WMI issues in VMware based Machine Windows 2008 R2 Servers affecting SCCM Clients

Dear
Brothers,<o:p></o:p>
I came to
an observation particularly in dealing with Windows 2008R2 Servers Vmware Based
Virtual Machines with SCCM Clients.<o:p></o:p>
Observation:<o:p></o:p>
1. Windows
2008R2 Virtual Machine with Vmware Tools installed (Also depending in the
entries of WMI, I supposed). <o:p></o:p>
When the SCCM Server Pushes the client on this Servers, I found out that the SCCM Client
seems to be installed perfectly but when I tried to perform a remote WMI Query
and the response is displayed below (The RPC Server is unavailable).<o:p></o:p>
Now, I know that this kind of issues is something to do about DCOM Configuration
for Remote Access right?
Well, sad to say the settings has been checked, trippled checked actually to make sure it is correct with the correct permissions required and proven correct up to the last settings.
I even compare the settings to those in some Windows Servers with Working WMI Remote Access.
=========
What I have observed is that when we make a VMware Systems and install the
VMware Tools (see picture below) first before installing the
SCCM Client and the issue regarding WMI Remote access issues happens (The RPC Server is unavailable).
I proved it by creating a new VM Machine, then conduct installation in this order
SCCM Client first and then the
VMware Tools by this way so far the WMI Remote access works perfectly.
Now the Question:
Since we have atleast 70 VM Servers in production with this issue, and I proven that the VMware Tools is something to do with this issue, somehow now I need to resolved this in a logical manner.
For some of us who can guide me to resolved the issue without uninstalling the VMware Tools and fixing the WMI settings and let the SCCM Client work.
Regards,

We also have this issue. Nearly all of our terminal servers. I have to run a script to fix the issue and then reboot. It works, but only for a few days and then it starts all over again...
::to fix "not found" wmi error
::to fix .net calls to wmi repository
::to fix "initialization failure" error
net stop winmgmt
c:
cd c:\windows\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in ('dir /b /s *.dll') do regsvr32 /s %%s
for /f %%s in ('dir /b *.mof') do mofcomp %%s
for /f %%s in ('dir /b *.mfl') do mofcomp %%s
mofcomp exwmi.mof
mofcomp -n:root\cimv2\applications\exchange wbemcons.mof
mofcomp -n:root\cimv2\applications\exchange smtpcons.mof
mofcomp exmgmt.mof
For the Update on this case Microsoft didn't find out direct connection of WMI issue to any contributors, however the clients
from Microsoft and and 3rd party application such as VMware is highly dependent on WMI for its total function.
Things that we have learned:
1. Your script is the primary solution as recommended as well by Microsoft, but this is to restore the WMI to its healthy State.
Is the error gone?
no definitely not.
   Note: The WMIDiagnostic tool does not help to isolate at all, not even Microsoft is validating the credibility of its generated Logs from this tool.
2. You need to apply the Hotfixes recommended by Microsoft to eliminate the WMI repository to increase its capacity which contributes to the Service to stall. Deliver the Patches via SCCM or any means of your patch deployment.
3. Don't forget to reboot the Affected Server every Hotfix installation, this seems fix the issue. For 3 months now the usual system who got the WMI issue most of the time is no longer encountering the WMI errors. So far this is the solution, what causes
the issue? according to Microsoft the cause is the absence of the patches.

Similar Messages

  • Issues installing 10g ODAC on Windows 2008 with Oracle 10g Express

    I am new to Oracle and am having an issue installing Oracle Data Access Components on Oracle 10g 64bit running on Windows 2008 64bit.
    I need the ODAC installed to enable integration with SSIS.
    The issue I have if i install using ODAC10203x64 the setup file fails with a javaw error and the ntdll.dll.
    I then downloaded the ODAC1110720 which states it backwards compatible. It installs just fine, but now i am not sure as to how to configure it correctly as the Configuration util that loads in ODAC10203x64 does not run.
    The ODBC drivers are not visible under the ODBC connection manager although this may be an issue of just opening the 32Bit version.
    Any help would be appreciated

