Thinking I may have broke User/Device Affinity in my setup?

Similar Messages

• Anyone use User Device Affinity?

  Just wanted to know if anyone is using User Affinity to deploy software and if
  you are, can you please share any headaches I should be on the lookout for. We
  use it in limited fashion (via AD Group Membership) and its working well. I would like to expand its use
  and wanted to make sure I don't miss anything.
  Any assistance / recommendations are appreciated...
  Thank you 

  sorry for the confusion...
  We have User Device Affinity working. I've created AD user groups, created the collection which populates the primary device for the users in the group, and deployed software to it. Works perfect "so far" but I've only used it for a couple applications.
  Lets say I move this to 50 or 100 applications though
  In thinking long term. Is there anything I should be away of in the deployment process. Any type of User Device Affinity maintenance issues, allowing users to assign primary devices, etc.. just anything out of the ordinary that people have seen
  when using the Primary Device deployment method that maybe I should be away of...
  Thanks again

• I only show one iCloud on my IPhone that can do a restore. I synced it with my MacBook Pro and I think that may have messed things up. Prior to that I have several backups. Will a "genius" be able to access the info I need?

  I only show one iCloud on my IPhone that can do a restore. I synced it with my MacBook Pro and I think that may have messed things up. Prior to that I have several backups. Will a "genius" be able to access the info I need?

  If things seem to be going haywire with your phone, it seems that it MAY be a software issue.
  Now, that being said, that does not necessarily mean that it is a virus. Software issues do happen sometimes. It is probably just coincidence.
  What you need to do is restore the device using iTunes. This will fix any software issues. After you have done this, you can restore from an iCloud backup.
  iCloud does not back up the actual software, so no, the "virus" would not have gotten into the backups.
  The link below provides steps on restoring your device using iTunes as well as how to restore from an iCloud backup.
  http://support.apple.com/kb/ht1766
  Don't worry! Everything should be back to normal if you follow these steps.

• I think i may have two iCloud accounts how can i merge them?

  I think i may have two iCloud accounts as i changed my apple id, I don't seem to be able to access the other.  How can i see my documents in the cloud

  Hello HVD64
  I'm afraid there is no way too merge two icloud accounts together per se. However if you;
  1. Go to SETTINGS on your iPhone or iPad.
  2. Go to iCLOUD.
  3. Scroll to the very bottom, press DELETE ACCOUNT. Before you panic, this is not going to Delete your iCloud account. It is simply going to delete the bridge that connects your device to the iCloud.
  4. Choose to KEEP ITEMS ON YOUR DEVICE if asked.
  Then sign into your 2nd account, and this will merge both accounts onto one device. There is not much else you can do I'm afraid!
  Kind regards
  Edward
  <Edited by Host>

• [Forum FAQ]How to troubleshoot common issue when configuring user device affinity from usage data

