Endpoint Installation on Clients Computers Through SCCM

Similar Messages

• How to manage Forefront Endpoint Prorection Security Client 2010 with SCCM 2012

  Hi
  I've sucessfully installed System Center Configuration Manager 2012
  and now I 'd like to push/deploy Forefront Endpoint Protection Client 2010 on client machines.I also know that Microsoft embedded Forefront Endpoint Protection in SCCM 2012 so that you can manage FEP from single SCCM 2012 console.Now
  when I try to push FEP client on client machines using Default Client Settings
  then I've found that all Endpoint Protection settings are greyed out !
  Do I need to install Forefront Endpoint Protection 2010 or 2012 Server (which is beta) with SCCM 2012, in order to deploy FEP client or is there a workaround or solution to resolve this ?
  Thanks
  Sohail

  Hi,
  Endpoint Protection 2012 is builtin in SCCM 2012, you simply add the Site Role called Endpoint Protection either on your CAS if you have one of those or on your Primary site Server. FEP is no longer a standalone installer and it is a released product and
  no longer Beta.
  Then the Endpoint Protection Client Settings will no longer be greyed out and you can deploy the System Center 2012 Endpoint Protection client.
  http://technet.microsoft.com/en-us/library/hh508760.aspx
  regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• New Server Installation, now client computers can't connect to services. Where to go from here?

  Hello.
  I recently had to setup a new Mac Mini Server (Mavericks). We had one previously but one of the raided hard drives failed. No backup.
  Our office of 6 Apple MacBook Pros used to connect to all file sharing and calendar services, easily.
  On the new Server installation, I added the same users with the same passwords etc. The client computers cannot access calendars, file sharing etc. On the clients, I have opened up System Preferences > Users & Groups > Login Options > Network Account Server and added the FQDN of the server, but I get an error ' Unable to add server. Connection failed to the directory server. (2100) '
  2 of the clients are on Mountain Lion. The rest are on the latest Mavericks.
  I'm a bit lost on where to go from here and would appreciate your help before I wipe everything and start from scratch.
  Thanks.

  Hi Strontium90
  Ha! There was a time machine backup, but we had a storm here which rendered it and the server useless. We are such a small team without an 'IT' guy, apart form me as I have a vague interest in all things Apple.
  What is your DNS name space?
  Do you need the name here?
  Do the servers and the client agree on this name?
  Not sure what you mean. The domain name works as when I type it into a web browser, I can see the 'Welcome to Server' page.
  Did you enable an Open Directory Master?
  Yes. Open Directory is running.
  Did you grant the users/group access to the service you are offering?
  Yes. All services are checked for each user.
  Make sure the user/group is permitted to access your enabled services.
  All allowed, too.
  Oh, and implement a backup strategy
  Will do, once I sort out this problem. Time Machine and off-site, I think.

• How to manage Work group Computer through SCCM 2012 R2

  Hello..Experts,
  We have to manage the Workgroup Computers both Linux and windows Environment through SCCM 2012 R2.
  what are limitation associated with managing Workgroup computer both with Linux and windows Computers through SCCM.
  Please help us how to achieve this.

  Windows devices that are Workgroup members have the same features for management as domain joined devices except that it is slightly more difficult to get the client installed on these 'unmanaged' devices.
  The Linux computers have only basic support for  Inventory, Application Management, and Compliance.
  I hope that helps,
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you've found a bug or want the product worked differently,
  share your feedback.
  <-- If this post was helpful, please click "Vote as Helpful".

• DPM agent installation through SCCM

  Hi,
  We have DPM 2012 installed and we want to install the DPM agent through SCCM to all client server, can you please tell me the process..
  Appreciate if you can update at earliest.

  I am trying to add this as a Task Sequence in SCCM 2012 but am unable to get it to work.  I followed the link above, tested it out in a dos prompt and it works.  But as soon as I add it to a TS, I get the 0x80070002 (i think) stating it cannot
  find the file.  When the deployment logs in, I do not see the mapped drive.  I can see the task window stating mapping drive then Add DPM Client, but then thats where it fails.
  I have the task sequence in 3 step, first to map the network drive (net use P: \\server\c$), second to add the DPM Agent using ("P:\Program Files\Microsoft System Center 2012\DPM\DPM\agents\RA\4.0.1920.0\amd64\1033\DPMAgentInstaller_KB2751230_AMD64.exe"
  /q server.domain.com)(that is the location of the file), and the third to remove the mapped drive.
  I should also mention that the firewall is enabled, but just before the map network drive, I have it disabled, then set to enable after the DPM client is installed.
  Suggestions?

