Wednesday, January 30, 2013

Deployment issues with OSDPreserveDriveLetter parameter

Last time I want to create a Windows 7 reference image in SCCM/ConfigMgr 2012 SP1. The new method for deploying Windows 7 is by INSTALL.WIM. No Setup.exe is used anymore for creating a reference image. By default Windows 7 will be installed on the D: drive. For installing Windows 7 on the C: drive an additional parameter is needed. Just add "OSDPreserveDriveLetter=False" before the Apply OS step, which allows the task sequence to auto-correct the D: issue. Sounds easy isn't it?

Update 4-6-2013:
In the task sequence choose Add > General > Set Task Sequence Variable. Fill in the following information:
- Task Sequence Variable: OSDPreserveDriveLetter
- Value: False
Just add this command before the Apply Operating System step.

Now it comes: When creating a reference image without the parameter, this must be included during OS deployment. When deploying a task sequence without the parameter, everything goes fine, but Windows 7 is installed on the D: drive. When deploying a task sequence with the parameter, deployment stops after installing the ConfigMgr client. No applications are installed and no certificate is available in the ConfigMgr client. Also the ConfigMgr Site can't be found by the ConfigMgr client.

Error message in CCMSETUP.LOG:
- File C:\WINDOWS\ccmsetup\{1AF71F68-6089-4211-ADDC-06DF40606141}\client.msi installation failed. Error text: ExitCode: 1603
- Client installation has failed too many times. Ccmsetup will now abort.

Next thing to try is to create a new reference image with the parameter included. When creating a reference image with above step, the parameter isn't needed anymore during OS deployment. However, OS deployment stops again after installing the ConfigMgr client. At the first application mentioned in the task sequence everything stops.

Error message in SMSTS.LOG:
- (__hrMethodRetVal == ((HRESULT)0L)) || (bFailIfMissing == false), HRESULT=80070002 (e:\NTS_SCCM_RELEASE\sms\common\inc\ccmxml.h,582)- 401 - Authentication failure on request with anonymous access, retrying with context credentials.

I solved above issue by creating and deploying a new task sequence, with all same applications and steps in it. Then it all was working again. I'm happy that it seems to work now, but doesn't get why it didn't the first time? Anyone recognize the error messages?

Sunday, January 27, 2013

New ConfigMgr 2012 and SCEP 2012 SP1 Binaries available!

The binaries for ConfigMgr 2012 and SCEP 2012 have been updated to correct some minor issues. The binaries have been updated at the Download Center, and also on the Technet and MSDN download sites.

For ConfigMgr 2012 SP1, the updated download release of SP1 includes the following hotfix: Installation error 0x800b0101: System Center 2012 Configuration Manager Service Pack 1 client
 
For SCEP, the new binaries include fixed files (Linux/iOS) that were corrupt in the initial release. Microsoft System Center 2012 Service Pack 1 Configuration Manager - Clients for Additional Operating Systems
 
New ConfigMgr 2012 and SCEP 2012 SP1 Binaries available!
MSDN Download Link and Technet Download Link

This means if you downloaded the binaries prior to today (1/25) - you will likely need to re-download them. Source

Note: Don't forget to use the new bits when installing ConfigMgr 2012 SP1 from now on!

Thursday, January 24, 2013

Problems after migrating the ConfigMgr database

At a customer location ConfigMgr was installed on a SQL cluster. ConfigMgr was running fine, and Reporting services was installed on a single node. All went fine. After a few months customer deciced to break down the SQL cluster and migrate databases to single servers. The ConfigMgr database is migrated with help from MS TechNet: Manage Site and Hierarchy Configurations
 
All seems okay after the migration. The ConfigMgr console can be started and no direct errors are seen. After a week looking in the configuration, multiple errors are seen in the logfiles:
 
CCMSETUP.LOG (from a client)
- GetDPLocations failed with error 0x87d00215
- Failed to get DP locations as the expected version from MP "SCCM Server". Error 0x87d00215

CERTMGR.LOG
- Error: Failed to write certificate from server (SQL SERVER\TrustedPeople).
- ERROR: Failed to open certificate store (HRESULT=0x5)

HMAN.LOG
- SMS-Site-S01 could not be created, error code = 8203.
- Failed to connect to remote WMI repository on machine "SQL Server"
ConnectServer(Namespace) failed. - 0x80070005


POLICYPV.LOG
- Failed to sign Policy Assignment, Error code = 0x8009200b
- Error signing policy assignments (0x80004005).

