tag:blogger.com,1999:blog-52839645266380215362024-02-07T07:02:33.624-06:00ConfigMgr | Virtualization | OS Deployment | Citrixtjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comBlogger57125tag:blogger.com,1999:blog-5283964526638021536.post-50266293392262043912015-02-17T20:28:00.002-06:002015-02-17T20:28:29.386-06:00ConfigMgr 2012 Client Install ErrorsThere are a number of reasons why the ConfigMgr client fails to install… permissions, WMI, environment variables, certificate errors etc. So this post is going to be a collection of the random installation errors that I have come across in my time and how they were resolved. As news ones are identified I will add to this post.<br />
<br />
<strong>Symptom:</strong><br />
<ul>
<li>Client installs successfully (%WinDir%\ccmsetup\Logs\ccmsetup.log) </li>
<li>Software Center is blank (Client reinstall) </li>
<li>On a new client install the logs directory (%WinDir%\CCM\Logs) is mostly empty </li>
<li>Errors can be found in both the CertificateMaintenance.log and ClientIDManagerStartup.log </li>
</ul>
<u>CertificateMaintenance.log</u><br />
<br />
<em>Crypt acquire context failed with 0x8009000f.</em><br />
<em>CCMDoCertificateMaintenance() failed (0x8009000f).</em><br />
<em>CCMDoCertificateMaintenance() failed (0x8009000f).</em><br />
<em>Raising pending event:</em><br />
<em>instance of CCM_ServiceHost_CertificateOperationsFailure</em><br />
<em>{</em><br />
<em>DateTime = "20140909183201.373000+000";</em><br />
<em>HRESULT = "0x8009000f";</em><br />
<em>ProcessID = 5080;</em><br />
<em>ThreadID = 4824;</em><br />
<em>};</em><br />
<em>CCMDoCertificateMaintenance() raised CCM_ServiceHost_CertificateOperationsFailure status event.</em><br />
<br />
<u>ClientIDManagerStartup.log</u><br />
<br />
<em>RegTask: Failed to get certificate. Error: 0x80004005</em><br />
<br />
<strong>Resolution:</strong><br />
<ul>
<li>On the client open the Services MMC snap-in and stop the SMS Agent Host service </li>
<li>Navigate to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys </li>
<li>Locate the crypto file starting with “19c5cf” </li>
<li>Backup the file to a temporary directory and then delete it </li>
<li>Restart the SMS Agent Host service </li>
<li>The client should recreate the crypto file starting with “19c5cf” and the go through the registration process </li>
</ul>
<strong>Symptom:</strong><br />
<ul>
<li>Client install fails with error code 0x80004004 (%WinDir%\ccmsetup\Logs\ccmsetup.log) </li>
<li>MSI error code 1789 referenced in the client.msi.log (%WinDir%\ccmsetup\Logs\client.msi.log) </li>
</ul>
<u>ccmsetup.log</u><br />
<br />
<em>MSI: Setup failed due to unexpected circumstances</em><br />
<em>The error code is 800706FD</em><br />
<em>CcmSetup failed with error code 0x80004004</em><br />
<br />
<u>client.msi.log</u><br />
<br />
<i>ERROR: Failed to resolve the account <Domain\Account> (1789)</i><br />
<br />
<strong>Resolution:</strong><br />
<ul>
<li>On the client open the Services MMC snap-in and ensure that the Netlogon service is set to Automatic and it is running</li>
<li>Open regedit and navigate to HKLM\Software\Microsoft\</li>
<li>Delete the ccmsetup key</li>
<li>Reboot the machine</li>
<li>Reinstall the client</li>
</ul>
<strong>Symptom:</strong><br />
<ul>
<li> <div align="left">
Client fails to install with the Couldn’t find an MP source through AD. Error 0x80004005 (%WinDir%\ccmsetup\Logs\ccmsetup.log) </div>
</li>
</ul>
<u>ccmsetup.log</u><br />
<em><br /></em>
<em>Failed to get assigned site from AD. Error 0x80004005</em><br />
<em>GetADInstallParams failed with 0x80004005</em><br />
<em>No valid source or MP locations could be identified to download content from. Ccmsetup.exe cannot continue</em><br />
<em>Couldn't find an MP source through AD. Error 0x80004005</em><br />
<strong><br /></strong>
<strong>Resolution:</strong><br />
<ul>
<li>Ensure that your boundaries and boundary groups in ConfigMgr are setup appropriately</li>
<li>On the client ensure that the Netlogon service is running and set to Automatic</li>
<li>Ensure the client is communicating with the domain properly </li>
<li>Reinstall the client</li>
</ul>
<strong>Symptoms:</strong><br />
<ul>
<li>Client installation fails with error code 1603 (%WinDir%\ccmsetup\Logs\ccmsetup.log)</li>
</ul>
<u>ccmsetup.log</u><br />
<br />
<em>MSI: Could not access network location %APPDATA%</em><br />
<em>File %WinDir%\ccmsetup\<GUID>\client.msi installation failed. Error text: ExitCode 1603</em><br />
<em>Action: CostFinalize</em><br />
<em>ErrorMessages:</em><br />
<em>Could not access network location %APPDATA%\.</em><br />
<em><br /></em>
<strong>Resolution:</strong><br />
<ul>
<li>Open regedit and navigate to HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders</li>
<li>Change the value for %APPDATA% to %USERPROFILE%\AppData\Roaming</li>
<li>Reinstall the client (Reboot may be required)</li>
</ul>
<div>
Source found <a href="http://www.systemcenterdudes.com/could-not-access-network-location-appdata-ccmsetup-log/" target="_blank">here</a>.</div>
<strong><br /></strong>
<strong>Symptom:</strong><br />
<ul>
<li>The client installs successfully however it will not report into it’s management point</li>
<li>Registration errors can be found in the ClientIDManagerStartup.log</li>
<li>Client does not show up as having an active client installed in the ConfigMgr client</li>
</ul>
<u>ClientIDManagerStartup.log</u><br />
<br />
<em><![LOG[RegTask: Failed to get certificate. Error: 0x80004005]LOG]!><time="<Time>" date="<Date>" component="ClientIDManagerStartup" context="" type="3" thread="5972" file="regtask.cpp:615"></em><br />
<strong><br /></strong>
<strong>Resolution:</strong><br />
<ul>
<li>Backup all files in the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder for Windows 7 or C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys folder for Server 2003</li>
<li>Remove the (19c5cf9c7b5dc9de3e548adb70398402_ac168ff2-23d3-4a00-bd1d-dd27ff040362) folder</li>
<li>Restart the SMS Agent Host Service to recreate these certificates</li>
<li>Client should now register and start pulling down policies</li>
</ul>
<strong>Symptom:</strong><br />
<ul>
<li>Client fails to install with error code 80041002 (%WinDir%\ccmsetup\Logs\ccmsetup.log)</li>
</ul>
<u>ccmsetup.log</u><br />
<br />
<em>MSI: Setup was unable to compile the file DiscoveryStatus.mof</em><br />
<em>CcmSetup failed with the error code 80041002</em><br />
<strong><br /></strong>
<strong>Resolution:</strong><br />
<ul>
<li>Open an administrative CMD prompt</li>
<li>Navigate to C:\Program Files\Microsoft Policy Platform</li>
<li>run the following command <em>mofcomp ExtendedStatus.mof</em></li>
<li>Reinstall the client</li>
</ul>
tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-4448100169269664402015-02-16T19:28:00.001-06:002015-02-17T19:48:56.859-06:00Microsoft System Center 2012 Configuration Manager Servicing Extension<br />
In December the Configuration Manager Sustained Engineering team officially released their <a href="http://blogs.technet.com/b/configmgrteam/archive/2014/12/09/now-available-microsoft-system-center-2012-configuration-manager-servicing-extension.aspx" target="_blank">Servicing Extension</a>. This add-on helps administrators keep track of things like the release of new hotfixes and cumulative updates, lists the sites you manage and the current version they are running, a client targeting node that enables you to create queries for rolling out updates to machines and a blogs node that brings the latest updates from Microsoft’s official ConfigMgr blogs all from within the console. <br />
<br />
Simply download the add-on from <a href="http://www.microsoft.com/en-us/download/details.aspx?id=45033" target="_blank">here</a> and install it on a machine which has the ConfigMgr console installed. Once installed, open the ConfigMgr console and then open the Administration workspace and you will now see the Site Servicing node. Expand Site Serving and you will have the following nodes listed – Releases, Site Versions, Client Targeting and Blogs.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2x4O9BYZNJYO_giKCnwJseMQS8B9lC-FYMK6FODy38tI_99eAqbUtpSG-FPA-fnKajZFjfE59uj7S4fnBGqn2LbgKQpP2wqriPXa9w7brF-m2OiFNdkrcmVC_Ra6EhSpcjMoAHhu0FNo0/s1600/CMSE.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2x4O9BYZNJYO_giKCnwJseMQS8B9lC-FYMK6FODy38tI_99eAqbUtpSG-FPA-fnKajZFjfE59uj7S4fnBGqn2LbgKQpP2wqriPXa9w7brF-m2OiFNdkrcmVC_Ra6EhSpcjMoAHhu0FNo0/s1600/CMSE.PNG" /></a></div>
