Disable RDP to all Client Computers

Similar Messages

• Windows Server 2012 Essentials (not R2) - all client computers offline

  The server is Windows Server 2012 Essentials (not R2). I have had this problem ever since I first installed the Windows Server 2012 Essentials server in the summer of 2013 (before R2 was released). The Windows Server 2012 Essentials server shows offline
  for all Devices under Dashboard. (Allow me to add that I just installed another site with Windows Server 2012 Essentials R2, and it was a breeze - all of the computers at the second install site are online.) I have one Windows 8.1 Pro client and the rest
  are Windows 7 Pro clients. The problem occurs on ALL client computers.
  I have removed computers from Devices in Dashboard on the server, rebooted the server, changed the client computer to a workgroup, rebooted the client computer, and reinstalled the connector software on the client computer. Same result. I
  have tried this on a Windows 7 Pro client and a Windows 8.1 Pro client with the same results.
  After running the connector on a client computer and waiting for the server to update its Devices status, if I look under Devices on the server Dashboard, the Windows 8.1 client computer will say online but within 24 hours it goes offline again. The
  Windows 7 client computers never show online. Both computers stay offline - they NEVER show an online status (referring to the status under Devices in Dashboard).
  I should make it clear that the clients can access the server shares with no problem. File synchronization works great. The clients can ping the server and the server can ping the clients. But client backups on the server fail.
  One of the most troublesome things about this problem is that it prevents the client computers from being accessed remotely using the website setup by Anywhere Access. I can login to get remote access to the shared files on the server, but
  the only computer that says "online" is the server. All of the other computers are "offline".
  The server and clients are only using Windows firewall. The clients all use Microsoft Security Essentials for their anti-virus.
  I used a troubleshooting tool that tells me that there are problems with port 6602 on the server, but the clients are all fine with port 6602. I know port 6602 is important for using Anywhere Access but I am still trying to find out more details on that.
  I have checked all of the firewall settings related to port 6602 on the server, and the firewall settings look like the standard Windows settings for this port. I used netstat to find the PID associated with the port, and I looked up the PID to find the service.
  That all looked standard, too.
  I have been working on this problem since the summer of 2013!! Does anyone have ANY suggestions?!!
  HELP!

  Hi,
  Just addition, please check if all necessary Windows updates are installed on those
  “Offline” client computer.
  When connect client computers to the Windows Server 2012 Essentials server by using the Connector software, there
  will be LAUNCHPAD on the client computer. Was this LAUNCHPAD grayed out? Please check if can access Shared Folders via this LAUNCHPAD. Meanwhile, please ping the Windows Server 2012 Essentials via IP address and server name when client computers show as
  Offline. Any find?
  Get Connected in Windows Server Essentials
  In addition, please follow the path on Server and client computer:
  %programdata%\Microsoft\Windows Server\Logs. Did you check any relevant Server-side logs and
  Client-side Logs if find more clues?
  Windows
  Server Essentials 2012/2012 R2 Log Files
  If any update, please feel free to let us know.
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• I need to disable WebGL on all my computers

  For security reasons, I need to disable WebGL on several hundred Windows computers. Is there a registry entry I can set, or a DLL I can disable via software restriction policy?
  See http://secunia.com/advisories/44972/

  Look at cor-el's response in this link (a different pref): https://support.mozilla.com/en-US/questions/808176
  and the pref to be set in this Mozilla blog post (last sentence under "Status" section: https://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/
  Also note that a fix for this is due to be out on 2011-06-21.

• How can I turn on Remote Apple Events on client computers via MCX?

  I would like to turn on Remote Apple Events on all client computers in our network. Is there some way to push this out via MCX?
  Thanks
  Christian

  I think if there is a way to program a different remote first like a direct tv remote, then you could turn on home sharing and then use either that universal remote or the IOS device. I cannot figure out how to program my direct tv remote for my apple tv though.

• Remotely set Security on client computers

  I want all client computers to require a password when the screensaver is activated, regardless of who is logged in. Can these settings be made using either ARD2 or ARD3? Is there a Unix command or AppleScript to activate this setting that can be sent to each client computer? Or does a particular file need to be locked? If so, what file?
    Mac OS X (10.4.6)  

  defaults -currentHost write com.apple.screensaver askForPassword 1
  defaults -currentHost read com.apple.screensaver
  will give the value that is set... you can test it with Terminal on your computer
  send this as the logged in user to change the preference for that specific user. it'll have to be done numerous times if a computer has more than one user.
  i don't think you can do it if a user is logged out... unless you script something up with automator and applescript.
  i don't think the GUI reflects what the preference is set for accurately when issuing this command though. using the second command listed above to read the value will give what the preference is set for though. i've opened a bug report with apple

• What query should I use to find all versions of Office 2013 64-bit installed on client computers?

