SCCM 2012 R2 client is stuck in provisioning mode

Today we experienced issues during a Windows 7 deployment. The customer had SCCM 2012 R2 with a Windows 7 OSD and everything seemed to run perfect, except we had the following issues:
– The SCCM client didn’t fully install – it remains in a Site Mode = Unknown 
– The client certificate was not assigned
– The _SMSTaskSequence folder created on C:\ was not removed

We’re deploying our images in a Greenfield scenario.

Configmanager Client error
-No client certificate installed

Provisioning Mode SCCM
 After some investigation we discovered that the SCCM client was still in provisioning mode.

Just a little bug.
During a ConfigMgr 2012 R2 OSD Task Sequence, the ConfigMgr client is purposely placed in a provisioning mode. In this mode, the ConfigMgr client does not pick up policy from the MP. This is done so that advertised programs, software updates, and tasks targeted to existing client PCs do not run until the Task Sequence completes. If advertised programs, software updates, or tasks attempt to run while the Task Sequence runs it may interfere with the Task Sequence and cause it to fail.

A Reboot step in the OSD Task Sequence is accidentally set to restart into the WinPE boot image assigned to the Task Sequence instead of the full Windows OS. This will cause the Task Sequence to end in WinPE. Because the ConfigMgr client is actually installed as part of the full Windows OS and not WinPE, and because the Task Sequence ends in WinPE instead of the full Windows OS, it cannot properly take the ConfigMgr client out of provisioning mode.

Right after the “Setup Windows and ConfigMgr” step, add two “Run Command Lines” to set the registry values correctly. Here are the two commands to be run:

REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\CcmExec /v ProvisioningMode /t REG_SZ /d false /f
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\CcmExec /v SystemTaskExcludes /t REG_SZ /d “” /f

This forced the client from going out of provisioning mode.
Problem was fixed!

Detail monitoring SCCM 2012 OSD task sequence in the SCCM console

When rolling out OSD in SCCM 2012 R2, one of the major drawbacks is that there is no feedback on how the rollout of the task sequence is functioning accept in the log files. We can build this information in the reports, but the Status Messages is really the preferred place for this.

This article will guide you on how to create a Status Message Query for a Specific OSD like the example below:
OSD logging SCCM 2012 R2
Ok so let’s get started!

First you need to get the deployment ID of the Task Sequence you wish to monitor.
-Go to Monitoring, Overview, Deployments. (The Deployment ID are not displayed by default so you have to select this) and write down the DeploymentIDDeploymentID

Next we are going to build the Status Message Queries:
-Go to Monitoring, Overview, System Status, Status Message Queries, right click and choose Create Status Message Query.
-Give the Status Message Query a name, and click Edit Query Statement
Message Query SCCM 2012
-In the General Tab choose Show Query Language and paste in the following text;
Be sure to replace the collection ID into the one you looked up.

from SMS_StatusMessage
left join SMS_StatMsgInsStrings
on SMS_StatMsgInsStrings.RecordID = SMS_StatusMessage.RecordID
left join SMS_StatMsgAttributes
on SMS_StatMsgAttributes.RecordID = SMS_StatusMessage.RecordID
where SMS_StatMsgAttributes.AttributeID = 401 and SMS_StatMsgAttributes.AttributeValue = “P0120125
and SMS_StatMsgAttributes.AttributeTime >= ##PRM:SMS_StatMsgAttributes.AttributeTime## order by SMS_StatMsgAttributes.AttributeTime DESC

-Click OK, and complete the wizard.
Now we’re ready to launch the Query:
-In the State Message, right click the query and select the date and time (default 1 hour ago), and click OK.
ScreenHunter_29 Apr. 16 14.26


Wel we are ready to monitor the deployment like we would expect!
OSD logging SCCM 2012 R2





How to move/upload Virtual Machines to Azure

Well, today a blog post about moving existing machines to Azure.

This article shows you how to move an existing server environment to Azure by uploading and configuring these machines (in my case my System Center Demo Environment).

