Monday, November 11, 2013

PXE boot issues with Optiplex GX620 and Microsoft System Center 2012

We recently had some issues where we'd PXE boot an Optiplex GX620 and after booting into WinPE the computer would fail and reboot itself. It turns out even though the computer detects as x64 architecture, it's actually using the x86 boot image in SCCM.

We were missing the NIC driver for that model in that boot image. Apparently Dell dropped it from it's WinPE cabs at some point and we didn't notice it until we cleared the drivers from our boot images and reloaded them (thus losing the original driver support in the boot image).

After checking the motherboard I noticed the chipset was BCM5751. The correct driver on the Broadcom website is the NetXtreme Desktop/Mobile and the Windows 7 driver worked just fine. The drivers that Dell had listed for this model didn't work! After adding the drivers, verify that the boot image has the driver listed by going into Properties and checking the driver tab. Then verify that your DP updated by checking the last update date/time. If not, update it manually and verify. Once that's done you shouldn't have any issues PXE booting your Optiplex GX620's and WinPE should connect to the server just fine.

Wednesday, May 29, 2013

Silently install Firefox 21 and preconfigure it for deployment with SCCM

Silently install Firefox 21 and preconfigure it for deployment with SCCM

This was a pain to figure out. Most of it was done here, thanks Adrian Gordon.

I've added two modifications.

1. The method he uses to disable the bookmark importer doesn't work as the override.ini file has moved. I've modified the install script to reflect this.
2. I want the internal pdf viewer disabled as we prefer to use acrobat reader or pro. This required a modification to the mozilla.cfg file in our package.

Here's the final results.

Create a folder to contain all your files.

Download the Firefox 21 .exe file and place it in the folder.

Create an install.cmd file and these are the contents;
@echo off
REM==========================================
REM Install FireFox 21.0
REM==========================================
REM Date   : 16 April 2013
REM Author : mockbox.net
REM .
REM Script Details:
REM --------------
REM  This script will:
REM       + silently install or upgrade Firefox 20.0.1 WITHOUT Firefox being the default browser
REM       + Disables the 'Automatically check for updates' option
REM       + Disables the 'Always check to see if Firefox is the default browser on startup' option
REM       + Deletes desktop icon
REM       + Works for Windows XP / 7 32-bit and 64-bit
REM .
REM===========================================
echo Installing Firefox - Please Wait.
echo Window will close after install is complete

REM Install Firefox 21.0
"%~dp0Firefox Setup 21.0.exe" -ms

REM Install 32-bit customisations
if exist "%programfiles%\Mozilla Firefox\" copy /Y "%~dp0override.ini" "%programfiles%\Mozilla Firefox\browser"
if exist "%programfiles%\Mozilla Firefox\" copy /Y "%~dp0mozilla.cfg" "%programfiles%\Mozilla Firefox\"
if exist "%programfiles%\Mozilla Firefox\" copy /Y "%~dp0local-settings.js" "%programfiles%\Mozilla Firefox\defaults\pref"


REM Install 64-bit customisations
if exist "%ProgramFiles(x86)%\Mozilla Firefox\" copy /Y "%~dp0override.ini" "%ProgramFiles(x86)%\Mozilla Firefox\browser"
if exist "%ProgramFiles(x86)%\Mozilla Firefox\" copy /Y "%~dp0mozilla.cfg" "%ProgramFiles(x86)%\Mozilla Firefox\"
if exist "%ProgramFiles(x86)%\Mozilla Firefox\" copy /Y "%~dp0local-settings.js" "%ProgramFiles(x86)%\Mozilla Firefox\defaults\pref"


REM Removes Firefox Desktop Icon - Windows XP
if exist "%allusersprofile%\Desktop\Mozilla Firefox.lnk" del "%allusersprofile%\Desktop\Mozilla Firefox.lnk" /S

REM Removes Firefox Desktop Icon - Windows 7
if exist "%public%\Desktop\Mozilla Firefox.lnk" del "%public%\Desktop\Mozilla Firefox.lnk"

REM Return exit code to SCCM
exit /B %EXIT_CODE%

Create a local-settings.js file and these are the contents;
pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");


Create a mozilla.cfg file and these are the contents;
//Firefox Default Settings

// set Firefox Default homepage
pref("browser.startup.homepage","http://uwfox.uwc.edu");

// disable default browser check
pref("browser.shell.checkDefaultBrowser", false);
pref("browser.startup.homepage_override.mstone", "ignore");

// disable application updates
pref("app.update.enabled", false)

// disables the 'know your rights' button from displaying on first run
pref("browser.rights.3.shown", true);

// disables the request to send performance data from displaying
pref("toolkit.telemetry.prompted", 2);
pref("toolkit.telemetry.rejected", true);

// disables built in pdf viewer
pref("pdfjs.disabled", true);

Create an override.ini file and these are the contents;
[XRE]
EnableProfileMigrator=False

Once all these files are in your folder, make it into a SCCM package and your program should run install.cmd.

