Jump to content


Search the Community

Showing results for tags 'SCCm'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
    • Windows 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Official Forum Supporters
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Windows Server General
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Location


Interests

  1. Hi all, First time poster, so apologise in advance if I post incorrectly. Currently building Windows 10 devices, some are upgrades from Windows 7 to Windows 10 and others are fresh Windows 10 using SCCM (MDT integrated). This works as expected, but when I log in and check TPM Administration the following message show up Reduced Functionality errors codes 0x400900 = The Device lock counter has not be created 0x2900 = The monotonic counter incremental during the boot has not been created Do I need to do something in the Task Sequence to clear the protectors or clear TPM before BitLocker is enabled Cheers all
  2. Hi all, I was trying to deploy a Task sequence, which I Copied from standard T.S. and made little change and trying to test it before using. This T.S. is to make BIOS system to UEFI system in boot (Dell system) and then install OS. But when I try to implement this its throwing an error code "0x80004005". I am pasting my SMSTS log file. Please help me. Log: please see the attachment.
  3. I am new to Task Sequence. I am working on a task Sequence to convert BIOS (Legacy) mode systems to UEFI mode systems (Dell Laptops)(SCCM with MDT) . Can some share a task sequence to do so or share your experience to do so. Actually my requirement is to add these steps for PXE OSD win 10 1607 task sequence.
  4. dear all, we wanted to test scep instead of mcafee on our clients. Everything looks good but in sc configuration manager the system status of the endpoint protection role status button is critical red. When we look into the log files it states ______________________________________________ Key "SOFTWARE\Microsoft\Microsoft Antimalware" not found, trying key "SOFTWARE\Microsoft\Windows Defender" $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> RegOpenKeyEx failed with 0X80070002 $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> GetAMInstallLocation failed with 0X80070002 $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> Failed to load common client library (0x80070002) $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> Failed to initialize AMMetadataUpdater (0x80070002) $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> Checking threat definitions in 900 seconds... $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.597-120><thread=11964 (0x2EBC)> ____________________________________________ i think the system wants to install scep on the server also. The problem is that the sccm servers are managed by another team and they insist on keeping mcafee on the server. Is there any option to bypass this install so the status of the endpoint protection point in site status becomes green without having to install scep on the server thank you all
  5. I have just built out a new sccm CB environment running alongside my 2012 r2. we have a server in our DMZ that is used as an MP, DP and SUP. I am trying to replication this for our CB environment. I have finally got all the Firewall ports opened that are required. I started installed the roles but am having a few issues. ADSI Edit isn't getting updated - Service account is used and has proper rights but nothing update my wsus on prem is working but on my dmz server the content folder is empty. I have enebled the whole site to use HTTPS. if anyone has any good links they have used I would greatly appreciate hearing of them or any suggestion. seeing these errors in the Component status: WSUS Control Manager failed to monitor WSUS Server "local.DMZ". WSUS Control Manager failed to configure proxy settings on WSUS Server "local.DMZ". MP Control Manager detected MP is not responding to HTTP requests. The http error is 2147500037.
  6. Hi I currently have SCCM 1710 running in out company domain. this we use for patching [amongst other things] we now want to use it to patch Servers in the DMZ. The DMZ is a different domain with no trusts between the 2. We have the SCCM Server and the Server in the DMZ pinging each other, but sccm does not see this server. I have Forest discovery running and also have a boundary for the DMZ IP range what am I missing?
  7. Hello. I am in the process of trying to setup Subscribing to reports in SCCM. I have created a folder path \\cm01\Reports to send the reports to. What I need help with is what permissions does this folder require? Read/ write permissions? To be more specific, what read permissions would a user need to see the reports and what write permissions does SCCM need to that folder? My network administrator has tasked me with figuring this out. I am more of a Desktop support guy. I have read several books and have been searching the internet but have not found a comprehensive guide on how to set this up. Initially I want to have the report send to the file share \\cm01\Reports. Once that is working the next step would be to have the reports delivered by email. Any help would be greatly appreciated! Thank you.