  What query should I use to find all versions of Office 2013 64-bit installed on client computers? Could someone create a custom query? I need all of the client computers names and which ones have any Office 64-bit components. Thank you so much! I really
  appreciate it!

  Hi,
  You could edit the following query to meet your requirement.
  SELECT     dbo.v_R_System.Name0, dbo.v_GS_OPERATING_SYSTEM.Caption0 AS [Operating System],
                        dbo.v_GS_OPERATING_SYSTEM.CSDVersion0 AS [OS Service Pack], arp.DisplayName0,
                        CASE WHEN arp.version0 LIKE '11.0.6361.0' THEN 'SP1' WHEN arp.version0 LIKE '11.0.7969.0' THEN 'SP2' WHEN arp.version0 LIKE '11.0.8173.0'
  THEN 'SP3' WHEN
                         arp.version0 LIKE '12.0.6215.1000' THEN 'SP1' WHEN arp.version0 LIKE '12.0.6425.1000' THEN 'SP2' WHEN arp.version0 LIKE '14.0.6029.1000'
  THEN 'SP1' ELSE '' END
                         AS 'Service Pack', arp.Version0
  FROM         dbo.v_Add_Remove_Programs AS arp INNER JOIN
                        dbo.v_R_System ON arp.ResourceID = dbo.v_R_System.ResourceID INNER JOIN
                        dbo.v_RA_System_SMSInstalledSites AS ASSG ON dbo.v_R_System.ResourceID = ASSG.ResourceID INNER JOIN
                        dbo.v_GS_OPERATING_SYSTEM ON dbo.v_R_System.ResourceID = dbo.v_GS_OPERATING_SYSTEM.ResourceID
  WHERE     (arp.DisplayName0 LIKE '%Microsoft Office%edition%' OR
                        arp.DisplayName0 LIKE '%Microsoft Office Standard 2007%' OR
                        arp.DisplayName0 LIKE '%Microsoft Office Enterprise 2007%' OR
                        arp.DisplayName0 LIKE '%Microsoft Office Professional%2007%' OR
                        arp.DisplayName0 LIKE '%Microsoft Office Standard 2010%' OR
                        arp.DisplayName0 LIKE '%Microsoft Office Enterprise 2010%' OR
                        arp.DisplayName0 LIKE '%Microsoft Office Professional%2010%' OR
                        arp.DisplayName0 LIKE 'Microsoft Office 2000%' OR
                        arp.DisplayName0 LIKE 'Microsoft Office XP%') AND (arp.DisplayName0 NOT LIKE '%update%') AND
                        (arp.DisplayName0 NOT LIKE '%Microsoft Office XP Web Components') AND (dbo.v_R_System.Operating_System_Name_and0 NOT LIKE '%server%')
  AND
                        (arp.InstallDate0 NOT LIKE 'NULL')
  ORDER BY dbo.v_R_System.Name0, arp.DisplayName0, arp.Version0
  Full details:http://social.technet.microsoft.com/Forums/systemcenter/en-US/7baeb348-fb63-4115-8d76-2c884d18f708/sql-query-to-check-ms-office-service-pack-level?forum=configmgrreporting
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Problem with multiple instances of shared printers being installed on client computers when the spooler service is started

