Tuesday, December 30, 2014

Package missing from DP causing Task Sequence Failure

As you can see below a machine fails to run the Task Sequence.  Normally you should see the error like "ABC00001" was not found.  Here we have only the ID's of the Application.
 
Using the query below we are able to find the offending application.
/*** Script for SelectTopNRows command from SSMS  ******/
SELECT TOP 1000 [CI_ID]
      ,[PkgID]
      ,[CI_UniqueID]
      ,[SecuredTypeID]
      ,[ModelName]
  FROM [CM_CM0].[dbo].[vSMS_CIContentPackage]
  where CI_UniqueID like '%2caa%' 






CI_UniqueID



PkgIDCI_ID
138181



ABC0018DScopeId_EA3D3752-B4D4-453F-B3F3-03C70EAD781A/Application_2caa0766-569b-48c0-91b8-79bb3a22c0d7/1

Find the Application and ensure it is distributed to the DP/Secondary.

Saturday, December 27, 2014

CDTSJob::HandleErrors: DTS Job '{GUID}' BITS Job '{GUID}' under user 'S-1-5-18' OldErrorCount 01 NewErrorCount 02 ErrorCode 0x801901F4

When testing out your distribution of files make sure you have a stable client and depending on your settings make sure your PKI certs are correct.  Are you using the Cert option when installing the client for HTTPS mode?  If so then the client will require a proper certificate.  Many times I see clients that have multiple certificates with Client Authentication enabled on the cert.  For this reason you might want to install the client with a specifiic Subject ID.  Also make sure the client certificate you are using is well formed.

When reviewing your logs you will see the the job is not able to pull down and the Server is showing errors.  Yet when you look at the IIS logs it shows that everything is working correctly.  This points to a local client issue. 

DataTransferService.log
CDTSJob::HandleErrors: DTS Job ID='{1CA46B86-16B6-4246-83CC-FEF3C8B2AAFD}' URL='http://DP.foo.com:81/SMS_MP' ProtType=1

CDTSJob::HandleErrors: DTS Job '{1CA46B86-16B6-4246-83CC-FEF3C8B2AAFD}' BITS Job '{19DA1164-3EDC-4B02-B8FA-5F82DE4BC240}' under user 'S-1-5-18' OldErrorCount 73 NewErrorCount 74 ErrorCode 0x801901F4

DTS job {0286E76F-90EA-4882-A0A2-0EAB93C82E14} BITS job {35BA3E86-6BFA-488A-83A6-AB756BE53500} failed to download source file http://DP.foo.com:81/SMS_MP/.sms_dcm?Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/MANIFEST&Hash=F14C08616AB4A7D5EFBB12C5B633CD5EEBD7C9ADDD79E9EF3487826962A8B3A5&Compression=zlib to destination D:\Program Files\SMS_CCM\CIDownloader\Staging\{944B51A2-C4ED-4194-8EE8-F66A005CCCA7}_1.zip with error 0x801901F4

DTSJob {92E53D9A-7924-42B8-AED6-755CEE4673E8} in state 'Error'.

CDTSJob::JobError: DTS Job ID='{0286E76F-90EA-4882-A0A2-0EAB93C82E14}' BITS Job ID='{35BA3E86-6BFA-488A-83A6-AB756BE53500}' ErrorCode=0x801901F4

Resuming DTS job '{0286E76F-90EA-4882-A0A2-0EAB93C82E14}' as BITS job '{35BA3E86-6BFA-488A-83A6-AB756BE53500}' went to error state earlier.

ProcessDTSManifest failed. (0x80070057)

IIS logs:
2013-12-16 21:48:41 163.188.195.3 HEAD /SMS_MP/.sms_dcm Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/PROPERTIES&Hash=7B1B04C6D389406C4B15D924304CCDA581B9E0643E38224D24CE14BE327C511D&Compression=zlib 3480 - 10.10.15.3 Microsoft+BITS/7.7 - 200 0 0 15

Testing with BitsAdmin
C:\Windows\system32>bitsadmin /info {19DA1164-3EDC-4B02-B8FA-5F82DE4BC240} /verb
osE
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions
 of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cm
dlets.
GUID: {19DA1164-3EDC-4B02-B8FA-5F82DE4BC240} DISPLAY: 'CCMDTS Job'
TYPE: DOWNLOAD STATE: TRANSIENT_ERROR OWNER: NT AUTHORITY\SYSTEM
PRIORITY: NORMAL FILES: 0 / 2 BYTES: 0 / UNKNOWN
CREATION TIME: 12/16/2013 2:34:50 PM MODIFICATION TIME: 12/16/2013 3:41:45 PM
COMPLETION TIME: UNKNOWN ACL FLAGS:
NOTIFY INTERFACE: REGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 60 NO PROGRESS TIMEOUT: 28800 ERROR COUNT: 68
PROXY USAGE: NO_PROXY PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR FILE:    http://DP.foo.com:81/SMS_MP/.sms_dcm?Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/PROPERTIES&Hash=7B1B04C6D389406C4B15D924304CCDA581B9E0643E38224D24CE14BE327C511D&Compression=zlib -> D:\Program Files\SMS_CCM\CIDownloader\Staging\{DB2577BC-B521-45F3-B11B-FAF6547424B0}_2.zip
ERROR CODE:    0x801901f4 - HTTP status 500: An unexpected condition prevented the server from fulfilling the request.
ERROR CONTEXT: 0x00000005 - The error occurred while the remote file was being processed.
DESCRIPTION:
JOB FILES:
        0 / UNKNOWN WORKING http://DP.foo.com:81/SMS_MP/.sms_dcm?
Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/PROPERTIES&Hash=7B1B04C6D3894
06C4B15D924304CCDA581B9E0643E38224D24CE14BE327C511D&Compression=zlib -> D:\Progr
am Files\SMS_CCM\CIDownloader\Staging\{DB2577BC-B521-45F3-B11B-FAF6547424B0}_2.z
ip
        0 / UNKNOWN WORKING http://DP.foo.com:81/SMS_MP/.sms_dcm?
Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/MANIFEST&Hash=F14C08616AB4A7D
5EFBB12C5B633CD5EEBD7C9ADDD79E9EF3487826962A8B3A5&Compression=zlib -> D:\Program
 Files\SMS_CCM\CIDownloader\Staging\{DB2577BC-B521-45F3-B11B-FAF6547424B0}_1.zip
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: SYSTEM
owner elevated ?           true
This job is read-only to the current CMD window because the job's mandatory
integrity level of SYSTEM is higher than the window's level of HIGH.
Peercaching flags
         Enable download from peers      :true
         Enable serving to peers         :true
CUSTOM HEADERS: NULL

Resolution:

I tried many different solutions.  But I ended up deleting the duplicate computer certificate that had Computer Authentication and renewing the current one with a new key...
Then the client started to work correctly.

File C:\Windows\ccmsetup\{181D79D7-1115-4D96-8E9B-5833DF92FBB4}\client.msi installation failed. Error text: ExitCode: 1639

Sometimes error are not exactly what they seem

Error 1639: Windows Installer Error 1639: 'Invalid command line argument' during installation

is seen in your ccmsetup.log file or the client.msi.log file similar to this:

clent.msi.log

MSI (s) (D0:A4) [09:48:51:623]: PROPERTY CHANGE: Modifying SMSCACHEDIR property. Its current value is 'Default'. Its new value: 'D:\CorpCache" CCMHTTPSSTATE='.

