Enable/Integrate MSDN subscriptions in your Azure EA subscription

When you have an Enterprise Agreement in combination with one or more MSDN accounts you can consider to apply the MSDN Azure benefits in combination with the Enterprise Agreement.
When you link the MSDN subscriptions into an EA (organizational) account you have the following advantages:

  • Create Subscriptions flagged as MSDN subscriptions – In this case the charges for the subscription would accrue against the pool of Azure MSDN credits and then any overages would be billed against the EA billing as usual. The EA admin should have the ability to prioritize the Subscriptions or VMs (or other services) for the application of these credits. For items at the same priority, they would be applied proportionately to the usage amounts for all the items at that priority level.
  • Allow the usage of MSDN VM Images in the Gallery for ANY (specifically EA) subscriptions the user has admin rights to. Many times, an EA subscription you will have some production and some development VMs in the same Network. As an EA admin, you should have the option to deploy VMs using the MSDN images for your developers.

Windows 2016 and SCCM 2016 prerequisites installation

These powershell scripts will assist administrators in installing all the correct prerequisites for a ConfigMgr 2016 hierarchy on Windows 2016 servers. This is because the ConfigMgr Prerequisites Tool is not working on Windows 2016 servers.

Install Management Point

Import-Module Servermanager
Add-WindowsFeature "NET-Framework-Core","NET-Framework-45-Features","NET-Framework-45-Core","NET-WCF-TCP-PortSharing45","NET-WCF-Services45","BITS","BITS-IIS-Ext","BITS-Compact-Server","RSAT-Bits-Server","Web-Server","Web-WebServer","Web-ISAPI-Ext","Web-WMI","Web-Metabase","Web-Windows-Auth","Web-ISAPI-Ext","Web-ASP","Web-Asp-Net","Web-Asp-Net45" -restart

Install Distribution Point

Import-Module Servermanager
Add-WindowsFeature "FS-FileServer","RDC","Web-WebServer","Web-Common-Http","Web-Default-Doc","Web-Dir-Browsing","Web-Http-Errors","Web-Static-Content","Web-Http-Redirect","Web-Health","Web-Http-Logging","Web-Performance","Web-Stat-Compression","Web-Security","Web-Filtering","Web-Windows-Auth","Web-App-Dev","Web-ISAPI-Ext","Web-Mgmt-Tools","Web-Mgmt-Console","Web-Mgmt-Compat","Web-Metabase","Web-WMI","Web-Scripting-Tools" -restart

Install Application Catalog

Import-Module Servermanager
Add-WindowsFeature "NET-Framework-Features","NET-Framework-Core","NET-HTTP-Activation","NET-Non-HTTP-Activ","NET-WCF-Services45","NET-WCF-HTTP-Activation45","RDC","WAS","WAS-Process-Model","WAS-NET-Environment","WAS-Config-APIs","Web-Server","Web-WebServer","Web-Common-Http","Web-Static-Content","Web-Default-Doc","Web-App-Dev","Web-ASP-Net","Web-ASP-Net45","Web-Net-Ext","Web-Net-Ext45","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Security","Web-Windows-Auth","Web-Filtering","Web-Mgmt-Tools","Web-Mgmt-Console","Web-Scripting-Tools","Web-Mgmt-Compat","Web-Metabase","Web-Lgcy-Mgmt-Console","Web-Lgcy-Scripting","Web-WMI" -restart

Install State Migration Point

Import-Module Servermanager
Add-WindowsFeature "Web-Server","Web-Common-Http","Web-Default-Doc","Web-Dir-Browsing","Web-Http-Errors","Web-Static-Content","Web-Http-Logging","Web-Dyn-Compression","Web-Filtering","Web-Windows-Auth","Web-Mgmt-Tools","Web-Mgmt-Console" -restart

Install Enrollment Point

Import-Module Servermanager
Add-WindowsFeature "Web-Server","Web-WebServer","Web-Default-Doc","Web-Dir-Browsing","Web-Http-Errors","Web-Static-Content","Web-Http-Logging","Web-Stat-Compression","Web-Filtering","Web-Net-Ext","Web-Asp-Net","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Mgmt-Console","Web-Metabase","NET-Framework-Core","NET-Framework-Features","NET-HTTP-Activation","NET-Framework-45-Features","NET-Framework-45-Core","NET-Framework-45-ASPNET","NET-WCF-Services45","NET-WCF-TCP-PortSharing45" -restart

