Tag: ConfigMgr

Tool for collecting SCCM information

I developed a tool to collect SCCM information. This tool is not perfect, but it can save you a lot of time and efforts in daily troubleshooting sccm / mecm issues.

Used to collect from the following endpoints:

  • general computer information
  • enable/disable sccm verbose
  • information of computers which have SCCM/MECM installed
  • information of computers which have Software Update Point role installed
  • information of computers which have Distribution Point role installed
  • information of computers which have Management Point role installed
  • Site Server information
  • WSUS configuration information
  • computer upgrade information

Usage: Run as Administrator: ConfigMgr-Tool.exe

Link – https://github.com/gaulogao/mecm/blob/f1a5333a02002222be6e59489d9fa1be24cc6745/ConfigMgr-Tool.exe

How to Check for a Pending Reboot on a host with SCCM client installed

If you have Configuration Manager managed client host, there will be ROOT\ccm\Client namespace in WMI. Class SDKCCM_ClientUtilities has a properties with two possible values:
RebootPending
IsHardRebootPending

If you have Configuration Manager managed client host, there will be ROOT\ccm\Client namespace in WMI. Class SDKCCM_ClientUtilities has a properties with two possible values:

  • RebootPending
  • IsHardRebootPending
NAMESPACECLASSPROPERTYVALUEPRODUCTNOTES
ROOT\ccm\ClientSDKCCM_ClientUtilitiesDetermineifRebootPendingRebootPendingSCCMReturnValue needs to be 0 and this value is not null
ROOT\ccm\ClientSDKCCM_ClientUtilitiesDetermineifRebootPendingIsHardRebootPendingSCCMReturnValue needs to be 0 and this value is not null

You can use the following PowerShell command to verity the client host needs a reboot or not.

Invoke-WmiMethod -ComputerName localhost -Namespace "ROOT\ccm\ClientSDK" -Class "CCM_ClientUtilities" -Name DetermineIfRebootPending | Select-Object -Property PSComputerName,RebootPending

PSComputerName RebootPending
—————————— ————————-
D00155DD61A6F False

You can also replace localhost with a real computer name to verify a remote host.

References

How to retain the xml file during Hardware or Software Inventory

When dealing with hardware or software inventory issues, you man want to take a peek into the xml file generated during the inventory process. To achieve this, you need to create in %systemroot%\ccm\inventory\temp an empty file archive_reports.sms.

When dealing with hardware or software inventory issues, you man want to take a peek into the xml file generated during the inventory process. To achieve this, you need to create in %systemroot%\ccm\inventory\temp an empty file:

archive_reports.sms

Generally its path should be C:\WINDOWS\CCM\Inventory\temp.

This XML file can reveal what the last scan discovered regardless whether the scan was a full scan or a delta scan. For example, if find one piece of information missing in the hardware inventory you can get the hardware inventory XML file whose name is similar to 0eeda138-3fce-4d01-a1b3-f9aeec6782bd.xml and take a close examination for clues.

Hardware Inventory report does not include zoom.exe information

Most of us take it for granted that Configuration Manager should collect by default all the programs listed in “Uninstall or change a program” shown in Control Panel while in fact it is not the case in reality.

Most of us take it for granted that Configuration Manager should collect by default all the programs listed in “Uninstall or change a program” shown in Control Panel while in fact it is not the case in reality.

For example, if you install zoom.exe on your client and then run a Hardware Inventory cycle you will find in surprise that Hardware Inventory report does not show zoom.exe information at all, though zoom.exe is present just there in “Uninstall or change a program“.

Why is that?

By default, Configuration Manager only collects, as defined by Default Client Settings in Client Settings, programs registered in:

Root\cimv2\Win32Reg_AddRemovePrograms
Root\cimv2\Win32Reg_AddRemovePrograms64

Note that the two classes exist only when you install Configuration Manager client on the client.

However, it turned out that zoom.exe installation information is not recorded in the two WMI classes. As where the installer writes the installation information of a software totally depends on the software vendor, it is difficult for us to find the installation information in WMI without the software vendor telling us the exact information. I managed to locate the zoon.exe installation information, which was actually written into:

Root\cimv2\Win32_InstalledWin32Program

Unfortunately this class is not included in hardware inventory by default. The good news is that you can add it to hardware inventory with just a few steps.

  1. Open Configuraton Manager console and navigate to \Administration\Overview\Client Settings
  2. Click on Default Client Settings and select Hardware Inventory
  3. Click on Set Classes…
  4. Click on Add, then Connect
  5. Put root\cimv2 into WMI namespace field
  6. Select Installed Win32Program (win32_installed32program) from Inventory class and click on Ok
  7. After the client setting is pushed, you can see zoom.exe appears on the next hardware inventory cycle

You can view the hardware inventory via Resource Explorer, where you can find a new node named Installed Win 32Program.