ccmsetup.log

Running installation package
  Package:     C:\Windows\ccmsetup\{181D79D7-1115-4D96-8E9B-5833DF92FBB4}\client.msi
  Log:         C:\Windows\ccmsetup\Logs\client.msi.log
  Properties:   REINSTALL=ALL REINSTALLMODE=vmous  SMSSITECODE="ABC" DNSSUFFIX="foo.com" CCMHTTPPORT="80" CCMHTTPSPORT="81" SMSCACHESIZE="20000" SMSCACHEDIR="D:\CorpCache"" CCMHTTPSSTATE="480" CCMFIRSTCERT="1"

File C:\Windows\ccmsetup\{181D79D7-1115-4D96-8E9B-5833DF92FBB4}\client.msi installation failed. Error text: ExitCode: 1639
Action:

Solution:

Turned out the machine was seeing an extra " or space. 
I re-arranged the setup command and placed "" around the values, it installed correctly

Always check your install package or command line when running the full commnad line with parameters.




Could not access network location %APPDATA%

Installing the SCCM 2012 client can be a daunting task when errors occur.  Here one such error can be seen:

MSI: Action 12:51:08: CostFinalize. Computing space requirements
MSI: Could not access network location %APPDATA%\.
MSI: Could not access network location %APPDATA%\.
File C:\WINDOWS\ccmsetup\{181D79D7-1115-4D96-8E9B-5833DF92FBB4}\client.msi installation failed. Error text: ExitCode: 1603
Action: CostFinalize.
I have seen this error only once on a new machine.  I have seen it several times on a machine that was upgraded from SCCM 2007 to SCCM 2012 and then reveted back to SCCM 2007.  This error occurs shortly after the install process to once again move it to SCCM 2012.

I don't know if the state of the machine was already damaged but you will see the Security regisitry look something like this:



In order to fix this problem you need to fix the AppData folder setting seen here in a working machine:





In some cases the damaged registry is missing many of the enviromental variables and it is necessary to recreate or fix all of them.  The registry in question is the s-1-5-18 account SID:
SECURITY_LOCAL_SYSTEM_RID

A special account used by the operating system. 


   
 

Friday, December 26, 2014

Failed to Add Update Source for WUAgent of type (2) and id ({GUID}). Error = 0x80004005.

There are many reasons why WU will not work correct with the SCCM Agent.
Various fixes:

1. Run Windows Update and let the update fix the machine
2. Stop the Update Agent Service, Delete the Software Distribution folder and restart the service.

Here is yet another way:

WUAHandler.log:
Unable to find or read WUA Managed server policy.
Unable to read existing WUA Group Policy object. Error = 0x80004005.
Failed to Add Update Source for WUAgent of type (2) and id ({GUID}). Error = 0x80004005.

UpdatesHandler.oog:
Updates scan completion received, result = 0x80004005.

Try this:

C:\Windows\System32\GroupPolicy\Machine
Rename the Registry.pol file

Then re-run the Software Updates Scan Cycle in the Configmgr Actions tab.

then watch the logs:

WUAHandler.log:
Waiting for 2 mins for Group Policy to notify of WUA policy change...
Added Update Source ({GUID}) of content type: 2
Async searching of updates using WUAgent started.

Monday, November 17, 2014

Microsoft Intune new wave hitting this week

Microsoft has come a long way in the last year.  They are poised to definitely take on other MDM and MAM vendors.  One of the latest changes was to break away from the Windows Intune in favor of the Microsoft Intune.  Because Intune can do more than just Windows (IOS, Android, etc) it is only natural

Some of the newest changes are listed here:
  • Enhanced user interface for Intune administration console
  • Ability to restrict access to Exchange on-premises email based upon device enrollment
  • Bulk enrollment of devices using a single service account
  • Lockdown of Supervised iOS devices and devices using Samsung KNOX with Kiosk mode
  • Targeting of policies and apps by device groups
  • Ability to report on and allow or block a specific set of applications
  • Enforcement of application install or uninstall
  • Deployment of certificates, email, VPN and WiFi profiles
  • Ability to push free store apps to iOS devices
  • More convenient access to internal corporate resources using per-app VPN configurations for iOS devices
  • Remote pin reset for Windows Phone 8.1 devices
  • Multi-factor authentication at enrollment for Windows 8.1 and Windows Phone 8.1 devices
  • Ability to restrict administrator access to a specific set of user and device groups
  • Updated Company Portal apps to support customizable terms and conditions





for more information see the entire Microsoft Blog post here: http://blogs.technet.com/b/microsoftintune/archive/2014/11/17/new-microsoft-intune-capabilities-coming-this-week.aspx

