Quantcast
Channel: The D-Spot
Viewing all 27 articles
Browse latest View live

HELP – I have the infamous error 80091007 during a task sequence!

$
0
0

In my previous post on the error 2148077575, I already mentioned that my top 1 most feared error in SCCM is the 80091007.

I decided to list all causes that I have either personally experienced or found on other sources

In most cases you will not get the error all the time -> god help you !

First thing to do is to update the package that is reported by the error.  If this still fails you can recreate the package.  If this still fails, it may not be a package problem…

It happens only on physical machines ?  In an environment where the sccm server is running on ESX 5.1 it seems you can have problems because of  the E1000 NIC on ESX 5.1 – you should change it to VMXNET3 and the problem will go away.

It happens only behind some switches? Check if portfast is enabled and jumbo frame is enabled.

It happens on only one machine ? you might have bad RAM!

Is there anything special in the IIS logs? Maybe the problem is a blocked file extension or filtering rule !

Try disabling the antivirus on the SCCM server (or at least have the appropriate exclusions for SCCM in place)

If multicast fails, try with unicast

It only happens if your OS image size is bigger than 10 GB?

 

quite a long list of causes isn’t it. feel free to comment if you have gotten this error but caused by something else!


App-V 5.0 SP2 Client and the pain to upgrade

$
0
0

Microsoft released the long awaited SP2 for the App-V 5.0 client. With new features like better integration with the local OS (shell extensions!), the possibility to sequence some dependencies like MsXML and Visual C++ run times. A welcome change with this release is that the volume license editions of Office 2013 Standard and Professional, Visio 2013 Std & Pro and Prject 2013 Std & Pro are supported! Many customers will look at App-V 5.0 again!

It’s time to deploy the new App-V client to workstations!

As I’m always trying to get my hands on the MSI’s to deploy software, the first thing I did was getting and extracting the sources. Once I had played arround with the MSI’s I decided to take a walk to consider things and throw the MSI’s gently in the bin and install the EXE wrapper instead!! The next step was to find the required confguration parameters and finally deploy to workstations.

Prepare the sources

Get the App-V Client 5.0 SP2 binaries from the MDP ISO and extract the contents from it.

APPV_CLIENT_SETUP.EXE /Layout /LayoutDir=c:\temp

This will extract all the MSI’s from the EXE. The result is the App-V Client MSI and the all language pack(s) available.

AppV5SP2_MSI

I’m only interested in the English version, I will install only one language pack.

AppV5SP2_LP_MSI

Install the App-V client (MSI) and language packs

Command-line to install the App-V client:

msiexec /i appv_client_MSI_x64.msi /qn /NORESTART AcceptEULA=1 /L*v “LogPath\appv5SP2_client_MSI_x64.log”

English Language Pack:

msiexec /i “appv_client_LP_enus_x64.msi” /qn /NORESTART AcceptEULA=1 /L*v “LogPath\appv5SP2_appv_client_LP_enus_x64.log”

So far so good!

Issue’s with upgrading SP1 to SP2

A clean SP2 client installation works fine by using the MSI’s, but upgrading a previous version gave nothing but errors.

errorLoadingAppAfterAppV50SP2Upgrade

Sync-AppvPublishingServer : CoCreateInstance() failed

 Get-AppvClientPackage : CoCreateInstance() failed. The Microsoft Application Virtualization Service may not have been started. Please verify that the service is running.

It’s clear that the AppV service wasn’t running, but I wasn’t able to get it up and running again.

Reinstalling the AppV Client solved this issue, using the EXE wrapper!  … Then I decided to use the default EXE wrapper instead.

Install the App-V client (EXE)

I’m using these setup paramaters against the AppV client installer.

APPV_CLIENT_SETUP.EXE /q /ACCEPTEULA /CEIPOPTIN=0 /MIGRATIONMODE=1

/ENABLEPACKAGESCRIPTS=1 /S1PUBLISHINGSERVERNAME=AppV5PubServer

/S1PUBLISHINGSERVERURL=http://myServer:someport

/S1GLOBALREFRESHENABLED=1 /S1GLOBALREFRESHONLOGON=1 /S1USERREFRESHENABLED=1

/S1USERREFRESHENABLED=1 /S1USERREFRESHONLOGON=1

/Log “<myLogPath>\appv5SP2_client_EXE_x64.log”

Don’t forget the /AcceptEULA paramater, apart from the information in the log file “Initializing string variable ‘ACCEPTEULA’ to value ’0′” you will get an meaningless error;

Exit code: 0x68e

But this silent install gave the same error when upgrading an SP1 App-V Client!

All things considered, I gave up and ended up with a manual installation of APPV_CLIENT_SETUP.EXE :-S

Luckily I had only some POC workstations with AppV client 5.0 SP1 installed! For new installations the MSI’s did the job.

