Deploying the SCCM 2012 Client to WES 7 devices that are locked down with the FBWF using 2007 task sequence via WEDM.

I'm wondering how people are migrating their embedded devices that are using the FBWF. I've done some googling and it seems like most people are just re-imaging the devices and after migrating a single device i see why. Its not a pretty process. This will
be a long description but ultimately my question stems more from trying to find a better way to execute the device migration from 2007 to 2012.
Some back ground on my situation might be in order here. I'm in the process of wrapping up our 2007 to 2012 migration. We have a 2007 infrastructure that was a central server with 2 primaries and 286 secondary site servers. I've consolidated that to a single
2012 primary site server that hosts all the main roles. There are 2 more servers in the data centers both operating solely as push distribution points I'll refer to them as 2012 01 02 and 03. I'm over half way through the migration and so far haven't needed
to offload any site roles. There are almost 10,000 clients now reporting to the 2012 site server and almost a 100 field servers pulling content from 2012 02 as their source dp as pull dp is the only way forward for this many devices. I've read the horror stories
of trying spin up 200 plus push dps. We are running PKI. I'm at the point now where i need to start migrating the Windows Embedded Seven Standard clients that have the 2007 sccm client on them with WEDM for write filter handling.
What i'm wondering is if anyone has any pointers for me regarding migrating the WES 7 devices. My plan that i've come up with is to somehow script the process using a 2007 WEDM Task Sequence to try and migrate them over to 2012. Things are complicated as
I need to somehow script the install, the policy checkin, hardware inventory, software inventory, and validate the SCEP client installs before I reboot the device one last time to enable the FBWF. How I handled the SCCM 2007 client install on these devices
when they were provisioned was to just create a batch file that would sleep for ten minutes then check to see if the inventoryagent.log file had been created yet. I realize now that is inefficient as i can kick off the inventory using a WMI method once the
client has installed. Also I need to make sure the machine gets its first policy as that is how it creates the communication using PKI through that first policy transfer and that also finalizes the client install. The biggest piece i'm uncertain about in this
regard is the SCEP client.
I had to change the SCEP client install from yes to no in the default client settings as we have some Mcaffee servers that can't have the SCEP client on them. I have incremental updates enabled on the collection that has the policy that installs the SCEP
client but this will take an unknown amount of time unless i force the environment to update as the device starts in 2012 install, or if I could kick off the SCEP isntall... IDK. I'm also wondering if i should keep the device in the migration process until
i validate it has its proper scep policy applied which I believe can be validated by a registry key somewhere.
Once the 2012 client gets installed will that cause it to lose its place within the 2007 Task Sequence? Considering its going to take a minimum of 2 reboots I'd normally use the task sequence to handle its progression through the process.
I'm also considering trying to use an Orchestrator runbook, as that would be a good way to keep track of the migration process as each device migrates. Especially since this might take several seperate scripts.
I'm going to take a stab at scripting the migration process, but if anyone has any pointers that might make this a less complicated I'd really appreciate it as I've got about 3000 of these devices that need to be migrated over. The other things i've learned
the hard way is any time you have something this complicated over the course of 3000 devices you will run into unknowns and the failure rate increases. I'm in the precarious position of having to not only build this process out but in some situations have
it complete in the shortest amount of time possible as we have sites running 24x7. I know the end users behavior all to well and they will just keep hitting the power button sometimes even though their not supposed to so they can get their device functional
again. In those situations i'd end up, if i'm lucky with a device that no longer has a healthy SCCM client in either environment and the write filter disabled.
So like i said any pointers anyone could throw my way i'd really appreciate. I manually went through the migration process on a single device for proof of concept and ended up with almost 2 pages of pseudo code for my migration script/scripts.
Thanks,
-K.R.

