Month: October 2012

CM12 Software Updates Gotcha

Posted on Updated on

An added feature to ConfigMgr 2012 is the ability to directly deploy software updates without them being a deployment group.  This can result in a “gotcha” moment when update are incidentally deployed to systems.  This situation occurred to me recently when IE9 was deployed to a collection (fortunately non-mandatory!) but I could not find that update in any deployment group.  If it has been deployed as part of many updates, then this would have never occurred and I could have easily removed the update.

The way to get yourself into this predicament is by doing the following.  Note: this is just a lesson, don’t actually do this in production!

  1. In the console, navigate to Software Library > Software Updates > All Software Updates
  2. Select a single updates to install
  3. Select “Deploy” on the wunderbar
  4. Note that in the first page of the wizard, it LOOKS like you’re adding updates into a software update group.
  5. Finish the wizard with whatever settings (please don’t make this a Required install, lest you screw yourself)

Now go into node Software Update Groups.  Where is the deployment group that was supposed just created?  It isn’t there!!  To then delete the deployment, find an individual update, go to the Deployment “tab” and delete the deployment.  Note how the update group says “Individual”

To prevent this from accidentally occurring to you, a general rule of thumb is to add the update(s) to be installed into a new or existing Software Update Group and then deploy that group to a collection.

Removing Desktop Shortcuts for First Dispute Client

Posted on

I was in a recent situation where I needed to create an install package for First Data’s FirstDispute client, but to eliminate the shortcuts.  It could have been easy to just install the software and then delete the shortcuts with a script, but instead I decided to dig around into the MSI with Microsoft Orca.  Within the MSI properties I found table “Shortcut” and items Client_Desktop, Tracking_System_Desktop, and HostReportSystem_Desktop.  By simply “dropping” these items and then saving this as a transform, I was then able to deploy the software along with the TRANSFORMS property to eliminate the desktop shortcuts.

To do this on your own:

  1. Download and install Orca (available in any Windows SDK)
  2. Open Orca
  3. Go to File > Open.  Browse to and open the MSI file for the FirstDispute client
  4. Find Table “shortcuts”
  5. Right-click each shortcut to be removed and select “drop row”
  6. Save the file as a new transform (.mst) file as NoDesktopShortcuts.mst
  7. Run the install as FirstDisputClient.msi TRANSFORMS=NoDesktopShortcuts.mst

Bug with ConfigMgr Direct Membership Collections

Posted on Updated on

This is the wildest thing I’ve ever seen.  My client was describing to me the problem, but I had a hard time believing them until I could see it reproduced for myself.  When attempting to add direct memberships to a collection, sometimes it only shows returns a subset of the limiting collection and not the full list.  I have found out that this is indeed a known bug/case that is open with the ConfigMgr development team.

When using the direct rule wizard and using a mouse with clicks, it only makes a handful of resources available from the limiting collection.

Then when repeating the steps but using the only a keyboard and buttons, all 1000+ systems became available.

The limiting “parent” collection was a created in a unique way that is new to ConfigMgr 2012.  Of that collection, it’s limited to All Systems, but the memberships rules is using the new “include collections”.

What made this “funny” at my client is that literally every time I did a direct membership, it worked for me….and every time the client did it, it failed.  We all couldn’t help but laugh because they thought I was somehow messing with them.

ConfigMgr 2012 “Protected Boundaries”

Posted on Updated on

A best practice in ConfigMgr 2007 was to have remote distribution points “protected” so that client in other subnets would not incidentally download content from them.  This was particularly important for DPs that were slow WAN links.  In ConfigMgr 2012 however, having a protected DP looks different.  Instead of the old checkbox on the DP settings, now you add the Boundary (IP address range/subnets or AD Sites) into it’s own Boundary Group.  In this way only clients in that subnet will pull from that DP.

 

Reporting Services Site Role Setup: Instance Blank/Empty

Posted on Updated on

When attempting to set up and configure the ConfigMgr 2012 site system role for reporting services, a frequently experienced “problem” is that the instance name can be blank/empty in the wizard and thereby unable to proceed with the wizard.  This usually occurs when SRS has not been pre-configured properly.

While it is common “knowledge” that the reporting services database needs to be created first, an oft-overlooked step is to use the Reporting Services Configuration Manager to create the virtual directories for IIS.  And it is these steps which need to be completed to get you on your way.

  1. Open Reporting Services Configuration Manager
  2. Connect to the server/instance
  3. Click on Web Service URL – make a fake change, such as changing the name of the virtual directory and then putting it back to ReportServer – and clicking Apply.  This will then create the new virtual directories.
  4. Click on Report Manager URL – again, make a change to the name and put back to just Reports – and click Apply to generate the new virtual directories.
  5. Close configuration manager
  6. Return to the CM12 site role setup program, click “Verify” for the database connection, and voila the instance is now populated correctly!

KB2509007 Strikes ConfigMgr 2012!

