Jump to content


Search the Community

Showing results for tags 'azure'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • Official Forum Supporters
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 8 results

  1. Introduction Those of you who regularly read my guides know that I favor using Hyper-V over VMware for virtual machine work. I like the seamless integration with Windows and the fact that it comes built in to Windows 10. This blog post is about backing up your Hyper-V virtual machines on Windows Server 2016 to Microsoft Azure Cloud Storage using Altaro VM backup software, their software does show the process in 3 steps, but in reality, you need to do more things which I've detailed below. Step 1. Configure Azure Cloud Storage If you've already done this, please skip to step 2 otherwise sign in (or sign up) to the Azure Portal account using https://portal.azure.com. In the Azure Portal, click on the + sign to Create a resource (1) select Storage (2) then select Storage Account (3) Give the storage account a name and select General Purpose v1 as the Account kind (as General Purpose v2 would cost more). For Replication, select Locally redundant storage (LRS). For Performance, leave the default setting of Standard. Click on Create when done. Note: Ensure you select General Purpose v1 as the Account kind as it will result in the lowest cost. This is due to: "workloads with high churn or high read rates may benefit from this account type." Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-account-options Step 2. Download & install Altaro VM Backup software Next you need to go to Altaro's website here where you can download the 30-day free trial of Altaro VM Backup. If you’re opting for the free edition, you will still automatically get a 30-day trial of the Unlimited Plus version, which includes the backup to Azure feature. Note: You'll need Windows Server operating system such as Windows Server 2016 to host Hyper-V for this to work, Altaro VM Backup does not support Windows 10 (sadly). To see a list of supported operating systems click on this link. Once you've downloaded the trial, install it. It's a very simple installation wizard and once done you can launch the Altaro VM Backup console. Step 3. Configure an on premise backup location Now that you've installed Altaro VM Backup, you can start configuring it. In the console ensure that This machine is selected then click on Connect. Below is what it looks like when you haven't yet configured anything. Note: You are required to configure an on premise backup location prior to backing up over the WAN to Azure Cloud Storage. Select Backup Locations in the left pane, and then click on one of the two available on premise locations, in my example I selected Physical drive. click Next and select the destination drive (and previously created folder) where you want to store the backups. click on Finish. Step 4. Select which virtual machines to backup Now that you've configured a backup location, select one or more virtual machines and drag and drop them to the on premise backup location. Each selected virtual machine that you drag and drop, will then appear under that backup location. Click on Save Changes in the lower right corner of the Altaro VM Backup console once done. Step 5. Configure Offsite Location In the Altaro VM Backup console Click on Add Offsite Location (top right) and from the Offsite options that appear, select Azure (Cloud Backup to an Azure Storage Account) and then click Next. Note: There is a link to How to set up Offsite Copies to an Azure Cloud Storage Account, if you need help configuring that click on it otherwise see Step 2 above. Next, you'll need to find the Azure Storage Connection string associated with your Azure Cloud Storage. To do that, in the Azure Portal, select Storage Accounts, select the storage you previously created, and then select Access Keys. The Connection String will be listed, select it and copy it. Paste that Connection String into the empty field in Altaro VM Backup Click Finish. You should see Connection Established Successfully in the top right corner. next, drag and drop the virtual machine(s) that you want to backup to the cloud and finally, click on Save Changes in the lower right corner. You'll be prompted to Set an Encryption Key. This key is basically a text based password that you will use to protect your backups, so make sure it's something secure and that all people that need to access the backups are aware of. click on the green Save button. Once done, you'll notice that Save Changes is RED in colour, this means you cannot click on it, I found it a bit confusing but as long as you've done the steps I've outlined you'll be ok. Step 6. Take a (on premise) backup Now that you've configured an Azure Storage Account as an offsite backup location, you are ready to take a backup. However, you must first take a primary backup (on premise) before being able to backup to the cloud. To do that, click on Take Backup in the left pane. Select one or more virtual machines that you want to backup before clicking on the even redder Take Backup button. you can then click on the Storage symbol (shown here with a red arrow) to get live information about the backup in progress. Once the backup is done, you can verify it's progress in the Take Backup window. Step 7. Take an offsite backup At this point, everything is in place for your first backup to Azure Cloud Storage. So go ahead and click on Take Offsite Copy. As before, select one or more virtual machines to backup and then click on Take Offsite Copy, you'll see a small popup And after the backup is done you'll see the status has updated real time, look for Successful Offsite copy Job done ! Summary Cons: I found the Altaro VM Backup console to be a little bit confusing at times necessitating calling their support number (please change the hold music) What was not immediately clear from the console was that in order to backup to the cloud, you must first define an on-premise (disk or network location) backup location as the primary location, and only after you've successfully backed up to that primary location, can you attempt the offsite backup. (I've given this feedback to Altaro directly.) Pros: Great quick support Altaro VM Backup is definitely one of the best Virtual Machine backup softwares out there today, and it's very competitive The ability to backup to Azure Cloud Storage is a great addition I'd recommend you give it a test run yourself: http://bit.ly/altaro-download Recommended reading Microsoft Azure storage pricing details - https://azure.microsoft.com/en-us/pricing/details/storage/ Microsoft Azure replication options - https://docs.microsoft.com/en-gb/azure/storage/storage-redundancy Altaro support for setting up Azure Cloud Storage - http://support.altaro.com/customer/portal/articles/2814316 Altaro VM Backup best practises - http://support.altaro.com/customer/en/portal/articles/2268483-best-practices-for-setting-up-altaro-vm-backup?b_id=14453 Microsoft Azure Storage Explorer - https://azure.microsoft.com/en-us/features/storage-explorer/ Note: Some of you may have already noticed that Altaro is a sponsor of windows-noob.com, and that is a good thing, please return the favor and use their software.
