IT Consultant Everyday Notes

Just some problems/solutions storage

Azure: Free Public cert for a Lab

Leave a comment Posted by alex416 on August 30, 2018

Recently I needed a free certificate for my Azure Lab. With StartSSL stopped service since Jan 2018 there are still several options left. For example Comodo gives a 90-days trial.

I decided to try Let’s Encrypt service.

Since the service is free (donates are welcome) the process requires some work.

Luckely, I discovered a convenient tool developed by Sverrir Sigmundarson. It work in combination with Let’s Encrypt API Web site https://gethttpsforfree.com/

There is a nice Video Manual at https://www.youtube.com/watch?v=CzbZKrYo7HA

The tool itself is available on Github: https://github.com/sverrirs/GetHttpsForFree-UI

At the end of the process you get a certificate signed by the Public CA. to bind a private key and convert to PFX use OpenSSL command:

openssl pkcs12 -export -in Cert_cert.crt -inkey domain.key -out cert.pfx

Azure: WEB Listener cannot be deleted on Azure Application Gateway

Leave a comment Posted by alex416 on August 23, 2018

Recently I had a project where I needed to put an Azure App Service behind App Gateway.

The Customer also asked to create HTTP-HTTPS redirection for better and-user experience.

I created two listeners (for port 80 and 443) and two rules: one for traffic on port 443 to redirect to my backend pool and the second one for traffic on port 80 – to redirect to my 443 listener. Everything worked fine. We progressed with the project and at a certain time needed to remove the listeners.

From my previous experience I knew – you never delete rules first – delete the listener first. Since we did have a redirection I deleted port 80 listener first. Azure kindly deleted associated rule. At least it is disappeared Smile

Next I tried to delete 443 Listener and at that point got an error saying:

“Failed to save configuration changes to application gateway…. Error: Resource <Path to my 443 Listener> referenced by resource <Path to my HTTP-HTTPS redirection rule> was not found. Please make sure that the referenced resource exists and both resources are in the same region.”

Sounds weird taking in consideration I did not see the redirection rule in GUI.

So I brought Azure CLI (for some reasons MS provided commands for CLI, or maybe I just did not find those for PowerShell) and run

az network application-gateway redirect-config show -g <resource group name> –gateway-name <gateway name>

sure enough the rule was still there.

after that I run

az network application-gateway redirect-config delete –g <resource group name> –gateway-name <gateway name> –n <rule name>

and this time the rule was deleted completely.

After that the remaining listener was deleted without problems.

ARM, Azure App Gateway, Azure

Azure: Azure File Sync–registered servers are offline

Leave a comment Posted by alex416 on August 2, 2018

I am working with Azure File Sync service, it is GA last week and I have a Customer who requires a scenario where AFS can fit.

I tested workgroup servers with AFS in my Lab and everything was ok. After that I decided to check ACL transfer for domain machines. So I brought a DC and joined the servers to the domain. It was working and I successfully tested ACL transfer .

I finished tests, stopped VMs.

Today I started them back and found my AFS Service shows both servers offline and Server end-point Health is in Error state. I tried to restart services, reboot etc.. nothing helped. I tried to remove endpoint – the task failed with time out. Finally I succeeded to unregister one of servers and re-install Storage Sync Client on it; rebooted and re-register. It came back nice and green.

So took a look at the dashboard and found the server name is changed to FQDN for the fixed server, but still a NETBIOS for the server who is offline state.

I guess if the server name changed, or a server is added to a domain the AFS client should be reinstalled…

Uncategorized

SCCM: Windows 10 1803 lost Office 365 shortcuts in Start menu

Leave a comment Posted by alex416 on July 26, 2018

A while ago I prepared a StartLayout.xml file to customize Start Screen for one of my Customers.

He called me today saying everything worked fine for Windows 10 1703 and 1709, but as soon as he created an image for Windows 10 1803, Office 365 Applications shortcuts are disappeared (except One Note).

Sure enough, Microsoft decided it is a good idea to change shortcut names for all apps except One Note Smile

so whatever was “Word 2016.lnk” is “Word.lnk” now! Great idea.

So I needed to create another Startlayout.xml file for 1803 image now. Leaving One Note with “2016” Winking smile

version for pre-Windows 10 1803:

version for Windows 10 1803

Application Delivery, Office, SCCM, Windows 10 Office, SCCM, Windows 10

Azure: How to create a group of devices deployed by Autopilot

Leave a comment Posted by alex416 on June 8, 2018

With Intune update we can create a dynamic group containing all devices deployed by Autopilot (and use this group for Application and Policy assignments).

Here is how to do that (according MS doc):

Create an AutoPilot device group

In Intune in the Azure portal, choose Device enrollment > Windows enrollment > Devices.
In the Group blade:
1. For Group type, choose Security.
2. Type a Group name and Group description.
3. For Membership type, choose either Assigned or Dynamic Device.
If you chose Assigned for Membership type in the previous step, then in the Group blade, choose Membersand add AutoPilot devices to the group. AutoPilot devices that aren’t yet enrolled are devices where the name equals the serial number of the device.
If you chose Dynamic Devices for Membership type above, then in the Group blade, choose Dynamic device members and type any of the following code in the Advanced rule box.
- If you want to create a group that includes all of your AutoPilot devices, type (device.devicePhysicalIDs -any _ -contains "[ZTDId]")
- If you want to create a group that includes all of your AutoPilot devices with a specific order ID, type: (device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881")
- If you want to create a group that includes all of your AutoPilot devices with a specific Purchase Order ID, type: (device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342")
After adding the Advanced rule code, choose Save.
Choose Create.