Configuration

With the deployment of the SP1 client, I used a Powershell script to configure the client. There are also ADMX templates avalaible to deploy with GPO’s and the MSI/EXE installers accept switches to configure the client.

Conclusion

My intention was to blog about the deployment of the App-V Client 5.0 SP2 using the MSI installer. But it became a total failure, I’m publishing this post just to start a discussion and maybe to find a solution over time.

/Ben

 

App-V 5 Error publish connection groups

$
0
0

While synchronizing packages from the App-V 5.0 server, I encountered some issues with connection groups.

Sync-AppvPublishingServer : There were errors encountered when trying to publish connection groups from the server.
Operation attempted: RefreshPublishingServer.
AppV Error Code: 070000000F.
Please consult AppV Client Event Log for more details.

image

Above errors doesn’t say much, but here is an entry from the Event Log:

The connection group {xxx} version {xxx} could not be published because the virtual COM settings of the individual packages conflict. 
Verify that the virtual COM settings are the same for all member packages and try again.
Error code: 0x8E90070A – 0x3000F

OK, now we are getting somewhere!

After verifying the User and Deployment XML’s, there was a clear difference in the virtual COM settings of both packages.

XML files package #1:

<COM Mode=”Isolated”>
        <IntegratedCOMAttributes OutOfProcessEnabled=”true” InProcessEnabled=”false” />
      </COM>

XML files package #2:

      <COM Mode=”Integrated”>
        <IntegratedCOMAttributes OutOfProcessEnabled=”true” InProcessEnabled=”true” />

Aha!

By editing both XML files to reflect the settings in package #2 it should be resolved .. In my dreams, the error remains.

After changing the following line in both Deployment and User XML files:

<Objects Enabled=”false” />

(was set to “true” in package #1).

After setting the virtual COM settings in both packages the connection group was loaded from the App-V 5.0 server as it should!

/Ben

Good read about this issue:

Roel Beijnes: http://ictworkspace.wordpress.com/2013/03/14/microsoft-app-v-5-connectiongroups-and-errors/

SCCM 2012 R2: Deploy Console Hotfix kb2905002 as an application

$
0
0

If you are not able, or don’t want to use SCUP as a solution to install the console hotfix, you could make an application of the hotfix instead. With this solution, you only need to deploy the hotfix application, and the console will be fully installed. Below, I will explain all the necessary steps.

1.You need to create an application for .NET Framework 4. (this is necessary for the console)
Create a DeploymentType with commandline: dotNetFx40_Full_x86_x64.exe /q /norestart /ChainingPackage ADMINDEPLOYMENT
For detection method, use the following:
NET4Detection

No requirements or dependencies needed.

2. You need to make an application of the SCCM 2012 R2 console. Use adminconsole.msi & consolesetup.exe as sourcefiles.
The sourcefiles for the Adminconsole are located on the Primary Site Server in the Configuration Manager installation folder under Tools\ConsoleSetup.
Create a new application.

CreateApp1
Enter general info for the app. Press next until you need to configure Deployment Types. Click Add.
Select Script Installer.
CreateApp2
Select a content location for the sourcefiles and specify the install cmd: consolesetup.exe /q TargetDir=C:\ConfigMgrConsole EnableSQM=0 DefaultSiteServerName=sccm.network.int
Uninstall cmd: Consolesetup /uninstall /q

For the detection method, use windows installer with the adminconsole.msi
CreateApp3
Create a dependency with the dotnet 4 application.
CreateApp4

3. Create an application of the Console hotfix.

Use Configmgr2012adminui-r2-kb2905002-i386.msp as sourcefile.

Installation program: msiexec.exe /p configmgr2012adminui-r2-kb2905002-i386.msp /L*v %TEMP%\configmgr2012adminui-r2-kb2905002-i386.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous

uninstall cmd: Consolesetup.exe /uninstall /q

For detection method, use the following:
hotfix1

Create a dependency for the SCCM 2012 R2 console app, made in the previous step. This one needs to be installed before the hotfix is applied.
hotfix2

Make sure you distribute all the content to your Distribution Points. Now you can deploy the Console application hotfix, made in step 3. The system will check if the R2 console has been installed along with Netfx4. After that, it will apply the hotfix.

You can easily check the version of CreateTsMediaAdm.dll on the destination pc, to make sure the hotfix has been applied. Browse to the installation folder of the console: .\Bin\I386\CreateTsMediaAdm.dll
consoleversion

 

App-V 5 and Office 2013 import: Database error when importing into the AppV Mgmt Server

$
0
0

After creating an Office 2013 package, generated with the current Office Deployment Tool for Click-to-Run (ODT) version (24/02/2014), the import in the App-V Management Server fails.

