SMS 2003 Client Health : GP Based Script

Source:-http://www.myitforum.com/absolutenm/templates/Articles.aspx?articleid=17217&zoneid=87

 

Overview

Workstation Client Health maintenance is a continuous process that must be maintained. The following document gives an overview on how to fix several common workstation issues.

CliFix GPO startup script :- Can be downloaded from here http://myitforum.com/cs2/blogs/scassells/Public_SMS_CLIFIX_4.19.vbs.txt

In an effort to reduce the amount of common workstation issues I have developed a script to check and change the following common issues. This script is to be run via GPO startup scripts. This requires the script to work as the system account and have intranet connectivity. Both are accomplished by running as a GPO. Script Requirements

1. Script must be in a location where the computers system account has access. Usually on your domain controller ex. \\FQDNDomain\sysvol\ FQDNDomain\
2. sc.exe must be present for full successful run.
   1. Either in the run path
   2. system32
   3. system32\DLLCache
   4. Note: there are multiple versions floating around in the average environment
3. regsvr32.exe needs to be present
4. %systemroot%\system32 needs to be in system path

Script Settings

All, unless I missed some, sections of the script can be turned on and off in the top of the script. Please review the script as some features will fail without modification.

Please Review the following CONFIG SETTINGS Variables:

• SMSVersion
• ConfigMgrVersion
• WKS_ASSIGNSITECODE
• WKS_CacheSize
• WKS_LocalAdminGroup
• WKS_admACCT
• RegPath
• strWebAddress
• StrCCRServer
• strCCRSiteCode
• CCMSetUP

What the Script Does

1. Checks to make sure the script has not run in X many hours.
   1. Example if X = 12 the script will not run again until at least 12 hours after the last occurrence.
   2. This will prevent a slow down on multiple reboots.
2. Sets DCOM permissions to be correct for SMS / SCCM configuration
3. Checks to make sure System Path has the 3 required windows paths enabled. (does NOT use WMI or require a restart to change values)
   1. C:\windows
   2. C:\windows\sysetm32
   3. C:\windows\system32\wbem
   4. Also removes %systemroot% from path replacing it with correct full path value
   5. If one of the 3 paths is missing, it will parse the full path removing duplicates and adding a,b,or c to the beginning of the path statement leaving all else unchanged.
4. Check to see if sc.exe exists in the run from directory and if not in the system32 directory
5. Checks to see if this script is run on a workstation or server. If a server kills the script
6. Checks to make sure the correct local admin group is present (value is set in header of script)
7. Checks WMI service to see if it is set to auto and running. If not executes sc.exe to start the service.
8. Attempts to connect to WMI object
9. If the WMI object connect fails
   1. Attempt to do a repair (if no previous status is present in the registry and approved via script switches)
   2. Attempt to do a rebuild (if ‘repair’ status is present in the registry and approved via script switches)
   3. If both the above have failed then do nothing and report major error
10. Checks to see if Admin$ is present, if not forces existence via WMI
11. Checks to see if msxml3.dll is registered, if not forces existence via WSH
12. Checks to see if Qmgr.dll and qmgrprxy.dll are registered, if not forces existence via WSH
13. Checks to see if OLEAut32.dll is registered, if not forces existence via WSH
14. Checks to make sure the following services are set to appropriate Status and Mode
    1. RPC
    2. WMI
    3. Firewall/ICS
    4. Server Service
    5. Remote Registry
    6. BITS
    7. Windows Update Services
    8. Terminal Services
    9. Windows Installer
    10. Note: You may want to review the settings for your environment on each of these services. All of the above services are set to default and either Manual or Automatic.
15. Check the SMS version
16. Checks the CCMExec service
17. If SMS is not correct version can be forced to do an install
    1. Needs Review
18. If the all of the above test passed without issue you have a healthy workstation. The following two checks are for SMS.
    1. Check log file last update time. If the PolicyEvaluator.log file has not been modified in past 14 days do a repair of the client.
    2. Check client assignment. If no assignment set new site code based on AD boundaries in which the client is present.
       1. Note: Some people may want to disable this as it relies on AD
19. If any fixes above had to be preformed
    1. Check the advanced client state. Which client policies have enabled.
    2. Check the cache size
    3. Send a Client Configuration Request (CCR) to have client installed
    4. Run CCMSetup from the install share on the server.

Note during this script several forms of reporting, logging, and information submitting have been preformed. The standard methods of reporting are:

• Event log
• Log file in the %temp% directory for the account used to run
  • GPO = C:\windows\temp
• Reporting to a website that submits client status to a SQL table.
  • Future WebPost on how to do this

Other verbose methods include:· Two levels of command line reportingo Log to Command lineo Verbose to command line· network share copy

Future Additions:

Area's that need improvement

• Checking the SMS Client
• Install methods for SMS/ConfigMgr Client
• ConfigMgr 2007 specific changes
• WMI fixing / integration with WMIDiag.vbs
  • http://www.microsoft.com/technet/scriptcenter/topics/help/wmidiag.mspx
• BITS Checking - Correct security
• BITS version correct

Computers in Workgroups

Configuration Manager 2007 provides support for clients in workgroups. It is also supported for a client to be moved from a workgroup to a domain or from a domain to a workgroup. To support workgroup clients, the following requirements must be met:

1. During client installation, the logged-on user must possess local administrator rights on the workgroup system. The only account that Configuration Manager 2007 can use to perform activities that require local administrator privileges is the account of the user that is logged on to the computer.

2. The Configuration Manager client must be installed from a local source on each client machine. This requirement ensures a local source for repair and client update application will be available for the client.

3. Workgroup clients must be able to locate a server locator point for site assignment because they cannot query Active Directory Domain Services. The server locator point can be manually published in WINS, or it can be specified in the CCMSetup.exe installation command-line parameters.

4. Workgroup clients use the Network Access Account, downloaded as part of their machine policy, to access package source files on distribution points.

Although workgroup computers can be Configuration Manager 2007 clients, there are inherent limitations in supporting workgroup computers:

Workgroup clients cannot reference Configuration Manager 2007 objects published to Active Directory Domain Services. For workgroup clients to locate their default management point computer, it must be registered and accessible to workgroup clients in either WINS or DNS.

1. Active Directory system, user, or user group discovery is not possible.

2. User targeted advertisements are not possible.

3. The client push installation method is not supported for workgroup client installation.

4. Using a workgroup client as a branch distribution point is not supported. Configuration Manager 2007

Dual Boot Computers

5. Configuration Manager 2007 cannot manage more than one operating system on a single computer. If there is more than one operating system on a computer that must be managed, tailor the discovery and installation methods used to ensure that the Configuration Manager client is installed only on the operating system that needs to be managed.

