Loopback policy processing mode - for local policy on desktop
Hi folks,
I am trying to apply a domain group policy to a user.
All the usual checks have been made, user confiugration applied to user, link enabled, correct OU no filtering etc. However the policy is not applying, and it seems not even to be visible.
I am getting a message when I do an RSOP, and I suspect it is the root cause:
"During last user policy refresh...Computer was set to process policy in Replace mode"
MY questions are:
1) could this be related? I see the definition for Replace mode is to process computer settings only?
2) If so, then how do I change this setting on the LOCAL computer policy, assuming it is configured there? I dont see an option under Computer configuration like I do on the server/domain templates.
Thanks.
If loopback policy is enabled (which is a computer policy), and set to replace, the only user settings that will be applied are those in the same GPO's user settings or other user settings at that OU level and below. So, depending on the settings that
you want to apply to the desktop, you need to set them in the GPO at the same level.
There is also the merge setting which will apply policy from GPOs above that OU and combine with the policies in your GPO.
To see if loopback is on, look in rsop settings for the path below.
To set user configuration per computer, follow these steps:
In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
Locate Administrative Templates, click System, click
Group Policy, and then enable the Loopback Policy option.
http://support.microsoft.com/kb/231287/en-us
Similar Messages
-
My movie download is stuck in process mode for 10 hours
I downloaded a movie to watch on a trip and for the last 10+ hours it's seems to be stuck in the process mode. I can't watch the movie I can't delete the movie,
Downgrading the iOS is not supported by Apple. You will get errors/it will not work
Try:
- iOS: Not responding or does not turn on
- Also try DFU mode after try recovery mode
How to put iPod touch / iPhone into DFU mode « Karthik's scribblings
- If not successful and you can't fully turn the iOS device fully off, let the battery fully drain. After charging for an least an hour try the above again.
- Try another cable
- Try on another computer
- If still not successful that usually indicates a hardware problem and an appointment at the Genius Bar of an Apple store is in order.
Apple Retail Store - Genius Bar -
What is Microsoft's official policy regarding the processing time for HCK2.1 Driver Submissions?
What is Microsoft's official policy regarding the processing time for HCK2.1 Driver Submissions?
Can someone point me to a document that states the official policy stating their maximum review time? This info used to be in the WLK1.6 FAQ but I don't see it for the HCK2.1 suite.
Thanks!
AlIan,
Thanks for your reply. Yes, I'm sure LabVIEW uses the (default) Windows timer. And yes, 1 mS is not guaranteed due to the preemptive nature of Windows (and even "RTOSs" to varying degrees), which is why I see about plus or minus 2 mS.
Apparently the Windows timer can be set by API calls. See: http://www.lucashale.com/timer-resolution/. Here's a screen shot of his TimerResolution.exe on a Windows 7 PC:
Here it is on my Windows XP PC after I set it to "Maximum" (initially it was 15.625 mS):
Notice that it sets the Maximum to less than 1 mS, which is supposed to be the max, so there are some bugs. Plus the Default button does not reset it in XP, but does work on Windows 7 or 8. (I know this is not the place to "debug" non-LabVIEW applications!)
I'll bet LabVIEW sets it, too. The only caveat, as I said, is it looks like another application can change it, since the hardware timer is a "global" timer. I have not seen this issue in my LabVIEW applications, have you?
I guess I need to do some more digging to see the code to set the timer, but it looks like the developers of LabVIEW have it figured it out.
(FYI, I did notice that running my LabVIEW app (which gives about 2 mS resolution) or a C# app, which gives 15.625 mS resolution, does not affect what TimerResolution.exe reports, so I'm not sure if it's really working correctly. If I figure it out I'll post the results.)
Ed -
Local policy route-map for policy route
Hi
this is related my previous question:
I want to set policy route on asr1004, that redirect vpn traffic.
my case is:
asr1004 import a default route 0.0.0.0 from int 0 with bgp neibour address 10.100.100.100
assume internal traffic 10.10.10.0/24 coming into asr1004 on int 1.
assume vpn with ip address 10.2.2.2 is direct linked to asr1004 int 2, and int 2 ip address is 10.2.2.1
assume taget network is 10.200.200.0/24
I want internal traffic (10.10.10.0/24) go to target (10.200.200.0/24) to be redirect to10.2.2.2 (vpn) first, so I add "ip route 10.200.200.0/24 10.2.2.2" on asr1004.
Than, I want vpn (10.2.2.2) encrypt traffic and send it to one of ip in10.200.200.0/24 range again. at this point if I put local policy route-map below, is it will work?
ip local policy route-map vpn-out
access-list 100 permit ip 10.2.2.2 any
route-map vpn-out permit 10
match ip address 100
set ip next-hop 10.100.100.100
if not, do I have any change to do policy route for this case?
any comment will be appreciated
Thanks in advance
Julxuhi Jon
can I refresh the question again:
my case is:
asr1004 import a default route 0.0.0.0 from int 0 with bgp neibour address 10.100.100.100
assume internal traffic 10.10.0.0/16 coming into asr1004 on int 1 with ip address 10.3.3.3
assume vpn with ip address 10.10.2.2 is direct linked to asr1004 int 2, and int 2 ip address is 10.10.2.1
assume taget network is 10.200.200.0/24
I want internal traffic (10.10.0.0/16) go to target (10.200.200.0/24) to be redirect to10.10.2.2 (vpn) first, so I add "ip route 10.200.200.0/24 10.10.2.2" on asr1004.
Than, I want vpn (10.10.2.2) encrypt traffic and send it to one of ip in10.200.200.0/24 range again. at this point if I put local policy route-map below, is it will work?
ip local policy route-map vpn-out
access-list 100 permit ip 10.10.2.2 any
route-map vpn-out permit 10
match ip address 100
set ip next-hop 10.100.100.100
such as:
interface TenGigabitEthernet0/0/0
description bgp to get default
ip address 10.100.100.100 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
interface TenGigabitEthernet0/1/0
description get internaltraffic
ip address 10.3.3.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
interface GigabitEthernet0/2/1
description vpn
ip address 10.10.2.1 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
media-type rj45
negotiation auto
ip local policy route-map vpn-out
access-list 100 permit ip 10.10.2.2 any
route-map vpn-out permit 10
match ip address 100
set ip next-hop 10.100.100.100
ip route 10.200.200.0/24 10.10.2.2
Could you please advise if it is correct? -
Local policy for 8.1 Tablet lock screen behaviour
We've just loaded our corporate SOE onto a couple of different Windows tablets. An Acer and a Surface Pro 3. Now by default it seems to activate a default lock screen behaviour of having to hold the windows button and press the power button to unlock the
device. We didn't set this, it seems to kick in automatically. Now the problem is that this works on the Acer and not the SP3. I'd like the lock screen behaviour to revert back to the default, which is to swipe up to unveil the login box. However, I can't
seem to find the local policy or registry setting to do this. Any ideas?This is not a MDT issue. There is something Group Policy or somewhere else (VPN software). that is forcing Windows to act this way.
Keith Garner - Principal Consultant [owner] -
http://DeploymentLive.com -
No log for am policy agent for iis6
Hello!
Im trying to get Policy Agent for IIS to run on my Win Srv 2003 with IIS6 and Sharepoint Services.
I am running the OpenSSO version of Access Manager.
I have installed the agent and done the initial cofiguration.
When i try to browse the resource i get a login prompt (IIS Basic Auth)and cannot login followed by "Not Authorized 401.3"
I should get redirected to the AM Login page, shouldn't I?
I tried to look for answers in the log file but the /debug/<id> directory i empty.
Anyone know what to do?
