the server is connected to, but again this hasn't made any difference. Packages will deploy/install absolutely fine, it's just when trying to install an Application that it's failing. The Install Application step doesn't take place immediately after a reboot, it's occurring after the step to set the Timeout variable, which occurs after an Install Package step. (There is a Reboot step just before that package install though) The installation properties I'm using to install the SCCM client during deployment is, SMSMP=<MPFQDN> SMSCACHESIZE=10240 FSP=<FSPFQDN> I've also seen a mention of needing to set the SMSSITECODE but if I put that into the Installation properties I get an error that the variable cannot be included in the Task Sequence Editor. I've attached a screenshot of the log file showing the failure (Though have blanked out the MP name)
  6. It was posted to a website back in 2010, http://www.madanmohan.com/2010/11/how-to-find-clients-with-no-maintenance.html And the writer hasn't updated since 2013. The problem I'm having is if I paste that query into the Query language of the SCCM query rules, it just comes back with Syntax errors. As I say I've virtually no experience with writing queries and don't know where to begin with debugging it, or how to build a similar query using the query builder as I've no idea which options I'd need to be selecting. EDIT - Found where I was going wrong. The queries I've been finding are SQL queries so are made for an SCCM report rather than a Collection Membership Rule query. It doesn't look like what I want to do is possible to do directly with a collection, but I've got a Report that gives me the output I need and can then use to do what we need to do.
  7. Hi all, I've been tasked with creating a collection in SCCM that will run a query and add any servers with no maintenance window configured to the collection. This will allow us to then target those machines to get them added to the maintenance windows we want. Unfortunately building SCCM queries is completely new to me so I'm not really sure where to begin. The query builder is somewhat overwhelming with how many options there are available when presented with the Select Attribute screen. I have been direct to this query that was posted on another website, SELECT sys.Name0 'Name', v_R_System.Operating_System_Name_and0 'Operating System' FROM v_ServiceWindow AS sw INNER JOIN v_FullCollectionMembership AS fcm ON sw.CollectionID = fcm.CollectionID RIGHT JOIN v_R_System AS sys ON fcm.ResourceID = sys.ResourceID WHERE sw.Name is NULL AND sys.Client0 = 1 ORDER BY sys.Name0 But putting that into the Query Language returns a syntax error and from looking at the date I believe it may have been written for Config Manager 2007 and isn't compatible with 2012. Can anyone offer some advice on where to even start with creating a query to do what I need?
  8. Wasn't sure whether to post this here or in the SCCM 2012 forum in all honesty, but I'll try here first Ok, so in our 2008 and 2012 deployments via SCCM we have GPO Packs that were created before my time at the company for MDT deployments, so I was able to just implement these easily enough into the SCCM task sequence. We're currently running SCCM 2012 R2 SP1 with the Windows 10 ADK and MDT 2013 Integration. Now though, I need to create a new 2016 GPO Pack that we can apply during the SCCM Deployment task sequence (We don't use actual AD GPO, just local policies applied via GPO Pack. Not my decision but that's how it is) so I'm looking to create the GPO Pack via the Microsoft Security Compliance Manager, which has now been updated with 2016 baselines. However I'm having some issues that I'm trying to wrap my head around. I've done some preliminary customisation work on the Microsoft Baseline to customise it for our systems but when I export it I'm getting some weird results when I re-import it to check it out. If I export it as a GPO Backup (Folder) which would allow me to use it in SCCM, when I re-import it many of the settings are missing and some new settings even seen to have been added that aren't present in the original baseline I exported. If I export it as a .cab file though then when I re-import it everything is exactly as it should be. At first I thought it was just that the "GPO Backup (Folder)" option simply didn't include things in a "Not Configured" state as that's what most of the entries seemed to be, but when I run the comparison tool I could see that ones explicitly set to Enabled/Disabled were also missing from the import of the Backup Folder export. Obviously my worry here is that when I come to put the GPO Backup export into SCCM then many of the settings I've configured have been lost and so will not be applied. Has anyone got any advice to offer? Or possibly a better way I can put together a local security policy for Server 2016 that I can then deploy via SCCM? Deployment will only be to OS Deployment task sequences, not existing servers.
  9. Sorry for the delayed response on this. There is no pid.txt file that I could see unfortunately, though after doing more digging I think I may have found the cause. Apparently with the last few versions of Windows, the installation on a non Volume Licensed copy of Windows cannot automatically bypass the Product Key entry with no product key specified in the Unattend.xml, even when deploying via SCCM, this functionality is only available on Volume License versions. As I'm just using the Windows Server 2016 trial ISO at the moment, which won't be a Volume License version, it may not yet possess the ability to do this automatically.
  10. Hi all. I know Server 2016 is still in Technical Preview, but we're beginning to do some work on testing deployment via SCCM. Whilst on the whole it's been successful, whenever we do the deployment it hangs at a screen prompting to enter a Product Key. We can manually select the option to Do it later and the deployment continues as normal, but obviously this is hardly a long term workable solution. Does anyone have any ideas on how we can automatically skip this? Below is my customsettings.ini, [Settings] Priority=Default Properties=MyCustomProperty [Default] OSInstall=Y SkipCapture=YES SkipAdminPassword=YES AdminPassword=<REMOVED> SkipProductKey=YES SkipLocaleSelection=YES KeyboardLocale=0809:00000809 UserLocale=en-GB UILanguage=en-GB Systemlocale=en-GB SkipTimeZone=YES TimeZoneName=GMT Standard Time So we're already telling it to skip the product key there, though the Product Key field is blank in the Apply Windows Settings stage. This has never been a problem for our 2008R2 and 2012R2 deployments. We were simply able to deploy the OS then activate via KMS later.
