SCCM 2012 Clients at Secondary Site don't update and shows status as INACTIVE
I have 1 Primary site and 1 Secondary sites. I have setup Secondary site Boundaries using IP subnet. I see that the systems from secondary
site show in the console and they all have clients installed but however 60% of the system shows client activity as INACTIVE and not receiving any heartbeat DDR none of the system showing hardware inventory. I am not positive
where to look as far as logs are concerned. I think the clients aren't receiving policy like they should.
Just to give a brief idea, Secondary Site server crashed and we had to rebuild the server and re install secondary site after rebuilding all the
problem. Everything is working fine in Primary site.
Secondary site is communicating with primary site MP and DP
I have checked MPcontrol.log it shows status as OK
I am able to install client through console but yes when I check the configuration manager properties it shows CCM Notification Agent as DISSABLED
and in the Action Tab Machine and User policy are the only cycles showing.
Checked replmgr.log and rclctrl.log but it’s not showing any error
Only log file which shows error is bgdserver.log ( pasting log errors )
ERROR: SQL exception when retrieve client certificate from DB. Exception: The EXECUTE permission was denied on the object 'sp_GetPublicKeyForSMSID', database 'CM_PRI',
schema 'dbo'. -2146232060 SMS_NOTIFICATION_SERVER 05-07-2014 12:09:01 3968 (0x0F80)
ERROR: Can't do post authentication without client certificate stored in regsitration. SMS_NOTIFICATION_SERVER
05-07-2014 12:09:01 3968 (0x0F80)
ERROR: Failed to authenticate with client [::ffff:10.5.55.88]:49623. SMS_NOTIFICATION_SERVER 05-07-2014
12:09:01 3968 (0x0F80)
ERROR: SQL exception when retrieve client certificate from DB. Exception: The EXECUTE permission was denied on the object 'sp_GetPublicKeyForSMSID', database 'CM_PRI',
schema 'dbo'. -2146232060 SMS_NOTIFICATION_SERVER 05-07-2014 12:09:01 3968 (0x0F80)
ERROR: Can't do post authentication without client certificate stored in regsitration. SMS_NOTIFICATION_SERVER
05-07-2014 12:09:01 3968 (0x0F80)
ERROR: Failed to authenticate with client [::ffff:10.5.62.68]:49923. SMS_NOTIFICATION_SERVER 05-07-2014
12:09:01 3968 (0x0F80)
ERROR: SQL exception when retrieve client certificate from DB. Exception: The EXECUTE permission was denied on the object 'sp_GetPublicKeyForSMSID', database 'CM_PRI',
schema 'dbo'. -2146232060 SMS_NOTIFICATION_SERVER 05-07-2014 12:09:06 3968 (0x0F80)
ERROR: Can't verify signature in message without client certificate for client SCCM GUID:B47059B1-D4E4-41A2-BC88-486A597FE399
SMS_NOTIFICATION_SERVER 05-07-2014 12:09:06 3968 (0x0F80)
ERROR: Invalid hook to be decoded. Authentication SMS_NOTIFICATION_SERVER
05-07-2014 12:09:06 3968 (0x0F80)
ERROR: Failed to decode message body (<BgbSignInMessage TimeStamp="2014-07-05T06:39:01Z"><ClientType>SCCM</ClientType><ClientVersion>5.00.7804.1000</ClientVersion><ClientID>GUID:B47059B1-D4E4-41A2-BC88-486A597FE399</ClientID></BgbSignInMessage>)
with message header
Help me resolve this issue as I am struggling to resolve this for almost 2 weeks.
Please let me know which logs are helpful and I'll try to add it to replies.
Hi,
Quote:"see that the systems from secondary site show in the console and they all have clients installed but however 60% of the system shows client activity as INACTIVE and not receiving any heartbeat DDR none of the system showing hardware inventory. "
So not all the clients show inactive? Have you checked the logs in an inactive client? Such as ClientIDManagerStartup.log.
Have you checked Secondary Site server's computer name from SQL logins? You could try to remove this account, wait a while, recreate the same computeraccount login with sysadmin access. (http://social.technet.microsoft.com/Forums/en-US/d5383c23-6b71-47cc-9fad-fda82a44a3aa/secondary-site-showing-inactive-clients?forum=configmanagerdeployment)
You could use Configuration Analyzer for System Center 2012 R2 to troubleshoot issues.
http://technet.microsoft.com/en-us/library/dn469435.aspx
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Similar Messages
-
Endpoint Protection clients no getting updates from SCCM 2012 in new Secondary Site
I recently stood up a secondary site behind a PCI firewall to manage PCI in-scope systems. All of my boundaries are properly configured and there are no overlaps. I am able to push packages to these clients and the clients are reporting as healthy however
I am not able to get updates to the SCEP clients. There is no internet access from these systems so I have to rely on updates from SCCM. From what I can see in the WindowsUpdate log it is only trying to go to Microsoft for the definitions. Here is the Log:
2014-04-30 11:05:09:739
828 da8
Misc WARNING: Send failed with hr = 80072ee2.
2014-04-30 11:05:09:739
828 da8
Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
2014-04-30 11:05:09:739
828 da8
Misc WARNING: Send request failed, hr:0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
error 0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-04-30 11:05:09:739
828 da8
SLS FATAL: GetResponse failed with hresult 0x80072ee2...
2014-04-30 11:05:09:739
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
2014-04-30 11:05:09:739
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetEndpointFromSLS - Failed to get client data and init parser, error = 0x80072EE2
2014-04-30 11:05:09:739
828 da8
EP FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL, error = 0x80072EE2
2014-04-30 11:05:09:739
828 da8
Agent WARNING: Failed to obtain the authorization cab URL for service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0
2014-04-30 11:05:09:739
828 da8
Agent FATAL: Caller <NULL> failed to opt in to service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0X80072EE2
2014-04-30 11:05:09:739
828 da8
SLS Retrieving SLS response from server...
2014-04-30 11:05:09:739
828 da8
SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422
2014-04-30 11:05:30:742
828 da8
Misc WARNING: Send failed with hr = 80072ee2.