<br />
<br />
Site Servicing – The Site Servicing node displays a summary of the latest updates that have been released, the most recent blog posts from the System Center Configuration Manager Team blog as well as the The Official Configuration Manager Support Team blog as well give you the ability to configure proxy settings as well as display the current version of the Servicing Extension add-on installed.<br />
<br />
Releases – The Release node displays a list of updates that have been published for ConfigMgr. You can list all updates or filter between ones specifically for SP1 or R2. Each release entry includes links for the KB article, the URL to download the update plus an option to create a query for the update. (For example to identify all clients missing the update) You can also mark an update or all update entries as Read. <br />
<br />
Site Versions – The Site Versions node will list all sites in your hierarchy and information like server name, site code, site name, base version and cumulative update installed.<br />
<br />
Client Targeting – The Client Targeting node allows you to create queries to be used to identify clients for deploying updates. <br />
<br />
Blogs – The Blogs node will automatically update as new updates are posted to Microsoft’s officially ConfigMgr blogs. Currently you can filter articles from the System Center Configuration Manager Team Blog and The Official Configuration Manager Support Team Blog. You also have the ability to mark articles as Read.<br />
<br />
Overall I think this add-on and the information it provides is a great idea and I hope that this is something that Microsoft will integrate into the product for future releases.<br />
<br />tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-29135908888396486642015-02-11T10:39:00.000-06:002015-02-17T20:29:22.242-06:00Software Center returned error code 0x0041013 (-2147217389)I've come across this issue a couple of times after upgrading the ConfigMgr client from 2007 (4.x) to 2012 (5.x) where Software Center will never open successfully and present a the user's applications. The 2012 client will install and seems to start communicating successfully however when a user goes to open Software Center they are presented with the following error:<br />
<br />
<em>Software Center cannot get the current status for some of the software. Software Center will list any items with available status. You can press F5 to refresh the view. If the problem persists, contact your help desk.</em><br />
<br />
If you expand the More Information section you get the following error code:<br />
<br />
<em>Loading Software Center returned error code 0x0041013 (-2147217389).</em><br />
<br />
No matter how long you leave the client, refresh policies or even after a reinstall the problem persists. After much searching online I finally found a <a href="http://eskonr.com/2014/03/configmgr-2012-software-center-returned-error-code-0x0041013-2147217389-4/">post</a> that referenced the same error code and how to resolve the problem. (My next step was a call to Microsoft so it saved me a bunch of time when I found it) Essentially the problem stems from the 2007 client failing to uninstall cleanly leaving behind possibly two registry keys that can cause the issue. Check the following:<br />
<ul>
<li>Open regedit </li>
<li>Navigate to HKEY_CLASSES_ROOT\CLSID\{555B0C3E-41BB-4B8A-A8AE-8A9BEE761BDF}\InProcServer32 </li>
<li>Ensure that the default value is set to C:\WINDOWS\CCM\ccmcisdk.dll </li>
<li> <div align="left">
Navigate to HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{555B0C3E-41BB-4B8A-A8AE-8A9BEE761BDF}\InProcServer32</div>
</li>
<li>Ensure that the default value is blank (If not delete the value) </li>
<li>Open the ConfigMgr client applet and kick off a policy refresh action </li>
<li>Give it a few minutes (You can monitor the PolicyAgent.log file on the client) </li>
<li>Once the policy refresh is complete open Software Center and the user should new be presented with their applications </li>
</ul>
tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-83060655602868118362015-02-08T11:40:00.000-06:002015-02-16T19:29:11.274-06:00SMS Migration Manager Stops Unexpectedly<br />
Recently I was reviewing site server health in the Monitoring workspace in the ConfigMgr console and I came across the following error that a couple of site servers were reporting pretty consistently. The SMS_Migration_Manager component for each server was reporting the following message:<br />
<em><br /></em>
<em>SMS Executive detected that this component stopped unexpectedly.<br />Possible cause: The component is experiencing a severe problem that caused it to stop unexpectedly.<br />Solution: Refer to your ConfigMgr Documentation or the Microsoft Knowledge Base for further troubleshooting information.</em><br />
<em><br /></em>On the site server itself you will find the same errors listed in the Application event log and when reviewing the migmctrl.log file (<Install Location>\Microsoft Configuration Manager\Logs) you will see the following:<br />
<br />
<em>MigMCtrI:</em> <em>FAILED to CREATE JobManager instance, error = The parameter is incorrect., 80070057<br />MigMCtrI: FAILED to START WorkltemMgr. error = The parameter is incorrect., 80070057<br />MigMCtrI: FAILED to INITIALIZE, error = The parameter is incorrect,, 80070057</em><br />
<br />
After some searching online I across this <a href="http://www.systemcenterdudes.com/sms_migration_manager-stopped-unexpectedly/">post</a> which outlined the issue and provided information on how to resolve it.<br />
<ul>
<li>Browse to <Install Location>\Microsoft Configuration Manager\bin\X64</li>
<li>Copy microsoft.configurationmanagement.migrationmanager.dll to a temp folder</li>
<li>Browse to that site's parent a copy microsoft.configurationmanagement.migrationmanager.dll to the server and overwrite the original file</li>
<li>Open an administrative cmd prompt and navigate to C:\Windows\Microsoft.NET\Framework64\v4.0.30319</li>
<li>Run the following: </li>
</ul>
<i> regasm.exe <ConfigMgr Installation Directory>\bin\X64\microsoft.configurationmanagement.migrationmanager.dll /codebase</i><br />
<ul><ul></ul>
<li>You should get the following message in the cmd window</li>
</ul>
<i> Types registered successfully</i><br />
<div>
<i><br /></i>
<br />
<ul><ul></ul>
<li>Open services.msc and restart the SMS_Executive service</li>
</ul>
<br />
Monitor the migmctrl.log file and wait for the following entries:<br />
<br />
<em>MigMCtrI: the workitem queue is full!<br />MigMCtrI: WAIT 3 event(s) For 60 minute(s) and 0 second(s).</em><br />
<br />
Give the server about an hour and check the log to ensure the errors have gone away. All migration jobs had been long completed and I only had this issue happen on a few secondary sites. I still have not found a root cause for this issue and it has yet to occur again.<br />
<br /></div>
tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-21944225067853979332015-02-06T07:32:00.000-06:002015-02-08T11:28:03.568-06:00Automatic Deployment Rule Fails to Download contentI currently use a Automatic Deployment Rule (ADR) for deploying System Center Endpoint Protection definition updates. Setting up an ADR is pretty straight forward however I was seeing the following error in the ruleengine.log file (Located at <ConfigMgr Installation Directory>\Logs)<br />
<br />
<em>Downloading content with ID <Unique Content ID> in the package<br />Failed to download the update from internet. Error = 1326<br />Failed to download ContentID <Unique Content ID> for UpdateID <Unique Update ID>. Error code = 1326</em><br />
<br />
There are a few things that you need to be aware of when setting up a ADR:<br />
<ul>
<li>The ADR will run in the SYSTEM context</li>
<li>If a proxy server is in use for internet access ensure that rules are setup appropriately for your site server</li>
<li>Ensure that the permissions for the file share (Full) and source directory (Modify) are setup appropriately. If your source directory is located on a different server the computer account of your site server will need modify access to the package source directory</li>
<li>The ADR will use the UNC path to access the share even when the directory is local to that site server</li>
</ul>
