[Add Devices to Different Collections Using CSV Source]

Good Morning - 

The CSV doesn't include the name of the collection - just the hostname and domain FQDN.  The collection names are "Prod Servers: valuein2ndcolumnofcsv" with that value being the domain FQDN.  That's why I added the line you mentioned above plus changed the variable used in the next line that adds the rule to use the new variable.  Hope that makes sense and apologies if I explained it incorrectly earlier.

Thanks

[Add Devices to Different Collections Using CSV Source]

OK - So I just tried it out and having an issue...

I had to make a couple of changes to values to add in $newcolname as the names of the collections is "Prod Servers: domainfqdn" plus match headers in my source file therefore the script I tested is below as well as the source CSV and finally the resulting echo when testing the script.  I'm going to play with it a bit more, but if you have any suggestions or thoughts, I'd appreciate it.  Thanks!

Modified Script

Quote

 

import-Module -Name "$(split-path $Env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1" -ErrorAction Stop
$SiteCode = Get-PSDrive -PSProvider CMSITE -ErrorAction Stop
Set-Location "$($SiteCode.Name):" -ErrorAction Stop

$Computers = Import-Csv "C:\source1.csv" -Delimiter ","
 
 Foreach ($Computer in $Computers) {
    $devname = $Computer.svr_name
    $colname = $Computer.svc_domainfqdn
    $newcolname = “Prod Servers: $colname"
    $ResourceID = (Get-CMDevice -Name $devname -ErrorAction SilentlyContinue).ResourceID
    Add-CMDeviceCollectionDirectMembershipRule -CollectionName $newcolname -ResourceId $ResourceID -Verbose -ErrorAction SilentlyContinue
 }

 

Source CSV

Quote

svr_name,svc_domainfqdn
LABAPPV,Prod Servers: faext.lab.net
LABDC,Prod Servers: wings.labne.com
LABEXCHANGE,Prod Servers: wings.labne.com
LABSCCM,Prod Servers: faext.lab.net
LABSVR,Prod Servers: PROD.ad

Resulting Echo

Quote

 

PS C:\> C:\test2.ps1
VERBOSE: Start: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: faext.lab.net'
VERBOSE: Finish: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: faext.lab.net'. Processed 0 results in 00:00:00.
Add-CMDeviceCollectionDirectMembershipRule : No object corresponds to the specified parameters.
At C:\test2.ps1:14 char:5
+     Add-CMDeviceCollectionDirectMembershipRule -CollectionName $newco ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Microsoft.Confi...shipRuleCommand:AddDeviceCollec...shipRuleCommand) [Add-CMDeviceCol...tMembershipRule], ItemNotFoundException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.ConfigurationManagement.Cmdlets.Collections.Commands.AddDeviceCollectionDirectMembershipRuleCommand
 
VERBOSE: Start: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: wings.labne.com'
VERBOSE: Finish: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: wings.labne.com'. Processed 0 results in 00:00:00.
Add-CMDeviceCollectionDirectMembershipRule : No object corresponds to the specified parameters.
At C:\test2.ps1:14 char:5
+     Add-CMDeviceCollectionDirectMembershipRule -CollectionName $newco ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Microsoft.Confi...shipRuleCommand:AddDeviceCollec...shipRuleCommand) [Add-CMDeviceCol...tMembershipRule], ItemNotFoundException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.ConfigurationManagement.Cmdlets.Collections.Commands.AddDeviceCollectionDirectMembershipRuleCommand
 
VERBOSE: Start: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: wings.labne.com'
VERBOSE: Finish: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: wings.labne.com'. Processed 0 results in 00:00:00.
Add-CMDeviceCollectionDirectMembershipRule : No object corresponds to the specified parameters.
At C:\test2.ps1:14 char:5
+     Add-CMDeviceCollectionDirectMembershipRule -CollectionName $newco ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Microsoft.Confi...shipRuleCommand:AddDeviceCollec...shipRuleCommand) [Add-CMDeviceCol...tMembershipRule], ItemNotFoundException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.ConfigurationManagement.Cmdlets.Collections.Commands.AddDeviceCollectionDirectMembershipRuleCommand
 