• System Center Endpoint Protection Antimalware client version - wont upgrade

  Hi
  Running SCCM 2012 SP1 CU4 on Server A. Endpoint Protection role on Server B. Both Servers 2008 R2. there is only one primary site server and no secondary sites in the hierarchy.
  All clients are Windows 7.
  The SCEP client is not upgrading on clients as I would have expected. After enabling the automatic client upgrade option in site hierarchy settings I found all the clients upgraded their SCCM agent. I was expecting the SCEP client to be upgraded also. Machines
  have been rebooted since the SCCM agent upgrade.
  How can I go about upgrading the SCEP agent on all computers?
  Many thanks

  Hi Daniel
  I can't find this file in %programfiles%\microsoft configuration manager\logs, or %programfiles%\sms_ccm\logs. Can you tell me where this log file is?
  I think I sorted the issue, some of the boundaries weren't in a boundary group. Now some of the SCEP agents are upgrading. There are still some issues but I guess I'll do some reinstalls and see if I can resolve this this way.
  Common installation issues I'm seeing are 0x8004FF91 or 0x8000ffff,
  for example. These are found in the c:\windows\ccm\logs\EndpointProtectionAgent.log on the clients.
  Thanks

• For Your Consideration: Ultimate Lync 2010 client install with SCCM 2007

  While the subject of my post may be very presumptuous, I submit the following for your consideration to answer the often-asked question about how to deploy Lync 2010 client with SCCM.
  Background:
  I cannot understand why Microsoft made the Lync install so darned confusing, complex, and convoluted.
  After our Lync 2010 FE server was up and running and all users migrated off our OCS server to the Lync environment, I spent about a month and a half trying to figure out how to:
  1.  Uninstall the OCS 2007 R2 client
  2.  Install all prerequisites for the Lync client
  3.  Install Lync on all user workstations silently.
  While researching this, the simple answer I kept seeing given to this question was, "just use the .exe with the right switches according to the TechNet article here: http://technet.microsoft.com/en-us/library/gg425733.aspx".  Well, my response is, I
  tried that and while the program installed itself correctly pushed through SCCM, because I was doing it using an administrative account (i.e. the SYSTEM account) due to our users not having admin rights, when the install was done, Lync would automatically
  start up, but in the SYSTEM context so that the user couldn't see it was running, they go to run it and it won't run for them.  I was unable to find any switch or option to prevent the automatic launch.  I suppose the simple solution to that would
  be to have the user reboot, but that's unnecessarily disruptive and was contrary to the desire to make this a silent install.
  The next simplest answer I saw was, "extract the MSI and use that with the right switches".  Problem with that is that the MSI by itself doesn't remove the OCS client or install the prerequisites, and also either requires a registry change to even allow
  the MSI to be used or a hacked MSI that bypasses the registry key check.  I tried to put a package together to uninstall OCS, install the prereqs, and use a hacked MSI, but I never could get the MSI hacked properly.  The other problem I ran into
  was detecting if the OCS client was running in a predictable way so I could terminate it, properly uninstall it, and then do the rest of the installations.  It was this problem that ultimately led me to the solution that I'm about to detail and that has
  worked marvellously for us.
  Solution:
  As I said before, when I first looked at this problem, I started by building a typical software deployment package (Computer Management -> Software Distribution -> Packages) and then created the programs to do the install.  My first attempt was
  just with the .exe file provided as-is by Microsoft using the switches they document in the link above for IT-Managed Installation of Lync, and...well, the end result wasn't quite as desirable as hoped.  So, my next attempt was to extract all the prerequisite
  files and the Lync install MSI (both for x86 and x64), attempt to hack it to get around the "UseMSIForLyncInstallation" registry key, and make the command-lines to terminate OCS and uninstall it.
  In the past when I had an install to do with SCCM that also required uninstalling an older version of a given application, I typically used the program-chaining technique.  That's where you have, for example, 3 or more programs that run in a package
  in a sequence and you have Program 3 be set to run after Program 2 does and then set Program 2 to run after Program 1 so you get the desired sequence of Programs 1-2-3 running in that order.  So, I created programs to 1) kill Communicator.exe 2) uninstall
