Howto trigger an update of SCEP at the end of the task sequence?

Similar Messages

• OSD - Failed to run Task Sequence. An error occurred while starting the task sequence (0x8007000E).

  Failed to run Task Sequence.
  An error occurred while starting the task sequence (0x8007000E)."
  While OSD, picks up task sequence but fails in resolving task sequence dependencies. SMSPXE identifies device is not in database (unknown).
  SMSTS.log shows
  ThreadToResolveAndExecuteTaskSequence failed. Code(0x8007000E)" in SMSTS.LOG, have seen other articles suggesting failure due to lack of storage (RAM) but this task sequence has worked in past.
  By the way, if I create a stand alone media, we are able to image the workstation. What has changed in the task sequence such that the workstation is unable to download policies due to lack of storage (RAM) on workstation. Workstation has 2 GB of RAM.

  I have found a work around for the issue, even though the computer is unknown, there were software updates targeted to the ALL SYSTEMS collection which applies to All Unknown Computers and therefore to x64 Unknown Computer and x86 Unknown Computer.
  We had a SCEP ADR applying definition updates to All Systems, we applied the ADR to a different collection, removed all the SCEP updates to All Systems and successfully re-imaged the workstation. Following article was of great help in identifying the problem
  after-selecting-a-task-sequence-in-configuration-manager-2012-sp1-you-receive-threadtoresolveandexecutetasksequence-failed-code0x8007000e-in-smsts-log
  Thanks Gerry for your assistance.

• Failed to run task sequence. Error occurred while starting the task sequence (0x8007000E)

  Hi there
  Patch Tuesday yesterday (10th June2014). As always we deploy new patches first to a test collection where Windows 7 updates automatically apply.
  Upon trying to rebuild any of the machines in this test collection, we were presented with the following error message:
  Failed to run task sequence.  Error occurred while starting the task sequence (0x8007000E)
  After searching about this, I found this page from Niall Brady, which explained the problem:
  http://www.niallbrady.com/2013/05/17/after-selecting-a-task-sequence-in-configuration-manager-2012-sp1-you-receive-threadtoresolveandexecutetasksequence-failed-code0x8007000e-in-smsts-log/
  So I removed some of the machines from the test Windows update collection, and as per the advice in the above link, the error was gone and those machines could be built successfully.
  So the problem is there were too many many policies downloaded (apps, packages and most of all updates) for the task sequence ram to store, hence the error.
  Now...
  ...I have a question.
  The next logical step to my mind is to patch our OS image with all missing patches, so these do not have to be downloaded at build time. Niall mentions this as one of the resolutions to this issue.
  However there seems to be some confusion over whether this would actually make a difference.
  I read through this link:
  http://social.technet.microsoft.com/Forums/en-US/7e597b44-2586-4063-b6d0-cec48a7c11c7/sccm-2012-task-sequence-failure-0x8007000e?forum=configmanagerosd
  There's seems to be no consensus on this.
  Is SCCM 2012 clever enough to - when the task sequence is first started - to download ONLY the updates (policies) it detects as NOT present in the OS image...
  or
  Will it simply try to download policies for ALL items deployed to it, whether the updates are present in the OS image or not?
  I will be disappointed if SCCM 2012 SP1 CU2 isn't clever enough to only download policies at build time for the apps, packages and updates it detects as needed.
  I'd be grateful for some clarity on this.
  Regards,
  John, Glasgow.

  Hi Jason
  Thank you for replying, I appreciate it.
  1) We currently have 15 or 16 software update groups for Office updates, dating back a month or two. The latest software update group contains all the patches in the previous software update groups plus the patches released on 10th June. Do you recommend
  deleting all but the latest software update group?
  2) I'm almost reluctant to ask this, but based on what you have advised, is it the case that when the task sequence executes, it will download policies for each update in each software update group regardless of whether it has already downloaded a policy
  for an update in a previous software update group? So in effect it's downloading policies (for updates) it has already downloaded?
  3) I'm not clear on why there would be no policy for an image; in Niall Brady's informative page on the 8007000E error, he writes the following:
  "The reason it has run of space could be due to four possibilites: too many applications, too many Windows updates, too many Task Sequence steps, too many referenced packages'.
  Can you shed some light on why there isn't a policy for an image?
  Thanks again for replying,
  John.

• How to fail the task sequence if an MDT variable is not populated?

