StueyT

Actually, it's happening in PXE boot too. I'll add that we've just upgraded to SP1 (2012)

Hi all, I have a few task sequences for OSD available to All Systems, and these appear in Software Centre fine. However, I have created a new available task sequence pointing at a new collection with 1 machine in it, the TS set up and deployed with exact same settings as those pointing at All Systems. SC on this machine only displays the TS deployed to All Systems. It won't display TSs deployed to any other collection that this machine is a member of. I've deployed an OS to the machine after all these TSs were set up and deployed, so it isn't a CCM Client update issue. Any ideas? Ta Stu

Found a workaround for ours. I've got the proxy to act as a 'middleman', so essentially it acts as/impersonates the CA for download.windowsupdate.com for this connection, bypassing the akamai cert mismatch. Our SCCM's SSL connection is with our proxy server, and ou proxy is the one to have the SSL connection with download.windowsupdate.com.

Hi all, I have a SCCM SUP installed which hasn't been able to download updates for 1-2 months now, with it working fine prior to that. The error is seemingly certificate based, and I'm guessing that's with trying to connect to https://download.windowsupdate.com. I've checked our proxy and we have the certificates that are needed for all URLs that it tries to connect to, however if I browse to the above address I get a 'Mismatched address' warning in IE as the certificate presented by it is actually one issued to the URL a248.e.akamai.net. I'm guessing this is where the failure is happening. I've included the error in full below. Any ideas on a workaround? Were there any patches that I may need to apply to the SCCM server to fix this or point to another WU location on the internet? I've already disabled the certificate mismatch warning GPO and also added that url to trust sites and that's not helped. In addition, I built a new WSUS box from scratch to test this issue and the error has also occured there too... Heres the Sync Mgr log from SCCM Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS SMS_WSUS_SYNC_MANAGER 19/02/2013 12:48:19 6276 (0x1884) STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=OURSERVER.OURDOMAIN.COM SITE=XXX PID=4336 TID=6276 GMTDATE=Tue Feb 19 12:48:19.977 2013 ISTR0="Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS" ISTR1="UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 19/02/2013 12:48:19 6276 (0x1884)

Cheers for the reply. There is slight irony in that the vendor is actually Microsoft, and it's Office 2010. We want it auto-activating after install, which it can't because the local system account can't pass through the proxy of course. We've gone the KMS route anyway. Cheers

Hi guys, Schoolboy question, but where can I view/change the account used for installing software on endpoints? We have a proxy in place which allows authenticated domain accounts through only, and we have software that needs to activate over the internet during the installation process. I need to ensure that the account used will be able to get through the proxy. Cheers in advance!

Hi all, When it comes to patching via 2012, there are a couple of things differently between 2007 and 2012 regarding the end-user's experience. Firstly, although I select 'Hide all display notifications' during the creation of a deployment, the end-user will receive notifications to restart once the patching has been carried out. This never used to happen in 2007, where they got absolutely no status messages or restart requests - It was completely silent. Is there any way to hide the restart prompts? Secondly, should a user be prompted for a restart after their machine is patched and they choose to click 'cancel', their machine will reboot itself at 03:15:10 the next morning. Is their any way to stop this, or modify the time, or even prevent it if a user is logged in at that time? Cheers in advance

No, Subnet B. I've tried it myself with the same server and after it worked successfully I pulled the cable and put it into each of the client PCs mentioned, which resulted in the TFTP timeout. The same cable on the same subnet, all picking up a DHCP assigned address.

Cheers, but we have IP helper commands in for both DHCP and the PXE servers already. The boundaries are all fine too. It's just strange how that server can get to the PXe Service Point fine, yet the clients can't...

Hi all, I have an issue getting machines to PXE boot. We've moved into a new building on a new network structure and our servers are now on a different subnet to clients. Our whole approach to PXE booting has therefore changed. Servers are on Subnet A, and clients (including build area) are on subnet B. At first, we had issues getting the clients to communicate with the SCCM server once they had picked up a DHCP, so we added the IP-Helper command on our Cisco router and now with clients we can get to the 'TFTP......' stage of the PXE boot, which eventually times out. This happens with each variant of our HP 7900, 8000 and 8100 client PCs. Thats fine, we haven't got the Boot Image Location option set on our DHCP server. To do this, we need to follow our company's change process which can take days. At this point, I went on a few days holiday and planned to deal with it on my return. In the meantime, my colleague (without knowing the stage I was at at resolving the imaging process) attempted to deploy a server build to a HP DL380. This went through perfectly! He hasn't changed anything SCCM or DHCP-wise. I've since retried the aforementioned client PCs, and they still time out at the 'TFTP....' stage. Any ideas? Am I missing something totally obvious?

Hi all, I'm having an issue with OSD and the PXE boot. If I am using a machine that PXE has never seen before, where I've imported the MAC and machine name into the SCCM console, then it'll boot no problem. However, if I'm using a machine that has previously had a OSD run before, it'll abort any PXE boot I try. This is after I've deleted all trace of the machine from SCCM, re-imported the MAC info, and cleared the last PXE advertisement. Sometimes, if I turn the machine off for an hour and then try PXE again, it'll work, but sometimes that wont. I have 2 test machines here that have been aborting under PXE boot for the last 24 hours. Any idea?

Hi, I'm trying to get the SUP working for the first time. On a test machine I've tried rolling out a package of various updates and I get these messages in UpdatesDeployment.log: Job error (0x80040692) received for assignment ({03C767CB-1E84-46D8-A5F2-B896C13E29C3}) action Updates will not be made available The only GPO I have set is the specify location for updates, which is pointed at my SCCM of course. Anyone got any ideas?

is there anyway to auto remove the machines from the SCCM collections when our daily AD System Discovery runs?

Cheers Peter, The branch is not a primary site, and Client Push has been disabled both at the primary and branch site levels. I don't want client software being push automatically at the moment. I tried yesterday to install the clients from the console, but taking away the option 'Only install to clients within this site's boundaries'. The clients installed to the branch, but only with the site code of the Primary site. I want these clients to be managed by the Branch server in London...

I have a branch server for our London office, and about 50 clients within that branch server's site code. I want to deploy the client software to those clients, but nothing seems to be happening at all. The clients managed by the parent site seem to have no issues at all... Any ideas on the first place to start looking here?