Conditional access with ConfigMgr+Intune and On-Premises Exchange

Conditional Access in either a Cloud-only or Hybrid scenario is a great way to control data by saying we do not allow you to access Corporate Email without enrolling the device to a Corporate MDM solution where Data Protection Policies will be applied. This is in my opinion the best compromise where we let the user be productive where they get the ability to access corporate data on any device, anywhere, where we at the same time have control over the device, forcing security and compliance policies, encrypting data, deploy (LoB) apps and las but not least have the ability [...]

ConfigMgr Software Update scanning failed with OnScanComplete with error=0x80244017

Scanning, deploying and installing software updates should be a walk in the park, and most of the times it is. But (luckily) sometimes we run into issues that we haven’t seen before. Like in this case where clients stopped scanning for software updates in ConfigMgr 1602. What I have learned in my years working with ConfigMgr is that software update issues often are caused by older version of the Windows Update agent, configuration change on the WSUS server(s) or a change in the infrastructure. The challenge is to figure out is what category your issues falls into. Normally, it’s fairly [...]

By | 2016-04-24T12:19:29+00:00 April 24th, 2016|Configuration Manager (SCCM), General info|2 Comments

Android OS version not on the requirement list

Managing mobile devices can be different compared to managing traditional computers for many reasons. One of them being the lack of control with operating system versions on the devices. We simply don’t control when Android and iOS devices are being upgraded and as such we don’t control what version users are using. That can be a challenge when you are using requirement rules on your web applications (and other deployment types). In the illustrations below it’s easy to see that we have a bunch of Android 6+ versions and looking at the requirement rules for the web apps you’ll see [...]

Example of setting up a custom monitor in SCOM with a Powershell Script – Monitor NIC teams in SCOM

In this blogpost, I'll run through an example of how to configure a monitor from the ground up, going through every step, for making a monitor in Powershell for SCOM. It's a very basic script, but it have a value we measure on, so you have all the basic building blocks. But first… What time is it? ADVENTURE TIME! The other day I was transferring an OS Image to one of our new Hyper-V servers, and the transfer speed was around 10 Mbit on our internal network. Asking the guy responsible for the server if there was something wrong, and [...]

Microsoft Azure AD Connect not syncing at a cycle

Recently I had a customer who had implemented the latest version of Azure AD Connect (v. 1.1.119.0) which was available in February 2016. In this version Microsoft changed a lot the make it easier to administrate and convenient to use. They also added some great new features like! Reduction in the sync interval to keep your Azure AD in sync with AD on-premises more quickly Support for automatic upgrades Ability to switch between sign-in methods through the wizard to enable faster pilots Support for Domain and OU filtering within the wizard Read more here: https://blogs.technet.microsoft.com/ad/2016/02/18/azure-ad-connect-1-1-is-now-ga-faster-sync-times-automatic-upgrades-and-more/  Well as it turned out, [...]

Community Web page to help corporate users enroll their devices!

Guidence on how you can enroll your device and gain access to your corporate data and applications: This web page is created by the community for the community to help corporate users to efficiently enroll their devices into an Microsoft Enterprise Mobility Solution. Businesses can use this webpage as an How-To for their users and link it to their existing documentation. The site covers: Microsoft Windows 10 Devices Apple iOS Devices Google Android Devices Visit the page by going clickin here: www.enrollyourdevice.com Also check out the Microsoft EMS Resources App https://www.microsoft.com/store/apps/9nblggh6j3fq and YouTube page https://www.youtube.com/channel/UCbf6dOWcNhRgLHDEXJWqiNw for more information about Microsoft [...]

Win PE Peer caching in ConfigMgr Current Branch

There are so many reasons for migrating your environment to ConfigMgr CB (current branch), one of them being the new content management feature – Win PE Peer caching. To me it’s important to understand what the feature is bringing to the table, and what it is not. Win PE Peer caching is introduced to save bandwidth by sharing content already present on your local network. Those who are familiar with the ConfigMgr ecosystem, know that solutions to support that has been around for years. Solutions like OneSite from Adaptiva, Nomad from 1E and custom BrancheCache from 2Pintsoftware. This blog post [...]

Create Boundaries in ConfigMgr based on your DHCP-Scope using PowerShell

Sample script at the end for this article. I was recently at a customer that wanted to add new boundaries based on their DHCP-Scopes. This would be a very easy task if they only had a few, but they had well over a two-hundred scopes so I decided to create a PowerShell script to do the Job. One thing you need to bear in mind when doing this is that a DHCP-Scope can range from 10.10.10.1 – 10.10.10.254 which means when creating these boundaries that all client in this range are supported, no one is left out. However, a DHCP [...]