  Hello,
  We have Windows Server 2012 and clients using Windows 8.  We've been having some printer problems for awhile now that I haven't been able to figure out for the life of me.  The main problem is the fact that printers are installed on computers automatically
  once the drivers are installed.  The side-effect of multiple instances of each printer showing up is very annoying but I suspect fixing the initial problem will resolve this secondary one.
  Here is the rundown:
  We add the shared printers on logon to the clients using the GPO thus installing the drivers locally.
  Whenever the spooler on the client is restarted with the drivers installed, all of the
  shared printers that were previously installed get duplicated 5 more times (for a total of 6 instances of each shared printer) on the "Devices and Printers" page.  This happens
  all the time.
  Removing them only fixes the issue temporarily, as soon as the spooler or computer is restarted, it seems these shared printers are somehow found on the network and the duplicates return.
  Two of these printers are located on different clients, installed locally and shared while the other three are all installed on a server and shared through it.  The issue is the same on all of them.
  Cleaning the spooler completely (registry and files from C:\system32\spool) fixes the issue temporarily as well since, as soon as the drivers are reinstalled, the issue occurs again.
  I've tried many things (disabling the GPO, editing the GPO, printer shares, registry, etc.) and searched tirelessly online for a cause and solution but I'm stumped.  Does anybody have any idea what might be causing this problem and how to resolve it?
  Thanks for your time!
  Update #1: I just tried adding the NoNetCrawling option in the registry found in this article -> http://support.microsoft.com/kb/320138/en-us
  I couldn't find the same for Windows 8 unfortunately.  I also tried disabling network discovery and all other sharing options to no avail.
  Update #2: I tried isolating the computer to a different subnet and restarting the spooler and, sure enough, the issue didn't occur.  This proves that the issue is network share related.  Also, as soon as I change the IP back to the regular domain
  subnet one, the multiple printer instances re-appeared again.
  Update #3: I just tried doing the same thing but on the server where the printers are installed and shared and, sure enough, despite being in a different subnet, the issue occurred.  This leads me to believe there is a setting on this server at fault.
   Question is, which one?

  We have deployed a brand new Active Directory domain for a customer. ALL the servers without exception are Windows 2012 R2 and all clients are Windows 8.1 32bit VDI clients.
  The issue that we have is around network printers. 
  We are deploying 4 printers  from a Windows 2012 R2 Server via the print management/Deploy Printer and assigning that to a GPO. The printers are deployed to the Computers which should mean that the users get all 4 printers which they then should be allowed
  to set their default and personal settings for that printer.
  Our printers are deployed like this:
  1. Created security group
  2. Assigned VDI computers to the security group
  3. Created GPO to reflect security group
  4. Modify GPO to do security filtering based on computer group membership
  5. Deployed 4 x printers through Print Management to the GPO on a per machine basis
  However, on the users Devices and Printers screen we are not seeing the 4 printers. For some users
  they see duplicates of all 4 printers so e.g they can have upwards of 8 or more. Other users have no printers displayed whatsoever. The next time they log off or restart they then have a different amount of printers displayed.
  If they try and set the default then it will set and the next time they check the default may have moved to another printer even without logging off or back on.
  Now, where this gets strange is within an application such as MS Word 2013 or Notepad if they use the file and print menu the printers will be listed, even if the user has no printers displayed in Devices and Printers. If the users selects a printer then they
  can then print OK.
  If we check HKCU\Printers||Connections then the CORRECT 4 printers are showing as to what is being deployed via the GPO so I know that the Windows 8.1 terminals are receiving the correct printers from the GPO.
  To try and correct this over the course of the week we have deployed the printers via Group Policy Preferences to the user and then the PC to no avail. Currently we are using the Print management\Deployed Printers to deploy all 4 printers to the computer via
  the Computer GPO.
  I believe that this issue is related to the display somehow in Devices and Printers rather than a GPO or print server issue as we can see via the registry the clients are receiving the 4 correct mentioned printers as shown in the registry. 
  FYI: We only have around 30 users and all users are getting this problem. All users are receiving the same GPO's and have the same few apps installed, Office 2013, Adobe Reader etc.
  What we want is for the computers to receive all 4 printers. All users should be able to use all 4 printers but the user should be able to select their particular default, depending where they are located or what they are printing that particular day. Their
  particular default should persist after reboot. (We have 2 x Copiers and 2 x HP Laserjets) All users have redirected documents and desktop but the rest of the profile is on the VDI and persists after their reboot. The profile is not roaming as the user is
  assigned a particular VDI.
  After a week of scratching our heads with this we are open to suggestions and any would be appreciated.
  We have tried following the issues on this thread to no avail either as they still return.

• SNR License Issue. How Can I Disable SNR for all Users?

