Category Archives: SCCM

SCCM

SCCM Reports Fail to Run – Incorrect User Name or Password Error for Default Data Source

Syptoms

When running reports in SCCM I kept getting incorrect user name or password errors for the default SCCM SSRS data source despite all accounts and passwords relating to the SCCM Reporting Services Point, the SSRS configuration and SQL Server being correct.

Environment

  • 1 x Standalone Primary Site Server
  • 1 x server running SQL Server for the SCCM and SSRS databases
  • 1 x server with SSRS installed
  • All servers Windows Server 2019
  • SQL Server 2017
  • SSRS 2017
  • Clean SCCM 1906 install
  • SCCM Reporting Services installed by the book following the link below and previous experience of doing the install countless times without any issues.

https://docs.microsoft.com/en-us/sccm/core/servers/manage/configuring-reporting

Spent two days trying to fix including reinstall and got nowhere.  In desparation tried to delete and recreate the default SCCM SSRS data source and that failed as well (data source already exists error when trying to reuse the default data source name) but it did unlink the default data source from all the canned SCCM reports.

Thought I now had two problems but the script below not only reattached the data source to the canned reports it also fixed the dodgy user name and password issue.

All has been fine since though I did need to run multiple times against each report folder, after changing the folder name in the script (sure there is a way to script this but I am happy enough doing this as-and-when I want to use a particular set of reports!).

#Set variables
#Enter the name of the SSRS server used by SCCM in the next line – in my case the server name is cmrs6svr
$reportserver = “cmrs6svr”;

#URL to connect to the SSRS server
$url = “http://$($reportserver)/reportserver/reportservice2005.asmx?WSDL”;

#Provide new data source path. In this case I am reapplying the default SCCM data source to fix the issue discussed in this post
$newDataSourcePath = “/ConfigMgr_WR6/{5C6358F2-4BB6-4a1b-A16E-8D96795D8602}”

#Provide new Data source Name which is part of above source path
$newDataSourceName = “{5C6358F2-4BB6-4a1b-A16E-8D96795D8602}”;

# SSRS report folder path that contains the reports to change the datasource. In this case the default SCCM folder is called ‘ConfigMgr_WR6’
# and the new datasource is being written to all the reports in the ‘Software Updates – E Troubleshooting’ folder
$reportFolderPath = “/ConfigMgr_WR6/Software Updates – E Troubleshooting”

#————————————————————————

$ssrs = New-WebServiceProxy -uri $url -UseDefaultCredential

$reports = $ssrs.ListChildren($reportFolderPath, $false)

$reports | ForEach-Object {

$reportPath = $_.path
Write-Host “Report: ” $reportPath
$dataSources = $ssrs.GetItemDataSources($reportPath)
$dataSources | ForEach-Object {

$proxyNamespace = $_.GetType().Namespace
$myDataSource = New-Object (“$proxyNamespace.DataSource”)
$myDataSource.Item = New-Object (“$proxyNamespace.DataSourceReference”)
$myDataSource.Item.Reference = $newDataSourcePath
$_.item = $myDataSource.Item
$ssrs.SetItemDataSources($reportPath, $_)

Write-Host “Report’s DataSource Reference ($($_.Name)): $($_.Item.Reference)”;
}

Write-Host “————————“
}

Thanks to Tim at ask.sqlservercentral.com is required, as well as Eswar at eskonr.com – more info using the links below.

http://eskonr.com/2014/04/sccm-configmgr-2012-how-to-change-custom-data-source-to-shared-data-source-for-multiple-ssrs-reports/

https://ask.sqlservercentral.com/questions/86369/change-datasource-of-ssrs-report-with-powershell.html

SCCM, SCCM CMPivot

CMPivot Examples

To accesss CMPivot, highlight a Collection containing the machines you wish to query against and then click Start CMPivot from the ribbon or right-click context menu.

The CMPivot query below returns all VMware devices in the collection used to run CMPivot against:

device | where ManuFacturer == ‘VMware, Inc.’ and (Device like ‘%CM%’ and Model like ‘%VM%’)

Notes

  • where and like are case sensitve
  • Device, manuFacturer, ‘VMware, Inc.’,, ‘%CM%’, ‘%svR%’ and ‘%VM%’ are not case sensitive.
  • Need to use a double == for equals.
  • Use % as a wildcard.
  • Text in single snicketts.
  • Use of () is for nesting but not required if nesting not used.