Hi,
In R2 there are some new variables you can use to solve this,
http://ccmexec.com/2014/12/smstsmplistrequesttimeout-value-in-milliseconds/
In Sp1 though adding a step to sleep for 2-5 minuter after reboot and before the application install step is a common workaround.. a powershell command with "Start-Sleep
-s 120" should do it. 
/Jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec

Similar Messages

  • Whats the best method to deploy sccm 2012 client

    Hello what is the best method to deploy SCCM 2012 client, is there a script that should be used as sometimes the client push fails. In particular pushing the client to server 03 /08/12 types.
    Thankyou
    SCCM Deployment Technician

    Ultimately, the best method is whatever works for you. Every environment is different and has unique constraints and requirements. You first need to learn out each of the methods and what they do to be able to properly evaluate which will work best for you.
    Kind of like mining for gold, who cares how you got it out of the ground, once you get it out, you're rich :-) But if you rely on someone else telling you what the best way was for their mine, you may not be doing it the best way for your mine thus you need
    to geological surveys, exploration, trial and error, etc. In other words, you need to do some real grunt work.
    Often, using multiple methods is best though because each has its pros and cons (yes, even my startup script -- thanks for the cheerleading Michael and Tim). But as mentioned, it all comes down to you learning about your environment and the different
    methods available to make the best choice. If there was only one "best" way to do it, there wouldn't be multiple available and none of us would really be needed.
    Jason | http://blog.configmgrftw.com

  • Deploying SCCM 2012 Client over DirectAccess

    I have not been able to successfully deploy the SCCM 2012 client to any DirectAccess clients when they are not connected to the internal network.  I have migrated my collections from SCCM 2007 and all machines connected internally had no issues.  I
    have added the new SCCM server to the Infrastructure Servers configuration on the UAG and applied the Group Policy.  In the CCM logs, I am seeing "the device %computername% does not exist on the network" although I can ping them.  The client push
    account is a local admin on the machines so I am at a loss as to why they can't connect.  Could it be boundary related?
    Rich

    Here is a snippet from the ccm logs:
    ---> The device computername.xxx.local does not exist on the network. Giving up~  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.927+300><thread=4568 (0x11D8)>
    ---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0)~  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.927+300><thread=4568 (0x11D8)>
    ---> Attempting to connect to administrative share '\\computername\admin$' using account 'xxx\sccm_push'~  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.927+300><thread=4568 (0x11D8)>
    ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account xxx\sccm_push (00000035)  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.942+300><thread=4568 (0x11D8)>
    ---> The device "computername" does not exist on the network. Giving up~  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.942+300><thread=4568 (0x11D8)>
    ---> ERROR: Unable to access target machine for request: "2097152018", machine name: "computername",  access denied or invalid network path.  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.942+300><thread=4568 (0x11D8)>
    Execute query exec [sp_CP_SetLastErrorCode] 2097152018, 53~  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.958+300><thread=4568 (0x11D8)>
    Stored request "2097152018", machine name "computername", in queue "Retry".  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.958+300><thread=4568 (0x11D8)>
    Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152018, 2~  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.958+300><thread=4568 (0x11D8)>
    Execute query exec [sp_CP_SetLatest] 2097152018, N'08/14/2012 10:47:23', 198~  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.973+300><thread=4568 (0x11D8)>
    <======End request: "2097152018", machine name: "computername".  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:23.973+300><thread=4568 (0x11D8)>
    ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account xxx\sccm_push (00000035)  $$<SMS_CLIENT_CONFIG_MANAGER><08-14-2012 05:47:25.989+300><thread=4688 (0x1250)>

  • SCCM 2012 client in capture but deploy has default step "Setup Windows and ConfigMgr"

    Hi,
    We have our SCCM 2012 client in the capture but the deploy has a single step "Setup Windows and ConfigMgr" in which there is no option to NOT install the sccm 2012 client.
    So what happens then, the client is installed a second time?
    Please advise.
    J.
    Jan Hoedt

    Hello !
    This is a mandatory step in order to configure Windows for a first use. In your case, the SCCM client will just be serialized, it's not a problem. The SCCM client has generally been prepared during the design capture.
    Hope this helps.
    Note: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights. Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and
    recognises useful contributions.

  • OSD: TS deployed to Vista SCCM 2012 client, reboots then doesn't find network drivers

    Hi,
    We deploy SCCM 2012 client to a SCCM 2007 Vista pc.
    We then deploy a task sequence to install Windows 7.
    Everything works fine on a vm, it reboots in winpe then starts the task sequence. On a laptop however, it does not work. F8 shows it does not get an ip address, it seems as if no network adaptor is recognized.
    However, the same task sequence works fine on the same laptop when pxe booting + I added the driver to winpe. Didn’t help. Please advise.
    J.
    Jan Hoedt

