Tag Archives: SCCM

Deploy Office, Visio & Project 2019 using SCCM

14/03/2019 Update

Hi Everyone,

Thought I would update this post with the introduction of the online Office Customization Tool (OCT)


This tool will help customize and generate the xml file required.

One item that does not get created in OCT is this line which I recommend adding into the xml for in place upgrades.

<Property Name=”FORCEAPPSHUTDOWN” Value=”TRUE” />

Without this the install would fail for an in place upgrade as an office application or Skype For Business will be running. This will cause an error stating 0X8000FFFF (-2147418113) in software centre.

When set to TRUE, forces any apps that are blocking the install of Office to shut down. Data loss may occur.


Original Post 29/10/2018

Microsoft Office 2019 was recently released at the end of September..rather quietly as well so don’t be shocked to see that it is suddenly out.

With the O365 way of Office applications these days, this has had a big impact on the typical installer of Office. No longer is there a simple msi style deployment but rather the same click to run style installer that O365 uses. So it is time to relearn how to deploy office again and some of the fun issues you will come across with the SCCM deployment as well.

In my rollout I used the 32bit version due to legacy plugins, however this same guide can be used for the 64bit deployment.

There is a lot of useful information in the Microsoft guide here which I used to pull this together – Deploy Office 2019 (for IT Pros)

First things first, go to the Microsoft VLSC website and grab the installer. The file you will get will be similar to the below.

Run this setup which will ask you to extract to a location. Extract this to your application repository. Click accept and continue

Choose your location

Here are the extracted files. We have the setup.exe file as well as some sample xml templates which is what we will discuss next.

The xml file controls the install we create. The same setup.exe is used for Office, Visio and Project.

Take a copy of one of the templates and rename it to what you like ie company_office2019_setup.xml  Edit the XML in your favorite editor.

As per the update on this post I would now recommend using https://config.office.com/ to generate the xml file

For reference the original can be download here.

I will go through each of the elements in the XML to help explain what each does and why you may change things.

<Add OfficeClientEdition=”32″ Channel=”PerpetualVL2019″>

Which edition of Office 2019 to download or install.

For example, the 64-bit version.

OfficeClientEdition Valid xml values are “32” and “64.”

All Office products on the computer must be of the same architecture. You can’t have both 32-bit and 64-bit Office products installed on the same computer.

We recommend 64-bit on computers that have 4 gb or more of memory. But you should assess application compatibility and other factors that might require you to use the 32-bit version.

“PerpetualVL2019” is the only supported update channel for Office Professional Plus 2019 and Office Standard 2019. It’s also the default update channel for volume licensed versions of Project 2019 and Visio 2019.

<Product ID=”ProPlus2019Volume”>

Change according to what product you want to deploy. ie Office Pro Plus, Standard, Visio, Project etc. The values are below.

Which products to download or install

For example, Office Professional Plus 2019

Product ID Valid values for volume licensed versions of Office 2019 include the following:
– ProPlus2019Volume
– Standard2019Volume
– ProjectPro2019Volume
– ProjectStd2019Volume
– VisioPro2019Volume
– VisioStd2019Volume

<Language ID=”en-us” />

Select your language

Which languages to download or install

For example, English (en-us) and French (fr-fr).

Language ID You can install multiple languages at the same time you’re Installing Office 2019, or you can install them later.

For more information, see Deploy languages for Office 2019.

<RemoveMSI All=”True” />

This will remove older versions of Office. For more information, see Remove existing versions of Office before installing Office 2019.

<Updates Enabled=”TRUE” Channel=”PerpetualVL2019″ />

For Office Professional Plus 2019, the  update channel you need to use: PerpetualVL2019. Other options are for O365 only.

For more information, see Update channel for Office 2019.

<Display Level=”None” AcceptEULA=”TRUE” />

Display Level has two values, None or Full, for a silent install you mus select None. If AcceptEULA is set to TRUE, the user does not see a Microsoft Software License Terms dialog box. If this attribute is set to FALSE or is not included, the user may see a Microsoft Software License Terms dialog box.

<Property Name=”AUTOACTIVATE” Value=”1″ />

For Office 2019 Professional Plus you can  set AUTOACTIVATE to 1 to have the product activate automatically. This will work for both MAK and KMS activations. To ensure Office 2019 activates on KMS ensure you have installed this on your KMS server

<Property Name=”FORCEAPPSHUTDOWN” Value=”TRUE” />

Now this one was very important. When I did my initial setup and didn’t have this, the install would fail as an office application or Skype For Business was running. This will cause an error stating 0X8000FFFF (-2147418113) in software centre.

When set to TRUE, forces any apps that are blocking the install of Office to shut down. Data loss may occur.