App-V 5 package import error (Office 2013)

There were problems interacting with the database on the server.  The error was: String or binary data would be truncated.
The statement has been terminated.

Applying the latest hotfix for the management server didn’t fixed this issue.

I created and imported several Office 2013 packages before, but never had this issue. The only difference between them is that this package contains not only Office 2013 ProPlus, but also Project & Visio and four languages. This results in a huge file name and package name.

After opening the package for Update Edit with the AppV Sequencer, and shorten the Package Name the import went fine!

Conclusion

This issue reminds me of an old Softgrid issue : http://blogs.technet.com/b/appv/archive/2011/02/03/error-code-0000c800-when-trying-to-import-a-package-on-the-app-v-management-server.aspx

The Office Deployment Tool should make our life easier. But in the real world it generates packages with names that are to long to import into the Management Server.

/Ben

Revision history vs dependencies vs APP-V 5 client

$
0
0

discovered an odd thing today…

in an SCCM 2012 SP1 environment we had the client installation of APP-V 5 SP2 + update 2 already running for quite a while

recently the installation Always failed initially, but on the second attempt it worked.

as the deployment was made available this is quite annoying.

there are many ways already described on the WWW how you can install the APP-V 5 client with its dependencies, so I’m not going to say which is best.

initially what we did is create an application for .net framework 4, one for WMF 3, one for KB2533623 and one for kb2758857 (which is the replacement of kb2533623).  then create another application for APP-V 5 SP2 and another for hotfix 2

dependencies where setup this way: WMF3 dependent on .net framework 4, kb2533623 and 2758857 dependent on WMF3, APPV5 hotfix 2 dependent on APPV 5 SP2, this to make sure that the dependencies would be installed in the proper order

as only one of the hotfix needs to be present (2533623 OR 2758857) they are placed in the same dependency group:

Capture2

create separate deployment types for X86 and x64 for the applications WMF, 2533623, 2758857, appv5 SP2 and appv 5 SP2 hf2

so if you check the dependency relationship on APPv5 SP2 HF 2 you will get something like:

Capture

OK, now back to the problem of the day…

the installation chain of the APP-V sequence was Always failing on the first attempt, why?

upon looking through the appintenteval.log I saw that somehow the chain was trying to detect .net framework 4, while in the dependencies the .net framework 4.5.1 was set

last week the customer decided that .net framework 4.5.1 was the new standard, so created a new application for it and superseded .net framework 4 by .net framework 4.5.1

ok, sounds reasonable to me, but why is the installation of APP-V streams still trying to do something with .net framework 4 ?

the key is revision history -> upon displaying the references column in the console, we could see that there were still 9 references that depended upon .net framework 4, but those references were still pointing to an old revision of the dependent applications.

after cleaning up old revisions, the installation of the APP-V stream from software center worked again as designed!

Advanced adventures with the sccm 2012 security model and how to get by them…

$
0
0

wow, I think this is probably the longest title I ever used over here, but I wanted to draw attention to it anyway…

I will try to explain here (since I went for the public forum without much useful info) some issues I had when implementing the security model in a very strict environment

let’s start by describing the environment first:

the environment (all in the same AD dom & forest) consists of a central branch and about 15 other branches. most of the content and the overall structure and management of the environment will be done centrally, but in each branch you will have people that can also add new content, create collections and so on

we will stick with 1 Primary site with only DPs for the branches

we have a good naming convention where the branch name is put first in every collection and content, so eg: CET package 1 would be a package that must be available for everyone, whereas 100 package 1 would be a package that will be only available to the people of branch 100 (i’m trying to explain as basic as I can) – so this is useful to define scopes in cm12!

the content they get to see can thus be: centralized content accessible for everyone and their own content (so if I am the It guy in branch 100, I cannot see (or worse: delete) content that was made in branch 200

so basically security wise in cm12 this comes to creating 2 new custom roles : 1 for helpdesk people of the branch and 1 for the IT guys of the branch

then I created a scope for the central branch and one for each branch.

issue 1: how to use collection limiting in this environment?

remember: the branch guys must see the central collections AND their own collections.

