anyweb

OSD works fine for me in my HTTPS labs, have you done step 5 here ?

yes i'm using a CMG in this lab but i haven't tested Bitlocker Management in that regard and i believe the functionality it just not there yet without a workaround suggested by Marc in another thread.. Here's the requested screenshot.

if you place the name of the SQL server in 'single quotes' does it work ?

hiya and welcome, can you look at the network tab of your IBCM client ? my (co managed, forced internet client) looks like this

thanks for the update !

all the configuration manager baseline is showing as compliant is the settings, this means it has set those settings (in the registry and local group policy) and therefore it has done it's job, that's why it's compliant, the actual encryption is carried out on demand by the MDOP agent based on the settings you've configured. Is there a Virtual TPM in this virtual machine (look in device manager to confirm it's presence) ?

A Gen1 VM won't encrypt, as you can't add a Virtual TPM to Gen1 hyperv virtual machines. Use a Gen 2 VM instead and enable the virtual TPM. if you follow my guides here you'll be fine, CM2002 just offers more possibilities including the ability to properly enforce encryption without the workaround i posted for CM1910 https://www.niallbrady.com/2019/11/13/want-to-learn-about-the-new-bitlocker-management-in-microsoft-endpoint-manager-configuration-manager/ if you run into an issue please let me know

if i had a vote left Marc i'd vote for it, did you tweet it yet ?

are your VPN's somehow blocking communication ? are you using VPN's ?

did you look at the log yourself ? in there you can see this <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="11:22:41.865-120" date="06-16-2020" component="ccmsetup" context="" type="1" thread="9832" file="lsad.cpp:814"> <![LOG[Attempting to query AD for assigned site code]LOG]!><time="11:22:41.865-120" date="06-16-2020" component="ccmsetup" context="" type="0" thread="9832" file="lsad.cpp:2176"> <![LOG[Performing AD query: '(&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=167829634)(MSSMSRangedIPHigh>=167829634))))']LOG]!><time="11:22:41.943-120" date="06-16-2020" component="ccmsetup" context="" type="0" thread="9832" file="lsad.cpp:700"> <![LOG[Performing AD query: '(&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.0.224.0)(mSSMSRoamingBoundaries=Default-First-Site-Name)))']LOG]!><time="11:22:41.995-120" date="06-16-2020" component="ccmsetup" context="" type="0" thread="9832" file="lsad.cpp:700"> <![LOG[Failed to get assigned site from AD. Error 0x80004005 how is ConfigMgr configured ? any boundaries ? is this a PKI environment ? is the client local or on the internet, there are hints in the log of PKI certificates and Internet connections, but some background information here would be helpful...

pasting a few screenshots of actual logs isn't going to help, can you zip up the logs and pm me a link in case you are worried about others reading them ?

first things first why are you installing version 1606, it's out of date and not supported, you should be using the latest version of Configuration Manager which is 2002. secondly, did you make sure to distribute the boot images to your dp after adding the new drivers ? can you enable PXE support and press f8 at boot and grab the SMSTS.log file and attach it here cheers niall

you could try the advice here http://eskonr.com/2019/04/sccm-secondary-site-upgrade-failed-to-create-process-of-setupwpf-exe-return-value-1/

Having your Bitlocker Management keys stored on your on premise database (ConfigMgr) is an asset to many customers, and also gives you time to migrate to Intune and see the different ways it can manage your recovery keys, you could create an Azure web app proxy to connect back to the on-premise server handling the requests.

the error translates to An internal error was detected. Source: Windows ----- which doesn't help much, what cumulative update level are you deploying with ?

for those wondering, the download links always work as long as you are logged in as a registered member of windows-noob.com

Introduction I recently blogged about using a Cloud Management Gateway to serve content for task media support for cloud based content and that blog post got a lot of likes and retweets on Twitter. In addition, there were several questions including one about the cost of doing these cloud based operating system deployments. This blog post will hopefully assist you with doing just that, finding out how much your Cloud Management Gateway is going to cost for OSD related content (stored on the cloud distribution point in your CMG) using the new features available today in Technical Preview 2005. The cost of egress Egress is another way of saying data downloaded (or data out). To figure out the cost, in your Configuration Manager console, take a look at the Administration workspace and select Cloud Services, expand Cloud Management Gateway and select your CMG. In this view, take note of your Total Outbound Data Transfer (GB). Now that you've got that figure, head over to the following Microsoft website. https://azure.microsoft.com/en-us/pricing/details/bandwidth/ Next using the drop down menus select the Region that corresponds to your CMG's location (you can see that in the ConfigMgr console, in the Region column) and then select the Currency that you want to use. You'll notice that data going into Azure data centers is Free, but data going out (egress) is not. As my content transferred out was approx 14GB I choose the second row which is between 5GB and 10TB per month, at a cost of $0.087 per GB. Using Windows handy calculator application, the results are shown below. Yeah that's not a huge cost ! $1.25 USD, that's peanuts !! What about other costs ? But of course there may be additional costs, and these are detailed here. Remember that a CMG is in itself a virtual machine hosted in Azure. https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/cmg/plan-cloud-management-gateway#cost And within the Configuration Manager console (Technical Preview 2005 screenshot), you can see a cost estimation using the Cloud Cost Estimator. Browse to the Monitoring workspace, select Security and then Cloud Management and in there you'll have some nice charts and graphs, including a total monthly cost estimate and monthly cost per device. Note, by default, the tool shows data based on the following settings: Only laptop devices Client policy only, not content 30 days of client usage data 10% of the total clients simultaneously communicating with the cloud service to get a more accurate estimation, click on Options (you may need to increase your monitors resolution to see the popout window). Select your Region and number of CMG's from the options available, note how the cost changes accordingly. Fyi, Johan blogged about the the cost of CMG content 'in the real world' here I hope you found this helpful cheers niall

but are you testing on windows 10 1909 with the may update ?

probably to add an additional layer of security to the CA, as the OCSP and CRL's are on an internet facing server whereas the CA is not

thanks for posting the solution so others will find it !

Management Points are for getting policy (and sending state messages), distribution points are for downloading your apps, updates, os and so on, so is your issue that users are download from the wrong DP or communicating with the wrong MP ? have you enabled Preferred Management Points ? attaching logs from a client with the issue would greatly aid us here in understanding your problem

i'm awaiting results from the user but will post here once i do where are you seeing the problem exactly (location wise) and is it an office network or home internet ?

this is what I got from Joe @ Lenovo https://forums.lenovo.com/t5/Enterprise-Client-Management/Windows-defender-scans-cause-100-CPU-usage-on-P1-Gen2-model/m-p/5018214 For my next test, I patched the 1909 factory preload with the May 2020 cumulative update. After doing this, I could not reproduce the problem. i guess it's your post also ? have you tried this ?

To receive a guaranteed $25 Amazon voucher, sign up to a free trial of Altaro Office 365 Backup and answer these two questions correctly! Which 4 different restore options are available for restoring Mailboxes? Which 3 different granular restore options are available for restoring Sharepoint files? What are you waiting for? Register for your FREE Trial, answer the two questions correctly & receive a guaranteed voucher. Submit your answers via email to win@altaro.com. Closing date: 9th of July 2020. Good Luck! T&C: One entry per participant, only correct answers will be considered eligible. Please note that this is only open to new Altaro Office 365 Backup triallists.

and you are seeing it only on ThinkPad P1 Gen2 ? have you looked into any of the bios settings to see if enabling/disabling anything secure related (for testing) changes the behaviour ?