SCCM 2007 Native Mode Client failed to pull down the computer certificate

Sccm Native mode machine not pull down computer certificate!!!

To request client certificate you go to run>MMC.exe and add Certificates to the console then you can right click on personal certificates and request a cert and it give you below error.

The certificate request failed because of one of the following conditions :-The request required an exchange certificate from a Certification Authority (CA) that is not started OR You do not have the permissions to request certificates from the available CAs.

if so then you might need to add the EnableDCOM entry to the machine with a value of Y

The EnableDCOM registry entry is located in the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

After this restart the machine and wait for GPO to pull down the cert. You will see certificate now :)

http://support.microsoft.com/kb/929494

 Hope this will help you :)

Amarpal Singh Sandhu

SCCM 2007 Client Certificate Missing/Corrupted

Some time we have a client that refuses to finish the install of the SCCM client because the certificate doesn't have a private key or it throw the error in isntallation log. 

We can try below 2 different solutions .

1.  The easiest is to check the cert store under personnal and see if there are any invalid certs. Delete and restart.

2. The other is a more dangerous solution but will correct the problem

It is only recommend when you see all of the following problems:

CCM Setup Log:
Automatic certificate enrollment for local system failed to enroll for one Computer
certificate (0x80090016). Keyset does not exist

Client sucessfully installed but still u see  below error in logs &Applicationn Event Log:

ClientIDManagerStartup:
Certificate issued to 'computer.domain.com' doesn't have private key.
RegTask: Failed to get certificate. Error: 0x80040280
RegTask: Failed to get certificate. Error: 0x80040281
Error initializing client registration (0x80040222).


Solution:
Stop the Crypto Service
Rename the folders under the Crypto Folder
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto

Restart the machine and watch the ClientIDManagerStartup log

Hope this will help you  :)

Amarpal Singh Sandhu

How to Copy Multiple old Packages to One Distribution Point SCCM 2007

Copy Packages Wizard in SCCM 2007 console

If you need to distribute huge set of packages to DP2 that you know are already distributed to DP1 then there’s no need to browse through all packages and add new distribution point to each. Also there’s no need to go looking for scripts or tools to do this. Just open SCCM console…
Right-click on one of following possible nodes depending on package type you want to distribute:

• “Software Distribution” > “Packages”
• “Software Updates” > “Deployment Packages”
• “Operating System Deployment” > “Boot Images”
• “Operating System Deployment” > “Operating System Images”
• “Operating System Deployment” > “Operating System Install Packages”
• “Operating System Deployment” > “Driver Packages” Unfortunately the wizard uses filter, so each type of package must be handled separately. Anyway, in the right-click menu select “Copy Packages” option:

This will open “Copy Packages Wizard”:

When you click “Next” on Welcome screen you must first specify a destination distribution point:

Now on “Select Packages” page there is a nice interface to manage the distribution:

Notice that you need to have distribute rights on all the packages you select. You can either manually select each and every package you want to distribute to destination DP or you can click on “Source…” button in lower right and select the source distribution point(s). This will automatically select all packages that are currently distributed to source DPs. Of course the selection can be modified later by unchecking/checking the items.

Once the needed packages have been selected, click “Next” to review the details on “Summary” page. The progress will start after clicking “Next” on “Summary” page. The destination distribution point will be added to every selected package:

Once the progress is complete, you’re done. All selected packages will be pending distribution to destination DP.

More about Copy Packages Wizard:

http://technet.microsoft.com/en-us/library/bb632698.aspx

http://technet.microsoft.com/en-us/library/bb693746.aspx

Hope this will help you  :)

Amarpal Singh Sandhu

Crash.log that help you to know the reason for Configuration Manager 2012/2007 and SMS 2003 unhandled exceptions

What is an unhandled exception?

In almost every Configuration Manger crash there is an exception involved. An exception occurs when an instruction is attempted but fails for some reason (e.g. an Access Violation), so when an exception occurs we need information about that exception or what was in memory when the exception occurred.

Most applications have their own exception handling code and Configuration Manager is no different. Configuration Manager has its own exception handler that is designed to collect certain predefined data such as thread stack information and other data when the exception has occurred. Note that it is also sometimes necessary to do live debugging or post mortem debugging when an application/OS crashes using the Windows debugging tools.

Components that could cause unhandled exception

SMS Executive: SMSEXEC.EXE is the main service that calls many threads. Any running thread will terminate SMS_EXECUTIVE service if an exception occurs in the thread, and the Configuration Manager site server exception handler will collect the required data.

