Serge Chegorian's System Center Blog

Serge Chegorian's System Center Blog

Posts by author Serge Chegorian

[SCCM]: Limitation of use of the Orchestration groups

October 15th, 2020

Starting SCCM build 2002 Microsoft have introduced a new feature called Orchestration groups. You can find information about Orchestration groups here: https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/orchestration-groups.

The principal of Orchestration groups work is: you arrange several machines in a cluster, set an order and during the maintenance window SCCM deploys software updates in a pre-set order. There is also a possibility to run pre- and post-execution PowerShell script on each member.

However what Microsoft have overlooked is that if you are using Windows Defender as your primary Antivirus solution and distribute updates using ADR, Orchestration group would also consider Windows Defender updates as Windows Updates and because Windows Defender updates ADR is set to override the maintenance window, the next Windows Defender update will trigger Orchestration group in the following fashion:

  1. Windows Defender update triggers Orchestration group on Node 1 or Set 1.
  2. Orchestration group executes pre-deployment script on Node 1 or Set 1.
  3. Windows Defender update is deployed.
  4. There is no maintenance window so security updates are not deployed.
  5. Orchestration group timeout has expired and the group goes to ‘Failed’ state.

This issue is repeatable and was reported to Microsoft.

[PS]: Running parallel processes in PowerShell

October 15th, 2020

Many of you were in the situation when you have to run the same routine against multiple end points. If you run them in sequence, the process might take very long time depending on the routine complexity and the network performance. The wiser solution is to run all routines in parallel and than to collate data. The following cmdlets will help you:

Start-Job
Get-Job
Receive-Job
Remove-Job

So what each of them does?

Start-Job -ScriptBlock $scriptBlock -ArgumentList($ArgumentList)

Start-Job has two main parameters: ScriptBlock and ArgumentList. ScriptBlock is the main piece of code of your routine. This is what will be executed independently using ArgumentList as a parameter.

Get-Job gets the list of active jobs created by Start-Job and their status which could be ‘running’, ‘completed’ or ‘failed’.

Receive-Job uses Job ID as a parameter and gets all output from the $job created by Start-Job. This is important because Receive-Job simply returns the content of $job buffer. Whatever you put there using Write-Host, return or any other function will be returned as unindexed block of data.

Remove-Job uses $job handler or $job ID as a parameter and deletes the job. Remember that the job is not deleted automatically once it is completed and job results are sitting in the buffer until the job is deleted by Remove-Job cmdlet.

So the structure of your script should be as follows:

#Script Block
$scriptBlock = {
param ($MyParam)
function MyFunction
{
            return $Return
}
            MyFunction -MyParam $MyParam
}
#Starting jobs with variable parameter
for ($k=0;$k -lt $Something; $k++){
$job = Start-Job -ScriptBlock $scriptBlock -ArgumentList(MyParam)
}
# Checking jobs status. If at least one is running waiting for 10 seconds and checking again
While (Get-Job -State "Running") { 
$iScriptItterations++
$iRunning=0
$iCompleted=0
$iFailed=0
foreach($job in Get-Job) {
if ([string]$job.JobStateInfo -eq "Completed") {$iCompleted++}
if ([string]$job.JobStateInfo -eq "Running") {$iRunning++}
if ([string]$job.JobStateInfo -eq "Failed") {$iFailed++}
}
Write-Host "Total jobs: $iTotalJobs, $iRunning jobs are running... Completed:
$iCompleted, failed: $iFailed"
Start-Sleep 10 
}
#All jobs have fiinished. Adding job results to the array and deleting the job
$AllJobResults= @()
foreach($job in Get-Job){
$AllJobResults += Receive-Job -Job $job 
Remove-Job -Job $job 
}

One more bit. As I have mentioned Receive-Job returns unindexed results. What I have found practical is to return data in a form of generic PowerShell object. This will allow you later to sort your data and display them in a form of the table:

$objReturn = New-Object -Type PSObject -Property @{
  'DataFiled1' = $Data1
  'DataFiled2' = $Data2
  ...
  'DataFiledN' = $DataN
}
$AllJobResults | Sort-Object -Property Data1,Data2 |Format-Table -property Data1,Data2,DataN

[SCCM]: Possible SCCM console issue after SCCM CB Uplift

January 24th, 2020

During the scheduled SCCM CB uplift we have observed the following issue: after the uplift SCCM Administration console started to crash on very specific property pages, i.e. Windows Updates client settings or scheduling regular OS image file servicing. Before the crash the console was giving us .NET errors saying that specific properties of WMI objects were not found.

