NullSID
Established Members-
Posts
30 -
Joined
-
Last visited
Everything posted by NullSID
-
Hi Folks! I'm working with a customer that has an SCCM environment, (2309). Currently setup as eHTTP. We are working through the logistics with Security on setting up a CMG, but on a side note they've asked some questions that I'm not 100% positive how to answer. The first question being: "How do the Self Signed Certs protect against spoofing/forging?" My assumption is that the signing certificate on the client validates the policies sent from the MP were not tampered with in any way. Then the encryption certificate establishes the secure connection from the client to the MP or MP to DP etc. So you would have to compromise the signing certificate either through Phishing or Man in the Middle attack, and redirect it to a malicious SCCM infrastructure. I'm a little fuzzy on the intricacies of Self Signed certificates and how they work within CM when it comes to this. In light of not publishing the CRL list, they want to know if using a public cert for the entire CM infrastructure is a possibility? Can anyone help shed some light on this topic?
-
So, I have to change the account currently being used in SCCM for client installation. I have created the new account. I can add the account using the gui under Administration > Sites > Right click Sites > Choose Client Push Install Settings > Accounts. But I cannot do it through Powershell. If I run the following command: Set-CMClientPushInstallation -SiteCode 000 -ChosenAccount "domain\account" I get the error "The networkaccessaccount: domain\account does not exist. input an existing one. Any suggestions? The account I'm using has full access to ad. Thanks everyone!
-
Upgraded to SCCM version 1702. Imaging was working fine till late yesterday. Problem: No matter the hardware, I get task sequence not found. Checked the SMSTS logs on the imaged pc and it said exactly that: Task Sequence not found. These are new computers. Never in SCCM. PXE connects. Boots to the pxe environment. New computers simply boot to pxe. and since its an unknown computer it lists all the task sequences available. but now it says no TS found. I've checked the smspxe log. no issues checked the local smsts logs on the client and it says no task sequence found. changed the deployments for the deadline of the ts to install to 2 days ago. still nothing found an issue with wins. resolved that. basically there was another site with the same name mp_000 in wins which was a site server. not a secondary site. I resolved the wins issue but its still not working. I tried to create a computer and I got an error stating it already existed. Cleared it out of sccm and sql, then it still gave me the same error telling me there was a duplicate which tells me there is something up with the smsprovider. I logged into the sql database and ran a query on the primary sql db for sccm: spdiagdrs. All I see are failures for secondary site data, secondary site configuration, etc. Does anyone have any suggestions. Niall wrote an article once on a ts not showing on any collection its deployed to but it didn't quite apply to the situation. Any suggestions?
-
So Here's a question. I'm having a tough time finding the exact answer too. If you have SA (Software Assurance) and you CANCEL your SA. I believe that 2 things happen: 1: The build that was current when SA expired is the build you are stuck with. 2: After the ring you are using : CB (4 months) ,CBB (12 Months) , or LTSB (36 Months) expires then you no longer receive Quality and Security patches. Is there someone who can confirm that for me?
-
That's similar to what I did except I had to do it on 300 computers and join them to a new domain.
-
Are you using this as an application deployed through sccm? What are you using for dependencies? I've done this before but it's all been scripted.
-
Baffling PXE boot issue
NullSID replied to UltimateIdiot's topic in System Center Configuration Manager (Current Branch)
Search by GUID also. In rare cases of a computer was a member of a collection and the computer was deleted, I've seen that ALSO keep a PC from booting to PXE but not blue screen. Is this a remote DP by chance? Try redistributing the boot image. Otherwise I'd verify the driver is in the boot image as any web stated. -
OSD deployement
NullSID replied to am845385's topic in System Center Configuration Manager (Current Branch)
Either you don't have access to the console to do that, or you have an issue with permissions where the .wim is located. If that isn't it, what version of SCCM are you using? What version of the WADK are you using? What is the OS in the .wim? -
Ah that's a good idea. I ended up using a Task Sequence to uninstall Office 2010 and install Office 2013 this time. The dependencies are a gigantic pain in the arse sometimes and really difficult to troubleshoot.
