WSUS Sync Failing
Within the last hour or so I have carried up a cleanup of our WSUS and reindexed the database as per this article https://blogs.technet.microsoft.com/configurationmgr/2016/01/26/the-complete-guide-to-microsoft-wsus-and-configuration-manager-sup-maintenance/ Once complete I re-enable the SUP schedule and WSUS has not been able to Sync since. Our SCCM Version is 1702 with the hotfix, hosted on a Server 2012r2 system. WSUS content is within a SQL database. WCM.log; "System.Net.WebException: The request failed with HTTP status 403: Target service not allowed.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)" WsusCtrl.log does not seem to indicate any proxy related errors; "No changes - local WSUS Server Proxy settings are correctly configured as Proxy Name ####### and Proxy Port ##"
CreateProcessAsUser Error 5 - ServiceUI.exe
Hi All I've recently updated my SCCM Site version to v1910, since performing this update i've been having issues with my Upgrade Task Sequence. Previously i've had a command line step in the upgrade task sequence to run a manually built "Windows 10 Splash Screen" using ServiceUI.exe to allow the user to install or postpone the upgrade. This has been issue free until the update to SCCM 1910, since then when i try to run the task sequence the following step fails with this error. Has anyone got any idea how i can resolve this? Been racking my brain for days now...UPGRADE_EXPERIENCE_INDICATORS in Resource Explorer
We are seeing that the Config Manager hardware inventory contains the UPGRADE_EXPERIENCE_INDICATORS section which shows data that appears to be about upgrade compatibility to specific builds (with CO21H2 being Windows 11 21H2, for example). Could someone please share what the attributes named Upg Ex Prop and Upg Ex U and the color values they have actually mean? We've seen Red, Orange, Yellow, and Green, but it doesn't appear to be documented anywhere what the attributes or values represent. We would like to use these values for collection membership and Windows 11 Upgrade task sequence deployment, but want to fully understand what they represent. Note: We have compared these to what is shown in Endpoint Analytics for Windows 11 readiness status. While green has matched Capable and red has matched Not Capable, we're seeing a mix of Capable and Unknown for both yellow and orange. Thank you.
CMG Error in 2006
I am experiencing a lot of error in the ProxyService_IN_0-CMGService.log file on my production machine. The errors are shown below. We are not using PKI, we use a public wildcard cert for server authentication. I have virtually an exact duplicate setup with a public cert and no errors are being reported in the log files. When ever I run the CMG Analyzer I get error at "Check Config setting are up to date" or "Testing the CMG Channel" They will never pass. In my test environment they will pass within about 10 seconds of starting. Could this error be coming from the CMG server itself. ERROR: Security token validation exception with requesting URL https://xxx.xxx.xxxx/CCM_Proxy_ServerAuth/72057594037927940/CCM_STS. System.IdentityModel.Tokens.SecurityTokenValidationException: System.Security.Cryptography.CryptographicException: CryptVerifySignature failed with HRESULT 0x80090006~~ at Microsoft.ConfigurationManager.CommonBase.SignatureUtilities.ValidateSignature(Byte[] token, Byte[] signature, Byte[] publicKey)~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey) ---> System.Security.Cryptography.CryptographicException: CryptVerifySignature failed with HRESULT 0x80090006~~ at Microsoft.ConfigurationManager.CommonBase.SignatureUtilities.ValidateSignature(Byte[] token, Byte[] signature, Byte[] publicKey)~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey)~~ --- End of inner exception stack trace ---~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey)~~ at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateTokenEx(String token, String tokenHint)~~ at Microsoft.ConfigurationManager.BgbServerChannel.BgbServerReverseProxy.ValidateAuthorizationToken(String authorizationToken, EndpointClientAuthScheme clientAuthScheme, Uri requestUri, IToken& validatedToken, EndpointClientAuthScheme& validatedScheme)
MaintenanceCoordinator Orchestration Lock is required
I have been getting this since installing the update that converted Server Groups to Orchestration Groups. I have removed all "converted" Server Groups and now have no Orchestration Groups. I have uninstalled and deleted the devices from ConfigMgr. Discovered and Re-installed the client but the clients all still never install "required" updates. The will just say "waiting to install" In the MaintencanceCoordinator.log file it will say ... Task did not pass service window check CheckServiceWindow() Orchestration lock is required LockIsAvailable RequestSent: 00000001 Start Timer: 60 Basic Timer is already queued It will just keep repeating that over and over. Thanks for any suggestions.
