SCCM 2012 in child domain unable to publish to root domain

Similar Messages

• SCCM 2012 R2 - Software Center bug with publishing date ("available after")

  Hello everyone,
  we are using SCCM 2012 R2 together with Software Center to allow users the installation of +100 different software packages.
  This works out quite well; but some packages have always the date 10.04.1998 as publishing date, no matter if i have set a publishing date manually or not.
  here is a screenshot:
  this bug occurs with new packages i have created and also with old ones. i have changed the publishing date manually and also redistributed them to the distribution point but this did not change anything.
  Anyone encountered the same error or knows how to fix it? It is not critical but really annoying...

  Redistributing it to DPs isn't needed as the publishing date has nothing to do with source files. It's just a matter of policies though. Does the data change if you select Notepad++ for example and then highlight TeamViewer 9 again?
  Torsten Meringer | http://www.mssccmfaq.de

• Issue with SCCM 2012 SP1 U5 upgrade and client published version

  Recently we upgraded our SCCM server to SP1 U5, and our published and available client version is still at 5.00.7804.1000 instead of 5.00.7804.1600. We ran the hotfix to upgrade it and it looked like everything had went through. Does this not also
  upgrade the client? It doesn't seem like you can run the hotfix again after you've already installed it once to repair either. Is there another way to update the published version inside the console? We have it as a package right now to deploy to all the systems
  but I was hoping we could upgrade the internal one and let it run more automatically. Any advice would be greatly appreciated.

  More info:
  How to update ConfigMgr clients automatically… in SP1
  http://configmgrblog.com/2012/12/03/how-to-update-configmgr-clients-automatically-in-sp1/
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• IIS and SCCM 2012 R2

  Hi
  I have 2 forest (Forest A only root domain (Server C=MP/DP)), (Forest B, 1 root domain(Server A=SCCM Primary) and 1 child domain (Server B=MP/DP)). I root domain forest A i have Windows 2012 R2 with SCCM 2012 R2 CU4 and another server with SQL 2012
  R2.
  I child domain i have MP and DP
  Another forest (not trusted) i have a MP and DP. i use untrusted forest in SCCM 2012.
  When i test my IIS i root domain(server A), open Internet Explorer and type:
  http://servername/sms_mp/.sms_aut?mplist (no problem) i view all MP.
  http://servername/sms_mp/.sms_aut?mplist (no problem) i view certificate
  When i test my IIS i child domain (serverB), open Internet Explorer and type:
  http://servername/sms_mp/.sms_aut?mplist (no problem) i view all MP.
  http://servername/sms_mp/.sms_aut?mplist (no problem) i view certificate
  When i test my IIS i another forest (server C), open Internet Explorer and type:
  http://servername/sms_mp/.sms_aut?mplist (no problem) i view certificate
  http://servername/sms_mp/.sms_aut?mplist
  (The web site cannot display the page ERROR HTTP 500) It's normal? If Yes why?
  Thanks

  Hi,
  I think this is related to IIS authentication, so you may get an answer from IIS forum:
  http://forums.iis.net/
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• SCCM 2012 AD Publishing in a Single Forest Multiple Domains

  Hi there,
  Let me explain the situation first so that you get the idea. We have a single forest, multiple child domains AD environment. For some reasons each domain is being managed separately by their geographic location IT.
  Forest has been extended for SCCM by the site who holds the forest root domain. Since everyone wants to manage their own domain and systems, each child domain have their own primary site server.
  In one of the domains I have installed brand new SCCM 2012 R2. I haven't done anything yet, havent turned on any discovery except Heartbeat. Now I see one device, which belongs to another domain with totally separate IP address, shows in my SCCM site. I dont
  know why.
  From here question arises for me. Correct me if I'm wrong and please advice what to do domain/forest wide.
  1. System Container is needed in each child domain, not in the forest, right?
  2. Where does/should each SCCM primary site publish information; in each domain or in the forest root domain?
  3. Under Administration > Overview > Site Configuration > Sites > Properties > Publishing I see forest root domain name and its checked. 
  Under Administration > Overview > Hierarchy Configuration > Active Directory Forests > Properties > Publishing my site is checked and its the only one in there. In that same window I went ahead and specified my own domain hoping
  to cure the possible problem.
  So, why would that one device show up in this site? I have disabled Heartbeat together with other discoveries for now till I make everything ready.
  Thanks for your help in advance.