    Hi Ibrahim,
    You should decide what you require.
    32bit version can be installed on 64bit server and this should work fine (check the certification matrix for this).
    The "problem" is that you would not gain any performance benefit from the 64bit server
    If you want to have benefit you can upgrade the JVM to 64 bit version.
    I did this 3 years ago and I do not remember exact steps though everything worked OK.
    WARNING:
    this  can be unsupported, ask support to be sure
    - Install the 32 bit version on the server
    - Download 64 bit Java JRE/JDK and install it (well, you can search the same release as included in the AppServer or try newer one, 7 for example)
    - later, reconfigure the appserver so it uses the version you've installed, OR Copy the everything from c:\progfiles\java\... to the directory OraHome\... (forgot exact directories)
    try to search the forum, there had been a thread with the same question
    regards, michael
    Edited by: MickleSh on Sep 27, 2011 9:59 AM

  • Default Novell Login mode for Windows 2008 R2 servers?

    We're using Novell Client 2 SP3 for Windows 7 (IR6).
    All our Windows 7 workstations behave so that the Novell Logon is always the default (ie: you do CTRL-ALT-DEL and always get the Novell Logon first), then of course you get logged into ZCM and then our MS AD environment.
    However, using the SAME client with the SAME settings (unattend.txt or whatever) on a Windows 2008 R2 server with Citrix OR TS enabled, yields different results.
    Sometimes you get just the Windows logon (and then of course, you're not logged into eDirectory), sometimes you get the Novell one first.
    Any ideas on what setting to check?
    On 4.951 SP5 there was Gina chaining, but Windows7/2008 use credential provider order (I think), but I have no idea why it would behave differently.
    Thanks!

