Category Archives: fixes

ConfigMgr: A Couple of Client Tweaks via PowerShell

Posted on by
Reply

Disable WINS Lookup via PowerShell & WMI

If you’re running Microsoft System Center Configuration Manager, you probably don’t need to be using the WINS lookup for Server Locator Points. Normally, you’d have to de-install the ConfigMgr client, and then re-install it with the SMSDIRECTORYLOOKUP=NOWINS MSI property. If you don’t want to do that, and want to disable the WINS lookup feature on your existing client base, you can use PowerShell to achieve this.

1
2
3
$DirectoryLookup = Get-WmiObject -Namespace root\ccm\policy\machine\actualconfig -Class CCM_DirectoryLookup_Configuration;
$DirectoryLookup.LookupFlags = 1;
$DirectoryLookup.Put();

Verification

After configuring this setting, you can restart the SMS Agent Host service by running the following command:

1
Restart-Service -Name ccmexec;

Open up the LocationServices.log client log file, and search for the text: Policy disallows failing over to WINS..

If you see that message showing up in the logs, then you should be all set!

Enabling Verbose Logging via PowerShell & WMI

Another post-installation trick you can do for Microsoft System Center Configuration Manager clients is enable verbose logging via the Windows Management Instrumentation (WMI) service. Check out this quick PowerShell script to achieve this:

1
2
3
$Logging = Get-WmiObject -Namespace root\ccm\policy\machine\actualconfig -Class CCM_Logging_GlobalConfiguration;
$Logging.LogLevel = 0;
$Logging.Put();

Important: You may need to restart the ConfigMgr client service (short name: ccmexec, display name: SMS Agent Host) in order for this change to take effect.

ConfigMgr 2012 SP1: Remote SQL Connectivity Problem

Posted on by
Reply

Recently I had some issues with a ConfigMgr 2012 SP1 Primary Site communicating with a remote SQL Server 2008 R2 named instance. This was in my lab environment. I decided to upgrade the database instance from SQL Server 2008 R2 to SQL Server 2012 SP1.

Missing SQL Server Services in Configuration Manager

The first problem I encountered, right after the upgrade, was that I could not view the SQL Server 2012 SP1 instance from the SQL Server Configuration Manager tool. I posted about this problem on the Microsoft TechNet forums, and quickly got the help I needed to resolve it. Although I did not have a new shortcut in the Start Menu for the SQL Server 2012 Configuration Manager tool, it has indeed been installed. I used Windows PowerShell to locate the file (sqlconfigurationmanager11.msc) that was mentioned in response to my inquiry, and it turned out to be in the %WinDir%\System32 folder. After launching this tool, I could successfully “see” the SQL Server services that had been previously “missing” from the SQL Server Configuration Manager.

Database Engine Certificate Issue

I had been having a problem for a little while, on SQL Server 2008 R2, and then SQL Server 2012 after the upgrade, where something with the SQL Server database engine configuration got screwed up. Basically, the SSL certificate that was auto-generated by SQL Server was “broken.” I tried to clear the certificate on the database engine instance, using SQL Server Configuration Manager, but that only caused more problems. I generated a new Computer certificate from my internal Certificate Authority (which the ConfigMgr Primary Site trusts), and set that as the SSL certificate for the SQL Server database engine. After doing this, I started getting some errors in the Application event log.

EventID 26014

1
Unable to load user-specified certificate [Cert Hash(sha1) "0D1E36686557FDB0A86E9E60DCE80E2820C3D1C1"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.

EventID 26014

1
TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.

EventID 17120

1
SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

As it turns out, I found out that the service account did not have access to the private key of the SSL certificate that I had enrolled onto the SQL Server. In order to resolve this, I used the MMC snap-in for Local Computer Certificates, right-clicked on the SSL certificate with the corresponding thumbprint in the error message, selected All Tasks –> Manage Private Keys, and added the Read permission for the SQL Server domain service account. After doing this, I was able to successfully start the SQL Server service.

ConfigMgr 2012 SP1 Database Connectivity

This is just some brief documentation of the errors I was getting while I was encountering SQL database engine issues.

Since the first problem I had was the SQL Server database being unavailable, I was getting the following errors in the smsexec.log. The “actively refused” message makes a lot of sense, since there was no database engine service listening on the port that the SMS_Executive service was attempting to connect to.