I cannot give them access to the all systems collection, that would break things

solution: I created a new empty collection, lets say GLOBAL with limiting collection set to all systems.

then for every collection I want everyone to see/manage, I set the GLOBAL collection as limiting and not the all systems (this can be done with powershell)

(so the administrative user will get access to the global collection and his own decentral systems collection, thats all)

issue 2: how to use scoping in this environment?

remember: the branch guys must see the central content AND their own content.

solution: each branch scope must be set on ALL content you want them to see (do not give someone two security scopes)

by doing it this way, if the decentral guy creates new content, the proper security for his location will be added directly

issue 3: how to import a computer if one doesn’t have the default scope?

security wise in cm12 for this to happen the user must have the collection: read, modify and modify resource permissions and also the site: read and import computer information permissions (those were set in one of the new security roles)

BUT: since the decentral guys will not have the default scope, they CANNOT import a device!

solution: you need to give on the administration/site node also access to the non standard security scopes

issue 4: decentral IT guys cannot distribute content to a dp

the users security role already has the necessary permissions DP: copy to distribution point, DP Group: copy to distribution point group, but they do not see ANY DP

(also because they don’t have the default security scope)

solution: you must go to administration/distribution point and add the non standard scope (next to the default one which was already there) to one or more DPs.

issue 5: delegating the create collection privilege

the users security role already has the necessary permissions collection: CREATE but still he/she could not create a new collection?

solution: it seems you also need the permission MANAGE Folder

nice but this one creates a new hurdle to overcome: the user will be able to create new folders but also delete existing ones (so I cannot use this)

workaround: we created a device collection “_template collections” with one empty collection for each branch (where already the limiting collection is set).  so all they have to do is copy their own template collection (they will probably only see one because of the collection limiting), rename it and move it to the appropriate folder, done!

 

Conclusion: if you are trying to accomplish some advanced security privileges in CM12, don’t give up too soon!

 

Ps: this is also a subject in one of my advanced SCCM 2012 trainings that should go on schedule later this year

SCCM: Install drivers for specific hardware during OSD.

$
0
0

I had a customer where some PC models were equipped with a matrox graphical card.
During OSD, the tasksequence needs to check if the card is available, and install the corresponding driver.
To do this, you need the hardware ID of the graphical card. Once you have it, you can use the following WMI query: SELECT DeviceID FROM Win32_PnPEntity WHERE DeviceID like “PCI\\VEN_102B&DEV_0540&SUBSYS_2080102B%”
As you can see in the query above, I didn’t use the complete hardware ID. The %-sign is a joker sign, but, if you like, you can use the complete hardware ID instead.

Next, go to your task sequence and add a step: install driver package. On the Options tab, add the WMI query mentioned above. Now, the step will check the computer for the specific hardware ID. If it is not installed, the task sequence will not install the matrox driver. Of course, you can do this for any hardware device. :-)

 TaskSequence


App-V 5 Sequencing Recipe – ConfigMgr 2012 R2 Admin Console

$
0
0

Sequencing the SCCM Admin Console is always a hassle. Prerequisites like .Net Framework and VC++ redists need to be in place. Sometimes other Microsoft products cannot be installed next to the ConfigManager Admin Console. And custom shortcuts are needed to have a working software package. Each new version brings new challenges!

I will sequence the Microsoft Configuration Manager Console 2012 R2 (aka Admin Console), with some extra’s like the famous Right Click Tools and the SCCM Toolkit (think CMTrace).

Sequencing Environment

Sequencer version: App-V 5.0 SP2 (no Hotfix applied)

Sequencer OS version: Windows 7 x64 with SP1 (reflects the company OS, same patch-level and middleware installed, no anti virus)

image

.NET Framework 4.5 and Silverlight are very important to have installed on both sequencing machine and client machines.

I’m using version .NET Framework 4.5.1 because all client machines have this version installed. If you’re using Framework 4.0, be sure you have the FULL version installed.

Sequencing machine is build like Nicke Kallen suggests: http://www.applepie.se/setup-a-vm-for-packaging

Sequencing Preparations

Get the source files

SCCM 2012 R2 Admin Console

Sources files are copied from the SCCM server, you find them in “Program Files\Microsoft Configuration Manager\tools\ConsoleSetup”

image

ConfigMgr 2012 Powershell Right Click Tools (Now Micro Right Click Tools)

Can be downloaded from http://www.nowmicro.com/rct/

System Center 2012 R2 Configuration Manager Toolkit

ConfigMgrTools.msi

Installation script

To automate the sequencing process I use a batch script to –more or less- silently install the admin console and extra tools. (place in the “c:\temp” folder)

“C:\Temp\ConsoleSetup.exe” /q TargetDir=”C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole” EnableSQM=0 DefaultSiteServerName=YourSERVERNAMEorALIAS.FQDN.BLA

msiexec /i “c:\temp\Right Click Tools.msi” /qn

msiexec /i “c:\temp\ConfigMgrTools.msi”

regedit /s “C:\Temp\ReportBuilder.reg”

I don’t use the “/qn” msiexec parameter for ConfigMgrTools.msi, because I don’t want to install all features (you could make a transform file to accomplish a silent installation, but I don’t think it’s worth the effort).

