Jump to content


Search the Community

Showing results for tags 'SCCM'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • Official Forum Supporters
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

  1. Hi all, I have an error that has plagued me since, I think, upgrading to SCCM 2012 R2. I have a handful of OSD's which I have setup and generally, they all exhibit the same issue at seemingly random times. I could have multiple machines on my bench all using the same OSD and a couple of them will hang during the installation of applications. So, it installs the Windows image, sets up the CCM client, reboots and finishes the client install and then starts installing applications. When it hits about the third or fourth application it just sits there and does nothing for as long as the machine stays on (no error). It seems to be something that happens after a fixed amount of time (not sure how long), probably ~10 minutes after the last reboot. It makes no difference how I order the apps to install. I've sorted the log list by date and time to try and find an error somewhere but I can't see anything. The really frustrating thing is, if I have a machine that is failing it will usually keep failing repetitively but then suddenly it might start working and completed the TS all the way through. Can anyone give me any advice as to what logs I should keep a closer eye on (client/server) or if anyone has heard of anything similar. It's really frustrating when you have hundreds of machines to do! Sorry if I'm a bit light on info, I'm not sure what to provide as I'm still learning! Cheers!
  2. Introduction On Windows 10 version 1607 and earlier during Windows 10 upgrades from one version to another, after the computer reboots to upgrade the operating system you'll see a screen similar to the below At this point you could press Shift and F10 to bring up a command prompt, which is extremely useful if you need to check a log file, verify driver installation or to do troubleshooting. The screenshot below is from Windows 10 version 1607 which was being upgraded from Windows 10 version 1511. Security changes everything However there's a downside to this, having the ability to open a command prompt in the wrong hands could mean elevation of privileges or data theft. We all know that security is a big focus with Microsoft and as a direct result of the concerns above, the diagnostic prompt ability was disabled by default in Windows 10 version 1703 and later. That's all well and good for Joe public, but what about the SCCM admin who is trying to debug a task sequence ? Fear not, help is at hand. To re-enable the Diagnostic command prompt (Shift F10 during Windows setup in an upgrade scenario) you need to modify your task sequence to set a variable, and that variable is called OSDSetupAdditionalUpgradeOptions which is described here. This variable allows us to pass command line options to Windows setup during the upgrade and that's how we'll re-enable the diagnostic command prompt, however we don't want it available to everyone, except those 'in the know', aka the SCCM admins who need more info while troubleshooting. Step 1. Set a task sequence variable To make this work you need to add a Set Task Sequence Variable step before the Upgrade Operating system step in the Upgrade Task Sequence, like so. Task Sequence Variable: OSDSetupAdditionalUpgradeOptions Value: /DiagnosticPrompt enable Step 2. Add Options to limit exposure (optional) To limit the exposure of this diagnostic command prompt to only you (or your admins), you can add an option on the step to check for a file, reg key, variable or something that works for you, in this example, you'll look for the presence of a file on C:\ called windowsnoob.txt. Note: As stated, you can use whatever method you wish to limit exposure, Mike Terril has a nice blogpost on using collection variables to achieve something similar here. Step 3. Test it ! That's it, apply the changes and optionally create a file called windowsnoob.txt on C:\ on a computer you intend to test this on. Here's the file, created by the SCCM admin who plans on troubleshooting an Upgrade. Starting the upgrade... Before the reboot you can see the check for the file presence step is here, and as the file was present, the set task sequence variable step will run and here you can see the option has been appended to the Setup.exe command line by opening C:\Windows\CCM\Logs\SMSTSLOG\smsts.log in CMTrace After rebooting into the Windows Setup portion, try pressing Shift and F10 together, if everything went ok you'll see this. So that's it, now you know how to re-enable the Diagnostic command prompt during Windows 10 1703 or later upgrades and to do it in a reasonably limited way. Related reading https://docs.microsoft.com/en-us/sccm/osd/understand/task-sequence-action-variables https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options
