anyweb

any time sync or group policy issues on the client when this happens ?

thanks, does that ip range over lap with any other subnet (as Garth already mentioned) ?

if you are using https then are you sure you have no issues with your certs ? for example on your issuingCA run pkiview.msc and verify everything looks healthy as this can impact PXE booting.

so i uninstalled both my Windows ADK's, rebooted, downloaded and installed both for ADK 2004 and rebooted, then reloaded my boot images with the new adk then tested pxe, works fine...

and the boot image is definitely distributed to your DP with the right source version ? i'm updating my lab to adk 2004 now....

very odd, i don't have adk 2004 in my cm2002 lab but i can upgrade it this evening to observe the behaviour did you verify from the boot package Id that it's pulling down the boot image you set the settings on ?

are you sure you upgraded Windows ADK properly then ? there are two components to it this time...

did you fix cmd support so you can also grab the smsts.log ?

from the smsts logs provided the client get's an ip address of 10.64.2.47 does that ip address match any of your configured IP Range boundaries ?

anything interesting in the smspxe.log ?

how have you configured your settings ?

first off is SRS configured and all the other ConfigMgr reports showing up in SCCM ? secondly what was the full cmdline you used to configure things ? this is how I did it.. .\MBAMWebSiteInstaller.ps1 -SqlServerName cm01.windowsnoob.lab.local -SqlDatabaseName CM_P01 -ReportWebServiceUrl http://cm01.windowsnoob.lab.local/Reportserver -HelpdeskUsersGroupName "windowsnoob\MBAM_HD" -HelpdeskAdminsGroupName "windowsnoob\MBAM_HD_Adv" -MbamReportUsersGroupName "windowsnoob\MBAM_HD_Report" -SiteInstall Both

OSD works fine for me in my HTTPS labs, have you done step 5 here ?

yes i'm using a CMG in this lab but i haven't tested Bitlocker Management in that regard and i believe the functionality it just not there yet without a workaround suggested by Marc in another thread.. Here's the requested screenshot.

if you place the name of the SQL server in 'single quotes' does it work ?

hiya and welcome, can you look at the network tab of your IBCM client ? my (co managed, forced internet client) looks like this

thanks for the update !

all the configuration manager baseline is showing as compliant is the settings, this means it has set those settings (in the registry and local group policy) and therefore it has done it's job, that's why it's compliant, the actual encryption is carried out on demand by the MDOP agent based on the settings you've configured. Is there a Virtual TPM in this virtual machine (look in device manager to confirm it's presence) ?

A Gen1 VM won't encrypt, as you can't add a Virtual TPM to Gen1 hyperv virtual machines. Use a Gen 2 VM instead and enable the virtual TPM. if you follow my guides here you'll be fine, CM2002 just offers more possibilities including the ability to properly enforce encryption without the workaround i posted for CM1910 https://www.niallbrady.com/2019/11/13/want-to-learn-about-the-new-bitlocker-management-in-microsoft-endpoint-manager-configuration-manager/ if you run into an issue please let me know

if i had a vote left Marc i'd vote for it, did you tweet it yet ?

are your VPN's somehow blocking communication ? are you using VPN's ?

did you look at the log yourself ? in there you can see this <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="11:22:41.865-120" date="06-16-2020" component="ccmsetup" context="" type="1" thread="9832" file="lsad.cpp:814"> <![LOG[Attempting to query AD for assigned site code]LOG]!><time="11:22:41.865-120" date="06-16-2020" component="ccmsetup" context="" type="0" thread="9832" file="lsad.cpp:2176"> <![LOG[Performing AD query: '(&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=167829634)(MSSMSRangedIPHigh>=167829634))))']LOG]!><time="11:22:41.943-120" date="06-16-2020" component="ccmsetup" context="" type="0" thread="9832" file="lsad.cpp:700"> <![LOG[Performing AD query: '(&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.0.224.0)(mSSMSRoamingBoundaries=Default-First-Site-Name)))']LOG]!><time="11:22:41.995-120" date="06-16-2020" component="ccmsetup" context="" type="0" thread="9832" file="lsad.cpp:700"> <![LOG[Failed to get assigned site from AD. Error 0x80004005 how is ConfigMgr configured ? any boundaries ? is this a PKI environment ? is the client local or on the internet, there are hints in the log of PKI certificates and Internet connections, but some background information here would be helpful...

pasting a few screenshots of actual logs isn't going to help, can you zip up the logs and pm me a link in case you are worried about others reading them ?

first things first why are you installing version 1606, it's out of date and not supported, you should be using the latest version of Configuration Manager which is 2002. secondly, did you make sure to distribute the boot images to your dp after adding the new drivers ? can you enable PXE support and press f8 at boot and grab the SMSTS.log file and attach it here cheers niall

you could try the advice here http://eskonr.com/2019/04/sccm-secondary-site-upgrade-failed-to-create-process-of-setupwpf-exe-return-value-1/