zophar

Hey everyone, I can't figure out what is going wrong I always get an access denied (error -2143485947) when I want to 'evaluate' the Bitlocker Policy When I check the service URL it is accessible ... Reading on internet I found that is has to do with the setspn - but I see that application pool for MBAM is running with service account - tried different approaches - same issue cmd : Setspn -a http/<FQDN> domain\computername$ SCCM Environment PKI enabled (IBCM) SQL separated I don't have a portal - question - is this needed ? Any help is much appreciated PS: everything else (deploying software as example) is going well

Marc in another thread ? Thanks for the screenshot - I see that also here assigned management is not filled in or is that just when a client connects to 'Currently intranet' ? But that does not resolve my issue for bitlocker Unable to find suitable Recovery Service MP. Forcing policy non-compliant

Hey Niall, Thanks for answering ... Can I have a printscreen of your 'General' ? FQDN is automatically filled in ? Do you use CMG ? OUrs is a DP MP reachable from 'internet'

Hello Windows-Noob I have implemented already 2 years ago IBCM - PKI infrastructure - however when I try to execute Bitlocker I 'm still getting following error Unable to find suitable Recovery Service MP. Forcing policy non-compliant. I always thought everything was going well - no issues with deploying software - no issues with policies/ configuration baseline - no issues with windows updates BUT we have a SCCM HTTP (lab) and there I saw that the client indicates his 'Assigned Management Point' and that is not the case with our non domain/workgroup machines. In LocationServices LOG there is the following error 1 internet MP errors in the last 10 minutes, threshold is 5. So my guess is there is something wrong !! I saw blogs on the internet for IBCM PKI enabled where Assigned Management Point entry is filled in. Anyone ?

@Jonathan7 Did you ever figured out why ?

Yes... startup litetouch.vbs within Windows and click capture ...

Hey everyone, I'm facing the following problem. I like to capture (clientreplace.xml) - basic no additions made to the tasksequence - from a Windows 8 machine. Likely due to UEFI he's sorting with the following error. Other machines with legacy boot no problems to run this task sequence Event 41002 sent: FAILURE ( 5456 ): Unable to determine Destination Disk, Partition, and/or Drive. See BDD.LOG for more information. Logs files attached https://www.dropbox.com/sh/s6hw77pr96c5dqx/AAD5f8Km-zBGhuuloQXCfOHpa?dl=0 MDT 2013 ADK 8.1 USMT 5 Thanks

OK update, This 'Package_for_KB2533552 neutral amd64 6.1.1.1' was breaking MDT deployment ... Deleted this one and he continuous deploying ... MDT ignores the WUMU_ExcludeKB1=2533552 setting. I'm aware that this one does not solves the reboot but I managed to do approximately 130 offline updates. To be continued ...

Goooooodmorning To reproduce the problem I have to be patient and there it was. Reboot, but I searched the event viewer and discovered the Windows Updates is causing a reboot and after this there is no automate login. Event Viewer 10/07/2014 04:02:24 - The operating system is shutting down at system time 10/07/2014 03:50:49 - Restart Required: To complete the installation of the following updates, the computer will be restarted within 15 minutes: I've copied the windows updates from C:\Windows\SoftwareDistribution\Download and discovered that there where 11 windows OS updates installed that are not included in the offline windows updates (packages) in our MDT. The problem is that I already see 'Package_for_KB2533552 neutral amd64 6.1.1.1' and I known that this one breaks the deployment. I guess there are multiple solutions to this problem (Isolated GPO, Disable WSUS, no domain injection, ... ) Can anybody help me with finding the best solution .... Many thanks PS: I know that it is possible to exclude KB's in the custom.ini but my doubt is that MDT ignores this setting WUMU_ExcludeKB1=253355, when googling I find different ways to set this option WUMU_ExcludeKB1=2533552 WUMU_ExcludeKB01=2533552 WUMU_ExcludeKB001=2533552 Which is thé right one and is it possible to integrate this option in database rules ? OK, coffeebreak

Which deployment log is approriate to chech this issue ?

The MININT folder still exist on c:\ ... Strange ?

Hey, I'm facing a weird problem. The deployment is going flawless when you can interact with the workstation 'immediately' but when we start a deployment in the evening, the workstation is stucked at CTRL+ALT+DELETE in the morning. The final step in our deployment is a HTA file. The HTA file pops up but stays blank, also the final results wizard stays blank. What i've done so far is 'Disabling Sleep While on Power in MDT 2012' following this article http://mdtguy.wordpress.com/2013/05/08/disabling-sleep-while-on-power-in-mdt-2012/ Questions, Possible GPO ? Normal that after a long period (overnight) the workstation gets stuck @ CTRL+ALT+DELETE Can offline packages (MS updates) be the problem ? Environment MS 2012 ADK 8.1 MDT 2013 Windows 7 SP1 Any help is much appreciated ...

Is there a way to find out what the current installed OS (buildversion) on the workstation is ? Idea, dynamic naming convention for tasksequence based on buildversion like 'scenario 3 for drivers' "windows 7 x64\%manufacturer\%model%" Example Tasksequence for W7x64Pro = 6.1.7600 Thanks for brainstorming !!

Would be really useful to extract afterwards and put file on a user share ... Thanks

Anyone...