The amAgent.properties file:
# $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Access Manager
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Access Manager will disable the SDK.
com.sun.am.cookie.name = iPlanetDirectoryPro
# The URL for the Access Manager Naming service.
com.sun.am.naming.url = http://login.lta.mil.se:8080/opensso/namingservice
# The URL of the login page on the Access Manager.
com.sun.am.policy.am.login.url = http://login.lta.mil.se:8080/opensso/UI/Login
# Name of the file to use for logging messages.
com.sun.am.policy.agents.config.local.log.file = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAgent
# This property is used for Log Rotation. The value of the property specifies
# whether the agent deployed on the server supports the feature of not. If set
# to false all log messages are written to the same file.
com.sun.am.policy.agents.config.local.log.rotate = true
# Name of the Access Manager log file to use for logging messages to
# Access Manager.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Access Manager.
com.sun.am.policy.agents.config.remote.log = amAuthLog.sharepoint.lta.mil.se.80
# Set the logging level for the specified logging categories.
# The format of the values is
# <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
# 0 Disable logging from specified module*
# 1 Log error messages
# 2 Log warning and error messages
# 3 Log info, warning, and error messages
# 4 Log debug, info, warning, and error messages
# 5 Like level 4, but with even more debugging messages
# 128 log url access to log file on AM server.
# 256 log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.log.level = 5
# The org, username and password for Agent to login to AM.
com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.password = PN4rEZ1uhx1404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslcert.dir = C:/Sun/Access_Manager/Agents/2.2/iis6/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certdb.prefix =
# Should agent trust all server certificates when Access Manager
# is running SSL?
# Possible values are true or false.
com.sun.am.trust_server_certs = true
# Should the policy SDK use the Access Manager notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notification.enable = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notification.url = http://sharepoint.lta.mil.se:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.url_comparison.case_ignore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.polling.interval=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the access manager. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userid.param=UserToken
# Profile attributes fetch mode
# String attribute mode to specify if additional user profile attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user profile attributes will be introduced.
# HTTP_HEADER - additional user profile attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user profile attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
# The user profile attributes to be added to the HTTP header. The
# specification is of the format ldap_attribute_name|http_header_name[,...].
# ldap_attribute_name is the attribute in data store to be fetched and
# http_header_name is the name of the header to which the value needs
# to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organiz ational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
# Session attributes mode
# String attribute mode to specify if additional user session attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user session attributes will be introduced.
# HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
# HTTP_COOKIE - additional user session attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
# The session attributes to be added to the HTTP header. The specification is
# of the format session_attribute_name|http_header_name[,...].
# session_attribute_name is the attribute in session to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.session.attribute.map=
# Response Attribute Fetch Mode
# String attribute mode to specify if additional user response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user response attributes will be introduced.
# HTTP_HEADER - additional user response attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user response attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
# The response attributes to be added to the HTTP header. The specification is
# of the format response_attribute_name|http_header_name[,...].
# response_attribute_name is the attribute in policy response to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.response.attribute.map=
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.lb.cookie.name = GX_jst
# indicate where a load balancer is used for Access Manager
# services.
# true | false
com.sun.am.load_balancer.enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.config.version=2.2
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.config.audit.accesstype = LOG_BOTH
# Agent prefix
com.sun.am.policy.agents.config.agenturi.prefix = http://sharepoint.lta.mil.se:80/amagent
# Locale setting.
com.sun.am.policy.agents.config.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.config.instance.name = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.config.do_sso_only = true
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.config.accessdenied.url =
# This property indicates if FQDN checking is enabled or not.
com.sun.am.policy.agents.config.fqdn.check.enable = true
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.config.fqdn.check.enable,
# com.sun.am.policy.agents.config.fqdn.map
com.sun.am.policy.agents.config.fqdn.default = sharepoint.lta.mil.se
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Access Manager policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
# Another example is if you have multiple virtual servers say rst.hostname.com,
# uvw.hostname.com and xyz.hostname.com pointing to the same actual server
# abc.hostname.com and each of the virtual servers have their own policies
# defined, then the fqdnMap should be defined as follows:
# com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.config.fqdn.map =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Access Manager for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
com.sun.am.policy.agents.config.cookie.reset.enable=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Access Manager.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.config.cookie.reset.list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
com.sun.am.policy.agents.config.cookie.domain.list=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.config.anonymous_user=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.config.anonymous_user.enable=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.config.notenforced_list.invert = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.config.notenforced_client_ip_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.config.postdata.preserve.enable = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.config.cdsso.enable=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.config.cdcservlet.url =
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.config.client_ip_validation.enable = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.config.logout.url=
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.config.logout.cookie.reset.list =
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Access Manager.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetch_from_root_resource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.config.get_client_host_name = true
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.config.convert_mbyte.enable = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.policy.agents.config.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port = true
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is true,
# and if the notification url is coming through the proxy or load balancer
# in the same way as other request url's.
com.sun.am.policy.agents.config.override_notification.url =
# The following property defines how long to wait in attempting
# to connect to an Access Manager AUTH server.
# The default value is 2 seconds. This value needs to be increased
# when receiving the error "unable to find active Access Manager Auth server"
com.sun.am.policy.agents.config.connection_timeout =
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# The three following properties are for IIS6 agent only.
# The two first properties allow to set a username and password that will be
# used by the authentication filter to pass the Windows challenge when the Basic
# Authentication option is selected in Microsoft IIS 6.0. The authentication
# filter is named amiis6auth.dll and is located in
# Agent_installation_directory/iis6/bin. It must be installed manually on
# the web site ("ISAPI Filters" tab in the properties of the web site).
# It must also be uninstalled manually when unintalling the agent.
# The last property defines the full path for the authentication filter log file.
com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAuthFilterIf the agent doesnot start properly you would always get redirected to com.sun.am.policy.agents.config.accessdenied.url , if thats not specified you will get a 403.
For the agent itself check that the naming.url is correct. the agent username and passwords are correct, and see that the user has priviledges to write to the agent log files. Apart from these post the windows event logs. -
Skipping request for user policy assignments due to agent configuration for authority
Hello all,
Symptoms:
The Configuration Manager only shows the following actions:
Application Deployment Evaluation Cycle
Machine Policy Retrieval & Evaluation Cycle
Software Updates Deployment Evaluation Cycle
User Policy Retrieval & Evaluation Cycle
In Software Center there are no applications visible. Also the default 'IT Organization' is shown instead of the 'real' name.
The Confugration Manager:
shows in the tab 'General' the correct Management point. Connection type is 'currently intranet' (ok)
shows in the tab 'Site' the correct site code.
shows in the tab 'Components' all components as either 'installed' or 'enabled'. Only CCM Notification Agent shows 'Disabled'.
In SCCM 2012 under 'Client Settings' -> 'Default Settings' -> 'Client Policy' the setting 'Enable User policy on clients' has been enabled.
Done so far (without success):
Re-installed the MP
Run a query on the SCCM Database to check if there are any corrupt records. There are not.
Installed version 5.00.7958.1000
CCM Framework: 5.00.7958.1203
The computer is installed with a task sequence. There is a reboot after 'Setup Windows and ConfigMgr (CM2012 R2 CU1)'.