OK, so now you understand the xml it is time to move on with the process. The next step is to use the new xml file we created to download the office content. This will create the whole package you can send to your DP’s.

It is worth noting, the content downloaded is the same for all Office, Visio & Project. The only difference in content will be if you change the xml between 32 or 64 bit different content will download

Open a command prompt or powershell in the current deployment folder and run the following command

CMD:  setup.exe /download company_office2019_setup.xml
Powershell:  .\setup.exe /download .\company_office2019_setup.xml

This will download the installer content into a folder called office

Now this is good to go! Lets jump to SCCM and create a new application.

Select Manually specify the application information.

Type in the application name, publisher, version etc.

Add in the information so that it will display in Software Centre. Add in a nice icon as well 🙂

Select Manually specify the deployment type information.

Again type in the name

The content location is where you have the installer

Installation Program
“setup.exe” /configure “company_office2019_setup.xml”

Uninstall Program
“setup.exe” /configure “company_office2019_uninstall.xml”

To configure an uninstall program you will need to create another xml file that can be used for the uninstall. This is to go in the same content directory. Download the example here.

Also select Run installation and uninstall program as 32-bit process on 64bit clients (For 32 Bit installs only), for 64bit untick this option.

Once done press next, we must now configure the detection rule. Create a new Registry type rule

  • Setting Type – Registry
  • Key – SOFTWARE\Microsoft\Office\ClickToRun\Configuration
  • Value – VersionToReport
  • Enable “This registry key is associated with a 32-bit application on 64-bit systems”
  • Data Type – Version
  • Select “This registry setting must satisfy following rule to indicate the presence of this application”
  • Operator – Greater than or equal to
  • Value – 16.0.10827.20181

For Visio use:

For Project use:

Press Ok and move to the next page.

Change to Install for System and Whether or not a user is logged on. Change the max and estimated times as you see fit.

Press Ok, we must now create a requirement that this is only for Windows 10.

Select Operating System, and select Windows 10.  Press Ok and finish the wizard.

Distribute, Deploy and test!

Here are my final results.

Most important thing that stopped my deployment working was existing office applications not closing before the install would start. Ensure you add that line into the xml mentioned above.

As always feel free to ask questions in the comments section below, I hope this guide helps!



More and more often it seems that the WSUS DB becomes too large that it causes multiple issues especially with SCCM integration (SCUP). You may not be able to perform the required maintenance using scripts (Download Here)  but often enough the service will crash thus you will need to troubleshoot at the SQL/WID level to perform a cleanup.

SQL/WID Cleanup Queries

Download the scripts here and run in order:

SQLQuery – 1 Remove Unused Updates
SQLQuery – 2 Remove Hidden Updates
SQLQuery – 3 Re-index Database

If your SUSDB is on a dedicated SQL Instance, connect to that  server/DB and run the SQL Queries.

If you are running Windows Internal Database, this will still require SQL Management Studio (Run As Administrator)

Server Name to connect to

2012 (or later) \\.\pipe\MICROSOFT##WID\tsql\query
2003 & 2008  \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query

SCCM 1806 – Site server high availability

Starting in Configuration Manager version 1806, high availability for the site server role is a Configuration Manager-based solution to install an additional site server in passive mode. The site server in passive mode is in addition to your existing site server that is in active mode. A site server in passive mode is available for immediate use, when needed. Include this additional site server as part of your overall design for making the Configuration Manager service highly available.

A site server in passive mode:

  • Uses the same site database as your site server in active mode.
  • Doesn’t write data to the site database when it’s in passive mode.
  • Uses the same content library as your site server in active mode.

To make the site server in passive mode become active, you manually promote it. This action switches the site server in active mode to be the site server in passive mode. The site system roles that are available on the original active mode server remain available so long as that computer is accessible. Only the site server role is switched between active and passive modes.

Find out more here: https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/site-server-high-availability

SCCM – Server OS upgrade from 2008R2 to 2012R2

I recently completed an OS upgrade of my environment from 2008R2 to 2012R2 on a CAS>Primary Hierarchy. I found the documentation a bit limiting especially post install as without a doubt there are some issues you are bound to run into. So what is a good way going about the process? I broke this up into 3 main steps

  1.  Prepare the OS Drive by cleaning up data (a Windows.Old Directory is stored post upgrade that consumes a lot of space)
  2. The OS upgrade itself. (If using a VM, Snapshot!)
  3. Post upgrade Tasks and remediation

1. Preparation

  • Check Disk space of OS Drive
  • Delete old log files in inetpub.
  • Install desktop experience so that you get the Disk cleanup utility to use post upgrade.
  • If using a static IP, take note of these details as the upgrade will change to DHCP
  • Uninstall WSUS 3.0 SP2
  • Remove the Software Update Point Role from SCCM
  • Stop the SCCM site using Presinst.exe /StopSite (Stopping the CAS server will stop the whole hierarchy)
  • Create a snapshot here if you have a VM

2. OS Upgrade

Just like any OS upgrade, however you are doing it. In this case with a VM the ISO was mounted the the in place upgrade was kicked off.