2014-04-30 11:05:30:742
828 da8
Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
2014-04-30 11:05:30:742
828 da8
Misc WARNING: Send request failed, hr:0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
error 0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-04-30 11:05:30:742
828 da8
SLS FATAL: GetResponse failed with hresult 0x80072ee2...
2014-04-30 11:05:30:742
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
2014-04-30 11:05:30:742
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetSecondaryServicesEnabledState - Failed to get client data and init parser, error = 0x80072EE2
2014-04-30 11:05:30:742
828 da8
Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80248014
2014-04-30 11:05:30:742
828 da8
Agent * WARNING: Exit code = 0x80248014
2014-04-30 11:05:30:742
828 da8
Agent *********
2014-04-30 11:05:30:742
828 da8
Agent ** END ** Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB) Id = 9]
2014-04-30 11:05:30:742
828 da8
Agent *************
2014-04-30 11:05:30:742
828 da8
Agent WARNING: WU client failed Searching for update with error 0x80248014
2014-04-30 11:05:30:742
828 da8
IdleTmr WU operation (CSearchCall::Init ID 9, operation # 99) stopped; does use network; is not at background priority
2014-04-30 11:05:30:742
828 da8
IdleTmr Decremented PDC RefCount for Network to 0
2014-04-30 11:05:30:742
828 da8
IdleTmr Decremented idle timer priority operation counter to 0
2014-04-30 11:05:30:743
576 12c0
COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-04-30 11:05:30:743
576 12c0
COMAPI - Updates found = 0
2014-04-30 11:05:30:743
576 12c0
COMAPI - WARNING: Exit code = 0x00000000, Result code = 0x80248014
2014-04-30 11:05:30:743
576 12c0
COMAPI ---------
2014-04-30 11:05:30:743
576 12c0
COMAPI -- END -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-04-30 11:05:30:743
576 12c0
COMAPI -------------
2014-04-30 11:05:30:743
576 1254
COMAPI WARNING: Operation failed due to earlier error, hr=80248014
2014-04-30 11:05:30:743
576 1254
COMAPI FATAL: Unable to complete asynchronous search. (hr=80248014)
The log is from a Server 2012 R2 Client. The only thing I was able to find was this Article which did not resolve my issue. Anyone else encounter anything similar? Any help would be appreciated.
Regards, Evan Mills - Systems AdministratorEvery two hours is too aggressive for the ADR. Definitions are only released 2-3 times a day so every 8 hours is what most consider best practice. Is your WSUS sync occurring every two hours as well? If not, then the ADR wouldn't have anything new to pick
up anyway. It's best to set the WSUS sync for every 8 hours and then set the ADR to run after any successful WSUS sync.
So the EP definitions are caching but not installing? What does the WUAHandler.log show? One of my machines shows the following which indicates a successful installation from the ConfigMgr delivered update:
1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.933.0) (0a156122-d4f8-4215-9e63-8f0f1e32c9c6, 200) WUAHandler 4/30/2014 6:49:33 AM 11080 (0x2B48)
Async installation of updates started. WUAHandler 4/30/2014 6:49:34 AM 11080 (0x2B48)
Update 1 (0a156122-d4f8-4215-9e63-8f0f1e32c9c6) finished installing (0x00000000), Reboot Required? No WUAHandler 4/30/2014 6:50:23 AM 8664 (0x21D8)
Async install completed. WUAHandler 4/30/2014 6:50:23 AM 8664 (0x21D8)
Installation of updates completed. WUAHandler 4/30/2014 6:50:23 AM 11032 (0x2B18)
It sounds like if you set "Check for Endpoint Protection definitions at a specific interval" to 0 then it would prevent the WindowsUpdate.log activity you're seeing when the EP client tries to reach out for updates. -
Manage SCCM 2012 clients in DMZ (OS Deploy, Windows updates) via DP/MP
Hi,
We ’d like to manage (=OS Deploy, Packages,Windows updates) Windows clients (Windows 2008/2012 R2 servers for now, about 20 of them) in a DMZ (= different domain).
There is this article
https://nikifoster.wordpress.com/2011/01/31/installing-configmgr-clients-on-servers-in-a-dmz/ which explains what to do … in 2011. Since then lots of things are changed I guess
Before I dive in, I’d need to have an overview + do some administrative tasks (like asking for firewall accesses).
Current setup DMZ:
Our SCCM 2012 R2 server is on a Windows 2008 R2 OS
Client communication is done via HTTP (not HTTPS)
An extra physical Distribution point is setup (only DP, nothing more) in our current domain
A new Windows 2012 server is setup in the DMZ which should host the DP and probably management point (since it should manage the clients over there)
There are clients in DMZ that are currenlty managed by SCCM 2007 but
this server will be phased out, these client have:
Correct sccm functionality
Correct DNS resolution
My steps/questions, please comment:
Add the DMZ ip range to SCCM 2012 boundary as “DMZ”
Add the network access account to be able to deploy as well clients as distribution point in DMZ
In the DMZ accesses on firewall for server VLAN have to be asked
When we have a distribution point and communication is “HTTP only” then http (port 80) from DMZ to sccm server should suffice, correct? Or are
extra firewall openings needed for management point access/packages and windows updates sync?
Now the sccm clients will be deployed to the servers in DMZ: deploy SCCM clients to hosts in DMZ, how this should be done: we connect a console to the SCCM-server in the DMZ then deploy the discovered clients?
OS Deploy should be made available, but no dhcp is available in DMZ and it is not an option either, therefore we would boot from an ISO then enter an ip (or pre-enter it so there is already filled in an ip?). So tasksequences/deployments
for servers in DMZ, where are they configured/deployed then? Via console access on DMZ management point or can we deploy on our domain SCCM management point (not in DMZ) and it will be synced to the DMZ management point? Not clear
Selective sync of software to this distribution point (howto? not sure), we don’t need any Windows 8 software/drivers to be synced.
Thanks for your input!
J.