    Originally Posted by Alan Adams
    kjhurni <[email protected]> wrote:
    > So we tested on a non-Citrix server (but it still has Terminal Services
    > enabled).
    >
    > It seems if someone goes in via the console (vmware or rdp) and does a
    > "workstation only" login (I should say specifically where you pick the
    > option to NOT use the Novell Client), that's where the issue arises.
    >
    > So is there a Novell Client setting to use to always make it use the
    > Client? (I thought I had that set already)
    > Or is this a Terminal Server issue and we need to look somewhere in MS
    > land?
    I'm not clear exactly on what you're seeing, but it sounds like you're
    describing going to the interactive console login process and picking
    "a completely non-Novell Client-related credential".
    Meaning once you have selected the credential and can see the username
    and the password field you need to enter the password in to, there is
    NEITHER a "Novell Logon" nor "Computer Only Logon" link offered on
    that credential, because that credential isn't one generated by Novell
    Client / NCCredProvider at all.
    I agree, if that's what you mean, that it sound like the kind of
    process we were suspecting could be occurring, where Windows now
    defaults to "the last credential provider you used" and that's NOT
    Novell Client because some other credential was selected and used
    during the previous login.
    Normally, simply having "Novell Login = ON" does cause "Novell Client
    to be the only credential provider available", but that statement
    really only holds true on a "standard Windows machine" where only the
    Microsoft-supplied in-box credential providers are present.
    The way Novell Client achieves this is to actually "filter out" a
    couple of the Microsoft in-box credential providers, so that instead
    of seeing "both the Microsoft-generated credential tiles and the
    Novell Client NCCredProvider-generated credential tiles as ones you
    can choose from", by filtering out the Microsoft credential providers
    you end up seeing only NCCredProvider-generated credentials.
    Meaning, instead of getting a Windows-only credential tile generated
    by Microsoft's in-box "PasswordProvider" credential provider
    (AUTHUI.DLL) /AND/ the Novell Client NCCredProvider-generated
    credential tiles, you instead only get the NCCredProvider-generated
    tiles, and if you want to login Windows-only you have to select
    "Computer Only Logon" from the NCCredProvider-generated credential.
    But the behavior you're seeing, and a behavior not uncommon with
    third-party credential providers, is that some other product wanted to
    extend the functionality of Microsoft's in-box "PasswordProvider"
    credential provider. So this third-party /also/ filters Microsoft's
    "PasswordProvider" credential provider out (just like NCCredProvider
    does), but then internally the third-party "wraps" the Microsoft
    "PasswordProvider" credential provider in order to present "99% normal
    PasswordProvider behavior, but with 1% of new third-party-specific
    behavior."
    Which means, from a Windows perspective, these credentials are now
    being created by the third-party "wrapper", not the Microsoft
    "PasswordProvider" credential provider directly. So even though
    Novell Client filtered "PasswordProvider" out, there is this new
    unique third-party wrapper's credential tiles still being shown, which
    just happen to "look at feel just like PasswordProvider but with 1% of
    additional third-party-specific functionality."
    From your perspective, it simply looks like "Novell Client never
    disabled Microsoft's PasswordProvider", which in actuality we have
    filtered it out, but some other third-party is "making their own
    instances of Microsoft's PasswordProvider credentials." Since the
    credentials are no longer being created by a credential provider which
    has Microsoft's well-known GUID for the "PasswordProvider" credential
    provider, filtering out that GUID no longer stops the credentials from
    "appearing anyway".
    One option is to add the GUID of the third-party wrapper (whomever
    that is) to the Novell Client's "FilterList" value under
    [HKEY_LOCAL_MACHINE\Software\Novell\Authentication\ NCCredProvider].
    This is where the Microsoft "PasswordProvider" GUID is already listed,
    and you would just add the additional GUID(s) to this REG_MULTI_SZ
    list value.
    Maybe the third-party has some additional functionality or utility
    knowledge that they learn by wrapping Microsoft's credential provider,
    but in your case you are wanting to select the NCCredProvider-based
    credential anyway, so you're not going to be selecting the
    third-party's "wrapped" Microsoft PasswordProvider credential. And
    the fact that the third-party's "extra" credential tiles are being
    offered and can be "accidentally" selected is breaking your desired
    default behavior of "always send the end-users to NCCredProvider."
    If it's not clear what credential provider / wrapper on the system may
    be doing this, export
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential
    Providers] to a .REG file and then just cut-n-paste the .REG file text
    contents into a post here.
    Alan Adams
    Novell Client CPR Group
    [email protected]
    Novell, Inc.
    www.novell.com
    Thanks Alan,
    In this case it seems simply putting the Novell Client on a Windows server with Terminal Services enabled is enough to cause the issue.
    On an actual server login (ie: Vmware console) you press CTRL-ALT-DEL
    You see the Novell Login section (this is server 2012 R2, BTW) with the userid/password
    2 lines below it it says:
    Computer Only Logon
    If you choose Computer Only Logon
    Then it "stays" at Computer Only Logon for all subsequent logons/reboots.
    I'm going to guess it's probably a Windows setting (we only have a few GPO settings pushed out to servers via AD).
    Anyway, here's the reg key contents:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{1b283861-754f-4022-ad47-a5eaaa618894}]
    @="Smartcard Reader Selection Provider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{1D7BE727-4560-4adf-9ED8-5EEC78C6ECFF}]
    @="CtxKerbProvider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{1ee7337f-85ac-45e2-a23c-37c753209769}]
    @="Smartcard WinRT Provider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{2135f72a-90b5-4ed3-a7f1-8bb705ac276a}]
    @="PicturePasswordLogonProvider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{25CBB996-92ED-457e-B28C-4774084BD562}]
    @="GenericProvider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}]
    @="NPProvider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{600e7adb-da3e-41a4-9225-3c0399e88c0c}]
    @="CngCredUICredentialProvider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}]
    @="PasswordProvider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}\LogonPasswordReset]
    @="{8841d728-1a76-4682-bb6f-a9ea53b4b3ba}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{8FD7E19C-3BF7-489B-A72C-846AB3678C96}]
    @="Smartcard Credential Provider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{94596c7e-3744-41ce-893e-bbf09122f76a}]
    @="Smartcard Pin Provider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{cb82ea12-9f71-446d-89e1-8d0924e1256e}]
    @="PINLogonProvider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}]
    @="CertCredProvider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}]
    @="WLIDCredentialProvider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{f9cf286d-a029-41f9-86f6-90acf0618aa4}]
    @="NcCredProvider"
    Hope this helps.

