Jump to content


lord_hydrax

Established Members
  • Posts

    122
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by lord_hydrax

  1. I certainly have upgraded to SP1 now, however I have not tried two SUPs sharing a single database. To resolve this issue I ended up removing the SUP role and WSUS from my primary site server and installing it on my remote server then configuring that server to handle updates both internal and external. This has been working fine, the only problem I had was when I upgraded to SCCM SP1 I had to install an additional hotfix on the server hosting WSUS, which was KB2734608 and KB2720211.
  2. Hello, Having some trouble enrolling my first Mac device with SCCM 2012 SP1. I have installed the client and am trying to use the CMEnroll Tool with no success. Command I am using is this: CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u "domain\username" and on the client I recieve the error: Server connection failed. http response code is 500 and reason is internal server error. On the server in the EnrollmentServer.log I recieve this error: [6, PID:5748][02/01/2013 13:48:35] :WindowsIdentity is created for domain: domain user: username [6, PID:5748][02/01/2013 13:48:35] :validated user credentials [6, PID:5748][02/01/2013 13:48:35] :Handling RequestSecurityToken [6, PID:5748][02/01/2013 13:48:35] :claim identity name: domain\username [6, PID:5748][02/01/2013 13:48:35] :ConfigManager: RefreshCache: Creating Enrollment Profile 16777220 [6, PID:5748][02/01/2013 13:48:35] :EnrollmentServiceProfile: GetDBCAs retrieved Template information: [6, PID:5748][02/01/2013 13:48:35] :Template: ConfigMgrMacClientCertificate [6, PID:5748][02/01/2013 13:48:35] :CA: System.Collections.Generic.List`1[system.String] [6, PID:5748][02/01/2013 13:48:35] :The CA server.domain is in forest cac.local [6, PID:5748][02/01/2013 13:48:35] :Impersonating caller: domain\username [6, PID:5748][02/01/2013 13:48:35] :Revert back to self: NT AUTHORITY\NETWORK SERVICE [6, PID:5748][02/01/2013 13:48:35] :ConfigManager: Sending CA Success Status - ENROLLSRVMSG_CA_SUCCESS [6, PID:5748][02/01/2013 13:48:50] :ConfigManager: CA Chains count: 2 [6, PID:5748][02/01/2013 13:48:50] :ConfigManager: ChainStatus error: RevocationStatusUnknown,Unknown error.; [6, PID:5748][02/01/2013 13:48:50] :ConfigManager: ChainStatus error: RevocationStatusUnknown,Unknown error.;OfflineRevocation,Unknown error.; [6, PID:5748][02/01/2013 13:48:50] :Microsoft.ConfigurationManagement.Enrollment.EnrollmentServerException: RevocationStatusUnknown,Unknown error.;OfflineRevocation,Unknown error.; at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.SplitCACertChain(String base64cert) at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.setCAChain(EnrollmentServiceProfile profile, WindowsIdentity requester) at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.RefreshCache(Int32 enrollmentProfileId, EnrollmentRecordType type, String template, WindowsIdentity requester) at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.ProcessRequestSecurityToken(RequestSecurityTokenType request, WindowsIdentity caller, ActionEnum action) at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.EnrollDevice(Message messageRequest) at Microsoft.ConfigurationManagement.Enrollment.DeviceEnrollmentService.RequestSecurityToken(Message messageRequest) [6, PID:5748][02/01/2013 13:48:50] :FaultCode is: EnrollmentServer and reason is: EnrollmentServerException InitializeFailed Any ideas?
  3. After some further reading it would seem a remote SUP will need WSUS with its own Database.... At least until SCCM 2012 SP1 where SUPs can share a database.
  4. Hello, I have a SCCM 2012 Primary Site Server that is configured with WSUS and the SUP role and deploys Updates fine to users on the internal network. I have a remote server setup as an MP/FSP/DP for supporting internet clients which is also working fine. I am wondering what I need to do to allow my internet clients the ability to receive software updates from the remote server? My best guess was probably installing the SUP role on the server and not setting it as an active SUP. I do this and SMS_WSUS_CONTROL_MANAGER on the remote server fails to install the component becaise it can't find WSUS. I could install WSUS on the server I suppose but I don't want to have to have a second database and I don't know how that would complicate things.... All I need this server to do is push out software updates and clients to send back compliance updates over the internet. Appreciate any assistance! Regards, Andrew
  5. Hello, I seem to be having an issue with Active Directory System Group Discovery. I am unable to manually force a discovery with the checkbox 'Run discovery as soon as possible' under Polling Schedule in Active Directory System Group Discovery. I can do so but new items do not appear, and checking both adsysgrp.log and the SMS_AD_SYSTEM_GROUP_DISCOVERY_AGENT component for changes shows no activity. I have configured a schedule to poll every 30 minutes that works fine without any problems. This information appears in the above to logging locations as well. We deploy certain applications using AD groups and sometimes want to force the deployment to happen faster so I am required to do the 'Run discovery as soon as possible' as part of that from time to time. Any ideas? Regards, Andrew
  6. Hey thanks for the reply. I think that's what it is too, I posted the same topic on the technet forums and got a reply there: http://social.technet.microsoft.com/Forums/en-US/configmgrdcm/thread/9e585d53-c318-4908-b624-d6bc7944590c/
  7. Hello, I've recently configured DCM within our environment and I am just trying to get my head around how it works. What the problem is, is that while the DCM Client Agent Properties is configured to evaluate only once every day, I can see in logs on computers (such as DCMAgent.log) that they are doing the evaluation every ~2-3 hours. Now when computers do an evaluation, they generate a lot of traffic between clients and our domain controllers, so the frequency really needs to be pulled back. The only other setting I can see around DCM schedules is the state messages setting in the Computer Client Agent Properties which is set to 15 minutes. Are there any other settings I can configure? Regards, Andrew
  8. Hello, I am going through completing the list of pre-requesuites for moving my SCCM 2007 environment from Mixed Mode to Native Mode. One such part I am upto is deploying the SCCM Client Certificate using Group Policy I have been able to deploy the cert to most of our clients. http://technet.micro...spx#BKMK_client There are a number of computers that are not receiving the certificate though, showing error code -2147220864 in the Clients incapable of native mode communication report. Researching into this I found it means just that, a valid certificate cannot be found in the certificate store. http://technet.micro...y/bb632794.aspx But I cannot find any further information around this, sure I am guessing I could manually go to each computer and request the certificate... I'd prefer to know what would cause the group policy autoenrollment issue so I can automate it though. (The clients are applying the GPO) Any ideas? Regards, Andrew
  9. Thanks for the reply! I will have a play with some of the ideas in that first link... Already tried the second one though. Will let you know how I go!
  10. Hello! I am having trouble with replicating packages (software and updates) to BDPs, particularly using BITs. I check the distmgr log on the server and see it create the requests.... But they stay on Install Pending and never push out. Checking the contenttransfermanager.log on the BDP I see 'CTM job {blahblahblahblahID} suspended' Any suggestions?
  11. Awesome thank you, thought that one would be an easy one.
  12. With this configured do you still need normal SQL Maintenaince Plans running each night on the Primary Site's Database server or do they become redundant? I notice I have a 5 gig SCCM back up done by SQL and a 7 gig backup done by SCCM each night...
  13. Have you reconfigured your network boundries?? I'd guess your task sequences are set to only download from protected distribution points...
  14. Is this one ticked under the Software Updates Client Agent Properties: I've noticed problems with this unless Automatic Updates are disabled on computers. This can be easily done with a GPO and going to Computer Configuration > Administrative Templates > Windows Components > Windows Updates and setting Configure Automatic Updates to Disabled. Try play around with those two and see how you go.
  15. Got a backup of the .wim file from when it was working that you can roll back to? Probably the easiest way to fix this...
  16. Moving from Mixed Mode to Native Mode.... *Shudders*

