IT Consultant Everyday Notes

Just some problems/solutions storage

SCCM: Use CSV file to introduce a new machine to SCCM

 

Most commonly CSV file is used in the following format (optional SMSBIOS GUID is omitted between two commas):

Computer_Name,,MAC_Address

 

We can actually add headers to get it more readable

Name,SMBIOS GUID,MAC Address
Computer_name,,00155D01044C

 

If you are planning to use the new machine in REPLACE scenario with USMT you can create necessary association automatically by adding an old computer name to the CSV. Do not forget to capture user data from that old computer before you try to restore them to the new one! Smile

Name,SMBIOS GUID,MAC Address,Source Computer
New_Computer_name,,00155D01044C,Old_Computer_name

 

 

Note: if you use headers in CSV file do not forget to select the checkbox in Import Wizard:

 

image

Windows Server 2016: Guides, including Nano Server

Applocker: How to block built-in Apps

Jorgen posted a nice information on the subject

SCCM 2012 R2 SP1: Boot Image issue

I recently upgraded my SCCM 2012 R2 infrastructure to SP1.

As the first step I uninstall ADK for Windows 8.1 and installed ADK for Windows 10. This is not a requirement, but I found it is much easier to replace ADK during SCCM upgrade than change it later.

I followed this guide for upgrade.

Upgrade passed smoothly, but I noted 64-bit boot image was not upgraded and still showed an old (Windows 8.1) version. I tried to update it from SCCM console, but that attempt failed.

So, I found this article recommending to set exceptions in Antivirus for c:\windows\temp\bootimage folder and <ConfigMgr Instalation folder>\osd\boot folder. After that I could create a new image for 64-bit platform, but still could not fix the default one.

Kent Agerlund recommends to re-copy winpe.wim  from ADK to replace both boot.wim and boot.<PakageID>.wim files and after that RELOAD the proble boot image. I did it and found I am missing a bunch of tabs when open Properties of a boot image! including one with reload button.

Fortunately I found another article describing how to reload the image using PowerShell. Thank you Justin, you wrote your script just in time!

Here is Justin’s script (be sure you replace site code and Package ID):

# ################# DISCLAIMER
# Microsoft provides script, macro, and other code examples for illustration only, without warranty either expressed or implied, including but not
# limited to the implied warranties of merchantability and/or fitness for a particular purpose. This script is provided ‘as is’ and Microsoft does not
# guarantee that the following script, macro, or code can be used in all situations.

# Replace line 9 with your SiteCode
# Replace line 10 with the boot image PackageID to Reload

$SiteCode = “PR1”
$BootImage = Get-WmiObject -Namespace “root\SMS\site_$($SiteCode)” -Class SMS_BootImagePackage -Filter “PackageID = ‘PR100003′” -ErrorAction Stop
$BootImage.ReloadImageProperties()

 

I also need to set Exectution policy to allow the script to be ran:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

As soon as the script finished necessary tabs reappeared in SCCM console right OS version was indicated for the boot image and I could distribute the image to DPs successfully.

Lync: Request certificate for Reverse Proxy

First of all, Microsoft has an article for that.

But, the article did not work for me – Entrust needed additional fields (like Country, Locality) filled and for some reasons all my CSRs had 1024 key request even though I put 2048 in MMC Wizard.

Finally I decided to do it old way, via .inf file and certreq tool.

here is .inf file I created:

SNAGHTML4b3b961

Note: the CSR requests SHA-1 certificate. Microsoft supports SHA-1 until 2017. You can tweak it to request SHA-2 cert.

PKI: How to clean faulty Certificate Request

I recently needed to update an Entrust certificate on my Lync Reverser Proxy. Lync does not have a Wizard to generate CSR so I used Microsoft KB https://technet.microsoft.com/en-us/library/gg429704(v=ocs.15).aspx to generate it. Unfortunately KB does not say you need to add Country, Locality and other information and CSR generated failed on Entrust. I added information, but in this case CSR failed because of key length – it has 1024 even though I put 2048. so I end up with several faulty CSRs. How to clean them out? Google search brought me some powershell scripts. Looked a bit too complex. Finally I found an answer on ExpertExchange.

You can basically use certificates MMC (local machine store) and delete unwaneted CSRs there. After that remove CSR files from location where you saved them.

SNAGHTML4a65622

Networking: How to control source IP on multi-IP adapter

In some cases I need to bind multiple IP addresses to a single adapter.

 

like this:

SNAGHTML3f24e8bc

How to control which of them will be used as a source? It can be necessary let say for firewall rules.

The matter in fact there is RFC 3484 describing set of rules.

Since Server 2008 SP2 Microsoft offers a mechanism of control. Instead of adding additional IPs via GUI you need to use NETSH command and skipassource flag like this:

Netsh int add address <Inetrface name> <IP address> skipassource=true

IP addresses left can be used as a source as per RFC.

I found this advice here

SCCM 2012: SUP does not synchronize updates

I noted my ADR did not created a Software Group for Patch Tuesday. I checked Software Updates and found fresh updates were not sync’ed on schedule. Manual sync did not help either.

Resolution: remove Classifications from SUP properties, wait while it will be sync’ed to WSUS. Add classification again and restart Update Synchronization.

In my case fresh updates were synchronized successfully after that.

Windows 10: Change One Drive location

I have W10 on couple of my machines and left default One Drive location one one of them. As a result it quickly filled the drive. Tried to find a way to change OneDrive cash location drive but without success until find the following article:http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_files/cannot-change-or-move-default-folder-for-onedrive/f769a16c-26b1-41cc-89d3-a0737a01837a

 

Hare is the way:

  • First, go to Add or Remove Programs in the control panel and find Microsoft OneDrive
  • Right click and uninstall 
  • Reboot (This might not be necessary, I did it for luck) – UPDATE:  Yes, it’s necessary. Hat tip to oblio9. 
  • Go to C:\Windows\SysWOW64 and run OneDriveSetup.exe – Here’s the full path if you just want to cut and paste into in Win-R: C:\Windows\SysWOW64\OneDriveSetup.exe

SCCM 2012: Application Catalog WebService Point failed with “Parameter set cannot be resolved using the specified named parameters.”

 

I tried to install the abovementioned role using Powershell. I followed Microsoft example letter by letter but it still failed with a nasty PowerShell error “Parameter set cannot be resolved using the specified named parameters.”

SNAGHTML53b83032

Finally I found a spreadsheet on http://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0CDYQFjAE&url=http%3A%2F%2Fcm12sdk.net%2F%3Fwpdmact%3Dprocess%26did%3DMTQuaG90bGluaw%3D%3D&ei=ZVvBVMLiMIacyAT174JY&usg=AFQjCNG9mVW1L-nWqtbI813UbYzrFKCXlQ&bvm=bv.83829542,d.aWw

 

and put parameters EXACTLY in the order mentioned there. (I know, it is crazy). Surprisingly, the cmdlet works now .

SNAGHTML53bae000

Follow

Get every new post delivered to your Inbox.