  • Scom 2012 r2 DFS management packs mp windows 2008 r2 servers

    Hello,
    I'm having an issue in getting the 2008 r2 DFS namespaces  servers to show up after installing the "Windows Server File & iSCSI Services 2012" and "Windows Server File & iSCSI Services 2012 R2".  The attached mp
    documentation says to "Remove all existing DFS namespaces packs prior to installing the new dfs namespaces pack". However, the 2012 mp doesn't seem to include 2008 mp. 
    Does anyone have a guide or can clarify the install/upgrade instructions? 
    Thanks.

    Regarding to
    DFS MP Guide, this management pack contain both for windows 2008\2012
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
    Mai Ali | My blog: Technical | Twitter:
    Mai Ali

  • Windows 2008 R2 servers won't update manually or via WSUS - error code 80073712

    We have a number of Windows Server 2008 R2 servers which have been refusing majority of windows updates for a while now.
    Tried DSIM utility and SURT - both produce  errors in checksur.log, although different:
    DSIM- 4 * problems with IE hyphenation and Spelling in package manifests and catalogue
    SURT - 2 * CSI Missing Winning Component Key
    Any ideas as to what we can do next ?
    All these servers are business critical, so we are not in a position to 'play' too much with any of them and don't particularly want to rebuild them(e.g. exchange, sharepoint)
    (note, in case it is relevant, all these servers were physical but converted to virtual march this year and updates worked for a few months after that)

    Hi,
    Have you tried to use sfc /scannow first?
    After that, please run DSIM and SURT again.
    If it doesn't work, due to the servers are business critical, it is recommanded that you contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request. Thanks for your understanding.
    To obtain the phone numbers for specific technology request please take a look at the web site listed below:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
    Hope the issue will be resolved soon.
    Best Regards.
    Steven Lee
    TechNet Community Support

  • Issue with RDS Licensing on Windows 2008 R2

    I'm attempting to consolidate 2 very small Citrix environments (only two total servers in each environment) into a single farm and when attempting to migrate RDP applications to what will be the full production environment, I'm receiving the following error
    on only 1 of the 2 servers regardless of who launches:
    The remote session was disconnected because there are no Remote Desktop client access licenses available for this computer.
    Here's where it gets really interesting:
    All servers are running Win 2008 R2 and are at the same patch level
    In the environment I want to retire, each server has it's own Remote Desktop licenses that are on a Per Device level.
    In the environment I want to migrate to, each server has it's own Remote Desktop licenses, one server is (currently) set to Per Device, the other Per User - but the one that is Per User is the one that can connect successfully.
    I've attempted to change the RD Session Host Configuration to point only at the server that appears to be successfully allowing connections with no success.
    I've reviewed other threads of similar error messages and none seem to apply.
    I'm at a loss, please help.

    Hi,
    Thank you for posting in Windows Server Forum.
    From your desciption it seems that you have set the RDS CAL to per device on one server and the one which is facing error, you are pointing that server to the server which is already set as Per device CAL and thus you are facing the error. Means The RD licensing
    mode on the Remote desktop server set to Per Device, while the license server might have only Per User CALs.
    If this is the case, the license server issues only temporary licenses that cannot be upgraded. When the temporary licenses are within several days of expiring, "Event ID 26, Source: Application Pop-up" appears in the application event log on the client.
    The event message indicates the number of days remaining before the temporary license expires. Similarly, "Event ID 1011, Source TermService" appears in the application event log on the terminal server.
    There are solution to this issue by changing the license mode and check the result. Also it can be possible that the remote desktop server might not be able to locate the license server. 
    Please go through below link carefully. (As it’s for server 2003 but we can verify the solution as described)
    Troubleshooting Remote Desktop Licensing Error Messages
    http://technet.microsoft.com/en-us/library/cc756826(v=ws.10).aspx#BKMK_12
    In addition, you can try following solution.
    1 - Open regedit
    2 - Go to this location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing
    3 - Then Delete MSLicensing key totally.
    4 - Now reconnect to the same server machine through remote desktop.
    Hope it helps!
    Thanks.
    Dharmesh Solanki

