Yesterday I upgraded my ConfigMgr 2012 R2 lab to SP1 and encountered a small bit of trouble.  During the SP installation the Admin Console failed to uninstall; during installation the MSI performed an unexpected reboot.

Scenario

• The primary site server had recently been upgraded to CU5 for ConfigMgr 2012 R2 but had several reboots since.
• As far as I can remember the Admin Console was not running when the service pack installation began, nor any time during the installation.
• The Admin Console failed to uninstall during the service pack installation.
• After the service pack installation, a manual reboot was performed.
• The Admin Console was reinstalled via command line.  The MSI return code of 1641 was generated and MSI automatically rebooted the server.

Details

Below are some details captured from the installation logs.

in C:\ConfigMgrSetup.log

INFO: AdminConsole will be deinstalled first for upgrade – “E:\Program Files\Microsoft Configuration Manager\bin\I386\ConsoleSetup.exe”/uninstall /q.

ERROR: Configuration Manager console uninstallation failed. Check log file ConfigMgrAdminUISetup.log.

WARNING: Configuration Manager console installation failed. ConfigMgrAdminUI.log has further information.

in C:\ConfigMgrAdminUISetup.log

5/14/2015 2:46:55 PM   MSI: Another application has exclusive access to the file ‘E:\Program Files\Microsoft Configuration Manager\AdminConsole\AdminUILog\CMSitePSProvider.log’.  Please shut down all other applications, then click Retry.      

5/14/2015 2:46:55 PM   MSI: Action 14:46:55: Rollback. Rolling back action:

5/14/2015 2:46:55 PM   Installation failed with error code 1603

The server was manually restarted

The Admin Console installation was initiated via command line from an elevated PowerShell ISE session.

“E:\Program Files\Microsoft Configuration Manager\Tools\ConsoleSetup\ConsoleSetup.exe” /q TargetDir=”E:\Program Files\Microsoft Configuration Manager\AdminConsole” EnableSQM=0 DefaultSiteServerName=LAB-CM.lab.local

In ConfigMgrAdminUISetup.log

5/14/2015 3:28:56 PM   MSI: You must restart your system for the configuration changes made to System Center Configuration Manager Console to take effect. Click Yes to restart now or No if you plan to manually restart later.    

5/14/2015 3:28:56 PM   Installation succeeded. Windows Installer has initiated a reboot.       

*Notice that the time difference in the 2 log lines in <=1 second.  Also, no visible prompt was generated asking about a reboot.

In ConfigMgrAdminUISetupVerbose.log

MSI (s) (78:04) [15:28:56:261]: Windows Installer installed the product. Product Name: System Center Configuration Manager Console. Product Version: 5.00.8239.1000. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.

MSI (s) (78:04) [15:28:56:261]: Value of RebootAction property is

MSI (s) (78:04) [15:28:56:261]: Windows Installer requires a system restart. Product Name: System Center Configuration Manager Console. Product Version: 5.00.8239.1000. Product Language: 1033. Manufacturer: Microsoft Corporation. Type of System Restart: 1. Reason for Restart: 1.

MSI (s) (78:04) [15:28:56:261]: Closing MSIHANDLE (1) of type 790542 for thread 5124

MSI (s) (78:04) [15:28:56:261]: Deferring clean up of packages/files, if any exist

MSI (s) (78:04) [15:28:56:261]: MainEngineThread is returning 1641

MSI (s) (78:98) [15:28:56:261]: RESTART MANAGER: Session closed.

Hopefully no one else runs into this scenario.

A recent customer was having an issue using ConfigMgr (SCCM) to deploy Windows on their new HP ProLiant Gen9 servers.  Their existing hardware models and virtual machines worked fine, but the new HP Gen9 models were failing with the following error in SMSTS.log:

Failed to write volume id file to disk <drive letter>:. 80070013
Failed to convert protected paths to unqiue ID. Error code 0x80070013
Failed to reboot the system. Error 0x(80070013)
Failed to initialize a system reboot. The media is write protected. (Error: 80070013; Source: Windows)
Fatal error is returned in check for reboot request of the action (Setup Windows and ConfigMgr).   The media is write protected. (Error: 80070013; Source: Windows)
An error (0x80070013) is encountered in execution of the task sequence
Task Sequence Engine failed! Code: 80070013
Task sequence execution failed with error code 80070013

This error occurs after the OS Image is installed and just before the first reboot which causes the Task Sequence to fail.

This is very similar to the error experienced in SCCM 2007 for with Microsoft released hotfix KB2516580 to resolve.

You perform the restart computer step in a task sequence and the embedded device has a RAM disk or has a hard disk drive that has no free disk space

Failed to get unique id (0x80070001)]Failed to convert <drive letter> to unique volume id. Code : 0x80070001
Failed to convert protected paths to unqiue ID. Error code 0x80070001
Failed to reboot the system. Error 0x(80070001)
Failed to initialize a system reboot.

OR

Failed to reboot the system. Error 0x(80070070)
Failed to initialize a system reboot. There is not enough space on the disk. (Error: 80070070; Source: Windows)
Fatal error is returned in check for reboot request of the action (Disable Write Filter Action). There is not enough space on the disk. (Error: 80070070; Source: Windows)

The customer environment is ConfigMgr 2012 R2 CU3 so obviously the hotfix doesn’t apply.  However, pretty much the same scenario is in play.

Cause and Resolution

The root cause is the existence of the HP Virtual Install Disk (VID) which is read only.  While ConfigMgr should be able to handle the scenario, the easiest solution we found was to simply disable the VID.

Disabling the HP VID

To disable the HP VID, boot the server and press F9 to enter the BIOS/Platform Configuration (RBSU).  Then…

• on an HP ProLiant Gen8 server: Advanced Options -> Advanced System ROM Options -> Virtual Install Disk -> disable -> F10 to save -> Reboot
• on an HP ProLiant Gen9 server: System Options -> USB Options -> Virtual Install Disk -> disable -> F10 to save -> Reboot

When attempting to install the ConfigMgr / SCCM client on a few remote computers, the installation failed (more like stalled out) when ccmsetup.exe tried to download the full client binary files.  The download couldn’t complete and the following error was generated:

Failed to download files through BITS. Error: 0x80200013, Description The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.

I discovered that Microsoft KB922330 describes the issues and a workaround.

You may experience this problem if a computer is behind a firewall or behind a proxy server. This problem occurs if one of the following conditions is true:

-The proxy server environment does not support the HTTP 1.1 range request feature.

-You are behind a SonicWALL firewall device, and the Enable HTTP Byte-Range request with Gateway AV setting is not enabled for the device.

When you copy a file by using BITS in background mode, the file is copied in multiple small parts. To perform this kind of copy operation, BITS uses the HTTP 1.1 Content-Range header. If you are behind a proxy server or behind a firewall that removes this header, the file copy operation is unsuccessful.

Note When BITS copies files in foreground mode, BITS does not use this header.

Interesting… changing the BITS priority will work around the issue and it just so happens that we can control that in the ConfigMgr client installation. 

Running ccmsetup.exe /BITSPriority:FOREGROUND did work around the BITS error during client installation.  The client successfully installed and registered with the Primary site.

We could also manually copy all of the installer binary files locally and use the /SOURCE parameter as another alternative.

Success!… well, not so fast.

From an ongoing operations perspective not much was gained.  Although Client Settings allow controlling BITS throttling, it cannot control BITS priority.  About a year ago the question about controlling BITS priority from a ConfigMgr content distribution perspective was asked on the TechNet forums and the product team did confirm that it isn’t a current feature.

It looks like the firewall or proxy server will have to be kicked in the shins after all.

Follow-up

I stumbled on to an interesting post by the 2PintSoftware guys whom have been doing A LOT of great work with BITS and BranchCache recently.

