Eaven HUANG

Thanks a lot! this fixed my issue! What remains concerning is that; from SCCM console I have two SMS Issuing certificate and one was expired, the one will be till 2025, I didn't see any issues for now but not sure if that matters?

I‘m having issue with SMS_MP_CONTROL_MANAGER with Error 12175. I also checked my SCCM server's certificate and found that both SMS Role SSL Certificate expried 25/03/2023 and MECM llS Servers Certificate expired 13/04/2024. I suspected this might be the cause but how can I renew them step by step? If this is fixed, is it possible to renew them automatically? I have the GPO to handling certificate related configuration but maybe I've missted any? I've been using this SCCM server for around 2-3 years in production and recently I didn't touch it at all:( Any advice would be really appreciated. following are the erorr messages in SCCM console: MP Control Manager detected User Service is not responding to HTTP requests. The HTTP status code and text is 12175, . Possible cause: Internet Information Services (IIS) isn't running or configured to listen on the ports over which the site is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which the site is configured to use. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. Possible cause: The User Service application pool identity does not have the required logon privileges. Solution: Verify that the User Service application pool is configured to run under Network Service account. Possible cause: ASP.NET is not installed. Solution: Ensure ASP.NET 4.5 or above is selected under Web Server - Application Development and Features in Windows Server. Possible cause: ASP.NET application does not function properly. Solution: Browse to http(s)://localhost/CMUserService_WindowsAuth/ApplicationViewService.asmx on the local server machine and follow error instructions.

Dear Experts, I'm trying to export our AD objects and wanted to use diagram software to visually create the schema for better understanding and maintenance of our whole AD hierarchy, mainly I need the OU, group, users and computers collations, I can have different files to store the different schemas. The question is that, I don't know if this is possible somehow in an automatic way? like I export the needed data via powershell then import it to visio for it to generate the schema for me? I'm trying to export the object properties in .csv format, but after importing it to the visio, I don't know how to link the data to the existing Active Directory template so the relationships among the objects can be auto-organized by visio? Any hints would be really appreciated.

in mine, it's 1 targeted, 1 success

Dear All, I'm using MDT to deploy OS for some LENOVO models like ThinkBook 14 and we faced an issue - after the image was applied and the computer rebooted, it showed "getting started 9%" then out of sudden it went into the blue screen saying DRIVER IROL NOT LESS OR EQUAL. I googled around and was advised to create a pure boot image and injected the proper drivers for the specific model. Is it the case? If yes, how can I create a new boot image in MDT without touching the original one we have (we used total control for the default image). Thank you very much.

Thanks a lot. Just curious, mine is grayed out for the architecture and I didn't select any language, does it make any difference, compared to yours?

I used the default boot images in SCCM, I didn't add any boot images to WSD, and it worked with ASUSD320 desktops. I followed instructions from some posts and videos, I didn't see anyone added boot images to the WDS, do I need to do that? I noticed that in your screenshot it was the wdsmgfi.efi NBP file, and the file size is totally different. Honestly I'm not 100% following your points but would you mind advising how can I proceed to fix this issue? by deploying x64 boot images what can I do and how to make it PXE bootable?

I deployed the TS to all unknown computers only, after I deleted the existing record from SCCM Device list on console. The only change I made in TS was to specify the xml file located in the same SCCM server, I used the default install.wim from in SCCM and it works fine with ASUSD320 but not HP or Lenovo laptop models we have:( I can try adding the network drives for a try later. I'm trying to upload a short video I took on an HP 430G7 laptop, it showed "start over IPV4" then in a second it switched back to the key options, I kept pressing ENTER but it still went back. If I pressed F12 again, I couldn't see the black screen with "start over IPV4" anymore. PXE Failed.mp4

I've tried to find it from SMSPXE.log but nothing was found there, no even one single record of log. I don't think it went to the PXE process at all. The odd thing I can't figure out is that, if I used the same network cable and connect the machine to our MDT (another subnet with DHCP options), it can be OSD'ed directly without any issues. Since the PXE didn't seem to start at all with SCCM, I doubt that it was anything to do with boot.image?