VERBOSE: Start: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: faext.lab.net'
VERBOSE: Finish: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: faext.lab.net'. Processed 0 results in 00:00:00.
Add-CMDeviceCollectionDirectMembershipRule : No object corresponds to the specified parameters.
At C:\test2.ps1:14 char:5
+     Add-CMDeviceCollectionDirectMembershipRule -CollectionName $newco ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Microsoft.Confi...shipRuleCommand:AddDeviceCollec...shipRuleCommand) [Add-CMDeviceCol...tMembershipRule], ItemNotFoundException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.ConfigurationManagement.Cmdlets.Collections.Commands.AddDeviceCollectionDirectMembershipRuleCommand
 
VERBOSE: Start: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: PROD.ad'
VERBOSE: Finish: Execution of WQL query: SELECT * FROM SMS_Collection WHERE CollectionType = 2 AND IsBuiltIn = 0 AND Name = 'Prod Servers: Prod Servers: PROD.ad'. Processed 0 results in 00:00:00.
Add-CMDeviceCollectionDirectMembershipRule : No object corresponds to the specified parameters.
At C:\test2.ps1:14 char:5
+     Add-CMDeviceCollectionDirectMembershipRule -CollectionName $newco ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Microsoft.Confi...shipRuleCommand:AddDeviceCollec...shipRuleCommand) [Add-CMDeviceCol...tMembershipRule], ItemNotFoundException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.ConfigurationManagement.Cmdlets.Collections.Commands.AddDeviceCollectionDirectMembershipRuleCommand
 

 

To note, yes, the collections exist and after refreshing them each are still empty.  Thanks!

[Add Devices to Different Collections Using CSV Source]

Thanks!

I'll give it a shot and reply back soon...

[Add Devices to Different Collections Using CSV Source]

Hey Guys / Niall - 

I'm trying to script something which I've done parts of in the past, but not together at once and need some assistance, please...

Overall, I'm trying to add hostnames as direct members to a different collection referenced on the same row of a CSV source.  Below is an example of the CSV source which states the hostname in the first column and its domain in a 2nd column.  A collection already exists per domain which is "Prod Servers: domainfqdn".  For example, below is a similar CSV with headers:

• svr_name,svc_domainfqdn
• SYSTEM1,DOMAIN.5.com
• SYSTEM2,DOMAIN.6.com
• SYSTEM3,DOMAIN.4.org
• SYSTEM8,DOMAIN.6.local

The desired result is that once the script executes, the following occurs:

• The hostname "SYSTEM1" is added via direct rule to the collection "Prod Servers: DOMAIN.5.com"
• The hostname "SYSTEM2" is added via direct rule to the collection "Prod Servers: DOMAIN.6.com"
• The hostname "SYSTEM3" is added via direct rule to the collection "Prod Servers: DOMAIN.4.org"
• The hostname "SYSTEM8" is added via direct rule to the collection "Prod Servers: DOMAIN.6.local"

I've added systems to a single collection many times before using powerShell using something similar to the below, but am at a loss for how to add to multiple collections all within the same source.

Quote

$Computers = Import-Csv "C:\source.csv"
 Foreach ($Computer in $Computers) {
    $ResourceID = (Get-CMDevice -name $($Computer.Name)).ResourceID
    add-cmdevicecollectiondirectmembershiprule -CollectionId $CollectionID -resourceid $ResourceID -Verbose 

 I've already created the collections for each domain, so no need to have the script check for them or do so.

Any suggestions?  Thanks!

 

 

[Cannot Add More TS Steps / Method to Execute a Task Sequence During an OSD Build]

Morning, Guys - Any ideas on this?  Thanks! 

[Cannot Add More TS Steps / Method to Execute a Task Sequence During an OSD Build]

Hey Guys / Niall - 

I'm in a bind and need some suggestions, please...

I'm currently in the middle of rebuilding our OSD task sequence from scratch to resolve a few issues.  It's TS is fairly lengthy as it's MDT integrated and uses the UDI Wizard for customization of the build.  One of the most used UDI features is the ability to select Applications & packages not installed by default for automated installation during the build.  This has worked great in the past with Applications and Packages.

The issue is that many of our applications are installed via task sequence & some are pretty lengthy.  They are built as such due to their complexity and ability to support multiple locations (different steps are executed depending on the system's location), scenarios (Install, Repair, Upgrade), etc.

