All posts by admin

Deploy Office, Visio & Project 2019 using SCCM

Microsoft Office 2019 was recently released at the end of September..rather quietly as well so don’t be shocked to see that it is suddenly out.

With the O365 way of Office applications these days, this has had a big impact on the typical installer of Office. No longer is there a simple msi style deployment but rather the same click to run style installer that O365 uses. So it is time to relearn how to deploy office again and some of the fun issues you will come across with the SCCM deployment as well.

In my rollout I used the 32bit version due to legacy plugins, however this same guide can be used for the 64bit deployment.

There is a lot of useful information in the Microsoft guide here which I used to pull this together – Deploy Office 2019 (for IT Pros)

First things first, go to the Microsoft VLSC website and grab the installer. The file you will get will be similar to the below.

Run this setup which will ask you to extract to a location. Extract this to your application repository. Click accept and continue

Choose your location

Here are the extracted files. We have the setup.exe file as well as some sample xml templates which is what we will discuss next.

The xml file controls the install we create. The same setup.exe is used for Office, Visio and Project.

Take a copy of one of the templates and rename it to what you like ie company_office2019_setup.xml  Edit the XML in your favorite editor.

You can download the below sample here.

I will go through each of the elements in the XML to help explain what each does and why you may change things.

<Add OfficeClientEdition=”32″ Channel=”PerpetualVL2019″>

Which edition of Office 2019 to download or install.

For example, the 64-bit version.

OfficeClientEdition Valid xml values are “32” and “64.”

All Office products on the computer must be of the same architecture. You can’t have both 32-bit and 64-bit Office products installed on the same computer.

We recommend 64-bit on computers that have 4 gb or more of memory. But you should assess application compatibility and other factors that might require you to use the 32-bit version.

“PerpetualVL2019” is the only supported update channel for Office Professional Plus 2019 and Office Standard 2019. It’s also the default update channel for volume licensed versions of Project 2019 and Visio 2019.

<Product ID=”ProPlus2019Volume”>

Change according to what product you want to deploy. ie Office Pro Plus, Standard, Visio, Project etc. The values are below.

Which products to download or install

For example, Office Professional Plus 2019

Product ID Valid values for volume licensed versions of Office 2019 include the following:
– ProPlus2019Volume
– Standard2019Volume
– ProjectPro2019Volume
– ProjectStd2019Volume
– VisioPro2019Volume
– VisioStd2019Volume

<Language ID=”en-us” />

Select your language

Which languages to download or install

For example, English (en-us) and French (fr-fr).

Language ID You can install multiple languages at the same time you’re Installing Office 2019, or you can install them later.

For more information, see Deploy languages for Office 2019.

<RemoveMSI All=”True” />

This will remove older versions of Office. For more information, see Remove existing versions of Office before installing Office 2019.

<Updates Enabled=”TRUE” Channel=”PerpetualVL2019″ />

For Office Professional Plus 2019, the  update channel you need to use: PerpetualVL2019. Other options are for O365 only.

For more information, see Update channel for Office 2019.

<Display Level=”None” AcceptEULA=”TRUE” />

If AcceptEULA is set to TRUE, the user does not see a Microsoft Software License Terms dialog box. If this attribute is set to FALSE or is not included, the user may see a Microsoft Software License Terms dialog box.

<Property Name=”AUTOACTIVATE” Value=”1″ />

For Office 2019 Professional Plus you can  set AUTOACTIVATE to 1 to have the product activate automatically. This will work for both MAK and KMS activations. To ensure Office 2019 activates on KMS ensure you have installed this on your KMS server

<Property Name=”FORCEAPPSHUTDOWN” Value=”TRUE” />

Now this one was very important. When I did my initial setup and didn’t have this, the install would fail as an office application or Skype For Business was running. This will cause an error stating 0X8000FFFF (-2147418113) in software centre.

When set to TRUE, forces any apps that are blocking the install of Office to shut down. Data loss may occur.

_______________________________________________________________________

OK, so now you understand the xml it is time to move on with the process. The next step is to use the new xml file we created to download the office content. This will create the whole package you can send to your DP’s.

Open a command prompt or powershell in the current deployment folder and run the following command

CMD:  setup.exe /download company_office2019_setup.xml
Powershell:  .\setup.exe /download .\company_office2019_setup.xml

This will download the installer content into a folder called office

Now this is good to go! Lets jump to SCCM and create a new application.

