Monthly Archives: January 2014

SCCM 2012 – Application Catalog & IE Enable Protected Mode

Hi All, recently i was at a customer site trying to request/install an Application via Application Catalog website and it was failing. if I select my devices, I see “This setting cannot be configured because of a network communication of a configuration problem” and looking at the ConfigMgrSoftwareCatalog.log, I see MySystemsPageView.DetermineIsPrimary-Error:Could not communicate with the client control properly. Error 0x1709. Debugging resource strings are unavailable. See http://go.microsoft.com/fwlink/?linkid=106663&Version=5.1.2093.0&File=mscorrc.dll&key=0x1709 0x80041003 Looking at the URL provided, i did not see anything, the website was actually returning “The definition of the resource id could not be found” and if you check the error 0x80041003, you’ll notice that it is Access denied, but why?!?! i checked everything and i was sure everything was configured properly. I went back to a test machine and started checking all IE security settings and noticed that the IE Enable Protected Mode for the security zone (in my case intranet)…

SCCM 2012 – Firewall for Remote Access

Hi All, SCCM gives you the ability to remote access to client machines. This is not new as this feature has been there for quite a while. Interesting is that SCCM gives you 3 options for remote access: 1- Remote Tools (Remote Control). This is a “SCCM feature” 2- Remote Assistance: This is a “Windows Feature” and what SCCM does is to set local GPO to allow/block access 3- Remote Desktop: This is also a “Windows Feature” and again, SCCM only set local GPO to allow/block access. What is really interesting here is what happen “behind” the scenes regarding firewall. When you open the client settings for remote access, the 1st option is to enable/disable and also configure the firewall. There are many people that think that once you enable, SCCM will enable the firewall for all 3 options..but unfortunately this does not happen. The only rule SCCM does manage…

SCCM 2012 – Unable to view reports via SCCM, Log on failed

Hi All, recently i was at a customer site trying to run reports from the SCCM console and it was failing with login failed. Looking at the reporting logs, i saw the following “ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedExecution: Logon attempt for user ‘xxxxxx’ failed., Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Log on failed. Ensure the user name and password are correct. –> System.ComponentModel. Win32Exception: Logon failure: the user has not been ranted the requested logon type at this computer. And looking at the error, it seems obvious, i typed the wrong username/password. I’ve checked it and tested and everything should be working, however, I was not sure about the AD replication. Anyway, i waited many hours just to be sure and the issue was still there. After this, i used rsop.msc to check what policies where being applied and noticed that the Logon Locally policy was set and looking at the membership rules, i noticed that the…

SCCM 2012 – Unable to Install SCCM 2012 R2

Hi All, Recently, i was at a customer site, i was not able to install a SCCM 2012 R2 on a new primary site. I had installed SQL 2012 and later on applied SP1. The error i was getting on the log was “msxml6_x64.msi installation process returned 1618. I don’t need to say that i tried to install it manually enabling log just to see what was going on. Interesting, i did noticed, using task manager, that MSIEXEC was crazy….every time starting a new instance. Monitoring it with the procmon and procexec, i noticed that ngen.exe was appearing a lot…a quick research i found a issue with the SP1 of SQL 2012 and installing the hotfix 2793634 (Windows Installer starts repeatedly after you install SQL Server 2012 SP1) should fix the issue. Installing it and restarting the server did fix the problem.

SCCM 2012 – Retire Application

Hi All, SCCM 2012 (and 2012 R2) have an option called Retire that allows you to block creation of new deployment of the application. It is useful when using with Supersedense when you’re upgrading an application and you don’t want deploy the old application anymore. Per documentation, When you retire an application, it is no longer available for deployment but the application and any deployments of the application are not deleted. Existing copies of this application that were installed on client computers will not be removed. If an application that has no deployments is retired, it will be deleted from the Configuration Manager console after 60 days. However, any installed copies of the application are not removed. Well…this is really interesting, it is more interesting that you can “reinstate” the application if needed, but be aware, only retiring the application will not block people from installing. if have an active…

SCCM 2012 – Removing old revision

Hi All, every time you change something to any application or deployment type, SCCM keeps a history of this change and will delete it, after specific period of time. This behaviour can be changed on the site maintenance, task Delete Unused application revisions. the default is 60 days. Anyway, i wanted to know how many revisions i had for each application as well as the application version. To do it, i used powershell the posh script below will shows you the Application Name, Version and number of revisions.