  3. I created an offline media of the Windows 20H2, where I have two Windows version options, I'll call version A and version B Version A: is a standard task sequence, which disables the bitlocker, partitions the disk, installs install.wim, installs the configuration manager, restarts, then adds 3 programs, which are: 7Zip, Adobe and Notepad++, and finishes Version B: identical to version A, but without 7zip. The most bizarre thing is that in version B, everything works without a problem. But in version A, at the end of the Task Sequence (NOTE: I use TSBackground, but that's not the problem, otherwise it would affect both versions) the success screen appears, and I click the Finish button, and then I go to a screen blue (not the BSOD) saying: "Sign-in process initialization failure, Interactive logon process initialization has failed. Please consult the event log for more details." How is this possible if the difference between them is just 7zip? This screen does not corrupt the system, it only appears once, restarts, and I can log in again without any problems, and 7Zip is still there without any problem, and consulting the smsts.log, 7Zip is terminated with Exit Code 0. This error does not interfere with nothing, but it bothers me a lot, even more that I will distribute this system to more than 2,000 machines, everyone will have doubts about this screen, and this is not pleasant to leave showing. I googled it, but it seems that it happens when it really corrupts the system, in my case it doesn't, it shows up once, but I wanted to understand why the hell it shows up because of a 7Zip (already tested it with msi version, exe, old version, version new, and etc and with no result, I tried to put another program in place, like CCleaner for example and it causes the same result) I created an offline media, where I have two Windows version options, I'll call version A and version B Version A: is a standard task sequence, which disables the bitlocker, partitions the disk, installs install.wim, installs the configuration manager, restarts, then adds 3 programs, which are: 7Zip, Adobe and Notepad++, and finishes Version B: identical to version A, but without 7zip. The most bizarre thing is that in version B, everything works without a problem. But in version A, at the end of the Task Sequence (NOTE: I use TSBackground, but that's not the problem, otherwise it would affect both versions) the success screen appears, and I click the Finish button, and then I go to a screen blue (not the BSOD) saying: "Sign-in process initialization failure, Interactive logon process initialization has failed. Please consult the event log for more details." How is this possible if the difference between them is just 7zip? This screen does not corrupt the system, it only appears once, restarts, and I can log in again without any problems, and 7Zip is still there without any problem, and consulting the smsts.log, 7Zip is terminated with Exit Code 0. This error does not interfere with nothing, but it bothers me a lot, even more that I will distribute this system to more than 2,000 machines, everyone will have doubts about this screen, and this is not pleasant to leave showing. I googled it, but it seems that it happens when it really corrupts the system, in my case it doesn't, it shows up once, but I wanted to understand why the hell it shows up because of a 7Zip (already tested it with msi version, exe, old version, version new, and etc and with no result, I tried to put another program in place, like CCleaner for example and it causes the same result) (Note, the 2004 version I've never seen this happen and it's the same Task Sequence, I just changed install.wim to the new 20H2 version)
  4. I need to install Symantec Endpoint Protection, what would the command line be like in powershell where I can call a .ps1 script in a completely hidden and silent way? I did a previous TS that copies the setup64.exe from SEP to "C:\TEMP\" I don't have much knowledge on powerhsell as would the script that would install it silently? the argument for installing it via Batch File is / s. However, the CMD window appears during Windows logon, and Powershell can do all of this without any windows appearing, and I wanted powershell to wait for the installation to finish (I researched this and think the parameter is -WaitProcess but I don't know where how to put it) and after the installation is finished, delete the TEMP folder and restart the computer. Any help with that please?
  5. I am having an issue with imaging the surface pro 7+ everything goes through I apply the driver package which works for some I found once completed the touch screen doesn't respond I have to connect a keyboard and mouse anyone else having this issue?