Installation command of the SCCM Client (during OSD deployment):
SMSCACHEFLAGS=PERCENTDISKSPACE SMSCACHESIZE=10 SMSSLP=demo-sccm.demoforest.local SMSMP=demo-sccm.demoforest.local PATCH="%_SMSTSMDataPath%\OSD\TDS00020\KB2938441\configmgr2012ac-r2-kb2938441-i386.msp"
Content log files on the client:
PolicyAgent.log:
Processing PreShutdown event PolicyAgent_RequestAssignments 8/4/2014 11:56:52 PM 2204 (0x089C)
Processing PostStartup event PolicyAgent_RequestAssignments 8/4/2014 11:57:37 PM 2436 (0x0984)
Policy Download Endpoint's message queue is empty; proceeding with maintenance work PolicyAgent_Cleanup 8/4/2014 11:57:37 PM 2436 (0x0984)
Registered for MP notifications. PolicyAgent_PostStartup 8/4/2014 11:57:37 PM 2436 (0x0984)
Not rerequesting policy on site code change in provisioning mode. PolicyAgent_ReRequestPolicy 8/5/2014 12:01:55 AM 3212 (0x0C8C)
Processing PostStartup event PolicyAgent_RequestAssignments 8/5/2014 12:02:48 AM 2352 (0x0930)
Policy Download Endpoint's message queue is empty; proceeding with maintenance work PolicyAgent_Cleanup 8/5/2014 12:02:48 AM 2352 (0x0930)
Registered for MP notifications. PolicyAgent_PostStartup 8/5/2014 12:02:48 AM 2352 (0x0930)
Processing PostStartup event PolicyAgent_RequestAssignments 8/5/2014 12:11:36 AM 2720 (0x0AA0)
Policy Download Endpoint's message queue is empty; proceeding with maintenance work PolicyAgent_Cleanup 8/5/2014 12:11:36 AM 2720 (0x0AA0)
Registered for MP notifications. PolicyAgent_PostStartup 8/5/2014 12:11:36 AM 2720 (0x0AA0)
Processing PostStartup event PolicyAgent_RequestAssignments 8/5/2014 1:25:02 AM 3164 (0x0C5C)
Policy Download Endpoint's message queue is empty; proceeding with maintenance work PolicyAgent_Cleanup 8/5/2014 1:25:02 AM 3164 (0x0C5C)
Registered for MP notifications. PolicyAgent_PostStartup 8/5/2014 1:25:02 AM 3164 (0x0C5C)
Processing PostStartup event PolicyAgent_RequestAssignments 8/5/2014 1:26:05 AM 2652 (0x0A5C)
Policy Download Endpoint's message queue is empty; proceeding with maintenance work PolicyAgent_Cleanup 8/5/2014 1:26:05 AM 2652 (0x0A5C)
Registered for MP notifications. PolicyAgent_PostStartup 8/5/2014 1:26:05 AM 2652 (0x0A5C)
Triggered update of user S-1-5-21-1840543543-1948091412-3654635223-1109 settings PolicyAgent_RequestAssignments 8/5/2014 9:00:57 AM 3232 (0x0CA0)
Requesting User policy assignments for 'S-1-5-21-1840543543-1948091412-3654635223-1109' PolicyAgent_RequestAssignments 8/5/2014 9:02:34 AM 2484 (0x09B4)
Requesting User policy from authority 'SMS:TDS' PolicyAgent_RequestAssignments 8/5/2014 9:02:34 AM 2484 (0x09B4)
Skipping request for user policy assignments due to agent configuration for authority 'SMS:TDS'. PolicyAgent_RequestAssignments 8/5/2014 9:02:34 AM 2484 (0x09B4)
ClientIDManagerStartup.log:
[----- STARTUP -----] ClientIDManagerStartup 8/5/2014 1:24:34 AM 372 (0x0174)
Read SMBIOS (encoded): 31003800300035002D0030003700310038002D0035003700330038002D0035003500350033002D0034003800350030002D0038003000390030002D0032003800 ClientIDManagerStartup 8/5/2014 1:24:52 AM 2932 (0x0B74)
Evaluated SMBIOS (encoded): 31003800300035002D0030003700310038002D0035003700330038002D0035003500350033002D0034003800350030002D0038003000390030002D0032003800 ClientIDManagerStartup 8/5/2014 1:24:52 AM 2932 (0x0B74)
No SMBIOS Changed ClientIDManagerStartup 8/5/2014 1:24:52 AM 2932 (0x0B74)
SMBIOS unchanged ClientIDManagerStartup 8/5/2014 1:24:52 AM 2932 (0x0B74)
SID unchanged ClientIDManagerStartup 8/5/2014 1:24:52 AM 2932 (0x0B74)
HWID unchanged ClientIDManagerStartup 8/5/2014 1:24:53 AM 2932 (0x0B74)
GetSystemEnclosureChassisInfo: IsFixed=TRUE, IsLaptop=FALSE ClientIDManagerStartup 8/5/2014 1:24:53 AM 2932 (0x0B74)
Windows To Go requires a minimum operating system of Windows 8 ClientIDManagerStartup 8/5/2014 1:24:53 AM 2932 (0x0B74)
Computed HardwareID=2:0760033F87CBB92FC5D6343C630C99002655F937
Win32_SystemEnclosure.SerialNumber=1805-0718-5738-5553-4850-8090-28
Win32_SystemEnclosure.SMBIOSAssetTag=2522-6626-0190-0004-7023-0906-91
Win32_BaseBoard.SerialNumber=1805-0718-5738-5553-4850-8090-28
Win32_BIOS.SerialNumber=1805-0718-5738-5553-4850-8090-28
Win32_NetworkAdapterConfiguration.MACAddress=00:15:5D:00:2A:0C ClientIDManagerStartup 8/5/2014 1:24:53 AM 2932 (0x0B74)
Persisted hardware IDs in CCM_ClientIdentificationInformation=@:
HardwareID1=2:0760033F87CBB92FC5D6343C630C99002655F937
HardwareID2=98130500010000EE ClientIDManagerStartup 8/5/2014 1:24:53 AM 2932 (0x0B74)
Failed to open to WMI namespace '\\.\root\ccmvdi' (8007045b) ClientIDManagerStartup 8/5/2014 1:25:02 AM 372 (0x0174)
[----- SHUTDOWN -----] ClientIDManagerStartup 8/5/2014 1:25:02 AM 372 (0x0174)
[----- STARTUP -----] ClientIDManagerStartup 8/5/2014 1:25:42 AM 2012 (0x07DC)
Read SMBIOS (encoded): 31003800300035002D0030003700310038002D0035003700330038002D0035003500350033002D0034003800350030002D0038003000390030002D0032003800 ClientIDManagerStartup 8/5/2014 1:25:51 AM 2504 (0x09C8)
Evaluated SMBIOS (encoded): 31003800300035002D0030003700310038002D0035003700330038002D0035003500350033002D0034003800350030002D0038003000390030002D0032003800 ClientIDManagerStartup 8/5/2014 1:25:51 AM 2504 (0x09C8)
No SMBIOS Changed ClientIDManagerStartup 8/5/2014 1:25:51 AM 2504 (0x09C8)
SMBIOS unchanged ClientIDManagerStartup 8/5/2014 1:25:51 AM 2504 (0x09C8)
SID unchanged ClientIDManagerStartup 8/5/2014 1:25:51 AM 2504 (0x09C8)
HWID unchanged ClientIDManagerStartup 8/5/2014 1:25:53 AM 2504 (0x09C8)
GetSystemEnclosureChassisInfo: IsFixed=TRUE, IsLaptop=FALSE ClientIDManagerStartup 8/5/2014 1:25:53 AM 2504 (0x09C8)
Windows To Go requires a minimum operating system of Windows 8 ClientIDManagerStartup 8/5/2014 1:25:53 AM 2504 (0x09C8)
Computed HardwareID=2:0760033F87CBB92FC5D6343C630C99002655F937
Win32_SystemEnclosure.SerialNumber=1805-0718-5738-5553-4850-8090-28
Win32_SystemEnclosure.SMBIOSAssetTag=2522-6626-0190-0004-7023-0906-91
Win32_BaseBoard.SerialNumber=1805-0718-5738-5553-4850-8090-28
Win32_BIOS.SerialNumber=1805-0718-5738-5553-4850-8090-28
Win32_NetworkAdapterConfiguration.MACAddress=00:15:5D:00:2A:0C ClientIDManagerStartup 8/5/2014 1:25:53 AM 2504 (0x09C8)
Persisted hardware IDs in CCM_ClientIdentificationInformation=@:
HardwareID1=2:0760033F87CBB92FC5D6343C630C99002655F937
HardwareID2=98C70600010000EE ClientIDManagerStartup 8/5/2014 1:25:53 AM 2504 (0x09C8)
ClientAuth.log:
Error signing client message (0x80004005). ClientAuth 4/22/2014 9:25:01 PM 1612 (0x064C)
Error signing client message (0x80004005). ClientAuth 4/22/2014 9:25:01 PM 1612 (0x064C)
Error signing client message (0x80004005). ClientAuth 4/22/2014 9:25:02 PM 1612 (0x064C)
Error signing client message (0x80004005). ClientAuth 4/22/2014 9:25:02 PM 1612 (0x064C)
ClientLocation.log:
Current AD forest name is demoforest.local, domain name is demoforest.local ClientLocation 8/5/2014 1:24:34 AM 372 (0x0174)
