SCCM applies DoNotConnectToWindowsUpdateInternetLocations registry during OS install task sequence
Hi, We are facing problem where SCCM 2203 applies DoNotConnectToWindowsUpdateInternetLocations registry key for windows update policies. I went trough all GPO and there is not any policy which apply this setting, but each new laptop or VM installed through SCCM contains this registry key. I did a test and I build as simple Task Sequence for installing Windows 11 as possible without domain without SCCM Client App. Windows 11 is clear image without any customization, just added install.wim into SCCM. Unatended.xml also does not contains this. So this settings must come up from SCCM itselfs. I went through Default Client Settings and also didn't find any item which could be related. Only what I think could be related is "Enable software updates on clients" which I have "No" because I do not want to manage windows updated with SCCM but standalone WSUS. Any idea why fresh SCCM deployed windows, which is workgroup without domain, contains DoNotConnectToWindowsUpdateInternetLocations registry key? (GP cannot be applied) Edit: When I delete this key manually, it is never added again, so it's really just SCCM install task sequence or something which must add it. Simple TS I used for testing if registry key will be applied. Thanks
CreateProcessAsUser Error 5 - ServiceUI.exe
Hi All I've recently updated my SCCM Site version to v1910, since performing this update i've been having issues with my Upgrade Task Sequence. Previously i've had a command line step in the upgrade task sequence to run a manually built "Windows 10 Splash Screen" using ServiceUI.exe to allow the user to install or postpone the upgrade. This has been issue free until the update to SCCM 1910, since then when i try to run the task sequence the following step fails with this error. Has anyone got any idea how i can resolve this? Been racking my brain for days now...
Local administrator created during OSD doesn't get administrator access
This is an issue at the intersection between application deployment (via task sequence) and operating-system deployment. I have a setup.exe installer (actually, several of them, all part of the same collection - but the issue can be illustrated by talking about just one) which works fine when run as an ordinary local administrator, but fails with error 1619 when run as SYSTEM. As best I've been able to determine, the installer detects that the embedded MSI would be extracted to a location under the Windows folder, decides that's a security violation, and intentionally does things in a way that will result in this error. To work around this, I have created a task sequence (without a boot image) to run the installation as a temporary local administrator account. Specifically, this task sequence has the following series of actions: * A Run Command Line action to create a new local user account, by running 'net user TEMPORARYUSERNAME PASSWORD /add'. * A Run Command Line action to add that user to the local Administrators group, by running 'net localgroup Administrators TEMPORARYUSERNAME /add'. * A Run Command Line action to invoke the setup.exe from its package, with the "run this step from the following account" box checked, the username set to '%computername%\TEMPORARYUSERNAME', and the password entered accordingly. * A Run Command Line action to delete the temporary local user, by running 'net user TEMPORARYUSERNAME /delete'. If I create a deployment of this task sequence to a collection, and invoke it manually from the Software Center, it works; the program is installed as intended, and the user is created and cleaned up along the way. Event Viewer does log a warning (or perhaps an error) indicating having failed to load the user profile for this account, but that doesn't seem to do any harm, and I haven't yet found any way to avoid having it happen. If I then go to an OSD task sequence and add a Run Task Sequence action (after rebooting out of Windows PE and into Windows proper) which invokes the above task sequence, and then deploy that OSD task sequence to a computer, the embedded task sequence fails. More specifically, it gets as far as the action which invokes setup.exe, and then records that the installation failed with error 1603. As best I can determine based on analyzing the logs, the 1603 in this case is a simple "access denied" error, and means that the account which is being used to run the program does not have write access to the install location. However, because the user has been added to the local Administrators group, that user should have Administrator-level access to the entire system - including the install location. The fact that this install succeeds when invoked from Software Center seems to indicate that this user *does* in fact get such access in that environment - but in the post-WinPE OSD environment, it apparently does not. I have gone so far as to add a reboot step in between the step which adds the temporary account to the local Administrators group and the step which invokes setup.exe, in the hopes that the reboot would lead the system to recognize that the temporary account is a member of that group. However, this did not appear to produce any change in the behavior of the setup.exe step. My first question is: How can I get Windows to properly grant local Administrator access (and, as a consequence, write access to the install location) to this user no matter which environment the "inner" task sequence is run from? If there's no apparent way to do that, my second question is: How else can I get this install to run as a non-SYSTEM user with local administrator access? Running as the built-in administrator account itself is not really an option. We manage that account's password with LAPS, so while I know what that password is at Windows install time, as soon as we join the domain (which, for various reasons, will have happened by this point in the task sequence) there's a possibility that the password will have changed; as a result, I can't specify that password in the Run Command Line action.