It would be easy enough to copy / paste these steps into a folder in the OSD TS and have them tied to a UDI variable - but - when attempting to do so have found that it makes the task sequence too large and I get memory / handle errors when trying to save it.  As a workaround, I did adjust specific settings in WMI on the Primary server as described here to the settings shown below (quadrupled values for first 3) plus the server is only using 27% of 16gb of RAM, but that didn't help.

So - what is the most reliable way to install a task sequence during OSD (if any)

I know that the latest version of SCCM includes this ability, but we are on 2012 R2 SP1 CU4 for the next 2 months.  The only way I can think of is to pre-advertise the TS to collections OSD is advertised to then create and Application which executes a PowerShell script that initiates the desired TS similar to this post.  I've used it before for the App Catalog, but it hasn't been that consistent and I haven't tried it with OSD yet.  Surely, there's another workaround for this or way to safely be able to add more steps to OSD's TS.

I'd appreciate any suggestions - Thank You!

[No IP on Last Build & Capture Stage]

Hey Guys / Niall - 

So I'm in the process of revamping our OSD build process and therefore performing a couple of new build & captures.  After creating a pretty much standard task sequence (non-MDT) and having it install a couple of applications, I ran it.  It performs 90% of the TS correctly as it applies the OS, installs applications, etc.  When it reboots to capture, though; it fails when "Initializing Hardware Devices" - opening a command prompt shows no network adapters.  I can understand not having the drivers on the boot image or for Windows, but why not at this point?

It obviously has the boot image drivers or wouldn't have even allowed me to choose the TS and OS has drivers because it wouldn't have installed the applications.  If I let the reboot time out, it boots in Windows mini-setup where after completing initial steps; I load Device Manager and everything's installed!

SMSTS shows that it successfully completes the "Prepare OS" step but after that it's "winhttp failed" and "unknown host"

So far I've tried this in Hyper-V using default & legacy NICs as well as trying on a 640 G1 - all with the same result.  I've also tried using other boot images other than my default MDT x64 one with the same result.  I also tried applying a Driver Package I built a while back which contains Win7x64 drivers imported from Hyper-V. The TS applies an OEM copy of Windows 7 SP1 x64 and I'm using SCCM 2012 R2 SP1 CU4.

Any suggestions?  Thanks!

[Secondary Site Installation Successful, but Not Working]

Hey Guys - 

Sorry for the late reply.  Found out that there were some routing issues with the server which I think caused the issue.  Actually tried a site recovery a couple of days ago.  Checked the status today and it said it completed successfully, but the site was still in the "Recovering" status.  In addition to the initial warnings, it now also had the warning: Setup is unable to establish a remote connection to WMI on the secondary site.

I still think there are routing issues, honestly; but in the meantime am trying a full install again to make sure by performing the below steps - I just finished the below steps and am waiting on results.

1. Deleted secondary site from Primary choosing to Uninstall the site - verified that it uninstalled from Add/Remove programs on server
2. Ran PS script on server to install pre-reqs.  They should already be installed, but thought I'd run it too to be sure.(Details below)
3. Ran "winmgmt /verifyrepository" but came back consistent so not going to attempt to salvage or reset
4. Restarting server
5. Install Secondary site again using same settings (below) from Primary server

Wish me luck!  By the way, below are the Secondary settings selected, the script I ran for pre-reqs, plus it's output:

Secondary Settings For Install

•  Site code: BSA
•  Site server name: SECPMSCCM01.mycompany.net
•  Site name: Texas Secondary Site Server
•  Installation folder: C:\Program Files\Microsoft Configuration Manager\
• Accounts
•  Site server communication account:
• •    Primary site connection: Secondary computer account
• •    Secondary site connection: Primary computer account
• (Yes - Primary's hostname is a local admin and hostname of secondary has full rights to System Management container & objects within)
• Site System Roles
•  Management point: MDCPMSCCM01.ardenthealth.net
•  Distribution point: MDCPMSCCM01.ardenthealth.net
• Installation Status
•  Copy installation source from parent: Yes
• SQL Server Settings
•  Install and configure SQL Server Express: Yes
•  SQL Server service port: Yes
•  SQL Server Service Broker port: 4022
• Boundary Groups
•   Success: Boundary Settings
• •    Fallback source location for content: Allow fallback source location for content: No
•   Success: Boundary Groups
   

