Apajove Blog
Our technical guys often come across interesting new bits of technology, solutions to problems we encouter and other things of note. We store info on these things here.
Wednesday, 24 April 2013 11:56
ConfigMgr 2012 SP1 with MDT 2012 Update 1, UDI Task Sequence and Bitlocker Error 6767
Written by Andy
Redmond, we have a problem. The “Client Task Sequence” template when used with Configuration Manager 2012 SP1 does not work too well when UDI is enabled and we want to Bitlocker our devices. When we are performing a User Driven Installation, the MDT 2012 Update 1 template makes use of the ConfigMgr “Pre-provision Bitlocker” step, which adequately pre-provisions Bitlocker on the Operating System drive on a ‘used space only’ basis. This is a good thing. Later on in the Task Sequence we have an MDT specific step that uses the ZTIBde.wsf script which SHOULD configure and enable the protectors – but you may…
Wednesday, 24 April 2013 11:54
ZTIMoveStateStore.wsf does not move the StateStore folder during Refresh
Written by John
When ConfigMgr 2012 is integrated with MDT 2012, the Client Task Sequence template includes a step that uses ZTIMoveStateStore.wsf to move the StateStore folder to WINDOWS\TEMP in the event of success or failure, however this script has not been updated to cater for the new location of the StateStore and when it runs it will simply not find the StateStore in the expected location and exit without any error. This isn’t too much of a problem until you attempt a second refresh of a system -which will result in the Task Sequence failing to store the user state. To rectify this, create…
Tagged under
Wednesday, 24 April 2013 11:53
ConfigMgr 101: Patience dear boy… SMS_SERVER_BOOTSTRAP
Written by Andy
In ConfigMgr world, one must learn patience – in particular when installing hotfixes, service packs and cumulative updates. It is quite common for the installer GUI to complete and leave you under the false pretense that your environment is ready to go again, but what you will find is that the installer has triggered additional tasks which the SMS/ConfigMgr component manager needs to handle. I would certainly recommend using trace32/cmtrace to watch the sitecomp.log when you are performing updates to your environment as this will give you an idea as to whether the component manager is initiating a re-installation of…
Tagged under
Wednesday, 24 April 2013 11:52
ConfigMGr MPControl.log: Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden
Written by Andy
I was working in my Hyper-V lab this morning trying to PXE boot a client VM into a ConfigMgr Task Sequence but somehow things had just stopped working, overnight. SMSPXE.log was showing me this; [TSMESSAGING] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered [TSMESSAGING] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set sending with winhttp failed; 80072f8f Failed to get information for MP: https://CON-CM1.contoso.local. 80072f8f. PXE::DB_InitializeTransport failed; 0x80004005 Unspecified error (Error: 80004005; Source: Windows) My MPControl.log had also, within minutes, gone from this (working); >>> Selected Certificate [Thumbprint 37d4c9502df29c6780a456597b5088d569ceca6b] issued to 'CON-CM1.contoso.local' for HTTPS Client Authentication Call to HttpSendRequestSync succeeded for port 443 with…
Tagged under
I love manufacturers who stubbornly refuse to conform to Industry standards for Driver and software Deployment. ATI and NVidia are two such culprits who make the installation of drivers for their products using widely used deployment tools a royal pain in the arse. The driver .inf files can be easily extracted from the vendor supplied software, however when installed using Driver Injection and Plug and Play during Windows Setup they are not ‘completely’ installed and if the first user of the system is not an administrator they will receive a prompt for elevation to complete the install. This is unacceptable…
Wednesday, 24 April 2013 11:42
ConfigMgr 2012: 64bit file system redirection bites again…
Written by Andy
Even though the ConfigMgr 2012 client is supposedly 64bit now, the issue with 64bit file system redirection is still very much a problem during Task Sequence and even regular package/program deployments when we want to copy things to the ‘Native’ “%Program Files%” or “%WinDir%\System32″. File System redirection kicks in and we are magically transported to the 32bit “Program Files (x86)” or “Windows\SysWOW64″. Boo hiss. I even found a log entry in the client-side execmgr.log which clearly states; Running "C:\Windows\ccmcache\3\CopyFiles-Temp.cmd" with 32bitLauncher Why? Why? Why? In the Task Sequence we can easily get around this problem by choosing to run a “Run…
Tagged under
Wednesday, 24 April 2013 11:36
MDT 2012 Update 1: Missing “Request State Store” step causes state restore to fail from State Migration Point in REPLACE Scenario.