    I think I know what the root cause is, but not how to solve it.
    In diskpart, I can see 3 volumes:
    *Volume 0 = D-drive, DVD-rom,
    *Volume 1 = no drive letter, partition of 400 GB
    *Volume 2 = C-drive, label "Configuratio", type "removable" 4 GB
    It should install to the 400 GB drive but it seems that its installing to the removable drive.
    Not sure what that is since there is no USB attached. Probably it is the winpe temporarely mounted(?)
    The behaviour I have is described
    here and is also referring to USB.
    => I guess I have to tell the temporarely mounted drive to be f.e. Z when installing in full OS.
    Any idea howto do this?
    J.
    Jan Hoedt

  • How can I remove the SCCM 2012 client and reinstall SCCM 2007 client on all of our computers

    Hello All
    We have  bit of a problem. Our virtual SCCM 2012 r2 server was deleted and the back solution we had in place keeps failing.
    We do have our sccm 2007 server still in place but its only role was imaging as we transferred roles from one to another.
    My question is now our support needs to remote into pcs but cant because the CM12 server is gone. How can I remove the 2012 client from all of our companies computers and reinstall the CM07 client so we can remote into computers again.
    Thanks in advance!
    Phil
    Phil Balderos

    Run a ccmsetup /uninstall on the clients. You may need to run via PSExec. Then push out the SCCM 2007 client via the 2k7 console.
    Cheers
    Paul | sccmentor.wordpress.com
    Thanks Paul!
    I have to do this on over 350 computers and 110 servers. How can I do it on a more massive scale?
    Phil Balderos
    I would check Torsten's approach first and see if the ccmsetup will uninstall the 2012 version. I'm not sure. Obviously the other way round is fine.
    Using PSexec you can script this to call up a txt file of all your servers/computers and run the uninstall.
    e.g. 
    for /f "tokens=*" %a in (computers.txt) do psexec \\%a %WINDIR%\ccmsetup\ccmsetup.exe /uninstall 
    If your account has privileges on all devices you won't need to add in any username/password credentials. Obviously only devices that are switched on and you have access to will run this.
    Cheers
    Paul | sccmentor.wordpress.com

  • SCCM 2012 R2: does the sccm server itself need a sccm 2012 client?

    Hi,
    The question is simple. Reason, I update my SCCM 2012 R2 forefront clients via automatic update rule. The server itself has also the forefront/SCEP client but no sccm client.
    So I wonder if in general it 's a good idea to install the sccm 2012 client to the SCCM server itself.
    J.
    Jan Hoedt

    Hi,
    There is no document about installing the SCCM 2012 client to the SCCM server itself.
    It's depends on whether you want to monitor the SCCM server.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • SCCM 2012 Client was removed but SCCM console still showing the status as "Yes"

    Hi,
    In a VM, SCCM 2012 client agent was removed and the VM was reverted back to a clean machine. SCCM console still shows the status as "Yes" even after the client agent was removed. Heartbeat Discovery is set to run every 1 hour.
    Please guide on this.
    Regards, Lorin Davis

    It's kind like a person dying (sorry to be a bit morbid) -- how does the phone company know the person died? The dead person certainly can't tell them and the phone company doesn't query every person it services and ask them "are you alive?"
    Thus, someone else must notify them of the person's passing. This is no different than a client agent "dying" in ConfigMgr. A ConfigMgr site never initiates communication with clients and thus something else needs to tell the site that the client
    agent is dead. You! Or, an automated process (as Torsten mentioned) that goes through automatically marks a client as "dead" that hasn't been heard from in x number of days.
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • SCCM 2012 client installation

    Hi all,
    I am trying to deploy SCCM 2012 client to my office computers using client push installation wizard, however when I random check the log file on client computers, the wizard did not start at all. Anyone know why this happen?
    Anyway I can trigger the installation wizard for the clients?
    Regards,
    Chungb

    Hi Chungb,
    Please install the FSP Role and mention the same.
    Also are you able to access the SCCM Server share from the client machines ? Can you confirm that as well
    Gautam.75801

  • SCCM 2012 client push occurs from site server or from distribution point?

