A couple of nice little OSD tweaks in ConfigMgr 1702

ConfigMgr 1702 have a wealth of new features and client management improvements. This one might not be the reason you upgrade, but it’s still nice and worth a blog post. With 1702 you can customize your task sequence information and control what’s being displayed to the end-user. in this example you should notice a few changed in software center. Looking at my Upgrade task sequence, I now have information about download time/size and restart. when I start the task sequence, I have interesting information from my IT department telling me why the company is upgrading to Windows 10 All of [...]

Android for Work in Configuration Manager 1702

Android for Work support was introduced in Intune standalone in late 2016. With the latest release of Configuration Manager current branch we also have AFW support in hybrid environments. In order to configure AFW a few things to you need to ensure first: Have a couple of Android devices with Android 5.0 or higher Create a Google account to be used as the Android for work admin account Configure Android for Work In the ConfigMgr console navigate to Administration workspace / Overview / Cloud Services / Microsoft Intune Subscriptions and click Configure Platforms / Android For Work. Notice the dialog [...]

By | 2017-03-27T08:38:21+00:00 March 27th, 2017|Configuration Manager (SCCM)|1 Comment

Cloud Management Gateway with Sub CA

The new Cloud Management Gateway is going to make a big difference in the way we manage endpoints away from home in the future. The feature is a System Center Configuration Manager 1610 pre-release feature. Being a pre-release typically means = a little troubleshooting is required to get the feature working in different environments. In my previous blog post I described an issue with software update scan failing. The troubleshooting steps used in this blog post, are similar what I have described there. In this environment we have a PKI with a Sub CA, and as part of the certificate [...]

By | 2017-03-15T10:54:35+00:00 March 15th, 2017|Configuration Manager (SCCM), General info|8 Comments

Software Update scan error using Cloud Management Gateway

First, I need to say….the new Cloud Management Gateway feature in Configuration Manager 1610 is awesome. There are a couple of gotchas you need to know about, when creating the service, but once you have overcome those hurdles - you will look like a hero at work, and be known as the person who finally enabled client management on internet based endpoints like road-warriors and colleagues working from home. In the wuahandler.log on the client you might run into Scan failed with error = 0x80240439. If that happens, first step in your troubleshooting should be checking he configuration manager agent [...]

By | 2017-03-14T08:13:09+00:00 March 14th, 2017|Configuration Manager (SCCM), General info|5 Comments

Q&A from the Flexera & Coretech webinar

Could you please tell me how many days can I use the trial version of Dashboard? Looks very useful for my SCCM infra. Also please let me know how to opt for dashboard after the trial period.First a huge thanks for all attending the webinar, as promised he are a list of the questions that we didn’t have time to answer during the webinar. Q: We already use Flexera for compliance. Is "Patching" included in it OR is it a separate module? A: Patching is integrated in the standard CSI solution. You can either patch using WSUS or integrate with [...]

By | 2017-01-26T12:17:24+00:00 January 26th, 2017|Configuration Manager (SCCM), General info|0 Comments

Default Site-Boundary-Group and boundaries

The purpose of the Default Site-Boundary-Group is to service clients that are not served by any other boundary group (that being local boundary group or neighbor boundary group). However in ConfigMgr 1610 there has been some confusement around the fact that you can add boundaries to the Default Site-Boundary-Group . I’ve been asked a couple of times if we should add all boundaries to the Default Site-Boundary-Group since the group is automatically configured for Site assignment. My take on that is NO, don’t use the Default Site-Boundary-Group as you don’t really control it. You will also notice that you can’t [...]

