System Center Configuration Manager

Now that System Center 2012 Configuration Manager has released, we have some KB articles that describe a few of the things we saw during the beta that you may run into. Nothing really major, just a few tips and FYIs you may want to be aware of. If you have plans on rolling out ConfigMgr, or even if you already have, you might want to take a quick look at these just in case you happen to run across them somewhere down the road.

NOTE: You can subscribe to our RSS feed for the most recent Configuration Manager KB articles here: http://support.microsoft.com/common/rss.aspx?rssid=1060

2679005	An App-V 4.5 package fails to run on Windows 7 or Windows Server 2008 R2 in a System Center 2012 Configuration Manager environment
2683908	App-V applications cannot be streamed from a Configuration Manager Distribution Point if the "Bypass proxy server for local addresses" option is set
2688244	Old System Center 2012 Configuration Manager application Deployment Type source content remains in the client cache after the application is removed
2679653	The lastLogonTimestamp attribute in System Center 2012 Configuration Manager may not be accurate
2681449	Descriptions are not provided for the ResultDetail values in the "v_CH_EvalResults" view in System Center 2012 Configuration Manager
2688238	The Microsoft Network Inspection service started by System Center 2012 Configuration Manager may be stopped by Active Directory Group Policy
2688239	Many warning messages for PolicyAgentInstanceProvider are logged when you install the System Center 2012 Configuration Manager client
2691080	The Ccmexec.exe service is not automatically restarted after the WMI service is paused and restarted in System Center 2012 Configuration Manager
2688287	The System Center 2012 Configuration Manager console crashes when an item in a list view is moved to a collapsed group
2691547	The "Computers with a specific virtual application" or "Computers with a specific virtual application package" reports in System Center 2012 Configuration Manager do not display data
2692920	"In Progress" status is displayed in the System Center 2012 Configuration Manager console for the installation of a mobile app that requires the removal of another, unremoval application
2691543	Deploying a non-English operating system using System Center 2012 Configuration Manager fails with Error 31: A device attached to the system is not functioning
2680765	Changes made to Video Hardware Acceleration settings in a System Center 2012 Configuration Manager Remote Control session are reverted when the session ends
2690414	Keyboard shortcuts used in a System Center 2012 Configuration Manager Remote Desktop session may be intercepted by a Remote Control viewer session
2678905	The System Center 2012 Configuration Manager client installation fails when BITS is not installed
2680249	A failure is reported if you remove a zero value from the Return Codes tab in System Center 2012 Configuration Manager
2683900	Changes to the Deployment Type in System Center 2012 Configuration Manager are deployed unexpectedly and cannot be rolled back
2688277	The System Center 2012 Configuration Manager Application Catalog fails after reinstalling the Application Catalog Web Service Point using different install options
2688285	The Apply button is unavailable after clearing the "Enable PXE support for clients" option on a System Center 2012 Configuration Manager Distribution Point
2688288	Changing the SQL Service Broker port while performing a System Center 2012 Configuration Manager site recovery causes the site to remain in Maintenance Mode
2688242	Clients are not updated with the latest definitions after installing the Endpoint Protection site role in System Center 2012 Configuration Manager
2688247	SQL Server cumulative updates must be manually installed on secondary System Center 2012 Configuration Manager sites that use SQL Server Express
2691550	Multiple error messages are logged in the System Center 2012 Configuration Manager Distmgr.log file when you update shared Distribution Points
2691875	Different results are displayed for software updates when you use saved searches in non-English versions of System Center 2012 Configuration Manager
2691946	You cannot reinstall a System Center 2012 Configuration Manager SMS Provider on a server had the same provider previously uninstalled
2693104	Migrating objects to System Center 2012 Configuration Manager fails with "Could not find the specified instance"
2693122	A System Center 2012 Configuration Manager Distribution Point contains no deployment package after using the Download Software Updates wizard
2683915	Installing a secondary System Center 2012 Configuration Manager site fails when using the default SQL instance name
2687393	A System Center 2012 Configuration Manager Windows Installer-based Deployment Type with a malformed command line fails with an MSIExec error

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Just a quick note on an issue you might see that can be a little bit confusing if you’re not aware of what’s going on. After migrating Software Update packages from System Center Configuration Manager 2007 to System Center 2012 Configuration Manager, it may appear that not all packages were migrated successfully. Usually the way this plays out is that after the migration, the admin looks at the updates package, sees fewer updates than he started with, and thinks something is wrong.

No cause for alarm though, as chances are all of the packages were actually migrated successfully. So why the discrepancy? Well there was an issue that I won’t get into here where ConfigMgr 2007 didn’t always display superseded updates correctly, so what’s happening is that the missing updates were removed because they were expired or superseded and no longer show up.