For my setup everything checked out. The site server and the package source were located on the same server so permissions weren't the issue. Proxy server rules were already setup to allow the site server to download the required content for specific sites. I double checked and verified that the site server was indeed able to connect to the URL required yet the problem persisted. This server had been recently upgraded to Server 2012 R2 and I was connecting to it using a CNAME so what I found was that when I was logged onto the server and then browsed to the share using the UNC path (Using a CNAME in place of the server name) I was prompted for credentials. So when the ADR would run it would fail at the point where it tried to access the share for the package source path. With Server 2008 R2 disabling strict name would resolve this problem however with Server 2012 R2 you need to disable loopback checking.<br />
<ul>
<li>Open Regedit.exe</li>
<li>Navigate to HKLM\SYSTEM\CurrentControlSet\Control\Lsa</li>
<li>Create a new DWORD value called "DisableLoopbackCheck"</li>
<li>Set the value to “1”</li>
<li>Test by connecting to the UNC path using your CNAME (If you are still being prompted reboot your server)</li>
</ul>
<div>
Once loopback checking was disabled the ADR ran without issue.</div>
tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-27583412876892502942015-01-02T19:06:00.002-06:002015-02-08T11:29:13.013-06:00Resetting BITS JobsThere have been instances where Configuration Manager distribution points stop accepting content. Network services are fine and I can copy the content manually but it will never get there on its own. I've only had this happen a couple of times on Server 2008 R2 machines. The only role installed on these servers is a distribution point and there are no shared services on the box. What seems to happen is that the BITS client gets stuck on a job and all other jobs get queued indefinitely. Since BITS is a component of Windows Configuration Manager never reports a problem. The only symptom is that content never gets there. Here is how you can check the status of BITS jobs.<br />
<br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">Launch administrative PowerShell <o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">Run Import-Module BitsTransfer<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">Run Get-BitsTransfer -AllUsers<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">Open Task Scheduler and create a new task (Note for
Windows 8 or Server 2012 and above you need to use Sysinternals PsExec with the -s
switch (<a href="http://msdn.microsoft.com/en-us/library/bb897553.aspx"><span style="color: blue;">http://msdn.microsoft.com/en-us/library/bb897553.aspx</span></a>)
<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">Open Task Scheduler<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">Right-click
Task Scheduler (Local) and select Create Task<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">Give the task a
name - Rest BITS Jobs<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">Under Security
options Change the user to the local SYSTEM account<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">Enable Run with
highest privileges<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">On the Actions
tab select New...<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">Set up the new
Action<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">Action -Start a
Program<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">Program browse
to C:\Windows\System32\bitsadmin.exe<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">Add arguments
/reset /allusers<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">Click OK<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Wingdings; font-size: 10pt;">§<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span lang="EN-US">On the Settings
tab ensure the Allow task to be run on demand option is enabled<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">Run the task<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">Give the task a couple of minutes to run<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">Go back to PowerShell and run Get-BitsTransfer
-AllUsers<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">There should now jobs listed in the queue</span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 0.0001pt 27pt; text-indent: -0.25in; vertical-align: middle;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US">Delete the task from Task Scheduler</span></div>
tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-13504315382541422342013-02-02T15:26:00.000-06:002013-02-02T15:26:41.068-06:00Poor Video Performance in vsphere 4.1 remote console after Xendesktop VDA is installed<br />
When you build a Windows 7 XenDesktop image that is hosted on VMware vSphere 4.1 you will find that your gold image will perform as it should when using vSphere's remote console feature until you install the XenDesktop Virtual Desktop Agent (VDA). After the VDA is installed, your remote console session has poor video performance. On top of that when you launch a XenDesktop session using your Windows 7 image all the user gets is a black screen.<br />
<br />
This is due to a conflict between the WDDM video driver that the XenDesktop VDA installs and the version that VMware tools installs. When VMware Tools 4.1 (Version 8.x) is installed the default video driver is set to the VMware SVGA 3D (Microsoft Corporation – WDDM) driver and when you install the XenDesktop VDA it replaces the VMware driver with the Citrix Display Driver (Citrix Systems - WDDM) as the default video driver. If you leave the XenDesktop WDDM driver installed the remote console in vSphere has very poor video performance which causes the mouse to be very choppy and not responsive. If you update the video adapter to use the VMware SVGA 3D driver then the remote console works correctly however your users will get nothing but a black screen when logging into XenDesktop. To resolve this driver issue try the following:<br />
<br />
<ul>
<li>Launch the vSphere client
<li>Open a remote session to your gold image machine
<li>If the XenDesktop VDA is installed uninstall it and reboot
<li>Open device manager and change the default VMware video adapter to use the <strong><em>VMware SVGA II</em></strong> driver and reboot
(Driver is located at C:\Program Files\Common Files\VMware\Drivers\Video)
<li>Log back into your golden machine and confirm that video performance in the remote console works normally
<li>Now we need to install the VDA without the Citrix WDDM driver as outlined in <a href="http://support.citrix.com/article/CTX130851/" target="_blank">CTX130851</a>
<ul>
<li>Open a command prompt and browse to <em><strong>\\<VDA Installation files>\x64\XenDesktop Setup</strong></em> (Substitute x86 for x64 if you are using a 32-bit operating system
<li>Run the following: <strong><em>XenDesktopVdaSetup.exe</em></strong> <em><strong>/NOCITRIXWDDM</strong></em> (This will install the VDA without the WDDM driver
<li>After the install completes reboot the system
</li>
</li>
</li>
</ul>
<li>Once the machine reboots log back in and open Device Manager
<li>Navigate down to the Display adapters and expand it
<li>You should now have two display adapters listed
<ul>
<li>Citrix Systems Inc. Display Driver
<li>VMware SVGA II
</li>
</li>
</ul>
</li>
</li>
</li>
</li>
</li>
</li>
</li>
</li>
</li>
</ul>
This configuration will allow you to use the remote console feature of the vSphere client properly and allow users to launch a XenDesktop session successfully. The only gotcha that I have found so far is when I’m using the remote console from time to time the session will freeze and you have to reset the virtual machine. Hopefully with the newer releases of vSphere the issue is resolved. <br />
<br />tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-14667084083839384432013-01-26T07:38:00.000-06:002013-01-26T07:38:02.812-06:00Your Profile was not loaded correctly error on windows 7I’ve had a few instances lately where corrupt profiles have prevented me from logging into with a Windows 7 or Server 2008 R2 machine. At the time of logon, the logon process takes a while and then I get the following error:<br />
<br />
<em>Your user profile was not loaded correctly. You have been logged on with a temporary profile. Changes you make to this profile will be lost when you log off. Please see event log for details or contact your administrator.</em><br />
