ConfigMgr “obsolete” clients

May 5, 2011 1 comment

Do you have clients that sometimes do not get any advertisements and you cannot figure out why. Have you checked to see if the client has multiple records in the ConfigMgr database? One or more of those records is likely obsolete. This means that the record was superseded by a newer record for the same client.

To get the client to see advertisements you can easily delete the obsolete record(s) from the console and then initiate the “Machine Policy Retrieval & Evaluation Cycle” on the client either manually or using SCCM Client Center or SCCM Right Click Tools.


Now that is only a short-term solution. In the console you can enable a task found in “System Center Configuration Manager – Site Database” – Site Management – SITECODE – Site Settings – Site Maintenance – Tasks”. There is a task named “Delete Obsolete Client Discovery Data”. This will not be a sure fire every time but will automate a good chunk of it.


The key with this task is to have it run at an interval greater than the heartbeat discovery schedule. For example if your heartbeat schedule is set to 6 days you would want this task to be set to delete data older 7 days.


Categories: SCCM, SCCM Client

ConfigMgr OSD TS commands not working with Windows Server 2008 R2

May 4, 2011 6 comments

I ran into some inconsistency with commands working with my ConfigMgr task sequence when deploying Windows Server 2008 R2. I am creating a build for Citrix XA6. When I ran certain commands via the TS to do this in Windows Server 2008 R2 it did not work. In the full OS it worked just fine. So my good friend Chris Nackers gave me a couple of ideas. Basically Chris said to dig into what is being called, where it resides, and force the TS to work that way.

One of the applications that we need installed (HP Quality Center) requires that DEP is turned off.

The command I need to run is: bcdedit.exe /set {current} nx AlwaysOf
In the TS I need to run: cmd.exe /c "bcdedit.exe /set {current} nx AlwaysOff"

The next trick was to “Disable 64-bit file system redirection”. So, BCDEDIT.EXE is in C:\Windows\System32 in Windows Server 2008 R2 and it seems that when I combine the command in the TS and that checkbox things work. I also added “C:\Windows\System32” as the “Start in:” folder but I am not certain that this is necessary.


The Citrix XenApp install also had some issues using the following command prompt required a temporary disabling of driver integrity check. If you do not specify this it will give you a security warning and say that an unsigned driver is trying to install. So without this it will not install silently.

Installation: XenAppSetupConsole.exe /log:c:\XA6_Install.log /install:XenApp /Platinum
Command I had to run first: bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
How I need to use in the TS: cmd.exe /c "bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS"


Likewise I enabled the driver integrity check when done by using:

cmd.exe /c "bcdedit -deletevalue loadoptions"


Disabling the Windows Firewall in a SCCM Task Sequence

To do this you can add “Run Command Line” from “General” and add the following command.  I usually put a “Time-out (minutes):” value of “1”.

Netsh firewall set opmode disable


***UPDATE*** For Windows Server 2008 R2 you will want to use the following to disable the firewall for the current profile:

netsh advfirewall set currentprofile state off

If you have issues passing the command via the TS check this out:


ConfigMgr OSD & Citrix XenApp 6 Updates

So we have been working on automating Citrix XA6 server builds using ConfigMgr OSD. One of the challenges we had to overcome were the Citrix XA6 updates. For the most part they can install just fine with a “/qb /norestart”…but then there are XA600W2K8R2X64010 and XA600W2K8R2X64026.

Both of these updates require some applications to be stopped. While you can pass commands to kill the process or write a script to handle this you will still run into problems with XA600W2K8R2X64010. This update in particular caused me some headache. I wrote a script that killed all of the services that it was prompting me about. Then it said that Terminal Services needed to be installed for the update to apply…but wait…that was one of the processes I had to kill to get rid of the message. So, I removed that step in my script to leave Terminal Services running since it seemed to need it…then it prompted saying that it needed to the process/application to be closed. Sort of like a dog chasing it’s tail, huh?

Then I stumbled upon the following command line syntax. This works with all of the .msp files and in such a way that it will not care what is running or require any intervention. So no script required and I just created a package with the updates and associated programs.

msiexec /qb /passive /norestart /p filename.msp

This worked for sure with the following:


VBScript: Bypass the "Open File – Security Warning" dialog from VbScript

April 29, 2011 Leave a comment

This is awesome! Helped me in a big way. The link below has the information to temporarily disable the “Open File – Security Warning” dialog and then set it back when done via VBScript.

Categories: VBScript

“Install not allow as another job is still in progress.”

April 28, 2011 Leave a comment


I was having an issue with a ConfigMgr client not installing updates and other software today. While the first thing I did was try to determine if, “my favorite thing Windows XP has to offer” – sarcasm, WMI was corrupt it did not appear so at first. No matter if the device was reboot, machine policy reset, killing running jobs,  etc. nothing would happen other than the error “Install not allow as another job is still in progress”.

Then I stumbled upon some advise in the TechNet forums that pointed to WMI issues and suggested that I use Client Center to “Delete root\ccm” and let the ConfigMgr client repair itself.


About 7 minutes later I was anxiously watching the “ccmexec.log”, “execmgr.log” and “updatesdeployment.log” files on the remote device…but nothing – and I was impatient so I did a remote re-install using PSTOOLS only to find that WMI was still an issue. I ended up having to rebuild WMI – not the route I would have liked to have taken out suggest doping out of the gate.

What seems like an eternity later (30 minutes of working in this amongst other priorities) I am seeing a repaired client chatting it up with the servers like crazy so I am anxiously watching again…

FINALLY! The updates are applying and things look way better.

Source link:

App-V package not streaming to client using ConfigMgr

April 28, 2011 Leave a comment


If you get the following error, or something similar, when trying to deploy an App-V package using ConfigMgr there could be a variety of reasons for it’s cause.

Failed to instantiate Updates UI Server
{2D023958-73D0-4542-8AD6-9A507364F70E} with error 8000401a

Maybe the “Advertised Programs Client Agent” found within the ConfigMgr console in “System Center Configuration Manager – Site Database – Site Management – SITECODE – Site Settings – Client Agents” does not have the appropriate settings (see the screenshot).


Maybe IIS is not configured properly on the DP the client is trying to pull from.

Maybe the package is not located on the DP and you have protected sites configured.

Or, as it was in my case, maybe somehow the Windows Firewall is on and does not have any exceptions so it is blocking the traffic.

The bottom line is that it is not necessarily a client-side issue and I would suggest looking for configuration mistakes – we are all human after all.

%d bloggers like this: