[SCCM 2012 R2] IBCM - Test and Troubleshoot

Similar Messages

• Can we assign 2 IPs for a SCCM 2012 primary site server and use 1 IP for communicating with its 2 DPs and 2nd one for communicating with its upper hierarchy CAS which is in a different .Domain

  Hi,
  Can we assign 2 IPs for a SCCM 2012 primary site server and use 1 Ip for communicating with its 2 DPs and 2nd one for communicating with its upper hierarchy CAS . ?
  Scenario: We are building 1 SCCM 2012 primary site and 2 DPs in one domain . In future this will attach to a CAS server which is in different domain. Can we assign  2 IPs in Primary site server , one IP will use to communicate with its 2 DPs and second
  IP for communicating with the CAS server which is in a different domain.? 
  Details: 
  1)Server : Windows 2012 R2 Std , VM environment .2) SCCM : SCCM 2012 R2 .3)SQL: SQL 2012 Std
  Thanks
  Rajesh Vasudevan

  First, it's not possible. You cannot attach a primary site to an existing CAS.
  Primary sites in 2012 are *not* the same as primary sites in 2007 and a CAS is 2012 is completely different from a central primary site in 2007.
  CASes cannot manage clients. Also, primary sites are *not* used for delegation in 2012. As Torsten points out, multiple primary sites are used for scale-out (in terms of client count) only. Placing primary sites for different organizational units provides
  no functional differences but does add complexity, latency, and additional failure points.
  Thus, as the others have pointed out, your premise for doing this is completely incorrect. What are your actual business goals?
  As for the IP Addressing, that depends upon your networking infrastructure. There is no way to configure ConfigMgr to use different interfaces for different types of traffic. You could potentially manipulate the routing tables in Windows but that's asking
  for trouble IMO.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Can we recover SCCM 2012 R2 site Servers and SQL DB from hyper V or Vmware VM snapshot

  Hi Folks
  Can we recover SCCM 2012 R2 site Servers and SQL DB from hyper V or Vmware VM snapshot
  if yes is there any challenges or any document available from Microsoft on Hyper V SCCM VM snapshot recovery.

  I've made it work and it "should" work. However it's not the best practice method of site recovery. You should recover using a SQL restore.
  See good example
  http://anoopcnair.com/2012/07/01/sccm-configmgr-2012-primary-site-server-and-database-recovery-part-1/
  Note that you should be using snapshots only on occasions when you are carrying out a risky operation. You can revert it the operation fails. It is not a substitute for a robust backup solution.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Does sccm 2012 supports ibcm for linux and unix operating systems

  folks,
  does SCCM 2012 supports linux and unix operating system for IBCM ..........as per my knowledge it dont what i have learn t through bing........

  I thought it's not supported for Linux and Unix, see also:
  http://blogs.msdn.com/b/teju_shyamsundar/archive/2014/05/23/installing-the-system-center-2012-r2-configuration-manager-client-on-linux-part-2.aspx
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• SCCM 2012 Task sequense fails and reboots

  Hi,
  I've red a lot for this problem on the net, so first i am going to describe it, then explain the troubleshooting steps i have taken. 
  So i have SCCM 2012 and i am creating Build and Capture task sequence. I am using the default x64 build of SCCM 2012 R2 and i have injected the drivers in the image! I have configured everything and started VM with pxe to deploy the os. The task sequence
  started and then instantly failed on Preparing network connection. 
  The next time i rebooted and got to the TS i presed F8 and was able to view the smsts.log In there i found the following error:
  Failed to download pxe variable file. Code (0x80004005) Now correct me if i am wrong, but error 0x80004005 is Access Denied!
  Next i tested my network with ipconfig and i was able to receive answer. I have ip assigned, but interesingly enough i don't have ping to my sccm 2012 server.
  So i've redistributed the os, re-created the ts and the same result. Any ideas would be appritiated :)

  I am trying to ping it with its ip. I set it up to a static ip 10.10.10.10
  This is SCCM12 server as well as dns, dhcp, dc server :D
  The machine on the other hand have ip 192.168.195.137
  If it doesn't have connection to the server how is it starting the task sequence on the first place?
  I have no idea.
  PS. Interesting enough i discovered that i can in fact ping the server. But what i fot in responce was not ipv4, but instead ipv6?! Does this mean that i have to set up DHCP on ipv6 with options 60, 66 and 67?