Unsupported Client Platforms

Unsupported Client Platforms
The Configuration Manager client is not supported on any operating system prior to Windows 2000 Service Pack 4. Installing the Configuration Manager client is explicitly not supported on the following operating system versions:

 Windows 95
 Windows 98
 Windows Millennium Edition
 Windows XP Media Center Edition
 Windows XP Starter Edition
 Windows XP Home Edition
 Windows XP Professional, with less than Service Pack 2 applied
 Windows Vista Starter Edition
 Windows Vista Home Basic Edition
 Windows Vista Home Premium Edition
 Windows NT Workstation 4.0
 Windows NT Server 4.0
 Windows 2000 Server, Service Pack 3 and earlier
 Windows 2003 Server, with no service pack installed
 Windows CE 3.0
 Windows Mobile Pocket PC 2002
 Windows Mobile SmartPhone 2002

Upgrade Configuration Manager client from SMS 2003

• Create a report that counts all client versions. (This is optional, just for information purposes).
  Report query is:

  SELECT TOP (100) PERCENT Client_Version0 AS [ConfigMgr client version], COUNT(Client_Version0) AS Total
FROM dbo.v_R_System GROUP BY Client_Version0, Client0 HAVING (Client0 = 1)
ORDER BY Total DESC, [ConfigMgr client version]

• Create a collection (“Older Clients” for example) with all system resources with a client version not 4.00.6487.2000.
  Collection query is:

  SELECT SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client
FROM SMS_R_System
WHERE SMS_R_System.ClientVersion != "4.00.6487.2000"

  This way, system resources with older client version will be members of this collection.

• Created a package and program with ConfigMgr client upgrade with custom command line parameters.
  Program command line is:

  CCMSETUP.EXE /noservice SMSSITECODE=CFM SMSCACHESIZE=1024 SMSSLP=CFM.DOMAIN.COM SMSMP=CFM.DOMAIN.COM RESETKEYINFORMATION=TRUE

• Advertised it to “Older Clients” collection.

Now, as system resources with older client version are members of this collection they will receive the advertisement and will silently install the latest ConfigMgr client.

When the collection will have no system resources, I will know that all clients are upgraded. Also, I can check this by opening the same report from any browser on any computer.

Custom Error Codes for Configuration Manager 2007

Client Custom Error Codes

 

Error Code	Description
CCM_ERRORCODE(0x 80040200) NAMENOTFOUND2147746304	Name not found
CCM_ERRORCODE(0x 80040201) BADNAMEFORMAT2147746305	Incorrect name format
CCM_ERRORCODE(0x 80040202) SERVICESHUTDOWN2147746306	Service is shutting down
CCM_ERRORCODE(0x 80040203) DATAEMPTY2147746307	No data supplied
CCM_ERRORCODE(0x 80040204) DATATOOLARGE2147746308	Data too large
CCM_ERRORCODE(0x 80040205) INVALIDPATH2147746309	Invalid path
CCM_ERRORCODE(0x 80040206) INVALIDFILE2147746310	Invalid file
CCM_ERRORCODE(0x 80040207) PARSE2147746311	Parsing error
CCM_ERRORCODE(0x 80040208) INVALIDCOMMAND2147746312	Invalid command
CCM_ERRORCODE(0x 80040209) DATATYPEMISMATCH2147746313	Data type mismatch
CCM_ERRORCODE(0x 80040210) INVALIDTRANSLATOR2147746320	Invalid Translator
CCM_ERRORCODE(0x 80040211) INVALIDADDRESS2147746321	Invalid Address
CCM_ERRORCODE(0x 80040212) CONTEXTCLOSED2147746322	Context is closed
CCM_ERRORCODE(0x 80040213) TIMEOUT2147746323	Timeout occurred
CCM_ERRORCODE(0x 80040214) INVALIDNAMELEN2147746324	Invalid name length
CCM_ERRORCODE(0x 80040215) ITEMNOTFOUND2147746325	Item not found
CCM_ERRORCODE(0x 80040216) INVALIDSERVICEPARAM2147746326	Invalid service parameter. The WMI file could be corrupt or there was a manual change to a site control file.
CCM_ERRORCODE(0x 80040217) DATACORRUPT2147746327	Data is corrupt
CCM_ERRORCODE(0x 80040218) INVALIDSERVICESETTING2147746328	Invalid service settings
CCM_ERRORCODE(0x 80040219) GLOBALSERVICENOTSET2147746329	Global service not set
CCM_ERRORCODE(0x 80040220) INVALIDTYPE2147746336	Invalid type
CCM_ERRORCODE(0x 80040221) INVALIDUSER2147746337	Invalid user. An operation for a user that is not logged on is in process or the user account is invalid.
CCM_ERRORCODE(0x 80040222) CANCELLED2147746338	Operation cancelled
CCM_ERRORCODE(0x 80040223) VERSIONMISMATCH2147746339	Version mismatch
CCM_ERRORCODE(0x 80040224) INVALIDMESSAGE2147746340	Invalid message
CCM_ERRORCODE(0x 80040225) INVALIDADDRESSTYPE2147746341	Invalid address type
CCM_ERRORCODE(0x 80040226) INVALIDPROTOCOL2147746342	Invalid protocol
CCM_ERRORCODE(0x 80040227) DISABLED2147746343	Functionality disabled
CCM_ERRORCODE(0x 80040228) INVALIDENDPOINT2147746344	Invalid endpoint
CCM_ERRORCODE(0x 80040229) GETCREDENTIALS2147746345	Failed to get credentials
CCM_ERRORCODE(0x 80040230) LOGONUSER2147746352	Error logging on as given credentials
CCM_ERRORCODE(0x 80040231) TRANSIENT2147746353	Transient error that could indicate a network problem.
CCM_ERRORCODE(0x 80040232) MESSAGENOTSIGNED2147746354	Message not signed
CCM_E_MESSAGENOTTRUSTED(0X 0x80040233)2147746355	Message not trusted
CCM_ERRORCODE(0x 80040234) INTERNALENDPOINT2147746356	Internal endpoint cannot receive a remote message
CCM_ERRORCODE(0x 80040235) PARSE_SYNTAX2147746357	Syntax error occurred while parsing
CCM_ERRORCODE(0x 80040236) LOWMEMORY2147746358	Low memory.
CCM_ERRORCODE(0x 80040237) REPLYMODE_INCOMPATIBLE2147746359	Reply mode incompatible
CCM_ERRORCODE(0x 80040238) PUBLIC_KEY_NOT_FOUND2147746360	Public key not found
CCM_ERRORCODE(0x 80040239) CLIENT_ID_NOT_FOUND2147746361	Client ID not found
CCM_ERRORCODE(0x 80040240) INSUFFICIENTDISKSPACE2147746368	Insufficient disk space
CCM_ERRORCODE(0x 80040241) DATABASE_CONNECT_FAILED2147746369	Failed to connect to database
CCM_ERRORCODE(0x 80040242) STORED_PROCEDURE_FAILED2147746370	Stored procedure failed
CCM_ERRORCODE(0x 80040243) PUBLIC_KEY_MISMATCH2147746371	Public key mismatch
CCM_E_BAD_HTTP_STATUS_CODE (0x 8004027E) 2147746430	Client communication from the management point failed.
CCM_E_EMPTY_CERT_STORE (0x 80040280) 2147746432	A valid certificate was not found in the certificate store.
CCM_E_NO_CERT_MATCHING_CRITERIA (0x 80040281) 2147746433	No valid certificate could be found using the specified certificate selection.
CCM_E_TOO_MANY_CERTS (0x 080040282) 2147746434	More than one valid certificate was located
CCM_E_MISSING_PRIVATEKEY (0x 080040283) 2147746435	The selected certificate does not have a corresponding private key, which is required for successful communication.
CCM_E_MISSING_SUBJECT_NAME (0x 080040284) 2147746436	The selected certificate does not have a Subject Name defined.
CCM_E_UNKNOWN_SEARCH_CRITERIA (0x 080040285) 2147746436	The certificate selection criteria syntax is invalid.
CCM_E_INVALID_SMS_AUTHORITY (0x 080040286) 2147746437	The certificate does not successfully chain to a trusted root certification authority.
CCM_E_MISSING_SITE_SIGNING_CERT (0x 080040287) 2147746438	Cannot locate the required Configuration Manager site server signing certificate for this site.
HandleRemoteSyncSend failed (0x80040309).2147746569	The 'trust failed'. This happens when the client doesn't trust data from the management point.
CForwarder_Sync::Send failed (0x80040309).2147746569	The 'trust failed'. This happens when the client doesn't trust data from the management point.
CForwarder_Base::Send failed (0x80040309).2147746569	The 'trust failed' This happens when the client doesn't trust data from the management point.
CCM_E_LOCATION_MPREFRESHCCM_ERRORCODE(0x80040300)2147746560	Client trying to refresh management point and it is empty.
CCM_E_LOCATION_NOADCCM_ERRORCODE(0x80040301)2147746561	Client is configured to only read Active Directory Domain Services and couldn't find the requested location (site assignment, management point) data.
CCM_E_LOCATION_NOTASSIGNEDCCM_ERRORCODE(0x80040302)2147746562	Client is trying to do something that requires being assigned to a site and it is not assigned. Only called from NAP when trying to refresh the management point.
CCM_E_LOCATION_INTERNALERRORCCM_ERRORCODE(0x80040303)2147746563	Internal error
CCM_E_LOCATION_BADSERVERCERTCCM_ERRORCODE(0x80040304)2147746564	Management point certification is corrupt from client's perspective, which could be due to network corruption or an attacker.
CCM_E_LOCATION_BADCLIENTCERTCCM_ERRORCODE(0x80040305)2147746565	Client certification is corrupt from site system's perspective, which could be due to network corruption or an attacker.
CCM_E_LOCATION_MPUNREACHABLECCM_ERRORCODE(0x80040306)2147746566	Client failed to connect to management point to make a location services request (MPLIST or MPKEYINFORMATION).
CCM_E_LOCATION_PROXYMPREFRESHCCM_ERRORCODE(0x80040307)2147746567	Client is trying to refresh proxy management point and it's empty. May only be called from NAP when trying to refresh the proxy management point.
CCM_E_LOCATION_LOCALMPREFRESHCCM_ERRORCODE(0x80040308)2147746568	Client is trying to refresh local management point and it's empty. Only called from NAP when trying to refresh proxy management point.
CCM_E_LOCATION_MESSAGEFAILEDCCM_ERRORCODE(0x80040309)2147746569	In most cases this indicates that the in band server authorization failed on a client, usually because the trusted root key does not match the management point certificate.

