server

SCCM-Migrating form HTTP to HTTPS

Hi All, have you ever needed to migrate a SCCM 2012 (or Current Branch) environment from HTTP to HTTPS? if you have, you know that it is quite easy, but there are some challenges, when things go wrong, off course :)… The steps I normally take (and I hope I haven’t forgotten any :)) are: 1- Create the certificate Template (ConfigMgr Clients (if the workstation is not already in place), ConfigMgr IIS Servers and ConfigMgr DP Servers) 2- Request the certificates 3- on the IIS servers, change the bind to allow HTTPS port (default 443) and select the certificate 4- Export the Root CA (and any other CA) certificate and import it into SCCM. Note, do not force the SCCM to use PKI, instead, allow it to use HTTP or HTTPS.. 5- for each client, confirm that the Client Certificate is set to PKI (you can easily check the HKLM\Software\Microsoft\CCM\HttpsState…

SCCM 2012-Find TS Reference without AutoInstall settings

Hi All, it is a common problem when using OSD to install apps, to forget to select the “Allow this program to be installed from the Install Software task sequence without being advertised” application setting. same for the packages/programs, where people forget to select the “Allow this program to be installed from the Install Package task sequence without being deployed” on the program settings. When this happen, you will normally see the Task Sequence failing with error 0x80004005 and looking at the logs, you’ll see No matching policy assignments received. Policy download failed, hr=0x80004005 When this happen, you need to enable the setting and start it again, but you easily lost couple of hours doing it already. Microsoft has a good blog post on how to enable it here, however, it does not show you what apps or packages/program you need to change. So i created a simple (and dirty)…

ConfigMgr: Automation from Zero to Hero

Hi All, Today is a great milestone for me because I just finished writing the ConfigMgr: Automation from Zero to Hero book. It is not under final review and should be available in the next couple of months. I have to thank David Nudelman, Heinrich Pelser and Panu Saukko for helping me to review and for their contributions as well as Dave Randall as without their help it would be much harder to finish it.

SCCM 2012 R2 PXE fails (WDS Crash)

Players, Last week I was asked to look into PXE boot issue that a friend of mine was experiencing, in his own words he explained that “PXE boots were working fine until” … he recently built a new Windows 2008 R2 box (No idea why he didn’t use 2012 R2 …). It wasn’t a boundary group issue, as this problem was intermittent. And was sometimes fixed reboot of the server. He passed over a bunch of log files, and the following error stuck out. Log Name: Application Source: WDSServer Event ID: 512 Task Category: WDSServer Description: An error occurred while trying to initialize provider WdsImgSrv from C:\Windows\system32\WdsImgSrv.dll. Since this provider is not marked as critical, Windows Deployment Services server will continue. As well as this … Log Name: Application Source: WDSIMGSRV Event ID: 258 Task Category: WdsImgSrv Level: Error Description: An error occurred while trying to initialize the Windows Deployment Services…

Software Update – kb2920189 & VM Secure boot

Hi All, Yesterday i was updating my lab and i noticed that every single vm was failing to install kb2920189. All my vm’s are running windows server 2012 R2 under a WS2012 R2 host, it means i created a 2nd generation of VM’s and the Secure boot was enabled. Looking at the logs, i found the error 0x800f0922 and if you look at the internet, there are lots of things about this error that was not relevant to the issue here, until i found a forum post that helped me. basically, if you’re having this problem with your 2nd generation machines with secure boot enabled, perform the following tasks: 1- shutdown your VM 2- Edit the VM settings and under Firmware, disable the Enable Secure boot 3- Bring the VM up and install the hotfix 4- Shutdown the VM again 5- Edit the VM settings and under Firmware, Enable the…

SCCM 2012 – SUP – Error: There was an error downloading the software update. (12152)

Hi All, recently i was at a customer site installing SCCM 2012 R2 and i had an issue downloading some updates… The steps were simple. as it was the 1st time, i’ve created an Software Update Group with all Windows 7 updates already released and tried to download it to a deployment package… The wizard was telling me that some updates failed to download with error: There was an error downloading the software update. (12152) and of course, a long list of updates where bellow it. the 1st i thought it was internet/proxy problem, however, there was no proxy involved and i could navigate to the internet without any problem… looking at the patchdownloader.log (it can be under %temp%, C:\Users\\AppData\Local\Temp or \Logs) i saw the following Checking machine config Software Updates Patch Downloader 19/03/2014 09:03:23 5472 (0x1560) Cert revocation check is disabled so cert revocation list will not be checked….

SCCM 2012 – Application Catalog HTTPS Error

Hi All, recently i was at a customer site and that has a single primary site (with all roles on it). They have installed the Application Catalog but it was not working. the SMS_AWEBSVC_CONTROL_MANAGER component was generating the error “Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests. The http status code and text is 500, Internal Server Error. Possible cause: Internet Information Services (IIS) isn’t configured to listen on the ports over which AWEBSVC is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which AWEBSVC is configured to use. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. For more information, refer to Microsoft Knowledge Base.” every hour. Looking the logs, the installation happen without any problem, however, the awebsctl.log was giving me…

SCCM 2012 R2 (Windows Server 2012 R2) Site Component Manager failed to install component SMS_PORTALWEB_CONTROL_MANAGER on server

Application Catalogue Error Server 2012 R2 and SCCM 2012 R2 Site Component Manager failed to install component SMS_PORTALWEB_CONTROL_MANAGER on server <Server Name>. The IIS ASP.NET component is not installed. Solution: Make sure IIS ASP.NET component is installed. Install the following Roles via Server Manager ASP and ASP.NET 3.5 To kick the install off again restart the component service   Look for the the status messages shown below to confirm the installation   Enjoy 🙂

SCCM 2012 – Disable Maintenance Configurator

Hi All, Following Johan blog post about disabling Maintenance Configurator because it is EVIL, i decided to create a baseline for it. The reason is simple, you need to know where it is enabled and disable it if needed, get reports, etc… And how exactly you do that? the answer is simple, you use Configuration Manager DCM (or Compliance Settings on SCCM 2012) Well…it is really easy to do. the 1st thing you need to do is to create a script CI (Configuration Item). add the following powershell script to the discovery part and the following to the remediation part once done, you need to add compliance rule Done. now you need to add it to a baseline (or create a new one and deploy it to a collection)

SCCM 2012 – Software Updates

Hi All, Today I’m going to talk a bit aobut software updates. As you may be aware, softwre update is a “simple” task however, the process behind the software update can be a bit complex. And the reason is simple, what happen if I do this? Well…i don’t want this post to be dealt as “best practices” but a guidance on how to do software update and the reason is simple, many people know how to do, but always want a bit more guidance on what would be better….and remember…not best practices. I always refuse to talk about best practices because it always depends. Let’s imagine the scenario where you have a remote site with 3k users. Should you put a local DP there? maybe a secondary site? Let’s assume that as best practices, you would add a distribution point, but on this scenario, every single server should only be…