Tuesday, February 17, 2015

ConfigMgr 2012 Client Install Errors

There are a number of reasons why the ConfigMgr client fails to install… permissions, WMI, environment variables, certificate errors etc. So this post is going to be a collection of the random installation errors that I have come across in my time and how they were resolved. As news ones are identified I will add to this post.

Symptom:
  • Client installs successfully (%WinDir%\ccmsetup\Logs\ccmsetup.log)
  • Software Center is blank (Client reinstall)
  • On a new client install the logs directory (%WinDir%\CCM\Logs) is mostly empty
  • Errors can be found in both the CertificateMaintenance.log and ClientIDManagerStartup.log
CertificateMaintenance.log

Crypt acquire context failed with 0x8009000f.
CCMDoCertificateMaintenance() failed (0x8009000f).
CCMDoCertificateMaintenance() failed (0x8009000f).
Raising pending event:
instance of CCM_ServiceHost_CertificateOperationsFailure
{
DateTime = "20140909183201.373000+000";
HRESULT = "0x8009000f";
ProcessID = 5080;
ThreadID = 4824;
};
CCMDoCertificateMaintenance() raised CCM_ServiceHost_CertificateOperationsFailure status event.

ClientIDManagerStartup.log

RegTask: Failed to get certificate. Error: 0x80004005

Resolution:
  • On the client open the Services MMC snap-in and stop the SMS Agent Host service
  • Navigate to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
  • Locate the crypto file starting with “19c5cf”
  • Backup the file to a temporary directory and then delete it
  • Restart the SMS Agent Host service
  • The client should recreate the crypto file starting with “19c5cf” and the go through the registration process
Symptom:
  • Client install fails with error code 0x80004004 (%WinDir%\ccmsetup\Logs\ccmsetup.log)
  • MSI error code 1789 referenced in the client.msi.log (%WinDir%\ccmsetup\Logs\client.msi.log)
ccmsetup.log

MSI: Setup failed due to unexpected circumstances
The error code is 800706FD
CcmSetup failed with error code 0x80004004

client.msi.log

ERROR: Failed to resolve the account <Domain\Account> (1789)

Resolution:
  • On the client open the Services MMC snap-in and ensure that the Netlogon service is set to Automatic and it is running
  • Open regedit and navigate to HKLM\Software\Microsoft\
  • Delete the ccmsetup key
  • Reboot the machine
  • Reinstall the client
Symptom:
  • Client fails to install with the Couldn’t find an MP source through AD. Error 0x80004005 (%WinDir%\ccmsetup\Logs\ccmsetup.log)
ccmsetup.log

Failed to get assigned site from AD. Error 0x80004005
GetADInstallParams failed with 0x80004005
No valid source or MP locations could be identified to download content from. Ccmsetup.exe cannot continue
Couldn't find an MP source through AD. Error 0x80004005

Resolution:
  • Ensure that your boundaries and boundary groups in ConfigMgr are setup appropriately
  • On the client ensure that the Netlogon service is running and set to Automatic
  • Ensure the client is communicating with the domain properly
  • Reinstall the client
Symptoms:
  • Client installation fails with error code 1603 (%WinDir%\ccmsetup\Logs\ccmsetup.log)
ccmsetup.log

MSI: Could not access network location %APPDATA%
File %WinDir%\ccmsetup\<GUID>\client.msi installation failed. Error text: ExitCode 1603
Action: CostFinalize
ErrorMessages:
Could not access network location %APPDATA%\.

Resolution:
  • Open regedit and navigate to HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • Change the value for %APPDATA% to %USERPROFILE%\AppData\Roaming
  • Reinstall the client (Reboot may be required)
Source found here.

Symptom:
  • The client installs successfully however it will not report into it’s management point
  • Registration errors can be found in the ClientIDManagerStartup.log
  • Client does not show up as having an active client installed in the ConfigMgr client
ClientIDManagerStartup.log

<![LOG[RegTask: Failed to get certificate. Error: 0x80004005]LOG]!><time="<Time>" date="<Date>" component="ClientIDManagerStartup" context="" type="3" thread="5972" file="regtask.cpp:615">

Resolution:
  • Backup all files in the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder for Windows 7 or C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys folder for Server 2003
  • Remove the (19c5cf9c7b5dc9de3e548adb70398402_ac168ff2-23d3-4a00-bd1d-dd27ff040362) folder
  • Restart the SMS Agent Host Service to recreate these certificates
  • Client should now register and start pulling down policies
Symptom:
  • Client fails to install with error code 80041002 (%WinDir%\ccmsetup\Logs\ccmsetup.log)
ccmsetup.log

MSI: Setup was unable to compile the file DiscoveryStatus.mof
CcmSetup failed with the error code 80041002

Resolution:
  • Open an administrative CMD prompt
  • Navigate to C:\Program Files\Microsoft Policy Platform
  • run the following command mofcomp ExtendedStatus.mof
  • Reinstall the client

Monday, February 16, 2015

Microsoft System Center 2012 Configuration Manager Servicing Extension


In December the Configuration Manager Sustained Engineering team officially released their Servicing Extension. This add-on helps administrators keep track of things like the release of new hotfixes and cumulative updates, lists the sites you manage and the current version they are running, a client targeting node that enables you to create queries for rolling out updates to machines and a blogs node that brings the latest updates from Microsoft’s official ConfigMgr blogs all from within the console.