  1. Under Administration > Overview > Site Configuration > Sites > Properties > Publishing If I uncheck forest root domain will devices on my child domain still be able to find my site server?
  2. Under Administration > Overview > Hierarchy Configuration > Active Directory Forests > Properties > Publishing my site is checked and its the only one in there. In that same window I went ahead and specified my own domain
  hoping to cure the possible problem. Is this a good practice?
  3. "When clients look for ConfigMgr info, they use GC lookups meaning they return objects from every System Management container in the forest." So, which one do clients choose and how?
  4. "For that one device, have you opened its properties and examined it?" Yes, what abou it? Its found based on Heartbeat Discovery agent (when heartbeat was enabled).
  5. "Have you reviewed the boundaries and boundary groups set up for site assignment?" Yes, as I mentioned this device belongs to different domain and totally outside of my AD site and SCCM boundaries.
  This is fresh install and not in production yet. I have disabled Heartbeat temporarily so that I fix this problem. I will enable it after. 

• Create sysprepped VHD with SCCM 2012 R2

  Hi,
  I am very new to SCCM in general so please bare with me.
  I manage a SCVMM 2012 sp1 environment and I would like to use SCCM 2012 r2 to manage, update and publish new VHD's. However I am having trouble creating a sysprep'd VHD. The task sequence seems to complete without issue up to the shutdown command which is
  the last step in the sequence. I have pasted what I believe the issue is below. Any assistance would be great.
  Expand a string: WinPEandFullOS TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Executing command line: smsswd.exe /run: shutdown -s -t 300 TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  [ smsswd.exe ] InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  PackageID = '' InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  BaseVar = '', ContinueOnError='' InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  ProgramName = 'shutdown -s -t 300' InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  SwdAction = '0001' InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  Set command line: Run command line InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  Working dir 'not set' InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  Executing command line: Run command line InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  CreateProcess( NULL, (LPWSTR)m_sCommandLine.c_str(), NULL, NULL, TRUE, bNT ? CREATE_UNICODE_ENVIRONMENT : 0, m_pEnvironmentBlock, pszWorkingDir, &si, &pi ), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\core\ccmcore\commandline.cpp,1018) InstallSoftware 10/11/2013
  2:41:23 PM 1036 (0x040C)
  CreateProcess failed. Code(0x80070002) InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  Command line execution failed (80070002) InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  clCommandLine.Execute( uOptions, pszWorkingDir, lpDesktop ), HRESULT=80070002 (e:\nts_sccm_release\sms\client\osdeployment\installsoftware\runcommandline.cpp,562) InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  Failed to execute command line 'shutdown -s -t 300' .
  The system cannot find the file specified. (Error: 80070002; Source: Windows) InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  cmd.Execute(pszPkgID, sProgramName, dwCmdLineExitCode), HRESULT=80070002 (e:\nts_sccm_release\sms\client\osdeployment\installsoftware\main.cpp,372) InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  Install Software failed to run command line, hr=0x80070002 InstallSoftware 10/11/2013 2:41:23 PM 1036 (0x040C)
  Process completed with exit code 2147942402 TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  !--------------------------------------------------------------------------------------------! TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Failed to run the action: Shutdown computer.
  The system cannot find the file specified. (Error: 80070002; Source: Windows) TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Do not send status message in full media case TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Set a global environment variable _SMSTSLastActionRetCode=-2147024894 TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Clear local default environment TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Let the parent group (Setup Operating System) decides whether to continue execution TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  The execution of the group (Setup Operating System) has failed and the execution has been aborted. An action failed.
  Operation aborted (Error: 80004004; Source: Windows) TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Failed to run the last action: Shutdown computer. Execution of task sequence failed.
  The system cannot find the file specified. (Error: 80070002; Source: Windows) TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Do not send status message in full media case TSManager 10/11/2013 2:41:23 PM 848 (0x0350)
