Wednesday, April 30, 2014

Veeam adds NetApp Snapshot Support!

Sponsor post

Veeam is glad to announce their first new feature in the upcoming Veeam Backup & Replication v8 release - NetApp Snapshot Support! With this release their will be better NetApp integration.

Integration of NetApp and Veeam allows you to achieve:
-Fast backups: back up VMware VMs from NetApp storage snapshots up to 20 times faster
-Quick recovery: easily recover individual items from NetApp Snapshot, SnapMirror and SnapVault
-Improved protection: improve DR protection by creating instant, secondary backups from NetApp snapshots

You can learn more here 
or read Luca Dell'Oca’s post
Their is also a webinar on April 17th

NetApp integration will be included in Veeam Backup & Replication v8, which will be generally available in the second half of 2014.

Monday, April 28, 2014

How to upgrade Windows Phone 8.0 to Windows Phone 8.1 Preview

Since April 14 it's possible to upgrade Windows Phone 8.0 to Windows Phone Preview. In my case I want to do this on a Samsung ATIV S, which I'm using for over a year now. Windows Phone 8.0 is still working great, but I like to see new features in Windows Phone Preview also. Let's have a look.

Prerequisites are download the app (Preview for Developers) and register as a developer to use a "developer unlocked" phone. This can be done with payment (publish apps in the MS Store) of free usage (create apps to use on your own phone). In my case I'm using the free register. Just create a Empty App and you will be fine.

Register as a Windows Phone Developer – $19 USD, and publish apps in the Store
Register as a developer with App Studio – Free, and create apps to run on your own Windows Phones
Download the developer tools to register and "developer unlock" your phone

If you meet the prerequisites above, download the Windows Phone Preview for Developers app.

During the Windows Phone Preview installation the device will be installing 3 updates, with a reboot after every update. There will be multiple versions used after each update. In my case they were as follows:
-Microsoft Update 8.0.10521.155 (small update)
-Microsoft Update 8.0.10532.166 (big update)
-Microsoft Update 8.10.12359.845 (big update)

After almost 2 hours waiting all updates were installed. None off my files, apps or settings were lost. I'm happy with the new OS and functionality. Why wait? Just install the new killer OS :)

Experiences so far:
-Battery drain solved by soft reboot. Still using more battery then before, but way better then before the reboot. Reviews mentions that it will take a few days before battery behaves as normal.
-New features: Live Tiles, Agenda, Action Center, Battery Saver, Data Sense, Background on start screen, More apps on start screen, Big photo on screen when calling, are all great. No Cortana can be used because I'm living outsite of United States (pity).
-Strange thing is however I cannot share blogposts to Twitter and Facebook anymore? Miss that one most! Also camera is taken photos with Flash while disabled in photo settings!? Oops! When using Bing Music or Vision the device reboots. Who cares?
-Overall experience is great. Still love the device and Windows Phone. Next time it will be Nokia instead of Samsung, that's all :)

Update (1):
Battery behaves as normal after a few days. I can do 24-30 hours on a full battery load again. Another great thing is Notifications + Actions in Settings. You can decide notification banners, notification sound and vibrate per app now! No annoying vibrations on WhatsApp anymore when having 100 incoming messages a day, just turn it off for a single app. Furthermore I love the new start screen with way more Live Tiles them before. When using swiping for keyboard you can create messages way faster then typing it. Do I need to tell more? Just install the update! :) For questions use comments.

