IT Consultant Everyday Notes

Just some problems/solutions storage

IE 11: How to use an IE Enterprise Mode site list, located on a local drive

Microsoft has a nice article about Interprise Mode implementation. https://technet.microsoft.com/en-us/library/mt270205.aspx

Unfortunately an example for a local file location is wrong. You should put the following value in your GPO:

basically:    “sitelist”=file://c:\Users\<user>\Documents\testList.xml   instead of “SiteList”=file:///c:\\Users\\<user>\\Documents\\testList.xml “ as in the article.

 

for example:

image

SCCM: Prerequisites check for new SCCM build fails. Why?

I am in process of upgrade of my SCCM TP to TP 1601. As the first step I need to check prerequisites. For that I right-click the downloaded update and select Check Prerequisites.

image

After some time it failed. Where we can find out why? Here:

SNAGHTML306dfc18

SCCM: SCCM 1511 does not download 1512, 1601 TP

I decided to test auto update technology introduced with SCCM CB (currently 1511). So, I enabled Service Connector, set it to online and restart SMS_DMP_Downloader. I check the dmpdownloader log and figured out updates cannot be found even though two builds 1512 and 1601 are available at this time…

After some head scratching I decided to install SCCM TP4 instead of RTM version of 1511 (the idea behind was – 1512 and 1601 are Technical Previews, so maybe it cannot be downloaded by RTM version?)

And it looks like it is right – in dmpdownloader.log I found an interesting line:

image

and after that SCCM TP4 download the latest SCCM update (in my case 1601).

SNAGHTML30573085

So I guess you should have a Preview version to download/install/test Preview Builds Smile

SCCM: The complete guide to Microsoft WSUS and Configuration Manager SUP maintenance

SCCM: Cannot install Windows 7 x64 to a UEFI based machine using USB boot media

A Customer asked me to help with SCCM OSD.

He gave me a Dell E7440 (my HP8570w shows the same symptoms) as a test machine and asked to configure an SCCM boot media as a bare metal deployment option. The machine supports UEFI (as almost all modern laptop now), so I went to BIOS and put it to Legacy mode to boot from HDD. This is recommended by Microsoft Core team: http://blogs.technet.com/b/askcore/archive/2011/05/31/installing-windows-7-on-uefi-based-computer.aspx

The problem was to boot from USB though – I tried F12 – Legacy – USB Device and got an error “Selected Boot Device failed. Press any key to reboot the system

I tried to boot UEFI – USB Device. It started and pass all way to the first boot from HDD after imaging. And at that point it failed with “Invalid Partition Table’’ error. And that makes some sense since SCCM partitioned the drive for UEFI, and we are trying to boot in Legacy. Switching to UEFI (according Microsoft Windows 7 x64 should support it) did not help – I’ve got “No bootable devices found – Press F1 to retry boot. Press F2 for setup utility

Still keeping some hope to Microsoft statement I set up UEFI – Hard Drive as bootable device and BIOS and tried to image the machine again. At this point image was deployed, but the SCCM Task Sequence failed with nice:

Bcdboot failed! bcdboot.exe C:\WINDOWS /l en-US failed (15299)
stdout:
Failure when attempting to copy boot files
.”

I found a post from Daniel in this thread https://social.technet.microsoft.com/Forums/en-US/9cd54ce3-e5aa-42df-a51b-cf8fc644843f/sccm-usb-boot-always-booting-in-uefi-osd-always-failing?forum=configmanagerosd where he reasonably mentioned the problem can be in the fact we cannot boot SCCM boot media in Legacy mode. So to fix the SCCM boot media I:

1. Created a WinPE media using Win10 ADK (I use SCCM 2012 R2 SP1, so ADK matches)

2. Tried to boot from it and verified the media CAN boot in UEFI-Legacy on the problem machine

3. Copied the following files and folders from SCCM boot media to the newly created WinPE media to ”convert” it to SCCM boot media Smile

image

4. After that I boot from the new media on the Dell Machine in UEFI-Legacy mode. It successfully booted, imaged itself and started from the new image.