The specifics of our environment is that we have SMS Provider installed on two redundant Management Point role servers and no SMS provider on the site server. Turns out that during the uplift SCCM does not update the smsprov.mof file on standalone SMS Providers.

The workaround is as follows:

  1. Verify whether or not <SCCM install dir>\bin\x64\smsprov.mof file is the same on the primary site server and on every standalone SMS provider server
  2. If and most likely not, replace smsprov.mof file on standalone SMS provider servers with the newer smsprov.mof found on the Primary Site Server.
  3. Compile smsprov.mof on each SMS Provider server with the command mofcomp smsprov.mof.

[SCCM] SCCM upgrade to 1906 – very important client consideration

August 21st, 2019

When you are planning for SCCM uplift to the build 1906 you must note that starting version 1906 SCCM client requires SHA-2 code signing support. What does that mean for you? It means that if your managed environment still have Windows 6.x OS systems (Windows 7, Windows 2008 and Windows 2008 R2), these systems require SHA-2 code signing support enabled. But do you really need to raise a change request and update legacy systems which are sooner or later will be decommissioned? There is another option. As you know SCCM client has ‘forward’ compatibility with newer infrastructure. That means that even older clients will work with SCCM 1906 but with the limited functionality. Microsoft call that feature ‘Extended Interoperability’ (EI). The following clients are recommended EI clients:

  • 1902 (5.00.8790)
  • 1802 (5.00.8634)
  • 1606 (5.00.8412)

I have selected the version 1902 as EI client for my environment which still contains a number of Windows 2008 R2 systems. To get my EI client in SCCM console I have selected both 1902 and 1906 updates for download. I need 1902 only as a source of EIC. The client binaries can be found in EasySetupPayload\<Configuration Manager 1902 Package GUID>\SMSSETUP\CLIENT. You have to copy all these files to the separate location because after the uplift to version 1906 this location will disappear. Then you have to create a collection for all your Windows 6.x OS systems and exclude this collection from the upgrade: exclude-client Now you have to upgrade the SCCM client on Windows 6.x systems by any mean. The client ver. 1902 will be capable to perform the main functionalities: software deployments, software updates and hardware inventory. The question is: would you be able to deploy the EI Client using SCCM. The answer is: yes! Package your EI client. Add a one-line cmd file to your package:

CCMSETUP.EXE /noservice /IgnoreSkipUpgrade /skipprereq:silverlight.exe SMSSITECODE=<site code> /source:%~dp0

Keep in mind that all your legacy systems must be in excluded from the automated client upgrade. /IgnoreSkipUpgrade switch will override this setting. Another important thing to know is that if the client version is older than the infrastructure version, ccmsetup exit code will be 7 instead of 0. However I have noticed that you don’t have to capture this exit code because your SCCM Client will be shut down and reinstalled. Application deployment cycle will detect the presence of the upgraded client during the next poll.

[SCCM]: Multiple applications are in ‘Waiting to install…’ state

May 8th, 2019

One of the most annoying problems on the SCCM client is when several applications stuck in ‘Waiting for install…’ state for days. Sometimes the reason for that is that one application is not distributed to the Distribution Point and for some reasons in SCCM build 1710 and older it blocks entire queue and does not allow other applications to install even though they are downloaded.

Here are 3 simple steps which would allow to identify the problem.