  Execution::enExecutionFail != m_eExecutionResult, HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmanager\tsmanager.cpp,923) TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Task Sequence Engine failed! Code: enExecutionFail TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  **************************************************************************** TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Task sequence execution failed with error code 80004005 TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Cleaning Up. TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Removing Authenticator TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  shKey.DeleteValue( c_szRegValue_SecurityToken ), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\ccmutillib\ccmutillib.cpp,1660) TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Clean up boot image stage path C:\_SMSTaskSequence\WinPE TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Cleaning up task sequence folder TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Deleting volume ID file C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca ... TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  DeleteFileW(sVolumeIDFile.c_str()), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,508) TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Successfully unregistered Task Sequencing Environment COM Interface. TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Command line for extension .exe is "%1" %* TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Set command line: "X:\sms\bin\x64\TsProgressUI.exe" /Unregister TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Executing command line: "X:\sms\bin\x64\TsProgressUI.exe" /Unregister TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  ==========[ TsProgressUI started in process 1232 ]========== TsProgressUI 10/11/2013 2:56:26 PM 1236 (0x04D4)
  Command line: "X:\sms\bin\x64\TsProgressUI.exe" /Unregister TsProgressUI 10/11/2013 2:56:26 PM 1236 (0x04D4)
  Unregistering COM classes TsProgressUI 10/11/2013 2:56:26 PM 1236 (0x04D4)
  Unregistering class objects TsProgressUI 10/11/2013 2:56:26 PM 1236 (0x04D4)
  Shutdown complete. TsProgressUI 10/11/2013 2:56:26 PM 1236 (0x04D4)
  Process completed with exit code 0 TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Successfully unregistered TS Progress UI. TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  g_TSManager.Run(), HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmanager\tsmanager.cpp,766) TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  ::RegQueryValueExW(hSubKey, szReg, NULL, NULL, NULL, &dwSize), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\utils.cpp,811) TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  GetTsRegValue() is unsuccessful. 0x80070002. TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  End program:  TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Error Task Sequence Manager failed to execute task sequence. Code 0x80004005 TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Sending error status message TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Do not send status message in full media case TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Finalize logging request ignored from process 872 TSManager 10/11/2013 2:56:26 PM 848 (0x0350)
  Process completed with exit code 2147500037 TSMBootstrap 10/11/2013 2:56:26 PM 988 (0x03DC)
  Exiting with return code 0x80004005 TSMBootstrap 10/11/2013 2:56:26 PM 988 (0x03DC)
  Execution complete. TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  hMap != 0, HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\environmentscope.cpp,493) TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  m_pGlobalScope->open(), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\environmentlib.cpp,335) TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  this->open(), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\environmentlib.cpp,553) TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  ::RegQueryValueExW(hSubKey, szReg, NULL, NULL, NULL, &dwSize), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\utils.cpp,811) TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  GetTsRegValue() is unsuccessful. 0x80070002. TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  End program:  TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  Finalizing logging from process 668 TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  Finalizing logs to root of first available drive TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  Successfully finalized logs to C:\SMSTSLog TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)
  Cleaning up task sequencing logging configuration. TSBootShell 10/11/2013 2:56:26 PM 676 (0x02A4)

  The "shutdown -s -t 300" step (Created as default as part of an"Install
  an existing image package to a virtual hard disk" Task Sequence) will fail if it is executed directly after the "Prepare ConfigMgr Client for Capture" step. This is because
  the "Prepare ConfigMgr Client for Capture" step runs Sysprep, then reboots the computer into the Windows PE boot image associated with the task sequence. “Shutdown.exe”
  is not available in Windows PE environment (hence it is failing).
  I have been able to work around this by setting the “SMSTSPostAction”
  variable (use to execute a post task sequence task) to "Wpeutil shutdown" which initiates a system shutdown via Wpeutil after the Task Sequence is complete.
  It is important that the Task Sequence completes successfully as part of the VHD creation process to ensure a clean sysprep image is create otherwise this can
  cause errors when importing in to SCVMM. This is because SCVMM also uses the Task Sequence engine.  
  Hope that helps.

