SCCM MECM Configuration Manager Client not downloading content from distribution point Error: CTM encountered error processing reply from DTS. Code 0x80096004

Configuration Manager Client not downloading content from distribution point. Verified a distribution point was properly assigned to the applicable boundary group and that the distribution point had the content in question.

Reviewing the CCMCACHE folder on the client machines, found folders created for the content in question but no actual content. Began reviewing log files in C:\Windows\CCM\Logs 


In CAS.LOG: Error CTM encountered error processing reply from DTS. Code 0x80096004

​Error Code: 0x80096004 (2148098052) 

 Error Name: TRUST_E_CERT_SIGNATURE 

 Error Source: Windows 

 Error Message: The signature of the certificate cannot be verified. 

 The client was registered using the self-signed certificate issued to 'SMS' Client is configured to use HTTPS when available 

 In the CAS.log 


 both http and https locations are being returned for content locations 

When the issue occurs, the following events occur leading to the 0x80096004 error: ​

​CTM job {A18CC6C5-2A7B-4D84-B4C2-3EB1EC1F22EF} switched to location 'xxx/SMS_DP_SMSPKG$/ACC00A5E'


CTM job {B64D5D76-3846-4415-84F4-503722AF09C8} switched to location 'http://xxx/SMS_DP_SMSPKG$/ACC00A70'


CTM job {A0E7A3F6-76C6-449A-BB13-2C5D5439FE03} switched to location 'http://xxx/SMS_DP_SMSPKG$/Content_81f1d394-c68c-4d8e-8fdd-33756a934992.1'


CTM encountered error processing reply from DTS. Code 0x80096004


CTM job {620B0A00-D1D8-4115-A7D1-962E268AFCCF} entered phase CCM_DOWNLOADSTATUS_PREPARING_DOWNLOAD


CTM encountered error processing reply from DTS. Code 0x80096004


CTM job {A0E7A3F6-76C6-449A-BB13-2C5D5439FE03} entered phase CCM_DOWNLOADSTATUS_PREPARING_DOWNLOAD


CTM job {A18CC6C5-2A7B-4D84-B4C2-3EB1EC1F22EF} entered phase CCM_DOWNLOADSTATUS_PREPARING_DOWNLOAD


CTM encountered error processing reply from DTS. Code 0x80096004


CTM job {B64D5D76-3846-4415-84F4-503722AF09C8} entered phase CCM_DOWNLOADSTATUS_PREPARING_DOWNLOAD


CTM encountered error processing reply from DTS. Code 0x80096004




In the DataTransferService.log:


​Completed validation of Certificate [Thumbprint F49997EE2BB8A7ABC5A7B9FE929B08B969DD7981] issued to 'xxx' 

Failed to verify if the cert is sccm issued. Error 0x80096004 

Completed validation of Certificate [Thumbprint F49997EE2BB8A7ABC5A7B9FE929B08B969DD7981] issued to 'xxx' 

Begin validation of Certificate [Thumbprint F49997EE2BB8A7ABC5A7B9FE929B08B969DD7981] issued to 'xxx' 

DTS job: '{F3496177-0337-4DDA-9672-473BEFB7BEFD}' AddTransportSecurityOptionsToBITSJob failed: (0x80096004) 

Completed validation of Certificate [Thumbprint F49997EE2BB8A7ABC5A7B9FE929B08B969DD7981] issued to 'xxx' 

Failed to verify if the cert is sccm issued. Error 0x80096004 

DTS job: '{FCAA0817-C92F-46E4-AD39-C1E23B25BCAA}' AddTransportSecurityOptionsToBITSJob failed: (0x80096004) 


 Resolution: 

  1. Connect to the Primary Site Server's Configuration Manager Admin Console and reviewed the properties for the applicable Distribution Point.

    On the Communications Tab, found the self-signed certificate's expiration date had passed.

    Updated the self-signed certificate's expiration date.