Desired Configuration Management Custom Error Codes

 

Error Code	Description
0x80040752 E_DCM_DOTNETMISSING	Microsoft .NET Framework 2.0 or later not installed
0x80040756 E_DCM_SDM_REPORTING_FAILED 2147747670	Client failed to report state or status.
0x80040763 E_DCM_CI_INTERNAL_FAILURE 2147747683	WMI corruption or heap corruption
0x80040764 E_DCM_SDM_INTERNAL_FAILURE	WMI corruption, memory corruption, disk corruption
0x80040765 E_DCM_SDM_CLRHOST_LAUNCH_FAILURE	Problem with client installation or.NET Framework 2.0 installation

Inventory Custom Error Codes

 

Error Code	Description
0x80040900	A valid WMI instance inventoried could not be added to the report. The __Path property may be undefined.

Mobile Device Management Custom Error Codes

 

Error Code	Description
-2147220846FFFFFFFF80040292	Unable to compute message signature for in-band authentication.
-2147220843FFFFFFFF80040295	Unable to find a valid client authentication certificate for registration.
11520	Mobile device client deployment action failed. Failed to establish ActiveSync or Mobile Device Center connection to the mobile device.
11521	Mobile device client deployment action failed. Invalid client settings file.
11522	Mobile device client deployment action failed. Error determining running directory for DmClientXfer.exe
11523	Mobile device client deployment action failed. Required ActiveSync libraries missing.
11524	Mobile device client deployment action failed. Could not determine processor type of attached mobile device.
11525	Mobile device client deployment action failed. Could not determine base operating system version of attached mobile device.
11526	Mobile device client deployment action failed. Error determining client version for the attached mobile device.
11527	Mobile device client deployment action failed. Error creating client settings .ini file.
11528	Mobile device client deployment action failed. Failed to copy files to the attached mobile device.
11529	Mobile device client deployment action failed. Failed executing the mobile device client installer program on attached mobile device.
11530	Mobile device client deployment action may have failed. Failed reading status information from the mobile device.
11540	Mobile device client deployment action failed. Error determining running directory for the mobile device client installer program.
11541	Mobile device client deployment action failed. Error executing the pre-install command line.
11542	Mobile device client deployment action failed. Error executing the post-install command line.
11550	Mobile device client installation or upgrade failed. Error during removal of the previous client.
11551	Mobile device client installation or upgrade failed. Invalid client settings file.
11552	Mobile device client installation or upgrade failed. Error installing client CAB file.
11553	Mobile device client installation or upgrade failed. Error starting client service.
11554	Mobile device client installation or upgrade failed. Error updating client settings.
11555	Device Client Deployment failed with unknown error.
11560	Mobile device client verification or repair failed. Error during removal of previous client.
11561	Mobile device client verification or repair failed. Invalid client settings file.
11562	Mobile device client verification or repair failed. Error installing client CAB file.
11563	Mobile device client verification or repair failed. Error starting client service.
11564	Mobile device client verification or repair failed. Error updating client settings.
11565	Mobile device client verification or repair failed. Error restoring required files.
11566	Mobile device client privileged certificate installation failed.
11567	Encountered unknown error installing the device client.
11568	Mobile device client setup failed to launch during install.
11570	Mobile device client removal failed. Error using unload.exe to uninstall the existing client.
11571	Mobile device client install/upgrade failed. Error enforcing new client. Mobile device rolled back to old client (if existed before).
11572	Mobile device client rollback failed during unsuccessful upgrade. Error enforcing old client.
11573	Mobile device client failed to perform post cab install actions. Device client installation failed.

Operating System Deployment Custom Error Codes

 

Error Code	Description
0x80040001	Could not get the client GUID
0x80040101	Network access account is not set
0x80040102	No content location returned for the given package
0x80040103	Could not access package content in the DP
0x80040104	Could not find reference program policy
0x80040105	Could not find CCM_ClientAgentConfig raw policy
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,1)	An invalid image capture path has been specified.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,2)	An invalid image file name extension has been specified.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,3)	An invalid image file name extension has been specified.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,4)	Image capture path is too long
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,5)	An invalid image file name extension has been specified.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,1)	Timeout waiting for PNP to finish initialization.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,2)	Task sequence failed in Windows PE
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,1)	An invalid network adapter index has been specified
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,1)	Sysprep is not installed
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,2)	Sysprep is invalid
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,3)	Invalid System Partition
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,4)	Machine is joined to a domain
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,5)	Machine is domain controller
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,1)	A default management point has not been assigned for this site.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,2)	Certificates for the default management point are not available.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,3)	Package {0} is not available on the specified distribution points.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,4)	Invalid password for media certificate
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,5)	The media certificate does not have an associated private key
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,6)	The certification authority's certificate has not been set for this site.