  We are deploying Windows 7 using ConfigMgr 2012 SP1 CU3 integrated with MDT 2012 Update 1 using the MDT database locations table to populate the MachineObjectOU MDT variable.
  Currently the "Apply Network Settings" task will read the MachineObjectOU variable and add the computer account to the OU returned by the MDT database query.  If no value is returned it will not domain join the computer, instead it continues
  the task sequence and configures the machine as a workgroup machine.
  I would like the task sequence to fail if the MachineObjectOU variable is not populated by the MDT database query instead of continuing as a workgroup build.  What is the easiest way to do this?
  Thanks!
  FP

  I agree. 
  I would write a script that reads the Variable and checks that it has a valid content. 
  If it doesnt i would return an exitcode from my script and have the TS fail on that

• OSD - USB insert media #1 for the task sequence

  Hi
  I'm creating a standalone media for USB
  Step that I did
  1. Create a Standalone media to .iso files
  2. Diskpart - I prepared the USB using the diskpart command
  3. Extract the standalone.iso files in the USB  (copy the contents)
  everything is work fine, exempt the packages that I included in the stanadlone TS is NOT installed and asking for "insert media #1 for the task sequence"
  This issue arise only when I used the USB
  Content of T.S  (stand alone task sequence)
  a. Windows 7 and company standard application
  b. Packages 1 : Install the 7Zip
  c. Packages 2 : Install the update for the acrobat reader
  I don't want to recreate the images due to minor changes and it will consume time also, that's why I added in the T.S place in USB
   Please advise , what is wrong
  Robert

  Hi,
  We also get the same problem, and at the time it occurs the USB stick does not show up in notepad, or in diskpart list disk.  
  It happens after the windows 7 image is apply just as it's trying to install the applications.

• "The task sequence has been suspended" when using a conditional task sequence

  I'm getting the dreaded "The task sequence has been suspended. LiteTouch has encountered and Environment Error (Boot into WinPE!)" when using a conditional task sequence. 
  I've created a "Install Application" task  right before the "Restart Computer" in the postinstall phase. The task installs a Dell Bios update.  I've added two WMI conditions on the task, to match it with the correct model and to check that the
  bios not current.  This works very well, except for a strange issue.  When the computer reboots into WinPE, I get the error above.  The message stays for about 30 second and then disappears.  After that the computer reboots into Windows
  7, runs the Bios Update and throws up a similar message but with the addition of Use the desktop shortcut to resume.  (however there is no shortcut).  The message disappears after a while and the process stops there. If I reboot
  manually, the installation will continue and finish without any error. It's as if a LTIsuspend.wsf was inserted.
  Does anyone have any clue what's happening?

  Thanks for the answers, but I finally figured it out.  The problem was due to where I had inserted it during the deployment sequence.  The bios update task sequence was attempting to run in WinPE.  I moved the sequence to the state restore
  section and now it's working perfectly.  I was trying to run the update earlier during the installation sequence, as was recommened by Dell, but that doesn't appear to be feasible.  This will have to do.

• Using a environment variable that was created during the Task Sequence process - SCCM 2012 R2

  Hi,
  I'm triyng to use a environment variable that is create in the beginning of the Task Sequence.
  1. I'm using a VBScript that get the Exit Code of an application, and create the environment variable "iReturn" with the value of the exit code. (This is working)
  2. I add this variable in the CustomSettings.ini, like this "iReturn=%iReturn%
  3. After the step that I run the VBScript I put the "Gather" step to get the variables, but looking in the BDD.log the iReturn variable appears the same as the CustomSettings.ini configuration "iReturn=%iReturn%". (But, if I put a "Restart
  Computer" step after the VBScript, the BDD.log shows the iReturn variable with the right code.)
  Question: How can I update the environment variable of Windonws XP to use in the Task Sequence without restart.
  OR
  How can I configure autologon in SCCM 2012 (if have no way to update withou restart computer).
  I already tried the autologon with registry settings and a specific user, If I starts the process with this user works, but If I starts the process with other user, after the autologon the process doesnt continue, I have to do logoff and login with the user
  that I started the process.
  PS: All this steps have to be executed before the WinPE phase. 

