tag:blogger.com,1999:blog-67050109383888101062024-03-29T11:30:07.900+08:00My System Center & EM+S ExperienceHauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.comBlogger138125tag:blogger.com,1999:blog-6705010938388810106.post-65273360562204662112018-05-03T00:57:00.000+08:002018-05-03T01:06:32.530+08:00Secondary Site Clients are All Inactive and Offline<p>This is how it happened. The SCCM was recovered from a bad backup with only the Primary Site SQL mdf and ldf files. The SCCM Site Status, Component Status, Site Hierarchy, and Database Replication indicated that the SCCM is functioning properly without any error. After sometimes, we noticed the Client Activity rates from the Monitoring had went down to nearly 40%. Further checking showed that clients in some Secondary Site Collection were all inactive and offline. </p><p><a href="https://lh3.googleusercontent.com/-twjActA7wvE/Wunv6j7PxWI/AAAAAAAADD0/aOf2fFS7yjk68jp_936qAW9Hmo2riBKqACHMYCw/s1600-h/image%255B15%255D"><img width="484" height="262" title="image" style="display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-NZZ2XELP7O8/Wunv72-_RWI/AAAAAAAADD4/cIn3gRxN3WoL7BQgZV9_njuE_Jbk1booQCHMYCw/image_thumb%255B9%255D?imgmax=800" border="0"></a></p><p>I went through some of the logs and came across MP_Framework.log in Secondary Site SMS_CCM\Logs folder. It was “bleeding” non-stop! Full or error! From the log, it shows MPDB Error with error code 0x80004005, and the description is “Invalid connection string attribute”</p><p><a href="https://lh3.googleusercontent.com/-ae-RjABmhhg/Wunv87_i6vI/AAAAAAAADD8/FleCk9O5poAfEgbnLb2qFj_4F29K8wG3QCHMYCw/s1600-h/image%255B45%255D"><img width="404" height="212" title="image" style="display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-D6IpffGTeH8/Wunv9qoGqJI/AAAAAAAADEA/VBOEvNlaciABFjgssx7toTgUSfwqssJewCHMYCw/image_thumb%255B27%255D?imgmax=800" border="0"></a></p><p>Since this is related to SQL, I checked both the Secondary Site SQL Express and also the Primary Site SQL. From the checking I found out that the Secondary Site Machine Account is missing from the Primary Site SQL Login. The Secondary Site Machine Account is not listed under the Logins (Red Arrow)</p><p><a href="https://lh3.googleusercontent.com/-X3HaGv9g-7I/Wunv-XGrkRI/AAAAAAAADEE/fJtCT0rS7CU9-rxtsEKu2ukPGWbedFJ-ACHMYCw/s1600-h/image%255B20%255D"><img width="354" height="481" title="image" style="display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-yq4svNVOJCw/Wunv_bKctFI/AAAAAAAADEI/cWEhbMERoIU4MDmRs-99KTMXTWf9tTq-gCHMYCw/image_thumb%255B12%255D?imgmax=800" border="0"></a></p><p>Here’s the resolution:</p><p>I manually create the Secondary Site Machine Account (hostname) login with the SQL Command below:</p><p>Create login [Domain\SecSiteMachineAccount$] from windows;</p><p><a href="https://lh3.googleusercontent.com/-ca8mWeRS7-E/WunwAFBbGWI/AAAAAAAADEM/C24uXv8VJX4r_JXSB1_e4Di7pgDvicGgQCHMYCw/s1600-h/image%255B25%255D"><img width="404" height="433" title="image" style="display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-dJo86oJhUCE/WunwA-ZrdhI/AAAAAAAADEQ/9FAMP0iwIe4HLW4r0KAAteMbRX38-5l0ACHMYCw/image_thumb%255B15%255D?imgmax=800" border="0"></a></p><p>F5 refresh the Logins and then you’ll be able to see the Secondary Site Machine Account created. </p><p>Go to the Secondary Site Machine Account Login Properties and map the login to SCCM Primary DB and grant the “smsdbrole_MP" role </p><p><strong>OR</strong> </p><p>Just simply make the login a sysadmin server role.</p><p><a href="https://lh3.googleusercontent.com/-bPFV-AlU3a4/WunwBWmxtMI/AAAAAAAADEU/JLQTYm895K42shSdQbqUG13R_U8jeIkwwCHMYCw/s1600-h/image%255B30%255D"><img width="454" height="413" title="image" style="display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-65ff3G3q45k/WunwB_A1CAI/AAAAAAAADEY/YTZB7ZOLmU8cNmWcFRwE5Ru0h0vUMkkSwCHMYCw/image_thumb%255B18%255D?imgmax=800" border="0"></a></p><p>Once that being done, the MP_Framework.log immediately stop bleeding and after a while, the computers shows active and online in the console.</p><p><a href="https://lh3.googleusercontent.com/-IpiILwZcSHk/WunwCusy8qI/AAAAAAAADEc/K41jFZllT8EMdtmsEkYT3ika5dqDO1DYACHMYCw/s1600-h/image%255B35%255D"><img width="404" height="212" title="image" style="display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-Va3OgPd-BAs/WunwDnMoOPI/AAAAAAAADEg/YKy-CnH_8oQ6xwV8tNjR0l4i1CdlDNxLwCHMYCw/image_thumb%255B21%255D?imgmax=800" border="0"></a></p><p><a href="https://lh3.googleusercontent.com/-N4VBNb5AYm8/WunwEt41dTI/AAAAAAAADEk/txWBd-dRuUk7V3QiLeN8skYVAlyvhZuQACHMYCw/s1600-h/image%255B40%255D"><img width="484" height="262" title="image" style="display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-AhLi7PdHS4U/WunwFqAqqOI/AAAAAAAADEo/vMJR-DLnAwI774tU48rBGvO-i_ecfdIHQCHMYCw/image_thumb%255B24%255D?imgmax=800" border="0"></a></p><p>I hope this post could help you and bring you joy! Thanks for reading!</p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com12tag:blogger.com,1999:blog-6705010938388810106.post-414856237951696732017-08-14T12:26:00.001+08:002017-08-14T12:26:53.760+08:00SCCM Software Update Deployment Package Distribution Error | Content/Package does no exist<p>Hold on there! Don’t take the step to create a new package and re-download all the content into new package yet!</p><p>My customer has a 10GB software update deployment package. It will cost a lot of replication traffic if he create a new package and re-download the entire package. </p><p>Copy the SQL query from this blog, <a title="https://blogs.technet.microsoft.com/ken_brumfield/2013/01/10/troubleshooting-sccm-software-update-deployment-package-distribution-due-to-missing-directories/" href="https://blogs.technet.microsoft.com/ken_brumfield/2013/01/10/troubleshooting-sccm-software-update-deployment-package-distribution-due-to-missing-directories/">https://blogs.technet.microsoft.com/ken_brumfield/2013/01/10/troubleshooting-sccm-software-update-deployment-package-distribution-due-to-missing-directories/</a></p><ol><li>Copy the SQL query and replace @missingSourceDirectory and @PackageId<a href="https://lh3.googleusercontent.com/-FGsoliWzVC0/WZEmiJS-rSI/AAAAAAAADDA/_4gGWRRQmXIBSm2wqVnkxlJ8XbPBxIfCQCHMYCw/s1600-h/image%255B4%255D"><img width="454" height="458" title="image" style="display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-Whgm2Xxmfvw/WZEmjCt71JI/AAAAAAAADDE/4oxB9_4dkHQAqNtlXvbCb68GyYlm_6ysACHMYCw/image_thumb%255B2%255D?imgmax=800" border="0"></a></li><li>Execute the query and this should give you the KB Article and the Software Update Name</li><li>Open the Software Update Deployment Package, and search for that KB Article</li><li>Delete it from the deployment package</li><li>Back to the Content Status monitoring, and check the status. </li><li>Repeat the steps above if you see a new GUID error</li></ol><p>SQL Query:<p>DECLARE<br>
@MissingSourceDirectory<br>
NVARCHAR(512)<br>
DECLARE<br>
@PackageId<br>
NVARCHAR(8)<br>
SET<br>
@MissingSourceDirectory =<br>
'c34e2458-681f-4a8b-8941-a460c2de314a'<br>
SET<br>
@PackageId<br>
= '0020000D'</p>
<p>SELECT<br>
CASE<br> WHEN<br>
ci.BulletinID LIKE<br>
''<br>
OR ci.BulletinID IS<br>
NULL<br>
THEN<br>
'Non Security Update'<br> ELSE ci.BulletinID<br> END<br>
As<br>
BulletinID<br> , ci.ArticleID<br> , loc.DisplayName<br> , loc.Description<br> , ci.IsExpired<br> , ci.DatePosted<br> , ci.DateRevised<br> , ci.Severity<br> , ci.RevisionNumber<br> , ci.CI_ID<br>
FROM dbo.v_UpdateCIs<br>
AS<br>
ci<br>
LEFT<br>
OUTER<br>
JOIN dbo.v_LocalizedCIProperties_SiteLoc<br>
AS<br>
loc<br>
ON<br>
loc.CI_ID = ci.CI_ID<br>
WHERE ci.CI_ID IN<br>
(<br> SELECT [FromCI_ID]<br> FROM<br>
[dbo].[CI_ConfigurationItemRelations]<br>
cir<br> INNER<br>
JOIN [dbo].[CI_RelationTypes]<br>
rt<br>
ON<br>
cir.RelationType = rt.RelationType<br> WHERE<br>
cir.ToCI_ID IN<br> (<br> SELECT<br>
CI_ID<br> FROM<br>
[dbo].[CI_ContentPackages]<br>
cp<br> INNER<br>
JOIN [dbo].[CI_ConfigurationItemContents]<br>
cic<br>
ON<br>
cp.Content_ID = cic.Content_ID<br> WHERE<br>
cp.ContentSubFolder = @MissingSourceDirectory AND cp.PkgID = @PackageId<br> )<br>