This is my experience on uploading my demo machines onto Windows Azure.

Before we start
There are some requirements and limitations in Azure. Underneath a list of things you should always do/check

Size and amount
– Each data disk can be max 1 TB in size
– Max number of data disks depends on VM size
– Up to 16 data disks

– Only vhd-files (not vhdx-files) – Conversion is in this document
– Only fixed size vhd-files (converts during upload to Azure) 
– No differencing vhd-files

Disk speed limitations
– The maximum workload in IOPS per data disk is 500. See this link for more information. This can be a bottleneck in heavy environments

Note: If you are used to using CSUpload.exe for uploading VHDs you should switch to PowerShell. CSUpload.exe has been marked as deprecated and will likely not ship in future SDKs.

The next steps take you in detail to move the existing machines onto Azure. From configuring the virtual machine to moving.

Step 1: Enable remote desktop and convert the machine
First we need to enable remote desktop on the virtual machine. This is to enable access when it’s moved to Windows Azure.

1. Move your mouse to bottom right of the screen and you would see a bar, Charm Bar.
2. Click on the Settings button,
3. Click on Server Info under Desktop
4. The Server Info launches the Control Panel System page. Click Advanced System Settings on the right. This would launch the same System Properties page.
Remote Desktop
5. Select the appropriate option under Remote Desktop and click OK.

Step 2: Disable the Windows Firewall on the local machine
Well when moving machines into Azure there are some firewall issues when connecting via RDP (there is a possibility that the LAN will be recognized as public and therefore is not available) . Therefore the firewall should be temporary disabled.
1. Click Start, click All Programs, click Administrative Tools, and then click Windows Firewall with Advanced Security.
2. In the navigation pane, right-click Windows Firewall with Advanced Security on Local Computer, and then click Properties.
3. On each of the Domain Profile, Private Profile, and Public Profile tabs, change the Firewall state option to Off
Disable Firewall
4. Click OK to save your changes.

Step 3: Migrate the VHDX to VHD

When moving a machine to Azure the VHD format is required. If you already have a VHD file that you would like to use, you can skip to Step 3.  You’ll be copying this VHD to the cloud, when you use dynamically expanding disks this will be solved during the move to azure. No extra steps are required for dynamically expanding disks.
1. Open Powershell (runas Administrator)
2. Run convert-vhd ‘D:\Hyper-V\DC01\Virtual Hard Disks\DC01.vhdx’ ‘D:\DC01.vhd’ (fill in the proper path name)


Step 4: Create a storage account in Windows Azure
A storage account represents the highest level of the namespace for accessing the storage services and is associated with your Windows Azure subscription. You need a storage account in Windows Azure to upload a .vhd file to Windows Azure that can be used for creating a virtual machine. You can use the Windows Azure Management Portal to create a storage account.
1. Sign in to the Windows Azure Management Portal.
2. On the command bar, click Storage, Create a storage Account.
Create Storage Account
3. Click URL and give it a name, choose the location/affinity group and replication settings and click create storage account

Step 5: Prepare the connection to Windows Azure
Before you can upload a .vhd file, you need to establish a secure connection between your computer and your subscription in Windows Azure.
1. Go to and download and install the default stuff.
2. First we going to load the certificate needed; Open a Windows Azure PowerShell window.
3. Type: Get-AzurePublishSettingsFile This command opens a browser window and automatically downloads a .publishsettings file that contains information and a certificate for your Windows Azure subscription.
Import Certificate
4. Save the .publish settings file (I saved it in C:\Azure Cert)
5. Type: Import-AzurePublishSettingsFile <PathToFile> in my case Import-AzurePublishSettingsFile ‘C:\Azure Cert\Microsoft Partner Network-3-14-2014-credentials.publishsettings’
6. When the certificate is imported type Get-AzureSubscription to check if it’s working.
Check Subscription

