Tag Archives: sccm 2012

ConfigMgr 2012 SP1: Remote SQL Connectivity Problem

Posted on by
Reply

Recently I had some issues with a ConfigMgr 2012 SP1 Primary Site communicating with a remote SQL Server 2008 R2 named instance. This was in my lab environment. I decided to upgrade the database instance from SQL Server 2008 R2 to SQL Server 2012 SP1.

Missing SQL Server Services in Configuration Manager

The first problem I encountered, right after the upgrade, was that I could not view the SQL Server 2012 SP1 instance from the SQL Server Configuration Manager tool. I posted about this problem on the Microsoft TechNet forums, and quickly got the help I needed to resolve it. Although I did not have a new shortcut in the Start Menu for the SQL Server 2012 Configuration Manager tool, it has indeed been installed. I used Windows PowerShell to locate the file (sqlconfigurationmanager11.msc) that was mentioned in response to my inquiry, and it turned out to be in the %WinDir%\System32 folder. After launching this tool, I could successfully “see” the SQL Server services that had been previously “missing” from the SQL Server Configuration Manager.

Database Engine Certificate Issue

I had been having a problem for a little while, on SQL Server 2008 R2, and then SQL Server 2012 after the upgrade, where something with the SQL Server database engine configuration got screwed up. Basically, the SSL certificate that was auto-generated by SQL Server was “broken.” I tried to clear the certificate on the database engine instance, using SQL Server Configuration Manager, but that only caused more problems. I generated a new Computer certificate from my internal Certificate Authority (which the ConfigMgr Primary Site trusts), and set that as the SSL certificate for the SQL Server database engine. After doing this, I started getting some errors in the Application event log.

EventID 26014

1
Unable to load user-specified certificate [Cert Hash(sha1) "0D1E36686557FDB0A86E9E60DCE80E2820C3D1C1"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.

EventID 26014

1
TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.

EventID 17120

1
SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

As it turns out, I found out that the service account did not have access to the private key of the SSL certificate that I had enrolled onto the SQL Server. In order to resolve this, I used the MMC snap-in for Local Computer Certificates, right-clicked on the SSL certificate with the corresponding thumbprint in the error message, selected All Tasks –> Manage Private Keys, and added the Read permission for the SQL Server domain service account. After doing this, I was able to successfully start the SQL Server service.

ConfigMgr 2012 SP1 Database Connectivity

This is just some brief documentation of the errors I was getting while I was encountering SQL database engine issues.

Since the first problem I had was the SQL Server database being unavailable, I was getting the following errors in the smsexec.log. The “actively refused” message makes a lot of sense, since there was no database engine service listening on the port that the SMS_Executive service was attempting to connect to.

1
2
3
4
5
6
*** [08001][10061][Microsoft][SQL Server Native Client 11.0]TCP Provider: No connection could be made because the target machine actively refused it.
*** [HYT00][0][Microsoft][SQL Server Native Client 11.0]Login timeout expired
*** [08001][10061][Microsoft][SQL Server Native Client 11.0]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.
*** Failed to connect to the SQL Server, connection type: SMS ACCESS.
CSiteControlEx::GetCurrentSiteInfo: Failed to get SQL connection
CSiteControlEx::GetMasterSCF:Failed to read site information from database, retry in 5 seconds ...

After getting the SQL Server instance back up and running, I started seeing these messages in the smsexec.log. I’m pretty sure that the root cause of this was that the SQL Server database engine could not access the private key of the configured SSL certificate. Given this, I have no idea which certificate it was ultimately using, but obviously it was not the one that I had explicitly told it to use.

1
2
3
4
5
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection
*** Failed to connect to the SQL Server, connection type: SMS ACCESS.
CSiteControlEx::GetCurrentSiteInfo: Failed to get SQL connection
CSiteControlEx::GetMasterSCF:Failed to read site information from database, retry in 5 seconds ...

In order to resolve this, check out the previous section Database Engine Certificate Issue.

SQL 2012 SP1: Errors on starting database server named instance

Posted on by
Reply

I recently got some weird SQL Server error messages in the Application event log after rebooting my SQL 2012 SP1 server, running on Windows Server 2012:

Event ID 26014: Unable to load user-specified certificate [Cert Hash(sha1) "D3D88810B87C9533AA30CE9B2C3BDCEE3C674B97"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See “Configuring Certificate for Use by SSL” in Books Online.

Event ID 17182: TDSSNIClient initialization failed with error 0×80092004, status code 0×80. Reason: Unable to initialize SSL support. Cannot find object or property.

