Monthly Archives: March 2014

SCCM 2012 R2 – KB2938441 – Cumulative Update 1

Hi All, Microsoft has just published the Cumulative Update 1 for System Center 2012 R2 Configuration Manager Information about this update can be found here and here 2938441: Description of Cumulative Update 1 for System Center 2012 R2 Configuration Manager 2932274: Description of PowerShell changes available in Cumulative Update 1 for System Center 2012 R2 Configuration Manager Also note a recent blog update on our servicing strategy to address some common customer questions. http://blogs.technet.com/b/configmgrteam/archive/2014/03/24/configuration-manager-servicing-update.aspx But now, how to install it? 1- Execute the CM12-R2CU1-KB2938441-X64-ENU.exe file you donwloaded and go to the Mirosoft License Terms. Click Accept and click Next 2- On the pre-requisites, click Next. 3- Select Install the update for the configuration manager console if not selected and click next 4- Select yes, update the site database and click next 5- leave all Deployment Assistance Options select and click Next. This basically means what packages are going to be…

SCCM 2012 – Security (Part 3)

Hi All, If you missed the Part I you can find it here and Part II can be found here today we go ahead with the Part 3 of the series of posts about security and now it is time to talk about the web certificates. The web certificate is the certificate that is used by any SCCM Site role that used IIS (well…not any as FSP will not use certificate as it only accept non-encrypted traffic). Anyway, if you go to the documentation (http://technet.microsoft.com/en-us/library/gg699362.aspx) you will notice that the following services/site roles need web certificate: Management point, Distribution point, Software update point, State migration point, Enrollment point, Enrollment proxy point, Application Catalog web service point, Application Catalog website point, Cloud-based distribution point, Network Load Balancing (NLB) cluster for a software update point**, Site system servers that run Microsoft SQL Server, SQL Server cluster: Site system servers that run Microsoft…

SCCM 2012 – SUP – Error: There was an error downloading the software update. (12152)

Hi All, recently i was at a customer site installing SCCM 2012 R2 and i had an issue downloading some updates… The steps were simple. as it was the 1st time, i’ve created an Software Update Group with all Windows 7 updates already released and tried to download it to a deployment package… The wizard was telling me that some updates failed to download with error: There was an error downloading the software update. (12152) and of course, a long list of updates where bellow it. the 1st i thought it was internet/proxy problem, however, there was no proxy involved and i could navigate to the internet without any problem… looking at the patchdownloader.log (it can be under %temp%, C:\Users\\AppData\Local\Temp or \Logs) i saw the following Checking machine config Software Updates Patch Downloader 19/03/2014 09:03:23 5472 (0x1560) Cert revocation check is disabled so cert revocation list will not be checked….

WMI Script to rebuild WMI repository (Windows SCCM 2012)

Players. Configuration Managers clients use to have a knack of imploding and spraying WMI all over the walls. This has got better over time, but still … from time to time we have to rebuild the repository to kick start the agent back to live. So I’ve compiled all the steps that I’ve used over time into a script … its below. @echo on cd /d c:\temp if not exist %windir%\system32\wbem goto TryInstall cd /d %windir%\system32\wbem net stop winmgmt winmgmt /kill if exist Rep_bak rd Rep_bak /s /q rename Repository Rep_bak for %%i in (*.dll) do RegSvr32 -s %%i for %%i in (*.exe) do call :FixSrv %%i for %%i in (*.mof,*.mfl) do Mofcomp %%i net start winmgmt goto End :FixSrv if /I (%1) == (wbemcntl.exe) goto SkipSrv if /I (%1) == (wbemtest.exe) goto SkipSrv if /I (%1) == (mofcomp.exe) goto SkipSrv %1 /RegServer :SkipSrv goto End :TryInstall if not exist…

SCCM 2012 – Security (Part 2)

