Jump to content


Search the Community

Showing results for tags 'SCCm'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • Official Forum Supporters
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 662 results

  1. Hello sorry for my english i'm french . I have been trying for several days to install an SCCM push client, but remotely through a FortiGate. So the problem is that the clients seem to have settled into the machine: Capture task manager Capture of SCCM files present: Capture of the ccmsetup.log LOG File: And then I put the Configuration Manager capture where I don't see the PC as clients: Do you have any ideas how to solve the problem?
  2. I need to install Symantec Endpoint Protection, what would the command line be like in powershell where I can call a .ps1 script in a completely hidden and silent way? I did a previous TS that copies the setup64.exe from SEP to "C:\TEMP\" I don't have much knowledge on powerhsell as would the script that would install it silently? the argument for installing it via Batch File is / s. However, the CMD window appears during Windows logon, and Powershell can do all of this without any windows appearing, and I wanted powershell to wait for the installation to finish (I researched this and think the parameter is -WaitProcess but I don't know where how to put it) and after the installation is finished, delete the TEMP folder and restart the computer. Any help with that please?
  3. Hi All, Since yesterday i can't open SCCM console (from remote machine and from the main server) I'm getting the default screen when the console will not open (Attached) I accidentally changed permissions under the :"SMS_Site Code" Share and i think this is what caused this problem but I'm not sure. Here is the main error i'm getting from SMSAdmin.log file: 1st error : System.Management.ManagementException\r\nProvider load failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) 2nd Error: Transport error; failed to connect, message: 'The SMS Provider reported an error.'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException\r\nThe SMS Provider reported an error.\r\n at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext() 3rd Erorr: Transport error; failed to connect, message: 'The SMS Provider reported an error.'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException\r\nThe SMS Provider reported an error.\r\n at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext() 4th Error: at Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConnectionManagerInstance(String connectionManagerInstance)\r\nConfigMgr Error Object: 5th Error: Error Code: ProviderLoadFailure \r\nSystem.Management.ManagementException\r\nProvider load failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) 6th Erorr: System.Management.ManagementException\r\nProvider load failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) Any help will be appreciated! Thank you!!
  4. Hi all,Thanks for any help in advance.I am new enough to SCCM and working on Office 365 client updates through ADR. On my test bed currently is O365 v1705 (Build 8201.2294), I am pushing client update v1808 (10730.20438) to it.ADR, Deployment Packages and Software Update Groups are setup and working.The Office 365 update does appear in the Software Center for installation, for testing I have everything set to the most visibility. When selected to install, the process goes through the download and install process according to the info displayed within Software Center but after it completes the Office version has not changed while .The update is downloaded to the ccmcache folder, separate question is that is it supposed to go in there or in the Microsoft Office folder in Program Files?I have eliminated installs inside of business hours being the issue, have turned that option off and also left client overnight.Looking at the updateshandler.log I do see the below:Failed to start WSUSUpdate, error = 0x87d00698When checking the Deployment in Monitoring the clients in that collection indicate as being compliant when they are not, any ideas?Also to add, doing a direct deployment of the client update without using ADRs has the same result. I am aware the versions I am troubleshooting are out dated, its just for testing. I have also tried with 1908 going to 2002 but that does not appear in Software Center at all when the config settings indicate it should. Checking the compliance report for the deployment it says it is Compliant when it is not as 1908 is still installed on the machine. Maybe I am not understanding something here, if 1908 is still supported, will SCCM see it as needing 2002? Thanks
  5. Hi! 😃 Recently I made settings for PXE and sccm site configuration (https communication clients), these edits did not help and I returned everything back. But from that moment on, all clients turned gray and errors appeared in the logs: : 1. ERROR: can't retrieve SQL connection. Exception: System.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) 2. Failed to authenticate with client [::ffff:192.168.10.230]:60583. 3. ERROR: Don't have SQL connection when get client certificate for client Now everything is configured over http, but apparently somewhere there is a connection over https. Please tell me how you can solve this problem? What settings should I check? Thank you in advance
  6. I am new to SCCM and my agent and most other things are set to default. I can install an app from software center but if i schedule it to deploy at 9:30 am and the installation is asap or 9:40 the installation just randomly installs when ever. sometimes hours later. I don't have a maintenance window setup for my collections. I am trying this with installing chrome. Any Help would be appreciated.
  7. Dear Experts, I'm trying to figure out the way, that would leave D:/ Data partition untouched while deploying OS images. We have computers with 1 HDD (Disk 0) with 2 partitions (System Drive C:\ and Data D:\). So when I have to deploy image, I have to backup all data from their computers to somewhere and than deploy image which formats whole Disk 0 and creates new partitions as specified in Task Sequence. So I was wondering how can it be achieved, that Task Sequence could only format OS Partition and leave Data Partition D:\ Untouched. We have BIOS and UEFI computers. I could not find any guide that would fit my case. Your help would be highly appreciated. SCCM Version 2002
  8. Hi, We have this behavior when upgrading the Config Manager client and i'm just curious if someone recognizes it and dealt with it before. This is what happens; After a Client upgrade of the Config Manager client to 1910 some desktops fall into sleep mode, they shouldn't because their powersettings are set with Collection based power scheme. If you reboot the device everthing works again. With the upgrade to 1810 i noticed something similiar, client temporary unaware of settings, with surpressed reboots for workstations on the Deployment of Software Updates. These devices had pending reboots and rebooted directly after the upgrade of the client. It was not supressed at that time. The upgrade of the client is done via the build in Pre-production Client Deployment collection. I'm now thinking of another approach next time. Create a custom deployment of the CCM client with triggered communication between client and server. But you'd expect this as something default... Is there a way to prevent this?