• SCCM 2012 DP "starting to process content"

  Hi All
  I am stuck with a problem in SCCM 2012. It is unable to distribute newly packaged content.
  The DP just says "starting to process content" and doesnt change.
  I have removed the DP from the server and re-added it.
  Reinstalled IIS
  Recreated the package(s)
  Installed update http://support.microsoft.com/kb/2854009
  I still have the issue, All the distmgr.log file says it "Package is already in the queue"
  One thing to note:
  I tested the DP by removing the SMSPKG (driveletter) $ share, but recreating the DP does not re-create this share.
  This started mid July, no SCEP definitions are currently being deployed.
  All work has been done on the Primary Site server, the data for the packages are also stored on this server.
  Version 5.00.7804.1000
  Build number 7804
  Thank you
  Morne

  I am also seeing package IDs in the distmgr.log that have been deleted and in the queue is says "Package
  is already in the queue"

• Broken root domain without a valid backup. Any chance to get it back to work properly ?

  Hi guys,
  i came across the following issue:
  Imagine a standard enterprise environment with a forest. The root domain is called contoso.com and there is a subdomain called company.contoso.com. There are also subdomains of company.contoso.com, but they are not important for the problem description.
  The functional level of the forest is Windows 2003-interim & the domain level of the root domain is Windows 2003, as is the domain level of all subdomains. All Domain Controllers are Windows 2003 SP2.
  There have been people in the environment with too many rights, that used to promote DCs and then also just decommission them without properly demoting them. This left several unreachable domain controllers in both the root domain & the subdomain.
  I cleared all those DCs that are no longer available, which made company.contoso.com stable and reliable. All DCs within the subdomain are properly talking to each other and replicating fine.
  Then i discovered the main issue here. The replication in the root domain is broken. The is only one domain controller left in the root domain, nevertheless the server is suffering from USN rollback. Digging deeper i found out that the domain controllers
  have been virtualized years ago, but no one ever cared about the root domain. So i found out that replication stopped in 2006 when obv. the last healthy domain controller was removed from the root domain.
  So i have basically a crippled root domain with a crippled domain controller. I am not able to set the forest level to 2003 native, as the domain controller says that the domain contoso.com is still Windows 2000. This is not correct, i have checked msDS-Behaviour-Version
  and nTMixedDomain. They are properly set to 2 & 0.
  My idea was to introduce a new installed 2003 server and promote it to a DC. Then get rid of the broken one. Unfortunately the broken DC is not replicating. Due to USN rollback the netlogon service goes constantly to paused state & of course both inbound
  & outbound replication are disabled. Even when i reenable the replication it is just a matter of seconds before they get disabled again. I also tried to introduce a new 2012R2 DC, but that fails of course due to the forest level not beeing 2003.
  So i am a little stuck here. Any thoughts about how to continue to troubleshoot ?
  I have a final idea:
  Install a new forest with the same name contoso.com and set up a trust with company.contoso.com.
  The question would be, how can i convince company.contoso.com that the new installed forest and domain are its parent ?

  > Install a new forest with the same name contoso.com and set up a trust
  > with company.contoso.com.
  > The question would be, how can i convince company.contoso.com that the
  > new installed forest and domain are its parent ?
  You cannot. Sad, but true. If the forest root domain is dead, the forest
  is dead. In addition, you have no Naming Master and no Schema Master
  FSMOs. The only reliable solution is creating a new forest and new
  subdomains, then migrating all objects...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• SCCM 2012 root domain client management from child domain

  Hi All,
  We have SCCM 2012 environment in Child domain and we would like to manage the root domain clients as well. we are using https mode. What all configuration do we need to make for root domain clients to monitor successfully from child domain.  
  Is it mandatory to create System Management container for the Root domain? if yes what all permission i need to give for that System Management container. 
  Do we need to enable Active directory forest discovery?
  Regards,
  Bhaskar K

  No, you do not need to create the System Management container or publish info into it and no you do not need to enable forest discovery.
  ConfigMgr ultimately does not care about AD. AD can be used by clients to help them locate services and configure themselves, but this can also be accomplished in other ways in ConfigMgr.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• SCCM 2012 R2 User State Migration Win XP to Win 8.1 does not migrate Domain User Files