<em></em><br />
Also in the Event Viewer (Application) you have an entry for Event ID 1511. Normally this isn’t a big deal because you can log onto the machine with a different admin account and delete the problem profile. Only in this case when you go to remove the profile it doesn’t exist. I came across the following Microsoft article – <a href="http://support.microsoft.com/kb/947242" target="_blank">KB947242</a> that deals with this issue. If you open regedit and Navigate to:<br />
<br />
<em>HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfielList</em><br />
<br />
You will find a list of profiles that are identified by their SID. Locate the SID of the account in question (It will probably be called <em>SID.bak</em>) and delete the entry. Log off of the system and log back in using the problem account. tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-44877083099210477932013-01-23T18:36:00.001-06:002013-01-23T19:51:58.805-06:00System Center 2012 SP1 DropsIt’s been just over a week since the official announcement that service pack 1 for System Center Configuration Manager 2012 was released. This is a really important release for the System Center teams as SP1 really drives home the idea of unified device management. Service Pack 1 adds support for Windows Server 2012 and Windows 8, Windows 8 tablet plus added support for Mac OS X, Linux and Unix platforms. This is exciting for our environment because there has always been a gap with managing the subset of machines running Mac OS X or Linux. Can you manage one of these platforms to the level that you can manage the Windows platform? No. However this is a step in the right direction. Admins want a single pane of glass view for managing their environment – SP1 moves System Center in the direction. Some other features of this release are support for Windows Embedded devices, full PowerShell support, Windows Azure based Distribution Points and the ability to subscribe to email alerts. <br />
When you dig a little deeper into the CM 2012 release you’ll find added support for user profile and data management with their new User Environment Virtualization product (MDOP 2012) and real time administrative tasks for endpoint protection, network cost support for application delivery, updates to Bitlocker including TPM and PIN, and the ability to deploy Windows 8 applications.tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-79556089059680057472013-01-20T17:17:00.000-06:002013-01-23T19:43:12.811-06:00Troubleshooting a XenDesktop Issue... What do the Logs Say?Over the years when working with System Center Configuration Manager you get used to combing logs to resolve issues. ConfigMgr has a log for everything so it was my surprise when I starting working with XenDesktop how limited logging is out of the box. After working through my first major outage, I quickly found out that logging is no good if it is not enabled. It’s not that XenDesktop doesn’t have logging it just doesn’t have enabled by default. I would highly recommend enabling the following logging in XenDesktop – on the VDA, on the DDC and PorrtICA.<br />
<br />
Enabling Virtual Desktop Agent (VDA) logging (<a href="http://support.citrix.com/article/CTX117452" target="_blank">CTX117452</a>):<br />
<ul>
<li>Change your vDisk to Private mode and boot your template machine
<li>Log in with an admin account
<li>Navigate to %ProgramFiles%\Citrix\Virtual Desktop Agent
<li>Backup WorkstationAgent.exe.config
<li>Open the configuration file with a program such as Notepad
<li>Locate the following section <appSettings> section (Near the top of the config file) and update as follows:</li>
<ul>
<li><add key=”LogToCDF” value =”1”/></li>
<li><add key="LogFileName" value ="D:\XDLogs\vda_log.log"/></li>
<li><add key="OverwriteLogFile" value ="1"/></li>
</ul>
<li>Save and close the file</li>
<li>Restart the Citrix Desktop service or reboot your template machine and confirm that the log file gets created</li>
</li>
</li>
</li>
</li>
</li>
</ul>
The above configuration will redirect the log file to the D:\ partition (Assuming that you have persistent disk) but you can change the location to whatever works for your environment. If you set to the location to somewhere on the C:\ drive ensure that you set the correct permissions. You can also configure the log to overwrite itself anytime that the Citrix Desktop Service starts. (Shown above) If you don’t set the log file to overwrite just be mindful of your disk space.<br />
<br />
Enabling Desktop Delivery Controller (DDC) logging (<a href="http://support.citrix.com/article/CTX117452" target="_blank">CTX117452</a>) with XenDesktop 5.6:<br />
<ul>
<li>Log into your DDC with an admin account
<li>Navigate to %ProgramFiles%\Citrix\Broker\Service
<li>Backup BrokerService.exe.config
<li>Open the configuration file with a program such as Notepad
<li>Locate the following section <appSettings> section (Near the top of the config file) and update as follows:</li>
<ul>
<li><add key="LogToCDF" value ="1"/></li>
<li><add key="LogFileName" value ="D:\XDLogs\controller_log.log"/></li>
<li><add key="OverwriteLogFile" value ="1"/></li>
</ul>
<li>Save and close the file</li>
<li>With XenDesktop 5.6 I did not have to enable logging for CdsPoolMgr.exe.config as outlined in <a href="http://support.citrix.com/article/CTX117452" target="_blank">CTX117452</a></li>
<li>Restart the Citrix Broker Service (This will cause any virtual desktops connected to the server to re-register with another controller)</li>
</li>
</li>
</li>
</li>
</ul>
The above configuration will create a log file on the D:\ partition assuming that you have one. If you set the log location to be somewhere on your C:\ partition watch that your permissions are set correctly. Since the log file will only overwrite itself when the Citrix Broker service is restarted this log file can grow quite large. Personally I only enable this logging when I’m troubleshooting a specific issue and then I leave it disabled. <br />
<br />
Enabling PortICA logging (<a href="http://support.citrix.com/article/CTX118837" target="_blank">CTX118837</a>):<br />
<ul>
<li>Change your vDisk to Private mode and boot your template machine</li>
<li>Log in with an admin account<!--EndFragment--></li>
<li>Navigate to %ProgramFiles%\Citrix\ICAService\XML (If the XML folder does not exist, create one)</li>
<li>Create an new XML file called PorticaConfig.XML</li>
<li>Paste the following into the file:</li>
<?xml version="1.0" encoding="utf-8"?> <br /><Config xmlns="Portica.xsd"> <br /> <Portica> <br /> <LogFile> <br /> <LogLevel>5</LogLevel> <br /> </LogFile> <br /> <CdfTrace> <br /> <LogLevel>5</LogLevel> <br /> </CdfTrace> <br /> <FunctionTrace> <br /> <LogLevel>5</LogLevel> <br /> </FunctionTrace> <br /> </Portica> <br /></Config><br />
<li>Save and close the file</li>
<li>Restart the Citrix ICA service or reboot your template machine
</li>
</ul>
You can change the level of logging with the following values 0, 1, 5 or 9 with 0 being the least verbose. Unfortunately you can not change the directory where the log file gets created so you if you use a standard vDisk that gets refreshed at every logoff you’ll need a shutdown script to copy the log to either a persistent disk or a file share. By default on Windows XP the log file is located at: <em>C:\Documents and Settings\LocalService\Local Settings\Temp</em> and on Windows 7 it’s located at <em>%WinDir%\ServiceProfiles\LocalService\AppData\Local\Temp</em><br />
<br />
There is also a logging tool that Citrix has published as outlined in <a href="http://support.citrix.com/article/CTX127492" target="_blank">CTX127492</a> that can enable more logging however I have solved most of my issues using VDA, DDC and PortICA logging. Regardless of how you setup logging a great utility to help you read them is Trace32.exe from the ConfigMgr toolkit. <a href="http://www.microsoft.com/en-ca/download/details.aspx?id=9257" target="_blank">Download</a> and install the tools and then open your log files with Trace – your eyes will thank you.tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-42228059821702772722012-09-17T16:17:00.000-05:002013-01-19T14:07:07.300-06:00Where can I find that GPO setting?Is there a policy for that? Would that be a computer based policy or a user based policy? If I can’t set that with a traditional group policy can I do it with a preference? When dealing with Group Policy Objects (GPOs) I find myself asking these types of questions all the time? Wouldn’t it be nice if there was a searchable site of policy settings? Sure you can Google settings and there are great sites such as <a href="http://www.gpanswers.com/" target="_blank">www.gpanswers.com</a> but I’m talking about a site that allows you to search for group policy settings, identifies where you can set them, explain what they do and most importantly what registry settings they touch. There is. MSDN publishes a site that does this. <a href="http://gps.cloudapp.net/" target="_blank">Group Policy Search</a> is a fantastic resource when dealing with group policies. When you search for setting the tool will provide you with the following information:<br />
