Windows 10 WSUS

We have an 2008 RDS Gatway that works fine with Win7 but for some reason Windows 10 says can't connect to the remote computer because the Remote Desktop Gateway Server is temporarily unavailable.
Same Remote Desktop Settings on both but Windows 10 gets that error.
Any suggestions or solutions?
Thank you
Matt

Black Hat USA is next week, and with it will come some of the biggest hacker news of the year. From cars to mobile devices, all the way to the hotel HVAC, nothing is really out of the reach of the teams of white hat and black hat security researchers that are about to make their way to this conference. With that though will be the thousands of attendees outside those main groups looking to still get a bit of work done while at the conference. Well, we don’t want to encourage you avoiding it all together, but want to give you some tips to survive the event even with all your devices that you need. So below you will find 10 tips to survive Black Hat 2015. You are welcome to reuse them and share them with your team going, or even as reminders of the digital landscape and threats around.

Similar Messages

  • Windows 2012 WSUS Downsteam server to Windows 2008 WSUS server

    Hi
    we have installed windows 2008 Upstream server to Windows 2012 WSUS server and now they are able to sync the updates and but some updates are not able to download so what could be the issue.
    whether this design is supported please confirm.

    we have installed windows 2008 Upstream server to Windows 2012 WSUS server and now they are able to sync the updates and but some updates are not able to download so what could be the issue.
    Have you installed KB2734608 on the upstream server?
    whether this design is supported please confirm.
    It is *NOT* supported.. but it *WILL* work if KB2734608 is installed on the WSUS v3 server.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Windows Update / WSUS failing with Error Code 80070005

    I have a small network (~40 systems) that I use WSUS to keep up to date.  Because of errors I was getting, I elected to rebuild my WSUS server, which is running Windows
    2012R2 and WSUS is the only thing running on that server.  However, now none of my clients can receive updates from the WSUS server even though they will connect to the Microsoft Update site and download/install without a problem.  Any time I try
    to install updates from the WSUS server, Windows Update says that it needs to “Install new Windows Update software”.  When I click the “Install now” button, it closes and reopens the window and then report error code 80070005, which I know is an access
    denied.  The WindowsUpdate.log also reports the same error code and also indicates a reboot is required, even after I reboot the client.  I’ve run Process Monitor and am not able to see where the access denied is even coming from.  WindowsUpdate.log
    file information available upon request.  Any help would be appreciated.

    Because of errors I was getting, I elected to rebuild my WSUS server
    I suggest we start back at this point.
    What errors were you getting, and what exactly did you do to "rebuild" your WSUS server?
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Windows 2k3 - wsus continues to claim update needed despite being installed

    I'm having an issue with my Windows 2003 servers detecting an installed update.  I've installed the update and can verify it was installed from the "Review your update history" page
    on the Windows Update site.  
    We are using a WSUS server to deploy updates.  The WSUS server continues to report that I need to install this update.  Any ideas?

    Hi,
    Does this client reports properly? Please check the report of this client in the WSUS administration console.
    If the report is correct, could you provide the detailed name of the update? It may give some hints.
    Best Regards.
    Steven Lee
    TechNet Community Support

  • Possible to point Windows 2003 server to Windows 2012 R2 WSUS?

    Hello Community,
    I have deployed Windows 2012 R2 WSUS in my organisation. I have no issues with Windows 7, 2008 R2 pointing to the WSUS server.
    However, I am having issues pointing Windows 2003 R2 and Windows XP to the WSUS server.
    On the Windows 2003 client, I have also ran wuauclt /detectnow and the GPO settings is set to:
    In Windows 2008 R2, I know that I am getting updates from the WSUS because I can see the option
    below (circled in red)
    Questions:
    1. In Windows 2003, how do I know that I am actually getting the updates from the WSUS and not from the
    internet? 
    2. Are Windows 2003/XP clients compatible to pull updates from a Windows 2012 WSUS server?
    3. If Windows 2003/XP clients are able to get updates from Windows 2012 WSUS server, how do I do it? Is
    there any 'interface' for me to use?

