Bram

Sure, I've attached the file. ConfigMgrPrereq.log

Thanks for the feedback, tested gpupdate and it completed successfully. Also double-checked with Test-ComputerSecureChannel: VERBOSE: Performing the operation "Test-ComputerSecureChannel" on target "SCCM02-SHA". VERBOSE: The secure channel between the local computer and the domain company.local is in good condition. Meanwhile I've upgraded the main site to 2203 hoping there was maybe an undocumented bug fix but the secondary site is still failing at the domain member check.

I'm currently trying to set up a new secondary site with SCCM 2111 on Windows Server 2019 and the prerequisite check fails with: [Failed]:Configuration Manager site server components must be installed on computers that are members of a Windows domain. In ConfigMgrPrereq.log this is noted as: INFO: Failed to get Active Directory membership information for computer SCCM02-SHA.company.local with 53. SCCM02-SHA.company.local; Domain membership; Error; Configuration Manager site server components must be installed on computers that are members of a Windows domain. The server is definitely domain joined, the firewall disabled and all other checks pass without any issue even the 'Check to see if the site server has permissions to publish to Active Directory.' Does anyone know how being domain-joined is checked? I tried finding out with Procmon during the check but couldn't find anything relevant. Is there any way to force the secondary site installation?

Thanks, for submitting feedback at MS, really appreciated. I've deployed a new CMG now which is indeed probably the easiest solution.

Everything is green except for the first item 'Check the CMG Service is in a ready state'. State of the CMG Service is '2'. CloudMgr.log is showing following issues: ERROR: Service brokencmg does not exist. ERROR: Exception occured trying to change service status brokencmg: System.InvalidOperationException: VM scale set does not exist for service.~~ at Microsoft.ConfigurationManager.CloudServicesManager.ChangeDeploymentStatusTask.StartDeployment(). ERROR: TaskManager: Task [ChangeDeploymentStatus for service brokencmg] has failed. Exception System.InvalidOperationException, VM scale set does not exist for service.. In the console, the deployment model of the broken CMG shows 'Virtual machine scale set' while the conversion did not complete and the old classic services are still there in Azure.

The conversion of a classic CMG to the virtual machine scale set model failed. In the end I found out why: Microsoft.KeyVault was not yet registered as a resource provider in the Azure subscription... But now we're stuck with a broken CMG that has status 'error' - unable to connect to the cloud service. The broken CMG service name uses our own domain and wildcard certificate: brokencmg.company.com. Just wondering if I can just spin up a new working cmg under the same domain newcmg.company.com and then just point the CNAME record of the broken one to the new cloudapp service in Azure so both URLs keep working?

About two days after the initial setup, I can complete the wizard without any extra changes in SCCM or Azure. I contacted another person with the same issue and they also just waited a couple of days and it worked.

We're trying to set up a Cloud Management Gateway and following the regular guides all works fine until one of the last steps, the actual creation of the CMG in Azure. At the beginning of the wizard I just log in to my Azure admin account that I used to set up all other parts. The wizard then auto-populates all Azure fields and finds the correct resource group. When clicking finish it shows the error: Error occurred when granting Contributor permission to the Azure AD app for resource group RG-SCCM-CMG. For more information, see SmsAdminUI.log When checking SmsAdminUI.log we see: Hyak.Common.CloudException\r\nInvalidAuthenticationTokenTenant: The access token is from the wrong issuer 'https://sts.windows.net/f8cdef31-xxxx-xxxx-xxxx-xxxx/'. It must match the tenant 'https://sts.windows.net/aa3c372d-xxxx-xxxx-xxxx-xxxx/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/aa3c372d-xxxx-xxxx-xxxx-xxxx' to get the token. The guid starting with aa3c372d is indeed our correct tenant ID. I have no idea where the one with f8cdef31 comes from. I've search for this guid in our Azure subscription but nothing pops up. Also in SCCM under Azure Active Directory Tenants only the tenant with aa3c372d is shown. Anyone an idea of what could be wrong?