  Communicator 2007 R2 by doing an "msiexec /uninstall {GUID}" 3) install Silverlight 4) install Visual C++ x86 5) optionally install Visual C++ x64, and then 6) install the Lync x86 or x64 client.  That final step was always the point of failure because
  I couldn't get the hacked MSI for the Lync Client install to work.  I also realized that if Communicator wasn't running when the deployment started, that step would fail and cause the whole process to bail out with an error.  That's one of the downsides
  of program-chaining, if one step fails, SCCM completely bails on the deployment.  This is what also led me to the key to my solution:  TASK SEQUENCES.
  I'm not sure how many people out there look in the "Operating System Deployment" area of SCCM 2007 where Task Sequences normally live, but I also wonder how many people realize that Task Sequences can be used for more than just Operating System deployments. 
  One of the biggest advantages of a task sequence is you can set a step to ignore an error condition, such as if you try to terminate a process that isn't running.  Another advantage is that task sequences have some very good built-in conditionals that
  you can apply to steps, for example, having the sequence skip a step if a certain application (or specific version of an application) is not installed on the machine.  Both of those advantages factor highly into my solution.
  OK, for those who already think this is "TL;DR", here's the step-by-step of how to do this:
  First, you need to extract all the files from the LyncSetup.exe for your needed architectures.  We have a mix of Windows XP and Windows 7 64-bit, so my solution here will take both possibilities into account.  To extract the files, just start up
  the .exe like you're going to install it, but then when the first dialog comes up, navigate to "%programfiles%\OCSetup" and copy everything there to a new location.  The main files you need are: Silverlight.exe, vcredist.exe (the x64 LyncSetup.exe includes
  both x86 and x64 Visual C++ runtimes, you need them both, just rename them to differentiate), and Lync.msi (this also comes in an x86 and x64 flavor, so if you have a mix of architectures in your environment, get both and either put them into their own directories
  or rename them to reflect the architecture).
  For my setup, I extracted the files for the x86 and x64 clients and just dumped them each into directories named after the architectures.
  Next, move these files into a directory to your SCCM file server, whatever it might be that you deploy from, in our case, it was just another volume on our central site server.  Go to the SCCM console into Computer Management -> Software Distribution
  -> Packages and then create a new package, call it something meaningful, and then point to the directory on your SCCM file server for the source files.
  Now you need to create 3 to 5 programs inside the package:
  1.  Name: Silverlight
     Command Line: x86\Silverlight.exe /q     (remember, inside my main Lync install folder on my distribution point, I have an x86 directory for the files from the x86 installer and an x64 folder for the files from the x64 installer. 
  The fact is the Silverlight installer is the same in both, so you only need one of them.)
     On the Environment tab:  Program can run whether or not a user is logged in, runs with administrative rights, Runs with UNC name
     On the Advanced tab:  Suppress program notifications
     All other options leave default.
  2.  Name:  Visual C++ x86
      Command Line:  x86\vcredist_x86.exe /q
     On the Requirements tab: Click the radio button next to "This program can run only on specified client platforms:" and then check off the desired x86 clients.
     Environment and Advanced tabs:  same as Silverlight
     (If you have only x64 clients in your environment, change all x86 references to x64.  If you have a mixed environment, create another program identical to this one, replacing references to x86 with x64.)
  3.  Name:  Lync x86
      Command Line:  msiexec /qn /i x86\Lync.msi OCSETUPDIR="C:\Program Files\Microsoft Lync"  (The OCSETUPDIR fixes the issue with the Lync client wanting to "reinstall" itself every time it starts up)
      Requirements, Environment, and Advanced tabs:  Same as with Visual C++ and Silverlight
      (Same deal as above if you have all x64 clients or a mix, either change this program to reflect or make a second program if necessary)
  Now you need to make the Task Sequence.  Go to Computer Management -> Operating System Deployment -> Task Sequences.  Under the Actions pane, click New -> Task Sequence.  In the Create a New Task Sequence dialog, choose "create a
  new custom task sequence", Next, enter a meaningful name for the task sequence like "Install Microsoft Lync", Next, Next, Close.
  The task sequence will have up to 12 steps in it.  I'll break the steps down into 3 phases, the prereqs phase, uninstall OCS phase, and then Lync install phase.