  • Issue with VPN configuration in Windows 2008 r2 and 2012 Servers.

    Hello ,
    I hope you can help me to fix this issue, it's been 5 days since I a, trying to configure VPN in your 2008 and 2012 Servers. On both platform  (2008 and 2012) I am getting same error while configuring VPN (after role installation). 
    "Unable to load C:\Windows\System32\iprtrmgr.dll". So, I have removed IPv 6 entry from the registry and now able to start server (not sure what configuration it took automatically).  I tried to disable "Routing
    and Remote Access" service and got the same error while enabling "Routing and Remote Access" is running but VPN is still not functioning properly). 
    I am getting following error,
    ================================================
    Errors under the Event viewer (Remote access)
    1) --->>    CoId={DF744409-02D7-4FF4-AD24-504F0C83E1AB}: The user 10.0.0.1\chetan connected from 10.0.0.1 but failed an authentication attempt due to the following reason: The remote connection was denied because the user name and password
    combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.
    2) ----->>   CoId={DF744409-02D7-4FF4-AD24-504F0C83E1AB}: The user connected to port VPN3-127 has been disconnected because the authentication process did not complete within the required amount of time.
    Errors under the Event viewer (Remote access)
    3) ---->>  Network Policy Server denied access to a user.
    Contact the Network Policy Server administrator for more information.
    ================================================
    I am using (MS-CHAP v2) + EAP (Authentication Method).  Please let me know if you need any additional information. 
    Thank you,

    I Guess this thread is not related to SQL Server .User is facing issue because of network or may be due to OS.I guess I will move this into windows forum.
    Moderators please move to Network forum
    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

  • Oracle 11g RAC on Windows 2008 R2 VMware EXS 3.5 virtual machines

    Hi,
    We are planning to Install Oracle 11g R2 RAC on two VMware EXS 3.5 Windows 2008 R2 servers.
    Having trouble while assigning the storage to the servers, the Raw Device Mapping feature in the VMware is greyed out and we cannot assign the disks to the Virtual servers, the disks are allocated to the Vmware Host machine from the SAN (HP EVA).
    Please guide me the best approach for the RAC configuration on VMware EXS 3.5 Win 2008 R2 Guest servers.
    any help will be highly appreceiated.
    Thanks.

    Hi,
    Is this implementation to production environment?
    Be aware:
    Is Oracle RAC on VMware supported? No, we do not support Oracle Software including Oracle RAC on VMWare.
    Aside from the support restrictions for the database on VMWare outlined in Metalink Note 249212.1, there are technical restrictions that prevent the certification of Oracle RAC in a VMWare environment.
    *RAC: Frequently Asked Questions [ID 220970.1]*
    Having trouble while assigning the storage to the servers, the Raw Device Mapping feature in the VMware is greyed out and we cannot assign the disks to the Virtual servers, the disks are allocated to the Vmware Host machine from the SAN (HP EVA).Check if below can help you.
    http://vmzare.wordpress.com/2007/02/19/vmware-raw-device-mappingrdm/
    Regards,
    Levi Pereira

  • Bit Locker on windows 2008 R2 Virtual machine

    Hello there !
    We have a a number of Windows 2008 R2 machines and we wish to provide an encryption mechanism for each Virtual machine.
    It's a VMware environment and all the VM files go into NFS drives.
    Do you think , Bitlocker will help ?
    Is Bitlocker supported on Virtual machines ?
    In my opinion , Bitlocker is to safeguard against any "physical" threat to a machine.
    But I wanted a second opinion here.
    Please help me.