  2. Introduction In a previous post you reviewed what Windows Information Protection (WIP) is and how you can configure Intune to use it, you then deployed a WIP policy to a group of users and verified the end result on a Azure AD joined (with Auto-MDM enrollment) Windows 10 version 1703 device. If you are still not familiar with WIP then I'd recommend you review this blog post from Microsoft, it covers it really well. The graphic below also gives you a nice indication of where WIP fit's in to your information protection needs and how it fits neatly into the Data Separation and Leak Protection space. In this post, you will see how WIP works on a Windows 10 version 1703 device that is Azure AD registered and not enrolled into MDM (MAM-WE). This is a typical Bring Your Own Device (BYOD) scenario. Create a WIP policy for Windows 10 devices without enrollment In a previous post you configured MAM in Azure, and now you will create a WIP policy for Windows 10 devices that are not enrolled into MDM, this will give you additional options to configure in the advanced section of the WIP Policy. To create the WIP Policy in the Microsoft Intune service in Azure, select Mobile Apps then click on App protection policies. Next click on Add a Policy. Give the policy a descriptive name, and optionally a description of what it does, in the Platform drop down select Windows 10 from the choices available. Next choose your enrollment option for Enrollment State, select Without Enrollment. Note, if you select the wrong enrollment option you cannot change it later, you'll have to recreate the policy with the correct enrollment option. Next, there are two sections in the Create Policy wizard related to Apps. Allowed apps - These are the apps that must adhere to the policy Exempt apps - These apps are exempt from the policy and can access enterprise data freely. Note: Apps can be enlightened or unenlightened. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect, based on your policies. Unenlightened apps consider all data corporate and encrypt everything. For a list of Enlightened apps see here. Adding Allowed Apps Click on Allowed apps and then click on Add apps to add one or more apps that you want to adhere to the policy. There's a drop down with Recommended apps selected by default and those apps are listed below the drop down. Recommended apps: a pre-populated list of (mostly Microsoft Office) apps that allow admins easily import into policy. Store apps: Admin can add any app from the Windows store to policy. Windows desktop apps: Admin can add any traditional Windows desktop apps to the policy (e.g. exe, dll, etc.) If you want to add your own Store apps or Desktop apps manually then you'll need to select the appropriate option and fill in the blanks. To get information about how to generate the info needed for manually adding Store and Windows desktop apps see this post. To add Allowed apps, click on Add apps, then select Recommended apps and make your selection from those available. For the purposes of this guide select Microsoft Edge and Notepad from the list of apps available. Click OK on the Recommended apps page, then click on OK on the Add apps page, next you will add an additional desktop app such as Microsoft Word 2016, to do so use the following method. Click on Add apps, and from the drop down choose Desktop Apps. Fill in the following information in the blanks. Name: Microsoft Office 2016 Product Name: * Type: Desktop Publisher: O=Microsoft Corporation, L=Redmond, S=Washington, C=US File: winword.exe Min Version: * Max Version: * Note: if you get the Publisher information above wrong, for example a missing letter, or misplaced comma or a missing space, then the policy (for Microsoft Word) will fail to apply and it won't work. You can pick a built in desktop app like notepad and compare the publisher settings to your app. Here is a copy of the data used above: NAME PRODUCT NAME TYPE PUBLISHER FILE MIN VERSION MAX VERSION Microsoft Office 2016 * Desktop O=Microsoft Corporation, L=Redmond, S=Washington, C=US WINWORD.EXE * * And below is what it looks like after you've added it correct, compare the Notepad desktop app with the one you just added, the Publisher line must match exactly. Adding Exempt Apps Next click on Exempt apps, and add the Company Portal to allow the app to properly function. To do so, add the following Store app to the list of Exempt apps: Name: Company Portal Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US Product Name: Microsoft.CompanyPortal as shown here Click OK when done. Next click on Required settings and configure the protection mode, in this example set it to Allow Overrides, remove Pin to Dashboard and click on OK. Note: Allow Overrides lets the user override the policy and share the data, logging the action to your audit log. The 4 available Windows Information Protection mode settings are listed below. Hide Overrides - WIP looks for inappropriate data sharing practices and stops the user from completing the action. This can include sharing