  Symptom:
  Some clients might fail to automatically configure user device affinity from usage data if you have manually configured user device affinity before.
  When you check the UserAffinity.log, you can find the similar error messages as below:
  User 'XXXXX\XXXXX' has xxxxx usage minutes UserAffinity 
  Setting auto affinity for user 'XXXXX\XXXXX'. UserAffinity 
  Found same state message existing. (was sent before) Skip sending same state message for user 'XXXXX\XXXXX'.. UserAffinity 
  Figure 1. Error Message in UserAffinity.log
  Cause:
  As the log said, there is a user affinity state message existing in WMI which prevents client from sending new user affinity state message.
  Resolution:
  We can delete the user affinity state message in WMI to force the client to resend the user affinity state message.
  We can follow the steps below:
    1. Run Windows Management Instrumentation Tester (“Wbemtest”).
    2. In Windows Management Instrumentation Tester dialog box, click “Connect”.(Figure 2)
  Figure 2.
    3. Type “root\ccm\statemsg” under the Namespace table and then click “Connect”.(Figure 3)
  Figure 3.
    4. Click “Enum Classes”. (Figure 4)
  Figure 4.
    5. Choose “Recursive”
  in Superclass Info dialog box.(Figure 5)
  Figure 5.
    6. Double-click “CCM_StateMsg” in Query Result dialog box.(Figure 6)
  Figure 6.
    7. Click “Instances”
  in Object editor for CCM_StateMsg dialog box. (Figure 7)
  Figure 7.
    8. Choose the messages that contain "domain/user_Auto" and click “Delete” in the Query Result dialog box.(Figure 8)
  Figure 8.
  After you delete user affinity state message in WMI, the user affinity state message for the user will be resent. After a period time, we can check the UserAffinity.log to
  see if the user affinity state message has been successfully sent. The related information would be similar as below:
  Successfully sent user affinity state message for user 'xxxxx\xxxxx'.
  Successfully created pending user affinity for user 'xxxxx\xxxxx' into WMI.
  Figure 9.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  I'm not sure whether this is the appropriate place to add this but - a (possible) cause that I have seen which is not mentioned above is a request for an AAAA record (IPv6 address)
  being responded to with an A record (IPv4 address).
  DNS debug logging (Windows 2008 R2 SP1) captured requests to
  192.225.156.200 and the corresponding responses. In each case the response was followed in the debug log by the event “The DNS server encountered an invalid domain name
  in a packet from 192.225.156.200. The packet will be rejected. The event data contains the DNS packet.”
  The domain name in the response was the same as that in the query, and looks OK.
  The logged query shows an AAAA record (IPv6 address) request and the logged response returned an A record (IPv4 address).
  http://www.rfc-editor.org/rfc/rfc4074.txt “Common
  Misbehavior Against DNS Queries for IPv6 Addresses” says, under “Expected Behavior”:
     Suppose that an authoritative server has an A RR but has no AAAA RR
     for a host name.  Then, the server should return a response to a
     query for an AAAA RR of the name with the response code (RCODE) being
     0 (indicating no error) and with an empty answer section (see
     Sections 4.3.2 and 6.2.4 of [1]).  Such a response indicates that
     there is at least one RR of a different type than AAAA for the
     queried name, and the stub resolver can then look for A RRs.

• How to determine best User Device Affinity Settings

  We've configured User Device Affinity for our site based on the canned defaults. Initially we started with 14 days and 1440 minutes. But after a recent deployment, we discovered that our Antivirus service account is registering as a "Primary User"
  on all of our machines which has triggered a very bad situation.
  My question is how do you determine these settings? My first try was to find a report that showed how many minutes each user was registering in the given period so that I could adjust it accordingly. I assume that my regular users are using the computers
  a lot more than my service account but I have no way of verifying this.
  I've tried combing through the security logs, but I'm not sure what SCCM is picking up on to determine the time period.
  To me, it seems that 24 hours is a really low threshold and that I could bump that up to 120 hours over 14 days pretty easily without issue. My concern is that there is a reason that they are setting it so low to begin with that I'm missing. Even then, I'm
  just randomly trying things hoping to get it right as I don't have the proper information to make the right decisions.
  Any ideas? Feedback?  

  Yeah, I saw those logs but it still seems mysterious to me. I'm not sure where it's getting it's info. I assume it's the security log for each machine but I have nothing to confirm that. It's odd because our service account for our antivirus solution isn't
  actually logging onto the machines so I'm not sure how it decides that this user is a primary user. 
  Ultimately, we worked around the problem by switching antivirus solutions but that won't be an option next time. 
  My guess is that we could have fixed our problem by adjusting our security logging settings in windows. But it wasn't something I wanted to do without direct confirmation with how this all works. 
  Thank you for your help on this though. 

