Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by skissinger

  1. You are looking at the console; that's a custom view, which is only available for reporting or the console; that "last online time" simply doesn't exist in the database as a "let's write wql queries against, for collection queries". Basically I'm saying don't try to use it for a collection query. The console is pretty and all... but I don't rely on it myself. MANY things in the console are based on summarization tasks. If you are in a smallish company (at least, smaller than what I have to deal with); sure, those summarization schedules and tasks complete efficiently and successfully. Quite often for me they don't finish; so the console lies all the time for me. It's convenient, sure... but not reliable for me at all.
  2. I looked, and in that log I didn't find anything that looked like "illustrator" ; but then again, maybe I don't know what to look for. For example, that log has a line like this: <![LOG[Process ID 17748 is for process C:\Program Files\Microsoft Office\Office16\EXCEL.EXE]LOG]!><time="14:54:55.862-120" <![LOG[No matching rule found for process 17748]LOG]!><time="14:54:55.862-120" date="06-03-2020" So that shows that Excel launched...but there is no rule for Excel.exe Since your example indicates it's for Illustrator, do you have a box with Illustrator, which you KNOW has run Illustrator, then read the mtrmgr.log on that box; looking for a matching rule. (and yes, you're going to have to teach yourself how to read log files, I know it's not the most glamorous job in the world; but everything you ever wanted to know and more about CM is in the logs...)
  3. Have you used a tool, like Roger Zander Client Center https://github.com/rzander/sccmclictr, or the MS Client Support Center Tool, https://docs.microsoft.com/en-us/configmgr/core/support/support-center ; to examine a client? What I would look for is things like... "is the last scan version matching what my environment says" (in CM Console, Monitoring, Software Updates Point Synchronization Status, the Catalog Version); that'll be the catalog version i'd want my clients to have used. is wuahandler.log scanning successfully? In those tools, you can see what CM believes locally is deserved or installed for updates, as scanned by the CM client. When you say "locally just msrt... but when I go directly to Microsoft, I deserve more" -- are those updates listed locally by the CM client? If not; are those updates even in CM? (EXACTLY those updates, by title and kb article--maybe you're missing a category in your CM SUP rules for what patch info to download)
  4. Am I reading this right? You want this one: https://support.microsoft.com/en-us/help/4054518/windows-7-update-kb4054518 Which if I'm reading that correctly, is a not-released-on-normal-cadence for Windows 7, for December... 2017. 2 years ago. 48 months ago. the monthly rollup for Windows 7 has been superseded by a newer one dozens of times. Are you absolutely SURE that's the one you need? Why wouldn't you deploy something newer than December, 2017? Personally, since today (December 10, 2019) is hotfix Tuesday, I'd wait until the latest Windows 7 update is released today--there probably will be one--and download and deploy the latest one later today.
  5. Stupid idea... but try it. On the deployment properties, is it possible the available and deadline are the same time? try changing the deadline to be different from available time.
  6. Just to understand the ask, you want the results to look something like this? or like what? ComputerName Publisher ProductName Version BobsComputer Nitro Nitro Pro 12.8 MarysComputer Nitro Nitro Reader 5 5.5
  7. Incorrect hash values--sometimes that can be fixed by doing an "update of distribution points" for your software update packages. If that doesn't work, you might need to remove updates from the patch packages, and re-download them. As for summarization in the console, that's a harder question. I stopped believing the console for summarization for updates about 4 years ago. mostly because of where I work, we have so many clients that summarization simply can't finish--so summarization information is often incorrect. So I use SQL reports, and not the console, to confirm if updates are being installed and deploying. What that means to you is that I simply can't help with in-console summarization questions from anyone. I expect it to fail and never work; so when someone says "it doesn't work", I say "yep". Which isn't totally accurate for most companies--but it is for me, lol.
  8. I'm not sure what your question is. is it... "why isn't the console showing summarization info for updates" (possible answer: summarization hasn't run yet). or is it... "I have ADRs to download everything, and those ADRs haven't run, thus downloaded = no and deployed = no, for this underlined update" Or is it... a different question I can't guess based solely on a screenshot?