Hope this helps!

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

We are very happy to announce that seven of the Product Solution Centers on http://support.microsoft.com are featuring new Top Solutions sections that pull dynamically from the Top Solutions RSS feeds. The Top Solutions are usually listed on the page for the Key Resources tab.

The following solution centers have dynamic Top Solutions; the rest will be updated in the near future. Check out the new look and functionality!

Windows Server 2008 R2
SQL Server
System Center 2012– select the tabs for the following products
- Configuration Manager
- Data Protection Manager
- Operations Manager
- Virtual Machine Manager
Lync Server

If you want to keep up to date on all the latest top solutions you’ll definitely want to check these out.

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Hi everyone, Dennis Donahoe here with a couple tips on how to fix an issue you may see setting up a new install of Configuration Manager. In a new installation of System Center 2012 Configuration Manager (ConfigMgr), you may find that you cannot connect to SQL when installing with a remote SQL 2008 R2 SP1 named instance. If this happens, some of the issues that you should check are listed below. They may not all completely prevent communication with SQL but they are all base requirements or strong recommendations for proper installation and should be checked during troubleshooting.

1. Check the SQL Server Configuration Manager named instance network configuration.

a. Open SQL server 2008 Configuration Manager in the start menu

b. Select SQL server Network Configuration

c. Select the instance the database is expected to use

d. In the right pane right click on TCP/IP and select Properties

If the named instance is using dynamic ports then the port shown will be blank. Using dynamic ports is not supported in System Center 2012 Configuration Manager as it requires a fixed port. You can manually select a port or you can check the SQL error log and see what port it is currently using and set that as the port if no other application databases are in that instance.

2. The SQL Server Service Broker must be enabled for the Configuration Manager database.

The image above shows the Service Broker disabled (Broker Enabled set to False). This needs to be set to True on the ConfigMgr database only. To do this, right-click on the database and select Properties –> Options (SQL 2008 R2) or run Select * from sys.databases to see service broker status (1=enabled).

3. Microsoft recommends using a domain account for the SQL server service account. With a Domain account as a service account, we must insure that SPN's are configured for the service account for Netbiosname:port and fqdn:port. Both Netbios and FQDN must be configured.

4. Check to see if any other Configuration Manager databases are installed on this instance in SQL. Having another System Center Configuration Manager 2007 database in the same instance is not recommended and having another System Center 2012 Configuration Manager instance is unsupported.

5. Verify SQL has the correct Cumulative Update. SQL Server 2008 R2 SP1 Requires CU4. Information for all Supported SQL versions and their required updates are contained in the links below:

How to determine the version and edition of SQL Server and its components : http://support.microsoft.com/kb/321185

Configurations for the SQL Server Site Database :http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSQLDBconfig

Supported Configurations for Configuration Manager : http://technet.microsoft.com/en-us/library/gg682077.aspx

Dennis Donahoe | Senior Support Escalation Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published today. This one discusses an issue where after moving the System Center 2012 Configuration Manager SQL Site Database to another drive, creating a new Software Update group, Software Update package, or creating a new application fails.

=====

Symptoms

After moving the System Center 2012 Configuration Manager SQL Site Database to another drive, creating a new Software Update group, Software Update package, or creating a new application fails and errors similar to the following are logged in the SMSProv.log file:

*** *** Unknown SQL Error! SMS Provider 14-03-2012 07:56:47 2016 (0x07E0)
*~*~*** Unknown SQL Error! ThreadID : 2016 , DbError: 50000 , Sev: 16~*~* SMS Provider 14-03-2012 07:56:47 2016 (0x07E0)
*** [24000][0][Microsoft][SQL Server Native Client 10.0]Invalid cursor state SMS Provider 14-03-2012 07:56:48 2016 (0x07E0)
*~*~[24000][0][Microsoft][SQL Server Native Client 10.0]Invalid cursor state *** Unknown SQL Error! ThreadID : 2016 , DbError: 0 , Sev: 0~*~* SMS Provider 14-03-2012 07:56:48 2016 (0x07E0)

SQL Profiler provides the following additional details:

An error occurred in the Microsoft .NET Framework while trying to load assembly id 65539. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or UNSAFE. Run the query again, or check documentation to see how to solve the assembly trust issues. For more information about this error:

System.IO.FileLoadException: Could not load file or assembly 'cryptoutility, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. An error relating to security occurred. (Exception from HRESULT: 0x8013150A)

System.IO.FileLoadException:

at System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)

at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)

at System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)

at System.Reflection.Assembly.Load(String assemblyString)

Cause

This can occur if the SQL Site Database MDF and LDF files are moved to a different drive. For example, if originally the Configuration Manager Site Database was created on C:\Program files\MSSQL server\data but then later the MDF and LDF files were moved to different drive to save space (e.g. D:\CM2012DB), you may see the issue above.