Jan HoedtNo comment;
I think you mean the client push installation account and the site system installation account;
More ports are required, see site server > distribution point and distribution point > management point from the provided link;
The console will always be connected to your primary site server. The client will be pushed from the primary site server and it will provide the initial files. The other files will be downloaded from the local distribution point;
The task sequence deployment will be just like a normal taks sequence deployment. The only difference is the location of the server;
Only the content that's distributed to the distribution point in the DMZ will be available on that distribution point.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
SCCM 2012 client push occurs from site server or from distribution point?
I would like to set up client push in SCCM 2012 and I have a remote site with about 80 workstations that I would like to deploy the clients to using client push, but this remote site is VERY slow, as in less than 3Mbps slow. There is a remote DP located
at this site and I wanted to know if the remote workstations will be hammering my Site Server across the WAN (or MP I guess since the MP role is i installed on the Site Server) to request the client installation, or do the clients just request the client from
the Site Server or MP and then the client downloads to the remote DP and then the workstations install the SCCM 2012 client from the local DP at the remote site?
I just do NOT want the WAN link to become overwhelmed with workstation requests to install the client and have the Site Server have to respond to each and every workstation and download the SCCM 2012 client to each system over this slow WAN link.
How does the client push process actually work?
Thank youThe initial files will come from the primary site server. The rest (the biggest part) will come of the distribution point. See for a good read (even though it's more about secondary sites), this post of Jason:
http://blog.configmgrftw.com/secondary-sites-and-boundary-groups/
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Using a custom certificate store for SCCM 2012 clients and primary site server
I have read what seems to be all the pki related documentation out there for SCCM 2012. I have a PKI infrastructure up and running issueing certificates with an offline root through group policy autoenrollment. The problem that i'm faced with is we are migrating
from SCCM 2007 that was in native mode and we chose not to use the CA that we used for the old SCCM environment. When the clients attempt to communicate with the M.P. it runs through all of the different certificates and adds a tremendous amount of overhead
to the M.P. We will have ten's of thousands of clients by migration end. Could someone please point me to a document that goes over how to leverage a custom certificate store that I could then tell the new 2012 environment to use? I know that it's in there,
I've seen it in the console. The setup is one primary site server with SQL on box and the pki I just mentioned as well as the old 2007 environment that is still live.
I read that you can try and use SAN as a method of identifying the new certs but I haven't found a good document covering exactly how that works. Any info you could provide I would be very grateful for. Thanks.Jason, thank you for your reply. I'm getting the impression that you have never been in the situation where you had to deal with 2 different PKI environments. Let me state that I understand what your saying about trust. We have to configure the trusted root
CA via GPO. That simply isn't enough, and I have a valid example to backup this claim. When the new clients got the advertisement and began the ccmsetup process I used the /pki switch among others. What the client end up doing was selecting a certificate that
had the longest validity period which was issued by our old CA. It checked the authentication chain, found it to be valid and selected it for communication. At that point the installation failed, period, no caveats as you say. The reason the install failed
because the new PKI infrastructure is integrated into the new environment, and the old is not. So when you said " that
are trusted and they can use *any* cert that is trusted because at the end of the day, there is no
difference between two valid certs that have the same purpose as long as they are trusted. "
that is not correct. Both certs are trusted, and use the same certificate template, but only one certificate would allow the install to complete successfully.
Once I started using the CCMCERTISSUERS
switch the client install went swimmingly. The only reason I'm still debating this point is because someone might read this thread see your comments and assume "well I've got my new PKI configured as a trusted root CA, I should be all set" and their
deployment will fail, just as my pilot did.
About Intune I'm looking forward to doing a POC in the lab i built with my Note 3. I'm hoping it goes well as I really want to have our MDM migrated into ConfigMgr... I think the
biggest obstacle outside of selling it to management will be the actual device migration from the current MDM solution. From what I understand of the enrollment process manual install and config is the only path forward.
Thanks Jason for your post and discussion. -
Assign the exsiting clients to Secondary site
Hi Guys,
I need some directions to following issues.
We have SCCM 2012 SP1, managing clients in 2 different countries.
We have primary site in country A and secondary site in country B.
Under country A we have 2000 clients in various locations and in country B we have 5000 clients across various locations.
The link between country A and B is very limited (8MB) link. So recently the link getting smashed because of most of the clients from country B are assigned to Primary site in country A. Also we have SUP installed only on the primary server, which means all
the clients were getting the updates Catalog through WAN.
So we have installed secondary SUP in country B, however most of the clients from country B still getting the updates from primary SUP.
Now, what we are trying to achieve is;
First, assign all the clients in country B to secondary site.
Second, switch the country B clients from primary SUP to secondary SUP.
So to switch the clients to secondary site, under the boundary groups -> references ->Site Assignment we have chosen to assigned site to Secondary site.
Now,
1, how can we assign the clients to a secondary site? How long will it take to show up in the location log? It has been 24 hours and still the client machines location log showing the primary site MP details. Is there any way we can force
this process to speed up?
2, when we assign the existing clients from Primary site to secondary site, will it reassign SUP to secondary site as well? If No, how can we force the existing clients to communicate with secondary SUP?
I know, the SUP switch will only be possible when the primary SUP is not available and after x times of re-tries the client will fall back to the secondary SUP. In our scenario we cannot make our primary SUP offline, if we do this then all the clients from
country A will get the Catalog from secondary site, which will cause the network issues. So Apart from this, is there any other way (Resetting ANY client policies, uninstalling and re-instilling client, any other settings we can do to re-check the SUP) to
switch to secondary SUP?
Any help/ideas will be much appreciated.Is the management point at the secondary site published to active directory? The clients will try to query AD to find their local Management Point.
Clients search for a Management Point by using the below options in the order specified:
Management point
Active Directory
Domain Services
DNS
WINS
http://systemcenter.learnmsexchange.com/system-center/system-center-2012/sccm-2012/8-management-points-in-sccm-2012
If you haven't published the MP to AD for the secondary site there is a chance the clients just don't see it. The MP is installed on the same server as the secondary site, correct? What hardware are you running this secondary site on (cpu and ram)? -
SCCM 2012 Client Install Failing ONLY on 8.1 Machines - Advice?