Remote Tools Custom Error Codes

 

Error Code	Description
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,1)	Another remote control session is already in progress. Remote Control does not support multiple concurrent remote control sessions.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,2)	Level of access allowed is set to "No Access" in the Remote Tools client agent General tab on the site server or in the Remote Control control panel applet.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,3)	Remote Control Agent was not properly installed on the client.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,4)	No interactive session found on the client.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,5)	Remote computer screen is locked.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,6)	Failed to create the RDP session.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,8)	Remote Tools is disabled.
MAKE_HRESULT(SEVERITY_ERROR,FACILITY_ITF,9)	Failed to launch the Remote Control Agent process.

Software Distribution Custom Error Codes

 

Error Code	Description
E_FAIL_EXECUTION_PENDING 0x80008001	The program cannot be run now from the client UI because : A restart is in progress. or Software Distribution is paused because of a task sequence running or Another program is currently running NOTE: This error code is only returned to the UI and is not present in status messages.
E_FAIL_DUPLICATE_REQUEST 0x80008002	The program cannot be run again from the client UI because it is already pending, an optional (initiated from the UI) run request already exists for it. NOTE: This error code is only returned to the UI and is not present in status messages.
E_SWDIST_POLICY_NOT_FOUND 0x80002004	The software distribution policy was not found.
E_FAIL_PROGRAM_DISABLED 0x80008004	The program cannot run because it is currently disabled.
E_FAIL_INVALID_POLICY 0x80008005	This error code can be returned on the client if policy cannot be found or the policy is not valid to run or cancel the requested program. NOTE: This error code is currently not sent in status messages.
E_FAIL_INVALID_PROGRAM 0x80008006	The requested program is not currently pending. This error code can be returned on the client if the user attempts to continue or cancel the program that is not currently pending. It can also be returned to the task sequence manager (TSM) when TSM requests download locations for packages that are not referenced by the currently running task sequence. NOTE: This error code is not raised in status messages by Software distribution, but could be raised by task sequence.
E_FAIL_SET_CACHEDCONTENTINUSE 0x80008008	Unable to set the CachedContentInUse flag. Failed to indicate the client cache is currently in use.
E_FAIL_WMI_ERROR 0x80008009	Failed to read data from WMI. The program could not continue because a system restart is in progress or there is already a run request for this program that requires a reboot.
E_FAIL_REQUEST_NOT_FOUND 0x80008011	Used for Task Sequence. Failed to reconnect to Task Sequence job because a request cannot be found with the given job ID. NOTE: Not sent in status message by Software Distribution, but may be used by task sequence.
E_FAIL_ACTIVE_REQUEST_NOT_FOUND 0x80008012	There is no program currently running. This error code is returned to task sequence when there is no run request that is currently running, but task sequence tries to get the currently running request.
E_FAIL_DEPENDENCY_NOT_RUN 0x80008013	This program cannot run because it depends on another program that has not run successfully before. This error code is returned to task sequence manager when a task sequence Install Software Action step cannot be run because the step has a child program which has not been run before.
E_FAIL_USER_REQUIRED 0x80008014	This error code is returned to task sequence manager when an "Install Software" step cannot be run because the software distribution program in this step is targeted to a user, requires user input or is set to run in user context
E_FAIL_SWD_NOT_PAUSED 0x80008015	Failed to notify caller that software distribution is paused because the paused state or paused cookie do not match.
E_FAIL_INVALID_HASH 0x80008017	The content hash string or hash versions are empty or incorrect in the software distribution policy or the hash verification failed.
E_FAIL_CANNOT_RUN_ON_INTERNET 0x80008018	The program cannot run at this time because the client is on the internet.
E_FAIL_EXECUTION_NONFATAL 0x80008100	A non fatal error has been encountered while attempting to run the program. The program execution will be retried if the retry count has not been exceeded.
E_FAIL_BAD_ENVIRONMENT_NONFATAL 0x80008103	A non fatal error occurred while preparing to run the program, for example when creating the program execution environment, making a network connection, impersonating the user, determining the file association information, or when attempting to launch the program. This program execution will be retried if the retry count has not been exceeded.
E_FAIL_PROGRAM_NOT_MONITORED 0x80008105	An error was encountered while getting the process information for the launched program and the program execution will not be monitored.
E_FAIL_BAD_ENVIRONMENT_FATAL 0x8000910A	A fatal error occurred while preparing to run the program, for example when creating the program execution environment, making a network connection, impersonating the user, determining the file association information, or when attempting to launch the program. This program execution will not be retried.
E_FAIL_EXECUTION_FATAL 0x80009101	A fatal error has been encountered while attempting to run the program. The program execution will not be retried.
E_FAIL_INVALID_PROGRAM_OBJECT 0x80009102	An error occurred while creating the execution context. This is error code indicates that an error was encountered while creating the internal execution context object. This is most likely not due to configuration errors, but could be because of low memory conditions, COM failures or other external errors.
E_FAIL_INVALID_CMDLINE 0x80009104	The command line for this program is invalid.
E_FAIL_NO_CONTENT 0x80009106	Failed to verify the executable file is valid or to construct the associated command line.
E_FAIL_NO_SOURCE 0x80008107	Failed to access all the provided program locations. This program may retry if the maximum retry count has not been reached.
E_INVALID_CONTENT_REQUEST_HANDLE 0x80008200	This is an internal error. No content request found with the given handle.
E_NO_SPACE_IN_CACHE 0x80008201	The content download cannot be performed because there is not enough available space in cache or the disk is full.
E_CACHE_TOO_SMALL 0x80008202	The content download cannot be performed because the total size of the client cache is smaller than the size of the requested content.
E_CACHE_IN_USE 0x80008203	The client cache is currently in use by a running program or by a download in progress.
E_NO_DP_FOUND 0x80008204	NOTE: this error code is sent at least in status message 10051. No distribution points were found for the requested content.
E_FAIL_LOCATION_REQUEST 0x80008210	Failed to get content locations.
E_FAIL_JOB_PENDING 0x80008250	The computer restart cannot be initiated because a software installation job is in progress.
E_FAIL_INACCESSIBLE_SOURCE 0x80009108	Failed to access all the provided program locations. This program will not retry.
E_FAIL_INVALID_MSI 0x80009109	Failed to verify that the given file is a valid installation package.