Error with HTTPS/PXE on DP
I am running into an error when trying to load the PXE provider on a DP that has been enabled for HTTPS communication utilizing an internal CA. I have followed all the guides for setting up the PKI environment and certificate requirements for this and have everything configured correctly I think on the DP/MP. Troubleshooting steps have included all the normal stuff: remove DP role, verify that WDS was uninstalled, remove RemoteInstall folder and everything else I could find, all to no avail. The issue looks like it doesn't recognize that the DP is configured for SSL, but it clearly is. Listed below is the section of the SMSPXE.log file that is showing the errors. ================= PXE Provider loaded. ===================== Machine is running Windows Longhorn. (NTVersion=0XA00, ServicePack=0) Cannot read the registry value of MACIgnoreListFile (00000000) MAC Ignore List Filename in registry is empty Begin validation of Certificate [Thumbprint 33FB3DF0E2583F55CE8CFBC0B724FF152A83B22B] issued to server.name' Completed validation of Certificate [Thumbprint 33FB3DF0E2583F55CE8CFBC0B724FF152A83B22B] issued to server.name ' Using values from 'AllowedMPs' key. Prioritizing local MP server.name. Client is set to use HTTPS when available. The current state is 1472. Not in SSL. RequestMPKeyInformation: Send() failed. Unsuccessful in getting MP key information. 80004005. PXE::MP_InitializeTransport failed; 0x80004005 PXE::MP_LookupDevice failed; 0x80070490 PXE Provider failed to initialize MP connection. Element not found. (Error: 80070490; Source: Windows) Using values from 'AllowedMPs' key. Prioritizing local MP server.name. Not in SSL. RequestMPKeyInformation: Send() failed. Unsuccessful in getting MP key information. 80004005. PXE::MP_InitializeTransport failed; 0x80004005 PXE::MP_ReportStatus failed; 0x80070490 PXE::CPolicyProvider::InitializeMPConnection failed; 0x80070490 PXE::CBootImageInfo::CBootImageInfo: key= Adding 04900FFC.10 Adding 04900FFF.7 Found new image 04900FFC Loaded Windows Imaging API DLL (version '10.0.18362.1') from location 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimgapi.dll' Opening image file E:\RemoteInstall\SMSImages\04900FFC\WinPE.04900FFC.wim Found Image file: E:\RemoteInstall\SMSImages\04900FFC\WinPE.04900FFC.wim PackageID: 04900FFC ProductName: Microsoft® Windows® Operating System Architecture: 9 Description: Microsoft Windows PE (x64) Version: Creator: SystemDir: WINDOWS Closing image file E:\RemoteInstall\SMSImages\04900FFC\WinPE.04900FFC.wim Found new image 04900FFF Loaded Windows Imaging API DLL (version '10.0.18362.1') from location 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimgapi.dll' Opening image file E:\RemoteInstall\SMSImages\04900FFF\WinPE.04900FFF.wim Found Image file: E:\RemoteInstall\SMSImages\04900FFF\WinPE.04900FFF.wim PackageID: 04900FFF ProductName: Microsoft® Windows® Operating System Architecture: 0 Description: Microsoft Windows PE (x86) Version: Creator: SystemDir: WINDOWS Closing image file E:\RemoteInstall\SMSImages\04900FFF\WinPE.04900FFF.wim Begin validation of Certificate [Thumbprint 33FB3DF0E2583F55CE8CFBC0B724FF152A83B22B] issued to server.name ' Completed validation of Certificate [Thumbprint 33FB3DF0E2583F55CE8CFBC0B724FF152A83B22B] issued to server.name ' PXE Provider finished loading. I need to know how to make it see that it is in HTTPS mode and use that mode to communicate with the MP. I have attached the screen shots of my MP/DP Communication Settings I have also added an IIS cert to my default website on this same server. Any help would be greatly appreciated.
Win7 to Win10 1803/1809 in-place upgrade Task Sequence breaks with no apparent error code
Hi, We’re migrating from Win7SP1 to Win10 Ent. 1803/1809 in our corporate environment. Strange thing noticed is migration TS always breaks on Latitude E7470 after ‘Upgrade Operating System’ task. Other models (E7440, E7450, E6440, O7010, O9020, T7910, etc.) don't have such issue at large. Almost 50 nos. of E7470 is tried and all of them got the same issue. Currently migration on this particular model is on hold. Didn’t see anyone mentioning the same issue anywhere. TS screenshot as well as last few lines from smsts.log is copied below. As you can see there is no error reported by the task. But a reboot is initiated somehow, which breaks Task Sequence and then it doesn’t go further. In general, what are the reasons why such error occur?! Process completed with exit code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) !--------------------------------------------------------------------------------------------! TSManager 19/06/2019 18:55:23 7816 (0x1E88) Successfully completed the action (Upgrade Operating System) with the exit win32 code 0 TSManager 19/06/2019 18:55:23 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionRetCode=0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionName=Upgrade Operating System TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSLastActionSucceeded=true TSManager 19/06/2019 18:55:24 7816 (0x1E88) Clear local default environment TSManager 19/06/2019 18:55:24 7816 (0x1E88) The action (Upgrade Operating System) requested a retry TSManager 19/06/2019 18:55:24 7816 (0x1E88) Created volatile registry entry for pending reboot initiated by this task sequence TSManager 19/06/2019 18:55:24 7816 (0x1E88) Executing command line: "bcdedit.exe" with options (0, 0) TSManager 19/06/2019 18:55:24 7816 (0x1E88) Process completed with exit code 0 TSManager 19/06/2019 18:55:24 7816 (0x1E88) TSUEFIDrive: TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object D:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Updated security on object C:\_SMSTaskSequence. TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSNextInstructionPointer=64 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a global environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Set a TS execution environment variable _SMSTSInstructionStackString=27 TSManager 19/06/2019 18:55:24 7816 (0x1E88) Save the current environment block TSManager 19/06/2019 18:55:24 7816 (0x1E88) Expand a string: %_SMSTSMDataPath%\Logs TSManager 19/06/2019 18:55:24 7816 (0x1E88) _SMSTSReturnToGINA variable set to: TSManager 19/06/2019 18:55:54 7816 (0x1E88) SMSTSUninstallCCMClient variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) _SMSTSCaptureMedia variable set to false TSManager 19/06/2019 18:55:54 7816 (0x1E88) The action (Upgrade Operating System) initiated a reboot request TSManager 19/06/2019 18:55:54 7816 (0x1E88) Not in SSL TSManager 19/06/2019 18:55:54 7816 (0x1E88) **************************************************************************** TSManager 19/06/2019 18:55:54 7816 (0x1E88) Execution engine result code: Reboot (2) TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager ServiceMain finished execution. TSManager 19/06/2019 18:55:54 7816 (0x1E88) Task Sequence Manager execution terminated as system shutdown is in progress. Code 0x00000000 TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 7816 (0x1E88) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 7816 (0x1E88) End program: TSManager 19/06/2019 18:55:54 7816 (0x1E88) Stopping Task Sequence Manager service TSManager 19/06/2019 18:55:54 7816 (0x1E88) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 19/06/2019 18:55:54 4588 (0x11EC) GetTsRegValue() is unsuccessful. 0x80070002. TSManager 19/06/2019 18:55:54 4588 (0x11EC) End program: TSManager 19/06/2019 18:55:54 4588 (0x11EC)
All Windows Server OS(Mostly 2019) DP's not upgrading to 2207
FYI... This issue is happening again since last week and this time it is not just server DP's but Windows 10 DP's also. It is not a result of MECM server upgrade maybe Feb patches got installed on the primary server but very few DP's are fine. Last friday i upgraded CM from 2203 to 2207 version. I saw no error after the upgrade. I have a bunch of Win 10 computers as DP's and those DP's got upgraded to new version(5.00.9088.1000) but all the Windows Server OS DP's failed to upgrade. FYI... Site server is an admin on all the DP's and nothing has changed. Here is a screenshot of distmgr.log error. vcredist_x64.exe is already installed on all the server DP's last year probably with 223 upgrade. I do not see any errors in the firewall or antivirus software. Not sure what could be the issue.