Posted on Updated on

An issue that plagued many admins over the last couple of years is that download (and thus installation) when a task sequence installs many Software Updates would hang and/or be stuck on the first update (KB2509007).  This was a problem relegated to CM07.  However, I am experiencing the same ‘ol thing in my home lab environment.  One resolution discussed for CM12 has been to 1) ensure the DP is set to allow anonymous connections, and 2) set the client install parameter SMSMP=FQDN.

However, these did not work for me in my lab and since no hotfix is available at this time, I’ve taken the quick workaround approach for my image build by using a VBScript to automate the installation of updates directly using the Windows Update Agent. While I cannot take credit for the below script, I did modify it to eliminate the prompt messages and automatically “accept” installation of updates.  I just run this script as part of my task sequence via Run Command Line and it does the trick.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa387102(v=vs.85).aspx

Download revised script: http://sdrv.ms/QT0F0S

Install application action failed: Error Code 0x80730c03

Posted on

When deploying a Win7 image, the below errors were received during the application installs of a few test applications.  The catch is that the applications install without issue when the PC was NOT joined to the domain…but when it IS joined to the domain, the installs fail.  I cannot locate any information online about this error code, so needed to post it here.  Per Microsoft support:

According to my research, this error code is coming from the Microsoft Policy Platform and the error 0x80730c03 actually can be interpreted to “Failed to prioritize rules”. Actually, this issue has already been filed as an internal bug but yet no workaround/solution is available. Consider the current situation, if you feel it has big business impact and want to track the latest info of the progress of the solution, please submit a phone incident as this is out of Community boundary. And if that’s approved to be Microsoft product issue, you can ask for refund for the specific incident.

This sample info is from SMSTS.log  – the error code is at the bottom in red.

==============================

Received job completion notification from DCM Agent
GetAppMgmtSDKInterface successful
Policy Evaluation failed, hr=0x80730c03
Setting TSEnv variable ‘SMSTSAppPolicyEvaluationJobID__ScopeId_39406D81-9115-4158-A72F-FAEE3B45B510/Application_f2a0c5c5-23ce-42a0-8c2a-d5a3ce3ddaa6’=”
EvaluationJob complete
m_hResult, HRESULT=80730c03 (e:\nts_sccm_release\sms\client\osdeployment\installapplication\installapplication.cpp,993)
Step 2 out of 5 complete
Install application action failed: ‘Adobe Flash Player 11.4.402.278 ActiveX’. Error Code 0x80730c03
Sending error status message
Setting URL = http://servername.domain.com, Ports = 80,443, CRL = false
Setting Server Certificates.
Setting Authenticator.

ConfigMgr Client GPO Assignment Removal

Posted on Updated on

On a recent upgrade project of ConfigMgr 2007 to 2012, the company I was assisting with the upgrade had previously deployed a group policy to enforce the client assignment to the 2007 site code.  However, simply removing the GPO could not correct the situation as the value was “tattooed” into the registry.  So as part of the ConfigMgr client upgrade, I included the below script to revoke the registry key.


' ***********************************************************
' This script was created by <a href="https://t3chn1ck.wordpress.com/">https://t3chn1ck.wordpress.com</a> to 
' delete the following registry value. The value will prevent 
' the abilityof anSCCM client to become reassigned to the new
' ConfigMgr 2012 site.
' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\
' GPRequestedSiteAssignmentCode (REG_SZ) = ""
' ***********************************************************
Option Explicit
Const HKLM = &H80000002 Const sRegKey = "SOFTWARE\Microsoft\SMS\Mobile Client"
Const sRegValueName = "GPRequestedSiteAssignmentCode"
Dim oReg, iReturnValue
Set oReg = GetObject("winmgmts:\\.\root\default:StdRegProv")
iReturnValue = oReg.SetStringValue (HKLM, sRegKey, sRegValueName, "")
wscript.quit iReturnValue

The Power of Task Sequences, Part 4, Misc Notes

Posted on Updated on

This is part 4 of many!  For the most part, this is same content/notes that I had done as part of my SCCM Guru sponsored webcast in early 2012.

Tips & Tricks

  1. Copying steps between different task sequences
  2. Controlling reboot behaviors with the exit codes
    1. http://myitforum.com/cs2/blogs/nbrady/archive/2010/07/28/preventing-task-sequence-reboot-after-software-install-which-produces-a-3010-exit-code.aspx
    2. Maybe extend this script to use a TS variable to modify the restart behavior?
  3. Only execute when certain software is installed
    1. https://t3chn1ck.wordpress.com/2011/03/29/task-sequence-condition-to-execute-only-if-not-installed
  4. Using SMS_InstalledSoftware instead of Win32Reg_AddRemovePrograms
    1. http://myitforum.com/myitforumwp/2011/11/04/community-solution-task-sequence-64-bit-condition/?utm_source=rss&utm_medium=rss&utm_campaign=community-solution-task-sequence-64-bit-condition
  5. Installing multiple applications
    1. http://joshuasmueller.wordpress.com/2010/04/23/installing-multiple-applications-in-a-task-sequence
  6. Troubleshooting OS deployments using task sequences, such as Software Updates
  7. List of hotfixes for task sequences??
  8. WMI conditions for if statements
  9. How to access the SCCM client during a task sequence
  10. Installing software updates
    1. Bug in software updates for task sequences

i.     how to run fix with VB Script

ii.     powershell fix – http://myitforum.com/myitforumwp/2012/01/24/use-powershell-commands-to-assist-with-patching-during-sccm-image-build