info across non-corporate-protected apps, and sharing corporate data between other people and devices outside of your organization. Allow Overrides - WIP looks for inappropriate data sharing, warning users if they do something deemed potentially unsafe. However, this mode lets the user override the policy and share the data, logging the action to your audit log. Silent - WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Allow Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped. Off (not recommended) - WIP is turned off and doesn't help to protect or audit your data. After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn’t automatically reapplied if you turn WIP protection back on. Configuring advanced settings Next click on Advanced settings, to configure advanced settings. Notice how you can configure Windows Hello for Business options in the policy. These Windows Hello for Business options can by targeted to a User group of your choosing (essentially the same User group that you assign the WIP policy to), which is useful if you don't like the default Windows Enrollment option for enabling Windows Hello for Business (which applies to All Users). Once you are done configuring it, click on OK and then Create to create the WIP policy. Deploying the policy Now that you've created your WIP policy, it needs to be deployed (assigned) to a group of users that you intend to target with this policy. To deploy the policy, select it and then click on Assignments. Next click on Select Groups to select a previously created Azure Group containing one or more users. After selecting a suitable user group, click on Select. The policy is now deployed. Registering a device in Azure AD (workplace join) Let's look at a Windows 10 device that is not joined to Active Directory or Azure AD, it is only work group joined (this is a typical state for BYOD devices). Using an Administrative PowerShell cmd prompt, issue the following command dsregcmd /status Output similar to the below should appear As you can see from the output, the Windows 10 device is not joined to AAD, not Domain Joined and also not Enterprise joined (some future option from Microsoft ?). AzureADJoined: No EnterpriseJoined: No DomainJoined: No To Azure AD register the device (workplace joined) do as follows: Click on All Settings, Accounts, Access work or school. Then click on Connect and enter your Intune user credentials, note that their are options to join Azure AD and an on premise Domain but you will not select either as this device will be AAD registered only. When prompted enter the password and click on Sign-in. you'll be informed about what is happening, note the 'while we register this device' text. If any additional authentication is configured (Windows Hello for Business), you'll be prompted to enter it. after the text message is sent to your phone... Click Next and then Setup a PIN click next and then Done to close the wizard. Note: The User name used to register the device is listed with a Windows icon beside it. At this point, once again issue the dsregcmd /status command in an Administrative PowerShell cmd prompt. From the output you can see that the device is NOT Azure AD Joined and it is Workplace Joined, which is another way of saying it is Azure AD registered. You can verify that the device is not MDM enrolled and that it is Workplace joined and Azure AD Registered by clicking on Azure AD devices in the Intune portal. Review WIP policy on a Windows 10 device So now that our Windows 10 device is Azure AD registered, let's verify how the WIP policy applies. To do so logon to the Windows 10 device used above. In the example below there are some documents, some are marked as Work (they have a suitcase icon on them and File Ownership is listed as the windowsnoob.com Enterprise.) and some are Personal. Right click on a protected Word document and choose Open With, next select Choose another App. if your policy is applied correctly you'll see the following (that Word 2016 can open both Work and Personal files), if not, sync the policy again and try again. Once the document is open in Word, copy some text and attempt to paste it into WordPad (which is not an allowed app.) If everything went well you'll be prompted to either Give Access or Cancel. Note: If you do not get the desired result, for example if the data simply pastes in, then you should verify the version of Office application you are using is up to date. For example, Office 365 may be on the Deferred Channel (now called Semi Annual Channel) meaning that it's version is 1701.