• SCCM 2012 R2 Deployment assistance and guide lines required.

  Hi All,
  We have purchased the system center suit and planed to deploy the below products in our environment.
  SCOM - Plan already made and architecture is ready with no issues
  SCCM - In planning state.
  We are planning to use the same SQL server for both SCOM and SCCM, Which is a SQL Server 2008 R2 SP1 CU6. So the database engine service is available to host our database.
  But the Business has said we need to deploy reporting on another machine which may be a SQL 2012 SP1.
  What i want to know is does SCCM 2012 R2 support using different versions of SQL server for its features? As i see there is no documentation for this.
  How ever MS has given the document for SCOM that it is not supported and we need to use the same version of SQL for all the features.
  Also is SQL Express edition supported for other Primary sites if i use a licensed SQL in my CAS ? 
  Does any one have an idea on SCCM 2012 R2 for the above ?
  Gautam.75801

  Thank you very Grath. 
  Also my last and the remaining question is about the SQL Server version inter operability.
  Does using different versions of SQL work in SCCM ? i.E I use DB Engine SQL 2008 R2 SP1 CU6 and if i use SQL 2012 R2 for reporting. 
  Will this work in SCCM ? As for SCOM MS has said this in there document that using different versions of SQL's for features is not supported.
  So what is the case with SCCM is it the same or is it supported ?
  As the Microsoft documents do not talk about this question.
  The reason i asked is as the business does not have cost for Hardware for a SQL server and they are asking to use a SQL server in another domain for DB engine.
  And another SQL server for reporting as the DB engine server does not have reporting.
  Gautam.75801

• SCCM 2012 - Pull distribution point and target PKI or HTTPS DPs

  I have spent several days researching this and so far have found only a single page that even takes a stab at offering a solution.
  Problem:
  Trying to target an HTTPS DP when creating a pull distribution point in SCCM 2012 R2. The link that I'm referring to that does offer a workaround is here(guess I can't post a link, but it ends with the following, how-to-set-an-https-distribution-point-as-a-source-dp-for-pull-dps)
  I have several problems with the proposed solution.
  Is a script really the only way to proceed with something that has up till now been a built in feature with the rest of the product.
  You have to provision the DP to use a self signed cert initially for it to even work, then supposedly you can add the private key to the DP later.
  Does that mean I have to unbind the cert from both the pull and target/source push DP in IIS?
  Powershell which would be a logical way to go, doesn't seem to make any head way(Mr. Snover I know you don't oversee configman but please push for more documentation, you've taught me to live and die by get-help. A single example for a command as large
  as set-cmdistributionpoint or add-cmdistributionpoint is a shame. Perhaps my update help just didn't finish properly and I'm talking prematurely. If that is the case then I apologize!)
  Is there no other solution other than build the DP with a self signed cert then run this VB script and then switch the private key later? I have read through a lot of the pull DP documentation and it makes mention of leveraging the SDK but I haven't seen
  anything definitive. I would like to at the very least convert this from VB to powershell(if that script is the only option) and I know how to convert the portions where it's interacting with the site's WMI namespace (smsprovider if I'm not mistaken).
  What I don't know how to do, rather don't have the chops for is what comes after. The site control file piece, I see it's also WMI and I could spend the time stepping through the different piece and just might to learn more about SCCM in the lab anyhow. I've
  spent the last year getting to know powershell and have spent next to no time with VB. I know enough to recognize what a script is doing.
  The environment:
  The reason this is important for me is I'm about to start the production build(been all lab up till now) that is going to have just under 300 DPs in the field connected via T1 lines. They were all 07 secondary sites. I was thinking about migrating them using
  the migration tool but considering the amount of work its going to take if that link is the ONLY path to target a HTTPS DP then I might as well just spend the time and manually uninstall and reinstall the field DPs. The client count in the field is an average
  of 50 machines per site where there are on-prem devices... Total client count is around 25k. The primary site in the datacenter will house the majority of the site roles unless I start running into resource issues, at which time I will begin offloading site
  roles to one of two more servers that I have slated for the project. No CAS, no Secondaries. SQL is co-located on the primary.
  Ramblings:
  I'm sure there are more people out there using PKI, and using pull DPs. How have you managed to target your HTTPS enabled DPs? Security wants this to be a HTTPS only environment, and up until now I have successfully done that. If someone could please point
  me in the direction of some more thorough documentation I would be very grateful. I understand that this is a somewhat new feature, but there has to be an easier way. Perhaps powershell can cleanly do it with the set-cmdistribution point...but when I update
  help and do showwindow for the command I only get one example and so far haven't found any other stories like mine with the exception of the link I posted in the beginning.
  While I'm rambling, Wally there are a lot of us in the community that are going to miss your presence at Microsoft and should you read this I wish you luck with your new position. But that is a whole different topic. Thanks in advance for any links or help
  you can provide. -K.R.

