syswow64 blog

SCCM Software Updates - Failed to Add Update Source for WUAgent  Today I have been looking at a range of servers (Server 2008 /R2 2012 /R2) that were failing to communicate with the Software Update Point (SUP) in SCCM and retrieve deployment policy. The UpdateDeployment.log was reporting the Job error 0x80004005 Job error (0x80004005) received for assignment ({af7a48e6-d550-4070-dd9b-ecc234567584}) action UpdatesDeploymentAgent 12/6/2017 10:32:27 AM 2096 (0x0830) The WUAHandler.log  was reporting "Unable to read existing WUA Group Policy object" and "Failed to Add Update Source for WUAgent " Unable to read existing WUA Group Policy object. Error = 0x80004005. WUAHandler 12/6/2017 3:41:00 AM 2828 (0x0B0C) Failed to Add Update Source for WUAgent of type (2) and id ({3AAB6A76-CE2D-4E8A-9F11-123AE69612A1}). Error = 0x80004005. WUAHandler 12/6/2017 11:03:31 AM 2276 (0x08E4) Until the agent can report back to the SUP, SCCM will not be able to summarize Software Update sta

All New posts are placed on: http://www.SystemCenterBlog.co.uk

Windows 10 - UE-V Deployment Guide UE-V in Windows 10 is setup pretty quickly but the documentation for Group Policy and expected outcomes is all over the place.  In order to help other IT Pro's navigate their UE-V implementation I have documented my configuration with observations. Folder and Executable Reference Table Templates folder                    = C:\ProgramData\Microsoft\UEV\Templates InboxTemplates folder           = C:\ProgramData\Microsoft\UEV\InboxTemplates Scripts Folder                         = C:\ProgramData\Microsoft\UEV\Scripts SettingsStoragePath                = Central UNC Share i.e \\ServerName\UEVData\%UserName% SettingsTemplateCatalogPath = Central UNC Share i.e \\ServerName\UEVCatalogPath UEVAppMonitor.exe                        = Scheduled Task "Monitor Application Settings" ApplySettingsTemplateCatalog.exe = Scheduled Task "Template Auto Update" Microsoft.Uev.SyncController.exe   = Scheduled Task "Sync Controller Application&qu

Software Updates - Feature Upgrade - Windows 10 Software updates within an Enterprise organisation has been fairly straight forward until you attempt to use it for Feature Upgrades of Windows 10.  SCCM is very reliable at delivering the updates (Rollups, Updates, Upgrades) and as i have previously proved is UWF aware in Windows 10. However, the Feature Upgrade does require a bit of prep work if you do not want the new Appx Applications installed as part of the Upgrade. Moving between the 1507-1703 branches each Feature upgrade would reinstall the Appx Applications that you previously removed. Microsoft has addressed this in the 1703 - 1709 feature upgrade and if you removed an application it will not come back.  However, if the new branch has a new application this will get installed. Uninstalled in-box apps no longer automatically reinstall Starting with Windows 10, version 1703, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature upd

Windows 10 Overlay for Unified Write Filter (UWF) This entry is to document my experience with the Windows 10 feature Unified Write Filter (UWF); with the intention to replace DeepFreeze on shared computers. "Unified Write Filter (UWF) protects the contents of a volume by redirecting all write operations on that volume to the overlay, which is a virtual representation of the changes to the volume. Conceptually, an overlay is similar to a transparency overlay on an overhead projector. Any change that is made to the transparency overlay affects the projected picture as it is seen by the viewer. However, if the transparency overlay is removed, the underlying picture remains unchanged. In a UWF protected system, UWF creates a single overlay, which contains information about writes to all protected volumes on a system. The overlay supports up to 16 terabytes of protected volumes." (extract from  https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/uwfoverlay )  H

Windows PE  and Cisco ISE authentication This blog entry is intended to assist you when implementing a Cisco ISE next generation network across the organisation.  Without ISE profiles the SCCM Task Sequence will fail to connect to Distribution Points and the MDT database.  UNC paths are blocked and network access is restricted. Cisco ISE by design will restrict network access to prevent unauthorized clients from simply plugging their equipment into the network and being routed like a authorised client. Computer and User Authentication (explain in detailed section) Cisco ISE profiles should be implemented in two ways; Cisco ISE profiles via Group Policy for domain joined systems, and to bake ISE profiles into the SCCM Boot Image.  The guide below will explain how to implement both configuration setups. Tutorial - WinPE Microsoft has detailed the two XML files required to achieve User Authentication when in WinPE here Create an XML called "EthernetLANProfile.xml" containing the