Wednesday, August 20, 2014

Transform the Datacenter MVP Roadshow


Are you going to be in Houston, TX on Friday , September 26, 2014?

Come see the "Transform the Datacenter MVP Roadshow" presented by a Microsoft MVP, Anil Desai.

IT professionals face many challenges in their struggle to deliver the infrastructure, applications, and services that their organizations need. Common issues include limited budgets, datacenter infrastructure complexity, and technical expertise to support a wide variety of changing goals. New features in the Windows Server and Microsoft Azure platform can help address these problems by increasing resource utilization and by simplifying administration.
This "Transform Your Datacenter MVP Roadshow" will focus on specific approaches, methods, and features that attendees can use to ultimately improve the services delivered to their users. We'll begin by examining the issues that often prevent or delay infrastructure upgrades, and look at ways in which IT professionals can use modern approaches to overcome them. Methods include leveraging cloud services where they make sense, and migrating from older OS's, such as Windows Server 2003.
More information can be found here: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032593205&Culture=en-US&community=1


Wednesday, May 21, 2014

SQL and SECP 2012

Is your 2012 site system showing faults (errors) in the Resource Explorer with SQL installed and SCEP 2012 enabled?

Do you have a SQL 2012 Exemption for the process.  You might not have a predefined process:

First Select the Endpiont Protection SQL 2008 and click copy
 

I name mine Endpiont Protection SQL 2012. 
 
Edit the Exclusion Settings in your new Policy
You will need to make sure you modify all the appropriate paths for SQL 2012:


 
Also, make sure if you have an Instance name that you add that to the path for SQL. 
Note the addtion of :
 
%Program Files%\Microsoft SQL Server\MSSQL11.CONFIGMGRSEC\MSSQL\Binn\SQLServr.exe
 
This is to ensure all Secondary servers are not affected. 
 
This should be similar to your ConfigMgr 2007 exclusions as well as the SQL 2008 exclusions already contained in ConfigMgr 2012.
 
 

Sunday, May 4, 2014

Problems installing WSUS for Server 2012

When you install WSUS for Server 2012 you are prompted to do a "post Install" proceedure.

If this fails you are left scratching your head.  Many times the temp file isn't much help

I could look like the following:

Postinstall started
Detected role services: Api, Database, UI, Services2014-04-15 14:47:05  Start: LoadSettingsFromXml 2014-04-15 14:47:05  Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentLocal
Value is true
End: GetConfigValue
Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentDirectory
Config file did not contain a value "ContentDirectory"
Microsoft.UpdateServices.Administration.CommandException: A required configuration value was not found in the system. This is usually caused by installing WSUS through PowerShell and not specifying a configuration file. Review the article Managing WSUS Using PowerShell at TechNet Library (http://go.microsoft.com/fwlink/?LinkId=235499) for more information on the recommended steps to perform WSUS installation using PowerShell.   at Microsoft.UpdateServices.Administration.PostInstall.GetConfigValue(String filename, String item) at Microsoft.UpdateServices.Administration.PostInstall.LoadSettingsFromXml()  at Microsoft.UpdateServices.Administration.PostInstall.Initalize(Parameters parameters)  at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
Fatal Error: A required configuration value was not found in the system. This is usually caused by installing WSUS through PowerShell and not specifying a configuration file. Review the article Managing WSUS Using PowerShell at TechNet Library (http://go.microsoft.com/fwlink/?LinkId=235499) for more information on the recommended steps to perform WSUS installation using PowerShell.