1
2
3
4
5
6
*** [08001][10061][Microsoft][SQL Server Native Client 11.0]TCP Provider: No connection could be made because the target machine actively refused it.
*** [HYT00][0][Microsoft][SQL Server Native Client 11.0]Login timeout expired
*** [08001][10061][Microsoft][SQL Server Native Client 11.0]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.
*** Failed to connect to the SQL Server, connection type: SMS ACCESS.
CSiteControlEx::GetCurrentSiteInfo: Failed to get SQL connection
CSiteControlEx::GetMasterSCF:Failed to read site information from database, retry in 5 seconds ...

After getting the SQL Server instance back up and running, I started seeing these messages in the smsexec.log. I’m pretty sure that the root cause of this was that the SQL Server database engine could not access the private key of the configured SSL certificate. Given this, I have no idea which certificate it was ultimately using, but obviously it was not the one that I had explicitly told it to use.

1
2
3
4
5
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection
*** Failed to connect to the SQL Server, connection type: SMS ACCESS.
CSiteControlEx::GetCurrentSiteInfo: Failed to get SQL connection
CSiteControlEx::GetMasterSCF:Failed to read site information from database, retry in 5 seconds ...

In order to resolve this, check out the previous section Database Engine Certificate Issue.

Installing VMware Workstation 9.0 on Windows 8 RTM

Posted on by
Reply

I recently ran into an issue where VMware Workstation 9.0.1 refused to install, with the management port configured to the default of port 443. It was complaining that another process was using that port already. I broke out netstat -aon and discovered that wwahost.exe was listening on port 443. It turns out that wwahost.exe is a new Windows 8 process that is used to launch Windows 8 “modern UI” applications, or something along those lines.

Although rebooting your computer will probably fix the problem, you can just Alt + Tab over to any Metro UI applications and close them by hitting Alt + F4. Once you’ve closed all of your Metro “modern” UI apps (don’t forget Metro-style Control Panel settings screens, and similar), you should be able to proceed with the installation of VMware Workstation.

Forcibly installing the Android USB driver in Windows 7

Posted on by
2

If you are an Android mobile device user, with a tablet or phone, you may at some point desire to connect it to your Windows 7 computer over USB. Generally we do this so that we can use the debug interface with software utilities such as ADB.exe (Android Debug Bridge), which is included with the Google Android SDK.

Upon first connecting your Android device to your Windows 7 system, you might realize that there is no device driver available out-of-the-box to allow the debug interface to work properly. When you open Device Manager (devmgmt.msc) or Computer Management (compmgmt.msc) – which contains the Device Manager MMC snap-in – you might notice a generic icon representing an “Android Device” under the “Other Devices” category. Basically, this means that Windows 7 recognizes the presence of the device, but doesn’t know how to “talk” to it. To get Windows to talk to our Android device, we must install the Google USB driver.
Continue reading

PowerShell 3 RC: New Send-MailMessage Parameter for Port Number!

Posted on by
3

Did you know that in previous versions of Windows PowerShell, there was no built-in way to specify a custom port to send an e-mail to a SMTP server? It’s true, Microsoft did not include that parameter until the release candidate (aka. release preview) version of PowerShell version 3.0. The release candidate of Windows Management Framework 3.0 was made available for download on May 31st, 2012. The cmdlet in question here is the Send-MailMessage cmdlet, and just today, I noticed a comment from someone at Microsoft, saying that the new -Port parameter was included in the PowerShell 3.0 RC.

Upon closer, personal inspection, it’s true. The -Port parameter has been included! Here is the original bug filed on Microsoft Connect by Shay Levy:

https://connect.microsoft.com/PowerShell/feedback/details/490141/add-port-parameter-to-send-mailmessage

All we have to do to verify the availability of the parameter is issue the Get-Help Send-MailMessage command.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
NAME
    Send-MailMessage

SYNOPSIS
    Sends an e-mail message.