    In Windows 2003, there isnt an interface for administrators to "Check for Windows Updates managed by your system administrator" unlike in Windows 2008. (See screenshot on my first post)
    In Windows 2003, I go to Tools > Windows Update and it is pointing me to microsoft's website. 
    Correct, In Windows 2003 you use the WUAUCLT.EXE command line utility, to perform client actions.
    But that has *nothing* to do with how you *configure* the client, nor how you check the client's configuration. That is done exactly the same way regardless of which operating system is being used.
    So when I say you know you're getting updates from WSUS by using the same method, that method is NOT looking at the WUApp applet in Control Panel, because that applet does NOT tell you that the client is getting updates from WSUS. It merely tells you that
    some policy is in place that presumably tells the client to get updates from a WSUS server.
    If you *really* want to know.... check the appropriate registry keys, or read the WindowsUpdate.log.... and that's done exactly the same way on every operating system.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Windows update error code 80072ee6

    I'm getting error code 80072ee6 when I'm checking for updates. Has anybody seen this error code before?

    Even though this thread is old, I give a possible solution to the 80072EE6 error code for Windows Update (WSUS) because it is my hope that someone will see this and my "fix" will work for them.
    Step: 1 (Windows XP SP3 and Windows 7)  create a registry update file using the following settings (remove comments and other instructional typing):
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
    "WUServer"="http://Your WSUS Server" (Example:
    http://192.168.150.5 
    Be sure to include the "HTTP://)
    "WUStatusServer"="http://Your WSUS Server"  (This should be a duplicate of the one above)
    "AcceptTrustedPublisherCerts"=dword:00000001
    "ElevateNonAdmins"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] 
    Unless you KNOW what you are doing, leave this section as-is:
    "AUOptions"=dword:00000004
    "AUPowerManagement"=dword:00000001
    "AutoInstallMinorUpdates"=dword:00000001
    "DetectionFrequencyEnabled"=dword:00000000
    "EnableFeaturedSoftware"=dword:00000000
    "NoAutoRebootWithLoggedOnUsers"=dword:00000000
    "NoAutoUpdate"=dword:00000000
    "RebootRelaunchTimeoutEnabled"=dword:00000000
    "RebootWarningTimeoutEnabled"=dword:00000000
    "RebootRelaunchTimeout"=dword:000000f0
    "RescheduleWaitTimeEnabled"=dword:00000000
    "RescheduleWaitTime"=dword:0000001e
    "ScheduledInstallDay"=dword:00000000
    "ScheduledInstallTime"=dword:00000023
    "UseWUServer"=dword:00000001
    "IncludeRecommendedUpdates"=dword:00000001
    "NoAUShutdownOption"=dword:00000001
    "NoAUAsDefaultShutdownOption"=dword:00000001
    Merge the file into the rgistry
    Step 2: Create a batch file and copy and paste the following:
    ECHO OFF
    CLS
    REM This prorgam will clear the Windows Update files and folders from the %windrive%\SoftwareDistribution
    REM directory.  Then it will clean the registry of the Windows Update settings and re-apply them.
    REM Once this is done, it will call for the WSUS server to rebuild the Windows Update folder structure.
    ECHO This program will clear the Windows Update Files and Folders.
    ECHO It will reset the Registry entries and re-start the Windows
    ECHO Update by calling the WSUS server for Updates. Once started,
    ECHO DO NOT cancel the program or damage to the Windows OS
    ECHO installation may occur.
    ECHO If you do not want this program to run, press Ctrl-C NOW.
    ECHO Otherwise,
    Pause
    REM This part checks to make sure the SoftwareDistribution folder exists
    REM if it does not exist, the program exits
    IF EXIST %systemroot%\SoftwareDistribution\ReportingEvents.log GOTO Continue
    Echo The Folder SoftwareDistribution does not exist or is empty. Exiting...
    ping -n 11 127.0.0.1 >NUL
    exit
    REM This part deletes the contents of the "%windrive%\SoftwareDistribution" folder and removes it
    :continue
    c:
    net stop wuauserv
    net stop bits
    ping -n 5 127.0.0.1 >NUL
    rd %systemroot%\softwaredistribution /S /Q
    REM This part removes Registry keys associated with Windows Update
    cd c:\
    if exist %systemdrive%\SUSClientReset.log del SUSClientReset.log
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f  > %systemdrive%\SUSClientReset.log 2>&1
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f  >> %systemdrive%\SUSClientReset.log 2>&1
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f  >> %systemdrive%\SUSClientReset.log 2>&1
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f  >> %systemdrive%\SUSClientReset.log 2>&1
    REM Windows 7 key
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v LastRestorePointSetTime /f  >> %systemdrive%\SUSClientReset.log 2>&1
    REM This part renames the Windows Update log file
    C:
    cd %systemroot%
    IF EXIST windowsupdate_log.old del windowsupdate_log.old
    ren WindowsUpdate.log WindowsUpdate_log.old
    REM This part restarts windows update services
    net start wuauserv
    net start bits
    goto comp
    :comp
    REM this part runs the Windows Update and rebuilds all folders
    wuauclt.exe /resetauthorization /detectnow
    wuauclt.exe /reportnow /detectnow
    REM this part says GOODBYE
    Exit
    If you use any of the above, you do so at your own risk.  I have successfully run this batch file over 100 times and it works for me.  I suggest that you try this on ONE CLIENT before using it on the rest.  This has completely resolved our
    problems with clients that shows the dreaded 80072EE6 error code.