If I set the BITS Throttling Rate in SCCM, does it apply to all downloads?

Oh no. That would be too simple. Remember that the client setting in SCCM is for Background transfers only. So if you make a deployment ‘Available’ as opposed to ‘Required’, then it will be a BITS Foreground transfer that is created and it will attempt to use whatever bandwidth it can get it’s grubby little hands on.

http://2pintsoftware.com/2psfaqs/bits-throttling

So it appears that ConfigMgr does know about BITS priorities beyond the ccmsetup.exe scope, but you still can’t change it.

I’ve been installing a few lab and production ConfigMgr environments recently and found a little quirk with the versioning to go along with the service pack madness / confusion of the 2012 SP2 / 2012 R2 SP1 release.  Here’s the scoop:

After installing ConfigMgr 2012 SP2 as a new / fresh install, how do you know if R2 is installed?  There are really only two ways I can find:

1. Launch the Configuration Manger Admin Console and check the about screen.  The console version will be 5.0.8239.1000 and the site version 5.00.8239.1000 for both SP2 / R2 SP1; however the product name will show “System Center 2012 R2 Configuration Manager SP1” or “System Center 2012 Configuration Manager SP2” to indicate the difference.
2. Review the 2012 R2 release notes (What’s New in System Center 2012 R2 Configuration Manager) and note the new features.  If these exist within the Admin Console on the connected site, then R2 is installed.  Probably the easiest check is in Software Library –> Operating Systems –> Virtual Hard Disks.  The VHD feature set is part of R2 and won’t exist in a non-R2 site.

Some additional details

Where can the R2 installer be download from?

• If installing ConfigMgr 2012 SP2 / 2012 R2 SP1 from evaluation media, you’ll easily notice that there are 2 files to download and install.  The small (1.1 mb) file is the “R2” installer / enabler.  Otherwise the code base is identical between the versions / editions.
• If installing from MVL media, the small “R2” installer may not exist for download.  I’ve only see 1 company’s MVL site and the file didn’t exist in any place we could think to look.  Installing “R2” from the evaluation file, SC2012_R2_SP1_ConfigMgr.exe, worked fine on multiple MVL installed sites.

When I installed R2, there were almost no indications of the change.

• The actual install, ConfigMgr2012R2SP1.msi did not generate a log file that I could find
• The Windows Application Event Log did show that “Product Name: Microsoft System Center Configuration manager. Product Version : 5.00.8239.1000 … Reconfiguration” succeeded, but notice that the name does not identify SP2 or R2 SP1.
• C:\ConfigMgrSetup.log was not changed
• C:\ConfigMgrAdminUISetup.log was not changed
• C:\ConfigMgrAdminUISetupVerbose.log was not changed
• I could see no entries in any ConfigMgr site logs that gave any reference to a change
• I could see no changes in the Windows Registry at HKLM\Software\Microsoft\SMS\*
• The site properties in the Admin Console showed no changes
• Re-running the R2 installation gave no indication that it was already installed
• Re-running the R2 installation (ConfigMgr2012R2SP1.msi) with verbose logging did create a log file but there was no indication that it was already installed
• Windows Programs and Features (Add / Remove Programs) did not change the product name

So much for clarity!

For a recent customer I was going through all of the requirements to implement DirectAccess.  One that I stumbled on a bit was that DirectAccess requires DFS-R replication but I wasn’t certain how to verify what replication type was in use.  After some digging, some assumptions, and some great tips from fellow Catapult Systems consultants, here’s the scoop.

Determine if FRS is being utilized by the Domain Controllers

Note: FRS is the abbreviated acronym for NTFRS.

Method 1

From an administrator Command Prompt on a domain controller run DfsrMig /GetMigrationState and DfsrMig /GetGlobalState

• A value of 0, 1, or 2 means the migration from FRS to DFS-R is in progress
• A value of 3 means the migration from FRS to DFS-R is complete (FRS is ELIMINATED)
• A return message of “DFSR migration has not yet initialized” means FRS is in use, not DFS-R

Method 2

From ADSI Edit or Active Directory Users and Computers with Advanced Features enabled,

navigate to <domain>\System

• if a container named DFSR-GlobalSettings exists, then DFS-R should be in use
• if a container named File Replication Service \ Domain System Volume (SYSVOL share) exists and contains Domain Controller objects, then FRS should be in use

navigate to <domain>\Domain Controllers\<Domain controller>\

• if a container named NTFRS Subscriptions exists, then FRS should be in use

Method 3

From a domain controller

• open Event Viewer \ Applications and Services Logs\ File Replication Service.  If there is recent activity then FRS should be in use.
• if <SYSVOL>\SYSVOL_DFSR\SYSVOL exists, then DFS-R should be in use.

Note: to find the <SYSVOL> share

• From a command prompt enter reg.exe query HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters and note the SysVol location
• From a command prompt enter dir %SystemRoot%\SYSVOL\SYSVOL and note the location of the <domain FQDN> directory junction which will be in [square brackets]
• From ADSI Edit or Active Directory Users and Computers, check the fRSRootPath attribute of the <domain>\Domain Controllers\<domain controller>\NTFRS Subscriptions\Domain System Volume (SYSVOL share) object

References

• http://seneej.com/2014/08/05/step-by-step-frs-to-dfsr-migration-guide-in-three-steps
• http://blogs.technet.com/b/filecab/archive/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol.aspx
• https://technet.microsoft.com/en-us/library/cc783812(v=ws.10).aspx

If you’ve ever wanted to report on ConfigMgr client IPAddress you know it can be a challenge.  ConfigMgr stores IP Address information in the v_GS_NETWORK_ADAPTER_CONFIGURAITON SQL view (and other places) but it is actually an array of both IPv4 and IPv6 addresses.  Generally, all we care about is the first IPv4 address.  With that in mind, here is some T-SQL code to return a Computer’s name, ResourceID, and IP Address properly by IP.

T-SQL

--Create an in-memory temp table with all desired data
--using only the leftmost IP address from the IPAddress array
CREATE TABLE #cmIPs(resourceID int not null, IPAddress0 varchar(15) NOT NULL, DNSHostName0 nvarchar(255));
INSERT INTO #cmIPs -- (resourceID, IPAddress0)
select ResourceID, IPAddress0, DNSHostName0 from v_GS_NETWORK_ADAPTER_CONFIGURATION
WHERE v_GS_NETWORK_ADAPTER_CONFIGURATION.IPEnabled0=1 and CHARINDEX(',',IPAddress0)=0
UNION
select ResourceID, Left(IPAddress0,CHARINDEX(',',IPAddress0)-1), DNSHostName0
from v_GS_NETWORK_ADAPTER_CONFIGURATION
WHERE v_GS_NETWORK_ADAPTER_CONFIGURATION.IPEnabled0=1 and CHARINDEX(',',IPAddress0)>0

--Use the Derived Tables solution from http://sqlmag.com/t-sql/sorting-ip-addresses to sort by IPv4 IPAddress
SELECT IPAddress0, DNSHostName0, ResourceID
FROM (SELECT *, CHARINDEX('.', IPAddress0, p2+1) AS p3
      FROM (SELECT *, CHARINDEX('.', IPAddress0, p1+1) AS p2
            FROM (SELECT IPAddress0, CHARINDEX('.', IPAddress0) AS p1, DNSHostName0, ResourceID
                  FROM #cmIPs) AS D1) AS D2) AS D3
ORDER BY
  CAST(SUBSTRING(IPAddress0, 1,      p1 - 1     ) AS tinyint),
  CAST(SUBSTRING(IPAddress0, p1 + 1, p2 - p1 - 1) AS tinyint),
  CAST(SUBSTRING(IPAddress0, p2 + 1, p3 - p2 - 1) AS tinyint),
  CAST(SUBSTRING(IPAddress0, p3 + 1, 3          ) AS tinyint);

Thanks to Itzik Ben-Gan of SQL Server Pro for the pseudo code.