<ul>
<li>Policy Name</li>
<li>Category Path (Where you can find it in the console)</li>
<li>Supported Platforms (What the minimal operating system level required)</li>
<li>Registry Key</li>
<li>Value</li>
<li>Explanation of what the policy does</li>
</ul>
If you’re like me and deal regularly with group policy administration you’ll find this tool a huge time saver. And yes it has just been updated for Windows 8 and Windows Server 2012tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-67193691058299827712012-09-11T20:34:00.000-05:002013-01-19T15:32:14.439-06:00WMI and the ConfigMgr ClientIf you still manage Windows XP machines with ConfigMgr I’m sure that you know that 9 out of 10 client health issues are WMI related. Whether it’s the CCM namespace getting corrupt or the entire WMI repository getting corrupt... Windows XP WMI + ConfigMgr = unstable.<br />
Most of the time you can get away with simply deleting the ccm namespace and then reinstalling the ConfigMgr client to correct the problem. (More on that later) However there are times when the fix requires you to rebuild the entire WMI repository – which should be used as a last resort as there could be other applications on the machine that rely on WMI. <br />
After searching around for WMI resources I came across this <a href="http://www.madanmohan.com/2010/10/rebuilding-wmi-repository.html" target="_blank">post</a> which does a great job of detailing different ways to resolve your WMI issues based on your Operating System version. I've used many of these approaches in order to resolve client health issues but I’ve had the most success with the following command:<br />
<ul>
<li>From a command prompt run rundll32 wbemupgrd, RepairWMISetup </li>
</ul>
If you decide that rebuilding the WMI repository is what you need to do follow these steps for Windows XP:<br />
<ul>
<li>Open a command prompt and run the following</li>
<ul>
<li>net stop winmgmt</li>
</ul>
<li>Browse to %windir%\System32\Wbem</li>
<li>Rename the <em>Repository</em> folder</li>
<li>Go back to your command prompt and run the following to rebuild your repository</li>
<ul>
<li>net start winmgmt</li>
</ul>
</ul>
As mentioned before, If you rebuild your WMI repository you run the risk of breaking other applications on that machine that require WMI. A safer method is to simply delete the CCM namespace and then repair the ConfigMgr client. One tool that I now use almost exclusively is <a href="http://sourceforge.net/projects/smsclictr/" target="_blank">SCCM Client Center</a>. SCCM Client Center allows you to do a variety of things but one of the most handy options are it’s client repair options. After you install Client Center connect to the machine in question, (Top left-hand corner) click on the <em>Agent Action</em> menu (highlighted in the screen shot below) and as you can see there are a bunch of actions that you can kick off to repair the ConfigMgr client. Most of the time selecting <em>Delete root \ccm</em> will resolve your problem. <br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4fmG6JSKIkPsfvxyRUuukh0GeCt2Q9roX01GQA87PlD6wC6noB7vRDWqcCrFg9McQrfVJlsLUShr-Ppt0MgllrI_45dBZoXFA-g7hbYm70IDrQN8tcZpz2NSluEOArGBEZOsmf047_1dC/s1600-h/image%25255B8%25255D.png"><img alt="image" border="0" height="618" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCxo5cZK58hagiX-OBvGFPLtwEDPFBaxIsfSijvhmvQ7p15Cz3WptiUvp1zHt7q3v8EEzoxi3J4pE1GcK-2dn4C9HHpE_eVhEiPgrl4yXcoeU7jBrdEwSm8CVqaKUSffBmu1MVLozaZdiv/?imgmax=800" style="background-image: none; border: 0px currentColor; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="image" width="678" /></a><br />
<br />
I find myself using this tool everyday for a variety of reasons. tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-6141043647567088532012-04-30T22:18:00.000-05:002013-01-19T15:31:57.023-06:00Task Scheduler Does Not Save Network CredentialsWhether it’s PCI, HIPAA, CSOX or another compliance program that effects your organization, server hardening is most likely part of the program. Its one thing to provision a hardened server and then get you application installed and working correctly – your server’s behaviour doesn’t change after it’s provisioned. However when the hardening settings are pushed out post production the server’s behavior may change where things that once worked no longer do. For example recently I had an issue where a scheduled task on one of my servers would no longer store the network credentials of the service account that was running the job. What once worked, no longer did. <br />
<br />
After a little digging I found that a security setting on the box had been updated. The following setting, Network access: Do not allow storage of credentials or .NET Passports for network authentication had been changed from disabled to enabled in the local security policy. For more information on this setting check out <a href="http://technet.microsoft.com/en-us/library/cc779377.aspx" target="_blank">TechNet</a>. Once this setting was reverted back to the default setting the scheduled task get be set to use a domain service account.tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-73926348987012568542012-03-19T14:17:00.000-05:002015-02-11T15:55:18.003-06:00PowerPoint causes 100% CPU usage in a seamless XenDesktop session<br />
<span style="font-family: inherit;">For last couple of days I’ve been trying to determine the
root cause of a problem that I was having with PowerPoint and XenDesktop. The scenario
was a Windows XP workstation with Office 2010 being launched in a seamless XenDesktop
5.0 SP1 session on a dual monitor machine. Whenever I opened PowerPoint it
would cause Explorer.exe to use 100% CPU and render the virtual machine
useless. The issue did not occur if I started PowerPoint in safe mode. After
much trial and error and countless searches online I came across the following Citrix article that was just
published – <a href="http://support.citrix.com/article/CTX132436" target="_blank">CTX132436</a>. It’s not the exact setup that I had but it did bring to
attention the <em>Disable hardware graphics acceleration</em> setting in the Advanced
options of PowerPoint. Once I enabled this option PowerPoint could open in a
seamless session without pinning the CPU.<o:p> </o:p></span><br />
<span style="font-family: inherit;"><br /></span>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">This setting is a per-user setting so you will need to apply
it to every user that logs on. To deploy this via GPO you will need
to download the Office 2010 ADM, ADMX/ADML files from <a href="http://www.microsoft.com/download/en/details.aspx?id=18968" target="_blank">here</a>.
Once you have downloaded and installed them, (Note if you use ADM files you’ll need to
add them to your policy using Add/remove Templates from within the GPO) open
your GPO editor</span></div>
<ul>
<li><div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">Navigate to User Configuration\Policies\Administrative
Templates\Microsoft Office 2010\Miscellaneous </span></div>
</li>
<li><div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">Set <em>Do not use hardware graphics
acceleration</em> to Enabled</span><span style="font-family: Calibri;"><o:p></o:p></span></div>
</li>
</ul>
tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-77055305981151110072012-02-15T20:18:00.000-06:002013-01-19T15:31:18.853-06:00ConfigMgr Reports Prompts for a Password<span style="font-family: Calibri;">Out of the blue my web reporting for ConfigMgr started
prompting for a password and no matter what account you entered it would be
rejected. If you cancelled the prompt you would receive an access denied error.
