Posts Tagged ‘SCCM’

SCCM – An error occurred while trying to initialize the Windows Deployment Services image server. Error Information: 0xC1030104

February 17, 2012

Got the above error after updating the SCCM boot images with some network drivers.
The PXE service wasn’t running, because the Windows Deployment Service service had stopped.
When starting this service manually, the above error occured
Usually people remove and re-install the PXE Point sccm Role, and/or the WDS Windows role.
What worked for me was just to refresh the boot image packages on the server. Nothing more.
Then the WDS service would start properly, and PXE worked again.
So, if you get this error, first simply try refreshing the packages containing your boot images.

Advertisements

SCCM OSD fails failed to set administrator password

November 17, 2011

Problem: a reference computer used for taking image captures starts failing when re-imaging it with a OSD task sequence, it hangs on the “set local admin password” step.
But when i acknowledge the error (click ok) it continues the TS and finishes properly. I don’t even have to type the new password manually or anything, just clicking OK on the error is enough.

So after the TS was done, checked out the c:\windows\setuperr.log file and it contained the following:

Warning:
Setup was unable to change the password for user account Administrator using the encrypted password apecified because of the following error:
SetLocalUserEncryptedPassword(Administrator) returned error 1325 (52d).

Looked up the error here and it reads

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.

Since the computer is not domain joined at the time of capturing, it must be a local password policy thing. I think it has been set so restrictive while being a member of the domain, and this settings is maintained after disjoining from the domain.
And since the machine has been sysprepped before, the might be a problem.

So i fired up gpedit.msc locally BEFORE the next image capture task and set the password policies to 0 characters, no restrictions whatsover, not on length, complexity, or password history.

and another problem was solved :p

By the way, i never set the local admin password to before running the OSD Capture Sequence, because that step is done by the “Prepare Windows for Capture” TS step, as can be read here

SCCM OSD Error 0×80040104 Failed to find CCM_SoftwareDistribution object

November 16, 2011

Scenario:
Added new drivers to SCCM driver database for hardware of a new pcmodel.
Made a new driver package containing these drivers, and put it on a distribution point.
Then ran the OSD Task Sequence, but after completion i noticed that none of the drivers had been applied to the windows installation.
So the Device Manager was still full of yellow questionmarks.

Then tried a different approach, instead of relying on the “Auto-Apply Device Drivers” step in the OSD TS, I specifically added a step for “Apply Driver Package”, specifying the newly created driver package containing the drivers.
Now when i rebooted the machine using PXE, and started the OSD TS, it failed immediately on the first step when it is checking the availability of all packages.

The smsts.log showed that it couldn’t find a DP location for the driver package.

The error:
Getting policy for CCM_SoftwareDistribution[AdvertID=””, PackageID=””,
FALSE, HRESULT=80040104 (e:\nts_sms_fre\sms\framework\tscore\tspolicy.cpp,2301)
Failed to find CCM_SoftwareDistribution object for AdvertID=””, PackageID=””,

So basically the SCCM Management Point could not provide the client with a location of a Distribution Point that holds a copy of the package.

A little googling turned up this posting which described the exact same error, and luckily, the solution.
So it turns out that sometimes a driver packages is not properly registered in the SCCM database, when the package version is “1”.
This is fixed when you update the package, and the version number is incremented.
Weird bug!

Problem joining computer to domain in SCCM OSD TS

October 11, 2011

In an SCCM OSD Task Sequence i had put in the step to join the computer to a domain, using a low-priviliged account.
This special serviceaccount had been granted the right to join computers to the domain, by using the Delation of Control wizard in ADUC. (Active Directory Users and Computers)
This worked fine the first time the computer was imaged.

The second time during imaging however, the domainjoining step failed.

When i tried to manually join the system to the domain afterwards, using the credentials of the serviceaccount, i got an “Access is denied” error.

So a little googling turned up with this KB arcticle, which mentioned exactly this problem.

It turns out that when you use the standard Delegation of Control wizard to grant someone the right to join computers to the domain, this does not include the resetting of the computer password, which is exactly what is done when you re-install a computer that was already joined to a domain.
By following the steps in the KB article and granting additional rights to the account, everything worked fine.