1. Identify that at least one application cannot be downloaded. For that go to SCCM client cache folder. There should be outdated  .BDRTEMP folder:

image1

2. Go to ContentTransferManager.log Look for the suspended job. Trace the log to find the corresponding ContentID

image5

3. GoTo AppDiscovery.log and identify the application name by ContentID

image3

Check if that application was correctly distributed.

[EUC]: Adding new input languages in Windows 10

January 2nd, 2019

Starting Windows 10 Build 1803 adding a new input language to Windows 10 is not an easy task. Adding it via settings may cause two issues: adding an additional en-US language, which is most likely not required in Australia, and arbitrary changing the application interface to the wrong language.

This PowerShell scripts adds new languages correctly without affecting the rest of OS (in my case I need 3 languages for my day to day business, English (AU), German and Russian).

Note that this code will remove all previous language settings.

$1=New-WinUserLanguageList en-AU
$1.Add("de-DE")
$1.Add("ru-RU")
Set-WinUserLanguageList $1

 

[MSI]: Giving up on adding redundancy to the home PC hard drive

December 31st, 2018

After several weeks of hard work I have finally given up on building RAID1 array on my new home PC.

Previously I had a fairly old but still good PC built on MSI X58 chipset and i7 CPU. The motherboard had an inbuilt RAID controller so I have built RAID1 and forgotten about it completely. As with any normal old-school RAID1 I was able to swap HDD’s, replace them and even clone them by building the mirror, breaking it and replacing the drive.

Everything has changed when I have built a new gaming machine based on MSI B350 motherboard. This motherboard comes with onboard RAID too, however this RAID uses some closed proprietary standard and the “raided” disk attached to another system looks like a disk with a single partition and zero volumes. It is absolutely unreadable unless you connect it back to MSI RAID. There is no “break mirror” option either. More to that, when I had a faulty SATA cable and one disk became defunct, after restoring the functionality MSI RAID was unable to rebuild the mirror. I spent 3 weeks communicating with MSI support and their verdict was: make a full backup, clean up the RAID, rebuild it, rebuild and restore your machine. Thank you very much, MSI, but where is my data protection?

I went with software driven RAID then and used this workaround provided by Microsoft. This workaround works, however after each reboot Microsoft Mirror set fails and needs to be resynchronised. Turns out this is a known problem(!!!), which persists since Windows 2008 Server era and is still not fixed in Server 2019 or Windows 10.

Verdict: there is no way to provide data protection to home PC using software RAID. Modern MSI RAID should not be used either because it is a big problem, not a solution. Maybe RAIDs from other vendors are better. Keep your system simple and rely only on regular full backups to the second drive or external media.

[EUC]: It is time to move to UEFI boot

January 4th, 2018

If you are rolling out Windows 10 using SCCM infrastructure you may experience the following problems:

1. Newly build Operating System prompts for BitLocker key without changes to BIOS or hardware.

2. If you PXE boot using Legacy BIOS and then change BIOS settings to UEFI secure boot using vendor’s utility after reboot your system won’t be able to find any booting device.

The root cause of this issue is that starting Kapy Lake build (Intel 7th generation processor) CPU platform no longer support TPM 2.0/MBR boot combination.

The workaround is to change PXE boot to UEFI and set system BIOS to UEFI secure boot. Note that the factory settings are already UEFI secure boot.

This issue was observed on the latest models made by Dell and HP.

[SCCM]: SCCM Update stucks in ‘Downloading…’ state

December 5th, 2017

Sometimes when you try to download a new SCCM update in Updates and Servicing node it may stuck indefinitely in “Downloading” state. When you check dmpdownloader.log you may see the following error:

ERROR: Failed to download redist for 0f11caa4-7f7f-454b-96d6-75f427d015ce with command /RedistUrl http://go.microsoft.com/fwlink/?LinkID=857597 /LnManifestUrl http://go.microsoft.com/fwlink/?LinkID=854716 /RedistVersion 201706 /ProxyUri http://companyproxy:81/ /ProxyUserName CONTOSO\SCCM_Admin /ProxyUserPassword 3082018F06092A864886F70D010703A08201803082017C020102318201303082012C0201028014A8 /NoUI  “\\SCCM01.contoso.com\EasySetupPayload\0f11caa4-7f7f-454b-96d6-75f427d015ce\redist”

This error is not very descriptive however it indicates the problem with SCCM prerequisites download. Additionally when you go to Program Files\Microsoft Configuration Manager\EasySetupPayload folder you would see both 0f11caa4-7f7f-454b-96d6-75f427d015ce folder and 0f11caa4-7f7f-454b-96d6-75f427d015ce.cab file. The code may be different depending on the upgrade.