  2. On the distribution server, opened CertLM.MSC from and administrator command prompt and reviewed.


    Found SMS Issuing certificate was not in the Personal Store nor the Trusted Root. Exported SMS Issuing Certificate from the site server and imported into Personal Store and the Trusted Root on the problematic Distribution Server.

  3. Reviewed IIS Manager on the Distribution Server:
    Default Website
    SMS_DP_PKG$
    Authentication

    Found Windows Authentication missing

    Opened Server Manager
    In Server Manager, click the Manage menu, and then click Add Roles and Features.
    In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
    On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select Windows Authentication. Click Next.
    On the Select features page, click Next.
    On the Confirm installation selections page, click Install.
    On the Results page, click Close.

    Restarted Distribution Server

  4. Reviewed DataTransferService.log and found successfully completed downloads

SCCM MECM Configuration Manager: Troubleshooting Windows Update Deployments (WSUS) - Clients Not Showing Progress and Clients With Unknown Status

 When reviewing Windows Update Deployments in Configuration Manager Monitoring - Deployments, administrator discovers numerous clients showing unknown status and complaint status is not incrementing.

Troubleshooting

Start by utilizing the built in tools in the Configuration Manager Reporting:

  1. Navigate to Monitoring - Reporting - Reports
  2. Expand "Software Updates - E Troubleshooting"
  3. run the report "Troubleshooting 1 - Scan Errors"
  4. run the report "Troubleshooting 2 - Deployment Errors"
  5. run the report "Troubleshooting 3 - Computers Failing With Specific Scan Error"
  6. run the report "Troubleshooting 3 - Computers Failing With Specific Deployment Error"
  7. Review the reports

Possible Errors Found:

Error Code -2145107934 Hex Error Code 80244022 "Same as HTTP Status 503 - the service is temporarily overloaded"

and 

Error Code -2145107940 Hex Error Code 8024401C "Same as HTTP status 408 - the server timed out waiting for the request"

these errors indicate a possible issue with the WSUS IIS Application Pool.

Resolution:

Review the WSUS IIS Application Pool in II Manager
If it is stopped, this may indicate the service is crashing due to lack of adequate resources and may need to be optimized.

  1. Restart the WSUSPOOL in IIS Manager
  2. Optimize the Service:
  3. IIS Manager > Application Pools > WsusPool > Advanced Settings 
  4. make the following changes to the settings for the WSUSPool:
Queue Length: 2000 (default 1000)
Idle Time-out (minutes): 0 ( default 20)
Ping Enabled: False (default True)
Private Memory Limit (KB): 0 (unlimited) (default 1,843,200 KB)
Regular Time Interval (minutes): 0 (to prevent a recycle) (default 1740)

image source: https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices#disable-recycling-and-configure-memory-limits




SCCM MECM Configuration Manager Clients Not Checking in With Management Point, Server Certificate Retrieved in TLS is Not an Exact Match of the Current MP Encryption Certificate 0x80004005

Issue: 

After migrating to a new management point, many clients were not checking into the management point. When reviewing the Devices under Assets and Compliance, many clients were showing offline even though the were actually online and responded to ping from the server.

Reviewing the logs on the client machines, the CCM Notification log CCMNotificationAgent.log showed:

Server Certificate Retrieved in TLS is Not an Exact Match of the Current MP Encryption Certificate 0x80004005

Reviewing logs on the management point server, the BGB Server Log bgbserver.log  showed:

Expecting More Data From Client

and

Can't Finish Connecting With Client, Which Might Have Already Disconnect System.IO.IOException: Authentication Failed Because the Remote Party Has Closed the Transport System

Reviewing the Configuration Manager Console

Administration - Hierarchy Configuration - Active Directory Forests

Publishing Status showed Authentication Failure

Reviewed properties of Domain Forest and Use Computer Account of Site Server was checked

Resolution:

In Active Directory Users and Computers Click View and check Advanced
Expand System OU
Grant the Site Server's Computer Account Full Permissions on the System Management container