• SCCM 2012 - Automatic User Device affinity - Not Working

  Hi,
  I need to enable the Automatic User Device affinity.
  Have enabled following two group policy settings:
  Audit account logon events
  Audit logon events
  In client settings User and Device Affinity
  following is enabled:
  User device affinity threshold (120 minutes)
  User device affinity threshold (2 days)
  Automatically configure user device affinity from usage data – True
  However even after 2 days there is no user device relationship getting build.
  Is there anything more required to be done?
  Any logs or links to be referred for troubleshooting?
  Regards,
  Milind Dhuri.

  Hi,
  Please post this in SCCM 2012 forum.
  tx.

• SCCM 2012 User Device Affinity : Insure affinity is not lost...opinions?

  ok, so i'd like your opinions.  
  situation: i manage a school district environment of around 1500 computers, which is a good mix of labs/student laptops/teacher computers.  
  What I've done is set user device affinity by user to 60 minutes over 7 days.  For helpdesk reasons, we obviously need to be able to bring up the teacher's primary computer through searching for that user's primary device (we use right click tools,
  which is AMAZING...shout-out.)  What happens is when we go on Thanksgiving/Christmas/Summer break, the teacher's are gone for 7/14/90 days respectively.  
  I do not want these user's to lose connection to their primary device, because when we just came back from our 2 week break we find NO connections using right click tools.  
  What I just did was set the days to 90, since 3 months is the longest we'll be away...is that a bad idea, or is there a better way to get this connection to stick?
  Also, if there is a better way to do this, please let me know...i'm open to suggestions. 
  Thank you!  

  Due to our environment I have ours set to 80 hours in 30 days. I have checked machines that haven't reported in since before December of last year and those objects still have the appropriate user defined as the Primary User.
  The thresholds don't define how long the data is held in the database for. It just means "If a user uses a device for x amount of minutes within the window of x amount of days then this device can be considered to be their device." What "X" should equal
  is the variable that you have to make fit your environment. We had to increase the threshold here because techs and other users were getting pulled into too many devices due to their prolonged use of the machine.
  As for why your devices lose their Primary Users, did you configure some sort of custom settings in the site maintenance tasks?
  Dustin Estes - MCP | www.dustinestes.com

• Automatic User Device Affinity - Audit logs retention

  Hello,
  We have problems on generating primary user info on a lot Computers and we suspect that problem is because audit logs are kept for too short time.
  So the config is following:
  1) User device affinity threshold (minutes): 2880
  2) User device affinity threshold (days): 30
  So there are two questions:
  1) For how long do we need to keep audit logs on SCCM client to successfully generate user device affinity;
  2) How long do we need to wait till information populates in SCCM DB?
  Thanks,
  Pēteris

  Also from UserAffinity.log I can see that information is sent with state messages:
  "Found same state message existing. (was sent before) Skip sending same state message for user"
  Hi,
  You could try to delete state message about the user in WMI on a client to see if user device affinity could be populated. That is stored in root\ccm\statemsg -> Enum Classes -> Recursive -> double-click CCM_StateMsg -> Instances. There
  should be messages that contain "domain/user_Auto".
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Automatic User device affinity, historical time stamp

  Hi all,
  I have a small questions. I've enabled Automatic User Device Affinity for all my works stations today. After a few hours I've see that nobody has primary device attached. If I go to an user at edit primary device I can see on what devices and how many
  times the user was logged,
  I've setup affinity for minutes 2880 min (48 hours) and 30 days, so who was logged more than 48 hours in last 30 days is made automatically device owner. How long I need to wait now. He can use historical data, no?
  Thanks. 

  No, I dont believe it will use historical data. After 48 hours from you enabling it, you should start seeing primary users, but only if the users have been logged in for 48 consecutive hours.
  Honestly I would not expect data for a good week.
  Daniel Ratliff | http://www.PotentEngineer.com
  I shrink the period 300 min with 14 days. Just to see some reports, after I will come back with longer times. Thanks.

• User / Device Affinity

  I'm wanting service desk level technicians to be able to view devices that a user has logged into without being able to set a primary device.  As a full administrator I can right-click a user and modify primary devices, and see which devices they
  have logged into.  Is there a way to create a role with permissions that specific?  We don't have user/device affinity enabled yet so I just want them to be able to view it without manually setting a primary device for a user.