Also multiple errors are seen in the ConfigMgr console:

SMS_HIERARCHY_MANAGER
- Configuration Manager cannot create the object "SMS-Site-S01" in Active Directory
- Hierarchy Monitoring detected that the SQL Server machine certificate has missed. It is failed to remediate with Error.
- Hierarchy Monitoring detected that the SQL Server machine certificate has missed.
 
SMS_SITE_COMPONENT_MANAGER
- Site Component Manager failed to reconfigure site system "SQL Server" to receive Configuration Manager Server Components.
- Site Component Manager could not access site system "SQL Server". The operating system reported error 2147942467: The network name cannot be found.

SMS_POLICY_PROVIDER
- Policy Provider has failed to sign one or more policy assignments. It will retry this operation automatically.

Does anyone has a clue why communication to the ConfigMgr database fails? It seems to be something with permissions, WMI and certiticates. Also reporting isn't functional anymore. ConfigMgr computeraccount is an administrator on both ConfigMgr and SQL Server. Site Reset didn't help me unfortunately.

Update 30-1-2013: Solved with assistance from Stephan Wibier (@StephanWibier) Thanks!

Update 15-5-2013: The trick is to re-create the certificate which is needed for communication between ConfigMgr and SQL Server. Then everything will be okay again. Just follow steps from this blogpost for the permissions needed: "Fail to create SQL Server Certificate" during installation.


As described on Microsoft TechNet also a new self signed certificate is needed which much be assigned in the SQL Server Configuration Manager / SQL Server Network Configuration / Protocols for MSSQLSERVER. Hope it helps!

Boot images not updated after upgrading to ConfigMgr 2012 SP1

This week I had another nice issue in ConfigMgr 2012 SP1. The Boot images were not migrated from WinPE 3.0 (which is Windows 7) to WinPE 4.0 (which is Windows 8). Also Upgrade Distribution Points was generating an error. This because Boot images on WinPE 3.0 are not supported anymore.
 
 
Looking on MS TechNet I found the following post: Boot images not updated after upgrading to SP1 in System Center 2012 Configuration Manager
Another issue has something to do with McAfee Access Protection on the ConfigMgr server. McAfee is blocking the creation of the boot image package: Only finalized boot images are supported 
 
For me this did the trick: 
  • Rename the boot.wim and the default boot wims in each architecture folder of the <smsinstall>OSD\boot\ folder – both the i386 and x64 to <wim>.bak
  • Starting with the i386 folder first...Find the install folder of the ADK, which should be here if you installed with the defaults: “C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\en-us\winpe.wim”. You will need to copy the winpe.wim to the <smsinstall>OSD\boot\i386 folder. Rename it to boot.wim.
  • You will also need to copy it again, but this time rename it so it matches the name of the default boot wim for the site – so it should look like boot.<packageid>.wim
  • Update default boot image. Click “Execute Method” -> input object path as SMS_BootImagePackage.PackageID="<Image ID you see in the Console e.g. POL00001>" -> UpdateDefaultImage
  • You will need to do this for the x64 folder as well. Do not do this for any custom boot images – this is just to update the default boot wims installed during setup of the site.

After that open properties of both Boot images in ConfigMgr and choose Reload on the Images tab. The OS version 6.2.9200.16384 should be displayed instead of OS version 6.1.7600.16385 now.

After that remove McAfee Access Protection (when installed) to update both Boot images on the ConfigMgr server. The Update Distribution Points Wizard should complete succesfully now.
You will be fine after that!