)</p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com10tag:blogger.com,1999:blog-6705010938388810106.post-11598812073628393432017-08-08T22:18:00.000+08:002017-08-08T22:21:09.095+08:00WSUS 3.0 SP2 Re-installation Failure due to .NET Framework and Update Services Folder<p>I’ve just resolved this issue half an hour ago. Customer uninstalled WSUS 3.0 SP2 but failed to reinstall it back later. </p> <p>The WSUSSetup.log under %temp% showed Error 0x80070643</p> <p>2017-08-07 11:14:36 Error MWUSSetup InstallWsus: MWUS Installation Failed (Error 0x80070643: Fatal error during installation.)<br>2017-08-07 11:14:36 Error MWUSSetup CInstallDriver::PerformSetup: WSUS installation failed (Error 0x80070643: Fatal error during installation.)<br>2017-08-07 11:14:36 Error MWUSSetup CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)<br>2017-08-07 11:14:40 Error MWUSSetup DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)</p> <p>From the event viewer, Event ID 11722 showed that the installation is failed with Error 1722. </p> <p><a href="https://lh3.googleusercontent.com/-88vDfCySUgo/WYnIwcDqoJI/AAAAAAAADCY/Nfc-oFN4uCQLfboAUDQXUDWV2-P2FpwzACHMYCw/s1600-h/image%255B9%255D"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-gv7NlbSROqs/WYnIxbgR1zI/AAAAAAAADCc/0PZtHbj4A20O_-pnA2HSqx1Sg_a9AnX8wCHMYCw/image_thumb%255B7%255D?imgmax=800" width="454" height="178"></a></p> <p>I came across Anoop <a href="https://www.anoopcnair.com/sccm-configmgr-wsus-error-1722-action-performance-counter-installation/" target="_blank">Blog</a> and resolve the installation issue. In short, WSUS 3.0 SP2 doesn’t like .NET Framework 4.6 or later very much, WSUS cannot detect those newer version. Here are some official article/blog from Microsoft regarding that, <a title="https://support.microsoft.com/en-us/help/3045727/cannot-install-wsus-3-2-on-a-server-with-the-net-framework-4-6-or-late" href="https://support.microsoft.com/en-us/help/3045727/cannot-install-wsus-3-2-on-a-server-with-the-net-framework-4-6-or-late">https://support.microsoft.com/en-us/help/3045727/cannot-install-wsus-3-2-on-a-server-with-the-net-framework-4-6-or-late</a> and <a title="https://blogs.technet.microsoft.com/wsus/2017/06/12/microsoft-net-framework-4-7-coming-to-wsus/" href="https://blogs.technet.microsoft.com/wsus/2017/06/12/microsoft-net-framework-4-7-coming-to-wsus/">https://blogs.technet.microsoft.com/wsus/2017/06/12/microsoft-net-framework-4-7-coming-to-wsus/</a> </p> <p>The resolution is to uninstall .NET Framework 4.6 or later before the WSUS 3.0 SP2 installation. You can install the .NET Framework after the WSUS 3.0 SP2 completed. </p> <p>The WSUS finally installed! <br>BUT more errors pops out from the event viewer. <br>Event ID 7053, 12022, 12032, 12012, 12002</p> <p><a href="https://lh3.googleusercontent.com/-W9d7jvF0xg0/WYnIyPysmHI/AAAAAAAADCg/m5iUXfVHseUKDdwljU-5UxpqqvzO_bEuACHMYCw/s1600-h/image%255B19%255D"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-BO4X8k0Nvqo/WYnIy0FSPhI/AAAAAAAADCk/XSb__s9pAKE_SSYFODBcCf6DIvPuIvk6wCHMYCw/image_thumb%255B13%255D?imgmax=800" width="454" height="252"></a></p> <p><a href="https://lh3.googleusercontent.com/-VrDOZm-BSiQ/WYnIz24I9mI/AAAAAAAADCo/3xAfj7-kxCQSRs9SnAs4NywbUaotI49-gCHMYCw/s1600-h/image%255B24%255D"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-VnHEFFLR3C0/WYnI0tEn4zI/AAAAAAAADCs/5MBjdJACXUAF1nrMoofNUbhNgKnrunaWwCHMYCw/image_thumb%255B16%255D?imgmax=800" width="454" height="252"></a></p> <p>I have tried a lot of things that people suggested like delete the wsus MMC profile under %appdata%\Microsoft\MMC, change the WsusPool Identity and Manage Pipeline, remove then re-add the Windows Process Activation Services from Server Manager, verify the permission on all the required folder, and SQL permission. </p> <p>None of the above resolve my issue until I perform the steps below:</p> <ol> <li>Uninstall WSUS 3.0 SP2 from program and features</li> <li>Verify SQL SUSDB has been deleted, D:\WSUS content has been deleted.</li> <li>Manually delete C:\Program Files\Update Services folder. <font style="background-color: #ffff00"></font><font style="color=#ff0000">This is the step that resolve the issue. There will be some leftover files after the WSUS uninstalled, which will not be replaced even after the WSUS re-installation</font></li> <li>Delete the MMC profile under %appdata%\Microsoft\MMC</li> <li>Reboot the server</li> <li>Run the WSUS 3.0 SP2 setup. </li> <li>You should be able to see the WSUS Wizard prompt. This mean that the installation is successful!</li> <li>Close the Wizard, do not configure, let SUP do the configuration later. </li> <li>Install the WSUS latest patch. I installed KB2938066</li> <li>Install the SCCM SUP role</li></ol> <p>For your reference: <br>WSUS 3.0 (SP2): Build 3.2.7600.226<br>WSUS 3.0 (SP2) + KB2720211: Build 3.2.7600.251<br>WSUS 3.0 (SP2) + KB2734608: Build 3.2.7600.256<br>WSUS 3.0 (SP2) + KB2828185: Build 3.2.7600.262<br>WSUS 3.0 (SP2) + KB2938066: Build 3.2.7600.274</p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com15tag:blogger.com,1999:blog-6705010938388810106.post-45067962342835311122017-03-06T08:57:00.000+08:002017-03-06T08:59:31.806+08:00Windows 10, v1507 End of Servicing?<p>Windows 10 has already with us for some time, coming to 2 years in July 2017. There are 3 build/version since Windows 10 released, v1507, v1511, v1607. Many people asked which build/version should I install? I would answer the latest. That is not because the latest has improvement or new feature set. It is simply because I want to ensure that the Windows keeps receiving its security and critical patches. If you interested on <a href="https://technet.microsoft.com/en-us/itpro/windows/whats-new/whats-new-windows-10-version-1607" target="_blank">what’s new</a> on every new Windows 10 release.</p> <p>Yes, according to this <a href="https://blogs.technet.microsoft.com/windowsitpro/2017/01/19/windows-10-v1607-media-now-available/" target="_blank">site</a>, Windows 10, v1507 end of servicing will be occur in May 2017. End of servicing simply means that Microsoft will not provide security and critical patches to Windows 10, v1507 from May 2017 onwards. </p> <p>Plan now and move forward with SCCM!!! </p> <p><a href="https://lh3.googleusercontent.com/-BPEPX9nG5is/WLy0cdcrRsI/AAAAAAAADBI/h7UfLfbHNlg/s1600-h/WIndows%25252010%252520Servicing%25255B4%25255D.jpg"><img title="WIndows 10 Servicing" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="WIndows 10 Servicing" src="https://lh3.googleusercontent.com/-_H8YuhZd49Y/WLy0c69PQeI/AAAAAAAADBM/HyLBFFxCKOo/WIndows%25252010%252520Servicing_thumb%25255B2%25255D.jpg?imgmax=800" width="454" height="244"></a></p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com9tag:blogger.com,1999:blog-6705010938388810106.post-6363528598856057922016-12-22T15:41:00.001+08:002016-12-23T18:21:00.654+08:00AIP Custom Condition (Regular Expression) Tips<p>Today I will share my experience on configuring regular expression for automatic or recommended classification. The configuration in Azure Portal is quite straight forward. If you wish to know how to configure, Microsoft actually documented well. Refer to <a title="https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-classification" href="https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-classification">https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-classification</a></p> <p>This is how the configuration looks like:</p> <p><a href="https://lh3.googleusercontent.com/-G1OhRD6-lZw/WFuDvhhbjpI/AAAAAAAADAY/JJBOKooj05o/s1600-h/image%25255B4%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-0uJZtGlWjBI/WFuDwOD3p-I/AAAAAAAADAc/aKIYMyzj7mg/image_thumb%25255B2%25255D.png?imgmax=800" width="454" height="383"></a></p> <p>Okay, back to the custom condition, it supports Word, Phrase, and Regular Expression. Talking about Regular Expression, there is a lot regular expression tester out there. I personally like this one, <a title="http://regexr.com/" href="http://regexr.com/">http://regexr.com/</a>.</p> <p><a href="https://lh3.googleusercontent.com/-L-fL5fchTrI/WFuDwQDY5DI/AAAAAAAADAg/SDB__TzWpvI/s1600-h/image%25255B9%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-s-spA5fgSLw/WFuDwz8jCaI/AAAAAAAADAk/3IZx2CV0XXw/image_thumb%25255B5%25255D.png?imgmax=800" width="454" height="287"></a></p> <p>Taking (#[A-Z][A-Z&][A-Z][0-9][0-9][0-9][0][2]#) as example, after I built the regular expression, I can test it out at the bottom, and it will be highlighted in blue if it match the regular expression. It is so easy and convenient. After you satisfied, copy the regular expression and paste it to the Azure Portal. Enjoy!!</p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com10tag:blogger.com,1999:blog-6705010938388810106.post-33600993040715526182016-12-13T23:22:00.002+08:002016-12-14T10:10:59.190+08:00Azure AIP/RMS: SharePoint Permission vs IRM Permission Mapping<p>Mr.Customer asked me about how SharePoint Permission map to IRM Permission? Will the IRM Permission takeover or replace the SharePoint Permission granted to user?</p> <p><a title="https://support.office.com/en-us/article/Apply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1" href="https://support.office.com/en-us/article/Apply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1">https://support.office.com/en-us/article/Apply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1</a> This article actually explained the questions above. However, there is a little doubt here. Do we need all the Permission configured on the left in order to map the IRM Permissions?</p> <p>For example: To map the Full Control IRM Permission. Do we need both Manage Permissions, and Manage Web Site in SharePoint Permission? Or we just need only one of the SharePoint Permission?