  9. So you want a report with every single device, in a list, and which ones have and have not done hardware inventory? I'm assuming you just might care about extenuating circumstances... what if the client is offline (it's 2 weeks of vacation, and the human powered it down); do you care that it's offline? I'm assuming you don't want to chase after ghosts. Have you already looked at all the wonderful things in v_ch_clientSummary view? Anyway, making a bunch of assumptions about I think you want, and what I would want if I were you and also assuming you only have a few hundred or thousand boxes to care about... Below is a query. where I 'think' what a human would want to follow up on would be devices which haven't had Hinv in the last 24 hours... BUT HAVE had 'some other kind' of activity (heartbeat, policy request); so the ones at the top of the list would be the ones to follow up on, if needed. The 2s and 3s would be older hinv... but also older activity, so probably not on the network anyway. or they are already current hinv, so are good (under your parameters). So you'd use this is a base for an SSRS report. and then set a subscription using your already working and tested SSRS report Subscription feature to email the report on whatever schedule you like. ;with cte as (select s1.Netbios_Name0 as 'ComputerName', ws.LastHWScan, Case when ws.LasthwScan <= DATEADD(hour,-24, GetDate()) and cs.LastActiveTime BETWEEN DATEADD(hour,-24, GetDate()) and DATEADD(Day,3,GetDate()) then '1 older HINV, but has checked in lately' when ws.LasthwScan <= DATEADD(hour,-24, GetDate()) and cs.LastActiveTime <= DATEADD(hour,-24, GetDate()) then '2 older and has not checked in lately' when ws.LasthwScan BETWEEN DATEADD(hour,-24, GetDate()) and DATEADD(Day,3,GetDate()) then '3 HINV Current' Else 'Dunno' end as 'Age' ,cs.LastActiveTime from v_r_system s1 join v_GS_WORKSTATION_STATUS ws on ws.resourceid=s1.resourceid join v_CH_ClientSummary cs on cs.resourceid=s1.resourceid ) select cte.computername, cte.age, cte.LastHWScan, cte.LastActiveTime from cte order by cte.Age
  10. When that has happened to me before--and it has--it's almost always 'something' in the configuration.mof file. My suggestion for you is to take a copy of your current \clifiles.src\hinv\configuration.mof file, and save it ELSEWHERE. then on your primary site (or cas, if you're cursed with a cas), go to <installed location>\Data\HinvArchive In there will be multiple backups (usually 5) of previously used configuration.mof files. Hopefully you have one backup from prior to your upgrade--aka, a known good one. Grab a copy of it (or if you're super paranoid, copy every file in \hinvarchive to another location, just in case), but copy a "I think it's good" configuration.mof.bkxxx file, rename it to just configuration.mof, and drop it into \clifiles.src\hinv, replacing the one you mofcomp'd and it was a success... but I'll bet there's still something wonky with it. Once you've copied in an old one, monitor dataldr.log on the primary site, make sure it's not rejected. Then a couple of policy refreshes on a client, and carefully watch policyagent.log on that client--make sure it doesn't error on getting a new policy. If policyagent.log says all is good... go check if the inventory action is back in the control panel applet. If so, your clients should start sending inventory again. Once you have inventory working again, then use your favorite text comparison tool, and compare the one you restored, vs the one you pulled out--and see what's different. I could be as simple as a special character somewhere in the mof file which although passes a "syntax" check (mofcomp -check), still is not able to be processed at the clients and compiled.
  11. maybe I'm speaking out of turn here... but I am completely lost as to why you are trying to use a script to install software from a network share. Why wouldn't you create applications, to install Visual C++ 2005, and another one for 2015... etc? i.e., use CM like it's supposed to be used? the scripts node to me doesn't make sense as a way to do this.
  12. It's been a while since I did this... but long long ago... I used to work with SMS (yeah, it was SMS, not CM yet) in a disconnected environment, so I had to sneakernet patches over. So this is 10+ years old memory.. but it went something like this. You manually downloaded the File--and you can tell what File it wants because you right-click properties on that individual update, and went to "Content Information", and looked at the information there. So let's say it wanted http://www.hp.com/downloadme/SuperImportant.v1.1.1.exe So you grabbed that yourself, outside of CM using Internet Explorer or Firefox or something, and have it. and put it on \\YourServer\ManuallyDownloaded right-click that update, download... select the CM package to store it in, next. Now, for "Download Location", do NOT just click "next", where it's saying "Download software updates from the internet". You want to change that to download software updates from a location on my network; and browse or type in \\YourServer\ManuallyDownloaded next/next/finish. And... hope that I kinda sorta maybe remembered all the steps I had to do. I probably forgot something critical.
  13. My guess--and it's just a guess. I'm assuming that since it's the client that picked up the script to run, it'll be similar to the same context that other scripts run in, when picked up by policies, like Configuration Item Scripts, or Scripts used for Detection Logic for Applications--which is NT Authority\System, of the individual device. So if you want all your Domain Computers to have rights to some remote share, you'll want to make a share, and grant (I think) "Domain Authenticated Users" both NTFS modify to that location, and that the Share also has Modify rights to Authenticated Users. I think that might work... I see you're trying to use s$... that would be an Admin share. I wouldn't use that. Make a real Share, which you can permission properly.