Win7 to Win10 1803/1809 in-place upgrade Task Sequence breaks with no apparent error code
Hi, We’re migrating from Win7SP1 to Win10 Ent. 1803/1809 in our corporate environment. Strange thing noticed is migration TS always breaks on Latitude E7470 after ‘Upgrade Operating System’ task. Other models (E7440, E7450, E6440, O7010, O9020, T7910, etc.) don't have such issue at large. Almost 50 nos. of E7470 is tried and all of them got the same issue. Currently migration on this particular model is on hold. Didn’t see anyone mentioning the same issue anywhere. TS screenshot as well as last few lines from smsts.log is copied below. As you can see there is no error reported by the task. But a reboot is initiated somehow, which breaks Task Sequence and then it doesn’t go further. In general, what are the reasons why such error occur?! Process completed with exit code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) !--------------------------------------------------------------------------------------------! TSManager 19/06/2019 18:55:23 7816 (0x1E88) Successfully completed the action (Upgrade Operating System) with the exit win32 code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionRetCode=0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionName=Upgrade Operating System TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionSucceeded=true TSManager 19/06/2019 18:55:24 7816 (0x1E88) Clear local default environment TSManager 19/06/2019 18:55:24 7816 (0x1E88) The action (Upgrade Operating System) requested a retry TSManager 19/06/2019 18:55:24 7816 (0x1E88) Created volatile registry entry for pending reboot initiated by this task sequence TSManager 19/06/2019 18:55:24 7816 (0x1E88) Executing command line: "bcdedit.exe" with options (0, 0) TSManager 19/06/2019 18:55:24 7816 (0x1E88) Process completed with exit code 0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) TSUEFIDrive: TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object D:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTaskSequence. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Save the current environment block TSManager 19/06/2019 18:55:24 7816 (0x1E88) Expand a string: %_SMSTSMDataPath%\Logs TSManager 19/06/2019 18:55:24 7816 (0x1E88) _SMSTSReturnToGINA variable set to: TSManager 19/06/2019 18:55:54 7816 (0x1E88) SMSTSUninstallCCMClient variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) _SMSTSCaptureMedia variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) The action (Upgrade Operating System) initiated a reboot request TSManager 19/06/2019 18:55:54 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:54 7816 (0x1E88) **************************************************************************** TSManager 19/06/2019 18:55:54 7816 (0x1E88) Execution engine result code: Reboot (2) TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager ServiceMain finished execution. TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager execution terminated as system shutdown is in progress. Code 0x00000000 TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 7816 (0x1E88) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 7816 (0x1E88) End program: TSManager 19/06/2019 18:55:54 7816 (0x1E88) Stopping Task Sequence Manager service TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 4588 (0x11EC) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 4588 (0x11EC) End program: TSManager 19/06/2019 18:55:54 4588 (0x11EC)Failed to update boot image after SCCM v2006 update : "File = "..\\sspbootimagepackage.cpp";"
Got the new ADK and PE all installed. Error in SMSPROV: Failed to copy file '\\SCCM-Server\SMS_CSF\OSD\\bin\x64\ccmcore.dll' to 'C:\WINDOWS\TEMP\BootImages\{5A21EF4D-9AFE-493E-AD98-D60123456D54}\mount\sms\bin\x64\ccmcore.dll' Full error: Error: The wizard detected the following problems when updating the boot image. • Failed to insert OSD binaries into the mounted WIM file The SMS Provider reported an error.: ConfigMgr Error Object: instance of SMS_ExtendedStatus { • Description = "Failed to inject OSD binaries into mounted WIM file (often happens if unsigned drivers are inserted into x64 boot image)"; • ErrorCode = 2152205056; • File = "..\\sspbootimagepackage.cpp"; • Line = 5482; • ObjectInfo = "CSspBootImagePackage::PreRefreshPkgSrcHook"; • Operation = "ExecMethod"; • ParameterInfo = "SMS_BootImagePackage.PackageID=\"CSF00005\""; • ProviderName = "WinMgmt"; • StatusCode = 2147749889; Little help here cos I am googled out.... ThanksDesktop Analytics - Internet Access Requirements
Hi, we have configured Desktop Analytics and connection health has the majority of devices as properly enrolled, however we have around 130 with a configuration alert of "Can't connect to the Connected User Experience and Telemetry endpoint (Vortex). Check your network/proxy settings" We don't have a proxy. With 90% working, I can't see how the network might be configured wrong. The one thing that stands out are that the majority of the 130 devices are either generic logons or autologon kiosks that don't have internet access. This leads me to does desktop analytics require a user to be logged on and for that user to have internet access? is it possible that as a fallback to this requirement DA tries to connect to the Telemetry with some sort of anonymous connection or using the device system account or maybe using a MECM service account. (does that MECM service account then need internet access?) If 2, i'd think I'd need to supply our firewall team with the exact requirements there, I can find all the endpoint contacts in doco, but what account do I have to get them to let through?SCOM
hey, I need to ask a question about Transaction monitoring, SCOM2016 Windows server 2016 IE 11 when I click capture it runs IE put without web recorder pane I tried : https://docs.microsoft.com/en-us/previous-versions/system-center/system-center-2012-R2/hh457546(v=sc.12)?redirectedfrom=MSDN and change the registry value for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\IEXPLORE.EXE but still not open. any advice. thank you for your time. update: I tried Windows Server 2012r2 still negative status. I tried Windows Server 2016 still negative status. I tried Windows 10x64 still negative status.
After sucsessfull OSD (Win10) trying to reinstall the client PC with the same TS fails
Hi, i created a TS do deploy Win 10 on a Client. All works fine so far. It´s a test enviroment so i done some changes at the TS and try to reinstall the same Client with the same TS. Result is, the PXE starts and the SCCM screen appears but the PC reboot and starts the previous installed Windows 10... Iam new to the SCCM so where can i find log´s to see whats going on (logname)Desktop Analytics - “Office 365 ProPlus”
We implemented Desktop Analytics in our environment. I'm missing the Option “Office 365 ProPlus” in the portal. The Video https://www.youtube.com/watch?v=-tAqDSRPW7Q shows at 21:57 an Option “Office 365 ProPlus” We do not see this option in our environment. Did we miss some configuration.