Install Enrollment Proxy Point

Import-Module Servermanager
Add-WindowsFeature "Web-Server","Web-WebServer","Web-Default-Doc","Web-Dir-Browsing","Web-Http-Errors","Web-Static-Content","Web-Http-Logging","Web-Stat-Compression","Web-Filtering","Web-Windows-Auth","Web-Net-Ext","Web-Net-Ext45","Web-Asp-Net","Web-Asp-Net45","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Mgmt-Console","Web-Metabase","NET-Framework-Core","NET-Framework-Features","NET-Framework-45-Features","NET-Framework-45-Core","NET-Framework-45-ASPNET","NET-WCF-Services45","NET-WCF-TCP-PortSharing45" -restart

Install Central Administration Site roles

Import-Module Servermanager
Add-WindowsFeature "NET-Framework-Core","BITS","BITS-IIS-Ext","BITS-Compact-Server","RDC","WAS-Process-Model","WAS-Config-APIs","WAS-Net-Environment","Web-Server","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Net-Ext","Web-Net-Ext45","Web-ASP-Net","Web-ASP-Net45","Web-ASP","Web-Windows-Auth","Web-Basic-Auth","Web-URL-Auth","Web-IP-Security","Web-Scripting-Tools","Web-Mgmt-Service","Web-Stat-Compression","Web-Dyn-Compression","Web-Metabase","Web-WMI","Web-HTTP-Redirect","Web-Log-Libraries","Web-HTTP-Tracing","UpdateServices-RSAT","UpdateServices-API","UpdateServices-UI" -restart

Install Primary Site roles

Import-Module Servermanager
Add-WindowsFeature "NET-Framework-Core","BITS","BITS-IIS-Ext","BITS-Compact-Server","RDC","WAS-Process-Model","WAS-Config-APIs","WAS-Net-Environment","Web-Server","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Net-Ext","Web-Net-Ext45","Web-ASP-Net","Web-ASP-Net45","Web-ASP","Web-Windows-Auth","Web-Basic-Auth","Web-URL-Auth","Web-IP-Security","Web-Scripting-Tools","Web-Mgmt-Service","Web-Stat-Compression","Web-Dyn-Compression","Web-Metabase","Web-WMI","Web-HTTP-Redirect","Web-Log-Libraries","Web-HTTP-Tracing","UpdateServices-RSAT","UpdateServices-API","UpdateServices-UI" -restart

Install Secondary Site roles

Import-Module Servermanager
Add-WindowsFeature "NET-Framework-Core","BITS","BITS-IIS-Ext","BITS-Compact-Server","RDC","WAS-Process-Model","WAS-Config-APIs","WAS-Net-Environment","Web-Server","Web-ISAPI-Ext","Web-Windows-Auth","Web-Basic-Auth","Web-URL-Auth","Web-IP-Security","Web-Scripting-Tools","Web-Mgmt-Service","Web-Metabase","Web-WMI" -restart

WDS slow WINPE boot speed with SCCM 2012 and 2016

Default out-of-the-box booting on WinPE with SCCM 2012/2016 is quite slow; I’ve seen boot times up to 20 minutes.
This is because System Center Configuration Manager 2012/2016 uses small TFTP block sizes of 512 bytes.

This behavior is set because it’s compatible with all network configurations; but the result is that the PXE boot speed can be very slow using Operating System Deployment with SCCM.

Slow WINPE with SCCM

To increase the PXE boot speed, we need to modify TFTP Block Size.
In the registry editor:
Name :  RamDiskTFTPBlockSize
Type :    REG_DWORD
Value :   16384 (decimal)

Change RamDisk TFTPBlockSize
16384 is the maximum supported value.
If it is bigger, you can have corrupted data.
However I recommend to do some test with values :
– 4096,
– 8192,
– 16384.
Depends on your network configuration, a lower value can be used.

Restart the Windows Deployment Services Service. (WDS)

Problem solved!

The location of SMSTS log files during SCCM OSD

The location of the SMSTS.log moves around depending on the phase in the deployment via SCCM/OSD.To troubleshoot this it’s important to know where the log files are located.

