SCCM Agent Issues - CCM Agent Notification Agent Disabled
Had issues with a CM Agent on a computer. This agent installed with BITS transfers in foreground:
ccmsetup.exe /BITSPriority:FOREGROUND
The agent wouldn't install normally.
After installed, the component "CCM Notification Agent" was stuck at status Disabled in the Configuration Manager Properties.
Found this in DataTransferService.log:
CDTSJob::HandleErrors: DTS Job '{4C558D5D-CA3F-4712-9483-5E3BBF7D811C}' BITS Job '{B02B8C90-482B-47C6-BBC1-2397BEA72C64}' under user 'S-1-5-18' OldErrorCount 16 NewErrorCount 17 ErrorCode 0x80070426
CDTSJob::HandleErrors: DTS Job ID='{4C558D5D-CA3F-4712-9483-5E3BBF7D811C}' URL='http://SCCM02.domain.com:80/SMS_MP' ProtType=1
The following forum gave me the idea to look into the BranchCache service:
Running the command "bitsadmin /list /allusers" listed a bunch of errors:
{4BD1CBD5-C107-49D7-A478-A4EEAD87E098} 'CCMDTS Job' TRANSIENT_ERROR 2 / 30 10868 / 271558
{B02B8C90-482B-47C6-BBC1-2397BEA72C64} 'CCMDTS Job' TRANSIENT_ERROR 2 / 6 164302 / 266990
Found out that the BrancheCache service was set to Disabled.
After changing the service to Manual and starting it, the agent went up and running perfectly.
Hope this helps someone out there!
Cheers
Unable to request new certificate on TMG Server
Solve this by creating a Firewall Policy for RPC traffic to the Certificate Server Authority.
Distribution Point Configuration Status - SMS Client - Restart might required
Annoying message that doesn't go away even after a restart.
To remove it:
Only one FCoE path active using Emulex OneConnect 14000 Series HBA with ESXi 5.x/6.0
Downgrade to 10.2.477.23 dated 2015-02-02. It's included in the SPP 2015.04 if you're using HP servers.
This is current at this date: 2015-09-21
Replacing vCenter without redoing vRanger configuration
Get the current VM-id via VMware vSphere PowerCLI by running the following commands:
Connect-VIServer <your VCSA>
(Get-VM -name <VM_display_name>).id
Open SQL Management Studio and run the following command to show all tasks:
SELECT * FROM [vRangerPro].[dbo].[BackupTemplateTask] ORDER BY InventoryNodeName
use vRangerPro
UPDATE BackupTemplateTask SET InventoryNodeVirtualizationObjectId='vm-id' WHERE InventoryNodeName='VM_display_name'
Restart the vRanger Service and run the task!
The Report Builder click-once application does not exist on the report server
If you get this error, you need to do the following to fix it!
2. When installing, enter your default target server url, e.g. https://sccm.domain.com/reportserver
3. Open up regedit and change ReportBuilderApplicationManifestName to ReportBuilder_3_0_0_0.application, located under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ConfigMgr10\AdminUI\Reporting
4. Edit X:\Microsoft Configuration Manager\AdminConsole\bin\Microsoft.ConfigurationManagement.exe.config and change to ReportBuilder_3_0_0_0.application in the ReportBuilderMapping section
Done!
Unable to enable user in Lync Server
Error message
Active Directory operation failed on <servername>. You cannot rety this operation: "Insufficient access rights to perform the operation 00002098: SecErr: DSID-03150BC1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0". You do not have the appropriate permissions to perform this operation in Active Directory. One possible cause is that the Lync Server Control Panel and Remote Windows PowerShell cannot modify users who belong to protected security groups (for examle, the Domain Admins group). To manage users in the Domain Admins group, use the Lync Server Management Shell and log on using a Domain Admins account. There are other possible causes. For details, see Lync Server 2010 Help.
Understanding AdminSDHolder and Protected Groups
How to Determine if a User or Group is Protected by AdminSDHolder
To find all user objects in a domain that are protected by AdminSDHolder, type:
Get-ADUser -LDAPFilter "(objectcategory=person)(samaccountname=*)(admincount=1)"
or for a more user friendly output:
Get-ADUser -LDAPFilter "(admincount=1)" | select name
To find all groups in a domain that are protected by AdminSDHolder, type:
Get-ADGroup -LDAPFilter "(objectcategory=group)(admincount=1)"
or for a more user friendly output:
Get-ADGroup -LDAPFilter "(admincount=1)" | select name
Removing the admincount setting
If the user is not supposed to be in a Protected Group, remove the groups that are nested members of the Protected Groups.