Note that this is a supported SQL operation. For more information see the following:

How to move SQL Server databases to a new location by using Detach and Attach functions in SQL Server - http://support.microsoft.com/kb/224071

How to Move SQL Server Data File(s) (.mdf) and Log File(s) (.ldf) Files From One Location to Another - http://support.microsoft.com/kb/965095

This occurs with System Center 2012 Configuration Manager because by default, the SQL Site Database has the SQL TRUSTWORTHY property set to ON, however when you detach and reattach the database it gets set to OFF. When the database is not configured with this setting ON, <ConfigMgr_Install>\bin\x64\CryptoUtility.dll fails to load into SQL and you get an 'invalid cursor state' message.

Resolution

To resolve this issue complete the following steps:

1. Manually set the property back to ON by running the following command against your CM database:

ALTER DATABASE CM_SAG SET TRUSTWORTHY ON

2. Ensure that the database that was moved is owned by SA.

More Information

An iDNA of the SQL process shows the exception:

Number of exceptions of this type: 3
Exception MethodTable: 000007fef2524e30
Exception object: 0000000201027798
Exception type: System.IO.FileLoadException
Message: Could not load file or assembly 'cryptoutility, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. An error relating to security occurred. (Exception from HRESULT: 0x8013150A)
InnerException: <none>
StackTrace (generated):
SP IP Function
00000000204F8DC0 0000000000000001 System.Reflection.Assembly._nLoad(System.Reflection.AssemblyName, System.String, System.Security.Policy.Evidence, System.Reflection.Assembly, System.Threading.StackCrawlMark ByRef, Boolean, Boolean)
00000000204F8DC0 000007FEF23DBF61 System.Reflection.Assembly.InternalLoad(System.Reflection.AssemblyName, System.Security.Policy.Evidence, System.Threading.StackCrawlMark ByRef, Boolean)
00000000204F8E50 000007FEF23DC127 System.Reflection.Assembly.InternalLoad(System.String, System.Security.Policy.Evidence, System.Threading.StackCrawlMark ByRef, Boolean)
00000000204F8EB0 000007FEF2443A54 System.Reflection.Assembly.Load(System.String)
00000000204F8EF0 000007FF002D9FF7 System.Data.SqlServer.Internal.SqlAppDomain.LoadRawAssembly(Char*, Int32, IntPtr ByRef, System.Data.SqlServer.Internal.EClrReturnCode ByRef

=====

For the most current version of this article please see the following:

2709082 - After moving the System Center 2012 Configuration Manager SQL Site Database to another drive, creating a new Software Update package or a new application fails

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published this morning. This one describes a potentially confusing status message you may see when upgrading a Distribution Point in System Center 2012 Configuration Manager.

=====

Symptoms

You try to upgrade a shared Distribution Point to a Microsoft System Center 2012 Configuration Manager Distribution Point. If the upgrade of the Distribution Point fails, the status on the Shared Distribution Points tab is displayed as follows:

Failed to upgrade distribution point.

You might expect the status on the Shared Distribution Points tab to be displayed as follows:

Failed to convert content.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

You can use the Configuration Manager console to upgrade Configuration Manager 2007 Distribution Points that you have shared with System Center 2012 Configuration Manager.

When you upgrade a shared Distribution Point, the Distribution Point is uninstalled from the Configuration Manager 2007 site. Then, the Distribution Point is installed as a System Center 2012 Configuration Manager Distribution Point that is attached to a primary or secondary site that you specify.

The upgrade process copies the migrated content that is stored on the Distribution Point and converts this copy to the System Center 2012 Configuration Manager single instance content store.

=====

For the most current version of this article please see the following:

2691560 - The status of a failed upgrade to a shared Distribution Point may be displayed incorrectly as "Failed to upgrade distribution point" in System Center 2012 Configuration Manager

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published this morning. This one describes an issue where it may seem that a change is not saved in ConfigMgr 2012.

=====

Symptoms

When modifying the Deployment options of a Distribution Point in the Selected Deployment Properties dialog box in Microsoft System Center 2012 Configuration Manager, the property change does not appear to have been saved.

Cause

This happens only when you have selected Make available to boot media and PXE in the Deployment Settings tab of the Selected Deployment Properties dialog box.