  9. Hi I have an issue whereby my Windows 10 IPU task sequence is downloading all driver packages specified in the TS (Download Package Content) allthough the correct driver packages already exist in the CCM cache on the PC running the TS. I have used the following guide to create a PreCache task sequence: https://www.imab.dk/windows-as-a-service-sharing-my-precache-and-in-place-upgrade-task-sequences-part-1/ (credit to Martin Bengtsson for the excellent guide) and it works very well. A PC which has successfully run the PreCache TS downloads the correct drivers (using a WMI query) and other packages specified that are needed and then places the computer in a collection to where the actual IPU task sequence is deployed. The problem is that the IPU task sequence which is deployed with the setting "Download all content locally before starting the task sequence" (the setting found under the "Distribution Point" tab) starts to download driver packages for other hardware models that are specified in the TS (despite using WMI queries in this TS also). Because of the current Covid-19 pandemic the majority of our users are working from home so we obviously want to keep the amount of data transfered to a minimum, it seems stupid to cache driver content that´s not needed to work around the problem. I thought that the IPU TS would evaluate the queries before downloading (i read somewhere that this was only possible for upgrade packages/language packs but in later versions of current branch also included other packages). We are running CB 1910. Hope this makes sense, if anyone has experienced this and can suggest a workaround or confirm how it´s supposed to work it would be greatly appreciated. Regards Emile
  10. In a previous series of guides I showed you how to configure PKI in a lab on Windows Server 2016. In another series, I also showed you how to install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017. In this lab, I will show you how to configure SCCM to utilize that PKI environment. This series is based upon an excellent video by the talented former Microsoft Premier Field Engineer Justin Chalfant here. If you haven't seen it yet, do check it out. The intention here is that after you've completed this PKI enabled SCCM lab you can then use this in future guides, and to dig deeper into new technologies from Microsoft, for example enabling a Cloud Management Gateway and/or Cloud Distribution Point and using later on, using Co-Management. Note: To complete this lab you must first complete the PKI Lab series (8 parts) and then install a new virtual machine within that PKI lab running System Center Configuration Manager (Current Branch) version 1802 utilizing this series (4 parts), that installation of Configuration Manager will be in HTTP mode. In addition, you must configure the Software Update Point role (in HTTP mode) on CM01 See this guide (step 2 onward) for details. For details how to configure that, see this post. It will take some time to setup but you'll be glad you did. Also, don't do this in production without consulting with a PKI Expert. I don't claim to be one, I'm just helping you get it up and running in a lab. This is intended for use in a lab only. In part 1 of this series you created an Active Directory Security Group to contain your SCCM servers that host IIS based roles such as Distribution Point, Management Point and Software Update Point, you then rebooted that server after adding it (CM01) to the group. You then created 3 certificate templates for SCCM on the Issuing CA server (IssuingCA) and issued them so that they could be available to applicable computers. You verified that you had a GPO in place for AutoEnrollment before requesting the IIS and DP/OSD Certificates on the IIS Site System (CM01) using certlm.msc. Step 1. Edit bindings in IIS for the Default Web Site and WSUS Administration Websites On the SCCM server (CM01), start Internet Information Services (IIS) Manager, expand Sites so that you can see the Default Web Site and the WSUS Administration websites listed. Select the Default Web Site, this web site is where the management point, distribution point and other SCCM roles such as Application Catalog can be found (if they are installed). Edit bindings on the Default Web Site Right click on the Default Web Site and choose Edit Bindings from the options available. In the window that appears, select the https section (port 443) and choose Edit. In the SSL certificate dropdown menu, select SCCM IIS Cert. Click OK and then click Close. Verify changes made Once done, you can open up Internet Explorer and verify that it's reporting back in HTTPS mode for the default web site by browsing to the following addresses to verify the Netbios name and FQDN resolve in HTTPS mode. Click on the Lock in the address bar to get info about the connection. https://cm01 https://cm01.windowsnoob.lab.local/ Edit bindings on the WSUS Administration Web Site Repeat the above operation, on the WSUS Administration website (note that it uses port 8531 for https mode). click OK and Close when done. Step 2. Modify WSUS Administration SSL Settings WSUS itself requires some additional changes documented here (1) that we need to configure to allow WSUS to use HTTPS. In the Internet Information Services (IIS) Manager, expand sites and selct WSUS Administration. Select ApiRemoting30 under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Next, select ClientWebService under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Next, select DSSAuthWebService under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Next, select ServerSyncWebService under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Finally, select SimpleAuthWebService under the WSUS Administration web site, in the right pane, click on SSL Settings and select Require SSL and verify that Ignore is selected before clicking Apply. Step 3. Configure WSUS to require SSL In an administrative command prompt on CM01, browse to the location of WSUS installation files. cd C:\Program Files\Update Services\Tools Next issue the following command where CM01.windowsnoob.lab.local is the Fully qualified domain name of your ConfigMgr server hosting WSUS. WsusUtil.exe configuressl cm01.windowsnoob.lab.local The results are shown below: Step 4. Configure SCCM to use HTTPS In this step you will configure SCCM to operate in HTTPS mode. To do that, first bring up the site properties in the SCCM Console on CM01. To bring up the site properties, select the Administration workspace, select Site Configuration, select your site and in the ribbon choose Properties. Next, click on Client Computer Configuration, select HTTPS only from the options and then select Apply. Note: If you have both HTTP and HTTPS site systems in your environment, keep the second box checked (HTTPS or HTTP) and enable the Use PKI client certificate (client authentication capability) when available check box. Step 5. Configure Trusted Root Certification Authorities Note: If you fail to add the Root CA (ROOTCA_windows noob Root CA.crt) specified here, PXE boot will fail to download policy after entering the PXE password. In the site properties screen, click on Communication Security and then click on Set beside Trusted Root Certification Authorities, and click on the yellow star to add your Root CA, in this case, the Root CA for your lab (from the offline root ca), in other words point it to the ROOTCA_windows noob Root CA.crt file which is the Trusted Root Certificate for this site (the Root CA cert). Step 6. Verify that the Distribution Point, Management Point and Software Update Point are using SSL Next you need to verify the DP (and perform some additional configuration), MP and SUP roles are using SSL. To do this, select the Administration workspace in the console, click Site Configuration, select Servers and Site System roles, and select the Distribution Point role. Right click it and choose Properties to bring up the Distribution Point role properties. You should see that it is already configured for HTTPS. Next you need to add the certificate used by clients being imaged by operating system deployment in WinPE or for WorkGroup based clients, to do so, click on Import Certificate and select Browse, browse to the location where you saved the osdcert.pfx file, enter the password you specified, and click Apply. Click OK to close the Distribution Point role properties. For more info on the DP Cert requirements see - https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements Next, select the Management Point role properties, they are shown below, again, HTTPS is selected by default as you set it site wide with the HTTPS only option. When you selected HTTPS Only in the Client Computer Communication of the site properties, this initiated the Management Point to reinstall itself with the new settings, as you can see here in the sitecomp.log. In addition in