  Prereqs Phase:
  These are the easiest of the steps to do.  Highlight the task sequence and then in the Actions pane, click Edit.
  1.  Click Add -> General -> Install Software.  Name: "Install Microsoft Silverlight".  Select "Install a single application", browse to the Lync package created earlier and then select the Silverlight program.
  2.  Add -> General -> Install Software.  Name: "Install Microsoft Visual C++ 2008 x86".  Install Single Application, browse to the Lync package, select the Visual C++ x86 package.
  As before, if you're an all-x64 environment, replace the x86 references with x64.  If you have a mixed environment, repeat step 2, replacing x86 with x64.
  3.  Add -> General -> Run Command Line.  Name: "Enable Lync Installation".  This step gets around the UseMSIForLyncInstallation registry requirement.  The Lync client MSI simply looks for the presence of this key when it runs, so
  we'll inject it into the registry now and it doesn't require a reboot or anything.  It just has to be there before the client MSI starts.
  Command Line: reg add "hklm\Software\Policies\Microsoft\Communicator" /v UseMSIForLyncInstallation /t REG_DWORD /d 1 /f
  Uninstall OCS Phase:
  This part consists of up to 6 Run Command Line steps.  (Add -> General -> Run Command Line)
  4.  Name: "Terminate Communicator".  Command Line: "taskkill /f /im communicator.exe".  On the Options page, check the box next to "Continue on error".  This will terminate the Communicator process if it's running, and if it's not, it'll
  ignore the error.
  5.  Name: "Terminate Outlook".  Command Line: "taskkill /f /im OUTLOOK.exe".  Check the "Continue on error" on the Options page here too.  Communicator 2007 hooks into Outlook, so if you don't kill Outlook, it might prompt for a reboot
  because components are in use.
  (NOTE:  If necessary, you could also add another step that terminates Internet Explorer because Communicator does hook into IE and without killing IE, it might require a restart after uninstalling Communicator in the next steps.  I didn't run into
  this in my environment, though.  Just repeat step 5, but replace OUTLOOK.EXE with IEXPLORE.EXE)
  6.  Name: "Uninstall Microsoft Office Communicator 2007".  Command Line: "msiexec.exe /qn /uninstall {E5BA0430-919F-46DD-B656-0796F8A5ADFF} /norestart" On the Options page:  Add Condition ->  Installed Software -> Browse to the
  Office Communicator 2007 non-R2 MSI -> select "Match this specific product (Product Code and Upgrade Code)".
  7.  Name:  "Uninstall Microsoft Office Communicator 2007 R2".  Command Line:  "msiexec.exe /qn /uninstall {0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4} /norestart".  On the Options page:  Add Condition -> Installed Software ->
  Browse to the Office Communicator 2007 R2 MSI -> select "Match any version of this product (Upgrade Code Only)".
  SIDEBAR
  OK, I need to stop here and explain steps 6 and 7 in more detail because it was a gotcha that bit me after I'd already started deploying Lync with this task sequence.  I found out after I'd been deploying for a while that a tech in one of our remote
  offices was reinstalling machines and putting the Communicator 2007 non-R2 client on instead of the R2 client, and my task sequence was expecting R2, mostly because I thought we didn't have any non-R2 clients out there.  So, at first I just had our Help
  Desk people do those installs manually, but later on decided to add support for this possibility into my task sequence.  Now, when you normally uninstall something with msiexec, you would use the Product Code GUID in the command, as you see in steps 6
  and 7.  All applications have a Product Code that's unique to a specific version of an application, but applications also have an Upgrade Code GUID that is unique for an application but common across versions.  This is part of how Windows knows that
  Application X version 1.2 is an upgrade to Application X version 1.1, i.e. Application X would have a common Upgrade Code, but the Product Code would differ between versions 1.1 and 1.2.
  The complication comes in that Communicator 2007 and Communicator 2007 R2 have a common Upgrade Code, but different Product Codes and the "MSIEXEC /uninstall" command uses the Product Code, not the Upgrade Code.  This means that if I didn't have step
  6 to catch the non-R2 clients, step 7 would be fine for the R2 clients, but fail on non-R2 clients because the Product Code in the MSIEXEC command would be wrong.  Luckily, we only had one version of the non-R2 client to deal with versus 4 or 5 versions
  of the R2 client.  So, I put the command to remove Communicator 2007 non-R2 first and checked for that specific product and version on the machine.  If it was present, it uninstalled it and then skipped over the R2 step.  If non-R2 was not present,
  it skipped that step and instead uninstalled any version of the R2 client.  It's important that steps 6 and 7 are in the order they are because if you swap them, then you'd have the same outcome as if step 6 wasn't there.  What if neither is on the
  machine?  Well the collection this was targeted to included only machines with any version of Communicator 2007 installed, so this was not a problem.  It was assumed that the machines had some version of Communicator on them.
  8.  Name:  "Uninstall Conferencing Add-In for Outlook".  Command Line:  "msiexec.exe /qn /uninstall {730000A1-6206-4597-966F-953827FC40F7} /norestart".  Check the "Continue on error" on the Options Page and then Add Condition ->
  Installed Software -> Browse to the MSI for this optional component and set it to match any version of the product.  If you don't use this in your environment, you can omit this step.
  9.  Name:  "Uninstall Live Meeting 2007".  Command Line:  "msiexec.exe /qn /uninstall {69CEBEF8-52AA-4436-A3C9-684AF57B0307} /norestart".  Check the "Continue on error" on the Options Page and then Add Condition -> Installed Software
  -> Browse to the MSI for this optional component and set it to match any version of the product.  If you don't use this in your environment, you can omit this step.
  Install Lync phase:
  Now, finally the main event, and it's pretty simple:
  10.  Click Add -> General -> Install Software.  Name: "Install Microsoft Lync 2010 x86".  Select "Install a single application", browse to the Lync package created earlier and then select the "Lync x86" program.  As before, if you
  only have x64 in your environment, replace the x86 with x64, or if you have a mixed environment, copy this step, replacing x86 references with x64.
  And the task sequence is done!  The final thing you need to do now is highlight the task, click Advertise in the Actions pane, and deploy it to a collection like you would with any other software distribution advertisement.  Go get a beer!
  Some final notes to keep in mind:
  1.  You can't make a task sequence totally silent...easily.  Users will get balloon notifications that an application is available to install.  The notifications cannot be suppressed through the GUI.  I've found scripts that supposedly
  hack the advertisement to make it be silent, but neither of them worked for me.  It was OK, though because in the end we wanted users, especially laptop users, to be able to pick a convenient time to do the upgrade.  The task sequence will appear
  in the "Add/Remove Programs" or "Programs and Features" Control Panel.  You can still do mandatory assignments to force the install to happen, you just can't make it totally silent.  On the plus side, the user shouldn't have to reboot at any point
  during or after the install!
  2.  In the advertisement setup, you can optionally show the task sequence progress.  I've configured the individual installs in this process to be silent, however, I did show the user the task sequence progress.  This means instead of seeing
  5 or 6 Installer windows pop up and go away, the user will have a single progress bar with the name of the step that is executing.
  3.  One step that I didn't consider when I actually did this was starting the Lync client as the user when the install was complete.  The user either had to start the client manually or just let it start on its own at the next logon.  However,
  while I was writing this, I realized that I could possibly start the client after installing by making another Program in the Lync Package with a command line that was along the lines of "%programfiles%\Microsoft Lync\communicator.exe" and then in the Environment
  tab, set it to "Run with user's rights" "only when a user is logged on".
  4.  My first revision of this task sequence has the Prereqs phase happening after the OCS uninstall phase, but I kept running into problems where the Silverlight installer would throw some bizarre error that it couldn't open a window or something wacky
  and it would fail.  Problem was, I couldn't re-run the task sequence because now it would fail because OCS had been uninstalled, so that's why the Prereqs happen first.  It ran much more reliably this way.
  5.  For some reason that baffles me, when I'd check the logs on the Site Server to monitor the deployment, I'd frequently see situations where the task sequence would start on a given machine, complete successfully, almost immediately start again, and
  then fail.  I'm not sure what is causing that, but I suspect either users are going to Add/Remove Programs and double-clicking the Add button to start the install instead of just single-clicking it, or the notification that they have software to install
  doesn't go away immediately or Lync doesn't start up right after the install, so they think the first time it didn't take and try it a second time.
  I hope this helps some of you SCCM and Lync admins out there!