  8. Hi I have a couple of questions regarding using language packs in a reference image in MDT. We want to deploy Swedish OS to all our users and I was advised to do this using English OS media with corresponding language pack (Windows 10 1803) instead of using localized media. It appears to have installed the language pack correctly in the reference image but the display language of the OS before the capture is in English (I have a suspend action in the task sequence). My question is what is the best way to set the display language automatically to Swedish once the LP is installed by the task sequence? Some other concerns regarding patching and updating the client once it has been deployed: We will be deploying the REF-image using OSD in SCCM 1802 and use SUP/ADR rules to patch the clients, I assume the patches we download for Windows 10 will need to be in English since the base OS is English? Are there any other considerations we need to make? What are the implications of using SCCM/Servicing for Windows 10 when updating a client with a LP, say 1709 to 1803? I know that the version of the language pack must match the release version of Windows but is there anything else? I would really appreciate if someone has some experience of this and could give me some feedback. Regards Emile
  9. Introduction Security is a bigger focus today than ever before, and rightly so. As part of that focus ongoing patching is a requirement, both of the operating system (quality updates and feature updates) and the application layer too. Microsoft provides updates for their supported operating systems and applications that can be downloaded manually or automatically on the client via Microsoft Update, or deployed using on premise infrastructures like WSUS or SCCM or even via cloud based technology such as Microsoft Intune and Windows Update for Business. But what about on-premise patching of 3rd party applications (applications that come from vendors other than Microsoft), those vendors usually provide their own patches to help secure their products, but because they are 3rd party, they are not natively trusted by WSUS. Getting those patches into WSUS requires some outside help and there are several companies offering applications to help you with that task, one of which is called Patch My PC. Patch My PC is recommended because it’s lean, easy to use and competitively priced and it was developed by former Premier Field Engineers at Microsoft. Step 1. Download the Patch My PC Publishing Service Setup file Note: This guide was completed using SCCM version 1802 (Current Branch) running on Server 2016. To install that version of SCCM yourself, follow this link. Download the Patch My PC Publishing Service Setup file (MSI format) from the link below: https://patchmypc.net/publishing-service-download You should install it on the computer hosting your Software Update Point. Note: The MSI only supports WSUS 4.0 (Windows Server 2012 & 2016). Once the software is installed you can choose to launch it, the Settings UI appears. Step 2. Adding the catalog URL in the service After installing the software, you need to enter your individual catalog URL (if you are subscribed to the service) or enable trial mode to test the software. To do this, paste the unique download ID supplied in the email you received when you signed up for the service into the field provided. Click on Test URL to verify the catalog URL is correct. Using your unique catalog URL gives you access to all the supported applications in the catalog whereas when using the trial mode you only get access to a small subset (12) of those supported applications. Step 3. Creating a self-signed or importing a PFX based certificate In order to publish updates to WSUS, you need to setup a code-signing certificate. Certificates are used by the Patch My PC Publishing Service to sign the 3rd party updates so that WSUS can use them. There are two options available: · Self-signed certificate · PFX based certificate (3rd party or internal certificate authority) Note: Clicking on Show Certificate will show if any existing certificate is in place, for example if you’ve migrated from System Center Updates Publisher (SCUP). If like me you haven’t set this up yet, clicking on Show Certificate will not find any certificate in the WSUS certificate store. A self-signed certificate is the easiest way to get started with this tool and it’s free, however it does not provide security focused features such as revocation (cancellation of the certificate for all computers using CRL’s). For the purpose of this guide however, you’ll create a self-signed certificate using the tool. To create a self-signed certificate, click on the Generate a Self-Signed Certificate button in Certificate Management. Click OK to the Certificate Created Successfully message and then click on Show Certificate again, to see details about the newly created self-signed certificate. Step 4. Exporting the code-signing certificate In order for clients to install third-party updates, they must trust the code-signing certificate. To do this you can export the certificate and deploy it using group policy. Click on Export Certificate and give the .CER file a suitable name so you know what it is for. Click OK to the Certificate Export Successful popup. Step 5. Deploy the code signing certificate to clients using Group Policy On the domain controller, open Group Policy Management and create or edit an existing GPO. Edit the GPO settings and navigate to Computer Configuration, Policies, Windows Settings, Security Settings and select Public Key Policies. Right Click on Trusted Publishers and click on Import. In the wizard that appears, click Next and then browse to the location where you saved the code-signing certificate, select it and click on Open. The