Simply download the add-on from here and install it on a machine which has the ConfigMgr console installed. Once installed, open the ConfigMgr console and then open the Administration workspace and you will now see the Site Servicing node. Expand Site Serving and you will have the following nodes listed – Releases, Site Versions, Client Targeting and Blogs.




Site Servicing – The Site Servicing node displays a summary of the latest updates that have been released, the most recent blog posts from the System Center Configuration Manager Team blog as well as the The Official Configuration Manager Support Team blog as well give you the ability to configure proxy settings as well as display the current version of the Servicing Extension add-on installed.

Releases – The Release node displays a list of updates that have been published for ConfigMgr. You can list all updates or filter between ones specifically for SP1 or R2. Each release entry includes links for the KB article, the URL to download the update plus an option to create a query for the update. (For example to identify all clients missing the update) You can also mark an update or all update entries as Read. 

Site Versions – The Site Versions node will list all sites in your hierarchy and information like server name, site code, site name, base version and cumulative update installed.

Client Targeting – The Client Targeting node allows you to create queries to be used to identify clients for deploying updates.

Blogs – The Blogs node will automatically update as new updates are posted to Microsoft’s officially ConfigMgr blogs. Currently you can filter articles from the System Center Configuration Manager Team Blog and The Official Configuration Manager Support Team Blog. You also have the ability to mark articles as Read.

Overall I think this add-on and the information it provides is a great idea and I hope that this is something that Microsoft will integrate into the product for future releases.

Wednesday, February 11, 2015

Software Center returned error code 0x0041013 (-2147217389)

I've come across this issue a couple of times after upgrading the ConfigMgr client from 2007 (4.x) to 2012 (5.x) where Software Center will never open successfully and present a the user's applications. The 2012 client will install and seems to start communicating successfully however when a user goes to open Software Center they are presented with the following error:

Software Center cannot get the current status for some of the software. Software Center will list any items with available status. You can press F5 to refresh the view. If the problem persists, contact your help desk.

If you expand the More Information section you get the following error code:

Loading Software Center returned error code 0x0041013 (-2147217389).

No matter how long you leave the client, refresh policies or even after a reinstall the problem persists. After much searching online I finally found a post that referenced the same error code and how to resolve the problem. (My next step was a call to Microsoft so it saved me a bunch of time when I found it) Essentially the problem  stems from the 2007 client failing to uninstall cleanly leaving behind possibly two registry keys that can cause the issue. Check the following:
  • Open regedit
  • Navigate to HKEY_CLASSES_ROOT\CLSID\{555B0C3E-41BB-4B8A-A8AE-8A9BEE761BDF}\InProcServer32
  • Ensure that the default value is set to C:\WINDOWS\CCM\ccmcisdk.dll
  • Navigate to HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{555B0C3E-41BB-4B8A-A8AE-8A9BEE761BDF}\InProcServer32
  • Ensure that the default value is blank (If not delete the value)
  • Open the ConfigMgr client applet and kick off a policy refresh action
  • Give it a few minutes (You can monitor the PolicyAgent.log file on the client)
  • Once the policy refresh is complete open Software Center and the user should new be presented with their applications

Sunday, February 8, 2015

SMS Migration Manager Stops Unexpectedly


Recently I was reviewing site server health in the Monitoring workspace in the ConfigMgr console and I came across the following error that a couple of site servers were reporting pretty consistently. The SMS_Migration_Manager component for each server was reporting the following message:

SMS Executive detected that this component stopped unexpectedly.
Possible cause: The component is experiencing a severe problem that caused it to stop unexpectedly.
Solution: Refer to your ConfigMgr Documentation or the Microsoft Knowledge Base for further troubleshooting information.