Good morning,
I've got a rather interesting situation. We have a SCCM 2012 site configured for https, the site server is acting as the MP and DP, and we are installing the client via the SCCM 2012 Client GPO. Our cert is an InCommon cert. We have 4000+
Windows 7 machines that are able to install the client. We tested on a Window 8 machine and the client install works as well. Whenever a Windows 8.1 machine tries to install it fails. We have checked the boundaries (we can't specify IP ranges
since we don't manage the whole network). I can manually browse to the source files on the MP/DP. The switches we use when installing via the GPO are /usepkicert /mp:[redacted] CCMHTTPSSTATE=63 SMSSITECODE=[redacted] SMSCACHESIZE=12288. However,
it always fails with:
<![LOG[GetDPLocations failed with error 0x80004005]LOG]!><time="09:33:26.329+300" date="03-13-2015" component="ccmsetup" context="" type="3" thread="12944" file="siteinfo.cpp:532">
<![LOG[Failed to get DP locations as the expected version from MP 'https://[redacted]'. Error 0x80004005]LOG]!><time="09:33:26.329+300" date="03-13-2015" component="ccmsetup" context="" type="2"
thread="12944" file="ccmsetup.cpp:11261">
<![LOG[Failed to find DP locations from MP 'https://[redacted]' with error 0x80004005, status code 403. Check next MP.]LOG]!><time="09:33:26.329+300" date="03-13-2015" component="ccmsetup" context="" type="2"
thread="12944" file="ccmsetup.cpp:11117">
<![LOG[Only one MP https://[redacted] is specified. Use it.]LOG]!><time="09:33:26.330+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="12944" file="ccmsetup.cpp:10080">
<![LOG[Have already tried all MPs. Couldn't find DP locations.]LOG]!><time="09:33:26.330+300" date="03-13-2015" component="ccmsetup" context="" type="3" thread="12944" file="ccmsetup.cpp:11146">
<![LOG[MapNLMCostDataToCCMCost() returning Cost 0x1]LOG]!><time="09:33:26.332+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="12944" file="ccmutillib.cpp:5479">
<![LOG[GET 'https://[redacted]/CCM_Client/ccmsetup.cab']LOG]!><time="09:33:26.333+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="12944" file="httphelper.cpp:807">
<![LOG[Failed to successfully complete WinHttp request. (StatusCode at WinHttpQueryHeaders: 403)]LOG]!><time="09:33:26.366+300" date="03-13-2015" component="ccmsetup" context="" type="3" thread="12944"
file="httphelper.cpp:1013">
<![LOG[DownloadFileByWinHTTP failed with error 0x80004005]LOG]!><time="09:33:26.366+300" date="03-13-2015" component="ccmsetup" context="" type="3" thread="12944" file="httphelper.cpp:1081">
<![LOG[A Fallback Status Point has not been specified. Message with STATEID='308' will not be sent.]LOG]!><time="09:33:26.367+300" date="03-13-2015" component="ccmsetup" context="" type="1"
thread="12944" file="ccmsetup.cpp:9763">
<![LOG['Configuration Manager Client Retry Task' is scheduled to run at 03/13/2015 02:33:26 PM (local) 03/13/2015 07:33:26 PM (UTC) time with arguments ' "/usepkicert" "/mp:[redacted]" "CCMHTTPSSTATE=63" "SMSSITECODE=AHC"
"SMSCACHESIZE=12288" /RetryWinTask:1'.]LOG]!><time="09:33:26.369+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="10100" file="wintask.cpp:315">
<![LOG[CcmSetup failed with error code 0x80004005]LOG]!><time="09:33:26.409+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="10100" file="ccmsetup.cpp:10879">
Anyone have any idea why this is happening only on 8.1 machines? I can't think of where else to check. Thanks for any help.Okay, so I installed via the following: ccmsetup.exe /usepkicert /source:C:\Client CCMHTTPSSTATE=63 SMSSITECODE=AHC SMSCACHESIZE=12288 and the client installed. But you're right, the CCMMessaging.log is full of https errors. I know it's
something with the cert and I've even requested new ones from the CA. However, why what is it about 8.1 that is causing the issues? Like I said, we have 4000 machines using the same client authentication cert and they work. I've cut and paste
some of the log entries. One thing to note is the \\[redacted]\sms_ahc\client\ccmsetup.exe in the beginning was using the internet FQDN. Everything else is using the intranet location. Does that provide any insight as to what is going
on?
\\[redacted]\sms_ahc\client\ccmsetup.exe /usepkicert /source:C:\Client CCMHTTPSSTATE=63 SMSSITECODE=AHC SMSCACHESIZE=12288
<![LOG[Successfully sent security settings refresh message.]LOG]!><time="12:43:12.834+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="ccmhttperror.cpp:369">
<![LOG[Successfully sent location services HTTPS failure message.]LOG]!><time="12:43:12.837+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="ccmhttperror.cpp:396">
<![LOG[Post to https://[redacted]/ccm_system_windowsauth/request failed with 0x87d00231.]LOG]!><time="12:43:12.837+300" date="03-16-2015" component="CcmMessaging" context="" type="2" thread="5452"
file="messagequeueproc_outgoing.cpp:442">
<![LOG[[CCMHTTP] ERROR: URL=https://[redacted]/ccm_system_windowsauth/request, Port=443, Options=63, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="12:45:12.880+300" date="03-16-2015" component="CcmMessaging"
context="" type="1" thread="5452" file="ccmhttperror.cpp:297">
<![LOG[Raising event:
instance of CCM_CcmHttp_Status
DateTime = "20150316174512.883000+000";
HostName = "[redacted]";
HRESULT = "0x87d0027e";
ProcessID = 8572;
StatusCode = 403;
ThreadID = 5452;
]LOG]!><time="12:45:12.883+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="event.cpp:715">
<![LOG[Successfully sent security settings refresh message.]LOG]!><time="12:45:12.889+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="ccmhttperror.cpp:369">
<![LOG[Successfully sent location services HTTPS failure message.]LOG]!><time="12:45:12.892+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="ccmhttperror.cpp:396">
<![LOG[Post to https://[redacted]/ccm_system_windowsauth/request failed with 0x87d00231.]LOG]!><time="12:45:12.892+300" date="03-16-2015" component="CcmMessaging" context="" type="2" thread="5452"
file="messagequeueproc_outgoing.cpp:442"> -
SCCM 2012 Client delpoyment in SCCM 2007 Native world
Hi Team,
In my account I have SCCM 2007 running in Native mode.... we do not support internet based clients there..but work on HTTPS only. Now I have implemented SCCM 2012 R2 there and now testing the client migration so that I can upgrade the SCCM client agent from
2007 to 2012. In SCCM 2012 we have to support internet based clients and so the SCCM 2012 client which we need to install should be compatible on internet and intranet both
The plan is to use the existing SCCM 2007 infra to do that. Send the ccmsetup.exe ( of SCCM 2012 ) in a package to all the clients via SCCM 2007 Software Distribution and trigger SCCM 2012 installation.
