SCCM 2012 Client Migration - 2012 Client installation fails with a parallel SCCM 2007 setup running.

Problem Statement: 
You are trying to install SCCM 2012 clients on few test machines but you end up with partial client installation with only 2 actions in Action Tab. Site discovery does not work but if you install client with new site code as a parameter during client installation, site discovery works.You end up thinking this is a boundary issue, but it is not. But make sure you don't have overlapping boundaries and also that you have created Boundary group and also checked the option for enabling use this boundary group for assigning the site.

Symptoms: 
The following registry key reflects to a site code of SCCM 2007 infra even if you have SCCM 2012 installed.
“HKLM\SOFTWARE\Microsoft\SMS\Mobile Client”
Even if you delete this entry, it will keep reappearing.

Applies to: 
SCCM 2012 Especially during Migration from SCCM 2007
Troubleshooting Steps:
1.    Delete the GPO on Few machines
2.    Run the vbscript below

Option Explicit
Const HKLM = &H80000002 Const sRegKey = "SOFTWARE\Microsoft\SMS\Mobile Client"
Const sRegValueName = "GPRequestedSiteAssignmentCode"
Dim oReg, iReturnValue
Set oReg = GetObject("winmgmts:\\.\root\default:StdRegProv")
iReturnValue = oReg.SetStringValue (HKLM, sRegKey, sRegValueName, "")
wscript.quit iReturnValue

3.    Restart if required and observe the value in the registry key “HKLM\SOFTWARE\Microsoft\SMS\Mobile Client”
4.    Install SCCM 2012 Client.

Root Cause Analysis:
Someone in your organization must have created a GPO for assigning all the clients to the SCCM 2007 infrastructure, even if you delete this GPO, you will most probably not be able to install the clients because the values get tattooed onto the WMI as well. Hence you need to both delete this GPO and also remove the WMI entries using the above script.

WSUS Sync Fails at some random patch or percentage

Problem Statement:

After a Site Rebuild, all your SCCM services are up and running with clients reporting as well, when you install WSUS and Sync, there are no issues but the moment you install SUP role, the Sync halts at a particular patch and throws operation timed out error after 60 minutes, this behavior keeps happening even after multiple reinstallation of WSUS and SUP

 

Symptoms:

The Wsyncmgr.log shows the following error:

*** EXEC sp_MigrateSDMPackage 49656, 387495, 0
*** [HYT00][0][Microsoft][ODBC SQL Server Driver]Timeout expired

STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=ALSMS SITE=ALL PID=2636 TID=5064 GMTDATE=Mon Jun 23 03:16:43.426 2014 ISTR0="" ISTR1="The operation has timed out" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0

Sync failed. Will retry in 60 minutes

Applies to: SCCM 2007

 

 

Troubleshooting Steps:
1. Take a complete Site backup
2. Open SQL Server Management Studio
3. Expand you SMS_<sitecode> database(Your SCCM Database)
4. Create New Query
5. Type “Select * from CI_ConfigurationItems Where CIType_ID in (1, 6, 8)”
6. You will see many rows in your result relating to all the Metadata from Microsoft Updates
7. Type “Delete from CI_ConfigurationItems Where CIType_ID in (1, 6, 8)”
8. The process will take nearly 15 to 20 minutes depending on the number of entries you have
9. Type “Update CI_SDMPackages set IsDeleted = 1 where SourceSite = '<sitecode>”
10. Type “Exec sp_DeleteOldSDMPackageData 0”
11. It will take a while to delete all the old SDM package data
12. Post this Run the WSUS Sync.
Note: Before performing all this step ensure that the WSUS Sync Manager is not trying to sync or running an active sync, it is recommended to stop the component before performing this activity.

 

Root Cause Analysis:
Certain tables in the Site database will get updated when SCCM tries to perform a Sync, these CI’s will not get updated when Wsyncmgr component tries to update these values in SQL, hence the operation times out and the Sync never happens no matter how many times you reinstall the WSUS and SUP. Hence removing these particular entries from Database will make sure that Sync completes.

Setup was unable to compile the file DiscoveryStatus.mof

You start client Installation and realize that install fails with error code 80041002, even cleaning up install directories or repairing WMI doesn’t help

Symptoms: sms setup starts and finishes with error and clients will not be installed, the ccmsetup.log shows the error “Setup was unable to compile the file DiscoveryStatus.mof”

Applies to:  SCCM 2012

Troubleshooting Steps:

1.       Open CMD in the administrator command prompt

2.       Navigate to C:\Program Files\Microsoft Policy Platform

3.       mofcomp ExtendedStatus.mof

4.       Retry the CM client installation

Root Cause Analysis: Configuration manager 2012 clients will depend on the Lantern Services Microsoft Policy platform Processor

Endpoint Protection 2012 on Windows Hyper V Cores- utilizing MPCMDRUN.exe

Well you are good to go with System Center Endpoint Protection 2012, once you have got the role enabled and client rolled out, now while its pretty simple to manage the client with the client interface available in task bar, but how do you manage Hyper V Core server without GUI.

Seems a challenge right, well here is a tool you can leverage.

One of the most vital tools for an SCEP admin is MpCmdRun.exe. With this command-line utility, you can perform a definition rollback, force a signature update, restore a file from quarantine, or kick off a scan. Almost any operational scripting tasks you wish to perform will center on MpCmdRun.exe.

Getting Ready…

By default, MpcmdRun is stored in the C:\Program Files\Microsoft Security Client\ Antimalware directory. Although MpcmdRun can be used to accomplish many tasks with SCEP, this recipe will only describe how to launch a full scan from the command line.

How to do it…

1.       Open the Command Prompt window.

2.       Navigate to C:\Program Files\Microsoft Security Client\Antimalware directory.

3.       Enter the following command:

4.       MpCmdRun  -scan -2

5.       Once the full scan is completed, close the Command Prompt window.

How it works…

To view all options available for the utility, enter MpCmdRun -? in the Command Prompt window. A partial output is included for reference in the following example. The full contents of the Mpcmdrun help file can be found in the appendix.

Usage:

MpCmdRun.exe [command] [-options]

Command Description

   -? / -h                                    Displays all available

options for this tool

   -Scan [-ScanType #] [-File  [-DisableRemediation]]  Scans for

malicious                                                           

   -Scan [-ScanType value]

        0  Default, according to your configuration

        1  Quick scan

        2  Full system scan

        3  File and directory custom scan

           [-File ]

Management Point Component stops working on SCCM after you rebuilt/reset sccm site

Symptoms: Logs indicate “MP Control Manager detected MPsetup has failed to create the CCM_Incoming Virtual Directory”

Applies to: SCCM 2007

Troubleshooting Steps:

1.       Remove the MP as a site system role (if it is still installed), wait for it to finish

2.       Run a ccmclean /all (this is a tool you can find in the SMS 2003 Toolkit 2)

3.       Remove IIS completely with all components

4.       Reboot

5.       Stop the Task Scheduler Service

6.       Rename the %windir%\Tasks folder to something else (or move it)

7.       Start the Task Scheduler Service (this will recreate the %windir%\Tasks folder)

8.       Optional: Enable auditing on the \inetpub\wwwroot folder (and subfolders). Make sure to set local security policy to trap failures of file access.  We will need this in case we see the same security failure.

9.       Reinstall IIS, BITS, WebDAV

10.    Insure BITS and WebDAV are enabled

11.    Reinstall the MP

Root Cause Analysis:

The Site had crashed and was rebuilt, the Task scheduler had issues with creation of Tasks for MP, hence MP is not able to create Incoming folders and hence the management point component will not work. MP needs to be removed and also recreated along with IIS, once MP is removed the Task Scheduler Service needs to be stopped after the reboot and the tasks folder needs to be renamed. Once the service is enabled the Tasks folder is recreated in Windows directory. Later install the IIS and then the MP.