(xxxx.xxxx) and that may mean that it cannot process the WIP policy correctly. Once you've updated Office 365 to the Current Channel (now known as Monthly) you'll get the desired result. Tip: You can review your software download settings for Office 365 by going to https://portal.office.com and, clicking on Software Download Settings on the main screen. In there, by default it will be set to the Semi Annual Channel which as of when I tested it in this guide, won't work correctly with WIP. In the screenshot below you can see that Office is configured for the Semi Annual Channel. As time goes on this will auto-correct itself, but if you see issues such as I've described then select Monthly Channel, update the office software on the client, and try again. Next, open a protected (work) txt document with Notepad. Notice the suitcase icon in the banner area. If you click on the suitcase, it will say Managed by your company. Try opening the same document with an app this is not allowed, and you'll see this. And next browse a work site (such as Sharepoint) in Microsoft Edge and you'll again see the suitcase icon, notifying you that Edge realizes this is a Work network resource. Downloading a document from Sharepoint automatically marks it as a Work document, and that means it's protected. as you can see here. Once the BYOD project comes to an end, have the user disconnect the work or school account in Account settings, and any Enterprise data left on the device will be revoked and can no longer be read or used. Hopefully this post helps you understand WIP capability on Windows 10 version 1703 devices (and later) that are not enrolled into MDM (MAM-WE) using policy created in Intune in Azure. I think we'll see more happening in this space in the coming months, hopefully with native reporting in Azure along with selective wipe. Until next time, adios. Recommend reading Introducing Windows Information Protection https://blogs.technet.microsoft.com/windowsitpro/2016/06/29/introducing-windows-information-protection/ Windows Information Protection explained https://blogs.technet.microsoft.com/cbernier/2017/05/19/windows-information-protection-explained-windows-10-creators-update/ App behaviour with WIP https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/app-behavior-with-wip Protect your enterprise data using Windows Information Protection (WIP) https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip Limitations using WIP https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/limitations-with-wip Create and Assign WIP application protection policies https://docs.microsoft.com/en-us/intune/windows-information-protection-policy-create Enlightened apps and WIP https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip Walkthrough: Workplace Join with a Windows Device https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/walkthrough--workplace-join-with-a-windows-device How to configure hybrid Azure Active Directory joined devices https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup New to Office 365 https://blogs.office.com/en-us/2017/06/23/new-to-office-365-in-june-classroom-experiences-in-microsoft-teams-and-more/ Manage Windows Information Protection work and personal files https://support.microsoft.com/en-us/help/4012985/windows-10-manage-windows-information-protection-work-personal-files General guidance and best practices for Windows Information Protection (WIP) https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip
  3. Introduction Devices can be enrolled into Microsoft Intune in many ways, the user can download the Microsoft Company Portal, and enroll the device using the wizard contained within that app, this would then mean the device shows up as Personal owned. Or, the admin can use Bulk Enrollment methods such as Apple Device Enrollment Program or Apple Configurator (which requires an Apple Mac to run the program) or for Windows devices, use Windows AutoPilot. Keep in mind that bulk enrollment is generally for new devices and not devices that have already been deployed. When you join new Windows desktop, mobile, holographic or Surface devices into Azure AD (Azure AD join as part of OOBE or Windows AutoPilot or via the options in the operating system) you can avail of a new MDM auto-enrollment capability which means that not only is the device Azure AD joined, but it will automatically become enrolled (and managed) by Microsoft Intune. This also means that the device will show up as Corporate owned and has the distinct advantage of not needing the end user (or admin) to have to download and use the Company Portal to enroll the device. To setup MDM auto-enrollment in Azure is fairly easy, and here's how to do it. You do need to have both Azure Active Directory Premium subscription and a Microsoft Intune tenant configured before doing this. Step 1. Login to Azure As a user with administrative permissions in Azure Active Directory, login to https://portal.azure.com and select the Azure Active Directory service highlighted here with the red arrow. Step 2. Configure MDM auto-enrollment Click on Mobility (MDM and MAM) and then select Microsoft Intune from the applications listed. The Configure Microsoft Intune blade opens. Notice the following text (by clicking on the information 'i' beside MDM User scope, which explains the capabilities. Use MDM auto-enrollment to manage enterprise data on your employees' Windows devices. MDM auto-enrollment will be configured for AAD joined devices and bring your own device