Select Manually specify the application information.

Type in the application name, publisher, version etc.

Add in the information so that it will display in Software Centre. Add in a nice icon as well 🙂

Select Manually specify the deployment type information.

Again type in the name

The content location is where you have the installer

Installation Program
“setup.exe” /configure “company_office2019_setup.xml”

Uninstall Program
“setup.exe” /configure “company_office2019_uninstall.xml”

To configure an uninstall program you will need to create another xml file that can be used for the uninstall. This is to go in the same content directory. Download the example here.

Also select Run installation and uninstall program as 32-bit process on 64bit clients (For 32 Bit installs only), for 64bit untick this option.

Once done press next, we must now configure the detection rule. Create a new Registry type rule

  • Setting Type – Registry
  • Hive – HKEY_LOCAL_MACHINE
  • Key – SOFTWARE\Microsoft\Office\ClickToRun\Configuration
  • Value – VersionToReport
  • Enable “This registry key is associated with a 32-bit application on 64-bit systems”
  • Data Type – Version
  • Select “This registry setting must satisfy following rule to indicate the presence of this application”
  • Operator – Greater than or equal to
  • Value – 16.0.10827.20181

For Visio use:

For Project use:

Press Ok and move to the next page.

Change to Install for System and Whether or not a user is logged on. Change the max and estimated times as you see fit.

Press Ok, we must now create a requirement that this is only for Windows 10.

Select Operating System, and select Windows 10.  Press Ok and finish the wizard.

Distribute, Deploy and test!

Here are my final results.

Most important thing that stopped my deployment working was existing office applications not closing before the install would start. Ensure you add that line into the xml mentioned above.

As always feel free to ask questions in the comments section below, I hope this guide helps!

Matt.

WSUS/SCCM DB Cleanup (SCUP)

More and more often it seems that the WSUS DB becomes too large that it causes multiple issues especially with SCCM integration (SCUP). You may not be able to perform the required maintenance using scripts (Download Here)  but often enough the service will crash thus you will need to troubleshoot at the SQL/WID level to perform a cleanup.

SQL/WID Cleanup Queries

Download the scripts here and run in order:

SQLQuery – 1 Remove Unused Updates
SQLQuery – 2 Remove Hidden Updates
SQLQuery – 3 Re-index Database

If your SUSDB is on a dedicated SQL Instance, connect to that  server/DB and run the SQL Queries.

If you are running Windows Internal Database, this will still require SQL Management Studio (Run As Administrator)

Server Name to connect to

2012 (or later) \\.\pipe\MICROSOFT##WID\tsql\query
2003 & 2008  \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query

SCCM 1806 – Site server high availability

Starting in Configuration Manager version 1806, high availability for the site server role is a Configuration Manager-based solution to install an additional site server in passive mode. The site server in passive mode is in addition to your existing site server that is in active mode. A site server in passive mode is available for immediate use, when needed. Include this additional site server as part of your overall design for making the Configuration Manager service highly available.

A site server in passive mode:

  • Uses the same site database as your site server in active mode.
  • Doesn’t write data to the site database when it’s in passive mode.
  • Uses the same content library as your site server in active mode.

To make the site server in passive mode become active, you manually promote it. This action switches the site server in active mode to be the site server in passive mode. The site system roles that are available on the original active mode server remain available so long as that computer is accessible. Only the site server role is switched between active and passive modes.

Find out more here: https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/site-server-high-availability

SCCM Third Party Patching

Currently a Pre-Release feature with 1806, Third Party Patch management is finally on it’s way!!

Here is a great video from Patch My PC covering the new feature.

SCCM OSD PXE problems with USB Adapters

A rather annoying issue I have come across with PXE imaging on PC’s with a USB adapter is a conflict with duplicate MAC as the adapter itself has a MAC address and does not pass through from the PC itself. If you look into the SMSPXE.log this will reveal the issue

Manage duplicate hardware identifiers

Providing a list of hardware identifiers that Configuration Manager ignores for the purpose of PXE boot and client registration, helps to address two common issues.