This article was helpful in resolving the issue: http://eskonr.com/2019/12/client-assignment-failed-from-http-to-https-with-error-code-failed-to-verify-message-could-not-retrieve-certificate-from-mpcert/

Moving Microsoft Endpoint Configuration Manager (MECM) (formerly SCCM) to the Cloud

 While there are a couple different methods to move a Configuration Manager Site Server to the cloud, we recommend utilizing the Site Server High Availability approach. This allows the administrator to build a new site server in Passive mode in the cloud (in addition to your existing site server that is in active mode) and then promote it to active to test connectivity. If all connectivity is not functional, the administrator can promote the original site server to active. This approach provides a safe method of continual testing until all connectivity has been validated.

Microsoft provides the following article configuring the Configuration Manager Site Server High Availability : https://docs.microsoft.com/en-us/mem/configmgr/core/servers/deploy/configure/site-server-high-availability

Our experience found a few items missing in the Microsoft article which we will cover in this post.

 Prerequisites for Installing a Passive Primary Site Server

  • .NET Framework installed
  • Remote Differential Compression installed
  • Windows ADK installed
  • SQL Server Native Client installed.
  • Must have its computer account in the local Administrators group on the site server in active mode.
  • Must have its computer account in the local Administrators group on each distribution point.
  • Must install using source files that match the version of the site server in active mode.
  • Can't have a site system role from any site installed on it before you install the site server in passive mode role.
  • The site content library must be on a remote network share. Both site servers need Full Control permissions to the share and its contents. (If the site content library resides on the existing site server, it will have to be moved)

Moving the Site Content Library to a Remote Network Share

Microsoft provides the following article on moving the site content library: https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/the-content-library#bkmk_remote

Create a folder in a network share as the target for the content library. For example, \\server\share\folder. (Don't reuse an existing folder with content. For example, don't use the same folder as your package sources. Because, before copying the content library, Configuration Manager removes any existing content from the location you specify.)

  1. In the Configuration Manager console, navigate to the Administration workspace. Expand Site Configuration, select the Sites node, and select the site. On the Summary tab at the bottom of the details pane, notice a new column for the Content Library.

  2. Select Manage Content Library on the ribbon.

  3. In the Manage Content Library window, the Current Location field shows the local drive and path. Enter a valid network path for the New Location. This path is the location to which the site moves the content library. It must include a folder name that already exists on the share (for example: \\server\share\folder.) 

  4. Select OK.

  5. Monitor the Status value in the Content Library column on the Summary tab of the details pane. It updates to show the site's progress in moving the content library. While In progress, the Move Progress (%) value displays the percentage complete. (Make a cup of coffee! If you have a large content library, you may see 0% progress in the console for a while - a VERY LONG WHILE. For example, with a 1 TB library, it has to copy 10 GB before it shows 1%. Review distmgr.log, which shows the number of files and bytes copied. Starting in version 1810, the log file also shows an estimated time remaining.) If there's an error state, the status displays the error. Common errors include access denied or disk full.

  6. When complete it displays Complete.
NOTE: We recommend enabling 8DOT3NAMES on the server volume where the Site Content Library will reside as some file names combined with fully qualified server name and temporary directory names may exceed the 255 character limit. For more information, see this article: https://knowledge.kofax.com/Capture/Kofax_Capture/Scan/Enable_8dot3_File_Name_Creation

Preparing the Site Database

Both site servers must use the same site database. The database can be remote from each site server or reside on the original site server.

Both site servers need the sysadmin security role on the instance of SQL Server that hosts the site database. The original site server already has these roles. 

Add them for the new site server. 