scenarios. Click on Restore default MDM URLs and then select Some (to select one or more user groups you want to enable for MDM auto-enrollment), or All to apply to all users. In this example you will add a User Group (previously created, containing one or more Windows device users), so select Some, and then click on Select Groups to select the User groups you want this MDM auto-enrollment capability to apply to. When you are done with your selection, click on Select. Next click on Save to save your changes. You'll be notified in the top right corner of the success or failure of this action. That's it, job done, now go and Azure AD join a Windows device, using a user that is a member of the group you specified above. After joining Azure AD, it will also become MDM auto-enrolled by Microsoft Intune. You can verify this by going into Microsoft Intune service in Azure, and selecting Devices then All Devices, the device you just joined into Azure AD will now also be MDM Managed by Microsoft Intune (due to MDM auto-enrollment) and listed as a Corporate owned device. And on the device itself you can verify in All Settings, Accounts, Access work or school, and click on the username. For more info about this read https://docs.microsoft.com/en-us/intune/windows-enroll#enable-windows-10-automatic-enrollment
  4. This list of guides (think of it as a living index) will be updated by me whenever I write a new guide for Microsoft Intune (Standalone) in Azure. If you are looking for some of my other guides then please check below: Microsoft Intune (hybrid) guides look here (over 61,103 views as of July 2017) SCCM (Current Branch) and SCCM (Technical Preview) guides are here (over 63,821 as of July 2017) Configuration Manager 2012 guides then look here (over 1 million views as of July 2017) Configuration Manager 2007 guides then look here (over 948388 views as of July 2017) Microsoft Deployment Toolkit guides are here SMS 2003 guides are here (over 10423 views as of July 2017) cheers niall How can I create dynamic groups for different HoloLens devices in Microsoft Intune Learn how to leverage Intune support for Microsoft Graph and PowerShell to enable powerful automation and IT security- my notes Managing devices with Microsoft Intune: What’s new and what’s next – my notes (Part 5 – Windows) Managing devices with Microsoft Intune: What’s new and what’s next – my notes (Part 4 – macOS) Managing devices with Microsoft Intune: What’s new and what’s next – my notes (Part 3 – Android) Managing devices with Microsoft Intune: What’s new and what’s next – my notes (Part 2 – iOS) Managing devices with Microsoft Intune: What’s new and what’s next – my notes (Part 1 – new features) How can I deploy custom favorites in Microsoft Edge to Windows 10 devices using Microsoft Intune How can I send notification messages using PowerShell in Microsoft Intune Configuring BitLocker in Intune - Part 3. Testing the scripts Troubleshooting “Something went wrong error 801c0003” during enrollment via Windows AutoPilot and Microsoft Intune How can I use Windows AutoPilot with a Proxy ? How can I customize the start screen in Windows 10 using Intune How can I enable MDM auto-enrollment in Azure How can I create a dynamic group containing all Windows 10 version 1709 in Intune in Azure ? Configuring BitLocker in Intune - Part 2. Automating Encryption How can I integrate Microsoft Store for Business with Intune in Azure Getting started with Microsoft Graph and using PowerShell to automate things in Intune Using Intune to enable WIP to protect Enterprise data on Windows 10 devices (MAM-WE) What is Windows Information Protection and how can I use it to protect Enterprise data on Windows 10 devices using Intune Configuring BitLocker in Intune - Part 1. Configuring BitLocker Intune Preview in Azure get’s a new look and Software Updates for Windows 10 ! How can I check the status of my Intune service ? How can I determine how long a blade loads in Intune Preview in Azure ? How can I unlock Windows Holographic for Business features in Intune Preview? How can I find out version info about Intune Preview in Azure ?
  5. I currently administer a single, on-premise, MP with ~60 local DPs spread globally. We have around 7500 devices and 4000 users. At present the MP, SQL and foundations all live in the UK, and this is causing a bit of grief for our APAC sites, when pulling down TS policies for OSD etc... We're needing/wanting to spin up a 16xx instance of SCCM anyway, but have been wondering if/how feasible a Cloud Based MP and feature rich site system server would be if based in Azure for example. The rough plan would be... MP (Azure VM, EMEA) DB (Azure SQL, EMEA) DP (Azure VM, 1 per region - EMEA, NASA & APAC) Source Server (Azure VM) We'd use the Azure Based DP's as "Push" DP's, to the 60 or so Local DPs we have globally. The theory being this would alleviate the stress on our a Single UK DP as the "pusher". Is SCCM ready for this kind of setup? Is Azure ready for this kind of setup? Does anyone else, do anything similar?