the mpsetup.log you can see that it's configured for SSL Finally you can check mpcontrol.log this log logs the status of your Management Point, and in there you can verify that the Management Point is up and running and communicating OK in HTTPS mode and that it has successfully performed Management Point availability checks. Next, double click the Software Update Point role to review it's properties. Place a check in the Require SSL communication to the WSUS Server check box. Click Apply and click OK to close the Software Update Point properties. At this point open the WCM.log and look for a line that reads Step 7. Verify Client Received Client Certificate and SCCM Client Changes to SSL Logon to the Windows 10 1803 client and start and administrative command prompt, from there launch certlm.msc to bring up Certificates on the Local Machine. Browse to Personal and Certificates, and you should see the SCCM Client Certificate listed. Note: I assume you've already installed the ConfigMgr client agent using whatever method your prefer on the Windows 10 1803 virtual machine. Next, open the Control Panel and locate the Configuration Manager client agent in System and Security, and open it. If the client was just installed the Client Certificate will probably state Self-Signed (or None if you have just installed the client..). After a couple of minutes, close and then reopen the client and you should see that the Client Certificate states PKI. At this point, open the ClientIDManagerStartup.log in C:\Windows\CCM\Logs and you can see Client PKI cert is available. You can also verify client communication to the Management Point in the CCMMessaging.log and we can see it's successful in that communication. Job done ! You've successfully converted SCCM from HTTP to HTTPS using your PKI lab, and you've verified that the client is operating in HTTPS mode. In the next parts we'll look at the Cloud Management Gateway and Cloud Distribution Point. Recommended reading (1) - https://technet.microsoft.com/en-us/library/bb633246.aspx https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements https://www.enhansoft.com/how-to-setup-ssrs-to-use-https-part-1/
  11. Introduction This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version at the time of writing is System Center Configuration Manager (Current Branch) version 1902. SCCM 1902 is the latest baseline version and contains many bugfixes (and quality fixes) as detailed here. I blogged how to upgrade to 1902 here. Baseline media is used to install new ConfigMgr sites or to upgrade from supported versions. For more information about what baseline versions are and why you need them, I'd recommend you read my blog post here. This guide is aimed a new installations of SCCM. This lab is one of many hosted on my new hyper-v host, which is a very nice Lenovo P1 running Windows Server 2019 with data deduplication to make storage amazing. Note: The SCCM 1902 Current Branch media is available on MSDN or VLSC. If you don't have access to either of those you can download the baseline media ISO from the Microsoft evaluation site here. This is the same media that is on MSDN and VLSC. Once downloaded, extract the media to C:\Source\SCCM1902. This series is broken down into the following parts:- Part 1 - Get the lab ready, configure ADDS (this part) Part 2 - Join CM01 to Domain, add users, create the Systems Management container, delegate permission Part 3 - Role and Feature installation, installation of WDS and ADK Part 4 - Configure and install SQL Server 2017 Part 5 - Configure and install SCCM 1902 Current Branch Part 6 - Create device collections Part 7 - Configuring discovery Part 8 - Configuring boundaries You can use this multi-part guide to get a hierarchy up and running on Windows Server 2019 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed (for lab use) using manual methods or automated using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it's up to you to choose which method suits you best but I highly recommend automating everything that you can, using PowerShell. Method #1 - Do it manually Method #2 - Automate it with PowerShell Downloads The scripts used in this part of the guide are available for download here. Unzip to C:\Scripts. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (DC01 or CM01). Scripts.zip Step 1. Get your lab ready In this guide I assume you have already installed two WorkGroup joined servers with Windows Server 2019 Standard (Desktop Experience) installed. You can install the operating system on those servers in whatever way you want. If you want a PowerShell script to help you create hyper-v virtual machines you can use this one. Please configure the servers used in this guide as listed below, the SmoothWall (Linux firewall) is optional. Server function: Domain Controller Server name: DC01 Server info: Workgroup joined IPv4 Address: 192.168.9.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.9.199 DNS: 192.168.9.1 Server function: Configuration Manager Primary site Server Name: CM01 Server info: Workgroup joined IPv4 Address: 192.168.9.2 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.9.199 DNS: 192.168.9.1 Server function: (optional) Linux firewall Server name: smoothwall Server info: Uses 2 legacy nics eth0: 192.168.9.199 eth1: x.x.x.x (internet facing ip) You will also need the following media. Windows Server 2019 Standard SQL Server 2017 System Center Configuration Manager 1902 Current Branch Step 2. Configure Active Directory Domain Services (ADDS) To setup Active Directory Domain Services you could manually click your way through the appropriate wizard in Server Manager or automate it using PowerShell. For your benefit I'll show you both methods below, all you have to do is choose which one suits you. Method #1 - Do it manually On the DC01, open Server Manager. Click on Add roles and features On the Before You Begin screen click Next. For Installation Type select Role-based or Feature-based installation For Server Selection select Select a server from the server pool and choose DC01 For Server Roles select Active Directory Domain Services, when prompted to add features that are required for Active Directory Domain Services select Add Features select DHCP Server,when prompted to add features that are required for DHCP Server, accept the changes by clicking on Add Features Select DNS Server, when prompted to add features that are required for DNS Server, accept the changes by clicking on Add Features Continue the the wizard by clicking Next On the Features screen click Next On the AD DS screen click Next On the DHCP server screen, click Next On the DNS Server screen click Next On the Confirmation screen click Install and then click on Close Configure Post Deployment Configuration After it's finished, perform the Post Deployment Configuration by clicking on Promote this server to a domain controller select the Add a new forest option, give it a root domain name such as windowsnoob.lab.local Next, depending on your requirements set the Forest functional level and Domain functional level, I've selected the default options below however you may want to configure it differently for your hierarchy, For the password field use P@ssw0rd, Click Next when ready, for DNS options, click Next, Next verify the NetBIOS name and click Next To specify the location of the AD DS database, log files and so forth, either accept the defaults, or change them to something that suits your hierarchy and click Next. Next you can review the options (clicking view script will save your actions to a PowerShell script for use later if you wish). Click Next when done. Next, click Install to begin Once it is complete making the changes it will automatically reboot the server After the reboot, open Server Manager again to do the Post-deployment Configuration for DHCP Server. Click on Complete DHCP Configuration use the defaults for DHCP Server Authorization Click on Commit, Click Close when done. That's how to configure ADDS and DHCP manually. Method #2 - Automate it with PowerShell To configure ADDS, DNS and DHCP automatically, use the ConfigureADDS.ps1 PowerShell script. Note: I'd recommend that you reboot the server before running the script in case any pending operations like Windows Update are in progress as it may effect the results of the script below - I have not (yet) added in any detection for pending operations. 1. Copy the script to C:\scripts on DC01 2. Edit the variables in lines 17-32 as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Once the script is run, it will automatically reboot the server, and after you logon, it will complete the DHCP server installation. Summary Using PowerShell to automate things is the proper way to do things as a server admin. Please join me in Part 2 of this multi-part guide where you will continue setting up your new Windows Server 2019 lab with SCCM 1902 Current Branch.