SCCM Pre-Reqs Install Script
Import-Module servermanager
Add-WindowsFeature WAS-Process-Model
Add-WindowsFeature WAS-Config-APIs
Add-WindowsFeature WAS-Net-Environment
Add-WindowsFeature Web-Server
Add-WindowsFeature Web-ISAPI-Ext
Add-WindowsFeature Web-ISAPI-Filter
Add-WindowsFeature Web-Net-Ext
Add-WindowsFeature Web-ASP-Net
Add-WindowsFeature Web-ASP
Add-WindowsFeature Web-Windows-Auth
Add-WindowsFeature Web-Basic-Auth
Add-WindowsFeature Web-URL-Auth
Add-WindowsFeature Web-IP-Security
Add-WindowsFeature Web-Scripting-Tools
Add-WindowsFeature Web-Mgmt-Service
Add-WindowsFeature Web-Lgcy-Scripting
Add-WindowsFeature Web-Lgcy-Mgmt-Console
Add-WindowsFeature Web-Stat-Compression
Add-WindowsFeature Web-Metabase
Add-WindowsFeature Web-WMI
Add-WindowsFeature Web-HTTP-Redirect
Add-WindowsFeature Web-Log-Libraries
Add-WindowsFeature Web-HTTP-Tracing
Add-WindowsFeature BITS-IIS-Ext
Add-WindowsFeature Net-Framework-Core
Add-WindowsFeature RDC

Script Output

Success Restart Needed Exit Code      Feature Result                               
------- -------------- ---------      --------------                               
True    No             Success        {Process Model}                              
True    No             NoChangeNeeded {}                                           
True    No             Success        {.NET Environment 3.5}                       
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}                                           
True    No             Success        {.NET Extensibility 3.5}                     
True    No             Success        {ASP.NET 3.5}                                
True    No             Success        {ASP}                                        
True    No             NoChangeNeeded {}                                           
True    No             Success        {Basic Authentication}                       
True    No             Success        {URL Authorization}                          
True    No             Success        {IP and Domain Restrictions}                 
True    No             NoChangeNeeded {}                                           
True    No             Success        {Management Service}                         
True    No             Success        {IIS 6 Scripting Tools}                      
True    No             Success        {IIS 6 Management Console}                   
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}                                           
True    No             NoChangeNeeded {}  

Thanks again...

[SCCM: Best Resource / Guide for Configuring Out of Band]

Hey Guys / Niall - 

When learning SCCM years ago, Niall's guides were my foundation.  Despite having installed numerous DEV and PROD environments since, I still use the guides for reference.  I'm currently planning on implementing Out of Band for our current Production environment as i haven't ever done so before, yet see a wide variety of guides online for how to do so.  Some integrate Intel's SCS, some a variety of hardware classes, some use two certs, and some use four.

Unfortunately, I looked on the dedicated Step-by-Step Guides page hoping to find a guide for this as I trust Niall's instruction, but couldn't find one.

So - assuming he doesn't offer one, what would you guys suggest?  Do I need to implement SCS and if so, what would be the best guide / steps for me to use (if any)?  Our  prod environment runs SCCM 2012 R2 SP1 CU4 where we have 1 primary & 3 remote secondaries.  The only other dedicated site servers besides distribution points are a dedicated SQL server for the main database and a WSUS server.  All site servers use Windows 2012 R2 and the majority of clients are HP workstations & laptops running Windows 7 x64.  Models most used are the 800 G1 DM, 640 G1/G2, and similar.

Thanks!

[Secondary Server (No Longer in Use) Failed to Detach]

Hey Guys / Niall - 

I've got a straightforward question for you all, please...  We recently retied a Secondary server which was installed temporarily and did so by choosing to uninstall it from the console.  Unfortunately, the uninstall seemed to only partially work.  The console currently doesn't show any reference to it or its site code, but we are being flooded with the below status message every ~30 minutes:

Site QDC has failed to detach. Refer to rcmctrl.log for further details.

The thing is, when looking in rcmctrl.log, there is no reference to QDC.  The server the secondary was installed to is still online and still has SQL installed, but nothing is installed related to SCCM - C:\Program Files\Microsoft Configuration Manager\ doesn't even exist.