  Yes, this is the only way, from
  http://technet.microsoft.com/en-us/library/gg712321.aspx#BKMK_PlanPullDps: "However, you can use the Configuration Manager SDK to specify a source distribution point that is configured for HTTPS. To use a source distribution point that is configured
  for HTTPS, the pull-distribution point must be co-located on a computer that runs the Configuration Manager client. "
  Does "why" really matter , who cares? It just is. Whether it was an oversight, a coding bug, or an act of God doesn't change anything. Why does there "have to be" an easier way? And what's wrong with using the VBScripts others have
  written? A script is a script is a script particularly if you've been given it already. Just because the hammer is pink doesn't mean it can't hammer the nail in.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Issue with SCCM 2012 SP1 U5 upgrade and client published version

  Recently we upgraded our SCCM server to SP1 U5, and our published and available client version is still at 5.00.7804.1000 instead of 5.00.7804.1600. We ran the hotfix to upgrade it and it looked like everything had went through. Does this not also
  upgrade the client? It doesn't seem like you can run the hotfix again after you've already installed it once to repair either. Is there another way to update the published version inside the console? We have it as a package right now to deploy to all the systems
  but I was hoping we could upgrade the internal one and let it run more automatically. Any advice would be greatly appreciated.

  More info:
  How to update ConfigMgr clients automatically… in SP1
  http://configmgrblog.com/2012/12/03/how-to-update-configmgr-clients-automatically-in-sp1/
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SCCM 2012 SecSite - High CPU and many chucks

  H all,
  i've a SCCM 2012 Secondary Site with SQL 2008 R2 Express Version below an Primary Site.
  The sqlservr.exe and the smsexec.exe on the SecSite have high CPU load the whole time.
  Also the statesys.log is increasing very fast (100 KB per second) with the following entries:
  total chucks loaded (0)  $$<SMS_STATE_SYSTEM><10-18-2012 01:45:34.973+240><thread=3328 (0xD00)>
  total chucks loaded (0)  $$<SMS_STATE_SYSTEM><10-18-2012 01:45:34.973+240><thread=3328 (0xD00)>
  total chucks loaded (0)  $$<SMS_STATE_SYSTEM><10-18-2012 01:45:34.973+240><thread=3328 (0xD00)>
  total chucks loaded (0)  $$<SMS_STATE_SYSTEM><10-18-2012 01:45:34.973+240><thread=3328 (0xD00)>
  total chucks loaded (0)  $$<SMS_STATE_SYSTEM><10-18-2012 01:45:34.973+240><thread=3328 (0xD00)>
  total chucks loaded (0)  $$<SMS_STATE_SYSTEM><10-18-2012 01:45:34.973+240><thread=3328 (0xD00)>
  total chucks loaded (0)  $$<SMS_STATE_SYSTEM><10-18-2012 01:45:34.973+240><thread=3328 (0xD00)>
  What could be the problem? Has Chuck Norris something to do with it? :D
  Thanks a lot for your help.