Link: http://community.spiceworks.com/how_to/show/2555-user-is-was-member-of-a-protective-group-in-aduc-and-how-to-reverse-that
Then change the admincount to 0 on the user account, either vi ADUC and the Attribute Editor tab, or via the script available here:
http://support2.microsoft.com/?id=817433
Last thing to do is to activate security inheritance on the user account.
The procedure is almost the same when fixing a group, though you need to use ADSIEdit to remove the admincount setting instead of ADUC.
ConfigMgr collections update slowly or not at all
Please read the following article if you're experiencing this.
Reporting stops working after upgrading from Service Manager 2012 SP1 to R2
After upgrading Service Manager 2012 from SP1 to R2 Reporting stops working.
Looking at Data Warehouse - Data Warehouse Jobs in the Service Manager Console some of the jobs are listed as Failed, amongst them, Load.Common, Load.OMDWDataMart and Load.CMDWDataMart.
After a great deal of Googling I came across this site:
Stating the it's a known issue and that all you need to do is to run a SQL-script against 4 databases on the Data Warehouse server.
The databases are:
- DWRepository
- DWDataMart
- CMDWDataMart
- OMDWDataMart
The script:
IF OBJECT_ID('tempdb..#PKFixQueries') IS NOT NULL
DROP TABLE #PKFixQueries
;WITH FactName
AS (
SELECT w.WarehouseEntityName
FROM etl.WarehouseEntity w
JOIN etl.WarehouseEntityType t ON w.WarehouseEntityTypeId = t.WarehouseEntityTypeId
WHERE t.WarehouseEntityTypeName = 'Fact'
),FactList
AS (
SELECT PartitionName, p.WarehouseEntityName
FROM etl.TablePartition p
JOIN FactName f ON p.WarehouseEntityName = f.WarehouseEntityName
)
, FactWithPK
AS (
SELECT f.WarehouseEntityName, f.PartitionName, b.CONSTRAINT_NAME, a.COLUMN_NAME
FROM FactList f
JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE a ON f.PartitionName = a.TABLE_NAME
JOIN INFORMATION_SCHEMA.TABLE_CONSTRAINTS b ON a.CONSTRAINT_NAME = b.CONSTRAINT_NAME AND b.CONSTRAINT_TYPE = 'Primary key'
)
, FactWithDefaultOrNoPK
AS (
SELECT DISTINCT f.WarehouseEntityName, f.PartitionName
, 'PK_' + f.WarehouseEntityName AS DefaultPKConstraint
, 'PK_' + f.PartitionName AS NewPKConstraint
FROM FactList f
LEFT JOIN FactWithPK pkf ON pkf.WarehouseEntityName = f.WarehouseEntityName AND pkf.PartitionName = f.PartitionName
WHERE pkf.WarehouseEntityName IS NULL OR pkf.CONSTRAINT_NAME = 'PK_' + f.WarehouseEntityName
)
, FactPKList
AS (
SELECT DISTINCT f.WarehouseEntityName, f.COLUMN_NAME
FROM FactWithPK f
)
, FactPKListStr
AS (
SELECT DISTINCT f1.WarehouseEntityName, F.COLUMN_NAME AS PKList
FROM FactPKList f1
CROSS APPLY (
SELECT '[' + COLUMN_NAME + '],'
FROM FactPKList f2
WHERE f2.WarehouseEntityName = f1.WarehouseEntityName
ORDER BY COLUMN_NAME
FOR XML PATH('')
) AS F (COLUMN_NAME)
)
SELECT f.PartitionName,
'----------------------------- [' + f.PartitionName + '] -----------------------------' + CHAR(13) +
'IF OBJECT_ID(''[' + f.DefaultPKConstraint + ']'') IS NOT NULL' + CHAR(13) +
'BEGIN' + CHAR(13) +
' ALTER TABLE [dbo].[' + f.PartitionName + '] DROP CONSTRAINT [' + f.DefaultPKConstraint + ']' + CHAR(13) +
'END' + CHAR(13) + CHAR(13) +
'IF OBJECT_ID(''[' + f.NewPKConstraint + ']'') IS NULL' + CHAR(13) +
'BEGIN' + CHAR(13) +
' ALTER TABLE [dbo].[' + f.PartitionName + '] ADD CONSTRAINT [' + f.NewPKConstraint + '] PRIMARY KEY NONCLUSTERED (' + SUBSTRING(pk.PKList, 1, LEN(pk.PKList) -1) + ')' + CHAR(13) +
'END' AS Query
INTO #PKFixQueries
FROM FactWithDefaultOrNoPK f
JOIN FactPKListStr pk ON pk.WarehouseEntityName = f.WarehouseEntityName
