Clear SCCM 2012 PXE Advertisements

I just spent a half day searching through SCCM collections, databases, PXE logs, etc to find a fairly easy fix (once you find it!!)  Disclaimer:  I’m using IE Nomad with PXE Lite, however this should work on straight SCCM PXE boot from DP’s as well.

The symptom is something like this:

  • PXE boot a bare metal machine and SCCM starts imaging the workstation
  • For whatever reason (network, hardware, bad task sequence, drivers, etc) the image fails.
  • You restart the PC and try to PXE boot again.
  • Instead of PXE booting – you get the following message:  PXE Boot aborted. Booting to next device…

It seems the machine is kind of stuck in limbo at this point.  The only other way I could complete the image is use physical boot media.

Some of the troubleshooting steps I took before finding the solution:

  • Searched for the workstation MAC address in SCCM – both using a collection query and SQL.  No hits
  • Searched for IP – no hits
  • Searched by MININT name – no hits
  • Right click collections and select “clear require PXE advertisements” – no luck

Solution:

Go into SCCM 2012 Console – Assets and Compliance – Device Collections – All Desktop and Server Clients

Search for Unknown

 

PXEFailureSCCM

 

 

Right click any unknown records and delete them.  Then try the PXE boot again.It should work!

 

Share
Posted in SCCM 2012 | Tagged , , , , , | Leave a comment

Finding Workstations or Servers Without SCCM Client Installed

A quick query that creates a collection of workstations or servers missing the SCCM client.  This is especially useful for environments without the SCCM client push enabled.

Step 1

Create a collection that you will use as a limiting collection – for example “All Windows 8 Devices”, “All Windows Servers”, etc.  In this example, we’ll use all Windows Servers.  Limit this to All Systems to catch both cliented and un-cliented machines.

An example code would look like this.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (SMS_R_System.OperatingSystemNameandVersion like “Microsoft Windows NT Server 5%” or SMS_R_System.OperatingSystemNameandVersion like “Microsoft Windows NT Advanced Server%” or SMS_R_System.OperatingSystemNameandVersion like “Microsoft Windows NT Server 6%”)

Step 2

Create another collection called something like “All Servers Without SCCM Client.  You’ll limit this collection to the one created above.

SQL code for this query is:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (SMS_R_System.Client is null  or SMS_R_System.Client = 0) and SMS_R_System.Name != “Unknown”

 

This should give you a collection of servers that do not have the client installed.  You can use a ping test to see which ones are active and push the client.

Share
Posted in SCCM 2007, SCCM 2012 | Tagged , , , | Leave a comment

How to Stop an System Center Configuration Manager (SCCM) Client Push

If you ever do a big oops and hit the “install client” action on a full collection instead of a single machine, there’s an easy way to fix this before you bring your network down to a crawl.

 

 

Software Push 1

First, I stop the SMS Exec service, and browse to your <SCCM install dir>\inboxes\ccr.box folder.  You should see tons of records in this folder.  Just select all files (minus the top 2 folders), and delete them.  You should then have an empty folder like this – then you can restart the SMS Exec service and be good to go!

CCR Box

Share
Posted in SCCM 2007, SCCM 2012 | Tagged , , | Leave a comment

System Center 2012 R2 Release Date October 18, 2013

The title says it all.  We finally have a release date for System Center 2012 R2 (and also Win 8.1). 

Here’s a good link via WindowsITPro that highlights some of the new features of R2

http://blogs.technet.com/b/in_the_cloud/archive/tags/what_2700_s+new+in+2012+r2/

It’s quite a bit of reading, and much doesn’t apply to me.  I didn’t see anything earth shattering – but its worth an hours read.

 

Share
Posted in System Center 2012, Windows OS | Tagged , , , | Leave a comment

SCCM 2012 SP1 CU2 Released

A few days late to the game, but I see SCCM 2012 SP1 CU2 has been released.

Download here:  http://support.microsoft.com/kb/2854009

From the release notes:

Administrator Console

  • The Add Site Server Roles Wizard incorrectly blocks adding a site server when the first word of the server’s fully qualified domain name is longer than 15 characters.
  • Multiple nodes and property sheets in the Administrator Console can now be announced correctly by screen reader software.

Application Virtualization

  • Virtual Application packages that are saved on a Distributed File System (DFS) share may not migrate from Configuration Manager 2007 to Configuration Manager 2012. Errors that resemble the following are logged in the MIGMCTRL.log file:

    Failed to connect to share \\production\dfs\Virtual Applications\App Source : Error 0×80070520
    Impersonation is reverted.
    Set the status of the entity Virtual Application 1 to Failed.
    Set the status of the job entity Virtual Application 1 to Failed.
    Microsoft.ConfigurationManagement.Migration.MigrationException: Failed to connect to share \\production\dfs\Virtual Applications\App Source : Error 0×80070520

  • Nonalphanumeric characters in the CertificateIssuers string cause site assignments not to work
    (http://support.microsoft.com/kb/2841764/ )

    in a System Center 2012 Configuration Manager Site environment.

