Quantcast
Channel: ConfigMgr, Tips and Tricks
Viewing all 60 articles
Browse latest View live

Invalid namespace (Error: 8004100E; Source: WMI)

February 6, 2014, 10:10 am
$
0
0
SCCM TS Deployment of BitLocker failed with this error in local machine smsts.log file:

Invalid namespace (Error: 8004100E; Source: WMI)

Also SCCM Deployment log shows this error:

The task sequence execution engine failed executing the action (BitLocker ) in the group () with the error code 2147749902
Action output: ==============================[ OSDBitLocker.exe ]==============================
Command line: "OSDBitLocker.exe" /enable /wait:True /mode:TPM /pwd:AD
Failed to open namespace 'root\CIMv2\Security\MicrosoftVolumeEncryption' (0x8004100E)



To resolve this issue WMI repository should be recreated and BitLocker SCCM TS will start with encryption on C: drive.

For WMI repository recreation you can use SCCM Client Center tool:

http://sourceforge.net/projects/smsclictr/


Search

SetBIOSSetting: Dependency Condition is not met returnCode="32769"

February 21, 2014, 11:46 am
$
0
0
This error happened on HP 6565b:


<BIOSCONFIG Version="2.60.13.1" Computername="Win7-comp1" Date="2014/02/21" Time="10:53:06" UTC="-5">
<SETTING changeStatus="fail" name="Embedded Security Activation Policy" reason="SetBIOSSetting: Dependency Condition is not met" returnCode="32769">
    <OLDVALUE><![CDATA[F1 to Boot]]>
    <NEWVALUE><![CDATA[No prompts]]></SETTING>
<SETTING changeStatus="fail" name="Activate Embedded Security On Next Boot" reason="SetBIOSSetting: Dependency Condition is not met" returnCode="32769">
    <OLDVALUE><![CDATA[Disable]]>    <NEWVALUE><![CDATA[Enable]]></SETTING>
<ERROR msg="Failed to set BIOS config" />
<Warning msg="BCU return value" real="16" translated="16" />
</BIOSCONFIG>

This issue was detected using Biosconfig.exe utility to modify BIOS Value and to activate TPM  on the specified model.

Possible cause: The right BIOS password was not used to access and modify BIOS Values.
Verifying...

Solution:

BIOS password needs to be set.
This can be done by adding the two commands: 
 
biosconfigutility.exe /nspwd:xxxxx 
biosconfigutility.exe /cspwd:xxxxx /setconfig:test.txt

BitLocker Pre-Provisioning: The operating system reported error 255: The extended attributes are inconsistent.

March 24, 2014, 12:13 pm
$
0
0
 The operating system reported error 255: The extended attributes are inconsistent. - error message appears in SCCM 2012 log during BitLocker Preprovisiong to Windows 7 machine.




Here is the explanation from MS for BitLocker Pre-Provisioning:

The Pre-provision BitLocker task sequence step in Microsoft System Center 2012 Configuration Manager allows you to enable BitLocker from the Windows Preinstallation Environment (Windows PE) prior to operating system deployment. Only the used drive space is encrypted, and therefore, encryption times are much faster. This is done with a randomly generated clear protector applied to the formatted volume and encrypting the volume prior to running the Windows setup process. The ability to pre-provision BitLocker was introduced with Windows 8 and Windows Server 2012. However, you can pre-provision BitLocker on a hard drive and install Windows 7 as long as you follow specific steps. After Windows 7 Setup completes, you must set a BitLocker key protector because the Windows 7 BitLocker control panel does not support BitLocker with a clear protector. You must add a key protector by using the Enable BitLocker step or by using the manage-bde.exe command-line tool.
________________________________________________________________________________
The scenario is to have C: and D: partitions on Windows 7 machine and both partitions to be BitLocker encrypted.
BitLocker Pre-Provisioning TS embeded components for C: and D: are applied in WinPE, before Image applying. That means both drives are pre-provisioned, only the used drive space is encrypted.
To the end of TS, regular BitLocker TS embeded components for C: and D: are applied in Windows mode and Recovery passwords are updated to the computer object in AD.  



Checking the SCCM Logs show this specified error:  The operating system reported error 255: The extended attributes are inconsistent for C: partition (on the first picture in this article)

Encryption of D: is without an error message. (the picture below:)



In order to avoid this specified error, Pre-Provisioning of D: should be removed and only C: drive should be Pre-Provisioned. D: drive should be encrypted using regular BitLocker TS embeded component.



