Monday, July 29, 2013

ConfigMgr 2012 SP1 with App-V 5.0 integration

Today I did some testing with App-V 5.0 integration in ConfigMgr 2012 SP1. Microsoft describes it this way in their whitepaper:
"Configuration Manager 2012 SP1 adds support of App-V 5.0 applications. App-V 5.0 provides benefits over traditional applications as it transforms applications into centrally managed, virtual services that are never installed and do not conflict with other applications. App-V dramatically accelerates application deployment, upgrades, patching, and retirement by eliminating time-consuming processes and simplifying the application management lifecycle."

And some other good lines also:
- Configuration Manager 2012 SP1 was designed to provide the same level application management features that are provided in the App-V 5.0 infrastructure;
- Configuration Manager 2012 offers a rich set of capabilities for managing virtual applications from the Configuration Manager infrastructure. Configuration Manager with App-V integration enhances the virtual application delivery model and provides features that are not available with an App-V full infrastructure model;
- App-V Integration with Configuration Manager is streamlined because Configuration Manager is performing the same tasks that are available with the full App-V infrastructure;
- Configuration Manager provides management of applications from delivery, update, and termination using the application catalog built-in wizards and configurations;
- SP1 for Configuration Manager 2012 reduces the App-V infrastructure to the App-V Sequencer and Client and takes the place of the management, publishing, and streaming components in a typical App-V full infrastructure;

Figure 1:Configuration Manager with App-V Infrastructure
When having an ConfigMgr installation, no changes are needed at all. You can import App-V packages as applications by default and deploy them to a collection. I created a user collection per App-V package myself, connected with a user group per collection. Deployment of applications is done on the same collection in this scenario. That way management (adding users to a group) can be done in Active Directory, no need to add users in the ConfigMgr console.
Here it comes, when deploy a required (mandatory) application to a desktop it will be installed within 5 - 30 seconds after logon. When deploying an application to a already logged on session, nothing is happening. A user policy refresh must be done first, or just logoff and logon again. After that installation is done in 5 - 30 seconds again. I tried both local download and streaming, but no big changes in them. When using local download (which takes longer) the application can be started immediately afterwards. When using streaming (which is way faster) the bits are downloaded when starting the application. I can live with it both ways!

App-V packages visible in Software Center (part of ConfigMgr)
When you want to uninstall an App-V package as application things are really different. Microsoft decided to remove the "Remove this virtual application when it is no longer advertised" option, which was used in ConfigMgr 2007 with App-V 4.6 integration. This was a great option, which removes the App-V package when it was no longer advertised. Much better that way!
Page 30 of the updated Configuration Manager White Paper (just click for download) discusses this:
To configure an application to automatically uninstall when a user / system is removed from the install collection, create a collection based on the deployment status of a deployed application then target an uninstall deployment to it.
This means you have to create two collections and deployments per App-V package now, one for installing and one for uninstalling the application. This will take a lot of time to create, as it is much more configuration then the option being used before. Microsoft mentions: The uninstall collection query listed only works for systems. The query must be modified when the install collection contains user objects.

User collections in ConfigMgr for installation and removal
I did it another way myself, creating two user collections per application. That way the Microsoft query mentioned is not needed, way to many clicks for me! Just create an Install and Uninstall collection and deployment per application. On the Install collection use a query connected to the specific user group used. On the Uninstall collection include the "All Users and User Groups" and exclude the specific user group used. Do this for all applications used.
When a user is removed from the specific user group in Active Directory, it will be synchronized in ConfigMgr within 10 - 15 minutes and installed or removed automatically. Collection membership is refreshed every 5 minutes by default and removal of the application when the "User Policy Retrieval & Evaluation Cycle" is done. 
My opinion for now: I'm not convinced of the functionality at the moment, but will keep testing if things get better with a different configuration. For it seems App-V 5.0 is actually slower then 4.6 with an App-V full infrastructure also, so more tuning is needed. It must be easier and faster to remove App-V packages in ConfigMgr to become more successful. Stay tuned for more!