Resolution

This problem is only an issue with the settings that are visible in the user interface. The change is actually saved correctly in the database. You can run a custom report with a SQL query to verify your settings.

The below SQL query is an example which will show all task sequences with the Access content directly from a distribution point when needed by the running task sequence deployment option selected.

SELECT pkg.PackageID, pkg.Name, pkg.SourceSite,
CASE WHEN (adv.RemoteClientFlags & 0x00000008) = 0 THEN 0 ELSE 1 END AS RunFromDPInFastNetwork,
CASE WHEN (adv.RemoteClientFlags & 0x00000080) = 0 THEN 0 ELSE 1 END AS RunFromDPInSlowNetwork
FROM v_Advertisement AS adv
INNER JOIN v_Package AS pkg ON pkg.PackageID = adv.PackageID AND pkg.PackageType = 4
WHERE (adv.RemoteClientFlags & 0x00000008) <> 0 OR (adv.RemoteClientFlags & 0x00000080) <> 0

=====

For the most current version of this article please see the following:

2713465 - Changing a property of a deployment appears to not be saved in System Center 2012 Configuration Manager

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published. This one describes an issue where when performing hard-link migrations in System Center 2012 Configuration Manager, the User State Migration Toolkit (USMT) state store becomes much bigger than anticipated and potentially causes disk space problems.

=====

Symptoms

When performing hard-link migrations in System Center 2012 Configuration Manager, the User State Migration Toolkit (USMT) state store becomes much bigger than anticipated and potentially causes disk space problems. This also potentially causes the Capture User State task and Task Sequence to fail.

Cause

The Capture State task of System Center 2012 Configuration Manager has the ability to set the USMT option of /efs to either skip or copyraw via the option "Skip Files that use the Encrypting File System (EFS)". However there is no option to set it to hardlink. Without the ability to change the efs option to hardlink a hard-link to the EFS file is not created and instead a full copy of the file is created.

Resolution

Manually run USMT's scanstate.exe via a Run Command Line task which points to the USMT 4 package and provides a customized command line.An example command line using Task Sequence variables which performs a hard-link migration with the efs option set to hardlink would be:

.\%PROCESSOR_ARCHITECTURE%\scanstate.exe %OSDStateStorePath% /o /localonly /c /efs:hardlink /v:5 /l:%_SMSTSLogPath%\scanstate.log /progress:%_SMSTSLogPath%\scanstateprogress.log /i:.\%PROCESSOR_ARCHITECTURE%\migdocs.xml /i:.\%PROCESSOR_ARCHITECTURE%\migapp.xml /hardlink /nocompress %OSDMigrateAdditionalCaptureOptions%

=====

For the most current version of this article please see the following:

2713469 - Failures with the Capture User State task or Task Sequence when using System Center 2012 Configuration Manager

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published. This one describes an issue where System Center 2012 Configuration Manager Software Center does not launch on a Windows XP client if Terminal Services is disabled.

=====

Symptoms

When starting Software Center on a Windows XP client, you receive the error "There is a problem showing the current status". Clicking more information you receive error code 0x80041001.

In ccmsdkprovider.log, the error is :

<![LOG[Failed to get domain name from WTS session 0, 0x800706a6]LOG]!><time="15:50:26.121-720" date="04-23-2012" component="CCMSDKProvider" context="" type="3" thread="264" file="ccmsdkprovider.cpp:3785">
<![LOG[GetUserCapability failed with error code 0x800706a6]LOG]!><time="15:50:26.121-720" date="04-23-2012" component="CCMSDKProvider" context="" type="3" thread="264" file="ccmsdkprovider.cpp:3266">

Error 800706a6 means that the RPC binding handle is invalid.

GetUserCapability calls Windows Terminal Server (WTS) functions to query session information for the Remote Desktop Session Host (RD Session Host) server. It can be used to query session information on local and remote desktop session host servers.

If Terminal Services is not running, calls to WTS functions fail.

Cause

WTS functions on Windows XP require that Terminal Services is running. This becomes an issue when the System Center 2012 Configuration Manager Software Center is launched on a Windows XP client when Terminal Server service is not running. If the Terminal Server service is not started, the Windows API call fails.

This is not an issue with operating systems later than Windows XP Service Pack 3 as the Windows API has been changed in these newer versions.

Resolution

Terminal Services must be enabled and the service started. Once that is done the Software Center will function on the Windows XP client as expected.

=====

For the most current version of this article please see the following:

2713471 - System Center 2012 Configuration Manager Software Center does not launch on a Windows XP client if Terminal Services is disabled

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published. This one describes an issue where a PXE enabled Distribution Point will generate a large number of files under C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 for each PXE request that it services on the network.