SYNTAX
    Send-MailMessage [-To] <String[]> [-Subject] <String> [[-Body] <String>]
    [[-SmtpServer] <String>] [-Attachments <String[]>] [-Bcc <String[]>]
    [-BodyAsHtml [<SwitchParameter>]] [-Cc <String[]>] [-Credential
    <PSCredential>] [-DeliveryNotificationOption
    <DeliveryNotificationOptions>] [-Encoding <Encoding>] [-Port <Int32>]
    [-Priority <MailPriority>] [-UseSsl [<SwitchParameter>]] -From <String>
    [<CommonParameters>]


DESCRIPTION
    The Send-MailMessage cmdlet sends an e-mail message from within Windows
    PowerShell.

ConfigMgr 2007: PXE Service Point Installation Error

Posted on by
Reply

Just recently, I was getting an error in the pxemsi.log (pxemsi.log.lasterror) while trying to install a ConfigMgr 2007 PXE Service Point (PSP):

DEBUG: Error 2203:  Database: C:WindowsInstaller1e0d86.ipi. Cannot open database file. System error –2147287037
MSI (s) (20:FC) [09:46:12:689]: Product: SMS PXE Service Point — Internal Error 2203. C:WindowsInstaller1e0d86.ipi, –2147287037
Internal Error 2203. C:WindowsInstaller1e0d86.ipi, –2147287037

 

Continue reading

Microsoft Assessment and Planning Toolkit 6.0: Task Processor Busy

Posted on by
Reply

If you install the Microsoft Assessment and Planning (MAP) Toolkit 6.0, and you run a large inventory job, you may find that it takes a long time to complete. If you have hidden the inventory status window, the MAP console will provide limited functionality until the inventory process is completed. Attempting to perform certain console functions may yield the following error message:

The task processor is currently busy. You cannot perform this operation while the task processor is running. Please wait for the task processor to complete or cancel the task processor before retrying this operation.

image

There isn’t any menu option to simply stop the task processor, so you’ll need to choose File –> Exit, which will prompt you to stop it.

image

ConfigMgr 2012 RC Issues with CAS + Primary Hierarchy

Posted on by
9

I just got done setting up a ConfigMgr 2012 Release Candidate primary site beneath a Central Administration Site (CAS), and when firing up the console on the primary site, I’m getting the following message: “Your Configuration Manager console is in read-only mode while this site completes tasks related to maintenance mode. After these tasks are complete you must reconnect you Configuration Manager console before you can edit or create new objects.”

Here are a few facts about the hierarchy:

  • The CAS runs on Windows Server 2008 R2 SP1
  • The CAS points to a remote SQL 2008 SP1 Server on Windows Server 2008 R2 SP1
  • The Primary Site runs on Windows Server 2008 R2 SP1
  • The Primary Site points to a local SQL 2008 R2 SP1 instance (with KB2603910 installed)

image

After passing this message box, the following error would appear in the SmsAdminUI.log file:

[5, PID:3140][11/16/2011 20:28:22] :System.Management.ManagementExceptionrnGeneric failure rn   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
   at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()rnManagementException details:
instance of SMS_ExtendedStatus
{
    Description = " Could not find property systemIsolationState";
    ErrorCode = 1078464256;
    File = "e:\nts_sccm_release\sms\siteserver\sdk_provider\smsprov\sspobjectquery.cpp";
    Line = 3900;
    Operation = "ExecQuery";
    ParameterInfo = "Select COUNT(*) FROM SMS_G_System_NAPCLIENT where systemIsolationState=0";
    ProviderName = "WinMgmt";
    StatusCode = 2147749889;
};

 

Obviously something was going on, because this same error was not happening on the CAS when I’d launch the console. We can see in this message that the property named systemIsolationState apparently does not exist in the SMS_G_System_NAPCLIENT WMI class in the rootsmssite_### namespace. Now that we know exactly what’s missing, it’s time to fire up the WMI Explorer and see if that property does or doesn’t exist.

image

As you can see, the property surely does not exist on the “001” site, which is the primary site beneath the CAS. Next, let’s check the CAS for this property.

Note: I’m not sure that this property is necessarily supposed to exist on the CAS, but it’s worth checking out anyway. It’s highly probable that it should exist on the CAS, because it’s a common inventory class for system resources.