  Hi,
  I Have an issue with SNR on CUCM 10.5 and with assignement of license type
  I have a cluster with 400 users.
  200 users use ip phone 3905 and should be use an Essential License.
  When system check for assignement of license type , itassign a Basic License instead of an Essential License, because it see that users have SNR Enabled.
  All users in my system have SNR enabled, and I can not disable it. All my user have Enable Mobility unchecked, and all my phone have Device Mobility Off, but system however see SNR enable.
  How can i disable SNR for all users? This is a feature that client don't need.
  I dont' have a sufficent number of licenses for support all 3905 in Basic License.
  thanks for help.
  Andrea

  Well actually, Mobile Identity wouldn't apply to a 3905 unless those phones had another line on a Dual-Mode device like an iPhone or Android phone.  So unless you have either of those in your system you can scratch that idea.  Someone else may chime in here and try to help a bit more as RD/RDP are the main SNR culprits.

• New Server Installation, now client computers can't connect to services. Where to go from here?

  Hello.
  I recently had to setup a new Mac Mini Server (Mavericks). We had one previously but one of the raided hard drives failed. No backup.
  Our office of 6 Apple MacBook Pros used to connect to all file sharing and calendar services, easily.
  On the new Server installation, I added the same users with the same passwords etc. The client computers cannot access calendars, file sharing etc. On the clients, I have opened up System Preferences > Users & Groups > Login Options > Network Account Server and added the FQDN of the server, but I get an error ' Unable to add server. Connection failed to the directory server. (2100) '
  2 of the clients are on Mountain Lion. The rest are on the latest Mavericks.
  I'm a bit lost on where to go from here and would appreciate your help before I wipe everything and start from scratch.
  Thanks.

  Hi Strontium90
  Ha! There was a time machine backup, but we had a storm here which rendered it and the server useless. We are such a small team without an 'IT' guy, apart form me as I have a vague interest in all things Apple.
  What is your DNS name space?
  Do you need the name here?
  Do the servers and the client agree on this name?
  Not sure what you mean. The domain name works as when I type it into a web browser, I can see the 'Welcome to Server' page.
  Did you enable an Open Directory Master?
  Yes. Open Directory is running.
  Did you grant the users/group access to the service you are offering?
  Yes. All services are checked for each user.
  Make sure the user/group is permitted to access your enabled services.
  All allowed, too.
  Oh, and implement a backup strategy
  Will do, once I sort out this problem. Time Machine and off-site, I think.

• How many client computers can you control with the $79.99 version on Mac App Store?

  I mean client computers by the ones you control, not by the admin computers.

  From: http://www.apple.com/remotedesktop/
  No Per-Client Tax
  Apple Remote Desktop 3 is incredibly affordable. With the Unlimited Managed Systems edition, you can manage any number of client computers — there is no per-client charge.
  Apple's website says Unlimited Managed Systems, There are probable some technical limit, but i've never found it. How many client computers do you want to manage, are they all on the same lan? same subnet?

• I can no longer run reports of my client computers

  RDC 3.2.2 I recently need to run some reports of all my client computers. First, I attempted to run report of several computers. It never got beyond "Waiting for report data", so, I attepted to do separate clients, one at a time. Same result. All users are upgraded to the current client. Users are on a 1000BaseT network. Thought it may be 10.5.6 update related, but not all of my users are on Leopard. I have testing a variety of different clinet configs and I cannot generate a report.