Wednesday, January 23, 2013

The existing database is not compatible with this version of WSUS

Today I wanted to re-install WSUS again in a production environment where ConfigMgr 2012 was also on place.

Normally these steps are followed:

1) Uninstall WSUS (without database, logfiles, updates)
2) Install WSUS again + KB2720211 + KB2734608 updates
3) Reboot the server (you never know)
4) Start "Synchronize Software Updates"


This time I couldn't connect to the WSUS database anymore. Error message: "The existing database is not compatible with this version of Windows Server Update Services 3.0 SP2. Select another database instance or create a new database"


Looking on the existing WSUS Database I found out that permissions were not correct. After adding the Installation account to the WSUS database with Sysadmin permissions it was working again.

Hope it helps!

Remote configuration failed on WSUS Server (part 2)

Two weeks ago I wrote a blogpost about WSUS issues after a System Center 2012 SP1 upgrade. This blogpost can be found HERE. I mentioned my environment was already provided with KB2720211 and KB2734608, and was working okay before the SP1 upgrade. Looking in the logfiles the following error messages were seen in: "Remote configuration failed on WSUS Server". Here we go again!
 
This time another message is seen in the wsyncmgr.log also, "DB Server not detected for SUP <ConfigMgr FQDN>".
 
 
In the WCM.log there's another error message seen: "Source file C:\Windows\TEMP\********.cs" could not be found. That's a nice one!
 
 
For me this did the trick:
  • Assign NETWORK SERVICE permissions on the Windows\Temp folder (List Folder/Read Data & Delete) 

After that WSUS synchronisation is running fine again! This permissions are needed to let NETWORK SERVICE write to the folder.

Monday, January 21, 2013

"Fail to create SQL Server Certificate" during installation

When installing ConfigMgr 2012 SP1 on SQL Server 2012 with Cumulative Update 2 installed, the following error can be showed: "Fail to create SQL Server Certificate, ConfigMgr installation cannot be completed". 


Looking in the logfile the following errors are showed:
  • Failed to create machine certificate on server <ConfigMgr FQDN>
  • Failed to create certificate on server <ConfigMgr FQDN>
  • Failed to create SQL Server <ConfigMgr FQDN> certificate remotely 

Not seen any error like this before. Prerequisites where all fine. Why this error is showed during installation? Looking on MS TechNet I found the following post: SCCM 2012 won't install due to SQL Server Certificate

Just make sure the following is configured:
  • The account used for the installation and the computer account of SCCM2012 have to be members of the local admins group on SCCMDB2012 and need also sysadmin rights in SQL.
  • Just make sure you configure the SQL services to run under a domain user account rather than as local system or network service. Running SQL under a domain user follows MS best practices.
  • If you already face a failure in installation then delete the registry key which generated during installation of SCCM(HKLM\SOFTWARE\Microsoft\SMS).

After following above steps run setup again. This time "Generating public key and SQL Server certificate" should not give an error anymore.

Thursday, January 17, 2013

List of System Center 2012 SP1 issues still growing

System Center 2012 SP1 is Generally Available, but contains a lot of bugs. Otherwise you can say that additional configuration is needed to let function ConfigMgr well again. Here's a list of ConfigMgr issues known. The list mentioned is still growing everyday. I installed SP1 at customer locations already, and have indeed additional configuration to make it functional again. Let's have a look:
  1. ConfigMgr 2012 USMT Migration Fails After SP1 Applied
  2. Active Replica Error after the SP1 upgrade for ConfigMgr 2012
  3. Server 2012 OSD Issues in ConfigMgr 2012 SP1
  4. System Center 2012 Configuration Manager Application Catalog does not refresh on F5 in Windows 8 or Windows Internet Explorer 10
  5. Site replication degraded then a minute later, changes back to active
  6. Beware when installing ConfigMgr SP1 when still using vSphere 4 or running other platforms not supporting Windows 8
  7. ConfigMgr 2012 SP1 client installation error with MicrosoftPolicyPlatformSetup.msi - Hotfix Available! or utilize the new SP1 bits
  8. Changes to built-in collections are overwritten when you upgrade to System Center 2012 Configuration Manager SP1
  9. Antimalware Policies issue, a workaround, and a forgotten Beta message with ConfigMgr 2012 SP1
  10. Service Pack 1 for MS ConfigMgr 2012 Resets the SUP Port to 80 and Why does WSUS not sync anymore in ConfigMgr 2012 SP1?
  11. MAC client fails to register in System Center 2012 Configuration Manager SP1
  12. Editing reports in Configuration Manager may fail when Internet Explorer is not the default browser
  13. System Center 2012 Configuration Manager Application Catalog requires Compatibility Mode in Internet Explorer 10
  14. Configmgr SP1 : Windows 7 deployment is not supported anymore from the setup.exe
  15. Application Catalog link breaks if you change the regional settings decimal separator in Software Center in System Center 2012 Configuration Manager
  16. Client push fails with Authenticode Signature error
  17. Virtual Application Fails to Install with Event ID 1008 in the Windows Applications and Services Logs
 