Here’s a similar screenshot from the CAS.

image

Aha! It looks like the property does exist on the CAS. At this point, I’m suspecting that something failed during the installation of the primary site, so let’s head back over to the primary site and check out its ConfigMgr setup log (c:ConfigMgrSetup.log). I saw this message repeating towards the end of the setup:

INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 3:35:38 PM    1168 (0×0490)
INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 3:44:38 PM    1168 (0×0490)
INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 3:53:38 PM    1168 (0×0490)
INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 4:02:38 PM    1168 (0×0490)

And finally, after a while, it finished:

INFO: Stopping component monitoring as stop signal received.    Configuration Manager Setup    11/16/2011 6:52:25 PM    3752 (0x0EA8)
INFO: Stopping server role monitoring as stop signal received.    Configuration Manager Setup    11/16/2011 6:52:26 PM    3836 (0x0EFC)
INFO: Stopping replication monitoring as stop signal received.    Configuration Manager Setup    11/16/2011 6:52:26 PM    1168 (0×0490)
<11-16-2011 18:52:27> *****************************************************         1/1/1601 12:00:00 AM    1992907627 (0x76C95B6B)
<11-16-2011 18:52:27> ***** Exiting ConfigMgr 2012 Setup Bootstrapper *****         1/1/1601 12:00:00 AM    1992907627 (0x76C95B6B)
<11-16-2011 18:52:27> *****************************************************         1/1/1601 12:00:00 AM    1992907627 (0x76C95B6B)

I’m a little confused at how it finished successfully, because there were some other errors in the log as well:

omGetServerRoleAvailabilityState could not read from the registry on sccm03.mybiz.loc; error = 5:
omGetServerRoleAvailabilityState could not read from the registry on sccm03.mybiz.loc; error = 5:

Also this showed up:

INFO: SDK Provider is on sccm03.mybiz.loc.    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
INFO: Retrieving current site control image…    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
INFO:  SQL Connection succeeded. Connection: SMS ACCESS, Type: Secure    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
INFO: Stored SQL Server computer certificate for Server [sccm01.mybiz.loc] successfully on [sccm03.mybiz.loc].    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:28 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:28 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:31 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:31 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:34 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:34 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:37 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:37 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:40 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:40 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:43 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:43 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:46 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:46 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:49 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:49 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:52 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:52 PM    1748 (0x06D4)
INFO: Registered type CCAR_DB_ACCESS for sccm01.mybiz.loc CM_CEN    Configuration Manager Setup    11/16/2011 8:56:55 PM    1748 (0x06D4)
INFO:  SQL Connection succeeded. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:55 PM    1748 (0x06D4)
INFO: Read CAS SQL Server information, stored CAS SQL Server certificate and registered connection to its database.    Configuration Manager Setup    11/16/2011 8:56:55 PM    1748 (0x06D4)

Someone else posted this same message when trying to do a CAS + Primary Site configuration. Next step: reinstall the primary site.

After re-installing the primary site, the same issues returned. Finally I decided to just install a stand-alone primary site without a CAS.

ConfigMgr Software Updates: Enforcement State Unknown

Posted on by
Reply

There was an interesting thread going on over at the MyITforum MSSMS mailing list. Apparently if certain settings are not properly configured, System Center Configuration Manager (SCCM / ConfigMgr) clients will show a status of “Enforcement state unknown” for certain software updates. One proposed solution was the following:

I had a similar issue some time ago and worked with MS with the following solution (might be worth checking into):

Basically we had “Suppress display notifications on clients” radio button checked on the Display/Time Settings tab of the specific Deployment Management Properties box and in order to do that we also had to set a deadline (on the Schedule tab of the same Properties box).  Without the deadline, I was getting the “Enforcement State Unknown” status.

We set if for some time in the future, but did not check the “Ignore maintenance windows and install immediately at deadline” checkbox, so the workstations will not install until you maintenance window, assuming that’s what you want.

Someone else suggested the following VBscript to force SCCM clients to update their software updates status:

‘ Initialize the UpdatesStore variable.
dim newCCMUpdatesStore
‘ Create the COM object.
set newCCMUpdatesStore = CreateObject ("Microsoft.CCM.UpdatesStore")
‘ Refresh the server compliance state by running the RefreshServerComplianceState method.
newCCMUpdatesStore.RefreshServerComplianceState

Hope this helps, if you’re having the issue.