certificate will be displayed, click Next. Click Next again and click Finish to complete the wizard. Click OK to the Import was successful message. Note: If you used a self-signed certificate, you must also import the exported .CER file to the Trusted Root Certificate Authorities certificate store. Right-click on Trusted Root Certification Authorities and select Import, follow the same process as above to import the exported .CER file. Once done, click OK to the Import was successful message. Step 6. Enabling the group policy object for allowing third-party updates to be used on clients In order that clients will allow 3rd party updates to be installed, you need to configure the Allow signed updates from an intranet Microsoft update service location policy to Enabled. To do so, select the GPO created above and navigate to Computer Configuration, Administrative Templates, Windows Components, then choose Windows Update, select the Allow signed updates from an intranet Microsoft update service location policy and set it to Enabled as shown below. Step 7. Setting the schedule for the publishing service If you need to configure the Patch My PC tool scheduling service to check for updates, then click on the scheduling options tab, the default options are displayed and should be adequate. Step 8. Enabling the product you want to include for automatic publishing Next on the Product Rules tab, select the Product (or Products) that you want to include for automatic publishing. In this guide you will select Notepad++. You can scroll up and down to find the vendor, or use the search magnifying glass to search. Right clicking on a product will change from Full-Content to metadata, and this allows you to report on compliance information for a large number of updates prior to deciding if you need to patch computers with a particular 3rd party update. Once done, click on Apply. Step 9. Trigger the initial publishing of updates To trigger the initial publishing of updates available from selected vendors, click on the scheduling options tab and select Run Now. You’ll get a popup informing you to check the log. The Log in question (PatchMyPC.log) can be found in the General Settings tab by clicking on Open Log File and is best viewed with CMTrace. As you can see below it’s found some updates for Notepad++. Step 10. Synchronize Software Updates in ConfigMgr In SCCM, select Software Library, Software Updates All Software Updates and click on Synchronize Software Updates. You can monitor the progress of that operation via the wsyncmgr.log available in the SCCM logs folder. And once the sync is complete you’ll see a line like Sync time:…. Step 11. Configure Products in ConfigMgr Once the sync is complete, select the Administration workspace, select site configuration, sites, right click on your site and configure site components, select Software Update Point as shown below. Next, select the Products you had previously selected in the Patch My PC tool. Click Apply and then OK. Next, trigger another Synchronize Software Updates in the SCCM console to synchronize the newly selected product(s). You’ll note that a full sync is required due to a change in categories. And you can see that NotePad++ updates are found And after a successful sync, they show up in the ConfigMgr console (refresh the console view), and can be deployed using whatever method you prefer, create an ADR (Automatic Deployment Rule) or Software Update or Software Update Group. Summary When using Patch My PC and System Center Configuration Manager (Current Branch), it’s never been easier to patch your computers with applicable 3rd party patches.
  10. Hi all, I have an unusual problem in that my employer is purchasing old Supermicro blade servers. They don't support SAS and as such I'm using large SATA drives and I'm pretty sure these are BIOS only as I didn't see anything in BIOS setup that looked like I could enable a UEFI boot mode (they are over 7 years old and cheap.) Currently, I've run down to 3TB and above and my 2016 installations are failing as SCCM is forcing initialization to GPT to use the 3TB capacity. I need these to be MBR and 2TB for Windows to successfully be deployed. The trouble is, I can't locate where the diskpart.exe and diskpartscript.txt are being run during the installation. I'm guessing it's buried in a VBS script in the OSDDiskpart step but I haven't acquired the skills yet to get down to the granular level of tweaking. So far I've tried enabling: Set Diskpart BIOS compatibility in both locations where it's greyed out. Disabling all three Format and Partition Disk (UEFI) and tried flipping the Disk Type drop-down option in each UEFI format step to MBR from GPT, but for some reason that didn't work. but the disk still gets initialized to GPT. If I knew where the initialization step was taking place I could just add a WMI query that ignores Supermicro X8DTT-H or something similar. Another possible solution would be to insert my own Diskpart script that converts it back to MBR right before it's failing. Here's part of my log: And here are the details of what's happening in Stdout: Diskpart.exe STDOUT: Microsoft DiskPart version 10.0.14393.0 Copyright (C) 1999-2013 Microsoft Corporation. On computer: MININT-7SO7UHO Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 C NTFS Partition 2047 GB Healthy Disk 0 is now the selected disk. DiskPart succeeded in cleaning the disk. Disk is uninitialized, initializing it to GPT. DiskPart succeeded in creating the specified partition. DiskPart successfully assigned the drive letter or mount point. The selected disk is not a fixed MBR disk. The ACTIVE command can only be used on fixed MBR disks. Thanks for any help! I'm just finding that the MDT task schedule is a bit blackboxed and I can't seem to find where this lives.