If you want to use a query-based report to get installed programs information, make use of the following query:

SELECT [MachineID]
,[InstanceKey]
,[RevisionID]
,[AgentID]
,[TimeKey]
,[rowversion]
,[Name00] as [DisplayName00]
,[Vendor00] as [Publisher00]
,[Version00]
FROM [CM_PS1].[dbo].[INSTALLED_WIN_32PROGRAM_DATA]
UNION
SELECT [MachineID]
,[InstanceKey]
,[RevisionID]
,[AgentID]
,[TimeKey]
,[rowversion]
,[DisplayName00]
,[Publisher00]
,[Version00]
FROM [CM_PS1].[dbo].[Add_Remove_Programs_64_DATA]
UNION
SELECT [MachineID]
,[InstanceKey]
,[RevisionID]
,[AgentID]
,[TimeKey]
,[rowversion]
,[DisplayName00]
,[Publisher00]
,[Version00]
FROM [CM_PS1].[dbo].[Add_Remove_Programs_DATA]

References

SCCM Client Manual Installation

There are several ways to install SCCM Client on client end computers. Manual is one of the most used ways, especially when you are deploying SCCM Client to UNIX/Linux, Mac OS X.

Here is an example to show you how to do manual client installation.

Example

  1. Create PowerShell script inst-sccm-client.ps1:
New-Item -ItemType directory -Path C:\Client
Copy-Item -Path \Shps1\sms_ps1\Client* -Destination C:\Client
Set-Location C:\Client
.\ccmsetup.exe /mp:shps1.contoso.local /logon CCMDEBUGLOGGING=1 CCMLOGLEVEL=0 SMSSITECODE=AUTO SITEREASSIGN=TRUE CCMLOGMAXSIZE=100000000

If MP is https-enabled, you need to run the command with /UsePKICert switch: 

.\ccmsetup.exe .\ccmsetup.exe /mp:https://shps1.contoso.local /logon /UsePKICert SMSMP=https://shps1.contoso.local CCMDEBUGLOGGING=1 CCMLOGLEVEL=0 SMSSITECODE=PS1 CCMLOGMAXSIZE=100000000
  1. Open PowerShell(Admin): Set-ExecutionPolicy Unrestricted
  1. Run the script: .\inst-sccm-client.ps1

This script will first create a directory Client on the client end, then copy \Client (shared location is \\<site server name>\SMS_<site code>\Client\, eg. \Shps1\sms_ps1\Client) content to the directory Client. Make sure you have read permission to \Client. Then it sets the current location to Client directory and runs the installation command.

Note that you must have Administrator permissions to the installation files.

/mp is ccmsetup.exe switch which –

  • “specifies a source management point for computers to connect to”.
  • Computers use this management point to find the nearest distribution point for the installation files”.

CCMDEBUGLOGGING, SMSSITECODE and CCMLOGLEEVEL are Client.msi switches:

  • CCMDEBUGLOGGING – Enables logging if this property is set to TRUE. By default, logging is enabled.
  • CCMLOGLEVEL – Specify an integer ranging from 0 to 3, where 0 is the most verbose logging and 3 logs only errors. The default is 1.
  • SMSSITECODE – Specifies the Configuration Manager site to assign the Configuration Manager client to. This can either be a three-character site code or the word AUTO.

If you want to uninstall sccm client, run:

<%windir%>\ccmsetup\ccmsetup.exe /uninstall

References

SCCM client installation failed with “MSI: Setup was unable to compile the file ccmclasses.mof The error code is 8004402F”

MSI: Setup was unable to compile the file ccmclasses.mof
The error code is 8004402F

Background

SCCM client installation can failed due to various reasons, one of which could be the following:

MSI: Setup was unable to compile the file ccmclasses.mof
The error code is 8004402F

Error code 8004402F indicates (you can check the code meaning with CMTrace tool: Press CTRL + L to launch Error Lookup window):

Error creating temporary file
Source: Windows Management (WMI)

Most of the time this was caused by lack of “Modify” and “Write” permissions to the temporary folder of the installation user.

Solution

  1. First, make sure the installation user have local Admin rights
  2. Then go to Control Panel>System and Security>System>Advanced System settings
  3. Click on Environment Variables… See the figure below.
  4. Verify TEMP and TMP in System Variables are respectively C:\windows\TEMP and C:\windows\TEMP
  5. Make sure that the installation user has Modify and Write permissions to TEMP and TMP
  6. If the installation fails with the same exception even after those changes, try to compile ccmclasses.mof manually:
    1. Open command prompt as Administrator
    2. Navigate into C:\windows\CCM: cd c:\windows\CCM
    3. Run: mofcomp ccmclasses.mof
    4. Retry the installation
Environment Variables

SCCM client installation failed with “Setup was unable to compile the file DiscoveryStatus.mof”

File C:\Windows\ccmsetup{7E31AE3A-2706-4A34-9970-73A5526B5346}\client.msi installation failed. Error text: ExitCode: 1603
Action: CcmRegisterWmiMofFile.
ErrorMessages:
Setup was unable to compile the file DiscoveryStatus.mof
The error code is 80041002

Issue

During SCCM 1810 client installation process, installation failed with ccmsetup.log showing the following exceptions:

File C:\Windows\ccmsetup{7E31AE3A-2706-4A34-9970-73A5526B5346}\client.msi installation failed. Error text: ExitCode: 1603
Action: CcmRegisterWmiMofFile.
ErrorMessages:
Setup was unable to compile the file DiscoveryStatus.mof
The error code is 80041002

As you can see, the direct reason was that DiscoveryStatus.mof compilation failed.