    I would like to set up client push in SCCM 2012 and I have a remote site with about 80 workstations that I would like to deploy the clients to using client push, but this remote site is VERY slow, as in less than 3Mbps slow. There is a remote DP located
    at this site and I wanted to know if the remote workstations will be hammering my Site Server across the WAN (or MP I guess since the MP role is i installed on the Site Server) to request the client installation, or do the clients just request the client from
    the Site Server or MP and then the client downloads to the remote DP and then the workstations install the SCCM 2012 client from the local DP at the remote site?
    I just do NOT want the WAN link to become overwhelmed with workstation requests to install the client and have the Site Server have to respond to each and every workstation and download the SCCM 2012 client to each system over this slow WAN link. 
    How does the client push process actually work?
    Thank you

    The initial files will come from the primary site server. The rest (the biggest part) will come of the distribution point. See for a good read (even though it's more about secondary sites), this post of Jason:
    http://blog.configmgrftw.com/secondary-sites-and-boundary-groups/
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • DPM 2012 R2 long backup to tape job randomly fail after installing SCCM 2012 Client

    Hello,
    I'm managing a two nodes 2012 R2 file server cluster that contains a 16To CSV. I'm using DPM 2012 R2 to backup this entire shared volume directly to LTO 4 tapes, the job last about 55h.
    Since SCCM 2012 client has been installed(I don't manage it), the tape jobs are failing ramdomly after several hours with the error:
    Type: Tape backup
    Status: Failed
    Description: The DPM service was unable to communicate with the protection agent on serverX.xxxx.xxx . (ID 52 Details: The semaphore timeout period has expired (0x80070079))
     More information
    End time: 19/07/2014 03:11:06
    Start time: 18/07/2014 22:00:00
    Time elapsed: 05:11:05
    Data transferred: 768 289,56 MB
    Cluster node serverX.xxxx.xxx
    Source details: G:\
    Protection group members: 1
     Details
    Protection group: File Server Tape Protection
    Library: Quantum PX500 Series Medium Changer
    Tape Label (Barcode): File Server Tape Protection-00000230 (000043L4)
    If I uninstall SCCM 2012 client, no more issue, backups succeed. I've asked our SCCM team, no specific task has been scheduled or deployed in SCCM.
    I can't see anything abnormal in logs.
    Any idea?

    I have disabled "Configuration Manager Maintenance" and I have also tried to set the registry value HKLM\Software\Microsoft\CCM\CcmEval\NotifyOnly to TRUE and still the same issue.
    I can't find any correlated errors in the Windows event logs, task scheduler history neither in the DPM logs.
    I've increased the log level of DPM by following the following procedure
    http://blogs.msdn.com/b/george_bethanis/archive/2013/11/04/how-to-collect-dpm-verbose-logs.aspx
    Now i'm suspecting the maintenance job of Windows 2012 R2, i'll try to disabled this task. But the fact is that I don't have this backup issue if SCCM 2012 client is not installed.
    I'm waiting for next logs and will keep you informed

  • Tracing SCCM 2012 Client settings.

    Hi,
    I am trying to get a better understanding of the internals of SCCM 2012 client settings. In particular I would like to find out how to trace them through the client logs so I can trace them through and via the policy spy. I have looked through the policy logs
    and I can not see how to distinguish them. Can somebody tell me how I tell me how they are represented and what I should look for. So the idea being I can create a custom policy and trace it through.
    Thanks Ward

    I hope, you're not here for understanding which will the resultant client settings (when you've multiple client setting deployed) applied on a particular machine/device. If this is  your question then you can see this via collection-devices and select Resultant
    Client Settings. More details http://technet.microsoft.com/en-in/library/gg682109.aspx
    If you wanted to know more about how you can analyse the policies using policy spy or client spy. Here are some tips via following link.
    http://anoopcnair.com/2012/06/28/sccm-configmgr-2012-how-to-use-policy-spy-policyspy-exe/
    http://anoopcnair.com/2012/06/27/configmgr-sccm-2012-how-to-use-client-spy-clispy-exe/
    Anoop C Nair (My Blog www.AnoopCNair.com)
    - Twitter @anoopmannur -
    FaceBook Forum For SCCM

  • SCCM 2012 Client delpoyment in SCCM 2007 Native world

    Hi Team,
    In my account I have SCCM 2007 running in Native mode.... we do not support internet based clients there..but work on HTTPS only. Now I have implemented SCCM 2012 R2 there and now testing the client migration so that I can upgrade the SCCM client agent from
    2007 to 2012. In SCCM 2012 we have to support internet based clients and so the SCCM 2012 client which we need to install should be compatible on internet and intranet both
    The plan is to use the existing SCCM 2007 infra to do that. Send the ccmsetup.exe ( of SCCM 2012 ) in a package to all the clients via SCCM 2007 Software Distribution and trigger SCCM 2012 installation.
    Just to do a small test I did this :
    1. Created a folder in C drive of a client machine and copied the ccmsetup.exe ( of SCCM 2012 ) in it.
    2. Tried to trigger the installation with below mentioned commandlines..... but getting error as mentioned below.... Please help.
    Command line used : 
    Here ABCD.contoso.org is the intranet MP and PQRS.dmzone.org is internet MP
    CCMSetup.exe /UsePKICert /NoCRLCheck smsmp=ABCD.contoso.org ccmhostname=PQRS.dmzone.org smssitecode=ABC
    CCMSetup.exe /UsePKICert /NoCRLCheck smsmp=ABCD.contoso.org smssitecode=ABC
    CCMSetup.exe smsmp=ABCD.contoso.org smssitecode=ABC
    Error in ccmsetup.log
    <![LOG[==========[ ccmsetup started in process 3068 ]==========]LOG]!><time="12:49:12.547+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="ccmsetup.cpp:9441">
    <![LOG[Running on platform X64]LOG]!><time="12:49:12.548+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="util.cpp:1892">
    <![LOG[Updated security on object C:\Windows\ccmsetup\cache\.]LOG]!><time="12:49:12.548+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="5076" file="ccmsetup.cpp:9285">
    <![LOG[Launch from folder C:\Windows\ccmsetup\]LOG]!><time="12:49:12.548+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="ccmsetup.cpp:721">
    <![LOG[CcmSetup version: 5.0.7958.1401]LOG]!><time="12:49:12.549+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="ccmsetup.cpp:727">
    <![LOG[Successfully started the ccmsetup service]LOG]!><time="12:49:12.550+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="4744" file="ccmsetup.cpp:3271">
    <![LOG[Deleted file C:\Windows\ccmsetup\ccmsetup.exe.download]LOG]!><time="12:49:12.551+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="4744" file="ccmsetup.cpp:9497">
    <![LOG[In ServiceMain]LOG]!><time="12:49:12.552+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmsetup.cpp:3365">
    <![LOG[Folder 'MicABCoft\Configuration Manager' not found. Task does not exist.]LOG]!><time="12:49:12.556+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="4744"
    file="wintask.cpp:622">
    <![LOG[CcmSetup is exiting with return code 0]LOG]!><time="12:49:12.556+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="4744" file="ccmsetup.cpp:10879">
    <![LOG[Running on 'MicABCoft Windows 7 Enterprise ' (6.1.7601). Service Pack (1.0). SuiteMask = 272. Product Type = 18]LOG]!><time="12:49:12.618+300" date="11-11-2014" component="ccmsetup" context="" type="1"
    thread="3284" file="util.cpp:1974">
    <![LOG[Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice "/UsePKICert" "/NoCRLCheck" "smssitecode=ABC"]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup"
    context="" type="1" thread="3284" file="ccmsetup.cpp:3590">
    <![LOG[Command line parameters for ccmsetup have been specified.  No registry lookup for command line parameters is required.]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context=""
    type="1" thread="3284" file="ccmsetup.cpp:3775">
    <![LOG[Command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice "/UsePKICert" "/NoCRLCheck" "smssitecode=ABC"]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup"
    context="" type="1" thread="3284" file="ccmsetup.cpp:3776">
    <![LOG[SslState value: 448]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmsetup.cpp:4425">
    <![LOG[CCMHTTPPORT:    80]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8621">
    <![LOG[CCMHTTPSPORT:    443]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8636">
    <![LOG[CCMHTTPSSTATE:    448]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8654">
    <![LOG[CCMHTTPSCERTNAME:    ]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8672">
    <![LOG[FSP:    ]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8724">
    <![LOG[CCMFIRSTCERT:    1]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8782">
    <![LOG[HTTPS is enforced for Client. The current state is 31.]LOG]!><time="12:49:12.621+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmutillib.cpp:403">
    <![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="12:49:12.623+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmcert.cpp:4393">
    <![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmcert.cpp:4550">
    <![LOG[Begin to select client certificate]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmcert.cpp:4706">
    <![LOG[The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context=""
    type="0" thread="3284" file="ccmcert.cpp:4742">
    <![LOG[1 certificate(s) found in the 'MY' certificate store.]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmcert.cpp:4770">
    <![LOG[Only one certificate present in the certificate store.]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmcert.cpp:4774">
    <![LOG[Begin validation of Certificate [Thumbprint 50051EB74624621341900739D65706D8089A0941] issued to 'D-LJACKNVM7X64.ABClan.org']LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context=""
    type="1" thread="3284" file="ccmcert.cpp:1662">
    <![LOG[Failed to get certificate key provider information. Error 0x80092004]LOG]!><time="12:49:12.626+300" date="11-11-2014" component="ccmsetup" context="" type="3" thread="3284" file="ccmcert.cpp:1199">
    <![LOG[The Certificate [Thumbprint 50051EB74624621341900739D65706D8089A0941] issued to 'D-LJACKNVM7X64.ABClan.org' has 'Client Authentication' capability.]LOG]!><time="12:49:12.633+300" date="11-11-2014" component="ccmsetup"
    context="" type="0" thread="3284" file="ccmcert.cpp:582">
    <![LOG[Completed validation of Certificate [Thumbprint 50051EB74624621341900739D65706D8089A0941] issued to 'D-LJACKNVM7X64.ABClan.org']LOG]!><time="12:49:12.633+300" date="11-11-2014" component="ccmsetup" context=""
    type="1" thread="3284" file="ccmcert.cpp:1803">
    <![LOG[>>> Client selected the PKI Certificate [Thumbprint 50051EB74624621341900739D65706D8089A0941] issued to 'D-LJACKNVM7X64.ABClan.org']LOG]!><time="12:49:12.633+300" date="11-11-2014" component="ccmsetup"
    context="" type="1" thread="3284" file="ccmcert.cpp:4850">
    <![LOG[Raising event:
    instance of CCM_ServiceHost_CertRetrieval_Status
    ClientID = "GUID:A5879665-7A1B-4529-827E-52FA34ABD384";
    DateTime = "20141111174912.640000+000";
    HRESULT = "0x00000000";
    ProcessID = 3068;
    ThreadID = 3284;
    ]LOG]!><time="12:49:12.640+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="event.cpp:715">
    <![LOG[Failed to submit event to the Status Agent. Attempting to create pending event.]LOG]!><time="12:49:12.643+300" date="11-11-2014" component="ccmsetup" context="" type="2" thread="3284"
    file="event.cpp:737">
    <![LOG[Raising pending event:
    instance of CCM_ServiceHost_CertRetrieval_Status
    ClientID = "GUID:A5879665-7A1B-4529-827E-52FA34ABD384";
    DateTime = "20141111174912.640000+000";
    HRESULT = "0x00000000";
    ProcessID = 3068;
    ThreadID = 3284;
    ]LOG]!><time="12:49:12.643+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="event.cpp:770">
    <![LOG[Successfully submitted pending event to WMI.]LOG]!><time="12:49:12.648+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="event.cpp:813">
    <![LOG[CCMCERTID:    MY;50051EB74624621341900739D65706D8089A0941]LOG]!><time="12:49:12.649+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmsetup.cpp:8803">
    <![LOG[No MP or source location has been explicitly specified.  Trying to discover a valid content location...]LOG]!><time="12:49:12.649+300" date="11-11-2014" component="ccmsetup" context="" type="1"
    thread="3284" file="ccmsetup.cpp:4729">
    <![LOG[Looking for MPs from AD...]LOG]!><time="12:49:12.649+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:4737">
    <![LOG[Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=ABC))']LOG]!><time="12:49:13.226+300" date="11-11-2014" component="ccmsetup" context="" type="0"
    thread="3284" file="lsad.cpp:657">
