All about Microsoft Intune – Page 62 – Peter blogs about Microsoft Intune, Microsoft Intune Suite, Windows Autopilot, Configuration Manager and more

Prepare ConfigMgr Client for Capture doesn’t remove the AllowedRootCAHashCode value

October 12, 2015July 21, 2009 by Peter van der Woude

In the most situations it doesn’t matter that the AllowedRootCAHashCode value doesn’t get removed during a Capture of the client, but there is one situation where it does matter. This one situation is when there has to be one image for multiple domains and every domain has its own issuing CA’s. This situation is a problem because the client stores a copy of the Root Certificate in the AllowedRootCAHashCode key. Because it contains the wrong value for the Root Certificate the client isn’t able to get a new Site Signing Certificate (which is also stored in the registry), so the client isn’t able to check the policies. As workaround for this I created a Task Sequence step (in the install Task Sequence) to delete the …

Active Directory Site Boundaries are “static”

October 12, 2015July 19, 2009 by Peter van der Woude

Active Directory sites are the easiest way of defining ConfigMgr site boundaries, because they are based on physical segments. BUT besides that, you have to keep in mind that they are also static in two different ways: All the different subnets have to be manually included and configured in the Active Directory sites. Once an Active Directory Site Name is selected as an ConfigMgr Site Boundary, ConfigMgr will check on the selected Site Name. Even when you rename the Active Directory site! For more information about site boundaries: http://technet.microsoft.com/en-us/library/bb633084.aspx

How a client chooses a Distribution Point

October 12, 2015July 15, 2009 by Peter van der Woude

Lately I get and see a lot of situations like this… Question: I created an extra Distribution Point (DP) on a remote location, but the clients on the remote location are still connecting to the standard DP. Why are these clients not connecting to their local DP? Answer: When there are more DP’s in the same site and/or boundary, by default, the client will first connect to the DP with BITS enabled and not the closest one. If you want the clients to connect to their local DP, you have to make the DP protected. …So I thought it might be handy to write in a few short steps how this process works. Step From Action 1 Client Sends a content location request to its …

Certificates needed for Native Mode

October 12, 2015July 13, 2009 by Peter van der Woude

The biggest problem, for me, with Native Mode were all the certificates that were needed. That’s why I created an table for myself with the basic certificates that are needed for Native Mode and where to add them. The “Where to add” column is based on Windows Server 2008. ConfigMgr Component Use Where to add Primary Site Server Document Signing ConfigMgr > Site Management > Site Database > Properties Primary Site > Tab Site Mode Management Point, Proxy Management Point, Distribution Point, Software Update Point en (State Migration Point) Server Authentication (Web Server Template) IIS > -Right-click- Sites > Edit Bindings > HTTPS -Edit- Client computers Client Authentication (Computer Template) GPO > Policies > Computer Configuration > Windows Settings > Security Settings > Public Key …

Rename your ConfigMgr Primary Site

October 12, 2015July 12, 2009 by Peter van der Woude

Once you have installed your ConfigMgr Primary Site it is not possible to change the name of your Primary Site. At least not through the console… But what if you made a mistake or your company changes it’s naming conventions?? Well there is one way to change it. First off all stop the SMS_EXECUTIVE Service. After that open the site control file (<Installation directory>\Microsoft Configuration Manager\inboxes\sitectrl.box\Sitectrl.ct0) and search for BEGIN_SITE_DEFINITION. Close to that you will find your Primary Site name and you can change it (do not change anything else!!). After this save the file and start the SMS_EXECUTIVE Service again. Then after a few site refreshes your Primary Site name wil be changed. In some cases it could be possible that you also have …

ConfigMgr Backup in combination with WSUS

October 12, 2015July 10, 2009 by Peter van der Woude

I noticed that the scheduled backup of ConfigMgr can conflict with the installation of WSUS. When you have WSUS 3.0 SP1 installed on the same machine as your ConfigMgr Site you can, at random occassions, get problems with your WSUS installation. This is what happens: During the execution of the ConfigMgr Backup it does some kind of a healthcheck. When it then notices that the SUP/WSUS is not responding good it will try to do an repair action of WSUS. At this point the problem starts, bacause the installer of WSUS 3.0 SP1 doesn’t have a repair function, so WSUS will get uninstalled… After this has happened you can get errors like “Sync failed: WSUS server not configured. Source: CWSyncMgr::DoSync SMS_WSUS_SYNC_MANAGER” in the ConfigMgr Site Status. …

App-V future ready???

October 12, 2015July 9, 2009 by Peter van der Woude

Let’s start my first post about App-V being future ready (or not). When I was trying to deploy an App-V Sequence on a Windows 7 Client (with App-V Client 4.5 CU1) the application didn’t seem to work… At first I thouhgt it was just me, so I recreated everything from scratch, but still no luck. The next step was to search on Google and here I found a very helpfull link: http://www.softgridblog.com/?p=126. The solution is this: During the proces of making a sequence with the App-V Sequencer you get to tab Deployment. In this tab you can specify the Operating System (OS) on which this sequence can run. Before the App-V 4.5 CU1 version you didn’t have the option to select Windows 7. This means that …

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31