  • SCCM 2012 - Question before deployment (WSUS/SCUP and other feature).

    Hello,
    Sorry for the question but I'm a newbie about Microsoft SCCM architecture...
    I have to deploy a new WSUS (4.0) server for my new servers (Windows 2012) and I ask myself how I can install him correctly with idea of a futur SSCM system.
    About WSUS, this  server is only for the new servers (Windows 2012) which can not receive update by our current WSUS server (Windows 2003 WSUS 3.0 SP1). I think I need also upgrade my AD schema to the 2012 level before ?
    And from what I understood of SSCM especially for software management (deploy and updates), there is a specific role "Software Update Point" which uses WSUS for Microsoft Product and SCUP for the third party tools.
    I am wondering which server configuration is the best for my future SSCM architecture.
    Firstly, can I setup my WSUS to a new server and add the role "SSCM - Software Update Point" on the same server later ? If it's possible, what type of server is recommended ? 
    Just for the WSUS feature I had expected a VM with a dual core CPU, 4GB RAM, 40GB for the system and 100GB only for the update data (a total of 250 servers and clients which can use 2003,2008,2012,XP,7,Office2010,Exchange 2010).
    Regarding SSCM in general, Is it recommended to have multiple server for SSCM for a total of 100 servers and 150 clients ? If yes can we separate them by role ? 
    I think I will have another questions later but it's a good start.
    Thanks in advance for your good advice !
    Have a nice day,
    Clement

    Hi,
    Thanks for your advice, I have many questions because I did not want setup an SSCM now but it seems it's the better solution (my first need is to deploy MS update on my new servers).
    If I install my WSUS service on my server I could not reuse it directly for my SSCM (because I must start with a fresh installation of WSUS?).
    Regarding the hardware,  I thinks that minimum requirements isn't a good idee (see bellow).
    http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_MinHWReqs that 
    Hardware component
    Requirement
    Processor
    Minimum: AMD Opteron, AMD Athlon 64, Intel Xeon with Intel EM64T support, Intel Pentium IV with EM64T support
    Minimum: 1.4 GHz
    RAM
    Minimum: 2 GB
    Free disk space
    Available: 10 GB
    Total: 50 GB
    Do you believe that an dual core with 4GB is correct ? 
    And for the disk at least 100GB just for the WSUS and 200GB for the storage of system image and package deployment (third party tools) ?
    Edit : value is totaly different here :
    http://technet.microsoft.com/en-us/library/hh846235
    Stand-alone primary site
    Up to 100,000 clients
    SQL Server is installed on the site server computer
    8 cores (Intel Xeon E5504 or comparable CPU)
    32 GB of RAM
    550 GB hard disk space for the operating system, SQL Server, and all database files
    I thinks if we deploy an SSCM, we will use it for the deployment of system (clients), applications (Office, third party tools), updates (MS and third party tools) but also for the managing of our infrastructure (SSCM seems very powerfull).
    Regards,
    Clément