Quickly removing all packages from distribution point

October 11, 2011

How to quickly remove all sccm packages from one or more DPs? Either by clicking each package and going through the Manage Distribution Point Wizard to remove it from a DP, but that takes too long when we’re talking about 100+ packages.
Fortunately, someone ( Cory Becht) built a nice little tool for this : get it here

SCCM: No Boot Action for Device (number) found

August 25, 2011

I had a computer on which the OS was damaged so it would not boot, and using PXE boot it would just get the “abortpxe.com” so it could be reimaged.

How do we know what collection it is in, so that we can find out why is doesn’t have any PXE advertisements?
– There is no label on the computer with a computername
– The OS won’t boot, so we cannot see the computername within windows.

That leaves us with only the MAC Address and the GUID to search with.

When you do a search in the SCCM Console in a collection , you can not search on either of these values.
So we have to use a query or a Report for this.
You can do this by using a standard report, within the folder Network, called MAC – Computers for a specific MAC Address:

But only if the system is known within SCCM.
So what if this does not show any results?

Then the system is unknown within SCCM, and therefore automatically is a member of the collection “Unknown Computers”
So any advertisements targeted to that collection should also apply to this computer.

But what if it still gets the “abortpxe.com” stuff?
Then it’s time to get into PXE.
Open the file smspxe.log which is located on the sccm server in \SMS_CCM\Logs
Search in there for the mac address and for any messages.
In this case, it showed that sccm thought this computer was a known computer, with no active advertisements.
These are the messages in the log:

Executing LookupDevice..
CDatabaseProxy :: LookupDevice succeeded:
Device found in the database. MacCount=1 GuidCount=0
Executing GetBootAction
No Boot Action for Device (5292) found]
ProcessDatabaseReply: No Advertisement found in Db for device]

So, the device was foun din the database, on the basis of its MAC Address.
Strange, because I could not find the computer anywhere in the SCCM Database.
Now there is some caching of the SCCM database in the PXE part, so maybe it was once a known computer, but it was deleted recently.
So, a restart of the PXE service (or rather the Windows deployment Services – WDS ) on the sccm server should fix this.

This didn’t help either, still getting the abortpxe.com
Well, if SCCM thinks it doesn’t know the computer, but PXE thinks it does, let’s tell either one of them something else.
So I added the computer to SCCM manually, by creating a new Computer Association.
Then added the “new computer” to a collection with the correct advertisements, and voila, we have working PXE boot again.

But the question remains: how can PXE/SCCM “find” the computer in the database, while I cannot find it anywhere?

SCCM OOB console fails “GetAMTPowerState fail with result:0x80070005

August 23, 2011

So i implemented OOB management in a SCCM 2007 R2 SP2 environment. I had set up the whole PKI infrastructure, opened up the nescessary network ports, and everything worked fine.
Up untill now.
When i try to connect to a workstation using the OOB management Console, it would hang on “Connecting…” and then go to Disconnected.
But when i rightclick a computer, select OOB Management -> Power Control, i AM able to turn the computer remotely on and off.
So there is communication, but the OOB Mgmt Console can’t establish a connection to the workstation.
The logfile oobconsole.log located in C:\Program Files\Microsoft Configuration Manager Console\AdminUI\AdminUILog shows the error
GetAMTPowerState fail with result:0x80070005
Now, i’ve searched a LOT on the internet for a solution, but haven’t found one.
I checked the Kerberos tokensize, which was well within bounds, also i checked the PKI CA if it was issuing the SSL certificates to the clients properly, and ran through these excellent SCCM OOB Troubleshooting posts (part 1 and part two
Still, same error.
So i ended up manually going into the AMT in the client machines, and selecting Unprovision, (Partial) and waiting for the next provisioning cycle to pick them back up.
Because this takes 24 hours normally, i changed this to once every hour, to speed things up a bit
After that, i could connect to them without problems again.