  1. Many new devices, like the Surface Pro 3, do not include an onboard Ethernet port. Technicians use a USB-to-Ethernet adapter to establish a wired connection for purposes of operating system deployment. However, these adapters are often shared due to cost and general usability. Because the MAC address of this adapter is used to identify the device, reusing the adapter becomes problematic without additional administrator actions between each deployment. To reuse the adapter in this scenario, exclude its MAC address.
  2. While the SMBIOS attribute should be unique, some specialty hardware devices have duplicate identifiers. Exclude this duplicate identifier and rely on the unique MAC address of each device.

To add hardware identifiers for Configuration Manager to ignore

  1. In the Configuration Manager console, go to Administration > Overview > Site Configuration > Sites.
  2. On the Home tab, in the Sites group, choose Hierarchy Settings.
  3. On the Client Approval and Conflicting Records tab, choose Add in the Duplicate hardware identifiers section to add new hardware identifiers.

SCCM Cannot Disable Peer-Cache

SCCM peer cache was introduced in 1610 as a pre-release future and eventually made it into production.

As there was quite limited documentation around the feature at the time, there have been several eager admins who have likely  enabled this without understanding how it works and the consequences.

5

After disabling the feature in client settings, clients started to remove from the Super Peers list however not all.

To check the Super Peers list you will need go to the SQL database your SCCM instance is hosted on.

Select * from SuperPeers

Symptoms

The symptoms you will are slow OS deployement, slow applications download (Downloading stuck 0% for a while) from Software Center, or even when deploying updates.

CAS.log reported a long download locations list before the SCCM was even considered, so the server still reports these sources as active peer cache clients.

2

DataTransferService.log then reports a bunch of errors, because the feature is disabled on clients and content can’t be reached, then the client waits a bunch of seconds and proceeds with the next download location.

3

During OS deployment I noticed that placing a computer on the same subnet as the SCCM distribution point, it is considered first in the list, so the issue is … work-arounded?

4

Causes

I didn’t understand at first if this was BranchCache or PeerCache related. I tried a lot of things: re-enabling the feature then disable it again, changed my boundaries and boundary groups so that they are managed by IP address range, removed the “Allow clients to share content[…]” from applications (which is BranchCache related).

https://blogs.technet.microsoft.com/umairkhan/2017/06/12/configmgr-1702-the-case-of-unexplained-client-peer-cache-not-getting-disabled-even-after-disabling-it-via-client-settings/

This is the exact case. Read it, because this is gold. Even the introduction and myth-busting about BranchCache and PeerCache is worth a read.

The setting is disabled on computers, but the site server is not aware. Apparently there’s an issue when the client sends back a state message stating  to the site server, I’m not a superpeer, remove me from the list.

Verifying the WMI informations on a “guilty” computer (one of those appearing in CAS.LOG) with WMI Explorer

6

The setting is consistent with the deployed client settings. So the computer knows.

Let’s see if the client is in the “SuperPeers” table on the DB

Select * from System_DISC where Name0 like ‘ComputerName_still_in_Superpeer_list’

get the ItemKey from there, and

Select * from SuperPeers where ResourceID = ‘ItemKey’

7

8

So the client is still a SuperPeer for SCCM, and the same ResourceID also appears in SuperPeerContentMap for every application or package it is (was) able to distribute.

Select * from SuperPeerContentMap where ResourceID = ‘ItemKey’

9

So, how do we get rid of this data (which is now complete garbage, since I disabled the setting globally) ?

The Fix

As always make a backup of your database before running these commands. This will delete all the table information for Peer Cache information.

delete from SuperPeerContentMap

delete from SuperPeers

Test again from your clients to verify that everything now works!

GPO Backup and Email of GPO Modifications

Recently I wrote a Powershell script that backs up Group Policies and also sends an email of Group Policies modified within a specified time.  Works well setup on a scheduled task to take care of GPO Backups.

Download Here: GPO_Backup_1.2

The following fields can be modified to suite your requirements

$BUlocation = "C:\GPOBackups" #where the GPOs Backups will be located
$BUresults = "Backup-results.txt" #name of the ouput file (for reference)
$days = 15 #number days old bacups to be auto deleted
$dc = "domaincontroller" #hostname of the DC for backing up
$SMTPserver = "smtp.domain.com" #SMTP server name
$SendTo = "reciepient@domain.com" #Send email to this address

Also for the email sent you can change how long to capture the modifications

eg. 24 Hours

$body = Get-GPOModifications -Hours 24

eg. 7 Days

$body = Get-GPOModifications -Days 7

Hope you find this one useful 🙂

Error sending DAV request. HTTP code 500 (HTTP Error 500.19 – Internal Server Error)