Start by looking at the UpdateServices-Services.xml located:
C:\Windows\System32\ServerManager\ComponentConfiguration
This file controls where the content for WSUS is located
I might look like this:

<?xml version="1.0" encoding="utf-16"?><INSTANCE CLASSNAME="ServerComponent_UpdateServices_Services"><PROPERTY NAME="ContentDirectory" TYPE="string"></PROPERTY><PROPERTY NAME="ContentLocal" TYPE="boolean"><VALUE>true</VALUE></PROPERTY></INSTANCE>

The problem is that when you activeated the post install phase, this file was not properly updated by the WSUS installer. 

<?xml version="1.0" encoding="utf-16"?><INSTANCE CLASSNAME="ServerComponent_UpdateServices_Services">
<PROPERTY NAME="ContentDirectory" TYPE="string"><VALUE>D:\WSUS</VALUE></PROPERTY>
<PROPERTY NAME="ContentLocal" TYPE="boolean"><VALUE>true</VALUE>
</PROPERTY></INSTANCE>


Once we fix it we run the post install again but we see a different error

Still it didn’t have an instance, oops..
Postinstall started
Detected role services: Api, Database, UI, Services
Start: LoadSettingsFromXml
Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentLocal
Value is true
End: GetConfigValue
Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentDirectory
Value is D:\WSUS
End: GetConfigValue
Content directory is D:\WSUS
Start: GetConfigValue with filename=UpdateServices-DB.xml item=InstanceName
Config file did not contain a value "InstanceName"
Microsoft.UpdateServices.Administration.CommandException: A required configuration value was not found in the system. This is usually caused by installing WSUS through PowerShell and not specifying a configuration file. Review the article Managing WSUS Using PowerShell at TechNet Library (http://go.microsoft.com/fwlink/?LinkId=235499) for more information on the recommended steps to perform WSUS installation using PowerShell.
   at Microsoft.UpdateServices.Administration.PostInstall.GetConfigValue(String filename, String item)
   at Microsoft.UpdateServices.Administration.PostInstall.LoadSettingsFromXml()
   at Microsoft.UpdateServices.Administration.PostInstall.Initalize(Parameters parameters)
   at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
Fatal Error: A required configuration value was not found in the system. This is usually caused by installing WSUS through PowerShell and not specifying a configuration file. Review the article Managing WSUS Using PowerShell at TechNet Library (http://go.microsoft.com/fwlink/?LinkId=235499) for more information on the recommended steps to perform WSUS installation using PowerShell.

We can see that from the log it can't find the instance for WSUS.  In this example we are using SQL express and not the Internal Database so back we go to addd the instance in.

C:\Windows\System32\ServerManager\ComponentConfiguration
Open the updateServices-DB.xml


<?xml version="1.0" encoding="utf-16"?><INSTANCE CLASSNAME="ServerComponent_UpdateServices_Database"><PROPERTY NAME="InstanceName" TYPE="string"></PROPERTY></INSTANCE>
Add the instance to the file.  Here we will use the default instance for SCCM, ConfigMrgSec

<?xml version="1.0" encoding="utf-16"?><INSTANCE CLASSNAME="ServerComponent_UpdateServices_Database"><PROPERTY NAME="InstanceName" TYPE="string"><VALUE>ServerName\CONFIGMGRSEC</VALUE>
</PROPERTY></INSTANCE>

FINALLY IT IS ALL DONE!

This will stay in the file for future use. 

You can also try to do the command manually from the command prompt.  The only problem is that the .XML files aren't updated.

C:\Program Files\Update Services\Tools

wsusutil.exe postinstall SQL_INSTANCE_NAME="SERVERName\ConfigMgrSec" CONTENT_DIR=D:\WSUS
Now you should be up and running.

Note:After you perform an inplace upgrade to a 2012 Server to R2 you must perform this procedure again or you SUPs will not Sync