Tool for collecting SCCM information

I developed a tool to collect SCCM information. This tool is not perfect, but it can save you a lot of time and efforts in daily troubleshooting sccm / mecm issues.

Used to collect from the following endpoints:

• general computer information
• enable/disable sccm verbose
• information of computers which have SCCM/MECM installed
• information of computers which have Software Update Point role installed
• information of computers which have Distribution Point role installed
• information of computers which have Management Point role installed
• Site Server information
• WSUS configuration information
• computer upgrade information

Usage: Run as Administrator: ConfigMgr-Tool.exe

Link – https://github.com/gaulogao/mecm/blob/f1a5333a02002222be6e59489d9fa1be24cc6745/ConfigMgr-Tool.exe

How to delete Registry.pol with SCCM?

Many times we need to delete registry.pol from Windows to fix some weird issues. If you have only a few computers, you can do manual deletions with CMD or PowerShell.

CMD:

DEL "C:\Windows\System32\GroupPolicy\Machine\Registry.pol"

PowerShell:

Remove-Item "C:\Windows\System32\GroupPolicy\Machine\Registry.pol"

However, if you happen to be in charge of thousands of computers for a big company, manual deletion will be a mission impossible.

In that case, you can turn to SCCM. There are several ways to delete registry.pol via SCCM.

• Package – using a package may be the first idea that jumps into your mind. But I’d say using a package does not always work. At least, it does not work per my test.
• Application – a feasible way, but it requires detection method. This complicates the task.
• Task Sequence – you can do that. The beauty of this method is that you can specify an account used to run the task.
• Scripts – my preferred way and works perfectly as long as PowerShell is not disabled on client machines.

References

• Scripts

Console is not updating Operating System Build

Operating System Build is collected by Heartbeat discovery, which, by default, takes place every 7 days.

To configure heartbeat discovery frequency, you can check this by going to Administration – Hierarchy Configuration – Discovery Methods – Heartbeat Discovery. The default value is 7 days. You can change the frequency per your needs, for example every 1 or 2 days.

To resolve the issue, you can manually trigger a heartbeat discovery.

You can trigger heartbeat discovery from client side by clicking Control panel – Configuration Manager – Actions – Discovery data collection Cycle.

Alternatively, you can send a notification to your machines via Console: right click the device collection – Client Notification – Collect Discovery Data.

Actions for heartbeat discovery are logged on the client in the InventoryAgent.log file in the %Windir%\CCM\Logs folder.

If you have enabled xml retaining of hardware inventory, You can get the xml report from C:\windows\CCM\Inventory\Temp. The report will show you something like:

<Instance ParentClass="CCM_OperatingSystem" Class="CCM_OperatingSystem" Namespace="\\CONTOSO-CLIENT1\root\ccm\invagt" Content="New">
  <CCM_OperatingSystem>
    <AADDeviceID/>
    <AADTenantID/>
    <AgentEdition>0</AgentEdition>
    <Build>10.0.19044</Build>
    <BuildExt>10.0.19044.2728</BuildExt>
    <IsAOACCapable>0</IsAOACCapable>
    <IsPortableOS>0</IsPortableOS>
    <IsWriteFilterCapable>0</IsWriteFilterCapable>
    <OSBranch>0</OSBranch>
    </CCM_OperatingSystem>
</Instance>

Reference

• What is Heartbeat Discovery?
• Retain XML file of Hardware Inventory

How to increase the SMSTS.Log file size for PXE OS Deployments?

1. Create a new text file called SMSTS.ini in notepad with the following text.

[Logging]
LOGLEVEL=0
LOGMAXSIZE=5242880
LOGMAXHISTORY=3
DEBUGLOGGING=1
ENABLELOGGING=True

Make sure the file name is SMSTS.ini but NOT SMSTS.ini.txt.