  12. Hello! Win 10 on devices, SCCM version is 1810, SCCM clients on devices are actual version. I've used the SCCM SI to find devices with the certain .EXE files in order to delete these files. Something like "c:\Somestuff\111.exe", "c:\Install\Somestuff\111.exe" OK, ~40 devices were found, files (and folders containing them) were deleted and I run the report again. Surprisingly, ~10 devices still showed that these folders and files are exist (let's call them "bad"). For quick check I've wrote the SQL query (it's working fine for "bad" and "good" devices) and started experiments. 1. First of all I've checked that the whole Software Inventory "chain" works OK on both Client and Server sides. It does!. No errors in logs, no bad files in sccm_Inbox. 2. Tried to run Full SI instead of Delta (you know, deleting this 00000000-0000-0000-0000-000000000002 class and rerun). 3. Tried to re-install SCCM client with complete uninstall and deleting all Windows\CCM folders (and reboot after every action). 4. Tried uninstall SCCM Client, remove device from console (SQL query showed zero results), add device back to SCCM, install the client (and reboot after every action). 5. Step 4 with checking WMI classes (and reboot after every action)... -------- Well, after all the efforts the SQL query still shows me these damned, non-existing "c:\Somestuff\111.exe", "c:\Install\Somestuff\111.exe"!! The only one way I've succeeded was the reinstall of Windows on one of "bad" device. After that these obsolete files disappeared from DB and all other .exe were listed correct. I'm sure for 101% that the problem is hidden somewhere in Windows. Does anyone have an idea where the information "is stuck" in OS and what can I try to get rid of it without reinstall of Windows? Thank you for your time and ideas. Sincerely, Maestro PS. And moreover! I don't see neither these folders nor files in Resource Explorer! I'm completely stuck here...
  13. I am running into an extremely odd issue. I have several task sequences that are failing to apply image during OSD. When I check the smstslog I see the following error "Failed to run the action: Apply Operating System. Error 255" I can find no mention of error 255 anywhere on the internet. When I check the status messages for the deployment ID I see the following: "The task sequence execution engine failed executing the action (Apply Operating System) in the group (Install Operating System) with the error code 255 Action output: ... Downloading file /SMS_DP_SMSPKG$/P0100051/sccm?/Windows%2010%202019%20LTSC_REF2020.wim range 6442450941-7214257158 Downloaded file from http://SVD-SCCM.WCPS.K12.VA.US:80/SMS_DP_SMSPKG$/P0100051/sccm?/Windows%2010%202019%20LTSC_REF2020.wim to C:\_SMSTaskSequence\Packages\P0100051\Windows 10 2019 LTSC_REF2020.wim VerifyContentHash: Hash algorithm is 32780 Content successfully downloaded at C:\_SMSTaskSequence\Packages\P0100051. Opening image file C:\_SMSTaskSequence\Packages\P0100051\Windows 10 2019 LTSC_REF2020.wim Image file P0100051 version "" will be applied Starting to apply image 1 from Windows 10 2019 LTSC_REF2020.wim to C:Wiping C:Set "C:\_SMSTaskSequence" to not be wiped Set "%OSDStateStorePath%" to not be wiped Set "%_SMSTSClientCache%" to not be wiped Set "%_SMSTSNewClientCachePathToCleanup%" to not be wiped Skipping C:\_SMSTaskSequence for wipe Calculating expected free space. Reporting deletion progress. Successfully wiped C:Applying image to C:Applying image 1. The operating system reported error 255: The extended attributes are inconsistent. I have tried redistributing the image and I still get the same issue. I was able to successfully deploy the image to a VM bu when I try on a physical PC I get the failure. I have tested on two different pieces of hardware. Thanks for the help! smsts.log
  14. Team, In a recent Security Audit at my workplace , it was found that SSLv3 was enabled on IBCM server. We need to disable SSLv3 , TLSv1 & enable TLSv1.2 . Did anybody done this… Kindly share your Observations.. Also, Any Support article, guide will be of great help. I have done the changes as per reading on Internet under... HKey_Local_MachineSystemCurrentControlSetControlSecurityProviders SCHANNELProtocols Now, my Internet Based clients are not communicating to IBCM server at all. No Policy since the changes made.. Kindly suggest..