  6. As title says I am having some issues with my Azure cloud distribution point. First some info about my Azure cloud setup: It is set up with 2 certificates with common name of my FQDN to my Windows Azure. Exported them to the sccm-site server. Configmgr group have read and enroll rights. 1 certificate (.cer) is without a key, uploaded to Windows Azure. Second key (.pfx) was used when setting up cloud dp in the SCCM console. It was set up successfully as far as i can tell and according to the cloudmgr.log on SCCM-server: Deployment instance status for service 75dcea72c6724f99a68bcda7 is StartingVM.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:46:09.177-60><thread=5624 (0x15F8)> TaskWorker: Starting...~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:46:11.565-60><thread=3584 (0xE00)> TaskWorker: Starting task: [CloudServicesTaskBuilder]~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:46:11.566-60><thread=3584 (0xE00)> CloudServicesTaskBuilder: Starting.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:46:11.566-60><thread=5432 (0x1538)> CloudServicesTaskBuilder: Stopping.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:46:11.578-60><thread=5432 (0x1538)> Deployment instance status for service 75dcea72c6724f99a68bcda7 is StartingVM.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:46:30.336-60><thread=5624 (0x15F8)> Deployment instance status for service 75dcea72c6724f99a68bcda7 is StartingVM.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:46:49.396-60><thread=5624 (0x15F8)> Deployment instance status for service 75dcea72c6724f99a68bcda7 is RoleStateUnknown.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:47:10.419-60><thread=5624 (0x15F8)> Deployment instance status for service 75dcea72c6724f99a68bcda7 is BusyRole.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:47:33.788-60><thread=5624 (0x15F8)> Deployment instance status for service 75dcea72c6724f99a68bcda7 is BusyRole.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:47:53.687-60><thread=5624 (0x15F8)> TaskWorker: No tasks to process within timeout period, shutting down.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:11.560-60><thread=3584 (0xE00)> TaskWorker: Shutting down.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:11.560-60><thread=3584 (0xE00)> Deployment instance status for service 75dcea72c6724f99a68bcda7 is BusyRole.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:16.382-60><thread=5624 (0x15F8)> Deployment instance status for service 75dcea72c6724f99a68bcda7 is BusyRole.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:38.134-60><thread=5624 (0x15F8)> Deployment instance status for service 75dcea72c6724f99a68bcda7 is ReadyRole.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:58.597-60><thread=5624 (0x15F8)> Deployment 75dcea72c6724f99a68bcda7 instance status is ReadyRole.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:58.597-60><thread=5624 (0x15F8)> STATMSG: ID=9420 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_CLOUD_SERVICES_MANAGER" SYS=37E-SCCM.ss.no SITE=SS1 PID=1892 TID=5624 GMTDATE=fr mar 22 12:48:58.597 2013 ISTR0="75dcea72c6724f99a68bcda7" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=404 AVAL0="["Display=\\<my-azure-domain>.cloudapp.net\"]MSWNET:["SMS_SITE=SS1"]\\<my-azure-domain>.cloudapp.net\" $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:58.611-60><thread=5624 (0x15F8)> STATMSG: ID=9408 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_CLOUD_SERVICES_MANAGER" SYS=37E-SCCM.ss.no SITE=SS1 PID=1892 TID=5624 GMTDATE=fr mar 22 12:48:58.612 2013 ISTR0="75dcea72c6724f99a68bcda7" ISTR1="North Europe" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=404 AVAL0="["Display=\\<my-azure-domain>.cloudapp.net\"]MSWNET:["SMS_SITE=SS1"]\\<my-azure-domain>.cloudapp.net\" $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:58.612-60><thread=5624 (0x15F8)> Finished deploying service 75dcea72c6724f99a68bcda7.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:58.612-60><thread=5624 (0x15F8)> STATMSG: ID=9409 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_CLOUD_SERVICES_MANAGER" SYS=37E-SCCM.ss.no SITE=SS1 PID=1892 TID=5624 GMTDATE=fr mar 22 12:48:58.613 2013 ISTR0="75dcea72c6724f99a68bcda7" ISTR1="North Europe" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=404 AVAL0="["Display=\\<my-azure-domain>.cloudapp.net\"]MSWNET:["SMS_SITE=SS1"]\\<my-azure-domain>.cloudapp.net\" $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:58.613-60><thread=5624 (0x15F8)> TaskWorker: Starting...~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:58.614-60><thread=5624 (0x15F8)> TaskWorker: Starting task: [upload MP Certificates for service 75dcea72c6724f99a68bcda7]~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:58.615-60><thread=5624 (0x15F8)> Upload mp certs starting for service 75dcea72c6724f99a68bcda7...