Windows/Defender Updates not deployed to SCCM server (all clients work fine!)
After battling for a few weeks with this it finally occurred to me to reach out for help, and I found this forum. So here goes… I have a relatively small environment with Windows Updates managed by SCCM. Currently, all clients are receiving updates as expected, the only client that isn’t is the Windows Server that’s hosting SCCM itself. Should I be configuring the winhttp proxy settings on that one server to point to our proxy (I have tried it and it didn’t seem to make a difference)? Without the winhttp proxy set, when I check the Windows update log, it seems to be trying the automatic proxy settings and quite rightly failing. It runs out of options and tries the user proxy as a last resort. I have checked that I can reach the URL configured in the Windows Update settings in Group Policy from the SCCM server and it works fine. Is there something I need to do differently with the SCCM server versus all the other clients? The SCCM client is installed on the SCCM server and is reporting healthy status with expected policies applied like all other managed clients in the estate. The SCCM server is in the same boundary as other servers that are receiving updates. SCCM 2503 running on Windows Server 2019. WSUS is running on the same server. The Software Update Point is configured with proxy settings. Thanks in advance!!Re-Join SCCM Client to Intune for Co-Managed join Type
Hello, I have been using SCCM for a long time, I have it is setup for Co-management, and all my workloads are moved over to Intune. I have a few clients that for one reason or other have not been added to Intune. I can get them onboarded, but the join type always ends up Intune. I am trying to find out the correct recipe to reenroll an SCCM client to Intune. I have tried uninstalling the SCCM client and reinstalling. I have tried removing registry keys for Intune to ensure it joins again. I have used DSREGCMD to leave and join back. I have completely removed from Domain and deleted from Intune. I have tried combinations of all of these things together. I have yet to come up with a specific order to do them in. I still think there is some remnant that is preventing a rejoin. Does anyone have details that help me to get systems to rejoin via SCCM? Some may say what is the difference. The difference is there are tools that are not present if the Join type is incorrect. Best regards and thanks.
How to determine what a Package ID is associated with
We have hundreds of packages, applications, software update packages, driver packages, OS images, etc. There are times I only have a package ID and I need to determine what it is. A royal pain to manually search each one of those categories in the console. Anyone have a Powershell script to find what the package ID is associated with?
Migrate from SCCM 2012 R2 SP1 to Current Branch
Hey folks I am planning to migrate my System Center 2012 R2 Configuration Manager SP1 to the most recent Current Branch of System Center 2025, because the old version is still running on an old windows server version and we need to upgrade to a new windows Server 2025 and also the most recent current branch of configuration manager. Now the documentation for upgrading Configuration Manager https://learn.microsoft.com/en-us/intune/configmgr/core/servers/deploy/install/upgrade-to-configuration-manager states, that upgrading from 2012 is only supported until Current Branch 2203; from 2303 on, you can't do the upgrade anymore. But since this "Important-Warning" message isn't shown on the migration article for Configuration Manager https://learn.microsoft.com/en-us/intune/configmgr/core/migration/migrate-data-between-hierarchies I am wondering if this only applies to upgrading configuration Manager on the same host? Or does it also apply to the scenario where I do a side by side migration (Install latest windows server on a new VM, install latest Current Branch of Configuration Manager and then do a migration via data gathering and migration job). You would help me a lot, because I can't find official info about it and I am very concerned about not being able to do the migration from 2012 to Current Branch 2503.. :( So if it also applies to migration; I can still do migration to 2203 as described in the "migration" article with the video https://www.youtube.com/watch?v=6_0EwW-5b4E and then do an inplace upgrade from 2203 to 2503?Access collections information locally
Is there a way through WMI/Microsoft.SMS.Client comobject to access information from the computer if is in a collection (cached information or otherwise)? I'm not sure if a computer gathers that information somewhere. I can't access that information on the site server or through the AdminService as the account running the commands would be the SYSTEM account. My goal is query if a computer is in a collection and install a piece of software through a task sequence.
MECM OSD TS Application Installations fail randomly to download content.