If you enable “Command Support” during the OSD you can press the F8 key during the OSD.

Before your hard drive is formatted and partitioned

After HDD format
x:\smstslog\smsts.log and then copied to c:\_SMSTaskSequence\Logs\Smstslog\smsts.log

You can check for the below three locations for smsts.log file after OSD and when the OS is installed.
Before SCCM agent installed

If Windows OS is 32-bit, after SCCM agent installed

If Windows OS is 64-bit, after SCCM agent installed

You can check for the below two locations for smsts.log file after the task sequence is complete.
If Windows OS is 32-bit, after Task Sequence has finished running

If Windows OS is 64-bit, after Task Sequence has finished  running


SCCM – Cannot edit the object, which is in use by ‘domain\SCCM-ADMIN’ at site P01

During the configuration of an OSD our SCCM 2016 console crashed and afterwards we suddenly found ourselves without any ability to make changes.

The error was “Cannot edit the object, which is in use by ‘domain\SCCM-ADMIN’ at site P01”.Locked screen
Because of the console crash SCCM still thinks that the object is being edited.
This is because ConfigMgr 2012/2016 handles editing of objects through something called “SEDO” or “Serialized Editing of Data Objects.”.
Locked objects can be found in the SEDO_LockState table in the ConfigMgr database.

You can locate the record in question by searching for LockStateID that’s not zero, or by the user ID that ConfigMgr says is editing the object (‘AssignedUser’).
On the database server run the following query against the CCM_01 database:
select * from SEDO_LockState where LockStateID <> 0

Locked in SCCM

Use the LockedID with the appropriate information to remove the record related to the object*.
DELETE from SEDO_LockState where LockID = ‘<LockID of the record identified in the previous query>’
ScreenHunter_66 Jul. 01 10.42
Once the record is removed, you should be able to modify the object.


Add or remove local user in SCCM 2012 OSD Task Sequence

Sometimes it is necessary to add of remove a local user to your Windows image (like notebooks which must be used at external locations). You can create an image for SCCM with local users, but then you have another image with a different configuration. I think it’s cool everything can be managed with just one image, so here is a small tip to add an user from the task sequence.

The command net user can be used to add a local user, or delete it:
Add user
net user username password /add

Delete user
net user username /delete

Look at http://support.microsoft.com/kb/251394 for the right parameters.

I want to delete a user account which was created during a manual image built.
net user username /delete

Next thing is to add the command line to the task sequence:
1. Edit the Task Sequence
2. Choose Add, General, Run Command Line
The user can’t be added as all steps in the Install Operating System group are executed in WinPE.
The creation of the user to the end of the TS, after setting up the SCCM client and after restoring the user data.
ScreenHunter_264 Dec. 10 11.21
3. Type or paste the command in the Command line: box


Deploy custom MS updates/hotfixes in SCCM 2012 via WSUS

Some updates and enterprise hotfixes are not displayed in WSUS and therefore not applicable in WSUS. This blog post shows how to streamline these update/hotfixes in WSUS and SCCM.

The trick is that “out of the box” you can’t deploy this. Some updates do not sync to WSUS and your SCCM software update point (SUP) automatically. There are some simple steps you can take to get it there.
This example adds KB2670838 in the update list.

Lets start,
-On your central site, start the Windows Server Update Services admin console
Note that changing things in the WSUS console can mess up the WSUS integration; Do so carefully.
-Go to updates select Import Updates to launch a webpage to the Microsoft Update Catalog.
ScreenHunter_232 Nov. 27 13.17
-Search on KB2670838 and add all that you are interested in getting for your environment
-Check import directly into Windows Server Update Services is selected then hit the import button.
Another box will come up tracking the download and show success when completed
Note that the updates are feature Packs
ScreenHunter_233 Nov. 27 13.19
-Give the WSUS services a full sync by clicking Synchronize Now
ScreenHunter_234 Nov. 27 13.21

Next we are setting up the SCCM part
-Start the SCCM 2012 R2 Console
Verify that your SCCM site is set to sync “Feature Packs” classification, because that is what this is (as compared to “service packs” or “security updates”).
-Check Feature Packs in Administration, Sites, Software Update PointScreenHunter_237 Nov. 27 13.24