Solution

  1. Open command prompt as administrator
  2. Navigate into C:\Program Files\Microsoft Policy Platform
  3. Run: mofcomp ExtendedStatus.mof
  4. Retry SCCM client installation

Note that my case happened in SCCM 1810. However, this solution also applies to SCCM 2012. If you come across the issue in other versions of SCCM, just give it a try.

Check Windows Update settings on a client

A local Group Policy setting will always be overwritten by an Active Directory Group Policy setting, and this can result in the Configuration Manager client failing to obtain software updates using Configuration Manager.

A local Group Policy setting will always be overwritten by an Active Directory Group Policy setting, and this can result in the Configuration Manager client failing to obtain software updates using Configuration Manager.

In order to check the WSUS server that the clients are contacting and also check for any GPOs affecting those clients, you will need to check the following aspects.

RsoP.msc on the client

Check the Computer Configuration > Administrative Templates > Windows Components > Windows Update
– Does it show the correct WSUS server?

RSoP

Registry settings

Compare the following registry keys on the “problematic” machine with the same registry keys from a “working” machine:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

To check the two registry items’ properties, you can run in PowerShell:

Get-ItemProperty 'Registry::HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate'
Get-ItemProperty 'Registry::HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU'

Active Directory Group Policy and SCCM settings

Check if WSUS is defined in the Group Policy (i.e: server name and port) versus how it is set in Configuration Manager(i.e. FQDN)

WUAHandler.log on the client

Check the WUAHandler.log for the WSUS URL used.

Enabling WUA Managed server policy to use server: http://wsussvr.contoso.com:8530

When an Active Directory Group Policy setting overrides the local Group Policy setting, you will see the following:

Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://newwsussvr.sccmpeek.com:8530 and Policy ENABLED WUAHandler

References

WUAUClt and USOClient

WUAUClt no longer works on Windows 10 or Windows Server 2016 / 2019. There is a replacement for WUAUClt named USOClient located in C:\WINDOWS\SYSTEM32\ directory.

I believe some of you must have noticed that WUAUClt no longer works on Windows 10 or Windows Server 2016 / 2019. There is a replacement for WUAUClt named USOClient located in C:\WINDOWS\SYSTEM32\ directory.

WUAUclt Utility

Before Windows 10 and Windows Server 2016 / 2019, you can use WUAUClt to search for and download and install new updates.

WUAUClt.exe /detectnow - forcing an update detection. If there are updates approved for install that client needs, it ill download them when the command run.
WUAUClt.exe /updatenow - installs the downloaded updates

Note that WUAUClt.exe /detectnow works only when Automatic Update is enabled and that WUAUClt.exe /updatenow works only when 4 – Auto download and schedule the install is selected for Configure Automatic Updates. You can enable Automatic Updates via Group Policy.

Other command line switches for WUAuclt utility

OptionDescription
/a /ResetAuthorizationInitiates an asynchronous background search for applicable updates. If Automatic Updates is disabled, this option has no effect.
/r /ReportNowSends all queued reporting events to the server asynchronously.
/? /h /helpShows this help information.
WUAUclt switches
wuauclt.exe /resetauthorization /detectnow - you can use this command to expire the cookie, initiate detection, and have WSUS update computer group membership.

Sometimes you may need to re-register a client with WSUS server. In that case you can run the following command.

gpupdate /force
WUAUclt.exe /detectnow

Note that for Windows 10 and Windows Server 2016 / 2019 +, you need to run USOClient.exe StartScan instead of WUAUclt.exe /detectnow. Read further for USOClient utility.

USOClient Utility

USO stands for Update Session Orchestrator, and it’s the replaced Windows Update Agent. Windows Update service, USOClient.exe, is basically a command to run either scan for updates, install or resume updates.

USOClient utility works on Windows 10 and Windows 2016 / 2019 + as a replacement of WUAUclt.

USOClient utility switches

OptionDescription
StartScan Used To Start Scan
StartDownload Used to Start Download of Patches
StartInstall Used to Install Downloaded Patches
RefreshSettings Refresh Settings if any changes were made
StartInteractiveScan May ask for user input and/or open dialogues to show progress or report errors
RestartDevice Restart device to finish installation of updates
ScanInstallWait Combined Scan Download Install
ResumeUpdate Resume Update Installation On Boot
USOClient switches

To scan and install updates, you can simply run:

USOClient.exe ScanInstallWait 
USOClient StartInstall

References

Design a site like this with WordPress.com
Get started