NullSID

Thanks for that. I wanted to validate this as it well similar to what Gemini gave me. I like having my ducks in a row so I don't present the wrong info. Appreciate the assistance.

Hi Folks! I'm working with a customer that has an SCCM environment, (2309). Currently setup as eHTTP. We are working through the logistics with Security on setting up a CMG, but on a side note they've asked some questions that I'm not 100% positive how to answer. The first question being: "How do the Self Signed Certs protect against spoofing/forging?" My assumption is that the signing certificate on the client validates the policies sent from the MP were not tampered with in any way. Then the encryption certificate establishes the secure connection from the client to the MP or MP to DP etc. So you would have to compromise the signing certificate either through Phishing or Man in the Middle attack, and redirect it to a malicious SCCM infrastructure. I'm a little fuzzy on the intricacies of Self Signed certificates and how they work within CM when it comes to this. In light of not publishing the CRL list, they want to know if using a public cert for the entire CM infrastructure is a possibility? Can anyone help shed some light on this topic?

Are upgrading your site? What's the reason behind setting up 2 different SCCM environments?

So I got the account added. You run the powershell command on the secondary site. it just needs to be added in accounts first. So the next question is, how do I remove the old account?

So, I have to change the account currently being used in SCCM for client installation. I have created the new account. I can add the account using the gui under Administration > Sites > Right click Sites > Choose Client Push Install Settings > Accounts. But I cannot do it through Powershell. If I run the following command: Set-CMClientPushInstallation -SiteCode 000 -ChosenAccount "domain\account" I get the error "The networkaccessaccount: domain\account does not exist. input an existing one. Any suggestions? The account I'm using has full access to ad. Thanks everyone!

We are having silly issues with 1702 also. At random, the item keys for the unknowncomputerobjects for x86 and x64 get corrupt and I have to recreate them in sccm. MS says that is a bug and they are working on a fix.

Upgraded to SCCM version 1702. Imaging was working fine till late yesterday. Problem: No matter the hardware, I get task sequence not found. Checked the SMSTS logs on the imaged pc and it said exactly that: Task Sequence not found. These are new computers. Never in SCCM. PXE connects. Boots to the pxe environment. New computers simply boot to pxe. and since its an unknown computer it lists all the task sequences available. but now it says no TS found. I've checked the smspxe log. no issues checked the local smsts logs on the client and it says no task sequence found. changed the deployments for the deadline of the ts to install to 2 days ago. still nothing found an issue with wins. resolved that. basically there was another site with the same name mp_000 in wins which was a site server. not a secondary site. I resolved the wins issue but its still not working. I tried to create a computer and I got an error stating it already existed. Cleared it out of sccm and sql, then it still gave me the same error telling me there was a duplicate which tells me there is something up with the smsprovider. I logged into the sql database and ran a query on the primary sql db for sccm: spdiagdrs. All I see are failures for secondary site data, secondary site configuration, etc. Does anyone have any suggestions. Niall wrote an article once on a ts not showing on any collection its deployed to but it didn't quite apply to the situation. Any suggestions?

So Here's a question. I'm having a tough time finding the exact answer too. If you have SA (Software Assurance) and you CANCEL your SA. I believe that 2 things happen: 1: The build that was current when SA expired is the build you are stuck with. 2: After the ring you are using : CB (4 months) ,CBB (12 Months) , or LTSB (36 Months) expires then you no longer receive Quality and Security patches. Is there someone who can confirm that for me?

That's similar to what I did except I had to do it on 300 computers and join them to a new domain.

Are you using this as an application deployed through sccm? What are you using for dependencies? I've done this before but it's all been scripted.

Search by GUID also. In rare cases of a computer was a member of a collection and the computer was deleted, I've seen that ALSO keep a PC from booting to PXE but not blue screen. Is this a remote DP by chance? Try redistributing the boot image. Otherwise I'd verify the driver is in the boot image as any web stated.

I'm surprised that it doesn't pass through a MAC address of the Surface like Lenovo does. Post the SMSPXE log. That will help.

I feel like Anyweb (Niall) should have some sort of brain dump where by I can absorb all his SCCM info All good stuff.

Either you don't have access to the console to do that, or you have an issue with permissions where the .wim is located. If that isn't it, what version of SCCM are you using? What version of the WADK are you using? What is the OS in the .wim?

Ah that's a good idea. I ended up using a Task Sequence to uninstall Office 2010 and install Office 2013 this time. The dependencies are a gigantic pain in the arse sometimes and really difficult to troubleshoot.