Search This Blog

Monday, September 23, 2013

Windows Deployment Services error 0xC107010C

Last week I had a remote SCCM distribution point with PXE where the WDS service could not start.

The event log showed this error:

image

All other Distribution points with PXE support was working as expected.

The reason behind the error showed out  to be a missing Visual C++ 2008 Redistributable as explained here:

Link1 and KB2712387

But why did the rest of the servers work?

Very simple answer - they all had VMware tools installed which was missing at the server with the error.

The latest VMware tools installs Visual C++ 2008 Redistributable Smile

YTVYBSTMKZM3

Friday, September 20, 2013

Identify if SCCM 2012 SP1 CU3 has been installed

Cumulative Update 3 for System Center Configuration Manager 2012 SP1 has been released http://support.microsoft.com/kb/2882125

After upgrading to System Center Configuration Manager 2012 SP1 CU3, you will be able to identify the update as shown here.

First let us take a look at the console, after the update the console reports version 5.0.7804.1400

image

The console reported version 5.0.7804.1300 before updating which is CU2.

image

The Console update is also listed in Control Panel as an Installed Update.

image

The site will still report version 5.00.7804.1000 after the update.

image_thumb3

In order to check if the update has been applied we must look in the registry.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Setup\CULevel

CULevel reports 3 after CU3 has been applied.

image

Before updating CULevel reported 2 for CU2.

image

This update is also visible under Installed Updates in Control Panel.

image

The client will report 5.00.7804.1400 after the client has been updated.

image

Before updating the client reported 5.00.7804.1300 for a CU2 client.

image

CU3 also includes this previous released update for SCEP http://support.microsoft.com/kb/2865173

Which means that scepinstall.exe file in the ConfigMgr install folder “.\Program Files\Configuration Manager\Client” will be updated to version 4.3.215.0

image

And finally as reported by the client.

image

Also take a look at this post http://larslohmann.blogspot.dk/2013/09/endpoint-protection-client-update.html regarding the SCEP update.

Monday, September 16, 2013

Your Java version is insecure

This is an update I have personally been looking forward to for a very long time.

When using Java in an enterprise environment the automatic Expiration Date has been a very big issue for many.

Now with Java 7 Update 40 it looks like this warning can finally be disabled.

image

Option to disable the "JRE out of date" warning

Starting from 7u40, a new deployment property deployment.expiration.check.enabled is available. This property can be used to disable the "JRE out of date" warning.

When the installed JRE (7u10 or later), falls below the security baseline or passes it's built-in expiration date, an additional warning is shown to users to update their installed JRE to the latest version. For businesses that manage the update process centrally, users attempting to update their JRE individually, may cause problems.

To suppress this specific warning message, add the following entry in the deployment properties file:

deployment.expiration.check.enabled=false

For more information, see Deployment Configuration File and Properties.

See more: http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html

Nice Smile

Grab it now at http://www.java.com/en/download/manual.jsp

Monday, September 9, 2013

Endpoint Protection Client Update

Microsoft has released an update for the System Center Endpoint protection client.

http://support.microsoft.com/kb/2865173/en-us?sd=rss&spid=1060

This updates actually includes two updates, apparently both has to be installed but I haven't been able to find this in any documentation.

image

To update the existing clients you can use Automatic Client Upgrade found under Site Configuration – Sites - Hierarchy Settings

image

image

The update doesn't seem to be available from Windows Update or Catalog.

After updating the clients they will report version 4.3.215.0

image

Thursday, September 5, 2013

Default Domain Controllers Policy and Default Domain Policy

This is one of the old ones, I have never had the time to blog.

I some situations you might find you self in so big trouble that you would like to recreate the original Domain and Domain Controllers policies.

This is possible with the command DCGPOFIX http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx

As an example you can restore the Default Domain Controllers Policy with the command DCGPOFix /Target:dc

image

But be careful - the tool does will not restore the security settings on the policy as you would want it to be. http://support.microsoft.com/kb/833783

So if using DCGPOFIX you will must likely need to do some security settings afterwards.

Also be aware that DCGPOFIX will not link the policy to any OU's, so if the default links has been deleted you must create them again in GPMC.

As always a good backup is a better idea, so in order to backup your default gpo's you can use PowerShell and run it at a scheduled interval if needed but remember to cleanup the backups, no need to have to many backups saved.

This will create a backup of the Default Domain Controllers Policy.

Backup-Gpo -Name "Default Domain Controllers Policy" -Path C:\GpoBackups

http://technet.microsoft.com/en-us/library/ee461052.aspx

Please note that the folder C:\GpoBackups in this example must be created before you run the command.

image

When you would like to restore the backup you can use Restore-Gpo

restore-Gpo -Name "Default Domain Controllers Policy" -Path C:\GpoBackups

http://technet.microsoft.com/en-us/library/ee461030.aspx

image

This will also restore the security settings as they were at the time of the backup.

Restore-Gpo will as DCGPOFIX also not recreate missing gpo-links and they must be created again if desired.