  1. Workaround for installing Office updates during a TS
  2. How to halt/kill execution of an actively running task sequence
  3. Updating SCCM default boot images to support HTA
  4. How to add language packs without MDT
    1. https://t3chn1ck.wordpress.com/2012/01/13/how-to-add-a-language-pack-to-win7-osd-without-mdt
  5. Hiding the display dialog box
    1. Set ProgressUI = CreateObject(“Microsoft.SMS.TsProgressUI”)

ProgressUI.CloseProgressDialog

  1. http://blogs.technet.com/b/mniehaus/archive/2010/03/26/hiding-and-showing-the-task-sequence-progress-dialog-box.aspx
  2. When this is useful

 

Community-Developed Solutions

  1. TS documentor
    1. http://blogs.technet.com/b/deploymentguys/archive/2009/02/20/update-to-the-tasksequence-documentor.aspx
  2. Copy logs (check Maik’s blog)
    1. http://myitforum.com/cs2/blogs/maikkoster/archive/2010/07/07/add-logging-to-your-applications-nlog-for-beginners.aspx
  3. Email notification
    1. http://myitforum.com/myitforumwp/2011/11/16/sccm-task-sequence-completion-email-notification/?utm_source=rss&utm_medium=rss&utm_campaign=sccm-task-sequence-completion-email-notification
  4. Automagically include support-related files in your boot images for troubleshooting during task sequences.
    1. http://www.1e.com/blogs/2010/07/17/ConfigMgr-OSD-Always-including-certain-files-in-your-Boot-Images-think-Trace32
  5. How To: Inject Drivers from USB During a ConfigMgr Operating System Task Sequence
    1. http://myitforum.com/myitforumwp/2011/11/03/how-to-inject-drivers-from-usb-during-a-configmgr-operating-system-task-sequence/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-inject-drivers-from-usb-during-a-configmgr-operating-system-task-sequence
  6. Jason Sandy’s OSD App Tree
    1. http://myitforum.com/myitforumwp/2011/11/02/osd-app-tree/?utm_source=rss&utm_medium=rss&utm_campaign=osd-app-tree
  7. Automatically documenting your task sequences
    1. http://blogs.technet.com/b/deploymentguys/archive/2009/02/20/update-to-the-tasksequence-documentor.aspx
  8. Versioning / Monitoring SCCM Task Sequences
    1. http://myitforum.com/cs2/blogs/maikkoster/archive/2011/05/12/versioning-monitoring-sccm-task-sequences.aspx
    2. http://mdtcustomizations.codeplex.com/releases/view/65824
  9. How can I get my task sequence to prompt for a password?
    1. http://myitforum.com/cs2/blogs/nbrady/archive/2010/07/22/how-can-i-get-my-task-sequence-to-prompt-for-a-password.aspx
  10. Jason Sandy’s OSD++
    1. http://myitforum.com/cs2/blogs/jsandys/pages/osdplusplus.aspx
  11. Logging TS Variables –
    1.  http://myitforum.com/myitforumwp/2012/01/12/logging-configuration-manager-task-sequence-variables/?utm_source=rss&utm_medium=rss&utm_campaign=logging-configuration-manager-task-sequence-variables
  12. Possible to run a DCM in a TS to detect inventory?
    1. http://trevorsullivan.net/2011/06/22/powershell-initiate-evaluation-of-configmgr-dcm-baselines
  13. Enhanced Patch Management
    1. http://myitforum.com/myitforumwp/2011/11/23/sccm-patch-management-using-the-task-sequence-engine/?utm_source=rss&utm_medium=rss&utm_campaign=sccm-patch-management-using-the-task-sequence-engine
  14. Displaying HTA in an OS or allowing user interaction with ServiceUI
    1. https://t3chn1ck.wordpress.com/2012/01/13/how-to-add-a-language-pack-to-win7-osd-without-mdt
    2. http://myitforum.com/myitforumwp/2011/11/04/configmgr-osd-install-software-that-requires-allow-user-interaction-during-task-sequence-deployment/?utm_source=rss&utm_medium=rss&utm_campaign=configmgr-osd-install-software-that-requires-allow-user-interaction-during-task-sequence-deployment
  15. Hardware configuration with the Dell CCTK
    1. http://myitforum.com/cs2/blogs/gramsey/archive/2010/07/30/how-to-enable-trusted-platform-module-tpm-on-dell-latitude-optiplex-and-precision-workstations.aspx

ConfigMgr 2012: “Multiple connections to a server” error 0x800704c3

Posted on

I recently had this error (while troubleshooting account credentials) in the CM12 console when running “Test Connection”.  I was attempting to validate the account credentials using C$ of the site server, but it generated error 0x800704c3 for “Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed”.

The resolution?  Don’t use a hidden share!  Instead, I tested the connection with the default SMS_sitecode share and it worked.