SCCM – root\SCCMDP. error = The RPC server is unavailable.

Here is the situation. You have a SCCM distribution point, it could be a recently built or an existing one in the environment. Then content distribution is not working. All distributed content are Failed in status. Had a look on the PkgXferMgr.log file and it shows this;

“CWmi::Connect() failed to connect to \\<DP_Name\root\SCCMDP. error = The RPC server is unavailable.”

Capture.PNG

Something might trigger the “RPC server is unavailable” error. It could be due to network/firewall configuration but if you are confident enough that is not it, then you could try to look at the other config. Test the WMI namespace connectivity by using WBEMTEST. Verify if the clock setting is correct. Enable Windows Authentication in IIS and ensure IIS 6 WMI Compatibility is installed. And if all is good, you may try this;

  1. Copy smsdpprov.mof from \Microsoft Configuration Manager\bin\X64
  2. Paste it on the distribution point
  3. Run cmd as administrator
  4. Enter this command, without quote: “mofcomp.exe smsdpprov.mof”
  5. Redistribute the failed content
  6. Monitor PkgXferMgr.log

Source1: https://social.technet.microsoft.com/Forums/en-US/713c00b4-9c67-49a3-be61-fcf3006eaef5/sccm-2012-failed-to-connect-to-distribution-point?forum=configmanagerapps

Source2: https://silentcrash.com/2013/09/error-0x800706ba-when-trying-to-install-new-distribution-point-in-sccm-2012-sp1/

Source3: https://4sysops.com/archives/wbemtest-part-1-testing-wmi-connectivity/

Source4: http://franckrichard.blogspot.com/2018/05/sccm-cwmiconnect-failed-to-connect-in.html?_sm_au_=iVVPkPFvS4270PFHGHCNvKHQNqM7q

Windows – Zone: Unknown zone (Mixed)

Adding a site to trusted sites list is a pretty simple task, either through Internet options, or if you’re in a corporate environment, through a specific GPO. Usually the site would be in Internet zone first, and after you add it into the list, it becomes one of the Trusted sites. You can verify this by accessing the site URL using Internet Explorer, right click at the background once it is loaded, and check the Zone: field, it will show you Trusted sites.

But what if it shows Unknown zone (Mixed) instead?

From what I have gathered, it could mean few things:

  1. The site that you have added, has both http and https content/connection. Hence, depending on how you add the entry, ensure that it covers both http and https. Using wildcard appropriately is the best practice
  2. Display mixed content option is not enabled under Trusted sites > Custom level setting list. Try to enable it and test whether it fixes the issue
  3. The site probably has reference to other site(s). When this happened, the first site added might already be in the Trusted sites list, but the referenced site is not. It could still be in Internet zone, or other type of zone. This will result for the first site to be in Mixed, unknown zone. To fix this, add the second site to the list as well, so both sites can be in the same zone

For point 3, it could be a bit tricky if the referenced site is not apparent or obvious enough. If you can’t contact the website owner for a clearer picture, use View source or Inspect function to find out!

Source1: https://answers.microsoft.com/en-us/ie/forum/all/allowing-mixed-content-in-trusted-sites-only-ie-8/34dffc7b-e810-4d66-bd30-414ddf5224d0

Source2: https://superuser.com/questions/635644/trusted-site-displaying-as-unknown-zone-mixed

Source3: https://answers.microsoft.com/en-us/ie/forum/all/i-keep-getting-unknown-zone-mixed-on-certain/13c7643c-00c3-4453-a0b2-5ae785b5670b

Source4: https://www.experts-exchange.com/questions/21695321/Internet-Explorer-Zones-Unknown-zone-mixed-but-which-zones-are-mixed.html

Windows – Delete network connection

So there are times when you need to connect to other machines remotely, using the \\<ComputerName>\<ShareName> path. If you have all the correct access and credential, usually the first time doing it to a path, wouldn’t be a problem at all – the credential pop up will appear if necessary, and you just need to key them in.

But what if, you have closed all of the windows, and need to do it again, but this time it prompts you an error instead?

Capture

“Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.”

Now you might think of session clearing and credential clearing, which will usually be the case. But you could also try to delete the network connections using the Net use command;

  1. Click Start > type “cmd” > press Enter
  2. Type “net use” without quote > press Enter
  3. This will provide you the list of current network connections
  4. Type “net use \\<ComputerName>\<ShareName> /delete” without quote > press Enter

net use \\<ComputerName>\<ShareName> /delete

Try to connect to the path again, it should be working now

Source1: https://serverfault.com/questions/451387/how-to-delete-cached-temporarily-credentials-for-a-network-share-on-a-windows-ma

Source2: https://www.lifewire.com/net-use-command-2618096

Source3: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/gg651155(v%3Dws.11)

Windows – Disable Modern Standby

While we should embrace new technologies and its enhancement most of the time, but there will be few instances where we should take a step back and change it to suit our best working method. Probably Modern Standby for Windows 10 is one of it.

I have a user reported an issue with his laptop, Lenovo X1 Carbon 6th Gen in regards to the sleep mode, where the laptop will consume the entire battery juice in that mode. In fact, in that sleep mode, simple touch on the touch pad will wake it up. Apparently, the laptop doesn’t go to the actual sleep mode, which could be due the Windows 10 feature called Modern Standby.

There is a post online discussing about this known issue and seems like there is no really a fix from Lenovo available. Fair enough, it is actually a working features from Microsoft so it should be understandable that there is no fix. But what if we still want to disable it?

It consists of two steps – making registry change and BIOS setting adjustment:

  1. Click Start > type “run” > press Enter > type “regedit” without quote > press Enter
  2. Navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power

  1. Change the value for CsEnabled from 1 to 0
  2. Restart machine and go to BIOS settings
  3. Go to Config > Power > Sleep State
  4. Change value from Windows 10 to Linux
  5. Restart machine and verify

The Lenovo X1 Carbon 6th Gen should now be able to get into Sleep mode like any other usual laptop.