=====

Symptoms

A PXE enabled Distribution Point will generate a number of files under C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 for each PXE request that it services on the network. This occurs whether the device sending the PXE request has a Task Sequence deployed to it or not. The generation of files will continue and may consume available hard disk space.

Cause

This occurs whenever a self-signed certificate is used for the Distribution Point (DP).

Resolution

To work around this problem, request a CA issued certificate for the PXE enabled DP and specify the PFX file under the properties of the DP. Step-by-step instructions on how to do create the PFX file are available in the Deploying the Client Certificate for Distribution Points section of http://technet.microsoft.com/en-ca/library/230dfec0-bddb-4429-a5db-30020e881f1e#BKMK_clientdistributionpoint2008_cm2012.

More Information

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

=====

For the most current version of this article please see the following:

2713467 - A PXE enabled Distribution Point that uses a self-signed certificate will generate many files in System Center 2012 Configuration Manager

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published. This one talks about an issue where WDS doesn’t start on a PXE enabled remote Distribution Point in System Center 2012 Configuration Manager if Microsoft.VC90.CRT is not installed.

=====

Symptoms

After enabling the PXE feature of a remote System Center 2012 Configuration Manager Distribution Point (DP), Windows Deployment Services (WDS) and PXE install correctly, however WDS never starts. Attempting to manually start WDS via the Services console results in the following error message:

Windows could not start the Windows Deployment Services Server on Local Computer. For more information, review the System Even Log. If this is a non-Microsoft service, contact the service vendor, or refer to service-specific error code -1056505588.

Looking at the Application System Event Log on a 64bit server reveals the following error messages:

Log Name: Application
Source: SideBySide
Date: <Date> <Time>
Event ID: 33
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: <Remote_DP_Server>
Description:
Activation context generation failed for "C:\SMS_DP$\sms\bin\smspxe.dll". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log Name: Application
Source: WDSPXE
Date: <Date> <Time>
Event ID: 259
Task Category: WDSPXE
Level: Error
Keywords: Classic
User: N/A
Computer: <Remote_DP_Server>
Description:
An error occurred while trying to load the module from C:\SMS_DP$\sms\bin\smspxe.dll for provider SMSPXE. If the provider is marked as critical, the Windows Deployment Services server will be shutdown.

Log Name: Application
Source: WDSPXE
Date: <Date> <Time>
Event ID: 264
Task Category: WDSPXE
Level: Error
Keywords: Classic
User: N/A
Computer: <Remote_DP_Server>
Description:
An error occurred while trying to initialize provider SMSPXE. Since the provider is not marked as critical, the Windows Deployment Services server will remain started.

Error Information: 0x36B1

Log Name: Application
Source: WDSPXE
Date: <Date> <Time>
Event ID: 268
Task Category: WDSPXE
Level: Error
Keywords: Classic
User: N/A
Computer: <Remote_DP_Server>
Description:
All registered providers failed to initialize. Please review the Event Log for specific error messages for each provider. Windows Deployment Server will be shutdown.

Log Name: Application
Source: WDSServer
Date: <Date> <Time>
Event ID: 513
Task Category: WDSServer
Level: Error
Keywords: Classic
User: N/A
Computer: <Remote_DP_Server>
Description:
An error occurred while trying to initialize provider WDSPXE from C:\Windows\system32\wdspxe.dll. Windows Deployment Services server will be shutdown.

Error Information: 0xC107010C

Log Name: Application
Source: WDSServer
Date: <Date> <Time>
Event ID: 257
Task Category: WDSServer
Level: Error
Keywords: Classic
User: N/A
Computer: <Remote_DP_Server>
Description:
An error occurred while trying to start the Windows Deployment Services server.

Error Information: 0xC107010C

Cause

This issue can occur when a dependent component, Microsoft.VC90.CRT, is not available. This component is normally available via a DLL installed by Microsoft Visual C++ 2008 Redistributable. Microsoft Visual C++ 2008 Redistributable is normally installed by during the Configuration Manager client install via the install file vcredist_x86.exe or vcredist_x64.exe. If the Configuration Manager client has not been installed on the server hosting the PXE enabled remote DP, then the Microsoft Visual C++ 2008 Redistributable will also not have been installed and Microsoft.VC90.CRT will not be available.

Please note that Microsoft Visual C++ 2008 Redistributable is a common install for many different software install packages. It may be installed on the server even if the Configuration Manager client is not installed on the server.

Resolution

To resolve the problem, install the Configuration Manager client on the server hosting the PXE enabled remote DP.

