Forum Widgets
Latest Discussions
All Windows Server OS(Mostly 2019) DP's not upgrading to 2207
FYI... This issue is happening again since last week and this time it is not just server DP's but Windows 10 DP's also. It is not a result of MECM server upgrade maybe Feb patches got installed on the primary server but very few DP's are fine. Last friday i upgraded CM from 2203 to 2207 version. I saw no error after the upgrade. I have a bunch of Win 10 computers as DP's and those DP's got upgraded to new version(5.00.9088.1000) but all the Windows Server OS DP's failed to upgrade. FYI... Site server is an admin on all the DP's and nothing has changed. Here is a screenshot of distmgr.log error. vcredist_x64.exe is already installed on all the server DP's last year probably with 223 upgrade. I do not see any errors in the firewall or antivirus software. Not sure what could be the issue.
Connection Error after upgrading to version 2203
On Monday, I upgraded Endpoint Manager to version 2203. Everything appears to be working fine on the server itself. We only have one Endpoint Manager server with SQL collocated. After upgrading the Endpoint Manager console on remote systems, I am having some errors. When I go to the Console Extensions node or the Console Connections under Administration, I receive the following message Configuration Manager can’t connect to the administration service The Configuration Manager console can’t connect to the site database through the administration service on <ServerFQDN> Verify the following There’s no certificate on the SMS Provider site system server. Make sure it has a valid PKI or Configuration Manager-generated certificate for the site. Additionally, It looks like until I’m able to make this connection I can’t update the WebView2 extension and without that extension the console crashed with I try to access the Windows Servicing and Microsoft Edge Management nodes under Software library. If I manually import the self sign certificate from Endpoint Manager (we are not using PKI) into the Trusted People container in the Certificates MMC on the remote systems then the console works correctly. I’d prefer not to band aid this problem but instead fix it. I’ve tried the following that I found on blog posts to resolve this issue but all with no success Made sure that “Use Configuration Manager-generated certificates for HTTP site system” is enabled Made sure no certificates are block in Configuration Manager I’ve checked the SSL Certificate on the Default Website and it is the self signed certificate from Endpoint Manager. Turned off Windows Firewall Reviewed the SmsAdminUI.log file. The SmsAdminUI.log file show the following entries: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Failed to get a response for OData GET request: https://<ServerFQDN>/AdminService/v1.0/ConsoleExtensionMetadata?$filter=IsRequired eq true and IsTombstoned eq false and IsApproved eq true Could not connect to the AdminService to check for requirements. System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Failed to get a response for OData GET request: https://< ServerFQDN>/AdminService/v1.0/ConsoleExtensionMetadata?$filter=IsApproved eq false Error getting custom console extensions IDs, versions and names using Admin Service: SSLFailure System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Failed to get a response for OData POST request: https:// <FQDN>//AdminService/v1.0/ConsoleUsageData/AdminService.UpdateConsoleHeartbeat Microsoft.ConfigurationManagement.ManagementProvider.ODataConnectionException: SSLFailure At this point, I don’t know where to go next. Any help would be greatly appreciated.
WSUS Sync Failing
Within the last hour or so I have carried up a cleanup of our WSUS and reindexed the database as per this article https://blogs.technet.microsoft.com/configurationmgr/2016/01/26/the-complete-guide-to-microsoft-wsus-and-configuration-manager-sup-maintenance/ Once complete I re-enable the SUP schedule and WSUS has not been able to Sync since. Our SCCM Version is 1702 with the hotfix, hosted on a Server 2012r2 system. WSUS content is within a SQL database. WCM.log; "System.Net.WebException: The request failed with HTTP status 403: Target service not allowed.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)" WsusCtrl.log does not seem to indicate any proxy related errors; "No changes - local WSUS Server Proxy settings are correctly configured as Proxy Name ####### and Proxy Port ##"
CMG Error in 2006
I am experiencing a lot of error in the ProxyService_IN_0-CMGService.log file on my production machine. The errors are shown below. We are not using PKI, we use a public wildcard cert for server authentication. I have virtually an exact duplicate setup with a public cert and no errors are being reported in the log files. When ever I run the CMG Analyzer I get error at "Check Config setting are up to date" or "Testing the CMG Channel" They will never pass. In my test environment they will pass within about 10 seconds of starting. Could this error be coming from the CMG server itself. ERROR: Security token validation exception with requesting URL https://xxx.xxx.xxxx/CCM_Proxy_ServerAuth/72057594037927940/CCM_STS. System.IdentityModel.Tokens.SecurityTokenValidationException: System.Security.Cryptography.CryptographicException: CryptVerifySignature failed with HRESULT 0x80090006~~ at Microsoft.ConfigurationManager.CommonBase.SignatureUtilities.ValidateSignature(Byte[] token, Byte[] signature, Byte[] publicKey)~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey) ---> System.Security.Cryptography.CryptographicException: CryptVerifySignature failed with HRESULT 0x80090006~~ at Microsoft.ConfigurationManager.CommonBase.SignatureUtilities.ValidateSignature(Byte[] token, Byte[] signature, Byte[] publicKey)~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey)~~ --- End of inner exception stack trace ---~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey)~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateTokenEx(String token, String tokenHint)~~ at Microsoft.ConfigurationManager.BgbServerChannel.BgbServerReverseProxy.ValidateAuthorizationToken(String authorizationToken, EndpointClientAuthScheme clientAuthScheme, Uri requestUri, IToken& validatedToken, EndpointClientAuthScheme& validatedScheme)
CreateProcessAsUser Error 5 - ServiceUI.exe
Hi All I've recently updated my SCCM Site version to v1910, since performing this update i've been having issues with my Upgrade Task Sequence. Previously i've had a command line step in the upgrade task sequence to run a manually built "Windows 10 Splash Screen" using ServiceUI.exe to allow the user to install or postpone the upgrade. This has been issue free until the update to SCCM 1910, since then when i try to run the task sequence the following step fails with this error. Has anyone got any idea how i can resolve this? Been racking my brain for days now...