Thanks Kehl Reto for the blog inspiration.

The synopsis: Using Windows 10/8.1 Enterprise media, Windows Pro can be upgraded to Enterprise edition while keeping installed apps, personal files, and settings.

The story: I ran into an interesting scenario where I needed to run Windows 8.1 Enterprise.  Pro just wouldn’t cut it because of the lack of support for BranchCache, DirectAccess, etc.  Keep in mind that I’m specifically referring to a technical solution and NOT a licensing solution to this challenge.  A valid license is still required.  After digging around the web I found 3 primary resources for the conversion or upgrade.

Change Windows 8 Pro to Enterprise

The TechNet forum thread (https://social.technet.microsoft.com/Forums/windows/en-US/305ac35b-9a14-4244-8e95-dd0b0c23b70a/change-windows-8-pro-to-enterprise?forum=w8itprogeneral) goes though a transformation part way down as new information became available.  There is also confusion by focusing on by licensing and technical aspects.  For the moment, ignore the thread.  After reading this post to the end, come back to the forum thread and re-read it with more/updated facts in mind.

Change the Windows Image to a Higher Edition Using DISM

The TechNet article (https://technet.microsoft.com/en-us/library/hh825049.aspx) applies to Windows 8/8.1 and Windows Server 2012/2012 R2.

Using the command below you can see what Editions of Windows the running computer can upgrade to.  You can then, theoretically, use another command to change the Edition.

DISM /online /Get-TargetEditions
DISM /online /Set-TargetEdition:<edition name>

This sounds great and may actually work in some scenarios, but not the one I needed.

Windows 8 and Windows 8.1 Upgrade Paths

The TechNet article (https://technet.microsoft.com/en-us/library/jj203353.aspx) applies to Windows 8/8.1.

Using media (ISO, USB drive) Windows 8/8.1 Pro can be upgraded to Windows 8/8.1 Enterprise, but the language is misleading.

Windows 8 (non-pro) can be upgraded to Windows 8.1 and you can keep Windows settings, personal files, and applications.

Windows 8/8.1 (non-pro) and Windows 8 Pro/Pro with Media Center can be upgraded to Windows 8.1 Pro and you can keep Windows settings, personal files, and applications.

Interestingly, the Pro to Enterprise section does not mention anything about keeping any settings, files, or apps.  The next section makes a note about not keeping settings, files and apps during a cross-language installation, then a table follows that shows several scenarios and what you can/can not keep.  Pro to Enterprise is not listed in the table.  Thus the implication is that during a Pro to Enterprise upgrade, you can’t keep any existing data or customizations.

As it turns out, this is just a lack of specificity in the article.  Upgrading Windows 8.1 Pro to Windows 8.1 Enterprise does give the option to keep settings, files, and apps… and it works.

Do remember, that this is an OS upgrade… the existing installation of Windows is moved to the Windows.old folder and a new installation of Windows is created.  Ensure you have a good 5+ GB of free space on the system drive (Drive C).

Windows 8.1 Pro upgrade to Enterprise.

Windows 8.1 Pro installed using the sample GVLK KMS key.  DISM shows that the only Edition which can be upgraded to is Pro with Media Center.

I installed a Windows App (Adobe Photoshop Express), 7-zip, created a WordPad document, and set Bing.com as my home page.

Running Windows Setup from a Windows 8.1 Enterprise ISO.

I get to keep my settings, personal files, and apps!

After a few reboots and logging in as my original admin account, we see that Windows is now Enterprise edition and there are no TargetEditions available.  The upgradation (yes, that is a real word) is complete!

We also see that the customizations I made were retained.

Lastly wee see the old Windows installation was backed up (renamed).

Success!

What about Windows 10

I haven’t duplicated the effort for Windows 10 yet, but I’m confident the same scenario is in play.

I can say that DISM will not change the edition of an online image (a running Windows computer).

However, the Windows Store can do that for at least some upgrade scenarios, although I’m 99.9% sure Enterprise edition will NOT work this way.

Happy upgrading!

When preparing a new Windows Server 2012 R2 system for a new ConfigMgr 2012 R2 site, I ran into an error installing the Windows ADK.  In this case it is version 10; however, I believe the same scenario would apply to 8.1 Update, 8.1, 8, etc.

The installation appears to be working, then performs a rollback with the following error:

Image path is [\??\C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys

Could not acquire privileges; GLE=0x514

Returning status 0x514

Additionally, after installation was successful, it was not possible to mount a WIM or create boot media in ConfigMgr.

Crating ConfigMgr or MDT Task Sequence Media fails with the error:

Error: 1313  A required privilege is not held by the client.  Refer to CreateTsMedia.log file to find more details.

CreateTSMedia.log file…

using CreateMedia.exe /K: boot … fails

The PowerShell cmdlet New-CMTaskSequenceMedia -BootableMedia … fails

Mounting a WIM with DISM fails

DISM.exe /Mount-Image /ImageFile: …

Error: 1313  A required privilege is not held by the client.

Solution

In my case the root cause was that a default permission was removed for the local Administrators group by a domain policy.  

By default, the User Right Assignment for “Back up files and directories” and “Restore files and directories” is held by the “Administrators, Backup Operators“.  But in this case the “Administrators” group had been removed and replaced by the “Domain Admins“. 

Since my account isn’t and shouldn’t be a domain admin, I simply added it to the local “Backup Operators” group, logged off, logged back on, and presto!  Success.

Workaround

If the User Right Assignment isn’t you issue, another solution, or rather workaround, is to run the installation as the SYSTEM account.

Getting to the workaround

Multiple other solutions were attempted before resorting to the SYSTEM account for installation including

• Run as Administrator
• Run a Command Prompt as Administrator then run ‘ADKsetup.exe‘
• multiple system reboots
• manually creating the folder structure and file
• manually running the ‘Windows Deployment Tools-x86_en-us.msi‘.  Strangely this succeeded; however, when re-running the ADKsetup.exe, the same failure occurred.
• manually running the ‘Windows System Image Manager on amd64-x86_en-us.msi‘.  Strangely this succeeded; however, when re-running the ADKsetup.exe, the same failure occurred.
• both the system drive (Drive C:) and a data drive (E:) were attempted
• disabling the antivirus / antimalware software (Sophos)

None of these made any difference.

Several forum posts were found with a resolution pointing to a blog that has since been taken down.  That solution required removing the computer from the domain.  This solution was not attempted.

Executing the workaround

There are a few ways to gain SYSTEM account access; however, I took the interactive route and used PSEXEC from Sysinternals.

From an elevated Command Prompt (Run as Administrator), run ‘PSEXEC.exe -s -d -i cmd.exe‘

A new Command Prompt will be generated.  run ‘whoami‘ to ensure you are running as SYSTEM, then run ‘adksetup.exe‘

Thanks to Adam for working through the issue with me.

Other instances and workarounds

There are a few instances of the same error documented in a few blogs and forum posts.  The options basically include ensuring you are running as an administrator (and with the administrator token), running as SYSTEM (as described in my workaround), or dis-joining the computer from the domain and running as admin.

• https://www.mail-archive.com/mssms@lists.myitforum.com/msg01084.html
• https://social.technet.microsoft.com/Forums/windows/en-US/69e39a57-9fd2-4b97-ae91-6abb2bb22741/adksetup-fails-on-windows-2012
• http://paulstather.blogspot.com/2013/12/windows-assessment-and-deployment-kit.html

In a new ConfigMgr 2012 R2 SP1 environment the Reporting Services point was proving a bit challenging to install.  After setting all of the required permission it was finally happy.