  Hi @ all
  i'm trying migrate Win XP Sp3 to Win 8.1 using SCCM 2012 R2. So i followed the how to from the SCCM Team.
  https://blogs.technet.com/b/configmgrteam/archive/2013/09/12/how-to-migrate-user-data-from-win-xp-to-win-8-1-with-system-center-2012-r2-configmgr.aspx
  All things worked fine, but the user files from my test Domain user are not restored.
  Here some extracts of the loadstate log.
  2014-01-07 15:49:16, Info                  [0x000000] User SCCM\test.user maps to S-1-5-21-2486663232-1734351201-1738771205-1113
  2014-01-07 15:49:16, Info                  [0x000000] User TEST-COMPUTER\Administrator maps to TEST-COMPUTER\Administrator
  2014-01-07 15:49:16, Error                 [0x000000] The account TEST-COMPUTER\User is chosen for migration, but the target does not have account TEST-COMPUTER\User. See documentation
  on /lac, /lae, /ui, /ue and /uel options.
  2014-01-07 15:49:16, Info                  [0x000000] Failed.[gle=0x00000006]
  2014-01-07 15:49:16, Info                  [0x000000]   Unable to create a local account because /lac was not specified[gle=0x00000006]
  2014-01-07 15:49:16, Info                  [0x000000] Entering MigCloseCurrentStore method
  2014-01-07 15:49:16, Info                  [0x0801dc] Closing catalog file
  2014-01-07 15:49:16, Info                  [0x0801dd] Deleting catalog file at C:\Windows\Temp\tmpF6E7.tmp\Temp\tmp9F3.tmp
  2014-01-07 15:49:16, Info                  [0x000000] Leaving MigCloseCurrentStore method
  2014-01-07 15:49:16, Info                  [0x000000] USMT Completed at 2014/01/07:15:49:16.078[gle=0x00000057]
  The user sccm\test.user is my test user but, i cannot see any error in relation to that user.
  Has some some an idea?
  Thank you
  Adrian

  Hi,
  I found a similar article for your reference.
  http://blogs.technet.com/b/sudheesn/archive/2009/12/28/in-place-upgrade-from-windows-xp-to-windows-7.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Cannot publish Flash Updates Verification of file signature failed for file SCUP 2011, SCCM 2012 R2 and WSUS all on same Windows Server 2012 machine

  I am attempting to distribute Adobe Flash updates using SCUP 2011, SCCM 2012 R2, WSUS ver4 and Windows Server 2012.  Everything installs without error.  I have acquired a certificate for SCUP signing from the internal Enterprise CA.  I have
  verified the signing certificate has a 1024 bit key.  I have imported the certificate into the server's Trusted Publishers and Trusted Root CA stores for the computer.  When I attempt to publish a Flash update with Full content I receive the following
  error:
  2015-02-13 23:00:48.724 UTC Error Scup2011.21 Publisher.PublishPackage PublishPackage(): Operation Failed with Error: Verification of file signature failed for file:
  \\SCCM\UpdateServicesPackages\a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4\3f82680a-9028-4048-ba53-85a4b4acfa12_1.cab
  I have redone the certificates three times with no luck.  I can import metadata, but any attempt to download content results in the verification error.
  TIA

  Hi Joyce,
  This is embarrassing, I used that very post as my guide when deploying my certificate templates, but failed to change the bit length to 2048.  Thank you for being my second set of eyes.
  I changed my certificate key bit length to 2048, deleted the old cert from all certificate stores, acquired the a new signing cert, verified the key length was 2048, exported the new cert to pfx and cer files, imported into my Trusted publishers
  and Trusted Root Authorities stores, reconfigured SCUP to use the new pfx file, rebooted the server and attempted to re-publish the updates with the following results:
  2015-02-16 13:35:44.006 UTC Error Scup2011.4 Publisher.PublishPackage PublishPackage(): Operation Failed with Error: Verification of file signature failed for file:
  \\SCCM\UpdateServicesPackages\a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4\3f82680a-9028-4048-ba53-85a4b4acfa12_1.cab.
  Is there a chance this content was already created and signed with the old cert, so installing the new cert has no effect?  In ConfigMgr software updates I see 4 Flash updates, all marked Metadata Only (because they were originally published as "Automatic." 
  No Flash updates in the ConfigMgr console are marked as downloaded.  I can't find any documentation on how the process of using SCUP for downloading content for an update marked Metadata Only actually works. 
  Comments and suggestions welcome.

• SCCM 2012 R2 - Management Point deployment to untrusted domain

  Hi all,
  we've got two domains in our environment which have no trust relationship. I have sccm 2012 r2 installed on a Windows 2012 R2 server in the larger domain
  and have just installed a DP and MP on a Windows 2008 R2 server in the second, smaller domain. The Management Point installed ok according to mpmsi.log but the problem i'm having is that the mpcontrol.log is now repeatedly throwing up the following message:
  Call to HttpSendRequestSync failed for port 80 with status code 500, text:Internal Server Error
  On the dp/mp server in the smaller domain i can browse to http://sccm-dp1/ ok. I can also browse to http://sccm-dp1/sms_mp/.sms_aut?MPCert ok. I cannot
  browse to http://sccm-dp1/sms_mp/.sms_aut?MPList (receive a HTTP 500 error).
  In additon to this, every now and again the MP tries to connect to the SQL DB in the other domain. This fails with the following errors:
  MPStart(): RegisterWithWINS() returned 0x0 
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04  1924 (0x0784)
  CMPControlManager::PublishInDNS: DnsReplaceRecordsInSet() failed with status 9002.           
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04  1924 (0x0784)
  MPStart(): PublishInDNS() returned 0x0         
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04  1924 (0x0784)
  EnableBranchCache(): configuration has not been changed. 
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04           
  1924 (0x0784)
  MPStart(): EnableBranchCache() returned 0x0           
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04  1924 (0x0784)
  Successfully Registered for IP Address Change notifications. 
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04           
  1924 (0x0784)
  MPStart(): RegisterForIPAddressChangeNotification() returned 0x0  
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04         
  1924 (0x0784)
  Attempting to register the SQL connection type for the configured SQL database.    
  SMS_MP_CONTROL_MANAGER           
  01/04/2015 17:23:04 
  1924 (0x0784)
  Registered connection type for SQL Server 'xxxxxxxxx' and database 'xxxx\xxx_xxx'.           
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04  1924 (0x0784)
  MPStart(): RegisterSqlDatabaseConnectionType() returned 0x0        
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04         
  1924 (0x0784)
  Checking the current CLR Enabled configuration setting for the configured SQL Server hosting the database.           
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04  1924 (0x0784)
  Getting the CLR Enabled value from the configured SQL database.   
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04         
  1924 (0x0784)
  Attempting to connect to the configured SQL database.        
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:23:04           
  1924 (0x0784)
  Impersonating using the SQL connection account; user name is now 'xxxxxxxxx'.    
  SMS_MP_CONTROL_MANAGER           
  01/04/2015 17:23:04 
  1924 (0x0784)
  *** [08001][10060][Microsoft][SQL Server Native Client 11.0]TCP Provider: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to
  respond.        SMS_MP_CONTROL_MANAGER       
  01/04/2015 17:28:10           
  1924 (0x0784)
  *** [HYT00][0][Microsoft][SQL Server Native Client 11.0]Login timeout expired        
  SMS_MP_CONTROL_MANAGER           
  01/04/2015 17:28:10 
  1924 (0x0784)
  *** [08001][10060][Microsoft][SQL Server Native Client 11.0]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL
  Server is configured to allow remote connections. For more information see SQL Server Books Online.    
  SMS_MP_CONTROL_MANAGER       
  01/04/2015 17:28:10        
  1924 (0x0784)
  *** Failed to connect to the SQL Server, connection type: MP_CONTROL_ACCESS.           
  SMS_MP_CONTROL_MANAGER       
  01/04/2015 17:28:10        
  1924 (0x0784)
  Failed to get connection to the configured SQL database.  
  SMS_MP_CONTROL_MANAGER       
  01/04/2015 17:28:10       
  1924 (0x0784)
  Failed to connect to the configured SQL database. 
  SMS_MP_CONTROL_MANAGER       
  01/04/2015 17:28:10           
  1924 (0x0784)
  Reverting back from using the SQL connection account.         
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:28:10           
  1924 (0x0784)
  Failed to get the current CLR Enabled configuration setting for the configured SQL Server hosting the database.           
  SMS_MP_CONTROL_MANAGER       
  01/04/2015 17:28:10        
  1924 (0x0784)
  MPStart(): CheckSqlDatabaseClrEnabled() returned 0x800720d9      
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:28:10         
  1924 (0x0784)
  Waiting up to 300 seconds for the SMS Agent Host service to be running.    
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:28:10         
  1924 (0x0784)
  Stopped waiting for the SMS Agent Host service to be running; Result = 0x0.           
  SMS_MP_CONTROL_MANAGER           
  01/04/2015 17:28:10 
  1924 (0x0784)
  MPStart(): WaitOnSmsAgentHostRunning() returned 0x0       
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:28:10           
  1924 (0x0784)
  MPStart(): CreateThread() succeeded with id 0x2fc.  
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:28:10  1924 (0x0784)
  SMS_MP_CONTROL_MANAGER successfully STARTED. 
  SMS_MP_CONTROL_MANAGER
  01/04/2015 17:28:10  1924 (0x0784)
  Can anyone provide any suggestions as to where i should begin troubleshooting this issue? When i deployed the MP to the smaller domain i ensured it
  had a Management Point Connection Account which could access the SQL DB in the larger domain. I'm wondering if the two error messages i'm receiving are related or whether i have two separate issues here?
  Thanks for the help!