  15. Hello, hoping for some help from with a strange issue I have on a customer site I am currently unable to build Dell Optiplex 5040 devices with Windows 10 1909 x64 Enterprise from an Endpoint manager 1910 MDT integrated task sequence. The task sequence fails when trying to execute the Invoke-MbamClientDeployment.ps1 script. I have detailed the high level tasks below and attached the SMSTS.log. BIOS upgraded to latest version BIOS Reset to factory settings BIOS Password Set BIOS Standard config applied UEFI Boot enabled TPM Cleared & activated TPM Converted from 1.2 to 2.0 TPM Cleared again and reactivated OS Deployed Drivers deployed MBAM TPMPassTheHash step completed DOTNET Enabled C++ Redists applied Security Patches Applied The MBAM Group MBAM_XTS_AES256 applied to reg PreBoot Input Protectors for Tablets applied to reg MDOP MBAM 2.5 SP1 Installed MBAM Client Hot Fix KB4505175 Applied Sleep 2 mins DisableRootAutoUpdate (Certificate applied) Restart Set PowerShell Execution Policy Set to bypass Set PowerShell Execution Policy powershell.exe -command Initialize-TPM Is run **THE STEP THAT FAILS** Invoke-MbamClientDeployment.ps1 with the below parameters Parameters - -RecoveryServiceEndpoint "https://MBAM:443/MBAMRecoveryAndHardwareService/CoreService.svc" -StatusReportingServiceEndpoint "https://MBAM:443/MBAMComplianceStatusService/StatusReportingService.svc" –IgnoreEscrowOwnerAuthFailure -EncryptionMethod "XTSAES256" **The Post Steps** Reset TPM Policy EnableRootAutoUpdate The TPM status is Enabled, Activate & NOT owned The above works on all other models tested but fails on the 5040 The actual error message received is contained in the smsts.log file attached and the extract is below. The device is also in a staging OU that receives no Group Policy. The device does register in MBAM if continue on error is checked on the offending task and the computer object moved to the correct OU but will not encrypt. The same task sequence works on the other Dell models tested e.g. 5050 I have logged in after and BitLocker throws a internal error if you try to run it manually. **THE ENVIRONMENT**** A single site deployment of Endpoint Manager 1910 with two distribution points deploying Windows 10 1909 x64 enterprise with a MDT Integrated task sequence. The Dell command tool kit has been integrated into End Point Manager and drives the BIOS/TPM config steps in the task sequence. The Dell TPM conversion tool is used to convert the TPM to 2.0. The devices been build are production Windows 7 and are been repurposed as Windows 10 x64 Enterprise 1909
  16. Version française Bonjour, J'ai un petit problème quand je veut afficher un rapport de logiciel . Il m'est impossible de sélectionnez le mois et l’année affin de générer le rapport : Version english Hello, I have a little problem when I want to view a software report. I am unable to select the month and year in order to generate the report:
  17. In a previous series of guides I showed you how to configure PKI in a lab on Windows Server 2016. In another series, I also showed you how to install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017. In this lab, I will show you how to configure SCCM to utilize that PKI environment. This series is based upon an excellent video by the talented former Microsoft Premier Field Engineer Justin Chalfant here. If you haven't seen it yet, do check it out. The intention here is that after you've completed this PKI enabled SCCM lab you can then use this in future guides, and to dig deeper into new technologies from Microsoft, for example enabling a Cloud Management Gateway and/or Cloud Distribution Point and using later on, using Co-Management. Note: To complete this lab you must first complete the PKI Lab series (8 parts) and then install a new virtual machine within that PKI lab running System Center Configuration Manager (Current Branch) version 1902 utilizing this series, that installation of Configuration Manager will be in HTTP mode. In addition, you must configure the Software Update Point role (in HTTP mode) on CM01 See this guide (step 2 onward) for details. For details how to configure that, see this post. It will take some time to setup but you'll be glad you did. Also, don't do this in production without consulting with a PKI Expert. I don't claim to be one, I'm just helping you get it up and running in a lab. This is intended for use in a lab only. Step 1 - Create an Active Directory Security Group In this step you'll create an active directory group which will contain all your site systems that use Configuration Manager server roles which utilize IIS (Internet Information Systems) such as the below (1): Management point Distribution point Software update point State migration point Enrollment point Enrollment proxy point Application Catalog web service point Application Catalog website point A certificate registration point On the Active Directory domain controller (DC01), open Active Directory Users and Computers, and expand the windowsnoob organisational unit (OU) created in this Step 1, part 5 of this blog post. Click on Security Groups, and then right click and choose New, select Group. Give the group a name, SCCM IIS Servers. Once done, right click on the SCCM IIS Servers Active Directory Security Group, choose Properties and click on the Members tab, click on Add, for Object Types make sure Computers are selected. Add the Configuration Manager server (CM01) to that group. Once done, reboot the Configuration Manager server (CM01) using the following command otherwise you might get access denied when trying to request a certificate. shutdown /r Step 2. Create certificate templates on the Issuing CA In this step you will create three new certificate templates for use within SCCM by duplicating existing templates. Using the windowsnoob\Entadmin credentials, logon to the Issuing CA server (IssuingCA) and launch the certificate authority console (CertSrv.msc). In the three templates below, one uses the Web Server template, and the others use the Workstation Authentication template, you can verify which Microsoft certificate template to use by using the tables on the following blog post, of which i'm showing a screenshot below to make it clear. 1. SCCM IIS Certificate Right click on Certificate Templates and choose Manage. Scroll down to Web Server from the templates listed. Right click on the Web Server template and choose Duplicate Template. The Properties of New Template screen appears. Verify that the Certificate Authority Compatibility settings are set to Windows Server 2003. Note: When you use an enterprise certification authority and certificate templates, do not use the Version 3 templates (well you can but read this first). These certificate templates create certificates that are incompatible with System Center Configuration Manager. Instead, use Version 2 templates by using the following instructions. On the Compatibility tab of the certificate template properties, specify Windows Server 2003 for the Certification Authority option, and Windows XP / Server 2003 for the Certificate recipient option. (1) Click on the General tab and rename it to SCCM IIS Certificate. On the Request Handling tab, verify that Allow private key to be exported is not selected (default). On the Subject Name tab verify that the Supply in the Request is selected (default). On the Security tab, add the previously created Active Directory Security Group called SCCM IIS Servers and give it Read and Enroll access. Optionally you can remove Enroll from the Domain Admin and Enterprise Admins as it is mentioned in the docs. Click Apply to apply the changes and then close the Properties of New Template. 2. SCCM DP Certificate This template is used by the distribution point site system for Operating System Deployment (clients that are not domain joined). Next, right click on Workstation Authentication from the templates listed and choose Duplicate Template. The Properties of New Template screen appears. The Properties of New Template screen appears. Verify that the Certificate Authority Compatibility settings are set to Windows Server 2003. Click on the General tab and rename it to SCCM DP Certificate, change the validity period to something more reasonable, like 3 years. On the Request Handling tab, ensure that Allow private key to be exported is selected to allow us to export the certificate as a pfx file and we need the private key to do so, as we'll import that certificate into our console so that the clients can utilize it during imaging (workgroup members, to authenticate back to your site). On the Security tab, add the previously created Active Directory Security Group called SCCM IIS Servers and give it Read and Enroll access. Next, remove Domain Computers altogether. Click Apply to apply the changes and then close the Properties of New Template. 3. SCCM Client Certificate This template is used by clients to communicate with site systems. Next, right click on Workstation Authentication from the templates listed and choose Duplicate Template. The Properties of New Template screen appears. The Properties of New Template screen appears. Verify that the Certificate Authority Compatibility settings are set to Windows Server 2003. Click on the General tab and rename it to SCCM Client Certificate, change the validity period to something more reasonable, like 3 years. Under Subject Name verify that Build from Active Directory is selected. On the Request Handling tab, verify that Allow private key to be exported is not selected (default). On the Security tab, select Domain Computers and ensure that Read, Enroll and AutoEnroll permisions are selected. Click Apply to apply the changes and then close the Properties of New Template. The three SCCM templates are now shown below. Close the Certificate Templates console. Next you will issue these certificate templates. To do so, in the Certificate Authority (on the IssuingCA), right click on Certificate Templates and choose New, then Certificate Template to Issue. In the Enable Certificate Templates window, select the 3 previously created SCCM templates as shown below and click OK. They will now appear under Certificate Templates. Step 3. Verify Auto-Enrollment GPO is enabled for the Client Certificate In Part 8 of the PKI lab you enabled Auto Enrollment so that clients can request certificates automatically. As it is a lab, the setting is deployed in the default domain GPO. The setting is in Computer Configuration, Policies, Windows Settings, Security Settings, Public Key Policies, and Certificate Services Client - Auto Enrollment. The setting should look like so (Enabled). Step 4. Requesting the IIS and DP/OSD Certificates on the IIS Site System On the SCCM server (CM01), which hosts all those IIS ConfigMgr roles, start certlm.msc from an Administrative command prompt. if you expand Personal, then Certificates, you'll see certificates issued to that computer, there will be a few by default. In the administrative command prompt, run gpupdate /force to pull down group policy changes...and refresh the view in certlm. Below you can see the SCCM Client Certificate template was used to generate this Client Authentication certificate. Requesting New certificates Next, you will request certificates from Active Directory, to do so, right click on Certificates and choose All Tasks then Request New Certificate. click Next at the Before you begin screen, and verify that Active Directory Enrollment Policy is selected before clicking Next. Select the SCCM DP Certificate and SCCM IIS Certificate from those listed (you already have the SCCM Client Certificate from AutoEnrollment). You'll notice that for the SCCM IIS Certificate, more information is required to enroll, Click on the message to enter this info. For Alternative Name, choose the DNS option and then click on Add to add the hostname and fully qualified domain name of your SCCM server (CM01). Note: If you want this server to be available via IBCM you could also add the publicly available FQDN of the site here (eg: cm01.windowsnoob.com) Next Click on General, and give this cert a friendly name so we can distinguish it in IIS later when we bind it. click OK, then click Enroll. It should state a status of Succeeded for both certificates. If not look at the details to find out what went wrong. Click Finish to exit. Exporting the Distribution Point certificate Next you need to export the Distribution Point certificate so that during OSD the client can authenticate to the management point in WinPE. To do that, refresh the view in Certificates (certlm.msc) and then select the client authentication certificate created with the SCCM DP Certificate template. Right click and choose All Tasks, then select Export. In the welcome to certificate export wizard click Next and choose to export the private key. stick with the defaults and give it a password that you will use when you import it back into the SCCM Console, I used P@ssw0rd Save the cert to your desktop. and continue through that wizard until completion. You should see that the export was successful. That's it for this part, please join me in part 2 where we will complete the configuration of SCCM to HTTPS. cheers niall Recommended reading (1) - https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements
  18. I have done the cleaning up of WSUS Database and Re-add the classification but the problem still persist. The IIS application pool service is running and the SCCM is not able to connect to the WSUS server. What should i do? I think SCCM is having some other issues. Im encountering some errors in the component which is in critical status. I have also tried uninstall the WSUS and SUP but still no luck. Critical SMS_WSUS_SYNC_MANAGER SCCMSERVER.SCCM1.LOCAL Monitored Thread Component SCC Online Critical SMS_WSUS_CONTROL_MANAGER SCCMSERVER.SCCM1.LOCAL Monitored Thread Component SCC Unknown Critical SMS_WSUS_CONFIGURATION_MANAGER SCCMSERVER.SCCM1.LOCAL Monitored Thread Component SCC Online The logs for WCM log Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608) SMS_WSUS_CONFIGURATION_MANAGER 5/18/2020 2:16:34 PM 6688 (0x1A20) Checking runtime v4.0.30319... SMS_WSUS_CONFIGURATION_MANAGER 5/18/2020 2:16:34 PM 6688 (0x1A20) Did not find supported version of assembly Microsoft.UpdateServices.Administration. SMS_WSUS_CONFIGURATION_MANAGER 5/18/2020 2:16:34 PM 6688 (0x1A20) Checking runtime v2.0.50727... SMS_WSUS_CONFIGURATION_MANAGER 5/18/2020 2:16:34 PM 6688 (0x1A20) Failed to create assembly name object for Microsoft.UpdateServices.Administration. Error = 0x80131701. SMS_WSUS_CONFIGURATION_MANAGER 5/18/2020 2:16:34 PM 6688 (0x1A20) Supported WSUS version not found SMS_WSUS_CONFIGURATION_MANAGER 5/18/2020 2:16:34 PM 6688 (0x1A20) STATMSG: ID=6607 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONFIGURATION_MANAGER" SYS=SCCMSERVER.SCCM1.LOCAL SITE=SCC PID=6672 TID=6688 GMTDATE=Mon May 18 06:16:34.424 2020 ISTR0="SCCMSERVER.SCCM1.Local" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_CONFIGURATION_MANAGER 5/18/2020 2:16:34 PM 6688 (0x1A20) Remote configuration failed on WSUS Server. SMS_WSUS_CONFIGURATION_MANAGER 5/18/2020 2:16:34 PM 6688 (0x1A20) Here is the wsyncmgr log Read SUPs from SCF for SCCMSERVER.SCCM1.Local SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C) Found 1 SUPs SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C)Found active SUP SCCMSERVER.SCCM1.Local from SCF File. SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C) DB Server not detected for SUP SCCMSERVER.SCCM1.Local from SCF File. skipping. SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C) Sync failed: WSUS update source not found on site SCC. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSource SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C) STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=SCCMSERVER.SCCM1.LOCAL SITE=SCC PID=6672 TID=3660 GMTDATE=Mon May 18 06:00:01.071 2020 ISTR0="getSiteUpdateSource" ISTR1="WSUS update source not found on site SCC. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C) Setting sync alert to active state on site SCC SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C)Sync time: 0d00h00m00s SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C)Skipping Delete Expired Update relations since this is not a scheduled sync. SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C)Inbox source is local on SCCMSERVER.SCCM1.Local SMS_WSUS_SYNC_MANAGER 5/18/2020 2:00:01 PM 3660 (0x0E4C) I have restart some of the SCCM services in service.msi (couldn't find all services inside) but SCCM is not running correctly. The WSUS is installed in add roles and features Windows Server 2016, but i really doesn't know why it cannot detect my WSUS on which installed in another server. So do i need to reinstall the SCCM console again? May any kind souls please enlighten me. Thank You
  19. Hi All, Currently managing SCCM infrastructure for K-12 School District. Since we are currently on stay at home orders, I've researched Cloud Management Gateway to be able to patch / deploy software to clients over the internet. We have very few concurrent VPN licenses and the client is not installed on everyone's machine. All Devices are already Hybrid Azure Joined through SCCM. I successfully setup CMG using a cloudapp.net address... IF a user connects through VPN, their client will update and then CMG works great! So my question is as follows: How can I get clients to update to use CMG while users are at home and can't VPN in to get the client settings update? Any advice appreciated. Thank you
  20. I am currently managing 2 companies that have a 2 way domain trust. These companies are sister companies but have separated infrastructure. They each have their own network; physical and logical, domain controllers, etc. I installed SCCM on Domain A and currently do not have infrastructure setup to install SCCM on Domain B so initially I setup SCCM with HTTP but moved to PKI/HTTPS last week. Everything on Domain A is going well but today all systems in Domain B have become unmanageable which I found out when troubleshooting installing the SCCM client on a VM in Azure on Domain B. I need help on how to get Domain B to be managed via SCCM from Domain A. I have setup PKI on both domains but I am getting errors related to Certs/IIS. Well from what I have researched it is but all the solutions in my research only apply to SCCM on 1 domain, not multi-domains. The 2 domains can traverse over the network to access other network resources like a file share for an example. Therefor I know connectivity is there between the 2. Now this is where my ignorance kicks in. I setup SCCM with Trusted Root Certificate Authorities on the Communication Security tab in Administration>Site Configuration>Sites>Properties. I specified Domain A CA and created Certificate profiles in Assets and Compliance. I have since removed them to see if that resolved my issue but it has not so I am debating if I configure this again or not. I decided I will review that at a later date. I have attached the log from ccmsetup.exe that failed on the VM on Domain B. If anyone could help, I would greatly appreciate it as I am trying to manage all systems in both domains remotely because of Covid-19. In an ideal world I would prefer to have infrastructure in place for me to have SCCM on both domains, installed and disregard the cross-forest/domain setup but there are no more money trees to pick from. Thank you in advance!! If you need further information from me, please let me know. ccmsetup.log
  21. We have some Dell Optiplex 7070 computers, and I'm trying to deploy a Windows 10 1909 image to them without changing the default bios configuration, which comes set to "Raid On" in Sata Operation. The default dell image works fine, so I'm not sure why ours does not. I'm imported all of the drivers that I could find for this model and intel storage in general. The task applies the OS and works in winPE fine, but after rebooting just gets a blue screen. How do I get this working? Thanks
  22. All, It has been maybe 3 years since I have touched SCCM but I am getting back in the game! I am going through the process of setting up an SCCM environment for my company and I cannot seem to find the documentation I need. I need help setting up WSUS on a separate server and all of my searches come up with SCCM 2012. Figured it has been 8 years since then and I have to believe this changed a little since then? When I attempted to do this, my SCCM server could not contact my wsus:8530 or wsus:8531 server. I believed I fubar'd this implementation so I am starting all over from scratch again. If anyone could provide me with some guidance, that would greatly be appreciated. I followed the following guides: https://sccmentor.com/2014/09/06/installing-a-remote-software-update-point-on-sccm-2012-r2/ https://sccmentor.com/2014/09/11/installing-a-remote-sup-in-sccm-2012-r2-on-windows-server-2012-r2/
  23. This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1802 as of March 29th 2018. How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 1 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 2 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 3 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 4 You can use this multi-part guide to get a hierarchy up and running on Windows Server 2016 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed using manual methods or automating it by using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it’s up to you to choose which method suits you best but I highly recommend automating everything that you can (if possible), using PowerShell. Method #1 – Do it manually Method #2 – Automate it with PowerShell In Part 1, you configured Active Directory Domain Services (ADDS) on AD01, then joined the Configuration Manager primary server (CM01) to the newly created domain. You then created users, usergroups and OU's in Active Directory and created the System Management Container. Finally you delegated permission to the Configuration Manager server to the System Management container. In Part 2, you configured Windows Server 2016 roles and features on the Configuration Manager primary server (CM01) and then you downloaded and installed Windows ADK 1709. Next you installed SQL Server 2017 CU5 with SQL Server Management Studio (SSMS) and Reporting Services before installing the WSUS role which uses SQL to store the SUSDB instead of the Windows Internal Database (WID). In this Part, you will download and extract the ConfigMgr content, you'll download the ConfigMgr prerequisites and then you'll extend the Active Directory schema before installing System Center Configuration Manager (Current Branch) version 1802. Step 1. Download and extract the ConfigMgr content Before installing System Center Configuration Manager version 1802 you'll need to download the content as it is a baseline version. You can download baseline versions of the ConfigMgr media from Microsoft's Volume licensing Service Center (VLSC) site for use in production or from MSDN (or the Microsoft Evaluation site) for use in a lab. The VLSC download can be found be searching for Config and then selecting System Center Config Mgr (current branch and LTSB) as shown below. Once you've downloaded the ISO, mount it using Windows File Explorer and copy the contents to somewhere useful like C:\Source\SCCM1802 on the Configuration Manager server. Step 2. Download the ConfigMgr Prerequisites Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator You can download the prerequisites during ConfigMgr setup or in advance. As you'll probably want to install more than one copy of ConfigMgr (one lab, one production) it's nice to have the prerequisites downloaded in advance. Method #1 – Do it manually To do that, open an administrative PowerShell command prompt and navigate to the following folder: C:\Source\SCCM1802\smssetup\bin\X64 Run the following line .