Friday, May 20, 2011

On Windows 2008 R2 with SP1 you may face MP Fatal error 1603 Problem

This could happened because of not supported versions to fix this you need to apply a patch  KB2489044. (I ran into this problem today at a customer place and fix is below)


Ms Link

Asset Intelligence Sync Public Certificate Expired

You may see in AIUpdateSvc.log has entries of “WebException trying to enroll: Status = ProtocolError” and  “Exception attempting sync - The request failed with HTTP status 403: Forbidden.

this could because of your SCCM Public certificate expired. yes by default Microsoft will install a public certificate that will expires on 3 years i.e., 4/25/2011.


To resolve this you need to Update the Certificates for Asset Intelligence

  • Configuration Manager 2007 Service Pack 2: Install hotfix KB2483225. This hotfix installs the updated public certificate for System Center online authentication and no further action is required. As part of the hotfix installation, the updated certificate is configured for the Asset Intelligence synchronization point and your specific certificate will be automatically renewed.  For more information about this hotfix, see
  • Configuration Manager Service Pack 1: Obtain a certificate file and manually configure the Asset Intelligence synchronization point to use the updated public certificate for System Center online authentication. Use the following steps:
    1. Email to request a certificate file that contains the updated public certificate for System Center online authentication.  Please note that this alias is for certificate distribution only and not for support questions.
    2. Store the certificate file in a location that is accessible to the site server.
    3. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database (<site code> - <site name>) / Site Settings / Site Systems.
    4. Click the Asset Intelligence Synchronization point site system computer name.
    5. Select the Asset Intelligence synchronization point, and click Properties.
    6. On the General tab of the Asset Intelligence Synchronization Point Properties, specify the path to the new System Center Online authentication certificate (.pfx) file, and click OK.

Thursday, May 19, 2011

old version of SCCM Clients Collection

Some times old version could cause of some issues… below is a quick query to find the old version of systems


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where ((DATEDIFF(hh, SMS_R_SYSTEM.AgentTime, getdate()) < 23) and AgentName = "SMS_AD_SYSTEM_DISCOVERY_AGENT") and ( SMS_R_System.ClientVersion is null)

Patching Collections

All computers that are in a state of pending restart:

select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from sms_r_system AS sms_r_system inner join SMS_UpdateComplianceStatus as c on c.machineid=sms_r_system.resourceid where c.LastEnforcementMessageID = 9

All computers that failed to install an update:

select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from sms_r_system inner join SMS_UpdateComplianceStatus on SMS_UpdateComplianceStatus.machineid=sms_r_system.resourceid where SMS_UpdateComplianceStatus.LastEnforcementMessageID = 11

All computers that are waiting for another installation to complete:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from sms_r_system AS sms_r_system inner join SMS_UpdateComplianceStatus as c on c.machineid=sms_r_system.resourceid where c.LastEnforcementMessageID = 3

SCCM Advertisement Status Failed systems Collection

To create a collection based on failed advertisement systems.


SELECT sys.ResourceID,sys.ResourceType,sys.Name,sys.SMSUniqueIdentifier,sys.ResourceDomainORWorkgroup,sys.Client FROM sms_r_system as sys inner join SMS_ClientAdvertisementStatus as offer on sys.ResourceID=offer.ResourceID
WHERE AdvertisementID = ‘CEN12345' and LastStateName = "Failed"

Windows Vista Service Pack 1? SP1 support ends on July 12, 2011

if you are running with Windows Vista Service Pack 1? SP1 support ends on July 12, 2011


Download Vista SP2 (x86 version)

Download Vista SP2 (x64 version)

