Thursday, November 25, 2010

VB Script to run gpupdate.exe /force silently without a reboot

If you use Gpupdate.exe /force in your logon scripts ypu would've of found by now that sometimes if not most often when running gpupdate.exe you are asked to either logoff or reboot to apply configuration settings. You've also probably found that there is no exact command like 'Gpupdate.exe /Force /Silent.'

The below VBscript below will run Gpupdate.exe /force without any user interaction it will also not show any log off or reboot requests.

To implement this in a logon script place the code below into its own SilentGPupdate.vbs file. Then call it from your logon script, I've set the WshShell.Run not to wait to finish each command because gpupdate.exe can run in its own space and time (doing this will keep your login times quick).

'VB Script for Refreshing GroupPolicy Settings silently
'Script Version: 0.2
'Created: 25/11/2010
'Created By:

'Define Variables and Objects.
Set WshShell = CreateObject("Wscript.Shell")

'Note: Gpupdate command has to be run twice as the ECHO command can't answer more than one question.

'Refresh the USER policies and also answer no to logoff if asked.
Result = WshShell.Run("cmd /c echo n | gpupdate /target:user /force",0,true)

'Refresh the Computer policies and answer no to reboot.
Result = WshShell.Run("cmd /c echo n | gpupdate /target:computer /force",0,true)

'Hand back the errorlevel

Props to Craig for pointing out that if you name the script gpupdate.vbs you will cause a loop.

Wednesday, November 24, 2010

General BITS troubleshooting

Iboyd has a great writeup on how and where to check various BITS settings in SCCM.

One line in his post rings very true
"With BITS, you have to remember that, in simple terms, you’re downloading files from an over-glorified website. That means that your file transfers are dependent on the IIS instance running on the distribution point."

Tuesday, October 05, 2010

What does this advertisement status message mean?

Bredban of the "Random helpful stuff that I have found along the way" blog has kindly posted information of the what the various status messages mean in your SCCM advertisements."

Friday, September 17, 2010

DNS Alias doesn't work when pointed to a 2008 server

Say you replace a  server and just want to use an DNS alias to keep the original name of the service. When you try this on windows 2008 it may not work because of 'Strict Name Checking' that is enabled in the system registry of the Windows 2008 server you are trying to access.

We found that

2. On the Edit menu, click Add Value, and then add the following registry value:

Value name: DisableStrictNameChecking
Data type: REG_DWORD
Radix: Decimal
Value: 1
Then rebooting the server fixed the issue. 

I know this link looks to be only for Windows 2000 and or 2003 but I found it also effective for Windows 2008

Wednesday, August 11, 2010

Error updating boot.wim's - Failed to Import the following drivers.

"Failed to Import the following drivers". If you are getting this error when updating the boot.wim's MAKE SURE your source drivers are still in the same location.

I found that a source directory had been renamed and therefore SCCM failed inject drivers with a very strange error message.

Failed to inject a ConfigMgr driver into the mounted WIM file
     The ConfigMgr Provider reported an error.: ConfigMgr Error Object:
     instance of SMS_ExtendedStatus
                     Description = "Failed to insert OSD binaries into the WIM file";
                     ErrorCode = 2152205056;
                     File = "e:\\nts_sms_fre\\sms\\siteserver\\sdk_provider\\smsprov\\sspbootimagepackage.cpp";
                     Line = 4262;
                     ObjectInfo = "CSspBootImagePackage::PreRefreshPkgSrcHook";
                     Operation = "ExecMethod";
                     ParameterInfo = "SMS_BootImagePackage.PackageID=\"SSD00001\"";
                     ProviderName = "WinMgmt";
                     StatusCode = 2147749889;

Go into SCCM and view the source files of the drivers its failing to install. You'll probably find that SCCM can't find the source because someone has moved or deleted the folder.

In my case this affected about 50-100 drivers.. I used the View add columns to sort by source location to remove all the missing drivers and re-add the missing drivers.

Friday, July 02, 2010

How to remove a corrupted MSI/MST (Error 1721)

I found this out the hard way. I was working on a MSI package creating the 'Transform' (MST file). I added a custom action to register an EXE from a 'locally installed file' in the MST. Silly me I put this action into the removal section instead of the install section. Net result the MSI would install but would not remove because it was trying to run a EXE it had already run during the installation process.

This really caused me a afternoon of headaches as I could not remove the software using the MSI. it kept trying to uninstall using the now corrupted MST file (Not really corrupt just badly coded). Even if I tried to run the unistall from the source it kept using the local copy of the MST with the bad instructions.

The error in eventvwr was - '1721 MSI error'.

The solution turns out to be pretty simple we just needed to remove the local copy of the MST and then uninstall.

The Local MST can be found in two places. If the MSI was installed under the 'USER' context then you'll probably find the MST file under the Users profile. If it was installed under the 'SYSTEM' context then you should be able to find the MST file under the %windir%\installer\{GUIDID} directory.

Simply delete the MST files and then uinstall using the source MSI files.

This method worked for me.. If it works for you please leave a comment.