  On Step 8 I found multiple product codes for the Conferencing Add-In for Outlook.  Here's a list of the ones I found in the machines on my network:
  {987CAEDE-EB67-4D5A-B0C0-AE0640A17B5F}
  {2BB9B2F5-79E7-4220-B903-22E849100547}
  {13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}
  {C5586971-E3A9-432A-93B7-D1D0EF076764}
  I'm sure there's others one, just be mindful that this add-in will have numerous product codes.

• Found error while Deploying office 365 through SCCM.

  Hello Experts,
  We are currently working to deploy office 365 through SCCM but on client system it failed to installed.
  found error in AppEnforce.log file.
  Please help to resolved the error.

  ConfigMgr is doing it's job and trying to install the application. However the installation times out after an hour.
  See:
  Waiting for process 5820 to finish.
  That would suggest to me that there is something wrong with your installation parameters. The installation is probably not fully silent and is awaiting user input (that you cannot see).
  Narcoticoo's advice is good. Try to install the app silently manually. Until you can do this successfully ConfigMgr will not be able to deploy it.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• WSUS throwing 13002, "Client computers are installing updates with a higher than 25 percent failure rate. This is not normal."

  Hello,
  Within the past two months our WSUS Server started throwing error 13002, "Client computers are installing updates with a higher than 25 percent failure rate.  This is not normal."  We currently have 252 computers with errors in WSUS,
  and 33 updates with errors.  We have never had issues up until two months ago.  If you keep rebooting the machine, and keep running updates, they eventually all install.  I believe I will see the machines with errors go away as the weekly scheduled
  WSUS install runs over and over, and the machines reboot.
  - We run IE8 in our environment and sometimes IE9.
  - We have 300 clients, all running Windows 7 SP1 x64.
  - Our WSUS server is running on Server 2008 R2.  The WSUS build number is 3.2.7600.262.
  - We created an alternate WSUS 4.0 server on Server 2012, and redownloaded all updates.  We put one client on it and it is showing errors on 3 updates, KB890830, KB931125, and KB2917500.
  - Clients are throwing errors 800F0902, 80242016, and 80070005.
  - I've noticed something with the C:\Windows\SoftwareDistribution\Download folder on the clients.  When an update runs and fails, there is a "Install" folder created inside this folder.  If you try to open it after the failure you get
  "Access Denied"  If you reboot the machine, the install folder goes away.  (I assume this is a temp folder created to run updates).  I've checked the permissions on this folder on various machines and all seems normal.  I think
  this is the root of the problem, and why we need to keep rebooting to get all of the updates to run.  
  - I tried deleting the Software Distribution folder on a client after stopping the update service, then restarting the update service.  The folder redownloads but the client still throws errors.
  - I've gone through our Group Policies looking for anything that can cause this and found nothing.  We've created a test OU blocking inheritance, and only applying a WSUS policy in it to make it get the updates internally.  I then rebuilt multiple
  machines using Dell KACE, and still had failures.
  - We run SEP 11 and 12 on our clients.  I've tried removing the AV, making sure the firewall was off, etc.  It still throws errors.
  - I've spoken with our network team, and installed wireshark on a few clients looking for network errors and found nothing.
  - I've tried various Dell KACE scripted installs on test machines (erasing and rebuilding the machines from scratch), after which I run Windows Updates from WSUS.  They have thrown errors.
  - I've rebuilt a machine using Dell KACE, undomained it, then ran updates externally from WSUS going to Microsoft's site, and I'm still getting errors.
  - I've tried removing all software from the Dell KACE build to where it is just installing the OS and I'm still getting errors.
  - I tried taking a plain Windows 7 x64 DVD and installing that on a test machine, then without domaining it and without installing any other software, running updates from Microsofts update site.  This seems to work, althrough it does throw some errors
  but I believe those are related to having to reboot your machine in order to complete the updates (I can't remember that error code at the moment).
  Has anyone else been experiencing this?  Any suggestions as to how I can fix this?

  Hi,
  Error 800f0902
  Please try the method in this thread:
  Error
  Code: 800f0902
  Error 80242016
  If you receive Windows Update error 80242016 while checking for updates, it might be caused by a connection interruption between your computer and the Windows Update servers.
  80070005
  Usually means access denied
  Since it worked perfectly for a while, did you make any change on the server? Any applications new installed on clients?

• Running a Batch file through SCCM

  I have an installed Endpoint security program installed on 1800 systems in our domain. I have a batch file that is succesfully when run on a system. The batch is below. I've starred the sensitive info and path, (thing to remember is this batch
  works on a target system).
  REG ADD HKLM\SOFTWARE\***\***\Input /v PSUrl /d "*********" /f
  REG ADD HKLM\SOFTWARE\***\***/v *******/d 1 /f
  SC control *****232
  SC control *****225
  msiexec /x {*********************} /qn UNINSTALL_PASSWORD=******** REBOOT=ReallySuppress
  Exit /B 0
  The first 4 lines migrate where the software points to a new server, the second phase removed the software (permitted following the move). following the msiexec /x is the msi registry key of the software to be uninstalled.
  I can see the job has been sent to the test clients and been accepted by them however thats it nothing happens after that.
  Question 1 - can anyone give me a step by step of running this batch through SCCM as I'm obviously doing something wrong.
  Question 2 - Which Client SCCM logs do I look in to see what happens after the batch hits the client.

  Hi Jason,
  Yes to all of the questions above:
  Created Package; set distribution point, linled the programs (command line "programname.bat" also tried "programname.cmd"
  Created advertisment and schedule targeting collection. Nothing appears in execmgr.log
  Something should appear in execmgr.log.  I'm assuming the client is a member of the collection, the advertisement available time has passed, and the mandatory assignment time has passed?  I'm also assuming that other advertisements are working
  on that client? 
  If so, that information should be in execmgr.log.  You should be able to search for the advertisement ID and the package ID.  Otherwise, no there are no special tricks to make a batch file run via SCCM advertisements.  You should see that
  command line launched in execmgr.log.