I've tried running "preinst /delsite QDC", but it says "Cannot find site [QDC] in the site control data in the database. Checking in ServerData in the database. Failed to execute SQL query."  I also obviously cannot attempt an uninstall directly from the server as the Program Files no longer exist.  I'm pretty sure I've had to delete a site from the database long ago, but don't remember the exact details nor can find instruction online.

We are running SCCM 2012 R2 SP1 CU4 on top of Windows Server 2012 R2

Any suggestions?  Thanks!

[Secondary Site Installation Successful, but Not Working]

Anyone able to assist?  Thanks!

[Secondary Site Installation Successful, but Not Working]

Hey Guys / Niall - 

I'm wrapping up the build of a brand new environment on a new domain we are migrating to and installing the last Secondary Site of 7.  The destination servers of all the Secondary sites are all new 2012 R2 installations where I manually installed all pre-reqs, deployed the Secondary site from the console, and once complete added SUP & SMP.  All 6 installed prior to this one went great with no issues.  However, this last one is a pain even though I installed it the exact same way.  It shows it completed successfully, but that's not the case.  Below is a list of characteristics of the issue , what I've tried so far, and finally log info.  I'm referring to the Secondary with issues as "TEX" and primary site as "ABC"

Characteristics of Secondary Site Issues (As it appears 24 hours after installation / deployment)

• Installation completes successfully and under Sites its listed as "Active."  All results within Installation Results pass except for 2 pre-req warnings
  • BITS & IIS6 WMI compatibility component for IIS7 are not installed or cannot be verified
  • Setup unable to establish a remote connection to WMI on secondary site
• Site Status & Component Status lists do not contain and entries from "TEX" yet lists ones from the 6 other Secondaries
• AD Forests / Publishing Status lists all 6 Secondaries + 1 Primary including TEX - however - the "Last Publishing Time" & "Last Publishing Status" are empty only for TEX
• There are no entries for "TEX" within System Management container
• In Monitoring / Database Replication, it states "Link is being configured" & "Initializing data between the parent site and child site". 
• Replication Analyzer
  • Inconsistent public keys - asks me to initiate public key transfer for target site TEX on source site ABC
  • File replication route is required for site-to-site communication and file replication route is missing for site ABC on site TEX
  • Replication initialization is aborted in site ABC for the replication groups: Secondary_Site_Replication_Configuration. RLA recommends reinitializing the above mentioned groups on site TEX.  This may take several hours
• A boundary group with ~200 IP Ranges is associated with the Secondary Site
• Groups for local admins on TEX are the same as all other secondaries
• Distribution is not working / processing anything to TEX although should be

What I've Tried to Resolve Issue

• Uninstall Secondary Site then reinstall
• Delete Secondary Site from console then manually uninstall all SCCM & SQL components, delete related files, registry entries, and even uninstalled roles / features; rebooted; then reinstalled all from scratch - same issue persists
• Manually added server's hostname to System Management container delegating full access to it
• Chosen to run all suggested actions in Replication Link Analyzer.  After doing each, same issue appeared so had to skip rule to get it to continue
• Used the commands "preinst.exe /keyforchild" and "preinst.exe /keyforparent" then copied the resulting files into the hman.inbox where they belonged.  They were processed and disappeared but nothing changed
• Considering uninstall / reinstall again but using a different site code.  Only thing is that if that worked I feel I'd have some crap left over in database from old site code and don't want to jeopardize stability or performance

Log FIles

Below are individual log files as well as ZIPs of multiple ones taken from when I worked on it this afternoon. 

• TEX_to_ABC Diagnostics.csv
• ReplicationAnalysis.htm
• rcmctrl_(Primary ABC).log
• rcmctrl_(Secondary_TEX).log
• AllReplicationLogs.zip
• SecondaryLogFiles.zip
• SecondaryInstallLogs.zip
• replmgr_(Primary ABC).log
• replmgr_(Secondary_TEX).log

The site is 2012 R2 SP1 CU4 with all site servers running 2012 R2 OS.  Any help or suggestions you could provide would be fantastic - Thank You!!

[Issues Migrating Client to New Environment on New Domain]

Yes - In the new SCCM environment, boundaries & discovery are both configured for the old domain and workstations appear under Devices.  I tried migrating another test VM today.  I kept it in the old domain, but ran a script to change it's site code to the new SCCM environment on the new domain (even though staying on the old domain.)  Still no luck.