Operating system deployment

  • Task Sequences may ignore the Multicast Only flag when downloads are performed within the full operating system instead of Windows PE.
  • A task sequence that has multiple “Install Application” steps may fail. Additionally, the following error message is logged in the SMSTS.log file:

    Error Task Sequence Manager failed to execute task sequence. Code 0×80004005

  • Clients may not download a new operating system image when custom ports are defined for the site server. The SMSTS.log file will contain error messages that resemble the following:

    WinHttpQueryHeaders() returns status code 404 (Not Found)
    SendWinHttpRequest failed. 80190194.
    DownloadFile failed. 80190194.
    Error downloading file from http://siteserver.contonso.com:80/SMS_DP_SMSPKG$/CAS0000A/sccm?/install_ipremote.cmd to C:\_SMSTaskSequence\Packages\CAS0000A\install_ipremote.cmd
    DownloadFiles failed. 80190194.

  • Cumulative Update 2 offers limited support for deployment of Windows PE 3.1-based images. These images must be completed before they are added to the site server. If later changes are needed, they can be made by using the Deployment Image Servicing and Management (DISM) tool. Any Distribution Points that have the old image must be updated.

    The following optional components have to be installed beforehand:

    • WinPE-Scripting.cab
    • WinPE-WMI.cab
    • WinPE-WDS-TOOLS.cab

    The following operations are not supported:

    • Installing additional optional component through Configuration Manager
    • Adding drivers
    • Setting scratch space
    • Configuring prestart command
    • Configuring background image file
    • Enabling and disabling command prompt support (debug mode)

Asset Intelligence

  • “Software 09B – Computers with infrequently used software installed” reports do not contain accurate data for Windows Installer-based applications that are updated.

Mobile device management

  • Windows Mobile 6.5 devices no longer receive application policies after the site server is upgraded from the release version of Configuration Manager 2012 to Configuration Manager 2012 Service Pack 1.

Software distribution

  • The content status of a package is stuck in the “In progress – Waiting for Content” status
    (http://support.microsoft.com/kb/2828900/ )

    in System Center 2012 Configuration Manager SP1.

  • Content status may show a state of “Unknown” when a distribution point on a Configuration Manager 2007 Secondary Site is upgraded to Configuration Manager 2012.
  • Status messages from pull-distribution points are now routed through management points instead of directly to site servers. This decreases the site server performance effect of having multiple pull-distribution points.

Updated list of supported Linux and UNIX clients

  • The list of supported UNIX and Linux platforms is updated to include x86 and x64 versions of the following:
    • Ubuntu 12.04
    • Ubuntu 10.04
    • Oracle Linux 5
    • Oracle Linux 6
    • CentOS 5
    • CentOS 6
    • Debian 5
    • Debian 6

Site systems

  • Status Manager may not process changes to built-in Status Filter Rules on localized Configuration Manager installations. Entries similar to the following may be logged in the STATMGR.log file:

    ERROR: The component item for SMS_STATUS_MANAGER in the master site control file does not contain property list items for a status filter named “SMS_STATUS_MANAGER”, or those property lists are corrupt or badly formatted.

  • Installation of the Client Notification component (bgbisapi.msi) will fail on sites that have custom websites (SMSWEB) or custom ports that are defined. The BGBSetup.log will contain the following errors messages:
    bgbisapi.msi exited with return code: 1603
    Backing up X:\Program Files\Microsoft Configuration Manager\logs\bgbisapiMSI.log to X:\Program Files\Microsoft Configuration Manager\logs\bgbisapiMSI.log.LastError
    Fatal MSI Error – bgbisapi.msi could not be installed

    The bgbisapiMSI.log will also contain errors that resemble the following:

    ERROR: Failed to configure sms ports ’0×80020009′.
    ERROR: Failed to process port information.
    @@ERR:25011
    Product: BGB http proxy — Internal Error 25011. 80020009
    Internal Error 25011. 80020009
    CustomAction CcmCreateIISVirtualDirectories returned actual error code 1603

  • Active Directory User and Group Discovery methods may not update group relationship data when the “Enable delta discovery” option is selected.

Configuration Manager SDK

  • The CPApplet.CPAppletMgr Automation object returns error 0×80040154 when you use the object on a 64-bit operating system that has Configuration Manager Compatibility Shims (32BitCompat.msi) installed.

Client

Cumulative Update Setup Wrapper (Installer)

  • The installer can now be run again on the same site server to create or to re-create deployment assistance items (packages and programs).
  • The installer can update the Administrator Console directly when the installer is run on a site server or on a workstation where the console is installed. Earlier versions of the installer only copied the Administrator Console update (.msp) to the file system, and the console update had to be installed separately. The previous installation method of installing the update manually is still supported.
  • The logging format is improved to increase detail for tracking progress or for troubleshooting installation failures.


Share
Posted in SCCM 2012 | Leave a comment

VMWare Workstation with Windows Server 2012 Black Screen After VMWare Tools Install

Had an interesting issue today while recreating a new SCCM 2012 SP1 lab environment.  I loaded it up on VMWare Workstation (yeah, I know, the OTHER guys)…. and then installed VMWare tools on my Server 2012 VM.  After a reboot I noticed I could see the BIOS, then a bootup sequence with Windows, then all black.  Could tell my mouse went into something…

After digging a bit I found the fix.