  Yes, I know this is an old post, I’m cleaning up old post, did you get this fixed, if so what was the solution?
  Since no one has answer this post, I recommend opening  a support case with CSS as they can work with you to solve this problem.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• SCCM 2012 R2 Disaster Recovery and the SCCMContentLib

  Hello all...
  Starting to update our DR recovery strategy to separate servers for SCCM 2012 R2, and I am wondering if there is anything special that needs to be considered when "replicating" the SCCMContentLib from one server to another server? 
  Is simply copying over the folders/files enough (via RoboCopy or another tool)?  Besides the folders/files is there something else that needs to be copied that maps the Content Library so its functional on a different server?
  Any insight/tips/tricks are greatly appreciated!
  Thanks in advance
  - Dave

  Hi,
  You may want to read this article then:
  Backup and Recovery in Configuration Manager
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• SCCM 2012 R2 IBCM - Certificates

  Hi all,
  I am trying to get internet based client management working but struggling with a few things.
  Here's what I have achieved so far:
  Single AD, Single Forest (2008 R2)
  1 x Primary Server (primary.contoso.com)
  2 x Distribution Points (newark.contoso.com & boston.contoso.com)
  1 x IBCM Server (ibcm.contoso.com)
  1 x Enterprise Certificate Server
  Domain name created with external DNS provider (sccmagent.contoso.com)
  Firewall NAT Rule forwards port 443 from sccmagent.contoso.com to ibcm.contoso.com
  Firewall Access Rule allows port 443 inbound from any WAN to LAN ibcm.contoso.com
  ==========
  There are no domain controllers within the DMZ and due to various internal issues, DMZ will not be used for this solution.  Therefore the IBCM server has been installed directly onto the LAN and will be secured with a sonicwall firewall (microsofts
  third best practice option).
  Certificates have been created and deployed.  Client agents have the certificates already installed and display PKI infrastructure.  The network settings tab on the agent have been updated to include the external FQDN of the IBCM server (sccmagent.contoso.com).
  Primary sites components all look to be in good health, management point and distribution point roles for IBCM look good.
  My problem is that when I take my test laptop home and connect to the internet, I do not believe it's communicating with the IBCM server.  I've checked the port 443 is open which it is.  When I visit
  https://sccmagent.contoso.com//sms_mp/.sms_aut?mplist
  I get the following error page:
  "The site's security certificate is not trusted!  You attempted to reach sccmagent.contoso.com, but the server presented a certificate issued by an entity that is not
  trusted by your computer's operating system."
  Every guide I have read tells me that I have done everything correctly, so what am I missing?  The certificates I created were all set to ibcm.contoso.com as the
  guides suggest and not sccmagent.contoso.com
  Thanks!!!!!

  sorry, i'm afraid the above solution didn't work
  Certificate was changed to the internet fqdn but still unable to manage or deploy anything to the client.  However, now when I browse to the url mentioned above the cert error is gone, but i do get a 403 forbidden message.  I think this is ok though?
  Here's a few things I have noticed
  primary server
  site server > monitoring > system status > component status > sms_mp_control manager (ibcm.contoso.com)
  mp control manager detected dmp proxy is not responding to http requests
  This was working about two hours ago and no changes have been made since (i wasnt even at work lol)
  internet client machine
  clientlocation.log
  domain joined client is in internet
  current internet management point is the only internet management point
  locationservices.log
  4 internet mp errors in the last 10 minutes
  ccmmessaging.log
  post to https://sccmagent.contoso.com/ccm_system/request, port=443..........ERROR_WINHTTP_SECURE_FAILURE
  I have tried turning off crlchecking on the site server as someone suggested in another forum, but made no difference.  They also said to edit some registry keys so the client thinks it was installed with the /nocrlcheck switch...again, no difference.