Sequencing Steps

  • Copy sources files and installation script to the sequencing machine, create snapshot.
  • Start the sequencer
  • PVAD; C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole
  • Launch install-batch script. This will install the Admin Console, Right-Click Tools and the SCCM Toolkit.
  • ConfigMgrTools 2012 R2 Tookit default install (except for the server tools feature).

    image

  • Don’t launch the Admin Console while monitoring as it will generate unnecessary package “clutter”.

     

    After the monitoring phase clean up your sequence!

    Remove shortcuts: EULA, HELP, ..

    Issues

    The console don’t behaves and crashes

    At first the console seems to work, it launches. But as soon as you add resources to a collection for example, it crashes or you simply cannot add devices.image

    My workaround for this issue was to use a custom shortcut to “Microsoft.ConfigurationManagement.exe” using the Dynamic Configuration XML’s.

    Change original “pointer” to the shortcut from:

    <Target>[{AppVPackageRoot}]\AdminConsole\bin\Microsoft.ConfigurationManagement.exe</Target>

    To:

    <Target>C:\ProgramData\App-V\PKG-GUID\VERSION-GUID\Root\AdminConsole\bin\Microsoft.ConfigurationManagement.exe</Target>

    image

    More on this issue at the Technet Forums and MS Blogs.

    Console crash since R2

    Starting from the R2 version the Admin Console crashes as soon as you create a collection or add resources to an existing collection (not limited to these actions!).

    image

    Add Resources:

    image

    Event Logs pointed to .NET Runtime errors.

    image

    Application: Microsoft.ConfigurationManagement.exe

    Framework Version: v4.0.30319

    Description: The process was terminated due to an unhandled exception.

    image

    Faulting application name: Microsoft.ConfigurationManagement.exe, version: 5.0.7958.1000, time stamp: 0x5230d1aa

    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409,

    The custom shortcut doesn’t fixes this issue this time (R2).

    After troubleshooting a numerous of things, I fixed this by one the following actions:

  • Don’t use a fake PVAD, install the Admin Console to your PVAD.
  • Don’t start the Console while monitoring
  • Cleanup your sequence.
  •  

    Custom shortcut to “Microsoft.ConfigurationManagement.exe” is still needed in my environment (AppV 5 Publishing Server).

    Apply a hotfix to the App-V 5.0 client

    $
    0
    0

    Applying a hotfix should be easy as pie. But I got many questions about the latest hotfixes for App-V Client 5.0 SP2 (HF4 and HF5 at time of writing).

    Take for example Hotfix Package 5 for Microsoft Application Virtualization 5.0 Service Pack 2. This one’s filename is “appv_client_setup_patch.exe”. After downloading most of the people double click the installer and are presented with this error message:

    Setup failed while scanning the system for prerequisites. This update only applies to App-V client version: 5.0.3361.0″. The App-C client is not present on this computer.

    image

    While App-V Client 5.0.3361.0 (= 5.0 SP2) is present on the machine!

    Solution

    You need to extract the above sources with the /Layout parameter, and run the MSP according to your OS architecture (x86/x64) afterwards.

    Syntax:

    appv_client_setup_patch.exe /Layout /LayoutDir=c:\temp

    Extracted sources:

    image

    The .MSP’s can be applied with MSIEXEC and the /P parameter.

    Cannot launch application after installing a hotfix for App-V 5.0 SP2 client

    $
    0
    0

    After applying Hotfix 4 to an App-V 5.0 SP2 client, not a single application could be launched anymore. The hotfix broke the AppV client!

    A virtual application could not be launched from package ‘x’ because the App-V Client Service is not running. Start the App-V Client Service and try again.

    image

     

    To apply Hotfix 4 (HF4) the MSP installer was used (appv_client_kb2956985_x64.msp).

    Typical EXE wrapper installers does prerequisite checks (and installs). But as the MSI/MSP was used, these prerequisite checks aren’t executed.

    KB2956985 does mention an extra prerequisite, VC++ 2013 Redistributable is necessary since this hotfix!

    After installing Microsoft Visual C++ 2013 Redistributable, and rebooting the client, the issue was history.

    /Ben

    UEFI : a blessing or not?

    $
    0
    0

    Deploying UEFI machines with SCCM has caused me lately quite some headache, I guess I am not alone…  I even said to someone as a joke: ‘I can write a book on that item’.

    So maybe it won’t hurt to make some sort of overview of issues you might encounter when trying to do UEFI rollouts

    I can imagine you have seen other issues, feel free to post them in the comments and I will update this article.

    Q1 : Do I need to do something to use PXE on UEFI machines?

    this is a good starter…

    it really depends mostly on the OS of your SCCM/WDS server.

    2008 R2 supports native PXE boot of 64-bit EFI devices, not of 32-bit devices (so watch out if you have older Atom Clover Trail machines as they are 32bit only!)

    2012/R2 server supports PXE boot of both 64bit and 32bit UEFI devices

    so by preference you should have at least one DP that has the 2012 or 2012 R2 server installed.

    if your SCCM infra is not yet on R2 level, but still on SP1, you should also install the following hotfix to enable 32bit UEFI pxe: http://support.microsoft.com/kb/2817245

    Keep in mind that for UEFI you cannot install x64 OS with x86 bootimages (this works only for legacy bios UEFI devices)

    also make sure that you are using MDT 2013, there is a known problem with MDT 2012 update 1 Task Sequences and UEFI:

    The standard MDT 2012 Update 1 Task Sequence, has a bug when deploying Windows 8 to UEFI enabled devices. The default “Apply Operating System Image”, has the thestination configured to use “Logical drive letter stored in a variable” = “OSDisk”.

    The only problem with that is that when the disk is formatted using the new Format and Partition Disk (UEFI) step, the OSDisk variable is not configured. All other format steps has this variable configured, so I guess they just forgot this one.

    Steps to fix this bug:

    1.Edit the MDT Task Sequence.

    2.Locate and select the “Format and Partition Disk (UEFI)” step.

    (Preinstall -> New Computer Only -> Format Disk).

    3.Select the Volume: “OSDisk (Primary)”, and click Properties.

    4.Under Advanced options, set the variable to “OSDisk”.

    Q2 : PXE boot for UEFI machines is not working, now what?

    this is the next most popular question…

    and again the answer depends

    * are you using DHCP scope options or IP helpers?

    you should go for  IP helpers, I had one case where it didn’t work at all using DHCP scope options

    if you cannot go for  IP helpers, you might want to verify the option 67 (bootfilename), in theory even if the smsboot\x64\wdsnbp.com is there the UEFI machine should be smart enough to select the wdsmgfw.efi file instead, but it is not always the case

    so it might be better to put the wdsmgft.efi in there, but then again legacy clients will not be able to boot (still not convinced that IP Helpers is the best solution?)

    * is the UEFI machine behind a switch?

    try to move the machine closer to your PXE DP, I have seen problems with UEFI machines behind switch A, where that same machine behind switch B booted perfectly fine

    so you will need to rely on your network dude to solve that problem for you (he should be your best friend anyway)

    * can you try with another UEFI machine?

    sometimes machine A succeeds and B doesn’t

    in that case the solution is most often to update the bios/firmware of the non functioning machine

    * is the time and date on the UEFI machine correct?

    check this, I have seen it fail due to this!

    * so I went into the BIOS and I noticed there is something called ‘Legacy mode’, why can’t I use that?

    surely you can, but then you are not using UEFI anymore…  and not all devices will have that legacy mode option left!

    it might be useful to turn off the ‘secure boot’ option in the bios anyway

    * are you using a USB to ethernet dongle?

    be aware that the MAC address you use will be the one from the dongle (especially when you import computers)

    you should modify your task sequence a bit to tie the WLAN mac address to the machine. this is documented here: http://blogs.technet.com/b/askpfeplat/archive/2014/07/28/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd.aspx

    Q3 : Bootmedia related questions with UEFI

    Personally to create the media I prefer to use Rufus (http://rufus.akeo.ie/) .

    You need to format the medium using GPT and FAT32 (exFat seems to work also).

    If you are using bootmedia, you should have a file BOOTIA32.EFI on there in a folder EFI\boot!

    Q4 : Task Sequence formatting/drive problems with UEFI

    When deploying to UEFI machines, the TS should have evaluated the conditions for the step ‘partition disk 0 – UEFI’ correctly.

    If that step DOES NOT have the option “make this the bootdisk” selected then the TS will not know which disk to use to lay down the OS

    AppV5 Office 2013 package cannot be published – Access is denied on Integrator.exe

    $
    0
    0

    Had this issue at random on several workstations. Sometimes an Office 2013 (or Visio, Project) package refused to publish on workstations.

    Errors

    Event Logs – AppV Logs

    Event ID 4001

    The App-V client failed to create a process for machine script event AddPackage with command line: ‘”C:\ProgramData\App-V\0123E69C-B152-4C70-B178-41BE0D2B7D1B\5197E402-1206-4940-BD96-A0597E7D4B1F\Root\..\Scripts\Integrator.exe” /I /Msi /License /AppV PackageGUID=0123e69c-b152-4c70-b178-41be0d2b7d1b PackageRoot=”C:\ProgramData\App-V\0123E69C-B152-4C70-B178-41BE0D2B7D1B\5197E402-1206-4940-BD96-A0597E7D4B1F\Root” MsiName=SPPRedist.msi,SPPRedist64.msi PidKey=FN8TT-7WMH6-2D4X9-M337T-2342K,YC7DK-G2NP3-2QQC3-J6H88-GVGXT,C2FG9-N6J68-H8BTJ-BW3QX-RM3B3 PRIDName=VisioStdVolume’. Windows error: Access is denied.. The path must be a Windows application (.exe file).

