Thursday, July 3, 2014

Failed to launch SCCM 2007 reports from remote console, "You do not have permission to view this directory or page."

I was performing a maintenance fro a SCCM 2007 customer this morning. Customer is complaining that he couldn’t launch the report from his remote console, but no problem launching it from the ConfigMgr Console from SCCM Server.

I went to the verify the DCOM configuration, and the setting is correct. Checkout the DCOM configuration guide here.

Next, I check the SMSReporting_XXX Authentication configurations. I make sure only the Windows Authentication is enabled. Somehow the “Enable Kernel-mode authentication” setting is checked under the Advance Settings of the Windows Authentication, which is not correct. I uncheck the setting and it should looks like the screen captured below.

image 

Lastly, I reconfigure the Providers settings of the Windows Authentication, which looks like the screen captured below. Only NTLM and Negotiate: Kerberos are enabled.

image

User can now successfully launch the report from his remote console. Cheers!!

Friday, June 13, 2014

SCCM 2012 Limited Support on IPv6

SCCM 2012 is not fully support on IPv6 yet. Below are some of the features that are not IPv6 ready. I was working on OSD and randomly getting error “Failed to download policy” with generic error code 0x80004005. I opened a case with Microsoft and the engineer find out that SCCM 2012 is not fully ready on IPv6 yet. We disabled the IPv6 configuration from the server and the error seems to went away.

image

Technet reference:

  1. http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigIpv6
  2. http://technet.microsoft.com/en-us/network/hh994905.aspx

Tuesday, June 10, 2014

Moving, Changing, Migrating, Restoring of your SCCM 2012 SQL Database?

Are you performing any one of the actions above to your SCCM 2012 SQL database? After you did that, please make sure that the new SQL server configuration is correct. Especially the Allow Snapshot Isolation, Is read Commited Snapshot On, Trustworthy, Broker Enabled. and Honor Broker Priority settings. All these settings need to be set as TRUE. If these settings are not configured correctly, you might end up getting errors “Microsoft SQL Server Reported SQL Message 50000, Severity 16: *** Unknown SQL Error!” from SMS_POLICY_PROVIDER Component or this error. Please also ensure that the owner of the database is SA!!!

image 

image
To alter the settings above:

ALTER DATABASE <CM_XXX>
SET ALLOW_SNAPSHOT_ISOLATION ON

ALTER DATABASE <CM_XXX>
SET READ_COMMITTED_SNAPSHOT ON

--- Enable the SQL Broker on the Site database

USE master;
GO
ALTER DATABASE CM_XXX SET ENABLE_BROKER
GO

--- SET the Site Database as trustworthy

USE master;
GO
ALTER DATABASE CM_XXX SET TRUSTWORTHY ON
GO

--- SET the Database to honor the HONOR_BROKER_PRIORITY

USE master;
GO
ALTER DATABASE CM_XXX SET HONOR_BROKER_PRIORITY ON;
GO

image
To change the owner to “sa”
EXEC sp_changedbowner ‘sa’

Thanks for reading…

References:

  1. http://blogs.technet.com/b/configurationmgr/archive/2013/04/02/how-to-move-the-configmgr-2012-site-database-to-a-new-sql-server.aspx
  2. http://support.microsoft.com/kb/2709082/en-us

Monday, June 2, 2014

SMS WSUS Configuration Manager failed to configure upstream server settings on WSUS Server

Lately, I helped a customer to check the WSUS error above on SCCM 2007 mixed mood environment.

First thing I did is to check WCM.log. From the log I found out that the server is using ParentWSUSPort = 8531, SSLToParentWSUS = 1. Usually for mixed mood environment, the server will use Port 8530 and without SSL.

The next thing I did is to check the Software Update Point Component settings. On the General tab of the settings, the Enable SSL for this WSUS server is uncheck by default, but somehow this is now checked.

So I UNCHECK the Enable SSL for this WSUS server setting and apply the settings. Next, I delete the Software Update Point and reinstall it once after it is deleted. After the reinstallation of the Software Update Point, the SCCM server can now sync the latest updates from Microsoft and the WCM.log is showing that the server is using ParentWSUSPort = 8530, SSLToParentWSUS = 0

Monday, May 12, 2014

SMS_MP_CONTROL_MANAGER failed to start with 0x80041002

My customer is running on SCCM 2012 RTM build 7711. The management point is downed and showing the error message above in the mpcontrol.log.

Resolution: Uninstall the Management Point role and verify that the Management Point is uninstalled in the MPSetup.log. After the uninstalled completed, reinstall the Management Point. Verify that the Management Point is setup completely in the MPSetup.log.

Wednesday, April 16, 2014

Failed to initiate install of WSUS updates, error = 0x800b0109

SCUP 2011 is integrated with SCCM 2012 R2. SCCM deploy the Adobe Reader X! updates but failed with error 0x800b0109. First thing I checked is whether the WSUS certificate is installed in the Trusted Root Certification Authorities and Trusted Publishers of Local Computer. Yes, the WSUS certificate is installed!!

Browsing the internet and saw there is a requirement to set GPO to enable the setting below:
"Administration Templates -> Windows Components -> Windows Update -> 'Allow Signed updates from an intranet Microsoft update service location'

After I enabled the settings, the Adobe Reader updates installed successfully.

Thursday, April 10, 2014

Configuration Manager Client Upgrade Package Distribution Failed

Whenever you setup a new distribution point, the system will automatically distribute 2 packages to the distribution point.
1. Configuration Manager Client Package
2. Configuration Manager Client Upgrade Package

But somehow the Configuration Manager Client Upgrade Package failed to distribute to the distribution point. The upgrade package is hidden, hence unable to redistribute the upgrade package like normal package. Therefore, we have to trick the system to redistribute the packages.

Trick:
1. Open an empty notepad and save it as client.acu
image
2. Copy the client.acu to the inboxes\hman.box folder at the top-level site
3. Monitor the hman.log to check whether the Client Upgrade package gets updated