Microsoft kindly provides the following SQL script adds these roles for the new site server VM2 in the Contoso domain:

SQL


USE [master]
GO
CREATE LOGIN [contoso\vm2$] FROM WINDOWS WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english]
GO
ALTER SERVER ROLE [sysadmin] ADD MEMBER [contoso\vm2$]
GO


Both site servers need access to the site database on the instance of SQL Server. The original site server should already have this access, so add it for the new site server. For example, the following SQL script adds a login to the CM_ABC database for the new site server VM2 in the Contoso domain:

SQL


USE [CM_ABC]
GO
CREATE USER [contoso\vm2$] FOR LOGIN [contoso\vm2$] WITH DEFAULT_SCHEMA=[dbo]
GO

The site server in passive mode is configured to use the same site database as the site server in active mode. The site server in passive mode only reads from the database. It doesn't write to the database until after it's promoted to active mode.

Adding a Site Server in Passive Mode

  1. In the Configuration Manager console, navigate to the Administration workspace, expand Site Configuration, select the Sites node, and select Create Site System Server in the ribbon.

  2. On the General page of the Create Site System Server Wizard, specify the server to host the site server in passive mode. (Note: The server you specify can't host any site system roles before installing a site server in passive mode.)

    The wizard performs the following initial prerequisite checks:
    The selected server isn't a secondary site server
    The selected server isn't already a site server in passive mode
    The site's content library is in a remote location

  3. On the Site Server In Passive Mode page, choose the following option:

    Use the source files at the following network location: Specify the path directly to the contents of the CD.Latest folder from the site server in active mode.
    ( \\Server\SMS_ABC\CD.Latest where "Server" is the name of the site server in active mode, and "ABC" is the site code.)

  4. Complete the wizard. Configuration Manager then installs the site server in passive mode on the specified server.

  5. Both site servers will be displayed on the Nodes tab in the Sites node of the console. All Configuration Manager site server components are in standby on the site server in passive mode. The Windows services are still running.

Configure Windows Firewall on the new Site Server in Passive Mode

Windows Firewall will need to be configured to accommodate traffic to the existing site server and to the distribution points 

Recommendation: Export the windows firewall configuration from the existing site server and importing windows firewall configuration into the new passive primary server

Promote the Site Server in Passive Mode to Active Mode

  1. In the Configuration Manager console, navigate to the Administration workspace, expand Site Configuration, and select the Sites node. 

  2. Select the site, and then switch to the Nodes tab. Select the site server in passive mode, and then select Promote to active in the ribbon. Select Yes to confirm and continue.

  3. Refresh the console node. The Status column for the server you're promoting displays in the Nodes tab as Promoting.

  4. Make a cup of coffee this may take up to an hour or more

  5. After the promotion is complete, the Status column shows OK for both the new site server in active mode, and for the new site server in passive mode. 

  6. In the Configuration Manager console, navigate to the Monitoring workspace, select Distribution Point Configuration Status.

    Monitor each distribution point by clicking the details tab for each. 

    After promoting the new Site Server, each will eventually display:
    "IIS was successfully configured on the distribution point"
    and eventually
    "Distribution Point installation/upgrade successfully completed"

    If errors are displayed for failure to communicate with the distribution point, review Windows Firewall settings on the newly created site server and verify the newly created site server's computer account is in the local Administrators group on each distribution point.

Moving the Site Database

After monitoring all services and remediating any issues raised by promoting the new site server, prepare to move the site database from the old site server to the new site server.


Stop ConfigMgr Services on the New Site Server

  1. Locate preinst.exe in one of the subdirectories under the ConfigMgr installation directory .(for instance: E:\Program Files\Microsoft Configuration Manager\bin\X64\00000409)
  2. From an administrator command prompt: preinst.exe /stopsite
  3. Grab a cup of coffee as this process took approximately one hour to complete.
  4. When Preinst.exe has completed, verify the following services have been stopped:
    AI_UPDATE_SERVICE_POINT
    CONFIGURATION_MANAGER_UPDATE
    SMS_NOTIFICATION_SERVER

    by executing the following PowerShell commands:
    Get-Service -Name AI_UPDATE_SERVICE_POINT
    Get-Service -Name CONFIGURATION_MANAGER_UPDATE
    Get-Service -Name SMS_NOTIFICATION_SERVER

    If any of these services shows running, stop them by executing the following PowerShell commands:
    Stop-Service -Name AI_UPDATE_SERVICE_POINT
    Stop-Service -Name CONFIGURATION_MANAGER_UPDATE
    Stop-Service -Name SMS_NOTIFICATION_SERVER

Backup the Site Server Database on the Old Site Server

  1. On the old site server, open using SQL Server Management Studio, and locate the site server database. (typical naming convention: CM_sitecode) Your mileage may vary. 