DECLARE @PartitionName NVARCHAR(MAX), @Query NVARCHAR(MAX)
WHILE EXISTS (SELECT 1 FROM #PKFixQueries)
BEGIN
SELECT TOP 1
@PartitionName = PartitionName,
@Query = Query
FROM #PKFixQueries
PRINT @Query
EXEC(@Query)
DELETE #PKFixQueries
WHERE PartitionName = @PartitionName
END
After running the script against these 4 databases, start the jobs in the Service Manager Shell using the command Start-SCDWJob -JobName Load.Common -ComputerName <dwservername>. You will see the BatchId and StartTime being updated after running the jobs. Use Get-SCDWJob -JobName Load.Common -ComputerName <dwservername> to get information about the jobs.
DPM-VMM Helper Service not starting!
After installing the VMM Console and Agent on our DPM server to enable back up of Hyper-V Live Migration Cluster, the DPM-VMM Helper Service (VmmHelperServiceHost.exe) does not start on Windows Server 2012.
This can be found in Event Viewer:
Log Name: Application
Source: DpmVmmHelperService
Event ID: 0
Service cannot be started. System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: Requested registry access is not allowed.
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at Microsoft.Internal.EnterpriseStorage.Dls.VmmHelper.RunSpacePool.GetNumberOfSteadyStateRunspaces()
at Microsoft.Internal.EnterpriseStorage.Dls.VmmHelper.CVmmHelperService..ctor()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.ServiceModel.Description.ServiceDescription.CreateImplementation(Type serviceType)
at System.ServiceModel.Description.ServiceDescription.SetupSingleton(ServiceDescription serviceDescription, Object implementation, Boolean isWellKnown)
at System.S...
When trying to start the service in services.msc, it states:
The DPM-VMM Helper Service service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.
VmmHelperServiceHost.exe 7392 RegOpenKey HKLM\Software\Microsoft\Microsoft Data Protection Manager\2.0\Configuration ACCESS DENIED Desired Access: Read
I opened up regedit and browsed to HKLM\Software\Microsoft\Microsoft Data Protection Manager\2.0\Configuration, added the permission Everyone Read to that key and voila! The service started.
Hope this helps someone out as I couldn't find anything regarding this issue on google.
Ciao :)
Unable to install GUI on Windows Server Core
I've been trying to install GUI on a Windows Server 2012 R2 Core with the following command:
Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell -Restart
But it keeps failing at 68%!
After a lot of googling around, I found this page:
It states that GUI cannot be added because the server cannot access Microsoft Update. Looking at %SystemRoot%\windowsupdate.log it shows me that the server is trying to contact our local WSUS for updates, which does not have the appropriate updates needed to add the GUI.
So I created a GPO which disables WSUS and put the server in the OU where I linked the GPO. Ran gpupdate and made sure that WSUS was disabled.
"Computer Configuration->Policies->Administrative Templates->Windows Components->Windows Update" and change "Specify intranet Microsoft update service location" to "Disabled". This will revert it to Microsoft.
Also, to speed up the install, I used the WIM-file from the operating system DVD as a source, mentioned on this page:
dism /get-wiminfo /wimfile:d:\sources\install.wim
dism /mount-wim /wimfile:d:\sources\install.wim /index:<n> /mountdir:c:\mountdir /readonly
Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell -Restart -Source c:\mountdir\windows\winsxs
dism /unmount-wim /MountDir:C:\mountdir /discard
Hope this helps someone else out there!