    image

     

    Event ID 1008

    Package {0123e69c-b152-4c70-b178-41be0d2b7d1b} version {5197e402-1206-4940-bd96-a0597e7d4b1f} failed configuration in folder ‘C:\ProgramData\App-V\0123E69C-B152-4C70-B178-41BE0D2B7D1B\5197E402-1206-4940-BD96-A0597E7D4B1F’ with error 0x7D401F30-0x5.

    image

    Event ID 19104

    Part or all packages publish failed.

    published: 0

    failed: 1

    Please check the error events of ‘Configure/Publish Package’ before this message for the details of the failure.

    image

    Analytic and Debug Logs

    image

    Solution

    1. Delete package cache (In my case: C:\ProgramData\App-V\0123E69C-B152-4C70-B178-41BE0D2B7D1B)
    2. Disable PackageStoreAccessControl (because this was enabled through our custom package install)
      • Set-AppvClientConfiguration -PackageStoreAccessControl 0

        image

    3. Reboot

    This fixed the issue.

    Because the PackageStoreAccessControl feature will be depreciated in the feature App-V 5 release, it’s recommend to disable it imho.

    Thanks to Jur Huisman and Falko Gräfe to bring me on the right track (Microsoft forums)

     

    /Ben

    AppV5 application shortcut missing comment (description)

    $
    0
    0

    After sequencing “Remote Desktop Connection Manager 2.7” the description that appears when mouse hovering the shortcut was something not very useful for our users:

    image

    An empty shortcut Comment-field was the cause:

    image

    A nice “to have” is a proper comment or description for an application shortcut, so we will change this using App-V’s Dynamic Configuration files.

    I’m using the UserConfig.xml because this application is targeted to users.

    Changing the Dynamic Configuration files

    After making a backup of <AppName>_UserConfig.xml, open the XML file with your favorite text editor and find the Shortcuts-tag.

    The Description tag was missing from within the Shortcut-tag!

    Just add the Description-tag;

            <Description>RDCMan manages multiple remote desktop connections in a hierarchical manner, allowing for inheritance of user name, password, etc.</Description>

    image

    Add the updated XML file with the AppV Mgmt Console, Powershell or some 3party tool (depending on how you deliver AppV apps).

    And the shortcut has his description back!

    image

    All users happy again Smile

    Software Updates fail with error code 0x80070543: Cannot open an anonymous level security token.

    $
    0
    0

    A few days ago, I stumbled upon a weird error when software updates were trying to install on our Windows 8.1 systems. We push them to clients, using SCCM 2012 R2. The updates were available in the SCCM cache directory, but the installation Failed.  So I checked the logfiles on the client.
    In the UpdatesHandler.log file, I found the following error: 0x80070543
    updateshandlerLog

    I couldn’t find extra info regarding this error in the current logfile. Next, I checked WUAHandler.log. It showed the same error without extra info.
    WuaHandleLog

    Eventviewer also showed the same error message:
    eventVWR

    I decided to check for the error code, using the winrm command:
    Cmd0x80070543

    The outcome was still cryptic for me.
    After searching for a while, I found following Microsoft KB:

    http://support.microsoft.com/kb/971509

    After applying the suggested solution, updates installed without any problems. :-)


    SCCM 2012: Use the same external ethernet adapter for multiple OSD of devices.

    $
    0
    0

    I read a few blogs regarding this issue. Especially this one explains the problem very well and gives 3 good solutions:
    http://blogs.technet.com/b/askpfeplat/archive/2014/07/28/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd.aspx?wc.mt_id=Social_sysctr_General_TTD&WT.mc_id=Social_TW_OutgoingPromotion_20140820_82057941_system_center&linkId=9330128

    The sample script described in this article might work, but in most of the environments I worked, you need computer policies (and/or user policies) applied to be able to connect to WIFI. This isn’t applied during OSD, which makes it very difficult to connect to WIFI during OSD.

    Another solution I read about, is importing your device by UUID. I tried it, but when OSD finished on the device, SCCM will still register the mac address of the external ethernet adapter in the database.(and I’m not constantly sitting next to my device, waiting for an OSD to end, to remove the ethernet adapter quickly.) When importing a new machine by UUID, I couldn’t deploy with the same external ethernet adapter, because the mac address was already known. Makes sense, doesn’t it? :-)

    I found another simple solution that helped me and I wanted to share with you:
    - Create a machine in sccm using the mac address of your external ethernet adapter.