 

SCCM: Update SCCM CB using Updates and Servicing

 

With changing System Center Configuration Manger distribution model Microsoft also changed the way to upgrade the SCCM. So if you have SCCM Current Branch (CB) you have to use “Updates and services” feature to introduce new fixes and features.

Niall posted a very nice step-by-step here: https://www.windows-noob.com/forums/topic/13506-how-can-i-use-updates-and-servicing-in-offline-mode-in-system-center-configuration-manager-current-branch/

Internet explorer 11: Home Page setup via GPO

A customer asked me to create a GPO for IE11. One of the requirements was to lock a home page to local Intranet site, but allow users to add their own secondary home pages in new tabs.

With IE11 GPO ADM installed we have two ways to set up home page

1. Using Internet Explorer settings from ADM:

SNAGHTMLa0d411c

and a similar policy for the secondary page.

The issue here – if we lock the home page a user won’t be able to add secondary home page – the settings will be greyed out

2. Using IE10 preference (IE10 preference are compatible with IE11+ as per   

https://support.microsoft.com/en-us/kb/2898604 )

DO NOT FORGET to press F5 after you add a site name in home page field!

SNAGHTMLa120767

In this situation the primary home page will be enforced and the user will be able to add secondary page, BUT the user settings will be saved until GPO refresh which will revert everything to the state set in Preferences

 

Resolution:

I left both IE Settings and preferences in ‘Not Configured’ state and created a custom Registry preference to populate ‘Start Page’ value under HKCU\Software\Microsoft\Internet Explorer\Main key with URL of the Intranet site. That will enforce primary home page and leave custom secondary pages unchanged.

SNAGHTMLa1935a8

 

Here are the IE settings on a Client machine:

image

Azure: Subscription is not visible in Azure Portal after move between accounts in EA Portal

 

 

I moved a subscription from one account in my Enterprise Agreement Portal to another. After that subscription disappeared form Azure portal of the admin of the first account and never appeared in the portal of the admin of the second account.

MS case was escalated to Microsoft Engineering team, but resolution was actually pretty easy: It looks like subscription administrator gets corrupted during transfer. TO fix it go to

account.windowsazure.com

logon as the subscription owner

open the subscription and go to Edit Subscription Details

SNAGHTML5ba51bf

remove garbage under Service Administrator and put the proper Administrator Live ID there:

SNAGHTML5bbf349

 

After that the subscription should be visible under portal.azure.com for that Admin.

Azure: Azure AD Connect version history

Azure team keeps updating Azure AD Connect tool much more often than I thought Smile

New features/fixes every month!

 

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-version-history/#1091310%20

Lync 2013: Multi-user IM conferencing issue (really Certificate chain issue)

 

Our IT guys called me seeking for support with a weird issue. Multi-user IM conferencing starts to fail. I checked and see an attempt to start “Meet now” failed too with error on connection to conferencing server.

On Client side it gives Error 500 (source ID 239).

SNAGHTML100c6331

In Event Log of Front end Server I saw Event ID 32042 from LS User Services:

“Invalid Incoming HTTPS Certificate”

SNAGHTMLfff905b

 

I checked the certificate and it looked perfectly fine, not expired and with a proper chain.

Next day most contacts in Lync Client were observed in “Updating…” state. Not good.

 

Resolution:

We deployed a Microsoft KB 2901554 to fix SChannel Authentication Provider on Windows Server 2012 R2

Next I Run the following Power Shell command (one line):

Get-Childitem cert:\LocalMachine\root -Recurse |Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File c:\computer_filtered.txt

to figure out if there are any intermediate certs in Trusted Root certificate folder as recommended in this article

And found one certificate in the wrong container. I moved it in Intermediate Certification Authorities and restarted Lync Services. After that the issue seems to be resolved.

Follow

Get every new post delivered to your Inbox.