Re-Join SCCM Client to Intune for Co-Managed join Type
Hello, I have been using SCCM for a long time, I have it is setup for Co-management, and all my workloads are moved over to Intune. I have a few clients that for one reason or other have not been added to Intune. I can get them onboarded, but the join type always ends up Intune. I am trying to find out the correct recipe to reenroll an SCCM client to Intune. I have tried uninstalling the SCCM client and reinstalling. I have tried removing registry keys for Intune to ensure it joins again. I have used DSREGCMD to leave and join back. I have completely removed from Domain and deleted from Intune. I have tried combinations of all of these things together. I have yet to come up with a specific order to do them in. I still think there is some remnant that is preventing a rejoin. Does anyone have details that help me to get systems to rejoin via SCCM? Some may say what is the difference. The difference is there are tools that are not present if the Join type is incorrect. Best regards and thanks.
MECM OSD TS Application Installations fail randomly to download content.
We are experiencing a persistent and well-documented issue with MECM OSD Task Sequences where Applications randomly fail to install after the MECM client has been installed. This behavior seems to affect many environments and has been an ongoing problem for years, yet a definitive solution remains elusive. In our case, we have over 30 Applications included in the OSD Task Sequence. Despite implementing all commonly recommended mitigations—such as inserting an additional restart after the MECM client installation and including a two-minute delay before the Application install task group begins—we still encounter random failures. The issue is not limited to any specific Application; it can be any one of the 30+ Apps, and the failure to download appears to occur entirely at random. Occasionally, most of the Applications install successfully, and only one will fail, which subsequently causes the entire Task Sequence to fail with the same error. Importantly, all of these Applications install without any issues post-OSD, further confirming that the problem lies not with the Applications themselves but with the process during the Task Sequence. The randomness of which App fails also suggests an underlying process, feature, or timing issue—not an App configuration problem. We have thoroughly validated all related infrastructure settings: Boundaries and boundary groups have been triple-checked. No boundary is assigned to multiple groups. Site system assignments are correct. We are using PKI certificates and HTTPS, and the client authentication certificate is present on the device at the time of failure. The issue has been replicated across both Windows 10 and Windows 11, ruling out any specific cumulative updates or OS version anomalies. No additional language packs are being installed—only language fallback is applied via the "Apply Windows Settings" step. One suspicious observation is the lack of any reference to our local Distribution Point in the LocationServices or CAS logs during failure events. Initially, this pointed to a possible boundary misconfiguration, but after multiple checks, no issues have been identified. Unfortunately, we are unable to use the common workaround of converting Applications to Packages, due to internal policies and deployment requirements. Therefore, we need to resolve this while continuing to use Applications in the Task Sequence. Given the number of years this issue has persisted across customer environments, it's surprising there isn’t more formal guidance or documentation available to help isolate the root cause. If anyone has encountered a similar scenario or has any advanced troubleshooting tips, we would greatly appreciate your insight.
Problem with running TS OSD from Windows
Hello everyone. I have a problem that I can't solve for a long time... This trouble is happening during with only running TS OSD from Windows (step - Restart in Winpe). If booted from PXE - works ok. I having trouble with a particular model (Acer Veriton Vero B650). There is no problem on many other different models. UEFI. Bitlocker and antivirus disabled. Windows 11 x64 ltsc 2024. SecureBoot enabled or disabled - does not matter. All drivers added to boot.wim Maybe someone has encountered something similar. Could you please explain the mechanism of deployment not from PXE, but from Windows, or help to find out the reason for the impossibility of TS OSD running from Windows (step - Restart in Winpe). apparently the error occurs at the stage of saving bcdMicrosoft Patching is not working until User logon to the newly imaged device
Hi All, I have a customer that they have two separate SCCM and WSUS environments in the same domain and they use SCCM for OS imaging and WSUS for patch updates. The problem is end user hast to logon to the device after imaging the OS using SCCM to kick start the patching process from WSUS. My client's understanding is that it should work without user logon to the device since GPO targeted to all authenticated users. Please also note that the computer objects and other settings are working without any issues. I would appreciate if anyone come across such a behavior and there is any workaround that we can do kick start the patching regardless of user login or is this behavior by design? Thanks, DilanLocal administrator created during OSD doesn't get administrator access