Software Updates Custom Error Codes

 

Error Code	Description
E_UPDDEPLOY_APPLY_NOT_REQUIREDCCM_ERRORCODE(0x80040708)2147747592	Software Updates Install not required.
E_MONITOR_RESUME_FAILURECCM_ERRORCODE(0x80040709)2147747593	Failed to resume the monitoring of the process.
E_INVALID_CMDLINECCM_ERRORCODE(0x8004070A)2147747594	Invalid command line
E_CREATEPROCESS_FAILURECCM_ERRORCODE(0x8004070B)2147747595	Failed to create process
E_EXECUTION_TIMEOUTCCM_ERRORCODE(0x8004070C)2147747596	Software update execution timeout
E_UPDATE_FAILED_RESULTCCM_ERRORCODE(0x8004070D)2147747597	Software update failed when attempted
E_EMPTY_COMMANDLINECCM_ERRORCODE(0x8004070E)2147747598	Empty command line specified
E_INVALID_INSTALLER_PATHCCM_ERRORCODE(0x8004070F)2147747599	Invalid updates installer path
E_COMPARE_CREATION_TIMESCCM_ERRORCODE(0x80040710)2147747600	Failed to compare process creation time.
E_DEPLOYMENT_NOT_ACTIVECCM_ERRORCODE(0x80040711)2147747601	Software updates deployment not active yet for example, start time is in future
E_UPDDEPLOY_REBOOT_REQUIREDCCM_ERRORCODE(0x80040712)2147747602	A system restart is required to complete the installation.
E_NO_DETECT_RESULTCCM_ERRORCODE(0x80040713)2147747603	Software updates detection results not received yet.
E_UPDATES_USERINSTALL_RESTART_PENDING CCM_ERRORCODE(0x80040714)2147747604	User based install not allowed as system restart is pending.
E_USERINSTALL_NO_UPDATESCCM_ERRORCODE(0x80040715)2147747605	No applicable updates specified in user install request.
E_NOINTERFACE FFFFFFFF80004002-2147467262	No such interface supported
[DCOM belly up] CAgent::CreateJob failed FFFFFFFF8007000E-2147024882	Not enough storage is available to complete this operation.
ERROR_TIMEOUT FFFFFFFF800705B4-2147023436	This operation returned because the timeout period expired.
[Scan fails on x64vista] OnSearchComplete0x80240032[WU]-2145124302	Failed to end search job [SMS] WU client failed Searching for update with error.
WU_E_PT_WINHTTP_NAME_NOT_RESOLVED Same as -ERROR_WINHTTP_NAME_NOT_RESOLVED FFFFFFFF8024402C-2145107924	The proxy server or target server name cannot be resolved.
FFFFFFFF80040692-2147219822	Group Policy conflict
FFFFFFFF80040693-2147219821	Low WUA version
WU_E_PT_HTTP_STATUS_BAD_GATEWAYFF80244021-2145107935	Same as HTTP status 502. The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.
-939523070ERROR_OBJECT_ALREADY_EXISTS FFFFFFFFC8000402	Object already exists
[SA fail if SWD not working] createInstance failed for UpdateServiceManager FFFFFFFF80040154-2147221164	Class not registered
FFFFFFFF800705B4-2147023436	This operation returned because the timeout period expired.
ERROR_INTERNET_TIMEOUT FFFFFFFF80072EE2-2147012894	Internet timeout
ERROR_WINHTTP_CANNOT_CONNECT or ERROR_INTERNET_CANNOT_CONNECT FFFFFFFF80072EFD-2147012867	Internet cannot connect
E_INVALIDSTATE_AFTER_APPLY FFFFFFFF80040668-2147219864	Software update still detected as actionable after apply.
E_EXECUTION_TIMEOUT FFFFFFFF8004070C-2147219700	Software update execution timeout
WU_E_PT_WINHTTP_NAME_NOT_RESOLVED - same as ERROR_WINHTTP_NAME_NOT_RESOLVEDFFFFFFFF8024402C-2145107924	The proxy server or target server name cannot be resolved.
ERROR_PATH_NOT_FOUND FFFFFFFF80070003-2147024893	The system cannot find the path specified.
ERROR_FILE_EXISTS FFFFFFFF80070050-2147024816	The file exists
ERROR_ACCESS_DENIED or E_ACCESS_DENIEDFFFFFFFF80070005-2147024891	Access denied
WU_E_PT_WINHTTP_NAME_NOT_RESOLVED Same as ERROR_WINHTTP_NAME_NOT_RESOLVED FFFFFFFF8024402C-2145107924	The proxy server or target server name cannot be resolved.
ERROR_INAVILD_ENVIROMENT FFFFFFFF8004070D-2147219699	Software update failed when attempted.
Install Errors
-Last Install Error FF8024402C WU_E_PT_WINHTTP_NAME_NOT_RESOLVED - same as ERROR_WINHTTP_NAME_NOT_RESOLVED2145107924	The proxy server or target server name cannot be resolved.
Last Install Error FF8007066F ERROR_PATCH_NOT_APPLIED -2147023249	Can sometimes happen when Windows Installer configuration for an installed application is out of sequence for example, Windows Installer thinks it has more patches applied than is really the case (this sometimes used to happen with roaming profiles).
Last Install ErrorFF8007064 ERROR_INSTALL_FAILURE-2147023293	Generic failure code from Windows Installer installs.
Last Install ErrorFF8007F0F4 STATUS_PREREQUISITE_FAILED-2146963212	Generated by update.exe. People seem to be getting this when they try to install a Service Pack while on battery power.
Last Install ErrorFF8007F0F5 WU_E_DM_INCORRECTFILEHASH-2146963211	The WU Agent's metadata store and the policy received by ccmexec could be out of sync.
Last Install Error FF8007F0F6 ERROR INVALID PARAMETER-2146963212	Failed to start the installation of updates because update is not found
Scan Failures
Last Scan ErrorFF80244021WU_E_PT_HTTP_STATUS_BAD_GATEWAY-2145107935	Possible network connectivity issues
Last Scan ErrorFF8024001DWU_E_INVALID_UPDATE-2145124323	An update contains invalid metadata.
Last Scan ErrorFF80004002E_NOINTERFACE-2147467262	No such interface supported
Last Scan ErrorFFC8000402RECORD TOO BIG-939523070	This seems to be a recoverable error, and possibly due to many Scan Service Packages left around when the 2003 ITMU was used. This is NOT the case.
FF8024400A WU_E_PT_SOAPCLIENT_PARSE1097366519818	Needs update
Last Scan ErrorWU_E_SERVICE_STOPFF8024001E-2145124322	Operation did not complete because the service or system was being shut down.
Last Scan ErrorFF8024400DWU_E_PT_SOAP_CLIENT-2145107955	SOAP client found the message was malformed.
Last Scan ErrorFFC800042DRefreshServerUpdateInfo-939523027	WSUS unable to update software distribution folder. Scans fail.
Last Scan ErrorFF80244022WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL-2145107934	HTTP status 503. The service is temporarily overloaded.
Last Scan ErrorFF80240032WU_E_INVALID_CRITERIA-2145124302	The search criteria string was invalid.
Last Scan ErrorFF80240013WU_E_DUPLICATE_ITEM-2145124333	Failed to add file to the FileLocationList.
Last Scan ErrorFF8007041DERROR SERVICE REQUEST TIMEOUT-2147023843	The service did not respond to the start or control request in a timely fashion.
E_FAIL_POLICY_NOT_FOUNDCCM_ERRORCODE(0x80040600)2147747328	Scan Tool Policy not found
E_LOCATION_TIMEOUTCCM_ERRORCODE(0x80040602)2147747330	Out of cache space
E_SCANTOOL_POLICY_REMOVEDCCM_ERRORCODE(0x80040603)2147747331	The ScanTool Policy has been removed so cannot complete Scan Operation.
E_SCANTOOL_NOTFOUND_INJOBQUEUECCM_ERRORCODE(0x80040604)2147747332	The ScanTool was not found in the job queue.
E_FAIL_SCAN_TOOL_REMOVEDCCM_ERRORCODE(0x80040605)2147747333	Scan Tool has been Removed
E_FAIL_OFFLINE_SCAN_HISTORY_NOT_FOUNDCCM_ERRORCODE(0x80040606)2147747334	Scan Tool Policy not found
E_CONTENT_NOT_FOUNDCCM_ERRORCODE(0x80040607)2147747335	Out of cache space
E_INVALID_INSTANCE_TYPECCM_ERRORCODE(0x80040608)2147747336	Out of cache space
E_NO_SPACE_IN_CACHE0x800082012147516929	Out of cache space
E_CACHE_TOO_SMALL0x800082022147516930	Cache size is smaller than requested content's size.
Deployments Agent Specific Errors
E_UPDDEPLOY_APPLY_NOT_ALLOWED CCM_ERRORCODE(0x80040700)2147747584	Install not allowed
E_UPDDEPLOY_DOWNLOAD_NOT_ALLOWED CCM_ERRORCODE(0x80040701)2147747585	Download not allowed
E_ASSIGNMENT_POLICY_NOT_FOUNDCCM_ERRORCODE(0x80040702)2147747586	Assignment policy not available
E_ANOTHER_JOB_IN_PROGRESSCCM_ERRORCODE(0x80040703)2147747587	Only one job is allowed at a time
E_HARDREBOOT_PENDINGCCM_ERRORCODE(0x80040704)2147747588	Only one job is allowed at a time.
2147747589E_PAUSE_STATE_REQUIREDCCM_ERRORCODE(0x80040705)	Pause state required
2147747590E_NO_ACTIVE_JOBCCM_ERRORCODE(0x80040706)	No active job exists (while reconnect called).
2147747591E_JOB_ID_MISMATCHCCM_ERRORCODE(0x80040707)

