Wednesday, January 23, 2013

Preparing WSUS for Windows 8 or Windows 2012

In order to provide updates to Windows 8 or Windows Server 2012 from local WSUS, Microsoft has released an update KB2734608. This update is prepared for WSUS 3.0 SP2.
More info on how to install the update check http://support.microsoft.com/kb/2734608 .

Tuesday, January 22, 2013

Installing .NET Framework 3.5 on Windows 8 or Windows Server 2012

If you try to install .NET Framework 3.5 which includes .NET 2.0 and .NET 3.0 on Windows 8 or Windows Server 2012 from Windows Update, you may experience error message with following error code 0x800F0906 .

 
 
To resolve this problem you can install .NET Framework 3.5 from OS installation media. From elevated command prompt execute:

Dism /online /enable-feature /featurename:NetFx3 /All /Source:<drive>:\sources\sxs /LimitAccess
 
Where <drive> is the the drive letter for DVD drive, for example F:

Dism /online /enable-feature /featurename:NetFx3 /All /Source:F:\sources\sxs /LimitAccess
 

More on how to resolve errors when installing .NET Framework 3.5 on Windows 8 or Windows Server 2012 on http://support.microsoft.com/kb/2734782 

Outlook 2013 changes

I was deploying unified company signature files for Outlook for company employees using logon script. Until Outlook 2013 was deployed, signature outlook files were properly deployed. For users with deployed Outlook 2013, signature files were not applying. The reason for this kind of behavior is that Outlook 2013 does not store profile information under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles  anymore, instead it uses HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles .

More for other changes introduced in Outlook 2013 on http://msdn.microsoft.com/en-us/library/office/jj228679.aspx .

Another change in Outlook 2013 is that it does not embed pictures in html signature files by default anymore. To force same behavior from previous Outlook version in Outlook 2013 following registry key has to be created:
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options\Mail
Value type REG_DWORD
Value Name: Send Pictures With Document
Value: 1 .


 

SCCM Client 2007 does not report hardware inventory data

In my case desktop machine was based on HP Compaq pro 6300, Windows 8 x64 as client OS with latest patches and SCCM client 2007 sp2 with latest hotfix http://support.microsoft.com/kb/2750782 for Windows 8 support. SCCM client was not reporting the data from hardware inventory agent. Hardware inventory agent was not able to query data from CCM_SystemDevices, here is a part from inventory agent log:

<![LOG[Collection: Namespace = \\.\root\cimv2\sms; Query = SELECT __CLASS, __PATH, __RELPATH, CompatibleIDs, DeviceID, HardwareIDs, IsPnP, Name FROM CCM_SystemDevices; Timeout = 600 secs.]LOG]!><time="15:47:12.788+-60" date="01-17-2013" component="InventoryAgent" context="" type="1" thread="4232" file="collectiontask.cpp:347">
<![LOG[Failed to add an instance of class CCM_SystemDevices to historical store: 8004100A]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="collectiontask.cpp:452">
<![LOG[Failed to AddReport() for CCM_SystemDevices class to historical store: 8004100A]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="collectiontask.cpp:458">
<![LOG[Collection: (80040900) Failed to update Data Store]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="invcommon.cpp:190">
<![LOG[Raising event:
[SMS_CodePage(437), SMS_LocaleID(1033)]
instance of CLIMSG_HINV_WARNING_QUERYFAILURE
{
 ClientID = "GUID:9A76A26F-6A41-48D8-A094-41B897D61069";
 Data1 = "SELECT __CLASS, __PATH, __RELPATH, CompatibleIDs, DeviceID, HardwareIDs, IsPnP, Name FROM CCM_SystemDevices";
 Data2 = "";
 Data3 = "";
 DateTime = "20130117144712.851000+000";
 InventoryActionID = "{00000000-0000-0000-0000-000000000001}";
 MachineName = "machinename";
 ProcessID = 4876;
 SiteCode = "sitecode";
 ThreadID = 4232;
};
]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="1" thread="4232" file="event.cpp:525">
<![LOG[Failed to process instances of CCM_SystemDevices: 80040900]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="collectiontask.cpp:361">
<![LOG[Collection: Cycle failed: 80040900]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="collectiontask.cpp:271">

In order to find out why the query does not successfully finish, I have started wbemtest and connected to \\.\root\cimv2\sms and enumerate classes recursively:


 
 

Find the CCM_SystemDevices from top level classes (double click):
 
 
 
Show Instances:
 
 
 
There was empty row with <no key> which was causing SCCM client Inventory Agent to fail:
 
 
Double click to see the properties, since everything is blank click on Show MOF:
 
 
 

MOF will show unprintable character \n "new line" in the name:

 
From the properties of the USB3.0 extensible Host Controller from device manager there was nothing suspicious:
 
 
I tried to update the driver, but there were no new versions to download. I have also checked Intel to download driver for USB 3.0 eXtensible Host Controller, but there were no new drivers for Windows 8, but there was a version of this driver for Windows 7. So, I have applied the not recommended way and applied Windows 7 drivers. Check http://plugable.com/2012/12/01/windows-8-and-intel-usb-3-0-host-controllers/ .
 
New version of the driver from Windows 7 looks like:
 

 

After installing Windows 7 version of the driver, SCCM 2007 Inventory Agent has successfully finished and reported to SCCM server.
 

Wednesday, January 2, 2013

How to sign powershell scripts

In order to sign powershell scripts, code signing certificate is needed. Finding code signing certificates from user personal certificate store and storing it to a variable called $signcert can be done using following powershell command:

$signcert = (dir cert:currentuser\my\ -CodeSigningCert)
 
After storing the certificate for signing into $signcert, we can use Set-AuthenticodeSignature to sign the script. I'm running the Set-AuthenticodeSignature with TimeStampServer parameter, that will provide signed script to run even though the signing certificate gets expired. In most cases this scenario will be OK.
There are a lot of TimeStampServer providers, in my example I'll use server from Comodo. So, the signing script cmdlet will look like this :

Set-AuthenticodeSignature .\scripttobesigned.ps1 $signcert -TimestampServer http://timestamp.comodoca.com/authenticode

There is great two part tutorial about signing scripts on:
http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/16/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-1-of-2.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2.aspx

 

Inernal Server Error for SCCM 2007 reports

I was experiencing Internal Server Error HTTP 500 (The website is under maintenance, The website has a programming error) when trying to run Computers with specific product report from SCCM 2007. The reason for this behavior is default IIS buffer for ASP responses limited to 4 MB. To check asp buffer limit use the following command:
cscript.exe adsutil.vbs GET w3svc/aspbufferinglimit

The output from the command looks like this (with default IIS settings):

 
To increase asp buffer size to 12 MB:
cscript.exe adsutil.vbs SET w3svc/aspbufferinglimit 12582912
 
 
 
After modifying IIS asp buffer setting I was able to display the report in my browser.