SCCM 2012 | Native Windows Update Client Not Working

Hey there, are you deploying the Microsoft System Center 2012 Client to your desktops and then like magic the native Windows Client stops working?

Perhaps you even checked the c:\windows\windowsupdate.log file and found this nugget:

2012-07-12    13:57:53:803     392    1220    Misc    WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab are not trusted: Error 0x800b0001

Well then you had the same problem I did. The way I got it to work for me was by installing this hotfix from MS.

http://support.microsoft.com/kb/2720211

In a nutshell you installed .NET 4.0 and WSUS 3.0 With SP2 (as you were required to) and BAMM! Fail.

Hope it helps, if it does leave a comment, love to know when people are helped.

Installing SCCM 2012 RTM the hard way | Thoughts and Notes

I needed to get a SCCM 2012 lab setup for my company. As this was a newer MS product I figured the install wouldn’t be that bad. Well it’s a pre-req / pre-configure nightmare.

Here is my loose and possibly incorrect way that I got a lab running.

Few notes about my deployment

  • Dedicated Server for SQL Server
  • Dedicated Server for CAS Site

 

Prep SQL Server box:

  1. Installed SQL 2008 R2
  2. Installed SQL 2008 R2 SP1
  3. Installed SQL 2008 R2 SP1 CU5
  4. Add the Machine account for the CAS server to the local admin’s group of your SQL server (only needed if installing on dedicated SQL Server).
    • net localgroup administrators tprod\tmem03$ /add
      • Where tprod\tmem03$ is domain\machinename$

Prep CAS Box:

  1. Setup IIS (all checkboxes including ASP), .NET 3.5.1, and RSAT Tools on CAS Box
  2. Run the commands listed on this page:

image

I had the above mentioned pre-reqs after going through the installer. I will list out the things I did to reslove these so you don’t have to go through the installer only to cancel out and reslove this requirements. (I wish Microsoft had done a better job at this installer. I thought they had learned, I thought wrong)

Failed Items:

  1. Microsoft Remote Differential Compression (RDC) library required
    • Simply check off “Remote Differential Compression” under features in Server Manager.
  2. Site server computer account administrative rights
    • Self resolved after installing items 1 and 3 on this list.
  3. Minimum .NET Framework version for Configuration Manager
    • Resolved by installing .Net 4.0 Full Installer

Warning Items:

  • Schema Extensions
    • Resolved by installing Schema
      • Found here: mu_system_center_2012_configuration_manager_x86_x64_dvd_816412\SMSSETUP\BIN\I386
      • Run from command prompt: extadsch.exe
      • Then check log file at root of c:\ExtADSch.log
      • Look for:
        • <04-10-2012 13:26:53> Successfully extended the Active Directory schema.
  • WSUS SDK on Site Server
  • Verify site server permissions to publish to Active Directory
    • Get ready for this one….
    • OK first, open ADSIEdit.msc (if not installed, install it)
      • Right Click, Connect To
      • Take the detaults and click OK
      • Expand Default Naming context
      • Expand your domain
      • Expand CN=System
      • Right Click -> New -> Object
      • “Container” as the class

image

      • in VALUE put “System Management”

image

    • Then Click Finished
    • Right Click on new “CN=System Management” Folder -> Properties -> Security [TAB]
    • Click ADD
    • Click OBJECT TYPES
    • Uncheck everything, check only computers click ok

image

    • Type the NETBIOS name of the SCCM Server with a $ sign at the end of it. (Example: tmem03$)

image

    • Check off Full Control
    • Click APPLY (don’t close window)
    • Click Advanced
    • Find new ACL for our Computer Object

image

    • Click Edit
    • Change Apply To: from “This Object only” to “The object and all descendant objects”

image

    • Click OK three times to exit pop up windows.
    • Close ADSI Edit

 

  • SQL Server security mode
    • It was just warning me about SQL authentication, I ignored as it’s a lab
  • Configuration for SQL Server memory usage
    • It wants me to set a max limit on memory, I resolved this warning by setting the limit to 2GB (out of 4GB in my lab).
  • SQL Server process memory allocation
    • It tells me Configuration Manager 2012 REQUIRES that I set a minimum of 8GB for CMS and Primary sites (4GB for Secondary). I am just going to ignore it as it’s a “warning” and not a error.

 

Installing Configuration Manager:

  1. Run the unified installer
  2. Selected Custom Local Install
  3. Selected to install Configuration Manager
  4. Selected to install a Configuration Manager Central Administration Site
  5. Used Eval Licensing
  6. Accepted EULAs
  7. Selected a path for downloads
  8. Selected all Server Languages
  9. Selected all Client Languages
  10. Selected to use all Languages for mobile devices
  11. Setup CAS site code for a site named “Lab Central Admin Site”
  12. Kept default install folder
  13. Checked Install the Configuration Manager Console
  14. I put the dedicated SQL server
  15. Named the DB, “CM_CAS”
  16. Left the SSB Port at default
  17. Left the SMS Provider on the box I am going to install SCCM to.
    • I was debating if I should install directly to SQL or not.
  18. And clicked Next to install

image

Fix: The WinRM settings are not configured correctly | SCCM Unified Installer

Microsoft just released SCCM 2012 to VL customers. Very excited to tear into it. However I got stuck right in the beginning of the installer with:

The WinRM settings are not configured correctly

image

Well looking at the logs here:

\Users\<user>\AppData\Local\Microsoft System Center 2012\Unified Installer\LOGS

I discovered:

[4/10/2012 9:20:08 AM] DEBUG – Server: localhost, winrm\client\auth\CredSSP = False

All you need to do to fix this is run the following commands on the computer you are running the installer from:

winrm set winrm/config/client/auth @{CredSSP="True"}

winrm set winrm/config/client @{TrustedHosts="*"}

Also run these commands on the computer you are installing too (if it’s the same box just run all commands)

winrm qc -q
winrm set winrm/config/service/auth @{CredSSP="True"}
winrm set winrm/config/winrs @{AllowRemoteShellAccess="True"}
winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"}

That should take care of you. Just in case it doesn’t the old other thing I had done was to add .Net 3.5.1, all RSAT Tools, and IIS from Roles and Features.

Hope it helps. If it does please leave a comment below and let me know this was worth my time posting 😉