My reporting site was setup properly with all of the correct prerequisites as
it had been online for a couple of years. Nothing seemed to work – no recent
patches had been installed, logs were clean, permissions looked correct,
IISRESET didn’t nor did a system reboot. Reports would also work fine from a
local session on the site server. After much digging I finally came across a
<a href="http://social.technet.microsoft.com/Forums/en-GB/configmgrsetup/thread/04fa019b-a383-417d-a912-0a5979e1c8e9" target="_blank">post</a> on the TechNet forums that resolved the issue. Here are the steps that
helped resolve the issue:</span><br />
<br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0cm 0cm 0pt 40.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">Open IIS Manager and navigate to your
SMS_Reporting site</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0pt 40.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">Click on the site and select Authentication
under IIS from the main screen</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0pt 40.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">From the Action pane select Providers</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0pt 40.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">Ensure the NTLM is listed and it is at the top
of the list</span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0cm 0cm 10pt 40.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">Open a command prompt and run IISRESET</span></div>
<span style="font-family: Calibri;">After that I could access reports locally and from a remote
session. All the more reason to migrate my ConfigMgr reporting to SQL Reporting Services. </span>tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-75798071666947276792012-02-12T18:07:00.000-06:002013-01-19T15:30:56.854-06:00PXE test request failed, status code is -2147467259, Error receiving replies from PXE server<br />
<span style="font-family: Calibri;">Recently OSD on my primary site server stopped working – but
only when connecting via PXE. If I was using an existing boot disk, I could
connect and start the imaging process. The PXE control log had the following
entry over and over:</span>
<br />
<br />
<i style="mso-bidi-font-style: normal;"><span style="font-family: Calibri;">“PXE test request
failed, status code is -2147467259, Error receiving replies from PXE server”</span></i><br />
<br />
<span style="font-family: Calibri;">I assumed that the Windows Deployment Services Server (WDS) service
had stopped and all I had to do was restart it and it would start responding to
PXE requests. I was correct on one thing, the WDS service had stopped however
when I tried to restart the service I got a very similar error in the event
viewer as references in this forum <a href="http://social.technet.microsoft.com/Forums/en-ZA/configmgrosd/thread/2a321400-3cef-4d47-bd05-2b90049352cb" target="_blank">post:</a></span><br />
<br />
<em>Log Name: System<br />Source: Service Control Manager<br />General: The Windows Deployment Services Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 600000 milliseconds: Restart the service.</em><br />
<br />
<span style="font-family: Calibri;"><em>Log Name: Application<br />Source: Application Error<br />General: Faulting application name: svchost.exe_WDSServer, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1<br />Faulting module name: wimgapi.dll, version: 6.1.7600.16385, time stamp: 0x4a5be09a<br />Exception code: 0xc0000005<br />Fault offset: 0x0000000000032a8e<br />Faulting process id: 0x1338<br />Faulting application start time: 0x01cbfecfb154f4f3<br />Faulting application path: C:\Windows\system32\svchost.exe<br />Faulting module path: C:\Windows\system32\wimgapi.dll<br />Report Id: f089f975-6ac2-11e0-9ddc-005056970055</em></span><br />
<div class="MsoNormal" style="margin: 0cm 0cm 10pt;">
<br />
<span style="font-family: Calibri;">After rebooting the server the same error was logged and WDS
would not start. Even after removing the boot image from my distribution points
and then adding them back - WDS would still not start. I tracked them problem
down to recent driver addition to the WinPE boot image. It looked like when
ConfigMgr was recompiling the WIM file it corrupted the image. To resolve this
issue I did the following:</span></div>
<div class="MsoListParagraphCxSpFirst" style="margin: 0cm 0cm 0pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">Remove the boot image from all distribution
points (monitoring the distmgr log file)</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">Removed all drivers from the WinPE image</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">Added all our drivers back to the image and
allowed it to recompile</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">Added the boot image back to the distribution points
(monitoring the distmgr log file)</span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0cm 0cm 10pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><span style="font-family: Calibri;">When everything had replicated successfully I
was able to restart the WDS service</span></div>
tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-73439149278706770142011-10-06T10:57:00.002-05:002011-10-09T09:13:33.912-05:00Merging Group Policies with PowerShellAs most environments grow they end up having many group polices enforcing a variety of different settings. At a certain point they become unmanageable and are in need of a cleanup. Merging GPOs is a pain as there isn’t really a good way of doing it – without PowerShell anyway. We faced this exactly scenario recently and lucky for us we came across this <a href="http://blogs.technet.com/b/ashleymcglone/archive/2011/01/19/finally-copy-and-merge-gpos-powershell-saves-the-day.aspx">blog post </a>by Ashley McGlone on TechNet. His script takes advantage of the Get-GPRegistryValue function to capture all of the settings and then copies them to a destination policy.<br />
<br />
<i>#--------------------------------------------------------------------<br />
# Copy GPO Registry Settings<br />
# Ashley McGlone, Microsoft PFE<br />
# http://blogs.technet.com/b/ashleymcglone<br />
# January 2011<br />
#<br />
# Parameters:<br />
# dom FQDN of the domain where the GPOs reside<br />
# src string name of the GPO to copy settings from<br />
# dest string name of the GPO to copy settings to<br />
# newDest switch to create dest GPO if it does not exist<br />
# copymode part of GPO to copy: all, user, computer<br />
#--------------------------------------------------------------------<br />
<br />
Param (<br />
$dom,<br />
$src,<br />
$dest,<br />
[switch]$newDest,<br />
$copymode<br />
)<br />
<br />
# We must continue on errors due to the way we enumerate GPO registry<br />
# paths and values in the function CopyValues.<br />
$ErrorActionPreference = "SilentlyContinue"<br />
$error.PSBase.Clear()<br />
<br />
Import-Module ActiveDirectory<br />
Import-Module GroupPolicy<br />
<br />
#--------------------------------------------------------------------<br />
# Help<br />
#--------------------------------------------------------------------<br />
if ($dom -eq $null -and `<br />
$src -eq $null -and `<br />
$dest -eq $null -and `<br />
$copymode -eq $null) {<br />
""<br />
"Copy-GPORegistryValue by Ashley McGlone, Microsoft PFE"<br />
"For more info: http://blogs.technet.com/b/ashleymcglone"<br />
""<br />
"This script copies registry-based GPO settings from one GPO into another."<br />
"Use this script to copy and/or merge policy settings."<br />
"NOTE: This version does not copy GPO preferences."<br />
""<br />
"Syntax:"<br />
".\Copy-GPRegistryValue.ps1 [-dom DomainFQDN] -src `"Source GPO`""<br />
" -dest `"Destination GPO`" [-newDest]"<br />
" [-copymode all/user/computer]"<br />
""<br />
"The -dom switch will default to the current domain if blank."<br />
"The -copymode will default to all if blank."<br />
"The -newDest switch will create a new destination GPO of the specified"<br />
"name. If the GPO already exists, then the copy will proceed."<br />
""<br />
Return<br />
}<br />
<br />
#--------------------------------------------------------------------<br />
# Validate parameters<br />
#--------------------------------------------------------------------<br />
if ($dom -eq $null) {<br />
$dom = (Get-ADDomain).DNSRoot<br />
} else {<br />
$dom = (Get-ADDomain -Identity $dom).DNSRoot<br />