  2. Make a full backup of the ConfigMgr database:
    Backup type: FULL
    Destination: DISK (provide a name and provide a file location that can be accessed from both the old and new server)

  3. Once the backup is completed, make note of the database settings by running the following SQL query:
    select name, collation_name, user_access_desc, is_read_only, state_desc, is_trustworthy_on, is_broker_enabled,is_honor_broker_priority_on from sys.databases

  4. Install SQL Server on the New Site Server (it can be the same or newer version as on the old site server)

  5. Run the following query in SQL Server Management Studio to enable CLR Integration:
    sp_configure 'clr enabled', 1
    Reconfigure

Restore the Database Backup on the New Site Server

  1. Copy the SQL backup from old site server to a local drive on the new site server

  2. Restore the backup using SQL Server Management Studio.

  3. Once the backup is restored, review the database configuration by running the following query in SQL Server Management Studio:
    select name, collation_name, user_access_desc, is_read_only, state_desc, is_trustworthy_on, is_broker_enabled,is_honor_broker_priority_on from sys.databases

  4. Several database settings are not restored and the database may not be Online. To resolve this, run the following query in SQL Server Management Studio:
    USE master
    ALTER DATABASE (CM_sitecode) ONLINE
    ALTER DATABASE (CM_sitecode) SET ENABLE_BROKER
    ALTER DATABASE (CM_sitecode) SET TRUSTWORTHY ON
    ALTER DATABASE (CM_sitecode) SET HONOR_BROKER_PRIORITY ON  

Setup ConfigMgr to use the Database on the New Site Server

  1. Verify .Net Framework 3.5 SP1 is installed on your server. (ConfigMgr setup requires .NET Framework!)
  2. Note the SQL Server Logon account on the old site server and set the new site server SQL database login account identically. (NOTE: This process will fail if you leave the logon account set as NTSERVICE\MSSQLSERVER.)

  3. Locate Setup.exe in the cd.latest folder under the ConfigMgr Install Directory (example: E:\Program Files\Microsoft Configuration Manager\cd.latest\smssetup\bin\x64)

  4. Run Setup.exe

  5. On the Available Setup Option page, select the Perform site maintenance or reset this site option, and click Next.

  6.  On the Site Maintenance page, select the Modify SQL Server configuration option, and click Next.

  7. On the Database Information page, type in the NEW Site Server fully qualified name, and click Next.

  8. If the setup fails, review the log (see the convenient button) and review. 

  9. Once setup has completed successfully, reboot both site servers

  10. Once both servers are back online, Monitor Configuration Manager Console to confirm that ConfigMgr has removed the site database role from old site server and the new site server shows the site database role.

Transfer Additional Roles to the New Site Server

Move Reporting Services Role

  1. install and configure reporting service in SQL on new server
  2. remove reporting services role on old server
  3. add reporting services role on new server

Move Asset Intelligence Role

  1. remove role on old server
  2. add role on new server

Move Endpoint Protection Role

  1. remove role on old server
  2. add role on new server

Move Service Connection Point Role

  1. remove role on old server
  2. add role on new server

Move Software Update Point Role

  1. configure WSUS on new server
  2. remove role on old server
  3. add role on new server

Update Preferred Management Point in Boundary Groups if Used

  1. Launch Console
  2. Navigate to the Administration – Site Configuration – Sites node
  3. select Hierarchy Settings from the site server
  4. Verify that "Clients prefer to use management points specified in boundary groups option" is enabled from the General tab. 

