In System Center Configuration Manager 2012 Release 2, Service Pack 1, Cumulative Update 1. There is a bug. If you try to do offline servicing to a Windows 10 Operating System Image (also known as a Scheduled Update) there will be exactly zero visible software updates in the console to apply to the image. It’s annoying but it takes only 30 seconds to fix. But why does this happen? I’ll show you!
This is from SMSProv.log at the same time I tried to Schedule an update and as » Continue Reading
Sometimes what seems so easy turns out to be a little bit more complicated.
If you install the MDT-extensions for SCCM 2012 you will get the excellent option to add roles and features. It turns out that only .Net Framework 4.5 will actually install and not 3.5 if you’re installing Windows 8 / Server 2012. The media is on the source media (*.iso/DVD) but not a part of Windows by default.
You try to connect to the SCCM 2012 Data Source but Report Builder throws this error:
“A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.)”
This is because the connection needs to be authenticated by the means of a certificate that is on the SQL-server which your client doesn’t have. You need to export the “ConfigMgr SQL Server Identification Certificate” from your SQL Server Personal store to your clients Trusted Root store. Here’s a How-To: » Continue Reading
A lot of people use a Task Sequence to deploy applications after the Operating System has been installed. A customer of mine had an incident where the TS hung because Hotfix KB2761938 wasn’t installed on the clients. This stopped the clients from receiving applications. Except for installing the hotfix on the clients there’s a pretty easy fix for this.
But first, here are the symptoms of a hung Task Sequence:
Isn’t it annoying when a customer has a “bad” AD-structure that makes it impossible to run user-discovery or system discovery often enough? By “bad” AD-structure I mean putting computers or users for an entire organization in one OU for example. The drawback of not being able to run User/System-discovery often enough is that users will have to wait for their applications after the computer is installed since SCCM doesn’t know about the group memberships until the discovery tasks are run.
I’ve come up with a method for inventoring only one computer/user. In this first post of two I’ll describe the process for users, which is useful if you run user-based installations. » Continue Reading
Yes, you can place the cursor on the Package Folder in the SCCM-console and select
Show->Export List to export all packages in a folder. BUT. There seems to be a limit to maximum 500 packages so you will not get all packages in your folder if you have a lot of them. AND maybe someone in management want the report as a webreport too… So here are the three things you need to do.
1. Create the Report. Easy, I’ve got it here for you:
SELECT v_Package.PackageID, v_Package.Name, vSMS_Folders.Name AS Expr1 FROM v_Package INNER JOIN vFolderMembers ON v_Package.PackageID = vFolderMembers.InstanceKey INNER JOIN vSMS_Folders ON vFolderMembers.ContainerNodeID = vSMS_Folders.ContainerNodeID WHERE (vSMS_Folders.Name LIKE @Foldername) » Continue Reading
With Windows 7, creating a report in SCCM for all your computers is really simple. First you need to expand your sms_def.mof file to gather the Bitlocker status data that is stored in WMI on your clients.
Insert this at the bottom of
%Program Files%\Microsoft Configuration Manager\inboxes\clifiles.src\hinv\sms_def.mof
[ SMS_Report (TRUE), » Continue Reading
I really had to scratch my head to solve this task. Maybe there’s an easier way to do this but this is how I solved a problem with a customer that only wanted to migrate one specific folder with USMT. All their users save all their personal data on their C-drive in a folder with a common name. I’ll call the local folder “Personal Data” in this blog post.
USMT is not good at opting in specific folders only. It’s more built to migrate everything plus that extra folder you need and then opt out some folders or filetypes that shouldn’t be included. But how do you exclude the C-Drive and at the same time include only one folder from the same drive?
Simply exclude C:\ and Include the “Personal Data”-folder and use the parameter to disregard all profiles. USMT can handle an Inclusion that is part of an Exclusion as long as the folders are in different components in the XML-file. See below. (Look at this article on Technet for more info on how USMT handles conflicts and precedence.)
That almost works.
It turns out USMT has some very quirky behavour. It did migrate my “Personal Data” folder but it also migrated all my *.wav default sounds in the Windows folder, some fax-coversheets and even some *.dll files that definitely wasn’t specified by me to be included. So, the solution was to exclude three folders that USMT tried to migrate anyway. The folders that were included by USMT contrary to my settings where these: C:\Program Files, C:\Windows and C:\ProgramData.
The goal of this article is to describe how to insert Software Updates into the Base Image, the Windows-image you want to base your Operating System deployment on, in SCCM Native Mode.
In order to shorten the installation time of the operating system for your end-users you want to include as many patches and updates as possible in the image you’re deploying. But you want to include as few programs as possible so that you don’t end up updating your Golden base image every two weeks…
Obviously you will want to update your image with new Software Updates every once in a while – but that will not be manual labour but automated in the task-sequence that builds the Base Image.
I could have written a book about all the things I tried to get this to work… Let’s just establish the fact that Software Updates and in particular WSUS must have been written the morning after some very big Microsoft launch party… ;-)
That said. I finally managed to get this to work. It took a a week of Googling, trial and error, troubleshooting, late nights and lots of coffee. And the silly thing is that’s it pretty easy to get it to work – if you know exactly what to do. As always.
I’ll summarize what this article does:
- Use only one Hotfix (KB2509007).
- Use SLP as a parameter for your CM-client.
- Check “Allow HTTP for roaming…” and rebuild the boot-image.
- Run a script to trigger software updates scan and run it a couple of times!
I just have to mention this great link. When you’re done with an OS-Deployment and eventually want to remove the computer from the install collection, a common way to do this is with a script in the end of the Task Sequence. But this is a much sexier way to do it, by removing the computer from the CM-server when the status message from the Task Sequence is marked as finished.