Configuration Manager 1610 adventures

Yes, we skipped 1602 and went to 1606 in our Dev environment, but due to various change freezes, conflicts with other projects and change management delays we have decided we will be going from 1511 direct to 1610 in Prod.

The Dev upgrade went OK (using the “FastRing” powershell script) however it was then announced there were some additional bugs found and a newer 1610 installed was released. The updates though have not as yet been posted to update the people that had run the original 1610 install…

(more…)

Configuration Manager 1602 adventures

Each new update of ConfigMgr I will start a new entry for anything specific to that version I want to test or make notes of.

(more…)

Windows 10 Speech language missing

 

As part of the Insider program I get rather frequent upgrades to Windows 10. Each time the upgrade installs it resets my speech language to “English (United States)” which means Cortana stops working as my Region is set to “Australia”

I also use ConfigMgr to handle updates on my network (this would also apply for people using WSUS) so when I go into the Region & language settings I don’t get the Speech feature appearing under the “English (Australia)” options.

Luckily, it is relatively easy to sort out.

SOLUTION:

(more…)

ConfigMgr Management Point fails to install with error 1603

While installing multiple new ConfigMgr 2012 Management Points I was seeing a non-specific failure with an error code of 1603. Much troubleshooting and any web searches later, I discovered that there were in fact three different issues across the different servers that all failed with the same uninformative error.

1. HTTPS binding missing in IIS
2. Old WMI information from previous CM2007 client
3. BITS not installed correctly

This was really quite bizarre. When I had found the “solution” and tried applying it to other servers I found that they had a different issue, which led to a mix of all three of the above. The old WMI issue being the most prevalent.

(more…)

Configuration Manager Update source content being deleted

[Place holder post – FULL POST write up coming shortly]

https://social.technet.microsoft.com/Forums/en-US/3ac88d59-d1b5-4826-a44d-bb94bfd80f66/configmgr-2012-update-source-content-deleted?forum=configmanagergeneral#39c42c3c-d3af-4362-b097-09c022adc86b

An issue where some source folder content of Windows Update deployment packages is deleted for no apparent reason.

Currently waiting for a response from the Microsoft ConfigMgr Product team on if they feel this is an issue worthy of a product update or just a TechNet article warning of the impact

Summary: issues relating to Update deployment packages that are migrated between ConfigMgr hierarchies that share the same source folder location. Automated “orphan cleanup” process will delete content from the folder if one of the hierarchies doesn’t need it, even it the other one still does.

Microsoft Updates deployment with Configuration Manager – Braindump

This post is going to be more of a “brain-dump” post of thoughts and ideas around the process of using ConfigMgr to deploy Microsoft updates in your environment. There are already numerous “guides” on the net already, so why?

This may or may not be a long read. It will just be my thoughts at this stage, with later posts (possibly) going into details of the pros and cons of different approaches and issues encountered. All feedback or experiences you would like to share are most welcome, and I’ll incorporate new ideas and points to consider into the post

(more…)

Configuration Manager Power Policies not applying

Sigh. Turns out this is one of those “obvious” facepalm issues. Posting the issue anyway in the event other people come across it.

Windows clients on Configuration Manager 2012 R2 are not applying power policies at all. Standard Windows power settings still applied and available.

•  Client policy enabled for applying power settings
• Collection has a power policy configured (either pre-existing or custom)
• No Group Policies configured to apply any sort of power settings
• Client in collection
• PolicyEvaluator.log and PolicyAgent.log both indicate the policy has been applied by the client
  • Policy appears with the CollectionID as a reference
• No power configuration change occur on the target workstation
• Lots of activity in pwrmgmt.log, but nothing seem specific to the policy I have configured, and no errors
• PwrProvider.log just repeats message: “Failed to read ValueUnitsSpecifier” and nothing else
• No Windows Event Viewer messages stand-out as related to this issue

(more…)

Endpoint Protection Log locations

Another “reminder where stuff is” post. This time for the Endpoint Protection logs. These should be the same for pretty much any version as far as I know, but I’m looking specifically at System Centre Endpoint Protection (SCEP) included as part of Config Manager 2012.

Log locations:

• %allusersprofile%\Microsoft\Microsoft Antimalware\Support—Log files specific for the antimalware service
• %allusersprofile%\Microsoft\Microsoft Security Client\Support—Log files specific for the SCEP client software
• %windir%\WindowsUpdate.log—Windows Update log files, which include information about definition updates
• %windir%\CCM\Logs\EndpointProtectionagent.log – Shows Endpoint version and policies applied
• %windir%\temp\MpCmdRun.log – Activity when performing scans and signature updates
• %windir%\temp\MpSigStub.log – Update progress for signature and Engine updates

References:

http://technet.microsoft.com/en-us/library/gg477022.aspx

“Required” Automatic Deployment Rules

The Automatic Deployment Rule (ADR) feature in ConfigMgr2012 is quite handy, especially for people moving from WSUS that aren’t too worried about updates being automatically deployed.

Many larger organisations however tend to have a more controlling approach to which updates are approved for deployment and will approve/decline each update as required.

One thing I liked in WSUS was the ability to have updates automatically approved, but being able to set the client policy to say “Notify Only”. On my servers I could have them scan and determine applicable updates, but then I would manually approve them and reboot as required, or I could exclude some updates if they were causing problems on a per-server basis (e.g. .NET). Sure you could do all that through WSUS itself if you wanted to setup lots of different computer groups, but for small environments with half a dozen servers it’s easier this way.

In ConfigMgr2012, there is no way to “auto create” and update group unless you use an ADR. However the ADR configuration makes all deployments Mandatory with a deadline and does not give a “Required” notify only type option.

(more…)

Windows 7 / 8 OSD pauses on Installing Software Updates

Last update: 6/2/2014 Link to Microsoft TechNet article response

When runnning a Windows 7 or Windows 8 OSD install task sequence on ConfigMgr 2012 SP1 (CU2 and CU3), I’ve noticed that it seems to get stuck and appears to hang for a while when it gets to the “Install Software Updates” step. Typically it will sit there for 5- 10 minutes or so with no apparent activity before it starts applying the updates as required. The updates do eventually apply and the build completes as normal.

(more…)