This is an issue at the intersection between application deployment (via task sequence) and operating-system deployment. I have a setup.exe installer (actually, several of them, all part of the same collection - but the issue can be illustrated by talking about just one) which works fine when run as an ordinary local administrator, but fails with error 1619 when run as SYSTEM. As best I've been able to determine, the installer detects that the embedded MSI would be extracted to a location under the Windows folder, decides that's a security violation, and intentionally does things in a way that will result in this error. To work around this, I have created a task sequence (without a boot image) to run the installation as a temporary local administrator account. Specifically, this task sequence has the following series of actions: * A Run Command Line action to create a new local user account, by running 'net user TEMPORARYUSERNAME PASSWORD /add'. * A Run Command Line action to add that user to the local Administrators group, by running 'net localgroup Administrators TEMPORARYUSERNAME /add'. * A Run Command Line action to invoke the setup.exe from its package, with the "run this step from the following account" box checked, the username set to '%computername%\TEMPORARYUSERNAME', and the password entered accordingly. * A Run Command Line action to delete the temporary local user, by running 'net user TEMPORARYUSERNAME /delete'. If I create a deployment of this task sequence to a collection, and invoke it manually from the Software Center, it works; the program is installed as intended, and the user is created and cleaned up along the way. Event Viewer does log a warning (or perhaps an error) indicating having failed to load the user profile for this account, but that doesn't seem to do any harm, and I haven't yet found any way to avoid having it happen. If I then go to an OSD task sequence and add a Run Task Sequence action (after rebooting out of Windows PE and into Windows proper) which invokes the above task sequence, and then deploy that OSD task sequence to a computer, the embedded task sequence fails. More specifically, it gets as far as the action which invokes setup.exe, and then records that the installation failed with error 1603. As best I can determine based on analyzing the logs, the 1603 in this case is a simple "access denied" error, and means that the account which is being used to run the program does not have write access to the install location. However, because the user has been added to the local Administrators group, that user should have Administrator-level access to the entire system - including the install location. The fact that this install succeeds when invoked from Software Center seems to indicate that this user *does* in fact get such access in that environment - but in the post-WinPE OSD environment, it apparently does not. I have gone so far as to add a reboot step in between the step which adds the temporary account to the local Administrators group and the step which invokes setup.exe, in the hopes that the reboot would lead the system to recognize that the temporary account is a member of that group. However, this did not appear to produce any change in the behavior of the setup.exe step. My first question is: How can I get Windows to properly grant local Administrator access (and, as a consequence, write access to the install location) to this user no matter which environment the "inner" task sequence is run from? If there's no apparent way to do that, my second question is: How else can I get this install to run as a non-SYSTEM user with local administrator access? Running as the built-in administrator account itself is not really an option. We manage that account's password with LAPS, so while I know what that password is at Windows install time, as soon as we join the domain (which, for various reasons, will have happened by this point in the task sequence) there's a possibility that the password will have changed; as a result, I can't specify that password in the Run Command Line action.
Desktop Analytics - Internet Access Requirements
Hi, we have configured Desktop Analytics and connection health has the majority of devices as properly enrolled, however we have around 130 with a configuration alert of "Can't connect to the Connected User Experience and Telemetry endpoint (Vortex). Check your network/proxy settings" We don't have a proxy. With 90% working, I can't see how the network might be configured wrong. The one thing that stands out are that the majority of the 130 devices are either generic logons or autologon kiosks that don't have internet access. This leads me to does desktop analytics require a user to be logged on and for that user to have internet access? is it possible that as a fallback to this requirement DA tries to connect to the Telemetry with some sort of anonymous connection or using the device system account or maybe using a MECM service account. (does that MECM service account then need internet access?) If 2, i'd think I'd need to supply our firewall team with the exact requirements there, I can find all the endpoint contacts in doco, but what account do I have to get them to let through?