If "Clients prefer to use management points specified in boundary groups option" is enabled, update the management point specified in each boundary group:

    1. Navigate to the Administration –Boundary groups
    2. Right click a Boundary group 
    3. Click Properties
    4. Click the References Tab
    5. Replace any existing Management Point server name with the name of the new site server
    6. Repeat for each boundary group

      Note: This change will take up to 24 hours to update the client machines.

      source: https://www.anoopcnair.com/sccm-preferred-management-points-selection/

Move Source Files for Applications, Packages Drivers, Etc

  1. Copy Source_File Share From Old Server to New Server

  2. Update the content source locations for Applications, Packages, Drivers, Etc

    Recommendation: Utilize the ConfigMgr Content Update Source Tool From MSEndpointMgr.com: 
    https://msendpointmgr.com/2017/02/23/configmgr-content-source-update-tool-version-1-0-2-released/ 
    This tool can copy the files and update the content source locations inside of Config Manager

Perform SCCM Configuration Manager Site Reset

  1.  Run Configuration Manager Setup from <SCCM site installation folder>\BIN\X64\setup.exe.

  2. Select Perform Site Maintenance or Reset the Site

  3. Click Next

  4. Select Reset the Site With No Configuration Changes

  5. When prompted "Your Site will be reset with default file and registry permissions. Are you sure? Click YES

  6. Make a cup of coffee as this will take 10-15 minutes while the wizard will perform the following steps: 
    Stopping Configuration Manager services.
    Setting up server accounts.
    Updating directory permissions.
    Upgrading site control information.
    Updating registry.
    Installing site component manager.
    Verifying directory permissions.

  7. Once it displays Core Setup Has Completed, you can review the log file by click View Log or simply click Close

Monitor Content Distribution Until Completion

After changing the source file location for all content, Config Manager will redistribute all content. Depending on the size of the site content, this may take several days. Monitor the content distribution until completed before proceeding to decommission the original site server.

In the Configuration Manager console, navigate to the Monitoring workspace, expand Distribution Status, and select Content Status. 

Decommission Original Site Server

  1. Verify all site server roles have been added to the new site server that were on the old site server.

  2. One by one, remove the roles on the old site server and monitor Config Manager for proper operation (including imaging workstations). After confidence is gained that all is well, remove the original site server.

  3. In the Configuration Manager console, navigate to the Administration workspace, expand Site Configuration, select the Servers and Site System Roles node

  4. Click on the old site server

  5. Right Click on the Site Server Role

  6. Click Remove Role

Remove SMS Provider Role

  1. On the new site server, navigate to  \BIN\X64\setup.exe in the Configuration Manager site installation folder.

  2. run Setup.exe

  3. On the Getting Started page, select Perform site maintenance or reset this site.

  4. On the Site Maintenance page, select Modify SMS provider configuration.

  5. On the Manage SMS providers page, select the option Uninstall the specified SMS provider

  6. Select the name of the computer from which you want to remove the SMS provider.

Remove Component Server Role

Once all site system roles have been removed, the Component server role will automatically be removed after all other site system roles are removed. There will be a delay until a scheduled cleanup task is run. 

You can expedite the removal by restarting the Windows service SMS_SITE_COMPONENT_MANAGER on the primary site server.


Remove Old Site Server

Once the Component Server Role is gone from the old site server's roles, the old site server can be deleted.
  1. Right click the old Site Server

  2. Click Delete

Move Content Library to New Site Server (if desired)

In preparing for this migration, we moved the moved the Content Library to a network share (not on either of the site servers) as was required to create a passive site server. If desired, now move the Content Library to the new site server

Microsoft provides the following article on moving the site content library: https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/the-content-library#bkmk_remote

  1. In the Configuration Manager console, navigate to the Administration workspace. Expand Site Configuration, select the Sites node, and select the site. On the Summary tab at the bottom of the details pane, notice a new column for the Content Library.