    <![LOG[OperationalXml '<ClientOperationalSettings><Version>5.00.7958.1000</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>448</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers></CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202F0308201D8A003020102021012B6F63E56359BB9493496A444140A76300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3134303931383135313330355A180F32313134303832363135313330355A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100D2F099DE475F5360729CBD0CEB1F9DC291383C9787E19DEA9CBE8988799E60CA26CB3FEBF2E4115FE6D8A6B42E063E72B2B035BEFA0BA9D8FB9E892366699A25FB9F10956770DAC5DD650CBAFB1BC46DACE2F2A777C42D269366361B6207318D5ED52D32078EA0D59CDBE13892B1A7BD7E21CD748B6BF636D9901610BE6D8D363646651ACB10440EE31F9F36FA48227631D9989E8349B888C3C4959E79AC0C4B579F10F41D30285B478FCED289AA23066D407D73AF73408D7609442EC7AC32F96EABB176E42159BEFDF6537864FEFC9F8491DA7C6BB9BCB99C5FF7E31ADC294FFD49088899C1698F44FE9F1C18046AF8255A521C6910AC113845997960ECA8070203010001A3383036301E0603551D11041730158213524F534E543232312E6574736C616E2E6F726730140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B050003820101002061E3AC32E4EAF2BEA7CF3004372C1FA61B5114B3CB838FA92A2037D1A26FB2926F2D3FB000B1249099E513BBD76DCB01D74BD6A273CCEAE84CD87F77D8BBB256F4FA58030B8DADC3F6C8B84967D8F7DFA81FE2C57426AB918CC61E42D5838C4A40D84F39E1B3288415609F2C3B0E52988EAB6E155A68725828B09D7475D9ED764DFD976F1D40CCEFAAD5E0F3B21E4DE7EA0BFEF617D4C8459C8E37B49EFBCF0C3921B2FD74BFDBEFFEF1B0CB1A1C85C5F3A16AE974DF3AB0E28EED844C43AB0E3F564C82FCD986CC429057702680B3869765A2A5128EC1EC378F90A9E4BA27572E64F500E645CFA5CBC300EAC980D68E6B96A1E1C7D95B2041CC807F7C74FF</SiteSigningCert></SecurityConfiguration><RootSiteCode>ABC</RootSiteCode><CCM>
    <CommandLine>SMSSITECODE=ABC</CommandLine> </CCM><FSP> <FSPServer></FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSLState" Value="0" /></Capabilities><Domain
    Value="ABClan.org" /><Forest Value="ABCroot.org" /></ClientOperationalSettings>']LOG]!><time="12:49:13.378+300" date="11-11-2014" component="ccmsetup" context="" type="0"
    thread="3284" file="lsadcache.cpp:236">
    <![LOG[The MP name retrieved is 'ABCD.contoso.org' with version '7958' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>']LOG]!><time="12:49:13.381+300"
    date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsadcache.cpp:334">
    <![LOG[MP 'ABCD.contoso.org' is not compatible]LOG]!><time="12:49:13.382+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsadcache.cpp:345">
    <![LOG[Retrieved 0 MP records from AD for site 'ABC']LOG]!><time="12:49:13.382+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="lsadcache.cpp:287">
    <![LOG[FromAD: command line = SMSSITECODE=ABC]LOG]!><time="12:49:13.383+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmsetup.cpp:288">
    <![LOG[Local Machine is joined to an AD domain]LOG]!><time="12:49:13.383+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="lsad.cpp:715">
    <![LOG[Current AD forest name is ABCroot.org, domain name is ABClan.org]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsad.cpp:843">
    <![LOG[Domain joined client is in Intranet]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsad.cpp:1048">
    <![LOG[CMPInfoFromADCache requests are throttled for 01:07:08]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="lsadcache.cpp:173">
    <![LOG[No valid source or MP locations could be identified to download content from. Ccmsetup.exe cannot continue.]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="3"
    thread="3284" file="ccmsetup.cpp:4806">
    <![LOG[Failed to parse '"C:\Windows\ccmsetup\ccmsetup.exe" /runservice "/UsePKICert" "/NoCRLCheck" "smssitecode=ABC"' with error 0x80004005]LOG]!><time="12:49:13.386+300" date="11-11-2014"
    component="ccmsetup" context="" type="3" thread="3284" file="ccmsetup.cpp:4611">
    <![LOG[A Fallback Status Point has not been specified.  Message with STATEID='100' will not be sent.]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="1"
    thread="3284" file="ccmsetup.cpp:9767">
    <![LOG[A Fallback Status Point has not been specified.  Message with STATEID='307' will not be sent.]LOG]!><time="12:49:13.387+300" date="11-11-2014" component="ccmsetup" context="" type="1"
    thread="3284" file="ccmsetup.cpp:9767">
    <![LOG[CcmSetup failed with error code 0x80004005]LOG]!><time="12:49:13.388+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="ccmsetup.cpp:10883">