  Starting on May 29th, 2008, I noticed that some of the computers that have been added to ARD were showing up with their IP address as 0.0.0.0. Some of the systems could have reports done for them while other would not. At the time, out of 140 computers currently listed, only 120 returned reports.
  After troubleshooting I called Apple to attempt to figure out where this problem may reside. Apple indicated that the IP numbers would get zeroed out when another device takes over the IP address of the client computer. This made sense since we were setup via DHCP. They could not determine why the reporting was not functioning without further troubleshooting through Enterprise support. This would require funding to get additional support.
  On January 22nd, 2009 I called Apple support back and started the support via their Enterprise support. The technician asked if we were using spanning tree with our network switches. I verified with the network team that we are using multicast spanning tree for Semantic Ghost. The technician also asked that I set up ARD on another test computer to see if the problem occurs with that system as well.
  On February 5th I setup both a second system for ARD Admin and a test client computer. In Mid February I set up the SQL database used by ARD to be accessed but other applications, such as a PHP webpage. This would allow me to see what information was in the database without needing to use ARD admin.
  By March 5, I had completed my tests and determined that the information is still being lost using this second computer setup. Keep in mind that the test client computer had been turned off by mid February so its network IP number would be release for another device to use. A few days before I had created a second account on the test ARD admin computer and re-imported the original list of systems used when this test started. This second account did not have the ARD test client computer added into ARD admin. This would allow for reports to be collected for a few days on this system. I then went back to the original account for ARD admin on March 5 and attempted to run the report for the test client. In ARD admin I was not able to acquire any report information. I was, however, able to see the data using the PHP webpage I have created earlier.
  I called Apple back to continue troubleshooting this problem. Remember that we had paid for support for this problem, $199. The technician indicated that the case had been resolved and closed. I explained that the issue was not resolved and troubleshooting was still ongoing. The technician remained adamant that the case was resolved and would not open a new case for further support.
  I spoke with my Technical Director in regards to this. We both called Apple Enterprise support back to see if we could get further support for this unresolved issue. The technician did give us a bit of support, however, he continued to insist that we were adding the client computers in via IP and this was causing our problems. We explained exactly how we have been adding computers into ARD admin; by scanning them through our network and dragging them to the main list, not by adding them by direct IP. The technician then continued to be unclear as to how to go about correcting this situation of lost data. He indicated that when the client computer's IP was taken over by another device the only way to get the client to report again was to remove and re-add the client back in.
  According to the document "ARD 3.1 Admin Guide.pdf"; Chapter 8 page 104, in the section titled "Installing Software on Offline Computers", paragraph 2, it states "When the client comes online, it contacts the Task Server and notifies it of its network state and any setting changes (like a DHCP-assigned IP address change)." Even after reading this statement to the technician he still was not clear as to why the client computers did not update their IP information correctly (from their current 0.0.0.0 IP) when reconnected back to the network.
  Because information is continuing to become lost Apple Remote Desktop is not meeting the needs of our department and the community college for tracking the Macintosh hardware currently in use. It may take an extended time to retrieve requested information if this data does not get reported on in ARD admin. Currently, one of my coworkers is in the process of creating a whitepaper to include alternatives for asset management for the Macintosh community.

• Disabling SMB2 and SMB3 Client from Windows Vista, Windows 7 and Windows 8.

  There are many programs that are using a shared file on the server from clients from XP to Windows 10. From time to time it seems like there is a network outage and the handle to the file is broken and the file
  cannot be read or updated. It seems more prevalent on a Windows 2012 server but may have happened from time to time on 2008 & 2008 R2. However there are not any network problems so it just leaves the server & Client
  I have searched for possible resolutions including:-
  Turning  off the Cache for the share
  Disabling the network adapter power setting to allow windows to put the device to sleep.
  Disabling  Antivirus/configuring it to ignore folders for on access scanning
  Disabling SMB  Signing
  Configuring the  clients DWORD registry value SilentForcedAutoReconnect=1 in HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\NetCache
  Setting the "NET CONFIG SERVER /AUTODISCONNECT:-1" to not drop client
  connections
  The last bit of trouble shooting that I can think of is to disable SMB2 and SMB3 as that does a lot of caching and batching of packets which could also be the cause of the problem.
  I have looked at
  http://support.microsoft.com/kb/2696547/en-us
  I have disabled SMB2&3 on the server as that is very straight forward.
  When I get to the section about disabling SMB2 on the client the command fails.
  sc config
  lanmanworkstation depend= bowser/mrxsmb10/nsi
    After running the above command, it returns an error: 
        [SC] ChangeServiceConfig FAILED 1059:
        Circular Service Dependency was specified.
  So it's not worth running the following command:
  sc config mrxsmb20 start= disabled
  I have tried the command on Windows Vista, Windows 7 and Windows 10 just to confirm that it's  nothing to do with any particular PC, machines in Domains and Non-Domain machines.
  So, my questions are:-
  1, is
  http://support.microsoft.com/kb/2696547/en-us actually correct and up to date and for the OSes (Vista, 7, 8, 8.1, 2012 server and Windows 10) with latest updates & service packs?
  2, How do I disable SMB2 and SMB3 on clients for troubleshooting purposes the server to resolve problems with shared files (multi user access)
  3, If I just disable SMB2 & 3 from the server would that force the clients not to use SMB2 when communicating with the server and therefore not caching the directory structure and file not found etc? I have seen posts that suggest this is not the case.
  4. Does sc.exe have a bug in it?
  Thanks in advance
  Rob

