• Log onto server Open SQL Server Management Studio (SSMS) Click About then Help To the right of SQL Server Management Studio match the Versions with the list below to determine your service pack level. SQL Server 2008 Service Pack 3 10.00.5500.00 SQL Server 2008 Service Pack 2 10.00.4000.00 SQL Server 2008 Service Pack 1 10.00.2531.00 SQL Server 2008 RTM 10.00.1600.20 SQL Server 2008 R2 Service Pack 1 10.50.2500.0 SQL Server 2008 R2 RTM 10.50.1600.1
  • April 4, 2012

    Fix SCOM Data Warehouse Error 31552

    To start fixing this SCOM error go to Administration> Run As Configuration > Accounts In the Accounts pane there are 2 accounts you need to reset the username and password for Data Warehouse SQL Server Authentication Account and Reporting SDK SQL Server Authentication Account.By default these accounts are set to nothing but a single space. reset both accounts using the same account and password Apply the changes and checked the OpsMgr eventlog. Even though the EventID’s 31552 will still appearing the frequency will be far less. Even though the OpsMgr databases are maintained automatically, it doesn’t hurt to run every now an then a Stored Procedure to update the statistics: sp_updatestats. Run it against the Data Warehouse database (OperationsManagerDW) and the output showed that many tables were updated.
  • When setting up Microsoft ForeFront The first thing to do is to run Serversetup.exe. Of course you’ll want to run the file so click Run.Fill in your Name and Organization then click Next.You’re going to have to put a check in I accept the software license terms.When you do Next will be available so click Next.Now this is where you’re be choosing your topology. For this example we’llgo ahead and chose a Basic topology. This will install Microsoft ForefrontEndpoint Protection 2010 Database, Site Server Extension, Console Extension,Reporting components, and Reporting database based on your currentConfiguration Manager deployment. Maybe in future blogs I’ll go through otherdeployment options. Don’t forget to click Next.Here is where you will setup the Reporting server account information.Mostly it will be filled out by the user running setup but you can change thedomainusername. Click Next.If the password you typed doesn’t match the domainusername you’ll get theerror below. Microsoft Forefront Endpoint Protection 2010 Error: The password is incorrect, or this account is not valid. Account :domainusername After I corrected my intentional typo FEP is now warning me that I shouldn’tuse my domain admin account. Microsoft Forefront Endpoint Protection 2010 For security reasons, it is not recommended to use a domain administratoraccount ‘domainusername’ as the reporting account. I’m going to OK this because it’s just a test lab. By default FEP will want to Join the Customer Experience ImprovementProgram. I recommend keeping this checked. I also checked User Microsoft Updateto keep my products up to date. Join Microsoft Spynet Basic is checked by default. I changed mine toAdvanced SpyNet. Location and disk space requirements blah blah blah. Oh no! It looks like my Verifying SQL Server prerequisite Failed with anError. When I click the More link I see the error below Forefront Endpoint Protection 2010 requires that the SQL Server Agentservice...
  • Have you tried to renew the existing SCCM site server signing certificate for a native mode site, and wondered how to do this without creating a new certificate? This post provides a procedure to do this that is suitable for when the site server is on either Windows Server 2003 or Windows Server 2008, and your PKI uses Microsoft Certificate Services. Disclaimer: This procedure is external to Configuration Manager, so you will not find this information in the Configuration Manager product documentation. However, we realize that PKI is often new to Configuration Manager admins, and aim to share our knowledge and experience to help you be more successful with the product. You can use the same procedure to renew any certificate that’s deployed through Certificate Services, but Group Policy auto-enrollment usually takes care of client certificate renewal automatically. And the IIS site system certificates for server authentication can be easily renewed from the Certificates MMC, by right-clicking on the certificate and selecting All Tasks, and then either Renew Certificate with New Key (recommended), or Renew Certificate with Same Key. However, there are 2 challenges for renewing the site server signing certificate: The Certificates MMC on Windows Server 2003 does not let you specify the Subject value, so you cannot renew the certificate with a new site code. The Certificates MMC is not designed for certificate templates that are configured for manual approval. A note here about manual approval and why changing this to automatic approval in order to workaround the Certificates MMC design is not recommended. Manual approval is recommended for the site server signing certificate because it is a “high value” certificate. It’s high value because it represents the key to the kingdom – your Configuration Manager hierarchy. In comparison with the other certificates, if this certificate is compromised (requested by a compromised or rogue site server), the whole integrity of the hierarchy is in jeopardy. One...
  • When deploying printers by group policy (GPO) 1000 is the default before you can no longer see anymore in the print manager. Microsoft has a work around to fix this issue . 1. On a DC open ntdsutil from the command prompt. 2. type ldap policies 3. type connections 4. type connect to the DC name 5. type quit 6. type show values 7. note the value for MaxPageSize 8. type set maxpagesize to # 9. type commit changes 10. type show values 11. note the new value 12. type quit twice
  • January 10, 2012

