I’ll say nothing this time… Build and Capture using HTTPS SUP/DP/MP failing to install updates – no fatal error during the build and capture, just no updates either. For around 30 minutes (default timeout) the Task Sequence would be stuck on ‘Install Updates’ before moving on to the next stage of the sequence, or the Task Sequence may stop with a 0x87d0069b error.
Another day, another System Center 2012 Configuration Manager issue! This time I’m trying to get HTTPS Operating System Deployment working and I’ve encountered an issue where the Auto Apply Drivers task runs but doesn’t actually install the NIC driver that it needs to in order to complete the deployment. After the initial Windows installation, pressing F8 I can see that there are no NIC’s detected – thus the driver is missing. Note that when I’m using HTTP I do not have this problem.
After discussion with MS support the workaround for now is to use an Apply Driver Package task in the Build and capture/Deploy Image Task sequence as illustrated below, disabling or even removing the Auto Apply Drivers task:
In environments where you have diverse hardware this isn;t ideal, in a later article I’ll post some filters that you can use to apply only the required driver packages.
If you are using HTTPS for WSUS in your System Center 2012 Configuration Manager environment chances are you’ll get issues sync’ing updates between your Software Update Point and the WSUS install. The wsyncmgr.log will show entries such as:
Sync failed: UssComunicationError: Web Exception: Unable to Connect to Remote Server
Like many others you’ll more than likely want to change the Company Name presented to your users when a machine PXE boots for Operating System Deployment. By default the Company Name is ‘IT Organization’ but it is really easy to change this branding to a value of your choice, or even multiple values of your choice!
You’ll have probably noticed that the WinPE images supplied with System Center 2012 Configuration Manager are US ‘regionalised’, this is a bit of a pain with complex passwords as the keyboard layout is not correct.
Follow the instructions below to create new UK-centric (en-GB) Boot Images with the correct time zone and keyboard layout.
This simple PowerShell script will convert your WSUS install from HTTP to HTTPS; simply modify the server fully qualified domain name (FQDN). This is also useful for HTTPS-based System Center 2012 Configuation Manager deployments.
Note that you also require the Execution Policy to be set to RemoteSigned (use the command ‘Set-ExecutionPolicy RemoteSigned’ to change this).
{code lang:css showtitle:false lines:false hidden:false}Import-Module webadministration
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value “Ssl” -PSPath IIS:\ -Location “WSUS Administration/APIRemoting30”
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value “Ssl” -PSPath IIS:\ -Location “WSUS Administration/ClientWebService”
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value “Ssl” -PSPath IIS:\ -Location “WSUS Administration/DSSAuthWebService”
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value “Ssl” -PSPath IIS:\ -Location “WSUS Administration/ServerSyncWebService”
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value “Ssl” -PSPath IIS:\ -Location “WSUS Administration/SimpleAuthWebService”
cd “C:\Program Files\Update Services\Tools”
.\WSUSUtil.exe configuressl <server fqdn>
Netsh AdvFirewall Firewall set rule “Windows Server Update Services (HTTPS)” new enable=yes{/code}
Now browse to the WSUS Administration site in IIS and edit the HTTPS binding to use the correct certificate.
Following on from my HTTPS / PKI issues with Secondary Site servers I now hit a-n-other Configuration Manager problem which is HTTPS related!
In my client deployment settings I am specifying an additional installation property – CCMHOSTNAME=<fqdn of external MP> when this is specified it allows clients to roam between IntRAnet and IntERnet management, therefore facilitating Internet Based Client Management.
The one caveat I seem to have found is that when you specify this switch the site servers where the client is connecting from must also be running HTTPS, otherwise you’ll get an error in your Build and Capture / Image Deployment tasks: ‘Error 26001. HTTPS communication protocol must be enabled when the client is Internet Enabled.’
So for now I have the following workaround, use the CCMHTTPSSTATE=1 installation property in the task sequence and the client will deply without issue.
Ran into this after redeploying my System Center 2012 Configuration Manager lab this week, it’s easy to get caught out with this!
When the Build and Capture task gets started you may find the at the ‘Apply Operating System…’ step the task sequence fails almost immediately as below:
Application Virtualisation is not a new technology, yet many companies are not using it. By placing an applictaion in a ‘bubble’ you can run, for example, different version of Microsoft Office on the same PC wihtout any problems – effectively because the application isn’t actually installed.
For the purposes of this article I wanted to see how easy it would be to ‘profile’ (or package) Microsoft Office 2010 for streaming using XenApp 6.5, including configuring offline access.
I’m currently working out a suitable design for a System Center 2012 Configuration Manager deployment. One of the first things that you need to decide is your site hierarchy, specifically should you implement a Central Administration Site (CAS) with Primary Site(s) model or simply a Primary Site with Secondray Site(s) model. You may be one of the ‘lucky’ few where your design is simple and will always remain so!
Having looked into this, and event tested both in a lab I thought I’d share my opinion and experiences, one thing I should make clear at this point in time – there is no single reason for considering whether or not to use a Central Administration Site, in fact sometimes there are political or business reasons to adopt this model regardless of any technical requirements.