  Hi Paul,
  thanks for taking the time to help. I registered asp.net v4 with IIS as per your suggestion, unfortunately it hasn't made much difference and i'm still seeing the "Call
  to HttpSendRequestSync failed for port 80 with status code 500, text:Internal Server Error"
  message repeating in mpcontrol.log. Have you got any further suggestions of things
  to try? Seems like an error message i really need to fix!
  As far as the MP to SQL issue goes, the network team assured me the connection is allowed
  but i might get them to double check this just in case. 
  Thanks

• Why is it not possible to move a SCCM 2012 Server to a new Domain?

  Hello everybody,
  I know it is not supported to move a SCCM 2012 Server to a new Domain. But I am still missing why it is not supported or possible....
  I could not find anything that explained it in detail on the forums/internet. So when the question comes up in front of a customer it is always better to have a good argumentation...Can somebody describe the reasons why??
  Thank you very much in advance!

  Have them call CSS then.
  It's ultimately the result of the design of the product but not an explicit decision. To my knowledge, it relies on the domain name for certain things and this is explicitly embedded with no defined way to change this. Could it be changed? Probably.
  But, that would take a lot of work and effort and is not something Microsoft has ever invested any time in.
  The grass is green and the sky is blue. Knowing why doesn't change these.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• SCCM 2012 Multiple Domains with a single SCCM instance

  Hello:
  Can SCCM 2012 be deployed to multiple untrusted domains within a single install?
  I work for a company that maintains multiple client networks all Windows Domain and non are trusted / or are even aware of the other sites.
  I would like to setup a SCCM 2012 (and also a Virtual Machine Manager for HyperV) at my office and manage all my different client sites from the single SCCM server.
  The connection would be from my office over the Internet in through their on prem firewall
  Currently we use Centra Stage and have used Kaseya in the past. I am looking to move from them and focus on SCCM to do this for me.
  Is this even possible to do with the product?
  Thanks in Advance!
  -David

  Yes, ConfigMgr can manage (un)trusted forests, but what exactly do you mean with "not aware of the other sites"? A requirement is that name resolution and a connection is possible.
  For some good scenario's see also this series:
  http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• ¿Is it possible to upgrade from SCCM 2012 a domain controller in Windows Server 2008 R2 TO 2012 R2?

  Hi all.
  I want to know if is it possible to upgrade a domain controller from Windows Server 2008 r2 to 2012 r2 installing from SCCM 2012.
  Thanks.
  Regards.

  Hi all.
  I want to know if is it possible to upgrade a domain controller from Windows Server 2008 r2 to 2012 r2 installing from SCCM 2012.
  Thanks.
  Regards.
  Anything is possible if you can script it. You could create a task sequence to do the following (with scripts):
  1. Demote 2008R2 DC to member server
  2. Remove 2008R2 member server from domain
  3. Build new 2012R2 member server and join to domain
  4. Promote 2012R2 member server to DC
  You can do this. However, why would you? Just because you can doesn't mean you should. In my opinion it's more trouble and testing than it's worth. How many times would you need to do this?
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson