Category Archives: SCCM Current Branch

ConfigMgr Intune enrolled device – send sync request

One of the new features of the recently released 1610 update for ConfigMgr current branch is the ability for an admin to initiate a policy sync from the ConfigMgr console for an Intune enrolled device. Previously this had to be done from the Company Portal on the device.

This can be done by right clicking on the device, in my example an enrolled iPhone, clicking on Remote Device Actions, then Send Sync Request.

intunesyncrequest

ConfigMgr CB 1610 Software updates dashboard

One of the nice new enhancements that came with the recently released 1610 update for ConfigMgr current branch is the Software Updates Dashboard. This dashboard is available in the Monitoring > Overview > Security section in the ConfigMgr console

If you haven’t installed update 1610 yet, here is what the dashboard looks like:

sudashboard01

Update 1610 available for ConfigMgr Current Branch

Update 1610 is available for ConfigMgr Current Branch. The update will be rolled out globally in the next few weeks. You can run a script to enable fast ring to get the update now. ConfigMgr 1610: Enable Early Update Ring

Some of the new features include:

Windows 10 Upgrade Analytics integration allows you to assess and analyze device readiness and compatibility with Windows 10 to allow smoother upgrades.

Office 365 Servicing Dashboard and app deployment to clients features help you to deploy Office 365 apps to clients as well as track Office 365 usage and update deployments.

Software Updates Compliance Dashboard allows you to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk.

Cloud Management Gateway provides a simpler way to manage Configuration Manager clients on the Internet. You can use the ConfigMgr console to deploy the service in Microsoft Azure and configure the supported roles to allow cloud management gateway traffic.

Client Peer Cache is a new built-in solution in Configuration Manager that allows clients to share content with other clients directly from their local cache with monitoring and troubleshooting capabilities.

Enhancements in Software Center including customizable branding in more dialogs, notifications of new software, improvements to the notification experience for high-impact task sequence deployments, and ability for users to request applications and view request history directly in Software Center.

New remote control features including performance optimization for remote control sessions and keyboard translation.

This release also includes new features for customers using Configuration Manager connected with Microsoft Intune. Some of the new feature include:

New configuration item settings and improvements now only show settings that apply to the selected platform. We also added lots of new settings for Android (23), iOS (4), Mac (4), Windows 10 desktop and mobile (37), Windows 10 Team (7), Windows 8.1 (11), and Windows Phone 8.1 (3).

Lookout integration allows to check device’s compliance status based on its compliance with Lookout rules.

Request a sync from the admin console improvement allows you to request a policy sync on an enrolled mobile device from the Configuration Manager console.

Support for paid apps in Windows Store for Business allows you to add and deploy online-licensed paid apps in addition to the free apps in Windows Store for Business.

For more info see What’s new in version 1610 of System Center Configuration Manager

1610

 

GetDPLocations failed with error 0x80072ee2

Recently I was helping an old colleague setting up an SCCM Current Branch 1606 site. When installing the SCCM client via client push, the ccmsetup.log on the client failed with the errors “GetDPLocations failed with error 0x80072ee2” and “Failed to get DP locations as the expected version from MP ‘site.domain.com’. Error 0x80072ee2”

The error 0x80072ee2 translates to “The operation timed out Source: Winhttp”. I checked from the client that I could successfully ping the site server which I could not, which is why it was failing. Doing an nslookup revealed that the site server was resolving to an incorrect IP. The site had some DNS issues. Once updating the DNS the clients could connect to the MP then download the ccmsetup files and install fine.

No response from Windows Deployment Services server

When PXE building a machine with SCCM 1602, the machine did not get a response from WDS. It had the error “No response from Windows Deployment Services server“.

When checking smspxe.log there were no errors and even showed the MAC address of the client communicating with the PXE point/WDS.

After troubleshooting, the easiest fix was to simply restart the Windows Deployment Services service and watch the service start successfully by examing the smspxe.log

Once restarted the client could PXE boot fine.

SCCM (version – 1606) Baseline is available on MSDN/VLSC

SCCM Current Branch version 1606 baseline is now available in MSDN and VLSC. This means for new installs, you can directly install version 1606, without having to install the 1511 version baseline then upgrade to 1606. For in-place upgrades you can upgrade directly to 1606 from SCCM 2012 SP2/SCCM 2012 R2 SP1

More information can be read on here Configuration Manager: a progress update on the current branch and a new servicing branch

This is what it looks like for people with an MSDN subscription:

sccm1606msdn

SCCM Power BI Solution Template preview

A few days ago Microsoft released a public preview of the System Center Configuration Manager Power BI solution template

“Stand up a scalable and extensible System Center Configuration Manager dashboard in a few hours. Information is collected daily so you can see not only how your organization’s computer health looks like today, you can also see how those key metrics change over time. Quickly identify machines not up-to-date with software updates, successful and failed mitigations to malware infections to be able to act quickly.”