Written by Andy
I have found that the MDT 2012 Update 1 Client Task Sequence Template is now missing a crucial step in the later stages of the task sequence which is needed to restore captured data from the ConfigMgr State Migration Point when working under the REPLACE scenario - and we need to add this back in. You simply need to add a “Request State Store” step just above the new “Connect to State Store” step (which looks to just do an authentication against UNC path) and add a condition on the step to run only if Task Sequence Variable “USMTLOCAL” not equals TRUE. Also add a “Release State…
Wednesday, 24 April 2013 11:35
ConfigMgr 2012: Apply All Available (non-mandatory) Software Updates
Written by Andy
Here’s a great little integration gem I found and just had to share, which highlights a good relationship between the Task Sequence – Apply Software Updates Step and the Software Center. As part of Corporate Software Updates process it is commonplace to first advertise your new set of monthly updates to a deployment testing or pilot set of systems, however you don’t necessarily want to automate or enforce the deployment of these updates. You may want to install them at your own leisure or in a more controlled or selective fashion, which the Software Center is great for – but…
Tagged under
Friday, 15 June 2012 14:16
Generating ConfigMgr Client Certificates When Auto-enrolment isn’t Possible
Written by John
The posts we’ve provided around Configuration Manager 2012 Internet Based Client Management (IBCM) are proving to be very popular with lots of comments and questions coming in. A common request is a way of provisioning certificates for clients when domain auto-enrolment is not possible. This would be the case for workgroup machines, multi-forest deployment, and in scenarios where group policy processing doesn’t take place (remote machines accessing the infrastructure over VPN might be a candidate). Our approach to this at the moment is to break the deployment process up a little, but still drive as much automation as possible. So,…
Tuesday, 12 June 2012 10:45
Patch your ConfigMgr Boot Image for Advanced Format / 512e Drives
Written by Andy
Advanced Format (AF or 512e) drives are out there, often fitted randomly from one model to the next. I won’t go into the technicalities of what they are all about as Google will tell you this, but what I will tell you is that their presence can slow down the deployment rate on an affected system. Firstly, if you are not sure whether your system is equipped with an AF drive (DELL include bright orange note with the system, HP just seem to sneak them in) then you can download and run the following tool in the OS or in…
Tuesday, 22 May 2012 11:36
Error 0×8000405 when installing Applications to a WORKGROUP system during Build and Capture Task Sequence
Written by Andy
I use a task sequence to perform the initial build of my Windows 7 reference PC, install Microsoft Office 2010 and then I capture it manually. I’ve been doing this for quite some time using ConfigMgr 2007 without any issues, however I was seeing an error with ConfigMgr 2012 when it tries to install Microsoft Office 2010 as an ”Application” (as opposed to a traditional “Package”.) The SMSTS.LOG on the failed build would record an ‘unspecified error’ 0×8000405. I finally figured out, after a lot of head scratching and forum posting, that the SMSMP switch needs to be used in the “Setup Windows and ConfigMgr” step…
Tagged under
Tuesday, 22 May 2012 11:33
ConfigMgr State Migration Point Error: Health check request failed, status code is 500, ‘Internal Server Error’.
Written by Andy
I encountered a problem earlier this week provisioning a new ConfigMgr 2012 environment with a State Migration Point (SMP). I am used to just installing the SMP role and pointing it at a drive letter to use and letting it create the folder structure it needs. However, I think there may be an issue with ConfigMgr 2012 with this method as it seems to want to modify the permissions of the folder that you specify, and if this happens to be the drive root then we see some problems. When attempting to install the SMP role and specifying the drive root…
Tagged under
I like browsing through log files, especially new log files I haven’t seen before. They’re treasure troves of information that everyday users of the ConfigMgr GUI should discover and get acquainted with. With ConfigMgr 2012 we have an influx of new information relating to the new activities we can perform. Below we have a cycle of events from the OfflineServicingMgr.log, which gives us an insight as to what happens when we perform Image Servicing using the ConfigMgr 2012 console. The Image Servicing feature lows us to more easily apply Software Updates to our captured reference image without having to resort to…
Tagged under
Wednesday, 14 March 2012 13:47
Improving Availability of Remote (Branch) Distribution Points
Written by Andy
Whilst I remember, this is a quick post to share a couple of tips which might help you improve the availability of Windows 7 Branch Distribution Points that you may have operating within your ConfigMgr infrastructure. BIOS Power On Timer - If the BIOS supports it, enable the Power On events each working day to power up the system every morning, ready for business. BIOS Power On after AC Loss - Again, if the BIOS supports it, ensure that in the event of a power failure the system will power up again and boot to the OS (not network!) Windows 7 Recovery…
Tagged under
Wednesday, 14 March 2012 13:44
Detecting and Disabling BitLocker During OSD Task Sequence
Written by Andy
