SCCM Current Branch Installation Prerequisite Failure – Site server computer account administrative rights

Problem

Running the install for SCCM Current Branch (1702) and the Prerequisite Checker was failing on an issue with admin rights on the target SCCM Site Server.  This one was really annoying as I had double-checked everything before running the installer.

Fix

The appropriate accounts had been given admin rights to all the SCCM Site System Servers using the Restricted Groups Active Directory Group Policy setting (under Security Settings, under Windows Settings, under Computer Policies) .  The SCCM server had not been restarted since the policy was applied.

Restarting the server fixed the issue!

SCOM 2016 Maintenance Schedules – The Execute Permission Was Denied For Object ‘sp_help_jobactivity’

Problem

Attempting to automate some maintenance schedules using the new SCOM 2016 functionality and received the following error:

The Execute Permission Was Denied For Object ‘sp_help_jobactivity’.

Fix

Assign  the following rights for the SCOM Data Access Service account (SDK service) against the msdb database:

  • SQLAgentOperatorRole
  • SQLAgentReaderRole
  • SQLAgentUserRole

As always many thanks to Kevin Holman – more info about this issue here: https://blogs.technet.microsoft.com/kevinholman/2016/10/22/enabling-scheduled-maintenance-in-scom-2016-ur1/

SCCM Current Branch Automatic Deployment Rule Will Not Run

SCCM Current Branch (1702).

Problem

Automatic Deployment Rule was running without error but not doing anything.  Downloading updates manually was working so not a problem with Internet connection etc.

Fix

The share/folder on the SCCM Site Server where the software updates were meant to download to (the Package Source folder) needed a tweak to the permissions.

Add the server SYSTEM account to the permissions for the folder and the share with the appropriate rights to be able to write to both.

Windows Update Logs on Windows Server 2016 and Windows 10 are Empty

Somebody somewhere thought not having the WindowsUpdate.log in a human readable format that could be viewed in real-time was a really good idea.

To read the logs now you have to use a PowerShell command.

Open PowerShell using Run As Administrator and run the following.

  • Get-WindowsUpdateLog

Wait patiently for the now out-of-date log to save to your desktop.

Stop All Exchange 2013 Services with a Single Command

Don’t get involved with Exchange too much but thought this was a cool command to use to stop all Exchange services in one (or maybe two) attempts.

The scenario was a test Exchange server with all services running on a single machine and needed to stop all services to perform a recovery operation.

Open PowerShell using Run as Administrator and then run this command.

  • get-service | ?{$_.Name -ilike “MSexch*”} | stop-service

If some services fail to stop because dependent services are running just run the command a second time straightaway.

Windows Server Update Services (WSUS) Test URL

No unusual to get the occasional moody WSUS managed-device that will not report and/or update using a correctly configured WSUS server.  The link below is the one I like to use to test the connection from the WSUS managed device to the WSUS web site.

Note:  The test URL below uses my-wsus-box as the server name and 8530 as the configured port for the WSUS web site – change as appropriate.

Note:  If the connection to the WSUS web site is good then a prompt to download wuident.cab should be presented.

http://my-wsus-box:8530/selfupdate/wuident.cab.

Software Update Fails with Error Code 0x80244018 – HTTP/1.1 403 Forbidden by proxy

Windows Server 2016 would not download updates from WSUS server running WSUS v4.0.  Viewing the WindowsUpdate.log the following error was noted:

  • HTTP/1.1 403 Forbidden by proxy

Unable to easily view the IE proxy settings as IE had been disabled by Group Policy on the server.  Fix was to reset the proxy settings using the following command:

  • netsh winhttp reset proxy