Forum Widgets
Latest Discussions
AdminService REST API keeps resetting PKI cert
Greetings all, I have a ConfgMgr (2403) Provider that I am trying to bind an internal PKI certificate to for the AdminService. This provider is a dedicated machine and does not have IIS installed, so following the MS docs I use NETSH to bind the PKI cert. It then works for around 5 minutes before the SMS_REST_PROVIDER.log shows the service doing a "health check", deleting the PKI cert completely from the server and then rebinding the self-signed SMS Issuing cert. I have to reissue the internal PKI cert and rebind it and then have it deleted a few minutes later. Does anyone have any thoughts/suggestions about what I might be missing or what is happening here? Thanks ScottSolvedscott_ip1Jul 07, 2025Copper Contributor126Views0likes3Comments
Deploying PS Script as Application Doesn't Work
I've been trying desperately to get a powershell script to run on a target machine using MECM. First to note, I inherited a partially built MECM environment from my predecessor that wasn't documented well and wasn't fully tested. We're now trying to migrate off of our ancient software deployment software to use MECM and need to do so ASAP because that server is on its last life at the moment. We have an application on our old system that requires the movement of license files from a network share into a specific folder within the target machine after the application installs. I've tested the application install separately and it works just fine. However, the copy job to move the files from the network share to the local PC fails. I've confirmed that the PS script itself works as expected. I can run it locally on the target machine when logged in as myself or an administrator. I confirmed that the script works even through MECM when I install it in the user context. However, whenever I try to either run the script directly (Assets and Compliance > Device Collections > right click on collection > Run Scripts), or create a deployment type using the script installer, the job doesn't work. 1 of 2 things happens. When running as a script directly, it will complete and state that it was successful (which I still find odd and not sure why that happens), but the actual process doesn't complete the copy, and so the files aren't copied over to the target machine. When running it as an application deployment, the installation fails outright with exit code 1. I've tried everything I can think of to get the PS script to run as a user for the entire system, but nothing seems to work. I've been troubleshooting this for over a week so I'm probably forgetting some efforts I've done, but I think this sums it up. I'm sure I'm not the only one trying to use MECM in this fashion, so I'm sure there's solutions out there, but either my google machine is broken and I can't seem to get the results I'm looking for or I'm simply missing something super simple that nobody has ever had a problem with...I'm fine with either, but could use the insight!Solveddkingsb4Apr 23, 2025Copper Contributor343Views0likes10Comments
Management point in another domain (no-trust)
Hi folks, we have a situation where we would need to install a MP, DP and WSUS on a server that is in another domain to manage client that are in that domain. I was planning of installing the roles using a service account, import the CA cert from that domain in the Site server. Will there be any issues? I was reading about the communication between the sites roles and I also notice that the site server have to talk with a domain controller and the management point also have to talk with a DC. Which DC are we talking about and why it should talk with them. Does the MP in the other domain will try to reach the DC in the same domain? Does the site server will try to talk with the DC in the other domain? I know it's a strange one but it is the only way I manage to get to reduce the cost and be able to managed PCs that are on the other domain. Thanks! MathieuSolvedMathieu_DesjardinsFeb 29, 2024Brass Contributor1.2KViews0likes2Comments
Resource Explorer Shows Wrong Timestamp for Workstation Status
In Resource Explorer for a PC, the timestamp for Workstation Status is 7 hours earlier than the time it actually occurred. Correspondingly, Time Zone Offset is -420 minutes. This change seems to have coincided with the update to Configuration Manager 2207. I'll install Configuration Manager 2211 and see if the issue is resolved.SolvedSuperMJTFeb 02, 2023Brass Contributor1.1KViews0likes3CommentsMECM v2111 - Boot images
Hi, We purchased new hardware that needs a new rapid storage driver injected into the boot image to detect the installed hard drive. Using a test boot image, we added the driver that is needed which leads to updating distribution points. After injecting the driver, now all operating system deployments are downloading the test boot image first and later downloading the production boot image required by the task sequence selected. How do you control which boot image is downloaded initially during the TFTP phase of operating system deployment? I can't seem to find a solid answer or a good explanation of how this is controlled. Thank you! RobSolvedrobmoJun 23, 2022Brass Contributor1KViews0likes2CommentsAudit CMBaselineDeployment EvaluationSchedule
Hi guys, does anyone have a method to display the Baseline deployment "EvaluationSchedule" in a readable format or list? Like the "Get-CMPackageDeployment -Name "Deployment Test" | Select-Object PackageID, ProgramName, CollectionID, AssignedSchedule" but in "Get-CMBaselineDeployment -Fast -Name "Baseline1" | Select-Object AssignmentName,EvaluationSchedule". Maybe a chance with an SQL query? The current output always show an encrypted string. Need that to Audit an Optimize the Deployments to not overlap. Regards.SolvedGeraldoApr 30, 2022Copper Contributor873Views0likes2Comments
Completing a Task Sequence when the network is not available
Hi All, I have a task sequence running on Windows 8.1 x64 which uninstalls a piece of software then reboots the machine. Uninstalling the software makes the network unavailable. The problem I am facing is the task sequence runs extremely slow once the network becomes unavailable. Logs indicate it is the client is trying to connect to the management point and timing out which is making it run slowly. I have three final steps, one which runs only if a Condition is met where the uninstall has failed. Another two 'Disable Bitlocker' and 'Reboot Machine' It seems to take approximately 5 minutes for each of these steps to run. I have ran the task sequence without uninstalling the software, thus meaning the network is available, and the task sequence runs at expected speed. Does anyone have suggestion on how I can make the task sequence complete quicker when the network is unavailable?SolvedMarkB2020Nov 27, 2020Copper Contributor1.8KViews0likes2CommentsCollocating SQL or remote SQL
Hi All Wanted to bounce my thoughts with fellow members. I am about to embark on a mini project for a customer. It's for a small experiment and a new network and infrastructure environment will be created on-premises. Unfortunately for this piece of work cloud is not an option. So a Virtualisation environment, SAN, networking, firewalls will all be procured. I need to build MECM to help deploy a gold image to approx. 100 workstations, there are 2 variances of laptops I need to consider. As its an experiment it also not going to grow. I also need to ensure patching is configured for both clients and the small server estate being built. So my thoughts are to build a new VM with MECM 2006 with the SUP role for WSUS and then use the OSD techniques with TS to build the Windows 10 image using PXE. They will be building a SQL server to host a database for a third party application. My question is as its such a small environment should I put SQL on the same standalone server which will host the Primary site MECM server and SUP or it is doing a lot already and I should move the SQL stuff to a remote SQL rather than collocate? From reading the docs I understand some considerations need to be taken into account to host both WSUS and ConfigMgr DBs within SQL (difference instances?) but because the environment will be so small my personal preference would be to keep it on same box, easier for me to deploy and easier for the customer to manage. The security of the environment is high due to the nature of the customer. What would others recommend and what would your approach be? Many thanksSolvedisotonic_ukAug 20, 2020Brass Contributor1.1KViews0likes2CommentsHow to enroll existing Hybrid-AD joined device with intune for co-management?
Now that v1710 has released, I'm experimenting with Co-management, trying to enroll a test client for it. I went through the wizard in SCCM to configure co-management, setting Automatic enrollment in Intune to Pilot, and selecting a device collection which includes my test computer as the pilot group. In AzureAD I set the MDM User Scope setting to SOME, and selected a security group containing my user account. I've updated the SCCM client on the test computer, and am looking for some sign that it has been enrolled in Intune, but I'm not finding it. In the "Access work or school" settings on the computer, it still just shows connected to our AD domain. (Not sure if that would change...) In our intune console, I don't see that this computer has been added as an enrolled device. If I search in intune under AzureAD devices, I do find this computer listed there, but the Owner and MDM attributes are set to none. Is there something I'm missing when setting this up? At what point should the device be enrolled in intune? How can I verify that it has been enrolled?SolvedSteve WhitcherNov 21, 2017Bronze Contributor5.1KViews0likes2Comments
Resources
Tags
- cm current branch43 Topics
- Operating System Deployment13 Topics
- software update management11 Topics
- Site Setup and client deployment8 Topics
- General7 Topics
- App Management7 Topics
- cloud-attached management6 Topics
- SCCM6 Topics
- CM 20124 Topics
- Endpoint protection3 Topics