Friday, June 10, 2016

Take note on KB3159706, causing WSUS stop working

If you are patching your SCCM Server or WSUS Server, please take note on KB3159706. The SCCM SUP will failed on software update sync and you’ll see error “Remote configuration failed on WSUS server” in the WCM.log.


You can either uninstall the patch or follow the guide to complete the postinstall.

  1. Run command prompt with administrative rights
  2. Enter "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
  3. Restart the WSUS Service
  4. Restart the SMS_EXECUTIVE Service

If SSL is enabled on the WSUS server, follow the guide in

Thursday, March 31, 2016

Update 1602: Client Notification and Online Status Improvement

You can now update to 1602 already, it’s been out there since second week of March. You can easily update it from the Update and Servicing node. Below is the screenshot taken when I update my lab from 1511.



The very first improvement that you can easily check it out is the Client Online Status. Previously SCCM admin would need a “ping” tool to determine the computers online status before they perform deployment or log checking. SCCM admin can now determine the online status of the machine by the Icon. Green little tick means Online, while Grey little x means Offline. A computer is considered online if it is connected to it's assigned management point. To indicate that the computer is online, the client sends ping-like messages to the management point. If the management point doesn't receive a message after 5 minutes, the client is considered offline.


Another improvement is the Client Notification. Other than computer policy and user policy, the Client Notification now comes with more actions that we can only have if we install “Right Click Tools”.


These are some small minor improvements that mean a lot to the SCCM admin daily operation.


Wednesday, January 27, 2016

Windows 10 Servicing via SCCM 1511, Error 0x8007007E

Gotcha!!! If you are like me, missed the prerequisites KB 3095113 of WSUS to support Windows 10 Upgrade/Servicing on your SCCM WSUS server, and you have already sync-ed and downloaded the Upgrade in your SCCM.

If you are having certificate error while downloading the upgrade with SCCM 1511, please look at this hotfix,

If your download is always showing 0% while downloading the Upgrade, no fear, check the Ethernet status in the Task Manage Performance tab or you can monitor the status in patchdownloader.log located in %temp% with cmtrace.

Back to the topic, I’ve already sync-ed and downloaded the “Upgrade to Windows 10 Enterprise, version 1511, 10586 - en-us, Volume” and “Upgrade to Windows 10 Pro, version 1511, 10586 - en-us, Volume” in the SCCM 1511 and then manually deploy it to my Windows 10 Collection.

My Windows 10 client received and downloaded the Upgrade in C:\ccmcache but failed to install with error code 0x8007007E.



I’ve tried a lot of troubleshooting and find out that I’m actually missing a very important update for the WSUS to support Windows 10 Feature Update, KB 3095113. This doesn’t work so smooth by just applying the update. Below is the steps I taken to fix the issue.

On my SCCM Server:

  1. Install the prerequisites of the KB 3095113. followed by
  2. Install KB 3095113
  3. Uninstall SCCM SUP
  4. Uninstall WSUS Server role
  5. Delete WSUS DB, and D:\WSUS
  6. Reboot OS
  7. Reinstall WSUS Server Role
  8. Install SCCM SUP
  9. Manual trigger Sync Software Update

On my test client:

  1. Stopped the services below
    • net stop wuauserv
    • net stop cryptSvc
    • net stop bits
    • net stop msiserver
  2. Delete C:\Windows\Software Distribution
  3. Delete C:\Windows\System32\catroot2
  4. Delete the folder contain the .esd downloaded in ccmcache folder
  5. Delete C:\$Windows.~BT\Sources
  6. Reboot the OS
  7. Trigger the upgrade from Software Center

I tried not to uninstall the WSUS and SUP after installed the updates in the SCCM server, but it doesn’t works, I’m still getting the same error code 0x8007007E.

Note: I’m performing this in my lab environment, use this fix at you own risk


Friday, January 15, 2016

Client Setup Found HTTPS Distribution Point

Distribution Point can be operating in HTTP mode or HTTPS mode. It is up to your choice on how you set it up. I went to help out this customer with difficulties to push client. Below is what I found out from a computer ccmsetup.log.

The environment here is very small, a Primary Site hosting all the roles with 300+ clients. The ccmsetup.log tells us that it manage to found a distribution point with the address https://sccmserver. Mr.customer confirmed with us that the SCCM is in http mode, not https. 

The setting in the Distribution Point showing the distribution point is operating in HTTPS mode. 

I helped customer to switched it to HTTP mode and repush the SCCM Client. The ccmsetup.log tell us that the system manage to find a distribution point and using BITS to download the client files.

Saturday, December 19, 2015

SCCM SCEP Deployment Error 0x8004ff67.

My customer has existing Symantec Endpoint Protection 12 and would like to migrate to SCEP. Knowing that SCCM SCEP support auto removal for the antimalware software below:

Symantec AntiVirus Corporate Edition version 10
Symantec Endpoint Protection version 11
Symantec Endpoint Protection Small Business Edition version 12
McAfee VirusScan Enterprise version 8
Trend Micro OfficeScan
Microsoft Forefront Codename Stirling Beta 2
Microsoft Forefront Codename Stirling Beta 3
Microsoft Forefront Client Security v1
Microsoft Security Essentials v1
Microsoft Security Essentials 2010
Microsoft Forefront Endpoint Protection 2010
Microsoft Security Center Online v1

During the Pilot run we bump into issue with the deployment error 0x8004ff67. The error description stated System Center 2012 Endpoint Protection installation error. The System Center Endpoint Protection Setup wizard was unable to remove one or more programs that conflict with System Center Endpoint Protection. To install System Center Endpoint Protection you must manually uninstall the following programs and then run the wizard again. Error code:0x80041108. Programs: Symantec Endpoint Protection......

We found out that password is required when we perform the manual uninstall. I knew immediately that must be the root cause of preventing the SCEP auto removal from running. After disabled the password policy from the Symantec Endpoint Protection server, we're back in the game.

Wednesday, December 16, 2015

New AD User Login Not Reflecting In SQL

Too many warning messages in site systems or site components is not good. The SMS_HIERARCHY_MANAGER generated too many warnings and caused the component to critical status. The warning message is as below:

Microsoft SQL Server reported SQL message 15410, severity 11: [42000][15410][Microsoft][SQL Server Native Client 11.0][SQL Server]User or role 'DOMAIN\SC-Admins' does not exist in this database. : sp_addrolemember

My next action is try to create the login manually in SQL Server Management Studio but ended up with this SQL Error 15025, saying that the account is already exists.

After some searching and understanding with Mr.Customer, I found out that the login name is changed in the Active Directory but the SQL server is still having the old login name.

Instead of deleting the old login from SQL and recreate a new login. I used ALTER LOGIN to fix the problem. So just open up New Query in the SQL Server Management Studio. Enter and run the command below to alter the login


Command Guide:


Thursday, December 10, 2015

Use the New Software Center

How to enable the New Software Center?

Just open the Default Client Settings, click on the Computer Agent on your left. On the right hand pane, you will find the setting named “Use new Software Center”. Obviously, set Yes to enable the new software center, and set No to stick to the old software center.


I deployed 7-Zip to All Users collection.


In SCCM 2012, we can only view the applications deployed to user collection in web browser. Now, we can view the applications deployed to user collection in the new Software Center.


Try it, have fun!