3. Post upgrade:

  • Ensure the Windows Deployment Service is started and running for the following site system roles (this service is stopped during upgrade):
    • Site server
    • Management point
    • Application Catalog web service point
    • Application Catalog website point
    • Ensure the Windows Process Activationand WWW/W3svc services are enabled, set for automatic start, and running for the following site system roles (these services are disabled during upgrade):
  • Site server
  • Management point
  • Application Catalog web service point
  • Application Catalog website point

Ensure each server that hosts a site system role continues to meet all of perquisites for site system roles that run on that server. For example, you might need to reinstall BITS, WSUS, or configure specific settings for IIS.

Below are the common issues I came across and the fix for each.

Application Catalog does not connect


After upgrading SCCM OS the application server config point stopped working. This is due to .Net 4.5

Cannot connect to the application server error message below.

When looking in the Site Component node, I could see that the SMS_AWEBSVC_CONTROL_MANAGER possess a warning sign which was in fact a several error notifications with the following description:

After installing .Net framework 4.5.2,  rebooting the server I still had that same error message.

Again, browsing to  http://localhost/CMApplicationCatalogSvc/applicationofferService.svc resulted in providing me a lead to an error in a line (which can be a result of one of my troubleshooting steps before writing these words) fixing a line in the file: “C:\Program Files\SMS_CCM\CMApplicationCatalogSvc\Web.config”


<add prefix=”HTTP://SCCM.U-BTech.COM:80“/></baseAddressPrefixFilters>


<baseAddressPrefixFilters><add prefix=”HTTP://SCCM.U-BTech.COM:80″/></baseAddressPrefixFilters>

And performing IISReset was the last piece in that puzzle that fortunatly solved the problem.

Console not working Remotely

Post upgrade the WMI permissions get overwritten thus the console does not work remotely any longer.

On the site server launch wmimgmt.msc console.

Then browse to root / SMS and root / SMS / site_[site name]. Add the SMS Admins local group back to both of these, and make sure they have Execute Methods, Provider Write, Enable Account, and Remote Enable allowed.


WSUS High CPU/Memory Usage

I also had multiple issues with WSUS 4.0 post upgrade. Most importantly was to patch the OS so that it is current. Also had to apply the steps in my post below to resolve the issue.

IIS w3wp.exe 100% CPU, WSUS and SCCM

Happy Upgrading!!

IIS w3wp.exe 100% CPU, WSUS and SCCM

Update (25/09/2018)

Here is a guide for SUSDB Maintenance to help with this issue if you are still experiencing issues


Update (29/08/2017) :

Microsoft have released a patch for each WSUS version to resolve this issue. If you still run into issues please try the troubleshooting steps below in the original post.

Original Post:

A rather unique issue I came across recently in an environment was with the IIS Worker process w3wp.exe using 100% CPU.

With over 1500 clients you will see the WSUS IIS worker process start to use larger amounts of memory, and what happens when the default memory limit is hit, the CPU on the worker process will max out causing issues and stops WSUS from working.

The way to view the worker processes and current resource utilization is to go to IIS Manager, select the server name and open Worker Processes.

You will see here the utilization.  Make sure you check WCM.log and WSUSCtrl.log for any errors as well.

The recommendation usually is just to increase from the default limit 1843200 to a larger amount such as 4GB 4194304 however I found this didn’t resolve the issue. It is best to set it as so that it has access to the largest amount required.   This alone does not always fix the issue.

See the full  list of instructions below of what to change.

  1. On your WSUS Server, launch the IIS Manager
  2. Open Application Pools
  3. Right click ‘WsusPool’ and select ‘Advanced Settings…’
  4. To support the maximum SCCM Software Update Point clients, change ‘Queue Length’ from the default 1,000 to 25,000
  5. Change ‘”Service Unavailable” Response Type’ from the default HttpLevel to TcpLevel
  6. Change ‘Failure Interval (minutes) from the default 5 to 30
  7. Change ‘Maximum Failures’ from the default 5 to 60
  8. Click ‘OK’ to save the App Pool changes
  9. Open Services.Msc
  10. Restart the  World Wide Web Publishing Service 

The pool will use a large amount of memory initially but will start to settle. In this example it consumed around 11GB of RAM and now hovers around 1.0 GB.