Event ID 17182: TDSSNIClient initialization failed with error 0×80092004, status code 0×1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.

Event ID 17826: Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

Event ID 17120: SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

These errors confused me, because as far as I know, I’m not using SSL for my SQL Server instance. To solve the issue, I opened the SQL Server Configuration Manager –> SQL Server Network Configuration –> right-click “Protocols for CM12″ –> Properties –> Certificate tab. Click the “Clear” button and restart the service. Hopefully this clears up the error.

 

ConfigMgr 2012: Ccmeval.exe causing client corruption

Posted on by
6

I’ve discovered, on more than one occasion, that the ConfigMgr 2012 client’s ccmeval.exe, which is intended to resolve client health related issues, actually breaks the ConfigMgr client. This has happened on a Windows 8 RTM client, and I’m fairly certain that it affects Windows Server 2012 as well. You might be aware that Windows 8 and Windows Server 2012 are unsupported client operating systems with ConfigMgr 2012 RTM, but will be officially supported in Configuration Manager 2012 Service Pack 1 (SP1).

Issue


By default, when the ConfigMgr 2012 client is installed, a Scheduled Task is registered under the \Microsoft\Configuration Manager called “Configuration Manager Health Evaluation.” The command line that is called is simply ccmeval.exe, with no command line arguments. The task will run approximately around midnight (12:19 AM on my test client) every night.
Continue reading

VBscript: Export ConfigMgr Task Sequence Variables

Posted on by
1

Here is a simple VBscript that will export Microsoft System Center Configuration Manager (SCCM / ConfigMgr) task sequence variables to a file on the root of the system drive for troubleshooting. In WinPE (Windows Pre-execution), this is typically the x:\ drive, and in the full OS phase, it’s most commonly the c:\ drive, although that cannot necessarily be assumed either.

In WinPE 4.0, you can use PowerShell instead, but I developed this for use on WinPE 3.x.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
'  Author: Trevor Sullivan
'    Date: 2012-11-16
' Purpose: Exports all ConfigMgr OSD task sequence variables to a text file on
'          the root of %systemdrive%. In WinPE, this is normally x:\.

Option Explicit

dim tsenv, var, fso, log, sh, LogPath

' Create a few COM objects
set tsenv = CreateObject("Microsoft.SMS.TSEnvironment")
set sh = CreateObject("Wscript.Shell")
set fso = CreateObject("Scripting.FileSystemObject")

' Get path to log file
LogPath =  sh.ExpandEnvironmentStrings("%SystemDrive%\Task Sequence Variables.txt")
' Get FileStream object
set log = fso.OpenTextFile(LogPath, 8, true)

' Iterate over task sequence variables and write each one to log file
for each var in tsenv.GetVariables()
    call log.WriteLine(var & " = " & tsenv(var))
    call wscript.echo(var & " = " & tsenv(var))
next

ConfigMgr 2012 RC Issues with CAS + Primary Hierarchy

Posted on by
9

I just got done setting up a ConfigMgr 2012 Release Candidate primary site beneath a Central Administration Site (CAS), and when firing up the console on the primary site, I’m getting the following message: “Your Configuration Manager console is in read-only mode while this site completes tasks related to maintenance mode. After these tasks are complete you must reconnect you Configuration Manager console before you can edit or create new objects.”

Here are a few facts about the hierarchy:

  • The CAS runs on Windows Server 2008 R2 SP1
  • The CAS points to a remote SQL 2008 SP1 Server on Windows Server 2008 R2 SP1
  • The Primary Site runs on Windows Server 2008 R2 SP1
  • The Primary Site points to a local SQL 2008 R2 SP1 instance (with KB2603910 installed)

image

After passing this message box, the following error would appear in the SmsAdminUI.log file:

[5, PID:3140][11/16/2011 20:28:22] :System.Management.ManagementExceptionrnGeneric failure rn   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
   at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()rnManagementException details:
instance of SMS_ExtendedStatus
{
    Description = " Could not find property systemIsolationState";
    ErrorCode = 1078464256;
    File = "e:\nts_sccm_release\sms\siteserver\sdk_provider\smsprov\sspobjectquery.cpp";
    Line = 3900;
    Operation = "ExecQuery";
    ParameterInfo = "Select COUNT(*) FROM SMS_G_System_NAPCLIENT where systemIsolationState=0";
    ProviderName = "WinMgmt";
    StatusCode = 2147749889;
};

 

Obviously something was going on, because this same error was not happening on the CAS when I’d launch the console. We can see in this message that the property named systemIsolationState apparently does not exist in the SMS_G_System_NAPCLIENT WMI class in the rootsmssite_### namespace. Now that we know exactly what’s missing, it’s time to fire up the WMI Explorer and see if that property does or doesn’t exist.

image

As you can see, the property surely does not exist on the “001” site, which is the primary site beneath the CAS. Next, let’s check the CAS for this property.

