Archive for the ‘System Center’ Category

A quick link for reference to what happens in Configuration Manager when all you change is an application or packages source path, but the file contents are still the same?

This is an important point to understand as it does NOT resend all the files back out to DP’s again. This means you can change where you keep your master software repository without having to worry about massive network impacts.

This blog post has an excellent explanation: http://blog.configmgrftw.com/content-distribution-myth/

Advertisements

While installing multiple new ConfigMgr 2012 Management Points I was seeing a non-specific failure with an error code of 1603. Much troubleshooting and any web searches later, I discovered that there were in fact three different issues across the different servers that all failed with the same uninformative error.

  1. HTTPS binding missing in IIS
  2. Old WMI information from previous CM2007 client
  3. BITS not installed correctly

This was really quite bizarre. When I had found the “solution” and tried applying it to other servers I found that they had a different issue, which led to a mix of all three of the above. The old WMI issue being the most prevalent.

(more…)

[Place holder post – FULL POST write up coming shortly]

https://social.technet.microsoft.com/Forums/en-US/3ac88d59-d1b5-4826-a44d-bb94bfd80f66/configmgr-2012-update-source-content-deleted?forum=configmanagergeneral#39c42c3c-d3af-4362-b097-09c022adc86b

An issue where some source folder content of Windows Update deployment packages is deleted for no apparent reason.

Currently waiting for a response from the Microsoft ConfigMgr Product team on if they feel this is an issue worthy of a product update or just a TechNet article warning of the impact

Summary: issues relating to Update deployment packages that are migrated between ConfigMgr hierarchies that share the same source folder location. Automated “orphan cleanup” process will delete content from the folder if one of the hierarchies doesn’t need it, even it the other one still does.

When working with new packages, in particular very large ones, or when performing an action with a wizard that insists on adding distribution points (e.g. Software Update download) I find it helpful to use a “dummy” Distribution Point Group.

The reason for this is simple. For example, I want to create a new Software Updates deployment package that will contain a lot of updates, and using the wizard it requires me to select a target to distribute this new package to. I plan to add other updates or make further changes so I don’t really want (or need) it to be sent to an actual DP just yet. This is especially true when creating temporary update source content (another issue for another post).

To work around this, I just create a “Blank”, or testing Distribution Point Group with no members. This DP Group is perfectly fine to use in the wizard and allows the package source to be created and downloaded without then needing to wait for it to be sent to the DP.

This post is going to be more of a “brain-dump” post of thoughts and ideas around the process of using ConfigMgr to deploy Microsoft updates in your environment. There are already numerous “guides” on the net already, so why?

This may or may not be a long read. It will just be my thoughts at this stage, with later posts (possibly) going into details of the pros and cons of different approaches and issues encountered. All feedback or experiences you would like to share are most welcome, and I’ll incorporate new ideas and points to consider into the post

(more…)

Sigh. Turns out this is one of those “obvious” facepalm issues. Posting the issue anyway in the event other people come across it.

Windows clients on Configuration Manager 2012 R2 are not applying power policies at all. Standard Windows power settings still applied and available.

  •  Client policy enabled for applying power settings
  • Collection has a power policy configured (either pre-existing or custom)
  • No Group Policies configured to apply any sort of power settings
  • Client in collection
  • PolicyEvaluator.log and PolicyAgent.log both indicate the policy has been applied by the client
    • Policy appears with the CollectionID as a reference
  • No power configuration change occur on the target workstation
  • Lots of activity in pwrmgmt.log, but nothing seem specific to the policy I have configured, and no errors
  • PwrProvider.log just repeats message: “Failed to read ValueUnitsSpecifier” and nothing else
  • No Windows Event Viewer messages stand-out as related to this issue

(more…)

This issue isn’t specifically related to Configuration Manager or Windows Updates, but it does seem that Windows Updates itself could behave better to prevent this.

When Windows Updates attempts to connect to the WSUS server (or SUP), you will see the WINDOWSUPDATE.LOG show the client attempting to open the client.asmx file from the WSUS server. The lines following show this connection failing with “SyncUpdates failure, error = 0x8024401B, soap client error = 10, soap error code = 0, HTTP status code = 407” followed by several more 0x8024401b errors.

updates-notworking

(more…)

Another “reminder where stuff is” post. This time for the Endpoint Protection logs. These should be the same for pretty much any version as far as I know, but I’m looking specifically at System Centre Endpoint Protection (SCEP) included as part of Config Manager 2012.

Log locations:

  • %allusersprofile%\Microsoft\Microsoft Antimalware\Support—Log files specific for the antimalware service
  • %allusersprofile%\Microsoft\Microsoft Security Client\Support—Log files specific for the SCEP client software
  • %windir%\WindowsUpdate.log—Windows Update log files, which include information about definition updates
  • %windir%\CCM\Logs\EndpointProtectionagent.log – Shows Endpoint version and policies applied
  • %windir%\temp\MpCmdRun.log – Activity when performing scans and signature updates
  • %windir%\temp\MpSigStub.log – Update progress for signature and Engine updates

References:

http://technet.microsoft.com/en-us/library/gg477022.aspx

This is one of those really simple and stupid problems that had me stuck for a while. I kept getting distracted with other things so it took a while before I got around to looking into it properly.

About a week after upgrading ConfigMgr 2012 to R2 I noticed some of the rebuilt servers didn’t have the Endpoint agent installed. The clients were working correctly, deploying windows updates and software deployments fine. Client Policy and inventory processing correctly, Endpoint Policy was assigned to machine in console and appearing on client (policyspy)

On new computers, Endpoint Protection did not install at all, and on computers when SCEP setup run manually, Endpoint policy never applies. Registry key indicates no policy is applied, even though “Generated Policy shows the correct values

(more…)

First off just to clarify, I am not a SQL guru, so on this topic I “know of” the feature but don’t really know that much about it.

We recently experienced a problem building a new Primary Site where the database replication links to the CAS failed and nothing we tried could fix the links. We resorted to completely uninstalling the site, deleting the Primary database and rebuilding the entire server OS from scratch. No matter what, the links replication just would not work.

RCMCTRL.LOG – Lot’s of these types of errors
Error: Replication group “Hardware_Inventory_4” has failed to initialize for subscribing site H01, setting link state to Error.

Error: Exception message: [ALTER TABLE SWITCH statement failed. Source and target partitions have different values for the DATA_COMPRESSION option.]

As it turns out, the SQL DBA’s had enabled a wonderful new feature in SQL2012 called Data Compression. In SQL land it probably makes sense and does wonderful things, but in ConfigMgr world it’s BAD.

(more…)