ConfigMgr Frontline

Delivery Optimization can be a powerful tool to help manage your content. However, getting things configured can be confusing and daunting. Here I've broken out the steps to get you going. Client Settings 1.     BranchCache and PeerCache. a.    First, create a new Custom Device Settings and check the box for “Client Cache Settings” and “Delivery Optimization”. b.       BranchCache . To enable BranchCache on clients, set “Configure BranchCache” and “Enable BranchCache” to Yes and set the “Maximum BranchCache cache size (percentage of disk)”. (Default is 10). c.        PeerCache . To make the client a SuperPeer (PeerCache Source), set “Enable as peer cache source” to “Yes”. Note: SuperPeers should be clients that are newer (faster), always on devices, that are hard wired, and have plenty of hard drive space. Note: Build a WQL query to create and maintain a collection of SuperPeers. I.E., CPU, memory, free space, etc....

If you are trying to decide what Products to include in your WSUS settings, this is the article for you.  ConfigMgr and WSUS currently have a dozen Windows 10 “products” listed but the descriptions are lacking. Windows 10 and Later Drivers:  These are drivers that will be offered to all builds of Windows 10 all the time, excluding upgrade scenarios (i.e., via Orchestrator, DSM, or Device Manager). They will not download during a Dynamic Update (i.e., Windows 10 upgrading itself from build 1511 to 1607).    They should only include KBs for the current Win10 version. . Windows 10 and Later Upgrade & Servicing Drivers:  These are drivers that are offered in all Win10 scenarios (i.e., via Orchestrator, DSM, Device Manager, or during DU). They may include some KBs later win10 version and enable current win10 version to upgrade. . Windows 10 Anniversary Update and Later Servicing Drivers:   These drivers apply only to Window...

Be sure to re-install the inbox apps if you want them to be translated on the first launch. See: https://www.powershellgallery.com/packages/Windows365LanguagesInstaller/1.0.0.2/Content/Windows365LanguagesInstaller.ps1 If using a Task Sequence, the following results in a machine that is fully translated on the first use (you don’t need to use both LP and LXP). Install LP: dism.exe /Image:%OSDTargetSystemDrive%\ /ScratchDir:%OSDTargetSystemDrive%\Windows\Temp /Add-Package /PackagePath:".\Microsoft-Windows-Client-Language-Pack_x64_%Language%.cab"  Install LXP: powershell.exe -executionpolicy bypass -command "Add-AppxProvisionedPackage -Path %OSDTargetSystemDrive%\ -PackagePath .\LanguageExperiencePack.%Language%.Neutral.appx" -LicensePath ".\License.xml" Install FoD: powershell.exe -executionpolicy bypass -command $cabs = Get-ChildItem -Filter "*.cab"; foreach ($cab in $cabs) { Add-WindowsPackage -PackagePath "$($cab.FullName)" -NoRestar...

When configuring an Windows Client and Server CI, be careful when choosing the OS that will assess the CI for compliance! Note that for Windows Server 2016 and Windows Server 2019 the phrasing says “and higher” after them. What this means is if you choose Windows Server 2016, the CI will apply to *both* Server 2016 *and* Server 2019 (even if you don’t choose “Windows Server 2019”)! As you can imagine, this can cause problems if you are wanting the CI to only apply to Server 2016! You can get around this by using the option “ Specify the version of Windows manually ”. However, that option does not appear if you choose “ This configuration item contains application settings ” under “ Windows Desktops and Servers (custom) ”. The only thing you can choose is “ This application runs only on computers that have 64-bit hardware ”. If you do not choose the "This configuration item contains application settings" you could then utilize a script to make sure it only appli...