  11. I've been at this for a couple weeks and haven't had any lucky resolving it myself. I'm around ready to give up and rebuild or primary site. SCCM Ver: CB1802 Our old WSUS server was 2012R2 running WID and we wanted to move it to 2016 and SQL. I removed the SUP role, removed the server from SCCM, then decomed the server. I rebuilt the WSUS server on 2016, connected to SQL DB, installed SUP role, and synced WSUS. In SCCM everything appears to be functioning normally, I can see updates, metadata, create software update groups, deploy, etc and Offline Servicing works but Clients and Build and Capture task sequences fail to update. This issue is not specific to one client, update, or OS version. It's everything. I've included logs from a Windows 10 1703 client I just imaged. Following may help when looking through logs: SUG UID: {FB172790-25B5-4030-94EF-084AF60311D4} Unique Update ID: 2018-05 Update for Windows 10 Version 1703 for x64-based Systems (KB4132649) 5/17/2018 12:00:00 PM f176e292-745f-4757-9b64-c25f1d382bb0 Clients can see the SUGs deployed to them but they still fail to update: EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0 I do see some interesting behavior in the WindowsUpdateLog: 2018/05/29 09:40:33.8562624 4204 4372 Misc [0]106C.1114::05/29/2018-09:40:33.856 [endpointproviders]EP: error: 0x8024500C : - failed to get SLS data 2018/05/29 09:40:33.8562631 4204 4372 Misc [0]106C.1114::05/29/2018-09:40:33.856 [endpointproviders]EP: error: 0x8024500C: GetSecondaryServicesEnabledState failed 2018/05/29 09:40:33.8562643 4204 4372 Agent [0]106C.1114::05/29/2018-09:40:33.856 [agent]AutoRecovery: DetectAndToggleServiceState failed 0x8024500c 2018/05/29 09:40:33.8562714 4204 4372 Agent [0]106C.1114::05/29/2018-09:40:33.856 [agent]Failed to resolve federated serviceId 9482F4B4-E343-43B6-B170-9A65BC822C77, hr=8024500c 2018/05/29 09:40:33.8569169 4204 4372 Agent [0]106C.1114::05/29/2018-09:40:33.856 [agent]Failed to execute service registration call {0212BB3F-3F60-41E9-A2F8-134D35857144}, hr=8024500c (cV: Y9kDJUwh+kyup8zk.1.0.1) 2018/05/29 09:40:33.8586463 4204 4372 IdleTimer [0]106C.1114::05/29/2018-09:40:33.858 [agent]WU operation (SR.Device Driver Retrieval Client ID 1, operation # 3) stopped; does<NULL> use network; is not at background priority<NULL> 2018/05/29 09:40:33.8597622 4204 4368 DownloadManager [0]106C.1110::05/29/2018-09:40:33.859 [agent]Received power state change notification: Old: <unknown>; New: AC. 2018/05/29 09:40:33.8597634 4204 4368 DownloadManager [0]106C.1110::05/29/2018-09:40:33.859 [agent]Power state changed from <unknown> to AC. 2018/05/29 09:40:33.8647205 356 1832 ComApi [0]0164.0728::05/29/2018-09:40:33.864 [comapi]* END * Federated Search failed to process service registration, hr=0x8024500C (cV = Y9kDJUwh+kyup8zk.1.0) 2018/05/29 09:40:33.8670209 356 1756 ComApi [0]0164.06DC::05/29/2018-09:40:33.867 [comapi]ISusInternal:: DisconnectCall failed, hr=8024000C I also see the following behavior in the ScanAgent.Log, but I'm not sure if it's normal or not: CScanAgent::ScanByUpdates - Found UpdateClassification cd5ffd1e-e932-4e3a-bf74-18bf0b1bbd83 for Update:bba02b7f-1d17-4e92-bae9-9f3651dcc2de ScanAgent 5/29/2018 9:46:30 AM 11232 (0x2BE0) CScanAgent::CanPerformOnlineCatScan - Cannot perform online category scan as update does not belong to pre-defined classifications for this. ScanAgent 5/29/2018 9:46:30 AM 11232 (0x2BE0) Found CategoryID of :a3c2375d-0c8a-42f9-bce0-28333e198407 for Update:c03178c9-b5d2-4c5f-819f-c8871513e23d ScanAgent 5/29/2018 9:46:30 AM 11232 (0x2BE0) CScanAgent::ScanByUpdates - Found UpdateClassification 0fa1201d-4330-4fa8-8ae9-b877473b6441 for Update:c03178c9-b5d2-4c5f-819f-c8871513e23d ScanAgent 5/29/2018 9:46:30 AM 11232 (0x2BE0) CScanAgent::CanPerformOnlineCatScan - Cannot perform online category scan as update does not belong to pre-defined classifications for this. ScanAgent 5/29/2018 9:46:30 AM 11232 (0x2BE0) Found CategoryID of :a3c2375d-0c8a-42f9-bce0-28333e198407 for Update:c68e52ad-4e74-4f15-95d2-17da18f296fe ScanAgent 5/29/2018 9:46:30 AM 11232 (0x2BE0) CScanAgent::ScanByUpdates - Found UpdateClassification 0fa1201d-4330-4fa8-8ae9-b877473b6441 for Update:c68e52ad-4e74-4f15-95d2-17da18f296fe ScanAgent 5/29/2018 9:46:30 AM 11232 (0x2BE0) CScanAgent::CanPerformOnlineCatScan - Cannot perform online category scan as update does not belong to pre-defined classifications for this. ScanAgent 5/29/2018 9:46:30 AM 11232 (0x2BE0) Found CategoryID of :d2085b71-5f1f-43a9-880d-ed159016d5c6 for Update:cbb9515d-b809-4d11-983b-6047fea6c907 ScanAgent 5/29/2018 9:46:30 AM 11232 (0x2BE0) Any help or ideas of where to look would be much appreciated.