Count the number if devices per manufacturer.
Device | summarize dcount (Device) by Manufacturer

Below shown to indicate presentation – does not need to be all one line.
Device
| where (Manufacturer == ‘VMware, Inc.’)
| where (Device == ‘CM01’)

  • AD Security Groups that are members of local admins groups.

Administrators | where (PrincipalSource == ‘ActiveDirectory’ and ObjectClass == ‘User’)

  • Collection members where the SMS Executive service is running.

Service | where Name == ‘SMS_EXECUTIVE’ | where (State == ‘Running’)

  • Count the different OS version of the devices in the colllection and then display (render) as a bar chart.

OperatingSystem | summarize dcount (Device) by Caption | render barchart

  • Disk space with limited result set using the project operator to define the displayed columns.

LogicalDisk
| where (Description == ‘Local Fixed Disk’)
| project DeviceID, FreeSpace
| order by FreeSpace desc
| where (DeviceID == ‘C:’)

  • Installed software on all devices.  In the resultset note you can click on the underlined number to drill down.

InstalledSoftware | summarize dcount(Device) by ProductName

  • More specific – specifc application on a device.

InstalledSoftware
| where (ProductName == ‘Microsoft Monitoring Agent’)
| where (Device == ‘OM01’)

  • Count all installed software that does not have Microsoft in the product name using !like as the not like operator.

InstalledSoftware 
| where ProductName !like ‘%Microsoft%’
| summarize dcount(Device) by ProductName

 

SCCM

SCCM 1806 Update Notes

SCCM 1802 is the latest baseline version used for clean installs.

SCCM 1806 is an update to 1802 and the most effective way to install is using an SCP and the update is presented in the console.

If you are impatient for the latest release and it is not in the console you can hurry it up using the EnableFastUpdateRingXXXX.ps1 script that Microsoft provide – where XXXX is the new version number.  The script uses the site server name as its only parameter, e.g. .\EnableFastUpdateRing1806.ps1 CM01 where CM01 is the site server name.

More info here:

 https://www.niallbrady.com/2018/07/31/system-center-configuration-manager-current-branch-1806-is-out/

Check the ADK version and if need to update do this before the SCCM in-console update.  Remove the existing ADK and then install the newer version. More info here:

https://www.systemcenterdudes.com/how-to-update-windows-adk-on-a-sccm-server/

Also a good idea to temporarily stop any site maintenance tasks while running the update.

Full pre-install checklist here:

https://docs.microsoft.com/en-us/sccm/core/servers/manage/checklist-for-installing-update-1806

Suggest you run the prereq check before starting the install and address any highlighted issues.

Thanks to Mr Brady and the System Center Dudes for their continued excellent contributions to the SCCM community.

SCCM, SCOM

SCCM 1702 Failed Install – OLEDB Data Link Properties Tool

Easy way to test a connection to an OLEDB  data source.

  • Save an empty file to desktop with a UDL extension.
  • Double-click to open and use the Data Link tool to test connectivity to the required source using the choice of providers.

Used this tool when troubleshooting a failed SCCM 1702 install.  Logs indicated SQL native client error.  Tested connection to SCCM DB using this tool using the server name (worked) and then FQDN (failed).  Found a reg key to change this setting.  Restarted the SCCM 1702 install and it worked!

SCCM

How to Enable Pre-release Features in System Center Configuration Manager Current Branch

  • Access the Administration workspace in the SCCM Admin Console.
  • Expand Site Configuration.
  • Right click on Sites and select Hierarchy Settings.
  • In the Hierarchy Settings Properties dialogue ensure the General tab is selected and select Consent to use Pre-Release features radio-button.
  • Click OK.
  • Still in the Administration workspace expand Updates and Servicing and select Features.
  • In the details pane select the required pre-release feature, right-click and select Turn on.
  • Acknowledge the warning message by clicking Yes.

The above is based on SCCM CB 1706.

Group Policy, SCCM

SCCM Current Branch Installation Prerequisite Failure – Site server computer account administrative rights

Problem

Running the install for SCCM Current Branch (1702) and the Prerequisite Checker was failing on an issue with admin rights on the target SCCM Site Server.  This one was really annoying as I had double-checked everything before running the installer.

Fix

The appropriate accounts had been given admin rights to all the SCCM Site System Servers using the Restricted Groups Active Directory Group Policy setting (under Security Settings, under Windows Settings, under Computer Policies) .  The SCCM server had not been restarted since the policy was applied.