  6. In a previous series of guides I showed you how to configure PKI in a lab on Windows Server 2016. In another series, I also showed you how to install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017. In this lab, I will show you how to configure SCCM to utilize that PKI environment. This series is based upon an excellent video by the talented former Microsoft Premier Field Engineer Justin Chalfant here. If you haven't seen it yet, do check it out. The intention here is that after you've completed this PKI enabled SCCM lab you can then use this in future guides, and to dig deeper into new technologies from Microsoft, for example enabling a Cloud Management Gateway and/or Cloud Distribution Point and using later on, using Co-Management. Note: To complete this lab you must first complete the PKI Lab series (8 parts) and then install a new virtual machine within that PKI lab running System Center Configuration Manager (Current Branch) version 1802 utilizing this series (4 parts), that installation of Configuration Manager will be in HTTP mode. In addition, you must configure the Software Update Point role (in HTTP mode) on CM01 See this guide (step 2 onward) for details. For details how to configure that, see this post. It will take some time to setup but you'll be glad you did. Also, don't do this in production without consulting with a PKI Expert. I don't claim to be one, I'm just helping you get it up and running in a lab. This is intended for use in a lab only. In part 1 of this series you created an Active Directory Security Group to contain your SCCM servers that host IIS based roles such as Distribution Point, Management Point and Software Update Point, you then rebooted that server after adding it (CM01) to the group. You then created 3 certificate templates for SCCM on the Issuing CA server (IssuingCA) and issued them so that they could be available to applicable computers. You verified that you had a GPO in place for AutoEnrollment before requesting the IIS and DP/OSD Certificates on the IIS Site System (CM01) using certlm.msc. Step 1. Edit bindings in IIS for the Default Web Site and WSUS Administration Websites On the SCCM server (CM01), start Internet Information Services (IIS) Manager, expand Sites so that you can see the Default Web Site and the WSUS Administration websites listed. Select the Default Web Site, this web site is where the management point, distribution point and other SCCM roles such as Application Catalog can be found (if they are installed). Edit bindings on the Default Web Site Right click on the Default Web Site and choose Edit Bindings from the options available. In the window that appears, select the https section (port 443) and choose Edit. In the SSL certificate dropdown menu, select SCCM IIS Cert. Click OK and then click Close. Verify changes made Once done, you can open up Internet Explorer and verify that it's reporting back in HTTPS mode for the default web site by browsing to the following addresses to verify the Netbios name and FQDN resolve in HTTPS mode. Click on the Lock in the address bar to get info about the connection. https://cm01 https://cm01.windowsnoob.lab.local/ Edit bindings on the WSUS Administration Web Site Repeat the above operation, on the WSUS Administration website (note that it uses port 8531 for https mode). click OK and Close when done. Step 2. Modify WSUS Administration SSL Settings WSUS itself requires some additional changes documented here (1) that we need to configure to allow WSUS to use HTTPS. In the Internet Information Services (IIS) Manager, expand sites and selct WSUS Administration. Select ApiRemoting30 under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Next, select ClientWebService under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Next, select DSSAuthWebService under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Next, select ServerSyncWebService under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Finally, select SimpleAuthWebService under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Step 3. Configure WSUS to require SSL In an administrative command prompt on CM01, browse to the location of WSUS installation files. cd C:\Program Files\Update Services\Tools Next issue the following command where CM01.windowsnoob.lab.local is the Fully qualified domain name of your ConfigMgr server hosting WSUS. WsusUtil.exe configuressl cm01.windowsnoob.lab.local The results are shown below: Step 4. Configure SCCM to use HTTPS In this step you will configure SCCM to operate in HTTPS mode. To do that, first bring up the site properties in the SCCM Console on CM01. To bring up the site properties, select the Administration workspace, select Site Configuration, select your site and in the ribbon choose Properties. Next, click on Client Computer Configuration, select HTTPS only from the options and then select Apply. Note: If you have both HTTP and HTTPS site systems in your