Dear friend, thanks for your comments. Personally I would like to study more about Intune and Autopilot but in reality, we can't move to the cloud for cost and security concerns. I would still need to take advantage of SCCM to manage our devices. By the way, I was actually on MDT for over 5 years and very new to SCCM just now:)

Dear Experts, I've set up SCCM OSD and successfully deployed the latest Windows 11 to ASUSD320 models, all is good. Now I need to deploy the same OS to the HP laptops but when I tried F12 to network boot, it flashed in less than 1 second and switched back to the boot order option wizard. Since it's working fine with ASUS models, I suspect it had something to do with the network drive not being detected or injected. In MDT, we use the general driver packs for HP and Dell and it works fine for our models including HP430G7, G8, HP440G8, Lenovo L389/390, etc. but this seems challenging for SCCM. Any idea? If we need to deploy the same driver package to SCCM TS, what are the correct steps to get this to work? Thank you very much.

In our scenarios, from time to time we need to update our unattended.xml for the TS to deploy new OS to the client machines. I didn't find anywhere, what are the correct steps to perform the updates? We need to update the xml file, link it into the TS then do we really need to update the distribution point via the Reference tab? or we actually need to reload the x64 boot image?

Dear Experts, I'm trying to deploy the latest Windows 11 via SCCM, I'm using WSIM to custom the xml file, I got the below validation results: The setting has not been modified. It will not be saved to the answer file. Components/oobeSystem/wow64_Microsoft-Windows-Shell-Setup_neutral/OOBE/VMModeOptimizations Setting NetworkLocation is deprecated in the Windows image Components/oobeSystem/wow64_Microsoft-Windows-Shell-Setup_neutral/OOBE/NetworkLocation Setting SkipMachineOOBE is deprecated in the Windows image Components/oobeSystem/wow64_Microsoft-Windows-Shell-Setup_neutral/OOBE/SkipMachineOOBE Setting SkipUserOOBE is deprecated in the Windows image Components/oobeSystem/wow64_Microsoft-Windows-Shell-Setup_neutral/OOBE/SkipUserOOBE After the OS was deployed, I got the welcome wizard asking me to select region, language, etc. What I really need is to have everything unattended so it goes into the Windows Desktop without further user interaction. I checked this https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/automate-oobe but there is no clear information about what values needed for Windows 11 OOBE options. Any other advices? I can't find a full list of required options that I can fill out and instruct the SCCM to go ahead with fully unattended actions.

Dear Experts, I've been using Windows MDT for OSD for years and very new to OSD in SCCM but we would like to hand on this new solution. I've been reading MS articles: https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/automate-oobe https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager These seems quite complicated to me as I feel lost what might be a better solution for us. We use only one primary site with everything configured in one single server. I'm trying to achieve what MDT has helped, to skip all the OOBE UIs, configure and standardize Windows settings like region, language, startup items, fonts, remove some unwanted apps that are not related to our work environment, install applications silently, everything was ready in MDT. My quesion is, what can I start with SCCM to get above? I wanted to integrate MDT to SCCM, do I still need to go over all the OOBE settings via WSIM or we can just take advantage of MDT then skip most of the new steps in SCCM? Thank you very much.

Dear Experts, I have some AD-based device collections and also another one where all the computers have client installed. I created a TS for OSD and would like to deploy it to both UNKNOWN computers and KNOWN computers. I can select All Unknown Computers collection from the list (this is the default one in SCCM). However all the query based collections are invisible at this wizard window. Only the custom collections that have direct members show up. I need to sometimes deploy OS (reimage) for those computers that had been in our domain with CCM client installed, so I also need to use the TS for these known computers. What can I do with such case? Thank you very much.