    VMs don't have a Trusted Platform Module (TPM) available to store the Full Volume Encryption Key (FVEK) used for BitLocker, but you can still use Hyper-V by storing the necessary information on a floppy drive. Use the command line:
    cscript c:\Windows\System32\manage-bde.wsf -on C: -rp -sk A:
    BitLocker is now enabled within the VM.
    VMs don't have a Trusted Platform Module (TPM) available to store the Full Volume Encryption Key (FVEK) used for BitLocker, but you can still use Hyper-V by storing the necessary information on a floppy drive. Use the command line:
    cscript c:\Windows\System32\manage-bde.wsf -on C: -rp -sk A:
    BitLocker is now enabled within the VM.
    Hyper-V Security How to: Use BitLocker to Protect Your VMs
    http://blogs.technet.com/b/tonyso/archive/2008/07/01/hyper-v-security-how-to-use-bitlocker-to-protect-your-vms.aspx
    for VMeare VMs you have to check with VMware and these links may help you
    How to Encrypt VMware VM running Windows 2008 R2 with Microsoft Bitlocker
    http://www.christowles.com/2010/10/how-to-encrypt-vmware-vm-running.html
    http://www.networknet.nl/apps/wp/archives/395
    Mohamed Fawzi | http://fawzi.wordpress.com

  • Unable to install SCCM client on Windows Server 2008 R2 - certificate permission error?

    I am trying to comply with corporate policy, which is, have an SCCM agent or client on every Windows device. I have successfully used the provided SCCM installer on other Windows 2008 R2 servers. However for one particular server I cannot get the SCCM agent
    to install successfully. I've searched forums and documentation, but can't find a solution. Part of the problem is the lack of feedback by SCCM on what is wrong. I think I have narrowed down the symptom to the following error messages from the "C:\Windows\CCM\Logs\ClientIDManagerStartup.log":
    [LOG[Certificate [Thumbprint C559304C1598F17641D0732EB9EB787169A25FA7] issued to 'SMS' doesn't have private key or caller doesn't have access to private key.
    [LOG[Failed in GetCertificate(...): 0x87d00281]LOG]!><time="10:56:59.014+300" date="04-17-2014" component="ClientIDManagerStartup" context="" type="3" thread="3024" file="ccmcert.cpp:2122">
    [LOG[CCMCreateAuthHeaders failed (0x8009200b).]LOG]!><time="10:56:59.014+300" date="04-17-2014" component="ClientIDManagerStartup" context="" type="3" thread="3024" file="clientauthutil.cpp:978">
    When I use the Certificates MMC snap in to look at installed certs on this Windows Server 2008 R2 machine, there are plenty of normal and expected certificates there. There is also a branch called SMS with hundreds of entries, I have no idea what that is.
    The above error seems to indicate a permissions issue. What do I do to fix this SCCM install? It seems like a server cert issue, not an SCCM issue, so I'm posting to the Windows Server forums.
    Thanks in advance.
    Thanks

    this maybe helpful...
    http://www.jamesbannanit.com/2011/04/certificate-requirements-for-sccm-2012/
    should be asked in SCCM forum...
    http://social.technet.microsoft.com/Forums/en-US/home?forum=configmanagerdeployment
    Best,
    Howtodo