The root cause of this issue is your firewall or proxy or something else which blocks specific files from downloading assuming this is a security threat. The workaround is:

Go to 0f11caa4-7f7f-454b-96d6-75f427d015ce\SMSSETUP\BIN\X64 ad copy SetupDL.exe to the computer with has unprotected access to Internet. Run SetupDL.exe <Destination folder>. Once download is completed, copy all files and folders structure to 0f11caa4-7f7f-454b-96d6-75f427d015ce\redist folder and run updates check or (better) restart SMS_EXECUTIVE service. SCCM will detect your files and 0f11caa4-7f7f-454b-96d6-75f427d015ce.cab file should disappear.

If you do not have “clean Internet” running SetupDL.exe output would at least give you an indication what file cannot be downloaded. In that case download ConfigMgr.Manifest.cab and ConfigMgr.LN.Manifest.cab using links from the error message above (/RedistUrl http://go.microsoft.com/fwlink/?LinkID=857597 and  /LnManifestUrl http://go.microsoft.com/fwlink/?LinkID=854716), unpack both cab files, open .xml manifest files in Notepad and download every missing prerequisite file individually using HTTP links from the manifest files.

[SCCM]: SCCM Upgrade Path from Branch 1602 to Branch 1706 or above

December 5th, 2017

Just a quick note. You may miss several SCCM branches and are still on version 1602 or 1606 of SCCM. Despite stated by Microsoft direct upgrade from Branch 1602 to 1706 is not possible. The maximum version you can upgrade from Branch 1602 is 1702 (even though you can see versions 1706 and above in the manifest file). So the actual upgrade would be three steps process: from 1602 to 1702, download 1706 and from 1702 to 1706. Same applies to the branch 1606.

Keep this in mind when planning for SCCM upgrade.

SCCM 2012 R2: Setup is unable to connect to SQL Server

May 28th, 2017

This error can be very painful specifically when you’ve already checked everything:

  1. The SQL Server and instance names are entered correctly
  2. The specified SQL Server instance is not configured to use dynamic ports
  3. If a firewall is enabled on the SQL Server, inbound rules exist to allow connections to the correct ports
  4. The account used to run Setup has permissions to connect to the specified SQL server instance
  5. TCP and named pipes are enabled
  6. ODBC test succeeds.

There is one more trick. Run SQL Server Client Networking Utility (cliconfg.exe), go to Aliases tab, delete all aliases for your database name, try to connect again.

[SCCM]: How to fix SQL collation on your SCCM dedicated SQL cluster

May 17th, 2017

Sometimes in a corporate enviroment someone esle might set up SQL cluster for your SCCM and overlook the collation setting wich must be SQL_Latin1_General_CP1_CI_AS for SCCM. This is a workaround for this case assuming there is currently no database on your SQL instance.

  1. Check server General settings and Master database General settings and confirm that collaction is wrong
  2. Go to the active cluster node
  3. Bring down SQL Server resource (Server and Agent only)
  4. Start cmd.exe as Administrator
  5. Go to SQL binn folder (you’ll find it from the SQL service start string)
  6. Run command: 
    sqlservr -m -T4022 -T3659 -s"<instance name>" -q"SQL_Latin1_General_CP1_CI_AS"

There will be a bunch of information messages and it should run for 2-8 minutes. After that it will display notification that it has successfully finished but it won’t exit the application. Wait for another minute, close cmd window, bring the resource up and check collation on the server and Master database.