-------------------
Thanks,
http://sccm07.blogspot.com/

State Messages in Configuration Manager 2007

Topic Type	Description
200	NAP
300	SUM_ASSIGNMENT_COMPLIANCE
301	SUM_ASSIGNMENT_ENFORCEMENT
302	SUM_ASSIGNMENT_EVALUATION
400	SUM_CI_DETECTION
401	SUM_CI_COMPLIANCE
402	SUM_CI_ENFORCEMENT
500	SUM_UPDATE_DETECTION
501	SUM_UPDATE_SOURCE_SCAN
700	RESYNC_STATE_MSG
701	SYSTEM_HEARTBEAT
702	DDM ClientKeyData change
800	CLIENT_DEPLOYMENT
900	BRANCH_DP
1000	CLIENT_FRAMEWORK_COMM
1001	CLIENT_FRAMEWORK_LOCAL
1002	DEVICE_CLIENT_FRAMEWORK_COMM
1003	DEVICE_CLIENT_FRAMEWORK_LOCAL
1004	DEVICE_CLIENT_FRAMEWORK_CERTIFICATE
1100	CLIENT_FRAMEWORK_MODEREADINESS
1500	CAL_TRACK_UT
1501	CAL_TRACK_UL
1502	CAL_TRACK_MT
1503	CAL_TRACK_ML

State Messages Sent by Configuration Manager Clients

The following table lists the ID number and description for state messages sent by Configuration Manager clients. State message IDs are used to define specific state messages for each topic type. The state message description describes the state message sent by clients.

 

Topic Type	State Message ID	State Message Description
300	0	Compliance state unknown
300	1	Compliant
300	2	Non-compliant
300	3	Conflict detected
301	0	Enforcement state unknown
301	1	Installing update(s)
301	2	Waiting for restart
301	3	Waiting for another installation to complete
301	4	Successfully installed update(s)
301	5	Pending system restart
301	6	Failed to install update(s)
301	7	Downloading update(s)
301	8	Downloaded update(s)
301	9	Failed to download update(s)
301	10	Waiting for maintenance window before installing
302	0	Evaluation state unknown
302	1	Evaluation activated
302	2	Evaluation succeeded
302	3	Evaluation failed
400	0	Detection state unknown
400	1	Not Required
400	2	Not Detected
400	3	Detected
401	0	Compliance state unknown
401	1	Compliant
401	2	Non-Compliant
401	3	Conflict Detected
401	4	Error
402	0	Enforcement state unknown
402	1	Enforcement started
402	2	Enforcement waiting for content
402	3	Waiting for another installation to complete
402	4	Waiting for maintenance window before installing
402	5	Restart required before installing
402	6	General failure
402	7	Pending installation
402	8	Installing update
402	9	Pending system restart
402	10	Successfully installed update
402	11	Failed to install update
402	12	Downloading update
402	13	Downloaded update
402	14	Failed to download update
500	0	Detection state unknown
500	1	Update is not required
500	2	Update is required
500	3	Update is installed
501	0	Scan state unknown
501	1	Scan is waiting for content
501	2	Scan is running
501	3	Scan completed
501	4	Scan is pending retry
501	5	Scan failed
501	6	Scan completed with errors
501	7	SMS 2003 client
800	100	Client deployment started
800	301	Unknown client deployment failure.
800	302	Failed to create the ccmsetup service
800	303	Failed to delete the ccmsetup service
800	304	Cannot install over embedded operating system with File Based Write Filter (FBWF) enabled on system drive
800	305	Native security mode is not valid on Windows 2000
800	306	Failed to start ccmsetup download process
800	307	Non-valid ccmsetup command line
800	308	Failed to download file over WINHTTP at address
800	309	Failed to download files through BITS at address
800	310	Failed to install BITS version
800	311	Can't verify that prerequisite file is MS signed
800	312	Failed to copy file because disk is full
800	313	Client.msi installation failed with MSI error
800	314	Failed to load ccmsetup.xml manifest file
800	315	Failed to obtain client certificate
800	316	Prerequisite file is not MS signed
800	317	Reboot required to continue installation
800	318	Can't install the client on the MP because the MP and client versions don't match
800	319	Operating system or service pack not supported
800	400	Client deployment succeeded
800	500	Client assignment started
800	601	Unknown client assignment failure
800	602	The following site code is invalid
800	603	Failed to assign to MP
800	604	Failed to discover default management point
800	605	Failed to download site signing certificate
800	606	Failed to auto discover site code
800	607	Site assignment failed; client version higher than site version
800	608	Failed to get Site Version from Active Directory Domain Services and SLP
800	609	Failed to get client version
800	700	Client assignment succeeded
1000	1	Client successfully communicating with management point
1000	2	Client failing to communicate with management point
1001	1	Client successfully retrieving certificate from local certificate store
1001	2	Client failing to retrieve certificate from local certificate store
1100	1	Client not ready for native mode
1100	2	Client ready for native mode

-------------------
Thanks,
http://sccm07.blogspot.com/

Software Update Point on a Secondary Site

Software Update Point on a Secondary Site

The client computers assigned to secondary sites will automatically be configured to use the software update point at the parent site until an active software update point site system is configured for the secondary site. Creating an active software update point at the secondary site is recommended when there is limited network bandwidth from client computers to the software update point site system running WSUS or when the number of client computers connecting to the software update point is approaching capacity. Internet-based software update points are not supported on secondary sites.

Note
Generally, if you have decided that a proxy management point is necessary at the secondary site, you might want to consider an active software update point at the site as well.

After the active software update point is successfully installed and configured on the secondary site, the Group Policy is updated on client computers and they will start using the new software update point. For more information about how to install the software update point on a secondary site, see How to Create and Configure an Active Software Update Point on a Secondary Site.