  Hi,
  I made a test in our testing enviroment, everything works fine to disable SMB2 and 3. For your problem, in my opinion, as I didn't find any specific report about this error, it would be better to use Process Monitor to capture the trace when running the
  command.
  Start Process Monitor, then set the filter as cmd.exe, after that, open CMD and execute the command.
  Process Monitor:
  http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
  In addition, I found another thread that had similar error with yours, you can take its solution as reference.
  https://social.technet.microsoft.com/Forums/windows/en-US/506828c8-e7af-4039-aca7-43321939bb55/offline-files-synchronization-error-the-file-specified-cannot-be-found?forum=w7itpronetworking
  Roger Lu
  TechNet Community Support
  Roger,
  Many thanks for the time taken to look into this.
  I've downloaded process monitor and loaded it. I filtered for cmd.exe started capture and saved a 1mb file.
  However I don't think this is going to help unless you can point me in the direction of what you're expecting to see in the capture file? If you want me to send you it I can but it does contain personal information which I'd rather not place online.
  You can recreate the problem yourself by doing the following:
  Go to modern.ie
  Download any windows 7 virtual machine for your preferred of virtualisation  platform 
  log in, start cmd as administrator and run the command
  sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
  You will also receive the same error.
  [SC] ChangeServiceConfig FAILED 1059:
  Circular Service Dependency was specified.
  You can also try it on the Windows 8 and 8.1 machine if you have time.
  I checked the link to the similar error and that just looks at the file not found problem which is the smb2 cache. They still didn't resolve the slow access to the share which is seen on a machine that has anti-virus on it when you go to right click
  on the folder or a file in the folder. It's about a 20 second (spinning circle) pause every time. The problem is bigger than that. If you have shared files on the network share that are used by multiple people at the same time, say a spreadsheet or database
  file windows is loosing the connection to that file so the user cannot write to it even if they have the file open. The smb2 caching shouldn't cause that problem.
  It appears that I have to disable from SMB2 and SMB3 and ensure that the clients only use SMB1.
  If SMB2 & SMB3 are disabled from the lanmanworkstation service the clients will not do any caching even if the server has disabled the share cache (offline files for that share).
  The problem with the "Circular reference" error message is standard across all versions of windows that have "smb2" or "smb2 and smb3". Can you recreate that problem? Or is it working on your windows computer and on the machines
  downloaded from modern.ie ?
  My testing has shown that the command "sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi" does not work. Therefore that's the one I want to resolve first. By resolving that I may be able to get the clients accessing the share to behave
  themselves and use the shared files correctly as they always did from Windows 95/NT4 through to Windows XP and 2003/2008 server.
  I'm unable to recreate the problem with multiple users having access to shared database files on windows 2012 server from Windows 7 clients were the access to the files drops once a day or once every couple of days.
  Kindest Regards
  Robert

• Previously blocked client computers - now cannot install SCCM 2012 R2 client

  Hello,
  I have a Primary Site on SCCM 2012 R2. New installation of 2012 R2, not upgrade from SCCM 2007. My environment is pretty small for now, having added just few dept computers in the company.
  We are using SCCM for Endpoint Security antivirus deployment. Some time ago I had not configured the Discovery methods correctly and the scep client started to install on few machines on which it was not supposed to be installed. I removed the clients then
  (both remote and local uninstallation) but since the sccm client was getinng installed again - I had to Block these few machines. Now the problem is that I cannot install the scep client on these computers that have previously been blocked. I am sure the previous
  block is the reason because these are about 6-7 machines and only they do not install. All others do install scep client. The installation process goes smooth on these problematic machines, ccmsetup folder gets created in C:\Windows, I follow the ccmsetup.log
  and it says  " <![LOG[CcmSetup is exiting with return code 0]LOG]!><time="12:33:56.415-180" date="10-08-2014" component="ccmsetup" context="" type="1" thread="3992"
  file="ccmsetup.cpp:10875">  "  at the end of the log which is what it is supposed to show when installation goes ok, then Ccmexec.exe process continues running but folder Microsoft Security Client in C:\Program Files never gets
  created and no scep client gets installed.
  I tried deleting the computers from the sccm console and discovering them anew - did not help. Tried even renaming the comp locally, after having it deleted from sccm console, then adding it anew hoping sccm will regard it as a new resource-again no good.
  All these computers have the Approve, Block and Unblock buttons greyed out/inactive in console.
  Has anyone had this same problem?  Any ideas what can be done. Thank you.
  Regards,
  Hristo

  Hi,
  were you ever able to fix this?
  I'm running in a similar issue here.
  One single client was blocked, then deleted, lateron recreated (imported manually name and MAC address).
  Now the client is unable to register itself in SCCM 2012 R2 (no CU yet).
  Tried the usual stuff: uninstalled SCCM client, remove the entries of CCMsetup and SMS from registry, deleted  the SMS certs from the computer personal
  store and deleted  the smscfg.ini from C:\Windows. Then re-installed the SCCM client
  Client logs look fine, except ClientIDManagerStartup.log:
  <![LOG[[RegTask] - Client is not registered. Sending registration request for GUID:F295F120-9C99-4D10-82B7-027FDD86B5F6 ...]LOG]!><time="14:46:11.555-60" date="01-12-2015" component="ClientIDManagerStartup" context=""
  type="1" thread="6320" file="regtask.cpp:1609">
  <![LOG[[RegTask] - Server rejected registration request: 3]LOG]!><time="14:46:12.616-60" date="01-12-2015" component="ClientIDManagerStartup" context="" type="3" thread="6320" file="regtask.cpp:1675">
  On the server:
  Begin validation of Certificate [Thumbprint 12923BCACDAE5B89547A25E54BF11E533163742F] issued to 'SMS'    MP_RegistrationManager    12.01.2015 14:31:10    8600 (0x2198)
  Completed validation of Certificate [Thumbprint 12923BCACDAE5B89547A25E54BF11E533163742F] issued to 'SMS'    MP_RegistrationManager    12.01.2015 14:31:10    8600 (0x2198)
  Encountered database error while verifying headers for client 'GUID:F3063334-69B4-471F-B158-56782E499F4A' (0x87d00238).    MP_RegistrationManager    12.01.2015 14:31:10    8600 (0x2198)
  CCMValidateAuthHeaders failed (0x87d00238) to validate headers for client 'GUID:F3063334-69B4-471F-B158-56782E499F4A'.    MP_RegistrationManager    12.01.2015 14:31:10    8600 (0x2198)
  A client is trying to re-register with an administrator revoked certificate: SMSID='GUID:F295F120-9C99-4D10-82B7-027FDD86B5F6'.    MP_RegistrationManager    12.01.2015 14:31:10    8600 (0x2198)
  MP Reg: Processing completed. Completion state = 0    MP_RegistrationManager    12.01.2015 14:31:10    8600 (0x2198)
  We are using HTTP for client communication.
  Any ideas appreciated.
  Michael

• Can't view all the computers in my network on WSUS Console

  Hello Everyone,
  Windows Server 2008 R2
  WSUS 3.0
  The issue is: Can't view all the computers in my network on WSUS Console
  1/ Installed Windows Server Update Services (WSUS)
  I followed the steps how to install Windows Server Update Services ( WSUS ) correctly by following steps on technet.microsoft.com
  2/ Edit Group Policy Management (GP)
  Open "Group Policy Management" Console
  by right click "edit" the "Default Domain Policy" and It took me to "Group Policy Management Editor"
  I changed the "Windows Update" Setting under "Group Policy Management Editor"
  by doing to "Computer COnfiguration > Policies > Administrative Templates > Windows Components > Windows Updates"
  ------------------------------------------------------------------------------------------------------|
  |Enable |
  |-----> Configure Automatic Updates
  |
  | ------>
  4 - Auto download and schedule the install |
  | |
  |Enable |
  |-----> Specify intranet Microsoft update service location
  |
  | ------>
  http://ServerName.DomainName.net |
  | (Address of the server where WSUS updates are downloaded to)
  |
  | |
  |Enable |
  |-----> Automatic Updates detection frequency
  |
  | ------>
  22 |
  | (hours)
  |
  |Enable  |
  |-----> Enable Client-side Targeting
  |
  | ------>
  Win7; Server |
  | (Name of the Computer Groups)
  |
  |------------------------------------------------------------------------------------------------------|
  FYI: go to CMD and type "gpupdate" to apply the updates right away without waiting for the automatic one
  3/ Launch Windows Server Update Services (WSUS)
  a/ Run the WSUS Wizard
  I ran the WSUS Server Configuration Wizard under Option on the left panel and followed it by running the 
  synchronization.
  ------------------------------------------------------------------------------------------------------|
  |Choose Upstream Server |
  |-----> Synchronize from Microsoft Update and press on next
  |
  | |
  |Specify Proxy Server |
  |-----> Left blank ( I won't be using a Proxy server) and press on next
  |
  | |
  |Connect to Upstream Server |
  |-----> Press on "Start Connecting" and wait until it's done, press on next
  |
  | |
  |Choose Product |
  |-----> Select the product needed and Press on next
  |
  | |
  |Choose Classifications |
  |-----> Select classification needed and Press on next
  |
  | |
  |Configure Sync Schedule |
  |-----> Synchronize automatically and press on next
  |
  | |
  |Finished |
  |-----> Check "Begin initial synchronization" and press on next
  |
  | |
  |What's next |
  |-----> It open the Help menu if you click on one of the four links
  |
  | ----->
  Press on Finish |
  |------------------------------------------------------------------------------------------------------|
  FYI: The synchronization might take hours if it's run for the first time
  b/ Computer Group Settings
  Go to "Options" under "Update Services" and click on "Computers"
  Change the option to "Use Group Policy or registery settings on Computers."
  And click on "OK"
  Final Result:
  (only 4 computers are showing) all being under the same operating system, missing about 7 computers used as hosts with Windows 7 running on VM