-
So I have about 100 pc's with a 64 bit version of Office. I need to blow away the existing version and install 32 bit Office. I built the uninstall scripts and tested it. Those work fine. My question pertains to updating the existing deployment. I need to make the uninstaller the first step in the program then install new Office. I think I can just add the program, make it dependent on a specific folder/file to run. Has anyone had issues with modifying existing deployments that are attached to a bunch of other collections? My concern is it is going to run on all pc's if I update the deployment. Any suggestions? I thought about copying the existing deployment adding the step and just deploying it to the spec Fix collections affected. Any tips or thoughts would be helpful!
-
I guess it all depends. When a company I previously worked for went from 2007 to 2012, we stood up a totally new SCCM Infrastructure because we had lots of garbage spread across a lot of sites. From 2012 to current branch, I would just do the upgrade UNLESS... You have a lot of garbage left over from previous admins, legacy applications that no longer are needed, random issues with current infrastructure etc. Sometimes standing up a clean install because of previous administration issues are best. But you're going to have to sell the value of a fresh install and set the expectations with regard to install and setup time, value of a new system, how it impacts the user base etc.
-
No. The MSI's are cake. It was this silly license file that needed to be copied to a specific folder on the pc during imaging. I just got it resolved last night. I essentially did this: Deployed the VPN first in the TS Deployed the Web Security Piece second int the TS Then I had written a batch file to copy the license file to it's final resting place using robocopy and starting in whatever the working directory was. so the app ran a script with robocopy "%cd%" "pathtofile" "filename.txt" The package I was using for the TS to copy the license file was no worky so I created the Application deployment with a scripted installer and it worked great. I also whiffed on the dependency piece after I thought I corrected it. But it's all good now.
-
So, We are deploying the Cisco VPN client with Web security. In my Task Sequence, I have the install of the web security piece (Works fine) But the next step is to copy a license file to a %programdata%\path\path\placefile here I'm using a batch file and robocopy to copy the file to the correct location. If this is on my physical computer, it works without issue. It failed as a second step in the application. So I'm trying it with a package. Do I need to specify a variable in the task sequence step like _SMSTSMDataPath or the startup folder in the package to make it copy? After the install of the OS is completed, I can see the batch file and the license file on the client system. So I'm not sure why the program in the application did not work. The AppEnforce.log said that the dependency couldn't be found. Which I corrected because since the Web Security software was not installed, and the dependency pointed to a specific directory in order for the license copy to run, it fails because Web Security needs to install first. So I guess the short is, if during a task sequence I need to copy a file from whatever directory its in to a specific location on the client, what's the best way to do that?
-
I have never had very good luck with those. The only one I have used is ORCA to modify the properties of an app. Most applications nowadays have either the standard MS switches or specific switches to install silently, noreboot etc. Is there a specific app you are having trouble with?
-
This can be especially frustrating if you don't have control of your network/switching gear or DHCP. I've had many a times where we do a refresh of network/server equipment and for whatever reason the IP Helper address on the switches was added incorrectly. Glad you got it worked out.
-
Disk Space
NullSID replied to ogeccut's topic in System Center Configuration Manager (Current Branch)
I'd agree with Jorgen. Placing Source Files and the content on the same drive will eat up a ton of space. I would pickup a external drive (If there is no room for an internal drive) and just add it to the lab. Cost you less than 100 buck/quid. -
Actually, I got it to work from command line now so I just need to test deployment again. I built a package and ran SETUP.EXE /SP- /VERYSILENT /NORESTART /SUPPRESSMSGBOXES.
- 6 replies
-
- deployment
- sccm20120
-
(and 1 more)
Tagged with:
-
OSD issues - Windows 10 - Surface Pro 4
NullSID replied to tompsmith's topic in Configuration Manager 2012
I've had issues with that. Is this two different management points ? The one you tested the vm on and the other? I had this with 4 sites in China and turned out that the service account didn't "fully" replicate all the attributes so it would die at domain join. Try using a different account that had the same permissions as your existing one under site client settings. I can't remember the exact path but it's the location you put the account to install the configuration manager client.