Note: I’m not sure that this property is necessarily supposed to exist on the CAS, but it’s worth checking out anyway. It’s highly probable that it should exist on the CAS, because it’s a common inventory class for system resources.

Here’s a similar screenshot from the CAS.

image

Aha! It looks like the property does exist on the CAS. At this point, I’m suspecting that something failed during the installation of the primary site, so let’s head back over to the primary site and check out its ConfigMgr setup log (c:ConfigMgrSetup.log). I saw this message repeating towards the end of the setup:

INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 3:35:38 PM    1168 (0×0490)
INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 3:44:38 PM    1168 (0×0490)
INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 3:53:38 PM    1168 (0×0490)
INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 4:02:38 PM    1168 (0×0490)

And finally, after a while, it finished:

INFO: Stopping component monitoring as stop signal received.    Configuration Manager Setup    11/16/2011 6:52:25 PM    3752 (0x0EA8)
INFO: Stopping server role monitoring as stop signal received.    Configuration Manager Setup    11/16/2011 6:52:26 PM    3836 (0x0EFC)
INFO: Stopping replication monitoring as stop signal received.    Configuration Manager Setup    11/16/2011 6:52:26 PM    1168 (0×0490)
<11-16-2011 18:52:27> *****************************************************         1/1/1601 12:00:00 AM    1992907627 (0x76C95B6B)
<11-16-2011 18:52:27> ***** Exiting ConfigMgr 2012 Setup Bootstrapper *****         1/1/1601 12:00:00 AM    1992907627 (0x76C95B6B)
<11-16-2011 18:52:27> *****************************************************         1/1/1601 12:00:00 AM    1992907627 (0x76C95B6B)

I’m a little confused at how it finished successfully, because there were some other errors in the log as well:

omGetServerRoleAvailabilityState could not read from the registry on sccm03.mybiz.loc; error = 5:
omGetServerRoleAvailabilityState could not read from the registry on sccm03.mybiz.loc; error = 5:

Also this showed up:

INFO: SDK Provider is on sccm03.mybiz.loc.    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
INFO: Retrieving current site control image…    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
INFO:  SQL Connection succeeded. Connection: SMS ACCESS, Type: Secure    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
INFO: Stored SQL Server computer certificate for Server [sccm01.mybiz.loc] successfully on [sccm03.mybiz.loc].    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:28 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:28 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:31 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:31 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:34 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:34 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:37 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:37 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:40 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:40 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:43 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:43 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:46 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:46 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:49 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:49 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:52 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:52 PM    1748 (0x06D4)
INFO: Registered type CCAR_DB_ACCESS for sccm01.mybiz.loc CM_CEN    Configuration Manager Setup    11/16/2011 8:56:55 PM    1748 (0x06D4)
INFO:  SQL Connection succeeded. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:55 PM    1748 (0x06D4)
INFO: Read CAS SQL Server information, stored CAS SQL Server certificate and registered connection to its database.    Configuration Manager Setup    11/16/2011 8:56:55 PM    1748 (0x06D4)

Someone else posted this same message when trying to do a CAS + Primary Site configuration. Next step: reinstall the primary site.

After re-installing the primary site, the same issues returned. Finally I decided to just install a stand-alone primary site without a CAS.

PowerShell / ConfigMgr: Count of Client Manufacturer / Models

Posted on by
Reply

Introduction

If you’re an administrator of Microsoft System Center Configuration Manager (SCCM / ConfigMgr) 2007, you might be interested in finding out what make / model of client & server systems you have, and how many of each unique value you have. Most people would probably simply pull up a ConfigMgr report, but did you know that there’s an automated way to get this information as well?