Just to do a small test I did this :
1. Created a folder in C drive of a client machine and copied the ccmsetup.exe ( of SCCM 2012 ) in it.
2. Tried to trigger the installation with below mentioned commandlines..... but getting error as mentioned below.... Please help.
Command line used :
Here ABCD.contoso.org is the intranet MP and PQRS.dmzone.org is internet MP
CCMSetup.exe /UsePKICert /NoCRLCheck smsmp=ABCD.contoso.org ccmhostname=PQRS.dmzone.org smssitecode=ABC
CCMSetup.exe /UsePKICert /NoCRLCheck smsmp=ABCD.contoso.org smssitecode=ABC
CCMSetup.exe smsmp=ABCD.contoso.org smssitecode=ABC
Error in ccmsetup.log
<![LOG[==========[ ccmsetup started in process 3068 ]==========]LOG]!><time="12:49:12.547+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="ccmsetup.cpp:9441">
<![LOG[Running on platform X64]LOG]!><time="12:49:12.548+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="util.cpp:1892">
<![LOG[Updated security on object C:\Windows\ccmsetup\cache\.]LOG]!><time="12:49:12.548+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="5076" file="ccmsetup.cpp:9285">
<![LOG[Launch from folder C:\Windows\ccmsetup\]LOG]!><time="12:49:12.548+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="ccmsetup.cpp:721">
<![LOG[CcmSetup version: 5.0.7958.1401]LOG]!><time="12:49:12.549+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="ccmsetup.cpp:727">
<![LOG[Successfully started the ccmsetup service]LOG]!><time="12:49:12.550+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="4744" file="ccmsetup.cpp:3271">
<![LOG[Deleted file C:\Windows\ccmsetup\ccmsetup.exe.download]LOG]!><time="12:49:12.551+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="4744" file="ccmsetup.cpp:9497">
<![LOG[In ServiceMain]LOG]!><time="12:49:12.552+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmsetup.cpp:3365">
<![LOG[Folder 'MicABCoft\Configuration Manager' not found. Task does not exist.]LOG]!><time="12:49:12.556+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="4744"
file="wintask.cpp:622">
<![LOG[CcmSetup is exiting with return code 0]LOG]!><time="12:49:12.556+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="4744" file="ccmsetup.cpp:10879">
<![LOG[Running on 'MicABCoft Windows 7 Enterprise ' (6.1.7601). Service Pack (1.0). SuiteMask = 272. Product Type = 18]LOG]!><time="12:49:12.618+300" date="11-11-2014" component="ccmsetup" context="" type="1"
thread="3284" file="util.cpp:1974">
<![LOG[Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice "/UsePKICert" "/NoCRLCheck" "smssitecode=ABC"]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup"
context="" type="1" thread="3284" file="ccmsetup.cpp:3590">
<![LOG[Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required.]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context=""
type="1" thread="3284" file="ccmsetup.cpp:3775">
<![LOG[Command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice "/UsePKICert" "/NoCRLCheck" "smssitecode=ABC"]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup"
context="" type="1" thread="3284" file="ccmsetup.cpp:3776">
<![LOG[SslState value: 448]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmsetup.cpp:4425">
<![LOG[CCMHTTPPORT: 80]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8621">
<![LOG[CCMHTTPSPORT: 443]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8636">
<![LOG[CCMHTTPSSTATE: 448]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8654">
<![LOG[CCMHTTPSCERTNAME: ]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8672">
<![LOG[FSP: ]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8724">
<![LOG[CCMFIRSTCERT: 1]LOG]!><time="12:49:12.619+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:8782">
<![LOG[HTTPS is enforced for Client. The current state is 31.]LOG]!><time="12:49:12.621+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmutillib.cpp:403">
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="12:49:12.623+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmcert.cpp:4393">
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmcert.cpp:4550">
<![LOG[Begin to select client certificate]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmcert.cpp:4706">
<![LOG[The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context=""
type="0" thread="3284" file="ccmcert.cpp:4742">
<![LOG[1 certificate(s) found in the 'MY' certificate store.]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmcert.cpp:4770">
<![LOG[Only one certificate present in the certificate store.]LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmcert.cpp:4774">
<![LOG[Begin validation of Certificate [Thumbprint 50051EB74624621341900739D65706D8089A0941] issued to 'D-LJACKNVM7X64.ABClan.org']LOG]!><time="12:49:12.624+300" date="11-11-2014" component="ccmsetup" context=""
type="1" thread="3284" file="ccmcert.cpp:1662">
<![LOG[Failed to get certificate key provider information. Error 0x80092004]LOG]!><time="12:49:12.626+300" date="11-11-2014" component="ccmsetup" context="" type="3" thread="3284" file="ccmcert.cpp:1199">
<![LOG[The Certificate [Thumbprint 50051EB74624621341900739D65706D8089A0941] issued to 'D-LJACKNVM7X64.ABClan.org' has 'Client Authentication' capability.]LOG]!><time="12:49:12.633+300" date="11-11-2014" component="ccmsetup"
context="" type="0" thread="3284" file="ccmcert.cpp:582">
<![LOG[Completed validation of Certificate [Thumbprint 50051EB74624621341900739D65706D8089A0941] issued to 'D-LJACKNVM7X64.ABClan.org']LOG]!><time="12:49:12.633+300" date="11-11-2014" component="ccmsetup" context=""
type="1" thread="3284" file="ccmcert.cpp:1803">