  • Installing WSUS 2012 R2 console on server 2012 data center

    Hi,
    Our SCCM site server is on Server 2012 and the WSUS server is on Server 2012 R2.
    We are getting the below error in WCM log. in SCCM we are seeing the below error
    PublishApplication(8427071A-DA80-48C3-97DE-C9C528F73A2D) failed with error System.InvalidOperationException: Publishing operation failed because the console and remote server versions do not match.~~   at Microsoft.UpdateServices.Internal.BaseApi.Publisher.LoadPackageMetadata(String
    sdpFile)~~   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetPublisher(String sdpFile)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.PublishApplication(String sPackageId, String sSDPFile, String sCabFile) SMS_WSUS_CONFIGURATION_MANAGER        
    9/20/2014 1:47:42 PM    4644 (0x1224)
    ERROR: Failed to publish sms client to WSUS, error = 0x80131509               SMS_WSUS_CONFIGURATION_MANAGER               
    9/20/2014 1:47:42 PM    4644 (0x1224)
    STATMSG: ID=6613 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONFIGURATION_MANAGER" SYS=MIC0-TK5DMR2PS1.redmond.corp.microsoft.com SITE=RD2 PID=1776 TID=4644 GMTDATE=Sat Sep 20 20:47:42.713 2014 ISTR0="8427071A-DA80-48C3-97DE-C9C528F73A2D"
    ISTR1="5.00.7958.1000" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0   SMS_WSUS_CONFIGURATION_MANAGER               
    9/20/2014 1:47:42 PM    4644 (0x1224)
    Failed to publish client with error = 0x80131509  SMS_WSUS_CONFIGURATION_MANAGER         9/20/2014 1:47:42 PM                4644 (0x1224)
    completed checking for client deployment          SMS_WSUS_CONFIGURATION_MANAGER         9/20/2014 1:47:42 PM               
    4644 (0x1224)
    HandleSMSClientPublication failed.         SMS_WSUS_CONFIGURATION_MANAGER         9/20/2014 1:47:42 PM    4644 (0x1224)
    Do to this we are not able to publish SCCM client.
    Any idea or recommended work around?

    Publishing operation failed because the console and remote server versions do not match.
    The issue is exactly what the message says. When doing local publishing (i.e. when using SCUP), the version of the console (used by SCUP) must match the exact version of WSUS being published to.
    To wit, the following are valid publishing scenarios. Anything not listed here will not work:
    WSUS v6.3 (on Windows Server 2012 R2) with SCUP running on WS2012R2 or Windows 8.1
    WSUS v6.3 + KB2938066 (on WS2012R2) with SCUP + KB2938066 running on WS2012R2 or Win8.1
    WSUS v6.3 + KB2819484 (on WS2012R2) with SCUP + KB2819494 running on WS2012R2 or Win8.1
    WSUS v6.2 (on Windows Server 2012) with SCUP running on WS2012 or Windows 8
    WSUS v6.2 + KB2938066 (on WS2012) with SCUP + KB2938066 running on WS2012 or Windows 8
    WSUS v6.2 + KB2818494 (on WS2012) with SCUP + KB2818494 running on WS2012 or Windows 8
    WSUS v3.2 + KB2938066 (on Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003) with SCUP + KB2938066 running on anything WS2008R2 or earlier
    WSUS v3.2 + KB2828185 (on WS2008R2, WS2008, WS2003) with SCUP + KB2828185 running on anything WS2008R2 or earlier
    WSUS v3.2 + KB2734608 (on WS2008R2, WS2008, WS2003) with SCUP + KB2734608 running on anything WS2008R2 or earlier
    WSUS v3.2 + KB2720211 (on WS2008R2, WS2008, WS2003) with SCUP + KB2720211 running on anything WS2008R2 or earlier
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • SCUP 2011 not detecting local WSUS

    Hi,
    I have the following ConfigMgr setup.
    Standalone Primary Site with remote MP(DB Replica) and a remote SUP and DP. other roles are in primary server itself.
    I installed SCUP 2011 in the remote Windows 2012 WSUS(SUP) server. when I configure SCUP, I try to configure the "Update Server" node by enabling publishing to an update server and selecting "connect to a local update server". But
    the "Test Connection" is unsuccessful. If I select remote update server option and input the primary site server in there, then the Test connections succeeds. Is this how should I configure or the local update server option must work?
    tx
    peer

    Hi
    When configuring SCUP, select connect to a remote WSUS (cannot remember the exact wording) and type in the fqdn of your WSUS server followed by :8530. i.e WSUS01.domain.com:8530
    Because WSUS running on Windows Server 2012/R2 is using port 8530 (HTTP) or 8531 (HTTPS) and if you choose local it will default to port 80, so in order to choose another port you need to do it like I explained above.

  • WSUS Downstream server not downloading updates

    I have a windows 2012R2 wsus server setup running wsus and getting updates fine from Microsoft Updates.  We will call this server A in this example.
    I have a downstream server that is windows 2012r2 and has wsus installed.  We can call this server B.  It is configured to use "Update Source" and point to A to get its updates.  SSL is not being used.
    Server B says it syncs fine with no errors.  However, when i look in the content folder I see the folders (0A, 2A, 2F etc..)  but they do not contain any files.  When i run wsusutil checkhealth the following error comes up in event viewer.
    The WSUS content directory is not accessible. System.Net.WebException: The remote server returned an error: (404) Not Found. at System.Net.HttpWebRequest.GetResponse() at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType
    type, HealthEventLogger logger)
    Any Suggesitons