Step 6: Upload the .vhd file
When you upload the .vhd file, you can place the .vhd file anywhere within your blob storage. In the following command examples, BlobStorageURL is the URL for the storage account that you created in Step 2, YourImagesFolder is the container within blob storage where you want to store your images. VHDName is the label that appears in the Management Portal to identify the virtual hard disk. PathToVHDFile is the full path and name of the .vhd file.
1. Get-AzureSubscription to check the subscription we need (in my case the Microsoft Partner Network subscription
2. Select-AzureSubscription “Microsoft Partner Network” to login in the subscription
3. Set-AzureSubscription –SubscriptionName “Microsoft Partner Network” –CurrentStorageAccountName “systemcenterdemo”
4. $sourcevhd=”D:\DC01.vhd”
5. $destinationvhd = “”
6. Add-AzureVHD –LocalfilePath $sourcevhd –Destination $destinationvhd to upload the virtual machine into Azure
For more information, see Get Started with Windows Azure Cmdlets


Step 7: Prepare the Virtual Network:
As I want to change the IP address assignment, I did configure a new Virtual Network, note that Azure assigns an auto created IP address to the moved server:
1. From the Windows Azure Manager portal go to Networks. Then select Virtual Network, Create a Virtual Network.
2. Assing a name to the Virtual Network, select the region where you want keep your Virtual Network and Create a new affinity Group (any Virtual Network need be assigned to a affinity group).
For this example the Virtual Network won’t be connected to our on premise network.
3. Add the address range
4. Don’t choose a DNS server (the DC VM had the DNS service enabled for internal name resolution).
5. Accept and create the new Virtual Network.


Step 8; Create the Virtual Machines
OK hang on there where almost finished moving our machine into Azure.
1. In the Windows Azure Portal select Virtual Machines, Disks, Create Disk.
2. In Create disk from VHD window, set the disk name, of the VHD (in my case an Operations Manager Server), select the VHD, mark the option “This VHD contains an operating system” and the Operating System Family “Windows”. Accept and create the disk.

OK were almost there, now we are going to create the Virtual Machine.
3. Click on Create, Virtual Machine, From Gallery
4.Select “My disks” and then select the disk created for the image 

5. Specify the VM name and size. image
6. Introduce a DNS name for the VM, select the Affinity Group and select the Virtual Network created before.
7. Next we can set the RDP and Powershell options. We leave them all default, click Next

8. Wait a few minutes for the VM provisioning.
9. Once the machine is up and running, you can connect to the VMs and check if all it’s OK; it can be that a hard reboot is required before you can login.
Running Machine


Step 9: Enable the Windows Firewall on the local machine
-Click Start, click All Programs, click Administrative Tools, and then click Windows Firewall with Advanced Security.
-In the navigation pane, right-click Windows Firewall with Advanced Security on Local Computer, and then click Properties.
-On each of the Domain Profile, Private Profile, and Public Profile tabs, change the Firewall state option to On
OK, that’s it, we are now running our servers in Windows Azure. This without doing anything else than uploading my VHDs and configure the Virtual Network, Storage and VMs.

Before you implement Hyper-V R2 replication; tips, tricks, does and dont’s

This blog post describes how Hyper-V replica can put into place and what are the pro’s and cons for implementing Hyper-V replica. Futhermore this blog posts describes the things to consider when replicating SharePoint, SQL and Active Directory.

Hyper-V replica is an Hyper-V role; introduced in Windows 2012 and enhanced in Windows 2012 R2.
Hyper-V replica can asynchronously replicate a selected VM running at a primary site to a designated replica site across LAN/WAN based on the SMB 3.0 Protocol. This is possible without any need for clustered or central storage.

The only thing you need is local storage on both sites of disaster recovery (DR) site and the primary site (PR).