~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:48:58.625-60><thread=3584 (0xE00)> Storage service already exists 75dcea72c6724f99a68bcda7~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:49:03.641-60><thread=3584 (0xE00)> Uploading certificate for server 37e-sccm.ss.no to publickeystore for service 75dcea72c6724f99a68bcda7.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:49:07.831-60><thread=3584 (0xE00)> Uploading bytearray to container publickeystore with blob name 37e-sccm.ss.no.pubkey using storage account 75dcea72c6724f99a68bcda7~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:49:07.951-60><thread=3584 (0xE00)> TaskWorker: No tasks to process within timeout period, shutting down.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:50:58.609-60><thread=5624 (0x15F8)> TaskWorker: Shutting down.~~ $$<SMS_CLOUD_SERVICES_MANAGER><03-22-2013 13:50:58.609-60><thread=5624 (0x15F8)> Uploading to the cloud dp also works fine, as i can see the package in the storage after it is distrubuted. Now the actual error is on my clients. They can see the advertisement, that they have an application to download. However when they start to download its stuck at 0%, and it stays there for forever. DataTranserService.log shows following: <![LOG[Error sending DAV request. HTTP code 600, status '']LOG]!><time="14:38:51.871-60" date="03-22-2013" component="DataTransferService" context="" type="3" thread="1608" file="util.cpp:701"> <![LOG[GetDirectoryList_HTTP('https://<my-azure-domain>.cloudapp.net:443/downloadrestservice.svc/getcontentxmlsecure?pid=SS10001A&cid=CONTENT_81A08801-D9A3-4606-8C3C-5A755D3DD73F.1&tid=GUID:CD2B5C41-799C-4097-BC3E-00D6B154E6FD&iss=37E-SCCM.SS.NO&alg=1.2.840.113549.1.1.5&st=2013-03-22T13:38:02&et=2013-03-22T21:38:02') failed with code 0x87d00215.]LOG]!><time="14:38:51.871-60" date="03-22-2013" component="DataTransferService" context="" type="3" thread="1608" file="util.cpp:768"> <![LOG[Non-recoverable error retrieving manifest (0x87d00215).]LOG]!><time="14:38:51.871-60" date="03-22-2013" component="DataTransferService" context="" type="2" thread="1608" file="dtsjob.cpp:1310"> The domain ss.no is internal, and not reachable from the outside, could this be the issue, or am i totally off? Could really need some help here, thanks in advance!
  7. Hi, dear mates... Firstly, I would like to say thanks for many of the posts about SCCM2012 that have helped me to know better SCCM2012 and begin to understand it. Anyway, I'm still a rookie on this system. On the other hand I've several problems configuriying my SCCM environment. This is my scenario: I have all the infraestructure in one server, located on Azure. The server is only for admin SCCM 2012 R2 (version 5.0.8239.100, (with the hotfix KB3073015 installed -CU5 not applicable-). WS 2012 R2 and SQL2012. I need it ,basically, for admin the security and updates of 30 workgroup windows machines (Win7 pro and W embeded 7) that connect to internet via 3G. Now I'm working in a lab environment with the SCCM server and two machines (one with W7 and the other with WEmbedded 7. NOTE: As soon as I got the clients set-up, I had problems with Guid's duplication, so I have issued another client certificate, and currently both computers have its own client certificate, but the GUID duplication (after of permorming the recommended actions) hasn't solved, but I'll send another post about it) I've got to solve many problems about PKi infraestructure, finding out for just the ccmpsetup.exe parameters that I needed to setup the clients, etc... After I have solved many errors about MP, checking right all the prerequisites regarding the software needed (all about differential compression, .net Framework, ASP.NET 4.5, Visual c++ etc...), applicable hotfixes, reinstalling SCCM, IIS, Wsus, the clients, Check and configuration of Webdav, test the consitency of WMI ... test the access to ?mp_list and ?mpcert successfully etc... Anyway, I would need to fix the below errors, to be able to carry on with the sccm administration. MPSETUP.LOG ----> ok, without errors MPMSI.LOG... [13:09:36] IGNORE: Failed to delete extension 'C:\Program Files\SMS_CCM\getpolicy.dll'. Return Code = 0x80020009 (The extension might not be registered)...