  12. Hi, We have a hibrid SCCM + Intune scenario and i got an alert on SMS_CLOUD_USERSYNC component. In cloudusersync.log reports that are a duplicated object and it can't remove the license: ERROR: RemoveLicensedUsers exception Microsoft.Management.Services.Common.InvalidParameterException: Duplicate object key found in request: Id: 'guid'219c3d11-feed-4291-b251-c84b782ed7b4''~~ at Microsoft.Management.Services.DistributedQuery.DistributedQuery`1.CheckBatchForDuplicateItems(IEnumerable`1 items)~~ at Microsoft.Management.Services.DistributedQuery.DistributedQuery`1.<DeleteAsync>d__33.MoveNext() SMS_CLOUD_USERSYNC 28/03/2018 15:34:09 41440 (0xA1E0) I don't know how to "unlock" this situation, what can i do? it's trying to synchronize every 5 minutes Any suggestions?
  13. Hi all, So we are in the process of switching to Configuration Manager 2012 and we are now having MANY instances of WMI corruption on user workstations. The OS we are deploying is Win 7 SP1. Symptoms: -Keeping users from logging in (heavily delayed or not at all), spinning at the blue login screen. -Computer hangs at logoff/shutdown. -NIC lags on recognizing internet connection at startup. -Programs running slow and crashing (Includes MS Office and IE). -Windows crashing and getting black screens. Fixes we've tried: -Deleting all expired updates from Configuration Manager. -Consolidating software update groups. When originally installed, someone configured it so every update would create it's own update group. After fixing this, we saw a decrease in affected machines. -Reseting the repositroy. This is pretty much putting a band-aid on the problem. It get's users to be able to get functional again while we continue to troubleshoot the underlying problem. We've tried salavaging the repository, but it hardly if ever completes successfully. -Applying the following hotfixes from Microsoft, after the repository has been reset. This method is only on about 1% of the machines on our network and is still in testing phase. 2705357 The WMI process stops sending events to WMI clients from a Windows 7-based or Windows Server 2008 R2-based server 2692929 "0x80041001" error when the Win32_Environment WMI class is queried by multiple requestors in Windows 7 or in Windows Server 2008 R2 2617858 Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7 2465990 "0x80041002 (WBEM_E_NOT_FOUND)" error occurs when you try to open a WMI namespace on a computer that is running Windows 7 or Windows Server 2008 R2 2492536 Msinfo32.exe takes a long time to display or export system information on a computer that has many MSI-X-supported devices and that is running Windows 7 or Windows Server 2008 R2 2578159-When you log on to a computer that is running Windows Server 2008 R2 or Windows 7, the logon process stops responding and a blue swirl is shown on the Welcome screen indefinitely. After some time, the computer stops responding to any network-related commands. You must forcibly restart the computer to recover from this issue. This issue occurs because of a race condition between the Windows Event Log service and the Event Tracing for Windows (ETW) tracing functions. When the race condition occurs, it causes a deadlock situation. This deadlock situation then causes the Winlogon.exe process to become unresponsive. 2639505- Assume that you run a service which queries the Win32_StartupCommand Windows Management Instrumentation (WMI) class on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2. In this situation, all loaded user profiles occasionally cannot be unloaded successfully after the WMI query is finished. If the number of unloaded user profiles keeps increasing, the system resources may be exhausted. For example, the virtual address control block (VACB) may be exhausted. 2639077-Handle leak in Svchost.exe when a WMI query is triggered by using the Win32_PowerSettingCapabilities class in Windows 7 or in Windows Server 2008 R2 2547244-The WMI service and the WMI providers stop responding when you use WMI performance classes to monitor performance on a computer that is running Windows 7 or Windows Server 2008 R2 Thanks in advance for any help!
