Important Config Mgr Hotfix for OS Deployment (KB2910552)

Microsoft has just released an Important Config Mgr Hotfix for OS Deployment issue. The problem was a compatibility issue between Windows XP and the Windows Assessment and Deployment Kit (ADK) 8.1. which prevents deployments when you use WinPe 3.1 boot image with a task sequence in Windows XP update scenarios.

Error message in the Smsts.log file:

Installing boot image to hard drive TSManager datetime 3048 (0x0BE8)
Backing up existing boot system before trying to set up new boot system TSManager datetime 3048 (0x0BE8)
BootLoader::backup: C:\, C:\_SMSTaskSequence\backup TSManager datetime 3048 (0x0BE8)
BootLoader::restore: C:\_SMSTaskSequence\WinPE, C:\ TSManager datetime 3048 (0x0BE8)
Saving bcd store to C:\_SMSTaskSequence\WinPE\boot\BCD TSManager datetime 3048 (0x0BE8)
Executing command line: "C:\_SMSTaskSequence\WinPE\SMS\bin\i386\bootsect.exe" /NT60 SYS /MBR TSManager datetime 3048 (0x0BE8)
CreateProcess failed. Code(0x800700C1) TSManager datetime 3048 (0x0BE8)
Command line execution failed (800700C1) TSManager datetime 3048 (0x0BE8)
Failed to install boot image. 
is not a valid Win32 application. (Error: 800700C1; Source: Windows) TSManager datetime 3048 (0x0BE8)
Failed to install boot image CCR00004. 
is not a valid Win32 application. (Error: 800700C1; Source: Windows) TSManager datetime 3048 (0x0BE8)
Failed to reboot the system. Error 0x(800700c1) TSManager datetime 3048 (0x0BE8)
Failed to initialize a system reboot. 
is not a valid Win32 application. (Error: 800700C1; Source: Windows) TSManager datetime 3048 (0x0BE8)
Fatal error is returned in check for reboot request of the action (Restart in Windows PE). 
is not a valid Win32 application. (Error: 800700C1; Source: Windows) TSManager datetime 3048 (0x0BE8)

The hotfix applies to sites, admin consoles and clients. 

Don't forget to update your boot images after the update is installed.

Task sequence component version becomes 5.00.7958.1104 after the hotfix installation.

 

The hotfix KB2910552 can be downloaded from http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2910552&kbln=en-us

And you can read more detail at http://support.microsoft.com/kb/2910552

Windows Server 2012 R2 Products and Editions Comparison

Windows Server 2012 R2 Products and Editions Comparison by features, locks / limits and server roles.

	Windows Server 2012 R2 Datacenter	Windows Server 2012 R2 Standard	Windows Server 2012 R2 Essentials	Windows Server 2012 R2 Foundation
Locks and Limits
Maximum number of users	based on licenses	based on licenses	25	15
Maximum SMB Connections	16,777,216	16,777,216	16777216	30
Maximum RRAS Connections	unlimited	unlimited	50	50
Maximum IAS Connections	2,147,483,647	2,147,483,647	50	10
Maximum number of 64-bit sockets	64	64	2	1
Maximum RAM	4 TB	4 TB	64 GB	32 GB
Server can join a domain	Yes	Yes	For migration only	For migration only
DirectAccess	Yes	Yes	See documentation	Yes
Server Roles
Active Directory® Certificate Services	Yes	Yes	Yes	Yes
Active Directory Domain Services	Yes	Yes	Required	Yes (optional)
Active Directory Federation Services	Yes	Yes	Yes	Yes
AD Lightweight Directory Services	Yes	Yes	No	Yes
AD Rights Management Services	Yes	Yes	Yes	Yes
Application Server	Yes	Yes	Yes	Yes
DHCP Server	Yes	Yes	Yes	Yes
DNS Server	Yes	Yes	Yes	Yes
Fax Server	Yes	Yes	Yes	Yes
File Services	Yes	Yes	Yes	Yes
Hyper-V	Yes	Yes	No	No
Network Policy and Access Services	Yes	Yes	Yes	Yes
Print and Document Services	Yes	Yes	Yes	Yes
Remote Access	Yes	Yes	Yes	Yes
Terminal Services Application Sharing	Yes	Yes	No	Yes
Terminal Services Gateway	Yes	Yes	No	See documentation
Web Services (IIS)	Yes	Yes	Yes	Yes
Windows Deployment Services	Yes	Yes	Yes	Yes
Windows Essentials	Yes	Yes	Default	No
Windows Media Services support (Streaming Media Services)	See Installation Options documentation	See Installation Options documentation	Yes	See Installation Options documentation
WINS Server	Yes	Yes	Yes	Yes
Features
RODC – read only domain controller	Yes	Yes	No	No
Automatic Virtual Machine Activation	Both guest and host	As guest	As guest	No
Best Practices Analyzer	Yes	Yes	Yes	Yes
BranchCache Hosted Server	Yes	Yes	Yes	Yes
BranchCache P2P Cache	Yes	Yes	Yes	Yes
Windows Control Panel	Yes	Yes	Yes	Yes
Distributed File System Replication	Yes	Yes	Yes	Yes
Data Deduplication	Yes	Yes	No	No
ISCSI target support	Yes	Yes	Yes	Yes
DirectAccess	Yes	Yes	Yes	Yes
Dynamic Memory (in virtualization)	Yes	Yes	Yes	No
Failover Clustering	Yes	Yes	No	No
"Hot" add/replace RAM	Yes	Yes	Yes	No
IPAM (IP Address Management)	Yes	Yes	Yes	Yes
Microsoft Management Console	Yes	Yes	Yes	Yes
Minimal Server Interface	Yes	Yes	No	No
Network Load Balancing	Yes	Yes	Yes	Yes
Support for Non-volatile Memory Express	Yes	Yes	Yes	Yes
Windows PowerShell	Yes	Yes	Yes	Yes
Server Core mode	Yes	Yes	No	No
Server license logging	Yes	Yes	Yes	Yes
Server Manager	Yes	Yes	Yes	Yes
SMB Direct and SMB over RDMA	Yes	Yes	Yes	Yes
Storage Management Service	Yes	Yes	Yes	Yes
Storage Spaces	Yes	Yes	Yes	Yes
Volume Activation Services	Yes	Yes	No	No
VSS (Volume Shadow Copy Service) integration	Yes	Yes	Yes	Yes
Windows Server Update Services	Yes	Yes	Yes	No

The full PDF that includes Hyper-V and Storage Server editions can be downloaded from http://www.microsoft.com/en-us/download/confirmation.aspx?id=41703

Ports used by Configuration Manager Management Point

Ports used by Configuration Manager Management Point

Management Point <> Domain Controller

Description	UDP	TCP
Lightweight Directory Access Protocol (LDAP)	--	389
LDAP (Secure Sockets Layer [SSL] connection)	636	636
Global Catalog LDAP	--	3268
Global Catalog LDAP SSL	--	3269
RPC Endpoint Mapper	135	135
RPC	--	DYNAMIC

Management Point <> Site Server

Description	UDP	TCP
RPC Endpoint mapper	--	135
RPC	--	DYNAMIC
Server Message Block (SMB)	--	445

Management Point <> SQL Server

Description	UDP	TCP
SQL over TCP	--	1433

Enable Verbose Logging on the SCCM Client for Application Deployment Troubleshooting

You might need to enable verbose logging on the SCCM client for application deployment troubleshooting to be able to see what is happening in more detail.

The default logging level for the client logs information, error and warning level messages. And this is set by a registry value named LogLevel which can be found under

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CCM\Logging\@GLOBAL\LogLevel (For x86 SCCM Client)

or

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Logging\@GLOBAL\LogLevel

default value of LogLevel is 1, so you can change it 0 (Zero) and restart the SMS Agent service to enable verbose logging. (You'll need to change Administrators permissions to Full on @GLOBAL before changing this value)



Client-side debug logging

If you need more detail you can also enable debug level logging by creating a new key named DebugLogging and a value named Enabled REG_SZ (String) = True under the

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CCM\Logging\@GLOBAL\ (For x86 SCCM Client)

or

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Logging\@GLOBAL\



Creating new key named DebugLogging



Creating new REG_SZ (String) named Enabled

Hybrid Configuration Troubleshooting

Hi,

In this article I will mention of some troubleshooting methods against common issues that cause the Hybrid Configuration to fail. At this stage I assume that you have completed the prerequisites and prepared your tenant for the integration. These steps include registering the UPNs (User Principal Names), domains that are planned to be used with the service, as well as the configuration of the ADFS (Active Directory Federation Services), Directory Synchronisation, Exchange Hybrid Server. I will mention about these configuration steps in another article. However if you have any questions with regards to these feel free to approach me.

Anyway, let's go back to our topic Hybrid Configuration Troubleshooting. As highlighted above there are some common issues which cause your Hybrid Configuration to fail.

1- The first common and important known problem is the Autodiscover service misconfiguration. Testing the configuration of the autodiscover service is very easy. Microsoft has provided a great web-based troubleshooting tool (Remote Connectivity Analyzer) which helps to identify the external client based connectivity issues. The tool can be accessed here: Microsoft Remote Connectivity Analyzer



Select the Exchange ActiveSync Autodiscover option to ensure that the Autodiscover service is properly configured and your certificates are valid.

The most important points of this step are the following:

• Autodisover test to be completed as successful.


• The certification validation to PASS.

2- The second common issue I would like to mention which may cause the Hybrid Configuration to fail is the Virtual Directory settings. You might encounter this error during updating the hybrid configuration. You may get an error message something like below:



When you get the error above, follow the following steps to see whether the virtual directory settings are creating the issue or not.

• Start the Exchange Management Shell (EMS) and run the command:
  

  Get-FederationInformation <domain_name> -Verbose

  
  


• The proper configuration should look like below:


• If Get-FederationInformation is unable to retrieve information about the configuration, Update-HybridConfiguration would most likely encounter issues as well. Get-FederationInformation may not be able to retrieve the information due to errors 401 and 403. See below:


• To resolve the 401 & 403 errors, you need to make sure that the security settings for the Autodiscover virtual directory has been configured properly. Run the following command:
  
  
  
  • 
    

    Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' -WSSecurityAuthentication $true

    
    
  
  
  
  


• Run the Get-FederationInformation command again and now 401 & 403 errors should be resolved and you should see a result as shown above.


• You can now go back  and finalise your configuration. (Update-HybridConfigration)

3- Sometimes the error could be due to a corruption on the Autodiscover virtual directory or could be due to an incorrect configuration. In this case you would need to reset the Autodiscover virtual directory. Resetting will delete the existing directory and create a new one with the default settings. To reset the directory follow the following steps:

• Start EMC and connect to the CAS.
  
  
  
  • Expand Microsoft Exchange On-Premises, select the Server Configuration node and then select the Client Access Server.
  
  
  
  


• Click Reset Virtual Directory in the Actions pane.


• Accept the default log file location.


• After the directory is reset, you need to reset the IIS server as well. Open an elevated command prompt window and run:
  
  
  
  • iisreset
  
  
  
  


• Also do not forget to set the  -WSSecurityAuthentication $true value.

After completing the above you can start testing moving mailboxes between on-premise Exchange and Exchange Online. Keep an eye on this webpage if you want to find out more about the mailbox moves.

Hope above helps.

ecsword

 

 

/PrepareAD fails with error message: 'A hybrid deployment with Office365 has been detected.'

Hi,

As you all know before Exchange Server 2013 or its Cumulative Update is installed, you need to prepare the Active Directory forest and domain(s).  However you may have an on-premise Exchange Server environment co-existing with an Office 365 tenant. When this is the case and you run the /PrepareAD switch, the Prerequisite Analysis will FAIL. See below:

Setup /PrepareAD /IAcceptExchangeServerLicenseTerms

To be able to prepare your Active Directory in a coexistence scenario with Exchange Online you would need to export your organisation configuration to an XML file. To do this:

1- Logon to your O365 tenant

2- Run

Get-OrganizationConfig | Export-clixml -Path X:\Path\filename.xml

 



3- Now re-run the PrepareAD switch with the exported XML as shown below. You should be able to run it successfully.

Setup /PrepareAD /TenantOrganizationconfig:C:\ecswordONLINEOrganizationConfig.xml /IAcceptExchangeServerLicenseTerms

You would need to follow this approach during the installation of the Cumulative Updates which would require Organisation Preparation.

ecsword

 

The attempt to connect to http://... using "Kerberos" authentication failed.

Hi,

When you launch Exchange Management Console and get a Kerberos authentication failed error message I suggest you to check the proxy settings of the Client Access Servers. 

 

Run the following commands to check the proxy settings and either clear or update the existing settings with the correct proxy settings.

netsh winhttp show proxy

 

netsh winhttp reset proxy

You should now be able to access and connect both using EMC and EMS.

ecsword