    1. anyweb

      anyweb

      you should document it here

    2. lord_hydrax

      lord_hydrax

      I'd love to put something up for this forum - I will certainly be putting together a document for our own records anyways, so we will see. :)

  17. The computer is missing the Sysprep files, try adding a 'Install Deployment Tools' step (selecting your sysprep package) at the start of the Capture the Reference Machine Group before Preparing the ConfigMgr Client. See how that goes!
  18. Hello, Just wondering if anyone has tried or knows about the capabilities of SCCM 2012 and managing Android devices? Any website links with information for me to read would be awesome, I've looked around a bit but can't find too much. I really want to know if I can lock down the devices using SCCM 2012 or if not what can I do with it anyways. Thanks, Andrew.
  19. I had the same problem and what fixed it for me was applying a GPO to all computers that disabled Windows Update. It is under Computer Configuration > Administrative Templates > Windows Components > Windows Updates and set Configure Automatic Updates to Disabled.
  20. Is it crashing on the Setup windows and ConfigMgr task? I am currently investigating updating to R3 myself and one article from Microsoft I have read mentions that there is an update you need to do for that: http://support.microsoft.com/kb/977384
  21. In case you are still having issues or for others viewing the topic I was experiencing Kevin's issue today (('CORE') not found) when I was testing a new SEP package I was working on. I resolved it by typing CORE as Core in my command line - Guessing it is meant to be case sensitive... Also did the same thing with SAVMAIN as SAVMain, below is the command I ran: msiexec /I "Symantec AntiVirus.msi" ADDLOCAL=Core,SAVMain /qn /l* C:\Windows\System32\ccm\logs\sep.log
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.