  2. Select Manage Content Library on the ribbon.

  3. In the Manage Content Library window, the Current Location field shows the local drive and path. Enter a valid network path for the New Location. This path is the location to which the site moves the content library. It must include a folder name that already exists on the share (for example: \\server\share\folder.) 

  4. Select OK.

  5. Monitor the Status value in the Content Library column on the Summary tab of the details pane. It updates to show the site's progress in moving the content library. While In progress, the Move Progress (%) value displays the percentage complete. (Make a cup of coffee! If you have a large content library, you may see 0% progress in the console for a while - a VERY LONG WHILE. For example, with a 1 TB library, it has to copy 10 GB before it shows 1%. Review distmgr.log, which shows the number of files and bytes copied. Starting in version 1810, the log file also shows an estimated time remaining.) If there's an error state, the status displays the error. Common errors include access denied or disk full.

  6. When complete it displays Complete.
NOTE: We recommend enabling 8DOT3NAMES on the server volume where the Site Content Library will reside as some file names combined with fully qualified server name and temporary directory names may exceed the 255 character limit. For more information, see this article: https://knowledge.kofax.com/Capture/Kofax_Capture/Scan/Enable_8dot3_File_Name_Creation

FOLLOW UP NOTES:


If after completing this process, clients are not reporting into the new management point, review Active Directory for old Management Point records:

  1. open Active Directory Users and Computers
  2. click View
  3. select Advanced Features
  4. expand the group SYSTEM
  5. expand the group SYSTEM MANAGEMENT
  6. delete any records for the old management point(s)
  7. Grant the computer account for the new site server Full access to the System Management container

Create a New Root CA Certificate and Import it Into Configuration Manager

  1. Create a New Root CA certificate on the new site server
  2. Export the new Root CA certificate to a drive\folder accessible for browsing
  3. In the Configuration Manager console, navigate to the Administration workspace, expand Site Configuration, and select the Sites node. 
  4. Click Properties
  5. Click Communication Security tab
  6. Click the Set button
  7. Click the New Sunburst icon
  8. Browse to the new cert
  9. Click Add
  10. Click OK
  11. Delete any old Certs shown in the pane


Task Sequence Deploy Button is Grayed Out Microsoft System Center Configuration Manager / Microsoft Endpoint Configuration Manager

Issue:

If the deploy button is grayed out for an imaging task sequence, it may be because you have not yet created a valid client package.

Resolution:

Package the current client upgrade:

Navigate to: “Software Library” > “Application Management” > “Packages”

Right click the packages node > select “Create package from definition”

Right Click the “Configuration Manager Client Upgrade” package > Select “Distribute Content”

distribute the content to all distribution servers

Update the Imaging Task Sequence:

Navigate to: “Software Library” > “Operating System Deployment” > Right click the imaging task sequence > Edit

Update the “Setup Windows and Configuration manager” step with the new Client Package created above.

The “Deploy” option should now be available

Windows Deployment Server (WDS) / Microsoft System Center Configuration Manager / Microsoft Endpoint Configuration Manager/ Error 0x102 When PXE Booting

Issue:

When PXE booting after an upgrade to Configuration Manager, PXE timed out with error 0x102.

reviewing the smspxe.log revealed "no advertisements found"

reviewed imaging task sequence and boot.wim boot image

found task sequence had not been associated with new boot image

Resolution:

Open Config Manager Console

Software Library

Operating Systems

Task Sequences

right click the task sequence - properties - advanced tab, ticked "Use a boot image" then browse to the boot image.

redeploy the task sequence to all workstations and unknown computers.


 

How To Trigger an Update to Microsoft Office O365 From The Command Line

O365 Update:

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe" /update user

Silent:

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe" /update user displaylevel=false forceappshutdown=true

Update a List of Machines Using PSTOOLS:


psexec @computers.txt -d -n 3 cmd /c “C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe” /update user updatepromptuser=false forceappshutdown=true displaylevel=false

text file named computers.txt contains a list of computer names to update
(with 3 seconds timeout)


Source credits: