Skip to content

Posts tagged ‘microsoft’


Software Update Migration Issues (ConfigMgr 07 to 2012)

During the migration process from Configuration Manager 2007 R3 to Configuration Manager 2012 RTM, we ran into an issue where Deployed Software Updates would not detect as applicable on client machines.  I didn’t find much about this issue on the web, so I thought I would blog about it.

Read moreRead more


Upgrading to SCOM 2012 – SQL Issue

I ran into an issue when upgrading SCOM to 2012 (from 2007 R2 CU5).  The installer stated that the upgrade was successful, but no activity was taking place in my management group.  I had one error in my event logs (see below).

Read moreRead more


SCOM Workgroup Monitoring – Disable AD Integration

Because workgroup computers can’t read Active Directory, AD Integration should to be disabled on these systems.  For some reason, the SCOM interactive agent setup will not allow the option “Use Management Group Information from Active Directory” to be disabled (it is grayed out).  However, this  setting can be disabled by installing the agent from the command line, or editing a registry key on an existing agent.

To disable during setup:
Install the SCOM agent with the following command line: MOMAgent.msi USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<Management Group Here>” MANAGEMENT_SERVER_DNS=<FQDN of management server here> /qb

To disable in the registry:
Open registry editor and nagivate to: SYSTEM\CurrentControlSet\Services\HealthService\Parameters\ConnectorManager“.
Set the EnableADIntegration in the registry to 0′
Restart the HealthService (System Center Management)

If one of the above steps is not completed, you will see the following entry in your Operations Manager event log:

Log Name:      Operations Manager
Source:        HealthService
Date:          <Date/Time>
Event ID:      2010
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      <FQDN>
The Health Service cannot connect to Active Directory to retrieve management group policy.  The error is Unspecified error (0x80004005)


OSD: “Run As” Caveats

When trying to run some customization scripts during an OSD Task Sequence, I found some issues when trying to use the Run As feature during a Run Command Line step.  In my case, I wanted to add the computer object that was being built in the Task Sequence to a custom group in Active Directory.

I found that my script (PowerShell based) ran perfectly when executed in a windows environment, but during the task sequence it would fail.  The root of the problem was that the Run As functionality affects the ability to access COM objects.  When using the Run As feature, I was unable to connect to and manipulate Active Directory.  I found that I had to run the script without the Run As option and embed the credentials in the script itself.  (I used some methods to encrypt the password, but that is really outside the scope of this blog post).  In my case, when using PowerShell, I used the Invoke-Command with the -Credential cmdlet.  The reason I used that cmdlet is because Start-Process and Start-Job can’t use the -Credential parameter when running as Local System (which is what the task sequence uses).

One thing to keep in mind when writing scripts to be used in OSD, if you need to elevate permissions, you may not be able to use the Run As option and may need to find an alternate way of elevating permissions.


SCSM: Notification workflow on Work Item assignments

Update: I have written an additional blog entry on this topic to address both Service Requests and Release Records.  This post can be found here: Notification workflow on Work Item assignments (Part 2)

The Microsoft Service Manager team has written two great blogs on how to create the workflows required in Service Manager to send out notifications when a work item has been assigned/re-assigned.  Initially you might think this could be done in the UI, but actually it must be done in XML.  The Service Manager team has provided great examples on how to do this for both Incidents and Activities.

The blog for Incidents can be found here:

The blog for Activities can be found here:

I followed the blogs above and got it working in no time for both my Incidents and Activities.  However, I also wanted to do this for my Problems and Change Requests.  Read moreRead more


Exchange 2010 Update Rollups Fail

Update: This has been fixed in Exchange 2010 SP1 Rollup 3 (

We recently ran into an issue when trying to apply the latest rollups for Exchange 2010 SP1.  We never had this problem with the rollups on Exchange 2007.

What happens when the update fails, it rolls back, but it leaves all dependent services in a “Disabled” state (when it fails it does not reset its services back to the way they were, which is very bad).  To find out which services it changed, the easiest way is to look in the System Event Log and see which services were modified.

This issue occurs when you have the “PowerShell Execution Policy” defined in group policy.  You can find this policy in the Group Policy Management Editor under: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows PowerShell > Turn on Script Execution.

The only workaround I could find is to temporarily disable your GPO that configures this policy on your Exchange server (or exclude your Exchange servers from the policy).  After the patch has completed successfully, the policy can (should) be re-applied.  Hopefully Microsoft will fix this for future rollups.


Coming Attractions: Service Manager & IPv6

On this fine evening, we wanted to share with you a little preview of coming attractions, which will hopefully appear in future posts. Two of our projects revolve around Microsoft System Center Service Manager and IPv6 (separate endeavors). Both of these hold good promise for our organization and where we go with each may help you as well.

Through the years, we’ve used a couple different help desk and change management tools–Track-It! and Alloy Navigator–and in each, we’ve run into issues and shortcomings. Track-It! was fine as a ticketing system, but provided very little correlation (if any), no audit trail, and sparse asset management. Alloy is a step in the right direction with a pretty comprehensive set of features, ranging from Purchase Orders to Incident and Change Management to Asset tracking, but the application and system itself are fraught with bugs, counter-intuitive processes, etc. In other words, lots of ongoing work which is worthy of many tickets itself.

So we’re venturing into Microsoft’s Service Manager territory and are very interested in the integration with the rest of the System Center suite (Configuration Manager and Operations Manager), as well as Active Directory. We’re also checking out Provance IT Asset Management, a management pack for SM, which enhances the product and provides an otherwise absent financial piece. Looking good so far!

On the networking side, we’ve been in the R&D phase with IPv6 (Internet Protocol version 6) for a few months now since receiving our own /48 block of addresses from ARIN. The documentation online is a bit sparse and mostly targeted to either consumers (Teredo) or ISPs, but we’re finding some nuggets in the digging.  Some good resources thus far are:

IPv6 is quite the undertaking, but as we work to roll it out in our organization, we’ll be sharing info to help in yours.


FEP Installation – SCCM Inventory No Longer Works

As you may already know, Microsoft’s latest antivirus product, FEP (Forefront Endpoint Protection) integrates very tightly with the Configuration Manager 2007 product.  When we rolled the product out, everything went smoothly throughout the installation process, but once we got the product installed and deployed we started seeing a few issues.

We quickly found that the FEP installation broke SCCM’s Inventory features (Software and Hardware Inventory) in our central site.  The FEP infrastructure is also very dependent on these roles.  We found that none of the FEP collections were being correctly populated, notifications did not work, and report data was not available (FEP dashboard did not have valid data).  However, the FEP client installs via SCCM worked just fine and policy distribution was working as expected; just the features mentioned previously did not work properly.  We found most of our clients were getting tagged as “Locally Removed”, which was not correct.  However, everything continued to function at my child sites, but FEP Server services were not installed in those sites specifically (they are leveraging from the central site).  Clients in our child site, were properly getting marked as deployed, collections were accurate, and reports worked as expected.  After some digging I found the following errors in our Central Site: Read moreRead more


SQL 2008 SP2 Slipstream Issue

Now that SP2 for SQL 2008 has been released it is time to update our SQL 2008 slip-streamed installation files.  The slipstream process is the same, but I did run into one bug once the process was completed.  There appears to be a bug that when you have a slip-streamed version of SQL 2008, the installation cannot be run from a network drive when .NET 4 has been installed.  The following error may be received when attempting to launch setup.exe.

Read moreRead more