Thursday, June 17, 2010

The ConfigMgr console could not connect to the ConfigMgr site database

The ConfigMgr console could not connect to the ConfigMgr site database. Verify that this computer has network connectivity to the SMS Provider computer and that your user account has Remote Activation permissions on both the ConfigMgr site server and SMS Provider computers. For more information, see "How to Configure DCOM Permissions for Configuration Manager Console Connections" in ConfigMgr Help.


Rebooted Windows 2008 server and the connection worked again. 

Friday, May 07, 2010

How to Enable Remote Control in WinPE 2.0 (SCCM OSD)

Note: It seems this post is starting to become quite popular. I'm going to re-write this and include some pictures to make it easier to setup. 

I recently spent some time figuring out how to enable remote control in WinPE 2.0

What you need:
- WinPE2.0
- TightVNC beta client (2.x)
- Access to your Boot.wim files and ImageX.
- Regedit access in your boot.wim.
- VBscript knowledge.

Basically what we are going to do is write a script that:
- Disables the inbuilt firewall included with WinPE 2.0
- Imports a few registry entries for TightVNC
- Installs TightVNC as a service and then starts it.

Then we'll edit our boot.wim to execute our start up script before the Task Sequence prompt is is show so the service is installed,enabled and waiting for remote control.

1. Source the TightVNC files: You need the latest Beta software as the current standard software will not work in WinPE 2.0 because of vista's new security of  launching all services in a different system account to normal (system0/1)

Extract the Tight VNC files and then you need to grab the TVNserver.exe and Screenhooks.dll.  (also under the GPU you need to copy the license files I believe.)

Copy these files to a temp directory to allow us to set up the application and test it.

2. Next  you need to create a vbs script  like the following;

'Installer Script for TightVNC Service for WINPE
'Version: 1.0
'Created: 29/04/2010
'Created By:

'Disable firewall,Import VNc settings,Install the service,Start the service.

'Define WshShell
Set WshShell = CreateObject("Wscript.Shell")

'Disable WINPE Firewall
WshShell.Run("wpeutil disablefirewall"),0,True
WshShell.Run("regedit /S vncset.reg"),0,True
'Install the VNC service
WshShell.Run("tvnserver.exe -install -silent "),0,True
'Start the VNC service
WshShell.Run("tvnserver.exe -start "),0,True

Save it as install.vbs

Next create a registry file like the following..

Windows Registry Editor Version 5.00

Save it as VNCset.reg

Now we need to crack open your boot.wim using DISM.exe for this (Search technet if you need to know how to use it) Then we are going to the startnet.cmd file to make it execute Install.vbs before the the task sequence prompt..  How to do this is already described well enough here

Once you've set all this up boot up into youe WinPE and make sure the startnet.cmd files have run. 

you should then be able to use the TightVNC client to remotely connect to a machine running a Tasksequence through WinPE.. There are a few small problems though.. When booting into WinPE the Workstation (Computer name) is changed to something random..

A few solutions to the random computer name issue:
- Use BGINFO to tattoo the background with the temp computer name.
- Add a step that grabs the Pc name and e-mails it to an admin mailbox. (you can't use CDO for this you have to use a simple SMTP sender which  I may cover in a new post).

As per usual... if you find this guide handy please leave me a comment so I know it worked for you.

How to use a collection variable to prompt for a computer name during an OS Deployment Task Sequence in System Center Configuration Manager 2007

Thursday, February 18, 2010

Conflicting records in SCCM after re-imaging a system using PXE or DVD/USB

I've found that when if I re-image system that is already in SCCM a new record is created but the old record for the asset is not removed. Its actually very frustrating as it means that the wrong record can be put in a collection and therefore never work the way it was intended.

The duplicate/conflicting record doesn't appear if you re-run the task sequence the run advertised programs within windows.

What happens is when the task sequence comes up to the installing SCCM client it generates a new client ID which is why it creates a new record in SCCM. But the big problem is it doesn't delete the old record it just creates a new one with the same name but new GUID and ClientID.

I've been racking my mind for a solution to this issue. It turns out a earlier solution was almost in place I just needed to tweak a few things.

The solution I've come up with;

-Setup the Task System variable for OSDComputerName on the Unknown Computers collection
- Create a VB script that detects if this is a 'new' system or an 'existing' system. This can be done using a VBscript that checks if OSDComputerName variable is Null; if it is then we know it an existing system.

- If OSDComputername variable is Null then read the SMSMachineName variable and delete it from SCCM just before we install the client.


Friday, January 22, 2010

0x80091007 Task Sequence Failure.

This error was popping up on the failure on our main task sequence during the 'Setup Windows and Config Manager" section.

We had issues with the PXE Service Point Point the day before and had to reinstall PXE service Then upload all the now missing packages It turns out the SCCM agent package didn't update correctly on the distribution point.

'Refreshing' the package fixed the issue. Don't just 'Update' the DP as this just does a compare and uploads if different. Refresh copies all the files again.

If you are having this problem yourself i'd like to hear from you about it. Please leave a comment I might be able to help.