System Center

On Twitter I asked the following to David James (Director of Engineering, ConfigMgr, Microsoft) and Johan Arwidmark (CTO @ TrueSec): https://twitter.com/DevSecNinja/status/1024927840138145793 For example, I have 3 device collections in SCCM that I call: “Windows 10 Feature Updates - Test” “Windows 10 Feature Updates - Pre-Production” “Windows 10 Feature Updates - Production” With ADRs, that’s quite simple. Just add the deployment to the Software Update Group in SCCM and you’re done. But I was wondering if that is supported in the Servicing Plan scenario too, as with a Servicing Plan you define the amount of days it will take after a build release, before SCCM will deploy the feature update to the collection. ...

Problem: Multicast during an SCCM 2012 R2 SP1 (1511 release) Task Sequence fails with error “Failed to get MCS key (Code 0x80004005)”. This error is found in the smsts.log log file on the (Windows 10 Enterprise x64 1511) client machine. SMSTS.log file contents CLibSMSMessageWinHttpTransport::Send: URL: SCCM01.CORP.DOMAIN.COM:443 CCM_POST /SMS_MCS_AltAuth/.sms_mcs?op=keyinfo ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290) In SSL, but with no client cert ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290) `Request was successful. ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)pNext != NULL, HRESULT=80004005 (e:\nts_sccm_release\sms\framework\osdmessaging\libsmsmessaging.cpp,2054) ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)reply has no message header marker ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)DoRequest (sReply, true), HRESULT=80004005 (e:\nts_sccm_release\sms\framework\osdmessaging\libsmsmessaging.cpp,10358) ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)oMcsRequest.GetMCSKey(mcsKeyInfoResponse), HRESULT=80004005 (e:\nts_sccm_release\sms\server\mcs\consumer\mcsisapiclient.cpp,429) ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)Failed to get MCS key (Code 0x80004005) ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)ClientRequestToMCS::DoRequest failed. error = (0x80004005). ...

With TPM 1.2, Microsoft was able to clear the TPM during the SCCM Task Sequence without asking for permission to clear the TPM. With TPM 2.0, SCCM is unable to clear and activate the TPM chip during the deployment. The first time you boot your computer, you need to provide a BitLocker Recovery Key, or the tpm.msc console will tell you that the TPM is ready for use, with reduced functionality. I found a script online that I’ve added to my GitHub to clear the TPM 2.0 chip during the deployment. ...

Because I wanted to configure Device Guard with Windows 10, I need the Hyper-V Hypervisor to be enabled on Windows 10. I tried to do this with DISM and an answer file, but it’s not possible to enable Hyper-V during the Task Sequence Deployment because Hyper-V requires a couple of reboots. Solution Create a new “Set Task Sequence Variable” task in your Task Sequence. This will run the PowerShell command after the Task Sequence ends. I’ve set this task before enabling the Driver Package, but it should be possible to place this task anywhere you like. ...

Recently I connected System Center - Virtual Machine Manager with WSUS. The WSUS server is installed on the primary site server of my SCCM 2012 R2 SP1 CU2 installation. After I configured my SCCM WSUS server as an update server for VMM, the distribution point in the office stopped working. You will see HTTP ERROR “12030” in your logs and the PXE request on a client will fail. Browsing to the website of the SCCM Primary Site server will fail too. I found out that the certificate of IIS on my primary site was gone. ...

Recently I found the following error in the SMSPXE.log log file on my newly created distribution point: CryptVerifySignature failed, 80090006 SMSPXE <REMOVED TIME> 2500 (0x09C4) untrusted certificate: <REMOVED CERTIFICATE> SMSPXE <REMOVED TIME> 2500 (0x09C4) Failed to get information for MP: https://SCCMPRIMARY.DOMAIN.TLD. 80090006. SMSPXE <REMOVED TIME> 2500 (0x09C4) After recreating my certificate template for the IIS Service on the primary site server, it fixed the problem. Check the online documentation of SCCM for the details of this certificate template.

Problem: Sometimes it’s possible that the registry keys SerializedMCSKey and SignedSerializedMCSKey in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\MCS location are empty after a fresh installation or after reinstalling multicast. Solution: Patience… It took like 5 or 6 hours to get those values populated by SCCM / WDS. I’ve searched for a way to force this, but I couldn’t find anything online. I’ve tried to reboot both machines, without any luck. If you know a way to force this, please let me know.

Problem: In SCCM 2012 R2 SP1 CU2, I’ve created a package that deploys some files such as wallpapers with a .BAT file. When I check the execmgr.log, I see the following error: Script for Package:PR######, Program: Run Script failed with exit code 4. Solution: Under the program in SCCM, change “Run” from “Hidden” to “Normal”.

I had some issues with the newest Windows ADK (1511) with Configuration Manager 2012 R2 SP1 CU2. As of yesterday, it’s possible to download the newest version of Configuration Manager: 1511. Because I had issues with the newest ADK, I’ve asked Microsoft on Technet if we still need to use the older ADK (10.0.26624.0) or if we can use the newest 1511 version of the ADK: [ ](/images/2015/12/adkversion.png) Check the post mentioned in the image above to download the right ADK version when you are going to use the new Configuration Manager 1511.

I was capturing a new Windows 10 TH2 (1511) image with SCCM 2012 R2 SP1 CU2 when suddenly the capturing process stops and ends with a Blue Screen of Death: “SYSTEM_THREAD_EXCEPTION_NOT_HANDLED”. Current environment: SCCM 2012 R2 SP1 CU2 Primary Site Local Distribution Point Windows Server 2012 R2 OS Based on Hyper-V 2008 R2 and 2012 R2. Windows 10 Template on Hyper-V Server 2008 R2 Cluster with VM Version 1. Firstly I thought that the boot image was corrupt or not working, so I tried to recreate the image using the following post. ...