User Profile
kfrancis
Brass Contributor
Joined 8 years ago
User Widgets
Recent Discussions
Cloud Management Gateway for Azure AD Hybrid Joined Windows 10 Workstations
I have my CMG setup and a handful of Azure AD Hybrid Joined Windows 10 Workstations (1809 and 1903) are getting a Client Setting to use the CMG. My servers and my clients are 1902 and I have Enhanced HTTP enabled. I used a third party certificate from a public and globally trusted certificate provider for the CMG server authentication certificate. However, once my workstations try to use the CMG, things go downhill fast. Software Center loads with a blank window. After about five or ten minutes, it loads my customized settings but no content. I'm not great with ConfigMgr logs but ADALOperationProvider.log on the endpoint comes up with "Getting AAD (device) token" with the client ID, ResourceURL, and AccountID every so often but I don't see any errors. LocationServices.log does a lot of this: Ignoring MP error during post-rotation flush period of 20 seconds. LocationServices 8/9/2019 10:44:28 AM 9416 (0x24C8) 0 internet MP errors in the last 10 minutes, threshold is 5. LocationServices 8/9/2019 10:44:28 AM 9416 (0x24C8) 1 internet MP errors in the last 10 minutes, threshold is 5. LocationServices 8/9/2019 11:00:28 AM 4744 (0x1288) 2 internet MP errors in the last 10 minutes, threshold is 5. LocationServices 8/9/2019 11:00:28 AM 212 (0x00D4) 3 internet MP errors in the last 10 minutes, threshold is 5. LocationServices 8/9/2019 11:00:28 AM 212 (0x00D4) 4 internet MP errors in the last 10 minutes, threshold is 5. LocationServices 8/9/2019 11:00:29 AM 212 (0x00D4) Internet MP error threshold reached, moving to next MP. LocationServices 8/9/2019 11:00:29 AM 4280 (0x10B8) Ignoring MP error during post-rotation flush period of 20 seconds. LocationServices 8/9/2019 11:00:29 AM 212 (0x00D4) 0 internet MP errors in the last 10 minutes, threshold is 5. LocationServices 8/9/2019 11:00:29 AM 212 (0x00D4) but if I scroll up enough in the log I do find an error "Failed to get client certificate for transportation. Error 0x87d00281" from around when I powered on the workstation. If I use the Cloud management Gateway connection analyzer with an Azure AD user sign in, it fails on the "Testing the CMG channel for management point: 'thenameoftheMP'" step with the following error: Failed to get ConfigMgr token with Azure AD token. Status code is '401' and status description is 'CMGConnector_Unauthorized'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Unauthorized'. If I use a Client certificate instead, the PFX I used to create the CMG, it has a failure on two steps. "Check configuration settings of the CMG service is up to date" has an error of "Configuration version of the CMG service should be 2. Failed to get CMG service metadata. For more information, see SmsAdminUI.log." The step "Testing the CMG channel for management point: 'thenameoftheMP'" gives me a new error, "Failed to refresh MP location. Selected client certificate is not trusted by the CMG service. Check if certificate chain for the client certificate is specified to upload to the CMG service and check revocation check setting." My Azure AD User discovery is happily chugging along and my Windows 10 workstations in question are successfully Azure AD Hybrid Joined. Any ideas on where I messed up? I followed the instructions athttps://docs.microsoft.com/en-us/sccm/core/clients/manage/cmg/setup-cloud-management-gatewaywhich were pretty good and easy to follow. Does my CMG connection point need to be Azure AD Hybrid Joined in order to use Azure AD for client authentication?My CMG connection point is installed on a 2012 R2 non-Azure AD Hybrid Joined server slated for upgrade to 2019 later this year. My MP and SUP are on the same server.Task Sequence "Upgrade an operating system from an upgrade package" Win7 to Win10 fails bc SCEP
I'm on System Center Configuration Manager Current Branch 1802. My task sequence fails if I have System Center Endpoint Protection installed on the Windows 7 workstation that I want to upgrade. If I remove SCEP, it works great. Is there a way to make the Windows 10 install ignore SCEP? Or are people using a step in the Task Sequence to remove SCEP (and reinstall it during a rollback)? Or am the only one getting this issue?Remove existing MSI versions of Office when upgrading to Office 365 ProPlus
Anyone had a chance to test this? Saw it and had to share. "To help you uninstall versions of Office that use Windows Installer (MSI) as the installation technology, you can use the Office Deployment Tool and specify the RemoveMSI element in your configuration.xml file." https://docs.microsoft.com/en-us/DeployOffice/upgrade-from-msi-versionVoting Buttons in Outlook
Just got a question from an end user. An external sender is using Outlook to include Voting Buttons (https://support.office.com/en-us/article/create-polls-in-email-messages-and-review-the-results-4d10e079-8ea1-489a-a79c-18cb71ae12dd) but when the end user receives the email, there are no Voting Buttons. Is this the expected behavior or should Voting Buttons appear in emails from outside senders?Office 365 Pro Plus - Office Update "This product will not be updated."
Office 365 Pro Plus has started saying "This product will not be updated." on my managed PCs. I'm on Current Branch 1710 (first hotfix) and Office 365 Pro Plus Version 1711 (Build 8730.2127 Click-to-Run). Office 365 Pro Plus updates through ConfigMgrwere working fine as of... November? And I just never noticed that it broke? Might have been 1710 that broke it. Other updates work great. Has anyone ran into this issue? And have a good way to fix it?New Skype4B Hybrid Setup - On-Prem has no Presence for Online Users
Just set up a new Skype4B hybrid (first time in yeeeeeeeeeeers). Attaching an on-premises pool with one set of SIPaddresses to a Skype4B Online environment with another set of domains for SIP addresses. Online users can see the presence info and communicate with On-Prem users. On-Prem users can respond back to Online users if the Online user initiates the conversation. On-Prem users cannot see presence info for Online users and get an error stating "We couldn't reach [user] to send this message." Event Viewer says: "A SIP request made by Lync failed in an unexpected manner (status code 80ef0194). More information is contained in the following technical data:" and " Response Data: 404 Not Found ms-diagnostics: 1003;reason="User does not exist";destination="kfrancis@wildcats.unh.edu";source="sip.unh.edu";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="Yes";ConversationInitiatedBy="6";SourceNetwork="5";RemotePartyCanDoIM="Yes";RetriedInvite="true" " If I move an On-Premises user to the cloud, they can see all the users.