From a client they were not able to download any content, after investigation the DataTransferService.log I could see the following error

Error sending DAV request. HTTP code 500, status 'Internal Server Error'   DataTransferService       24/08/2017 8:21:17 AM       3972 (0x0F84)

GetDirectoryList_HTTP('http://SERVERNAME:80/SMS_DP_SMSPKG$/f4e4ea5d-49ad-423a-9cac-cea869e6e1d7') failed with code 0x87d0027e.      DataTransferService       24/08/2017 8:20:47 AM  28624 (0x6FD0)

After browsing to the server http://localhost/SMS_DP_SMSSIG$ it would return a HTTP Error 500.19 – Internal Server Error.

As WSUS was previously installed on this sever it was the culprit behind it. I had a look at the ApplicationHost.config file and noticed that suscomp.dll was still installed by WSUS even though it had been removed.

To verify that suscomp.dll is configured

  1. Go to C:\windows\system32\inetsrv\config and locate the ApplicationHost.config file
  2. Open it with notepad and look for the following lines below
    scheme name=”xpress” doStaticCompression=”false” doDynamicCompression=”true”
    dll=”C:\Windows\system32\inetsrv\suscomp.dll” staticCompressionLevel=”10″
    dynamicCompressionLevel=”0″ />

Resolution

  • The following command needs to be run to disable the suscomp.dll that was installed when the WSUS server role was installed.From an elevated command prompt running the following.
    %windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/httpCompression /-[name='xpress']
  •  If you need to re-enable this just change it slightly and run this command.
     %windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/httpCompression /+[name='xpress',doStaticCompression='false',dll='%windir%\system32\inetsrv\suscomp.dll']

Software Metering Reports not working for new Rules

I came across an issue today  that when I created some new software metering rules that no data was being reported back and the reports were empty.

After a quick search the recommendation is to delete the RULECHG.RTA file from the “%installdir%\Microsoft Configuration Manager\inboxes\policypv.box” inbox, however I found that this file did not exist. Rather I had a lot of RT4, RT6 &  RT18 files.

To fix what I had done was remove the rules I created,  remove those files from the policypv.box inbox (copy to a temp folder). Create the rules again and check the reports.

It seems the rules were actually effective as data was being collected however no data was showing, since putting the fix in above the data now shows.

SCCM 1702 Upgrade – What to be aware of!

SCCM 1702 is now available under the current branch model. There are some new features that come along with this but also some items to be aware of.

What is be being dropped?

  • SQL Server 2008 R2, for site database servers. This version of SQL Server remains supported when you use a Configuration Manager version prior to version 1702.
    ..
  • Windows Server 2008 R2, for site system servers and most site system roles. This version of Windows remains supported when you use a Configuration Manager version prior to version 1702.
    ..
    Beginning with version 1702, this operating system is not supported for site servers or most site system roles, however versions prior to 1702 continue to support its use. This operating system does remain supported for the state migration point and distribution point site system role (including pull-distribution points, and for PXE and multicast) until deprecation of this support is announced, or this operating system’s extended support period expires.
    ..
  • Windows Server 2008, for site system servers and most site system roles.
    ..
    This operating system is not supported for site servers or site system roles with the exception of the distribution point and pull-distribution point. You can continue to use this operating system as a distribution point until deprecation of this support is announced, or this operating system’s extended support period expires
    ..
  • Windows XP Embedded, as a client operating system. This version of Windows remains supported when you use a Configuration Manager version prior to version 1702.

Be sure to read this extensively: https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/removed-and-deprecated-features

What is coming?

  • Close executable files at the deadline when they would block application installation – If executable files are listed on the Install Behavior tab for a deployment type and the application is deployed to a collection as required, then a more intrusive notification experience is provided to inform the user, and the specified executable files will be closed automatically at the deadline
    ..
  • Support for Windows 10 Creators Update – This version of Configuration Manager now supports the release of upcoming Windows 10 Creators Update
    ..
  • Express files support for Windows 10 Cumulative Update – Configuration Manager now supports Windows 10 Cumulative Update using Express files
  • Customize high-risk deployment warning – You can now customize the Software Center warning when running a high-risk deployment, such as a task sequence to install a new operating system.

As per any upgrade, make sure you check everything and what is supported. Make sure to run the Pre-Req first to start your planning.