2. Identity your boot image to be used in the task sequence and locate its wim file from its Properties in SCCM console.

By default this file is located on Configuration Manager primary server in the following path:

<SCCM-INSTALL-DIR>\OSD\boot\i386\boot.wim
<SCCM-INSTALL-DIR>\OSD\boot\x64\boot.wim

If you are using customized, do it the same way. All you need to do is to locate the customized wim image.

Note: Make a backup copy of the file before making any changes to it.

3. Mount wim image file. Refer to – https://wordpress.com/posts/sccmpeek.wordpress.com

4. Copy the SMSTS.INI file to the Windows directory

After entering the PXE password and before selecting a task sequence, SMSTS.log file shows the following message:

4. Update Distribution Points

Location of Task Sequence log smsts.log

The location of the task sequence log file smsts.log varies depending upon the phase of the task sequence:

• In Windows PE BEFORE Format and Partition Disk step: X:\Windows\temp\smstslog\smsts.log (X is the Windows PE RAM drive)
• In Windows PE AFTER Format and Partition Disk step: X:\smstslog\smsts.log, then copied to C:\_SMSTaskSequence\Logs\smstslog\smsts.log when drive is ready
• In the new Windows OS BEFORE the client is installed: C:\_SMSTaskSequence\Logs\smstslog\smsts.log
• In Windows AFTER the client is installed: C:\Windows\CCM\Logs\smstslog\smsts.log
• In Windows AFTER the task sequence completes: C:\Windows\CCM\Logs\smsts.log

References

• Task sequence log locations

How to mount wim boot image with DISM command?

Sometimes you may want to customize your boot image. But you need a way to navigate through the boot image. Here is the way with DISM.

Steps:

1. Determine the index of the image.

Dism /Get-WimInfo /WimFile:<Wim file path>

2. Mount image

Dism /Mount-Wim /WimFile:<Wim file path> /Index:<Index number> /MountDir:<Mount folder>

3. Unmount the image and commit/save the change

Dism /Unmount-Wim /MountDir:<Mount folder> /Commit

To discard changes:

Dism /Unmount-Wim /MountDir:<Mount folder> /Discard

You can also use PowerShell command Mount-WindowsImage to mount image and to Save-WindowsImage save changes to image and Dismount-WindowsImage to unmount image.

References

• How to use DISM

Enabling PXE for DP failed with PXE Provider already registered – 0x000000b7

ISSUE

Enabling PXE for DP failed with PXE Provider already registered – 0x000000b7

smsdpprov.log

PxeProviderRegister failed with 0x000000b7
PxeProviderRegister has failed (0x800700b7)
Non fatal error. PXE Provider already registered.

Error Code: 0x000000b7 (183)
Error Name: ERROR_ALREADY_EXISTS
Error Source: Windows
Error Message: Cannot create a file when that file already exists.

Error Code: 0x800700b7(183)
Error Name: ERROR_ALREADY_EXISTS
Error Source: Windows
Error Message: Cannot create a file when that file already exists.

SOLUTION

1. Follow this guide to re-enable PXE for distribution point – https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/os-deployment/troubleshoot-pxe-boot-issues#solution-2-reinstall-pxe-use-only-if-solution-1-didnt-resolve-the-issue
2. But before you go to enable PXE, make sure that the following registry entries are gone after uninstalling WDS and reboot:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\WDSTFTP

If the two entries are still present, delete them manually and then proceed with enabling PXE again.

To understand how PXE work, refer to – https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/os-deployment/understand-pxe-boot

How to cancel restart initiated by mistake from Client Notification in SCCM console?

If you inadvertently clicked on Restart menu from Client Notification, that can be scaring if the target computers are critical servers in your company.

Don’t panick. Here is a way to cancel it.

Solution

Run the script as Admin on all the affected computers in whatever way you feel comfortable with.