Friday, April 25, 2014

Enable TPM for BitLocker usage during OS deployment on endpoints

Last week I wrote a blogpost about "How to Enable BitLocker, Automatically save Keys to Active Directory". As mentioned in that blogpost the Trusted Platform Module (TPM) chip must be enabled and activated in BIOS. This is disabled by default, so no BitLocker by default when using functionality within ConfigMgr. This is a pre-requisite BEFORE running the deployment task sequence. But you can enable TPM during deployment also! Let's have a look.
Step 1. Download the CCTK from Dell HERE.
Once you've download it, install the MSI. Both CCTK and HAPI are used for doing the job.
Step 2. Create a CCTK package for x86 and/or x64 usage.
Just copy %ProgramFiles%\Dell\CCTK\* to a location that will be used for ConfigMgr, and create a new package.
Step 3. Edit your task sequence with the following changes:
Group: Enable TPM on Dell systems
Group: Prepare CCTK and HAPI
Run Command Line: xcopy CCTK
     xcopy.exe ".\*.*" "x:\CCTK\X86\" /E /C /I /Q /H /R /Y /S
Run Command Line: Enable HAPI
     x:\CCTK\X86\HAPI\hapint -i -k C-C-T-K -p X:\CCTK\X86\HAPI\
Run Command Line: Set BIOS password
     x:\CCTK\x86\CCTK.exe --setuppwd=password
Run Command Line: Enable TPM
     x:\CCTK\x86\CCTK.exe --tpm=on --valsetuppwd=password
Restart Computer
Group: Prepare CCTK and HAPI
Run Command Line: xcopy CCTK
     xcopy.exe ".\*.*" "x:\CCTK\X86\" /E /C /I /Q /H /R /Y /S
Run Command Line: Enable HAPI
     x:\CCTK\X86\HAPI\hapint -i -k C-C-T-K -p X:\CCTK\X86\HAPI\
Run Command Line: Activate TPM
     x:\CCTK\x86\CCTK.exe --tpmactivation=activate --valsetuppwd=password
Restart Computer

This must be placed between the "Partition Disk 0" and "Pre-provision BitLocker" step in the task sequence.

When using HP systems this can be done too. The BIOSConfigUtility.exe and TPMEnable.REPSET are used then. More information about that can be found HERE. The code on Dell systems are working great, on HP systems I didn't use it before.

No need to Set BIOS password, Enable TPM and Activate TPM manually anymore. Just use a single Task sequence for BIOS configuration and BitLocker at once. The ConfigMgr task sequence will take care of BitLocker furthermore. Just great!


Wednesday, April 23, 2014

Update Rollup 2 for System Center 2012 R2 released

Today Update Rollup 2 for System Center 2012 R2 is released. It contains 7 hotfixes for multiple System Center 2012 R2 components, except ConfigMgr. Cumulative Update 1 for ConfigMgr can be found HERE. You can choose between Microsoft Update installation or manually download the update packages.
To download the update packages from Microsoft Update Catalog, go to one of the following download websites, as appropriate:
-Data Protection Manager (KB2958100)
-Operations Manager (KB2929891)
-Orchestrator (KB2904689)
-Service Manager (KB2904710)
-Service Provider Foundation (KB2932939)
-Virtual Machine Manager (VMM Console: KB2932942)
-Virtual Machine Manager (VMM Server: KB2932926)

To install the update packages, run the following command from an elevated command prompt:
msiexec.exe /update <packagename>

For more information or download the update have a look here:
Microsoft Support

Tuesday, April 22, 2014

Hash could not be matched for the downloaded content during OS deployment

Today I had a strange issue when deploying a Windows 7 Capture image to a fat client. With every deployment there was a hash mismatch during the "Apply Operating System" step. In a normal situation this can be resolved easily by updating the distribution point. In my case however this was not the solution. Removing the OS image from ConfigMgr and add it again (so a new Package ID is created) was not the solution also.

Still a hash mismatch, with the following errors:
-Failed to hash file, Win32 error = 23
-Hash could not be matched for the downloaded content. Original ContentHash = <hash>, Downloaded ContentHash = <empty>
-The hash value is not correct 0x80091007

The solution for this is as follows:
Select "Apply Operating System" in the Task Sequence Editor and open the Options tab. Check "Access content directly from the distribution point".