Hyper-V Replica

Why Hyper-V replication?
-Affordable in-box business continuity and disaster recovery
-Replication frequencies of 5 minutes (Configurable from 30 seconds, 5 minutes or 15 minutes in R2)
-Secure replication across network
-Agnostic of hardware on either site
-No need for other virtual machine replication technologies
-Automatic handling of live migration
-Simple configuration and management

New In Windows 2012 R2
-Replication in 2012 R2 is near synchronic
-Possibility to do test failovers
-Configure TCP settings (before bringing machine online) when brining to other side (inject as part of VMConfig) Extended Replication
-Once a VM has been successfully replicated to the replica site, replica can be replicated to a 3rd location
-Chained Replication
-Extended Replica contents match the original replication contents
-Extended Replica replication frequencies can differ from original replica
-Useful for scenarios such as SMB -> Service Provider -> Service Provider DR Site
Hyper-V Replication DR Site

Things to consider
At the moment there are some caveheats on this solution because Hyper-V replica is an a-synchronic replication some products need special attention (Exchange, SQL and AD).

-Windows Server 2012 Domain Controllers
To replicate Domain Controllers Windows 2012 is required. Windows Server 2012 Hyper-V introduces VM-GenerationID (VMGenID). VMGenID provides a way for the hypervisor to communicate to the guest OS when significant changes have occurred. For example, the hypervisor can communicate to a virtualized DC that a restore from snapshot has occurred (Hyper-V snapshot restore technology, not backup restore). AD DS in Windows Server 2012 is aware of VMGenID VM technology and uses it to detect when hypervisor operations are performed, such as snapshot restore, which allows it to better protect itself. See for more information

No Exchange Support for Hyper-V Replica
Exchange does not support the Hyper-V Replica feature.  Exchange has a long history of supporting virtualisation from Exchange 2003 onwards.  It is fully supported to install Exchange 2007, 2010 or 2013 as a virtual machine on Hyper-V, but using the Hyper-V replica feature is not supported. The product team is working an a solution for this.

After doing some test the Hyper-V failover of Exchange works most of the time (6 out of 10). Therefore we are still waiting on the product group of Exchange and a good offsite backup is therefore (always) an requirement.

-SQL Support
Minimal version of SQL Server 2008 R2 on Hyper-V Replica and is only supported when the EnableWriteOrderPreservationAcrossDisks flag is set. See for more information.

17th October – Microsoft released Windows Server 2012 R2 & System Center 2012 R2

Today Microsoft released the newest release of the new R2 wave for the System Center suite.
The software is ready to download from the official Microsoft sites like Techned and MSDN.

System Center R2 Released

System Center R2 Released

The following links take you to the What’s New topics for System Center 2012 R2.

System Center 2012 R2 App Controller
System Center 2012 R2 Configuration Manager
System Center 2012 R2 Data Protection Manager
System Center 2012 R2 Operations Manager
System Center 2012 R2 Orchestrator
System Center 2012 R2 Service Manager
System Center 2012 R2 Virtual Machine Manager

Furthermore Windows 8.1 and Windows Server 2012 R2 are also released today and ready for download.

Install Software Packages in a OSD Task Sequence using variables

When looking in SCCM implementations I regularly bump into the same issues. Lots of task sequences with a lot of different settings in them. Because of the exploding amount of task sequences there is a lot if differiation between them. This blog post describes how to use OSD variables to bring back the amount of sequences.

Let’s start,
This example is an school with student’s as well as teachers. They are divided into rooms by using the device collections. Depending on the (class) room they get the software they need.

First we start with creating a device collection for a room:
We are going to set the variables to the collections
– Go to Assets and Compliance, Device Collections, and choose Create Device Collection.
– Give the collection a name like “Classroom 141” and limit the collection to “All Collections
– Check Use incremental updates for this collection and turn off Schedule a full update on this collection.
– Choose Next, Yes and Finish the collection

Next we are going to set the collection variables
– Get the properties of the newly made collection, go to collection variables and fill in the following variables (depending on your structure)
Name                  Value
BSL                     Students Desktops
Domain                Students
OSDOUName       OU=R141,OU=Students Desktops,OU=Workstations,DC=students,DC=domain,DC=local