ScanAgent.log reports OnScanComplete with error=0x87d00692 Scenario : Clients are not receiving Software Updates for both Microsoft OS updates and Windows Defender.  The SCCM concole resports that the system does not summaries any required updates. We have a Group policy in place applying a specific update service location; this location is applied in several policies over several OU's. Only one policy when applied results in the error 0x87d00692 . ScanAgent.log ScanJob({BAA53BE2-9FE1-48B6-89A7-0D60BC07ED50}): CScanJob::OnScanComplete -Scan Failed with Error=0x87d00692 ScanJob({BAA53BE2-9FE1-48B6-89A7-0D60BC07ED50}): CScanJobManager::OnScanComplete- failed at CScanJob::OnScanComplete with error=0x87d00692 Conclusion : We have a Group policy in place applying a specific update service location; this location is applied in several policies over several OU's. The single policy that was resulting in   0x87d00692 has had the update service location removed and hand

SCCM SUP WSUS Pool keeps stopping or the server is unresponsive Scenario: Our WSUS/SUP had become unresponsive and the decision to reinstall the server role was made. After the Site server had been reinstalled  I became aware that Windows Defender updates were failing to update (3 days old) and even though the updates were sync'd, downloaded, and deployed in SCCM the client was still unable to receive them. Client Log analysis : ScanAgent.log ScanJob({999C9FFA-A463-4BE8-8771-67EE96D4140B}): CScanJob::OnScanComplete -Scan Failed with Error=0x80240440 ScanJob({999C9FFA-A463-4BE8-8771-67EE96D4140B}): CScanJobManager::OnScanComplete- failed at CScanJob::OnScanComplete with error=0x80240440 Update Deployment.log Job error (0x80240440) received for assignment ({bf7a48e6-d220-4070-bb9b-ecc239107584}) action        UpdatesDeploymentAgent        Updates will not be made available        WUAHandler.log Async searching of updates using WUAgent started.        Async searching completed.      

SCCM Task Sequence with App-V application " A supported App-V 5X client is not installed" Scenario: Windows 10 (1607) Task Sequence with various MSI and App-V applications. During an SCCM Task Sequence I am attempting to install an App-V application however, at the end of the build MSI installations have installed but App-V application has not been installed. AppDiscovery.log    Performing detection of app deployment type MathWorks_MATLAB-R2014a_8.3.0.532_001A - Download..... +++ App-V 5X application not discovered. A supported App-V 5X client is not installed. Resolution: With Windows 10, version 1607, the App-V client is installed automatically however, it needs to be enabled before you can installations App-V packaged within a Task Sequence.  This can be achieved by adding a command line to you Task Sequence to run Windows PowerShell command. powershell -executionpolicy bypass -command Enable-Appv

Scenario : On the root of the C drive you right click and select New "Folder".  Windows will then create 4 New folder i.e. New Folder, New Folder (2), New Folder (3), New Folder (4).  To delete or open these folders you need to elevate permissions on each one. We have seen this issue only occur on Windows 10 systems applying Group Policy. Cause: In our environment a specific Group policy was filtered to Windows 10 only.  Within this policy the following security setting was set to modify C: drive file permissions: Computer> Policies> Windows Settings>File System The policy specifically was allowing Administrators Full Control and Users Read and Execute permissions to " This Folder" only .  This had the affect of preventing sub-folders from  inheriting Administrator / Users permissions. If this policy does not exist or is set to "This folder, Sub-folders, and files" then the additional Folders are not created. I believe this issue is a bug in the w

Scenario : On the root of the C drive you right click and select New "Folder".  Windows will then create 4 New folder i.e. New Folder, New Folder (2), New Folder (3), New Folder (4).  To delete or open these folders you need to elevate permissions on each one. We have seen this issue only occur on Windows 10 systems applying Group Policy. Cause: In our environment a specific Group policy was filtered to Windows 10 only.  Within this policy the following security setting was set to modify C: drive file permissions: Computer> Policies> Windows Settings>File System The policy specifically was allowing Administrators Full Control and Users Read and Execute permissions to " This Folder" only .  This had the affect of preventing sub-folders from  inheriting Administrator / Users permissions. If this policy does not exist or is set to "This folder, Sub-folders, and files" then the additional Folders are not created. I believe thi