By | 2016-03-26T14:18:34+00:00 March 26th, 2016|Configuration Manager (SCCM)|4 Comments

ConfigMgr Client failing to install on Management Point

In ConfigMgr Current Branch, version 1511/1602 you have a new pre-production client upgrade feature that allows you to test the new client install on a pre-preproduction collection. The feature works like a charm and allows you to gain control over the upgrade process by testing first. However, while testing the new client, you might run into client installation issues if you are installing a new client on a Management Point. In ccmsetup.log on the management point you will see errors stating that “The client version 5.00.8325.1000 does not match the MP version 5.00.8355.1000.  The client will not be installed.” The [...]

By | 2016-03-22T11:30:53+00:00 March 22nd, 2016|Configuration Manager (SCCM)|3 Comments

Upgrade SCCM 1511 to 1602 when Service Connection Point is set to Offline, on-demand

Last week Microsoft announced 1602 for SCCM Current Branch Production Environments: https://blogs.technet.microsoft.com/configmgrteam/2016/03/11/now-available-update-1602-for-system-center-configuration-manager/ Receiving updates to your System Center Configuration Manager Server(s) is today more important than ever in order to have your SCCM environment keep track with Windows 10 and the ever fast paste with Cloud development where new features are added constantly. To make the updates experience of your SCCM solution as smooth as possible Microsoft has introduced dynamic updates for SCCM. This basically means that you will get a notice in your SCCM Administration console that a new update is available for installation. But there is a but, [...]

By | 2016-03-19T22:25:02+00:00 March 19th, 2016|Configuration Manager (SCCM)|7 Comments

OMS/EMS Seminar March 2016: Enterprise Mobility Suite Session Notes and slides

Hi First and foremost, thanks to all attendees for a great day on Wednesday. Lots of great questions and discussions and to all of you who is wondering what happened to my girlfriend’s phone – well I had to un-enroll it the morning after!  For those of you who are waiting for the EMS-book that Kent is writing together with Peter Daalmans, it is not to long until it is published so stay tuned! I will update this blog post with link to the book when it is out.. Download the slide deck: EMS Microsoft EMS Resources app is free and [...]

Azure Stack: Azure Stack TP1 POC download is available!

The Azure Stack POC is up and running again. With a new updates to make installation easier If you haven’t tried it yet! Get started! https://azure.microsoft.com/en-us/overview/azure-stack/try/ Read much more in the documentation (you can even help contribute since the docs are open source!) https://azure.microsoft.com/en-us/documentation/articles/azure-stack-overview/

By | 2016-02-22T23:05:23+00:00 February 22nd, 2016|Azure, Azure Stack|0 Comments

Azure Stack – PowerShell: VM Admin GUI Tool – Beta 1

Welcome to my first Azure Stack blog. Recently I have been exploring the Azure Stack POC TP1 which is available for everyone at https://azure.microsoft.com/en-us/overview/azure-stack/ So far I am very impressed, of cause always bear in mind that this is the first technical preview POC. Today I made a small tool for helping me to have a good overview of my Azure Stack tenant VMs. In Azure Stack the VMs are named by their GUID in Hyper-V. This makes perfect sense, since multiple tenants could easily name their VMs the same name. But when administrating your hyper-v host, It can be [...]

By | 2016-02-22T14:27:35+00:00 February 22nd, 2016|Azure, Azure Stack|0 Comments

Azure PowerShell: How to assign access to a subscription using PowerShell (RBAC)

I had this question from a customer recently, and when I searched the net I wouldn’t find any specific examples. This example assigns a user as a Contributor to the subscription. When you assign roles to resources, all you need is the URL for the resource and provide it to this cmdlet. Here you go: [crayon-59c0de3b15ba5917158079/] That’s all for today!

By | 2016-02-18T13:41:05+00:00 February 18th, 2016|Azure, Powershell|0 Comments

Azure Automation / SCOM: Triggering a runbook as a Recovery task using Webhooks

  If you havent heard about it, the future of automation is here! In the form of  “Azure Automation”. also known as “OMS Automation” when it is part of the Operational Management Suite (OMS). This cloud service can control our automation, just as System center Orchestrator has done for years. It works in a very similar way, but has been extended to support more features, for instance it supports what is known as Webhooks. A webhook enables us to trigger a runbook using a standard HTTP call, making it easier to integrate from other tools (could for instance be used [...]

By | 2016-02-10T15:41:56+00:00 February 10th, 2016|Azure, Operations Manager (SCOM)|1 Comment

DHCP Guide

This document describes common scenarios for implementing DHCP in relation to PXE boot with particular focus on Configuration Manager. Assumptions and audience Audience must familiar with basic IP networking principles. The background In order for a client to perform a PXE boot, there must be a DHCP service available, this is not required to be a Microsoft DHCP service. Any DHCP server is good. The following diagram shows a typical network setup In this case the client and the server is on the same network, which is the simplest setup you will come across, normally the setup will be more [...]

FTP / SFTP monitor for SCOM

In this post we'll make a script for a FTP / SFTP monitor that can monitor the FTP/SFTP status, by doing the following operations: -Log in -Upload a file -Download a file -Delete the file Since Powershell doesn't have any built-in ftp support I was looking for some alternatives, and since I use WinSCP normally for ftp/sftp I found that they also support Powershell scripting, so why not take advantage of this? This guide was written with great help from WinSCP's own page: https://winscp.net/eng/docs/library_powershell Get the SSH fingerprint (This part is only nessary for the SFTP solution). Since we need the SSH [...]

Configuring backup in ConfigMgr Current Branch

With the introduction of Configuration Manager Current Branch (CB), the game of backup has changed slightly.  A SQL backup is still valid for restoring the database, but re-installing ConfigMgr CB must be started by running setup.exe from the cd.latest folder. I know most of you are backing up the virtual machine (which is good), but that should not prevent you from not stop you from backing up SQL and Configmgr. You have two options: Create a SQL maintenance plan and include a custom step to backup cd.latest SQL backup Pros Support for compression Better scheduling job E-mail notifications No ConfigMgr [...]

By | 2016-01-29T14:09:51+00:00 January 29th, 2016|Configuration Manager (SCCM), General info|13 Comments

Silent install Java 8 Update 71 and 72 with SCCM

In my last post about silent / unattended installation of Java 8 Update 66, we followed the new guidelines for how to install Java 8 silently by Oracle. The problem with that method is that it works when you try to run your script locally with administrator privileges it will work fine, but when you run the same script through SCCM / Configuration Manager, it will fail. And just to confuse you even more, it will only fail for the 32-bit version of java, not the 64-bit, even though you use the exact same method. This problem have been reported [...]

Why cmtrace is a man’s best friend when deploying Win 10 1511 upgrades using Configuration Manager

ConfigMgr 1511 is a great Win10 management tool, and so far the only real enterprise management tool I have seen when it comes to deploying Win 10 1511. There is a minor UI issue that might make you freak out. When downloading the upgrade our Download Software Updates Wizard is not really moving although everything runs smoothly in the background. The trick is to open Patchdownloader.log - if you can find it – it’s located in %temp% if you started the download directly from the server. Notice that the log file is updating like a charm.   Happy upgrading

By | 2016-01-13T10:02:33+00:00 January 13th, 2016|Configuration Manager (SCCM), General info|0 Comments

Windows 10 Servicing in ConfigMgr 1511

Playing around with Windows 10 Servicing in ConfigMgr 1511 is kind of cool. But having said that; you might want to know the consequences of creating custom servicing plans. A servicing plan is basically an automatic deployment rule with a twist. The twist being (right now), you are unable to filter on the updates being downloaded. Regardless of the Windows 10 versions and languages the servicing plan will always download all 256 Windows 10 versions. Each version is about 2 GB….do the math. Contentlibrary will explode in size, if you selected all remote distribution points; the Network team will not [...]

By | 2016-01-12T01:37:56+00:00 January 12th, 2016|Configuration Manager (SCCM), General info|25 Comments

Why cmtrace.exe is not always your best friend

I once heard a very wise guy saying the notepad is all you need to read log files. I do not say I agree, as I find cmtrace a slightly better tool…. but that’s right until I ran into a ConfigMgr 2012 upgrade to ConfigMgr 1511 earlier today. My upgrade failed, during the file copy phase because it couldn’t copy a new version of cmtrace to my tools folder. Whatever you do, do not click on the View Log button in the installation dialog. The error in configmgrsetup.log: ERROR: Failed to copy E:\INSTALLATIONSOURCE\MS\CONFIGMGR1511\DVD\SMSSETUP\tools\CMTrace.exe to k:\program files\microsoft configuration manager\tools\cmtrace.exe, Win32 error [...]

By | 2016-01-11T10:24:47+00:00 January 11th, 2016|Configuration Manager (SCCM)|2 Comments

Windows WI-FI profiles

Currently working on an Enterprise Mobility project, and thought I should share a little trick. In the project; we are deploying WI-FI profiles to Windows 10 devices. Some WI-FI profiles use SCEP/NDES certificates while others are configured using a pre-shared secret. When working with Windows WI-FI profiles, the only way to add a pre-shared secret to the profile is by creating a custom XML file. An easy way to create the WI-FI profile XML file; is to create the profile on a Windows 10 computer and then export the profile. To do that, use the steps below: To list all [...]

Azure Automation: Setting “Run As” Account on Hybrid Worker Groups!

I just want to post a little new feature I found a couple of days ago as a small NYE treat! It is now possible to set a “global” Run As account on a hybrid worker group! This feature removes any difference between SMA and AA Hybrid Workers, meaning that you can transfer any runbooks directly! (Contact me if you need help) By Default the Hybrid Workers run as “LocalSystem”, while SMA runbook workers run as a specified service account. It is possible to change the service account for the Microsoft Monitoring Agent, but that is not best practice and [...]

By | 2015-12-31T13:46:30+00:00 December 31st, 2015|Azure|2 Comments