Required Permissions

On the SQL Server Reporting Services server, an account (in this case a domain user “functional” or “service” account) needed the following:

• Membership in the server’s local Administrators group
• SSRS Site Settings -> System Administrator, System User
• SSRS Folder Settings on the root folder -> Browser, Content Manager, My Reports, Publisher, Report Builder

Scenario Details

This ConfigMgr environment has a complex configuration with 3 different SQL servers in play.

• Server1: ConfigMgr Primary Site server
• Server2: server running SQL Server Database Engine role and configured as the ConfigMgr Site Database server
• Server3: server running SQL Server Reporting Services role
• Server4: server running SQL Server Database Engine role with only the ReportServer database

With Server1 (ConfigMgr) and Server2 (SQL DB) configured and most functionality working (software deployment, software update deployment, OS deployment, inventory, etc.) it was time to install Reporting Services point.  We created a new ConfigMgr Site Server for Server3 using a domain user account.  However, when attempting to install the Reporting Services point the following error was encountered:

• Unable to locate any configured SRS instances on the server.  Verify SRS is installed, accessible, and correctly configured.
• The “Reporting Services server instance” is blank.

We knew that SSRS was installed, configured, and working as there were two other applications already using the SRS instance in a production capacity.

We verified the domain user account could actually access the SSRS website from Server1 (the ConfigMgr server) and discovered

• the account was a member of the local Administrators group
• the account had System Administrator rights to the SSRS Site
• the account could not see any existing reports or report folders and the following message displayed: “User ‘<domain>\<userID>’ does not have required permissions.  Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.“

As the screen shot shows, UAC was actually disabled already.

Once the domain user account was given rights to the root folder, the Reporting Services point role could see the Reporting Services server instance the the role installed without issue.

After the role installed, ConfigMgr reset its own permissions to give the domain user account only “ConfigMgr Report Users, ConfigMgr report Administrators” roles.

Also, the logs for the Reporting Services point are on the SSRS server (Server3 in this case), and located at C:\SMS\logs

When the ConfigMgr Admin Console version 2012 SP2 (or 2012 R2 SP1) is installed and the ConfigMgr client is not updated on the same computer you could see an error like the one below.

statview.exe – System Error

The program can’t start because mfc12u.dll is missing from your computer. Try reinstalling the program to fix this problem.

StatView is the utility that displays ConfigMgr status messages and is typically initiated from the console by navigating to

• Monitoring \ Overview\ System Status \ Site Status
• OR Monitoring \ Overview\ System Status \ Status Message Queries

StatView.exe requires Microsoft Visual C++ and ConfigMgr 2012 SP2 now uses VC++ 2013 which is not installed as part of the Console.

To resolve the issue, install Microsoft Visual C++ 2013 Redistributable (x86) which can be found at \\PrimarySiteServer\SMS_<SiteCode>\client\i386\vcredist_x86.exe.  Notice that the x86 version is required even if you are running Windows x64.  This is because StatView is a 32-bit application.

This will install and register mfc12u.dll and other files which should resolve the issue.

You can verify the installation in Programs and Features (Add/Remove Programs) as shown below.

Microsoft Visual C++ Redistributable (x86)…

Problem. Solved.

I was recently taking a training course and the lab guide said “create some files in c:\stuff”.

Sure, I *could* use Windows Explorer or Command Prompt or even a PowerShell command to do this.  I guess the easiest way would be to use Windows Explorer, select a file, copy it (Ctrl+C), then paste it multiple times (Ctrl+V [repeat until your fingers are tired]).

But hey, I’m a geek and I like to script stuff (yes, for fun).  But I’m not stupid so I didn’t create a script from scratch.  Stéphane van Gulick, a PowerShell MVP, has a nice script at http://powershelldistrict.com/create-files/

However, I like to tinker and can’t leave good enough alone so I forked it and added some additional functionality.

I give you… Create-RandomFiles.ps1 with the following changes

• Added a Progress indicator
• files are created with different sizes
• TotalSize defaults to MB
• added optional name prefix
• added execution statistics
• replaced fsutil.exe with New-Object byte[]

Function Create-RandomFiles{
<#
.SYNOPSIS
	Generates a number of dumb files for a specific size.
 
.DESCRIPTION
	Generates a defined number of files until reaching a maximum size.
 
.PARAMETER TotalSize
	Specify the total size you would all the files combined should use on the harddrive.
	This parameter accepts the following size values (KB,MB,GB,TB).  MB is assumed if no designation is specified.
		200KB
		5MB
		3GB
		1TB
 
.PARAMETER NumberOfFiles
	Specify a number of files that need to be created. This can be used to generate 
	a big number of small files in order to simulate User backup specefic behaviour.
 
.PARAMETER FilesTypes
    This parameter is not mandatory, but the following choices are valid to generate files with the associated extensions:
        Multimedia : ".avi",".midi",".mov",".mp3",".mp4",".mpeg",".mpeg2",".mpeg3",".mpg",".ogg",".ram",".rm",".wma",".wmv"
		Image      : ".gif",".jpg",".jpeg",".png",".tif",".tiff",".bmp",".dib",".wmf",".emf",".emz",".svg",".svgz",".dwg",".dxf",".crw",".cr2",".raw",".eps",".ico",".pcx"
        Office     : ".pdf",".doc",".docx",".xls",".xlsx",".ppt",".pptx"
				     ".rtf",".txt",".csv",".xml",".mht",".mhtml",".htm",".html",".xps",".dot",".dotx",".docm",".dotm",".odt",".wps",".xlt",".xltx",".xlsm",".xlsb",".xltm",".xla",".ods",".pot",".potx",".pptm",".potm",".pps",".ppsx",".ppsm",".odp",".pub",".mpp",".vsd",".vsdx",".vsdm",".vdx",".vssx",".vssm",".vsx",".vstx",".vst",".vstm",".vsw",".vdw"
		Junk       : ".tmp",".temp",".lock"
		Archive    : ".zip",".7z",".rar",".cab",".iso",".001",".ex_"
		Script     : ".ps1",".vbs",".vbe",".cmd",".bat",".php",".hta",".ini",".inf",".reg",".asp",".sql",".vb",".js",".css",".kix",".au3"
	If Filestypes parameter is not set, by default, the script will create all types of files.
 
.PARAMETER Path
    Specify a path where the files should be generated.
 
.PARAMETER NamePrefix
    Optional.  Allows prepending text to the beginning of the generated file names so they can be easily found and sorted.
 
.PARAMETER WhatIf
    Permits to launch this script in "draft" mode. This means it will only show the results without really making generating the files.
 
.PARAMETER Verbose
    Allow to run the script in verbose mode for debbuging purposes.
 
.EXAMPLE
   .\Create-RandomFiles.ps1 -TotalSize 1GB -NumberOfFiles 123 -Path $env:Temp -FilesTypes 'Office' -NamePrefix '~'
 
   Generate in the user's temp folder 123 randomly named office files all beginning with "~" which total 1GB.
 
.EXAMPLE
   .\Create-RandomFiles.ps1 -TotalSize 50 -NumberOfFiles 42 -Path C:\Users\administrator\documents

   Generate in the adminstrator's documents folder 42 randomly named files which total 50MB.
 
.NOTES
    -Author: Stéphane van Gulick
    -Email : Svangulick@gmail.com
    -Version: 1.0
    -History:
        -Creation V0.1 : SVG
        -First final draft V0.5 : SVG
        -Corrected minor bugs V0.6 : SVG
        -Functionalized the script V0.8 : SVG
        -Simplified code V1.0 : SVG

    ===== Change History =====
	based on http://powershelldistrict.com/create-files/
    -Author: Chad Simmons
    -2015/12/04: added Write-Progress, files are created with different sizes, TotalSize defaults to MB, added name prefix, added execution statistics, replaced fsutil.exe with New-Object byte[], added additional filetypes
	
.LINK
    http://www.PowerShellDistrict.com
	http://blogs.CatapultSystems.com
#>
[cmdletbinding()]
param(
    [Parameter(mandatory=$true)]$NumberOfFiles,
    [Parameter(mandatory=$true)]$path,
    [Parameter(mandatory=$true)]$TotalSize,
    [Parameter(mandatory=$false)][validateSet("Multimedia","Image","Office","Junk","Archive","Script","all","")][String]$FilesType=$all,
    [Parameter(mandatory=$false)]$NamePrefix=""
)
 
begin{
    $StartTime = (get-date)
    $TimeSpan = New-TimeSpan -Start $StartTime -end $(Get-Date) #New-TimeSpan -seconds $(($(Get-Date)-$StartTime).TotalSeconds)
    $Progress=@{Activity = "Create Random Files..."; Status="Initializing..."}
    Write-verbose "Generating files"
    $AllCreatedFilles = @()
 
    function Create-FileName {
        [CmdletBinding(SupportsShouldProcess=$true)]
        param(
            [Parameter(mandatory=$false)][validateSet("Multimedia","Image","Office","Junk","Archive","Script","all","")][String]$FilesType=$all,
		    [Parameter(mandatory=$false)]$NamePrefix=""
		)
        begin {
			$AllExtensions = @()
			$MultimediaExtensions = ".avi",".midi",".mov",".mp3",".mp4",".mpeg",".mpeg2",".mpeg3",".mpg",".ogg",".ram",".rm",".wma",".wmv"
			$ImageExtensions      = ".gif",".jpg",".jpeg",".png",".tif",".tiff",".bmp",".dib",".wmf",".emf",".emz",".svg",".svgz",".dwg",".dxf",".crw",".cr2",".raw",".eps",".ico",".pcx"
			$OfficeExtensions     = ".pdf",".doc",".docx",".xls",".xlsx",".ppt",".pptx"
			$OfficeExtensions2    = ".rtf",".txt",".csv",".xml",".mht",".mhtml",".htm",".html",".xps", `
									".dot",".dotx",".docm",".dotm",".odt",".wps", `
									".xlt",".xltx",".xlsm",".xlsb",".xltm",".xla",".ods",`
									".pot",".potx",".pptm",".potm",".pps",".ppsx",".ppsm",".odp", `
									".pub",".mpp",".vsd",".vsdx",".vsdm",".vdx",".vssx",".vssm",".vsx",".vstx",".vst",".vstm",".vsw",".vdw"
			$OfficeExtensions    += $OfficeExtensions2
			$JunkExtensions       = ".tmp",".temp",".lock"
			$ArchiveExtensions    = ".zip",".7z",".rar",".cab",".iso",".001",".ex_"
			$ScriptExtensions     = ".ps1",".vbs",".vbe",".cmd",".bat",".php",".hta",".ini",".inf",".reg",".asp",".sql",".vb",".js",".css",".kix",".au3"
			$AllExtensions        = $MultimediaExtensions + $ImageExtensions + $OfficeExtensions + $JunkExtensions + $ArchiveExtensions + $ScriptExtensions
			$extension = $null
		}
        process{
			Write-Verbose "Creating file Name"
	 
			switch ($filesType) {
				"Multimedia" {$extension = $MultimediaExtensions | Get-Random}
				"Image"      {$extension = $ImageExtensions | Get-Random}
				"Office"     {$extension = $OfficeExtensions | Get-Random }
				"Junk"       {$extension = $JunkExtensions | Get-Random}
				"Archive"    {$extension = $ArchiveExtensions | Get-Random}
				"Script"     {$extension = $ScriptExtensions | Get-Random}
				default      {$extension = $AllExtensions | Get-Random }
			}
			Get-Verb | Select-Object verb | Get-Random -Count 2 | %{$Name+= $_.verb}
			$FullName = $NamePrefix + $name + $extension
			Write-Verbose "File name created : $FullName"
			Write-Progress @Progress -CurrentOperation "Created file Name : $FullName"
        }
        end {
			return $FullName
        }
    }
}
#----------------Process-----------------------------------------------
 
process {
	If ($TotalSize -match '^\d+$') { [string]$TotalSize += "MB" } #if TotalSize isNumeric (did not contain a byte designation, assume MB
    $Progress.Status="Creating $NumberOfFiles files totalling $TotalSize"
    Write-Progress @Progress
 
    Write-Verbose "Total Size is $TotalSize"
    $FileSize = $TotalSize / $NumberOfFiles
    $FileSize = [Math]::Round($FileSize, 0)
    Write-Verbose "Average file size of $FileSize"
    $FileSizeOffset = [Math]::Round($FileSize/$NumberOfFiles, 0)
    Write-Verbose "file size offset of $FileSizeOffset"
    $FileSize = $FileSizeOffset*$NumberOfFiles/2
    Write-Verbose "Beginning file size of $FileSize"
 
    while ($FileNumber -lt $NumberOfFiles) {
        $FileNumber++
        If ($FileNumber -eq $NumberOfFiles) { 
            $FileSize = $TotalSize - $TotalFileSize
            Write-Verbose "Setting last file to size $FileSize"
        }
        $TotalFileSize = $TotalFileSize + $FileSize
        $FileName = Create-FileName -filesType $filesType
        Write-Verbose "Creating : $FileName of $FileSize"
        $Progress.Status="Creating $NumberOfFiles files totalling $TotalSize.  Run time $(New-TimeSpan -Start $StartTime -end $(Get-Date))"
        Write-Progress @Progress -CurrentOperation "Creating file $FileNumber of $NumberOfFiles : $FileName is $FileSize bytes." -PercentComplete ($FileNumber/$NumberOfFiles*100)

        $FullPath = Join-Path $path -ChildPath $FileName
#        Write-Verbose "Generating file : $FullPath of $Filesize"
        try{
            #fsutil.exe file createnew $FullPath $FileSize | Out-Null
            $buffer=New-Object byte[] $FileSize  #http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/09/hey-scripting-guy-how-can-i-use-windows-powershell-2-0-to-create-a-text-file-of-a-specific-size.aspx
            $fi=[io.file]::Create($FullPath)
            $fi.Write($buffer,0,$buffer.length)
            $fi.Close()
		}
        catch{
            $_
        }
 
        $FileCreated = ""
        $Properties = @{'FullPath'=$FullPath;'Size'=$FileSize}
		$FileCreated = New-Object -TypeName psobject -Property $properties
        $AllCreatedFilles += $FileCreated
        Write-verbose "$($AllCreatedFilles) created $($FileCreated)"
        Write-Progress @Progress -CurrentOperation "Creating file $FileNumber of $NumberofFiles : $FileName is $FileSize bytes.  Done." -PercentComplete ($FileNumber/$NumberOfFiles*100)

   		$FileSize = ([Math]::Round($FileSize, 0)) + $FileSizeOffset
    }
}
end{
    Write-Output $AllCreatedFilles
    Write-Output "Start     time: $StartTime"
    Write-Output "Execution time: $(New-TimeSpan -Start $StartTime -end $(Get-Date))" #http://blogs.technet.com/b/heyscriptingguy/archive/2013/03/15/use-powershell-and-conditional-formatting-to-format-time-spans.aspx
}
}

 Enjoy!

Ok, so that’s a bit misleading.  The actual issue is that ConfigMgr’s detection routine for some virtual machines is broken.  This apparently started around May 2014 but I noticed it for the first time on a new ConfigMgr v1511 installation.

Nicolas Pilon of System Center Dudes has a great technical write up on the issue: Is_Virtual_Machine in v_R_System is not showing properly with a virtual machine under VMWare ESXI 5.1 https://www.systemcenterdudes.com/is_virtual_machine-in-v_r_system-is-not-showing-properly-with-a-virtual-machine-under-vmware-esxi-5-1/

He also posted a bug on Microsoft Connect which needs to be up-voted by more people to get any attention from Microsoft: Is_Virtual_Machine in v_R_System is not showing properly with a virtual machine under VMWare ESXI 5.1 https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/878316/is-virtual-machine-in-v-r-system-is-not-showing-properly-with-a-virtual-machine-under-vmware-esxi-5-1

The purpose of this blog is to provide a workaround until there is a patch.

ConfigMgr Queries

Systems | Virtual

select distinct SMS_R_System.Name, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client, SMS_G_System_SYSTEM_ENCLOSURE.ChassisTypes, SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model, SMS_G_System_COMPUTER_SYSTEM_PRODUCT.Version, SMS_G_System_WORKSTATION_STATUS.LastHardwareScan, SMS_R_System.ResourceType, SMS_R_System.ResourceId, SMS_R_System.IsVirtualMachine from  SMS_R_System left join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId left join SMS_G_System_COMPUTER_SYSTEM_PRODUCT on SMS_G_System_COMPUTER_SYSTEM_PRODUCT.ResourceID = SMS_R_System.ResourceId left join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId left join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.IsVirtualMachine = "True" or SMS_G_System_COMPUTER_SYSTEM.Model like "%virtual%"

Systems | Physical

select distinct SMS_R_System.Name, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client, SMS_G_System_SYSTEM_ENCLOSURE.ChassisTypes, SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model, SMS_G_System_COMPUTER_SYSTEM_PRODUCT.Version, SMS_G_System_WORKSTATION_STATUS.LastHardwareScan, SMS_R_System.ResourceType, SMS_R_System.ResourceId, SMS_R_System.IsVirtualMachine from  SMS_R_System left join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId left join SMS_G_System_COMPUTER_SYSTEM_PRODUCT on SMS_G_System_COMPUTER_SYSTEM_PRODUCT.ResourceID = SMS_R_System.ResourceId left join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId left join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.IsVirtualMachine = "False" and SMS_G_System_COMPUTER_SYSTEM.Model not like "%virtual%"

ConfigMgr Collections

Note: A hardware inventory must be performed to gather the required data to determine if a system is physical or virtual.

Systems | Virtual

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.IsVirtualMachine = "True" or SMS_G_System_COMPUTER_SYSTEM.Model like "%virtual%"

Systems | Physical

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.IsVirtualMachine = "False" and SMS_G_System_COMPUTER_SYSTEM.Model not like "%virtual%"

ConfigMgr Report

A SSRS Report can be found on my public OneDrve at https://onedrive.live.com/redir?resid=E3B0C73435A2F778%212827 / Computers by Hardware Type and Model.rdl.

Enjoy!

At a recent client engagement we discovered that Microsoft SQL Server Enterprise edition was installed on the ConfigMgr Primary Site Server.  Technically this is not a problem, but it is only needed if you expect to have more than 50,000 clients*.  As this environment wasn’t anywhere close to the limit so there was no need to pay the extra licensing cost of Enterprise edition (Standard edition comes with the ConfigMgr licenses).

These steps are largely based on the Jonathan Kehayias approach as documented by Brady Upton at MSSQLTips.

Steps for SQL Enterprise to Standard downgrade

• On each database verify that no Enterprise features are utilized (SELECT * FROM sys.dm_db_persisted_sku_features)

select 'Master' as [Database], * from [master].[sys].[dm_db_persisted_sku_features]
select 'Model' as [Database], * from Model.[sys].[dm_db_persisted_sku_features]
select 'msdb' as [Database], * from msdb.[sys].[dm_db_persisted_sku_features]
select 'tempdb' as [Database], * from tempdb.[sys].[dm_db_persisted_sku_features]
select 'CM_P01' as [Database], * from CM_P01.[sys].[dm_db_persisted_sku_features]
select 'SUSDB' as [Database], * from SUSDB.[sys].[dm_db_persisted_sku_features]
select 'ReportServer' as [Database], * from ReportServer.[sys].[dm_db_persisted_sku_features]
select 'ReportServerTempDB' as [Database], * from ReportServerTempDB.[sys].[dm_db_persisted_sku_features]

• Document databases, security, maintenance plans, and jobs
• Verify the SQL version number and ensure install files are available (SELECT @@VERSION)
• Stop and disable backup software
• Stop ConfigMgr, IIS, and Windows Update services (set to disabled if desired)
• Backup databases (system and user)
• Stop SQL services
• Copy the master, model and msdb database files (.mdf and .ldf) to another location
• Uninstall SQL Enterprise instance (all features)
  • The Shared tools do not have to be uninstalled; however, if they are not then reporting the SQL edition in the future will be confusing
• Reboot
• Install new SQL Standard instance as required by ConfigMgr being sure to keep the same instance name and file/folder paths.
  • Review the Required and Optional configurations for SQL server (64-bit, SQL_Latin1_General_CP1_CI_AS, Database Engine, Windows Authentication, min/max Memory, nested triggers, CLR integration, static TCP ports, etc.)
  • If the original SQL ConfigurationFile.ini is still around, installing based on this file can make all of the configurations fool proof.
• Patch SQL to the same version as before
• Verify the SQL version and edition (SELECT @@VERSION)
• Stop SQL Server and copy/restore the system databases
• Configure Trace flags (see section below)
• Start SQL server and verify databases, security, and jobs are as before
  • If login fails, use PSEXEC to start SQL Management Studio as the SYSTEM account, then recreate any SQL Logins needed
• Enable common language runtime (CLR) integration (sp_configure ‘clr enabled’,1; reconfigure)
• Enable and start IIS, and Windows Update services… verify WSUS is working
• Enable and start ConfigMgr services
• Verify event Viewer and ConfigMgr logs and monitoring to ensure ConfigMgr is healthy
• Re-enable and start backup software

SQL Trace Flags

Using this method is simple and easy, but there is one additional thing to keep in mind… SQL Trace flags (thanks Allen for pointing this out).  When installing SQL, trace flags are not enabled / added by default; this is taken care of by the ConfigMgr installation.  Since we are not doing a ConfigMgr installation or a site reset, etc. these options need to be added manually.

• Open SQL Server Configuration Manager
• Navigate to SQL Server Services -> SQL Server… -> Properties
• Add “-T8295”
• Add “-T4199”
• Apply, stand on one foot, OK, Close

Executing DBCC TRACEON (4199,-1) and DBCC TRACEON (8295,-1) in SQL Server Management Studio will enable these flags as seen by executing DBCC TRACESTATUS (-1).  However, this only affects the current session and they need to be added as startup flags.

SQL and ConfigMgr References

• Downgrade from SQL Server Enterprise Edition to Standard Edition @ https://www.mssqltips.com/sqlservertip/3079/downgrade-from-sql-server-enterprise-edition-to-standard-edition/
• Supported operating systems for sites and clients for System Center Configuration Manager @ https://technet.microsoft.com/en-us/library/mt589738.aspx#bkmk_ClientNumbers
• Support for SQL Server versions for System Center Configuration Manager @ https://technet.microsoft.com/en-us/library/mt589592.aspx
• SQL Server for ConfigMgr 2012, eBook and Top 10 Database Issues@  http://blogs.technet.com/b/smartinez/archive/2013/03/06/sql-for-configmgr-2012.aspx
• SQL Trace Flags and ConfigMgr @ http://blogs.technet.com/b/smartinez/archive/2014/04/25/sql-trace-flags-and-configmgr.aspx
• Microsoft KB974006 @ https://support.microsoft.com/en-us/kb/974006

Additional / Related References

• How to Move databases for SCCM 2012 @ http://smsimpossible.blogspot.com/2012/09/how-to-move-databases-for-sccm-2012.html
• How to Move the Site Database @ https://technet.microsoft.com/en-us/library/bb680707.aspx
• Move the site database in SCCM 2007 R2 @ http://blogs.technet.com/b/sudheesn/archive/2010/11/08/move-the-site-database-in-sccm-2007-r2.aspx
• ConfigMgr 2007: How to move the Site Database @ http://blogs.technet.com/configurationmgr/archive/2010/01/28/configmgr-2007-how-to-move-the-site-database.aspx 
• Moving the Report Server Databases to Another Computer @ https://msdn.microsoft.com/en-us/library/ms156421%28v=sql.110%29.aspx 
• Migrate a Reporting Services Installation (Native Mode) @ https://technet.microsoft.com/en-us/library/ms143724%28v=sql.110%29.aspx 
• Backup and Restore Operations for Reporting Services @ https://technet.microsoft.com/en-us/library/ms155814%28v=sql.110%29.aspx
• How to move a 2005 Reporting Services database from a computer that is running Reporting Services to another computer @ https://support.microsoft.com/en-us/kb/842425 
• SQL Server Upgrade for the Site Database Server @ https://technet.microsoft.com/en-us/library/gg682077.aspx?#BKMK_SupConfigUpgradeDBSrv

So, you’ve been denied!  It’s OK.  It happens to the best of us.

If you are lucky enough be gifted with this message take a look at the NTFS rights of the SQL Server Reporting Services instance which will likely be a folder like C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services.  Granting the appropriate AD group read & execute rights may solve the problem.

Server Error in '/Reports' Application.

Access is denied.

Description: An error occurred while accessing the resources required to serve this request.  You might not have permission to view the requested resources.

Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists).  Ask the Web server's administrator to give you access.

Thanks to Mike and Jerry for pointing me in the right direction.  After carefully reading the error, it is quite obvious isn’t it.

http://stackoverflow.com/questions/17685452/ssrs-401-3-error-access-denied-due-to-access-control-lists

https://social.msdn.microsoft.com/Forums/sqlserver/en-US/747f9846-dd9a-4fb4-914a-283871d6cedf/client-failing-to-access-the-ssrs-2008-sp1-report-manager-url-with-access-denied-error-4013?forum=sqlreportingservices

https://social.msdn.microsoft.com/Forums/sqlserver/en-US/fd41a86b-976f-4851-8dae-5561ebc6d719/browse-reportserver-return-4013-error-after-joined-domain?forum=sqlreportingservices

Awhile back I had an issue distributing a new Package in ConfigMgr (SCCM).  There didn’t seem to be anything unique about the package, it just didn’t want to process.  Digging into the SMS Distribution Manager log (distmgr.log), I noticed a number of errors about the file not being found, couldn’t be added, can’t create a snapshot,etc.  The IRdcLibrary keyword is the real clue.

After reinstalling the Windows feature Remote Differential Compression, Distribution Manager started working again.

Start adding package P010017D...
The Package Action is 2, the Update Mask is 268435456 and UpdateMaskEx is 0.
CDistributionSrcSQL::UpdateAvailableVersion PackageID=P010017D, Version=1, Status=2300
Taking package snapshot for package P010017D from source \\CM01\PackageSource\updates\2016
failed to create instance of IRdcLibrary    SMS_DISTRIBUTION_MANAGER
CreateRdcSignature failed; 0x80040154   SMS_DISTRIBUTION_MANAGER
CreateSignature failed    SMS_DISTRIBUTION_MANAGER
CreateRdcFileSignatureW failed; 0x80040154        SMS_DISTRIBUTION_MANAGER
CFileLibrary::AddFile failed; 0x80040154  SMS_DISTRIBUTION_MANAGER
CFileLibrary::AddFile failed; 0x80040154  SMS_DISTRIBUTION_MANAGER
CContentDefinition::AddFile failed; 0x80040154   SMS_DISTRIBUTION_MANAGER
Failed to add the file. Please check if this file exists. Error 0x80040154               SMS_DISTRIBUTION_MANAGER
SnapshotPackage() failed. Error = 0x80040154      SMS_DISTRIBUTION_MANAGER
STATMSG: ID=2361 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=CM01.ad.contoso.com SITE=P01 PID=6244 TID=4488 GMTDATE=Fri Apr 15 14:06:24.604 2016 ISTR0="\\CM01\PackageSource\updates\2016" ISTR1="Test" ISTR2="P010017D" ISTR3="30" ISTR4="22" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="P010017D"         SMS_DISTRIBUTION_MANAGER  4/15/2016 9:06:24 AM    4488 (0x1188)
Failed to take snapshot of package P010017D       SMS_DISTRIBUTION_MANAGER
CDistributionSrcSQL::UpdateAvailableVersion PackageID=P010017D, Version=1, Status=2302
STATMSG: ID=2302 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=CM01.ad.contoso.com SITE=P01 PID=6244 TID=4488 GMTDATE=Fri Apr 15 14:06:24.616 2016 ISTR0="Test" ISTR1="P010017D" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="P010017D"         SMS_DISTRIBUTION_MANAGER  4/15/2016 9:06:24 AM    4488 (0x1188)
Failed to process package P010017D after 3 retries, will retry 22 more times
Exiting package processing thread.            SMS_DISTRIBUTION_MANAGER

I was helping out a fellow consultant with some less-than-obvious T-SQL for some custom reporting recently.  One of the needs was to get the Last Logon time for an Active Directory user.

ConfigMgr Active Directory User Discovery was pulling in the correct attributes, but we hit a snag in getting a good report of the user data.  The same issue would apply to an AD computer object; this is not user specific.

There are a hundred places around the web that have posted the formula to calculate a SQL datetime from and Active Directory timestamp.  This is an example:

Cast((lastLogon0 / 864000000000.0 - 109207) AS DATETIME) as [LastLogon]

We were using this code but SQL was still throwing the error

Arithmetic overflow error converting expression to data type datetime.

Apologies for the poor image.

Hmm… interesting.  We found some internet chatter about the SQL datatype in our table possibly being a string (varchar / nvarchar); however, we confirmed that ConfigMgr created the columns as bigint, so there was no need to cast the string as a numeric data type of any sort.

I started digging into the data and eventually ended up with this query to test the value ranges:

Select count(*) from v_R_User where lastLogon0 is NULL --determine if any NULLs exist
Select Min(lastLogon0), Max(lastLogon0) from v_R_User where lastLogon0 is NOT NULL --determine the lowest and highest values that are not NULL

The result confirmed a suspicion that NULLs may have been the root cause.  But another value popped up which I had not expected.  The Min(lastLogon0) was 0 (zero).  That would definitely cause an arithmetic problem since we are doing some division then subtraction.  The result would be a negative date.  Hmm.. I don’t think we can have a logon timestamp during BC (i.e. Before Christ).

I tweaked the value test query to filter out zeros just like NULLs

Select count(*) from v_R_User where lastLogon0 is NULL
Select Min(lastLogon0), Max(lastLogon0) from v_R_User lastLogon0 is NOT NULL and lastLogon0 > 0

Now the Min and Max had acceptable values of really big numbers.

Putting it all together, we ended up with a Case statement for each datetime value that needed conversion.  The statement handles both the NULL and 0 exception cases in addition to the expected time values.  We substituted January 1, 1980 for the invalid values, but any other date could be used.