If the PXE enabled remote DP server is not going to also be a Configuration Manager client and therefore the Configuration Manager client install is not desired, Microsoft Visual C++ 2008 Redistributable can be installed separately on the server by manually running either vcredist_x86.exe (32bit Windows OSes) or vcredist_x64.exe (64bit Windows OSes) from the Configuration Manager client install files. These install files can be found in the client install directory on the parent Primary site server under the following paths:

vcredist_x86.exe
<Configuration Manager_2012_Install_Directory>\Client\i386

vcredist_x64.exe
<Configuration Manager_2012_Install_Directory>\Client\x64

Once the Microsoft Visual C++ 2008 Redistributable has been installed via the Configuration Manager client install or a manual install, manually start WDS via the Services console. WDS should subsequently be able to start automatically.

=====

For the most current version of this article please see the following:

2712387 - WDS does not start on a PXE enabled remote Distribution Point in System Center 2012 Configuration Manager

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published. This one talks about an issue where using the System Center 2012 Configuration Manager CMTrace log viewer to review a log that contains a line exceeding 8000 characters causes the log to be truncated at that line.

=====

Symptoms

In System Center 2012 Configuration Manager, when you use the CMTrace log viewer to review any log that contains a line exceeding 8000 characters, the log is truncated at that line.

Resolution

There are two workarounds to this issue. First, you can simply view the log file in Notepad. Viewing the log file in Notepad will allow you to see all of the contents. Second, if you prefer to view the log in CMTrace you can edit the offending lines in Notepad (making them less than 8000 characters long) and then view the edited log in CMTrace.

=====

For the most current version of this article please see the following:

2716956 - Using the System Center 2012 Configuration Manager CMTrace log viewer to review a log that contains a line exceeding 8000 characters causes the log to be truncated

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published. This one talks about an issue where a ConfigMgr 2012 Task Sequence fails when using Stand-Alone Media.

=====

Symptoms

Task Sequence execution fails when using stand-alone media (USB flash drive or CD/DVD) in System Center 2012 Configuration Manager. The task sequence will fail to install applications and the SMSTS.log will contain an error similar to the following:

Failed to invoke Execution Manager to Install Software for PackageID='CAS0002C' ProgramID='setup' AdvertID='{00A2B6FB-8E61-47B6-9702-BBDEAD7FBE8A}' hr=0x87d01004

Items in italics above are based on the environment so will not be consistent but the hr code (in bold) will be.

Cause

This occurs because the Software Distribution Agent is not enabled since the client has not yet received policy.

Resolution

To resolve the issue and enable the Software Distribution Agent, add the following Run Command Line step earlier in the Task Sequence, before any Install Package steps:

WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName="Enable SWDist", Enabled="true", LockSettings="TRUE", PolicySource="local", PolicyVersion="1.0", SiteSettingsKey="1" /NOINTERACTIVE

=====

For the most current version of this article please see the following:

2716946 - Task Sequence Fails when using Stand-Alone Media in System Center 2012 Configuration Manager

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published. This one talks about an issue where attempting to deploy the Integration Pack for .NET that comes with the Orchestrator Orchestration Integration Toolkit, it fails and logs an event ID 10005.

=====

Symptoms

When attempting to using System Center 2012 Configuration Manager to Remote Control a system, the connection fails. The Remote Control log and CmRcService.log indicate the following failure:

“WT_CompleteIO failed. Network shutdown : Unknown error (Error: C0000120; Source: Unknown)”

Cause

Certain User Configurations for Remote Desktop Gateway block the remote control session from successfully connecting. The User Configuration settings are:

- Enable connection through RD Gateway: Enabled

o Allow users to change this setting: Enabled

- Set RD Gateway authentication method: Enabled

o Allow users to change this setting: Enabled
o Set RD Gateway authentication method: Use locally logged-on credentials

- Set RD Gateway server address: Enabled

o Allow users to change this setting: Enabled
o Set RD Gateway server address: (enter generic FQDN)

Example screenshot of settings:

Resolution

To resolve this issue, either do not configure User Configuration settings for Remote Desktop Gateway (leaving them as “not configured” as opposed to “enabled”) or specify the RDS Gateway settings as part of the Remote Desktop Connection client user interface in the .rdp file.

=====

For the most current version of this article please see the following:

2716965 - Remote Control fails with error C000012 in System Center 2012 Configuration Manager

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

UPDATED 7/16/2012:

We’ve had a few questions regarding critical updates and WSUSSCN2.CAB so I thought I’d publish a quick explainer in case you were wondering the same.