<![LOG[>>> Client selected the PKI Certificate [Thumbprint 50051EB74624621341900739D65706D8089A0941] issued to 'D-LJACKNVM7X64.ABClan.org']LOG]!><time="12:49:12.633+300" date="11-11-2014" component="ccmsetup"
context="" type="1" thread="3284" file="ccmcert.cpp:4850">
<![LOG[Raising event:
instance of CCM_ServiceHost_CertRetrieval_Status
ClientID = "GUID:A5879665-7A1B-4529-827E-52FA34ABD384";
DateTime = "20141111174912.640000+000";
HRESULT = "0x00000000";
ProcessID = 3068;
ThreadID = 3284;
]LOG]!><time="12:49:12.640+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="event.cpp:715">
<![LOG[Failed to submit event to the Status Agent. Attempting to create pending event.]LOG]!><time="12:49:12.643+300" date="11-11-2014" component="ccmsetup" context="" type="2" thread="3284"
file="event.cpp:737">
<![LOG[Raising pending event:
instance of CCM_ServiceHost_CertRetrieval_Status
ClientID = "GUID:A5879665-7A1B-4529-827E-52FA34ABD384";
DateTime = "20141111174912.640000+000";
HRESULT = "0x00000000";
ProcessID = 3068;
ThreadID = 3284;
]LOG]!><time="12:49:12.643+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="event.cpp:770">
<![LOG[Successfully submitted pending event to WMI.]LOG]!><time="12:49:12.648+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="event.cpp:813">
<![LOG[CCMCERTID: MY;50051EB74624621341900739D65706D8089A0941]LOG]!><time="12:49:12.649+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmsetup.cpp:8803">
<![LOG[No MP or source location has been explicitly specified. Trying to discover a valid content location...]LOG]!><time="12:49:12.649+300" date="11-11-2014" component="ccmsetup" context="" type="1"
thread="3284" file="ccmsetup.cpp:4729">
<![LOG[Looking for MPs from AD...]LOG]!><time="12:49:12.649+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="ccmsetup.cpp:4737">
<![LOG[Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=ABC))']LOG]!><time="12:49:13.226+300" date="11-11-2014" component="ccmsetup" context="" type="0"
thread="3284" file="lsad.cpp:657">
<![LOG[OperationalXml '<ClientOperationalSettings><Version>5.00.7958.1000</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>448</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers></CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202F0308201D8A003020102021012B6F63E56359BB9493496A444140A76300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3134303931383135313330355A180F32313134303832363135313330355A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100D2F099DE475F5360729CBD0CEB1F9DC291383C9787E19DEA9CBE8988799E60CA26CB3FEBF2E4115FE6D8A6B42E063E72B2B035BEFA0BA9D8FB9E892366699A25FB9F10956770DAC5DD650CBAFB1BC46DACE2F2A777C42D269366361B6207318D5ED52D32078EA0D59CDBE13892B1A7BD7E21CD748B6BF636D9901610BE6D8D363646651ACB10440EE31F9F36FA48227631D9989E8349B888C3C4959E79AC0C4B579F10F41D30285B478FCED289AA23066D407D73AF73408D7609442EC7AC32F96EABB176E42159BEFDF6537864FEFC9F8491DA7C6BB9BCB99C5FF7E31ADC294FFD49088899C1698F44FE9F1C18046AF8255A521C6910AC113845997960ECA8070203010001A3383036301E0603551D11041730158213524F534E543232312E6574736C616E2E6F726730140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B050003820101002061E3AC32E4EAF2BEA7CF3004372C1FA61B5114B3CB838FA92A2037D1A26FB2926F2D3FB000B1249099E513BBD76DCB01D74BD6A273CCEAE84CD87F77D8BBB256F4FA58030B8DADC3F6C8B84967D8F7DFA81FE2C57426AB918CC61E42D5838C4A40D84F39E1B3288415609F2C3B0E52988EAB6E155A68725828B09D7475D9ED764DFD976F1D40CCEFAAD5E0F3B21E4DE7EA0BFEF617D4C8459C8E37B49EFBCF0C3921B2FD74BFDBEFFEF1B0CB1A1C85C5F3A16AE974DF3AB0E28EED844C43AB0E3F564C82FCD986CC429057702680B3869765A2A5128EC1EC378F90A9E4BA27572E64F500E645CFA5CBC300EAC980D68E6B96A1E1C7D95B2041CC807F7C74FF</SiteSigningCert></SecurityConfiguration><RootSiteCode>ABC</RootSiteCode><CCM>
<CommandLine>SMSSITECODE=ABC</CommandLine> </CCM><FSP> <FSPServer></FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSLState" Value="0" /></Capabilities><Domain
Value="ABClan.org" /><Forest Value="ABCroot.org" /></ClientOperationalSettings>']LOG]!><time="12:49:13.378+300" date="11-11-2014" component="ccmsetup" context="" type="0"
thread="3284" file="lsadcache.cpp:236">
<![LOG[The MP name retrieved is 'ABCD.contoso.org' with version '7958' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>']LOG]!><time="12:49:13.381+300"
date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsadcache.cpp:334">
<![LOG[MP 'ABCD.contoso.org' is not compatible]LOG]!><time="12:49:13.382+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsadcache.cpp:345">
<![LOG[Retrieved 0 MP records from AD for site 'ABC']LOG]!><time="12:49:13.382+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="lsadcache.cpp:287">
<![LOG[FromAD: command line = SMSSITECODE=ABC]LOG]!><time="12:49:13.383+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="ccmsetup.cpp:288">
<![LOG[Local Machine is joined to an AD domain]LOG]!><time="12:49:13.383+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="lsad.cpp:715">
<![LOG[Current AD forest name is ABCroot.org, domain name is ABClan.org]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsad.cpp:843">
<![LOG[Domain joined client is in Intranet]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsad.cpp:1048">
<![LOG[CMPInfoFromADCache requests are throttled for 01:07:08]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="0" thread="3284" file="lsadcache.cpp:173">
<![LOG[No valid source or MP locations could be identified to download content from. Ccmsetup.exe cannot continue.]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="3"
thread="3284" file="ccmsetup.cpp:4806">
<![LOG[Failed to parse '"C:\Windows\ccmsetup\ccmsetup.exe" /runservice "/UsePKICert" "/NoCRLCheck" "smssitecode=ABC"' with error 0x80004005]LOG]!><time="12:49:13.386+300" date="11-11-2014"