SCCM: BITS download failing / hangs

August 5, 2011

Classic problem today: when downloading a program from the “Run Advertised Programs” item in Control Panel on a ConfigMgr client, the download of the software “hangs” .
When cancelled and restarted, it hangs again, although at a different percentage of the download.
Following this post quickly turned me to the ApplicationHost.config file, where i had to allow another filetype to be downloaded through IIS.
This time is was the “.config” file-extension and the “.resources” file extensions that caused the 404 errors in the IIS-log.
These files were appearantly present in the Intel AMT / IME drivers/application which i had packaged.
After modifying the ApplicationHost.config (on all DP’s!)and doing an IISRESET, the BITS download worked perfectly.

SCCM, error importing Windows 7 only- drivers to repository

August 2, 2011

On a Windows 2008 (Non R2) based SCCM 2007 SP2 server, importing a Windows 7 -only driver fails with error: ” The selected driver is not applicable to any supported platforms”.
This happens because the OS type for Windows 7 is not properly recognized when reading the drivers .inf file.
See KB978754 for this, and the patch.

Unable to connect to WMI on remote machine

February 15, 2010

So, the duplicate SID thing from my previous post seemed to be fixed.  Well, not completely…. there were a lot of XP workstations  to which the SCCM Tools could not connect, so the certificates or the SID could not be removed.

The tool said: The RPC Server is unavailable. (Exception from HRESULT 0x800706BA)

What was going wrong? Appearantly the tool couldn’t connect to the workstation. But how/what/why?
The following errors also  showed up in the ccm.log on the SCCM Server:
“Unable to connect to WMI on remote machine “, error = 0x800706ba.”

So it appeared that a connection to WMI could not be established.

But when i ran wbemtest or msinfo32 on the workstation locally, no problems.  So WMI was working… Off to some Googling then.

Following the things i found using Google, what did i check on the workstations?

– Firewall was OFF (completely, utterly OFF 🙂 )

– No firewall / filtering between the VLAN’s used.

– Correct services were running (RPC, WMI, etc. etc.)

– Checked WMI on the workstation using WMIDiag , no errors.  Just to be sure, i followed all steps listed here ( rebuilt the WMI repository,  re-registered all WMI files and even re-installed the whole WMI)

– Correct DCOM permissions were in place (using dcomcnfg )

– Removed all virusscanners and other security, or even VPN related tools.

So, i was stuck.

Then i thought: Well, let’s see if patching the boxes will make a difference. They were still XP SP2, so i started installing SP3 on them.

But it failed, with error 0x8007007E

Strange. So i downloaded the offline version of SP3 for Windows XP, and tried to install that. A beautiful error came up:

“Windows has detected that one or more protected core system files (kernel) on your computer have been modified”.

The KB article related to this error gave a clear signal: look in your boot.ini file for modifications there.

And yes, there i saw the following lines:

[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /noexecute=optin /fastdetect /TUTag=NEWEW4 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional (TuneUp Backup)” /noexecute=optin /fastdetect /TUTag=NEWEW4-BAK

Notice the /Kernel=TUKernel.exe part. It turned out that someone had been meddling with some software named TuneUp Utilities, to change the bootlogo screen of these boxes. And to change that, the software had just loaded it’s own modified kernel instance. Nice huh?

So i deleted the /TUTag and the /Kernel= switches and rebooted the box.

And sure enough, after that, no problems connecting to WMI! Incredible…

Now, how to change the boot.ini on a couple of hundred computers?

I found a nice post of someone containing a batch file to delete and re-create the boot.ini file. Nice!

Now to get this batch file kicked off on all those workstations… PSExec to the rescue!

The command:

PSexec @faultymachines.txt -e -c -f -n 05 editboot.bat >errors.txt

This uses a .txt file containing all targeted workstations, copies the editboot.bat file to them, runs the batch, and logs to errors.txt file.

To make these changes effective, the machines of course need to reboot. Again, PsTools to the rescue:

psshutdown -r -v 0 -n 5 -t 23:00:00 @faultymachines.txt

With this, the same machines will Silently reboot at 23:00 o ‘clock that night.  No displaying of “Your computer will reboot in xx minutes” also 🙂

To be continued….