More information on this can be found here and you can download the template from here 

Requirements:

  • System Center 2012 Configuration Manager R2 SP1 or later. Read access to System Center Configuration Manager database is required.
  • Destination database: Azure SQL database or SQL Server database (SQL Server 2008 R2 SP3 or later).
  • For the machine where the installation is run, Microsoft .NET Framework 4.5 or later & PowerShell version 3.0 or later.
  • Power BI Desktop (latest version)
  • Power BI Pro (to share the template with your organization)

In this post, I am going to test installing the public preview of SCCM Power BI solution template in my lab which has:

  • ConfigMgr Current Branch 1606 & SQL server 2012 SP3
  • Windows Server 2012 R2  with Microsoft .Net Framework 4.5 installed
  • Azure SQL Database as my target database.

First thing I am going to do is create my target SQL server which will be an Azure SQL database.

Login to https://portal.azure.com

Below, I have clicked on Add, then given my database a name, created a new resource group, chosen a blank database, created a new SQL server, and used “S0 Standard” pricing tier as my ConfigMgr site is a very small lab.

When you create the new SQL Server, take a note of the login and password as you will need this later for the ConfigMgr Power BI Solution template setup.

powerbi2

Once my SQL database deployment has finished, I have gone into the SQL database overview, and copied down my Server Name as it is required for later.

powerbi6

Next up in my lab I have installed Microsoft-SCCMTemplate.exe which I downloaded earlier from here  . Once finished installing, you can configure the solution template. Again the requirements are listed. Click Next.

powerbi4

Enter in your source ConfigMgr database server details and select your ConfigMgr database, then validate and click Next:

powerbi5

Next I will enter my target database which is my Azure SQL database name. I have selected “Using Azure SQL” . Make sure in the Azure portal you enter in your public IP for the SQL Server firewall in your SQL Server settings in https://portal.azure.com otherwise you will get the error below as it cannot connect. Steps to add your IP to the firewall are here.

powerbi7

This is how it should look:

powerbi8

On the Customize page I have left settings as default and clicked Next.

On the Progress page you can download your PBIX file and open it up with Power BI Desktop. You can download PowerBI Desktop from here if you do not have it installed.

powerbi11

Once I have opened my downloaded PBIX file and opened it up in Power BI Desktop, I clicked on Refresh so it can get the latest data. It popped up for me to enter credentials to my Azure SQL database. Make sure you click on Database instead of Windows to enter your credentials, otherwise you will not have permission.

powerbi12

Once it has pulled the latest data, you can view the Overview as shown in the screenshot below, or you can view the other tabs Protection, Malware, Updates Compliance and Software.

powerbi14

Here is an example showing Update Compliance

powerbi15

 

WUAHandler.log – Scan failed with error = 0x80244019

In an SCCM Current Branch 1602 environment with a Server 2008 R2 Software Update Point (have not upgraded to Server 2012 R2 yet), in a different site I had about 120 clients at a specific site that were not successfully scanning for updates.

I usually run the built in report “Last scan states by collection” to make sure the clients are scanning for software updates without issues.

When checking WUAHandler.log on the client I saw the errors

OnSearchComplete – Failed to end search job. Error = 0x80244019.
Scan failed with error = 0x80244019.

0x80244019

If you look up the error 0x80244019 it means “Same as HTTP status 404 – the server cannot find the requested URI (Uniform Resource Identifier).”

One thing to check is that you can actually get to the WSUS server in an Internet browser by going to http://wsusserver.domain.com:8530/SimpleAuthWebService/SimpleAuth.asmx and making sure it is reachable. If it is reachable it should take you to a page saying:

0x802440192

In my issue it was the proxy between the SUP and my client. My client was trying to go through a proxy instead of bypassing it, then it was getting the 404 error from the WSUS.  There is also a good post on the Technet forums where people have had a bypass list which was lowercase, but in SCCM their SUP was in uppercase which caused the exact error. The post can be found here

In my site we are using a WinINET proxy script which sets the proxy for the Internet , and we also set the WinHTTP proxy. Our WinINET proxy had a bypass list for the WSUS server but our WinHTTP proxy did not for this specific site.