The error  The operating system reported error 255: The extended attributes are inconsistent. appear because during D: partition BitLocker Pre-Provisioning, TPM is again reinitialized and proper attributes are created. Now, when the regular BitLocker TS embeded component for C: to the end of TS should close Pre-Provisioning encryption, it finds attributes related to D: drive but not to C: which should suppose to get and for that reason we get this error. 


BitLocker and repair-bde

April 2, 2014, 11:59 am
$
0
0
In a case of  HDD damaging or failing BitLocker Encryption where the status of the partition is unknown then repair-bde command can be used on Windows 7.

For testing purposes I was using repair-bde D: U: -rp ... -Force

The content of D: was restored to U: partition which is external drive.
-rp switch is BitLocker Recovery Password.
 -Force is switch to force moving files from D: to U: because they are locked.




repair-bde usage:



repair-bde[.exe] InputVolume
                  { OutputVolumeOrImage | {-NoOutputVolume|-nov} }
                  { {-RecoveryPassword|-rp} NumericalPassword |
                    {-RecoveryKey|-rk} PathToExternalKeyFile }
                  [{-KeyPackage|-kp} PathToKeyPackage]
                  [{-LogFile|-lf} PathToLogFile]
                  [{-?|/?}]

Description:
  Attempts to repair or decrypt a damaged BitLocker-encrypted volume using th
  supplied recovery information.

  WARNING! To avoid additional data loss, you should have a spare hard drive
  available. Use this spare drive to store decrypted output or to back up the
  contents of the damaged volume.

Parameters:
  InputVolume
                The BitLocker-encrypted volume to repair. Example: "C:".

  OutputVolumeOrImage
                Optional. The volume to store decrypted contents, or the file
                location to create an image file of the contents.
                Examples: "D:", "D:\imagefile.img".

                WARNING! All information on this output volume will be
                overwritten.

  -nov or -NoOutputVolume
                Attempt to repair a BitLocker-encrypted volume by modifying t
                boot sector to point to a valid copy of BitLocker metadata.

                WARNING! To avoid additional data loss, use a sector backup
                utility to back up the input volume before using this option.
                If you do not have such a utility available, specify an outpu
                volume or image instead.

  -rk  or -RecoveryKey
                Provide an external key to unlock the volume.
                Example: "F:\RecoveryKey.bek".

  -rp  or -RecoveryPassword
                Provide a numerical password to unlock the volume.
                Example: "111111-222222-333333-...".

  -kp  or -KeyPackage
                Optional. Provide a key package to unlock the volume.
                Example: "F:\ExportedKeyPackage"

            If this option is blank, the tool will look for the key package
            automatically. This option is needed only if required by the tool

  -lf  or -LogFile
                Optional. Provide a path to a file that will store progress
                information. Example: "F:\log.txt".

  -f   or -Force
                Optional. When used, forces a volume to be dismounted even if
                it cannot be locked. This option is needed only if required b
                the tool.

  -?   or /?
                Shows this screen.

Examples:
  repair-bde C: -NoOutputVolume -rk F:\RecoveryKey.bek -Force
  repair-bde C: D: -rp 111111-222222-[...] -lf F:\log.txt
  repair-bde C: D: -kp F:\KeyPackage -rp 111111-222222-[...]
  repair-bde C: D:\imagefile.img -kp F:\KeyPackage -rk F:\RecoveryKey.bek

BIOS/TCG Memory Overwrite Control: Error changing value

April 7, 2014, 8:47 am
$
0
0
As a result of not properly restarted, the machine cannot boot and it asks for BitLocker recovery password. Turning off and turning on the machine enables Windows to start properly. 
The machine is Windows 7 with BitLocker encrypted HDD.


This specified error appears in System Log in Event Viewer:

BIOS/TCG Memory Overwrite Control: Error changing value


The Event ID: 24626 is explained in Technet:

http://technet.microsoft.com/en-us/library/cc733884(v=ws.10).aspx

Microsoft recommends to Revert or to Upgrade Computer BIOS.


SCCM 2007 Build and Capture Task Sequence with Software update failed

April 28, 2014, 9:06 am
$
0
0
During Build and Capture Task Sequence, Software update installing is failing and Capture of the image does not start.
smsts.log file shows following error:

!sVolumeID.empty(), HRESULT=80004005
!sTSMDataPath.empty(), HRESULT=80070002
TS::Utility::GetTSMDataPath( sDataDir ), HRESULT=80070002
Failed to set log directory. Some execution history may be lost.
The system cannot find the file specified. (Error: 80070002; Source: Windows)
Executing task sequence
!sVolumeID.empty(), HRESULT=80004005
!sTSMDataPath.empty(), HRESULT=80070002
Task Sequence environment not found

This issue is reported by Microsoft: http://support.microsoft.com/kb/2894518

Here is the explanation of the cause from MS:

The first restart that is initiated by the software update is controlled by the task sequence. However, the second restart request is initiated by a Windows component (typically, Component-Based Servicing) and therefore is not controlled by the task sequence. Because the second restart is not controlled by the task sequence, the task sequence execution state is not saved before the restart. When the task sequence resumes after the second restart, no state is available to continue successfully.
______________________________________________________

To resolve this issue, it is recommended to remove following updates:
2862330 MS13-081: Description of the security update for 2862330: October 8, 2013
2771431 A servicing stack update is available for Windows 8 and Windows Server 2012
2871777 A servicing stack update is available for Windows RT, Windows 8, and Windows Server 2012: September 2013
2821895 A servicing stack update is available for Windows RT and Windows 8: June 2013
2545698 Text in some core fonts appears blurred in Internet Explorer 9 on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
2529073 Binary files in some USB drivers are not updated after you install Windows 7 SP1 or Windows Server 2008 R2 SP1
2871690 Microsoft security advisory: Update to revoke noncompliant UEFI boot loader modules


In my case I had only 2862330 and 2529073. After their removal TS finished successfully.




WMI Filter for Windows 7 x86 or x64 OS

May 23, 2014, 10:34 am
$
0
0
If you want to use WMI Query in SCCM TS to make difference between Windows 7 x86 and Windows 7 x64 then this WMI query should be used:

Win 7 32 bit machines:

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

Win 7 64Bit machines:

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

SCCM OSD Task sequence failled during installing Windows updates

May 29, 2014, 1:53 pm
$
0
0
Installing Software Updates fails during OSD Task Sequence
Search

Disable Windows features on Windows 7 x64 with SCCM 2007 TS

June 3, 2014, 12:50 pm
$
0
0
DISM command can be used to Disable Windows features on Windows 7  with SCCM 2007 TS.

Here is the syntax for disabling Fax Services:

DISM /online /Disable-Feature /FeatureName:FaxServicesClientPackage /Quiet /NoRestart

This syntax can be added in TS component and it works for Windows 7 x86 architecture.

For Windows 7 x64, SCCM 2007 reports an error:

The operating system reported error 11: An attempt was made to load a program with an incorrect format.



In order to resolve the error, Disable 64-bit file system redirection check box should be enabled.

 

An error occured while starting the task sequence (0x80070032).

June 5, 2014, 12:27 pm
$
0
0
SCCM TS failed with starting Windows 7 OSD:


Solution for this issue is to format HDD with diskpart:

1. F8 for Command prompt.
2. Diskpart
3. Select disk 0
4. clean
5. Exit

After restarting the machine TS start without to report any issue.

Installation failed with error: 0x80070656. The operating system reported error 2147944022: Error opening installation log file.

June 11, 2014, 12:46 pm
$
0
0
Deploying HP WebCam 1.0.26.3 with SCCM 2007 on Windows 7 64-bit resulted with following error:

Installation failed with error: 0x80070656. The operating system reported error 2147944022: Error opening installation log file

This software was deployed regularly using Install Software SCCM Task Sequence component.




After spending some time with testing and log analyzing, I tried Command line Task Sequence component where I specified setup.exe command, the package and credentials for admin user.
After TS launching, the issue was successfully resolved and HP WebCam software installed on the machine.



SCCM Dynamic Collection based on OS, Architecture and Machine model

June 17, 2014, 10:49 am
$
0
0
Here is the SCCM Dynamic Collection query based on OS, Architecture and Machine model.
In this case: Windows 7 Enterprise, x64 and model: HP ProBook 6570b.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Model in ("HP ProBook 6570b") and SMS_G_System_OPERATING_SYSTEM.Caption = "Microsoft Windows 7 Enterprise" and SMS_G_System_COMPUTER_SYSTEM.SystemType = "x64-based PC" and SMS_R_System.OperatingSystemNameandVersion = "Microsoft Windows NT Workstation 6.1" and SMS_R_System.Client = 1 and SMS_R_System.Obsolete != 1


“This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.”

July 30, 2014, 1:03 pm
$
0
0
This messаge “This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.”





 

appears on Internet Options on Internet Explorer 8 installed on Windows 7 SP1.


 Solution for this issue to install KB2936068




Disable Windows Defender using registry key in SCCM TS

August 8, 2014, 5:39 am
$
0
0
Windows Defender can be disabled with following two registry keys which can be included in SCCM 2007 Task Sequence:

reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f /reg:64

reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f /reg:64


The following two components are successfully tested on Windows 7 SP1 x64:




Add Menu Bar in IE Internet Explorer using registry key

August 19, 2014, 6:50 am
$
0
0
Using this registry key allows Menu Bar to be shown when you open IE 9 on Windows 7 64bit.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=-

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=dword:00000001

To remove Menu Bar from IE:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=-

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=dword:00000000

To allow Menu Bar to be turned on and off by the user:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=-

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=-
Search

Software Updates in SCCM fail to download and install; Failed to download update Error = 0x80040669

September 2, 2014, 8:56 am
$
0
0
Deploying Software updates using SCCM 2007 on Windows 7 stuck on update: KB2675662

Analyzing UpdatesHandler.log showed: Failed to download update Error = 0x80040669


 WUAHandler.log files shows that this updated contains two updates where one is missing.


 Checking this updates in SCCM Console shows that Content ID 90811, related with MS012-034, is missing.


After downloading this updates again and applying to the machine, the update was successfully installed.


After machine restarting all other updates started to come and to install.


Uninstalling silently SP 2 (Service Pack) for Microsoft Office 2010

September 8, 2014, 12:43 pm
$
0
0

Uninstalling line of SP 2 for MS Office 2010 can be found in registry:



Uninstalling string contain:

"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}""{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}""1033""0"

Applying this string in CMD doesn't provide silent uninstall. Tried separately Oarpmany.exe with help switch doesn't show any silent switches.

Workaround for silent uninstall of SP2 for Office 2010 was to apply the following command:


MsiExec.exe /package {90140000-0011-0000-0000-0000000FF1CE} /uninstall {DE28B448-32E8-4E8F-84F0-A52B21A49B5B} /qn

where {90140000-0011-0000-0000-0000000FF1CE} is Office 2010 GUID and {DE28B448-32E8-4E8F-84F0-A52B21A49B5B} is SP2 GUID specified in the uninstall string.

 

Issue with pushing SCCM Client 2012 to client machine using SCCM 2012 console

September 29, 2016, 8:33 am
$
0
0
There is an issue when the SCCM 2012 client is pushed using SCCM 2012 console.

Here is the message on the client machine:

GetHttpRequestObjects failed for verb: 'CCM_POST', url: 'HTTPS://  /ccm_system/request'
GetDPLocations failed with error 0x87d00280
Failed to get DP locations as the expected version from MP 'HTTPS:// '. Error 0x87d00280
Failed to get client version for sending state messages. Error 0x8004100e


Here is the error message reported on SCCM Server:

---> Unable to connect to WMI (root\ccm) on remote machine "", error = 0x8004100e.



Execute query exec [sp_CP_SetLastErrorCode] 2097152001, 0


Troubleshooting:

Changing to use HTTP Client communication helped to eliminate the error message related with the certificates.



After trying to push the client again there were new error messages on clients log:

FindAvailableSource failed with error 0x80004004
Failed to get client version for sending state messages. Error 0x8004100e
ITaskService::GetFolder failed with 0x80070003
CcmSetup failed with error code 0x80004004

 

 Source \\SCCM2012.MTFailed to find accessible source. 
Waiting for retry.L.LOCAL\SMSClient is inaccessible (67)




Resolution:
Switching both DP an MP to HTTP helped to resolve the issue;







SCCM 2012 client was installed successfully:



SCCM 2012 Distribution Point not available during task sequence media creation

October 4, 2016, 8:47 am
$
0
0
During SCCM Task Sequence creation after image boot choosing DP did not appear and it was not possible to choose it.



Updating boot image helped me to solve this issue:




Here it is. Now DP can be chosen.




Content distrubiton require manually activation

October 4, 2016, 11:04 am
$
0
0
After the creation of Win 10 OS package it shows that the package cannot be distributed to DP:

Distribution Manager is waiting for package content to be prestaged on the distribution point ["Display=\\. You must manually prestage the package  on the distribution point before the content will be available.




To  resolve this issue it is necessary to uncheck::




Viewing all 60 articles
Browse latest View live
Search