anyweb

you could try asking the user

I recently did a presentation for a Belgian User Group where I talked about a bunch of cool features in Microsoft Endpoint Manager like Tenant Attach, the ability to install applications, run scripts, use CMPivot, cloud OSD and more. Details Here are the details about the session 20h30 – 21h15: What’s new with cloud features in Microsoft Endpoint Configuration Manager Technical Preview by Niall C. Brady (Microsoft MVP Enterprise Mobility + windowsnoob.com). In this session you’ll get to see new Tenant attach features coming soon to Microsoft Endpoint Manager, Configuration Manager. These features are already available to try out in the Technical Preview releases. You’ll see how to install applications from the admin center, what the device timeline is and how to use it, CMPivot actions, Run scripts. In addition, you’ll look at other cloud friendly features such as VPN boundary type, Task sequence media support for cloud-based content. Downloads You can download the PowerPoint I used and watch a recording of the presentation in full below. I demo some cool features so I’d recommend you watch it in full. ppt – A look at the new cloud features in Configuration Manager Technical Preview video – https://1drv.ms/u/s!ApUuxMbRp9Jge_z66VXDKbnl0AU?e=csDRN7 cheers niall

if you choose to not use PKI in your infrastructure then you need to add a PKI-based server auth cert to the IIS website hosting the recovery service – this can be the same cert you used when configuring HTTPS on the MP or another PKI-issued cert if not using HTTPS.

you can always upgrade the OS and SQL using an inplace upgrade, and that's the method I would choose and have done in the past. You need to get SCCM up to the latest version though before upgrading the operating system, here are my old notes and this does not include the operating system upgrade (which you can do after upgrading SCCM/SQL)

I think you are confusing application download and sending/receiving machine policy or state messages to the management point, i assume you have a local distribution point that resides in the IP Address range boundary that this computer is being image in, is that correct ? is the application in question also on this local DP ?

first things first why do you want to setup a new site maybe there's a better option like upgrade your existing infrastructure to Current Branch.

did you install CM2002 in the slow ring or fast ring ? have you seen any update appear in updates and servicing for PXE boot issues (amongst other things) ?

any time sync or group policy issues on the client when this happens ?

thanks, does that ip range over lap with any other subnet (as Garth already mentioned) ?

if you are using https then are you sure you have no issues with your certs ? for example on your issuingCA run pkiview.msc and verify everything looks healthy as this can impact PXE booting.

so i uninstalled both my Windows ADK's, rebooted, downloaded and installed both for ADK 2004 and rebooted, then reloaded my boot images with the new adk then tested pxe, works fine...

and the boot image is definitely distributed to your DP with the right source version ? i'm updating my lab to adk 2004 now....

very odd, i don't have adk 2004 in my cm2002 lab but i can upgrade it this evening to observe the behaviour did you verify from the boot package Id that it's pulling down the boot image you set the settings on ?

are you sure you upgraded Windows ADK properly then ? there are two components to it this time...

did you fix cmd support so you can also grab the smsts.log ?

from the smsts logs provided the client get's an ip address of 10.64.2.47 does that ip address match any of your configured IP Range boundaries ?

anything interesting in the smspxe.log ?

how have you configured your settings ?

first off is SRS configured and all the other ConfigMgr reports showing up in SCCM ? secondly what was the full cmdline you used to configure things ? this is how I did it.. .\MBAMWebSiteInstaller.ps1 -SqlServerName cm01.windowsnoob.lab.local -SqlDatabaseName CM_P01 -ReportWebServiceUrl http://cm01.windowsnoob.lab.local/Reportserver -HelpdeskUsersGroupName "windowsnoob\MBAM_HD" -HelpdeskAdminsGroupName "windowsnoob\MBAM_HD_Adv" -MbamReportUsersGroupName "windowsnoob\MBAM_HD_Report" -SiteInstall Both

OSD works fine for me in my HTTPS labs, have you done step 5 here ?

yes i'm using a CMG in this lab but i haven't tested Bitlocker Management in that regard and i believe the functionality it just not there yet without a workaround suggested by Marc in another thread.. Here's the requested screenshot.

if you place the name of the SQL server in 'single quotes' does it work ?

hiya and welcome, can you look at the network tab of your IBCM client ? my (co managed, forced internet client) looks like this

thanks for the update !

all the configuration manager baseline is showing as compliant is the settings, this means it has set those settings (in the registry and local group policy) and therefore it has done it's job, that's why it's compliant, the actual encryption is carried out on demand by the MDOP agent based on the settings you've configured. Is there a Virtual TPM in this virtual machine (look in device manager to confirm it's presence) ?