  Environment variables must be explicitly set every time a system boots so unless you have a process to repopulate it after the reboot, it won't persist automatically.
  Why not store the value in a task sequence variable so that it persists after a reboot?
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Distribute Customer Updates in SCCM 2012 (CU's) using a Task Sequence

  I want to utilize a Task Sequence to Distribute Customer Updates to SCCM 2012 Clients.  I currently have 2 collections for pre-CU 4 clients, one for 32 Bit Clients (x86) , one for 64 Bit Clients (x64).  I have a package pertinent to each collection
  which I use to distribute the updates.
  However, instead of segregating them by collection, I would like to have one big collection, and have the Task Sequence sort out which package should load on which collection.
  I've tried using the RUN COMMAND LINE, and INSTALL PACKAGE options to no avail.  Is there a way to utilize a Task Sequence for this undertaking, or should I just continue the way I'm currently doing it.
  Thanks ,
  Dan

  You can set Collection Variables for the two collections, then add running condition in the Task Sequence Steps for corresponding collections.
  Juke Chou
  TechNet Community Support

• Running powershell at the end of a task sequence

  I have a standard task sequence (non-MDT). I've added nothing to the task sequence except to join the domain. I created a powershell package to run a simple script to install Server 2012 R2 roles and features. Here is the script
  import-module servermanager
  Install-WindowsFeature -Name  Web-Server, Web-WebServer, Web-Security, Web-ISAPI-Ext, Web-Windows-Auth, Web-Metabase, Web-WMI, Web-Scripting-Tools, rdc, BITS, NET-Framework-Features, Web-Asp-Net, Web-Asp-Net45, NET-HTTP-Activation
  The script runs fine if I run it manually in an elevated prompt.
  The program in the package has a command line of
  powershell.exe -ExecutionPolicy bypass -File FileName.PS1
  The behavior of running the package after the task sequence is:
  1. Nothing in the CCMCache folder (although the client is fully installed)
  2. In ExecMgr.log I see that the client has prepared the command line (as stated above), and tried to run the command line.  I get a return code of 0 (even though the script file hasn't been downloaded
  3. I noticed in ExecMge that the command line expands to ...\windows\system32\powershell\v1.0\powershell.exe.  I only mention this because I read that powershell 1.0 doesn't support executionPolicy -bypass
  Lastly, if I deploy the package to an already existing server, I see the script in the CCMCache, I see execMgr.log runs the command line, return code 0, nothing happens.
  Any ideas?

  Can you test your script with psexec -s to emulate running as the SYSTEM account? This may be a limitation of the SYSTEM account.
  Daniel Ratliff | http://www.PotentEngineer.com

• Image not displaying in the Task Sequence Wizard. SCCM2012

  This is my question, so I will post the link here.
  http://community.spiceworks.com/topic/925727-image-not-displaying-in-the-task-sequence-wizard-sccm2012
  Bryan
  I captured an image from a PC that I am preparing to be deployed with Office 365. Once I captured
  the image, I went to the software library to add the operating system image. That seemed to go on without any issue, but when I look at the summary, I see the big yellow globe saying "in progress" it has not changed since yesterday afternoon.
  I then created the task sequence for this image
  to be deployed under Software Library, Task Sequences. When I selected the references tab, everything seemed to be in order with the exception of the "operating system image" under type. It was/is showing 0.0% Compliance.

  So, the problem described in the other forum post does not match the title of this thread. Are you trying to address two different things? These are unrelated btw.
  For the issue in the other thread, you'll have to troubleshoot your content distribution to the selected DP. The distmgr.log and pkgxfermgr.log (assuming you chose to distribute the image to a DP directly attached to your primary site) are the places to
  start and will show you exactly what's going on.
  As for the title of this thread, we'll need a lot more info to help you there.
  Finally, I would suggest you copy your questions from other sources into the thread -- this will help other folks in the future that may stumble upon this thread and will prevent any confusion.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Does 2012 OSD get around requirements to get to the MP during the task sequence?

  Currently right now I am working in an environment where we are on SCCM 2007, but will be going to 2012 next year. We are in the process of trying to make it so we can build on a secure network that cannot route to any other network. I am prepared to put
  a DP out on this same network, but the problem I am running into is that during the task sequence starting, it downloads the task sequence from the MP, not the DP as it is not associated with the package. The MP is not on the same un-routable network. We will
  need to have about 6 or so of these, so we do not want to setup 6 MP because now you are looking at not only 6 primary site licenses, but 6 SQL installs (Our environment will not let me get away with doing SQL express for support reasons) which adds up quickly.
  Below is a link to exactly what I am speaking about:
  http://blogs.technet.com/b/configurationmgr/archive/2009/04/16/configmgr-2007-primary-site-mp-is-used-for-the-task-sequence-even-when-deploying-osd-images-to-secondary-sites.aspx
  What I am wondering is if SCCM 2012 OSD was structured differently in a way that access to the MP is no longer necessary during the task sequence process (say for example the task sequence xml is replicated to DPs too)?
  Thanks. 