Source1: https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/modern-standby

Source2: https://forums.lenovo.com/t5/ThinkPad-X-Series-Laptops/X1-Carbon-6th-Gen-will-not-stay-asleep/td-p/4123632

Source3: https://techjourney.net/how-to-disable-connected-standby-instantgo-in-windows-10-8-1-8/

SCCM – Unable to install SCCM client

There could be many reasons why installation/reinstallation of SCCM client failed and one of it is due to error of “Failed to initialize all required WMI classes”. You can confirm this by doing a quick check at the WMI Control console:

  1. Click Start > Run > type “wmimgmt.msc” without quote > press Enter
  2. Right click WMI Control (Local) > click Properties

If that error is confirmed, you may use a Microsoft tool called WMI Diagnosis Utility but at times when it is urgent, just try the next step and come back to that tool if it does not work.

The next step, which is to resolve MOF registration errors, would be to reregister all .MOF files with WMI

  1. Click Start > type “cmd” without quote > right click and Run as administrator
  2. Enter below commands:

cd C:\Windows\System32\WBEM

dir /b *.mof *.mfl | findstr /v /i uninstall > moflist.txt & for /F %s in (moflist.txt) do mofcomp %s

It will run a few lines and stop once it is completed.

Go back to WMI Control console and verify whether it is fixed, and attempt the SCCM client install again.

Source1: https://www.virtuallyboring.com/microsoft-wmi-invalid-class-error-0x80041010/

Source2: https://www.microsoft.com/en-us/download/details.aspx?id=7684

SCCM – Deployments hang at Downloading 0%

Had this issue recently in my company environment for a couple of days.

Did the usual checks and troubleshooting;

1. Content distributed to distribution point successfully
2. Boundaries and boundary group configured accordingly (IP Address range, AD site, etc.)
3. Workstations and laptops have the latest client
4. DP and clients are in healthy condition
5. Certificates both on servers and clients are good
6. Firewalls are off, since this functionality is not configured
7. Went through most of the logs but to no avail (LocationServices, CAS, ContentTransferManager, etc.)

What’s next then?

One of the test that we did – point test machines to another DP, by using boundaries, and the installation went through. Hence it surely has something to do with the DP.

Further check shows, another DP that able to make it works, is on Windows Server 2012 R2, while the one DP that we had issue with is Windows Server 2008 R2. Potentially need to rebuild DP to solve the Downloading 0% issue? Last choice, but probably not yet at this point..

Tracing back the changes done by the other team recently, team that is handling GPO, servers and all – showed that they did make a change, on WinHttp. That was part of the plan to resolve an issue with Skype for Business, which produced an error of something that related to DNS. Rolling back the change on WinHttp, deployment back to normal!

Here’s the chronology;

1. The team execute a plan to allow only TLS 1.0 and TLS 2.0 in environment
2. Some Windows 7 users have issue to login to Skype for Business
3. The team rolling out WinHttp changes by GPO to solve the issue
4. Workstations and laptops that are having Windows Server 2008 R2 distribution point as its DP started to have Downloading 0% issue

So next thing to find out – what are the relation of these: Downloading 0%, WinHttp, Windows Server 2008 R2, TLS, Skype for Business and DNS. Surely it could be something great if we can solve the question!

Until then, completing software updates on my users workstations are good enough to let me sleep better at night.

Source1: https://community.spiceworks.com/topic/270747-sccm-2012-client-install-timeout-dp-locations-not-found

Source2: https://support.microsoft.com/en-my/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Source3: https://support.microsoft.com/en-my/help/2566790/troubleshooting-skype-for-business-online-dns-configuration-issues-in

Source4: https://docs.microsoft.com/en-us/windows/desktop/winhttp/about-winhttp

SCCM – Application Detection Failed

Failure to detect installed Application could be due to various of reasons. But one of it is because the detection happened too quick that it goes ahead of the installation completion – there is a chance that it is actually an installation that run on top of another installation. You can avoid this by adding a delay in the installation script. While there are many ways out there to achieve this but one of the simplest method is to add a ping to localhost in say, for 15 seconds.

ping 127.0.0.1 -n 15 > nul

This line basically adding a delay by pinging to localhost for 15 seconds and suppressing the output. It should not interrupt the installation script and able to let the client wait for a while before proceed with its Application detection.

Source1: https://www.reddit.com/r/SCCM/comments/87i4lx/sccm_app_install_succeeds_but_sccm_thinks_it/

Source2: https://stackoverflow.com/questions/1672338/how-to-sleep-for-5-seconds-in-windowss-command-prompt-or-dos

Windows – Account Password Last Changed

Recently we found out that some of our machines had GPO applied, related to password change for local user account – specifically Administrator account. Machine will have the password change/reset in every 30/60 days. This was setup by another team in the company but most probably we are not aware of the GPO being set.

Before we have this confirmed, troubleshooting was done and one of it was determining when was the last time the account had password changed. In our scenario, we managed to login to the machine with a Domain Admin account and run the required command. Links below should be useful to help.

Source1: https://stackoverflow.com/questions/11781144/check-when-password-was-last-changed

Source2: https://thebackroomtech.com/2010/08/09/determining-when-a-local-windows-account-password-was-last-changed/

SCCM – Deployment (Created By)

The question is pretty simple, really: Who created that deployment? It is not for finding fault or anything actually. It is more to any other reason that you can think of. Which person is actively create deployment in SCCM, for example.

Luckily it is easily available under All messages for a specific message ID report.

Head to source link below for guide.

Source: https://www.petervanderwoude.nl/post/who-created-that-deployment/