Tuesday, February 10, 2015

SCCM Schema Extension Error = 8224

I bumped into this issue today on a customer site. The Schema Extension failed with error code = 8224, which you can view it from the C:\ExtAdSch.log

Here are the steps I checked:

  1. Schema Extension needs to be performed all the DC holding all the FSMO roles. Open Command Prompt and enter netdom /query fsmo
  2. The user account is part of the Schema Admins group
  3. Check the AD Replication between the domain controller using repadmin command. It showed replication error, and this is the reason causing the Schema Extension failure.

Thanks for reading =)

Monday, February 9, 2015

System Center Universe APAC 2015

System Center Universe APAC is back! Haven’t heard of the event? Here’s some sneak peak on what’s waiting for you:

TOP 10 reasons why you should attend:

  1. Never before has Asia Pacific and Singapore seen such a great pool of speakers in ONE event. TOP Cloud, Azure, System Center and Hyper-V experts from all across the globe are here! YOU no longer have to travel to the other side of the world to meet them!
  2. Speakers will be sharing their top secrets, best practices, tips & tricks with YOU! Priceless information that we may not be able to get even on the internet!
  3. Experts from Microsoft, experienced industry partners and speakers themselves will be at a special area during the event for you to ask them ANY questions on your cloud journey! This service which is usually chargeable is available to SCU participants for FREE!!!
  4. Be some of the First people to see LIVE of what is coming up in upcoming version of Windows Server, System Center and Azure at our KEYNOTE titles 'Next Generation'!
  5. Mingle with the experts, fellow industry professionals and connect with our sponsors to explore new technologies that will improve your IT efficiency.
  6. All the knowledge and tips not enough? GREAT! We have some awesome prizes sponsored in a lucky draw just for YOU. Come and find out if you are one of the lucky delegates to bring home a Surface Pro 3 and other cool prizes!
  7. All the brain input deserves some reward! Stay on for our SCU GALAXY PARTY after Day 2 to eat, drink & to catch the experts for more secrets!
  8. Get your hands dirty with some hands-on labs at the event for FREE (worth US$1500) and the opportunity to enroll in the Pre-SCU Workshops by the experts at SUPER DISCOUNTS!
  9. Yes… We know we mentioned that the TOP experts will be here at SCU. But we just have to mention it again! FIRST TIME EVER, we are able to gather them at ASIA PACIFIC to pick their brains! Too shy to ask? Tweet or post via Facebook and we will get the answers for YOU.
  10. SCU APAC is a community and non-profit event. The value you get from the learnings, ideas, tips, tricks, prizes, deals, offers, food, drinks, hands-on and best practices are MORE than 20 times the fee. DO NOT MISS THIS OPPORTUNITY!

EXCLUSIVE RATE just for you!
US$190/ticket OR US$150/ticket for a group of 5 or more
Special rate with Capri – SGD230++ per night
Use this code: SCUBLOG [valid until 15 Feb 2015]
Register here and select Option 3: Registration with RSVP code


Wednesday, December 3, 2014

Windows 8.1 No Longer Require Symantec Certificate for Intune Enrollment

With the new released Microsoft Intune, we no longer require Symantec certificate to enroll Windows 8.1 devices. However, if you are facing the following scenarios, you still require Symantec certificate.

  • If you want to sign and deploy your own line of business (LOB) apps to Windows Phone 8.1 devices
  • If you need to enroll Windows Phone 8 devices, even if you don’t want to deploy LOB apps to these devices
  • If your Intune subscription is connected to System Center 2012 R2 Configuration Manager. Support for the “certificate-less” enrollment feature is planned for a future release of System Center Configuration Manager.
  • If your users cannot access the Microsoft Store, either because their access has been blocked by their IT admin or because they don’t have Microsoft accounts.
  • Wednesday, November 19, 2014

    New Release of Microsoft Intune – Nov 2014

    New Intune standalone features that will be released as part of this service update include:

    • Enhanced user interface for Intune administration console
    • Ability to restrict access to Exchange on-premises email based upon device enrollment
    • Bulk enrollment of devices using a single service account
    • Lockdown of Supervised iOS devices and devices using Samsung KNOX with Kiosk mode
    • Targeting of policies and apps by device groups
    • Ability to report on and allow or block a specific set of applications
    • Enforcement of application install or uninstall
    • Deployment of certificates, email, VPN and WiFi profiles
    • Ability to push free store apps to iOS devices
    • More convenient access to internal corporate resources using per-app VPN configurations for iOS devices
    • Remote pin reset for Windows Phone 8.1 devices
    • Multi-factor authentication at enrollment for Windows 8.1 and Windows Phone 8.1 devices
    • Ability to restrict administrator access to a specific set of user and device groups
    • Updated Company Portal apps to support customizable terms and conditions

    Please visit http://blogs.technet.com/b/microsoftintune/archive/2014/11/17/new-microsoft-intune-capabilities-coming-this-week.aspx for more information.

    Saturday, September 13, 2014

    Empty Inventoried Software under Asset Intelligence

    If you are getting nothing from the inventoried software under the Asset Intelligence, please check the Hardware Inventory Classes.


    Please make sure the below are checked:

    • Installed Executable – Asset Intelligence (SMS_InstalledExecutable)
    • Installed Software – Asset Intelligence (SMS_InstalledSoftware)


    After the SCCM Client receive the machine policy, and the hardware inventory policy ran, you should be able to have something pop up from the inventoried software list under Asset Intelligence. You can search for SMS_InstalledSoftware in the InventoryAgent.log from the client machine to check if the classes are inventoried.

    Friday, September 5, 2014

    SCCM 2012 Distribution Point Prerequisites – Windows Server 2003

    Below is the prerequisites requirement for setting up a SCCM 2012 DP.

    I would like to highlight the Remote Differential Compression prerequisites on Windows Server 2003. Remote Differential Compression is not available to be configured in the Add/Remove Windows Components like any others prerequisites. If you have missed out this prerequisite, you will not able to perform any content distribution, the operation will fail!!! Although you have checked to install IIS automatically during the DP installation, it just simply won’t install because that only available on Windows Server 2008 and above.

    You can manually install the Remote Differential Compression prerequisite. It is located in the client folder, \\SCCM12\SMS_PS1\Client\i386. Look for the installer named “msrdcoob.exe”. Run the installer manually in the Windows Server 2003 and you should be able to distribute content to the DP now.

    Thursday, July 3, 2014

    Failed to launch SCCM 2007 reports from remote console, "You do not have permission to view this directory or page."

    I was performing a maintenance fro a SCCM 2007 customer this morning. Customer is complaining that he couldn’t launch the report from his remote console, but no problem launching it from the ConfigMgr Console from SCCM Server.

    I went to the verify the DCOM configuration, and the setting is correct. Checkout the DCOM configuration guide here.

    Next, I check the SMSReporting_XXX Authentication configurations. I make sure only the Windows Authentication is enabled. Somehow the “Enable Kernel-mode authentication” setting is checked under the Advance Settings of the Windows Authentication, which is not correct. I uncheck the setting and it should looks like the screen captured below.


    Lastly, I reconfigure the Providers settings of the Windows Authentication, which looks like the screen captured below. Only NTLM and Negotiate: Kerberos are enabled.


    User can now successfully launch the report from his remote console. Cheers!!