Archives for posts with tag: SCCM

System Center Clients…SMH

Had a System Center client out there that would not install during a push installation.  Took a look in the ccmsetup.log file and discovered the following error: MSI: Setup was unable to create the WMI namespace CCM The error code is 80041002. Error 1603.

Quick & Easy Fix

The fix that worked for me was to…

  1. Stop the Windows Management Instrumentation service and set it to Disabled.  If you don’t disable it, it will restart automatically.
  2. Went into the %windir%\system32\wbem folder and renamed the Repository folder to Repository.old.
  3. I restarted the WMI service and set it to Automatic.
  4. I re-pushed the client from the SCCM console and everything installed just fine.

The Problem

The other day I was faced with a simple little issue to solve.  I had the Serial Number/Service Tag for a Dell server but I had no idea where it was physically located nor did I know the name of the server.  This would have not been a problem with our clients because we name our clients the same as the Service Tag.  But, our servers are named differently.

System Center Configuration Manager to the Rescue…Again!

So I decided to use SCCM reporting to solve this problem since SCCM collects all sorts of data anyway.  I created a custom report called Computers with a specific Dell ServiceTag.  The following is the SQL statement that I wrote.

SELECT SYS.Netbios_Name0, SYS.AD_Site_Name0, SYS.Operating_System_Name_and0
JOIN v_R_System SYS on SYS.ResourceID = BIOS.ResourceID
WHERE BIOS.SerialNumber0 LIKE @serialNumber
ORDER BY SYS.Netbios_Name0

  1. Click the Prompts button and add a prompt property
  2. Name: serialNumber and Prompt text: Serial Number
  3. Check the Provide a SQL statement box and enter the following:

    if (@__filterwildcard = '')
    select distinct SerialNumber0 from v_GS_PC_BIOS order by SerialNumber0
    select distinct SerialNumber0 from v_GS_PC_BIOS
    WHERE SerialNumber0 like @__filterwildcard
    order by SerialNumber0

That should do it.


Just added a new branch office to our organization and in keeping with the new standards that I have imposed for server operating systems, all servers at this location are running Windows Server 2008 R2.  I had read awhile back that there were a few things to be aware of when creating a SCCM Secondary Site in Windows Server 2008 R2. These secondary sites will only be Management Points and Distribution Points.  So here’s how I got it all to work.

Remote Differential Compression (RDC)

According to the TechNet articleon this very same topic, “site servers and branch distribution points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison. By default, RDC is not installed on Windows Server 2008 or Windows Server 2008 R2 and must be enabled manually.”

  1. Launch Server Manager.  Select Features then Add New Features.
  2. Select Remote Differential Compression.  Click Next then Install.


There are a few things that need to be done in IIS7.5 to get things to work.  Even in IIS6 there were/are several configuration steps that needed to be performed in order to get this to work.  Some of these steps are similar to what you need to do if running IIS6.

  1. Launch Server Manager.
  2. Select Features then Add Features.
  3. Select Background Intelligent Transfer Service (BITS) which will then require that Web Server (IIS) and Remote Server Administration Tools be installed.
  4. Select Add Required Role Services.
  5. Click  Next.
  6. At the Role Services step select WebDAV Publishing, ASP.NET and Add Required Role Services.
  7. (Optional) I checked ASP just in case I wanted to make this server a Reporting Point in the future.
  8. Select Windows Authentication under Security.
  9. Under IIS Management Compatibility select the following: IIS 6 Metabase Compatibility, IIS 6 WMI Compatibility.
  10. Click Next then Install.

WebDAV Configuration

  1. Once IIS7.5 is installed open the IIS Manager.  To keep things simple and to avoid any future problems, I rename the Default Website to SMSWEB.  There will be no other websites running off of this particular server so it’s not a problem.
  2. Select SMSWEB and in the Features View select WebDAV Authoring Rules.
  3. Once in the screen select Enable WebDAV from the Actions pane then select Add Authoring Rule…
  4. Allow access to: All Content, Allow access to this content to: All Users, Permissions: Read
  5. Select WebDAV Settings.
  6. Set Allow Anonymous Property Queries to True.  Set Allow Custom Properties to False.  Set Allow Property Queries with Infinite Depth to True.  Set Allow Hidden Files to be Listed to True.  In the Action pane click Apply.

Final Configurations

There is one more thing that needs to be done to prepare for installing the Secondary Site now that we have IIS7.5 and WebDAV configured correctly.  You may already be aware that this step needs to be taken, but I’ll list it anyway for those that have no clue or might forget.

  1. Go to Active Directory Users and Computers.
  2. From the View menu item in the MMC console select Advanced Features if it’s not already checked.
  3. Expand the System container and right-click on System Management  and select Properties.
  4. Go to the Security tab and add the Secondary Site server to the list granting it Full Control.

