server

SCCM-Migrating form HTTP to HTTPS

Hi All, have you ever needed to migrate a SCCM 2012 (or Current Branch) environment from HTTP to HTTPS? if you have, you know that it is quite easy, but there are some challenges, when things go wrong, off course :)… The steps I normally take (and I hope I haven’t forgotten any :)) are: 1- Create the certificate Template (ConfigMgr Clients (if the workstation is not already in place), ConfigMgr IIS Servers and ConfigMgr DP Servers) 2- Request the certificates 3- on the IIS servers, change the bind to allow HTTPS port (default 443) and select the certificate 4- Export the Root CA (and any other CA) certificate and import it into SCCM. Note, do not force the SCCM to use PKI, instead, allow it to use HTTP or HTTPS.. 5- for each client, confirm that the Client Certificate is set to PKI (you can easily check the HKLM\Software\Microsoft\CCM\HttpsState…

SCCM 2012-Find TS Reference without AutoInstall settings

Hi All, it is a common problem when using OSD to install apps, to forget to select the “Allow this program to be installed from the Install Software task sequence without being advertised” application setting. same for the packages/programs, where people forget to select the “Allow this program to be installed from the Install Package task sequence without being deployed” on the program settings. When this happen, you will normally see the Task Sequence failing with error 0x80004005 and looking at the logs, you’ll see No matching policy assignments received. Policy download failed, hr=0x80004005 When this happen, you need to enable the setting and start it again, but you easily lost couple of hours doing it already. Microsoft has a good blog post on how to enable it here, however, it does not show you what apps or packages/program you need to change. So i created a simple (and dirty)…

Software Update – kb2920189 & VM Secure boot

Hi All, Yesterday i was updating my lab and i noticed that every single vm was failing to install kb2920189. All my vm’s are running windows server 2012 R2 under a WS2012 R2 host, it means i created a 2nd generation of VM’s and the Secure boot was enabled. Looking at the logs, i found the error 0x800f0922 and if you look at the internet, there are lots of things about this error that was not relevant to the issue here, until i found a forum post that helped me. basically, if you’re having this problem with your 2nd generation machines with secure boot enabled, perform the following tasks: 1- shutdown your VM 2- Edit the VM settings and under Firmware, disable the Enable Secure boot 3- Bring the VM up and install the hotfix 4- Shutdown the VM again 5- Edit the VM settings and under Firmware, Enable the…

SCCM 2012 – SUP – Error: There was an error downloading the software update. (12152)

Hi All, recently i was at a customer site installing SCCM 2012 R2 and i had an issue downloading some updates… The steps were simple. as it was the 1st time, i’ve created an Software Update Group with all Windows 7 updates already released and tried to download it to a deployment package… The wizard was telling me that some updates failed to download with error: There was an error downloading the software update. (12152) and of course, a long list of updates where bellow it. the 1st i thought it was internet/proxy problem, however, there was no proxy involved and i could navigate to the internet without any problem… looking at the patchdownloader.log (it can be under %temp%, C:\Users\\AppData\Local\Temp or \Logs) i saw the following Checking machine config Software Updates Patch Downloader 19/03/2014 09:03:23 5472 (0x1560) Cert revocation check is disabled so cert revocation list will not be checked….

SCCM 2012 – Application Catalog HTTPS Error

Hi All, recently i was at a customer site and that has a single primary site (with all roles on it). They have installed the Application Catalog but it was not working. the SMS_AWEBSVC_CONTROL_MANAGER component was generating the error “Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests. The http status code and text is 500, Internal Server Error. Possible cause: Internet Information Services (IIS) isn’t configured to listen on the ports over which AWEBSVC is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which AWEBSVC is configured to use. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. For more information, refer to Microsoft Knowledge Base.” every hour. Looking the logs, the installation happen without any problem, however, the awebsctl.log was giving me…

SCCM 2012 – Disable Maintenance Configurator

Hi All, Following Johan blog post about disabling Maintenance Configurator because it is EVIL, i decided to create a baseline for it. The reason is simple, you need to know where it is enabled and disable it if needed, get reports, etc… And how exactly you do that? the answer is simple, you use Configuration Manager DCM (or Compliance Settings on SCCM 2012) Well…it is really easy to do. the 1st thing you need to do is to create a script CI (Configuration Item). add the following powershell script to the discovery part and the following to the remediation part once done, you need to add compliance rule Done. now you need to add it to a baseline (or create a new one and deploy it to a collection)

SCCM 2012 – Software Updates

Hi All, Today I’m going to talk a bit aobut software updates. As you may be aware, softwre update is a “simple” task however, the process behind the software update can be a bit complex. And the reason is simple, what happen if I do this? Well…i don’t want this post to be dealt as “best practices” but a guidance on how to do software update and the reason is simple, many people know how to do, but always want a bit more guidance on what would be better….and remember…not best practices. I always refuse to talk about best practices because it always depends. Let’s imagine the scenario where you have a remote site with 3k users. Should you put a local DP there? maybe a secondary site? Let’s assume that as best practices, you would add a distribution point, but on this scenario, every single server should only be…

Install Client action is disabled for unsupported value

Hi All, recently i was at a customer and noticed one event viewer quite annoying Level: Error Source: Critial EventID: 3 Data: Install Client action is disabled for unsupported value of ResoruceType, ClientType or Unknown The interesting thing was on the smsadminui.log [25, PID:5284][11/15/2013 09:55:18] :Install Client action is disabled for unsupported value of ResoruceType, ClientType or Unknown but why this was happening was not clear for me, until my fellow friend MVP Jason Sandys guesses that this would be when you right clicking on a resource in the console so that it knows whether or not to enable the install client option on the context menu. Because of the ribbon bar, it may happen on normal left click selection also. I went and checked this and for some reason it did no happened again, however, as i was doing some OS Deployment tests, i had a “Unknown” record and…

SCCM 2012 – Scan failed with error = 0x80244019

Hi All, recently i was at a customer and one of the client machines were getting the following error (looking at the WUAHandler.log) when trying to initiate the Software Update scan cycle: OnSearchComplete – Failed to end search job. Error = 0x80244019. Scan failed with error = 0x80244019 using CMTrace, i discovered that the error 0x80244019 means Same as HTTP status 404 – the server cannot find the requested URI (Uniform Resource Identifier). I went back to the server and checked everything. I did not noticed anything wrong with it. The IIS was there, working fine. Other machines were connecting to it and getting updates. As the customer had other name resolution problems, i thought that this could be something down to the name resolution (FQDN) and/or proxy/firewall. checking the proxy settings did not make any difference. I even followed the KB900935 – How the Windows Update client determines which…

SCCM 2012 – CM12R2RegistrationRequest

Hi All, while ago, i created the ConfigMgrRegistrationRequest . This tool was written in C# and used the beta/RC version of the CM12 SP1 SDK. Since then, i started to move all my scripts from any language (vbscript, c#, etc) to powershell and today i’m happy to announce the beta version of the CM12R2RegistrationRequest. If you don’t know what this tool is, let me explain: This tool allow you create fake clients in the configuration manager enviornment. but you may be thinking why someone wants that? Easy.. 1- size of your database 2- test reports 3- load Once you run the tool, it will open a file called Import.csv (where you need to change the domain, site code, ip address, etc) and create a new record for each new PC. It will also send a DDR, request policy and send a test hardware inventory. As you may notice, there are…