• Trouble with OSX client registering in SCCM

  I am having a weird issue with a OSX client failing to register in SCCM.  Our infrastructure is a CAS and three primary sites.  On one of the primary sites (we will call it "Site 3"), I have a DP with the MP role on it to support HTTP
  clients and a separate DP\MP server strictly for HTTPS (OSX) clients.  It works fine and runs well.  On another site ("Site 1"), we have the same setup however when I try to register a test OSX endpoint it is showing weird behavior. 
  The HTTPS MP has a message about a registration response pending for the GUID displayed in the configuration manger client window in System Preferences and the enrollment status reports Enrolled, but it never appears in the SCCM console. Another thing is if
  I click the "connect now" button in the client applet, a new client GUID is generated and another registration response pending shows up in the dmprp.log file.
  The message "Registration response status is: CCM_REGISTRATIONRESPONSE_PENDING" appears in the DMPRP.log for the HTTPS DP\MP for Site 1 but I don't think that is a normal message for enrollment when things are working.  MP_RegistrationManager.log
  shows DDR processing matching the cert name and client GUID.
  A bit of additional info is that we are using third-party SSL certs for the endpoints and are not going through the typical ADCS PKI/SCCM enrollment point process.  The networking group reports no dropped packets on the hardware firewall everything
  is sitting behind but if you have any ideas of ways a firewall could cause this behavior I would love to hear it.

  Hi,
  Please refer to the link below:
  Enrol Mac OS X Clients in Configuration Manager 2012 SP1
  http://www.jamesbannanit.com/2012/10/enrol-mac-os-x-clients-in-configuration-manager-2012-sp1/
  Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SP1 does not get installed when the machine is set to Japanese Language, software push through sccm 2012

  Hi,
  Please help me with the below issue, iam trying to deploy Service pack 1 on Windows 7 , 32 Bit OS
  SP1 does not get installed when the machine is set to Japanese Language, software push through sccm 2012 , it does gets installed of installed manually, by remoting into the machine
  also it gets installed through sccm when the machine is set to english language, 
  Thank you
  Tanoj
  OSLM ENGINEER - SCCM 2007 & 2012

  Hi Friends,
  we are deploying the SP1 via SCCM 2012 , and the success rate is around 50 %, its a Light touch installation where user will initiate the installation via Software Center ( Web based )
  i was able to gather few errors , and this are the errors which failed during SP1 Installation 0x800f0828,
  some errors which sccm reports display are 
  11171
  10008
  10021-
  17031 - 
  1602 - User Cancelled installation
  113 - No more internal file identifiers available
  10070 - File handle reference is no longer available
  10050 - A socket operation encountered a dead network
  11170  - The task sequence manager could not successfully complete execution of the task sequence
  i could not find the reason for some of the errors, also i am looking for a fix/woraround if any
  Also i have noticed that in few computers the task seq failed at a place where after the sp1 installation a reboot happens and then PGP BYPASS utility is uninstalled, it did not start the PGP bypass uninstall after reboot
  is there a way to cut short the Task seq and keep it simple ?
  right now its like this 
  1. checking for prerequisite : checks for OS Name and OS version
  2. installs PGP Bootgaurd Bypass
  3. System Restart
  4. Installing Windows 7 Service Pack 1
  5. Final Restart
  6. uninstall PGP Bootgaurd Bypass
  Regards
  Tanoj
  OSLM ENGINEER - SCCM 2007 & 2012

• How to migrate the computers from SCCM 2007 to SCCM 2012

  Hello,
  Could anyone tell me how to mirgrate the computers present in SCCM 2007 to SCCM 2012.
  Does the "collection migration" job migrate the computers or devices present in the collection? I tried this but computers were not migrated.
  Should we again discover the computers in SCCM 2012?
  Thanks,
  SreehariG

  There is no migration job in CM12 that will migrate CM07 clients. You need to install CM12 agent on your CM07 client in order to migrate them. During the installation the existing CM07 client will be uninstalled. You can use any supported
  client deployment methods to migrate to your new CM12 environment. More information here:
  http://social.technet.microsoft.com/Forums/en-US/configmanagermigration/thread/71175a47-22fe-4284-871c-834c0c999075