There are issues reported also on other System Center products, but ConfigMgr has the most by far. The whole list can be found HERE. Let's hope that the list not becomes any longer.. 

Update 21-1-2013: New issues added to the list
Update 30-1-2013: New issues added to the list again

Tuesday, January 15, 2013

System Center 2012 SP1 Generally Available!

Today Microsoft announced the general availability of System Center 2012 SP1!  While the RTM bits have been available for a few weeks already to TechNet, MSDN subscribers and volume licensing customers, today marks the broad availability of System Center 2012 SP1 to all customers. SP1 isn't just an update on ConfigMgr. It will provide a lot of new functionality above of existing ConfigMgr 2012 features.

The System Center 2012 SP1 release is chock full of new features to light up the new functionality found in Windows Server 2012.  The combination of System Center 2012 SP1 with Windows Server 2012 provides the foundation of what Microsoft calls the ‘Cloud OS’. More information about Updates and New features in ConfigMgr 2012 SP1 can be found in this blogpost.

The System Center Service Pack 1 setups for each component can be used to install a completely new installation of a System Center 2012 SP1 component or can be used to upgrade an existing component from System Center 2012 to System Center 2012 SP1. Download Microsoft System Center Private Cloud Evaluation Software: System Center 2012 SP1 plus optional Windows Server 2012 download

Customers who are planning to install the Configuration Manager client on x64 machines should review this KB2801987 prior to installation.

Monday, January 14, 2013

System Center 2012 SP1 issues

Microsoft System Center 2012 SP1 adds a bunch of new features to the Suite of products. I have deployed it a few times at companies already without a lot of problems. The only issue I have encountered so far is with Software Updates "Remote configuration failed on WSUS Server" which is described HERE.

On MyITforum however there is a list created about System Center 2012 SP1 issues. This because there are a ton of reports coming in that SP1 is causing some frustrating issues in those companies that have decided to deploy it already. This Wiki post serves to capture the issues in a central location to ensure everyone is aware of them and their potential workarounds until Microsoft releases fixes.

As a member of myITforum and a member of this group you can modify this live document to include issues that you have encountered.

Source: System Center 2012 SP1 Woes, Gotchas, and Workarounds

The first hotfix is available already: ConfigMgr 2012 SP1 client hotfix for MicrosoftPolicyPlatformSetup.msi error available

SCCM 2012 Agent and high CPU utilization

When using Automatic Deployment Rules (ADR) in ConfigMgr 2012 you have a choice at "Each time the rule runs and finds new updates" on the General tab. The choice is about "Add to an existing Software Update Group" and "Create a new Software Update Group". An Software Update Group will be named SUG from now on.

Not sure why this choice can be made, but with monthly Windows updates it can be handy to create a new SUG every month. That way you know which updates are deployed every month. When using an ADR for Endpoint Protection (SCEP) definition updates it's recommended to use an existing SUG. Otherwise every 8 hours or day (as configured) a new SUG will be created. The old SUGs will be kept with expired definition updates in it. Not that it's not a good configuration, but WBEM cannot deal with lots of SUGs, with expired definition updates in it.