By | 2017-01-23T13:34:33+00:00 January 23rd, 2017|Configuration Manager (SCCM), General info|3 Comments

Error installing WSUS using a remote SQL and non-standard SQL port

Ran into this error earlier today while trying to install WSUS using a remote SQL 2014 SP2 server with non-standard SQL ports. 2016-11-22 20:30:13  Stopping service WSUSService 2016-11-22 20:30:13  Stopping service W3SVC 2016-11-22 20:30:13  Configuring database... 2016-11-22 20:30:13  Configuring the database... 2016-11-22 20:30:13  Establishing DB connection... 2016-11-22 20:31:14  System.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a [...]

By | 2017-08-22T10:29:40+00:00 November 22nd, 2016|Configuration Manager (SCCM), SQL|0 Comments

Unlock BitLocker Encrypted Drive From WinPE the Secure Way!

I have seen several blog posts on how to unlock a BitLocker encrypted drive from Windows PE, using the recovery password stored in the Microsoft Bitlocker Administration and Monitoring (MBAM) SQL Server database. What's the problem with these solutions? All of these have one thing in common: they query the SQL database directly, requires changing SQL Server configuration and granting access to the database directly. Why is this a problem? Well, in my opinion this is a bad design approach, as the core purpose of implementing BitLocker volume encryption and MBAM is to secure our data from being compromised. By [...]

By | 2016-10-12T08:49:13+00:00 October 12th, 2016|Configuration Manager (SCCM), OS Deployment, Security|7 Comments

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization In my work as an advisor and consultant I see organizations adapting to the emerging IT landscape, where user behavior is changing and security risks are increasing. In the midst of this change, I encounter frustrated IT professionals trying to keep up with everything and not having enough time to do so. I encourage my customers to be on top of changes and make sure they stay on top. That message goes beyond IT pros and extends to business owners and managers who can no longer afford [...]

Unknown error creating the Intune connector in Configuration Manager CB

Recently ran into an unknown error while trying to create the Intune connector in ConfigMgr 1602 (and 1606). The error occurred in the “Create Microsoft Intune Subscription Wizard” when trying to Sign in using a Global Admin Azure account. For those of you who do not understand Danish (yet), the error message is something like “An Unexpected error occurred”. The GA Azure account is a “service account” and not used to enroll mobile devices. For that reason the account wasn’t assigned an Enterprise Mobility Suite (EMS) license.  The solution: Assign an EMS license in Azure Active Directory to the Global [...]

Error enrolling devices into Intune & Configuration Manager 1602

Enrolling devices into Intune and & ConfigMgr is normally straight forward until you run into issues. Below is an example where I received an enrollment error (picture 1), clicking Continue leads me to picture 2. As you can see in picture two the Enrollment Update turns from Warning to Checkmark, but only for about 5 seconds then it goes back to a warning.     Troubleshooting mobile devices is slightly different than traditional desktop troubleshooting. The troubleshooting options depends on the device (Android, iOS or Windows). In this example my device was an Android. You can email the log files [...]

Create ConfigMgr Servicing Plans with Excel and PowerShell

Last week I posted one example how to create ConfigMgr Servicing Plans with PowerShell. In this post I will show you how to create Servicin Plans using Excel. Step 1 is to create a table like this If you have that table with necessary information or if needed you can add more data, then simply save it as a CSV file and import the data to PowerShell.   Here is one quick and simple example how to create these Servicing Plans based on a CSV file and if needed create the Device Collections as well. This example also assumes that [...]

By | 2016-05-31T21:32:16+00:00 May 31st, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr cmdlets and Lazy properties

If you have worked with Configuration Manager before, then most probably you know that some of the WMI classes contain lazy properties. Microsoft cmdlets for ConfigMgr queries by default these lazy properties, for example If you query the same Device Collection directly through WMI, then you don’t see RefreshSchedule property value. If you need to query lazy properties, then you can use the .GET() method or [WMI] accelerator. Starting from 1604 cmdlets we have a new parameter called -FAST. Parameter FAST allows us to skip Lazy properties and this should make the queries much faster and should also lower the [...]

