SSRS Client Installation Troubleshooting

, , , , , , ,

Client Installation Troubleshooting

This will be the first part of many in a series of reports that I will offer for free to the community. The reports will cover wide range of items from OS Migration dashboards, Bit locker reports, SCCM Infrastructure health, Client health, Collection evaluation, etc. In each report I intent on there to be plenty of visuals to provide the tech a clean overview of what is happening in the environment. There will also be several troubleshooting notes included in this report to be a 1 stop shop for troubleshooting tool. Some reports during this series will have troubleshooting guides available as well. So far I am intending to release Client Installation Troubleshooting guides for OSD, client install, and software updates as I have already written several of them for previous customers.

The first report to be released will have a focus on identifying problems with client installation and providing some good.  This will eventually grow into a “Client Health Assessment” where there will be multiple reports all focused on client install/health/active etc.

Below we are able to get an overview of the client install failures within the last 30 days, and keep an eye on how many clients we currently have in the environment.

Client Installation Troubleshooting

I’m leveraging several CASE WHEN statements to translate the error codes to something the tech can easily troubleshoot.

Client Installation Troubleshooting

Please not that if your total systems number is off from what you see in your SCCM Console then look into your maintenance tasks/discovery items. It is not uncommon for me to see customers environments that do not have AD cleaned up…so long story short make sure your AD environment is cleaned up too.

Future Revision of this report will be released as part of client health Dashboard, with a few other reports.

Link to Report:


Potential USMT Errors & Resolution

, , , , , , , , ,
Potential USMT Errors

Failure when “trying to reboot into WinPE”
appears on the Task Sequence UI (forgot to take screenshot)

 Potential USMT Errors & Resolution


      Check the “SMSTS.LOG” “C:WindowsCCMLogs”


         In the screenshot below look for a line like “Unable to find a volume that is suitable for staging the boot image” in the log file 


Potential USMT Errors
       This is typically for 2 different reasons.
      1.  The drive is locked by bitlocker encryption and you need to first disable bitlocker in the task            sequence. once this is done then the task sequence engine can identify the drive to stage the        boot image locally
      2.   This can also be because the drive is still undergoing the encryption process. You must wait             until the drive is fully encrypted before you can execute this task sequence from windows.
       To verify the drive is finished encrypting launch powershell as an admin and type “Get-BitlockerVolume” and do not attempt to run the installation until the “Encryption KeyProtector Percentage” is are 100%  
Potential USMT Errors
NOTE: it is possible you receive this error when you are trying to stage the boot image onto the disk and the disk cannot be read b/c of a different encryption software locks the disk. For example if you are running Dell Credant you must be logged into the system then the TS Engine will be able to read the disk.
To identify Dell Credant systems via SQL…this is a hybrid of one my queries that I use in my production environment but you can modify it to abosrb only bitlocker information by commenting out not needed parts

SELECT Distinct

v_R_System.Name0 AS System,

Computer_System_DATA.Model00 AS [System Model],


V_R_System.AD_Site_Name0 AS [AD Site],

CASE V_R_System.Build01

When ‘6.1.7601’ THEN ‘Windows 7’

WHEN ‘10.0.14393’ THEN ‘Win 10 v1607’

WHEN ‘10.0.15063’ THEN ‘Win 10 v1703’

END AS [Operating System],

CASE V_R_System.Client0

When ‘0’ THEN ‘No Client’

WHEN ‘1’ THEN ‘Client Installed’

END AS [Client],

v_GS_ENCRYPTABLE_VOLUME.DriveLetter0 AS [Drive Letter],

–v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0 AS [Protection Status],


WHEN ‘0’ THEN ‘not encrypted’

WHEN ‘1’ THEN ‘encrypted’

WHEN ‘2’ THEN ‘Encrypted Requires Pin’

END AS [Bitlocker Status]



INNER JOIN v_R_System ON v_GS_ENCRYPTABLE_VOLUME.ResourceID = v_R_System.ResourceID

INNER JOIN Computer_System_Data ON V_R_System.Name0 = Computer_System_Data.Name00




AND Computer_System_DATA.Model00!= ‘VMware Virtual Platform’

AND Computer_System_DATA.Model00!= ‘Virtual Machine’

–AND v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0 = ‘0’ –for not bitlocker encrypted systems–

–AND V_R_System.Name0 = ‘P620268’

AND ___System_INSTALLED_SOFTWARE0.ARPDisplayName00 like N’Credant_WindowsShield%’


Potential USMT Errors


Failure when trying to connect to SMP Share
This failure is more often seen when trying to rerun on a failed system (can be seen during backup or restore part of the process) 
Potential USMT Errors
For this we corrected the issue is to open PowerShell and running the following.