\SetupDL.exe C:\Source\SCCM_Prerequisites Once the process is complete you can open C:\ConfigMgrSetup.log with CMTrace (or notepad) to verify the status of the download. Note: You can find the CMTrace executable in the SMSSetup Tools folder in the location that you extracted the ConfigMgr media, eg: C:\Source\SCCM1802\SMSSETUP\TOOLS. Method #2 – Automate it with PowerShell To automate the download of the prerequisites simply follow the instructions and run the Install SCCM Current Branch version 1802.ps1 Powershell script in Step 4 or use the Download SCCM prerequisite files.ps1. Step 3. Extend the Schema Note: Perform the following on the Domain controller server (AD01) as Administrator. You do not have to extend the Active Directory schema if it was already extended for Configuration Manager previously. Method #1 – Do it manually To do that, on the Active Directory domain controller (AD01), open Windows File Explorer and browse to the network path of the ConfigMgr server where you've copied the SCCM source, eg: \\cm01\c$\Source\SCCM1802\SMSSETUP\BIN\X64 In that folder, locate extadsch.exe and right click, choose Run as Administrator. After the schema has been extended for SCCM, you can open C:\ExtAdsch.log on the root of C:\ on the server you are performing this on, and review the success or failure of that action. Method #2 – Automate it with PowerShell To automate extending the schema, use the Extend the Schema in AD.ps1 PowerShell script. Run the script on the CM01 server using credentials that have the ability to extend the schema. Step 4. Install SCCM Current Branch (version 1802) Note: Perform the following on the ConfigMgr server (CM01) as Administrator. Method #1 – Do it manually To do that, on the Configuration Manager server (CM01), open Windows File Explorer and browse to the network path of the ConfigMgr server where you've copied the SCCM source, eg: C:\Source\SCCM1802\ In that folder, double click on splash.hta. The Installer appears, click on Install. At the Before You Begin screen click Next. In the Available Setup Options screen, place a checkbox in "Use typical Installation options for a stand alone primary site" When prompted if you want to continue click Yes. On the Product Key screen enter your Key (or choose the eval option), and set the Software Assurance Date (optional) On the Product License Terms screen, select the 3 available options and click Next. On the Prerequisite Downloads screen, select the first option and specify C:\Source\SCCM_Prerequisites as the folder to download the prerequisite files. Click Next to start the download. On the Site and Installation Settings screen, enter your chosen site code (eg: P01), your site name and the path where you want to install ConfigMgr. On the Diagnostics and Usage data screen, click Next. On the Service Connection Point Setup screen, enter your choices and click Next. On the Settings Summary, review your choices and when happy with them click Next. On the Prerequisite Check screen click Begin Install when ready. During the installation, click on View Log (opens C:\ConfigmgrSetup.log) to review the installation progress using CMTrace and when the installation is done, click Close. Method #2 – Automate it with PowerShell To automate the installation of ConfigMgr 1802 (including all the previous steps above), simply run the Install SCCM Current Branch version 1802.ps1 PowerShell script. Run the script on the CM01 server and when prompted to extend the schema, enter your choice (yes or no) and if you choose to extend the schema, provide suitable credentials when prompted. Once done with the schema extension, the installation will continue (as shown below). and once installed you can launch the console. Success ! Summary In this 3 part guide you used quite a bit of PowerShell to automate pretty much most of Installing System Center Configuration Manager Current Branch (version 1802), including installing and configuring SQL Server 2017 on Windows Server 2016. Doing it with PowerShell means you can safely say that you've got a handle on Automation using PowerShell. I hope you learned a lot from doing it this way, and until next time, adios ! Downloads The scripts used in this guide are available for download here. Unzip to C:\Scripts on both servers. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (AD01 or CM01). Scripts.zip
  24. Hi, I am looking for a way to determine which client settings my SCCM client currently is using. The context of this question is that I have build a (hybrid) cloud deployment workflow, and as part of the workflow I am triggering several sccm actions. Condition for these actions is that the client has loaded its specific client settings, which are assigned based on a dynamic collection. I already have checks that the client is listed as member of the collection, but since initial processing of client settings take some time (and incidentally fails the first time which results in the default client settings being loaded) I need a check to determine which client settings are active on the client. I'd prefer to check it on the client (but am open to alternative possibilities) and to be able to do the check with powershell is a must (since the check if part of a workflow), I cant however seem to find where to find info on the active client settings. Possible scenarios I have in mind are: When proper client settings are loaded, we have a specific title in software center. If i can find where I can query this title with a script, I can determine the active client settings. If (and i would assume so) there is any info in the SCCM clients WMI space about the processed client settings or software center title, that would be great and easy to check. However I haven't been able to find where in the WMI space there is such info. If SCCM console somewhere in the device info what settings have been processed by the client, I could check that. Least desirable, but if this info is somewhere in the SCCM Database, I can check that. I hope my question is clear and somebody is able to help me out or give some pointers on where to find detailed info on processed client settings. Thanks in advance! [EDIT] I wasnt sure which category to pick, so if "collections" isnt the best option, my apologies
  25. Microsoft SCCM is an exemplary tool for managing Microsoft applications. But handling third-party applications isn't yet its game. Join our free webinar with Anoop C. Nair, Microsoft MVP, to learn why patching third-party applications is essential and how it can be streamlined in SCCM. Please register here: https://www.manageengine.com/third-party-patching-webinar-with-MVP-Anoop
×
×
  • Create New...