environment, keep the second box checked (HTTPS or HTTP) and enable the Use PKI client certificate (client authentication capability) when available check box. Step 5. Configure Trusted Root Certification Authorities Note: If you fail to add the Root CA (ROOTCA_windows noob Root CA.crt) specified here, PXE boot will fail to download policy after entering the PXE password. In the site properties screen, click on Communication Security and then click on Set beside Trusted Root Certification Authorities, and click on the yellow star to add your Root CA, in this case, the Root CA for your lab (from the offline root ca), in other words point it to the ROOTCA_windows noob Root CA.crt file which is the Trusted Root Certificate for this site (the Root CA cert). Step 6. Verify that the Distribution Point, Management Point and Software Update Point are using SSL Next you need to verify the DP (and perform some additional configuration), MP and SUP roles are using SSL. To do this, select the Administration workspace in the console, click Site Configuration, select Servers and Site System roles, and select the Distribution Point role. Right click it and choose Properties to bring up the Distribution Point role properties. You should see that it is already configured for HTTPS. Next you need to add the certificate used by clients being imaged by operating system deployment in WinPE or for WorkGroup based clients, to do so, click on Import Certificate and select Browse, browse to the location where you saved the OSD Cert.pfx file (which you created in Step 5 of part 1 here), enter the password you specified, and click Apply. Click OK to close the Distribution Point role properties. For more info on the DP Cert requirements see - https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements Next, select the Management Point role properties, they are shown below, again, HTTPS is selected by default as you set it site wide with the HTTPS only option. When you selected HTTPS Only in the Client Computer Communication of the site properties, this initiated the Management Point to reinstall itself with the new settings, as you can see here in the sitecomp.log. In addition in the mpsetup.log you can see that it's configured for SSL Finally you can check mpcontrol.log this log logs the status of your Management Point, and in there you can verify that the Management Point is up and running and communicating OK in HTTPS mode and that it has successfully performed Management Point availability checks. Next, double click the Software Update Point role to review it's properties. Place a check in the Require SSL communication to the WSUS Server check box. Click Apply and click OK to close the Software Update Point properties. At this point open the WCM.log and look for a line that reads Step 7. Verify Client Received Client Certificate and SCCM Client Changes to SSL Logon to the Windows 10 1803 client and start and administrative command prompt, from there launch certlm.msc to bring up Certificates on the Local Machine. Browse to Personal and Certificates, and you should see the SCCM Client Certificate listed. Note: I assume you've already installed the ConfigMgr client agent using whatever method your prefer on the Windows 10 1803 virtual machine. Next, open the Control Panel and locate the Configuration Manager client agent in System and Security, and open it. If the client was just installed the Client Certificate will probably state Self-Signed (or None if you have just installed the client..). After a couple of minutes, close and then reopen the client and you should see that the Client Certificate states PKI. At this point, open the ClientIDManagerStartup.log in C:\Windows\CCM\Logs and you can see Client PKI cert is available. You can also verify client communication to the Management Point in the CCMMessaging.log and we can see it's successful in that communication. Job done ! You've successfully converted SCCM from HTTP to HTTPS using your PKI lab, and you've verified that the client is operating in HTTPS mode. In the next parts we'll look at the Cloud Management Gateway and Cloud Distribution Point. Recommended reading (1) - https://technet.microsoft.com/en-us/library/bb633246.aspx https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements https://www.enhansoft.com/how-to-setup-ssrs-to-use-https-part-1/
  7. Gents, We are currently facing Sync issues between our site server and our 2 SUPs (separated servers). After some investigation we noticed that the site server wants to tell one of our SUP to start a synchronization but nothing is happening on the SUP side because of an access denied when the site server wants to connect to the SUP on port 8531. This error does not happen all the time ... The system wide proxy is configured to bypass the local range where the site server and the SUPs are located. We already cleaned up our WSUS. I think I have similar issue in WCM.log : Do you have an idea ?