  14. Hi all I am trying to successfully image a Surface Pro 3 and am failing miserably. It keeps failing on a particular task sequence which checks if a folder call Code exists and IF it DOESN'T it CREATES it. Can anyone help me please. Thank you
  15. Hi, I have a hibrid SCCM (CB 1702) + Intune scenario. When i enroll a mobile device it doesn't appear in SCCM console, so any application or configuration it will deployed but it is correctly created in Azure AD . It occurs randomly during last year and i don't why. any suggestions? Thanks
  16. I was attempting to create a new boot image (testing concept) and the following error message occurred after the WIM loaded. The following file is missing or corrupt.... 0xc0000359 megasas2.sys I am using a 64 bit boot image, with the Dell WinPE driver cab (v10) loaded. What is causing this issue?
  17. I've been pushing the upgrade from Windows 7 to Windows 10 1607 for a couple of months. Have done 600+ machines succesfully. All of a sudden, starting a few weeks ago ALL upgrades are failing and rolling back to Windows 7 with one of the following errors: The task sequence execution engine failed execution of the task sequence. The task sequence manager could not successfully complete the execution of the task sequence. I suspect it's failing at the Intel HD video driver that's incompatible because I have to accept the removal when manually updating. Before, it would just delete and add the Microsoft generic, and I'd have to load the Win10 Intel Driver later in the task sequence. ...but that's just a guess. Where should I look and what do I look for? Why all of a sudden would this stop working?
  18. Background (Using SCCM CBB 1802, MDT & Deployment share on a physical computer, and the image is Windows 10 LTSB 1607) Two part question: I am capturing my Windows 10 image using MDT. The MDT TS installs Windows, then checks and installs windows updates, next it installs office 2016 - run windows updates again - sysprep and capture. - Entire TS runs without a hitch. Then that image is imported into SCCM, then being deployed to new computers. Once completed with OSD (which shows no errors), I receive the following issue when attempting to check for updates: Windows Update failed to check for updates with error 0x8024500C. Error 5/8/2018 2:06:54 PM WindowsUpdateClient 25 Windows Update Agent What could be causing this? Is it a result of running the WIndows update steps during my MDT process? Thanks
  19. Hi all, I've headed here to post my problem as I've spent the best part of 2 weeks on and off troubleshooting and I'm not getting anywhere. The company I'm currently working for now have a mixture of Windows 10 clients in their environment. 1511, 1607, 1703, 1709. We've been plugging away for months now to try and clear the last few hundred 1511 clients as we suffered from the WSUS decryption key issue with Feature Updates, but this was resolved and seemed to be working fine. We don't use servicing plans at all as we prefer to control the deployments more manually via direct deployments of the Feature Updates to device collections. We're now down to just over 100 1511 clients and we've been upgrading them to 1703 until we've unearthed a new problem. Around 75 of the machines in the collection are not receiving the Feature Update in Software Center. After a bit of digging it became clear that these machines think they are already "compliant" when reviewing the SCCM deployment under the monitoring pane! We have now seen this same behaviour when trying to advertise the 1703 Feature Update to some 1607 clients. I've read about the "defer upgrades" GPO causing problems and as a result I have a new GPO to turn these settings off and prevent the client from trying to use WUfB (Windows Update for Business) but these machines still remain "compliant". On Friday I built a VM with our Corporate 1607 build to use as a test machine. This VM is showing compliant when I deploy the 1703 Feature Update to it so I tried the 1709 Update and this has appeared in software Center. It seems to be a bit random as to which machines report as compliant and which don't. Some have "defer updates" set, some don't, there doesn't appear to be an obvious pattern. Has 1703 recently been written off because Microsoft prefer clients to be on the most latest version as soon as it is classed as being Business Ready??? Please let me know if anyone has any ideas or suggestions to troubleshoot this as I'd like to straighten it out before we need to start upgrading the remaining 1607 clients. Thanks in advance, Westy