On the site server itself you will find the same errors listed in the Application event log and when reviewing the migmctrl.log file (<Install Location>\Microsoft Configuration Manager\Logs) you will see the following:

MigMCtrI: FAILED to CREATE JobManager instance, error = The parameter is incorrect., 80070057
MigMCtrI: FAILED to START WorkltemMgr. error = The parameter is incorrect., 80070057
MigMCtrI: FAILED to INITIALIZE, error = The parameter is incorrect,, 80070057


After some searching online I across this post which outlined the issue and provided information on how to resolve it.
  • Browse to <Install Location>\Microsoft Configuration Manager\bin\X64
  • Copy microsoft.configurationmanagement.migrationmanager.dll to a temp folder
  • Browse to that site's parent a copy microsoft.configurationmanagement.migrationmanager.dll to the server and overwrite the original file
  • Open an administrative cmd prompt and navigate to C:\Windows\Microsoft.NET\Framework64\v4.0.30319
  • Run the following:  
 regasm.exe <ConfigMgr Installation Directory>\bin\X64\microsoft.configurationmanagement.migrationmanager.dll /codebase
    • You should get the following message in the cmd window
                         Types registered successfully


      • Open services.msc and restart the SMS_Executive service

      Monitor the migmctrl.log file and wait for the following entries:

      MigMCtrI: the workitem queue is full!
      MigMCtrI: WAIT 3 event(s) For 60 minute(s) and 0 second(s).


      Give the server about an hour and check the log to ensure the errors have gone away. All migration jobs had been long completed and I only had this issue happen on a few secondary sites. I still have not found a root cause for this issue and it has yet to occur again.

      Friday, February 6, 2015

      Automatic Deployment Rule Fails to Download content

      I currently use a Automatic Deployment Rule (ADR) for deploying System Center Endpoint Protection definition updates. Setting up an ADR is pretty straight forward however I was seeing the following error in the ruleengine.log file (Located at <ConfigMgr Installation Directory>\Logs)

      Downloading content with ID <Unique Content ID> in the package
      Failed to download the update from internet. Error = 1326
      Failed to download ContentID <Unique Content ID> for UpdateID <Unique Update ID>. Error code = 1326


      There are a few things that you need to be aware of when setting up a ADR:
      • The ADR will run in the SYSTEM context
      • If a proxy server is in use for internet access ensure that rules are setup appropriately for your site server
      • Ensure that the permissions for the file share (Full) and source directory (Modify) are setup appropriately. If your source directory is located on a different server the computer account of your site server will need modify access to the package source directory
      • The ADR will use the UNC path to access the share even when the directory is local to that site server
      For my setup everything checked out. The site server and the package source were located on the same server so permissions weren't the issue. Proxy server rules were already setup to allow the site server to download the required content for specific sites. I double checked and verified that the site server was indeed able to connect to the URL required yet the problem persisted. This server had been recently upgraded to Server 2012 R2 and I was connecting to it using a CNAME so what I found was that when I was logged onto the server and then browsed to the share using the UNC path (Using a CNAME in place of the server name) I was prompted for credentials. So when the ADR would run it would fail at the point where it tried to access the share for the package source path. With Server 2008 R2 disabling strict name would resolve this problem however with Server 2012 R2 you need to disable loopback checking.
      • Open Regedit.exe
      • Navigate to HKLM\SYSTEM\CurrentControlSet\Control\Lsa
      • Create a new DWORD value called "DisableLoopbackCheck"
      • Set the value to “1”
      • Test by connecting to the UNC path using your CNAME (If you are still being prompted reboot your server)
      Once loopback checking was disabled the ADR ran without issue.

      Friday, January 2, 2015

      Resetting BITS Jobs

      There have been instances where Configuration Manager distribution points stop accepting content. Network services are fine and I can copy the content manually but it will never get there on its own.  I've only had this happen a couple of times on Server 2008 R2 machines. The only role installed on these servers is a distribution point and there are no shared services on the box. What seems to happen is that the BITS client gets stuck on a job and all other jobs get queued indefinitely. Since BITS is a component of Windows Configuration Manager never reports a problem. The only symptom is that content never gets there. Here is how you can check the status of BITS jobs.

      ·         Launch administrative PowerShell
      ·         Run Import-Module BitsTransfer
      ·         Run Get-BitsTransfer -AllUsers
      ·         Open Task Scheduler and create a new task (Note for Windows 8 or Server 2012 and above you need to use Sysinternals PsExec with the -s switch (http://msdn.microsoft.com/en-us/library/bb897553.aspx)
      ·         Open Task Scheduler
      §  Right-click Task Scheduler (Local) and select Create Task
      §  Give the task a name - Rest BITS Jobs
      §  Under Security options Change the user to the local SYSTEM account
      §  Enable Run with highest privileges
      §  On the Actions tab select New...
      §  Set up the new Action
      §  Action -Start a Program
      §  Program browse to C:\Windows\System32\bitsadmin.exe
      §  Add arguments /reset /allusers
      §  Click OK
      §  On the Settings tab ensure the Allow task to be run on demand option is enabled
      ·         Run the task
      ·         Give the task a couple of minutes to run
      ·         Go back to PowerShell and run Get-BitsTransfer -AllUsers
      ·         There should now jobs listed in the queue
      ·         Delete the task from Task Scheduler