  • Windows 2008 R2 SP1 Windows update not applicable

    HELP!!! We have 3 Windows 2008 R2 servers that were updated with SP1 back in March. Last month we noticed on our Retina audit that the three servers were missing several Windows critical patches that were released after SP1 was applied. WSUS did not report
    any missing patches for those three servers. When we tried to manually apply those missing patches we get the error message "This update is not applicable to your computer". After some troubleshooting we found that KB976932 (Service Pact 1) is not listed in
    installed updates. However, system property shows Windows 2008 R2 SP1 Enterprise Edition. We are certain that SP1 did NOT come pre-installed. Microsoft Baseline Security Analyzer detected no missing patches. Microsoft System Readiness Tool CBA logs show no
    errors. Ran SFC /SCANNOW and found no error also. Force install of the patches with command switch /wuforce, did not work we still get the same message patch not applicable. We compared our servers that are fully patched running Windows 2008 R2 SP1 against
    the three unpatched servers and found several dll and sys file's version to be different. Those dll and sys files are also the files that would have been updated by the critical patches. The only thing different between the fully patched Windows 2008 R2 SP1
    servers and the unpatch are the unpatch have no public internet access. We confirmed patches that were required prior to SP1 push are installed: KB2454826 KB2534366 KB2533552 KB976902 Confirmed: Partition with Windows 2008 R2 SP1 installed is set to "ACTIVE"
    Windows Event Collector service is started Windows Modules Installer is started Uninstalling SP1 is not possible because the KB976932 is not listed and verified "not hidden" in installed updates list. Rebuilding the three servers are the very last option,
    since they are critical. Other than the missing patches.... the servers are running great, we have no reported issues with the three servers. Attempt to reinstall SP1 failed after reboot, error 0X800F0826. If anyone has experience this problem and know of
    a solution please help.

    Hi,
    I would like to confirm that what updates are not applicable for your three Windows Server 2008 R2 SP1 servers?
    Based on the current situation, please run the System Update Readiness Tool as Meinolf Weber mentioned and check the CheckSUR.persist.log for the corrupted
    files. After that, please refer to the following Microsoft TechNet article for how to repair them.
    Advanced guidelines for diagnosing and fixing servicing corruption
    http://technet.microsoft.com/en-us/library/ee619779(WS.10).aspx
    Regards,
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • JFServer.exe fault in Windows 2008 server with Central V 5.7

    I have an installation of Central 5.7 running 6 instances on Windows 2008 server 64 bit and have noticed that the six instances don't always come up when the machine is rebooted.  Here is the error that it logs in the Central Log. 
    "Open of table 'C:\Users\Userid|Appdata\Local\Temp\JFX8A00.tmp' failed.
    This also sometimes happens when I make changes to jobs in one of the instances and there seems to be no pattern wo what instances it happens in.
    This behavior does not appear to happen with Central 5.7 running on XP or 2003 server.
    Any thoughts on why this might be happening?

    This is a recently known issue specific to Central on Windows 2008
    Contact Adobe Support to obtain the patch. You can find their contact details in your support agreement.

  • Installing Windows 2008 Server on Intel Raid (MEGAIDE)

    I am facing the intolerable issue of trying to install Windows 2008 Server on a machine that has 2 drives configured for mirroring using the Intel RAID settings in the bios.  (MEGAIDE) 
    In Windows 2003 you faced the dubious task of having to do the F6 to install the 3rd party RAID drivers.
    In Windwos 2008 Server, you are able to load the drivers on a memory stick and browse the drivers.
    I downloaded the drivers for Windows 2003 Server since there are no drivers posted for 2008 from the Intel website.
    http://downloadcenter.intel.com/filter_results.aspx?strTypes=all&ProductID=2162&OSFullName=Windows+Server*+2003+Enterprise+x64+Edition&lang=eng&strOSs=111&submit=Go%21
    The installer recognized them when I browsed the media, but they did not load.
    Any suggestions would be appreciated.
    Thanks,
    Mark

    Hi,
    I have the SE7230NH1-E Intel motherboard and it finnaly work for me using the driver from Asus but for motherboard. 
    P5BV-C/4L
    http://ca.asus.com/fr/Server_Workstation/Server_Motherboards/P5BVC4L/#download
    Version  4.4.0208.2008
    Description
    ICH7R LSI RAID Driver
    LSI Embedded MegaIDE Driver V4.4.0208.2008 for Windows Server 2008 32/64 bit.

