Monthly Archives: May 2014

Software Update – kb2920189 & VM Secure boot

Hi All, Yesterday i was updating my lab and i noticed that every single vm was failing to install kb2920189. All my vm’s are running windows server 2012 R2 under a WS2012 R2 host, it means i created a 2nd generation of VM’s and the Secure boot was enabled. Looking at the logs, i found the error 0x800f0922 and if you look at the internet, there are lots of things about this error that was not relevant to the issue here, until i found a forum post that helped me. basically, if you’re having this problem with your 2nd generation machines with secure boot enabled, perform the following tasks: 1- shutdown your VM 2- Edit the VM settings and under Firmware, disable the Enable Secure boot 3- Bring the VM up and install the hotfix 4- Shutdown the VM again 5- Edit the VM settings and under Firmware, Enable the…

Event ID 2719 SMS_INVENTORY_DATA_LOADER Error (SCCM 2012 R2)

Players, A good friend of mine sent me an email about an error he noticed oh his SCCM 2012 R2 CU1 environment. The error and solution are detailed below … ERROR: Inventory Data Loader failed to process the file D:\Program Files\Microsoft Configuration Manager\inboxes\auth\dataldr.box\Process\XXXXXXX.MIF because it is larger than the defined maximum allowable size of 5000000. Solution: Increase the maximum allowable size, which is defined in the registry key HKLM\Software\Microsoft\SMS\Components\SMS_INVENTORY_DATA_LOADER\Max MIF Size (the default is 5 MB), and wait for Inventory Data Loader to retry the operation. Microsoft actually gives you the answer in this scenario and therefore, we can safely assume its supported. Now I agree that some errors “might appear cryptic”  but changing the size of MIF collections isn’t the end of the world and wont break anything. So you can safely change the size to resolve the error and get the MIF files into SCCM. Because the registry is dangerous…

Internet Explorer Bug MS14-021

Players, I thought this was old news now, but I have noticed (and also been asked about) the security bug in IE might still be unknown to some. The long and short of the vulnerability is that a hacker can execute remote commands on all versions of Windows through IE. The bulletin from MS can be found here  https://technet.microsoft.com/library/security/ms14-021 It has since been patched since early May, but if you find yourself without the patch please have a look here … SCCM administrators … you know what to do 🙂 http://support.microsoft.com/kb/2964358 Enjoy, Heinrich Pelser

SCCM 2012 – Uninstall not used application

Hi All, I often get asked questions about license management. SCCM, with the help of Asset Intelligence, can generate reports of licenses for Microsoft and non-Microsoft. Microsoft license is easy, it automatically connect to Volume License website and sync the data down, it means it will download your license information and not upload it. For non-Microsoft software, you can create a csv file and import it into the SCCM, easy isn’t it. However, SCCM will not do anything else, it means it will not automatically deny access to an application because you don’t have enough licenses as well as it will not automatically uninstall a not-used application, you need to do this management. Of course, the 1st is quite easy, for all paid apps (of course you’ll not do it for non-paid apps), you create a deployment that require authorisation. Once done, you can create a script do authorise only…

How to uninstall SCCM 2012 agent

Players. I had this on my old blog a while back, but its a common question that I get asked. It seems that a few of you wish to uninstall the SCCM agent (or at least want to know that you can uninstall it) I will blog on how to script this in a later post. But, for now this is how you remove it manually. From the command promt type (Start>Run>cmd)C:\Windows\system32> cd\ C:\>cd windows C:\windows> cd ccmsetup C:\Windows\ccmsetup>ccmsetup /uninstallKeep an eye on the un-installation using the log files from C:\Windows\ccmsetup\ccmsetup.logOnce that’s complete delete the following files in boldC:\Windows\ccmsetup C:\Windows\ccmC:\Windows\SMSCFG.iniRemove the Machine Certs from the SMS storeTo do thisStart>Run>MMC>Click File>Add/Remove Snap-in…>Certificates>Click Add>Computer Account>Local Computer>SMSDelete the certificates in the SMS store.Enjoy Heinrich Pelser

SCCM 2012 – Security (Part 4)

Hi All, If you missed the Part I you can find it here and Part II can be found here and Part III can be found here today we go ahead with the Part 4 of the series of posts about security and now it is time to talk about the DP certificates. The DP certificate is the certificate that is used by any Distribution Point Site role and need to have the private key exported with it as it will be imported during/after the creation of the role. This is also the certificate that you can use on your media when creating one. Anyway, if you go to the documentation (http://technet.microsoft.com/en-us/library/gg699362.aspx) you’ll noticed that in a Microsoft PKI environment, the certificate that you can use as base is the Workstation Authentication, however, if you don’t want to use it, make sure that the Enhanced Key Usage value must contain…