</p> <p><a href="https://lh3.googleusercontent.com/-ArrmUHSaNZ4/WFAShhUydOI/AAAAAAAAC_w/MgWaw3dTgeU/s1600-h/image%25255B4%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-a9ZjWuXTZQE/WFASiLb5LyI/AAAAAAAAC_0/h-zMznadz4o/image_thumb%25255B2%25255D.png?imgmax=800" width="454" height="227"></a></p> <p>To answer the little doubt above, I ran few rounds of test in my environment. The answer is any one of the SharePoint Permission. You need either Manage Permissions OR Manage Web Site in SharePoint Permission to map the Full Control IRM Permission. </p> <p>Another example, if Edit Items SharePoint Permission assigned to the user, he/she will have the Edit, Copy, and Save IRM Permissions.<font style="background-color: #ffffff"></font> <font color="#ff0000"><strong>It Doesn’t Requires All 3 SharePoint Permissions (Edit Items, Manage Lists, Add and Customize Pages) To Be Assigned In Order To Map The Edit, Copy, and Save IRM <font color="#ff0000">Permissions !!</font></strong></font><font color="#ff0000"> <font style="background-color: #ff0000"></font><strong>Anyone will do….</strong></font><font style="background-color: #ff0000"></font></p> <p>I did some further testing by enabling “Allow viewers to write on a copy of the downloaded document” This setting will allow the user to download and edit the downloaded/offline copy. This setting <font color="#ff0000"><strong>OVERWRITE</strong></font> those with View Items SharePoint Permission OR Read IRM Permission to edit the downloaded /offline copy. </p> <p><a href="https://lh3.googleusercontent.com/-sc_wD-o5ltU/WFCqKlNzMOI/AAAAAAAADAE/T8yy8_MYnzE/s1600-h/image%25255B6%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-PEV48b5X64E/WFCqMaK5-_I/AAAAAAAADAI/eRErvKPpBy0/image_thumb%25255B3%25255D.png?imgmax=800" width="454" height="315"></a></p> <p>My two cents is View Items SharePoint Permission OR Read IRM Permission is meant to control the documents so that user can View only (cannot edit, modify, copy, save, etc). By enabling the “Allow viewers to write on a copy of the downloaded document” simply defeat the purpose of trying to control the documents. Enabling this setting wisely.</p> <p>So long, and Thanks for reading!</p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com4tag:blogger.com,1999:blog-6705010938388810106.post-78557462526286603162016-12-07T14:22:00.002+08:002016-12-07T14:27:58.118+08:00Past due – Will be installed<p>Today I helped this new customer to deploy the Microsoft RMS Sharing App and Azure Information Protection Client to a couple of pilot computers. The deployment is deployed as Required, as soon as possible, and installation can be performed outside maintenance window. </p> <p>Both applications get downloaded in the ccmcache, ContentTransferManager.log and DataTransferService.log showed download is completed. However, the Software Center showed the status as Past due – Will be installed.</p> <p>So I did additional check on the computer client status, it is Approved, No Block, Not Obsolete, Active, Receiving Policy, and so on. I even restarted the targeted computer. </p> <p>With luck, I found the answer in Technet forum, which is the setting in Computer Agent. “<strong>Additional software manages the deployment of applications and software updates”</strong></p> <p><a href="https://lh3.googleusercontent.com/-LlQidFbY9Z8/WEerbQid9SI/AAAAAAAAC_M/8zzupdQxoVc/s1600-h/image%25255B4%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-DxhQ_hvgFEE/WEercceT_ZI/AAAAAAAAC_Q/cKimiKq9_yI/image_thumb%25255B2%25255D.png?imgmax=800" width="454" height="351"></a></p> <p>The setting was set to Yes, which the default setting is No. According to Microsoft:<a title="https://docs.microsoft.com/en-us/sccm/core/clients/deploy/about-client-settings" href="https://docs.microsoft.com/en-us/sccm/core/clients/deploy/about-client-settings">https://docs.microsoft.com/en-us/sccm/core/clients/deploy/about-client-settings</a></p> <p><a href="https://lh3.googleusercontent.com/-f6Mj65Ozei4/WEerdN2COSI/AAAAAAAAC_U/LZQG913Jwq0/s1600-h/image%25255B11%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-1KmnXH56bas/WEereGK8ePI/AAAAAAAAC_Y/ac0zdi_o6Tw/image_thumb%25255B5%25255D.png?imgmax=800" width="454" height="175"></a></p> <p><strong><font color="#ff0000">“If you select this option when neither of these conditions apply, software updates and required applications will not install on clients.”</font></strong></p> <p><a href="https://lh3.googleusercontent.com/-ORb-1kc9n8E/WEerxn48wrI/AAAAAAAAC_c/Vj_EXiyyWG0/s1600-h/image%25255B15%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-3LNPTpjjgUw/WEeryUrjtaI/AAAAAAAAC_g/K4r9cyZgxUk/image_thumb%25255B7%25255D.png?imgmax=800" width="454" height="351"></a></p> <p><font color="#ffffff">I asked them changed the setting back to default No. And then ran Machine Policy Retrieval & Evaluation Cycle and Application Deployment Evaluation Cycle on the targeted computer. Both applications get installed automatically as expected. Enjoy!!</font></p> <p>Credits to <a href="https://social.technet.microsoft.com/profile/st.kristobal/?ws=usercard-mini"><font color="#ffffff">st.kristobal</font></a>, <a title="https://social.technet.microsoft.com/Forums/en-US/60f9f20f-3603-4d57-b4c0-13bb3e77a734/past-due-will-be-installed?forum=configmanagerapps" href="https://social.technet.microsoft.com/Forums/en-US/60f9f20f-3603-4d57-b4c0-13bb3e77a734/past-due-will-be-installed?forum=configmanagerapps">https://social.technet.microsoft.com/Forums/en-US/60f9f20f-3603-4d57-b4c0-13bb3e77a734/past-due-will-be-installed?forum=configmanagerapps</a></p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com3tag:blogger.com,1999:blog-6705010938388810106.post-59417023631260127762016-12-06T22:17:00.003+08:002016-12-06T22:23:55.559+08:00Azure Information Protection – Add a new policy (PREVIEW)<p><a href="https://lh3.googleusercontent.com/-YQ_m5pCgmMs/WEbIl_qjscI/AAAAAAAAC84/EAWRT-XH5pw/s1600-h/image%25255B9%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-AL14708U34w/WEbImSEWYGI/AAAAAAAAC88/FEBp43UfAJw/image_thumb%25255B5%25255D.png?imgmax=800" width="454" height="231"></a></p> <p>Now we can add new policy to target different different user group or specific user. </p> <p><a href="https://lh3.googleusercontent.com/-55nhryM1ydQ/WEbImzhu2xI/AAAAAAAAC9A/h9fdY7NXBfM/s1600-h/image%25255B14%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-uym9PvibpoE/WEbInXBOPlI/AAAAAAAAC9E/MmX1SxKibA8/image_thumb%25255B8%25255D.png?imgmax=800" width="454" height="326"></a></p> <p>Click on Select which users/groups get this policy to assign the policy to targeted user or user group. User can be assigned to multiple policies. For this test, I assigned myself to 3 policies, Global (Default), IT Dept, and IT Dept 2.</p> <p><a href="https://lh3.googleusercontent.com/-O1Ui2ykvDPc/WEbIny_K0dI/AAAAAAAAC9I/KOM0A_186mU/s1600-h/image%25255B19%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-hpIDQUtTBIY/WEbIoU7DlII/AAAAAAAAC9M/MRb5S7FZ1Uc/image_thumb%25255B11%25255D.png?imgmax=800" width="454" height="326"></a></p> <p>After you Add a new label, the new label will park under the new policy. User belonging to multiple policies will get all labels applied to them in the policy.</p> <p><a href="https://lh3.googleusercontent.com/-1Is_JvPEW0A/WEbIo8eeDwI/AAAAAAAAC9Q/-_td5dPyVbk/s1600-h/image%25255B28%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-PfAmDN8StpM/WEbIpWMGhWI/AAAAAAAAC9U/2xSpaExs7TQ/image_thumb%25255B16%25255D.png?imgmax=800" width="454" height="23"></a></p> <p>I got additional 2 labels (For IT Dept and For IT Dept 2) apart from the 5 Default Labels from the Global Policy.</p> <p><a href="https://lh3.googleusercontent.com/-VQFsbhWk9dM/WEbIp8eHUSI/AAAAAAAAC9Y/eXyUkaLxx0U/s1600-h/image%25255B47%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-3i7R8IfzEyM/WEbIqZCAAlI/AAAAAAAAC9c/pgFqYjt9MOQ/image_thumb%25255B27%25255D.png?imgmax=800" width="454" height="244"></a></p> <p>The Title and Tooltip in the red box is a Global Setting, which is only configurable in Global Policy.</p> <p><a href="https://lh3.googleusercontent.com/-MflriBRbgGE/WEbIq3C7G2I/AAAAAAAAC9g/3WGOSS2krcs/s1600-h/image%25255B52%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-w_UIXLFrP1Y/WEbIret4xnI/AAAAAAAAC9k/nkDmv6JeeDk/image_thumb%25255B30%25255D.png?imgmax=800" width="454" height="244"></a></p> <p>The settings in the red box is configurable. The settings in the latest policy (The last, most bottom) will applied if the user belonging to multiple policies.</p> <p><a href="https://lh3.googleusercontent.com/-j2FZsWMyldQ/WEbIrzUy8VI/AAAAAAAAC9o/aGduxYNFN-o/s1600-h/image%25255B60%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-ejKyHHq-iHs/WEbIsTEQYPI/AAAAAAAAC9s/mrf6uwuINws/image_thumb%25255B33%25255D.png?imgmax=800" width="454" height="231"></a></p> <p>For my case, IT Dept 2 policy will applied, which the default label is For IT Dept 2.