By | 2016-05-26T17:43:26+00:00 May 26th, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr Move-CMObject issue and one possible workaround

If you have been following me in twitter, then most likely you already know that the Move-CMObject cmdlet is broken in 1604 release. Here is one quick examples that shows the error message. Microsoft already knows this issue and hopefully they can fix it quickly but meanwhile we need to find a workaround or do something else: 1. Uninstall 1604 cmdlets and go back to older version 2. Replace Move-CMObject with your own custom function - http://cm12sdk.net/?p=1006 3. NEW! Use Invoke-CMWmiMethod   In this blog post I will show one example how to use Invoke-CMWmiMethod cmdlet. In this example Im [...]

By | 2016-05-24T15:23:08+00:00 May 24th, 2016|Configuration Manager (SCCM)|0 Comments

Creating ConfigMgr Servicing Plans with PowerShell

Last week we got a new set of cmdlets for Configuration Manager and now we have the ability to create Servicing Plans with PowerShell. I put together end-to-end example and with this script you can: Create a folder called Software Updates (cant move Device Collections into a folder because Move-CMObject is broken in latest release) Create 5 Device Collections Create Software Updates Deployment Package Download the necessary upgrade package Distribute the package to a Distribution Point Create 5 different Servicing Plans   ############ WINDOWS 10 SERVICING ###############################     Get-CMWindowsServicingPlan     New-CMWindowsServicingPlan #These cmdlets require Configuration Manager 1511 or newer. $DeploymentPackageName [...]

By | 2016-05-23T16:18:15+00:00 May 23rd, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr 1604 new cmdlets

Microsoft released a new set of command-lets for Configuration Manager and all these new cmdlets are also included in the ConfigMgr 1605 TP release. Here are all the new cmdlets: cmdlet Category Notes Get-CMWindowsServicingPlan Software Updates Windows 10 Servicing New-CMWindowsServicingPlan Software Updates Windows 10 Servicing Add-CMServiceConnectionPoint Infrastructure Set-CMServiceConnectionPoint Infrastructure Remove-CMServiceConnectionPoint Infrastructure Get-CMServiceConnectionPoint Infrastructure Remove-CMCertificateRegistrationPoint Infrastructure Set-CMCertificateRegistrationPoint Infrastructure Add-CMCertificateRegistrationPoint Infrastructure Get-CMCertificateRegistrationPoint Infrastructure Invoke-CMDeviceAction Resource Management Get-CMDeviceActionState Resource Management Add-CMIntuneSubscription MDM / Hybrid Set-CMIntuneSubscription MDM / Hybrid Get-CMIntuneSubscription MDM / Hybrid Remove-CMIntuneSubscription MDM / Hybrid Add-CMMdmEnrollmentManager MDM / Hybrid Remove-CMMdmEnrollmentManager MDM / Hybrid Get-CMMdmEnrollmentManager MDM / Hybrid New-CMApnsCertificateRequest MDM / Hybrid New-CMDepTokenRequest [...]

Links from our MMS ConfigMgr precon session

Thanks for all the questions and tweets during the opening session yesterday. Jason, Anne and I really enjoyed the afternoon. As promised here are the links from the session. Update 1605 for Configuration Manager Technical Preview: https://blogs.technet.microsoft.com/configmgrteam/2016/05/16/update-1605-for-configuration-manager-technical-preview-available-now/ winpe peer caching: http://blog.ctglobalservices.com/kea/win-pe-peer-caching-in-configmgr-current-branch/ Client install failing on management point: http://blog.ctglobalservices.com/kea/configmgr-client-failing-to-install-on-management-point/ Startup script: http://blog.configmgrftw.com/configmgr-client-startup-script/ SQL XL sheet: https://t.co/XUXuUfxuaq Cache management example: https://blogs.msdn.microsoft.com/helaw/2014/01/07/configuration-manager-cache-management/ SQL best practice: https://stevethompsonmvp.wordpress.com/2016/02/05/proper-tempdb-creation-for-configuration-manager/ & https://stevethompsonmvp.wordpress.com/2014/05/19/powershell-sql-audit-script/  