  14. TEST TEST TEST I don't have a naming convention like this, but this "MIGHT" work--I suggest testing. A lot. Assumptions: There are EXACTLY 5 numbers between the LIB-AU and the - for the Lab machines and then exactly 2 numbers after the - There are EXACTLY 5 numbers for the LIB-AU ones where they don't have a - for employee machines Labs: Select * from win32_ComputerSystem Where Name like 'LIB-AU[0-9][0-9][0-9][0-9]-[0-9]-[0-9][0-9]' Employees: Select * from win32_ComputerSystem Where Name like 'LIB-AU[0-9][0-9][0-9][0-9][0-9]' Why this might work.... the [0-9]; that's a WQL/SQL query trick. So you're saying... after the LIB-AU, that next character has to be a number between 0-9 Then the next character has to be 0-9 ... up to 5 characters (for Employees) For Lab, it has to be LIB-AU, then 5 numbers, then a -, then 2 numbers.
  15. Why not use Installed Software, ProductName = iTunes ? I'd feel more confident about that vs. the two different ARP ones. Are you sure you HAVE iTunes older than v12? Can you look at a box you *know* has an older version? maybe it's not called exactly 'iTunes'; but is instead called something like ... 'Apple i Tunes The Media Player' or something... not 'iTunes'
  16. Suggestion: google "run cmd prompt as system using psexec", and on a test system, get to a cmd prompt as system. then run your powershell script (or your batch file, etc.) If that doesn't help you figure out the issue, presuming it doesn't violate any of your practices, if you'd post your posh script here, perhaps one of us could help you add logging to it, or a more verbose exit code if there's an error.
  17. I think what you are describing is a 'migration scenario'. You may want to check out the documentation on that: https://docs.microsoft.com/en-us/sccm/core/migration/planning-for-migration You wouldn't 'transfer roles' -- at least not how I think of a Role in ConfigMgr. You would be able to migrate data from your 2012 primary, to your Current Branch primary.
  18. In our lab (not production), we have the top level SUP separate from the primary site as well. I never did bother to figure out why--I suspect it's DNS issues or a firewall issue that was introduced in the last 3 months; but in that lab, in order to download content which originated from SCUP, on the top level SUP server I installed a CM console instance, and I could download them from that console--but not from a console running elsewhere, not even on the primary. I didn't bother to figure it out because it is just our lab... and I have other issues pulling at my time... Anyway, it's a thought/something to try. Install the adminconsole on your SUP, and try it there.
  19. This link is for SMS 2003 (yes, 2003!)... but it might still be valid instructions on how to do it: https://technet.microsoft.com/en-us/library/cc181571.aspx I guess just try it and watch your discovery logs and see if it's doing what you want it to do.
  20. Could be ports: http://www.toolzz.com/?p=749 could be fqdn on your sup, or custom categories/products from SCUP https://social.technet.microsoft.com/Forums/systemcenter/en-US/27e6d79c-103b-4f77-bdf0-a564f5f4d4ba/sms-server-6703-sms-wsus-synchronization-failed?forum=configmgrsum Or... if it's working fine anyway...just ignore it...
  21. "when I go to the "All Workstations" collection and just do a search for "HT" " .... I wouldn't use that as my sole criteria for determining that you are or are not getting all machines with "HT" in their name. Some of your results might not have HT in their NAME... but might have those characters in other attributes about those machines. You might want to instead use a report in sql, something like "show me all the machines in v_fullcollectionmembership_valid where collectionid = 'your all workstations collectionid' and name like 'ht%'
  22. I guess I need more information to be helpful. Do you have the rights to see them in the console (i.e., is this perhaps an RBA issue)? what if you were to add them via a query, similar to 'where netbiosname in ('pc1','pc2') ? do they show up then?
  23. Well I don't work for Microsoft, so I certainly can't answer a "why does the product not do this". All I can offer is that if you want it to do that, you can check out https://configurationmanager.uservoice.com and look to see if that particular idea has already been submitted. If so, vote on it. If not, submit the suggestion and it might be added to a future update.
  24. Well, to me, the core issue is that you are looking to deliver content. so the "content", has to be defined. Where is that file coming from? You could be asking it to copy it from \\ThisServerOverHereThatHasNothingToDoWithConfigMgrInfrastructure\SomeShare; or you might have a file in the source. ConfigMgr is just the delivery van. You have to tell it what is inside the box, and how to unpack the box, and whether it should be "this end up" and "fragile" or "just toss it out the window in the general direction of the front door and hope for the best". It's all up to you....
  • Create New...