</p> <p><a href="https://lh3.googleusercontent.com/-nrUxD8dy1Bs/WEbIsjBjAGI/AAAAAAAAC9w/synCO5keBEY/s1600-h/image%25255B64%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-JDd1pzOG7rI/WEbItKTLTnI/AAAAAAAAC90/kwhsIz2w3MM/image_thumb%25255B35%25255D.png?imgmax=800" width="454" height="19"></a></p> <p>If I move down IT Dept policy to the last, the default label should change to For IT Dept.</p> <p><a href="https://lh3.googleusercontent.com/-zpUMx9Xx_5M/WEbIti7um3I/AAAAAAAAC94/n3Hoj4DS4TU/s1600-h/image%25255B69%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-ZCYh0s0lod4/WEbIuDMC88I/AAAAAAAAC98/_XtDJ6phkyM/image_thumb%25255B38%25255D.png?imgmax=800" width="454" height="233"></a></p> <p><a href="https://lh3.googleusercontent.com/-a0rw1C2c1DA/WEbIu8zCzRI/AAAAAAAAC-A/Y71lJResJQU/s1600-h/image%25255B73%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-opfMSXq1e7g/WEbIvzS69-I/AAAAAAAAC-E/HeRfNj1CcZI/image_thumb%25255B40%25255D.png?imgmax=800" width="454" height="19"></a></p> <p>I think this is a good improvement, because it is now easier to assign Label with specific RMS template and settings to specific user/groups. Enjoy!!</p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com0tag:blogger.com,1999:blog-6705010938388810106.post-51988585191764705052016-11-26T08:50:00.004+08:002016-11-26T09:02:50.079+08:00Azure RMS Connector and SharePoint 2013 IRM Configuration<p>This is my very first post after I switched to <a href="http://www.kwokhau.com">www.kwokhau.com</a> and this is also my very first time setup Azure RMS and SharePoint 2013 IRM integration. :)</p> <p>I have an Azure RMS connector installed in my environment, hence I won’t cover the Azure RMS connector installation. I used the Azure RMS connector for File Server protection, and it is working fine.</p> <p>First thing first, I launched Microsoft Rights Management connector administration tool and added the SharePoint server and the SharePoint service account to the list.</p> <p><a href="https://lh3.googleusercontent.com/-s0WMVl9_qfU/WDjcdo8UIqI/AAAAAAAAC6o/WS00eHoQRK48LPrOXWrc5-t9z4Y2IqZogCHM/s1600-h/Untitled%255B10%255D"><img title="Untitled" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Untitled" src="https://lh3.googleusercontent.com/-e2s2csV8UDI/WDjceAHg34I/AAAAAAAAC6s/31gE3XZEEnMlQ5sjCcA4Do3nVjn9nWqXACHM/Untitled_thumb%255B6%255D?imgmax=800" width="404" height="404"></a></p> <p>Note: I missed the SharePoint service account and I got the error below when I configure the IRM in SharePoint. Please remember to add the service account as well.</p> <p>“The required Active Directory Rights Management Service Client (MSIPC.DLL) is present but could not be configured properly. IRM will not work until the client is configured properly.”</p> <p><a href="https://lh3.googleusercontent.com/-LZD9GUTzSjs/WDjcedMRPYI/AAAAAAAAC6w/7hnsurOmfYMbhydWFv5_89Oe3OlqThXwACHM/s1600-h/Untitled2%255B5%255D"><img title="Untitled2" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Untitled2" src="https://lh3.googleusercontent.com/-Tc9MztmwqwM/WDjce7_LxOI/AAAAAAAAC60/Elz9YhPq0tEzdAFWyojnYKD6CQoDjcr6gCHM/Untitled2_thumb%255B3%255D?imgmax=800" width="404" height="256"></a></p> <p>After added the SharePoint servers and service account, go to your SharePoint servers (Front-end SharePoint webservers, including those hosting the Central Administration server) and install the MSIPC client, it is available to download from <a title="https://www.microsoft.com/download/details.aspx?id=38396" href="https://www.microsoft.com/download/details.aspx?id=38396">https://www.microsoft.com/download/details.aspx?id=38396</a></p> <p>After the installation, browse to Program Files\Active Directory Rights Management Services Client 2.1 and check the msipc.dll, make sure it is 1.0.2004.0 or later.</p> <p><a href="https://lh3.googleusercontent.com/-_kdidS5Ywgk/WDjcfUP0t2I/AAAAAAAAC64/uAzUT6EigS4Sdcw-I3fhhsAfTpvYIc0eQCHM/s1600-h/Untitled3%255B5%255D"><img title="Untitled3" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Untitled3" src="https://lh3.googleusercontent.com/-eObQoPA2ub8/WDjcf7cqxJI/AAAAAAAAC68/GKoP_FRkH7sJsVT80bTT2RvmCdSN3MkxgCHM/Untitled3_thumb%255B3%255D?imgmax=800" width="354" height="435"></a></p> <p>Next, run the GenConnectorConfig.ps1, the powershell script is together when you download the RMS Connector from <a title="https://www.microsoft.com/en-us/download/details.aspx?id=40839" href="https://www.microsoft.com/en-us/download/details.aspx?id=40839">https://www.microsoft.com/en-us/download/details.aspx?id=40839</a></p> <p>Run PowerShell as Administrator and run the script, change the URL to your RMSConnector URL ".\GenConnectorConfig.ps1 -ConnectorUri <a href="https://rmsconnector.contoso.com">https://rmsconnector.contoso.com</a> –SetSharePoint2013"</p> <p><a href="https://lh3.googleusercontent.com/-vO89HF42mKM/WDjcgeByNCI/AAAAAAAAC7A/CMNnzslDKj0nEjKqHMcq9WP0RvVzmzF6gCHM/s1600-h/Untitled4%255B8%255D"><img title="Untitled4" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Untitled4" src="https://lh3.googleusercontent.com/-14e0OMeIidM/WDjchUPUVKI/AAAAAAAAC7E/TvixQbzDl7Mw9kq1fOMIFJUeI7IQIfdVgCHM/Untitled4_thumb%255B4%255D?imgmax=800" width="404" height="106"></a></p> <p>The script actually helps you to configure some registry settings listed in <a title="https://docs.microsoft.com/en-us/information-protection/deploy-use/rms-connector-registry-settings" href="https://docs.microsoft.com/en-us/information-protection/deploy-use/rms-connector-registry-settings">https://docs.microsoft.com/en-us/information-protection/deploy-use/rms-connector-registry-settings</a>. You can crosscheck and double confirm after run the script.</p> <p>Okay, the configuration of Azure RMS Connector for SharePoint 2013 is done. Next is to enable the SharePoint IRM and then configure the Library Setting IRM.</p> <p>Go to your SharePoint 2013 Central Administration, Security, and then click on the Configure information rights management.</p> <p><a href="https://lh3.googleusercontent.com/-A7QoCgoyGYg/WDjch_IBm-I/AAAAAAAAC7I/erizJx-xsn4ytUS8hxxES6bjN5FPeIANQCHM/s1600-h/Untitled5%255B5%255D"><img title="Untitled5" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Untitled5" src="https://lh3.googleusercontent.com/-vgNkpMMZ4h8/WDjciMWCYBI/AAAAAAAAC7M/y_ZRFo3KuaIHE0dD7xa0Dud05E6L5RgIACHM/Untitled5_thumb%255B3%255D?imgmax=800" width="404" height="256"></a></p> <p>Click Use this RMS Server: and enter your RMS connector URL, and then click OK.</p> <p><a href="https://lh3.googleusercontent.com/-Q6VZZK8ffp4/WDjciswZs7I/AAAAAAAAC7Q/4lPuw2qw3wkbxWuNHYGc_p1oEgfXnmxwgCHM/s1600-h/Untitled6%255B5%255D"><img title="Untitled6" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Untitled6" src="https://lh3.googleusercontent.com/-rfOBACo62PM/WDjcjLQ2GlI/AAAAAAAAC7U/XX99SJ9KKismHriGSVXnFtznT3ksDANRwCHM/Untitled6_thumb%255B3%255D?imgmax=800" width="404" height="256"></a></p> <p>Now, you can start configuring your Library Settings IRM </p> <p><a href="https://lh3.googleusercontent.com/-FyUoyiY-BP0/WDjdjBmVC-I/AAAAAAAAC7Y/WTZbLhHRMZU/s1600-h/Untitled7%25255B10%25255D.png"><img title="Untitled7" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Untitled7" src="https://lh3.googleusercontent.com/-nZGh0sxAqtw/WDjcj85yDEI/AAAAAAAAC7c/B10JUBSfAKIrep3U1K91LFOnDzNguzQqQCHM/Untitled7_thumb%255B6%255D?imgmax=800" width="404" height="256"></a><br><a href="https://lh3.googleusercontent.com/-ZktikTQHjpc/WDjeP4c5_tI/AAAAAAAAC70/SVxEePjuIlI/s1600-h/Untitled8%25255B10%25255D.png"><img title="Untitled8" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Untitled8" src="https://lh3.googleusercontent.com/-aLi0oCKplcw/WDjeQXa5JnI/AAAAAAAAC74/CLjBvOVcQzA/Untitled8_thumb%25255B6%25255D.png?imgmax=800" width="404" height="256"></a><a href="https://lh3.googleusercontent.com/-S07uJHiHdx4/WDjclaK124I/AAAAAAAAC7o/Qvlfefv0q_o0drytbUHdq8YMotrLAfWdACHM/s1600-h/Untitled9%255B5%255D"><img title="Untitled9" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Untitled9" src="https://lh3.googleusercontent.com/-cN_0nR7Dk3Q/WDjdmzzgNOI/AAAAAAAAC7w/_EUk5cibhyA/Untitled9_thumb%25255B3%25255D.png?imgmax=800" width="404" height="322"></a></p> <p>Configure the IRM settings above as per your requirements and then click OK. Upload some document (without RMS protected) to see the effect. Then you can try upload some RMS protected document to see the differences. HAVE FUN!!!</p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com3tag:blogger.com,1999:blog-6705010938388810106.post-20273104606552604402016-11-17T22:08:00.000+08:002016-11-17T22:09:03.176+08:00Remote Configuration Failed on Remote WSUS Server<p>Whenever you plan to setup a remote SUP, please remember that the Primary Site Server also require WSUS Admin Console as a prerequisite. You will receive Remote Configuration Failed on Remote WSUS in the WCM.log if you didn’t enable this prerequisite. You can enable the WSUS Admin Console under Remote Server Administration Tools.