Hi All, If you missed the Part I you can find it here today we go ahead with the Part 2 of the series of posts about security and now it is time to talk about certificates. I’m not going to tell you know to create your PKI infrastructure, but what certificates you need in your environment. In this post, we’ll focus on the client certificate. There are many people out there that like to create a new certificate for the client machines, not that i don’t like but most of the time you don’t need it as the default workstation certificate can be used. If you is like me and don’t want create a new certificate for the workstation authentication, you don’t need, however, you need to make sure a workstation certificate is being applied to all machines. The easiest way to do this is via GPO (note that…

SCCM 2012 – Updating SCCM client during TS

Hi All, for ages, i’ve being using a script to automatically populate the PATCH option of the SCCM client installation in a TS environment. the reason i’ve been using this script (if not clear for you), is the number of hotfixes and the allowed size of the text box on a TS… fortunately with SCCM 2012, the SCCM product group changed the way they di hotfixes and started to use Updates Rollup, meaning that you would not find the issue we’ve been experiencing on SCCM 2007. Even it is true, Microsoft had to release few updates out of the Update Rollup and people don’t know how to manage them in a Task Sequence as this has changed a bit. Fortunately (again), the script has been updates to SCCM 2012 (http://blogs.technet.com/b/deploymentguys/archive/2013/06/04/automatically-populate-the-patch-property-for-the-configmgr-client-installation-script-update.aspx) however, what happen if you don’t have the ZTIUtility.vbs or don’t want do the MDT integration? Well…you need to do…

SCCM 2012 – Application Catalog HTTPS Error

Hi All, recently i was at a customer site and that has a single primary site (with all roles on it). They have installed the Application Catalog but it was not working. the SMS_AWEBSVC_CONTROL_MANAGER component was generating the error “Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests. The http status code and text is 500, Internal Server Error. Possible cause: Internet Information Services (IIS) isn’t configured to listen on the ports over which AWEBSVC is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which AWEBSVC is configured to use. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. For more information, refer to Microsoft Knowledge Base.” every hour. Looking the logs, the installation happen without any problem, however, the awebsctl.log was giving me…

SCCM 2012 R2 (Windows Server 2012 R2) Site Component Manager failed to install component SMS_PORTALWEB_CONTROL_MANAGER on server

Application Catalogue Error Server 2012 R2 and SCCM 2012 R2 Site Component Manager failed to install component SMS_PORTALWEB_CONTROL_MANAGER on server <Server Name>. The IIS ASP.NET component is not installed. Solution: Make sure IIS ASP.NET component is installed. Install the following Roles via Server Manager ASP and ASP.NET 3.5 To kick the install off again restart the component service   Look for the the status messages shown below to confirm the installation   Enjoy 🙂

SCCM 2012 – Disable Maintenance Configurator

Hi All, Following Johan blog post about disabling Maintenance Configurator because it is EVIL, i decided to create a baseline for it. The reason is simple, you need to know where it is enabled and disable it if needed, get reports, etc… And how exactly you do that? the answer is simple, you use Configuration Manager DCM (or Compliance Settings on SCCM 2012) Well…it is really easy to do. the 1st thing you need to do is to create a script CI (Configuration Item). add the following powershell script to the discovery part and the following to the remediation part once done, you need to add compliance rule Done. now you need to add it to a baseline (or create a new one and deploy it to a collection)

SCCM 2012 – Cutomizing Windows lock screen

Hi All, today i’ll talk about how to customize the Windows Lock Screen as well as the user/guest picture via OS Deployment (read as Task Sequence) it is really easy. the way i do is always copy the files i need to have on the client machine after the apply os and before the setup windows using robocopy. if you want to know how to do this, check my post about robocopy and task sequence here anyway, the problem is simple, which file and copy where… there are 4 files responsible for the user picture as well as picture. yes, that picture you see when you log on to a machine while typing your username/password. These files (user.bmp, user.png, guest.bmp and guest.png) should be put under c:\ProgramData\Microsoft\User Account Pictures See here for more information Now that you customized the icon, this is what you’ll see when trying to log on…