Under the VM settings, go to display and check “Accelerate 3D graphics”.  Force a reboot and it should come up just fine.


Share
Posted in Server 2012, VMWare | Tagged , , , , | 2 Comments

New Microsoft Zero-Day Internet Explorer Vulnerability

It looks like there’s a pretty serious zero day vulnerability that’s currently being exploited.

No word if Microsoft is planning on releasing an out of band patch or waiting until patch Tuesday next week.

Some details and links (including the planned “OpsUSA” attack)

http://technet.microsoft.com/en-us/security/advisory/2847140

Microsoft FIX IT Utility – http://support.microsoft.com/kb/2847140

FBI Flash DDOS Scripts

http://docs.ismgcorp.com/files/external/Brobot_Flash_Report.pdf

Krebs on Security

http://krebsonsecurity.com/2013/05/dhs-opusa-may-be-more-bark-than-bite/

Attack information: (adult language)
http://pastebin.com/TyvAK20F

Publicized Target list:
http://pastebin.com/LXHKjsfg

Share
Posted in Patch Management | Tagged , , , , | Leave a comment

Managing Third Party Updates with System Center Configuration Manager

Patch Management

Patch Management

If you missed Kent Agerlund’s MMS 2013 session, or didn’t make it all … I strongly encourage everyone to check out this webinar scheduled for May 13.

Kent Agerlund is a Microsoft MVP working with Coretech, and widely known as one of the best System Center guys around. 

From the invitation:

Whether you attended MMS 2013 or not, this is a must attend webinar! Get the chance to gain some of the knowledge from MMS 2013, as well as get your questions answered by Kent Agerlund from Coretech, a Microsoft Configuration Manager MVP.During this 45 minute webinar, Kent Agerlund will provide you with tips and tricks to solve the daily challenges around patching your environment with Microsoft and non-Microsoft updates. You will learn how to design and configure a software update solution that will be easy to manage, yet powerful enough to maintain your server and desktop environment. Lastly, he will go through how you can patch 3rd party applications in SCCM and his key learning’s on how to manage common challenges in this area.

About Kent Agerlund, Coretech
Configuration Manager MVP. Microsoft Certified Trainer and Senior Consultant. Kent has been working with SMS since 1997 and as a trainer / consultant since 1992. In addition, he is Co-founder of System Center User Group Denmark in 2009.

Certified MCITP: Enterprise Administrator, MCSA + Messaging, MCT and Technology Specialist in Configuration Manager, MDOP and Windows 2008 R2 and much more.

Member of:
Microsoft Denmark System Center Partner Expert Team , The Danish Technet Influencers program , System Center Influencers Program.

Sign up herehttps://www.brighttalk.com/webcast/8113/74379
May 13 2013 1:00 pm (CDT)
 


Share
Posted in Patch Management, SCCM 2012, SCUP 2011 | Tagged , , , | Leave a comment

The countdown: Less Than One Year for XP End of Support!

During MMS 2013 – a theme was reiterated over and over… we’re now down to 1 year of XP support. 

Microsoft will end Extended Support on April 8, 2014.

If you are a Windows 7 migration engineer - that means you will be very busy in the next 12 months converting remaining systems to Windows 7. 

Here’s a few key points from a Microsoft blog that I saw last week at MMS 2013.

http://blogs.windows.com/windows/b/springboard/archive/2013/04/08/365-days-remaining-until-xp-end-of-support-the-countdown-begins.aspx

 

  • On April 8, 2014, we will end the extended support for our commercial customers and we will no longer provide security updates for commercial or consumer customers.
  • Simply, it means you should take action to move off of Windows XP. After April 8, 2014, there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. Running Windows XP SP3 and Office 2003 in your environment after their end of support date may expose your company to potential risks, such as:
    • Security & Compliance Risks: Unsupported and unpatched environments are vulnerable to security risks. This may result in an officially recognized control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the organization’s inability to maintain its systems and customer information.
    • Lack of Independent Software Vendor (ISV) & Hardware Manufacturers support: Back in 2011, many independent software vendors (ISVs) were already unlikely to support new versions of applications on Windows XP.

Yes, that’s correct.  NO NEW SECURITY PATCHES AFTER APRIL 2014

Talk about a hackers paradise!

Share
Posted in Patch Management, Windows OS | Leave a comment

Problem Microsoft Security Patch MS13-036

Well, I am back from MMS 2013 just in time to remediate an April Microsoft security patch that’s caused mutiple problems.  The symptons are systems basically failing to boot after loading the patch to random applications not opening and/or crashing.

Right now it looks like Microsoft has pulled the patch until a fix is completed.  In the meantime – you’ll want to disable or remove this patch from SCCM or your software distribution product. 

Here’s the details

http://support.microsoft.com/kb/2823324

Removal Steps for Windows 7

http://support.microsoft.com/kb/2839011

Although the problem only seems to affect Windows 7 – its also available for XP.  Not sure if XP is affected or not. 

 

Share
Posted in Patch Management, Windows OS | Leave a comment
« Older