ClientIDManagerStartup.log keeps showing "RegTask: Failed to refresh MP Error: 0x8000ffff after I migrate it to the new site.

I decided to ensure that the SRV record for the new sitecode was set up correctly in the old domain's DNS and it is.  Attached is a screenshot which I executed from the test VM which I migrated to the new site code upon but was still on the old domain.  The old domain ends in corporate.___.com and the new domain ___health.net.  The new site code is "AH1" which is finds the primary site server (& MP) in the new domain as you can see.  Below that, I queried "AHS" which is the old site code.  This results in displaying the primary of the old domain.  

Doesn't look like the SRV record is the issue, but if not; why is it still saying "Failed to refresh MP Error"?  Possibly due to permissions (despite being a two way trust between domains) or am I missing a pointer / record somewhere? 

Thanks!

 

[Issues Migrating Client to New Environment on New Domain]

Yes! - The schema has been extended, is showing entries for the Secondary sites I've added, plus clients installed onto workstation which are joined to the new domain are working perfectly.  Any suggestions?  Thanks!

[Issues Migrating Client to New Environment on New Domain]

Hey Guys / Niall - 

I'm in need of assistance with an issue, please.  Our company is moving all systems over to a new domain over the next few months.  One other change will be that the new domain will have a new SCCM environment.  Since I'd rather not manage multiple environments, the plan is to migrate all workstations over to the new SCCM environment over about a week's time before migrating the domain on the systems.  I've already built the new environment and all site servers on the new domain so was ready to start client migration.  Changing a system to the new SCCM site and new domain works great - however - changing the client to the new SCCM site while retaining the old domain is not working.

Overall, I have ~10,000 workstations on our current domain which are members of the existing SCCM site.  I'm needing to migrate the clients to a new SCCM site which is on a new domain, but without changing the domain.

I'm using a VBS file to change the client's site code to the new environment.  Once I do, communication isn't correct, though.  Client's log files show:

• ClientIDManagerStartup.log
  • RegTask: Failed to refresh MP. Error: 0x8000ffff
• LocationServices.log:
  • There is no AMP for site code "BCD".  
  • LsRefreshManagementPointEx failed with 0x8000ffff
  • Failed to refresh security settings over AD with error 0x87d00215
  • Failed to refresh security settings over MP with error 0x8000ffff

The New SCCM environment's console shows the hostname of the test system plus shows that it's a member of the old domain.  It shows that "No" client is installed on the system both prior to and after the test to migrate it.  Finally, below are the things I've configured in preparation prior to the test:

• A two-way trust exists between the old and new domains
• Boundary added in New SCCM environment (ip range) for test system which is assigned to a Boundary group /w assigned site code & MP
• SRV record added to old domain so that new site code resolves and points to FQDN of the new SCCM server's primary server
• Discovery methods configured to scan for systems in the old domain
• Both SCCM sites are HTTP (not HTTPS)

Any suggestions?  Thanks!!

 

["Insufficient Access Rights" for Publishing Status Despite System Management Container Permissions]

Update:

I got it working. I delegated full control to another security group which contains all SCCM Service accounts which got it working. Not sure why since it has been set to use the computer's account from the beginning, but it worked and added the data needed.

Thanks!

["Insufficient Access Rights" for Publishing Status Despite System Management Container Permissions]

Hey Guys / Niall -

 

I recently built a new SCCM environment with 4 Secondary servers for an upcoming domain migration and have just about finished it. When looking in the console under "Active Directory Forests", I see that under "Publishing Status" it says "Insufficient Access Rights."

The permissions for the "Systems Management" container seem correct. Looking within it, I see that it has created objects for the Primary + 2 of the 3 Secondary sites - but that's it. Below you can see the contents of the Systems Management container currently. AH1 is the Primary site with ABQ & TUL Secondaries. The 3rd Secondary is missing completely...

I personally didn't extend the schema or assign rights, but here's how it is currently configured.

When looking under the Security tab of the System Management container's Properties, I see that there is an AD Security Group named "SCCM Site Servers" with full rights. I've also verified that all of the SCCM Site Servers (including the primary and all secondaries) have been added to this group. No specific user / service accounts have been added. Aside from that group, the following exist:

• SELF (No rights)
• Authenticated users (Read)
• SYSTEM (Full Rights)
• DOMAIN\Domain Admins (Full Rights)
• DOMAIN\Enterprise Admins (Full Rights - Inherited)
• DOMAIN\Administrators (Read & Write but not Full - Inherited)
• DOMAIN\Pre-Windows 2000 Compatible Access (No Rights)
• ENTERPRISE DOMAIN CONTROLLERS (No Rights)

If I examine the Properties of the Forest within the console, the option to discover sites & subnets in the AD forest is enabled and set to use the computer account of the site server. The Publishing tab has all 4 (Primary + 3 Secondaries) checked and no domain / server specified.

I tried adding the hostname of the Secondary site which wasn't listed in the SM container directly via Delegating Access. When viewing Advanced properties of the container's security, the added hostname looks to have the same configuration as the AD Group. Once added, I unchecked it's site under Publishing, applied, clicked ok, went back to Publishing, checked it, applied, then clicked OK again. So far, no changes.

Not 100% sure if this would attempt to reinitiate it, though. After I make changes in attempts to resolve, how can I best verify they are successful if not the above?

Finally, I looked through all ad* logs and even though I didn't look in great detail, I didn't see anything recent that stood out.

Any suggestions for resolving this? Thanks!

[Migrating Clients to New Domain & SCCM Site]

Hey Guys / Niall -

 

So I manage an environment of ~10,000 workstations and ~900 servers on a single domain. A few months ago, we acquired a new company which has their own SCCM environment on a different domain. Finally, I am wrapping up a build of SCCM on a 3rd domain. The plan is to migrate all clients from the two old domains onto the new one.

 

I have a couple of questions about this procedure so wanted to post to get opinions...

 

1. Migrate Many Clients to New Site Prior to Domain Change

The main question is that their current plan is to migrate the domain on workstations a department at a time over a six month period. While doing so, they want to use my script to migrate each of the workstations' SCCM client while changing the domain. The last thing i want is to have 3 separate and constantly changing environments to manage, so am trying to find the best way to potentially migrate the clients from both old domains to the new one before (like few months in some cases) the domains on the workstations are changed.

 

There's currently a one-way trust between the new domain and both old ones and don't know if I can get them to make it more flexible. Basically, I'm curious what I would need to do in order to achieve the goal above. My experience tells me the below would be needed - at least in theory:

• Add scope of system's OUs / containers in old domain to discovery on new site
• Script executed per system to change the site of the client to the new site
• The SCCM Network Service account to have local admin rights on all workstations (per old domain)
• Specific DNS records modified / changed to point to the FQDN of the new primary instead of the old ones (per old domain)

Is the above all that would be required, know of any helpful posts related to this, or any suggestions / thoughts?

 

2. Migration of Packages, Applications, etc with New Source Path

I'll be moving a lot of packages and such over to the new environment, but am now using a new "master" share for the sources of all packages, applications, etc. It's simple to migrate an SCCM package from one site to a new one, but when doing so; it retains the same source path for it.

 

Does anyone know of a PowerShell script or overlooked options which would allow me to change just the first part of the source path for migrated packages when moving to the new site? If capable of copying the source content during the migration, that would be ideal; but if not copying it would still be faster than changing each manually. I'm considering simply exporting certain packages, then importing them back in. Will have to play with that a bit more to see how it would work. Suggestions?

 

All 3 sites run SCCM 2012 R2 SP1 CU4. We cannot go to current branch yet due to numerous legacy apps on workstations which don't play nice with .NET 4+. Most site servers (especially on the new environment) run Windows 2012 R2.

 

Any suggestions or comments would be appreciated. Thanks!!

[Verification of Critical Reboot TS Deployment Schedule]

Anyone???

[Verification of Critical Reboot TS Deployment Schedule]

Hey Guys / Niall -

 

I am making an important deployment today and wanted at least one other to review it to ensure it's correct before enabling

 

So for the next 2-3 weeks, I've been instructed to reboot thousands of workstations nightly with notification at 3:00am each morning. I already have a task sequence which executes a custom notification EXE which also offers delay options and more and once it exists then the system reboots successfully. When doing this previously, I was afraid that random reboots may occur so deployed the TS daily to be available the following morning at 2:59am, run at 3:00am, and end at 3:30am. So I don't have to remember to do this, I wanted to make a single advertisement.