    When i run wsusutil checkhealth the following error comes up in event viewer.   
    The WSUS content directory is not accessible. System.Net.WebException:
    The remote server returned an error: (404) Not Found. at System.Net.HttpWebRequest.GetResponse() at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)
    Any Suggesitons
    Looks like the content store, specifically the /Content v-dir in IIS, is not configured correctly.
    If so, it's also possible that the upstream server is not downloading content correctly from Microsoft. And if the downstream server cannot get to /Content, neither can any of the clients of the upstream server.
    Start by inspecting the ApplicationEventLog on the upstream server for any evidence of download failures. If they don't exist, then this could simply be an issue with IIS. Verify that the /Content v-dir is configured to point to the correct location of the
    ~\WSUSContent folder.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Wsus downstream server not showing up

    OS: Windows 2003
    WSUS: 3.0 SP1
    Architecture: 3-tier WSUS, Level 1 approve/decline updates and sync with microsoft update websites; Level 2 is replica of Level 1; Level 3 is downstream servers of Level2 and configed into autonomous mode.
    We have a 3-tier WSUS infrastructure in test mode. The WSUS.Level1 server gets updates directly from Microsoft Updates. WSUS.Level2 server is a replica server of Level 1 server, i.e., upstream server is WSUS.Level1.  There are more than 20 other Level 3 WSUS servers use WSUS.Level2 as the upstream servers. Level 3 servers are setup as autonomous mode at this moment.
    The Level 3 servers were created from an image that were sealed and syspreped before restoring the Image.
    Microsoft Updates Server -> WSUS.Level1 -> WSUS.Level2 -> 20 other WSUS Level 3 servers
    Q1: there are only three Level 3 servers showing up in the Level 2 WSUS downstream server list (should be more as we have 20 WSUS level 3 servers). When I tried to manually sync from any Level 3  server, it will show up in the Level 2 WSUS downstream server list. However, it will replace one of the three servers that is already listed. Always 3 downstream servers showing up in Level2,  always! Any idea why this happens

    The Level 3 servers were created from an image that were sealed and syspreped before restoring the Image.
    Q1: there are only three Level 3 servers showing up in the Level 2 WSUS downstream server list (should be more as we have 20 WSUS level 3 servers). When I tried to manually sync from any Level 3  server, it will show up in the Level 2 WSUS downstream server list. However, it will replace one of the three servers that is already listed. Always 3 downstream servers showing up in Level2,  always! Any idea why this happens
    <sigh>....
    SYSPREP is not an appropriate tool to be used for imaging machines with *APPLICATIONS* installed, particularly if those applications use GUIDs to uniquely identify the machines, as WSUS downstream servers do.
    So, ironically, only two threads earlier I answered this very identical scenario . . .
    In theory, you should be able to do this to 'reset' these GUIDs...
    1. Synchronize the downstream server so that it shows up in the console of the upstream server.
    2. Set the downstream server synchronization schedule to MANUAL.
    3. Modify the Options | Update Source and Proxy Server | Update Source page to make this an upstream server.
    4. Delete the server from the Downstream Servers node of the upstream server's console.
    5. Modify the Options | Update Source and Proxy Server | Update Source page to make this a downstream server again.
    6. Initiate a synchronization.
    You won't see any difference after performing these steps on the first server.
    When you'll know this is working is if the second server shows up in the console after Step #6.
    Repeat Steps #1 through #6 for the other three servers.
    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2010)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com

  • Updating SCEP Clients

    Hi,
    We are currently running SCEP 4.1 client and I want to update them to the latest version.  Our server is SCCM 2012 SP1
    We have no applied cumulative updates to the server.  Am I required to apply the CUs to the server before I can update the clients? or how does it work?
    When I apply the CUs to the server is it updating the Endpoint Protection piece of the server as well, then I deploy out the updates to the clients?
    Thanks,
    Travis

    Hi,
    Yes, when you install the CU on the server then the SCEPinstall.exe which is used to install the SCEP client is updated as well. Probably not to the latest version as that was released just a couple weeks ago but the version before that, the latest version
    is available through Windows Update/WSUS.
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • Domain Admin Account cannot logon to member servers by remote. It can only logon to Domain Controllers

    Our environment has both 2008R2 and 2012R2 Domain Controllers. Recently one of our Domain Admins started having problems logging onto all servers by remote desktop except for domain controllers. The error message is as follows:
    "To log on to this remote computer, you must be granted the Allow log on through Terminal
    Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote
    Desktop Users group or another group that has this right, or if the Remote Desktop Users group does not have this right, you must be granted this right manually"
    All the other Domain Admin Accounts do not have this problem. Suggested solutions recommend checking local policies on the individual servers however I feel that is not
    right. Also there many servers hence doing that in each member server would be cumbersome. There must be solution that requires a single action for all servers and also does not  involve creating a new account. The account was recently used to implement
    a Windows 2012R2 WSUS server and besides the DC's, it is the only other server the account can remote into. This is strange. Help please.