  Hi
   You have to apply the WSUS Gpo policy to your computers OU(or which OU computers incelude).

• WSUS throwing 13002, "Client computers are installing updates with a higher than 25 percent failure rate. This is not normal."

  Hello,
  Within the past two months our WSUS Server started throwing error 13002, "Client computers are installing updates with a higher than 25 percent failure rate.  This is not normal."  We currently have 252 computers with errors in WSUS,
  and 33 updates with errors.  We have never had issues up until two months ago.  If you keep rebooting the machine, and keep running updates, they eventually all install.  I believe I will see the machines with errors go away as the weekly scheduled
  WSUS install runs over and over, and the machines reboot.
  - We run IE8 in our environment and sometimes IE9.
  - We have 300 clients, all running Windows 7 SP1 x64.
  - Our WSUS server is running on Server 2008 R2.  The WSUS build number is 3.2.7600.262.
  - We created an alternate WSUS 4.0 server on Server 2012, and redownloaded all updates.  We put one client on it and it is showing errors on 3 updates, KB890830, KB931125, and KB2917500.
  - Clients are throwing errors 800F0902, 80242016, and 80070005.
  - I've noticed something with the C:\Windows\SoftwareDistribution\Download folder on the clients.  When an update runs and fails, there is a "Install" folder created inside this folder.  If you try to open it after the failure you get
  "Access Denied"  If you reboot the machine, the install folder goes away.  (I assume this is a temp folder created to run updates).  I've checked the permissions on this folder on various machines and all seems normal.  I think
  this is the root of the problem, and why we need to keep rebooting to get all of the updates to run.  
  - I tried deleting the Software Distribution folder on a client after stopping the update service, then restarting the update service.  The folder redownloads but the client still throws errors.
  - I've gone through our Group Policies looking for anything that can cause this and found nothing.  We've created a test OU blocking inheritance, and only applying a WSUS policy in it to make it get the updates internally.  I then rebuilt multiple
  machines using Dell KACE, and still had failures.
  - We run SEP 11 and 12 on our clients.  I've tried removing the AV, making sure the firewall was off, etc.  It still throws errors.
  - I've spoken with our network team, and installed wireshark on a few clients looking for network errors and found nothing.
  - I've tried various Dell KACE scripted installs on test machines (erasing and rebuilding the machines from scratch), after which I run Windows Updates from WSUS.  They have thrown errors.
  - I've rebuilt a machine using Dell KACE, undomained it, then ran updates externally from WSUS going to Microsoft's site, and I'm still getting errors.
  - I've tried removing all software from the Dell KACE build to where it is just installing the OS and I'm still getting errors.
  - I tried taking a plain Windows 7 x64 DVD and installing that on a test machine, then without domaining it and without installing any other software, running updates from Microsofts update site.  This seems to work, althrough it does throw some errors
  but I believe those are related to having to reboot your machine in order to complete the updates (I can't remember that error code at the moment).
  Has anyone else been experiencing this?  Any suggestions as to how I can fix this?

  Hi,
  Error 800f0902
  Please try the method in this thread:
  Error
  Code: 800f0902
  Error 80242016
  If you receive Windows Update error 80242016 while checking for updates, it might be caused by a connection interruption between your computer and the Windows Update servers.
  80070005
  Usually means access denied
  Since it worked perfectly for a while, did you make any change on the server? Any applications new installed on clients?