    - Start your OSD and let it finish (successfully).

    - Log on to the machine (fe: with an admin ID) and try to connect to WIFI. When connected to WIFI, remove the external ethernet adapter.

    - Open the Configuration Manager client and run: “Discovery Data Collection Cycle”.
    MAC1

    After 10 – 15 minutes, check the properties of the device in SCCM again. the MAC address should have changed to the MAC address of the WIFI network card.

    The MAC address of your external network adapter is now removed from SCCM. You can check the report “MAC – Computers for a specific MAC address” to be sure the MAC address is gone.
    MAC2

    Now, you can use the external ethernet adapter on a new device for OSD deployment. When using a required deployment, it might happen that PXE boot fails on the first time. If so, try to clear any required PXE deployment from the new machine and PXE boot it again.
    MAC3

     

    SCCM 2012 R2 SP1: AWEBSVC is not responding to HTTP requests

    $
    0
    0

    A few days ago, I had a problem with the application catalog. The website was unavailable, and the component SMS_AWEBSVC_CONTROL_MANAGER generated the following error:
    Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests.  The http status code and text is 500, Internal Server Error.
    Possible cause: Internet Information Services (IIS) isn’t configured to listen on the ports over which AWEBSVC is configured to communicate.

    Solution: Verify that the designated Web Site is configured to use the same ports which AWEBSVC is configured to use.

    Possible cause: The designated Web Site is disabled in IIS.
    Solution: Verify that the designated Web Site is enabled, and functioning properly.

    This error doesn’t tell you much what to do. After some searching, I found the following URL. Try this one on the server where you installed the application catalog:
    http://localhost/CMApplicationCatalogSvc/applicationofferService.svc
    This page gave me the following info:
    Memory gates checking failed because the free memory (270270464 bytes) is less than 5% of total memory. As a result, the service will not be available for incoming requests. To resolve this, either reduce the load on the machine or adjust the value of minFreeMemoryPercentageToActivateService on the serviceHostingEnvironment config element.
    When given the server extra memory, everything was fine.
    The thing you need to remember from this post? If you have problems with the AWEBSVC, try this URL on your application catalog site system:
    http://localhost/CMApplicationCatalogSvc/applicationofferService.svc.

    Other valuable sources:
    http://thedesktopteam.com/blog/raphael/sccm-2012-application-catalog-https-error/

    http://blogs.technet.com/b/configmgrteam/archive/2012/07/05/tips-and-tricks-for-deploying-the-application-catalog-in-system-center-2012-configuration-manager.aspx

    Office Deployment Tool 2016 updated

    $
    0
    0

    I used to have an issue with installing Office 365 offline. The installation failed, when mentioning a branch in the xml file.
    You can find a threat from TechNet on this link:
    https://social.technet.microsoft.com/Forums/en-US/b8ec9bb8-6122-4f85-ac9b-ebff3aa301d6/how-to-install-office-3652016-on-clients-without-internet-connection?forum=Office2016ITPro

    The solution was, not to mention the branch in your xml file.

    Last week, Microsoft updated their Office Deployment Tool. Now, the offline installation works fine, even when mentioning the branch in your xml file.
    https://www.microsoft.com/en-us/download/details.aspx?id=49117

    ‘Microsoft.Policies.WindowsStore’ is already defined when updating ADMX Central Store for Windows 10 1511

    $
    0
    0

    after updating my gpo templates to Windows 10 1511, I received the following error message:

    gpo

    Microsoft has a KB regarding this issue. But it is a problem for another file: Microsoft-Windows-Geolocation-WLPAdm.admx.
    https://support.microsoft.com/en-us/kb/3077013

    After a short search, I found this link:

    ‘Microsoft.Policies.WindowsStore’ is already defined when updating ADMX Central Store

    the solution boils down to the following procedure:

    1. Delete WinStoreUI.admx and WinStoreUI.adml (under the language folder like ‘en-us’)
    2. Rename WindowsStore.admx to WinStoreUI.admx
    3. Rename WindowsStore.adml to WinStoreUI.adml

    Many thanks and kudos to 404 Tech Support.

    Skype for Business Recording Mgr Error on startup.

    $
    0
    0

    I deployed a Windows 8.1 update x64 machine with Office 365 and the office 2016 apps.
    The following error message appeared when starting Skype for Business Recording Manager:
    image

    When you see this error, it might be, that you have the Windows N version installed. This means, the media feature pack is missing, and Skype for Business Recording Manager needs it to work correct.
    To solve this issue, install the windows 8.1 media feature pack ( KB2929699).
    https://support.microsoft.com/en-us/kb/2929699

    After installation of the pack, Skype for Business Recording Manager works just fine.

    Until next time.

    Viewing all 27 articles
    Browse latest View live