    Hi,
    Does that user has permission for remoting before?
    To start with, there are two types of user rights; Logon rights & Privileges. In simpler terms these are: 
    1) Remote Logon: rights to machine
    2) Logon: privileges for access to the RDP-TCP Listener
    The Remote Logon is governed by the “Allow Logon through Terminal Services” group policy. This is under
    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
    Also check RDP-TCP listener properties. More information.
    “Allow Logon through Terminal Services” group policy and “Remote Desktop Users” group.
    http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Bitlocker and KB2919355

    Hi all! I am seeing a problem regarding Bitlocker and the recent update to Windows 8.1 - KB 2919355. We are currently deploying windows 8.1 to our staff and we included the Volume Licensing version of the update in the image build. According to the KB article
    the Windows Update/WSUS version includes and additional patch for the Windows Update client that will be advertised even to systems that already have the VL version applied. This is fine and we approved the update in WSUS.
    These new laptops are encrypted with Bitlocker with recovery information backed up to Active Directory. Testing for this deployment was flawless and no issues were encountered with Bitlocker. However, when we apply the update 2919355 after a system is imaged
    and Bitlocker is enabled then on reboot we are presented with a Bitlocker Recovery screen.
    It seems that something regarding this update is causing the TPM validation check to go awry. The only way to fix each affected machine is to enter the recovery password, decrypt the drive and then re-encrypt. For now I have unapproved the update in WSUS
    since we are deploying the update in the image build and I believe this will fix our issue for the moment, but I would like to be able to approve this again in the future to ensure security compliance.
    Has anyone else experienced this issue with KB2919355? If so, is there something that can be done to prevent the Bitlocker recovery event? Thanks!

    Thanks for that input!
    I have same problems, having gone through the whole thing again and again since 10 days.
    I have uninstalled/disconnected all I can think of and as every time I still arrive on that unfinished install-> automatice repair -> fails -> reboot blocks on Bitlocker Recuperation keys!!
    It makes me think you could be right and it is (in my case) also a Bitlocker affaire.
    At the begin of april there was a sepate BL update as KB2934018, (of the approximate size of the whole .355 KB)which now seems inside the april, 16th KB2919355-64 (126.3). People have said this .4018 should be installed as the last of all ítems.  Today
    W. Dowload Center does not deliver this .4018 anymore, which makes me a bit scary to try install that.
    I will try to decrypt BL completely for a new try.

  • Computer Groups Adding Computers in Bulk

    I have two questions here:
    1.We use a separate tool to patch our systems. Would like to know if we can we use WSUS only for scanning the environment to ensure the systems are patched. If yes, can you point me to some resources that speak about such a configuration.
    2.We intend to create some computer groups in our Windows 2012 WSUS. Is there a way to bulk add computer objects into these newly created group using powershell or other means.
    Thanks

    2.We intend to create some computer groups in our Windows 2012 WSUS. Is there a way to bulk add computer objects into these newly created group using powershell or other means.
    Sort of... maybe. :-) We (SolarWinds) have a
    free tool that's designed to extract groups/computers from a WSUS server to be imported into another WSUS server. The tool was designed for dealing with DR/replica scenarios where server-side targeting is being used, thus avoiding the need to reassign
    all of the computers to groups again.
    The export function produces an XML file which contains all of the groups and computers contained in the WSUS database. This XML file can be edited (e.g. if you wanted to move some computers from one group to another, or add them to another group) prior
    to import).
    As such... it's possible to run the "export" of your WSUS server to build the shell of existing computer groups, and then populate the file with the necessary computer records and re-import the file, effectively creating the computers
    in the database. However, it may not actually be worth the effort, because you'll need to create structured XML records for the computers, including GUIDs, but that's the only way I know of to "push" non-existent computers into a WSUS database, except by having
    the client actually talk to the WSUS server.
    The other option to consider... since you're going to need to create a GPO to configure the clients to talk to WSUS anyway... consider using Client-Side Targeting, and assign the group memberships using Group Policy.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Maybe you are looking for