Wednesday, May 18, 2011

SCCM Status MessageID for Patching for easy troubleshooting

11700 101 Failed Scan Tool for this update is not available
11701 101 Failed Scan Tool for this update failed
11702 101 Failed The contents hash for this update provided in policy does not match with the contents downloaded
11703 101 Failed The contents for this update could not be located
11704 101 Failed Contents size for this update exceed free cache size available
11705 101 Failed Contents size for this update exceed total cache size available
11706 101 Failed Failed to download contents for this update
11707 101 Failed This Update cannot be attempted due to invalid commandline
11708 101 Failed This Update application failed
11709 101 Failed This Update did not finish in allocated time
11710 101 Failed Creation of process failed for this update
11711 101 Failed Failed to get installer path for this update
11712 101 Failed Failed to monitor process for this update after service restart
11713 101 Failed SMS internal error occurred for this update
11714 101 Failed Bundle update failed to get content for this update
11715 101 Failed Bundle update failed to install this update
11716 101 Failed Bundle update failed to evaluate the applicability of its leaf updates
11717 101 Failed No current or future maintenance window is available to accomodate this update with max runtime
11750 101 Failed Updates enforcement job failed for this assignment
11751 101 Failed Updates failures occured during enforcement of this assignment
11752 101 Failed Some updates are still non-compliant after enforcemet completion of this assignment
11753 101 Failed Post restart updates compliance checking failed
11754 101 Failed Failed to initiate enforcement of this assignment
11755 101 Failed Failed to initiate updates evaluation for this assignment
11756 101 Failed Updates evaluation job completed with failure for this assignment
11757 101 Failed Invalid policy received for this assignment
11758 101 Failed Failed to initiate updates advance download for assignment
11759 101 Failed Updates advance download job completed with failure for assignment
11760 101 Failed No maintenance window is defined to accommodate at least one update in the deployment

Who is installed Software's ?

Collection for computers that failed to run an advertisement


Who is installed Software's ?

Troubleshooting SCCM Software Updates


VB Script to Clear SCCM Client Cache (C:\Windows\System32\CCM\Cache)


on error resume next

dim oUIResManager
dim oCache
dim oCacheElement
dim oCacheElements

set oUIResManager = createobject(“UIResource.UIResourceMgr”)

if oUIResManager is nothing then
      wscript.echo “Couldn’t create Resource Manager – quitting”
end if

set oCache=oUIResManager.GetCacheInfo()

if oCache is nothing then
      set oUIResManager=nothing
      wscript.echo “Couldn’t get cache info – quitting”
end if

set oCacheElements=oCache.GetCacheElements

for each oCacheElement in oCacheElements

set oCacheElements=nothing
set oUIResManager=nothing
set oCache=nothing




Do you want to collect all clients LOG files to send it to some one ?

use this script below …

1. Create a folder and place the following batch files and txt file on it: Collect.bat, TestAll.bat, TestPC.bat, and Computers.txt. The codes for the batch files are given below. Place the name or ip address of the machines in computers.txt (one computer name/ip address per line)

2. Run TestAll.bat

3. A folder named “Result” will be created inside the folder where the batch files are located. This folder will contain the log files of the machines that you entered in computers.txt

A. Collect.bat

MD .\Result\%1
MD .\Result\%1\CCMLog
MD .\Result\%1\CCMSETUPLog
xcopy \\%1\admin$\system32\ccm\logs\*.* .\Result\%1\CCMLog /E /Y
xcopy \\%1\admin$\system32\ccmsetup\*.log .\Result\%1\CCMSETUPLog /E /Y

B. TestAll.bat

rd  /Q /S .\Result_OLD
Move /Y .\Result .\Result_OLD
rd  /Q /S .\Result
MD .\Result

del FailPing.txt
del FailConnect.txt
del Succeed.txt
for /f %%i in (computers.txt) do call TestPC %%i

C. TestPC.bat

@echo off
REM usage: TestPC PCName

if not %1. == . goto INSTALL
Echo Usage: TestPC PCName
goto END

REM @echo on
Echo Now test %1

Echo Now try to ping %1
ping %1 -n 1 | find /i “ttl=” && Goto ONLINE

Echo can ping %1
Echo Now try to connect to \\%1\Admin$
Dir \\%1\Admin$ >nul
If ERRORLEVEL=1 goto ConnectionFailed
Echo Connection test succeeded for %1. Can connect to \\%1\admin$.
Echo %1 >>.\result\Succeed.txt
Echo Now collecting data
call Collect.bat %1
goto END

echo cannot ping %1
Echo %1 >>.\result\FailPing.txt
goto Failed

Echo cannot connect to \\%1\admin$.
Echo %1 >>.\result\FailConnect.txt
goto Failed

Echo Connection test failed for %1


D. Computers.txt

Hydration – Microsoft Free Test Lab for POC (Proof of Concepts)




You can download it from Microsoft Connect here, just scroll down to the bottom and look for PoC – Jumpstart 10 Day – Hydration Kit. And be aware that license terms of the different software is still in effect..


Here is a download for deploying a few different servers in a datacenter, all fully automated. The servers are two domain controllers, one deployment server with WDS, and one ConfigMgr 2007 SP2 R2 server...
Big thanks to Ben Hunter and Michael Niehaus (Both Microsoft) who started the Hydration Era more five years ago by creating hydration structures and scripts... Microsoft DDPS partners knows this, rest of the world - probably not (until now  :)  )...

Screenshot of the server roles and configuration

The Task Sequence for the CM01 - ConfigMgr 2007 SP2 Server
View the Video that shows the setup

Play (Stream) or Download (MP4)

Download the Hydration solution (72 kb)

Hydration installation instructions

Step 1 - Download the necessary software

On your Hyper-V host, create the C:\Downloads folder and download the following software:

  • ConfigMgr 2007 R2

  • ConfigMgr 2007 with SP2

  • ConfigMgr 2007 Toolkit V2

  • PowerShell Management Library for Hyper-V

  • SQL Server 2008 R2 Enterprise x64

  • SQL Server 2008 R2 Express x64 with Management Tools

  • Windows Server 2008 R2 Enterprise

Step 2 - Prepare the Hydration environment

  1. Configure Execution Policy in PowerShell, by typing the following in a PowerShell prompt:
    Set-ExecutionPolicy Unrestricted
  2. Extract the file to C:\HydrationMDT2010
  3. Edit the C:\HydrationMDT2010\HydrationSource\Applications\ConfigMgr 2007 SP2\ConfigMgrUnattend.ini and add the real PID (AAAAA-BBBBB-CCCCC-DDDDD-EEEEE is the place holder), To find out what PID you have, start the ConfigMgr 2007 Setup on a Server, and a few steps into the setup wizard the PID will be displayed. Please note that the setup needs to be executed on a domain member server, otherwise you will only be able to install the ConfigMgr console, and the PID will not be displayed.
  4. Create the Hydration Deployment Share by running the 1_CreateHydrationDeployment.ps1 script
  5. Copy the following folders C:\HydrationMDT2010\HydrationSource to C:\Hydration, replace any existing files.
    Operating Systems
  6. Copy the ConfigMgr 2007 Toolkit V2 installation files (ConfigMgrTools.msi) to the C:\Hydration\Applications\ConfigMgr 2007 Toolkit V2\Source folder.
  7. Copy the ConfigMgr 2007 SP2 installation files to the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source folder.
  8. Create the C:\Tmp\PreReqs folder, and run the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source\SMSSETUP\BIN\I386\Setup.exe file with the /Download C:\Tmp\PreReqs command line option.
  9. Move the content of the C:\Tmp folder to the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source\PreReqs folder
  10. Copy the ConfigMgr 2007 R2 installation files to the C:\Hydration\Applications\ConfigMgr 2007 R2\Source folder
  11. Copy the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source\SMSSETUP\BIN\I386\EXTADSCH.exe to C:\Hydration\Applications\Extend ConfigMgr 2007 Schema\Source
  12. Copy the SQL Server 2008 R2 installation files to the C:\Hydration\Applications\SQL Server 2008 R2\Source folder
  13. Copy the SQL Server 2008 R2 Express installation (en_sql_server_2008_r2_express_with_management_tools_x64.exe) files to the C:\Hydration\Applications\SQL Server 2008 R2 Express\Source folder.
  14. Copy the Windows Server 2008 R2 Enterprise files to C:\Hydration\Operating Systems\Windows Server 2008 R2 x64
  15. Create the HydrationServers media item by running the 2_CreateHydrationMediaItem.ps1 script
  16. Copy the C:\HydrationMDT2010\Media001\Control folder to C:\HydrationServers\Content\Deploy, replace existing files
  17. Update the HydrationServers media item by running the 3_UpdateHydrationServersMedia.ps1 script

Step 3 – Create and deploy the virtual machines

  1. Install the PowerShell Management Library for Hyper-V by running the install.cmd script, ignore any errors about .NET Framework
  2. Verify that the files are not having any alternative data streams, if they do, remove it (using explorer or streams from Sysinternals).
  3. Create the virtual machines by running the 4_CreateVirtualMachines.ps1 script.
  4. Using Hyper-V Manager
    1. Start the DC01 virtual machine, and wait until the setup is complete
    2. Start the DC02 virtual machine, and wait until the setup is complete
    3. On DC01, verify that AD replication works with DC02.
    4. Start the MDT01 virtual machine, and wait until the setup is complete
    5. Start the CM01 virtual machine, and wait until the setup is complete

Done... Good luck with your hydrations...

A consolidated Report for Patch Deployments

to get the consolidated Report for all your deployments / instead of depending on dashboard you can view this PVT Report



Select Deploymentname, Available, Deadline,

cast(cast(((cast([Compliant] as float) / (ISNULL([Compliant], 0) + ISNULL([Enforcement state unknown], 0) + ISNULL([Successfully installed update(s)], 0) + ISNULL([Failed to install update(s)], 0) + ISNULL([Installing update(s)], 0) + ISNULL([Waiting for another installation to complete], 0) + ISNULL([Pending system restart], 0) + ISNULL([Downloading update(s)], 0)))*100) as Numeric(10,2)) as varchar(256)) + '%' AS '%Compliant',


  [Enforcement state unknown],

  [Successfully installed update(s)],

  [Failed to install update(s)],

  [Installing update(s)],

  [Waiting for another installation to complete],

  [Pending system restart],

  [Downloading update(s)]



a.AssignmentName as DeploymentName,

a.StartTime as Available,

a.EnforcementDeadline as Deadline,

sn.StateName as LastEnforcementState,

count(*) as NumberOfComputers

from v_CIAssignment a

join v_AssignmentState_Combined assc

on a.AssignmentID=assc.AssignmentID

join v_StateNames sn

on assc.StateType = sn.TopicType and sn.StateID=isnull(assc.StateID,0)

group by a.AssignmentName, a.StartTime, a.EnforcementDeadline,

      sn.StateName) as PivotData



SUM (NumberOfComputers)

FOR LastEnforcementState IN

( [Compliant],

  [Enforcement state unknown],

  [Successfully installed update(s)],

  [Failed to install update(s)],

  [Installing update(s)],

  [Waiting for another installation to complete],

  [Pending system restart],

  [Downloading update(s)])

) AS pvt

Software Updates Status messages

Software Updates Status messages are three major types and these are


  • States for deployments
  • States for software updates
  • Scan states for an update source


    and each of these are again sub categorized as below.. we can see these message when we ran the software updates reports in SCCM.


    States for Deployments

    Client computers create state messages when evaluating software update deployments, for the compliance of deployment (whether or not the client requires one or more software updates in the deployment), and for the enforcement of a mandatory deployment.

    Unlike other software updates state messages that are replicated up the hierarchy to the central site, state messages for deployments are replicated up the hierarchy to the site where the deployment was created. Software update deployment enforcement, evaluation, and compliance information will be missing from reports when they are run from a site higher in the hierarchy than where the deployment was created.

