SSRS Client Installation Troubleshooting

, , , , , , ,

Client Installation Troubleshooting

This will be the first part of many in a series of reports that I will offer for free to the community. The reports will cover wide range of items from OS Migration dashboards, Bit locker reports, SCCM Infrastructure health, Client health, Collection evaluation, etc. In each report I intent on there to be plenty of visuals to provide the tech a clean overview of what is happening in the environment. There will also be several troubleshooting notes included in this report to be a 1 stop shop for troubleshooting tool. Some reports during this series will have troubleshooting guides available as well. So far I am intending to release Client Installation Troubleshooting guides for OSD, client install, and software updates as I have already written several of them for previous customers.

The first report to be released will have a focus on identifying problems with client installation and providing some good.  This will eventually grow into a “Client Health Assessment” where there will be multiple reports all focused on client install/health/active etc.

Below we are able to get an overview of the client install failures within the last 30 days, and keep an eye on how many clients we currently have in the environment.

Client Installation Troubleshooting

I’m leveraging several CASE WHEN statements to translate the error codes to something the tech can easily troubleshoot.

Client Installation Troubleshooting

Please not that if your total systems number is off from what you see in your SCCM Console then look into your maintenance tasks/discovery items. It is not uncommon for me to see customers environments that do not have AD cleaned up…so long story short make sure your AD environment is cleaned up too.

Future Revision of this report will be released as part of client health Dashboard, with a few other reports.

Link to Report:
https://gallery.technet.microsoft.com/SSRS-SCCM-Client-Install-3bd9e6e6

 

Potential USMT Errors & Resolution

, , , , , , , , ,
Potential USMT Errors


Failure when “trying to reboot into WinPE”
appears on the Task Sequence UI (forgot to take screenshot)

 Potential USMT Errors & Resolution

 

      Check the “SMSTS.LOG” “C:WindowsCCMLogs”

 

         In the screenshot below look for a line like “Unable to find a volume that is suitable for staging the boot image” in the log file 

 

Potential USMT Errors
       This is typically for 2 different reasons.
      1.  The drive is locked by bitlocker encryption and you need to first disable bitlocker in the task            sequence. once this is done then the task sequence engine can identify the drive to stage the        boot image locally
      2.   This can also be because the drive is still undergoing the encryption process. You must wait             until the drive is fully encrypted before you can execute this task sequence from windows.
       To verify the drive is finished encrypting launch powershell as an admin and type “Get-BitlockerVolume” and do not attempt to run the installation until the “Encryption KeyProtector Percentage” is are 100%  
Potential USMT Errors
NOTE: it is possible you receive this error when you are trying to stage the boot image onto the disk and the disk cannot be read b/c of a different encryption software locks the disk. For example if you are running Dell Credant you must be logged into the system then the TS Engine will be able to read the disk.
To identify Dell Credant systems via SQL…this is a hybrid of one my queries that I use in my production environment but you can modify it to abosrb only bitlocker information by commenting out not needed parts

SELECT Distinct

v_R_System.Name0 AS System,

Computer_System_DATA.Model00 AS [System Model],

___System_INSTALLED_SOFTWARE0.ARPDisplayName00,

V_R_System.AD_Site_Name0 AS [AD Site],

CASE V_R_System.Build01

When ‘6.1.7601’ THEN ‘Windows 7’

WHEN ‘10.0.14393’ THEN ‘Win 10 v1607’

WHEN ‘10.0.15063’ THEN ‘Win 10 v1703’

END AS [Operating System],

CASE V_R_System.Client0

When ‘0’ THEN ‘No Client’

WHEN ‘1’ THEN ‘Client Installed’

END AS [Client],

v_GS_ENCRYPTABLE_VOLUME.DriveLetter0 AS [Drive Letter],

–v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0 AS [Protection Status],

CASE v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0

WHEN ‘0’ THEN ‘not encrypted’

WHEN ‘1’ THEN ‘encrypted’

WHEN ‘2’ THEN ‘Encrypted Requires Pin’

END AS [Bitlocker Status]

FROM

v_GS_ENCRYPTABLE_VOLUME

INNER JOIN v_R_System ON v_GS_ENCRYPTABLE_VOLUME.ResourceID = v_R_System.ResourceID