Thursday, July 25, 2013

Win Microsoft Surface RT with Veeam

Sponsor post

Every month you can win big prices with Veeam. This month there's another great price to win!

In August, you could be the big winner of Microsoft Surface RT!
Ultra-thin and light, Surface RT is the tablet you'll take with you everywhere.

Enter NOW for your chance to WIN.

The winner will be selected on Aug. 31
Register just once and you’ll automatically be entered in every monthly drawing! No need to register again!

Wednesday, July 24, 2013

Deploy printer drivers during ConfigMgr task sequence

Last week it was needed to install printer drivers on already deployed Windows 7 systems. Because driver packages can be used only during OS deployment (within a task sequence) that was not an option. Lucky me I found another way for doing this, just use the PnPutil command to do this. Let's have a look at the needed steps now!

Create a new software package (instead of a driver package) without a program, and per model. Add all the packages created to a task sequence, using the "Run command line" option. Put in a name, select the needed package (created before), select a account with enough permissions (because drivers cannot be installed with the system account afterwards), and add a command line:
cmd.exe /c PnPutil.exe -i -a  C:\_SMSTaskSequence\Packages\<PackageID>\*.inf

After that all .inf files available in the package will be scanned and needed drivers installed cq. injected in the Windows 7 driver store. In my opinion a very easy solution to install (printer) drivers on already installed systems. Hope it helps!

Source: > Thanks for sharing!

Example for another way of installing printers:
RUNDLL32 PRINTUI.DLL,PrintUIEntry /ia /m "<Printer model>" /f "<INF path>\<INF filename>"

Monday, July 22, 2013

OS deployment in ConfigMgr fails with Error 80220005

Description: You see the following error messages on smsts.log:
Failed to open the Task Sequencing Environment. Code 0x80220005. Please ensure you are running this executable inside a properly configured OS Deployment task sequence.  

-Unknown error (Error: 80220005; Source: Unknown)
-Exiting with return code 0x80220005
-Process completed with exit code 2149711877
-Failed to run the action: Apply Windows Settings.
-Unknown error (Error: 80220005; Source: Unknown)

Solution: Make sure the computername is not too long. If the length is longer than 15 characters, shorten it.

After that OS deployment will be running fine again! :)

Friday, July 19, 2013

Prepare ConfigMgr client for Sysprep or Master Image

When building and deploying a master image with ConfigMgr for VDI usage, it's needed that a ConfigMgr client is installed. I did this multiple times in Citrix and VMware environments. Before the image is used for production usage, it's needed to prepare the ConfigMgr client first. Here are the steps that must be followed to do this.

1) Install the ConfigMgr client on the reference system during task sequence deployment or using local installation;
- CCMsetup.exe SMSSITECODE=<Site code>
2) Stop the SCCM client service;
- Start > Run - CMD.exe
- Type > Net stop "SMS Agent Host"
3) Remove the 2 SMS certificates in the local certificate store;
- Start > Run - MMC.exe
- Select Add/Remove Snap-In
- Select Certificates > Add
- Select Computer account > Next
- Select Local computer > Finish > OK
- Expand Certificates > SMS
- Delete both certificates
4) Delete the %SystemRoot%\SMSCFG.ini file;

Additional steps that can be taken to the Endpoint Protection client:
- For VDI, verify a Full Scan has been run on the Master Host Image, and that persistent cache has been populated;
- You can check the value in HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\SFCState (if it’s 7 then it’s complete, on initial install it will be 0);
- To force the persistent cache to generate, RUN (from an elevated CMD):
- CD C:\Program Files\Microsoft Security Client
- Start > MpCmdRun.exe -buildSFC