  Easy, but what if i don’t want to wait for SCCM to delete it for me, what can I do? well..there is another powershell for it. the below powershell will delete all revisions that is not the last one, leaving you with only 1 review, the last one.

  This script is really useful when you have many people…

SCCM 2012 – DeploymentType – empty SDMPackageXML

Hi All, while working on a script (that will be published here soon), i noticed that it was failing after i had tested it…but why was not clear. After troubleshooting, i discovered that the SDMPackageXML was empty. i really don’t know why it happen, but it should not happen anyway, once i discovered this, i wanted to see how many DT had this issue and it was almost 50% of my lab…but how did i found out?! Easy, i ran the following powershell

  as you will see, every single App/DT that appear in this list, has problem with the SDMPackageXML, but how to fix it? Well it was simple, you just need perform a change on the DT, but if you have many!?!?!?. Again, i used powershell the below powershell will add an “A” to the administrative comment as well as remove it

  but now, you…

SCCM 2012 – Set Security Scope (Part 2)

Hi All, this is the 2nd part of the Set Security Scope where I added support for Configuration Items and Configuration Baselines. if you haven’t looked at my Set Security Scope (Part 1), check it here download the new version of the script SetSecurityScopev2 zip file, extract and add the files to the following places: RFL-CI.xml to <CM12R2Console Installation Path)\XmlStorage\Extensions\Actions\521e2ba1-c197-46fe-94a1-932e81629b1c (change the CM12R2Console to the path of the console :)) RFL-Baselines.xml to <CM12R2Console Installation Path)\XmlStorage\Extensions\Actions\4233000f-4042-4d42-ad13-3abfa8129ea5 (change the CM12R2Console to the path of the console :)) SetSecurityScope.ps1 to C:\Scripts\CM12R2Console on the same computer where you installed the CM12 R2 Console (remember, you can replace if you have the version 1 of the script) Once you have done it, restart the console and you’ll see a new action group called RFL Systems and once you right click any folder, you’ll also be able to see the action (see below screenshot) when you click, a powershell screen…

HTTP Error 500.19 – Internal Server Error – SCCM 2012 SP1 – Windows Server 2012 – WSUS x64

Hello, I noticed that I was getting a lot of red crossed under my site components and that my default website was chucking out the following error after a WSUS install on the local SCCM server. HTTP Error 500.19 – Internal Server Error The requested page cannot be accessed because the related configuration data for the page is invalid. This was also the case when trying to access http://localhost/ccm_client and application portals. I had a look at the ApplicationHost.config file and noticed that suscomp.dll was installed by WSUS. Resolution 1. Go to C:\windows\system32\inetsrv\config and locate the ApplicationHost.config file 2. Open it with notepad and look for the following lines below scheme name=”xpress” doStaticCompression=”false” doDynamicCompression=”true” dll=”C:\Windows\system32\inetsrv\suscomp.dll” staticCompressionLevel=”10″ dynamicCompressionLevel=”0″ /> 3. The following command needs to be run to disable the suscomp.dll that was installed when the WSUS server role was installed, Im not 100% sure but from what I could see compression schemes…

SCCM 2012 SP1 Remote Control Install

Ola, I was asked provide instructions to install the SCCM console on a few desktops so that the security team can use it for Remote Tools (Control) only … I didn’t install the console for anyone. And neither should you, instead you just need to complete the following to give your analysts the ability to use Remote Control and nothing else. So, to do this you will need to do the following. Firstly make sure that you add the names of the technicians you want to have access to remote tools into the Remote Tools Operators role based security group in the Administration workspace in the SCCM console. Next, from the file directory where the SCCM console is installed (C:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\i386) copy the following files into a New Folder (Name it whatever you like) 1. 00000409 (Its a folder, copy the entire folder) 2. CMrCVieiwer (Application) 3. RdpCoreSccm.dll Place these files…