• MS Office Pro 2013 Deployment through SCCM 2012 R2

  Hi Friends,
  I have deployed MS Office Pro 2013 through SCCM 2012. But from Windows 7 Client Machines It's not Installing. Noticed following error in Software Center.
  I'm testing two deployments before bring into production.
  Test Machine 1 :  Purpose = Available 
  From Software Center I have found Test Machine 1 is Status failed.
  Test Machine 2 : Purpose = Required
  From Software Center I have found Test Machine 2 is Status post due-will be retried
  The following Error code is same for both Machines.
  ====================================================
  The software change returned error code 0x87D00607(-2016410105).
  ====================================================
  Any idea please .
  Regards,Ali

  Hi,
  Check out this great guide from Ronni on how to deploy Office 2013 using Configuration Manager 2012, a good read.https://gallery.technet.microsoft.com/office/How-to-Deploying-Office-0f954e7f
  Are the content succefully deployed to all DPs?
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• I can no longer run reports of my client computers

  RDC 3.2.2 I recently need to run some reports of all my client computers. First, I attempted to run report of several computers. It never got beyond "Waiting for report data", so, I attepted to do separate clients, one at a time. Same result. All users are upgraded to the current client. Users are on a 1000BaseT network. Thought it may be 10.5.6 update related, but not all of my users are on Leopard. I have testing a variety of different clinet configs and I cannot generate a report.

  Starting on May 29th, 2008, I noticed that some of the computers that have been added to ARD were showing up with their IP address as 0.0.0.0. Some of the systems could have reports done for them while other would not. At the time, out of 140 computers currently listed, only 120 returned reports.
  After troubleshooting I called Apple to attempt to figure out where this problem may reside. Apple indicated that the IP numbers would get zeroed out when another device takes over the IP address of the client computer. This made sense since we were setup via DHCP. They could not determine why the reporting was not functioning without further troubleshooting through Enterprise support. This would require funding to get additional support.
  On January 22nd, 2009 I called Apple support back and started the support via their Enterprise support. The technician asked if we were using spanning tree with our network switches. I verified with the network team that we are using multicast spanning tree for Semantic Ghost. The technician also asked that I set up ARD on another test computer to see if the problem occurs with that system as well.
  On February 5th I setup both a second system for ARD Admin and a test client computer. In Mid February I set up the SQL database used by ARD to be accessed but other applications, such as a PHP webpage. This would allow me to see what information was in the database without needing to use ARD admin.
  By March 5, I had completed my tests and determined that the information is still being lost using this second computer setup. Keep in mind that the test client computer had been turned off by mid February so its network IP number would be release for another device to use. A few days before I had created a second account on the test ARD admin computer and re-imported the original list of systems used when this test started. This second account did not have the ARD test client computer added into ARD admin. This would allow for reports to be collected for a few days on this system. I then went back to the original account for ARD admin on March 5 and attempted to run the report for the test client. In ARD admin I was not able to acquire any report information. I was, however, able to see the data using the PHP webpage I have created earlier.
  I called Apple back to continue troubleshooting this problem. Remember that we had paid for support for this problem, $199. The technician indicated that the case had been resolved and closed. I explained that the issue was not resolved and troubleshooting was still ongoing. The technician remained adamant that the case was resolved and would not open a new case for further support.
  I spoke with my Technical Director in regards to this. We both called Apple Enterprise support back to see if we could get further support for this unresolved issue. The technician did give us a bit of support, however, he continued to insist that we were adding the client computers in via IP and this was causing our problems. We explained exactly how we have been adding computers into ARD admin; by scanning them through our network and dragging them to the main list, not by adding them by direct IP. The technician then continued to be unclear as to how to go about correcting this situation of lost data. He indicated that when the client computer's IP was taken over by another device the only way to get the client to report again was to remove and re-add the client back in.
  According to the document "ARD 3.1 Admin Guide.pdf"; Chapter 8 page 104, in the section titled "Installing Software on Offline Computers", paragraph 2, it states "When the client comes online, it contacts the Task Server and notifies it of its network state and any setting changes (like a DHCP-assigned IP address change)." Even after reading this statement to the technician he still was not clear as to why the client computers did not update their IP information correctly (from their current 0.0.0.0 IP) when reconnected back to the network.
  Because information is continuing to become lost Apple Remote Desktop is not meeting the needs of our department and the community college for tracking the Macintosh hardware currently in use. It may take an extended time to retrieve requested information if this data does not get reported on in ARD admin. Currently, one of my coworkers is in the process of creating a whitepaper to include alternatives for asset management for the Macintosh community.