  My apologizes. I was meaning to say Primary, Secondary Sites. Not MPs. I brought this up to give reference to idea about the boundaries that I am going to have to use to prevent these clients from contacting DPs they they can't route to.
  The idea behind getting off the build network and onto a prod is that security requirements from my companies Infosec require that we limit the amount of traffic on production networks. The idea is that the server be built on the build network, disconnected
  and brought into prod. The whole time the MP would be the same, but the DP would switch based on the prod network they were brought into as DP will reside in these prod networks which will get flipped over by the boundary for the prod subnets. Once on the
  prod network they would be able to contact the MP. 
  I would love to do stand-alone media, this is one of the first roads I started looking down as I have done them in the past for offline builds, but I need the machine to auto assign its hostname from a external servers that will script the build. The build
  process we are trying to put into place will be started from an external website. My first thought was to have it add the machines to a collection and add a variable that would be turned into a task sequence variable during the TS and use it for the hostname
  when it attempt to apply the Windows settings. The only way I think I could get this to work would be to write a script that is executed during the task sequence that would match the MAC address of the machine and assign the hostname by calling on another
  share that is written to by the external website with the MAC and hostnames. The only problem that I cannot get around is that this build process needs to be fully automated and this is for both virtual and physical. I have no problems mounting a stand-alone
  build ISO using a script for VMWare, but the problem starts when I look at the physical and limitations of scripting for both iLo and iDRAC for performing this step. iLo can be done, but iDRAC is limited. 
  As for a reverse-proxy I will not be able to look at that. They have specific requirements against using reverse-proxies in only specific situations and this it not allowed. I got turned down on this one. This requirement is created by a federal regulation
  my company has to follow. 

• Call Task Sequence at the end of a task sequence

  Hi
  I have SCCM 2012 R2 with many task sequence.
  It's possible at the end to task sequence to call another task sequence? If yes, do you a link to explain that?
  Thanks

  The TechNet documentation has the bascis:
  https://technet.microsoft.com/en-us/library/hh846237.aspx#BKMK_InstallApplication (expand Details).
  You simply need to populate the task sequence variables with the values corresponding to the applications or packages you want to install. This can be done in a variety of methods including directly assigning them to a collection or device, using a script,
  or the built-in set task sequence variable step.
  It all depends on how the task sequence is informed which path to take.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• "Welcome to the Task Sequence Wizard" never shows on PXE boot, but does on Boot Media with prestart command

  Hey guys, I have a fairly odd situation here.  I have all OSD Task Sequence advertisements set to "PXE and Boot Media (hidden)" and all are optional
  (not mandatory).  I use a powershell form via prestart command to give the user a choice which limits what task sequences they choose.  When everything is working, this process works.  Unknown desktop-class systems see desktop task sequences,
  and server-class systems see server task sequences.
  Here's where it's different when I use different boot methods:
  Boot Media
  "Welcome to the Task Sequence Wizard" is presented.  User hits or clicks Enter.
  Powershell form is presented; user picks their task sequence
  Confirmation screen is presented with the task sequence they selected (this is an OSD screen the same size as the "Welcome to the Task Sequence Wizard"
  screen.
  Dependency check screen is shown with a progress bar.  If a package is missing from a DP, it will display an error here with the PackageID.  This
  looks the same as "Regular" OSD with standard non-hidden advertisements.
  PXE Boot
  "Welcome to the Task Sequence Wizard" is never displayed.
  Powershell form is the first screen they see.  They select it and it continues.
  No confirmation screen is presented if the system is known;  if it is an unknown system, a small dialog says there is a
  *mandatory* task sequence about to be run and it will run in 180 seconds.  Users can hit enter.
  No dependency check screen is shown; and if a package was missing, instead of presenting an error, it simply reboots.  However, if everything is there,
  the process starts successfully.
  While I have no problems with the first window never being displayed, not displaying the error dialog and simply rebooting is what is bothersome to me. 
  99% of our builds are from PXE boot.
  Again, these task sequences are all 100% optional, NOT mandatory, and I've double checked this multiple times.  Can anyone explain why we get different
  behavior between boot media and PXE boot?  Any way of getting PXE boot to "mimic" the Boot media behavior?
  I followed the guide here:
  http://www.mydreampage.net/2012/09/21/how-can-i-deploy-a-hidden-task-sequence-in-configuration-manager-2012-sp1/
  If you see the image here:
  http://www.windows-noob.com/forums/uploads/monthly_09_2012/post-1-0-29840100-1348236179.png
  You'll see the "Retrieving policy for this computer..." dialog box - I never get that with PXE - just Boot Media.
  Note that I am running 2012 R2, not 2012 SP1 - but I never got a chance to test this process with SP1.
  Upon further experimentation, the "hidden" task sequence has nothing to do with this.  If I change it to a normal, non-hidden advertisement, as
  long as the "prestart" command in the boot image is used, we don't get those missing dialog boxes at all, with PXE.

  Are both boot images the same for PXE and the boot media? Same package ID and all? 
  Boot media for us always shows the task sequence wizard first, while PXE always displays the pre-start command first. 
  Daniel Ratliff | http://www.PotentEngineer.com

• "The task sequence has been suspended. LiteTouch is trying to install applications. This cannot be performed in Windows PE."

  MDT 2012 Server is up and running. I mistakenly deleted a Task Sequence step called "Install Application" that I thought was not needed (I know I should have disabled it and tested).
  I have a problem now, when I went to image a computer I did not get application list (This used to work before I deleted the above TS step) with items to check and uncheck for installation.  "Install Application" TS was readded but now when I try to
  image I get this error:
  "The task sequence has been suspended. LiteTouch is trying to install applications. This cannot be performed in Windows PE."
  I've tried moving it to different positions on the list (Higher and lower) to no avail, I always get the same error. Please advise.
  -Thanks in advance!

  On the computer you are deploying to "the client", boot into WindowsPE just like you are going to image and before you authenticate or
  get any dialogue boxes, press F8 in WindowsPE to get command prompt and type the following:
  diskpart
  list disk
  select disk 0
  list part
  select part 1
  clean
  create part primary
  assign
  active
  exit
  Please mark this as the answer if it works.
  You are awesome this worked for me I didn't see how I was going to get my new computer to reimage again Thank you sooooooooooooo much!!!

• Installing "Applications" during the task sequence and installation enforcement

  Hello,
  Kind of a weird question here, so it seems like I'm seeing that if you install an application on a system during its OSD task sequence, then you later manually uninstall that application, that SCCM considers that system now out of compliance? 
  And then reinstalls the application as indicated in AppEnforce.log?  Is this true?  If so, how do you get around this behavior?  I guess I thought that this application compliance only took effect when you actually deploy an application to a
  system, through an actual deployment.  I didn't realize that it would enforce compliance even if an application was installed during a task sequence.  So if you have hundreds of systems that were imaged with the same task sequence and you have
  a small handful of machines that can't have application X on it (so you want to uninstall it), which was installed via the task sequence, how do you disable this compliance enforcement and disable its automatic reinstall?
  Thanks for any help you can provide.

  Sorry for the delayed response, thank you both for your input.  To answer both your questions, no these workstations do not have any required deployments for this application directed at them.  I have confirmed that, however, they do have
  the OSD task sequence deployment (that contains this application) constantly "available" to them (via only "media and PXE") as this makes it very easy for our technicians to reimage any machine whenever they need to (love that feature
  by the way).
  I can only assume that because they still have this task sequence deployment pointed at them is why they continue to attempt to reinstall this application when ConfigMgr finds that it's not installed anymore.  In fact it does it at the same day/time
  each week, which I believe is the same day/time of the week that the machines were imaged.  I must have the compliance part of the clients configuration to check every 7 days for stuff like this?  Anyway, that's my conclusion for now. 
  Since even Wally Mead felt that this must be an actual required deployment outside of the task sequence I'm really curious to see if anyone else sees this behavior.  It would be fairly simple to attempt to recreate, image a machine with a task sequence
  that has "application" installs included, where the deployment for it is just "available" and keep the deployment "available" after the machine is reimaged.  Then after that, uninstall one of the apps that was installed
  during the task sequence via an "application" and then see if it reinstalls automatically, it may wait a while (may 7 days by default?).  You can see the evidence of our application reinstalling itself in the "AppEnforce.log".
  Is it even remotely possible that this is a new "feature" or behavior of ConfigMgr 2012 and "Applications"?