Configuration Manager | Microsoft Community Hub

Forum Widgets

Latest Discussions

Failed to create object ID in Intune for new onboarded device.
We are deploying Defender for Cloud with XDR onboarding. We are implementing Defender policy with Intune enforcement setting, everything is working for 98% of devices as well. But, for some devices like Arc enabled machines, after going through each step and Microsoft troubleshooting documentation. Some devices are not able to create the synthetic object in Intune to receive Defender XDR policies. No solution is provided in the documentation or in MDEclient parser. In the onboarding workflow, the synthetic object is normally created to apply the policy via Intune. But, when a device fails this process, we have no solution even after re-onboarding.
Solved
EtienneFiset
Brass Contributor
Dec 18, 2024
azure arc
defender for cloud
Defender XDR
Endpoint protection
MDE/MDM enforcement configuration setting
39Views
0likes
4Comments
All DDR Properties should be available to view on Column select
Every property you see in the DDR, should be available to view as a column...IMO. For example, the Creation Date (UTC) property in the DDR is not available to be shown as a column. There are others but let's start with this on. There are so many other column choices that are far less important then date stamps. Agree? Disagree?
HawkMan
Copper Contributor
Dec 02, 2024
cm current branch
35Views
0likes
3Comments
sccm update offline error : the manifest.cab can't be found will retry in the next polling cycle

qarssifi
Copper Contributor
Dec 02, 2024
cm current branch
55Views
0likes
3Comments
SCCM : Windows 11 inplace upgrade failing
Some of my Devices are with the UI language of en-GB, and some are with en-US. All are windows 10 enterprise. When I try to do an in-place upgrade (for win 11 enterprise - en-US). the devices with en-GB devices are failing. I would like to replace all the devices with en-US? can we do it via SCCM and with the same task sequence? and with the Windows 11 upgrade or do we need to do a fresh installation for those en-gb devices ?
GayanKularatne
Copper Contributor
Dec 02, 2024
Operating System Deployment
SCCM
30Views
0likes
1Comment
Need to know if CM site server account supports UTF-8, longer byte limits, and more
We are using MECM/SCCM with two domains - my primary domain I run, and a customer domain that has a management point VM set up in it. That Management Point is connecting back to my main domain via a service account. The admins of the customer domain are moving to a new HR product, Workday, and wish to know the following as part of their migration. Can your service, CM, consume display name as UTF8? Can CM consume display name with a 1,024 byte limit? Could CM consume a custom attribute for name data (instead of display name)? Can CM use SAML, OIDC (OpenID Connect), or Azure for authentication or provisioning? I have examined the SCCM prerequisites and cannot find specific details on this. Is there any way I can find out the answers to this? I am assuming the answer is no for all of this - but in the interest of being thorough for the other domain's admins, I want to at least ask and confirm.
Solved
OnPremBeatsCloud
Copper Contributor
Nov 25, 2024
Site Setup and client deployment
222Views
0likes
1Comment
Windows Imaging and Configuration Designer and Assigned Access xml Bug
Hello everybody. So, my goal is to get this bug in front of the eyes that need to see it in order for the issue to get resolved, so if this is not the place to do that (it was the only place that I could find that seemed even remotely possible) then let me know where to move this post to so that the issue can be resolved. Now that that is out of the way, the issue that I want to report involves Assigned Access configuration file. As you may know, the "&" character cannot be present in an xml element attribute value, as it is a special character, and must be replaced with the escape string "&" instead. If there are any "&" characters in your assigned access configuration file, Windows Imaging and Configuration Designer will not allow you to compile the package. So, consider the Assigned Access Configuration file that I created with all of the "&" characters replaced with the appropriate "&" escape: <?xml version="1.0" encoding="utf-8" ?> <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" > <Profiles> <Profile Id="{aed4127d-7fe0-435f-bdda-e384815099ec}"> <AllAppsList> <AllowedApps> <App DesktopAppPath="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Google\Update\GoogleUpdate\GoogleUpdate.exe" /> <App DesktopAppPath="C:\Tableau\Store Okta Login.exe" /> <App DesktopAppPath="C:\Tableau\Manager Okta Login.exe" /> <App DesktopAppPath="C:\Windows\explorer.exe" /> <App DesktopAppPath="C:\Windows\Splwow64.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\ScannerUtility\BrScUtil.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\HttpToUsbBridge\HttpToUsbBridge.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\BrotheriPrint&Scan.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\BrScanKeyEventMgr.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe" /> <App DesktopAppPath="C:\Windows\twain_32\Brimm22a\Common\TwDsUi.exe" /> <App DesktopAppPath="C:\Windows\twain_32\Brimm22a\Common\TwDsUiLauncher.exe" /> </AllowedApps> </AllAppsList> <rs5:FileExplorerNamespaceRestrictions> <rs5:AllowedNamespace Name="Downloads"/> </rs5:FileExplorerNamespaceRestrictions> <StartLayout> <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> <LayoutOptions StartTileGroupCellWidth="6" /> <DefaultLayoutOverride> <StartLayoutCollection> <defaultlayout:StartLayout GroupCellWidth="6"> <start:Group Name="Apps"> <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Manager Okta Login.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Learning Hub.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\My Documents.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Altametrics Schedules.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Brother iPrintScan.lnk" /> </start:Group> </defaultlayout:StartLayout> </StartLayoutCollection> </DefaultLayoutOverride> </LayoutModificationTemplate> ]]> </StartLayout> <Taskbar ShowTaskbar="true" /> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount rs5:DisplayName="Manager Workstation"/> <DefaultProfile Id="{aed4127d-7fe0-435f-bdda-e384815099ec}"/> </Config> </Configs> </AssignedAccessConfiguration> I apologize for formatting the contents of the file as a code block, but when I tried placing the text in a code sample, it would automatically substitute the "&" for an "&" character. In any event, importing the above assigned access configuration file in Windows Imaging and Configuration Designer does not produce an error, and allows for the application to compile the ppkg file, but when this ppkg is applied to a system during deployment, it results in an endless boot loop after the system restarts. It would seem that the provisioning package that Windows Image and Configuration Designer creates results (at least in my case) a boot loop on the target system if the assigned access xml that is imported contains any element attributes that contain an "&" character. And I am not the only person who has run into this problem either. While investigating this issue, I found the below thread detailing the exact same issue: https://www.reddit.com/r/Intune/comments/1enlwwe/assigned_access_xml_with_ampersand_usage_fails_to/
whiggs
Copper Contributor
Nov 25, 2024
App Management
mdt
Operating System Deployment
Security and Compliance
Site Setup and client deployment
36Views
0likes
0Comments
MECM - Appoach to Logging in Detection Scripts
'm starting to work with SCCM/MECM and creating a lot of powershelldetectionscripts for application deployments. Most I write are simple and need no logging but some are complex. I of course test them before deploying to MECM but sometimes I need debug them running in the actual MECM client. As such, I need some method of logging from the scripts. My understanding is that if I write to STDOUT/STDERR in a detection script this directly impacts theoutcomeof detectionas per this articlehttps://learn.microsoft.com/en-us/mem/configmgr/apps/deploy-use/create-applications#bkmk_dt-detect. If I write to verbose/debug streams in powershell they also end up in stdout unless I re-direct to a file (which is an option). Is anyone doing something in this respect? My thoughts: transcript logging in powershell re-direct another stream to file and write to that write to windows event logs
shocko
Steel Contributor
Nov 21, 2024
App Management
cm current branch
General
53Views
0likes
2Comments
Windows 11 23H2 Cumulative Updates not shown in WSUS/SCCM
Hi everyone, I want to start rolling out devices in my company with Windows 11 23H2 via SCCM. However, I first need to update the existing 23H2 image with the November 24 cumulative update (KB5046633). In SCCM and WSUS, I can't find the 23H2 product categories for synchronization, but 24H2 is showing up. What could be the reason for this?
mithiy
Copper Contributor
Nov 20, 2024
cm current branch
Site Setup and client deployment
111Views
0likes
1Comment
Probleme de mise à jour des definition defender
Je rencontre un problème depuis peu. En fait, pour la Mise à jour de definition Defender une ADR a été configuré pour que la mise à jour se fasse tour les 8h. certains postes du parc n'arrivent pas à les mises à jours Windows et definition Defender. Je constate qu'il y a un problème d'application de la policy EPM et l'ADR. Lorsque j'applique le contournement suivant: - renommer le fichier registry.pol en registry.pol.old et forcer sa création par un gpudate /force le tout fonctionne jusqu'à une certaine période et cela reprend. J'aimerais savoir si quelqu'un de la communauté a deja rencontré ce problème, si oui quelle est la correction et c'est quoi la raison ou la cause de se problème. Les recherches parlent de fichiers corrompu soit par une coupure d'électricité ou de l'agent, mais malgré les recherches je n'ai pas une solution définitive et une raison claire. Je souhaiterais avoir votre contribution
luctanoh
Copper Contributor
Nov 12, 2024
Definition Defender
Endpoint protection
Security and Compliance
11Views
0likes
0Comments
Cloud Management Gateway crashes CCMExec on Management Point (ntdll.dll 0x000409)
I am having a strange situation here and it even replaces on two environments that I host within the same Active Directory Domain. The issue is the following: When I setup a cloud management gateway and a client tries to connect against it the cloud management gateway returns a 500 error. I checked the Management Point and realized that the SMS Agent Host was not running anymore and the Eventlog reported an Application Error 1000 Event with the following details: Faulting application name: CcmExec.exe, version: 5.0.9128.1007, time stamp: 0x663403bd Faulting module name: ntdll.dll, version: 10.0.26100.1150, time stamp: 0xc12fc860 Exception code: 0xc0000409 Fault offset: 0x00000000001238c6 Faulting process id: 0x10AC Faulting application start time: 0x1DAD94BCA422450 Faulting application path: C:\Program Files\SMS_CCM\CcmExec.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 068f05d9-b85c-4c17-89e2-353feee9c4dc Faulting package full name: Faulting package-relative application ID: followed by the following 1001 log entry: Fault bucket 1851384034312828394, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: CcmExec.exe P2: 5.0.9128.1007 P3: 663403bd P4: ntdll.dll P5: 10.0.26100.1150 P6: c12fc860 P7: 00000000001238c6 P8: c0000409 P9: 0000000000000030 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.61c5aa9f-09d0-4d06-93da-9ca9cc2426d2.tmp.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.ce79eea8-5aa6-4445-8b45-f0d0bcda1792.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.fd0e7262-c164-4037-a886-c74bd5cd555c.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.4ed3e7ca-aedd-4046-908d-fa818482a3f2.tmp.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.84076caa-e40c-4a92-bd12-e86c61e65dec.tmp.xml These files may be available here: \\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_CcmExec.exe_a2b9ae7c9d57f6a0d7dc19bb2e2d6214edad987_c4c73d8f_42c6cde6-1513-4fda-9592-c6b46dae3db3 Analysis symbol: Rechecking for solution: 0 As said this happens on both environments. One runs on Windows Server 2022 and the other one on 2025 Preview but they share the same issue (Both on 2403, one with hotfix the other without(. The issue just arises if just a single request runs against the CMG. The DMPDeviceCertAuthModule contains the following lines: <![LOG[Failed to validate CCM Token. Error 0x800706be]LOG]!><time="13:03:12.205+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:967"> <![LOG[Failed to verify SCCM token with requesting URL 'HTTPS://myserver.domain.local:34728/CCM_SYSTEM_TOKENAUTH/REQUEST'. Error 0x800706be]LOG]!><time="13:03:12.210+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:550"> <![LOG[Failing HTTP request with status code 500.1 with HR 0x800706be and reason "Internal Server Error"]LOG]!><time="13:03:12.210+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:119"> <![LOG[ValidateSCCMToken failed to get isapi proxy. Error 0x80070005]LOG]!><time="13:04:12.931+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:961"> <![LOG[Failed to verify SCCM token with requesting URL 'HTTPS://myserver.domain.local:34728/CCM_SYSTEM_TOKENAUTH/REQUEST'. Error 0x80070005]LOG]!><time="13:04:12.931+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:550"> <![LOG[Failing HTTP request with status code 500.1 with HR 0x80070005 and reason "Internal Server Error"]LOG]!><time="13:04:12.931+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:119"> <![LOG[Failed to validate CCM Token. Error 0x800706be]LOG]!><time="13:05:02.044+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:967"> <![LOG[Failed to verify SCCM token with requesting URL 'HTTPS://myserver.domain.local:34728/CCM_SYSTEM_TOKENAUTH/REQUEST'. Error 0x800706be]LOG]!><time="13:05:02.044+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:550"> <![LOG[Failing HTTP request with status code 500.1 with HR 0x800706be and reason "Internal Server Error"]LOG]!><time="13:05:02.044+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:119"> <![LOG[Failed to validate CCM Token. Error 0x800706be]LOG]!><time="13:05:16.363+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:967"> <![LOG[Failed to verify SCCM token with requesting URL 'HTTPS://myserver.domain.local:34728/CCM_SYSTEM_TOKENAUTH/REQUEST'. Error 0x800706be]LOG]!><time="13:05:16.363+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:550"> <![LOG[Failing HTTP request with status code 500.1 with HR 0x800706be and reason "Internal Server Error"]LOG]!><time="13:05:16.363+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:119"> <![LOG[ValidateSCCMToken failed to get isapi proxy. Error 0x80070005]LOG]!><time="13:06:13.539+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:961"> <![LOG[Failed to verify SCCM token with requesting URL 'HTTPS://myserver.domain.local:1234/CCM_SYSTEM_TOKENAUTH/REQUEST'. Error 0x80070005]LOG]!><time="13:06:13.539+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:550"> <![LOG[Failing HTTP request with status code 500.1 with HR 0x80070005 and reason "Internal Server Error"]LOG]!><time="13:06:13.539+420" date="07-18-2024" component="DeviceCertAuthModule" context="" type="3" thread="8420" file="devicecertauthmodule.cpp:119"> Anyone else facing this issue? I am running MCEM on a single server that may be the only detail I could think of that might be missing.
Toastgun
Copper Contributor
Nov 11, 2024
cloud-attached management
cm current branch
569Views
0likes
1Comment

Resources

Tags

cm current branch243 Topics
software update management104 Topics
General92 Topics
Operating System Deployment85 Topics
App Management62 Topics
Site Setup and client deployment61 Topics
SCCM38 Topics
cloud-attached management37 Topics
CM 201236 Topics
Security and Compliance25 Topics

Share