  11. Hi all, So this is kind of following on from a previous thread where I was having trouble with installing an MSI during a deployment task sequence, where the installation would just hang endlessly. Oddly this only occurred on physical servers, deploying to VMs worked fine and the installation script worked fine outside of SCCM with no boxes popping up. I decided to try a different approach to resolve the issue and instead of a package I thought I'd make use of the new SCCM Applications to try and install the MSI, but I'm experiencing a new issue with this. Whenever I try to install the application I'm receiving an error, Permissions on the requested may be configured incorrectly. Access is denied. (Error: 80070005; Source: Windows) The smsts.log file shows the following, <![LOG[Policy evaluation initiated]LOG]!><time="16:00:47.371-60" date="05-25-2016" component="InstallApplication" context="" type="1" thread="4032" file="utils.cpp:4437"> <![LOG[Waiting for policy to be compiled in 'root\ccm\policy\machine' namespace ]LOG]!><time="16:00:47.371-60" date="05-25-2016" component="InstallApplication" context="" type="1" thread="4032" file="installapplication.cpp:544"> <![LOG[Query path = 'CCM_ApplicationCIAssignment.AssignmentID="DEP-ZER201AA-ScopeId_121E90BF-ADD6-4509-816E-76D3C5CF0367/Application_368f474b-9ba3-4984-977a-08770d9a8746"']LOG]!><time="16:00:47.371-60" date="05-25-2016" component="InstallApplication" context="" type="1" thread="4032" file="installapplication.cpp:571"> <![LOG[Verified policy is compiled in 'root\ccm\policy\machine' namespace]LOG]!><time="16:00:47.371-60" date="05-25-2016" component="InstallApplication" context="" type="1" thread="4032" file="installapplication.cpp:596"> <![LOG[Invoking App Management SDK to evaluate app polices]LOG]!><time="16:00:47.402-60" date="05-25-2016" component="InstallApplication" context="" type="0" thread="4032" file="installapplication.cpp:384"> <![LOG[Process completed with exit code 2147942405]LOG]!><time="16:00:47.558-60" date="05-25-2016" component="TSManager" context="" type="1" thread="2408" file="commandline.cpp:1124"> <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="16:00:47.558-60" date="05-25-2016" component="TSManager" context="" type="1" thread="2408" file="instruction.cxx:805"> <![LOG[Failed to run the action: Install Splunk (x64). Permissions on the requested may be configured incorrectly. Access is denied. (Error: 80070005; Source: Windows)]LOG]!><time="16:00:47.558-60" date="05-25-2016" component="TSManager" context="" type="3" thread="2408" file="instruction.cxx:911"> To me this makes it appear that the Detection Method of the Application is failing. Originally I left the detection method at the automatically created MSI method, but this failed. So I changed the Detection rule to simply detect the presence of a folder on the C:\ drive, however this is still failing.
  12. Sadly adding this script didn't make any difference. The deployment still hangs when I attempt to deploy that package. As before it doesn't appear to ever start installing, just hangs endlessly with "Waiting for Job Notification" I'm hoping to get the SCCM environment upgraded to R2 soon, so I'll do that and rebuild the Standalone ISO and try again. Hopefully this is just an SCCM bug that's fixed somewhere after SP2, it doesn't strike me as being the package itself since it never even starts to run the installer and it's not doing anything special, just using msiexec.
  13. It's because the task sequence is essentially a "unified" sequence for different environments, so different applications (or versions of applications) will be installed as part of the deployment depending on which variables are selected using the UDI wizard at the start of the task sequence. As I said the install.wim has been updated with Windows Updates using the built-in SCCM tools, so it's not quite a 'from scratch' deployment. I did experiment with using a Captured image initially, but no matter what I did the Task sequence would always immediately exit after reaching the SCCM client installation, and would never actually move on to the Application installation point. The quickest way around this was to just forego the whole Build & Capture process and do a complete deployment.
  14. Just incase it's relevant, I've had a look at the execmgr.log and it contains only the following, Policy arrived for child program Universal Forwarder 6.3 x64 ExecMgr::GetTaskState - GetTaskState Failed with error code 0x87d00317
  15. I've had a read through that but I'm not sure it's quite the same issue I'm having. That article references deploying a captured image, which this isn't. The task sequence is deploying an OS from a .wim file pulled directly from an Installation ISO (Though it has had windows updates included via SCCM) and the Package I'm installing isn't the first one, it's the very last one after multiple other packages have installed successfully. The package has been hanging for longer than 12 hours as well, it begun hanging at around 5:40pm yesterday evening and was still waiting at 8:30am this morning. I'll give the recommended fix a try though, and put the powershell script in just before the Package that's hanging. Given how long the standalone builds take it'll probably be tomorrow before I can report back any success. I did try running the powershell command from F8 on one of the hung machines. Running just the Get-WMIObject did show some entries, then I ran the delete command, after that running just the Get-WMI-Object returns nothing, though the task sequence is still hung. It's possible though that the command has to be run before the package attempts to start.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.