There are quite a few blog posts and articles that provide guidance on how to enable BitLocker during an OSD Task Sequence, however most (if not all) of them omit critical information as to how to correctly handle the detection and disabling of BitLocker during the REFRESH scenario. So here goes… Out of the box, the standard Client Task Sequence MDT Template has a disabled step for ‘Enable BitLocker’ and as long as you have either manually or scripted the enable and activation of the TPM chip and completed the Active Directory work required this will do the job of…
Wednesday, 01 February 2012 11:08
Forefront Endpoint Protection (FEP) 2010 - Update Scheduling
Written by Andy
This is just a quick post to suggest a great way of using the SoftwareUpdateAutomation.exe utility used with FEP 2010 SU1. You first need to copy the SoftwareUpdateAutomation.exe to the “<ConfigMgrInstallDir>\AdminUI\bin” folder on your Central Site server. I have seen various blog posts that suggest creating a scheduled task to run on an interval appropriate to how often you expect FEP updates to be released by Microsoft, but I feel the best thing would be to schedule this utility (which updates your FEP Definitions Deployment and Software Update package) to run after a Synchronisation by your Software Update Point component.…
Wednesday, 01 February 2012 11:04
Forefront Endpoint Protection (FEP) 2010 and ConfigMgr OSD Task Sequence
Written by Andy
Microsoft’s preferred delivery and management mechanism for the Forefront Endpoint Protection (FEP) 2010 client is apparently ConfigMgr. Deploying the FEP 2010 client to a running ConfigMgr client is relatively painless, but getting the FEP 2010 client installed and up to date as part of an OSD task sequence can be a royal pain. There are a few potential pitfalls you will need to be aware of and I’ve attempted to list them in the order you’ll likely find them. Run from Distribution Point If you want to run your Task Sequence with the “Run from Distribution Point” option, you can…
Under SCCM 2007, Native Mode was a bit of a pain. You couldn’t mix and match http and https enabled clients in one site, so even where you didn’t need the HTTPS level security, you had to have it and there was always a client with a certificate issue somewhere. So, with Configuration Manager 2012 we’re moving on significantly. Native mode is no more and everything got much simpler. A site can now serve HTTP and HTTPS based clients, the site and site systems also individually understand if a client is Internet or Intranet based and can be configured to…
Monday, 05 December 2011 17:31
Well I didn’t know that! State Migration Point USMT.MIG files and Windows Easy Transfer.
Written by Andy
I get a nice warm feeling inside when I accidentally click on something but get rewarded with a new little piece of knowledge. This recently happened when I was browing the ConfigMgr State Migration Point store from a Windows 7 system, double clicked on a USMT.MIG file, and was introduced to Windows Easy Transfer. I’ll admit to having heard of Easy Transfer but considering myself as more of an enterprise solution implementer nowadays I didn’t give it much consideration and dismissed it as a ’Home User’ type of thing. I was wrong. I am often asked the question of how…
Friday, 16 September 2011 21:45
Using Powershell to Manipulate Configuration Manager Clients
Written by John
Working with Configuration Manager, I am constantly reminding customers that Configuration Manager is a patient man’s tool. Oftentimes there’s no point in trying to speed the application along, there’s latency built into some of the processes occurring under the Configuration Manager hood and there’s generally not a great deal of point in interfering… That said, I do like SCCM Client Center from Roger Zander. I personally preferred the look and feel of the old SMS Client Center over the new version, but nonetheless, you can get some great results with the new one. Anyhow, I digress. As I’ve…
Tagged under
Monday, 05 September 2011 17:52
MDT Task Sequencing: Where are my unattend.xml Local User Accounts?
Written by Andy
I have been digging deeper and deeper into the functionality and relationships between ConfigMgr Task Sequencing, the unattend.xml/unattend.txt files and the MDT Scripts to better understand how these all come together – as opposed to just referring to all of it as ‘Witchcraft’. A simple task, you might think, would be to automate the creation of additional local user accounts during an integrated MDT task sequence, so you could imagine my frustration when it seemed that the Local Accounts portion of the unattend.xml file I was pushing down with my ‘Apply Operating System Image’ step was being ignored completely. It…
Another day, another new ConfigMgr feature. Today I’ve been playing around with Detection Methods. This is a great new feature which gets us out of a variety of app deployment problem scenarios we have currently. In brief, consider the following scenario: I wish to deploy a new application “Tobermory” to my clients. Tobermory depends on dotnet 3.5 and another application “Bulgaria”. These apps may already be installed on my machines, the installation may have been carried out manually or via Configuration Manager. Under the current Configuration Manager release we can set a program to depend on the installation of another…
- ConfigMgr 2012 SP1 with MDT 2012 Update 1, UDI Task Sequence and Bitlocker Error 6767
- ZTIMoveStateStore.wsf does not move the StateStore folder during Refresh
- ConfigMgr 101: Patience dear boy… SMS_SERVER_BOOTSTRAP
- ConfigMGr MPControl.log: Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden
- ATI Catalyst Drivers Installation