If ($error.Count -ne 0) {<br />
"Domain name does not exist. Please specify a valid domain FQDN."<br />
$error<br />
Return<br />
}<br />
}<br />
<br />
if ($src -eq $null) {<br />
"Source GPO name cannot be blank."<br />
Return<br />
} else {<br />
$src = Get-GPO -Name $src<br />
If ($error.Count -ne 0) {<br />
"Source GPO does not exist. Be sure to use quotes around the name."<br />
Return<br />
}<br />
}<br />
<br />
if ($dest -eq $null) {<br />
"Destination GPO name cannot be blank."<br />
Return<br />
} else {<br />
if ($newDest -eq $true) {<br />
$desttemp = $dest<br />
$dest = New-GPO -Name $desttemp<br />
If ($error.Count -ne 0) {<br />
"The new destination GPO already exists."<br />
"Do you want to merge into this GPO (y/n)?"<br />
$choice = Read-Host<br />
if ($choice -eq "y") {<br />
$dest = Get-GPO -Name $desttemp<br />
} else {<br />
Return<br />
}<br />
}<br />
} else {<br />
$dest = Get-GPO -Name $dest<br />
If ($error.Count -ne 0) {<br />
"Destination GPO does not exist. Be sure to use quotes around the name."<br />
Return<br />
}<br />
}<br />
}<br />
<br />
if ($copymode -eq $null) {<br />
$copymode = "all"<br />
} else {<br />
if ($copymode -ne "all" -and `<br />
$copymode -ne "user" -and `<br />
$copymode -ne "computer") {<br />
"copymode must be one of the following values:"<br />
"all, user, computer"<br />
Return<br />
}<br />
}<br />
#--------------------------------------------------------------------<br />
<br />
<br />
#--------------------------------------------------------------------<br />
# Echo parameters for this run<br />
#--------------------------------------------------------------------<br />
""<br />
"Domain: $dom"<br />
"Source GPO: $($src.DisplayName)"<br />
"Destination GPO: $($dest.DisplayName)"<br />
"New Destination: $newDest"<br />
"CopyMode: $copymode"<br />
""<br />
#--------------------------------------------------------------------<br />
<br />
<br />
#--------------------------------------------------------------------<br />
# Copy GPO registry values recursively beginning at a specified root.<br />
#--------------------------------------------------------------------<br />
# THIS IS THE HEART OF THE SCRIPT.<br />
# Essentially this routine does a get from the source and a set on<br />
# the destination. Of course nothing is ever that simple, so we have<br />
# to account for the policystate "delete" which disables a setting;<br />
# this is like a "negative set".<br />
# We recurse down each registry path until we find a value to<br />
# get/set.<br />
# If we try to get a value from a path (non-leaf level), then we get<br />
# an error and continue to dig down the path. If we get a value and<br />
# no error, then we do the set.<br />
# User values have a single root: HKCU\Software.<br />
# Computer values have two roots: HKLM\System & HKLM\Software.<br />
# You can find these roots yourself by analyzing ADM and ADMX files.<br />
# It is normal to see an error in the output, because all of these<br />
# roots are not used in all policies.<br />
#--------------------------------------------------------------------<br />
Function CopyValues ($Key) {<br />
$Key<br />
$error.PSBase.Clear()<br />
$path = Get-GPRegistryValue -GUID $src.ID -Key $Key<br />
$path<br />
If ($error.Count -eq 0) {<br />
ForEach ($keypath in $path) {<br />
$keypath<br />
$keypath | ForEach-Object {Write-Host $_}<br />
If ($keypath.HasValue) {<br />
$keypath.PolicyState<br />
$keypath.Valuename<br />
$keypath.Type<br />
$keypath.Value<br />
If ($keypath.PolicyState -eq "Delete") { # PolicyState = "Delete"<br />
Set-GPRegistryValue -Disable -Domain $dom -GUID $dest.ID `<br />
-Key $keypath.FullKeyPath -ValueName $keypath.Valuename<br />
} Else { # PolicyState = "Set"<br />
$keypath | Set-GPRegistryValue -Domain $dom -GUID $dest.ID<br />
}<br />
} Else {<br />
CopyValues $keypath.FullKeyPath<br />
}<br />
}<br />
} Else {<br />
$error<br />
}<br />
}<br />
#--------------------------------------------------------------------<br />
<br />
<br />
#--------------------------------------------------------------------<br />
# Call the main copy routine for the specified scope of $copymode<br />
#--------------------------------------------------------------------<br />
Function Copy-GPRegistryValue {<br />
<br />
# Copy user settings<br />
If (($copymode -eq "user") -or ($copymode -eq "all")) {<br />
CopyValues "HKCU\Software"<br />
}<br />
<br />
# Copy computer settings<br />
If (($copymode -eq "computer") -or ($copymode -eq "all")) {<br />
CopyValues "HKLM\System"<br />
CopyValues "HKLM\Software"<br />
}<br />
}<br />
#--------------------------------------------------------------------<br />
<br />
# Start the copy<br />
Copy-GPRegistryValue<br />
<br />
# ><></i>tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-55463109410756533812011-10-06T08:27:00.002-05:002013-01-19T15:30:31.373-06:00Steve Jobs 1955 - 2011Like him or not, Steve Jobs was one of the greatest innovators of our time. His creative vision saved Apple from the brink in the late nineties and turned it into a consumer electronics powerhouse. Just look at how the iPod, iPad and the iPhone has changed our lives. With his health failing he passed the torch one final time to now CEO and Chairman of the board Tim Cook this past August. It will be interesting to see how Apple fairs in the coming years without the innovation and creativity of Jobs. He touched a lot of people and his loss will be felt throughout the world.<br />
<br />
<i>"The world rarely sees someone who has had the profound impact Steve has had, the effects of which will be felt for many generations to come. For those of us lucky enough to get to work with him, it’s been an insanely great honor. I will miss Steve immensely."<br />
</i> <br />
<i>- Bill Gates</i>tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-90420088540663405942011-08-23T08:35:00.002-05:002013-01-19T15:30:09.917-06:00An error occurred when loading the task sequenceRecently I ran into a problem where I was unable to open and edit any of my task sequences. It didn’t matter whether I was accessing ConfigMgr from a remote console or locally on one of my site servers – they would fail to open. The error that I was getting:<br />
<br />
<em>"An error occurred when loading the task sequence"</em><br />
I tried rebooting the problem site server but still no luck. According to <a href="http://support.microsoft.com/kb/2468097">KB2468097</a> this is caused because the BDD_* WMI classes are no longer correctly registered under the \root\SMS\site_ namespace in WMI.<br />
<ul>
<li>Close all of your remote and local SCCM admin console sessions </li>
<li>Log on to your Configuration Manager server and select Start -> All Programs -> Microsoft Deployment Toolkit -> Configure ConfigMgr Integration </li>
<li>In the Configure ConfigMgr Integration wizard, select “Remove the ConfigMgr custom action definitions” and then click next to remove all the definitions </li>
<li>Re-run Configure ConfigMgr Integration again, and select “Install the ConfigMgr extensions”</li>
</ul>
I also found that my site server needed to be rebooted after following the steps outlined above before the issue was resolved. This problem occurred on consecutive days a few weeks back but has yet to resurface since.tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-31239864858841228122011-07-22T09:43:00.003-05:002013-01-19T15:29:52.894-06:00KB982399 - ConfigMgr site server stops responding while processing status messages<br />
I find that from time to time a ConfigMgr site will stop responding. Some of the first symptoms that are noticed are software distribution will stop, site backups fail and you no longer get site status messages. In the Application event viewer you may notice the following error:<br />
<br />
<em>A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SMS_EXECUTIVE service.</em><br />
<br />