Now you are ready to add this site as a Secondary Site in SCCM. Update (Mar 23, 2012)

  1. Also be sure to add the computer account of the primary site server to the Local Administrators group of the secondary site server.

Update (Apr 10, 2012)

  1. Open up IIS Manager.
  2. Expand the SMSWEB site.
  3. Right-click on the CCM_CLIENT folder and select Edit Permissions.
  4. Click the Security tab and grant the Everyone group Read permissions.

Update (Apr 11, 2012)There are a few additional Secondary Site settings that I found need to be made especially if you are using a custom port number for your Management Point.  Here we use a custom port number and I ran into an issue with clients not updating correctly.  What I discovered was that the Windows Firewall needed to have a custom rule added to it so that clients could communicate properly.

  1. Launch Server Manager on the Secondary Site server.
  2. Expand Configuration > Windows Firewall with Advanced Security
  3. Right-click on Inbound Rules and select New Rule.
  4. The New Inbound Rule Wizard will launch.  Select Port (Rule that controls connections for a TCP or UDP port)
  5. Select TCP for the protocol and in the Specific local ports: box enter the custom port number for the management point(s) in your environment.
  6. Allow the connection.
  7. Set the rule to apply to Domain, Private and Public (or whatever is relevant in your environment).
  8. Set the name to World Wide Web Services (HTTP Traffic-In) – SCCM or whatever you’d like for it to be.

One other thing that I changed was to add the Default Application Pool account and the application pool for the distribution point (if applicable) to the IIS_IUSRS group.  Since these users cannot be found easily using Select Users, Computers, Service Accounts, or Groups dialog box you have to enter them a certain way.

  • For the DefaultAppPool enter IIS APPPOOL\DefaultAppPool.
  • For the SMS Distribution Points Pool enter IIS APPPOOL\SMS Distribution Points Pool.
  • Be sure to change the Location to the local machine.

Microsoft Update Tuesday…Blah!

I absolutely dread Microsoft Update Tuesday.  I think I dread it the most because I use System Center Configuration Manager (SCCM) to deploy software updates.  Originally, when first deploying SCCM, I’ll admit that I didn’t spend quite enough time thinking through how sustainable the methodology that I configured would be.  Now that I have 3 years worth of updates in SCCM, I decided that some changes need to be made to our methodology because it takes me too long to deploy new updates.  So let’s see what configuration settings I can change to make this process a little easier and less time-consuming for me.

A Little About Our Environment

I have configured our SCCM environment with 1 Primary Site and 11 Secondary Sites which are geographically dispersed throughout the state, Ohio and Massachusetts.  The Primary site has the Software Update Point site system installed.  I utilize Update Lists to keep the updates organized and categorized.  I categorize by update type (i.e. Security, Critical, Updates, Update Rollups, Service Packs, etc.) and year (i.e. 2009, ’10, ’11).  This makes it easy to find specific updates and to later combine them into packages.

In the past I would divide the Deployment Management Advertisements along these lines as well.  This was a terrible idea originally as I soon found out after 1 year of doing things this way that it would continue to take more time in the long run–as more years accumulated. Read the rest of this entry »

The Low-Down

In our environment we have more than a handful of different laptop and desktop models that we deploy to end users.  On top of that, we are in the midst of a “refresh” were we upgrade out of warranty machines to newer models.  We are a Dell shop by the way.

A little while back I finally got our OSD infrastructure up and running and worked out all of the nuances and intricacies of it as it relates to our business practices.   In the interim I settled on utilizing the Microsoft Deployment Toolkit (MDT) and integrating it with System Center Configuration Manager (SCCM) by customizing their pre-built task sequences for installing images.

Unfortunately, this was not a one-size-fits-all approach due to the structure and underlying rules resident in our environment.  For example, some computers are destined for a specific department and based on that certain applications would be installed on the computer.  This (and other such criteria) led me to have to create a separate task sequence for each and every possible deployment scenario.  Needless to say, this was painful and a nightmare to maintain.

So I thought, “wouldn’t it be cool if we could have some sort of wizard that pops-up and you could input all of this information?”  Furthermore, it’d be even cooler if I could have only one task sequence that will work for each and every possible scenario. Read the rest of this entry »

The Scoop

While in training last week we had a power outage on our Northside office.  One of the servers, call it SERVER1, went down as a result of the outage.  Battery backups were indeed in place but the outage lasted long enough to drain them considerably.  After the power outage was over all services came back up on the server except the Windows Deployment Services (WDS) service.  SERVER1 is a System Center Configuration Manager (SCCM) Secondary Site.  Moreover, it’s  PXE Service Point. Read the rest of this entry »