By | 2017-08-22T10:28:42+00:00 May 17th, 2016|Configuration Manager (SCCM), Events, SQL|0 Comments

Conditional access with ConfigMgr+Intune and On-Premises Exchange

Conditional Access in either a Cloud-only or Hybrid scenario is a great way to control data by saying we do not allow you to access Corporate Email without enrolling the device to a Corporate MDM solution where Data Protection Policies will be applied. This is in my opinion the best compromise where we let the user be productive where they get the ability to access corporate data on any device, anywhere, where we at the same time have control over the device, forcing security and compliance policies, encrypting data, deploy (LoB) apps and las but not least have the ability [...]

ConfigMgr Software Update scanning failed with OnScanComplete with error=0x80244017

Scanning, deploying and installing software updates should be a walk in the park, and most of the times it is. But (luckily) sometimes we run into issues that we haven’t seen before. Like in this case where clients stopped scanning for software updates in ConfigMgr 1602. What I have learned in my years working with ConfigMgr is that software update issues often are caused by older version of the Windows Update agent, configuration change on the WSUS server(s) or a change in the infrastructure. The challenge is to figure out is what category your issues falls into. Normally, it’s fairly [...]

By | 2016-04-24T12:19:29+00:00 April 24th, 2016|Configuration Manager (SCCM), General info|2 Comments

Android OS version not on the requirement list

Managing mobile devices can be different compared to managing traditional computers for many reasons. One of them being the lack of control with operating system versions on the devices. We simply don’t control when Android and iOS devices are being upgraded and as such we don’t control what version users are using. That can be a challenge when you are using requirement rules on your web applications (and other deployment types). In the illustrations below it’s easy to see that we have a bunch of Android 6+ versions and looking at the requirement rules for the web apps you’ll see [...]

Microsoft Azure AD Connect not syncing at a cycle

Recently I had a customer who had implemented the latest version of Azure AD Connect (v. 1.1.119.0) which was available in February 2016. In this version Microsoft changed a lot the make it easier to administrate and convenient to use. They also added some great new features like! Reduction in the sync interval to keep your Azure AD in sync with AD on-premises more quickly Support for automatic upgrades Ability to switch between sign-in methods through the wizard to enable faster pilots Support for Domain and OU filtering within the wizard Read more here: https://blogs.technet.microsoft.com/ad/2016/02/18/azure-ad-connect-1-1-is-now-ga-faster-sync-times-automatic-upgrades-and-more/  Well as it turned out, [...]

Community Web page to help corporate users enroll their devices!

Guidence on how you can enroll your device and gain access to your corporate data and applications: This web page is created by the community for the community to help corporate users to efficiently enroll their devices into an Microsoft Enterprise Mobility Solution. Businesses can use this webpage as an How-To for their users and link it to their existing documentation. The site covers: Microsoft Windows 10 Devices Apple iOS Devices Google Android Devices Visit the page by going clickin here: www.enrollyourdevice.com Also check out the Microsoft EMS Resources App https://www.microsoft.com/store/apps/9nblggh6j3fq and YouTube page https://www.youtube.com/channel/UCbf6dOWcNhRgLHDEXJWqiNw for more information about Microsoft [...]

Win PE Peer caching in ConfigMgr Current Branch

There are so many reasons for migrating your environment to ConfigMgr CB (current branch), one of them being the new content management feature – Win PE Peer caching. To me it’s important to understand what the feature is bringing to the table, and what it is not. Win PE Peer caching is introduced to save bandwidth by sharing content already present on your local network. Those who are familiar with the ConfigMgr ecosystem, know that solutions to support that has been around for years. Solutions like OneSite from Adaptiva, Nomad from 1E and custom BrancheCache from 2Pintsoftware. This blog post [...]