[SCCM 2012 R2]: multiple SMS__SMS_SQL_SERVERXXX folders are created on remote SCCM SQL

April 27th, 2017

Sometimes when you have a dedicated SCCM Database server or SQL cluster you may notice that SMS_<FQDN>_SMS_SQL_SERVERXXX folder is created on the C: drive of the SQL server or a cluster every 3 minutes where FQDN is the name of your SCCM site server. This happens because SCCM Site Component Manager is not flagged that SMS_SITE_SQL_BACKUP_<FQDN> service is installed so SMS_SERVER_BOOTSTRAP_<FQDN>_SMS_SQL_SERVER creates setup folder for SMS_SITE_BACKUP… over and over again

Solution

Go to the site server SMS_<Site Code>\inboxes\certmgr.box and check for out-dated CMN files. Delete them.

[SCCM 2012 R2]: Troubleshooting database replications and service broker issue

December 24th, 2016

Last week I dealt with a very interesting and unusual SCCM failure. It has started with a link failure error between CAS and one of the primary sites. When I ran Replication Link Analyser the first error message was “SQL Server Broker login is missing for sites: <my primary site code>”. After that RLA informed me that the login is recreated but in fact it was not and the issue was still there. I was also unable to find any information on how to recreate SQL Server Broker or at least what it is.

After more rigorous search I have found the following SQL command which shows you SQL replication status in real time.

Use CM_CAS; Select * from sys.transmission_queue

The content of that table should change dynamically. In my case there was a bunch of stalled messages with ConfigMgr_Site<My Primary Site Code (PSC)> in to_service_name column and “Connection attempt failed with error: 10060” in transmission_status column. That gave me clear indication that the Service Broker transmission is broken between my CAS and PSS.

Note: when the transmission is resumed SQL should clear up stuck messages however sometimes you might need to clear them up yourself using update sys.transmission_queue Also please note that any intervention to the SCCM database is not supported by Microsoft.

After several telnet tests I have figured out that Service Broker is not responding or listening on PSS server database.

In our environment all SQL servers are shared hosts so all Service Brokers are using private ports. To identify the port used by Service Broker run the following SQL script on your SQL instance

Use CM_CAS select port from tcp_endpoints where type_desc like ‘%SERVICE_BROKER%’

Note that there could be only one Service Broker endpoint per database.

I have executed the query above and the result was nil. That gave me an understanding that somehow my Service Broker was deleted on the database.

At that stage I was about to give up. There is a script which creates Service Broker endpoint but I know that SCCM secures all internal communications with certificates had no idea which certificate to use. I’ve been thinking to either call Microsoft or reinstall the site (including several role servers) but fortunately I have found the required script on Internet.

CREATE ENDPOINT [ConfigMgrEndpoint]
STATE=STARTED
AS TCP (LISTENER_PORT = <my port>, LISTENER_IP = ALL)
FOR SERVICE_BROKER (MESSAGE_FORWARDING = ENABLED
,
MESSAGE_FORWARD_SIZE = 5
, AUTHENTICATION = CERTIFICATE
[ConfigMgrEndpointCert]
, ENCRYPTION = REQUIRED ALGORITHM AES)
GO

All good but how would I know what private port was used by my missing Service Broker? In SQL Management Studio go to CM_CAS\Service Broker\Routes\ConfigMgrDRSSiteRoute_<your PSC>, click on properties and in properties check for Address which would look like TCP://<your PSS FQDN>:<port>.

Once I’ve executed the SQL script above my telnet test has succeeded. I ran RLA again and it gave me “SQL Server Broker login is missing for sites: <my primary site code>” error again but this time it’s succeeded in fixing this issue and this error has not re-appear again.

I thought now it’s just a matter of time but in several hours I still saw no activity in rcmctrl.log. However all error messages from sys.transmission_queue have gone.

So I had another look at the link status, specifically at Initialization Detail tab. It is very important to look at it from both sides, i.e. both CAS and PSS. On PSS side I’ve noticed that one replication group has stuck at 1% replicating up to CAS.