• No of questions in sccm 2012 70-243 exam and the time duration

  how many question in sccm 70-243 exam and time duration for the exam

  Hi,
  I can hardly remember but according to Daniel it was 3 hours and 60 questions.
  http://www.danielclasson.com/passed-the-70-243-administering-and-deploying-system-center-2012-configuration-manager-exam/
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• [SCCM 2012 R2] - IBCM - Authenticate computers on TMG from another forest

  Hi All,
  There is no article on TechNet that describe client certificate requirements for computers in another forest.
  Scenario:
  We have Domain A [aaa.bbb.ccc] and Domain B [111.222.333] and those domains are in different forest. There is "Forest" trust between forests.
  TMG and IBCM site server are in Domain A and computers authenticate successfully from Internet to TMG using SSL client authentication. Problem are computers from Domain B that cannot authenticate to TMG.
  We used old documentation
  https://technet.microsoft.com/en-us/library/cc707697.aspx#AppendixA for SCCM 2007 and ISA without success. I created certificate for computers in Domain B with custom
  SAN:upn=<hostname>$@<domain.tld> and TMG still cannot authenticate computers from Domain B.
  Please help.
  Thank you in advance.
  Regards,

  There's no difference -- ConfigMgr does *not* care about forests, domain, or trusts for client authentication and neither does certificate based authentication.
  The certs in use, both the client auth and server auth certs, must of course be trusted by the site systems and the clients and in this case the TMG server -- that's simply how certs work though and has nothing to do with ConfigMgr. Additionally, the CRLs
  for the certs in use must be accessible to the clients and servers via an accessible CRL DP but that is also simply how certs work.
  For what you've described above, does TMG trust the certs issued to the clients? In other words, does it trust the CA that issued those certs and can it access a CRL for that CA?
  Jason | http://blog.configmgrftw.com | @jasonsandys

• SCCM 2012 R2 IBCM

  Looking to setup Internet-Based Client Management for a client and just want to make sure I have everything I need. They are running CM 2012 R2 and have a site system server in the DMZ with MP, DP, SUP, FBS, and AC to handle the internet clients. For the
  firewall between intranet and DMZ I am going to recommend opening ports 80, 445, 443, 1433, and 145. For the firewall between DMZ and internet, 80 and 443. Which one of these have to be incoming, outgoing, and bi-directional? Any other
  configurations you think I should need would be helpful to. Thanks.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

  For ConfigMgr you look good, but you might also want to add a CRLDP and not install the FPS on the same box as the other server (security)
  Kent Agerlund | My blogs: blog.coretech.dk/kea and
  SCUG.dk/ | Twitter:
  @Agerlund | Linkedin: Kent Agerlund |
  Mastering ConfigMgr 2012 The Fundamentals

• SCCM 2012 SP1 UEFI, GPT and MBR disks

  Hi,
  I am currently building a task sequence around Windows 7 x64 Pro SP1, and am having trouble with the partitioning of disks. The model of Laptop is P701/2:
  http://globalsp.ts.fujitsu.com/dmsp/Publications/public/ds-LIFEBOOK-P701.pdf
  http://globalsp.ts.fujitsu.com/dmsp/Publications/public/ds-LIFEBOOK-P702.pdf
  When the TS runs for both machines, it decides it is a UEFI machine, and will only partition with GPT disks. In the smsts.log:
  "UEFI: True"
  My issue is that for support reasons I must be able to partition with MBR.
  These were previously installed with XP on MBR partitions. I can partition with MBR in the TS successfully, but when it tries to apply the OS it is looking for UEFI boot loaders and fails .
  "Unable to find the partition that contains the OS boot loaders. Please ensure the hard disks have been properly partitioned
  Unspecified error (Error: 80004005; Source: Windows)"
  It installs fine when I partition with GPT disks. So, considering the machine is obviously fine with MBR partitions, is there a way of forcing SCCM to ignore any UEFI setting it is picking up and allow me to use MBR partitions?
  thanks
  J

  Ok, thanks for all assistance, I have found the answer to force WinPE not to boot in UEFI mode:
  Boot in UEFI mode: To prevent Windows
  PE from booting in BIOS mode, remove the bootmgr file
  on the root of the media.
  Boot in BIOS mode: To prevent Windows PE from booting
  in UEFI mode, remove the efi folder
  on the root of the media.
  http://technet.microsoft.com/en-us/library/dn293283.aspx
  I remove the EFI folder from my WinPE 4.0 USB stick, and I now get this in the smsts.log:
  "UEFI: False"
  and it builds successfully on MBR.
  Jon