Domain joined client is in Intranet ClientLocation 8/5/2014 1:24:34 AM 372 (0x0174)
Current AD forest name is demoforest.local, domain name is demoforest.local ClientLocation 8/5/2014 1:24:53 AM 2932 (0x0B74)
Domain joined client is in Intranet ClientLocation 8/5/2014 1:24:53 AM 2932 (0x0B74)
Rotating assigned management point, new management point [1] is: DEMO-SCCM.demoforest.local (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities> ClientLocation 8/5/2014
1:24:53 AM 2932 (0x0B74)
Assigned MP changed from <DEMO-SCCM.demoforest.local> to <DEMO-SCCM.demoforest.local>. ClientLocation 8/5/2014 1:24:53 AM 2932 (0x0B74)
Rotating assigned management point, new management point [1] is: DEMO-SCCM.demoforest.local (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities> ClientLocation 8/5/2014
1:24:54 AM 2932 (0x0B74)
Assigned MP changed from <DEMO-SCCM.demoforest.local> to <DEMO-SCCM.demoforest.local>. ClientLocation 8/5/2014 1:24:54 AM 2932 (0x0B74)
Current AD forest name is demoforest.local, domain name is demoforest.local ClientLocation 8/5/2014 1:25:42 AM 2012 (0x07DC)
Domain joined client is in Intranet ClientLocation 8/5/2014 1:25:42 AM 2012 (0x07DC)
Current AD forest name is demoforest.local, domain name is demoforest.local ClientLocation 8/5/2014 1:25:53 AM 2504 (0x09C8)
Domain joined client is in Intranet ClientLocation 8/5/2014 1:25:53 AM 2504 (0x09C8)
Rotating assigned management point, new management point [1] is: DEMO-SCCM.demoforest.local (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities> ClientLocation 8/5/2014
1:25:53 AM 2504 (0x09C8)
Assigned MP changed from <DEMO-SCCM.demoforest.local> to <DEMO-SCCM.demoforest.local>. ClientLocation 8/5/2014 1:25:53 AM 2504 (0x09C8)
Rotating assigned management point, new management point [1] is: DEMO-SCCM.demoforest.local (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities> ClientLocation 8/5/2014
1:25:53 AM 2504 (0x09C8)
Assigned MP changed from <DEMO-SCCM.demoforest.local> to <DEMO-SCCM.demoforest.local>. ClientLocation 8/5/2014 1:25:53 AM 2504 (0x09C8)
Getting Assigned Site ClientLocation 8/5/2014 9:02:38 AM 2264 (0x08D8)
Assigned Site is TDS ClientLocation 8/5/2014 9:02:38 AM 2264 (0x08D8)
Getting Assigned Site ClientLocation 8/5/2014 1:19:20 PM 2604 (0x0A2C)
Assigned Site is TDS ClientLocation 8/5/2014 1:19:20 PM 2604 (0x0A2C)
execmgr.log (with errors):
Requesting MTC to delete task with id: {C5DCEE82-C903-4CBD-98CC-534646B3EFD7} execmgr 4/22/2014 7:14:28 PM 1872 (0x0750)
This execution request does not own the corresponding task in MTC, returning without deleting it from MTC. execmgr 4/22/2014 7:14:28 PM 1872 (0x0750)
Service startup. execmgr 4/22/2014 7:16:09 PM 2332 (0x091C)
Service startup. execmgr 4/22/2014 9:17:36 PM 2216 (0x08A8)
Service startup. execmgr 4/22/2014 9:23:02 PM 2348 (0x092C)
Service startup. execmgr 4/22/2014 9:24:53 PM 1000 (0x03E8)
Software Distribution site settings (CCM_SoftwareDistributionClientConfig) policy does not yet exist on the client.
If the client is not yet registered, this is expected behavior. execmgr 8/4/2014 11:56:52 PM 3224 (0x0C98)
Software Distribution site settings (CCM_SoftwareDistributionClientConfig) policy does not yet exist on the client.
If the client is not yet registered, this is expected behavior. execmgr 8/4/2014 11:56:52 PM 1292 (0x050C)
Service startup. execmgr 8/4/2014 11:57:32 PM 3696 (0x0E70)
Software Distribution site settings (CCM_SoftwareDistributionClientConfig) policy does not yet exist on the client.
If the client is not yet registered, this is expected behavior. execmgr 8/4/2014 11:57:33 PM 3696 (0x0E70)
Software distribution agent was enabled execmgr 8/5/2014 12:01:55 AM 3448 (0x0D78)
Service startup. execmgr 8/5/2014 12:02:44 AM 2272 (0x08E0)
ExecMgr::GetTaskState - GetTaskState Failed with error code 0x87d00317 execmgr 8/5/2014 12:03:02 AM 1652 (0x0674)
Policy arrived for child program Install execmgr 8/5/2014 12:03:02 AM 1648 (0x0670)
Creating mandatory request for advert TDS20014, program Install, package TDS00014 execmgr 8/5/2014 12:03:02 AM 1652 (0x0674)
An existing MTC token was supplied, this execution request is not owner of MTC object. execmgr 8/5/2014 12:03:02 AM 1652 (0x0674)
CertificateMaintanance.log:
HTTP is selected for Client. The current state is 0. CertificateMaintenance 4/22/2014 6:49:04 PM 604 (0x025C)
Raising pending event:
instance of CCM_ServiceHost_CertRetrieval_Status
DateTime = "20140422164904.539000+000";
HRESULT = "0x00000001";
ProcessID = 3320;
ThreadID = 604;
CertificateMaintenance 4/22/2014 6:49:04 PM 604 (0x025C)
Raising event:
instance of CCM_ServiceHost_CertRetrieval_Status
ClientID = "GUID:7ff40832-4c01-456f-9705-096da67985b3";
DateTime = "20140422164946.336000+000";
HRESULT = "0x00000001";
ProcessID = 3320;
ThreadID = 3216;
CertificateMaintenance 4/22/2014 6:49:46 PM 3216 (0x0C90)
HTTP is selected for Client. The current state is 0. CertificateMaintenance 8/4/2014 11:56:39 PM 2212 (0x08A4)
Raising pending event:
instance of CCM_ServiceHost_CertRetrieval_Status
DateTime = "20140804215639.612000+000";
HRESULT = "0x00000001";
ProcessID = 2144;
ThreadID = 2212;
CertificateMaintenance 8/4/2014 11:56:39 PM 2212 (0x08A4)
Raising event:
instance of CCM_ServiceHost_CertRetrieval_Status
ClientID = "GUID:b8d72095-2590-4724-9db9-b721efc05007";
DateTime = "20140804215651.440000+000";
HRESULT = "0x00000001";
ProcessID = 2144;
ThreadID = 3348;
CertificateMaintenance 8/4/2014 11:56:51 PM 3348 (0x0D14)
Client is set to use HTTPS when available. The current state is 480. CertificateMaintenance 8/4/2014 11:56:56 PM 1096 (0x0448)
Client is set to use HTTPS when available. The current state is 480. CertificateMaintenance 8/5/2014 12:02:33 AM 1656 (0x0678)
Client is set to use HTTPS when available. The current state is 480. CertificateMaintenance 8/5/2014 12:11:17 AM 384 (0x0180)
Client is set to use HTTPS when available. The current state is 480. CertificateMaintenance 8/5/2014 1:24:34 AM 372 (0x0174)
Client is set to use HTTPS when available. The current state is 480. CertificateMaintenance 8/5/2014 1:25:42 AM 2012 (0x07DC)
smscliui.log:
Perform Action: Request & Evaluate User Policy - {3A88A2F3-0C39-45fa-8959-81F21BF500CE}. Message sent, id={FC736B58-2635-45B8-8002-E7C8D6CCEB8D} smscliui 8/5/2014 9:02:34 AM 2484 (0x09B4)
Current Assigned Site: TDS smscliui 8/5/2014 9:02:38 AM 868 (0x0364)
Currently assigned FQDN: smscliui 8/5/2014 9:02:41 AM 868 (0x0364)
Failed to set DNSSuffix value to the registry. smscliui 8/5/2014 9:02:58 AM 868 (0x0364)
SMS Site code has not been changed. smscliui 8/5/2014 9:02:58 AM 868 (0x0364)
Current Assigned Site: TDS smscliui 8/5/2014 1:19:20 PM 2160 (0x0870)
CcmMessaging.log:
Queue 'StateMessageManager' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'StateMessageManager'. Enabled=true Concurrency=1 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'CTMDTSReply'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'CTMDTSReply' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'CTMDTSReply'. Enabled=true Concurrency=5 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'execmgr'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'execmgr' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'execmgr'. Enabled=true Concurrency=1 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'PolicyAgent_RequestAssignments'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'PolicyAgent_RequestAssignments' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'PolicyAgent_RequestAssignments'. Enabled=true Concurrency=5 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'ClientRegistration'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'ClientRegistration' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'ClientRegistration'. Enabled=true Concurrency=5 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'EndpointProtectionAgent'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'EndpointProtectionAgent' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'EndpointProtectionAgent'. Enabled=true Concurrency=20 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'LS_ScheduledCleanup'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'LS_ScheduledCleanup' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'LS_ScheduledCleanup'. Enabled=true Concurrency=5 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'PolicyAgent_Cleanup'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'PolicyAgent_Cleanup' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'PolicyAgent_Cleanup'. Enabled=true Concurrency=5 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'DCMAgent'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'DCMAgent' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'DCMAgent'. Enabled=true Concurrency=5 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'CertEnrollAgent'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'CertEnrollAgent' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'CertEnrollAgent'. Enabled=true Concurrency=1 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'ExternalEventAgent'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'ExternalEventAgent' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'ExternalEventAgent'. Enabled=true Concurrency=20 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'UpdateStore'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'UpdateStore' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'UpdateStore'. Enabled=true Concurrency=1 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'PolicyAgent_ReplyAssignments'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'PolicyAgent_ReplyAssignments' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'PolicyAgent_ReplyAssignments'. Enabled=true Concurrency=5 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'SMSSHA'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'SMSSHA' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'SMSSHA'. Enabled=true Concurrency=1 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'lmp_[http]mp_locationmanager'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'lmp_[http]mp_locationmanager' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'lmp_[http]mp_locationmanager'. Enabled=true Concurrency=1 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'mp_statusreceiver'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'mp_statusreceiver' initialized with 0 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'mp_statusreceiver'. Enabled=true Concurrency=1 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initializing queue 'mp_[http]mp_locationmanager'... CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Queue 'mp_[http]mp_locationmanager' initialized with 1 messages. CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Initialized queue processor 'mp_[http]mp_locationmanager'. Enabled=true Concurrency=1 CcmMessaging 8/5/2014 1:25:50 AM 2192 (0x0890)
Raising event:
instance of CCM_CcmHttp_Status
ClientID = "GUID:b8d72095-2590-4724-9db9-b721efc05007";
DateTime = "20140804232553.423000+000";
HostName = "DEMO-SCCM.demoforest.local";
HRESULT = "0x00000000";
ProcessID = 1996;
StatusCode = 0;
ThreadID = 2504;
CcmMessaging 8/5/2014 1:25:53 AM 2504 (0x09C8)
Raising event:
instance of CCM_CcmHttp_Status
ClientID = "GUID:b8d72095-2590-4724-9db9-b721efc05007";
DateTime = "20140804232553.485000+000";
HostName = "DEMO-SCCM.demoforest.local";
HRESULT = "0x00000000";
ProcessID = 1996;
StatusCode = 0;
ThreadID = 2504;
CcmMessaging 8/5/2014 1:25:53 AM 2504 (0x09C8)
Raising event:
instance of CCM_CcmHttp_Status
ClientID = "GUID:b8d72095-2590-4724-9db9-b721efc05007";
DateTime = "20140804232553.563000+000";
HostName = "DEMO-SCCM.demoforest.local";
HRESULT = "0x00000000";
ProcessID = 1996;
StatusCode = 0;
ThreadID = 2504;
CcmMessaging 8/5/2014 1:25:53 AM 2504 (0x09C8)
Raising event:
instance of CCM_CcmHttp_Status
ClientID = "GUID:b8d72095-2590-4724-9db9-b721efc05007";
DateTime = "20140804232553.657000+000";
HostName = "DEMO-SCCM.demoforest.local";
HRESULT = "0x00000000";
ProcessID = 1996;
StatusCode = 0;
ThreadID = 2504;
CcmMessaging 8/5/2014 1:25:53 AM 2504 (0x09C8)
Raising event:
instance of CCM_CcmHttp_Status
ClientID = "GUID:b8d72095-2590-4724-9db9-b721efc05007";
DateTime = "20140804232606.048000+000";
HostName = "DEMO-SCCM.demoforest.local";
HRESULT = "0x00000000";
ProcessID = 1996;
StatusCode = 0;
ThreadID = 2508;
CcmMessaging 8/5/2014 1:26:06 AM 2508 (0x09CC)
Raising event:
instance of CCM_CcmHttp_Status
ClientID = "GUID:b8d72095-2590-4724-9db9-b721efc05007";
DateTime = "20140804232606.110000+000";
HostName = "DEMO-SCCM.demoforest.local";
HRESULT = "0x00000000";
ProcessID = 1996;
StatusCode = 0;
ThreadID = 2188;
CcmMessaging 8/5/2014 1:26:06 AM 2188 (0x088C)
Raising event:
instance of CCM_CcmHttp_Status
ClientID = "GUID:b8d72095-2590-4724-9db9-b721efc05007";
DateTime = "20140804232606.188000+000";
HostName = "DEMO-SCCM.demoforest.local";
HRESULT = "0x00000000";
ProcessID = 1996;
StatusCode = 0;
ThreadID = 2504;
CcmMessaging 8/5/2014 1:26:06 AM 2504 (0x09C8)
CcmNotificationAgent.log:
Bgb client agent is starting... BgbAgent 8/5/2014 1:26:05 AM 2504 (0x09C8)
Bgb client agent is disabled BgbAgent 8/5/2014 1:26:05 AM 2504 (0x09C8)
TCP Listener is disabled. BgbAgent 8/5/2014 1:26:05 AM 2504 (0x09C8)
BgbController main thread is started with settings: {bgb enable = 0}, {tcp enabled = 0}, {tcp port = 0} and {http enabled = 0}. BgbAgent 8/5/2014 1:26:05 AM 2504 (0x09C8)
Wait 3600 seconds for event notification. BgbAgent 8/5/2014 1:26:05 AM 3076 (0x0C04)
Wait 3600 seconds for event notification. BgbAgent 8/5/2014 2:26:05 AM 3076 (0x0C04)
Any help is appreciated and with kind regards,
Willem-JanHello all,
I modified the TS, but the problem is still there.
smsts.log:
==============================[ OSDSetupHook.exe ]============================== OSDSetupHook 8/5/2014 4:51:30 PM 856 (0x0358)
Executing task sequence OSDSetupHook 8/5/2014 4:51:30 PM 856 (0x0358)
Loading the Task Sequencing Environment from "C:\_SMSTaskSequence\TSEnv.dat". OSDSetupHook 8/5/2014 4:51:30 PM 856 (0x0358)
Environment scope successfully created: Global\{51A016B6-F0DE-4752-B97C-54E6F386A912} OSDSetupHook 8/5/2014 4:51:30 PM 856 (0x0358)
Environment scope successfully created: Global\{BA3A3900-CA6D-4ac1-8C28-5073AFC22B03} OSDSetupHook 8/5/2014 4:51:30 PM 856 (0x0358)
Debug shell is enabled OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Successfully enabled debug command shell support. OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Configuring local administrator account OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Re-assign all drive letters... OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Could not open drive Q:\ (80070005) OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Ignoring inaccessible volume 'Q:' with error 0x80070005 OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
No partition needs to be udpated. OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Installing SMS client OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Client already installed. OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Moving logs to SMS client directory OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Successfully moved logs to SMS client log directory: C:\Windows\CCM\Logs\SMSTSLog OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Executing task sequence manager bootstrap OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
Executing command line: "C:\Windows\CCM\TSMBootstrap.exe" /env:Gina /configpath:C:\_SMSTaskSequence /bootcount:5 OSDSetupHook 8/5/2014 4:51:39 PM 856 (0x0358)
==============================[ TSMBootStrap.exe ]============================== TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Command line: "C:\Windows\CCM\TSMBootstrap.exe" /env:Gina /configpath:C:\_SMSTaskSequence /bootcount:5 TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Current OS version is 6.1.7601.1 TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Logging successfully initialized. TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Resuming Task Sequence in Full OS TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
We are going in GINA and potentially need to set the authenticator TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
setting the authenticator TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Executing command line: "C:\Windows\CCM\TsProgressUI.exe" /Register:WinPE TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
==========[ TsProgressUI started in process 2196 ]========== TsProgressUI 8/5/2014 4:51:39 PM 2200 (0x0898)
Command line: "C:\Windows\CCM\TsProgressUI.exe" /Register:WinPE TsProgressUI 8/5/2014 4:51:39 PM 2200 (0x0898)
Registering COM classes TsProgressUI 8/5/2014 4:51:39 PM 2200 (0x0898)
sbModulePath = C:\Windows\CCM\TsProgressUI.exe TsProgressUI 8/5/2014 4:51:39 PM 2200 (0x0898)
Unregistering class objects TsProgressUI 8/5/2014 4:51:39 PM 2200 (0x0898)
Shutdown complete. TsProgressUI 8/5/2014 4:51:39 PM 2200 (0x0898)
Process completed with exit code 0 TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Successfully registered TS Progress UI. TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Found network adapter "Intel 21140-Based PCI Fast Ethernet Adapter (Emulated)" with IP Address 5.5.5.101. TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Starting Task Sequence Manager. TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
executing TS Manager not in full media TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
executing TS Manager in c:\windows\ccm TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Executing command line: "TsManager.exe" TSMBootstrap 8/5/2014 4:51:39 PM 2152 (0x0868)
Successfully intialized Logging for TS Manager. TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Commandline: "TsManager.exe" TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
/service parameter found at index: -1 TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
/standalone parameter found at index: -1 TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
/noclient parameter found at index: -1 TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Successfully registered Task Sequencing COM Interface. TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Executing as a standalone exe TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Initializing TS Environment TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Opening Task Sequencing Environment TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Deleting volume ID file C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca ... TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
pwszPath && *pwszPath, HRESULT=80070057 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,228) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
pwszPath && *pwszPath, HRESULT=80070057 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,228) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
pwszPath && *pwszPath, HRESULT=80070057 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,228) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
pwszPath && *pwszPath, HRESULT=80070057 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,228) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
NOT executing in WinPE TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Compiling Config policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Compiling config policies... TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Compiling SysHealthConfig policy... TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Retrieving value from TSEnv for '_SMSTSSysHealthClientConfig' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
::DecompressBuffer(65536) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Decompression (zlib) succeeded: original size 684, uncompressed size 4652. TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Instance path = 'CCM_SystemHealthClientConfig.SiteSettingsKey="1"' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Compiling SoftUpdConfig policy... TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Retrieving value from TSEnv for '_SMSTSSWUpdateClientConfig' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
::DecompressBuffer(65536) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Decompression (zlib) succeeded: original size 1922, uncompressed size 19242. TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Instance path = 'CCM_SoftwareUpdatesClientConfig.SiteSettingsKey="1"' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Compiling SoftDistClientConfig policy... TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Retrieving value from TSEnv for '_SMSTSSoftDistClientConfig' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
::DecompressBuffer(65536) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Decompression (zlib) succeeded: original size 1327, uncompressed size 13740. TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Instance path = 'CCM_SoftwareDistributionClientConfig.SiteSettingsKey="1"' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Compiling NAAConfig policy... TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Retrieving value from TSEnv for '_SMSTSNAAConfigPolicy' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
::DecompressBuffer(65536) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Decompression (zlib) succeeded: original size 1022, uncompressed size 6494. TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Instance path = 'CCM_NetworkAccessAccount.SiteSettingsKey="1"' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Instance path = 'CCM_NetworkAccessAccount.SiteSettingsKey="1"' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Compiling RebootSettingsConfig policy... TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Retrieving value from TSEnv for '_SMSTSRebootSettingsConfigPolicy' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
::DecompressBuffer(65536) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Decompression (zlib) succeeded: original size 433, uncompressed size 1556. TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Instance path = 'CCM_RebootSettings.SiteSettingsKey="1"' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Compiling AppManClientConfig policy... TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Retrieving value from TSEnv for '_SMSTSAppManClientConfigPolicy' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
::DecompressBuffer(65536) TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Decompression (zlib) succeeded: original size 982, uncompressed size 6358. TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Instance path = 'CCM_ApplicationManagementClientConfig.SiteSettingsKey="1"' TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Start to compile TS policy TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Failed to find property 'AutoApplyDeployment' in 'CCM_ApplicationManagementClientConfig' class defintion. Error 0x80041002. Default value will be used for this property TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
End TS policy compilation TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Get Install Directory for SMS Client TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
Updating settings in \\.\root\ccm\policy\machine\actualconfig TSManager 8/5/2014 4:51:40 PM 2244 (0x08C4)
RequestedConfig policy instance(s) : 435 TSManager 8/5/2014 4:51:49 PM 2244 (0x08C4)
Locked \\.\ROOT\ccm\policy\machine\RequestedConfig for source SMS:Client:Default:{BFDADC41-FDCD-4B9C-B446-8A818D01BEA3} successfully TSManager 8/5/2014 4:51:49 PM 2244 (0x08C4)
Namespace: \\.\ROOT\ccm\policy\machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "SMS:Client:Default:{BFDADC41-FDCD-4B9C-B446-8A818D01BEA3}") AND (PolicyState
= "Active") AND (PolicyType = "Machine") TSManager 8/5/2014 4:51:49 PM 2244 (0x08C4)
There is no ccm_policy_policy instance, skipping addition to realinst map TSManager 8/5/2014 4:51:49 PM 2244 (0x08C4)
Unlocked \\.\ROOT\ccm\policy\machine\RequestedConfig for source SMS:Client:Default:{BFDADC41-FDCD-4B9C-B446-8A818D01BEA3} successfully TSManager 8/5/2014 4:51:49 PM 2244 (0x08C4)
RequestedConfig policy instance(s) : 0 TSManager 8/5/2014 4:51:50 PM 2244 (0x08C4)
Locked \\.\ROOT\ccm\policy\machine\RequestedConfig for source SMS:TDS successfully TSManager 8/5/2014 4:51:50 PM 2244 (0x08C4)
Namespace: \\.\ROOT\ccm\policy\machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "SMS:TDS") AND (PolicyState = "Active") AND (PolicyType = "Machine") TSManager 8/5/2014
4:51:50 PM 2244 (0x08C4)
There is no ccm_policy_policy instance, skipping addition to realinst map TSManager 8/5/2014 4:51:50 PM 2244 (0x08C4)
Unlocked \\.\ROOT\ccm\policy\machine\RequestedConfig for source SMS:TDS successfully TSManager 8/5/2014 4:51:50 PM 2244 (0x08C4)
RequestedConfig policy instance(s) : 0 TSManager 8/5/2014 4:51:51 PM 2244 (0x08C4)
Locked \\.\ROOT\ccm\policy\machine\RequestedConfig for source CcmPortal successfully TSManager 8/5/2014 4:51:51 PM 2244 (0x08C4)
Namespace: \\.\ROOT\ccm\policy\machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "CcmPortal") AND (PolicyState = "Active") AND (PolicyType = "Machine") TSManager 8/5/2014
4:51:51 PM 2244 (0x08C4)
There is no ccm_policy_policy instance, skipping addition to realinst map TSManager 8/5/2014 4:51:51 PM 2244 (0x08C4)
Unlocked \\.\ROOT\ccm\policy\machine\RequestedConfig for source CcmPortal successfully TSManager 8/5/2014 4:51:51 PM 2244 (0x08C4)
RequestedConfig policy instance(s) : 0 TSManager 8/5/2014 4:51:53 PM 2244 (0x08C4)
Locked \\.\ROOT\ccm\policy\machine\RequestedConfig for source Local successfully TSManager 8/5/2014 4:51:53 PM 2244 (0x08C4)
RequestedConfig policy instance(s) : 9 TSManager 8/5/2014 4:51:53 PM 2244 (0x08C4)
Unlocked \\.\ROOT\ccm\policy\machine\RequestedConfig for source Local successfully TSManager 8/5/2014 4:51:53 PM 2244 (0x08C4)
RequestedConfig policy instance(s) : 11943 TSManager 8/5/2014 4:51:57 PM 2244 (0x08C4)
Locked \\.\ROOT\ccm\policy\machine\RequestedConfig for source CcmTaskSequence successfully TSManager 8/5/2014 4:51:57 PM 2244 (0x08C4)
Namespace: \\.\ROOT\ccm\policy\machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "CcmTaskSequence") AND (PolicyState = "Active") AND (PolicyType = "Machine") TSManager 8/5/2014
4:51:57 PM 2244 (0x08C4)
There is no ccm_policy_policy instance, skipping addition to realinst map TSManager 8/5/2014 4:51:57 PM 2244 (0x08C4)
Unlocked \\.\ROOT\ccm\policy\machine\RequestedConfig for source CcmTaskSequence successfully TSManager 8/5/2014 4:51:57 PM 2244 (0x08C4)
Total RequestedConfig policy instance(s) : 12387 TSManager 8/5/2014 4:52:00 PM 2244 (0x08C4)
New/Changed ActualConfig policy instance(s) : 0 TSManager 8/5/2014 4:52:04 PM 2244 (0x08C4)
Policy evaluation initiated TSManager 8/5/2014 4:52:04 PM 2244 (0x08C4)
Waiting for policy to be compiled in 'root\ccm\policy\machine' namespace TSManager 8/5/2014 4:52:04 PM 2244 (0x08C4)
Query = 'CCM_SystemHealthClientConfig.SiteSettingsKey="1"' TSManager 8/5/2014 4:52:04 PM 2244 (0x08C4)
Verified policy for instance path 'CCM_SystemHealthClientConfig.SiteSettingsKey="1"' compiled in 'root\ccm\policy\machine' namespace TSManager 8/5/2014 4:52:04 PM 2244 (0x08C4)
Query = 'CCM_SoftwareUpdatesClientConfig.SiteSettingsKey="1"' TSManager 8/5/2014 4:52:04 PM 2244 (0x08C4)
Verified policy for instance path 'CCM_SoftwareUpdatesClientConfig.SiteSettingsKey="1"' compiled in 'root\ccm\policy\machine' namespace TSManager 8/5/2014 4:52:04 PM 2244 (0x08C4)
Query = 'CCM_SoftwareDistributionClientConfig.SiteSettingsKey="1"' TSManager 8/5/2014 4:52:04 PM 2244 (0x08C4)
Verified policy for instance path 'CCM_SoftwareDistributionClientConfig.SiteSettingsKey="1"' compiled in 'root\ccm\policy\machine'
The Powershell command as described by NPerson give the output:
C:\Windows\system32>powershell Invoke-WmiMethod -Namespace root\CCM -Class SMS_C
lient -Name SetClientProvisioningMode -ArgumentList $false
__GENUS : 1
__CLASS : __PARAMETERS
__SUPERCLASS :
__DYNASTY : __PARAMETERS
__RELPATH : __PARAMETERS
__PROPERTY_COUNT : 1
__DERIVATION : {}
__SERVER : DEMO-CAPTURE
__NAMESPACE : ROOT\ccm
__PATH :
\\DEMO-CAPTURE\ROOT\ccm:__PARAMETERS
ReturnValue :
PSComputerName : DEMO-CAPTURE
It is about the PSComputerName: that is the name of the machine on which the capture was made. So I suppose the problem is already in the image. Is my statement correct or is it not relevant?
With kind regards,
Willem-Jan -
Unable to login Windows Server 2012 after making local policy changes
Experts, we have modified the local policy setting on the windows server 2012 and badly it was domain controller now none of the users are able to login to the server. After entering the user name and password it will launch till welcome screen then it errors
out saying user name or password incorrect. below are the steps which we followed
1. Policy setting is located in Computer Configuration\Security Settings\Local Policies\Security Options \Network security: Configure encryption types allowed for Kerberos values change from Not Configured to DES_CBC_MD5
2. changed user attribute msDS-SupprtdEncryptionTypes to 2 , this account we were used for kerberos authentication.
3. Logged off from the server and then server doesn't allow any user to login.
regards,
JakkHave you tried connecting to the server from a 2nd DC? Have you tried installing the RSAT tools on a domain member server and modify the offending policy ?
last choice would be restart the DC into safe mode. -
Ip local policy - DMVPN head-end router
hey guys,
On my DMVPN head-end router (3845 - running 151-4.M2) , I'm learning a default route from the internal core that I want the remote spoke to learn via EIGRP (internet access is via tunnel and thru head-end f/w's). And to avoid having a static route configured for the remote public IP pointing to the internet router, I've tried using a local policy to set the next hop for all VPN traffic from the router to be the internet router. However, when I remove the static to the remote, I lose the remote peer and it seems the local policy is not engaged. Any help would be appreciated..
interface Loopback0
ip address 10.103.255.1 255.255.255.255
interface Tunnel10
bandwidth 10000
ip address 10.103.254.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip nhrp authentication xxx
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip nhrp holdtime 600
ip nhrp redirect
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 1234
tunnel protection ipsec profile DMVPN-PROFILE
interface GigabitEthernet0/0
description Routed link to Core
ip address 10.100.160.105 255.255.255.252
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1
description Link to External segment
ip address 1.1.1.4 255.255.255.0
duplex auto
speed auto
media-type rj45
router eigrp 1
network 10.100.160.104 0.0.0.3
network 10.103.254.0 0.0.0.255
network 10.103.255.1 0.0.0.0
passive-interface default
no passive-interface Tunnel10
no passive-interface GigabitEthernet0/0
eigrp router-id 10.103.255.1
ip access-list extended vpn-traffic
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
route-map vpn-default permit 10
description Default route to Internet for encrypted traffic
match ip address vpn-traffic
set ip next-hop 1.1.1.2
ip local policy route-map vpn-defaultDave,
I think let's do the reasonable thing here and separate termination and tunneled traffic into VRFs (VRF-lite).
You can put gig0/1 into one VRF and leave everything else in global (remember to add "tunnel vrf ..." on tunnel interface.
Result - separation of overlay and transport - you can have two default routes, one for connectivity to spokes, one for traffic to be passed over tunnel.
Marcin -
With 300 machines you are going to have to use GPO and not local policies. The scope is just way too large for going to each machine and doing the configAs for where and when to use Computer vs User GPO's, that's totally up to youYou should read the below:Computer Configuration in Group PolicyUser Configuration in Group PolicyWhat policies to apply will be in the scope of the desktop hardening so you will have to do your searches on that. Typically hardening would include security settings or some sort which will include password complexity, length and expiration right down to stopping the installation of executables on a machine.These policies will be different in each environment so you will have to do some homework about what GPO's need to be applied
Hi Spiceheads,
I have a question regarding local policy and group policy.
I received a workstation hardening procedure but I need to apply this settings for 300 computers can I use group policy instead of local policy? if yes how and what option I need to select Computer Configuration of User Configuration?
All 300 computers are connected to the same Domain.
Thank you.
This topic first appeared in the Spiceworks Community -
My SCCM 2012 server is listed in the Windows updates local policy
On my end user computers Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Updates > Specify intranet Microsoft update service location
Does it specify your Primary Site server? YES
Endpoint Protection leverages the software update component of ConfigMgr for delivery of definitions. This local Windows Updates policy was created when you configured this component.
1. How do I disable this local Windows Updates policy in SCCM ? ThanksThe client will set these local policy settings if your Client Settings are set to manage software updates and you don't have a group policy in place.
If you do NOT want ConfigMgr to control updates, then you can go to Client Settings > Software Updates and change "Enable software updates on clients" to No.
Nash Pherson, Senior Systems Consultant
Now Micro -
My Blog Posts
If you've found a bug or want the product worked differently,
share your feedback.
<-- If this post was helpful, please click "Vote as Helpful". -
Could not find the policy in WMI for package
Hi,
I am trying to deploy a language pack to a windows 8.1 machine and it is not installing. According to the execmgr.log it cannot find the policy in WMI? I have tried running the machine policy update within CFG MGR but no change. Is there something else
I can check?
<![LOG[Policy is updated for Program: InstallEN, Package: LIA002A0, Advert: LIA2011A]LOG]!><time="09:47:18.345+300" date="01-28-2015" component="execmgr" context="" type="1" thread="980"
file="execreqmgr.cpp:7063">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="LIA002A0",ProgramID="InstallEN", actionType 45l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="09:47:18.347+300"
date="01-28-2015" component="execmgr" context="" type="1" thread="980" file="event.cpp:405">
<![LOG[Mandatory execution requested for program InstallEN and advertisement LIA2011A]LOG]!><time="09:47:19.220+300" date="01-28-2015" component="execmgr" context="" type="1" thread="3684"
file="execreqmgr.cpp:3527">
<![LOG[Creating mandatory request for advert LIA2011A, program InstallEN, package LIA002A0]LOG]!><time="09:47:19.220+300" date="01-28-2015" component="execmgr" context="" type="1" thread="3684"
file="execreqmgr.cpp:3653">
<![LOG[Could not find the policy in WMI for package LIA002A0 program InstallEN]LOG]!><time="09:47:19.242+300" date="01-28-2015" component="execmgr" context="" type="2" thread="3684" file="softdistpolicy.cpp:2851">
<![LOG[CreateMandatoryRequestRecursively failed at FindUserOrSystemPolicy InstallEN]LOG]!><time="09:47:19.243+300" date="01-28-2015" component="execmgr" context="" type="2" thread="3684"
file="execreqmgr.cpp:3670">Did you check this
post?
It turned out the root cause of the problem was one of the packages that the TS called. Even though SCCM had been set to use the selected distribution points and said the package was installed on those DPs, it hadn't actually copied the files over.
Updating to a new source version and ensuring the files copied correctly resolved the issue. Hopefully SCCM 2012 will do a better job of communicating a dependency problem, but I haven't had a chance to test it yet.
You can also check this
post.
it appears the majority of these messages occur when you have a system that has an expired advertisement still being applied to it.
Nick Pilon | Blog : System Center Dudes -
File name for append processing mode with time stamp
Hi Experts
we are doing file to file scenario using the processing mode as Append.
the requirement for us to append the files and we need to have new file name with time stamp added to the appended file.but in the processing mode of the file adapter either we can append or add time stamp. thatz the problem I am facing now.
we are doing file based processing not message based ,micheal blog regarding the dynamic file name is for message based not for file based.
Please provide your valuable comments.
Thanks
FaheemHi mohamed,
I suggest you to map the target source structure to the required filename u want, like for example ur filename is input26062008.txt means to the target structure u perform the following mapping
constant (input) concat with currentdate function --> concat with constant .txt --> map this concat to target. So u will get the filename u expected with the time.
Then in the communication channel u select the mode as append. Now ur requirement will get solve i think so. plz try.
Regards,
Murugavel -
How to search for password policy
Hello,
Using DS 5.2:
I've created a test policy, dn: cn=Test Policy,ou=People, o=xxx, o=isp. I can apply the policy, I can see the policy in my backup ldifs, but I can't figure out how to search for and display it (and eventually, delete it) either from the command line using ldapsearch or form within the admin gui. Any help?What I would like to do is query my 8i instance for the current password policy
Can anyone provide a query to retrieve this info?connect as sys
in Oracle 8i and issue the command;
select object_name,object_type from all_objects where object_name like '%PASS%';
and
select object_name,object_type from all_objects where object_name like '%POLICY%';
I think , i'm not sure these policies would be transfered to 10g through migration except -if any- some of them are obsolete to 10g!!!!!
Regards,
Simon -
Symptom
On Windows Server 2012 or Windows Server 2012 R2, when you use the Search for Group Policy Objects feature in GPMC, the “Value” field is not populated when you choose “User Configuration” as the Search Item. (See Figure 1.)
<Figure 1>
Cause
The happens because the Data of the (Default) value of the following Registry Key is not correct.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}]
By default the Data is (value not set). (see Figure 2)
<Figure 2>
Resolution
The registry keys under [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] are the Group Policy Preference Client Side Extensions. The CSE name of the GUID {4D2F9B6F-1E52-4711-A382-6A8B1A003DE6} is
RemoteApp and Desktop Connections. Please follow the steps below to resolve the issue.
1. Locate the registry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}]
2. Take the ownership of this key: Right click on the registry key and choose Permissions option and click the Advanced button on the dialogue window. Then on the Advanced Security Settings dialogue window, click Change button to take the ownership
of the key for the current logon account and make the current logon account Full Control permission with the registry key. (See Figure 3.)
<Figure 3>
3. Change the data of (Default) value from "(value not set)" to
"RemoteApp and Desktop Connection Component". (See Figure 4)
<Figure 4>
4. Once the steps above are completed, the Value drop down list will be populated again when you perform Search in GPMC. (See Figure 5)
<figure 5>
This article has been created as a TechNet Wiki
here.
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.thanks for the tip - but you should create this as a wiki article as it will be easier to reference in the future
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
My Blog
LinkedIn:
Maybe you are looking for
-
IllegalStateException while invoking livecycle formserver using java api
I am new to livecycle formserver.when i am trying to invoke formserver using java api ,it is giving illegal state exception.My servlet application to invoke formserver is deployed in tomcat 5.o in one system and jboss with formserver is in anohter sy
-
Right now we have Unbreakable Enterprise Kernel - based on a later Linux 2.6-series kernel Does anyone know when the UEK for linux 3.10 will be release? I need to make use of its new SSD capability using bcache.
-
Hi guys, please may someone explain to me how I fill a page and browser with a slide show? Can I edit the pre-set ones in Muse already available or do I have to create one in Edge Animate please? I am wanting to literally have an image cover the ent
-
My client with autism needs to be able to speak/sing into a microphone and simultaneously hear his voice through a headset, preferably with reverb set on high. Is it possible to do this with the iPad and OS7? If so, what setup do I need? I have a
-
2 questions about blog section
Hi, On my blog section, there are 2 strange things going on. First, the text color on my main blog page is red, and I cannot edit it there, it says I have to edit it on my entries page. I do this, and the red still stays there...any ideas why? Also,