Win7 to Win10 1803/1809 in-place upgrade Task Sequence breaks with no apparent error code
Hi, We’re migrating from Win7SP1 to Win10 Ent. 1803/1809 in our corporate environment. Strange thing noticed is migration TS always breaks on Latitude E7470 after ‘Upgrade Operating System’ task. Other models (E7440, E7450, E6440, O7010, O9020, T7910, etc.) don't have such issue at large. Almost 50 nos. of E7470 is tried and all of them got the same issue. Currently migration on this particular model is on hold. Didn’t see anyone mentioning the same issue anywhere. TS screenshot as well as last few lines from smsts.log is copied below. As you can see there is no error reported by the task. But a reboot is initiated somehow, which breaks Task Sequence and then it doesn’t go further. In general, what are the reasons why such error occur?! Process completed with exit code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) !--------------------------------------------------------------------------------------------! TSManager 19/06/2019 18:55:23 7816 (0x1E88) Successfully completed the action (Upgrade Operating System) with the exit win32 code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionRetCode=0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionName=Upgrade Operating System TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionSucceeded=true TSManager 19/06/2019 18:55:24 7816 (0x1E88) Clear local default environment TSManager 19/06/2019 18:55:24 7816 (0x1E88) The action (Upgrade Operating System) requested a retry TSManager 19/06/2019 18:55:24 7816 (0x1E88) Created volatile registry entry for pending reboot initiated by this task sequence TSManager 19/06/2019 18:55:24 7816 (0x1E88) Executing command line: "bcdedit.exe" with options (0, 0) TSManager 19/06/2019 18:55:24 7816 (0x1E88) Process completed with exit code 0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) TSUEFIDrive: TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object D:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTaskSequence. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Save the current environment block TSManager 19/06/2019 18:55:24 7816 (0x1E88) Expand a string: %_SMSTSMDataPath%\Logs TSManager 19/06/2019 18:55:24 7816 (0x1E88) _SMSTSReturnToGINA variable set to: TSManager 19/06/2019 18:55:54 7816 (0x1E88) SMSTSUninstallCCMClient variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) _SMSTSCaptureMedia variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) The action (Upgrade Operating System) initiated a reboot request TSManager 19/06/2019 18:55:54 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:54 7816 (0x1E88) **************************************************************************** TSManager 19/06/2019 18:55:54 7816 (0x1E88) Execution engine result code: Reboot (2) TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager ServiceMain finished execution. TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager execution terminated as system shutdown is in progress. Code 0x00000000 TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 7816 (0x1E88) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 7816 (0x1E88) End program: TSManager 19/06/2019 18:55:54 7816 (0x1E88) Stopping Task Sequence Manager service TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 4588 (0x11EC) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 4588 (0x11EC) End program: TSManager 19/06/2019 18:55:54 4588 (0x11EC)
SCCM hierarchy design
Hi All I'm new to this community and SCCM so I would like some advice please; I currently have an SCCM CB environment running in the corporate domain and my company is planning on buying a few companies and they want to keep the domains separate but will have trusts in place. The current environment is set up as follows Domain A (Based in Europe) 150 users 1 site Currently has the only stand-alone primary site Bandwidth not an issue Domain B (Based in Africa) 350 users 3 sites No SCCM service Bandwidth is very limited (reminds me of the old PSTN dial-up days) Domain C (Based in South America) 300 users 5 sites Not bandwidth issues So what I’m looking for is some advice on how I should implement my SCCM infrastructure? What I was thinking was extending my current primary site with a CAS server and then installing a primary site server in each domain and extend those sites with secondary sites and DP’s? If I go this route will it give each local IT team the ability to manage there own SCCM server while having the corporate CAS server pushing down applications and policies? As each SCCM server will be installed into its own domain/forest will I have any issues or challenges?How to allow powershell in managed device?
HI everyone, newbie admin here. I am in the process of learning out to use the EndPoint Manager and I have enrolled my first device, which will be my work laptop. It is running windows 11 enterprise and it is enrolled in tenant with an account licensed at an 0365 A3 level. Up until there, everything seems fine, but I stumbled into a problem. I can't run powershell cmdlets. It's a fine restriction to have on 99% of the systems I'll be administering, but I need to run it on mine for user creation, and general maintence, etc. I can run the powershell cmdlets if a login as another, unmanaged , user, so it's not an install problem. I have alllowed, through MMC the running of scripts, and through the endpoint managers the running of powershell scripts, but nothing happened. I know other policies are being applied and synced to the device, so I out of ideas. See the pictures below: Any suggestions?Desktop Analytics - Internet Access Requirements
Hi, we have configured Desktop Analytics and connection health has the majority of devices as properly enrolled, however we have around 130 with a configuration alert of "Can't connect to the Connected User Experience and Telemetry endpoint (Vortex). Check your network/proxy settings" We don't have a proxy. With 90% working, I can't see how the network might be configured wrong. The one thing that stands out are that the majority of the 130 devices are either generic logons or autologon kiosks that don't have internet access. This leads me to does desktop analytics require a user to be logged on and for that user to have internet access? is it possible that as a fallback to this requirement DA tries to connect to the Telemetry with some sort of anonymous connection or using the device system account or maybe using a MECM service account. (does that MECM service account then need internet access?) If 2, i'd think I'd need to supply our firewall team with the exact requirements there, I can find all the endpoint contacts in doco, but what account do I have to get them to let through?