Cheers!
Missing Scroll Bar SCSM 2012 Portal
Add the following style sheet to the SMPortalPage.master to solve this issue:
<style>
body.v4master {
height:inherit;
width:inherit;
overflow:visible!important; //!important to override the original theme.
}
Unable to invoke runbook
When trying to invoke a runbook in Runbook Designer I get the following error message:
Cannot start runbook 'RunbookName'. The specified account may be missing privileges required to invoke a runbook. Add the account to the Orchestrator System Group to give it the required authority.
The solution is to add the account that you are trying to invoke the runbook with to the local group OrchestratorSystemGroup.
I realized this after finding this error in the System event log:
Source: DistributedCOM
Event ID: 10016
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2A16038A-77D5-4EAA-A7D5-12182AAF3932} and APPID {D1D9ECD5-8094-4FB8-8D69-A3AD701FF02C} to the user DOMAIN\accountName SID (S-1-5-21-1098006967-339498757-315576832-22368) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
When googling this I found the following page:
http://social.technet.microsoft.com/Forums/systemcenter/en-US/dfc465bc-7bbd-483e-b98b-2ba56fa98313/the-applicationspecific-permission-settings-do-not-grant-local-launch-permission-for-the-com-server?forum=configmgrgeneral
1. dcomcnfg, expand Component Services -> Computers -> My Computer -> DCOM Config
2. Click View -> Detail -> Now you will get Application Name and Application ID in right side
3. Scroll down and find the application ID {D1D9ECD5-8094-4FB8-8D69-A3AD701FF02C} -> Right Click -> Properties and select the Security tab.
This is where I found out that the OrchestratorSystemGroup is added here, and that my service account need to be added to this local group.
Cheers!
Cannot backup DPMDB after upgrading to DPM 2012 R2
After updating to DPM 2012 R2 the DPMDB says Agent unreachable in the Protection area in DPM. Looking in the Event Viewer - System Log, there is the following two error messages:
Source: DistributedCOM
Event ID: 10005
DCOM got error "1053" attempting to start the service DPMRA with arguments "Unavailable" in order to run the server: {DA6AA17A-D61C-4E9C-8CEA-DB25DEA52A95}
Source: Service Control Manager
Event ID: 7009
A timeout was reached (30000 milliseconds) while waiting for the DPMRA service to connect.
If you try to start DPMRA.exe manually in a command prompt it says that VssRequestor.dll is missing. After copying this file from another server (C:\Program Files\Microsoft Data Protection Manager\DPM\bin\VssRequestor.dll) to C:\Program Files\Microsoft System Center 2012\DPM\DPM\bin the DPMRA starts successfully.
Unable to upgrade DPM to 2012 R2
When launching the DPM 2012 R2 update I get stuck at the first step, checking prereqs. The error message says:
The instance provided is not a SQL Server instance. Please provide a SQL Server instance.
Looking at C:\Program Files\Microsoft System Center 2012 R2\DPM\DPMLogs\DpmSetup.log, I found the following error messages:
[11/13/2013 10:03:06 AM] Information : Querying WMI Namespace: \\dpm01\root\Microsoft\SqlServer\ComputerManagement10 for query: Select * from SqlServiceAdvancedProperty where ServiceName='MSSQL$MSDPM2012' and PropertyName='Version'
[11/13/2013 10:03:06 AM] * Exception : => System.Management.ManagementException: Invalid class
[11/13/2013 10:03:06 AM] Information : Getting the error code for check : SqlServer and result : 67141632
[11/13/2013 10:03:06 AM] Information : Found Error Code:SqlNotInstalled and Severity: Error
[11/13/2013 10:03:06 AM] Information : Got Error Message: The instance provided is not a SQL Server instance. Please provide a SQL Server instance.
[11/13/2013 10:03:06 AM] Information : Got Error Message: The prerequisite (SQL Server 2008) required to perform this check is missing.
As you can see the error messages states that we're asking for an invalid class when querying the wmi namespace. So we need to recompile the SQL WMI provider with the following command:
mofcomp "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof"
After doing this, the upgrade proceeds normally.
Also, an important thing to mention is that with R2, DPM no longer supports backing up Windows Server 2003!