Using PowerShell

You’ll need the following to execute this simple script:

  • A user account with access to the ConfigMgr provider
  • The hostname of the ConfigMgr central site server
  • The site code of the ConfigMgr central site

Once you’ve launched PowerShell under the appropriate account’s credentials, simply run this command:

Clear-Host

$ComputerSystems = Get-WmiObject `
    -Namespace rootsmssite_000 `
    -ComputerName sccm01.mydomain.com `
    -Class SMS_G_System_Computer_System

$ComputerSystems `
    | Group-Object -Property Manufacturer,Model `
    | Where-Object { $_.Count -gt 5 } `
    | Sort-Object -Property Count -Descending

If you get an error saying "An empty pipe element is not allowed" then make sure that there is not a space after one of the backticks. The backtick is the continuation character, and tells PowerShell to keep processing the command on the next line, and if there is a space after it, the interpreter will get confused.

If everything works as expected, you should see output similar to the following:

Count Name                    
—– —-                    
  222 Dell Inc., OptiPlex 780 
  136 Dell Inc., OptiPlex GX620

  135 Dell Inc., OptiPlex 755 
  134 Dell Inc., OptiPlex 745 
  101 Dell Inc., OptiPlex GX280

There will also be a “group” property, which contains the actual .NET objects that were grouped into each line item.

Hope this helps!

ConfigMgr 2012 Beta 2: WMI Namespace Documentation

Posted on by
Reply

I recently put together some documentation for the Microsoft System Center Configuration Manager 2012 Beta 2 WMI provider. This is a searchable, formatted Excel document that displays all the classes, properties, and methods for the SCCM 2012 provider. Hopefully this will help you to find the proper information for writing custom scripts and so on.

http://dl.dropbox.com/u/18088468/SCCM%202012%20WMI%20Namespace%20Documentation.xlsx

Please provide feedback if this was helpful, or if you’d like to see something else added to it!

ConfigMgr 2012: Deleting Advertisements

Posted on by
4

Where’d my Advertisements Go?

Advertisements aren’t quite what you think they are. At least, that’s probably the case if you’re talking in context of Microsoft System Center Configuration Manager (SCCM / ConfigMgr). At first glance you might see “deleting advertisements” and exclaim: “YES! Please do!” The difference here is that advertisements in SCCM are not product or service advertisements, but rather proclamations of the availability of software to a computer system. If you’re reading this, you most likely already knew that, but if not, then … now you do.

Back in the days of the SCCM 2007 console, there was a single Software Distribution –> Advertisements node which contained advertisements for both standard software distribution and operating system deployment (OSD) task sequences. This worked pretty well, but it was a little confusing since the operating system deployment node was entirely separate from software distribution. Hierarchically, it just didn’t make sense.

image

Continue reading

Extreme PowerShell / ConfigMgr: Extending Hardware Inventory

Posted on by
2

Introduction

In previous versions of Microsoft System Center Configuration Manager (ConfigMgr / SCCM), a common task for administrators, engineers, and consultants, was to extend the hardware inventory configuration. These inventory extensions were written in Managed Object Format (MOF) and allowed the SCCM client agents to report back a wider array of information to the central site database for reporting purposes, collection building, and other management tasks. Making changes to the configuration could be a tedious task, as MOF is not very forgiving, and rather quite strict, in its syntax.

In Microsoft Systems Management Server 2003 (SMS 2003), each time a configuration change was made, it was necessary to deploy the updated MOF file to the SMS clients — this made ensuring hardware inventory consistency across all clients a challenging task. In SCCM, Microsoft included changes to these MOF files (SMS_DEF.mof and Configuration.mof) as part of the machine policy refresh task, which is a client-side polling mechanism for configuration changes.

In SCCM 2012 Beta 2, Microsoft is taking it a step further and has eliminated the SMS_DEF.mof altogether, left the configuration.mof behind by itself, and stuck the WMI inventory configuration in … WMI. What is WMI? WMI stands for Windows Management Instrumentation, a service built into the Windows Operating System since Windows XP (and Windows 2000 Service Pack 4, I think). It provides a standard method of exposing hardware and software level system information to applications, such as storage, processor, memory, running processes, installed software, and other application configuration data. SCCM is built on top of this technology, and often makes developing software and scripts around the product much easier than it otherwise might be.

For the remainder of this article, we’re going to look at specifically how to extend hardware inventory in SCCM 2012 programmatically using Windows PowerShell with the SCCM WMI provider.

Continue reading

ConfigMgr 2012 Beta 2: PXE Booting for OSD

Posted on by
2

I recently was trying to PXE bootstrap an operating system deployment (OSD) job from a ConfigMgr 2012 Beta 2 PXE server, and was getting this message in the smspxe.log on the SCCM primary site server:

PXE::CBootImageManager::FindMatchingArchitectureBootImage
Warning: Matching Processor Architetcure Boot Image (0) not found

Continue reading