Generally restarting the SMS Executive service and the SMS Site Component Manger service or rebooting your site server will resolve the issue. (Temporarily) Microsoft has released a hotfix for ConfigMgr SP2 site servers that resolves this issue <a href="http://support.microsoft.com/kb/982399">http://support.microsoft.com/kb/982399</a> According to the article the issue is caused by a deadlock situation in the SMS Executive service. I’ve applied the hotfix to one of my problematic site servers and I have not experienced a reoccurrence of this issue.tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-57589830462396656412011-07-18T08:17:00.000-05:002011-07-18T08:17:16.342-05:00Windows XP SP3 - update.exe extended error code 0xf00d<span style="font-family: Calibri;">Every once in a while an old Windows XP machine will make its way back onto our network – most of the time it’s an old laptop that has been sitting in someone’s desk or in some storage room. Machines are checked out for missing patches or Anti-Virus dat updates prior to the machine being added back onto our domain however once in a while a machine will be missed. For this reason we are still scanning for pre Windows XP SP3 machines and if one is detected SP3 is pushed to it<span style="mso-spacerun: yes;"> </span>so that the machine can catch up on patches. (We are looking at quarantine solution for rouge machines but that’s another story) The other day a Windows XP SP2 laptop was detected but the SP3 upgrade kept failing. The only sign of a problem in Event Viewer was an entry stating that the update had been cancelled and when I ran the update interactively, same thing. <span style="mso-spacerun: yes;"> </span>When I checked the install log (C:\Windows\svcpack.log) it had the following entry: <i style="mso-bidi-font-style: normal;">update.exe extended error code 0xf00d</i></span><o:p><span style="font-family: Calibri;"> </span></o:p> <br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="font-family: Calibri;">After some searching I found that if you browse to <i style="mso-bidi-font-style: normal;">C:\Windows\System32</i> and rename <i style="mso-bidi-font-style: normal;">spupdsvc.exe</i> to something like<i style="mso-bidi-font-style: normal;"> spupdsvc.old </i>and then reapply the update, <i style="mso-bidi-font-style: normal;">spupdsvc.exe </i>will get recreated and Service Pack 3 will complete successfully. </span></div>tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-20847069750896688202011-07-13T21:18:00.000-05:002013-01-19T15:29:00.626-06:00Office File Validation Add-in Causes Excel 2003 Workbooks to open slower over networks<br />
In an enterprise environment this is an understatement - test KB2501584 very carefully. During each patching cycle we roll out patches to about 400 workstations for testing in order to QA the deployment. Shortly after deploying the latest round of Microsoft patches we started to get reports of Excel 2003 would stop responding when trying to open up files across the network. Local workbooks were fine. When the exact symptoms were identified it wasn’t long before I found a Microsoft knowledgebase <a href="http://support.microsoft.com/kb/2570623">article</a> outlining the same symptoms and referencing the Office File Validation Add-in (OFV) as the culprit. <br />
<br />
Office 2007 and 2010 will copy the file locally and then validate it to see if it is safe to open. Office 2003 tries to complete this process across the network. A workbook that normally takes seconds to open was taking upwards of 10 – 15 minutes if the user had Excel 2003. (Keep in mind that this is across a well connected LAN) <br />
<br />
Microsoft has published a workaround but as I quickly found out it had little effect. The registry key that is referenced in <a href="http://support.microsoft.com/kb/2570623">KB2570623</a>:<br />
<br />
<em>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\</em><br />
<br />
According to this <a href="http://pariswells.com/blog/tag/the-office-file-validation">post</a> should be: <br />
<br />
<em>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\11.0</em><br />
<br />
And then follow the steps outlined below:<br />
<br />
1. After you select the key that is specified in step 3, point to New on the Edit menu, and then click Key. <br />
2. Type Excel, and then press ENTER. <br />
3. Select Excel, point to New on the Edit menu, and then click Key. <br />
4. Type Security, and then press ENTER. <br />
5. Select Security, point to New on the Edit menu, and then click Key. <br />
6. Type FileValidation, and then press ENTER. <br />
7. Select FileValidation, point to New on the Edit menu, and then click DWORD Value. <br />
8. Type EnableOnLoad, and then press ENTER. (Note: The default value is 0 which disables the validation) <br />
<br />
Once the correct key has been added to the user’s profile, workbooks will open normally using Excel 2003. Long story short upgrade to Office 2010.tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-59215660044282886892011-05-23T20:03:00.001-05:002011-06-30T13:33:57.886-05:00Office 2010 SP1 To Be Released SoonMicrosoft is planning on releasing Office 2010 Service Pack 1 at the end of June 2011. SP1 will be available for all 40 SKU languages of Office. Each product in the suite will have updates included in SP1 and as always they will be cumulative. For a list of some of the highlights check out the Office Sustained Engineering <a href="http://blogs.technet.com/b/office_sustained_engineering/archive/2011/05/16/announcing-service-pack-1-for-office-2010-and-sharepoint-2010.aspx">blog</a>.<br />
<br />
<em>Update: Microsoft has released Office 2010 SP1 </em><a href="http://www.microsoft.com/download/en/details.aspx?id=26622"><em>http://www.microsoft.com/download/en/details.aspx?id=26622</em></a>tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-11370505959482557932011-05-22T18:16:00.000-05:002013-01-19T15:28:07.574-06:00ConfigMgr PXE Certificate RenewalWhen I originally setup my ConfigMgr environment setting up my OSD PXE certificaates was kind of a set and forget process so when my deployment team started getting a prompt about an expiring cert I thought "Oh ya I forgot about those." <br />
<br />
In order to update your PXE certifcate you need to locate the site system that hosts the PXE Service Point where you want to update the certificate, double click the PSP role, on the database tab select create a self-signed PXE certificate and specify an appropriate date range and then click apply. As soon as you create your new certificate your old one will be blocked. It's just that simple but it's one of those tasks that you probably don't do that frequently.<br />
<br />
If you are running in Native mode will have to import your new certificate from your root certificate authority. (CA)tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.comtag:blogger.com,1999:blog-5283964526638021536.post-57482516212946910082011-04-06T09:11:00.002-05:002013-01-19T15:27:52.737-06:00Installing KB977384 ConfigMgr R3 Client Upgrade in a Task SequenceR3 is the latest feature pack to be released for ConfigMgr 2007 – it is also the first R3 release in Microsoft’s history. The update includes a server side component as well as an upgrade for your ConfigMgr clients. Pushing the update out to your clients is one thing but when it comes to updating your OSD task sequences it gets a little tricky. If you simply attach the update as a install software step or call it from a script during your task sequence the sequence will fail because the R3 update stops the winmgmt service. In order to install the update during a task sequence you must add the correct command line to the installation properties of your ConfigMgr client install step. There are a couple of ways of doing this.<br />
<br />
Locate the “Setup Windows and ConfigMgr” step in you task sequence and on the properties tab under Installation properties add one of the following command lines:<br />
<br />
<em>PATCH="%_SMSTSMDataPath%\OSD\Package ID<package_id>\i386\hotfix\KB977384\SCCM2007AC-SP2-KB977384-x86-enu.msp"</package_id></em><br />
<br />
Or you might need to specify a drive letter instead of using the SMSTSMDataPath variable<br />
<br />
<em>PATCH=”C:\_SMSTaskSequence\OSD\Package ID<packageid>\i386\hotfix\KB977384\sccm2007ac-sp2-kb977384-x86-enu.msp"</packageid></em><br />
<br />
However if you have set the advertisement for your task sequence to access content directly from a distribution point when needed by the running task sequence then you’ll need to change the SMSTSMDataPath variable or your local drive reference to the network location of your R3 patch. Like this:<br />
<br />
<em>PATCH=”\\Network Location\ConfigMgr Client Source Files Directory\hotfix\KB977384\sccm2007ac-sp2-kb977384-x86-enu.msp"</em>tjhttp://www.blogger.com/profile/07903486708432109686noreply@blogger.com