1. Let’s install software based on a variable
Now we can add the variables to the software library

– Go to Software Library, Task Sequences and Edit an task sequence.
– We created a Install CSL Applications (Common Software Layer); this is for software that is scoped on all desktop (like Office, flash, Adobe Reader ETC)
– We also created an Install BSL Applications (Business Software Layer) for specific software per/pc/room
Add the software to the BSL and choose Options
Add Condition and choose Task Sequence Variable BSL equals “Students Desktops”


2. Let’s install sofware based on a variable

OK lets go a little bit further, we are now going to add the computer in the AD OU based in the computer variable of the collection.
– Go to the Network Settings, Apply Network settings and set Join a domain, fill in the domain name and in the OU part you choose LDAP://%OSDOUName% as stated in the variable.

Flexible Domain Name

Now we are going to set the options so the proper collection is selected.
– Go to Options, Add condition, Task Sequence Variable and choose Domain equals “Students”

Flexible Domain Name II


Little recap;
– Made device collections based on rooms
– Filled in the variables for that device collections
– Set options for installing software based on device collection variables
– Placed machines in the proper OU based on device collection variables

Simple as that!

System Center 2012 R2 Release Date (SCOM, SCCM)

In 2012 Microsoft made public that they are going to release new versions of their major products at least once per year.
Because of their cloud based service they develop much faster as in the past.

Microsoft has already evaluation versions of System Center R2 available to eligible customers.
But the official release  available through the TechNet Evaluation Center. System Center 2012 R2 is available from TechNet and for new purchases on November 1st, 2013.

There’s even more good news:
Microsoft announced that Windows 8.1 will be available to consumers and businesses worldwide on October 18, 2013.


Prerequisites for setting up SCCM 2012 R2 on Windows 2012 R2

When installing System Center Configuration Manager 2012 R2, there are a number of prerequisite steps which need to be taken before installing the software.
They seem simple but can take up a few day’s to finish. I just put them below so we can quickly start the SCCM installation.

1. Change the E1000 NIC to VMXNET3 NIC this to avoid a lot of headache during the rest of the setup. See

1. Change the default network to the Legacy Network Adapter. This to support WOL and PXE integration

Extend Active Directory Schema
1. Extend Active Directory Schema for SCCM 2012 Domain Controllers. Navigate to  \SMSSetup\Bin\x64\ and execute Extadsch.exe
2. Create the System Container and assign Permissions

Site Server Prerequisites
1. We are going to install a stand alone Primary Site Server. Therefore these roles are neccesary; this powershell script install’s it automaticly

This needs to turn on a elevated PowerShell (RunAs Administrator)

Get-Module servermanager
Install-WindowsFeature Web-Windows-Auth
Install-WindowsFeature Web-ISAPI-Ext
Install-WindowsFeature Web-Metabase
Install-WindowsFeature Web-WMI
Install-WindowsFeature BITS
Install-WindowsFeature RDC
Install-WindowsFeature NET-Framework-Features
Install-WindowsFeature Web-Asp-Net
Install-WindowsFeature Web-Asp-Net45
Install-WindowsFeature NET-HTTP-Activation
Install-WindowsFeature NET-Non-HTTP-Activ

There is a bug in the .NET framework 3.5
You need your Windows Installation media to do this.
dism /online /enable-feature /featurename:NetFX3 /all /Source:d:\sources\sxs /LimitAccess

SQL Server considerations
1. Install the Database Engine feature for each site server, Management Tools and Reporting Services
2. Use the SQL_Latin1_General_CP1_CI_AS collation server
3. Apply SP1 and CU4 or later
4. Change MSSQLServer.exe account in services to an domain user account (best practice) account
5. Open the SQL ports for incomming traffic (1433 and 4022) and reporting (80 and 443)
6. Limit SQLServer memory to 70 – 80% of the addressable memory if the SQL is in a dedicated Server. if the SQL is co-located with the Site Server computer limit the memory to 50 – 70%.