Soon after installing SCCM CB 1702 we were unable to see Task Sequences deployed to the unknown collection. This issue was identified as a random system taking the GUID of the 'x64 Unknown Computer (x64 Unknown Computer)' record. As a result it was now a known GUID; as we were only deploying Task Sequences to the Unknown collection none were made available. 'x64 Unknown Computer (x64 Unknown Computer)' record 'x86 Unknown Computer (x86 Unknown Computer)' record To get the GUID of your unknown systems open SQL management studio and run the following command: --Sql Command to list the name and GUID for UnknownSystems record data select ItemKey, Name0,SMS_Unique_Identifier0 from UnknownSystem_DISC Using the returned GUID (SMS_Unique_Identifier0) we can find the hostname that has been assigned the 'x64 Unknown Computer (x64 Unknown Computer)' GUID by running the query below. --x64 Unknown Computers select Name0,SMS_Unique_Identifier0,Decommissioned0 from Sys

Office 365 Update Restarts my Apps in SCCM Pushing Office 365 C2R updates through SCCM 1610 causes Office applications to close unexpectedly on client PCs This is a known bug since the release of ConfigMgr CB 1610. and was resolved with Hotfix KB4010155 https://support.microsoft.com/en-us/help/4010155/update-rollup-for-system-center-configuration-manager-current-branch-v  After you start installation of Office updates from Software Center, users do not receive a notification message to exit all open Office 365 applications. This behavior occurs even with the  forceappshutdown=False  switch in the Configuration.xml file for Office 365. Conclusion Install all hotfixes https://support.microsoft.com/help/4010155 https://support.microsoft.com/help/4016483

Dell E5450 Bricked after applying CCTK.exe command Dell E5450 with i3 Processors a CCTK.exe warning We recently had our E5450 Latitude failing to post following a stand SCCM Window Task Sequence.  It was collected for diagnosis and motherboard swap out.  While no diagnosis was performed (pointless sending away) we was returned within a few days with a new motherboard. Upon receiving it I cautiously rebuilt it with success with a cut down version of the task sequence; I have simply installed the Windows Image (WIM) and driver package.  Upon introducing additional steps to the SCCM task sequence I see a complete failure of the BIOS as previously experienced. The failed post was the result of CCTK.EXE modifying BIOS settings. We are using the latest version of CCTK 3.2 with the following commands;  cctk --secureboot=enable --valsetuppwd=PASSWORD cctk --wakeonlan=enable --valsetuppwd=PASSWORD cctk --uefinwstack=enable --valsetuppwd=PASSWORD cctk --embsataraid=ahci --valsetuppwd=PASSWORD cc

Sharepoint documents will not open in Word/Excel Today I have been dealing with a very interesting Office 365 / SharePoint issue. It was reported that the Edit in Application button within SharePoint i.e. “Edit in Excel” “Edit in Word” is not working correctly and results in an empty Spreadsheet or empty Word document. Viewing and Editing within the browser is fully functional and the behaviour varies depending on computers within specific OU in active directory.  It is worth noting at this point the estate consisted of Office 2013 ProPlus installations running on Windows 8.1. The fact that identical systems with identical software versions patch to the same level, resulted in different behaviour could only mean Group Policy was different between them. I was quickly able to find the offending policy; " Block signing into Office: Enabled ". The screen shot above details a systems policy with the issue. With the Standard Workstation GPO's the policy "Block signing into

1            Office 365 Configuration This section describes the Office 365 application implemented. 1.1         Observations The current estate contains a range of Office suite and standalone products (Standard, ProPlus, Outlook, Lync, Visio, and Project) as well as a range/mix of versions on each system; from 2007- 2016. 1.2         Application Deployment An Office 365 application has been created in English.  Each application source directory is about 1.2GB in size and has been distributed to all corresponding DP’s.  Note: it is possible to install multiple languages of Office 365 on a single system however, the first installation will take ownership of the UI Shell i.e. Menus, drop –downs etc. 1.3         Office 2016 Deployment Tool for Click-to-Run The source files for Office 365 can be downloaded via the Click-To-Run URL  here . This will download and extract two files (setup.exe and Configuration.xml). A download.xml and install.xml can be extrapolated from the accompanied confi