- Noticed in the SCCM Admin Console that all the domain-connected clients were ‘waiting approval’ even though he Hierarchy Settings were correctly configured to automatically approve computers in trusted domains (right-click the Sites node under Site Configuration in the Administration workspace).
- IIS on the Management Point did not have Windows Authentication enabled.
- Enable Windows Authentication in IIS and restart all affected client agents.
Note: Check all SCCM virtual directories have Windows Authentication enabled once enabled at server level.
SCCM 2012 and newer versions include some Endpoint Protection templates containing predefined settings for different types of systems such as SQL Server and Exchange.
The templates are storage in the ..\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates.
Additional templates can be found here: https://gallery.technet.microsoft.com/System-Center-Endpoint-65917b04/view/Discussions.
The templates are imported using the SCCM Admin Console as follows:
- In the admin console, navigate to \Assets and Compliance\Overview\Endpoint Protection\Antimalware Policies.
- Right-click Antimalware Policies and select Import.
- Browser to the folder stated above and choose the appropriate template.
Saw the message below in the Distribution Point Configuration Status window in the SCCM Admin Console when trying to install a new SCCM 2012 R2 SP1 Distribution Point. Target server running Windows Server 2012 R2 Update.
Failed to install DP files on the remote DP. Error code = 1722
- Copy smsdpprov.mof from ..\Program Files\Microsoft Configuration Manager\bin\X64 on the Site Server to the server where the DP install has failed.
- Open an Command Prompt as Administrator and run mofcomp.exe smsdpprov.mof.
When a DP install fails SCCM will try again every 20 mins. Kept an watch on the DistMgr log file and the DP installed OK after the above command was run and subsequent content distribution worked as expected.
OS deployment using USB key to boot the new device. Just after the .wim file had finished copying received this error: 0x80070570.
Research suggested corrupt or unreadable disk. Ran the relevant DISKPART commands to clean the disk. Same error occurred several times.
Fixed by removing the USB key from the device before the Task Sequence started to apply the image.
Got this error when attempting running a scheduled update against my Windows Server 2012 R2 U1 image:
WIM::GetWIMImageCount returned code 0x80004005
- SCCM 2012 R2 SP1 running on Windows Server 2008 R2.
- Server 2012 R2 U1 image created using MDT 2013 U1 running on a Server 2012 R2 U1 server.
- SCCM server had WADK 8.1 installed.
- MDT server running WADK 10.
- Installed Windows Management Framework 3.0 (includes Powershell v3 – prerequisite for WADK 10) on the SCCM server.
Updated WADK on the SCCM server to WADK 10.
Scheduled updates then worked OK.
Link to Windows Management Framework 3.0 download:
Link to WADK 10:
The objective of this procedure is to display the Active Directory (AD) description attribute in a State View in the SCOM 2012 R2 Admin Console. The basic steps are:
- Create a VB script to write the AD description attribute to a system environment variable called ADDescription.
- Assign the script as a Group Policy Startup script.
- Configure a new Custom Attribute in the SCOM console to read the ADDescription value from the registry.
- Create a State View in the SCOM console and expose the column containing the value of ADDescription for relevant devices.
The Windows Computer class has already been extended so that the Windows Computer_Extended class already exists and there is an unsealed management pack available to save custom settings to.
Step 1 – The script
On Error Resume Next
Dim WSHShell, strComputer, strDescription, objSysInfo, objComp
Set WSHShell = WScript.CreateObject(“WScript.Shell”)
Set objSysInfo = CreateObject(“ADSystemInfo”)
Set objComp = GetObject(“LDAP://” & objSysInfo.ComputerName)
strDescription = objComp.Description
WSHShell.RegWrite “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\ADDescription”, strDescription, “REG_SZ”
Step 2 – Group Policy
- In the Group Policy Management console select the relevant OU against which the new policy object is to be applied, e.g. the Default Domain Policy, and select Edit from the context menu.
- In the Group Policy Editor navigate to Computer Configuration # Policies # Windows Settings # Scripts # Startup and assign the script created in Step 1.
Step 3 – Create a Custom Attribute in SCOM
- Go to the Authoring workspace in the SCOM console.
- Select Management Pack Objects # Attributes.
- Create a new attribute using these settings:
- Discovery Type – Registry
- Target – Windows Computer_Extended.
- Key or Value Type – Value,
- Path = SYSTEM\CurrentControlSet\Control\Session Manager\Environment\ADDescription.
- Attribute type = String.
- Query Interval – to suit the target environment.
Step 4 – Create the State View
- Access the SCOM monitoring workspace.
- Ensure the custom management pack used to save the ADDescription attribute to is viewable.
- Create a new State View, setting the Object to Windows Computer_Extended and use the Display tab to select the relevant columns which will included the ADDescription.
Deployed an application to a SCCM 2012 R2 client and received this error message in Software Center.
Unable to download the software
Reason – The application had not been distributed to the SCCM Distribution Point that was configured for the Boundary/Boundary Group where the client was running.
Just a couple of quick PowerShell commands that can be used to create a Server 2012 R2 custom Start Screen.
Set up the Start Screen as required and then run this:
- Export-StartLayout -As BIN -Path C:\Temp\CustomStartScreenLayout.bin
Use this to import.
- Import-StartLayout -LayoutPath C:\Temp\CustomStartScreenLayout -MountPath c:\
The import line can be used in a script as part of an SCCM/MDT Task Sequence.
Tried to install an all new SCCM infrastructure using SQL Server 2014 SP1 as the site database platform and after passing the SCCM install prerequisite checks I got an error message stating the version of SQL Server was not supported (SQL Server 2014 SP1).
Seen this a few times now. If the SCCM Client Agent can’t access the Management Point during the install a Windows Task Schedule is created to ensure the Client install will keep retrying even if the device is rebooted.
To stop the situation where the client is working OK but the reinstall keeps occurring every five hours – delete the scheduled task – it’s tucked away under the second Microsoft node in the Task Scheduler console (and not in the first Configuration Manager node you may see under the first Microsoft node!).