Thanks all for your help, I converted my disks to dynamic and everything works just fine:)

Dear Experts, In our Prod SCCM server, we are running into this issue where when we pxe boot from the client machines (new ones), F12 boot fine, but then it didn't load the .wim file, instead it showed the blue screen "Recovery Your PC/Device needs to be repaired The Windows Boot Configuralion Data (BCD) file from the PXE server does not contain a valid operating system enlry. Ensure thatthe server has boot images installed for this architecture File:\Tmp\x86x64{E9C9C3CD-A5ED-4543-89AF-AB9C1F99BA641}.bcd Error code:0xc0000098 You'l need to use recovery tools. lf you don' have any installtion media (ike a disc or UsB device), conlact your Pc administrator olPC/Device manufacturer." From the SCCM smspxe.log, I can see the following that seems to be cert issue but I have no clue how to fix it, we had PKI for our SCCM environment. Certificate [Thumbprint 0A1159C6EDD6DDA05421673EA3F4BFD481A2DB11] issued to 'MECMServer.edu.cn' has expired. Certificate not valid.. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. (Error: 800B0101; Source: Windows) SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) From certlm.msc on SCCM server, I can find the certificate via FIND option but I didn't see it actually in the personal folder as shown via FIND field. I went to Administration, Security and then Certificates on SCCM console. In there I had 2 blocked DP certificates and the issued to fields were showing as GUIDs rather than actual FQDNs. If I checked their properties, they are not trusted. What is the certificate being expired and how can we renew it? I suspect it was the DP certificate but I'm not sure at all:( Any advice would be much appreciated.

Dear Experts, I'm writing to seek assistance in fixing an issue with software update point error on SCCM console - where it shows "Failures were reported on WSUS Server "sccm.edu.cn" for WSUS components "WSUSService,". Solution: Verify that the failed WSUS components are installed and running." I checked the wsusctrl.log and got the following: "Attempting connection to local WSUS server SMS_WSUS_CONTROL_MANAGER 11/02/2024 0:25:45 7564 (0x1D8C) Successfully connected to local WSUS server SMS_WSUS_CONTROL_MANAGER 11/02/2024 0:25:45 7564 (0x1D8C) Errors were reported in these WSUS Server components WSUSService, on WSUS Server sccm.edu.cn SMS_WSUS_CONTROL_MANAGER 11/02/2024 0:25:45 7564 (0x1D8C) Failures reported during periodic health check by the WSUS Server sccm.edu.cn. Will retry check in 57 minutes SMS_WSUS_CONTROL_MANAGER 11/02/2024 0:25:45 7564 (0x1D8C) Waiting for changes for 57 minutes SMS_WSUS_CONTROL_MANAGER 11/02/2024 0:25:45 7564 (0x1D8C)" It was running fine for over one or two years but I lost where to troubleshoot this issue,. Any other logs I can check or what we can attempt to fix this kind of issue?

Dear Garth, I think I've followed your instructions to expand my D drive in question and now passed the prerequisite check. I coverted the disk to dynamic which seems risk-free to me. Regarding my C drive, how can I extend it if I'm not going to convert it again to dynamic? any other options?

Dear Expert, The case is that the drive I'm going to extend is something in the middle, F drive is there along with G, H, I, J etc. So I'm not really sure how the VMWare guy can help with this? we may have the Disk 1 with the extra unallocated space but we can't use it for Drive F directly, can we?

Dear Expert, This is a VM hosted on ESXI and the Disk 2 was added from v-center. If I wanted to extend the F drive, then I have to convert it to DYNANIC, I'm not sure if that's safe or any service impact, as this is our prod server.

Dear Experts, I've been googling around trying to expand one of our SCCM drives where all content library resides. This has caused issues with our DP and reporting service point and failed for CB update prerequisite check. I was advised to expand the drive by changing it from BASIC to DYNAMIC but I'm not sure what is the side effect and any risks of destroying our prod server. I'm also looking for third-party tools like EaseUS but seems they are also offering to change the disk to dynamic:( I tried to clean up the content library but it showed me "Approximately 0 bytes would have been freed if this tool was run in delete mode." I was also thinking about initiating a new drive, change it next to G drive, deleting the volume and expand F drive to use the space but that seems very risky in production... This is our primary site and we have only one Win 2019 server hosting everything including the SQL server. I might also need to expand other drives later but I'm totally lost now:( Any help would be really appreciated. Thanks a lot for your assistance in advance.