    Evaluation States for a Deployment

    When a new deployment is created and the client computer evaluates the assignment policy for the deployment and during the deployment reevaluation cycle, one of the following state messages is created:

    • Evaluation state unknown

    • Evaluation activated

    • Evaluation succeeded

    • Evaluation failed

    Enforcement States for a Mandatory Deployment

    When the deadline is reached for a mandatory deployment, client computers create state messages for the following:

    • Enforcement state unknown

    • Installing update(s)

    • Waiting for restart

    • Waiting for another installation to complete

    • Successfully installed update(s)

    • Pending system restart

    • Failed to install update(s)

    • Downloading update(s)

    • Downloaded update(s)

    • Failed to download update(s)

    • Waiting for maintenance window before installing

    By segregating update enforcement state messages and deployment enforcement state messages, administrators can create detailed, precise, near-real-time reports for management that were previously difficult, if not impossible, to create.

    Compliance States for a Deployment

    Client computers report the compliance for a software update deployment by using the following state messages:

    • Compliance state unknown

    • Compliant

    • Non-compliant

    • Conflict detected

    States for Software Updates

    Client computers create state messages for the compliance of software updates and the enforcement of software updates in a mandatory deployment.

    Compliance States for a Software Update

    When client computers scan for software updates compliance, a state message with one of the following compliance states is created for each software update:

    • Detection state unknown

    • Update is not required

    • Update is required

    • Update is installed

    Enforcement States for a Software Update

    When the deadline is reached for a mandatory deployment, client computers create a state message for each software update in the deployment. The following software update enforcement states provide information about the software update installation:

    • Enforcement state unknown

    • Enforcement started

    • Enforcement waiting for content

    • Waiting for another installation to complete

    • Waiting for maintenance window before installing

    • Restart required before installing

    • General failure

    • Pending installation

    • Installing update

    • Pending system restart

    • Successfully installed update

    • Failed to install update

    • Downloading update

    • Downloaded update

    • Failed to download update

    Scan States for an Update Source

    When a scan is run on a client computer, a state message is created for each update source—for example, Microsoft Update or the Inventory Tool for Microsoft Updates. One of the following scan states is created:

    • Scan state unknown

    • Scan is waiting for content

    • Scan is running

    • Scan completed

    • Scan is pending retry

    • Scan failed

    • Scan completed with errors

    • SMS 2003 client

    Monday, May 16, 2011

    POC New released from MS



    The PoC Jumpstart provides resources to deploy a desktop PoC with Windows 7, Office 2010, Internet Explorer 8, and Application Virtualization with Microsoft Desktop Optimization Pack technology.



    This self-contained, self-service kit will help you complete a Proof-of -Concept (PoC) at your organization, allowing you to quickly evaluate the new Microsoft desktop technologies, including Windows 7, Office 2010 Pro Plus, Internet Explorer 8, and Application Virtualization with Microsoft Desktop Optimization Pack technology App-V. It will also familiarize you with some of the important deployment tools provided by Microsoft to assist with your broader deployment efforts. This PoC is not meant to be comprehensive training mechanism but rather an introductory set of modules to familiarize you with tools and technologies.
    • Microsoft Windows Server 2008 Enterprise Edition – A platform that helps IT Professionals increase the flexibility and reliability of their server infrastructure.
    • Microsoft Assessment and Planning Toolkit (MAP) – A tool to assess your hardware readiness for Windows 7 and Office 2010.
    • Microsoft Application Compatibility Toolkit (ACT) – A tool to assess your software readiness for Windows 7 and Office 2010.
    • Microsoft Office Migration and Planning Manager (OMPM) – A tool to assess and upgrade Office versions and files.
    • Microsoft Office Environment Assessment Tool (OEAT) – A tool to assess Office add-ins.
    • Microsoft Office Code Compatibility Inspector (OCCI) – A tool guide remediation of Office VBA code.
    • Microsoft Security Compliance Manager (SCM) – A tool guide management and customization of group policy settings
    • Microsoft Deployment Toolkit – A tool to create, configure, and deploy custom images, applications, and components.
    • Windows 7 Enterprise 90-day Trial image – This evaluation edition forms the base image for deployment on client computers.
    • Microsoft Office Professional Plus 2010 – Evaluation version - both MSI and App-V sequenced package.
    • Microsoft Visio Premium 2010 – Evaluation version.
    • Microsoft Project Professional 2010 – Evaluation version.
    • Office 2010 with Application Virtualization – This system is deployed virtually to streamline and centralize operations.
    • Microsoft SQL Server 2008 R2 Evaluation Edition – This database system is used to store tool results.
    The PoC Jumpstart is intended to show you that an upgrade to new Microsoft Optimize Desktop technologies can be seamless, feasible, easy and cost-effective. The PoC Jumpstart will also shed light on the deployment process (tools and technologies) and give your organization confidence for undertaking a broader deployment motion. After completion of the PoC, you should have a test environment setup that will allow you to evaluate the various features of the Microsoft Optimized Desktop and help you make informed decisions to meet your business needs.

    SCCM and State Migration point (SMP), USMT Demonstration

    Good talking about Client Health common issues that we encounter in real world.

    Good talking about Client Health common issues that we encounter in real world.


    Take some time to focus on some common issues with client installation and communication issues, as well as a couple of tools that make troubleshooting infinitely easier.

    SCCM Tools available

    First up I want to list 3 of the primary tools I use for client side troubleshooting.

    1. Trace32 Log Reader
    2. SCCM Client Center
    3. JSandys CM Startup Script

    Now the first item on that list, trace32 is by far the most valuable tool to the SCCM administrator outside of the console itself, perhaps even more so than the console. It allows filtering, highlighting, real time updates, and just generally makes the logs readable.

    SCCM Client Center, this tool attaches to the cm WMI Namespace and allows for nearly full control of the client on the target machine. In terms of remediation, or even testing, there is no reason this tool shouldn’t be installed.

    Config Manager Startup Script by Jason Sandys. This script is easily configured for implementation and has fairly rich logging power for a vbscript, it’s also lighter weight than some of the other health scripts. I highly recommend using this for maintaining client integrity, as well as offering an installer tool for the CM agent by secondary or third parties.

    The Client

    First, lets start with identifying the clients existence on the local machine.

    Here’s where to look:

    • Control Panel > Configuration Manager (this is one of the quickest methods)
    • Task Manager (ctrl+shift+esc) > Processes > CcmExec.exe
    • Task Manager > Services > CcmExec
    • Control Panel > Admin Tools > Services > SMS Agent Host
    • c:\windows\system32\ccm (32bit)
    • c:\windows\syswow64\ccm (64bit)
    • HKLM\SOFTWARE\Microsoft\SMS\Mobile Client\Product Version (32bit)
    • HKLM\SOFTWARE\Wow6432Node\Microsoft\SMS\Mobile Client\Product Version (64bit)

    This is a list of the primary locations to check for the presence of the client, it’s also useful for finding methods to script around identifying them.

    The Client’s Jobs

    Now lets discuss what the client does. First lets recognize that the client is just a dictator for the most case, it tells multiple windows services what to do to complete specific tasks. Until we need to break down what services do things specifically lets just treat the client as the primary initiator.

    • Policy updates and application
    • Manage downloads
    • System scans
    • Inventory reports

    The client and server relationship relies heavily on BITS, Admin shares, RPC (at least for installation), WMI, AD, and WUA.

    The client will regularly talk to the server, telling it about any changes it’s had since it’s last conversation, by way of xml. It will also ask the server what it should be doing differently, to which the server sends the client it’s latest policy. The client will review that policy then act, or do nothing depending on if there are any actionable changes.

    Actionable changes could be installation of software, OS, OS configuration changes, even changes in the frequency of their conversations. These exchanges of course are called policy updates, and I believe by default they are set to 90 minutes (no real reason to change it either).

    Client Installation

    There are multiple ways to install the SCCM client, and in a lot of ways, that method will vary depending on your environment. I will stick to the basics and explain the process if done by server initiated push. I will also discuss what is required.

    First the server begins by initiating a PUSH, using local admin rights, it will copy down the CCMSETUP.EXE file to either c:\windows\ccmsetup or c:\windows\system32\ccmsetup

    A service named CcmSetup is made and it begins transferring the client contents to the local machine and finalizing installation and cleanup of the directory.

    A log of the transaction is left in the ccmsetup folder named ccmsetup.log

    Once this process is complete, the client will perform it’s first policy update and make it’s active client existence known to it’s respective primary server.

    So what if installation fails?

    This isn’t a perfect world. If you are pushing into an existing environment, things may have accidentally found there way out of standards and or flat broken.

    Lets discuss what is required on a local PC for a successful install:

    • Resolvable hostname (proper DNS entry)
    • Service account with local admin rights
    • RPC access to OS components (such as registry)
    • Admin$ shares
    • WUA (Windows Update Agent)

    Instead of explaining exactly why for each of these, lets explain how to resolve potential problems with each. I also want to treat this as an all inclusive troubleshooting guide for the client, so I won’t limit things to just install failures. Truthfully, if any of these breaks after installation, the client will most likely not function as intended.

    Improper DNS entry:

    From the local machine there is little you can do to resolve this problem. Two methods that could resolve the problem are:

    ipconfig /registerdns

    This will attempt to update the DNS records for all adapters of the local machine.

    ipconfig /flushdns

    This will dump all resolver cache data on the local machine. (long shot, but I’ve seen this clear up client DNS conflicts from the push)

    Any additional resolution would need to be done by the Domain Admin on the DNS server with the improper pointer references.

    Service Account with local admin rights:

    This is a very simple solution. Add the appropriate service account to the local admins group on the client PC. For Installation and operation, this account needs to be set for the client to perform it’s jobs.

    RPC Access:

    This one can have you scratching your head at times, but a majority of the times it’s tied to a firewall. Make sure that local firewalls have exceptions built in for the SCCM server. When in doubt, disable the firewall software to verify if it’s the culprit or not.

    Also ensure that the RPC (RpcSs) and RPC Endpoint Mapper (RpcEptMapper) services are Started.

    Some of these changes may require a restart before taking effect so be aware of that while troubleshooting RPC denials. It’s also worth mentioning there are a multitude of applications that could disrupt this functionality, so be sure to thoroughly investigate the machine for potential culprits.

    Admin$ Shares:

    First off, the service Workstation (LanManWorkstation) is responsible for these shares, as well as all SMB protocols on the local machine. If it’s disabled, you will not have these shares.

    One of the most direct methods for enabling admin shares is in:

    HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareWks, 1

    HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareServer, 1

    Then restart the PC.

    Be aware this setting can be viewed as a security risk, and with that being said, some security software may actively disable them. So treat your evaluation similarly to your RPC troubleshooting.

    WUA Disabled:

    The Windows Update service being disabled is a fairly simple solution provided there isn’t a GPO forcing it. You can either enable and set the Windows Update service to Automatic (wuauserv). Inside the control panel under Windows Update or Automatic updates set it to automatic.

    WUA is responsible for system scans, patching, software delivery, essentially a vast majority of the clients functionality. It is imperative that WUA is enabled.

    Logs to Read, and Policy Updates

    For the official list of log files, go here.


    I’m going to touch on the more immediate logs for troubleshooting the following issues.

    • Health
    • Policy
    • Connectivity
    • Licenses
    • Installs


    CcmExec.Log, this log is one of the first stops for suspected bad installs.

    ClientLocation.log, this log is a good place to verify that client has a healthy install with a site server.

    StatusAgent.log, status messages for client components. Also useful for connectivity issues.


    PolicyAgent.log, this holds policy request information, very helpful when pulling policy.

    PolicyEvaluator.log, this log lets us know know if we are having issues applying policies.


    InternetProxy.log, if you are using unprotected DPs, this is the log to check.

    Mpcontrol.log, logs record the state of the management point

    LocationServices.log, attempted connectivity to MPs and DPs


    Hman.log, if clients aren’t registering this is worth looking into.


    Ccmsetup.log, client installation happenings are recorded in this log.

    Client.msi.log, output from the installer.

    That concludes the overview of SCCM client installation and troubleshooting. Happy problem solving. For additional information on the client and troubleshooting check MSDN:

    and be sure to get involved with

    Source : -