  8. Hi Niall, Hope you are doing great. I was following your tutorial on migrating from MBAM to SCCM Bitlocker, as i am working on a project for a customer for same. Tutorial: https://www.niallbrady.com/2019/11/13/want-to-learn-about-the-new-bitlocker-management-in-microsoft-endpoint-manager-configuration-manager/#comment-2150 Background: They are currently using SCCM version 2006, and wanted to migrate bitlocker from MBAM. They already have a PKI infrastructure (AD Certificate Service), with the SCCM client showing being in PKI mode (in the sccm client). I followed your steps to enable https mode (as they are in HTTP/HTTPS mode) and when i did that it broke the environment, and the clients (across 15 regions) stopped connecting, so I reverted back. My question to you is, i want to continue and finish the project, can i do so without changing SCCM to full https mode? Thanks in advance for taking the time out to reply and assist, as well as to the forum members
  9. Hello, I have Windows 10 Enterprise 20H2 with Office 354 pro Plus .I'm trying to deploy office 365 updates through SCCM current branch 2010 give me error code (0X87D0024A) The job is already connected and another update give me (0X87D00668) Software update still detected as actionable after apply I tried two updates but both of them has failed. this is from ConfigMgr Side. If i tried to install from software center it give me 0x87D0024A(-2016411062) i have attahe the log file from Config manager and the client machine. ApiClient.dll DLL file is exist . I have this issue with all office 365 UpdatesDeployment.log
  10. I have been getting lot of sms software inventory processor errors. I turned off the Software Inventory from client settings but that hasn't fixed the issue, I still keep getting these error messages. BADSINV folder is getting filled up with huge number of files, the size of the folder has reached 25 GB now. Error message is: Software Inventory Processor failed to process software inventory file "C:\Program Files\Microsoft Configuration Manager\inboxes\auth\sinv.box\abc.SID," and has moved it to "C:\Program Files\Microsoft Configuration Manager\inboxes\sinv.box\BADSinv\xyz.SID." Is there any solution for this? It was all working fine and just started happening few weeks ago. I can see on what date we started getting these errors, I didn't make any changes on that day. There is other SCCM Admin but he's not sure what might have lead to this as he's been making lot changes. Also, how do I clear the BADSINV folder? Thanks, Bunny
  11. Can anybody here assist me to fix this issue? I have been struggling to fix this issue. SCCM Infrastructure: SCCM CB v1910 Standalone Primary Site Issue SMS Distribution Manager shows error to process package distribution on Primary Site Server - FAILED TO TAKE SNAPSHOT I am unable to process any package content for distribution. D:\SCCMContentLib Folder is EMPTY. DISTMGR.Log details for one Software Update Package are stated below: Retrying package FG100***(SourceVersion:2;StoredVersion:2) SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:41 AM 9388 (0x24AC) Start updating the package FG100F75... SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:41 AM 9388 (0x24AC) CDistributionSrcSQL::UpdateAvailableVersion PackageID=FG100F75, Version=3, Status=2300 SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:41 AM 9388 (0x24AC) Taking package snapshot for package FG100F75 SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:41 AM 9388 (0x24AC) GetContentLibLocation - ABC.DEF.GHI.com SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:41 AM 9388 (0x24AC) Finished GetContentLibLocation - ABC.DEF.GHI.com SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:41 AM 9388 (0x24AC) Snapshot processing content with ID 18155987 ... SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:41 AM 9388 (0x24AC) Taking snapshot for content 8384e0c7-bee0-4686-ad50-00488870f2bb from source \\ABC.DEF.GHI.com\SoftwareUpdates_Srv\SCDS Windows Standard MS Patches - April 2021_\8384e0c7-bee0-4686-ad50-00488870f2bb SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:41 AM 9388 (0x24AC) Sleep 825 seconds... SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9356 (0x248C) GetTempFileNameA failed; 0x80004005 SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) CContentDefinition::CreateNewContentDefinition failed; 0x80004005 SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) TakeContentSnapshot() failed. Error = 0x80004005 SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) The source directory doesn't exist or the 'Configuration Manager' service cannot access it, Win32 last error = 16389 SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) STATMSG: ID=2361 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=ABC.DEF.GHI.com SITE=FG1 PID=20616 TID=9388 GMTDATE=Fri