We are experiencing a persistent and well-documented issue with MECM OSD Task Sequences where Applications randomly fail to install after the MECM client has been installed. This behavior seems to affect many environments and has been an ongoing problem for years, yet a definitive solution remains elusive. In our case, we have over 30 Applications included in the OSD Task Sequence. Despite implementing all commonly recommended mitigations—such as inserting an additional restart after the MECM client installation and including a two-minute delay before the Application install task group begins—we still encounter random failures. The issue is not limited to any specific Application; it can be any one of the 30+ Apps, and the failure to download appears to occur entirely at random. Occasionally, most of the Applications install successfully, and only one will fail, which subsequently causes the entire Task Sequence to fail with the same error. Importantly, all of these Applications install without any issues post-OSD, further confirming that the problem lies not with the Applications themselves but with the process during the Task Sequence. The randomness of which App fails also suggests an underlying process, feature, or timing issue—not an App configuration problem. We have thoroughly validated all related infrastructure settings: Boundaries and boundary groups have been triple-checked. No boundary is assigned to multiple groups. Site system assignments are correct. We are using PKI certificates and HTTPS, and the client authentication certificate is present on the device at the time of failure. The issue has been replicated across both Windows 10 and Windows 11, ruling out any specific cumulative updates or OS version anomalies. No additional language packs are being installed—only language fallback is applied via the "Apply Windows Settings" step. One suspicious observation is the lack of any reference to our local Distribution Point in the LocationServices or CAS logs during failure events. Initially, this pointed to a possible boundary misconfiguration, but after multiple checks, no issues have been identified. Unfortunately, we are unable to use the common workaround of converting Applications to Packages, due to internal policies and deployment requirements. Therefore, we need to resolve this while continuing to use Applications in the Task Sequence. Given the number of years this issue has persisted across customer environments, it's surprising there isn’t more formal guidance or documentation available to help isolate the root cause. If anyone has encountered a similar scenario or has any advanced troubleshooting tips, we would greatly appreciate your insight.Agents will install on 2 DC's but will not get configurations
Hello, I have 2 DC's that when i install the MECM agent on them, they will install but will not get the configuration files and when i open the client on the machines its missing the configurations tab and the action tab only has 2 actions. also, on the general tab of the client, the Client Certificate says "none" I know the easy answer is this is a "boundary issue" but it is not. i have other servers with the same IP address range and they have no issue getting the client fully configured. It is not a local firewall issue as i tried turning it off and got the same results. in the ccmsetup logs i am seeing this "Failed to get MDM_ConfigSetting instance, 0x80041013" can anyone please help figure out what is going on here?? thanks in advance
Configuration Manager possible corruption
I have a collection that appears to be corrupt and receive a generic failure when I try to alter it, I have inherited this environment and seems this collection was setup back in 2022, we are currently running CM 2409. I have checked SQL and the Collection ID is XXX00091 but the limiting collection is also XXX00091, how is this possible and does anyone know a way to correct this, I have tried to point the limiting collection to another one via the GUI and Powershell also tried to delete the collection but it just gives a generic failure error: Generic failure ------------------------------- Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException Generic failure Stack Trace: at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport) at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport) at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport) at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put() at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(IResultObject resultObject, List`1 resultObjectsPut, Boolean retainLock) at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(Boolean retainLock) at Microsoft.ConfigurationManagement.AdminConsole.DialogFramework.Forms.SmsPropertySheet.Put(ActionTrigger trigger) ------------------------------- System.Management.ManagementException Generic failure Stack Trace: at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport) at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport) at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport) at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put() at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(IResultObject resultObject, List`1 resultObjectsPut, Boolean retainLock) at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(Boolean retainLock) at Microsoft.ConfigurationManagement.AdminConsole.DialogFramework.Forms.SmsPropertySheet.Put(ActionTrigger trigger) ------------------------------- ThanksSCCM Remote?
We use Microsft SCCM to administor Windows PCs its has a remote viewer function for remote assistance. We have both Windows 10 and WIndows 11 devices. For both verson the remote viewer works if the device was installed as Windows 10 or 11, however on any that are upgraded from 10 to 11 it will not. I found in the logs of one that I cannot connect to ""Session denied: the remote user is not authorized to perform remote control on this system. But I am using the local administrator accounts on both, I have logged in manually to verify the credentials. Is there anything I can do to fix the remote on ones we updated form 10-11?