INNER JOIN Computer_System_Data ON V_R_System.Name0 = Computer_System_Data.Name00

INNER JOIN INSTALLED_SOFTWARE_DATA AS ___System_INSTALLED_SOFTWARE0 ON ___System_INSTALLED_SOFTWARE0.MachineID = V_R_System.ResourceID

Where

v_GS_ENCRYPTABLE_VOLUME.DriveLetter0 = ‘C:’

AND Computer_System_DATA.Model00!= ‘VMware Virtual Platform’

AND Computer_System_DATA.Model00!= ‘Virtual Machine’

–AND v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0 = ‘0’ –for not bitlocker encrypted systems–

–AND V_R_System.Name0 = ‘P620268’

AND ___System_INSTALLED_SOFTWARE0.ARPDisplayName00 like N’Credant_WindowsShield%’

 

Potential USMT Errors

 

 
Failure when trying to connect to SMP Share
 
This failure is more often seen when trying to rerun on a failed system (can be seen during backup or restore part of the process) 
 
Potential USMT Errors
For this we corrected the issue is to open PowerShell and running the following.

 

Remove-Item -Path ‘HKLM:SOFTWAREMicrosoftSystemCertificatesSMSCertificates*’ -force; restart-service ccmexec

I would also recommend opening registry location to verify this has successfully been deleted.
Once this runs successfully you should then be able to re-run the task sequence successfully.
File Not Found: 
of course there is the standard make sure your commands are typed correctly. In the example below we see a file not found error. Make sure you type out your file names correctly etc.
Potential USMT Errors
Potential USMT Errors
NOTE: I have seen cases where a variable is set for Packages, but it does not always translate, so I tend to just hard code the package ID when I set restore/capture options into a variable see the example below
Potential USMT Errors
Connection to SMP Refused: 
Make sure when you being your deployment strategy that you plan for an adequate number of connections to the SMP. The default for this I believe is 100 connections, but that does not mean concurrent connections. The criteria that goes into the count is any established connection (completed or in progress) within the your deletion policy time period. If you have a problem where the connection is actively refused by the SMP you should increase the max allowed connections you have configured.
Potential USMT Errors
I tried to create as many Potential USMT Errors as I could think of to help out the community. If I  encounter anymore or can think of new ones I will add them to this blogpost.

SCCM Revoked Clients Registration

, ,

SCCM Revoked Clients Registration

I ran into an issue where a few sites would call my SCCM team indicating they were having client problems. They would say the clients do not have all action items and it has been over 2 hours since the system finished the OSD Process. I had a few initial thoughts but they all were wrong. First we verified that VMware tools on the MP was fine, boundaries were correct, and that the client was not stuck in provisioning mode. The next course of action was to connect to a machine, investigate the bad client and start checking log files.

The SCCM Client looked as below with certificate set to none as you can see below instead of self-signed. This points out the client has not yet registered with the MP.

SCCM Revoked Clients Registration

The next was to investigate the ClientIDManagerStartup.log which showed the error “Server Rejected registration Request: 3” This gave me the idea of clearing out the certs and trying to reinstall the client again.

SCCM Revoked Clients Registration

however this produced another GUID with the same error problem so the pointed me to check log files on the MP.

SCCM Revoked Clients Registration

This was quickly becoming a high exposure problem was our environment images anywhere between 25 – 175 machines a day. After a quick google search we were able to find a blog post where the solution was a few simple SQL lines.

The line below will identify systems that have revoked clients

Select * from ClientKeyData where isrevoked=1

SCCM Revoked Clients Registration

The line below will clear out the problematic requests. Once these are cleared the systems should be able to successfully register

Update ClientKeyData set isrevoked=0 where isrevoked=1

SCCM Revoked Clients Registration

Thanks to Emmanuel Rached blogpost below this was quickly resolved. The log files were screencaps from his blog post and everything else was from my environment. Please check out his blog as there is tons of other great stuff. https://www.emmanuelrached.com/2014/09/08/sccm-revoked-clients-registration/

ALSO CHECK: SQL Query to identify Win 10 security features for HP / DELL