Data collected when Configuration Manger site server encounters an exception

- A log file (CRASH.LOG) that details the thread stacks and very basic information.

- All current .LOG files from the \LOGS folder. These are saved in the \LOGS\CRASHDUMPS\YYYYMMDD_000XX folder where YYYYMMDD is the date when the crash occurred and XX represents the number of crashes in that day.

- An individual thread log for every component at the time of the failure. These files have no extension but can be viewed in any text editor or SMS Trace or CM Trace.

Depending on the nature of crash and current memory conditions, not all of the above information will be captured. Here’s an example:

With this in mind, here are some steps you can do if you experience one of these crashes:

1. Check the LOGS\CRASHDUMPS\CRASH.LOG file and make a note of the failing component and thread ID.

2. Locate the <component>_thread_<thread number> in \Logs and open in a text editor such as Notepad.

3. Look at the bottom of the log to identify the last thing the component was doing when the crash occurred.

4. Take corrective action based on what was occurring. Often there will be a reference in the log to a specific file or object that is causing the crash.

NOTE If nothing useful is found in the log file, a memory dump could be used to analyze the issue deeper.

In our example, examining the CRASH.LOG shows the following:

EXCEPTION INFORMATION
Time = 08/29/2012 17:28:47.406
Service name = SMS_EXECUTIVE
Thread name = SMS_AD_SYSTEM_DISCOVERY_AGENT
Executable = D: \Microsoft Configuration Manager\bin\i386\smsexec.exe
Process ID = 11789 (0x2E0D)
Thread ID = 13565 (0x33FD)
Instruction address = 77bd8efa
Exception = c0000005 (EXCEPTION_ACCESS_VIOLATION)
Description = "The thread tried to read from the virtual address 00000000 for which it does not have the appropriate access."
Raised inside CService mutex = No

Examining the corresponding <component>_thread_<thread number> we can see the following:

Starting the data discovery. SMS_AD_SYSTEM_DISCOVERY_AGENT
INFO: Processing search path: 'LDAP://OU=xxx ,OU=xx,DC=GLOBAL,DC=xx,DC=xx'. SMS_AD_SYSTEM_DISCOVERY_AGENT
INFO: Full synchronization requested SMS_AD_SYSTEM_DISCOVERY_AGENT
INFO: DC DNS name = 'FQDN' SMS_AD_SYSTEM_DISCOVERY_AGENT

So by looking at this it becomes apparent that the Active Directory System Discovery method is causing the exception to occur. From this point you could continue troubleshooting the cause of the issue with Active Directory System Discovery, or perhaps if this is a secondary site you could disable the Active Directory System Discovery if you do not need it.

Hopefully you’ll never encounter one of the exceptions but at least now you might be able to get a head start on determining the cause of your crash.

 Hope this will help you.

Amarpal Singh Sandhu

Old system still exist in SCCM console..

Solution to get Rid fo them .

1. Enable maintanance task to delete the system and check the log files smsdbmon.log to monitor the activity.

OR

2.  I suggest you create collection of computers you haven't heard from in x number of days, and use delete special to get rid of all the objects. below query will return all objects that haven't reported any hw inventory for a month.
Servers that haven’t scanned for hw inventory in 7 days or more:
select * from SMS_R_System inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceId = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like "%server%" and (DateDiff(day, SMS_G_System_WORKSTATION_STATUS.LastHardwareScan, GetDate()) >=30)

Any above option can be used to rid of old system that dosn,t exist anymore.

Cheers!!!!!

Move all your default collection using script!!!

Thanks to Richard for this excelent script for moving the collection.

Have you always been annoyed by the default collections cluttering up the view in your ConfigMgr console, well there’s a way that you can store them away under a separate collection. I found this blog post (http://verbalprocessor.com/2009/03/20/how-to-move-collections-in-configmgr) a while ago solving the problem. But hey I’m a lazy guy and after all, I’m installing lots of ConfigMgr servers out at customer sites, so automation is the key that drives lazy admins, right? So in this post I will walk you through using a script that can move collections based on either the name or comment of the collection/collections you want to move.

First up, you need to know some stuff from your environment, like the name of your server and site code. Also you need to know the Collection ID where you want to save the collection to. Start out by going to your ConfigMgr console and locate the site code, you will find it here:

 

Then create a new collection and localize the Collection ID, like this: 

 

Next up download the script (from the bottom of this post) and save it to an appropriate location on your site server, in this case I saved it to the location F:\UTV\Scripts. Then edit the section with site server (I run it on the ConfigMgr server so the name is set to ".") and site code plus the Collection ID of your newly created collection in the script. Also, in this case I will move the collection based on the name they have, so in the script I enter “All%”, which basically means all collections that starts with All… something.  
 
Start an elevated CMD prompt and run the script like below: 



Your output should look similar to this:



Finally refresh you console and your should end up like this:



Hope this help, you can also move collection based on comments just edit the beginning of the script something like this (based on the fact that you have collections with comment like Move).  




The script is here:

just rename it after putting it in notepad.

'
' Script created by: Richard Ulfvin
' http://www.filemilk.se/
'
' Disclaimer:
' This script is provided "AS IS" without express
' or implied warranty of any kind.
'
' Version 1.0
'
Option Explicit
Dim sConfigMgrServer : sConfigMgrServer   = "."
Dim sConfigMgrSiteCode : sConfigMgrSiteCode  = "C01"
Dim sCollectionName : sCollectionName    = ""
Dim sCollectionDesc : sCollectionDesc   = ""
Dim sParentCollectionID : sParentCollectionID  = ""
Dim oConfigMgr, sResult
ConnectToConfigMgr oConfigMgr
MoveCollection oConfigMgr, sCollectionName, sCollectionDesc, sParentCollectionID
Function ConnectToConfigMgr (oConfigMgr)
 'Attempts to use the provided information to connect to the ConfigMgr environment.
 Dim oWMILocator

 On Error Resume Next

 Set oWMILocator = CreateObject("WbemScripting.SWbemLocator")
 Set oConfigMgr = oWMILocator.ConnectServer(sConfigMgrServer, "root\sms\site_" & sConfigMgrSiteCode)
 If Err <> 0 Then
  sResult = "Error: " & Err.description
  Wscript.echo sResult
  Err.Clear
  Wscript.Quit(0)
 Else
  sResult = "Successfully connected to ConfigMgr"
  Wscript.echo sResult
 End If

 On Error Goto 0

End Function
Function MoveCollection(oConfigMgr, sCollectionName, sCollectionDesc, sParentCollectionID)
 Dim cCollections, oCollection, oCollectionRelation, sCollectionID, oCollectionLink, cCollectionLinks
 ' Obtain the collection ID of the collection.
 If sCollectionName <> "" Then
  Set cCollections = oConfigMgr.ExecQuery ("SELECT * FROM SMS_Collection where Name LIKE '" & sCollectionName & "'")
  Wscript.echo "Using Collection Name for parameter: " & sCollectionName
 ElseIf sCollectionDesc <> "" Then
  Set cCollections = oConfigMgr.ExecQuery ("SELECT * FROM SMS_Collection where Comment LIKE '" & sCollectionDesc & "'") 
  Wscript.echo "Using Collection Comment for parameter: " & sCollectionDesc 
 End If

 For each oCollection in cCollections
 
  sCollectionID=oCollection.CollectionID
  Wscript.echo "Found collection with name: " & oCollection.Name & " and CollectionID: " & oCollection.CollectionID
 
  ' Attempts to move the collection into the desired parent collection.
  Set oCollectionRelation = oConfigMgr.Get("SMS_CollectToSubCollect").SpawnInstance_()
  oCollectionRelation.parentCollectionID = sParentCollectionID
  oCollectionRelation.subCollectionID = sCollectionID
  oCollectionRelation.Put_
  Wscript.echo "Moving: " & oCollection.Name & " to rootcollectionID: " & sParentCollectionID
 
  'Delete any prior collectionlink.
  Set cCollectionLinks = oConfigMgr.ExecQuery ("SELECT * FROM SMS_CollectToSubCollect WHERE subCollectionID = '" & sCollectionID & "' AND NOT parentCollectionID = '" & sParentCollectionID & "'" ) 
  For each oCollectionLink in cCollectionLinks
   Wscript.echo "Found collection link for ID: " & oCollectionLink.subCollectionID & " with parrent collectionID: " & oCollectionLink.parentCollectionID & " to delete!"
   oCollectionLink.Delete_
  Next
 
 Next

End Function

Cheers!!!!!!

Remote Tools continues to become disabled even if after setting is to enable it on SCCM server.

Senario :

On some ofmy clients remote control was disable where as on site wise base it is kept to be enabled. When i tryied to take remote of one of my client machine . it gave me error remote control is disabled. Even after reinstalling the client the problem was same. it was getting disabled automatically.

Solution :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control]
"Enabled"=dword:00000001

All my affected machines were still set to 0. This edit is done on the client machines.

Hope this will help!!

Cheers!!!!!