From Microsoft: https://support.microsoft.com/en-au/kb/900935

The Automatic Updates service does not have access to the user-specific proxy server settings that may be configured in Internet Explorer. WinHTTP has been employed, instead of WinInet in Internet Explorer, as the Automatic Updates service affects system wide level configuration and should require administrator level control

To view the current WinHTTP proxy and bypass list, load up cmd prompt and run:

netsh winhttp show proxy

To add the bypass list to your WinHTTP proxy, you can either set it manually through command prompt, or through group policy.

netsh winhttp set proxy proxy-server=”proxyserver.com:port” bypass-list=”*.domain.com;<local>”

The example above added a bypass list for a server <servername>.domain.com

Note: After setting the proxy through cmd using netsh winhttp or group policy, you must restart your computer before you do the next Software Update scan

After restarting the computer for the proxy settings to take affect and doing another Software Update evaluation scan on the client, the WUAHandler “Successfully completed scan.” on the clients.

 

 

 

ConfigMgr 1606 – Microsoft Operations Management Suite (OMS) in Azure

With ConfigMgr 1606, you can now connect Configuration Manager collections to the Microsoft Operations Management Suite (OMS) in Azure. The OMS Connector is currently a prerelease feature. As so, this is done in a lab. This blog will go through the steps on how to add the connector in ConfigMgr and the preqreuisite steps to take in Azure.

This blog post assumes you have a running ConfigMgr 1606 environment and a subscription in Azure.

The first step is to configure your ConfigMgr 1606 site to consent to use Pre-Release features.Make sure you read the disclaimer.

OMS1

After this is done, we will turn on the “Pre-release  Microsoft Operations Management Suite (OMS) Connector”

OMS2.jpg

Click Yes to the dialogue box (make sure to read the disclaimer)

OMS3

Log in to the Azure Classic portal https://manage.windowsazure.com an go into your Azure AD, select Applications. Click on Add down the bottom.

OMS4

Enter in the name you would like to use and select web application and/or web API and click next.

OMS5

Enter in sign on URL and APP ID URI. I added in my ConfigMgr server name (http://configmgr.domain.com) for both.

OMS6

Next we will log into the Azure Resource Manager https://portal.azure.com and create our OMS Workspace. Click on Browse then go to “Log Analytics (OMS)” then click on Add

OMS7

Once this is created, we will go back in the Azure Classic Portal and go into our Azure AD then Application we created earlier to make a note of our Client ID and generate a key.

OMS8OMS9

Next we will create our connection to OMS back in the ConfigMgr console:

OMS10

This is the part that Technet did not tell us. The part with the red box around it is misleading. We actually need to give our application we created earlier access to our Resource Group in the Azure Resource Manager Portal (portal.azure.com). This is probably because Operation Insights was moved from Azure Classic Portal to Azure Resource Manager. Without doing this, I will show you what happens:

OMS11

I will type in my tenant name and Client ID and secret key from before, click Verify, then click Next.

OMS12

ConfigMgr is unable to pull any information about the subscription or Resource Group or the OMS Workspace

OMS13

To fix this, we need to log back into https://portal.azure.com and go into our Resource Group with our OMS workspace and give our Application we created earlier access.

OMS14

Go to Settings, then click Users

OMS15

Click on Add, and type in the name of the Application you created in the classic portal https://manage.windowsazure.com I gave mine Contributor role for testing.

OMS16

Now if we go back and try and add the Operations Management Suite Connection again, you will see that ConfigMgr can pull the information from our Resource Group and OMS Workspace.

OMS17

There we go. This looks better! It pulled the information now that it has access.

OMS18

OMS19OMS20

You can view the OMS Connector here. You can also right click on it and go to properties to view the properties and add collections.

OMS21

Once the connector is set up, it should install the Microsoft Monitoring Agent.

OMS29.jpg

Next we will log into the Azure Resource Manager portal https://portal.azure.com and enable the ConfigMgr collections. Once you’re in the Azure portal, go to Log Analytics (OMS) then click on OMS Portal

OMS22

Once in the OMS Portal, go to Settings

OMS23

Go to the COMPUTER GROUPS tab, and click on SCCM, then click “Import Configuration Manager collection memberships” and save.

OMS26

After it updates you should see the collections (I added some more)

OMS27

You can click on the links to view more information

OMS28

 

SCCM 1606 – Support for cache size in Client Settings

One of the nice new features in ConfigMgr 1606 is the ability to set the client cache in the Client Settings. Previously in other version of ConfigMgr, you could set the size when installing the ConfigMgr client, or use a VBS/PowerShell script, or change it in the Configuration Manager Client Properties in Control Panel. You can see those scripts here.

Now in Update 1606 for ConfigMgr Current Branch, in \Administration\Overview\Client Settings you can see the new “Client Cache Settings” section.

clientcache