Keep in mind dynamic group may take several hours to run a query to populate the group. Fortunately the sync can be forced from Devices node in Intune Autopilot section.

Uncategorized

SCCM: Packages 00002 and 00003 are not distributed

Leave a comment Posted by alex416 on February 23, 2018

SCCM 1702, fresh installation. DP is on a standalone server.

Error: When DP is installed SCCM tries to distribute SCCM Client content (packages <SITE CODE>0002 and Client Upgrade package <SITE CODE>00003) to the DP automatically. It can fail in some cases

Resolution:

Go to Monitoring-Distribution Status – Content Status

Select “Configuration Manager Client package”.

Click View Status and go to Error tab.

Right-Click the error and select “Redistribute”

Repeat for “Configuration Manager Client Upgrade Package”

SCCM SCCM

SCCM: Package 00004 distribution failed

Leave a comment Posted by alex416 on February 16, 2018

I installed a DP in SCCM 1702 infrastructure. Packages <site code>00003 and 00004 failed to be distributed.

00003 is easy, it is SCCM Client PAckage and it can be re-distributed from SCCM console.

00004 is trickier – it is invisible in the console.

I found two solutions on the Internet:

1: Redistribute a certain package to DP using PowerShell: https://social.technet.microsoft.com/Forums/en-US/11df0f63-d146-434d-91f3-c4e826fee92c/redistribute-configuration-manager-client-upgrade-package-xxx00003?forum=configmanagermigration

script by MichaelW506

$SiteCode = "XXX"
$PackageID = "XXX00003"
     $distpoints = Get-WmiObject -Namespace "root\SMS\Site_$($SiteCode)" -Query "Select * From SMS_DistributionPoint WHERE PackageID='$PackageID'"
        foreach ($dp in $distpoints)
        {
                $dp.RefreshNow = $true
                $dp.Put()
        }

2. a method suggested by Hau

1. Open an empty notepad and save it as client.acu
2. Copy the client.acu to the inboxes\hman.box folder at the top-level site
3. Monitor the hman.log to check whether the Client Upgrade package gets updated

SCCM

SCCM: PXE boot fails with “Unsuccessful in getting MP key information. 80004005.”

Leave a comment Posted by alex416 on February 13, 2018

I recently faced a weird issue with PXE boot.

Nice error in smspxe.log said:

RequestMPKeyInformation: Send() failed.

Unsuccessful in getting MP key information. 80004005.

etc..

Internet search suggested reinstallation of PXE DP (including killing WDS and fill clean of RemoteInstall). I tried that but without any success.

MP was in a good health, gladly replied to http tests, but I still tried to reinstall it. Obviously without any success…

Resolution: I tried to remember what I did recently, before I first noted PXE issue. MBAM 2.5 was installed!

So I removed MBAM and PXE immediately start to reply, successfully connect to MP etc…

Who knew!

MBAM, PXE, SCCM

SCCM:Speed Up boot image download in WinPE

2 Comments Posted by alex416 on February 7, 2018

Jorgen Nilsson made a whole research tweaking TFTP parameters for WDS; post is ccmexec.com/2016/09/tweaking-pxe-boot-times-in-configuration-manager-1606/

I used it to optimize a Lab on my laptop – I am using Hyper-V with SCCM infrastructure on Internal network.

The best option for my Hyper-V Based SCCM VM is

You can tweak registry settings manually or use a PowerShell script Jorgen kindly provided in his post.

If you goes too aggressive PXE can fail with 0xc0000001

For additional optimization I also use a command line

Powercfg.exe –s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c

In my OSD Task Sequences for WinPE and after each reboot to be sure my VM uses High-Performance power plan.

At the end of TS I set it back to Balanced:

powercfg.exe –s 381b4222-f694-41f0-9685-ff5bb260df2e

PXE, SCCM

SCCM: Backup SCCM using native SQL Backup

Leave a comment Posted by alex416 on December 20, 2017

Native SQL backup has many advantages like compression, for example. Kent Agerlund has a nice tutorial how to automate the backup including saving zipped cd.latest file which is necessary for SCCM CB recovery if you made at least one in-console upgrade for your SCCM. The article is here. Unfortunately his powershell script does not clean old cd.latest archives and that can be a problem taking in consideration their size. In one of the comments under original post a modification was suggested, so Copy cd.latest powershell script would look like:

powershell.exe -command “Get-ChildItem –Path ‘U:\SQLBackup\*’ –Include ‘*.zip’ | Where-Object {$_.CreationTime -lt (Get-Date).AddDays(-7)} | Remove-Item; Add-Type –Assembly ‘System.IO.Compression.FileSystem’ -PassThru | Select -First 1 | ForEach-Object { [IO.Compression.ZIPFile]::CreateFromDirectory(‘e:\program files\microsoft configuration manager\cd.latest’, ‘U:\sqlBackup\cdlatest’ + (Get-Date –format ‘yyyyMMddHHmm’) + ‘.zip’) }”

(of course, change paths to your SCCM installation folder and your backup folders).

With that script implemented only last 7 cd.latest archives will be saved.