    Upgrading MDT 2008 to 2010 for SCCM

    MDT (Microsoft Deployment Toolkit) provides the ability to do Lite Touch Deployments of computers. MDT has enhanced task sequence steps over those that are included in SCCM by default. Luckily you can integrate MDT with SCCM to get the best of both worlds (and achieve Zero Touch Deployments!) . This guide runs through the steps required to upgrade your version of MDT to 2010 and maintain the SCCM integration… This morning MDT 2010 RTM was released to the public (you can download it here). To see a list of the changes and new features you can expect to find take a look here. MDT 2008 integrated with SCCM task sequences To play safe before upgrading MDT first remove the integration with SCCM: • Run the “Configure ConfigMgr Integration” shortcut provided by MDT 2008 and select “remove components”. • Enter your SCCM site details and click Finish. • After confirming the MDT options have disappeared from the SCCM task sequence menus run the MDT 2010 setup Next perform the install of MDT • Step through the wizard selecting the components you want and the install location • The MDT setup will now take care of removing MDT 2008 and installing itself over the top After the wizard completes you can then re-run the integration wizard to add the MDT hooks back into SCCM • Enter your site details that you used in the first step When the wizard completes the MDT options should now be back in under the task sequence options: Note: If you had used MDT 2008 to provide unknown computer support to SCCM (if you can’t upgrade to R2 to get it natively) then you might want to consider not upgrading. MDT 2010 does not support the PXE filter driver but it does still allow you to remove it if you didn’t uninstall it before upgrading.
  • MS Office Communications Server 2007 aka OCS SSL Certificate CSR Creation How to generate a CSR for Microsoft Office Communications Server 2007 1. After you have installed Office Communications Server 2007 (OCS) click Start -> Programs -> Administrative Tools -> Office Communications Server 2007 2. Expand the items in the snap-in until you get to the Enterprise Edition Server that you installed. 3. Right-click on the correct server name and select “Certificates“. Click next to get past the Certificate Wizard welcome screen. 4. Choose to “Create a new Certificate” and click Next. 5. Choose to “Prepare the request now, but send it later” and click Next. 6. Under “Name” enter name for your certificate. This name is simply a label for the certificate, so you can name it whatever you like such as the server name or the pool FQDN. 7. In order to export the certificate to other servers, you need to make sure that “Mark cert as exportable” is checked. Then click Next. 8. For “Organization” enter your EXACT legal company name including Inc, LLC, etc. if applicable. 9. For “Organizational Unit”, enter the department such as Accounting or Engineering and click Next. 10. For “Subject Name” enter the exact Fully Qualified Domain Name of the pool. Select the option to “Automatically add local computer name“, and click Next. 11. Enter your Country, State/Province, and City details and click Next. 12. Choose a file name and location to save your new Certificate Request (CSR). The file will be a text file, so it should be given a .txt extension. Click Save. 13. Review the settings and finish the certificate wizard. This will save the CSR file to the location you entered above. While ordering your SSL Certificate, you will be asked to copy and paste your CSR to the DigiCert order form. Open your CSR file with notepad, and copy and paste the contents to the order form. Select “Microsoft Office Communications Server 2007” as the server platform.
  • To create and issue the site server signing certificate template 1. On the domain controller running the Windows Server 2003 console, click Start, Programs, Administrative Tools, Certification Authority. 2. Expand the name of your certification authority (CA), and then click Certificate Templates. 3. Right-click Certificate Templates, and click Manage to load the Certificates Templates management console. 4. In the results pane, right-click the entry that displays Computer in the Template Display Name column, and then click Duplicate Template. 5. In the Properties of New Template dialog box, on the General tab, enter a template name for the site server signing certificate template, such as ConfigMgr Site Server Signing Certificate. 6. Click the Subject Name tab, and then click Supply in the request. 7. Click the Extensions tab, make sure Application Policies is selected, and then click Edit. 8. In the Edit Application Policies Extension dialog box, select Client Authentication, press Shift and select Server Authentication, and then click Remove. 9. In the Edit Application Policies Extension dialog box, click Add. 10. In the Add Application Policy dialog box, select Document Signing as the only application policy, and then click OK. 11. In the Properties of New Template dialog box, you should now see listed as the description of Application Policies: Document Signing. 12. Click the Issuance Requirement tab, and select CA certificate manager approval. 13. Click OK and close the Certificate Templates administrator console, certtmpl – [Certificate Templates]. 14. In Certification Authority, right-click Certificate Templates, click New, and then click Certificate Template to Issue. 15. In the Enable Certificate Templates dialog box, select the new template you have just created, ConfigMgr Site Server Signing Certificate, and then click OK. Note If you cannot complete steps 14 or 15, check that you are using the Enterprise Edition of Windows Server 2003. Although you can configure templates with Windows...
  • 1. Click Start -> Run -> Regedit 2. Navigate to HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesIntelppm 3. Highlight the start value 4. Right click and click modify 5. Then change the value to 4 6. Click ok and reboot the PC