May 14 13:31:42.701 2021 ISTR0="\\ABC.DEF.GHI.com\SoftwareUpdates_Srv\SCDS Windows Standard MS Patches - April 2021_\8384e0c7-bee0-4686-ad50-00488870f2bb" ISTR1="8384e0c7-bee0-4686-ad50-00488870f2bb" ISTR2="8384e0c7-bee0-4686-ad50-00488870f2bb" ISTR3="30" ISTR4="62" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="FG100F75" SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) Failed to take snapshot for Content with ID 18155987 SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) Failed to take snapshot of one or more contents in package FG100F75 SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) CDistributionSrcSQL::UpdateAvailableVersion PackageID=FG100F75, Version=2, Status=2302 SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) STATMSG: ID=2302 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=ABC.DEF.GHI.com SITE=FG1 PID=20616 TID=9388 GMTDATE=Fri May 14 13:31:42.750 2021 ISTR0="SCDS Windows Standard MS Patches - April 2021_" ISTR1="FG100F75" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="FG100F75" SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) Failed to process package FG100***after 38 retries, will retry 62 more times SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) Exiting package processing thread for package FG100F75. SMS_DISTRIBUTION_MANAGER 5/14/2021 6:31:42 AM 9388 (0x24AC) Validations: Despool.log has nothing relevant to note. I have checked these things already and ANSWER is YES to all of these questions : Can you ping the affected SERVERNAME if the path is a UNC path? Does the site server computer account have permissions to access the path? Can you access the affected path using the FQDN/NetBIOS/IP address when using the SYSTEM account from the site server? Can you access the affected path using the FQDN/NetBIOS/IP address when using the logged in user's account from the site server? Is there a firewall between the site server and the affected server? Are relevant ports (RPC/SMB) open?
  12. I am deploying Windows 10 to HP Z840 and Z8 PC's using OSD in Config Manager 2010. Some of the Z8's are brand new, but most of the systems are running Windows 7 and are managed by SCCM. Some of them have single SATA or SSD drives. Some have multiple SATA or a mix of SATA and SSD drives. In systems that have an SSD and a SATA drive, I want to ensure the OS gets deployed to the SSD. In systems with multiple SATA drives, I want to ensure the OS gets deployed to the smaller drive and the larger one will be used for data storage. How best to accomplish this?
  13. Hello, We do have site wide client push set up to install the client to Workstations only. For servers, we have chosen to deploy the SCCM client in a "control way". I have an AD group "Server client deploy". I created a collection based on this AD group. My team would add selected servers to this AD group. I pushed out the client to this "Server client deploy" collection. However, every time new members are added to the AD group and show up in the SCCM Collection, the client is not installed automatically. I have to manually push out the client to the collection again. How do I deploy SCCM client to a specific collection so that whenever a new member is added, the client is installed automatically? Thank you in advance for your help/advise!
  14. I had a client that was unable to download the Endpoint Protection Policy. I browsed to the Windows\System32\GroupPolicy\Machine folder and delete the file: Registry.pol then rebooted. It seems to be fixed, but it won't report back to the SCCM server. His EnpointProtectionAgent.log states <![LOG[Endpoint is triggered by message.]LOG]!><time="13:28:00.005+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:251"> <![LOG[Re-apply EP AM policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:107"> <![LOG[Apply AM Policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:1192"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:28:00.542+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:607"> <![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="13:28:02.786+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:659"> <![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="13:28:02.870+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:267"> <![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="13:28:02.871+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:339"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="13:28:03.014+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:1239"> <![LOG[Firewall provider is installed.]LOG]!><time="13:28:03.022+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="13:28:03.074+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:800"> It seems that the issue is that it won't send a state message because it already exists. How do I force it to send the message?