Friday, April 26, 2013

Manual install of DPM agent on Server 2012 core

My 2012 server core wasn't allowing a push install of the DPM agent from the DPM 2012 server. I received errors about not being able to connect, etc. It turns out the windows firewall was blocking the installation. Simple enough, you can disable the firewall and try again, or you can use the below manual method of installation, thus keeping your firewall enabled.


Find the agent installation files on your source 2012 DPM server. I found them here;
c:\Program Files\Microsoft System Center 2012\DPM\DPM\agents\RA\4.1.3408.0\amd64\1033

Copy the files to your target server. I chose to create a new folder, c:\temp

Connect remotely to the target server, open the cmd prompt and cd into the folder with your copied files.

run the DPMAgentInstaller_KB2822782_AMD64.exe or whatever your particular .exe is named.

This will install the agent, however it'll still be disconnected from the DPM server and the firewall isn't configured yet to allow communication between the two.

On the target server, cd to the following directory;
c:\Program Files\Microsoft Data Protection Manager\DPM\bin

run the following command;

SetDpmServer.exe -dpmservername YourDPMservername and press enter

If you typed the correct server name and the target server can access the DPM server on your network, it will succeed and will also configure your firewall to allow communications between the DPM server and target server.

Once that's done, go back to your DPM server, and click "Install", instead of installing an agent, choose, "Attach agents" and specify the target server. It should succeed in attaching the target server and you should be good to go.

Enjoy!

Tuesday, April 16, 2013

SCCM client computer listed as "no results" for "client check result" in the system center 2012 console client monitor

Problem: SCCM client computer listed as "no results" for "client check result" in the system center 2012 console client monitor. You'll notice on the problem computer that it's missing the ccmeval.log and you'll see errors in the ccmevaltask.log file.


The ccmeval.exe is run from a scheduled task that is created upon installation of the agent. This task is run daily to allow the computer to check-in with the sccm server. More than likely this error condition occurs when a client agent was upgraded, but for some reason the scheduled task wasn’t recreated. On the problem computer you'll see listed under the task results "not registered" or other failure codes.

Solution: On the problem client go to Start / Run and type "control schedtasks" to open the scheduled tasks control panel. Open Microsoft, then Configuration Manager and delete all listed entries. Initiate the “install client” with the “always install” option checked in the sccm 2012 console. The scheduled tasks should be recreated when the agent installs and the computer will start checking in appropriately to the sccm server.Check the local computers ccmeval.log file for more details.

Tuesday, March 26, 2013

Failed updating definitions for Microsoft System Center 2012 Endpoint Protection

I had this issue on my local computer, after System Center 2012 Endpoint Protection was installed. It appeared to be updating properly, but when manually pressing the update button, it would error out!

The solution:

  1. Click Start, click All Programs, click Accessories, and then right-click Command Prompt, and then select Run as administrator.
  2. In the Command Prompt window, type the following commands and press Enter after each command:
    Cd\
    Cd program files\microsoft security client
    Mpcmdrun –removedefinitions –all
    Exit
  3. Open Endpoint Protection, click the Update tab, and then click Update.

Friday, March 8, 2013

How to manually start a Deduplication job in Server 2012

Recently I've been converting to Server 2012 and thought, their must be a way to start the deduplication process immediately!

Here's how to do it;

Open Powershell as an Administrator.
Type Get-DedupVolume (to view your dedupe volumes)
Type Start-DedupJob –Full –Path D: -Type Optimization (where D: is your dedupe drive)
Type Get-DedupStatus –Path D: (to view the status)

Sweet!

Tuesday, February 19, 2013

Installing DPM agent on server 2008 R2 host, error 347

When installing DPM agent remotely on Server 2008 R2 hosts error 347 was occurring. I tried to install the agent manually but received a different error, “Data Protection Manager Setup. Could not load the setup launch screen. Please contact Microsoft product support”.

Solution: It turns out that server 2008 R2 hosts need to have vcredist_x64 installed first.

If you used the default installation path on the DPM host, you can find the vcredist_x64.exe at this location: “C:\Program Files\Microsoft System Center 2012\DPM\DPM\ProtectionAgents\AC\4.1.3313.0\amd64\vcredist_x64.exe"

After installing this and ensuring the host firewall was disabled the remote agent installed perfectly.

Friday, February 1, 2013

Setup has detected that the installation of Reporting Services is not correctly configured or no instance of Reporting Services is linked to MSSQLSERVER, installing Microsoft DPM

Problem: 
Error: Setup has detected that the installation of Reporting Services is not correctly configured or no instance of Reporting Services is linked to MSSQLSERVER of SQL Server.
I was trying to install Microsoft System Center Data Protection Manager 2012 SP1 and connect it to a newly setup remote SQL 2012 server and received an error about the Reporting Services not being properly linked to the SQL 2012 server.

Solution: I wasted a good few hours on this, trying to reconfigure reporting servers with no progress. I finally stumbled upon this post of the exact same error. Thanks to user RH_Av for his helpful post.

My error was assuming that the DPM install would be smart enough to know that the default instance should be used, and that it has reporting services installed and configured.

The solution was to enter the SERVERNAME/INSTANCE, not just the SERVERNAME. I despise stupid things, and this was something Microsoft should fix. It should always check the default SQL instance. duh. Anyways, problem solved!

Dell Poweredge firmware update failed on hard drives

Problem: I recently was preparing my Dell Poweredge R715 servers for Windows Server 2012 and figured I should grab the Dell Server Update utility and perform all necessary firmware updates.

The update succeeded for most items, but failed on the hard drives. Actually one of the three internal drives succeeded (AS08) but the other two were left at the old revision (AS02). What I didn't realize immediately (because the updates were performed remotely) was that this caused the RAID container to enter a degraded state. Unfortunately the upgraded drive wouldn't firmware update using either the Dell utility (due to the degraded state of the container), nor could I rebuild the drive using Dell's server manager, as the option just didn't exist (due to the differing revisions perhaps?).

Solution: With some googling I found this posting. Thanks to user AGAG70 for the tip to use the free MegaRAID Storage Manager utility from LSI here. I downloaded the .zip file. Extracted it on the host server, performed a custom install and chose the "install components to manage this local server" (or something to that extent). Once installed I ran the software, selected the Physical tab and could see the drive that was degraded. I right clicked it and told it to rebuild. It looks like this utility can do firmware updates as well, but I think I'll try the Dell server utility again once the container is fully functional.

Friday, January 18, 2013

Restricted users can only print blank pages

Problem: restricted users can only print blank pages. Both printing and print preview produce blank pages to local printers.

Solution: found here.

Firstly, the ‘Low’ folder mentioned above is needed as a temporary working folder for the HTML pages being generated and printed from IE. Start by bringing up a command prompt (run -> cmd), making sure you DO NOT run with elevated permissions (otherwise it will do this for your local admin account, which won’t help you). At the command prompt, run the following command:
mkdir %userprofile%\AppData\Local\Temp\Low
This will create the necessary Low folder in the right place, which is almost certainly absent otherwise.
Other posts I read suggested this was enough, but it isn’t. The newly created ‘Low’ folder won’t work until you run a further command which sets the integrity level of this folder such that IE can use it (IE7 introduced a new protected mode, which you can read more about here: http://msdn.microsoft.com/en-us/library/bb250462%28VS.85%29.aspx). So at the same prompt, run the following command:
icacls %userprofile%\AppData\Local\Temp\Low /setintegritylevel low
Having done this, restart IE, and you should find print preview and printing itself now works

Thursday, January 3, 2013

Deploying IE9, shortcuts don't work for non-admins on first login

Problem: After deployment of IE9, the IE9 shortcuts don't work for non-admins until IE9 is launched by a local machine admin.

Solution: found here;

Thank you Adam2608!

Basically, there is a command in the RunOnce registry key that needs to be run by an admin to finish off the install.
That command is:
 reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f

We've put that in a script and set it to run at machine startup. Running it at startup ensures it runs as the local system account in case you restrict registry tools (we do, as we are a school).
Onces thats run, anybody who logs on gets the icons.

Update 5/30/13: Another option I've found is to use the IEAK for IE9 and build your own custom installer for IE9. This works better for SCCM Build and Capture task sequences and will probably work better for distributing IE9 after the machines have been deployed.

SCCM Adobe Acrobat Pro deployment failed with error: 80091007

Problem: Failed to run the last action: Install Adobe Acrobat Pro 9. Execution of task sequence failed. The hash value is not correct. (Error: 80091007; Source: Windows)

This error is happening with all my Build and Captures in SCCM 2007 R3 that include Adobe Acrobat Pro 9. After all the fiddling with settings, hash checking, removing hidden files, nothing would fix it!

By the way, the package would install perfectly if deployed via advertisement in windows, just not in my Task Sequences.

Solution: In the Advertisement for the build and capture, on the Distribution Points tab, change from "download content locally when needed by running task sequence", to "Access content directly from a distribution point when needed by the running task sequence".

This not only solved the issue with Acrobat, but the build and capture took about 50% less time, as windows and other packages didn't need to download. Excellent!