-Once that download is complete you can sync SCCM by clicking Synchronize Software Updates ScreenHunter_235 Nov. 27 13.22
Once the Sync is complete you should see the updates in SCCM to deploy as you would any other update

-In the Console select Software Library, Software Updates, Automatic Deployment Rules
-Choose Create Automatic Deployment Rule from the Ribbon
ScreenHunter_238 Nov. 27 13.25
-Give the ADR a name like ADR: Custom Updates, select a template, a collection.
ScreenHunter_239 Nov. 27 13.26
-Setup the ADR as a regular ADR, only choose in the software updates section, the product like Windows 7 and the article ID 2670838
ScreenHunter_241 Nov. 27 13.27
-After finishing the ADR choose Run Now to get a full Sync.
ScreenHunter_249 Nov. 27 13.39

-After the full Sync you see the updates in the WSUS directory of SCCM
 ScreenHunter_251 Nov. 27 13.39
Next part is integrating the update is the OS image

-Start the Software Library, Operating Systems and right click the media you want to update, choose Schedule Updates
ScreenHunter_252 Nov. 27 13.40
Search 2670838 in the choose update and notice that (if its applicable) the update appears in the image.
ScreenHunter_253 Nov. 27 13.41
Apply the update and notice in the OfflineServiceMgr.log the update is applied and afterwards is installed in the installed update tab on the image
ScreenHunter_255 Nov. 27 13.49
ScreenHunter_256 Nov. 27 13.59

That’s it!

Speed Lab – Bulk create Hyper-V Virtual Machines with Windows PowerShell

Hyper-V gives you an environment to quickly and efficiently run test configurations, which has made it a popular lab environment. The only catch is, you need to create and configure virtual machines (VMs) on a regular basis.
Whether you need to test new or standardized server setups, creating virtual machines is still a boring.

If you’re looking for an easy way to build Hyper-V images, Windows PowerShell scripts are a viable solution. The extent to which you can customize Windows PowerShell and its flexible command structure makes it suitable for any environment. When combined with an automated or unattended setup strategy, virtually any computer configuration is possible. Underneath the examples for Generation 1 and Generation 2 machines.

-Path E:\VMs exist
-The ISO file and location is in place
-The Virtual network “Internal” is implemented in Hyper-V

*************Bulk create generation 2 virtual machines**************

$VMLocation = "E:\VMs"
$VMISO = "E:\ISO\W2012R2.iso"
$VMNetwork = "Internal"

# Create DC01
$VMName = "DC01"
$VMMemory = 1024MB
$VMDiskSize = 40GB
New-VM -Name $VMName -Generation 2 -BootDevice CD -MemoryStartupBytes $VMMemory -SwitchName $VMNetwork -Path $VMLocation -NoVHD -Verbose
New-VHD -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -SizeBytes $VMDiskSize -Verbose
Add-VMHardDiskDrive -VMName $VMName -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -Verbose
Set-VMDvdDrive -VMName $VMName -Path $VMISO -Verbose

# Create CM01
$VMName = "CM01"
$VMMemory = 6144MB
$VMDiskSize = 300GB
New-VM -Name $VMName -Generation 2 -BootDevice CD -MemoryStartupBytes $VMMemory -SwitchName $VMNetwork -Path $VMLocation -NoVHD -Verbose
New-VHD -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -SizeBytes $VMDiskSize -Verbose
Add-VMHardDiskDrive -VMName $VMName -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -Verbose
Set-VMDvdDrive -VMName $VMName -Path $VMISO -Verbose

*************Bulk create generation 1 virtual machines**************

$VMLocation = "E:\VMs"
$VMISO = "E:\ISO\W2012R2.iso"
$VMNetwork = "Internal"

# Create DC01
$VMName = "DC01"
$VMMemory = 1024MB
$VMDiskSize = 40GB
New-VM -Name $VMName -BootDevice CD -MemoryStartupBytes $VMMemory -SwitchName $VMNetwork -Path $VMLocation -NoVHD -Verbose
New-VHD -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -SizeBytes $VMDiskSize -Verbose
Add-VMHardDiskDrive -VMName $VMName -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -Verbose
Set-VMDvdDrive -VMName $VMName -Path $VMISO -Verbose

# Create CM01
$VMName = "CM01"
$VMMemory = 6144MB
$VMDiskSize = 300GB
New-VM -Name $VMName -BootDevice CD -MemoryStartupBytes $VMMemory -SwitchName $VMNetwork -Path $VMLocation -NoVHD -Verbose
New-VHD -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -SizeBytes $VMDiskSize -Verbose
Add-VMHardDiskDrive -VMName $VMName -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -Verbose
Set-VMDvdDrive -VMName $VMName -Path $VMISO -Verbose

Issue on recording a Web Browser Session in SCOM 2012 R2 with Windows 2012 R2

When recording a “Web Browser Session” I regularly bump into the same issue. The record button is missing while doing a capture. This is very annoying but I always follow the same solutions to fix the issue. Underneath a recap on how to fix this issue.

-Be sure the x64 version of internet explorer is running, you can check this in the task manager in the properties of the Internet Explorer, be sure that it’s located in C:\Program files\Internet Explorer\iexplore.exe
ScreenHunter_101 Jul. 09 11.49

-Enable Internet Explorer Options by clicking IE settings, internet options:
Advanced – Security – Enable Enhanced Protected Mode
Advanced – Browsing – Enable third-party browser extensions

Shutdown all IE browser sessions and open Regedit (runas Administrator)
– Browse to the following regkey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
– Add a new DWORD called TabProcGrowth and set it to 0
– Browse to the following regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\
-You should see two subkeys labeled: (These are the cached BHO IE objects related to the Web Recorder)
Delete only the above two mentioned keys (This will force IE to recache them next launch)

Restart the web capture, when IE Launches enable the add-on again if you are prompted.
Web Recorder SCOM

– If you still don’t see the Web-Recorder pane in IE you can now show it by:
–  Internet Explorer Options by clicking IE settings, internet options, view, explorer bars, web recorder
ScreenHunter_103 Jul. 09 12.00

Problem solved!



Upgrade SCOM 2012 SP1 to R2

Below a quick note on how to upgrade SCOM 2012 SP1 to the R2 version. The easiest way to perform an “in place upgrade” of all SCOM 2012 SP1 Roles.

Be sure to do some preparation on backupping the machines and databases!

This example had SCOM running on the top of Windows 2008 R2 SP1 and SQL 2008 R2 SP2 and  has SCOM 2012 SP1 with CU4 installed.

– First reboot the machine to be sure that there is no issue.
– Download the SCOM 2012 R2 ISO file and mount it to the machine.

Next we download the prerequisites for the upgrade:
Microsoft System CLR types for SQL Server 2012 available on http://www.microsoft.com/en-us/download/details.aspx?id=35580 choose the ENU\x64\SQLSysClrTypes.msi option
Next, Next finish the setup.

Next we are going to install the Microsoft Report Viewer 2012 Runtime
– Go to  http://www.microsoft.com/en-us/download/details.aspx?id=35747 and download and run the setup
Next, Next finish the setup

Lets upgrade

Ensure that your current Operating system is fully updated.
Let’s start with the in place upgrade. Insert the System Center Operations Manager R2 Media.
Note that all roles are combined on one machine.

– Check the Download the latest updates to the setup program and click install
ScreenHunter_43 May. 14 14.28
So as we can see, the wizard found the installed roles and will check the prerequisites for that upgrade.
ScreenHunter_44 May. 14 14.30
– Hit Next, select the Licence terms, choose a location (in my case D:\Program Files\Microsoft System Center 2012 R2\Operations Manager), Next

As we can see, you have the choice of Local System or domain account.
– If the database is running locally as it’s the case you can leave it at Local System.
– If the databases are on remote server it requires to use a domain account.
ScreenHunter_45 May. 14 14.44
– Select the account for the System Center Configuration and System Center Data Access service in my case domain\sa.scom and hit next

Notice that it will take a while for the upgrade to finalize, there is a progress bar for each role.During the Operational Database Configuration phase it also imports a whole set of management packs that takes some time.

After upgrade finishes, just close the setup screen.
Finished Upgrade

– You will find a warning that indicates the current version of the product is not licensed, please start the Operations Manager Shell and use the Set-SCOMLicense cmdlet to license the product.

That’s it!