Here's the trick. When having lots of SUGs, with expired definition updates in it make WBEM run wild and unstable. WBEM is a sub component of WMI, which in turn is contained in svchost.exe. To stop this, remove all software update deployments especially those for Endpoint Protection; the WBEM should calm down in an hour or so. If the WBEM repository is corrupt, it may take hours for WBEM to calm down. WBEM needs to detect the corruption and run a repair. Deleting the WBEM repository should be avoided.

Looking on MS TechNet I found the following post: SCCM 2012 Agent and high CPU utilization. Deleting the SUGs indeed did the trick in my case. It seems to be a known Microsoft bug and may be solved later.

Friday, January 11, 2013

Create and deploy a Windows 8 image in ConfigMgr 2012 SP1

Last years I created many Windows XP and Windows 7 reference images with software updates in it. With ConfigMgr 2012 it was also needed to create a reference image, but installing software updates was a lot easier. This because of a new feature: Offline Servicing, which installs software updates offline in the reference image. More about Offline Servicing can be found HERE. With ConfigMgr 2012 SP1 and Windows 8 support it will be easier again. How about that!?

In ConfigMgr 2012 SP1 the Build and Capture proces is updated to apply image in place of Setup.exe installation. It's possible now to use a Windows 7 or Windows 8 INSTALL.WIM from installation media directly in ConfigMgr. This because the D: issue (which was the reason for a reference image) is fixed. When using a Windows 7 or Windows 8 INSTALL.WIM it will be installed on the C: drive now. Just use Offline servicing and you have a up-to-date reference image! (software updates were another reason for building a reference image before SP1)


For Windows 7 there's an additional "Apply operating system action" needed. Just add "OSDPreserveDriveLetter=False" before the Apply OS step, which allows the task sequence to auto-correct the D: issue. Windows 8 will be installed on the C: drive by default, so now worries about that. Over time, Microsoft will deprecate Setup.exe installations for Windows operating systems.

When you want to install applications in the reference image (because of faster deployment) just deploy the INSTALL.WIM in a Build and Capture proces. Then add some applications and/or scripts and capture the image again. Nice to see that Imaging in ConfigMgr 2012 SP1 is better and easier again, but there's still much to learn on this topic!

Wednesday, January 9, 2013

Application Catalog - Cannot Connect to the Application Server

Today there was a issue with the Application Catalog. When starting the Application Catalog from Software Center the following error was displayed: "Cannot Connect to the Application Server". Strange thing because it was working earlier fine.


Actions that I've done to investigate it:
  • Uninstall both Application Catalog roles
  • Check SMSPORTALWEBSetup.log and SMSAWEBSVCSetup.log in the Configuration Manager folder to track the uninstall progress
  • Install both Application Catalog roles with defaults
  • Run %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe /-i –enable
  • Solution from SithaYuvaraj

Looking on MS TechNet I found the following post: SCCM 2012 App Catalog Web Page Error

For me this did the trick:
  • Adding SYSTEM and/or Local Service account permissions on the Windows\Temp folder

After that the Application Catalog is running fine again! This permissions are needed to let SYSTEM and/or Local Service write to the folder.

Update 29-2: As mentioned on SithaYuvaraj, If you have IPV6 enabled on the SCCM server you may run into this issue as well. Disabling it (or configure it again) resolves this issue!

Tuesday, January 8, 2013

Using the Migration jobs in ConfigMgr 2012

When migrating ConfigMgr 2007 to 2012 (Side-by-Side) it's possible to use Migration Jobs to copy collections and objects. Microsoft has build-in Migration Jobs for doing this, and it's doing a great job! Today I used the Object migration for copying software packages, drivers, driver packages, images and task sequences. All content will be imported into the new ConfigMgr 2012 database. The wizard will looks like this:

Just select everything needed, and save a lot of time!

The following will be mentioned during "Review migration job information".