You could try the vbs script posted in the following topic: https://social.technet.microsoft.com/forums/en-US/e0bd29ad-adf5-4c33-a2f2-740df8cc6c32/applications-not-visible-in-software-center

Found the issue: it's a known bug https://social.technet.microsoft.com/forums/en-US/e0bd29ad-adf5-4c33-a2f2-740df8cc6c32/applications-not-visible-in-software-center

Hi Peter, I didn't seem to help. Afterwards the Software Center is empty, also the installed application list which was populated before by manually clicking 'install' in the Client Center is empty. When now clicking 'install', they're added again to the installed list.

This is very weird. I have one laptop which doesn't show available software in the Software Center although it's in the same device collection as all our other devices. The device shows up with a heartbeat as 'active' in the SCCM console. I tried repairing the client software but that didn't help. When using Client Center for CM, under Software Distribution -> Applications. All the available/deployed applications show up but they have no status. (screenshot below) I can right-click each of them and select install which correctly installs the application. The software then also shows up in the Software Center under 'installed software' so there is no issue with our distribution points. Anyone seen this issue before?

Damn, why didn't I think of this I've moved my reboot part to the vbs script and all is working fine now. Thanks Peter.

Hello, I'm trying to add a remove option in our Software Center for Office 2013. I'd like to use the OfficeScrub script to remove the software and do a reboot afterwards. The remove-office.bat script looks like this: :remove Microsoft Office 2013 suites cscript "C:\Program Files (x86)\Microsoft Office\uninstall\Offscrub13.vbs" ALL /Quiet /NoCancel shutdown /r /f On the client the Offscrub13.vbs file is available in the folder above. The bat script is available in the content and in the Office deployment options I've added: When clicking the uninstall button in the software center, after a few seconds the shutdown command triggers. So I guess it skips the uninstall line. Any reason why this happens? The bat script runs fine from command line.

Sometimes the solution is too simple to see it I just added a second format & partition disk step to the sequence. This creates a temporary volume to download and run the bios tool. After the reboot the old format & partition step starts with the variables and everything is good to go.

To deploy new devices, we're using a task sequence with BitLocker pre-provisioned. So at the 'Partition Disk' step we added the BOOTPART and OSPART variable to the volumes and then added the OSPART variable to the 'Preprovision BitLocker' step and the 'Apply Operating System' step. We also added a step which sets OSDPreserveDriveLetter to False as our Windows 7 WIM file is based on a D: disk drive file. This all works out fine, all our devices have a BitLocker enabled C: drive. Now we're looking into automating the TPM settings in the BIOS so we added a step which downloads a package and runs the HP bios tool and afterwards restarts the system to fully enable TPM. This seems to break something as the boot partition becomes C: during the task sequence and the system partition becomes D: and at the end we end up with an installed OS on the D: drive. I'm thinking of a few possible reasons why this is happening: 1. The BIOS step needs to download a package just after partitioning the disk step and needs a drive to store these files on so it chooses the first available volume which is the 300MB boot partition. Making this volume the C: drive. (Although we added the option 'Do not assign a drive letter to this partition' at volume level on the Partition Disk step.) 2. Restarting the system between the Partition Disk step and Pre-provision Bitlocker + Apply Operating System step, removes task sequences variables like OSDPreserveDriveLetter, BOOTPART and OSPART, breaking this solution. I've done a bit of googling but couldn't confirm this behaviour. Does anyone know what the effects of rebooting are on task sequence variables? Anyone else an idea why this is happening or knows a workaround? I've added a screenshot of our task sequence

Hello, During our deployment task, I'm trying to check if the TPM chip is enabled and if it's not, enable it with biosconfigutility.exe. (HP laptops) This is our task setup: But the step is always skipped because "the WMI condition is evaluated to be false". If I test with F8 in console: "wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get * /format:list" it returns that there are "No Instance(s) Available". Are we doing something wrong?

Create a collection with only that person/device in there. Then if other people also need the that software add them to the collection, I guess. Or you could work with administrator approval requests. Then you can just publish the software to everyone but keep control over who is allowed to install certain software. But your users need to make use of the software center.