Just for information:
- You can export the SCEP policy used and change DisableCatchupFullScan and DisableCatchupQuickScan from 0 to 1. After that the policy can be imported again. Not sure if this is needed all times, but it will surely help;
- The policy name in SCEP will be named "Antimalware policy" by default. All SCEP policies applied can be found in registry: "HKLM\Software\Microsoft\CCM\EPAgent\LastAppliedPolicy";
- During buildSFC a logfile (MpCmdRun.log) can be monitored in: "C:\Users\<username>\AppData\Local\Temp". It's possible that buildSFC must be started multiple times because of a timeout 2400 error. Just start it again till it shows "Service stopped. Exiting Idle TaskEnd";
- The cache file created can be found in: "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager". In my case the file was 1,820 KB in size;
- After buildSFC is finished, the SFCState can be found in registry again: "HKLM\Software\Microsoft\Microsoft Antimalware\Scan". The SFCState key should be changed from 0 to 7 then!

After that shutdown the reference image, create a snapshot (optional) and use it for your environment. This prevents multiple objects (with the same name) in ConfigMgr and duplicate hardware ID's (as we had in 2007 version). Hope it helps!

Source: Premier Field Engineering

Update 22-7-2013: Running the buildSFC command is something different then running a full scan on the master image. With a full scan the SCEP client can still start another full scan after using it in VDI. With the buildSFC command it will stop doing that.

Update 13-5-2014: During or after OS deployment the MpCmdRun.log can be found in: C:\Windows\Temp (because no one is logged in during deployment).

Wednesday, July 17, 2013

Continue TechNet or create an affordable alternative to MSDN subscriptions

Two weeks ago i posted a blog that Microsoft is going to stop the TechNet Subscription service. What I didn't posted yet is that a petition is available. If you think Microsoft has to continue TechNet or create an affordable alternative to MSDN subscriptions, You can sign this petition to let Microsoft know you're not happy with their decision. Are you happy with it?


Reaching 5,000 signatures would be a HUGE for us! There has to be a way we can make it happen. Help to push us over the top. I'd offer to get a mo-hawk except I know we'll reach 5,000 and I'd have to do it!

Update 10-7-2013: I just signed the petition "Create an affordable alternative to MSDN subscriptions comparable to TechNet." on

Update 24-7-2013: If you feel compelled to act, please write Microsoft. Start with Steve Ballmer. His email address should be Outline in your own words reasons for keeping TechNet open and its importance to you. We need your help gathering email addresses. If you find any please share them. (message from Cody Skidmore,

Update 25-7-2013: If you receive a reply from Microsoft please let us know. Email us at

Update 2-8-2013: We have a new email discussion list thanks to Rod Trent and Susan Bradley. I can't express enough gratitude for what they've done. The discussion list opens up communication so everyone can help guide the direction of our effort to save TechNet. You can subscribe to the list or its RSS feed by visiting

Monday, July 15, 2013

Unknown SQL error in ConfigMgr after installing DotNet updates

Today I did onsite support at a customer because of ConfigMgr failure. After the weekend OS deployment wasn't working anymore. In the ConfigMgr console the following errors were seen:

The State System message file processing could not process file '********.SMX' and moved it to the corrupt directory. Review the statesys.log file for further details.
Microsoft SQL Server reported SQL message 50000, severity 16: *** Unknown SQL Error!

*** *** Unknown SQL Error!
CMessageProcessor - Encountered a non-fatal SQL error while processing
CMessageProcessor - Non-fatal error while processing ********.SMX

omGetServerRoleAvailabilityState could not read from the registry on <ConfigMgr server>; error = 6;
---->: Failed to get the Availability State on server <ConfigMgr server> fro role Distribution Point.

For it seems DotNet software updates were installed before the weekend. In total 14 (!) DotNet updates were installed after patch tuesday. After uninstalling KB2835393, KB2804576 and KB2840628 everything was working okay again.

Hope that Microsoft will fix this soon, because this is a mayor issue for customers who are using ConfigMgr!

Source: Edugeek > Thanks for sharing!