Question: Is security advisory KB2719615 going to be added for Microsoft Update Catalog in the near future?

Answer: KB2719615 is a critical update, so like all other MSRC security advisories that are released as a Critical Update, it will not currently be in the WSUSSCN2.CAB. This MSXML advisory is also unique in that it is not available on Microsoft Update, which means it cannot be obtained via Automatic Updates, Windows Update, Microsoft Update, or any enterprise management tool (WSUS Server, SMS/SCCM, Intune) or the MU Catalog.

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Microsoft’s very own Scott Rachui put together another great self-study guide for System Center 2012, this time focusing exclusively on Configuration Manager. If you’re wanting to jump start your ConfigMgr 2012 expertise then this is where you want to start.

=====

With part-3 of this series, I finally turn to one of the most important products of the System Center suite. This is System Center Configuration Manger, or SCCM. SCCM has been around since the 90s in one form or another (remember Systems Management Server?). Since the early days of SMS, System Center Configuration Manager has evolved to be a very popular tool used by global enterprises to manage their IT infrastructures. With System Center 2012, SCCM continues to improve, as the study material below shows. Because SCCM is such a big product and so much material is available for it, this post will focus exclusively on it and the study materials related to it…

You can continue reading Scott’s article here.

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

Consider the following scenario: When running setup for System Center 2012 Configuration Manager (ConfigMgr 2012), in the Setup window you receive the following warnings:

You will also see the following error messages in ConfigMgrPrereq.log:

INFO: Computer Account is <DOMAIN\SiteServerCOMPUTERNAME$>

ERROR: Connected to SQL Server but failed to execute query IF NOT EXISTS (select * from master.sys.server_principals where name=' DOMAIN\SiteServerCOMPUTERNAME$') BEGIN CREATE LOGIN [DOMAIN\SiteServerCOMPUTERNAME$] FROM WINDOWS; SELECT 1; END ELSE SELECT 0
save to ini file SQLCONNECT:SQLFQDN\INSTANCE.
ERROR: Failed to connect to SQL Server Site Server FQDN.
SiteServer FQDN; Site System to SQL Server Communication; Warning; A communication error has been detected between the specified site system and the site database computer. This error can occur when the site database server is offline or if a valid SPN has not been registered in Active Directory Domain Services for the SQL Server instance hosting the site database. Setup cannot continue.

In the ConfigMgrSetup.log you will get these error messages:

CWmiRegistry::GetValues: Failed to connect to registry on machine SQL FQDN. Error code: 2
INFO: File \\SiteServerFQDN\admin$\sms_get_ADPERMS_svc.exe does not exist. No zapping needed.
CSql Error: Cannot find type data, cannot get a connection.
INFO: File C:\Windows\sms_account_test_svc.exe does not exist. No zapping needed.
INFO: Connected to ROOT\CIMV2 WMI namespace on SQL Server
INFO: SQL Server version detected is 10.50, 10.50.2811.0.
INFO: File \\SiteServerFQDN\admin$\sccm_sysroletosql_connect_test.exe does not exist. No zapping needed.
CSql Error: Cannot find type data, cannot get a connection.
*** IF NOT EXISTS (select * from master.sys.server_principals where name= ‘DOMAIN\SiteServerCOMPUTERNAME$') BEGIN CREATE LOGIN [DOMAIN\SiteServerCOMPUTERNAME$] FROM WINDOWS; SELECT 1; END ELSE SELECT 0
*** [42000][15401][Microsoft][ODBC SQL Server Driver][SQL Server]Windows NT user or group ‘DOMAIN\SiteServerCOMPUTERNAME$' not found. Check the name again.

In this case, although you may have created a domain group where you have added the Site Server System Account and gave this group sysadmin rights on the SQL instance dedicated for ConfigMgr 2012, you might still receive these error messages.

In this case, you will most probably have to add the Site System account (computer name) with admin rights in SQL:

If you try to add the computer name you will see that with advanced search you are not able to select Computers (only users or groups):

To add a computer as an admin in SQL, you will have to type in the Login Name: DOMAIN\COMPUTERNAME$ and press OK. If the computer name is not found in AD you will receive an error similar to the one below:

With a remote SQL server, you will need to make sure that the site system account has admin rights for the SQL instance, dedicated for ConfMgr.

Adding computers to SQL Logins individually can be done using the syntax DOMAIN\COMPUTERNAME$, or by using groups.

Other means of troubleshooting:

1. Check if 1433 port is configured for TCP Port for every IP section (including IP All) and TCP Dynamic Ports fields are empty as bellow:

1433 is the default port that is used and should not be changed to another or a dynamic port.

2. Create a UDL file to test connectivity between machines (See http://msdn.microsoft.com/en-us/library/e38h511e(v=VS.71).aspx for more information):

Radu Tomoiaga

Get the latest System Center news onFacebookandTwitter:

Here’s a new Knowledge Base article we published. This one talks about an issue where Security Update MS10-019 may not visible in the Configuration Manager console for some operating systems.

=====

Symptoms

Security Update MS10-019 (KB979309) is not visible in the System Center Configuration Manager 2007 console for the following operating systems:

Windows Server 2008
Windows Server 2008 R2

NOTE This security update is visible for the Itanium versions of the above mentioned operating systems.

Cause

KB979309 bundles another update, KB978601, for the affected operating systems and is superseded by KB2653956. By design in Configuration Manager, no superseded updates are synced. This causes a condition where the update KB978601 is not synced because KB979309 contains this KB for the above operating systems. KB979309 is not synced because it has been superseded by KB2653956.

NOTE This may not affect all System Center 2012 Configuration Manager customers. In this version of the product, there is an option that allows for syncing of superseded updates and by default keep them for 3 months. If that option is chosen then this issue will not occur in System Center 2012 Configuration Manager.

Resolution

There are two workarounds available to deploy the update for these Operating Systems.

1. Download the update manually and deploy it using a System Center Configuration Manager package. You will need to configure the command line for the program properly so that it installs silently and does not prompt for user input.

2. Approve the update in WSUS, ensuring that the group policies are configured to allow the clients to scan at a schedule and install the updates from WSUS.

More Information

For more information on how to deploy using System Center Configuration Manager packages, see Tasks for Software Distribution

For more information on how to approve the update in WSUS, see Approve and Deploy Updates in WSUS 3.0

=====

For the most current version of this article please see the following:

2733816 - Security Update MS10-019 is not visible in the Configuration Manager console for some operating systems

J.C. Hornbeck| System Center & Security Knowledge Engineer

Get the latest System Center news onFacebookandTwitter:

In System Center 2012 Configuration Manager, the ‘Backup Site Server’ maintenance task may fail if the Backup Destination is set to a network share. An example is below:

When this happens, the following errors are logged:

SMSSQLBKUP.LOG

Error: Backup folder \\MachineName\1234 does not exist or backup service does not have permission to access the folder.

SMSBKUP.LOG

Error: Backup folder \\MachineName\1234 does not exist or backup service does not have permission to access the folder.

If you look at the network share you see that the folder does exists and permissions are correct. So why does it fail? To know more, please download Procmon tool from here and capture a trace on both SQL and ConfigMgr site server with following filters while running the backup:

Process Name is ‘SMSSQLBkup.exe’
Process Name is ‘SMSBkup.exe’
Result is ‘BAD NETWORK NAME’

Screenshot:

Once you see the error(s) mentioned at the start of this post, please stop the trace and look at the result.

If you look closely enough at Path column the backup task triggers a CreateFile operation on \\MachineName\123 which doesn’t exist. The correct path is \\MachineName\1234 . It drops the last character ‘4’ and as a result the backup task fails to complete successfully.

At the moment you can choose to use any of the following three workarounds to get the backup task to work.

1. Create a sub-folder under existing folder and configure the backup task accordingly. For example:

\\MachineName\1234\456

2. Save the files on local drive.

3. Create and use a network share on SQL Server instead.

NOTE This issue is schedule to be addressed in Service Pack 1

Additional information on Backup Site Server task can be found here.

Symptoms

Consider the following scenario:

You create a Microsoft Application Virtualization (App-V) application.
You deploy the source for the application to a System Center 2012 Configuration Manager distribution point.
You change the application by using the App-V Sequencer.
You deploy the content for the updated application to the distribution point.

In this scenario, when users run the application, your changes are not included in the application.

Cause

This problem occurs because the App-V Sequencer saves the virtual application's SFT file (.sft) using a different name when changes are saved for the application. For example, if your virtual application is named MyApp.sft, the App-V Sequencer will save the changed application as MyApp_2.sft. Without manual adjustment, the Deployment Type for the App-V application will still refer to the original .sft file name.

Workaround

To work around this problem, change the Deployment Type to refer to the current .sft file manually.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

Because the file name changes when you update an App-V application, Binary Delta Replication is not used to download the updated content to the clients. Binary Delta Replication is possible only when you work with two versions of a file that have the same name.

=====

For the most current version of this article please see the following:

2683934 - Changes to an App-V application are not included when deployed using System Center 2012 Configuration Manager

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity- support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/