  20. My TS OSD used to take around 35-40 minutes to complete. But after enabling Pre-Release in Hierarchy, my TS now takes over 1 hour. It struggles when it gets to packages/applications. This is the changes I made after enabling pre-release Time it takes to complete the TS OLD TS After enabling Pre-Release and Share Content It looks like it's waiting for something to happen, but I don't know what. How do I fix this? Or go back to how apps/packages are deployed. Many thanks,
  21. We upgraded our SCCM to 1702 a few weeks back and I noticed that Software Centre now takes ages to load the Application Tab. This has happened to 800+ machines, except very few. (1 or 2) SoftwareCentre1 ( look at the name on top, it says xxxxxxx Software Catalog - xxxx being the company name) - this one takes at least 1 minute to load - this is the SoftwareCentre that is on 800+ machines and then there's SoftwareCentre2 (which is on 1 machine so far) which works perfectly, it takes around 2-3 seconds to populate the apps + other stuff. Notice the name on top, it just says the company name as opposed to Company Name + Software Catalog Can someone please advise? Many thanks, RiDER
  22. Hello, I am trying to PXE boot surface pro 4 and for some reason it does not boot. I get the attached message. It tries to PXE over IP v4, then reaches my correct DP that has PXE and WDS, it finds the correct NBP file SMSBoot\x64\wdsnbp.com (this is specified in DHCP option), it appears to be downloading and NBP file is successfully downloaded. Then without prompting to press Enter key for PXE boot, it moves to IPV6. I have tried below but no luck Upgrade firmware to latest disable secure boot Removed DHCP option - but this time it doesn't even finds my PXE server Verified and made sure MAC address of network adapter is not registered with SCCM DB Tried docking station and no luck I can PXE boot a desktop on same network with no issues. Any suggestions would be helpful Thanks.
  23. I have 300 servers that use a different endpoint protection (Sophos) than my workstations (SCCM MS Endpoint). How can I keep the servers from reporting in my system center endpoint statistics. They show as endpoint protection agent not installed, and it's messing up my numbers. Thanks
  24. I cannot get an uninstalled program to stop showing in SCCM query. I've: Uninstalled it. Run a script to remove the registry settings Deleted the program folder. Run Hardware and Software Inventory Cycles from the Workstation clients The program is still showing up in my query against the program name. I need to remove this from the SCCM report ASAP because of an audit. (It was accidentally added to one of the gold images, even though it's not been used in 10 years.)
  25. Hello, I'm currently using a wsus server on my domain. It is used with SCCM 2012 R2 (as per the sccm 2012 installation documentation to use SCCM to deploy updates). On a machine running Windows 10 enterprise, I'm trying to get some language pack installed. Problem is, it's checking the WSUS server and it's saying that no language pack are available. I launch the admin console and downloaded all language pack and deployed them as available to my workstation. Still no language pack available. I got the same problem if I try to add a feature, it want to download something from Microsoft Update but since I have a WSUS server set, it doesn't work. For now, I delete the policies key that set the wsus and do it online, but I'd like to fix this. What do I need to do on my WSUS/SCCM to be able to download language pack and others from my local wsus? Thank you
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.