</p> <p><a href="https://lh3.googleusercontent.com/-VtK07397_os/WC25_Gh6kPI/AAAAAAAAC4U/Kub4gejm-Rk/s1600-h/RSAT%252520WSUS%25255B4%25255D.png" target="_blank"><img title="RSAT WSUS" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="RSAT WSUS" src="https://lh3.googleusercontent.com/-0ccuhEVa7b0/WC25_pvOLgI/AAAAAAAAC4Y/pMswK2t9z5g/RSAT%252520WSUS_thumb%25255B2%25255D.png?imgmax=800" width="404" height="287"></a></p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com2tag:blogger.com,1999:blog-6705010938388810106.post-28925251050743619642016-06-10T14:57:00.001+08:002016-06-10T14:59:16.947+08:00Take note on KB3159706, causing WSUS stop working<p>If you are patching your SCCM Server or WSUS Server, please take note on KB3159706. The SCCM SUP will failed on software update sync and you’ll see error <em>“Remote configuration failed on WSUS server”</em> in the WCM.log. <p><a href="https://lh3.googleusercontent.com/-QmNaYkYpavU/V1pk5DLf3aI/AAAAAAAAC2s/bMeKxcg_jfQ/s1600-h/image%25255B5%25255D.png" target="_blank"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-anrruADkLyQ/V1pk5luoWYI/AAAAAAAAC20/AIlgU7H5eac/image_thumb%25255B3%25255D.png?imgmax=800" width="404" height="232"></a> <p>You can either uninstall the patch or follow the guide <a href="https://support.microsoft.com/en-us/kb/3159706" target="_blank">https://support.microsoft.com/en-us/kb/3159706</a> to complete the postinstall. <ol> <li>Run command prompt with administrative rights <li>Enter "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing <li>Restart the WSUS Service <li>Restart the SMS_EXECUTIVE Service</li></ol> <p>If SSL is enabled on the WSUS server, follow the guide in <a href="https://support.microsoft.com/en-us/kb/3159706" target="_blank">https://support.microsoft.com/en-us/kb/3159706</a>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com2tag:blogger.com,1999:blog-6705010938388810106.post-73840646364758656842016-03-31T08:01:00.001+08:002016-03-31T16:06:51.274+08:00Update 1602: Client Notification and Online Status Improvement<p>You can now update to 1602 already, it’s been out there since second week of March. You can easily update it from the Update and Servicing node. Below is the screenshot taken when I update my lab from 1511.</p> <p><a href="https://lh3.googleusercontent.com/-K83VXoZyKTM/Vvzaaxu6nfI/AAAAAAAAC14/T72apxuKxbM/s1600-h/image%25255B10%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-zlsXzhbf3Sw/VvzabgVrp-I/AAAAAAAAC18/5dXm4J5co5g/image_thumb%25255B6%25255D.png?imgmax=800" width="404" height="229"></a></p> <p><a href="https://lh3.googleusercontent.com/-X9qx6FANbyo/Vvzacy7NlrI/AAAAAAAAC2A/ztc-a3Rvcz8/s1600-h/image%25255B9%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-tmiawCSR0Vo/VvzadqK7v8I/AAAAAAAAC2E/UhgsMRJVgfQ/image_thumb%25255B5%25255D.png?imgmax=800" width="404" height="229"></a></p> <p>The very first improvement that you can easily check it out is the Client Online Status. Previously SCCM admin would need a “ping” tool to determine the computers online status before they perform deployment or log checking. SCCM admin can now determine the online status of the machine by the Icon. Green little tick means Online, while Grey little x means Offline. A computer is considered online if it is connected to it's assigned management point. To indicate that the computer is online, the client sends ping-like messages to the management point. If the management point doesn't receive a message after <strong><em>5 minutes</em></strong>, the client is considered offline.</p> <p><a href="https://lh3.googleusercontent.com/-vP222kv-Usk/VvzaeFNH4-I/AAAAAAAAC2I/YKBP-uBypGE/s1600-h/image%25255B20%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-Xk7CvQQ9dis/VvzaerW62sI/AAAAAAAAC2M/3aSKoGde3gM/image_thumb%25255B12%25255D.png?imgmax=800" width="404" height="174"></a></p> <p>Another improvement is the Client Notification. Other than computer policy and user policy, the Client Notification now comes with more actions that we can only have if we install “Right Click Tools”. </p> <p><a href="https://lh3.googleusercontent.com/-g4yuJ4k7HAY/VvzafDo5xeI/AAAAAAAAC2Q/4W1lI0FmQ9k/s1600-h/image%25255B25%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-i452i-g2LOY/VvzafiqQUKI/AAAAAAAAC2U/eQrqt5zfXSs/image_thumb%25255B15%25255D.png?imgmax=800" width="404" height="231"></a></p> <p>These are some small minor improvements that mean a lot to the SCCM admin daily operation.</p> <p>Cheers,<br>Hau</p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com2tag:blogger.com,1999:blog-6705010938388810106.post-49801438216039246352016-01-27T15:33:00.001+08:002016-01-27T23:39:13.460+08:00Windows 10 Servicing via SCCM 1511, Error 0x8007007E<p>Gotcha!!! If you are like me, missed the prerequisites <a href="https://support.microsoft.com/en-us/kb/3095113" target="_blank">KB 3095113</a> of WSUS to support Windows 10 Upgrade/Servicing on your SCCM WSUS server, and you have already sync-ed and downloaded the Upgrade in your SCCM. </p> <p>If you are having certificate error while downloading the upgrade with SCCM 1511, please look at this hotfix, <a title="https://support.microsoft.com/en-us/kb/3127032" href="https://support.microsoft.com/en-us/kb/3127032">https://support.microsoft.com/en-us/kb/3127032</a>. </p> <p>If your download is always showing 0% while downloading the Upgrade, no fear, check the Ethernet status in the Task Manage Performance tab or you can monitor the status in patchdownloader.log located in %temp% with cmtrace.</p> <p>Back to the topic, I’ve already sync-ed and downloaded the <em>“Upgrade to Windows 10 Enterprise, version 1511, 10586 - en-us, Volume”</em> and <em>“Upgrade to Windows 10 Pro, version 1511, 10586 - en-us, Volume”</em> in the SCCM 1511 and then manually deploy it to my Windows 10 Collection.</p> <p>My Windows 10 client received and downloaded the Upgrade in C:\ccmcache but failed to install with error code 0x8007007E. </p> <p><a href="https://lh3.googleusercontent.com/-jYE3qumLMD0/Vqjj2xqpw7I/AAAAAAAAC1M/hiKENm4mBmM/s1600-h/image%25255B4%25255D.png" target="_blank"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-cAg977snspU/Vqjj3zFxtvI/AAAAAAAAC1Q/XgICNy8Jh2Q/image_thumb%25255B2%25255D.png?imgmax=800" width="404" height="256"></a></p> <p><a href="https://lh3.googleusercontent.com/-5cLYuVWDxeo/Vqjj4zyy-1I/AAAAAAAAC1c/hDr76icArx8/s1600-h/image%25255B9%25255D.png" target="_blank"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-E5B03Xzj8lo/Vqjj5mdzCuI/AAAAAAAAC1k/8O77AzBqFQc/image_thumb%25255B5%25255D.png?imgmax=800" width="404" height="209"></a></p> <p>I’ve tried a lot of troubleshooting and find out that I’m actually missing a very important update for the WSUS to support Windows 10 Feature Update, <a href="https://support.microsoft.com/en-us/kb/3095113" target="_blank">KB 3095113</a>. This doesn’t work so smooth by just applying the update. Below is the steps I taken to fix the issue.</p> <p>On my SCCM Server:</p> <ol> <li>Install the prerequisites of the KB 3095113. <a href="https://support.microsoft.com/en-us/kb/2919442">https://support.microsoft.com/en-us/kb/2919442</a> followed by <a href="https://support.microsoft.com/en-us/kb/2919355">https://support.microsoft.com/en-us/kb/2919355</a> <li>Install <a href="https://support.microsoft.com/en-us/kb/3095113" target="_blank">KB 3095113</a> <li>Uninstall SCCM SUP <li>Uninstall WSUS Server role <li>Delete WSUS DB, and D:\WSUS <li>Reboot OS <li>Reinstall WSUS Server Role <li>Install SCCM SUP <li>Manual trigger Sync Software Update</li></ol> <p>On my test client:</p> <ol> <li>Stopped the services below <ul> <li>net stop wuauserv <li>net stop cryptSvc <li>net stop bits <li>net stop msiserver</li></ul> <li>Delete C:\Windows\Software Distribution <li>Delete C:\Windows\System32\catroot2 <li>Delete the folder contain the .esd downloaded in ccmcache folder <li>Delete C:\$Windows.~BT\Sources <li>Reboot the OS <li>Trigger the upgrade from Software Center</li></ol> <p>I tried not to uninstall the WSUS and SUP after installed the updates in the SCCM server, but it doesn’t works, I’m still getting the same error code 0x8007007E.</p> <p>Note: I’m performing this in my lab environment, use this fix at you own risk</p> <p>Regards,<br>Hau</p>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com3tag:blogger.com,1999:blog-6705010938388810106.post-55349468649211436702016-01-15T15:00:00.001+08:002016-01-15T15:02:03.341+08:00Client Setup Found HTTPS Distribution Point<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;">Distribution Point can be operating in HTTP mode or HTTPS mode. It is up to your choice on how you set it up. I went to help out this customer with difficulties to push client. Below is what I found out from a computer ccmsetup.log.</span><div>