Regional Settings reverting to English United States
Hi All I am getting weird issue in my environment during OSD. I am having MDT integration with SCCM and using UDI wizard to get input for Keyboard Layout,UserLocale, TimeZone and Time Currency Format during imaging phase. Everything was working fine as is 10 days ago. Now what I notice is during OS imaging KeyBoard Layout is correct which is being selected during UDI (For instance lets say Danish KeyBoard Layout). As soon as OS imaging is completed whenever any domain user signs in, Keyboard Layout, Location and user locale is reverted to English (United States). My environment is having SCCM 2010 with ADK 2004 currently. I have tested behaviour with Windows 10 1803 and 1909, its all same behaviour. Any suggestions or inputs what can be wrong here. I am actually running out of troubleshooting steps to catch hold of this issue. Thanks in advance. Regards Anand Prasad
CreateProcessAsUser Error 5 - ServiceUI.exe
Hi All I've recently updated my SCCM Site version to v1910, since performing this update i've been having issues with my Upgrade Task Sequence. Previously i've had a command line step in the upgrade task sequence to run a manually built "Windows 10 Splash Screen" using ServiceUI.exe to allow the user to install or postpone the upgrade. This has been issue free until the update to SCCM 1910, since then when i try to run the task sequence the following step fails with this error. Has anyone got any idea how i can resolve this? Been racking my brain for days now...
Win7 to Win10 1803/1809 in-place upgrade Task Sequence breaks with no apparent error code
Hi, We’re migrating from Win7SP1 to Win10 Ent. 1803/1809 in our corporate environment. Strange thing noticed is migration TS always breaks on Latitude E7470 after ‘Upgrade Operating System’ task. Other models (E7440, E7450, E6440, O7010, O9020, T7910, etc.) don't have such issue at large. Almost 50 nos. of E7470 is tried and all of them got the same issue. Currently migration on this particular model is on hold. Didn’t see anyone mentioning the same issue anywhere. TS screenshot as well as last few lines from smsts.log is copied below. As you can see there is no error reported by the task. But a reboot is initiated somehow, which breaks Task Sequence and then it doesn’t go further. In general, what are the reasons why such error occur?! Process completed with exit code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) !--------------------------------------------------------------------------------------------! TSManager 19/06/2019 18:55:23 7816 (0x1E88) Successfully completed the action (Upgrade Operating System) with the exit win32 code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionRetCode=0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionName=Upgrade Operating System TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionSucceeded=true TSManager 19/06/2019 18:55:24 7816 (0x1E88) Clear local default environment TSManager 19/06/2019 18:55:24 7816 (0x1E88) The action (Upgrade Operating System) requested a retry TSManager 19/06/2019 18:55:24 7816 (0x1E88) Created volatile registry entry for pending reboot initiated by this task sequence TSManager 19/06/2019 18:55:24 7816 (0x1E88) Executing command line: "bcdedit.exe" with options (0, 0) TSManager 19/06/2019 18:55:24 7816 (0x1E88) Process completed with exit code 0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) TSUEFIDrive: TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object D:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTaskSequence. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Save the current environment block TSManager 19/06/2019 18:55:24 7816 (0x1E88) Expand a string: %_SMSTSMDataPath%\Logs TSManager 19/06/2019 18:55:24 7816 (0x1E88) _SMSTSReturnToGINA variable set to: TSManager 19/06/2019 18:55:54 7816 (0x1E88) SMSTSUninstallCCMClient variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) _SMSTSCaptureMedia variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) The action (Upgrade Operating System) initiated a reboot request TSManager 19/06/2019 18:55:54 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:54 7816 (0x1E88) **************************************************************************** TSManager 19/06/2019 18:55:54 7816 (0x1E88) Execution engine result code: Reboot (2) TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager ServiceMain finished execution. TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager execution terminated as system shutdown is in progress. Code 0x00000000 TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 7816 (0x1E88) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 7816 (0x1E88) End program: TSManager 19/06/2019 18:55:54 7816 (0x1E88) Stopping Task Sequence Manager service TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 4588 (0x11EC) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 4588 (0x11EC) End program: TSManager 19/06/2019 18:55:54 4588 (0x11EC)Desktop Analytics - “Office 365 ProPlus”
We implemented Desktop Analytics in our environment. I'm missing the Option “Office 365 ProPlus” in the portal. The Video https://www.youtube.com/watch?v=-tAqDSRPW7Q shows at 21:57 an Option “Office 365 ProPlus” We do not see this option in our environment. Did we miss some configuration.