Ran across some Windows 7 systems that were not getting updates. I started down the normal troubleshooting path by looking at various logs. The logs mostly looked good. However, the datatransferservice.log was lit up like a Christmas tree! The log was full of all kinds of HTTP errors but these two stood out: WINHTTP_CALLBACK_STATUS_SECURE_FAILURE WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR After researching a bunch of IIS sites including this one , I finally narrowed it down to something with TLS. Turns out they had disabled TLS 1.0 on the MP but the client (Windows 7 SP1) did not support TLS 1.2. In order for a Windows 7 client to support TLS 1.2, you have to upgrade .NET and apply KB3140245 . This patch appears to be standalone and not part of any other cumulative. It can be found in the Microsoft Catalog . After installing the patch and rebooting, the client was then able to communicate with the MP and get the patches it needed. Good luck!

Happy Monday, fellow ConfigMgr administrators! I ran across a pretty difficult Task Sequence last week that had me scratching my head. It involved a pretty complex Task Sequence that contained over 50 applications. The Task Sequence would fail within 5 seconds upon launch from the Software Center with an message of  “The software could not be found on any servers at this time.” No error code was given. I ended up removing all the apps from the TS and adding them back one at a time. Many of the applications had at least one supersedence, dependencies and dependency chaining. It turned out there was one particular superseded application that  was missing its content!! Yeah, that would do it. Unfortunately, ConfigMgr did not log what application or package ID had its content missing so it was a crap shoot trying to find it.  I really feel like there should have been a log somewhere that gave this information. This is the only log info...

Where the heck is the #($*@(*#$# panther logs? Logfile location Description $windows.~bt\Sources\Panther Log location before Setup can access the drive. $windows.~bt\Sources\Rollback Log location when Setup rolls back in the event of a fatal error. %WINDIR%\Panther Log location of Setup actions after disk configuration. %WINDIR%\Inf\Setupapi .log Used to log Plug and Play device installations. %WINDIR%\Memory.dmp Location of memory dump from bug checks. %WINDIR%\Minidump.dmp Location of log minidumps from bug checks. %WINDIR%\System32\Sysprep\Panther Location of Sysprep logs.

This one was a real head scratcher. After upgrading from Windows 7 to Windows 10 1809, you could not open the Start Menu. When you would click on it, nothing would happen. You could also not perform a search. I saw in the System event log: "The server Microsoft.Windows.ShellExperienceHost _10.0.17763.1_neutral_neutral_cw5n1h2txyewy! App did not register with DCOM within the required timeout." about every 30 seconds. I noticed the same thing with Cortana. and "The server Microsoft.Windows.Cortana _1.11.6.17763_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXfbn8w4s0jbk3tjevpcn9kaxerc6rby8k.mca did not register with DCOM within the required timeout." I captured a procmon trace and found: Both ShellExperienceHost.exe and SearchUI.exe exit with an error (-1073741790 which is Access Denied) as soon as they try to load sysfer.dll (part of Symantec Endpoint Protection). See https://support.symantec.com/us/en/article.TECH252314.html Evidently, sysf...

Office Customization Tool for Click-to-Run follows the Office 365 Support policy guidelines for Office 365 ProPlus Subscriptions. Agents and Engineers familiar with how to troubleshoot the manual creation of Configuration.xml for use with the Office Deployment Tool will easily be able to transfer that knowledge to this new tool. https://techcommunity.microsoft.com/t5/Office-365-Blog/Customizing-Office-365-ProPlus-using-the-Office-Customization/ba-p/141932

Extract only the .CAB file from the MSU (using WinRAR). In Windows 7 run iexpress.exe. Click Start and in the search box type "Iexpress.exe"                           Click Next on the “Welcome to IExpress 2.0” screen. Click Next on the “Package Purpose” Screen.   On the "Package Title" screen, name the package. I use the name of the CAB – i.e. :   Click Next on “Confirmation Prompt” & “License Agreement” screens. Click “Add” on the “Packaged Files” Screen and browse to the .CAB file you extracted earlier. Make note of the PATH where that .CAB file is located. You will need that. Click Next. On the “Install Program to Launch” screen you will put in the following string in the box next to "Install Program": dism.exe /online /add-package:”<PATH TO THE CAB>Windows6.1-KB2547244-x86.cab” /norestart Click Next. Click Next on the “Show Window”...