-------------------
Thanks,
http://sccm07.blogspot.com/

Feature Comparison of MSDE and SQL Server 2005 Express

Feature Comparison of MSDE and SQL Server 2005 Express

While the core database capabilities of MSDE and SQL Server 2005 Express are similar, the set of features and database capabilities of MSDE and SQL Server 2005 Express are different. The following table provides a feature comparison between MSDE and SQL Server 2005 Express.

Feature	MSDE	SQL Server 2005 Express Edition
Maximum number of instances	16	16
Maximum # of processors	2	1
Maximum RAM	2 GB	1 GB
Maximum database size	2 GB	4 GB
Workload governor	Yes	No
Graphical management tool	No	Yes
User instances	No	Yes
SQL Agent	Yes	No
DTS runtime	Yes	Yes (Web download)
Replication	Merge only	Merge subscription Snapshot subscription Transactional subscription
BI features (Analysis Services, Integration Services)	No	No
Report Server	No	Yes (Installed with SQL Server 2005 Express with Advanced Services)
Service Broker	No	Client only
Full-text search	No	Yes (Installed with SQL Server 2005 Express with Advanced Services)
Windows 9x support	Yes	No
MDAC Required	Yes	No
Business Intelligence Development Studio (BIDS)	No	Yes (Installed with SQL Server 2005 Express Toolkit)

-------------------
Thanks,
http://sccm07.blogspot.com/

All the Third-Party Solutions for SCCM & SMS

Web Sites:

MyITForum is the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems; it is especially useful for IT professionals working with Microsoft Systems Management Server. (http://www.myitforum.com)

FAQshop endeavors to provide a "one-stop-shop" for systems management questions, answers, and utilities. (http://www.faqshop.com)

SMS Alliance is a consortium of companies that leverage joint resources to strengthen the capabilities and benefits of SMS. Their mission is to provide organizations with the best-of-breed solutions and services to enhance and extend SMS 2003. (http://www.sms-alliance.com)

1E is one of the founding members of the SMS Alliance, 1E is a company on the cutting edge of systems management. It enhances and extends Microsoft management and deployment technologies, delivering advanced automation and reporting across the enterprise. (www.1e.com)

Macrovision Corporation, another founding member of the SMS Alliance, Macrovision Corporation is a recognized leader in software deployment packaging, software installation, and software updating solutions. They offer one of the best software packaging tools with AdminStudio.
(http://www.macrovision.com/)

PS'SOFT, as a founding member of the SMS Alliance, offers extenders for SMS 2003 that focus on IT asset management. They offer a web-based software cataloging system called SMS Software Requests. (www.pssoft.com)

Vintela, another founding member of the SMS Alliance, Vintela offers a seamless solution to extend security and compliance of Microsoft Active Directory to Unix, Linux, and other platforms and applications. They offer solutions that help IT administrators manage Unix, Linux, and MAC systems using SMS 2003. Vintela is now part of Quest Software. (www.vintela.com)

iAnywhere, the last founding member of the SMS Alliance, iAnywhere offers frontline security and management to SMS and provides extensions to manage your enterprise's mobile and wireless devices through SMS. (www.iAnywhere.com)

AppDeploy is the Internet resource to go to when you need to script or repackage an application for distribution. Among other points of interest at the site is a massive library of applications, sorted by application name and vendor name. For each application listed, you'll find a community-based thread discussing the best practices, links, scripts, and challenges met/overcome with working with the application in regard to installation scripting/repackaging.(http://www.appdeploy.com/)

DesktopEngineer is perhaps one of the best resources in the Windows Installer arena. This site offers a wealth of information on Windows Installer technology, techniques, and troubleshooting tips. I have noticed that he is starting to increase the content related to Microsoft's upcoming PowerShell scripting language. (http://www.desktopengineer.com/)

Tools

SMSView is a utility that is used to extend the functionality of the Microsoft Systems Management Server 2003 advanced client. SMSView allows you to perform the following actions on an SMS advanced client: All nonadmin users to view current mandatory assignments and advertisement status, View advertisement history (past 60 days), View current mandatory assignments, Rerun advertisements, Remote operations (remotely view and manage the SMS client), Display hardware/software inventory status, Display management point/proxy management point, Repair the SMS advanced client. (http://www.smsview.com/)

SMS 2003 Monster MOF is a MOF file that contains several new classes of MOF that will improve SMShardware inventory capabilities. The Monster MOF will enhance inventory data without requiring intimate knowledge of the SMS_DEF.MOF file. (www.smsexpert.com)

SMS 2003 Web Remote Tools assist SMS administrators and allow client administration from a web page. (http://www.myitforum.com/articles/19/view.asp?id=8662)

Corey Becht's Right-Click Tools is one of the best set of tools for all SMS administrators. This tool allows you to right click on any collection or individual PC within the SMS Administrator console and initiate hardware inventory, reassign the site code, restart the SMS Agent Host service, rerun advertisements without modifying the advertisement, perform discovery, initiate software inventory, create file collections, monitor software metering usage, refresh machine policies, evaluate policies, update Windows installer sources,change port number, and change cache size.These tools can run per computer resource or for all the members of a collection.(www.myitforum.com/articles/8/view.asp?id=7099)

Microsoft SMS Toolkit 2: Microsoft released a very nice set of tools for SMS called the SMS Toolkit version 2 . It contains the following tools: IIS Lockdown 2.1 Template, URLScan 2.5 Template, Policy Spy, SMS Trace, Advanced Client and Management Point Cleaner, Advanced Client Spy, Policy Verifier, Send Schedule, Management Point Spy, Set Preferred Distribution Point and CAP, Delete Certificate, Patch Management Evaluation, Delete Group Class, Transfer SMS ID, Package Loader, Management Point Troubleshooter, Client Site Assignment Verifier, Site Boundary Tool, Create Secondary Site Tool, Create SMS Address Tool.(www.microsoft.com/smserver/downloads/2003/tools/toolkit.mspx)

Security Logon Audit Tool (SLAT) extends SMS hardware inventory to include user logon information.This data can be used in web reports and queries. The tool includes the following samplereports: Top users for all systems, User logon information for a specific computer, Systems where the last logged-on user is not the top user, Systems where a specific user has logged on SLAT searches the security event log for the 528 event, which is created when user logon events occur and is enabled via Group Policy. (http://www.systemcentertools)

Enhanced System and User Discovery Tools, out of the box, SMS 2003 does a pretty good job of discovering systems from Active Directory. It's not perfect, though—there are a few gaps in its methods. The Enhanced System Discovery tool, assists in filling these gaps. Out of the box, SMS 2003 does not perform Windows NT 4 domain discovery. This tool solves that by enumerating all machines from a list of NT 4 domains, resolving their IP addresses from DNS or WINS, and creating data discovery records for each system. (http://www.systemcentertools/)

BITS Bandwidth Manager is an SMS Installer script that lets you throttle BITS bandwidthon Windows XP SP2 systems. You do not need to manually adjust any settings. The script takes care of the Registry key manipulation for you.(http://www.myitforum.com/inc/upload/11332BITSManager.zip)

1E SMSWakeUp: this WOL product is able to turn on computers after they have been shut down by users. The wake cycle can be triggered on a regular schedule to power up systems in preparation for the workday, or to perform software deployment activities. (http://www.1e.com/)

1E NightWatchman: Since we are talking about waking systems that have been shut down, it maybe a good practice to examine how best to shut down those systems in the first place. Why dowe want to shut down systems? We do this to enforce reboot cycles and to save energy costs. (http://www.1e.com/)

1E SMSNomad Branch: Some offices may not have the server hardware to allow for a Distribution Point (DP). But those offices may have a substantial number of users and/or be separated from the rest of the network by a low-speed or saturated WAN link, which you would rather not send multiple copies of a package across. SMSNomad Branch acts similar to a peer-to-peer network, allowing other computers to become DPs. If one machine is shutdown, another is selected as the DP. Included in this technology is multicast, increasing its efficiency to reduce network traffic on the local network segment. (http://www.1e.com/)

1E OSD Plus Pack: This is an enhancement to the SMS OSD Feature Pack. It allows you to leverage the SMS OSD Feature Pack in offices that do not have DPs. OSD Plus Pack offers similar functionality to SMSNomad Branch, but also has a few other applications bundledwith it: State Migration Editor, which is an interface for the User State Migration Tool, AppMigrator, which allows the automatic reinstallation of applications after OS imaging, PXE Lite, which is a local PXE server to allow deployment of OS images to bare-metalmachines booted from the network PXE server. (http://www.1e.com/)

SMS Companion 2006: This product provides WOL capabilities, similar to 1E's SMSWakeUp, but leverages slightly different technologies behind the scenes. A key difference is that SMS Companion puts systems in hibernation, rather than powering them off. The following are some of the key applications included with this product:Wake-on-Schedule: Allows clients to come out of a hibernation state. Service Windows: Allows you to restrict the SMS inventory and software distributions from happening during specific time periods, to reduce or eliminate user interruptions. Load Balancing: Allows you to reduce peak network and SMS server loading by making sure that the clients use these resources in a controlled manner. (http://www.smsexpert.com/)

Quest Management Xtensions for SMS: Since Windows platforms are not the only systems in an enterprise, you may need a way tomanage other platforms, such as Unix, Linux, and Mac OS X. These management extensions offer that capability for SMS 2003. One of the unique aspects of this product is its support route: first-level support is handled by Microsoft Product Support Services. (http://www.quest.com/quest-management-xtensions-for-sms)

-------------------
Thanks,
http://sccm07.blogspot.com/

SCCM Collection / Computer Delete and Delete Special Explanation

 

• Right clicking on a 'resource' and choosing 'Delete' will delete the resource from the SMS database
   
• Right clicking on a 'Collection' and choosing 'Delete Special' will delete all objects in the Collection from the SMS database.

 

To restore the entry Again:

If the Client software has been installed but the information reflected by the resource entry in the MMC remains incomplete or inaccurate, you can correct it by deleting the existing resource entry and copy the 'SMSDISC.DDR' file from the target client workstation's '%WINDIR%\sms\sms\core\data' directory to the Site Servers '\sms\inboxes\ddm.box' directory.

Wait a few minutes then, in the MMC, highlight the 'All Systems' Collection, right click and select 'All Tasks | Update Collection Membership'. This usually places a small hour glass over the 'Collection' icon. Right click again and select 'Refresh'. A valid resource entry should now appear.

-------------------
Thanks,
http://sccm07.blogspot.com/

SCCM Duplicate System Entries in the Console

SCCM Duplicate System Entries in the Console

If your SCCM console has duplicated System entries in the Console, and you want to find it right? Below is the Query for this issue.

 

select R.ResourceID,R.ResourceType,R.Name,R.SMSUniqueIdentifier,R.ResourceDomainORWorkgroup,R.Client from SMS_R_System as r full join SMS_R_System as s1 on s1.ResourceId = r.ResourceId full join SMS_R_System as s2 on s2.Name = s1.Name where s1.Name = s2.Name and s1.ResourceId != s2.ResourceId

 

I love this Query, especially.

 

 

 

-------------------
Thanks,
http://sccm07.blogspot.com/

SMS/SCCM Command-line Actions - alternate to right click tools ?

SMS/SCCM Command-line Actions

We can use WMIC tool to run on remote computers and get the client actions as we want

Some examples to trigger SMS/SCCM Client Actions from command line:

Disable Software-Distribution:
WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig  CREATE ComponentName="Disable SWDist",Enabled="false",LockSettings="TRUE",PolicySource="local",PolicyVersion="1.0" ,SiteSettingsKey="1" /NOINTERACTIVE

Re-Activate Software-Distribution:
WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig  WHERE ComponentName="Disable SWDist" delete /NOINTERACTIVE

Trigger Hardware Inventory:
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000001}" /NOINTERACTIVE

Trigger Software Inventory:
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000002}" /NOINTERACTIVE

Trigger DataDiscoverRecord (DDR) update:
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000003}" /NOINTERACTIVE

Force a FULL HW Inventory on next HW-Inv Schedule:
WMIC /namespace:\\root\ccm\invagt path inventoryActionStatus where InventoryActionID="{00000000-0000-0000-0000-000000000001}" DELETE /NOINTERACTIVE

Repair SMS/SCCM Agent on a remote client:
WMIC /node:%MACHINE% /namespace:\\root\ccm path sms_client CALL RepairClient

Repair a list (all clients listed in clients.txt) of remote SMS/SCCM Agents:
WMIC /node:@clients.txt /namespace:\\root\ccm path sms_client CALL RepairClient

-------------------
Thanks,
http://sccm07.blogspot.com/

SCCM 2007 Right Click Tools latest version available, one can download from the below link

SCCM 2007 Right Click Tools latest version available, one can download from the below link

 

http://myitforum.com/cs2/blogs/rhouchins/archive/2008/04/09/sccm-right-click-tools.aspx

 

All the advantages from the above link are below( actual source is above link)

 

1.       Most of the tools that were included in the original SMS Console Additions V1.4

2.       The ability to see the computer details and security compliance web reports for a single client inside collections

3.       A separate drill down for client logs as well as security update client logs.

4.       The ability to check the status of an advertisement with a right click from that advertisement In order to get the client and the advertisement web reports to work you must perform the following.

5.       Fixed the right click tools on the "collections" that didn't open a CMD window when running. Also fixed the echo so the results now show up in a command window

6.        Will detect the version of the tool installed so re-installation of unnecessary files does not occur when new versions are released

7.        Now has an entry in Add Remove Programs which enables un-installation of the program

8.       No more hard coding of your site code to get scripts and reports to run correctly

9. Detects and uninstalls any previous versions of the tool.
10. Right click tool added to the software updates node, but it only works if there is a update list with patches deployed. 
11. Prefixed each tool with your SCCM site code for easier recognition
12. Right click ability on each advertisement that will display three web reports
13. Added a prompt to see the CCMsetup.log on the SCCM Client install
14. Fixed the Client Action for User Policy Evaluation and Update

15. Added all the client actions from the control panel including the Security Updates Scan and Security Updates Deployment Evaluation
16. Added an extension to the client tools that will tell you what collection a user or system belongs to.
17. Added a web report to show all the advertisements for a certain system.

18. CCM and CCMSetup directories now work properly.

19. Added the Software Updates Scan Cycle to the Collection root so it runs not just on one client but a whole collection.  Requested by a member from the forum community.
20. Added Support for Windows 2008 64bit.
21. New Tool to Re-run advertisements from a drop down list.
22. Added the ability to run client actions from the Query results.
23. Fixed issue with script.bat

-------------------
Thanks,
http://sccm07.blogspot.com/