Right-click the reference image package in Operating System Images and open the Properties dialog. Configure the Package share settings on the Data Access tab. Check "Copy the content in this package to a package share on distribution points".

After that OS deployment was running fine again. No hash mismatch anymore! Still strange that updating the distribution point was not helping me this time.

Thursday, April 17, 2014

How to Enable BitLocker, Automatically save Keys to Active Directory

When using BitLocker (used for encryption of data on disks) on endpoints the Trusted Platform Module (TPM) chip must be enabled and activated in BIOS. This is disabled by default, so no BitLocker by default when using functionality within ConfigMgr. This is a prerequisite BEFORE running the deployment task sequence. When using BitLocker within ConfigMgr you must select "Configure task sequence for use with BitLocker" during the task sequence wizard. That way the "Pre-provision BitLocker" is added after the "Format and Partition Disk" step. In the end of the task sequence "Enable BitLocker" is added, which saves the BitLocker recovery key in Active Directory Domain Services (ADDS). By default however the recovery key cannot be found in Active Directory. In this blogpost I show you which configuration is needed to find the recovery key.
Logon on your Domain Controller first and look at the Operating System version installed. If you will use a domain controller running Windows Server 2003 with SP1 or SP2, you will need to apply the schema extension to store BitLocker and TPM passwords in Active Directory. This file can be downloaded from the BitLocker and TPM Schema Extension page. If you are running Windows Server 2008 (R2) or 2012 (R2) there's no need to do the schema update. These operating systems already include the necessary schema extensions. Another thing to do is to delegate write permissions on the msTPM-OwnerInformation object to the “SELF” account. Tom Acker has a great article on how to do this on the TechNet blog.  Essentially what you need to do is open the AD Users and Computers MMC, right click the OU where your computers are (or the domain root) and Delegate rights to the SELF account using a “custom task” to only the Computer objects.  You grant General, Property-specific and Create/deletion to the “Write msTPM-OwnerInformation” attribute.

To see the information that is being stored in AD, you need to install the BitLocker Recovery Password Viewer which is a component of Remote Server Administration Tools (RSAT). On your 2008 R2 Domain Controller(s) you simply start the “Add a feature” wizard and navigate to the RSAT/Feature Administration Tools and select the BitLocker Drive Encryption Administration Utilities. For older Operation System version it can be downloaded at Microsoft Download Center too. Once the Viewer has been added (or installed), you can now open the Active Directory Users and Computers MMC and open the Properties page of any computer account to see the BitLocker recovery tab. There you will see all of the Recovery ID’s and Passwords that have been generated for all drives encrypted by that computer. In my case the BitLocker recovery key was available after this simple steps. already When you don't use ConfigMgr for BitLocker activation you can use Group Policy to do the job also. Just have a look at Microsoft TechNet for more information on that. Hope it is useful information!

Source: Enable BitLocker, Automatically save Keys to Active Directory

Wednesday, April 16, 2014

Software Updates not deploying at endpoints

Note to myself: when software updates are downloaded in CCMCache, but not installed afterwards, have a look at this (short) blogpost.

When the message "No current service window available to run updates assignment with time required = 1" is displayed in Updatesdeployment.log and/or "Past due - will be installed" within Software Center, just look no further. This is definitely a conflict between the software update deadline and a maintenance window configured on the collection. After changing the behavior of software updates or the service window, all will be fine after all.

Another day, another challenge!

Source: System Center Central

Update: In the end it was a boundary issue after all. No service window was found on collections, but it can be the issue also.

Tuesday, April 15, 2014

Extreme battery drain on iPad after iOS 7.1 installation

A few weeks ago I installed iOS 7.1 on my iPad 3 device. When using the iPad before, I could easily using it for over 10 hours on one battery load. After the update this was reverted to 3 a 4 hours max. This is called extreme battery drain! After upgrading my iPad to iOS 7.1, while in standby mode with cover closed, will drain from 100% to shutdown in under 4 hours! I did multiple actions to bring battery life back to default, but nothing seems to help. My actions were:

1) Soft restart the iPad, Using the Power button only
2) Double click the Home button and close all running apps
3) Change settings to disable "Background App Refresh" on all apps
4) Hard reset the iPad, using both Home and Power button
5) Bring back the iPad to factory default settings (using iTunes)

In my case option 5 (Bring back the iPad to factory default settings) was the only one which did the job. When using iTunes for that a full back-up must be created first (using This computer & Encrypt local backup). I did a sync off all apps also! Just install iOS 7.1 again (using Restore Files) and do a full restore after that (using Restore Backup). After that iOS 7.1 will be running fine again. Hope it helps!

Friday, April 11, 2014

Install Cumulative Update 1 for ConfigMgr 2012 R2

Today I had finally time to install Cumulative Update 1 (CU1) for ConfigMgr 2012 R2. KB2938441 (CU1) solves a lot of issues in ConfigMgr and is therefore highly recommended. More about CU1 another blogpost. No need to install KB2905002 anymore after installation. This because it's integrated in CU1 now.

Let's have a look at the installation:
First screen when running setup

When successful you can continue

5.0.7958.1203 is the new version

New update packages in the console

After setup you have the benefit of all updates and hotfixes. Don't forget to update other ConfigMgr servers, consoles and clients as well. You can find packages for that in the console after the update.

Thursday, April 10, 2014

Intel Management Engine drivers crashes during Windows 7 setup

When deploying Intel Management Engine Drivers on Windows 7 systems, it's possible that the following error message is displayed during setup: "Windows could not configure one or more system components. To install Windows, restart the computer and the restart the installation". After reboot another error message is displayed most of time: "The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows click OK to restart the computer, and then restart the installation". After that you can deploy Windows 7 all over again.

Nice to see both English and Dutch here

To solve the crash during Windows 7 setup an hotfix must be installed. This is Kernel-Mode Driver Framework (KMDF) version 1.11. You can find that one here: Download Center. This hotfix must be installed before Windows 7 setup takes place. You have the following possibilities here:
-Exclude the Intel Management Engine drivers and install them during Windows deployment instead of during Windows PE.
-Install the KMDF 1.11 update to the WIM image using DISM. That way it's already in place during deployment.
-Install the KMDF 1.11 update during OS deployment after applying Windows 7, but before the "Setup Windows and ConfigMgr step".

I would suggest applying the KMDF 1.11 update during the task sequence. To do this just create a new package containing the hotfix, then run a command to apply the hotfix using DISM. You can find more information on that here: OSD – Injecting the Windows 7 Kernel Mode Driver Framework (KMDF)

In my case it was working first time during Windows 7 setup. Just great!

Monday, April 7, 2014

How to setup a MS Office 2013 KMS Host on Windows Server 2012

Last month I did a blogpost about "Usage of Microsoft Office 2013 KMS Host License Pack". This one is needed to activate Microsoft Office 2013 through KMS. When using the License Pack things can still go wrong. Let's have a look how to setup Microsoft Office 2013 KMS Host on Windows Server 2012 first.

The KMS activation process for MS Office 2013 is the same as what it was for MS Office 2010. However, the interface to setup the KMS host for MS Office 2013 on a Windows Server 2012 has been updated to use the Volume Activation Tools.

1: Download the Microsoft Office 2013 Volume License Pack from the Microsoft Download Center (MSDL) site;
2: Double-click the downloaded EXE to run it;
3: Once the EXE finishes running, the Volume Activation Tools wizard will appear;
4: On the next screen, choose Key Management Service (KMS) and browse to, or specify the name of, the system running Key Management Service. Typically, this would be the system you are running the Volume Activation Tools on;
5. Next, enter the KMS host (CSVLK) key;
6. Choose activation method, online or phone;
7. Activation Succeeded (or not);

When the activation fails because of STATUS_SUCCESS error, change the KMS listening port from 0 to 1688. Then it will be fine after all!

Configuration succeeded! Yeah!!

To trigger activation manually on the KMS client, run ospp.vbs /act at the command prompt. cscript "%installdir%\Program Files\Microsoft Office\Office15\ospp.vbs" /act

Source (partly): How to setup Microsoft Office 2013 KMS Host on Windows Server 2012

Friday, April 4, 2014

Chassis Types and query-based Collections (part 2)

Last month I published a blogpost about WMI queries on PCSystemType. This blogpost can be found here: How to add devices to different OU’s during deployment. This can be used during a task sequence deployment to decide if the system is a desktop or laptop (for example). This time I want to create collections on PCSystemType. Because this can't be found in a collection query (no PCSystemType there) you can use the following configuration.
A good way to target systems in queries and collections is by Chassis Type. When using a query rule on collections, use these values:
Choose System Enclosure - Chassis Types in the query
Choose a value based on the Chassis Type (see list below)
Let's have a look at the possibilities: 
  • 1 Other (Virtual Machine)
  • 2 Unknown
  • 3 Desktop (Virtual machines as well)
  • 4 Low Profile Desktop
  • 5 Pizza Box
  • 6 Mini Tower
  • 7 Tower
  • 8 Portable (Laptop or Notebook)
  • 9 Laptop (Not as popular)
  • 10 Notebook (Popular)
  • 11 Hand Held
  • 12 Docking Station (Laptop or Notebook)
  • 13 All in One (Apple Inc.)
  • 14 Sub Notebook
  • 15 Space-Saving (Thin Client)
  • 16 Lunch Box
  • 17 Main System Chassis (Physical Server)
  • 18 Expansion Chassis
  • 19 Sub Chassis
  • 20 Bus Expansion Chassis
  • 21 Peripheral Chassis (Laptop or Notebook)
  • 22 Storage Chassis
  • 23 Rack Mount Chassis (Physical Server)
  • 24 Sealed-Case PC
To see which device you are using, use the following query: wmic systemenclosure get chassistypes. Because I have the choice between 1, 3, 10 and 15 (for example) this should be Other, Desktop, Notebook and Space-Saving (Thin Client).

Let's use query-based Collections in ConfigMgr as much as possible!

More blogposts on this topic:
How to add devices to different OU’s during deployment

Wednesday, April 2, 2014

Windows Server 2012 R2 and Windows (RT) 8.1 update available now!

Today on Microsoft Build Developer Conference keynote multiple great announcements are done. This for both Windows Server 2012 R2, Windows (RT) 8.1, Windows Embedded 8.1 and Windows Phone 8. Also new Nokia devices (630 and 635) are announced for next month. Great to see that the start menu will return in Windows 8 (with app support), Windows Phone will have voice control (Cortana) and Windows on 9" or smaller Phone and Tablet screens will be free from now on! Can it even better? Way to go Microsoft!
The start menu will return in a later update

This is a smart move from Microsoft to let Windows Phone grow, instead of Android and iOS which still rules the market. There's also extended Mobile Device Management (MDM) coming with Enterprise Mobility Suite. Windows Azure and Intune will be even more important that way. Also great that Windows Server 2012 R2 and Windows (RT) 8.1 update is available for MSDN subscriptions now! The update will be generally available in 6 days on April 8th for everyone else on Windows Update. Let's have a look at MSDN right away ;)
Choose between update or whole package

There you go! It's possible to download the update only (360MB for x86 and 770MB for x64) or just download the whole package, which is OS and update in one. Within the update package 6 MSU files can be found and a readme.txt. In the txt file you can find the recommended installation order for the MSU files. No unified installer this time.

Let's install Windows 8.1 update right away ;)

Day 1 Keynote <- A must see!
Windows Phone Blog <- Windows Phone 8.1
Windows Experience Blog <- Windows 8.1 Update