Configuration Manager | Microsoft Community Hub

Forum Widgets

Latest Discussions

Deploying PS Script as Application Doesn't Work
I've been trying desperately to get a powershell script to run on a target machine using MECM. First to note, I inherited a partially built MECM environment from my predecessor that wasn't documented well and wasn't fully tested. We're now trying to migrate off of our ancient software deployment software to use MECM and need to do so ASAP because that server is on its last life at the moment. We have an application on our old system that requires the movement of license files from a network share into a specific folder within the target machine after the application installs. I've tested the application install separately and it works just fine. However, the copy job to move the files from the network share to the local PC fails. I've confirmed that the PS script itself works as expected. I can run it locally on the target machine when logged in as myself or an administrator. I confirmed that the script works even through MECM when I install it in the user context. However, whenever I try to either run the script directly (Assets and Compliance > Device Collections > right click on collection > Run Scripts), or create a deployment type using the script installer, the job doesn't work. 1 of 2 things happens. When running as a script directly, it will complete and state that it was successful (which I still find odd and not sure why that happens), but the actual process doesn't complete the copy, and so the files aren't copied over to the target machine. When running it as an application deployment, the installation fails outright with exit code 1. I've tried everything I can think of to get the PS script to run as a user for the entire system, but nothing seems to work. I've been troubleshooting this for over a week so I'm probably forgetting some efforts I've done, but I think this sums it up. I'm sure I'm not the only one trying to use MECM in this fashion, so I'm sure there's solutions out there, but either my google machine is broken and I can't seem to get the results I'm looking for or I'm simply missing something super simple that nobody has ever had a problem with...I'm fine with either, but could use the insight!
Solved
dkingsb4
Copper Contributor
Apr 23, 2025
configuration manager
scripts
System Account
320Views
0likes
10Comments
All Windows Server OS(Mostly 2019) DP's not upgrading to 2207
FYI... This issue is happening again since last week and this time it is not just server DP's but Windows 10 DP's also. It is not a result of MECM server upgrade maybe Feb patches got installed on the primary server but very few DP's are fine. Last friday i upgraded CM from 2203 to 2207 version. I saw no error after the upgrade. I have a bunch of Win 10 computers as DP's and those DP's got upgraded to new version(5.00.9088.1000) but all the Windows Server OS DP's failed to upgrade. FYI... Site server is an admin on all the DP's and nothing has changed. Here is a screenshot of distmgr.log error. vcredist_x64.exe is already installed on all the server DP's last year probably with 223 upgrade. I do not see any errors in the firewall or antivirus software. Not sure what could be the issue.
chandrabusa
Copper Contributor
Oct 03, 2022
cm current branch
3.1KViews
1like
10Comments
Connection Error after upgrading to version 2203
On Monday, I upgraded Endpoint Manager to version 2203. Everything appears to be working fine on the server itself. We only have one Endpoint Manager server with SQL collocated. After upgrading the Endpoint Manager console on remote systems, I am having some errors. When I go to the Console Extensions node or the Console Connections under Administration, I receive the following message Configuration Manager can’t connect to the administration service The Configuration Manager console can’t connect to the site database through the administration service on <ServerFQDN> Verify the following There’s no certificate on the SMS Provider site system server. Make sure it has a valid PKI or Configuration Manager-generated certificate for the site. Additionally, It looks like until I’m able to make this connection I can’t update the WebView2 extension and without that extension the console crashed with I try to access the Windows Servicing and Microsoft Edge Management nodes under Software library. If I manually import the self sign certificate from Endpoint Manager (we are not using PKI) into the Trusted People container in the Certificates MMC on the remote systems then the console works correctly. I’d prefer not to band aid this problem but instead fix it. I’ve tried the following that I found on blog posts to resolve this issue but all with no success Made sure that “Use Configuration Manager-generated certificates for HTTP site system” is enabled Made sure no certificates are block in Configuration Manager I’ve checked the SSL Certificate on the Default Website and it is the self signed certificate from Endpoint Manager. Turned off Windows Firewall Reviewed the SmsAdminUI.log file. The SmsAdminUI.log file show the following entries: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Failed to get a response for OData GET request: https://<ServerFQDN>/AdminService/v1.0/ConsoleExtensionMetadata?$filter=IsRequired eq true and IsTombstoned eq false and IsApproved eq true Could not connect to the AdminService to check for requirements. System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Failed to get a response for OData GET request: https://< ServerFQDN>/AdminService/v1.0/ConsoleExtensionMetadata?$filter=IsApproved eq false Error getting custom console extensions IDs, versions and names using Admin Service: SSLFailure System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Failed to get a response for OData POST request: https:// <FQDN>//AdminService/v1.0/ConsoleUsageData/AdminService.UpdateConsoleHeartbeat Microsoft.ConfigurationManagement.ManagementProvider.ODataConnectionException: SSLFailure At this point, I don’t know where to go next. Any help would be greatly appreciated.
RyanD79
Copper Contributor
Jun 16, 2022
Endpoint protection
General
12KViews
0likes
10Comments
WSUS Sync Failing
Within the last hour or so I have carried up a cleanup of our WSUS and reindexed the database as per this article https://blogs.technet.microsoft.com/configurationmgr/2016/01/26/the-complete-guide-to-microsoft-wsus-and-configuration-manager-sup-maintenance/ Once complete I re-enable the SUP schedule and WSUS has not been able to Sync since. Our SCCM Version is 1702 with the hotfix, hosted on a Server 2012r2 system. WSUS content is within a SQL database. WCM.log; "System.Net.WebException: The request failed with HTTP status 403: Target service not allowed.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)" WsusCtrl.log does not seem to indicate any proxy related errors; "No changes - local WSUS Server Proxy settings are correctly configured as Proxy Name ####### and Proxy Port ##"
Deleted
Jul 21, 2017
cm current branch
software update management
17KViews
0likes
9Comments
CMG Error in 2006
I am experiencing a lot of error in the ProxyService_IN_0-CMGService.log file on my production machine. The errors are shown below. We are not using PKI, we use a public wildcard cert for server authentication. I have virtually an exact duplicate setup with a public cert and no errors are being reported in the log files. When ever I run the CMG Analyzer I get error at "Check Config setting are up to date" or "Testing the CMG Channel" They will never pass. In my test environment they will pass within about 10 seconds of starting. Could this error be coming from the CMG server itself. ERROR: Security token validation exception with requesting URL https://xxx.xxx.xxxx/CCM_Proxy_ServerAuth/72057594037927940/CCM_STS. System.IdentityModel.Tokens.SecurityTokenValidationException: System.Security.Cryptography.CryptographicException: CryptVerifySignature failed with HRESULT 0x80090006~~ at Microsoft.ConfigurationManager.CommonBase.SignatureUtilities.ValidateSignature(Byte[] token, Byte[] signature, Byte[] publicKey)~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey) ---> System.Security.Cryptography.CryptographicException: CryptVerifySignature failed with HRESULT 0x80090006~~ at Microsoft.ConfigurationManager.CommonBase.SignatureUtilities.ValidateSignature(Byte[] token, Byte[] signature, Byte[] publicKey)~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey)~~ --- End of inner exception stack trace ---~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey)~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateTokenEx(String token, String tokenHint)~~ at Microsoft.ConfigurationManager.BgbServerChannel.BgbServerReverseProxy.ValidateAuthorizationToken(String authorizationToken, EndpointClientAuthScheme clientAuthScheme, Uri requestUri, IToken& validatedToken, EndpointClientAuthScheme& validatedScheme)
Ronald Lawrimore
Brass Contributor
Oct 07, 2020
cm current branch
6.8KViews
0likes
9Comments
CreateProcessAsUser Error 5 - ServiceUI.exe
Hi All I've recently updated my SCCM Site version to v1910, since performing this update i've been having issues with my Upgrade Task Sequence. Previously i've had a command line step in the upgrade task sequence to run a manually built "Windows 10 Splash Screen" using ServiceUI.exe to allow the user to install or postpone the upgrade. This has been issue free until the update to SCCM 1910, since then when i try to run the task sequence the following step fails with this error. Has anyone got any idea how i can resolve this? Been racking my brain for days now...
Elliot_the_Goose
Copper Contributor
May 27, 2020
cm current branch
Operating System Deployment
Site Setup and client deployment
12KViews
0likes
9Comments
Win7 to Win10 1803/1809 in-place upgrade Task Sequence breaks with no apparent error code
Hi, We’re migrating from Win7SP1 to Win10 Ent. 1803/1809 in our corporate environment. Strange thing noticed is migration TS always breaks on Latitude E7470 after ‘Upgrade Operating System’ task. Other models (E7440, E7450, E6440, O7010, O9020, T7910, etc.) don't have such issue at large. Almost 50 nos. of E7470 is tried and all of them got the same issue. Currently migration on this particular model is on hold. Didn’t see anyone mentioning the same issue anywhere. TS screenshot as well as last few lines from smsts.log is copied below. As you can see there is no error reported by the task. But a reboot is initiated somehow, which breaks Task Sequence and then it doesn’t go further. In general, what are the reasons why such error occur?! Process completed with exit code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) !--------------------------------------------------------------------------------------------! TSManager 19/06/2019 18:55:23 7816 (0x1E88) Successfully completed the action (Upgrade Operating System) with the exit win32 code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionRetCode=0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionName=Upgrade Operating System TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionSucceeded=true TSManager 19/06/2019 18:55:24 7816 (0x1E88) Clear local default environment TSManager 19/06/2019 18:55:24 7816 (0x1E88) The action (Upgrade Operating System) requested a retry TSManager 19/06/2019 18:55:24 7816 (0x1E88) Created volatile registry entry for pending reboot initiated by this task sequence TSManager 19/06/2019 18:55:24 7816 (0x1E88) Executing command line: "bcdedit.exe" with options (0, 0) TSManager 19/06/2019 18:55:24 7816 (0x1E88) Process completed with exit code 0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) TSUEFIDrive: TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object D:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTaskSequence. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Save the current environment block TSManager 19/06/2019 18:55:24 7816 (0x1E88) Expand a string: %_SMSTSMDataPath%\Logs TSManager 19/06/2019 18:55:24 7816 (0x1E88) _SMSTSReturnToGINA variable set to: TSManager 19/06/2019 18:55:54 7816 (0x1E88) SMSTSUninstallCCMClient variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) _SMSTSCaptureMedia variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) The action (Upgrade Operating System) initiated a reboot request TSManager 19/06/2019 18:55:54 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:54 7816 (0x1E88) **************************************************************************** TSManager 19/06/2019 18:55:54 7816 (0x1E88) Execution engine result code: Reboot (2) TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager ServiceMain finished execution. TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager execution terminated as system shutdown is in progress. Code 0x00000000 TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 7816 (0x1E88) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 7816 (0x1E88) End program: TSManager 19/06/2019 18:55:54 7816 (0x1E88) Stopping Task Sequence Manager service TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 4588 (0x11EC) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 4588 (0x11EC) End program: TSManager 19/06/2019 18:55:54 4588 (0x11EC)
gafoorgk
Copper Contributor
Jun 19, 2019
cm current branch
Operating System Deployment
3.6KViews
0likes
8Comments
Agents will install on 2 DC's but will not get configurations
Hello, I have 2 DC's that when i install the MECM agent on them, they will install but will not get the configuration files and when i open the client on the machines its missing the configurations tab and the action tab only has 2 actions. also, on the general tab of the client, the Client Certificate says "none" I know the easy answer is this is a "boundary issue" but it is not. i have other servers with the same IP address range and they have no issue getting the client fully configured. It is not a local firewall issue as i tried turning it off and got the same results. in the ccmsetup logs i am seeing this "Failed to get MDM_ConfigSetting instance, 0x80041013" can anyone please help figure out what is going on here?? thanks in advance
Michael54
Copper Contributor
Apr 14, 2025
cm current branch
Site Setup and client deployment
211Views
0likes
7Comments
SCCM hierarchy design
Hi All I'm new to this community and SCCM so I would like some advice please; I currently have an SCCM CB environment running in the corporate domain and my company is planning on buying a few companies and they want to keep the domains separate but will have trusts in place. The current environment is set up as follows Domain A (Based in Europe) 150 users 1 site Currently has the only stand-alone primary site Bandwidth not an issue Domain B (Based in Africa) 350 users 3 sites No SCCM service Bandwidth is very limited (reminds me of the old PSTN dial-up days) Domain C (Based in South America) 300 users 5 sites Not bandwidth issues So what I’m looking for is some advice on how I should implement my SCCM infrastructure? What I was thinking was extending my current primary site with a CAS server and then installing a primary site server in each domain and extend those sites with secondary sites and DP’s? If I go this route will it give each local IT team the ability to manage there own SCCM server while having the corporate CAS server pushing down applications and policies? As each SCCM server will be installed into its own domain/forest will I have any issues or challenges?
TazzKT
Copper Contributor
Sep 02, 2019
cm current branch
sccm 1906
2.3KViews
0likes
6Comments
How to allow powershell in managed device?
HI everyone, newbie admin here. I am in the process of learning out to use the EndPoint Manager and I have enrolled my first device, which will be my work laptop. It is running windows 11 enterprise and it is enrolled in tenant with an account licensed at an 0365 A3 level. Up until there, everything seems fine, but I stumbled into a problem. I can't run powershell cmdlets. It's a fine restriction to have on 99% of the systems I'll be administering, but I need to run it on mine for user creation, and general maintence, etc. I can run the powershell cmdlets if a login as another, unmanaged , user, so it's not an install problem. I have alllowed, through MMC the running of scripts, and through the endpoint managers the running of powershell scripts, but nothing happened. I know other policies are being applied and synced to the device, so I out of ideas. See the pictures below: Any suggestions?
flaviopbadmin
Copper Contributor
May 06, 2022
App Management
security and compliance
2.3KViews
0likes
6Comments

Resources

Tags

cm current branch42 Topics
Operating System Deployment12 Topics
software update management11 Topics
Site Setup and client deployment8 Topics
General7 Topics
App Management7 Topics
cloud-attached management6 Topics
SCCM6 Topics
CM 20124 Topics
Endpoint protection3 Topics