User Profile
shocko
Iron Contributor
Joined 6 years ago
User Widgets
Recent Discussions
All Clients Showing with Question Mark in MECM Console - ResourceID Issue
All of a sudden (2 weeks ago) all my MECM Clients (~ 4000) in MECM 2409 are showing with a question mark (?) in the console and no values in Last Online Time, Last Activity or HeartBeatDDR. Upon investigation in the statesy.log file on our single site server we see the following message for all clients: SQL MESSAGE: dbo.spProcessStateReport - The record for machine MYCLIENT (GUID:CF5413C8-1DA7-450D-9243-33DB539DE8FF) was not found in the database. SMS_STATE_SYSTEM 24/09/2025 10:36:45 15356 (0x3BFC) We then ran MS SQL profiler and see that this external CLR stored proceedure checks for the existince of the client in the SQL view vLocalSystemIDXRef. This view is defined as follows: create view [dbo].[vLocalSystemIDXRef] as select MachineID, GUID from MachineIdGroupXRef where ArchitectureKey=5 and MachineID between dbo.fnGetSiteRangeStart() and dbo.fnGetSiteRangeEnd() The issue is that all clients are actually in the underlying table MachineIdGroupXRef but due to the filter dbo.fnGetSiteRangeStart() and dbo.fnGetSiteRangeEnd() they are not part of the view. The reason is their ResourceID is only 4 digits and the value returend from fnGetSiteRangeStart is 16777216. Q: How could the clients be getting this 4-digit resourceID all of a sudden? We have made no chnagesto MECM (no upgrades, DB restores etc. ).58Views0likes0CommentsOutlook Search Folder for External Senders
I'm using the Outlook M365 desktop app on the current channel and Exchnage 2019 in Hybrid mode with Exchange Online. We route all mail inbound and outbound via Exchange Server. I'd like to create a search folder in Outlook to show only mails from external senders. The issue is the only criteria I can seem to create would rely on the From field and this seems to map to the SenderName on the MailItem object in Outlook. This is not the actual sender's mail address that would include the @domain etc but rather seems to be the senders name which is arbitrary from I can see e.g SomeSender. How to create a search folder based on the senders actual address?1.6KViews1like8CommentsRe: Edge Branding - Company Color Configuration
Thanks for the reply Kelly_Y . Is that to say you must configure branding using the Edge Management Service policies for the company color (accent color above) to take effect? The guide states: Admins have the options to use the default Edge for Business branding elements or choose to customize branding for their organization. Today, the feature supports configuration of the following visual elements: Organization name on the profile pill Organization logo and color on the profile flyout Organization icon overlay on the Edge for Business taskbar icon Even without the using the Edge Management service the the compant name is displayed and the organisation logo but no accent colour/company color.276Views0likes2Comments- 96Views0likes0Comments
Define Patch Approvals in WSUS but pull patches from Windows Update (Internet)
We currently use WSUS to distribute Microsoft patches and also use Solarwinds Patch Manager to push 3rd party patches into WSUS. This allows us to fully patch an endpoint with all MS and 3rd party software patches via Windows Update Agent/WSUS. We now have a fleet of laptops connected back to our Datacenter via a VPN and they are consuming a lot of bandwith during patching cycles. We have the following challanges: We do use some throttling on BITS/Delivery opitmization but have had mixed results We have MECM but don't use Cloud Management gatway as was deemed too expensive. we have not moved patching to MECM yet. If we use Windows Update for Business we cannot patch 3rd party updates and loose some control around pilot groups and reporting in our estimation Q: So is there a way for us to continue to define the approved patches/metadata via WSUS but have the system pull the patches files from the internet (Windows Update) source? Perhaps this is possible with MECM?383Views0likes2CommentsAudit SMTP Relay in Exchange
For an SMTP relay on Exchange 2019 (receive/send connector) how can I audit the mails being sent through same and the sender? We have a connector with an IP whitelist and I'm trying to see all the devices sending mail through it and also what from address they are using and what to addresses they are sending to.851Views0likes2CommentsSMTP Relay in Exchange Online
Currently we run Exchnage 2019 hybrid. We have not moved our MX records to Exchange Online yet for specific reasons so all mail flow is through Exchange 2019. That said, nearly all user/shared mailboxes have been migrated to Exchange Online. We also have many devices using SMTP relay through Exchange 2019 on-prem (printers etc.) to send mails mainly internally but also some externally (UPS devices for example). Most of these devices do not support authentication so we have setup a mail connector that uses an IP whitelist on Exchange 2019 to handle this. If we get rid of the hybrid and move to Exchange Online what options would we have for this type of unauthenticated relay?911Views0likes1CommentThrottle Downstream WSUS Update Pull from upstream
Is it possible to throttle the download of updates on a downstream WSUS server i.e. when it is pulling it's updates from an upstream WSUS server? We have some downstream WSUS servers on low bandwidth links and whilst we generally schedule the pull of updates during an out-of-hours window this is problematic for us for several reasons. I'd rather they pull during the day but with throttling. I’m aware the WSUS clients can do this in Windows 10 BITS etc. but wondering can the WSUS server do this on the synchronisation cycles.209Views0likes0CommentsApp Permission Policy set to block all Microsoft Apps - Impact on Core apps
I'm looking to restrict the apps a user can use within MS teams. We have not yet migrated to app centric management and we are using app permission policies for this currently. Out of the box it seems the Global (Org-wide Default) app permission policies allows all MS apps such as 'Approvals', 'Planner' etc. If I set the global policy as Microsoft -> Block All Apps will this still allow usage of the core apps like OneDrive,Excel etc. ?Azure ADConnect Export of Settings
I'm looking to regulalry export/backup our ADConnect config as we have had an issue in the past with the persistedstate.xml file being corrputed by an AV tool (we alos now back this up). I'm a little confused though on the capabilties here. reading this guide when I export from the UI it exports a single JSON file. This file does not seem to contain all the settings that define my configuration. For example, it does list sync rules but it does not list the attributes I have configured nor the objects select for sync. If I use the Get-ADSyncServerConfiguration CMDLET I get all settings in a set of files/folders including these attributes. Which one should I be using here?1.6KViews0likes1CommentRe: Autopilot ESP blocked apps ordering
This is what I ended up doing (on your advice) and then created a dependancy tree of applications in Intune to control installation order. I also noted that I only needed to assign the top node of that dependancy tree and the dependancies would install without being assigned which somehwat simplified this! Thanks for the feedback.1.2KViews1like1CommentDefine Patch Approvals in WSUS but pull patches from Internet
We currently use WSUS to distribute Microsoft patches and also use Solarwinds Patch Manager to push 3rd party patches into WSUS. This allows us to fully patch an endpoint with all MS and 3rd party software patches via Windows Update Agent/WSUS. We now have a fleet of laptops connected back to our Datacenter via a VPN and they are consuming a lot of bandwith during patching cycles. We have the following challanges: We do use some throttling on BITS/Delivery opitmization but have had mixed results We have MECM but don't use Cloud Management gatway as was deemed too expensive. we have not moved patching to MECM yet. If we use Windows Update for Business we cannot patch 3rd party updates and loose some control around pilot groups and reporting in our estimation Q: So is there a way for us to continue to define the approved patches/metadata via WSUS but have the system pull the patches files from the internet (Windows Update) source? Perhaps this is possible with MECM?Publish Software to users Software Center but only on a Group of Machines
Using MECM Current on 2309 build. I have the following requirement: Publish an application into software center as available software for a group of users but only when they are on Windows 10 desktops (not servers etc.)223Views0likes0Comments
Recent Blog Articles
No content to show