Limit the number of inbound connections to WSUS

Reducing the number of allowed connections will cause clients to receive 503 errors (service not available), but they will retry. If the performance counter Web Services | Current Connections for the website on which WSUS is hosted has more than 1000 connections, complete this step:

  • Open IIS Manager for the WSUS server.
  • Expand <Server name> and then Sites.
  • Select the site hosting WSUS.
    • If you aren’t sure, expand each site and look for the ClientWebService directory underneath it – that is the WSUS site the clients use.
  • With the site selected, click the Limits link in the toolbar on the right side.
  • Check the option Limit number of connections and change it to 1000 (or even smaller).
  • Click Ok to save the changes.
  • From an elevated command prompt, run IISReset to restart IIS.

Increase the ASP.NET timeout

  • Make a copy of \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
  • Open \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
  • Find the element “<httpRunTime”. It will look like this (in an unmodified web.config):
<httpRuntime maxRequestLength="4096" />
  • Modify httpRunTime by adding an executionTimeout attribute:
<httpRuntime maxRequestLength="4096" executionTimeout="3600" />
  • Save the web.config to a different location and copy the modified one into the directory.
  • From an elevated command prompt, run IISReset to restart IIS.

If you are running WSUS 3.0 SP2 on Server 2008R2 ensure you have installed:

  • KB2720211
  • KB2734608

If you are running WSUS 4.0 on Server 2012R2 ensure you have installed:

  • KB2919442
  • KB2919355
  • KB3095113
  • KB3159706

This will bring you from version 6.3.9600.16384 to 6.3.9600.18324

Others as well to try if you are still getting issues for 2012 WSUS 4.0

  • KB2919355
  • KB3048824-v2

For WSUS 4.0 make sure you enable ESD for Windows 10 Servicing after installing the above updates

Open CMD as Administrator and run:
“C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing
Then finally restart the WSUS Services

If you are running this on VMware, ensure you have VMTools installed as it will impact the performance greatly. 

If it is still not working then you are best to start from scratch, remove WSUS, delete your WSUS files, Database, Wsus IIS Site and Worker Process. Ensure your OS is patched, Install WSUS then install the KB’s above. You will probably still need to modify the worker process as well. Restart your server and initiate a sync.

Happy Troubleshooting!

Additional Information available here

Content Mismatch Warnings on a Distribution Point

You might see content mismatch warnings in SCCM when content validation runs and determines that there is a discrepancy between the expected list of packages in WMI on the distribution point and the packages in the content library. In this scenario, the distribution point status goes into a warning state and the status message returned by the distribution point is listed in the Details pane when you view the status of the distribution point in the Monitoring workspace, Distribution Point Configuration Status node.

To determine which package is causing this mismatch, review the smsdpmon.log file on the distribution point.

Notice the log entries:

CContentDefinition::LibraryPackagesWmi: The package data in WMI is not consistent to PkgLib
CContentDefinition::LibraryPackagesWmi: Package CCA0000A can’t be found in PkgLib

The simplest way to determine the missing package is to view the Content Status  in the Monitoring workspace and search for the package ID by using the search field. After you have found the package ID, you can determine the name of the software.

If the package is not on the site, you must remove the package from WMI on the distribution point. The namespace to connect to is rootsccmdp. The class that contains the list of packages expected is SMS_PackagesInContLib. The simplest way to find the package and remove it from WMI is to run a query on the distribution point such as the following, and then delete the object that is returned.

select * from SMS_PackagesInContLib Where PackageID = ‘CCB00002’

Note: Ensure that you replace the CCB00002 with your own package ID

If the package is on the site, you can update the content on the distribution point to clear the Warning state.

If the error still persists you can use this script to remove the offending packages/applications.

Download the Script from TechNet


SCCM Redistributing Multiple items on a distribution point(s)

Like many SCCM admins,  one of the common issues we come across is a distribution point with failed packages. This may occur due to many reasons such as a bad link, corrupt content, disk space etc. just to name a few.

It is rather painstaking though in SCCM that you cannot refresh multiple items from the console, limited to using the distribution point  content in monitoring to refresh by content only and not by distribution point . Luckily though there is a script to do the work for you.

This script checks all packages assigned to a distribution point  and redistributes any packages that have an error status.

To use the script (Download at the end of the post), modify the VBS file to put in your server details in the variable section

‘ The name of the CAS/Primary site server
Public Const CASServerName = “CASorPRIServer”

‘ Which DP to refresh packages for – leave this blank to check ALL DPs
Public Const DPServerName = “DPServer”

Once done open Command Prompt as administrator. Change Directory to where the script it stored and type in cscript DP_Refresh.vbs press Enter

The script will now refresh the DP, you can view the status in the console.

Download Script Here