component="ccmsetup" context="" type="3" thread="3284" file="ccmsetup.cpp:4611">
<![LOG[A Fallback Status Point has not been specified. Message with STATEID='100' will not be sent.]LOG]!><time="12:49:13.386+300" date="11-11-2014" component="ccmsetup" context="" type="1"
thread="3284" file="ccmsetup.cpp:9767">
<![LOG[A Fallback Status Point has not been specified. Message with STATEID='307' will not be sent.]LOG]!><time="12:49:13.387+300" date="11-11-2014" component="ccmsetup" context="" type="1"
thread="3284" file="ccmsetup.cpp:9767">
<![LOG[CcmSetup failed with error code 0x80004005]LOG]!><time="12:49:13.388+300" date="11-11-2014" component="ccmsetup" context="" type="1" thread="5076" file="ccmsetup.cpp:10883">Hi Jason,
Thanks for your reply..... I tried with /mp switch.... but same error.... if you look at the logs it says
<![LOG[MP 'ABCD.contoso.org' is not compatible]LOG]!><time="12:49:13.382+300"
date="11-11-2014" component="ccmsetup" context="" type="1" thread="3284" file="lsadcache.cpp:345">
<![LOG[Retrieved 0 MP records from AD for site 'ABC']LOG]!>
Not sure why it is saying " not compatible " ... its a valid MP..... from the same client machine below links are working fine..
http://ABCD.contoso.org/sms_mp/.sms_aut?mpcert
http://ABCD.contoso.org/sms_mp/.sms_aut?mplist
Thanks,
Sam -
SCCM 2012 Client was removed but SCCM console still showing the status as "Yes"
Hi,
In a VM, SCCM 2012 client agent was removed and the VM was reverted back to a clean machine. SCCM console still shows the status as "Yes" even after the client agent was removed. Heartbeat Discovery is set to run every 1 hour.
Please guide on this.
Regards, Lorin DavisIt's kind like a person dying (sorry to be a bit morbid) -- how does the phone company know the person died? The dead person certainly can't tell them and the phone company doesn't query every person it services and ask them "are you alive?"
Thus, someone else must notify them of the person's passing. This is no different than a client agent "dying" in ConfigMgr. A ConfigMgr site never initiates communication with clients and thus something else needs to tell the site that the client
agent is dead. You! Or, an automated process (as Torsten mentioned) that goes through automatically marks a client as "dead" that hasn't been heard from in x number of days.
Jason | http://blog.configmgrftw.com | @jasonsandys -
Send SCCM 2012 client or re-send client to individual computer
We have a tech tools web portal and I need to add an item so techs can send the SCCM 2012 client to a machine. This will be used if they have to reinstall the client for some reason.
I had planned to use PowerShell and created the script only to find out that it requires too great a permissions role to connect to the SCCM drive so the cmdlets can be used.
I then thought I could just create a .CCR for a computer. But, the format for SCCM 2007 does not work for SCCM 2012.
Reasons we are approaching this in this manner are:
1) We want to install using the CURRENT client files. And, we don't want to copy those off to some other location and need to remember to update them when we update SCCM 2012.
2) We want the retry capability that comes with using .CCRs.
3) We want the "smartness" of the client install we have found. We have a distributed operation and doing the client install by an SCCM admin from the PowerShell script or via the right-click in the console allows SCCM to find the closest DP and
use client install files from a local source when available.
4) We have a LOT of desktop techs that we do not want having access to the SCCM console. There is just too high a learning curve. We want a simple tool.
One other thing to mention ... we cannot use the Generate CCR tool because we are not turning on client push (lots of valid reasons for this and some the SCCM admins don't think are valid, but the decision has been made for us :) )
Anyone have thoughts on how to have a simple tool to send the client install via script or .CCR?
Thanks in advance!You can't turn client push off -- you can turn *auto*-client push off though. The Generate CCR tool does not depend upon *auto*-client push though so there's no reason you can't use it.
Here's a blog post on the changes in the CCR process:
http://blogs.technet.com/b/neilp/archive/2012/07/03/client-push-installation-changes-in-configuration-manager-2012-and-how-to-take-advantage-of-these-for-troubleshooting-purposes.aspx
Jason | http://blog.configmgrftw.com -
SCCM 2012 clients in SCCM 2007 console
Hi
If a Windows 7 system has sccm 2012 client installed, will it get discovered in SCCm 2007 console.
Regards Sushain KApoorIf you enable AD discovery to this client, the client object will be discovered. Anyway, the SCCM 2012 clients cannot be managed by SCCM 2007. See below.
Configuration Manager also checks that you have assigned the Configuration Manager 2012 client to a site that supports the Configuration Manager client version. If you have used automatic site assignment and the client is assigned to a Configuration Manager
2007 site, the client automatically tries to find a Microsoft System Center Configuration Manager 2012 site. It first checks Active Directory Domain Services and if this is not successful (for example, the Active Directory schema is not extended or the computer
is a workgroup client), the client then checks for site information from its assigned management point. However, if the client was assigned with a specific site code and assigns to a Configuration Manager 2007 site, site assignment fails and you must manually
reassign the client to a Microsoft System Center Configuration Manager 2012 site.
Juke Chou
TechNet Community Support -
DPM 2012 R2 long backup to tape job randomly fail after installing SCCM 2012 Client
Hello,
I'm managing a two nodes 2012 R2 file server cluster that contains a 16To CSV. I'm using DPM 2012 R2 to backup this entire shared volume directly to LTO 4 tapes, the job last about 55h.
Since SCCM 2012 client has been installed(I don't manage it), the tape jobs are failing ramdomly after several hours with the error:
Type: Tape backup
Status: Failed
Description: The DPM service was unable to communicate with the protection agent on serverX.xxxx.xxx . (ID 52 Details: The semaphore timeout period has expired (0x80070079))
More information
End time: 19/07/2014 03:11:06
Start time: 18/07/2014 22:00:00
Time elapsed: 05:11:05
Data transferred: 768 289,56 MB
Cluster node serverX.xxxx.xxx
Source details: G:\
Protection group members: 1
Details
Protection group: File Server Tape Protection
Library: Quantum PX500 Series Medium Changer
Tape Label (Barcode): File Server Tape Protection-00000230 (000043L4)
If I uninstall SCCM 2012 client, no more issue, backups succeed. I've asked our SCCM team, no specific task has been scheduled or deployed in SCCM.
I can't see anything abnormal in logs.
Any idea?I have disabled "Configuration Manager Maintenance" and I have also tried to set the registry value HKLM\Software\Microsoft\CCM\CcmEval\NotifyOnly to TRUE and still the same issue.
I can't find any correlated errors in the Windows event logs, task scheduler history neither in the DPM logs.
I've increased the log level of DPM by following the following procedure
http://blogs.msdn.com/b/george_bethanis/archive/2013/11/04/how-to-collect-dpm-verbose-logs.aspx
Now i'm suspecting the maintenance job of Windows 2012 R2, i'll try to disabled this task. But the fact is that I don't have this backup issue if SCCM 2012 client is not installed.
I'm waiting for next logs and will keep you informed -
Upgrading SMS 2003 client to SCCM 2012 clients
How can we upgrade the existing SMS 2003 client to SCCM 2012 client. We are planning to upgrade our existing sms 2003 environment to SCCM 2012. It will be a fresh installation and side by side. My question is ...
1 can we upgrade the existing client to new version? How?
2 can we have both clients on same system?
Want to know the best possible way....for doing this.
Appreciate your suggestions/help....
Ravi.Ravi,
There is no upgrade path from 2003 to 2012. You can create a package in 2003 to uninstall and then install the 2012 client. There may be better ways to do this but at the moment that is what I have seen done in the past. The only other
solution I have dealt with was an OS refresh since the 2003 client most likely is running on XP systems?
Kris
I faced this situation, where we have old SMS2003 system with XP clients, and W7 migration is planned on 2012. Uninstallation of old ccmsetup is okay, but then offcourse all activity stops and new client is not installed within the same process. I put
everything on the same bat file, like ccmsetup.exe /uninstall and ccmsetup /mp:primarysiteserver... old client goes away, but then nothing happens. -
How can I remove the SCCM 2012 client and reinstall SCCM 2007 client on all of our computers
Hello All
We have bit of a problem. Our virtual SCCM 2012 r2 server was deleted and the back solution we had in place keeps failing.
We do have our sccm 2007 server still in place but its only role was imaging as we transferred roles from one to another.
My question is now our support needs to remote into pcs but cant because the CM12 server is gone. How can I remove the 2012 client from all of our companies computers and reinstall the CM07 client so we can remote into computers again.
Thanks in advance!
Phil
Phil BalderosRun a ccmsetup /uninstall on the clients. You may need to run via PSExec. Then push out the SCCM 2007 client via the 2k7 console.
Cheers
Paul | sccmentor.wordpress.com
Thanks Paul!
I have to do this on over 350 computers and 110 servers. How can I do it on a more massive scale?
Phil Balderos
I would check Torsten's approach first and see if the ccmsetup will uninstall the 2012 version. I'm not sure. Obviously the other way round is fine.
Using PSexec you can script this to call up a txt file of all your servers/computers and run the uninstall.
e.g.
for /f "tokens=*" %a in (computers.txt) do psexec \\%a %WINDIR%\ccmsetup\ccmsetup.exe /uninstall
If your account has privileges on all devices you won't need to add in any username/password credentials. Obviously only devices that are switched on and you have access to will run this.
Cheers
Paul | sccmentor.wordpress.com -
SCCM 2012 R2: does the sccm server itself need a sccm 2012 client?
Hi,
The question is simple. Reason, I update my SCCM 2012 R2 forefront clients via automatic update rule. The server itself has also the forefront/SCEP client but no sccm client.
So I wonder if in general it 's a good idea to install the sccm 2012 client to the SCCM server itself.
J.
Jan HoedtHi,
There is no document about installing the SCCM 2012 client to the SCCM server itself.
It's depends on whether you want to monitor the SCCM server.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Maybe you are looking for
-
Just bought a new iPhone 5 and wanted to send pics from my camera roll on my iphone 4 as a shared photo stream to my new phone and my wife's phone. I selected the pictures and created the photo stream and it showed up on my new phone and she was able
-
my sony xperia model acro s having problem with internet connection , always obtaining ip address .Please help my email . [email protected]
-
Putting a null character in a String?
Hi, I need to send a null character through a nio channel. Specifically, it needs to be decoded from a String into a byte array. Can I append a null character to a String so that getBytes() method will return it? Thanks, ranko
-
Alphabetize Faces in Photos for Mac
I have thousands of photos from a large party I took pictures at... I would really like to alphabetize the faces so that I can keep it organized, but without manually dragging faces around... Please let me know if this is possible somehow, or if I sh
-
I am using Weblogic portal server 7.0 SP2 Lately, whenever there is a backend system failure (database or any other system), eventually, all weblogic threads wait for the backend connection and get stuck. I get following message for all threads Execu