SCCM console open error and link failed with SQL Server Native Client 11.0]SSL Provider: The received certificate has expired

 Hello Admins!!

Today I was not able to open SCCM console with error and also CAS to problematic Primary was failed in replication. When checked, port 1433 to SCCM database of site where I opened the console, its was opened. So, next I checked admin console log and just found "Provider failure" error. Nothing much. Then I checked sms provider log on server and found below.

SQL Server Native Client 11.0]SSL Provider: The received certificate has expired 

This made me to check the SQL server self sign certificate on SCCM database server (now it can be on same server where you have your site server or it can be on different box). I found certificate present and active (not expired). Then where is the problem ? I thought to check SQL server configuration for this certificate, so I opened SQL server configuration manager console.

I browsed to SQL Server Network Configuration > Protocols for MSSQLServer and right click it to check "Certificate" tab. Guess what !! the SQL Server self-sign certificate mapping is lost. So, I click drop down button against Certificate and select the present SQL Server self-sign certificate and click Apply.

After mapping:

After that, I restarted SQL server service on database box. I checked console opening, it opened and after 10-15 minutes, I found replication was active. Issue fixed!!

Note: In some case, you may find same certificate is expired. In such case you need to create fresh self-sign certificate and map to this same location and restart the SQL server service to see the change. 

Hope, you have liked this post and may help you to troubleshoot and fix the issue if you may encounter this error.

Read More

Standalone media creation error 0x80041013

 Hi Admins,

You may face a typical error while creating standalone media from option "Create Task Sequence Media" of SCCM console. I faced standalone media creation error 80041013 ( Provider load failure) and it happened to me in SCCM 2010 version. I tried to create standalone media and selected media type as CD/DVD but it failed with error CreateMedia.exe finished with error code 80041013.

I started checking with ---

1) Whether boot image that I selected for media creation is update on DistributonDPs or not - found to be updated in all DPs. Then,

2) Checked whether all task sequence contents(although shows in console during creation) are properly updated in DPs - found udpated

3) Checked proper access in WMI and DCOM - found already present

4) Checked WMI consistency - found it was consistent

5) Tried to recreate custom boot image and retried the activity - same error appeared again

6) Tried to re configure boot image - still same error

Then I started checking events from Event Viewer console. I checked Application logs but not found any error related to issue. Then I checked System logs still didnt find any error related to error. Finally I landed to specific error related to WMI from Event Viewer console > Applications and Services Logs > Microsoft > Windows > WMI-Activity > Operation log 

In this place I found below which is actually giving me actual detail of error:

then immediately it logger below error:

After analyzing the event ID 5857, I understood that error is related with bcdprov.dll which was involved during BCD store creation. When I checked presence of the dll file in given location, I didnt find the file and when I checked with another server, same file was there. Not only bcdprov.dll was missing but also bcdsrv.dll and bcd.mof also found missing. I copied all these three files from working SCCM server from SCCM application server installed location under bin/i386 and paste in non-working machine.

After successful copy, I register both bcdprov.dll and bcdsrv.dll file and rebooted the non-working server. Post reboot, I logged in to the server and open SCCM console and perform same steps to create standalone media. Guess what ? IT WORKED. BOOM !!

So, culprit in my case of missing buddies of BCD(Boot Configuration Data) family. Now, it may be not similar fix for your case so I strongly suggest to first understand the error meaning from CMTRACE tool and then start checking events from Event Viewer. 

Hope you like this post. Kindly do comment and share this post so that other SCCM admins may get help from it. Thanks. 

Read More

What is GRS in Intune ?

Hello Intune Administrators !!

Those who are new to Intune Win32 app deployment then GRS will be confusing word for you. Wait ! dont worry. I will explain basic of GRS. So, GRS is acronym for Global Retry Schedule. You can see below in IntuneManagementExtension.log during Win32 app troubleshooting. 

[Win32App] Tried in last 24 hours, No need to exec. skip execution 3 IntuneManagementExtension 9/1/2020 7:38:07 AM 26 (0x001A)

[Win32App] app AdobeReader with id 54b889093-9a31-8549-fgd2-27cb141a5g789 is still in GRS. GRS start time is 8/31/2020 9:16:35 AM IntuneManagementExtension 9/1/2020 7:38:07 AM 26 (0x001A)

According to Intune Win32 app deployment, when a Win32 application deployment tried in a particular date and time then next retry will happen exactly after 24 hours. 

In above event, Win32 app "Adobe Reader" retry was skipped execution because during check, it was found that retry was happened < 24 hours and therefore IME (Intune Management Extension for Win32 app deployment) skipped the execution. 

Hope this post is useful. If you have any query, feel free to comment. 

Read More

Windows Terminal Preview for SCCM Administrator

Microsoft announced introduction of Windows Terminal last year. This is now available as preview version on Windows Store. Windows Terminal is one platform to have Windows CMD, Windows PowerShell and Microsoft Azure Cloud Shell so that technology professional gets all these terminals in single platform and use them with ease.



How to get Windows Terminal Preview version-

Open Windows Store(in some company, it may be blocked where you cant install it) and search for Windows Terminal or click the link(https://www.microsoft.com/en-us/p/windows-terminal-preview/9n0dx20hk701#activetab=pivot:overviewtab) to directly launch installation page.

1. Open Windows Store

2. Search for Windows Terminal

3. Windows Terminal (preview version) look like below. Since I already installed it, page shows the state and suggests to launch it.                               












4. Windows Terminal (preview version) looks like below after installation.

5. Azure Cloud Shell requires Azure login and tenant selection for launching it. Windows CMD and Windows Powershell doesnt require any login or condition to launch.

When you try to open Azure shell, it shows below message. Follow the message for launching it.

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code H84J5ZDZX to authent
This code will expire in 15 minutes.

6. When you open all three terminals, they look like below

Windows Powershell is default terminal and every time you try to open Windows Terminal by clicking + signm it opens Windows Powershell. However you can click down arrow to open other two terminal or you can go to Settings and modify JSON file to make any of these three terminal a default terminal. You can also change the color of these terminals.

For more detail of settings, you can access document here https://aka.ms/terminal-documentation (Github page)

Hope you have liked the blog post. It helps SCCM administrators or manager to run scripts or command with ease.Kindly do comment and share it. 

Read More

Count of File Created Date Wise - PowerShell

Below Powershell command is must have during your troubleshooting in SCCM site server file backlog like DDR, RDR or state message backlog. Below Powershell command will give your output of count of file created based on date against any file location.

Get-ChildItem "D:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box\regreq" | Where-Object {!$_.PSIsContainer} | Group-Object {$_.CreationTime.ToShortDateString()} -NoElement.

Location of file can be anything based on your requirement. 

Hope this will help you. 

Read More

How to identify SQL Server job owner

I was trying to remove a user from SQL Server database box but while trying to remove the user, I got below error:














Now in order to identify where the user has create a SQL Server job, you can run below query to get the job details owned by the user. Here we go:

Select Name from msdb.dbo.sysjobs
WHERE owner_sid IN 
(
SELECT sid
FROM MASTER.sys.syslogins
WHERE Name = 'kirankr'
)

Once you get the job details, you have to remove the maintenance plan of that job from SQL Server Management Studio > Server Node > Management > Maintenance Plans > Get the plan name> Right click it > Delete . After successful removal of dependent job, you can delete the user from the database.Hope you like this post. If yes, do comment and share the post to those who needs it.

Read More

How to Get Collection Folder Location in SCCM

Your manager rushes to you and asks you to identify the Folder location of a culprit collection. You goes to SCCM console and search for it either with name or collection ID. You get the half detail but your manager asked for folder location and you scratches your head because from console you cant identify the folder location of that collection.

Dont worry!! running below query, you can get the folder detail quickly. Here we go:

Open SQL Server Management Studio > Access SCCM Database(preferably CAS) > New query > Run below query 

select c.SiteID as 'Collection ID',c.CollectionName,f.Name 

as 'Folder Name', f.FolderPath from vCollections c

inner join FolderMembers fm on fm.InstanceKey=c.SiteID

inner join folders f on f.ContainerNodeID=fm.ContainerNodeID

Output looks like below:

Read More