  To add-on to Wally, I've created a very limited scope for user device affinity before. I just did it again and I haven't been able to reproduce your behavior. I have a scope with the minimum rights required, which is:
  Collection: Read (and Read resource if you want to look in collection itself);
  User Device Affinities: Read, Modify, Delete, Create (otherwise the option Edit Primary User / Device does not show).
  Even playing arround with scopes (and collections), I was always able to edit the primary user or device and it always showed the number of logons (unless you perform a search). Also, when you perform a search it does look at the configured scope. It will
  only show the users or devices in the scope.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• User device affinity question

  hi there,
  I have a question around user device affinity with regards to users that have multiple devices due the usage of those machines.
  in most of our cases, users have 1 machine so any targeting of software with the requirement of user being primary user works fine, but we have a number of cases, mainly IT guys and engineers, who run up multiple machines constantly and therefore have
  many "primary" devices, although 1 will probably be their main computer.  If I targeted those users with an uninstall program for, let say Visio, and lets say visio was indeed installed on all of a particular users computers, then, as all those
  computers are regarded as primary device for that user, all visio installs will be removed from all computers.  there is no way to differentiate that I only want visio uninstalled from a users "main" primary device.  ie. it is a case
  of all or nothing.  is that correct, and if so, would it then be a better bet in these cases to uninstall using a computer based method rather then user based, or an SCCM technician would need to make sure that device affinity was cleaned up prior to
  any uninstall deployment?
  I can see how device affinity works nicely where users work as they are supposed to, ie with 1 device. but it is the groups that don't fit into this pattern that I'm trying to get my head around how to manage when deploying apps to users rather than the
  old method of packages to computers.
  also, as an aside, I assume that the uninstall program set up in a deployment type, runs the requirement tests before running in the same way that if you where running the install program it tests?
  thanks
  douglas

  To specify a primary device, you would need to set the User Device Affinity threshold.  By default, it is 2880 minutes over 30 days.  Then, when you create your Deployment Type, you would use the Requirements tab to set Primary Device = True. 
  This way, it will only run on the primary device that was determined by that setting.
  And yes, the Detection Method runs for uninstalls the same way as it does installs. 
  Mike Leach | http://blogs.catapultsystems.com/mleach/default.aspx

• HT5293 I use an MacBook OS X 10.9.  I think I tried to download OS X Mavericks without knowing what I was doing (still don't).  I think it may have slowed my MacBook significantly.  Is there any way to safely remove it?

  I use a MacBook OSx 10.9.  I think I tried to download the OS x Mavericks not knowing what I was doing. I think I may have slowed my MacBook significantly.  Is there a way to safely remove the Maverick without affecting my computer?

  See this User Tip:
  https://discussions.apple.com/docs/DOC-6161

• I'm trying to redownload my music onto a new computer and its not working..I think I may have two accounts open because the one im signed into is empty and I cant remember my log in info..and when I reset it it doesnt help.

  I got a new lap top and I was trying to re download my music to the new one and it's not working. I think I may have to accounts open because its saying mine hasnt been active in a while and I know thats not true...and there is no music in the library it's all empty...is it possible to have two accounts open? if so how do I cancel one. and keep the other....

  You need to ask Apple to reset your security questions. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to call, fill out and submit this form.
  (122986)

• CineXplayer on my iPad (2) error message stating I don't have permission to copy files from my hp pavilion 6 across to my iPad. I think I may have accidentally disabled iTunes Helper, but it is running in TM.

  I use CineXplayer on my iPad (2) and today have started getting an error message stating I don't have permission to copy files from my hp pavilion 6 across to my iPad. I think I may have accidentally disabled iTunes Helper, but it is running in Task Manager.
  I have removed iTunes and re installed.

  That's a comment in the file. It has no effect at all.