Remove-Item -Path ‘HKLM:SOFTWAREMicrosoftSystemCertificatesSMSCertificates*’ -force; restart-service ccmexec

I would also recommend opening registry location to verify this has successfully been deleted.
Once this runs successfully you should then be able to re-run the task sequence successfully.
File Not Found: 
of course there is the standard make sure your commands are typed correctly. In the example below we see a file not found error. Make sure you type out your file names correctly etc.
Potential USMT Errors
Potential USMT Errors
NOTE: I have seen cases where a variable is set for Packages, but it does not always translate, so I tend to just hard code the package ID when I set restore/capture options into a variable see the example below
Potential USMT Errors
Connection to SMP Refused: 
Make sure when you being your deployment strategy that you plan for an adequate number of connections to the SMP. The default for this I believe is 100 connections, but that does not mean concurrent connections. The criteria that goes into the count is any established connection (completed or in progress) within the your deletion policy time period. If you have a problem where the connection is actively refused by the SMP you should increase the max allowed connections you have configured.
Potential USMT Errors
I tried to create as many Potential USMT Errors as I could think of to help out the community. If I  encounter anymore or can think of new ones I will add them to this blogpost.

Successfully added DaRT to boot image….or did it?

, , , , , , , , ,
Successfully added DaRT to boot image….or did it? Here is how to identify the problem and  a link to fix it!
I was recently onsite with a customer where the proposed design document included MDOP DaRT integration into the boot images. DaRT is a great tool to have because it gives the engineer the ability to remotely connect to the machine while within the WinPe environment. This particular customer is undergoing a massive and understaffed windows 10 migration where every bit of efficiency really makes a difference on deployment nights.
First a quick review on installing MDOP DaRT, Enabling Monitoring, and creating the boot image.
  1.  Install MDOP DaRT on primary site server
  2.  Copy the Toolsx86/64 cab files into proper directories into the MDT deployment share
  3.  Enable Monitoring on deployment share
Deployment share \SERVERD$DeploymentShare
Ports: 9800 (Event port) 9801 (Data port)

Connect to deployment share > Right click on “Monitoring” > Navigate to Monitoring Tab and fill the check box

Once this is filled you will start to see systems as they image from this view. 
If you are in an environment that is not really using the MDT deployment share you would still open up the MDT toolkit and modify the CustomSettings.INI. This customer is heavily utilizing the MDT Deployment Share with all the settings applied we can access the “Rules” tab and see the setting is automatically applied after we enabled monitoring. The great part about using the deployment share in this scenario is that we can make constant on demand changes and not have to worry about hash mismatch errors like if were working within the MDT toolkit package.
 We are now able to make our DaRT integrated boot image from the console on our primary site server. Begin by selecting “Create Boot Image using MDT” Make sure to select the following optional components “MDAC/ADO Support, and DaRTT”
From this point we distributed the enabled the boot image for PXE deployment, added drivers, and attach it to a task sequence. In the screenshot below you will notice we are missing something? We do not have the “DaRT Remote Control” option that we should have.


NOTE: Sometimes when the boot image is “Successfully” created it does not add the “DaRT” tool. I am able to verify this to be a LIE by looking into the PEMananger.LOG located in my temp folder.


When we look at the command that was ran by accessing the “RunCMD.CMD” we see that only the WinPE-MDAD_EN-US.CAB is the only package even attempted to be added.
You can investigate further by opening up DISM GUI and searching for any trace of DaRT on the boot image. As you can see DaRT did not even attempt to be installed into the wim.
Manually modify boot image to include Dart functionality by using the script below.
HOW TO FIX IT: Johan Arwidmark has a script available online that I have used to inject the Dart into a newly created WIM.


Once we ran the script created by Johan and injected the drivers I was able to start using DaRT tools.
After the USMT toolkit is called and the Gather step starts to run a box on the bottom left will appear  on the system being imaged but minimized. This is your indicator to let you know that you can now use DaRT functionality.


From the Monitoring Node in the deployment workbench right click the computer we are trying to troubleshoot > Select Properties > Select DaRT Remote Control
Do not always take the console UI at face value and always verify with log files. Some occasions the console indicates something was done correctly but you need to check the logs. If this happens then you need to go old school and use the tried/true methods. If you run into a problem always do a quick search b/c the Deployment Research guys might already have a work-around.
To vote for this to be fixed from SCCM team please visit the link below.