    Hi Jason,
    Thanks for your reply..... I tried with /mp switch.... but same error.... if you look at the logs it says 
    <![LOG[MP 'ABCD.contoso.org' is not compatible]LOG]!><time="12:49:13.382+300"
    date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsadcache.cpp:345">
    <![LOG[Retrieved 0 MP records from AD for site 'ABC']LOG]!>
    Not sure why it is saying " not compatible " ... its a valid MP..... from the same client machine below links are working fine..
    http://ABCD.contoso.org/sms_mp/.sms_aut?mpcert
    http://ABCD.contoso.org/sms_mp/.sms_aut?mplist
    Thanks,
    Sam

  • How to enable SCCM 2012 clients to get Windows Updates through SSL VPN

    I would like my SCCM 2012 client laptops to get Windows Updates through SSL VPN.
    I suppose I need to add VPN Subnet in my boundary and boundary group.
    What other setting I need to enable?
    At this moment, on the 'Software Update Point Component Properties' "Allow intranet-only client connections" radio button is active. Do I neeed to select "Allow both intranet and internet client connections" and Enable SSL communications
    for the WSUS server?
    or are there something else I need to check?

    No, a VPN client is no different than a client connected internally as far as the network is concerned and as far as ConfigMgr is concerned there is no way to explicitly know any different. Internet clients literally are those that connect via the Internet
    using IBCM.
    Jason | http://blog.configmgrftw.com

  • Send SCCM 2012 client or re-send client to individual computer

    We have a tech tools web portal and I need to add an item so techs can send the SCCM 2012 client to a machine. This will be used if they have to reinstall the client for some reason.
    I had planned to use PowerShell and created the script only to find out that it requires too great a permissions role to connect to the SCCM drive so the cmdlets can be used.
    I then thought I could just create a .CCR for a computer. But, the format for SCCM 2007 does not work for SCCM 2012.
    Reasons we are approaching this in this manner are:
    1) We want to install using the CURRENT client files. And, we don't want to copy those off to some other location and need to remember to update them when we update SCCM 2012.
    2) We want the retry capability that comes with using .CCRs.
    3) We want the "smartness" of the client install we have found. We have a distributed operation and doing the client install by an SCCM admin from the PowerShell script or via the right-click in the console allows SCCM to find the closest DP and
    use client install files from a local source when available.
    4) We have a LOT of desktop techs that we do not want having access to the SCCM console. There is just too high a learning curve. We want a simple tool.
    One other thing to mention ... we cannot use the Generate CCR tool because we are not turning on client push (lots of valid reasons for this and some the SCCM admins don't think are valid, but the decision has been made for us :) )
    Anyone have thoughts on how to have a simple tool to send the client install via script or .CCR?
    Thanks in advance!

    You can't turn client push off -- you can turn *auto*-client push off though. The Generate CCR tool does not depend upon *auto*-client push though so there's no reason you can't use it.
    Here's a blog post on the changes in the CCR process:
    http://blogs.technet.com/b/neilp/archive/2012/07/03/client-push-installation-changes-in-configuration-manager-2012-and-how-to-take-advantage-of-these-for-troubleshooting-purposes.aspx
    Jason | http://blog.configmgrftw.com

Maybe you are looking for

  • Sorting by date in table?

    I am new to using Spry Data Tables and I am having some problems. I need to sort a table by a few different feilds. All of them are working except for the date column. It will sort if I change the type to "script" but it does not sort in the right or

  • Can you charge an ipad with an iphone charger

    can you charge an ipad with an iphone charger?

  • How to import Ms Access database in Oracle 11g

    how to import Ms Access database in Oracle 11g

  • Tree based on Record Group

    Hi guys i have a tree that i populate using FTREE.Set_Tree_Property(tree_item, FTREE.RECORD_GROUP, rg_Tree_Id);     The problem is that my query is fine but the parent child relationships are not working. The help on forms is terrible for trees and i

  • I can't burn cds and it just spits the cds out?

    I've tried burning playlists with itunes. I have the latest itunes update, so that's not the problem. I have a macbook that is from 2007. Here's what happens: I choose a playlist, file, burn playlist to disc, it asks me to insert a blank disc, i put