Select SD.AD_Site_Name0 [AD Site]
, SD.User_Name0 [User ID]
, USR.Full_User_Name0 [User Full Name]
, SD.Full_Domain_Name0 [User FQDN]
, [User Last Logon] = Case
      When USR.lastLogon0 IS NULL Then '1/1/1980'
      When USR.lastLogon0 = 0 Then '1/1/1980'
      Else Cast((USR.lastLogon0 / 864000000000.0 - 109207) AS DATETIME)
      End
, [User Last Logon Time Stamp] = Case
      When USR.lastLogonTimestamp0 IS NULL Then '1/1/1980'
      When USR.lastLogonTimestamp0 = 0 Then '1/1/1980'
      Else Cast((USR.lastLogonTimestamp0 / 864000000000.0 - 109207) AS DATETIME)
      End
, USR.employeeID0 [Employee ID]
, USR.Mail0 [Email]
from v_R_System AS SD 
inner join v_FullCollectionMembership FCM on SD.ResourceID = FCM.ResourceID 
inner join v_Collection COL on FCM.CollectionID = COL.CollectionID 
inner join v_R_User USR on SD.User_Name0 = USR.User_Name0  
where COL.Name = 'All Systems'
order by USR.Full_User_Name0

At one time it became routine to manage Windows local account passwords with a Group Policy Preference.  However, some time ago the process was was discovered to have a significant venerability and Microsoft released security bulletin MS14-025 to address the issue.  But Microsoft didn’t fix the vulnerability.  Instead they removed the ability for GPP to save user names and passwords in Local Users and Groups, Drive Maps, Scheduled Tasks, Services, and Data Sources.

There are many options to handle managing local account passwords including:

• MS14-025 includes a lengthy PowerShell script which will reach-out to remote computers to change the password and log the change in a central text file
• Microsoft Local Administrator Password Solution (LAPS) is a great free solution which should be seriously considered
• ConfigMgr (SCCM / Microsoft System Center Configuration Manager) deployment
• a dozen other options not listed here

While discussing the ConfigMgr options with a few colleagues we came up with the following:

• Application or Package deployment with a script which has an embedded password or uses a password formula / calculation
• A Compliance Setting and Baseline with a script a script which has an embedded password or uses a password formula / calculation
• A Task Sequence deployment with a script which has an embedded password

I’ve created a Compliance Setting and Baseline for a customer in a situation where they had ConfigMgr clients on workgroups and joined to domains which they could not manage.  This worked really well for them.  The embedded script used a simple Base64 conversion to obfuscate the password and the password was not exposed on the command line, but there was no actual encryption.

Turning to the Task Sequence discussion option, a suggestion was made to call NET USER from a Run Command action.  This sounded easy.  Too easy.  Besides, wouldn’t the command including the password be exposed in SMSTS.log?  Not if a “Secret Value” Task Sequence Variable is used!

Follow these steps in configuring a Task Sequence:

Set a Task Sequence Variable named ADMPW or similar, enter the clear text value, then enable the “Secret value” check box.

Select OK to save/close the variable properties, then look at it again and notice that the value is quite different than what you’ve typed.  It’s encrypted!

Now, call the NET USER command line with the variable

NET USER administrator %ADMPW%

Reviewing the SMSTS.log helps validate that the password is not exposed.

The log only shows “Action command line: smsswd.exe /run: net user administrator %ADMPW%”

The ConfigMgr Task Sequence using a “Secret Value” Variable can be an effective method of changing local account password.

I recently had a nasty issue with my seriously awesome laptop (Lenovo ThinkPad P50 with a Samsung 950 Pro NVMe n.2 SSD).  After a full shutdown (hold Shift when shutting down Windows 10) on the next power on I got a BitLocker recovery prompt.

That’s happened before, so I just powered off and back on like I’ve always done.  However, this time I was greeted with a foreboding BCD error:

Recovery.  Your PC/Device needs to be repaired.  The Boot Configuration Data files is missing some required information
File: \BCD
Error code: 0xc000000d
You'll need to use recovery tools.  If you don't have any installation media (like a disc of USB device), contact your PC administrator or PC/Device manufacturer.
Press Esc for UEIF Firmware Settings

I pulled out my handy-dandy USB drive that just happened to still be configured as boot media for Windows 10 v1511 and used the F12 boot selection to boot to it.  When prompted to install Windows, instead I typed Shift+F10 to get a command prompt.

I ran the following commands to confirm that the SSD did still exist.

DiskPart
List Drive
List Volume

All seemed fine there.

Time to rebuild the BCD… so I ran the following to scan for the instance of Windows

BootRec /ScanOS

Hmm… no Windows OS found.  Ah, BitLocker is enabled.  Of course BootRec can find anything.  Let’s unlock the drive with the following commands:

Manage-BDE -status
Manage-BDE -unlock <drive letter> -RecoveryPassword <long number that I had saved on a non-encrypted drive on another device>

Great!  Let’s try BootRec again:

BootRec /ScanOS
- found 1 instance
BootRec /FixMBR
BootRec /FixBoot
BootRec /RepairBCD

Time to see if it worked… reboot… success!  Windows loaded right up.  Awesome, I’m back in business.

I decided to suspend BitLocker on my Windows partition for now just to be safe.  I’ll re-enable it after I’m sure everything is working.

Now let’s get back to work… booting up my ConfigMgr lab…

Doh!  The VM guest failed to start because the hypervisor is not running.

Checking Services confirmed that the HV Host Service was stopped but still set to Automatic.  Attempting to start the service threw another error:

Windows could not start the HV Host Service service on Local Computer.  Error 31: A device attached to the system is not functioning.

That’s right… I destroyed the Hypervisor configuration in BCD.  Let’s go fix that:

BCDedit
BCDedit /Set {current} hypervisorlaunchtype auto

P.S.  PowerShell doesn’t like the ‘{current}’ syntax so I used a standard Administrative Command Prompt

BCD configuration before and after the change:

The home stretch…

Reboot again and Hyper-V is now running my VM lab!  Whew.  That’s wasn’t much fun!

Thanks to a few blogs and forum posts that helped out a ton.

http://www.sevenforums.com/hardware-devices/82226-boot-bcd-0xc000000d-unreadable-boot-configuration-data.html

https://blogs.msdn.microsoft.com/virtual_pc_guy/2010/01/19/hyper-v-virtual-machines-do-not-start-after-using-startup-repair/

http://blogs.interfacett.com/enabling-hypervisor-auto-start-boot-configuration-database-bcd

http://superuser.com/questions/858259/hyper-v-reports-that-the-hypervisor-is-not-running-how-to-start-the-hypervisor

Recently when attempting to perform an Azure AD Join with a Windows 10 v1511 computer I got the following error:

Something went wrong.  The device is already enrolled.  You can contact your system administrator with the error code 8018000a.

That didn’t make sense because I had recently disjoined the computer from Azure AD.  I could find no reference to the object in the Azure portal either.

A Bingoogle search yielded only one relevant result… the ConfigMgr client is installed.

https://osddeployment.wordpress.com/2016/02/27/azure-ad-join-error-code-8018000a by Per Larsen [MVP].

I knew this wasn’t the case.  So… read the error again.  “the device is already enrolled”.  Checking Settings -> Accounts -> Work Access revealed the obvious: the computer was still being managed via OMA-DM (Intune), but associated with a different user.

Ok.  Log off, then back on as the other administrator account.

Navigate back to Work Access and sure enough, the MDM enrollment was there.  Un-enroll and bingo, Azure AD Join worked!

When attempting to join Azure AD you are presented with the message “contact your system administrator with the error code 80180026”

Something went wrong.  Confirm you are using the correct sign-in information and that your organization uses this feature.  You can try to do this again or contact your system administrator with the error code 80180026.  Try again.

This message persisted after numerous attempts to perform the Azure AD Join and numerous reboots.

After failing to find ANY reference to the error code online, I started digging into Azure AD and Microsoft Intune.  The computer had been reimaged a few times and I found 3 records of the computer (more specifically, the computer name) in Intune by navigating to the console -> Groups -> All Devices -> sort by Name.

Selecting all of the instances, then right-clicking and selecting Retire/Wipe, then Selectively wipe the device, seemed to do the trick.  After a few minutes I was able to delete the orphaned devices in Intune, then a few minutes later I was able to successfully join Azure AD and the computer was automatically re-enrolled in Intune (Windows 10 MDM).