  15. Hi I have an issue whereby my Windows 10 IPU task sequence is downloading all driver packages specified in the TS (Download Package Content) allthough the correct driver packages already exist in the CCM cache on the PC running the TS. I have used the following guide to create a PreCache task sequence: https://www.imab.dk/windows-as-a-service-sharing-my-precache-and-in-place-upgrade-task-sequences-part-1/ (credit to Martin Bengtsson for the excellent guide) and it works very well. A PC which has successfully run the PreCache TS downloads the correct drivers (using a WMI query) and other packages specified that are needed and then places the computer in a collection to where the actual IPU task sequence is deployed. The problem is that the IPU task sequence which is deployed with the setting "Download all content locally before starting the task sequence" (the setting found under the "Distribution Point" tab) starts to download driver packages for other hardware models that are specified in the TS (despite using WMI queries in this TS also). Because of the current Covid-19 pandemic the majority of our users are working from home so we obviously want to keep the amount of data transfered to a minimum, it seems stupid to cache driver content that´s not needed to work around the problem. I thought that the IPU TS would evaluate the queries before downloading (i read somewhere that this was only possible for upgrade packages/language packs but in later versions of current branch also included other packages). We are running CB 1910. Hope this makes sense, if anyone has experienced this and can suggest a workaround or confirm how it´s supposed to work it would be greatly appreciated. Regards Emile
  16. I am trying to build a collection based on the Last Online time (within an arbitrary number of days). I know typically this is done using the Heartbeat, ClientActivity, or Hardware scan property. but I would like to see all machines, to identify which machines may not have the client installed. I cant for the life of me find where the column in the collections view populates from. I have the queries to filter out machines based on Last Hardware Scan shown below. I am looking for something very similar, but as I said, i cant find the property for "Last Online Time"
  17. Hello, We have created Automatic Deployment Rules and collections for our Software Updates for our servers. In the Software Update collections, we have defined a specific Maintenance Window, which relates to Microsoft's Patch Tuesday as shown in attached graphic. However, we are finding that as soon as we populate our collection, the updates are being download and installed! (i.e. Outside the Maintenance Window) Obviously this isn't right. One concern I have is that a particular server can be a member of multiple collections which might have different Maintenance Windows, so any tip on how these conflicting windows "add up" would also be helpful. Can someone give a tip on whether there is a particular log or setting in the infrastructure we can refer to to investigate this?
  18. Hello, is it possible to directly load and boot into the Windows Recovery Environment over PXE? To apply repair-tools or diagnosis for example. Our company is trying to accomplish this to support our technicians whenever a user is having some kind of trouble booting his standard image. The technician then can apply the RE over PXE and try to repair the users system. However I'm not sure how to make a winRE deployment over SCCM. What I have done is creating a task sequence where the according .wim file is loaded as a boot-image. When testing the task sequence just runs through and shuts down or restarts the computer. What I want is for the computer to remain inside the Recovery Environment and to be able to apply repair options etc. With WDS it's pretty easy to accomplish this. I haven't figured out how to do it with SCCM, as you are only able to apply task sequences and not boot-images directly. Im glad for any help.
  19. Hello sorry for my english i'm french . I have been trying for several days to install an SCCM push client, but remotely through a FortiGate. So the problem is that the clients seem to have settled into the machine: Capture task manager Capture of SCCM files present: Capture of the ccmsetup.log LOG File: And then I put the Configuration Manager capture where I don't see the PC as clients: Do you have any ideas how to solve the problem?
  20. Hi All, Since yesterday i can't open SCCM console (from remote machine and from the main server) I'm getting the default screen when the console will not open (Attached) I accidentally changed permissions under the :"SMS_Site Code" Share and i think this is what caused this problem but I'm not sure. Here is the main error i'm getting from SMSAdmin.log file: 1st error : System.Management.ManagementException\r\nProvider load failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) 2nd Error: Transport error; failed to connect, message: 'The SMS Provider reported an error.'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException\r\nThe SMS Provider reported an error.\r\n at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext() 3rd Erorr: Transport error; failed to connect, message: 'The SMS Provider reported an error.'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException\r\nThe SMS Provider reported an error.\r\n at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext() 4th Error: at Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConnectionManagerInstance(String connectionManagerInstance)\r\nConfigMgr Error Object: 5th Error: Error Code: ProviderLoadFailure \r\nSystem.Management.ManagementException\r\nProvider load failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) 6th Erorr: System.Management.ManagementException\r\nProvider load failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) Any help will be appreciated! Thank you!!
  21. Hi! 😃 Recently I made settings for PXE and sccm site configuration (https communication clients), these edits did not help and I returned everything back. But from that moment on, all clients turned gray and errors appeared in the logs: : 1. ERROR: can't retrieve SQL connection. Exception: System.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) 2. Failed to authenticate with client [::ffff:192.168.10.230]:60583. 3. ERROR: Don't have SQL connection when get client certificate for client Now everything is configured over http, but apparently somewhere there is a connection over https. Please tell me how you can solve this problem? What settings should I check? Thank you in advance
  22. Hi All, Can anybody help. Currently trying to build a HP probook 650 with Win7 x86, however I get the following error message during the task sequence, when it is applying system settings "windows could not configure one or more system components, to install windows restart the computer and restart the installation" The only option is to click OK, computer restarts and then the error message reappears. SCCM was building fine and then just stopped working an this error message keeps occurring. Unable to F8 and Shift F10 to get any additional info Please Help Thanks
  23. Hi all,Thanks for any help in advance.I am new enough to SCCM and working on Office 365 client updates through ADR. On my test bed currently is O365 v1705 (Build 8201.2294), I am pushing client update v1808 (10730.20438) to it.ADR, Deployment Packages and Software Update Groups are setup and working.The Office 365 update does appear in the Software Center for installation, for testing I have everything set to the most visibility. When selected to install, the process goes through the download and install process according to the info displayed within Software Center but after it completes the Office version has not changed while .The update is downloaded to the ccmcache folder, separate question is that is it supposed to go in there or in the Microsoft Office folder in Program Files?I have eliminated installs inside of business hours being the issue, have turned that option off and also left client overnight.Looking at the updateshandler.log I do see the below:Failed to start WSUSUpdate, error = 0x87d00698When checking the Deployment in Monitoring the clients in that collection indicate as being compliant when they are not, any ideas?Also to add, doing a direct deployment of the client update without using ADRs has the same result. I am aware the versions I am troubleshooting are out dated, its just for testing. I have also tried with 1908 going to 2002 but that does not appear in Software Center at all when the config settings indicate it should. Checking the compliance report for the deployment it says it is Compliant when it is not as 1908 is still installed on the machine. Maybe I am not understanding something here, if 1908 is still supported, will SCCM see it as needing 2002? Thanks
  24. I am new to SCCM and my agent and most other things are set to default. I can install an app from software center but if i schedule it to deploy at 9:30 am and the installation is asap or 9:40 the installation just randomly installs when ever. sometimes hours later. I don't have a maintenance window setup for my collections. I am trying this with installing chrome. Any Help would be appreciated.
  25. Dear Experts, I'm trying to figure out the way, that would leave D:/ Data partition untouched while deploying OS images. We have computers with 1 HDD (Disk 0) with 2 partitions (System Drive C:\ and Data D:\). So when I have to deploy image, I have to backup all data from their computers to somewhere and than deploy image which formats whole Disk 0 and creates new partitions as specified in Task Sequence. So I was wondering how can it be achieved, that Task Sequence could only format OS Partition and leave Data Partition D:\ Untouched. We have BIOS and UEFI computers. I could not find any guide that would fit my case. Your help would be highly appreciated. SCCM Version 2002
×
×
  • Create New...