• September 20, 2012

    SCCM 2012 Remote Assistance Not Working

    How to fix SCCM 2012 Remote Assistance Not Working. After a brand new successful roll out of SCCM 2012 (System Center Configuration Manager) into a live environment I got a call from client clamming there Windows Remote Assistance was not working and it worked under there old system meaning SCCM 2007.  They sent me the error below.   After some research and a little digging I found the following.  You need to set the Manage soliciated Remote Assitance settings to True. Otherwise the Remote Assistance will just work if your customer is sending you a Remote Assistance offer.  So I went into there SCCM 2012 Client settings under Administration and Client Settings and changed these to settings as seen below.  
  • I have been doing a System Center Configuration Manager 2012 (SCCM 2012) install and these guides have been a big help and so far the system is work great.  I posted the link at the bottom there are a lot of different configuration setups depending on your environment.  I know this setup works cause I did these step by step and it worked great. Using Configuration Manager 2012 RC in a lab – Part 1. Installation. Part 1, Installation [October 27th 2011] Using Configuration Manager 2012 RC in a lab – Part 2, Adding SUP and WDS. Part 2. Adding Sup and WDS [October 28th 2011] Using Configuration Manager 2012 RC in a lab – Part 3, Configuring Discovery and Boundaries. Part 3. Configuring Discovery and Boundaries [October 29th 2011] Using Configuration Manager 2012 RC in a lab – Part 4, Configuring Client Settings and adding roles. Part 4. Configuring Client Settings and adding roles [October 29th 2011] Using Configuration Manager 2012 RC in a lab – Part 5, Enable the Endpoint Protection Role and configure Endpoint Protection settings. Part 5. Enable the Endpoint Protection Role and configure Endpoint Protection settings[November 5th 2011] Using Configuration Manager 2012 RC in a lab – Part 6, Deploying Software Updates. Part 6. Deploying Software Updates [November 5th 2011] using Configuration Manager 2012 RC in a LAB – Part 7. Build and Capture Windows 7 X64 Part 7. Build and Capture Windows 7 X64[November 6th 2011] How can I import computers into Configuration Manager 2012 using a file ? Importing Computers using a file in Configuration Manager 2012 [November 11th, 2011] using Configuration Manager 2012 RC in a LAB – Part 8.Deploying Windows 7 X64 Part 8.Deploying Windows 7 X64 [November 12th, 2011] using Configuration Manager 2012 RC in a LAB – Part 9. Adding an Application, editing a Deployment Type, Copying...
  • After moving the System Center 2012 Configuration Manager (SCCM2012) SQL Site Database to another drive, creating a new Software Update package or a new application fail Symptoms After moving the System Center 2012 Configuration Manager SQL Site Database to another drive, creating a new Software Update group, Software Update package, or creating a new application fails and errors similar to the following are logged in the SMSProv.log file: *** *** Unknown SQL Error! SMS Provider 14-03-2012 07:56:47 2016 (0x07E0) *~*~*** Unknown SQL Error! ThreadID : 2016 , DbError: 50000 , Sev: 16~*~* SMS Provider 14-03-2012 07:56:47 2016 (0x07E0) *** [24000][0][Microsoft][SQL Server Native Client 10.0]Invalid cursor state SMS Provider 14-03-2012 07:56:48 2016 (0x07E0) *~*~[24000][0][Microsoft][SQL Server Native Client 10.0]Invalid cursor state *** Unknown SQL Error! ThreadID : 2016 , DbError: 0 , Sev: 0~*~* SMS Provider 14-03-2012 07:56:48 2016 (0x07E0)   SQL Profiler provides the following additional details: An error occurred in the Microsoft .NET Framework while trying to load assembly id 65539. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or UNSAFE. Run the query again, or check documentation to see how to solve the assembly trust issues. For more information about this error: System.IO.FileLoadException: Could not load file or assembly ‘cryptoutility, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35′ or one of its dependencies. An error relating to security occurred. (Exception from HRESULT: 0x8013150A) System.IO.FileLoadException:    at System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)    at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)    at System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)    at System.Reflection.Assembly.Load(String assemblyString) Cause This can occur if the SQL Site Database MDF and LDF files are moved to a different drive. For example, if originally the Configuration Manager Site Database was created on C:Program filesMSSQL serverdata but then later the MDF and...
  • Log into SCCM and click on query and create this query to find broken SMS clients ( System Resource.Client is equal to 0 or System Resource.Client is Null or System Resource.Agent site is not equal to “D80” ) and System Resource.Operating System Name and Version is like “microsoft%” and System Resources.SMS Assigned Sites is not Null
  • June 10, 2012

    Installing New SCCM CA on IIS 7

    1.Open the IIS manager console 2. Click on the server name 3. Click Server Certificates 4. Right Click and select Create Domain Certificate 5. Complete all the needed information and select your certificate store server. Make sure you use the FQDN for the server in the Common Name section. 6. Right Click on Default Web Site 7. Click edit Bindings 8. click on edit for https then select your newly issued certificate 9. You do not need to reboot the server or restart IIS.
  • When setting up Microsoft ForeFront The first thing to do is to run Serversetup.exe. Of course you’ll want to run the file so click Run.Fill in your Name and Organization then click Next.You’re going to have to put a check in I accept the software license terms.When you do Next will be available so click Next.Now this is where you’re be choosing your topology. For this example we’llgo ahead and chose a Basic topology. This will install Microsoft ForefrontEndpoint Protection 2010 Database, Site Server Extension, Console Extension,Reporting components, and Reporting database based on your currentConfiguration Manager deployment. Maybe in future blogs I’ll go through otherdeployment options. Don’t forget to click Next.Here is where you will setup the Reporting server account information.Mostly it will be filled out by the user running setup but you can change thedomainusername. Click Next.If the password you typed doesn’t match the domainusername you’ll get theerror below. Microsoft Forefront Endpoint Protection 2010 Error: The password is incorrect, or this account is not valid. Account :domainusername After I corrected my intentional typo FEP is now warning me that I shouldn’tuse my domain admin account. Microsoft Forefront Endpoint Protection 2010 For security reasons, it is not recommended to use a domain administratoraccount ‘domainusername’ as the reporting account. I’m going to OK this because it’s just a test lab. By default FEP will want to Join the Customer Experience ImprovementProgram. I recommend keeping this checked. I also checked User Microsoft Updateto keep my products up to date. Join Microsoft Spynet Basic is checked by default. I changed mine toAdvanced SpyNet. Location and disk space requirements blah blah blah. Oh no! It looks like my Verifying SQL Server prerequisite Failed with anError. When I click the More link I see the error below Forefront Endpoint Protection 2010 requires that the SQL Server Agentservice...
  • Have you tried to renew the existing SCCM site server signing certificate for a native mode site, and wondered how to do this without creating a new certificate? This post provides a procedure to do this that is suitable for when the site server is on either Windows Server 2003 or Windows Server 2008, and your PKI uses Microsoft Certificate Services. Disclaimer: This procedure is external to Configuration Manager, so you will not find this information in the Configuration Manager product documentation. However, we realize that PKI is often new to Configuration Manager admins, and aim to share our knowledge and experience to help you be more successful with the product. You can use the same procedure to renew any certificate that’s deployed through Certificate Services, but Group Policy auto-enrollment usually takes care of client certificate renewal automatically. And the IIS site system certificates for server authentication can be easily renewed from the Certificates MMC, by right-clicking on the certificate and selecting All Tasks, and then either Renew Certificate with New Key (recommended), or Renew Certificate with Same Key. However, there are 2 challenges for renewing the site server signing certificate: The Certificates MMC on Windows Server 2003 does not let you specify the Subject value, so you cannot renew the certificate with a new site code. The Certificates MMC is not designed for certificate templates that are configured for manual approval. A note here about manual approval and why changing this to automatic approval in order to workaround the Certificates MMC design is not recommended. Manual approval is recommended for the site server signing certificate because it is a “high value” certificate. It’s high value because it represents the key to the kingdom – your Configuration Manager hierarchy. In comparison with the other certificates, if this certificate is compromised (requested by a compromised or rogue site server), the whole integrity of the hierarchy is in jeopardy. One...
  • January 10, 2012

    Upgrading MDT 2008 to 2010 for SCCM

    MDT (Microsoft Deployment Toolkit) provides the ability to do Lite Touch Deployments of computers. MDT has enhanced task sequence steps over those that are included in SCCM by default. Luckily you can integrate MDT with SCCM to get the best of both worlds (and achieve Zero Touch Deployments!) . This guide runs through the steps required to upgrade your version of MDT to 2010 and maintain the SCCM integration… This morning MDT 2010 RTM was released to the public (you can download it here). To see a list of the changes and new features you can expect to find take a look here. MDT 2008 integrated with SCCM task sequences To play safe before upgrading MDT first remove the integration with SCCM: • Run the “Configure ConfigMgr Integration” shortcut provided by MDT 2008 and select “remove components”. • Enter your SCCM site details and click Finish. • After confirming the MDT options have disappeared from the SCCM task sequence menus run the MDT 2010 setup Next perform the install of MDT • Step through the wizard selecting the components you want and the install location • The MDT setup will now take care of removing MDT 2008 and installing itself over the top After the wizard completes you can then re-run the integration wizard to add the MDT hooks back into SCCM • Enter your site details that you used in the first step When the wizard completes the MDT options should now be back in under the task sequence options: Note: If you had used MDT 2008 to provide unknown computer support to SCCM (if you can’t upgrade to R2 to get it natively) then you might want to consider not upgrading. MDT 2010 does not support the PXE filter driver but it does still allow you to remove it if you didn’t uninstall it before upgrading.
  • I recently worded on an issue where you would import computers into an imaging collection and it would take hours before they would kick off to image.  I found a Microsoft Hotfix to fix this issue.  Microsoft hotfixKB980270 took care of this issue for me I applied the patch rebooted the server and everything we imported starting imaging.  This issue focus on System Center Configuration Manager 2007 Service Pack 2 AKA SCCM 2007 SP2 but I can tell you from experience SP1 also had the same issue and there was a separate hotfix to fix that issue.