Update 16-7-2013: Looking on Microsoft support it seems that the issue is available only with KB2840628. No need to uninstall the other DotNet updates mentioned before. Microsoft is working on a update for the issue, so stay tuned for more later!

Update 19-7-2013: Microsoft has confirmed a few different issues with the latest .NET Framework 4 security update, KB 2840628, when applied to SQL Server 2012 (all versions) servers in a Configuration Manager environment. Microsoft is working on a revised update and will keep you posted. In the meantime, you can find temporary solutions for these issues in this blog post: Issues Reported with MS13-052 (KB2840628) and Configuration Manager

Wednesday, July 10, 2013

Client Push Installation fails in ConfigMgr 2012

Today I activated Client Push Installation in ConfigMgr 2012 in a existing environment. When looking in CMM.log there was no installation activity seen at all. Looking in the environment I found the following:

Looking at Client Push Installation settings, all was okay. The Client Push Installation account was configured (with Admin permissions), and Installation properties were set.

Ports needed for Client Push Installation were not set in the local Firewall settings published by Group Policy.

By default the following is needed:
-File and Printer Sharing
-Windows Management Instrumentation (WMI)

For Client Push Installation the following is needed also:
-RPC endpoint mapper – TCP 135
-RPC endpoint mapper – UDP 135
-Server Message Block (SMB) – TCP 445

"Use this boundary group for site assignment" was not set on the boundary group. This must be activated to make usage of Client Push Installation.

After making this changes everything went fine again! Looking in CCM.log installation activity was seen for all systems.

Tuesday, July 9, 2013

Premise vs. Premises in ConfigMgr 2012

Last month during the "Windows Management User Group (WMUG) NL day with Wally Mead", one minor detail was seen in the demo's. I guess nobody was seeing it (?), but I did because a colleague of my (Rob Beekmans, @robbeekmans) was mentioning it to me earlier. Here it comes! :-)

In ConfigMgr 2012 SP1 a Distribution Point type is called On-premise. This is wrong because the proper term is On-premises as in - on your premises (see below).

In ConfigMgr 2012 R2 they corrected this, because a Distribution Point type is now called On-premises. Good job Microsoft!

Premise: a proposition supporting or helping to support a conclusion.
Premises: a tract of land including its buildings.

As I was saying before: one minor detail fixed!

Monday, July 8, 2013

Version Build numbers from ConfigMgr 2012 and Current Branch

Last month (July 2013) I was at Windows Management User Group (WMUG) NL day with Wally Mead. Wally Mead has been with Microsoft for more than 21 years, and working with Systems Management Server since SMS 1.0 was in development. One of his question was about the Version Build number of ConfigMgr 2012 SP1, but nobody in the room knew the correct answer. Therefore this blogpost, so when Wally ask again we all know it! :)

- ConfigMgr 2012 RTM - 5.00.7711.0000
- ConfigMgr 2012 CU1 - 5.00.7711.0200
- ConfigMgr 2012 CU2 - 5.00.7711.0301
- ConfigMgr 2012 SP1 - 5.00.7804.1000
- ConfigMgr 2012 SP1 CU1 - 5.00.7804.1202
- ConfigMgr 2012 SP1 CU2 - 5.00.7804.1300

- ConfigMgr 2012 SP1 CU3 - 5.00.7804.1400
- ConfigMgr 2012 SP1 CU4 - 5.00.7804.1500
- ConfigMgr 2012 SP1 CU5 - 5.00.7804.1600
- ConfigMgr 2012 R2 - 5.00.7958.1000

- ConfigMgr 2012 R2 KB2905002 - 5.00.7958.1100
- ConfigMgr 2012 R2 CU1 - 5.00.7958.1203
- ConfigMgr 2012 R2 CU2 - 5.00.7958.1303
- ConfigMgr 2012 R2 CU3 - 5.00.7958.1401 
- ConfigMgr 2012 R2 CU4 - 5.00.7958.1501
- ConfigMgr 2012 R2 CU5 - 5.00.7958.1604
- ConfigMgr 2012 R2 SP1 - 5.00.8239.1000
- ConfigMgr 2012 R2 SP1 CU1 - 5.00.8239.1203
- ConfigMgr 2012 R2 SP1 CU2 - 5.00.8239.1301
- ConfigMgr 2012 R2 SP1 CU3 - 5.0.8239.1403

- ConfigMgr Current Branch 1511 - 5.0.8325.1000
- ConfigMgr Current Branch 1602 - 5.0.8355.1000

Source: Wikipedia

Updates on this blogpost:
Update 11-4-2014: Update on ConfigMgr 2012 R2 CU1
Update 2-7-2014: Update on ConfigMgr 2012 R2 CU2
Update 22-9-2014: Update on ConfigMgr 2012 R2 CU3
Update 23-4-2015: Update on ConfigMgr 2012 R2 CU4
Update 6-5-2015: Update on ConfigMgr 2012 R2 CU5
Update 15-5-2015: Update on ConfigMgr 2012 R2 SP1
Update 1-9-2015: Update on ConfigMgr 2012 R2 SP1 CU1
Update 10-11-2015: Update on ConfigMgr 2012 R2 SP1 CU2
Update 14-3-2016: Update on ConfigMgr 2012 R2 SP1 CU3 and Current Branch

Thursday, July 4, 2013

Upgrade ConfigMgr 2012 SP1 to 2012 R2 Preview

Last week ConfigMgr 2012 R2 Preview became available for download. More about that can be found in the following blogposts: "Updates and New Features in ConfigMgr 2012 R2" and "TechEd 2013 Europe announcements".

Now it's time to update labs with the new bits, Windows Server 2012 R2 Preview and System Center ConfigMgr 2012 R2 Preview. My existing lab is running on Windows Server 2012, SQL Server 2012 SP1 and ConfigMgr 2012 SP1. This installation is described in the following blogpost: "Install ConfigMgr 2012 SP1 on Server 2012 and SQL 2012 SP1". Let's update my lab!

I did an update of Windows Server 2012 first. Within 5 minutes (on SSD) Windows Server 2012 is upgradet to Windows Server 2012 R2 Preview. Nothing special on that one.

After that it's needed to remove Windows Assessment and Deployment Kit (ADK) 8.0 and install ADK for Windows 8.1 Preview. Just select Deployment tools, Windows PE and USMT again.

Last start the System Center ConfigMgr upgrade after that. As described in "Updates and New Features in ConfigMgr 2012 R2". Upgrade to R2 is possible only from ConfigMgr SP1 with Windows ADK 8.1 which can be found HERE.

Just follow these steps for the upgrade:
- Start Splash.hta and choose Install
- Before you begin > Next
- Getting started > Upgrade this ConfigMgr site
- Product key > Install the evaluation edition of this product
- License terms > Accept these license terms
- Prerequisite licenses > Accept these license terms (3x)
- Prerequisite downloads > Download required files (23 items)
- Server language selection > English
- Client language selection > English
- Settings summary > Setup type: Upgrade
- Prerequisite check > In my case 2 items about built-in collections and SQL memory allocation
- Begin install > Elapsed time: 21 minutes
- Upgrade: Core setup has completed!

Very nice to have System Center ConfigMgr 2012 R2 installed now! Expect more blogposts to come about R2 later this month.

Wednesday, July 3, 2013

MCSE Desktop Infrastructure certification

Today I passed the Windows Server 2012 exam 70-417. This is an upgrade exam that is a composite of three standalone exams: 70-410, 70-411, and 70-412. Because I did a lot of exams last months, I place a complete overview in this blogpost. Here we go!
- 70-687 Configuring Windows 8 (70-689 wasn't available yet)
- 70-415 Implementing a Desktop Infrastructure

- 70-416 Implementing Desktop Application Environments
- 70-688 Managing and Maintaining Windows 8
- 70-417 Upgrading Your Skills to MCSA Windows Server 2012

With above exams I'm MCSA Windows 8, MCSA Windows Server 2012 and MCSE Desktop Infrastructure certified now! 

The MCSE Desktop Infrastructure certification validates your skills in desktop virtualization, remote desktop services and application virtualization. Show that you can deploy and manage desktops and devices that provide access from anywhere, while maintaining security and compliance.
More about new Microsoft exams can be found here: Overview of new Microsoft 2012 exams. Hope it helps!

Tuesday, July 2, 2013

Microsoft is going to stop the TechNet Subscription service

Yesterday I received the following message from Microsoft.

By developing trends in IT and changes in the dynamics of companies Microsoft has let it be to offer IT professionals Microsoft technologies and services to get to know, evaluate and implement evolve. In recent years, a shift from paid to free evaluations and information. Therefore, Microsoft has decided to stop the TechNet Subscriptions service and sale on August 31, 2013 to terminate.

Subscribers with active accounts continue to have access to the benefits of their program until the end of their current subscription period.

We are committed to customers in this transition phase to help and we continue to focus our attention on providing free access to IT professionals in a wide collection TechNet materials that IT professionals around the world need.

Better free offer for IT professionals including:
  • TechNet Evaluation Center: Free evaluation software without disabilities, available for 30-180 days. With valuable evaluation resources and TechNet Virtual Labs, which you can evaluate without having to install locally. Anything software
  • Microsoft Virtual Academy: Free site for online learning, with over 200 expert-led technical courses over 15 Microsoft technologies. Every week new courses at.
  • TechNet Forums: Free online technical forums where IT professionals can ask questions and receive answers from members of the community quickly.

Note: MSDN Subscriptions provide a pay range that is available to anyone who needs access to evaluation software that goes beyond what the above free materials to offer.
We thank you for your understanding now we more focus on expanding our free offer and invest more in order to respond better to the needs of the community of IT professionals.

- The TechNet Subscription team

Additional Information:
More background information about Microsoft's decision to stop the TechNet Subscription service and the implications for existing subscribers can be found on the FAQ page on cessation of the TechNet Subscription service.

Note for Microsoft Certified Trainers (MCT)

My MCT agreement expires on March 31, 2014. Will I continue to have access to TechNet benefits though that date?
Subscribers with active accounts may continue to access their program benefits until their current subscription period concludes. For MCTs, this date is March 31, 2014.

Personal note: It's very pity that the TechNet Subscription stops. With the software it was ideal to test products and set up lab environments. Hope there will be an aternative offering in the future!

Monday, July 1, 2013

OS Deployment - Failed to get client identity 80004005

Today we had the following error message on a Virtual Machine (VM) starting ConfigMgr Boot Media: Failed to get client identity 80004005. First I was thinking about Boundaries, because the VM was in a different subnet. After adding the needed IP-address ranges, the error message was still te same. Looking on MS TechNet the following thread was found.

The following solution is mentioned there: The problem was in the client computer, that has wrong Time and Date in BIOS. Simply adjust date and time to actual time, and the deployment works perfectly.

And indeed, on the VM the Time and Date in BIOS was not correct. After changing it to the right Time and Date everything went fine again. Hope it helps!

Windows Update error 80070643 during installation

Last week I did a Task Sequence deployment on Windows 7 Enterprise with many (Microsoft) applications. During deployment the Task Sequence was failed because of Windows Update error 80070643. The specific step was during Internet Explorer 9.0 Language Pack installation found on Download Center.

Microsoft has the following to mention about this issue:
Windows Update error 80070643 can happen for several reasons. The most common cause is a problem with the .NET Framework installed on the computer. You might also encounter this error when installing updates for Microsoft Office 2003.

Lucky me the solution was found after a few local tries. The Internet Explorer 9.0 Language Pack can only be installed when the Windows 7 Language Pack is installed already. This is described HERE and needs to be installed locally. So lessons learned: Just install the Windows 7 Language Pack before the Internet Explorer 9.0 Language Pack.