<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-nx7gEdvpOtY/VpiSceCHRpI/AAAAAAAAC0g/etYGgkxhSR4/s1600/ccmsetup.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="117" src="http://4.bp.blogspot.com/-nx7gEdvpOtY/VpiSceCHRpI/AAAAAAAAC0g/etYGgkxhSR4/s400/ccmsetup.png" width="400" /></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; text-align: center;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The environment here is very small, a Primary Site hosting all the roles with 300+ clients. The ccmsetup.log tells us that it manage to found a distribution point with the address https://sccmserver. Mr.customer confirmed with us that the SCCM is in http mode, not https. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-xL81y9ITHVE/VpiWoQ05fOI/AAAAAAAAC0o/wdmAhbmyWP0/s1600/HTTPS.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="370" src="http://2.bp.blogspot.com/-xL81y9ITHVE/VpiWoQ05fOI/AAAAAAAAC0o/wdmAhbmyWP0/s400/HTTPS.png" width="400" /></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The setting in the Distribution Point showing the distribution point is operating in HTTPS mode. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-LK6UdJ5b7DI/VpiXTzkAX9I/AAAAAAAAC0w/JE55EdGHL7U/s1600/HTTP.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="370" src="http://4.bp.blogspot.com/-LK6UdJ5b7DI/VpiXTzkAX9I/AAAAAAAAC0w/JE55EdGHL7U/s400/HTTP.png" width="400" /></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="http://2.bp.blogspot.com/-FAQKZEGAMPI/VpiX4AmOehI/AAAAAAAAC04/s01JkfVjo50/s1600/success.png" imageanchor="1" style="clear: left; display: inline !important; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" height="121" src="http://2.bp.blogspot.com/-FAQKZEGAMPI/VpiX4AmOehI/AAAAAAAAC04/s01JkfVjo50/s400/success.png" width="400" /></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">I helped customer to switched it to HTTP mode and repush the SCCM Client. The ccmsetup.log tell us that the system manage to find a distribution point and using BITS to download the client files.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com0tag:blogger.com,1999:blog-6705010938388810106.post-71439858382806849502015-12-19T00:03:00.000+08:002015-12-19T09:02:36.317+08:00SCCM SCEP Deployment Error 0x8004ff67.<span style="color: white; font-family: "arial" , "helvetica" , sans-serif;">My customer has existing Symantec Endpoint Protection 12 and would like to migrate to SCEP. Knowing that SCCM SCEP support auto removal for the antimalware software below:</span><br />
<div>
<span style="color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<br /><span style="color: white;"><br /></span><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Symantec AntiVirus Corporate Edition version 10</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Symantec Endpoint Protection version 11</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Symantec Endpoint Protection Small Business Edition version 12</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">McAfee VirusScan Enterprise version 8</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Trend Micro OfficeScan</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Microsoft Forefront Codename Stirling Beta 2</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Microsoft Forefront Codename Stirling Beta 3</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Microsoft Forefront Client Security v1</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Microsoft Security Essentials v1</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Microsoft Security Essentials 2010</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Microsoft Forefront Endpoint Protection 2010</span><br /><span style="color: white; font-family: arial, helvetica, sans-serif; line-height: 18px;">Microsoft Security Center Online v1</span><br />
<span style="color: white;">
</span>
<br />
<span style="color: #2a2a2a; font-family: "arial" , "helvetica" , sans-serif;"><span style="color: white; line-height: 18px;"><br /></span></span></div>
<div>
<span style="color: #2a2a2a; font-family: "arial" , "helvetica" , sans-serif;"><span style="line-height: 18px;"><span style="color: white;">Source from</span><span style="color: #2a2a2a;"> </span><a href="https://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_EndpointProtectionDeviceSettings" target="_blank">https://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_EndpointProtectionDeviceSettings</a></span></span></div>
<div>
<span style="color: #2a2a2a; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="color: white; font-family: "arial" , "helvetica" , sans-serif;">During the Pilot run we bump into issue with the deployment error 0x8004ff67. The error description stated System Center 2012 Endpoint Protection installation error. The System Center Endpoint Protection Setup wizard was unable to remove one or more programs that conflict with System Center Endpoint Protection. To install System Center Endpoint Protection you must manually uninstall the following programs and then run the wizard again. Error code:0x80041108. Programs: Symantec Endpoint Protection......</span></div>
<div>
<span style="color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="color: white; font-family: "arial" , "helvetica" , sans-serif;">We found out that password is required when we perform the manual uninstall. I knew immediately that must be the root cause of preventing the SCEP auto removal from running. After<b> disabled the password policy</b> from the Symantec Endpoint Protection server, we're back in the game.</span><br />
<span style="color: #2a2a2a; font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
</div>
Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com1tag:blogger.com,1999:blog-6705010938388810106.post-45157791761722946162015-12-16T10:04:00.000+08:002015-12-16T10:18:19.640+08:00New AD User Login Not Reflecting In SQL<a href="https://www.blogger.com/$image9.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;" target="_blank"></a><a href="https://www.blogger.com/$image4.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;" target="_blank"></a><a href="file:///C:/Users/hau.INFRONTAPAC/AppData/Local/Temp/WindowsLiveWriter1286139640/supfiles473748F/image4.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;" target="_blank"></a><span style="font-family: "arial" , "helvetica" , sans-serif;">Too many warning messages in site systems or site components is not good. The SMS_HIERARCHY_MANAGER generated too many warnings and caused the
component to critical status. The warning message is as below:</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Microsoft SQL Server reported SQL message 15410, severity 11:
[42000][15410][Microsoft][SQL Server Native Client 11.0][SQL Server]User or role
'DOMAIN\SC-Admins' does not exist in this database. : sp_addrolemember</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-98vHP39rnBA/VnDD8EplnOI/AAAAAAAAC0E/IgWazQoRtzY/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="http://2.bp.blogspot.com/-98vHP39rnBA/VnDD8EplnOI/AAAAAAAAC0E/IgWazQoRtzY/s400/1.png" width="400" /></a></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; text-align: left;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif; text-align: left;">My next action is try to create the login manually in SQL Server Management Studio </span><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: left;">but </span><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: left;">ended up with this SQL Error 15025, saying that the account is already exists.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-9Jshcve-GWs/VnDFpar9VvI/AAAAAAAAC0Q/y9ory7gdnAQ/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="120" src="http://4.bp.blogspot.com/-9Jshcve-GWs/VnDFpar9VvI/AAAAAAAAC0Q/y9ory7gdnAQ/s400/2.png" width="400" /></a></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; text-align: left;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">After some searching and understanding with Mr.Customer, I found out that the login name is
changed in the Active Directory but the SQL server is still having the old login
name.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Instead of deleting the old login from SQL and recreate a new login. I used
ALTER LOGIN to fix the problem. So just open up New Query in the SQL Server
Management Studio. Enter and run the command below to alter the login</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">ALTER LOGIN [DOMAIN\Admins] WITH NAME = [DOMAIN\SC-Admins]</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Command Guide:<br />ALTER LOGIN [DOMAIN\OldLogin] WITH NAME =
[DOMAIN\NewLogin]</span><br />
<br />