Restarting the server fixed the issue!

SCCM

SCCM Current Branch Automatic Deployment Rule Will Not Run

SCCM Current Branch (1702).

Problem

Automatic Deployment Rule was running without error but not doing anything.  Downloading updates manually was working so not a problem with Internet connection etc.

Fix

The share/folder on the SCCM Site Server where the software updates were meant to download to (the Package Source folder) needed a tweak to the permissions.

Add the server SYSTEM account to the permissions for the folder and the share with the appropriate rights to be able to write to both.

SCCM

Using the SCCM CB Service Connection Point in Offline Mode

Here is a basic description and some notes made during the upgrade of SCCM CB from version 1511 to 1602 using the Service Connection Point (SCP) site system role in Offline Mode.

Assumption

The SCP role has been installed and configured in Offline Mode.

Before Starting

  • The procedures below use the serviceconnectiontool.exe tool.
  • This tool can be found in a folder on the SCCM Site Server here: ..\Microsoft Configuration Manager\cd.latest\SMSSETUP\TOOLS\ServiceConnectionTool.
  • All commands documented should be run from an admin command prompt at the folder where the serviceconnectiontool.exe resides, in this case C:\Temp\ServiceConnectionTool.
  • If the SCP is installed on a remote server, all the contents of the ..\Microsoft Configuration Manager\cd.latest\SMSSETUP\TOOLS\ServiceConnectionTool folder need to be copied to a folder on the SCP server, e.g. C:\Temp\ServiceConnectionTool.
  • In this case the SCP is on a remote server, with Internet access.  Once the contents of the ServiceConnectionTool folder are copied to the remote server, two subfolders called Data and Packages were created.

The Data folder is for the output files that are to be uploaded.

The Packages folder is for the data downloaded – this folder must be empty for the download to even start.

Main Procdure

Microsoft describe this as a three-step process.

Prepare – run this command to prepare the usage data
  • serviceconnectiontool.exe -prepare -usagedatadest C:\Temp\ServiceConnectionTool\Data\DataUsageData.cab.
Connect – run this command to upload the usage data and download the updates
  • serviceconnectiontool.exe -connect -usagedatasrc C:\Temp\ServiceConnectionTool\Data\DataUsageData.cab -updatepackdest C:\Temp\ServiceConnectionTool\Packages.
Import – run this command to import the updates into SCCM

serviceconnectiontool.exe -import -updatepacksrc C:\Temp\ServiceConnectionTool\Packages.

Installing the Updates
  • Once the updates have been imported they can be seen in the SCCM admin console by navigating to \Administration\Cloud Services\Updates and Servicing.
  • The menu options offer the choices to run the Prerequisite check and Install Update Pack.
  • The Show Status link navigates to \Monitoring\Overview\Site Servicing Status where the Show Status menu option provides progress information.

Notes

  • The output of the DataUsageData.cab output file can be viewed by running this command:

serviceconnectiontool.exe -export -dest C:\Temp\ServiceConnectionTool\Data\UsageDataExport.csv.

  • Once the update has been successfully installed a prompt to upgrade the admin console appears if the Show Status option is selected in the \Monitoring\Overview\Site Servicing Status pane.
  • Clients can be upgraded using Client Push or the automatically if the Upgrade all clients in the hierarch using production client check box is selected under \Administration\Overview\Site Configuration\Sites and selecting the Hierarchy Settings menu option, then the Client Upgrade tab.

References

https://technet.microsoft.com/en-us/library/mt691532.aspx.

As always thanks to Niall Brady for this much more detailed description and screenshots https://www.niallbrady.com/2016/01/08/how-can-i-use-updates-and-servicing-in-offline-mode-in-system-center-configuration-manager-current-branch.

 

SCCM

SCCM 1511 Computer Automatic Approval Not Working

Scenario

  • Clean SCCM 1511 install.

Problem

  • Noticed in the SCCM Admin Console that all the domain-connected clients were ‘waiting approval’ even though he Hierarchy Settings were correctly configured to automatically approve computers in trusted domains (right-click the Sites node under Site Configuration in the Administration workspace).

Root Cause

  • IIS on the Management Point did not have Windows Authentication enabled.

Solution

  • Enable Windows Authentication in IIS and restart all affected client agents.

Note:  Check all SCCM virtual directories have Windows Authentication enabled once enabled at server level.