Wednesday, November 19, 2014

New Release of Microsoft Intune – Nov 2014

New Intune standalone features that will be released as part of this service update include:

  • Enhanced user interface for Intune administration console
  • Ability to restrict access to Exchange on-premises email based upon device enrollment
  • Bulk enrollment of devices using a single service account
  • Lockdown of Supervised iOS devices and devices using Samsung KNOX with Kiosk mode
  • Targeting of policies and apps by device groups
  • Ability to report on and allow or block a specific set of applications
  • Enforcement of application install or uninstall
  • Deployment of certificates, email, VPN and WiFi profiles
  • Ability to push free store apps to iOS devices
  • More convenient access to internal corporate resources using per-app VPN configurations for iOS devices
  • Remote pin reset for Windows Phone 8.1 devices
  • Multi-factor authentication at enrollment for Windows 8.1 and Windows Phone 8.1 devices
  • Ability to restrict administrator access to a specific set of user and device groups
  • Updated Company Portal apps to support customizable terms and conditions

Please visit for more information.

Saturday, September 13, 2014

Empty Inventoried Software under Asset Intelligence

If you are getting nothing from the inventoried software under the Asset Intelligence, please check the Hardware Inventory Classes.


Please make sure the below are checked:

  • Installed Executable – Asset Intelligence (SMS_InstalledExecutable)
  • Installed Software – Asset Intelligence (SMS_InstalledSoftware)


After the SCCM Client receive the machine policy, and the hardware inventory policy ran, you should be able to have something pop up from the inventoried software list under Asset Intelligence. You can search for SMS_InstalledSoftware in the InventoryAgent.log from the client machine to check if the classes are inventoried.

Friday, September 5, 2014

SCCM 2012 Distribution Point Prerequisites – Windows Server 2003

Below is the prerequisites requirement for setting up a SCCM 2012 DP.

I would like to highlight the Remote Differential Compression prerequisites on Windows Server 2003. Remote Differential Compression is not available to be configured in the Add/Remove Windows Components like any others prerequisites. If you have missed out this prerequisite, you will not able to perform any content distribution, the operation will fail!!! Although you have checked to install IIS automatically during the DP installation, it just simply won’t install because that only available on Windows Server 2008 and above.

You can manually install the Remote Differential Compression prerequisite. It is located in the client folder, \\SCCM12\SMS_PS1\Client\i386. Look for the installer named “msrdcoob.exe”. Run the installer manually in the Windows Server 2003 and you should be able to distribute content to the DP now.

Thursday, July 3, 2014

Failed to launch SCCM 2007 reports from remote console, "You do not have permission to view this directory or page."

I was performing a maintenance fro a SCCM 2007 customer this morning. Customer is complaining that he couldn’t launch the report from his remote console, but no problem launching it from the ConfigMgr Console from SCCM Server.

I went to the verify the DCOM configuration, and the setting is correct. Checkout the DCOM configuration guide here.

Next, I check the SMSReporting_XXX Authentication configurations. I make sure only the Windows Authentication is enabled. Somehow the “Enable Kernel-mode authentication” setting is checked under the Advance Settings of the Windows Authentication, which is not correct. I uncheck the setting and it should looks like the screen captured below.


Lastly, I reconfigure the Providers settings of the Windows Authentication, which looks like the screen captured below. Only NTLM and Negotiate: Kerberos are enabled.


User can now successfully launch the report from his remote console. Cheers!!

Friday, June 13, 2014

SCCM 2012 Limited Support on IPv6

SCCM 2012 is not fully support on IPv6 yet. Below are some of the features that are not IPv6 ready. I was working on OSD and randomly getting error “Failed to download policy” with generic error code 0x80004005. I opened a case with Microsoft and the engineer find out that SCCM 2012 is not fully ready on IPv6 yet. We disabled the IPv6 configuration from the server and the error seems to went away.


Technet reference:


Tuesday, June 10, 2014

Moving, Changing, Migrating, Restoring of your SCCM 2012 SQL Database?

Are you performing any one of the actions above to your SCCM 2012 SQL database? After you did that, please make sure that the new SQL server configuration is correct. Especially the Allow Snapshot Isolation, Is read Commited Snapshot On, Trustworthy, Broker Enabled. and Honor Broker Priority settings. All these settings need to be set as TRUE. If these settings are not configured correctly, you might end up getting errors “Microsoft SQL Server Reported SQL Message 50000, Severity 16: *** Unknown SQL Error!” from SMS_POLICY_PROVIDER Component or this error. Please also ensure that the owner of the database is SA!!!


To alter the settings above:



--- Enable the SQL Broker on the Site database

USE master;

--- SET the Site Database as trustworthy

USE master;

--- SET the Database to honor the HONOR_BROKER_PRIORITY

USE master;

To change the owner to “sa”
EXEC sp_changedbowner ‘sa’

Thanks for reading…



Monday, June 2, 2014

SMS WSUS Configuration Manager failed to configure upstream server settings on WSUS Server

Lately, I helped a customer to check the WSUS error above on SCCM 2007 mixed mood environment.

First thing I did is to check WCM.log. From the log I found out that the server is using ParentWSUSPort = 8531, SSLToParentWSUS = 1. Usually for mixed mood environment, the server will use Port 8530 and without SSL.

The next thing I did is to check the Software Update Point Component settings. On the General tab of the settings, the Enable SSL for this WSUS server is uncheck by default, but somehow this is now checked.

So I UNCHECK the Enable SSL for this WSUS server setting and apply the settings. Next, I delete the Software Update Point and reinstall it once after it is deleted. After the reinstallation of the Software Update Point, the SCCM server can now sync the latest updates from Microsoft and the WCM.log is showing that the server is using ParentWSUSPort = 8530, SSLToParentWSUS = 0