There is a way to reset replication group. You have to create <replication group name>.pub file and place it to the rcm.box inbox. This file should disappear in 5-10 seconds. If it does not disappear at all it clearly indicates that the issue is on another end. Delete it and try from another side.

Once I’ve dropped the PUB file to the rcm.box it has pulled the plug. I have started to see replication activity in rcmctrl.log and file exchange in rcm.box. The issue has gone in hour and a half.

Several important things to remember when you have SCCM 2012 replication issue:

  • Start your troubleshooting with RLA.
  • If the primary site sits in link failure state for substantial amount of time SCCM puts the primary site in read only mode and the link in the maintenance state
  • If the issue is not fixed SCCM will also put CAS database in maintenance mode, consequently the rest of links will fail.
  • Check sys.transmission_queue for stuck transactions. The content of this table must rapidly change.
  • Check rcmctrl.log for any activity.
  • Identify your Service Broker ports and run telnet connectivity tests.
  • Check CM_<site code>\Service Broker\Queues if any queue is down.
  • The easiest way to reset replication group replication is to drop <replication group name>.pub file to the rcm.box inbox. Note that the PUB file name should be <replication group name>.pub on PSS, on CAS it should be <replication group name>-<primary site code>.pub. The file should disappear in 5-10 seconds. If it does not, the issue is on another end. Delete the file and try on another end.

[SCCM 2012 R2]: SUP becomes out of synch

October 7th, 2016

Sometimes SMS_WSUS_SYNC_MANAGER may report error Message ID 6703:

WSUS Synchronization failed. Message: timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.

At the same time the rest of infrastructure is healthy. According to wsyncmgr.log an attempt to synchronize only lasts for 1-2 minutes. SUP reinstall does not help.

Go to WSUS manager\Options\Update Source and Proxy server. You may see the notification:

Cannot save the configuration because the server is still processing a previous configuration change.

This is a culprit! In order to get rid of it you may uninstall SUP, reinstall WSUS (including database) and install SUP. There is an easier way to fix it.

Start SQL Server Management Studio, connect to WSUS database and execute the query:

UPDATE tbSingletonData
SET ResetStateMachineNeeded = 0

Restart Windows Update service. Check to confirm that the warning has gone. The next scheduled synchronization should be successful.

State Message Storm in SCCM 2012

December 9th, 2015

Sometimes (in my case after SCCM 2012 upgrade to R2) you may see a high number of error messages (ID 6105) produced by SMS_STATE_SYSTEM with the following description:

SMS State System message file processing processed one or more files that contained errors or invalid data. Review the statesys.log file for further details.

The STATESYS.LOG File shows the following:

SQL MESSAGE: spProcessStateReport – Error: The key for machine <AGENTNAME> (GUID:EE344EFE-A80C-483E-BAFB-E3XXXXXXXXXX) did not match the one in the database.

That means that the client system has changed SMS GUID but this change has not been reflected in SCCM DB. You have to manually reset the agent SMS GUID to fix the problem.

If you are dealing with thousand messages and hundreds of clients you can script up this operation as I did.

To get the names for affected clients you have to go to <SCCM Installation Folder>\Inboxes\auth\statesys.box\corrupt and copy all SMX files to the temporary location. Each SMS file is in fact a XML document. In order to extract system name from it I use this PowerShell script:

get-childitem *.smx | % {[xml]$statfile = get-content $_.Name

Out-File -filepath “list-of-computers.txt” -InputObject $statfile.Report.ReportHeader.Identification.Machine.NetBiosName -append

}

This script may produce several errors which could be ignored.

The list will contain a lot of duplicates. I get rid of them using Excel filter.

Once you have your list you may proceed with SMS GUID reset. To reset SCCM client SMS GUID you have to simply delete SMSCFG.INI file from %windir% and restart SMS Agent Host service. I use this script to reset SMS GUID on multiple servers:

$FullServerList = Get-Content “list-of-computers.txt”

foreach ($servername in $FullServerList ) {
If (Test-Connection -computername $servername -quiet) {
$RemoteFile = “\\”+$servername+”\Admin$\SMSCFG.INI”
If (Test-Path $RemoteFile) {
Remove-Item $RemoteFile
Write-Host “Deleting” $RemoteFile
(gwmi Win32_Service -filter “name=’ccmexec’” -computername $ServerName).StopService()
(gwmi Win32_Service -filter “name=’ccmexec’” -computername $ServerName).StopService()
} Else {Write-Host “Cannot connect to” $RemoteFile
}
} Else {Write-Host $ServerName “cannot be contacted”}
}

SCCM Keeps Processing Package

December 4th, 2015

Sometimes you may see several hundred thousand informational messages produced by the child site distribution manager. The messages look like this:

SMS Distribution Manager successfully processed package “Java 7 Update 91” (package ID = CAS000D3).
SMS Distribution Manager is beginning to process package “Java 7 Update 91” (package ID = CAS000D3).
SMS Distribution Manager successfully processed package “Java 7 Update 91” (package ID = CAS000D3).
SMS Distribution Manager is beginning to process package “Java 7 Update 91” (package ID = CAS000D3).
SMS Distribution Manager successfully processed package “Java 7 Update 91” (package ID = CAS000D3).
SMS Distribution Manager is beginning to process package “Java 7 Update 91” (package ID = CAS000D3).

This package looping may affect both existing and non-existing packages.

Workaround:

On the affected server go to inboxes\distrmgr.box folder.

Select and delete CAS000D3.PKG and CAS000D3.PKN files

Connect to CAS DB and run the following query:

SELECT * FROM PkgServers where NALPath like ‘%<affected server name>%’ and PkgID = ‘CAS000D3′

If this query returns any result redistribute CAS000D3 package.

 

SCOM 2012: Database dropdown menu is blank when installing a new management server

October 16th, 2015

When installing and specifically reinstating a new management server, setup program is able to establish connection to the operational database server but the dropdown menu is blank (not disabled or greyed out).

Most likely this is because your server already exists in SCOM database.

If the server is former MS delete it from the SCOM console and start the installation process from the beginning.

SCCM: How to delete all packages from the DP scheduled for decommissioning

September 4th, 2015

Prior to the decommissioning of the Distribution Point it is recommended to delete all packages assigned to this DP. If you do not do that the ‘orphaned’ packages may sometimes appear on your software distribution reports producing unnecessary noise.

This simple PowerShell one liner removes all packages from the selected DP. Note that this script does not physically remove the package from DP, it simply deletes the relevant record in the database.

Let’s assume CEN is your Central or standalone SCCM site. This is the script:

gwmi -Namespace root\sms\Site_CEN -query "select * from SMS_DistributionPoint where ServerNALPath like '%MYDP001%'" | % ($_.Delete())

Sometimes this script may give you an error. This may happen because CEN is your central site and the package is published on one of the primary sites. To identify package’s source site simply modify the script:

gwmi -Namespace root\sms\Site_CEN -query "select * from SMS_DistributionPoint where ServerNALPath like '%MYDP001%'" | % ($_.SourceSite)

And then change CEN site code in the namespace root\sms\Site_CEN to the site code you have found.

SCCM 2012 Collection Evaluation: Maximum recursion 100 has been exhausted

August 11th, 2015

Sometimes you may see the following error message in SCCM colleval.log file:

Maximum recursion 100 has been exhausted

This typically happens if for one of the collections the collection’s Limit to collection parameter is set to itself. Also if this has happened you might not be able to manage, update or delete the collection in trouble.

In order to fix it you have to go the site database via SQL Management Studio and execute the following command:

UPDATE Collections_G SET LimitToCollection =’XYZ00001′ WHERE SiteID=’XYZ00056′

where XYZ00056 is your collection in trouble and XYZ00001 is any valid collection.

Serge Chegorian's System Center Blog

Serge Chegorian's System Center Blog