HOW TO DEPLOY SCCM / MECM CLIENT ON DEVICES ?

To install SCCM / MECM client on devices:

Precheck: 1. Installation Account is a member of Local Administration group 2. Site Server can resolve the computer name for the client and access the ADMIN$ share 3. The Windows Firewall or any other firewall is configured for exceptions to client push installation. 4. The MP (Management Point) is operational. Steps to follow: 1. Check have local admin privilege to install. Add domain user to local administrators in Client computer. Eg: CM_CP user account 2. Configuring Client Push: Administrations -- site configuration -- sites -- Client installation setting -- client push installation Add Account CM_CP to Client Push Installation Properties Check rights with test connection 3. Install Client on a device Right click -- Install client 4. Configure setting of client to be installed eg: to be installed on domain controller or from Specified site or repair / reinstall incase client already existing 5. Review Logs: On Config Manager : ccm.log On client computer : ccmsetup.log in c:\windows\ccmsetup folder 6. Services to monitor: On client computer ccmsetup service during installation Post installation will see SMS Agent host service 7. Reporting: Monitoring -- reporting -- Reports -- site - client information Can review below reports: - Client deployment status details - Client deployment success report - Client deployment failure report ------------------------------------------------------------------------------------------------- Follow Below platforms to get updates: Blog Website: https://yagneshmalaviya.com Twitter : https://twitter.com/YagneshMalaviya Linked In : https://www.linkedin.com/in/yagnesh-malaviya Facebook: https://www.facebook.com/mecmworld Instagram : https://www.instagram.com/mecm_world Email ID: mecmworld22@gmail.com If you would like to share your troubleshooting fix or knowledge on MECM, you are most welcome to share your interest in email. Will look forward to collaborate & share knowledge. Thank You :)

WHY DEVICES NOT REFLECTED IN CONSOLE ?

Below are two primary reasons for devices being not reflected in console

1. Incase Boundaries & Boundary group not configure
2. System discovery is not correctly configured

Let review further..

1. CREATION OF BONDARIES

1. check ip subnet for devices which we need to be added.
2. Within console Go to the Administration workspace, and then expand Hierarchy Configuration. 
3. Right-click Boundaries, and then select Create Boundary.
4. 5. On the Create Boundary page, enter subnet id & ok

2. CREATION OF BOUNDARY GROUP

1. Within console Go to the Administration workspace, and then expand Hierarchy Configuration.
2. Right-click Boundary Groups, and then select Create Boundary Group.
3. On the Create Boundary Group page enter name & add boundary previously created
4. Click references select use this boundary group for site assignment
5. Select Site System Server.
6. Apply Ok

Logs to check: in Config Manager Server hman.log will give info on boundaries

 3. CONFIGURE AD SYSTEM DISCOVERY

1. On the console, select Administr
   
   
   
   ation go to Hierarchy Configuration -- Discovery Methods.
2. Right-click Active Directory System Discovery Properties.
3. In General tab Enable Active Directory System Discovery option.
4. Next to Active Directory containers, add an Active Directory container. 
5. Click Browse to add the domain Path. 
6. Can set Rest Values or keep default
7. Run full discovery as soon as possible, select yes.

Devices will be visible

Logs to check: in Config Manager Server adsysdis.log

FIXING WARNING MESSAGE OF Installing SMS_EXECUTIVE_service during 2111 HOTFIX (KB12959506) install

When we will install 2111 Hotfix and fix issue of [Completed with warning] during update pack installation.

For installation of 2111 Hotfix , need to navigate thru below options:

1. Within MECM Console -- Administrations

2. Updates and Servicing

3. Configuration Manager 2111 Hotfix (KB12959506)

4. Right Click -- Install Update Pack

Will open Configuration Manager Wizard, accept license agreement and complete the wizard.

Review Status by going into :

1. Monitoring tab

2. Updates and Servicing Status ..

3. within Configuration Manager 2111 Hotfix ..

4. Right click Show status

Multiple steps will be completed , refresh after sometime to monitor progress.

If want to see real time status in description will provide log file details to review.

Here installation completed with warning Installing SMS_EXECUTIVE service.

Review log info to review further

Fix :

Restarting SMS_EXECUTIVE Service

Reference Link : https://docs.microsoft.com/.../checklist-for-installing...

-----------------------------------------------------------------------------------------------------------------------

Follow Below platforms to get updates:

Blog Website: https://mecmworld.blogspot.com

Twitter : https://twitter.com/YagneshMalaviya

Linked In : https://www.linkedin.com/in/yagnesh-malaviya

Facebook: https://www.facebook.com/mecmworld

Instagram : https://www.instagram.com/mecm_world

Email ID: mecmworld22@gmail.com

If you would like to share your troubleshooting fix or knowledge on MECM, you are most welcome to share your interest in email. Will look forward to collaborate & share knowledge. Thank You

FIXING WARNING MESSAGE OF HTTP OR ENHANCED HTTP DURING MECM CONSOLE UPGRADE TO 2111

While doing prerequisite check for upgrading or installing hotfix for MECM Console to 2111.