#CANCEL a pending reboot
Remove-Item -Path 'HKLM:\SOFTWARE\Microsoft\SMS\Mobile Client\Reboot Management\RebootData'
Remove-Item -Path 'HKLM:\SOFTWARE\Microsoft\SMS\Mobile Client\Updates Deployment\RebootFlag
Remove-ItemProperty -Name * -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired'
Shutdown -a
Restart-Service ccmexec -force

Accounts added in Security of SSRS site disappear in 10 minutes

ISSUE

Accounts added in Security of SSRS site disappear in 10 minutes

SCCM updates the configurations of Reporting Service Role every 10 minutes. You can check this in the srsrp.log. So the settings will be updated also at an interval of 10 minutes.

Confirmed the configuration of SRS role [ConfigMgr Report Users].
Confirmed the configuration of SRS role [ConfigMgr Report Administrators].
Confirmed the security policy for folder [/].
Confirmed the security policy for folder [/ConfigMgr_PS1].
...

If the added account in Security is not in SCCM, that account will be removed from Security at the next update.

On how to install and configure Configuration Manager Reporting Service Role, refer to this article – https://learn.microsoft.com/en-us/mem/configmgr/core/servers/manage/configuring-reporting

Solution

1. Go to \Administration\Overview\Security\Administrative Users in SCCM console
2. Add the account into SCCM

NOTE

Configuration Manager connects to Reporting Services and sets the permissions for users on the Configuration Manager and Reporting Services root folders and specific report folders. After the initial installation of the reporting services point, Configuration Manager connects to Reporting Services every 10 minutes to verify that the user rights configured on the report folders are the associated rights that are set for Configuration Manager users. When users are added or user rights are modified on the report folder by using Reporting Services Report Manager, Configuration Manager overwrites those changes by using the role-based assignments stored in the site database. Configuration Manager also removes users that don’t have Reporting rights in Configuration Manager.

https://learn.microsoft.com/en-us/mem/configmgr/core/servers/manage/configuring-reporting

Two steps about Client Upgrade in Post-Installation part stuck in In progress

ISSUE

Two steps about Client Upgrade in Post-Installation part stuck in In progress during an upgrade from 1909 to 2006

These two steps are : 

  1. Updating Client folder on Site Server 

  2. Updating Configuration Manager Client Package 

hman.log

Loaded client upgrade settings from DB successfully. FullClientPackageID=SG100002, StagingClientPackageID=SG100017, ClientUpgradePackageID=SG100003, PilotingUpgradePackageID=SG10074E, ClientUpgradeAdvertisementID=SG120000, ClientPilotingAdvertisementID=SG120BFF
Both UpgradeAdvertisementID and PilotingAdvertisementID existed in the output of ClientDeploymentSettings, while, the advertisementID 'SG120000' couldn't be found in table ProgramOffers, that's why these two steps stuck there, and keep being retried. 
    SQL>>>select PkgID,PkgProgram,CollectionID,SourceSite,OfferName,OfferComment,Hierarchy,AvailableSched,UnavailableSched,MandatorySched,PresentTime,ExpirationTime,TimeEnableFlag,OfferFlags,DeviceFlags,RemoteClientFlags,Priority,AssignmentID,MandatoryCountdown,SourceLocaleID,LastModificationTime,OfferTypeID,ISVString,AdditionalProperties from ProgramOffers where OfferID = 'SG120000' and Action <> 3
SQL>>>>> Done.
ERROR: Failed to get the advertisement object for advertisement SG120000.
ERROR: Failed to add a new mandatory schedule to the client upgrade advertisement SG120000. Will continue on next cycle.
WARN: It fails to process the client content in the update package A200E842-5CB5-4BD3-AB77-2999B59721AE. Will retry in next cycle.

Solution

1. Go to the top-level site 
2. Navigate into <ConfigMgr>\inboxes\hman.box 
3. Create an empty CliUpg.acu file in <ConfigMgr>\inboxes\hman.box 
4. Restart SMS_EXECUTIVE service from services.msc panel