Found the issue. Our task still used setup.exe for Windows 7 deployment instead of WIM installation and this is not supported anymore in 2012 SP1. Would be nice if Microsoft added some kind of warning if you still try to do this because now it's totally unclear from within SCCM or the logging. I hope this topic helps other people who didn't rtfm of SP1 like me http://scug.be/sccm/2013/01/13/configmgr-sp1-windows-7-deployment-is-not-supported-anymore-from-the-setup-exe/

Thanks for the response. I've added an extra driver pack for the model and added the 'Apply Driver Package' just before 'Setup Windows and Configuration Manager'. It seems to be installed: Start executing an instruction. Instruction name: Apply Driver Package. Instruction pointer: 7 Query = select * from Win32_ComputerSystem where Model like "%9470m%" The WMI condition expression is evaluated to be TRUE ... Successfully applied driver package "ISC0003F". Successfully completed the action (Apply Driver Package) with the exit win32 code 0 Now during the installation of the package this error seems to pop up numerous times, but the installation seems to be successful if I may believe the log. Failed to open Software\Microsoft\Sms\Mobile Client\Software Distribution registry key. The client should not get checked for RWH OpLock Type But still after the 'Setup Windows and Configuration Manager' which reboots the device, the driver is gone and no connection can be made to get other drivers/software. I made sure the drivers in the pack are working by copying the pack folder to an usb stick and I'm able to install the NIC driver by pressing F8 after the task fails. Do I need to install the driver at another step? smsts.log smsts-20130415-111620.log

Thanks for the tip but the drivers are already available in the boot image. Really weird problem.

We're having a weird issue with network drivers that are successfully injected during the 'Auto Apply Drivers' step but not working afterwards so the entire task sequence fails because it can't find a proper network connection after the 'Setup Windows and ConfigMgr' step. Some parts of the smsts.log: Finding and installing the network driver during 'Auto Apply Drivers': ... Ranking compatible drivers for Intel(R) 82579LM Gigabit Network Connection ... Preparing to install driver "Intel(R) 82579LM Gigabit Network Connection". OSDDriverClient 12/04/2013 12:38:43 1904 (0x0770) Resolving content for driver "Intel(R) 82579LM Gigabit Network Connection" OSDDriverClient 12/04/2013 12:38:43 1904 (0x0770) ... Installing driver "Intel(R) 82579LM Gigabit Network Connection" OSDDriverClient 12/04/2013 12:38:48 1904 (0x0770) Copying "C:\_SMSTaskSequence\ContentCache\A4D4FD89-88A3-4672-A404-E926B6C7E456" to "C:\_SMSTaskSequence\drivers\1". OSDDriverClient 12/04/2013 12:38:48 1904 (0x0770) Successfully installed driver "Intel(R) 82579LM Gigabit Network Connection". OSDDriverClient 12/04/2013 12:38:48 1904 (0x0770) ... Successfully completed the action (Apply Device Drivers) with the exit win32 code 0 TSManager 12/04/2013 12:38:48 1304 (0x0518) The next steps workout fine: Successfully completed the action (Setup Windows and Configuration Manager) with the exit win32 code 0 TSManager 12/04/2013 12:45:17 1304 (0x0518) Successfully completed the action (Install Updates) with the exit win32 code 0 TSManager 12/04/2013 12:50:31 2896 (0x0B50) The following steps install device driver packages based on a WMI query (Query = SELECT * FROM Win32_ComputerSystem WHERE Model Like "%9470%"). But there is no NIC available anymore: Error. Received 0x80072ee7 from WinHttpSendRequest. unknown host (gethostbyname failed) When pressing F8, doing an 'ipconfig /all' shows no NIC at all, so the driver is actually not installed and the task sequence failed. Anyone ever had this issue? I have a feeling it broke after upgrading to SP1 but I'm not 100% sure. smsts-20130412-130716.log

I'm looking for best practices as well. We're also trying to figure out the best solution for our new update plan. One main office with 5 branch offices (secondary sites).

I need to make this choice as well this week. Though we only have about 20 users in our branch offices, I think we'll be using Secondary Sites instead of DP's because you have more features available. (Thinking of using SUP in the future) The downside is maybe the bit more complex environment and heavier load on your remote server compared to DP.