Below setting will help to overcome error:

1. In the Configuration Manager console, go to the Administration workspace, expand Site Configuration, and select the Sites node.

2. Select a site, and then in the ribbon select Properties.

3. Switch to the Communication Security tab.

4. Tick on Use Configuration Manager generated certificates for HTTP site systems

Steps to upgrade MECM Console 2111 reference Previous Video link: https://www.youtube.com/watch?v=wVCUfVmxEOI ----------------------------------------------------------------------------------------------------------------------- More info on here:

Microsoft link as per error description :

https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures Microsoft Doc for Enable the site for HTTPS-only or enhanced HTTP :

https://docs.microsoft.com/en-us/mem/configmgr/core/servers/deploy/install/list-of-prerequisite-checks#enable-site-system-roles-for-https-or-enhanced-http More detail explanation in Prajwal Desai blog: https://www.prajwaldesai.com/enable-site-system-roles-for-https-or-enhanced-http/ ----------------------------------------------------------------------------------------------------------------------- Follow Below platforms to get updates: Blog Website: https://mecmworld.blogspot.com Twitter : https://twitter.com/YagneshMalaviya Linked In : https://www.linkedin.com/in/yagnesh-malaviya Facebook: https://www.facebook.com/mecmworld Instagram : https://www.instagram.com/mecm_world Email ID: mecmworld22@gmail.com If you would like to share your troubleshooting fix or knowledge on MECM, you are most welcome to share your interest in email. Will look forward to collaborate & share knowledge.

UPGRADE MECM CONSOLE TO 2111

 While upgrading MECM Console to 2111, following key pointers are helpful.

1. Check Current version thru About
2. Select Update & Servicing thru Administrations
3. Check Prerequisites 
4. Log file to review :: ConfigMgrPrereq.log
5. Check Status in Monitoring Pane
6. Incase of error reported , review as per info in Status message in Description
7. Fix the error.
8. Re check Prerequisites
9. Install Update Pack
10. Check logs to review thru Status message during update process
11. Monitoring Update status 
12. Verification post successful install

Complete Video guide herewith :

STEP BY STEP GUIDE FOR PATCHING WINDOWS CLIENT DEVICES

For remediating patching on SCCM Managed client computers 

4 Important Steps :

1. Scanning of devices
2. Reviewing Logs to see patch status
3. Remediation to deploy Patches
4. Patches are deployed as per logs, however reporting is showing as non compliant

Additional info on :

• Manual Patch deployment
• Possibility of why issues being reported.
• Software Center Error Codes & description

--------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------

STEP 1: Scanning of devices: 

• Check WUA Handler log if scanning is failing
• Complete detail on WUAHandler.log & fix is linked to registry.pol <check date>, rename or delete registry.pol file & run gpupdate /force & run software update eval cycle & scan cycle.
• Complete troubleshooting video on scanning issue https://youtu.be/4ntGsLCu-7E

STEP 2: Reviewing Logs to see patch status:

• Check updatestore.log for that particular KB we will see if missing or existing by taking note of unique ID.
• Review more logs based on unique id Updatedeployment.log, updatehandler.log, updatestore.log, WUAHandler.log, windowsupdate.log may give us good clue on errors.
• To review Windowsupdatelog
• Powershell >> get-windowsupdatelog
• Another file is created which will have more details.
• Logs will have entry like:
• ASSIGNMENT_EVALUATE_SUCCESS, ASSIGNMENT_ENFORCE_FAILED or any other message like Failed to attach update to the automation wrapper = 0x87D00215.
• If seen as finished installing (0x000000000), means patches are installed.
• No pending patches available as of now, kindly find the log details.
• <![LOG[EnumerateUpdates for action (UpdateActionInstall) – Total actionable updates = 0]LOG]!><time=”05:02:16.837-60”date=”02-16-2022” component=”UpdatesDeploymentAgent” context=”” type=”1” thread=”27904” file=updatesmanager.cpp:1826”>

STEP 3: Remediation to deploy Patches:

• Caused by some update files becoming corrupt while being downloaded. If this happens you can delete or rename the folder & it will be recreated in same location.
• Couple of placed observed one in software distribution & ccmcache
• Renaming Folders
• Softwaredistribution folder located in C:\windows\
• If ccmcache, can rename ccmcache folder or specific subfolder if aware
• Catroot2 folder located in C:\windows\System32
• By default it will not allow as services are running in backend
• Stop Windows update service Service name: wuauserv
• Stop Cryptographic Services Service name: CryptSvc
• Stop Background Intelligent Transfer Service name: bits
• Stop Windows Installer Services Service name: msiserver
• Post service stopped rename folder
• Sometimes few services auto start so you will need to disable it.
• Once folders are renamed restart / enable above 4 services & also check status of SMS Agent host service
• If windows installer services is giving error while starting check to Unregister and re-register Windows Installer by following command
• Msiexec /unregister
• Msiexec /regserver
• Reboot system & check
• Initiate “Software Update Scan Cycle” and “Software Updates deployment evaluation cycle” from configuration manager applet 
• Review logs 
• If patches still fail to deploy, there can be windows issue
• Sfc/scannow (this is System File Checker)
• Windows Update troubleshooter can be accessed thru settings

STEP 4: Patches are deployed as per logs, however reporting is showing as non compliant. 

• We need client to resend its data to the MP.  It’s a convenient way to force some state messages up.
• Powershell query
• $UpdateStore = New-Object –ComObject Microsoft.CCM.updateStore
• $UpdateStore.RefreshServerComplianceState()
• This command will help to update / refresh compliance state on SCCM
• Sitecode change
• Reinstall Client

--------------------------------------------------------------------------------------------

Additional observation: Certain times specially for in case office patches if missing can check to Repair / reinstalling of Office application.

Manual Patch deployment:

Go to patches kb downloaded will see location either in ccmcache or download folder

• c:\windows\softwaredistribution\Download
• Open CMD (elevated rights)
• DISM.exe /online /Add-package /PackagePath: “c:\windows\softwaredistribution\Download\.... <get info from folder.cab file?>

       OR

• Extract cab file & run windows installer file post extract

Possibility of why issues being reported:

• Offline or Inactive client – bring it back to network
• Device not in use – its retired from AD or SCCM 
• Pending Reboot
• Low Disk space – housekeeping of HDD / upgrade HDD size
• Download Corrupt
• SCCM Client Corrupted
• If client not updating recent date client repair / reinstall
• GPO issue

--------------------------------------------------------------------------------------------

Software Center Error Codes:

Error Code	Error Description	Error Status Description
-2146498170	Unknown Error	This update application failed
-2146498173	Unknown Error	This update application failed
-2016410855	Unknown Error	ConfigMgr internal error occurred for this update
-2146498168	Unknown Error	This update application failed
-2146498174	Unknown Error	This update application failed
-2146498171	Unknown Error	This update application failed
-2146498172	Unknown Error	This update application failed
-2145099757	Unknown Error	This update application failed
-1906441218	Unknown Error	This update application failed
-2146498304	Unknown Error	This update application failed
-1906441221	Unknown Error	This update application failed
-2146498169	Unknown Error	This update application failed
-1906441212	Unknown Error	This update application failed
-2145099774	A download manager operation could not be completed because the file digest was not recognized	ConfigMgr internal error occurred for this update
-2147024891	Access is denied	This update application failed
-2147024873	Data error (cyclic redundancy check)	This update application failed
-2147023898	Invalid access to memory location	This update application failed
-2147024882	Not enough storage is available to complete this operation	This update application failed
-2016409851	Pause state required	ConfigMgr internal error occurred for this update
-2016410031	Post install scan failed	ConfigMgr internal error occurred for this update
-2147024858	Reached the end of the file	This update application failed
-2016409844	Software update execution timeout	This update did not finish in allocated time
-2016410008	Software update still detected as actionable after apply	ConfigMgr internal error occurred for this update
-2147010798	The component store has been corrupted	This update application failed
-2146869232	The digital signatore of the object did not verify	ConfigMgr internal error occurred for this update
-2147024629	The directory name is invalid	This update application failed
-2147023504	The file or directory is corrupted and unreadable	This update application failed
-2147024894	The file you specified could not be found. This may be because it is not signed	This update application failed
-2016411062	The job is already connected	ConfigMgr internal error occurred for this update
-2147010815	The referenced assembly could not be found	This update application failed
-2147010893	The referenced assembly is not installed on your system	This update application failed
-2147023170	The remote procedure call failed	This update application failed
-2147010788	The SMI primitive installer failed during setup or servicing	This update application failed
-2147024291	The specified buffer contains ill-formed data	This update application failed
-2147024784	There is not enough space on the disk	This update application failed
-2147018095	Transaction support within the specified resource manager is not started or was shutdown due to an error	This update application failed
-2016410012	Updates handler job was cancelled	ConfigMgr internal error occurred for this update
-2147023838	Windows: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.	ConfigMgr internal error occurred for this update

 

Follow Below platforms to get updates:

Blog Website: https://mecmworld.blogspot.com

Twitter : https://twitter.com/YagneshMalaviya

Linked In : https://www.linkedin.com/in/yagnesh-malaviya

Facebook: https://www.facebook.com/mecmworld

Instagram : https://www.instagram.com/mecm_world

Email ID: mecmworld22@gmail.com

If you would like to share your troubleshooting fix or knowledge on MECM, you are most welcome to share your interest in email. Will look forward to collaborate & share knowledge.

Thanks.

Yagnesh Malaviya