SCCM Cannot Build Unknown Machines

Update: Microsoft suggest (despite the ambiguous wording) that the latest hotfix does resolve this issue. It may also be worth updating your boot images after applying the hotfix to ensure the fix applies.

This is a bug introduced in SCCM version 1702 where unknown machines can not be built as they cannot find a task sequence. The main symptom is unknown machines will reboot before you get to the SCCM password screen when network booting – you will see the background image.

Fix

  1. Run this query on the database to find computers matching the GUID: select * from System_DISC where SMS_Unique_Identifier0 like ‘%ce458683-a99a-4898-97dd-85e72e1478ab%’
  2. Remote onto the machine identified in step 1
  3. Stop the service SMS Agent Host on the machine
  4. Delete the machine from the SCCM console
  5. Delete C:\Windows\smscfg.ini on the machine
  6. Start the service SMS Agent Host on the machine

Note

Step 1 assumes the Unknown Computer GUID. If that finds no results it may be the case that there are new Unknown Computer objects (this may happen when upgrading SCCM for example).

To find the Unknown Computer GUIDS, run the following query on the database: select * from System_DISC where SMS_Unique_Identifier0 like ‘%ce458683-a99a-4898-97dd-85e72e1478ab%’

 

How to run a query

  1. RDP to uiwdbsms03
  2. Launch SQL Server Management Studio
  3. Connect to UIWDBSMS03
  4. Expand Databases
  5. Right click on UN2 and select New Query
  6. Paste in the query and click Execute
  7. The results in this example show the offending computer that has stolen the GUID

 

SCCM cannot encrypt Windows 7 during OSD

I came across this problem which manifested itself differently in a few cases but the most common result is something like this:

Windows 10 1511 (build 10586) includes a new bitlocker encryption, XTS-AES encryption algorithm, which cannot be read by earlier versions of Windows including Windows 7, 8/8.1 and 10 older than v1511.

The fix is documented here: https://social.technet.microsoft.com/Forums/en-US/07c809fc-486b-49aa-8df8-70e374d90402/sccm-2012-r2-sp1-preprovision-bitlocker-windows-7-cannot-read-drive-after-reboot?forum=configmanagerosd and all credit goes to Anders Horgen for creating a PowerShell script to apply the fix. It may be a little overkill but it works so here it is: OSD_Set_BitLocker_Chiper-v1.0.0.ps1

Steps to implement this fix:

  1. Create a new package (or use an existing if you prefer)
  2. Add a new step to your TS just before Pre-provision BitLocker
  3. Fill it in something like this:

MDT and Language Issues

New issue here with deploying an automated MDT build of Windows 7.

I found after deploying that the clock was in US format, the keyboard – US, everything defaulted to US. I couldn’t find an obvious quick way of rectifying this through MDT, so here is the easiest solution, no rebuilds necessary. Not something I’d come across before using old skool hand made images.

When applying the image in an SCCM task sequence, specify an answer file. Here’s the answer file I created for Windows 7 SP1 x64: en-GB unattend

To create your own, follow the guide here: http://www.scconfigmgr.com/2014/01/30/create-an-answer-file-for-language-settings-during-osd-with-configmgr/

Citrix Receiver install script

This is my script for installing Citrix Receiver. The reg changes are to stop it launching on startup and to stop the nag for a user e-mail address that it needs on first run. This still cannot be prevented (to my knowledge) if the user is logged on during install, so either make it available in SCCM Software Center or if you can garantee no user will be logged in during install (and won’t login half way through) then go for a required hidden install.

:InstallCitrix
CitrixReceiver.exe /noreboot /silent

:CheckOS
IF EXIST "%PROGRAMFILES(X86)%" (GOTO 64BIT) ELSE (GOTO 32BIT)

:64BIT
reg add HKLM\software\Wow6432Node\citrix\dazzle\ /v startmenudir /t reg_sz /d "\UoN Citrix" /f 

REG DELETE HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /v CitrixReceiver /f
REG DELETE HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /v ConnectionCenter /f
REG DELETE HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /v Redirector /f

:32BIT
reg add HKLM\software\citrix\dazzle\ /v startmenudir /t reg_sz /d "\UoN Citrix" /f 

REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v CitrixReceiver /f
REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v ConnectionCenter /f
REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Redirector /f


:END
exit

 

App-V 5 Recipe: Anaconda

Key points of sequencing Anaconda:

use a PVAD

Install Anaconda to C:\Anaconda_x_versionhere\

After installing, in the sequence do the first run tasks, change preferences and change any settings to point the PVAD.

Screenshots planned.. one day.

Sorry for the briefness!

Resources for Upgrading from SCCM 2012 R2 to R2 SP1

Here are 3 handy resources to have a read through before going ahead with the upgrade.

Technet’s own

Well worth a read through the full section for the SP2 upgrade as it applies to R2 Sp1 too. So the check list, considerations and planning to upgrade to Sp1 right at the end of the article.

Test the database prior to upgrading

Expand the “To test….” section for better instructions on how.

And finally, a great Step-by-Step SCCM 2012 R2 Sp1 Upgrade Guide in pictures.

MDT Won’t Capture the WIM

So MDT won’t capture. Towards the end of BDD.LOG I get this:

Error creating an image of drive C:, rc = 2
ZTIBackup COMPLETED.  Return Value = 2
ZTI ERROR - Non-zero return code by ZTIBackup, rc = 2
Command completed, return code = -2147467259
Litetouch deployment failed, Return Code = -2147467259  0x80004005

The problem here became pretty much obvious on going just a few lines up:

About to run command:

"D:\Deploy\Tools\X64\imagex.exe"  /append C: "\\PUIP02932\DeploymentShare$\Captures\WIN7X64X32_6-3-2015.wim" "WIN7X64X32CDrive" /flags Enterprise

Due to the default naming of the captured WIMs, you cannot capture the same task sequence twice in a single day without deleting/moving/renaming the first capture.

App-V 5.0 SP3 Server Install

Recently tasked with upgrading App-V 5 SP1 servers to SP3 I ran into difficulties with the database, deleting a table it wanted to later update. This was down to Microsoft getting the order of execution wrong in their readme file.

Here’s the correct order, a solution I found on technet:

1. CreateTables.sql
2. CreateStoredProcs.sql
3. InsertVersionInfo.sql
4. Permissions.sql
5. UpdateTables.sql

If you’ve already started running the SQL files and found the problem the hard way as I did, here is a fixed CreateTables.sql to re-create the table that was deleted prematurely. Just use it at step 1 in the order.

SFC /SCANNOW

Recently attempting to repair a Windows 8.1 laptop, having trouble running sfc /scannow from a repair cd with this error:

“There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again.”

Doing some searching I managed to find this useful tip and thought it was worth a share:

This error indicates that incorrect arguments were given, or there is a file that needs to be removed or renamed in the \Windows\winsxs\pending.xml path. For this installation, this is D:\Windows\winsxs\pending.xml.

For this particular system, this is the correct command to run based on the output of diskpart above

sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=e:\Windows

In the above example, OFFBOOTDIR should be the 100mb boot partition and OFFWINDIR should be your Windows directory.