  • Windows 2008 R2 on Cisco UCS B200M networking problems

    This is driving me completely nuts.  Let me start by saying I am new to blade servers and Cisco UCS.  I did take an introduction class, and it seemed straight-forward enough.  I have a chassis with two B200M blades, on which I am trying to configure two Windows 2008 R2 servers, which I will eventually make Hyper-V servers.  This is all in a test environment, so I can do anything I want to on them.
    Right now I have installed W2008 directly on hard disks on the B200M hardware.
    The problem is this: even though I think I've configured the network hardware correctly, using the Cisco VIC driver software, I cannot get networking to work in any reliable way.  I cannot even get ping to work consistantly.  I can ping my local server address, but I cannot ping my gateway (HSRP address).  When I try, I get a "Reply from 10.100.1.x: Destination host unreachable (x being each particular server's last octet). I CAN, however, ping the individual IP addresses of the core switches.  I can also ping some, but not all, the other devices that share the servers' subnet.  There are no errors being generated, the arp tables  (for those devices I can ping) look good, netstat looks OK.  But I cannot get outside the local subnet...
    Except when I can.
    There are times when I can get all the way out to the Internet, and I can download patches from Microsoft.  When it works, it works as expected.  But if I reboot the server, oftentimes networking stops working.  Yet another reboot can get things going again.  This happens even though I've made no changes to either the UCS configs or the OS.
    I cannot figure out any reason when it works at some times and not at others.  I've made sure I have a native VLAN set, I've tried pinning to specific ports on the Fabric Interconnects.  There is just no rhyme or reason to it.
    Anyone know of where I can look?  I'm very familiar with Windows on stand-alone boxes (although it's no longer my area of expertise), and I manage a global WAN (BGP, OSPF, Nexus 7k, etc.) so I'm no dummy when it comes to networking, but I am utterly stumped on this one.        

    The problem was this: while the NICs on the blade server are called vNIC0 and vNIC1, Windows was calling vNIC1 "Local Area Connection" and vNIC0 "Local Area Connection 2".  So what I configured on UCS did not match what I was configuring in Windows.  Completely, utterly ridiculous.
    Anyway, networking is working now without any issues.  Thanks for you suggestion; it did get me looking in the right direction.

  • 802.1x PEAP Windows 2008 NPS Certificate

    I've setup a centrally switched SSID on a 5508 WLC utilising 802.1x PEAP authentication to a pair of Windows 2008 NPS which authenticate the PEAP username and password to our Active Directory domain.
    Currently the Windows 2008 NPS servers are utilsing a server certificate issued from our internal Certificate Authority with the certificate being presented to the device upon connection depending upon which server the WLC sends the authentication too. The servers names on the internally issued certificate are in the form of:
    Server01.domain.local
    Server02.domain.local
    Due to these certificates being internally issued certificates when some devices specifically Apple iPad and iPhones connect to the SSID initally they are prompted to accept the certificate but it is listed as not verified as its issued by an internal domain CA and not an external root certificate authority.
    I am going to be obtaining an external root CA issued certificate for both servers to replace the internally issued certifcates however I notice using the internal certificate if I connect a device to the SSID and accept the certificate of server with certificate name server01.domain.local and then if disable the ability for clients to connect to server01 the WLC will automatically forward the authentication connection to the next server on the list however as this server is presenting a different certificate "server02.domain.local" devices which are conducting certificate validation will fail to connect as the certificate does not match the previously accept certificate.
    Does anyone know a way around this?
    Will adding say server02.domain.local as an additional name to the certificate for server01.domain.local resolve this issue?

    Hi,
    Please confirm the Win7 clients has renew the certificate and deleted the old certificate. And confirm you are not using the default server certificate template.
    More information:
    Renew a Certificate
    http://technet.microsoft.com/en-us/library/cc730605.aspx
    NPS Server Certificate: Configure the Template and Autoenrollment
    http://msdn.microsoft.com/en-us/library/cc754198.aspx
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

Maybe you are looking for