In a few steps the source location is mentioned. Before or after migration the source location may be updated when pointing to the old ConfigMgr 2007 server. For software packages the following tool can be used: Coretech Package Source Changer.

For driver packages and Windows images I haven't find a good solution yet. Maybe someone can share a script for doing this?

SMS provider doesn't have permission to the package source path

When running a migration job (object migration) in ConfigMgr 2012 it's possible that the following errors are displayed in MIGMCTRL.LOG.


"SMS provider doesn't have read, write or delete permission to the package source path"
"Failed to get the image property from the source WIM file due to error 80070005"
"SMS_TaskSequencePackage.PackageID='' was skipped with: One of its dependency objects failed to migrate"

All errors has a specific reason: Permissions!


Just make sure that the Computeraccount holding the SMS Provider role has Local Administrator permissions on the ConfigMgr 2007/2012 server. After that errors are gone and the migration job will complete.

To change the Package Source locations use this tool:
Coretech Package Source Changer

Monday, January 7, 2013

How to remove an Instance on a SQL Server

Sometimes it's needed to remove an Instance on a SQL Server, because of database migration or SQL Server cleanup. When doing this in a production environment, this is a exciting action. This because of other production databases, which may be running in a different Instance. I've done this a few months ago, and it all went fine.

Just read the guides on Microsoft TechNet first before doing this:

-To uninstall an instance of SQL Server 2008 http://technet.microsoft.com/en-us/library/ms143412(v=sql.100).aspx

-To uninstall an instance of SQL Server 2008 R2 http://technet.microsoft.com/en-us/library/ms143412(v=sql.105).aspx

-To uninstall an instance of SQL Server 2012 http://technet.microsoft.com/en-us/library/ms143412(v=sql.110).aspx

Here are the steps which are needed to remove the Instance. Just make sure which one must be removed and there are no databases on it.

-Open Control Panel, Programs and Features
-Select "Micosoft SQL Server {version}"
-Choose "Uninstall/Change"
-Choose "Remove"
-Setup Support Rules > Next
-Remove SQL Server {version}

-Select Instance > Choose "SQL Instance"
-Select Features > Choose "Specific features" (not shared features)
-Removal Rules > Next
-Ready to Remove > Next
-Removal Progress
-Complete


After following this steps the selected Instance is removed. There's no reboot needed on the SQL Server, and other databases will still have connection. Just make sure reading the guides, and you are fine!

Sunday, January 6, 2013

Remote configuration failed on WSUS Server

Last week I upgraded my ConfigMgr 2012 environment to SP1. All went fine, but after the upgrade Endpoint Protection wouldn't update anymore. Strange thing is my environment was already provided with KB2720211 and KB2734608, and was working okay before the SP1 upgrade. Looking in the logfiles the following error messages were seen in: "Remote configuration failed on WSUS Server".

WindowsUpdate.log

wsyncmgr.log

WCM.log (before)

Looking on MS TechNet I found the following post: Remote configuration failed on WSUS Server.

For me this did the trick:

1) Uninstall WSUS (without database, logfiles, updates)
2) Install WSUS again + KB2720211 + KB2734608 updates
3) Reboot the server (you never know)
4) Start "Synchronize Software Updates"


WCM.log (after)

After that WSUS synchronization is working again and Endpoint Protection is up-to-date on all servers now. Good thing to know when you update your environment to SP1 I think.

Update 8-1-2013: For it seems it's a known issue in SP1 when using specific WSUS ports. Just change the ports back to the ports configured earlier on your Software Update Point and you'll be fine!

Wednesday, January 2, 2013

Happy New Year !!

From today I'm back in business again. Doing Microsoft System Center will be great again in 2013. This because of the System Center 2012 release last year and Service Pack 1, which is generally available from tomorrow! Also Windows Intune will have a quick release, which ensures Mobile Device Management in ConfigMgr. You've already guessed it:
2013 will be a great Microsoft System Center year!


From this place I want everybody wish a healthy, happy and successful 2013.

May this new year all your dreams turn into reality and all your efforts into great achievements.

Happy New Year !!