Prerequisites for SCCM
1. Prevent SCCM from installing Files on the OS Drive (C:\) by placing no_sms_on_drive.sms in the root of the C:\ folder
2. Install WSUS on the Windows 2012 R2 server with powershell. This because there are some issues in WSUS in combination with Windows 2012
Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementTools
.\wsusutil.exe postinstall SQL_INSTANCE_NAME=”servername” CONTENT_DIR=”D:\Sources\WSUS\WSUS”
%programfiles%\update services\tools\wsusutil.exe postinstall CONTENT_DIR=D:\Sources\Wsus\WSUS SQL_INSTANCE_NAME=sqlservername
3. Do not configure WSUS
4. Install Windows ADK 8.1 download the new ADK to support Windows 8.1 and Server 2012 R2 from here
4. Install the ADK: User State Migration Tool (USMT), Windows Deployment Tools, Windows PreInstallation Environment (Windows PE)

That’s it, you can now start installing SCCM 2012 R2 !

OSD Task Sequence failed with 80091007 while configuring the SCCM client

We have a newly deployed SCCM 2012 R2 running on Windows Server 2012 R2. The W2K12 runs as VM on ESX 5.1.
After setting up the environment we had some very odd issues with OS deployment. The Task Sequence keeps failing when processing SCCM client installation. The issue occurs when installing the ConfigMgr client package then it fails straight away telling us that “The hash value is not correct (Error: 80091007; Source; Windows)”.

OSD Fail 80091007

It’s was very consistent and it happened every time. Redistribute the OS Image was successful but the installation still failed

We also ad a similar issue with Microsoft Lync 2013 on Windows 2012 which was loosing network connections. After some troubleshooting on both issues it seems like the E1000 adapter is not working properly with Windows 2012.

Change the E1000 NIC to a VMXNET3 NIC and the issue will be solved.

VMXNET 3: The VMXNET 3 adapter is the next generation of a paravirtualized NIC designed for performance, and is not related to VMXNET or VMXNET 2. It offers all the features available in VMXNET 2, and adds several new features like multiqueue support (also known as Receive Side Scaling in Windows), IPv6 offloads, and MSI/MSI-X interrupt delivery.

VMXNET 3 is supported only the following Microsoft Windows platforms:
Windows 7, XP, 2003, 2003 R2, 2008, 2008 R2, and Server 2012 
See for more information



Deploy all Windows Updates during the SCCM 2012 Task Sequence

I noticed that when I put Windows Updates in the SCCM 2012 Task Sequence (“Deploy” and the “Build and Capture”) some Software Updates weren’t installed. Even after updating the Operating System Images Offline the issue still remained.

Reason and solution
After some investigation the answer was relatively simple; The Configuration Manager Client caches the results of a Software Update evaluation scan.
I Noticed that this cache has a rather long TTL, longer than the Task Sequence lasted.
This post is on how to update the deployment completely by flushing the Windows Update cache.

1. Force all updates to run in the task sequence
In the Configuration Manager console, navigate to Administration, choose Software library, Operating Systems, Task Sequences, and edit the Task Sequence which you want to modify.
– After the complete installation choose Add, New Group and change the name to Windows Updates
Add another subgroup called Install Software Updates I
– Add, General, Install Software Updates
and name it Install Software Updates I
Install Updates SCCM 2012 - 1

– Add another subgroup called Install Software Updates II
– Add, General, Run Command Line 
and name it Scan for  Updates II
– In the command line type: WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000113}” /NOINTERACTIVE
Install Updates SCCM 2012 - 2

– Add, General, Run Command Line and name it Wait for Scan to Finish II
– In the Command line type: Powershell.exe -command start-sleep 30 Install Updates SCCM 2012 - 3
– Add, General, Install Software Updates and name it Install Software Updates II
Install Updates SCCM 2012 - 4
– Copy the Install Updates II folder 3 times and change the description. After this the sequence will run and install all updates.