 

I considered doing the above and advertising via PowerShell to create a specific deployment per day - however - I don't think that's necessary. Below is the schedule I am planning have for the task sequence to run every Monday - Thursday night (actually 3:00am Tuesday - Friday) for two weeks. Look ok to you or see any chance of issues? Just making 100% sure

 

 

Thanks!

 

 

 

[Project Deployment: Is a x64 Version of Project Required on a Workstation to Perform Certain Features with a x64 Project Server?]

Good Afternoon Guys / Niall -

I am the SCCM administrator for a company where I am constantly having to deploy Office 2013 products to workstations. When looking at the existing environment recently, I found out that there was a big mix of Project x86 & x64 installations on workstations. As I'm used to deploying x86 Office almost exclusively in corporate environments , I asked why. The reply I got was that someone was told that all workstations must have Project x64 installed in order to be able to use some/all features when accessing a x64 Project Server. Since you cannot have a mix of Office x86 & x64 products installed on the same workstation, this meant all who used Project (therefore having Project x64 installed) have also had to have an Office x64. This has caused a tremendous amount of headache!

My Question

My overall question is: Are there any features / processes a user may need to use which would require them to have Project x64 installed on their workstation to access a Project x64 Server installation or will an x86 version on their workstation allow them to perform all of the same tasks?

I never could find out who said it was required as it was before my time but if able to verify that Project x86 is 100% compatible; I plan to convert all existing x64 Office & Project installations to x86. We've done a little testing using a Project x86 client to connect to the server and everything so far seems to work well so know it at least paritally supports it. However, I don't know enough about how to use it to say with 100% certainty it would work - despite my opinion that x64 being required was a misunderstanding. I definitely want to find out before a conversion is planned, though, which is the reason for my post.

I did post this question to the Project TechNet forums thinking I'd get a fast and definate answer, but so far just speculation by an individual.

If in fact a x64 Project installation is required on a workstation for any reason, do you know what specific features it is required / not required for?

Thanks!!!

[Reading & Writing Task Sequence Variables in PowerShell]

*Bump*

 

Any suggestions guys? Thanks!

[Update Evaluation: Configure Clients to Use Local Secondary SUP / WSUS Server]

Thanks -

 

I added the IP Restrictions feature to the original SUP / WSUS and blocked everything except the local subnets then verified it was working by having techs at remote sites go to the SUP server's IP:8530 in IE to see if they got a blank screen or nothing. It seemingly worked.

 

I took 3 remote clients and forced a updates scan on them. They failed to connect to the primary SUP - but - then didn't try to search for / use one of the secondary SUPs. Instead, they threw "Scan failed with error = 0x80244018" I got this same result in all remote systems I tested.

 

Any suggestions? Thanks

[Update Evaluation: Configure Clients to Use Local Secondary SUP / WSUS Server]

Thanks for the reply -

 

Well, since the clients are basically setting local policy with the address of the WSUS / SUP server; what if I were to just deploy a group policy to overwrite that with the local WSUS / SUP server which they should be using? If not, know of a script which could be deployed to change this client setting?

 

Thanks

[Update Evaluation: Configure Clients to Use Local Secondary SUP / WSUS Server]

Hey Guys -

I have one more issue currently that I need advice on, please. When SCCM was first introduced and clients deployed in our environment, there was a single server local to the primary which had the SUP role & WSUS installed. We soon realized that shortly after client deployments to remote sites that them simply evaluating updates needed against the remote (to them) WSUS server caused havoc with WAN bandwidth.

Since then, I have installed & configured the SUP role / WSUS at both secondary sites which many clients are local to and are in the same boundaries with. They were automatically configured to be upsteam to the WSUS local to the primary. I've also verified in the console + log files that synchronization between the primary and secondaries from a software updates perspective is green across the board.

When checking WindowsUpdate.log on many clients, though, all remote ones I've checked are still pointing to the SUP local to the primary - not their local one on the secondary. I also checked local policy on these clients and it shows the same is configured and no GPOs currently exist that set WSUS settings.

I was under the impression that SUP / WSUS server would be assigned based on the boundary each client is in then default back to the primary's if none existing. Is this not correct? The new SUPs were added 2-3 days ago and I have forced all policies on selected clients with no change.

We are running SCCM 2012 R2 SP1 CU3 on Windows Server 2012 R2

What am I missing? Thanks!