<a href="https://www.blogger.com/$image9.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"></a><a href="https://www.blogger.com/$image4.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"></a><a href="file:///C:/Users/hau.INFRONTAPAC/AppData/Local/Temp/WindowsLiveWriter1286139640/supfiles473748F/image4.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"></a><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Regards,<br />Hau</span>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com3tag:blogger.com,1999:blog-6705010938388810106.post-87076261715304278502015-12-10T15:29:00.000+08:002015-12-10T15:30:00.371+08:00Use the New Software Center<p>How to enable the New Software Center? </p> <p>Just open the Default Client Settings, click on the Computer Agent on your left. On the right hand pane, you will find the setting named “Use new Software Center”. Obviously, set Yes to enable the new software center, and set No to stick to the old software center. </p> <p><a href="http://lh3.googleusercontent.com/-Iu7HyGZFl9o/Vmkp6c9DHtI/AAAAAAAACyo/Q5zUhHmRaf0/s1600-h/image%25255B4%25255D.png" target="_blank"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-HE0n6NF5wXA/Vmkp7OgpMII/AAAAAAAACys/ngswEYquo9s/image_thumb%25255B2%25255D.png?imgmax=800" width="404" height="312"></a></p> <p>I deployed 7-Zip to All Users collection. </p> <p><a href="http://lh3.googleusercontent.com/-HRtPDOHOdeY/Vmkp8JJHIVI/AAAAAAAACy4/-mzB-zwgqJ4/s1600-h/image%25255B9%25255D.png" target="_blank"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-Nm3GuisrpP8/Vmkp80qEPmI/AAAAAAAACy8/g90_3PjWgmk/image_thumb%25255B5%25255D.png?imgmax=800" width="424" height="233"></a></p> <p>In SCCM 2012, we can only view the applications deployed to user collection in web browser. Now, we can view the applications deployed to user collection in the new Software Center.</p> <p><a href="http://lh3.googleusercontent.com/-HYcK280xPew/Vmkp9YGr9-I/AAAAAAAACzE/zHY53Y2uVX0/s1600-h/image%25255B14%25255D.png" target="_blank"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-EWMVQzboD2k/Vmkp91DaDPI/AAAAAAAACzM/dftwWONa95A/image_thumb%25255B8%25255D.png?imgmax=800" width="404" height="246"></a></p> <p>Try it, have fun!</p> Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com1tag:blogger.com,1999:blog-6705010938388810106.post-50681494333214062912015-12-09T10:08:00.005+08:002015-12-09T15:03:37.463+08:00SCCM 1511 GA!<span style="font-family: "arial" , "helvetica" , sans-serif;">SCCM 1511 is now available to download from all channel, MSDN, MVLS. Wondering why is it named 1511? This SCCM is on Current Branch mode, which there will frequent updates to with new features and capabilities. 1511 simply means Year 2015, November. In future, the update version will be like 1512, 1601, 1602, and so on. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Find out more on SCCM Team blog, <a href="http://blogs.technet.com/b/configmgrteam/archive/2015/12/08/system-center-configuration-manager-ga.aspx" target="_blank">blogs.technet.com/b/configmgrteam/archive/2015/12/08/system-center-configuration-manager-ga.aspx</a></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">You can also find out What's New on <a href="https://technet.microsoft.com/en-us/library/mt622084.aspx" target="_blank">https://technet.microsoft.com/en-us/library/mt622084.aspx</a></span>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com0tag:blogger.com,1999:blog-6705010938388810106.post-44398753505754077252015-11-30T23:50:00.000+08:002015-12-01T00:16:52.874+08:00Create AD Sites Collection via PowerShell<span style="font-family: "arial" , "helvetica" , sans-serif;">The PowerShell script below will create collection according to the AD Site Collection csv. </span><br />
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">Here's the content of the csv file:</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">ADSiteName,Collection</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">1U,1U</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">AU2,AU2</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">BKT,BKT</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">KB,KB</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">KK,KK</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">KTN,KTN</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">KUC,KUC</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">Lot28,Lot28</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">MLK,MLK</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">SBN,SBN</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">SWY,SWY</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">TPC,TPC</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">BTS,BTS</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">CSS,COTC</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">IPH,IPH TOC</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">JHR,JHR TOC</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">PNG,PNG TOC</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">The ADSiteName is basically the Active Directory Sites in your AD. The Collection is the collection name will be created.</span><br />
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">Here's the PowerShell script:</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">Import-Module "D:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">#SCCMSiteCode</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">cd L28:</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">ForEach ($x in Import-csv "D:\Script\AD Site Collection\AD Site Collection.csv")</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">{ </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"> $collname=$x.Collection </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"> $collname </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"> $rule="AD Site"+$x.ADSiteName </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"> $query= "select * from SMS_R_System where SMS_R_System.ADSiteName = '"+$x.ADSiteName+"'" </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"> $Schedule = New-CMSchedule –RecurInterval Days –RecurCount 1 </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"> New-CMDeviceCollection –Name $collname –LimitingCollectionName "All Systems" –RefreshSchedule $Schedule -RefreshType "Periodic" </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"> Add-CMDeviceCollectionQueryMembershipRule -RuleName $rule -Collectionname $collname -QueryExpression $query </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"> } </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">The script above will run through each line in the csv file and create a collection named "<i>Collection</i>" and query for "<i>ADSiteName</i>"</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Regards,</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">Hau</span>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com0tag:blogger.com,1999:blog-6705010938388810106.post-52001256913477983342015-10-09T01:11:00.001+08:002015-12-01T00:15:54.282+08:00Create Boundary Group and Boundary Powershell Script<span style="font-family: Arial, Helvetica, sans-serif;">Below is the powershell script that I created my latest project. So this is how the script works: </span><br />
<ol>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Create Boundary Group </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Add Site Server to Boundary Group (You’ll need to install all your distribution point first!) </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Create AD Site boundary and add to Boundary Group accordingly to the boundary.csv</span></li>
</ol>
<span style="font-family: Arial, Helvetica, sans-serif;">Import-Module "D:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">#SCCM Site Code</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">cd L28: </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">#Define all your boundary group name here:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">New-CMBoundaryGroup -Name "Kuala Lumpur"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">New-CMBoundaryGroup -Name "Penang"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">New-CMBoundaryGroup -Name "Johor"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">New-CMBoundaryGroup -Name "Sabah"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">New-CMBoundaryGroup -Name "Sarawak" </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">#Define the boundary group site server:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName KULDP001.domain.com -AddBoundaryGroupName "Kuala Lumpur"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName PNGDP001.domain.com -AddBoundaryGroupName "Penang"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName JHRDP001.domain.com -AddBoundaryGroupName "Johor"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName SBHDP001.domain.com -AddBoundaryGroupName "Sabah"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName SRWDP001.domain.com -AddBoundaryGroupName "Sarawak" </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Import-Csv D:\Scripts\Boundary\Boundary.csv |</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">ForEach-Object </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">{ </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">New-CMBoundary -Name $_.Description -Type ADSite -Value $_.ADSiteName</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Add-CMBoundaryToGroup -BoundaryName $_.Description -BoundaryGroupName $_.BoundaryGroup</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">} </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">The boundary.csv format is as below:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Description,ADSiteName,BoundaryGroup</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">1U,1U,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">AU2,AU2,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">BKT,BKT,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">KB,KB,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">KK,KK,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">KTN,KTN,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">KUC,KUC,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Lot28,Lot28,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">MLK,MLK,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">SBN,SBN,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">SWY,SWY,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">TPC,TPC,Kuala Lumpur</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">PNG,PNG,Penang</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">JHR,JHR,Johor</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">SBH,SBH,Sabah</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">SRW,SRW,Sarawak </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Regards,</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Hau</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<br />Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com4tag:blogger.com,1999:blog-6705010938388810106.post-61505206944043405272015-08-13T23:39:00.001+08:002015-08-13T23:40:19.734+08:00Microsoft Intune Managed Apps – Multi-identity<p>As of today, there are total of 18 Microsoft Apps (iOS + Android) that you can use with Microsoft Intune mobile application management (MAM) policies. Some apps support multi-identity, some not. What is multi-identity?</p> <p><a title="https://technet.microsoft.com/en-us/library/dn708489.aspx" href="https://technet.microsoft.com/en-us/library/dn708489.aspx">https://technet.microsoft.com/en-us/library/dn708489.aspx</a> shows you the list of Microsoft Apps that support MAM.</p> <p><a href="http://lh3.googleusercontent.com/-YZTJu1heWOQ/Vcy6OHpdHZI/AAAAAAAACxs/qO62tAWcdmc/s1600-h/clip_image001%25255B9%25255D.jpg" target="_blank"><img title="clip_image001" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="clip_image001" src="http://lh3.googleusercontent.com/-jc9X-VGfr14/Vcy6OwEsMyI/AAAAAAAACx4/rluS3aNsm_4/clip_image001_thumb%25255B6%25255D.jpg?imgmax=800" width="504" height="303"></a></p> <p>You’ll notice behind some of the apps have the * labelled, which means it is a multi-identity apps. Let me explain my experience on that:</p> <p>I’ve deployed Word and OneNote to my IPad. Both applied with the default MAM policy. <p>First example, I did the testing with OneNote on iOS, without * labelled. It pops up for pin for using the apps and restrict copy and paste to local apps like notepad. <p>Second example, I test with Word on iOS. It doesn’t pops me pin for using the apps and never restrict me from copy and paste to local apps. BUT!!! After I saved or open a document from corporate drive like OneDrive or Sharepoint, it will restrict me to copy and paste to local drive. <p>I hope the examples above help to clarify what’s multi-identity.</p> Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com1tag:blogger.com,1999:blog-6705010938388810106.post-43125189340342352292015-06-23T22:28:00.001+08:002015-06-23T22:29:53.901+08:00SCCM Client Push Error: Unable to access target machine for requestMy customer called me for support due to client push failure. It is working fine the last time they performed client push. I checked out the ccm.log in the SCCM Primary Site, and I found majority failure is due to unable to access target machine for request. Back to the basics, I check the admin$ connection with one of the failure machine using windows explorer. It prompted for username and password, I entered the client push username and password. It doesn’t went through, and I entered again, and of course it failed again. Something wrong here, the client push account was granted with Domain Admin permissions. I asked my customer to enter another username and password that has the permission, and it went through. I suspected the Domain Admin permission was removed from the client push account, and asked the AD team to investigate. Yes, the Domain Admin permission was removed by someone. After the AD team configured back the Domain Admin permission, the client push is working fine. CHEERS!!!Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com0tag:blogger.com,1999:blog-6705010938388810106.post-34497911847632409542015-06-20T00:32:00.000+08:002015-06-20T00:41:17.155+08:00Mobile Device ManagementFinally it is published to Channel 9!!!<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="281" src="https://channel9.msdn.com/Series/SCUAPAC2015/Mobile-Device-Management-for-Office-365--Microsoft-Intune/player" width="500"></iframe>Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com8tag:blogger.com,1999:blog-6705010938388810106.post-82922797978062560672015-06-09T13:38:00.000+08:002015-06-09T13:41:02.896+08:00MBAM Error Code: 0x80310004<p>I bumped into the error below. The error says the TPM is missing, but the TPM is enable on that machine, it is double confirmed. </p> <p><a href="http://lh3.googleusercontent.com/-4WE9TRxdFq0/VXZ8PdqBYEI/AAAAAAAACh0/l4N8U7ChtK8/s1600-h/image%25255B6%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh3.googleusercontent.com/-6K4NeVYd8og/VXZ8Qc7lAOI/AAAAAAAACh8/BoarkNREjI0/image_thumb%25255B4%25255D.png?imgmax=800" width="404" height="291"></a> </p> <p>To resolve the issue, I restart the machine, boot into startup repair, press F8 during the machine starting up. </p> <p><a href="http://lh3.googleusercontent.com/-FsK4l1jkPys/VXZ8T3mliJI/AAAAAAAACiE/LJdS_pcP0vw/s1600-h/image%25255B10%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh3.googleusercontent.com/-TmK0h6HMudw/VXZ8XBIkzvI/AAAAAAAACiM/mjVzrHkQP-k/image_thumb%25255B6%25255D.png?imgmax=800" width="404" height="304"></a> </p> <p>Click on the Command Prompt, and enter the following command, “bootrec /fixbmr”. </p> <p><a href="http://lh3.googleusercontent.com/-zei7eQLO094/VXZ8ZUVaEuI/AAAAAAAACiU/2-lE1lBQK10/s1600-h/image%25255B14%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh3.googleusercontent.com/-QkXDnPos9Gc/VXZ8bbRATwI/AAAAAAAACic/4-mwsNi9N1Q/image_thumb%25255B8%25255D.png?imgmax=800" width="404" height="304"></a> </p> <p>Exit the command prompt and reboot the system. </p> <p>I hope this helps you too.</p> Hauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com0tag:blogger.com,1999:blog-6705010938388810106.post-48396472237194680112015-05-19T10:08:00.000+08:002015-05-19T15:28:47.104+08:00My SCCM 2012 R2 UNIX Linux notesDownload Putty and PSCP from <a href="http://www.putty.org/" title="http://www.putty.org/">http://www.putty.org/</a><br />
<br />
Putty allows you to perform remote terminal. <br />
<br />
PSCP allows you to copy files to the UNIX and Linux machines<br />
<br />
To create new directory in UNIX Linux named sccmclient, mkdir /sccmclient<br />
<br />
To copy files to UNIX Linux machine, launch command prompt and change directory to the SCCM client source folder. Then Enter<em> path_to_pscp\pscp.exe * </em><em><a href="mailto:root@172.31.243.29:/sccmclient">root@172.31.100.200:/sccmclient</a></em> The IP is the UNIX Linux IP<br />
<br />
Before install the SCCM client, enter chmod +x install<br />
<br />
SCCM client installation command ./install –mp sccm.domain.com –sitecode abc ccm-Universalx64.tar<br />
<br />
Add –ignoreSHA256validation switch for:<br />
<ul>
<li>RHEL Version 4 (x86/x64)</li>
<li>Solaris Version 9 (SPARC) and Solaris Version 10 (SPARC/x86)</li>
<li>SUSE Linux Enterprise Server Version 9 (x86)</li>
<li>HP-UX Version 11iv2 (PA-RISH/IA64)</li>
</ul>
To read installation and operation log, tail –f /var/opt/microsoft/scxcm.log<br />
<br />
To stop the ccmexecd, /etc/init.d/ccmexecd stop<br />
<br />
To start the ccmexecd, /etc/init.d/ccmexecd start<br />
<br />
To perform machine policy refresh, /opt/microsoft/configmgr/bin/ccmexec –rs policy<br />
<br />
To perform inventory scan, /opt/microsoft/configmgr/bin/ccmexec –rs hinv<br />
<br />
To install rpm package, rpm –i rpmpackage.rpm<br />
<br />
To check the existence of rpm packages, rpm -qa | grep rpmpackage<br />
<br />
To uninstall SCCM client, /opt/microsoft/configmgr/bin/uninstallHauhttp://www.blogger.com/profile/11435719993094569199noreply@blogger.com0