[13:09:36] Method 'DeleteExtensionFileRecord' failed with 80020009 MSI (s) (08:E8) [13:10:22:986]: Executing op: ServiceInstall(Name=CcmExec,DisplayName=SMS Agent Host,ImagePath="C:\Program Files\SMS_CCM\CcmExec.exe",ServiceType=16,StartType=2,ErrorControl=1,,Dependencies=winmgmt[~][~][~],,StartName=LocalSystem,Password=**********,Description=Provides change and configuration services for computer management systems.,,) Property(S): InstallErrorDialog_Title = Setup Aborted ..... Property(S): InstallErrorDialog_SubTitle = Setup failed....Property(S): InstallErrorDialog_Info = Setup encountered an error and could not continue. CTR:MessagesFailed,164,165,65792,novice,0 MSI (s) (08:E8) [13:09:39:644]: Executing op: TypeLibraryRegister(,,FilePath=C:\Windows\system32\ccmcore.dll,LibID={90C7E669-C86D-48A6-8F7A-B16521DB52BD},,,Language=0,,BinaryType=1,IgnoreRegistrationFailure=0, MSI (s) (08:E8) [13:10:26:654]: Windows Installer installed the product. Product Name: ConfigMgr Management Point. Product Version: 5.00.8239.1000. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. MPCONTROL.LOG Call to HttpSendRequestSync failed for port 443 with status code 404, text: Not Found Http test request failed, status code is 404, 'Not Found'. Event Viewer... Log Name: Application Source: SMS Server Date: 8/7/2015 3:47:13 PM Event ID: 5436 Task Category: SMS_MP_CONTROL_MANAGER Level: Error Keywords: Classic User: N/A Computer: pudocontrol.domain-name.cloudapp.net Description: On 8/7/2015 3:47:13 PM, component SMS_MP_CONTROL_MANAGER on computer pudocontrol.domain-name.cloudapp.net reported: MP Control Manager detected management point is not responding to HTTP requests. The HTTP status code and text is 404, Not Found. Possible cause: Management point encountered an error when connecting to SQL Server. Solution: Verify that the SQL Server is properly configured to allow Management Point access. Verify that management point computer account or the Management Point Database Connection Account is a member of Management Point Role (msdbrole_MP) in the SQL Server database. Possible cause: The SQL Server Service Principal Names (SPNs) are not registered correctly in Active Directory Solution: Ensure SQL Server SPNs are correctly registered. Review Q829868. Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which the site is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which the site is configured to use. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. Possible cause: The MP ISAPI Application Identity does not have the requisite logon privileges. Solution: Verify that the account that the MP ISAPI is configured to run under has not been denied batch logon rights through group policy. ----------------------------------------------------------------------------- Log Name: Application Source: MSSQLSERVER Date: 8/7/2015 1:10:50 PM Event ID: 17806 Task Category: Logon Level: Error Keywords: Classic User: N/A Computer: pudocontrol.domain-name.cloudapp.net Description: SSPI handshake failed with error code 0x80090304, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The Local Security Authority cannot be contacted [CLIENT: <local machine>] ------------------------------------------------------------------------------- Log Name: Application Source: Microsoft-Windows-CertificationAuthority Date: 8/7/2015 1:12:20 PM Event ID: 91 Task Category: None Level: Error Keywords: User: SYSTEM Computer: pudocontrol.domain-name.cloudapp.net Description: Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access. --------------------------------------------------------------------------------- Log Name: Microsoft-Windows-WMI-Activity/Operational Source: Microsoft-Windows-WMI-Activity Date: 8/7/2015 4:39:38 AM Event ID: 5858 Task Category: None Level: Error Keywords: User: SYSTEM Computer: pudocontrol.domain-name.cloudapp.net Description: Id = {BCC1EB23-D052-0000-121C-C2BC52D0D001}; ClientMachine = PUDOCONTROL; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4316; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\CCM : SMS_Authority; ResultCode = 0x80041010; PossibleCause = Unknown ---------- Log Name: Application Source: Microsoft-Windows-WMI Date: 8/7/2015 1:12:02 PM Event ID: 10 Task Category: None Level: Error Keywords: User: SYSTEM Computer: pudocontrol.domain-name.cloudapp.net Description: Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA "ccm_siteassignment"" could not be reactivated in namespace "//./root/ccm/Policy/Machine" because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected. (this last error was generated more than 3 hours ago, so maybe it's fixed). I would love to have this matter solved... or somebody are gonna boot out to me... Thanks a Bunch, and Greetings from Spain. Roberto
  8. I'm planning an upgrade to sccm 2012. I have multiple sites through out the globe. Most do not have very fast connections. Would I be able to use a cloud DP using Azure and point these clients to that DP? i thought I read somewhere that clients can not download windows updates from Azure,is that true? What functions be available from Azure? Another option I was thinking of at some of these smaller sites was Branch cache. Would I have to designate one client as a branch cache or does every client become a branch cache?
×
×
  • Create New...