An update was released to stand alone Intune a few days ago. Here are the features there were updated/added to the November release. By now most accounts should be upgraded.
New Intune standalone features that will be released as part of this service update include:
- Enhanced user interface for Intune administration console
- Ability to restrict access to Exchange on-premises email based upon device enrollment
- Bulk enrollment of devices using a single service account
- Lockdown of Supervised iOS devices and devices using Samsung KNOX with Kiosk mode
- Targeting of policies and apps by device groups
- Ability to report on and allow or block a specific set of applications
- Enforcement of application install or uninstall
- Deployment of certificates, email, VPN and WiFi profiles
- Ability to push free store apps to iOS devices
- More convenient access to internal corporate resources using per-app VPN configurations for iOS devices
- Remote pin reset for Windows Phone 8.1 devices
- Multi-factor authentication at enrollment for Windows 8.1 and Windows Phone 8.1 devices
- Ability to restrict administrator access to a specific set of user and device groups
- Updated Intune Company Portal apps to support customizable terms and conditions
- Enhanced user interface for Intune Company Portal website
Recently had an issue with my lab where my HTTPS Software Update Point was throwing some errors.
The SMS_WSUS_Control_Manager was show that it was failing to monitor the WSUS Server.
WSUS Control Manager failed to monitor WSUS Server "CM04.LAB.LOCAL".
Possible cause: WSUS Server version 3.0 SP2 or above is not installed or cannot be contacted.
Solution: Verify that the WSUS Server version 3.0 SP2 or greater is installed. Verify that the IIS ports configured in the site are same as those configured on the WSUS IIS website.
On the actual server hosting the SUP, the WSUSCtrl.log was showing the following error: "…the request failed with HTTP status 401: Unauthorized"
The following Microsoft KB help me resolve the issue:
I used Method 2 since it was just my lab. Disabling the Loopback check. After making the necessary registry change, after restarting the server, everything was reporting correctly and the WSUSCtrl.log was coming up clean.
Issues that are fixed
- The Continue on error check box is not selected under Task Sequences when an Install Software step and a Virtual Application package are defined as the source. This affects only task sequences that are migrated from Configuration Manager 2007 to System Center 2012 Configuration Manager.
- The Task Sequence Agent (TSAgent) does not use the logging-related values that are set in the following registry subkey on a client computer:
- 2961924 A command-line action that has a linked package doesn’t start in System Center 2012 Configuration Manager
- 2923078 Reporting Services installation fails on System Center 2012 Configuration Manager Service Pack 1 that has SQL Server 2014 installed
- 2931044 Discovery Data Manager slows when it rebuilds .ncf files on startup in System Center 2012 Configuration Manager Service Pack 1
- Applications cannot be changed or copied after they are migrated from one System Center 2012 Configuration Manager site to another site. Messages that resemble the following are logged in the Distmgr.log file after you try to make changes:
Package <PkgID> is in Pending state and will not be processed
- 2952686 You cannot install an application by using stand-alone media in System Center 2012 Configuration Manager Service Pack 1
Configuration Manager client
- The SMS Agent Host service may stop unexpectedly in an environment that uses multiple overlapping boundary groups that are configured for automatic site assignment. The ScanAgent.log file contains an entry that resembles the following:
[FATAL ERROR] Invalid params exception was raised.
- When you view the Primary Device that is associated with a user, you may see other devices that have the same name, even if they are associated with a different user.
Recently caught some emails going around about recommended backup and maintenance plans as it relates to ConfigMgr. Also plenty of discussions around whether or not addition index optimization is required beyond the built-in Rebuild Indexes task that can be configured as part of the built-in Site Maintenance task.
As far as what I recommend and configure for the clients I work with. I use the recommendations from Steve Thompson a fellow MVP and former SQL MVP.
I would highly recommend you read through the above linked posts. The maintenance plan is what I use for backing up the CM database and supporting databases. I do not use the built-in backup task with ConfigMgr 2012.
If you are having issues with indexing or slow performance, then it’s a good idea to look into the index optimization recommendations as well.
2 Great articles by Aaron Czechowski that explain what’s changed in the new ADK update and how it relates to MDT and ConfigMgr.
Here are just a couple of issues I’ve encountered doing R2 upgrades. I wanted to post the solutions for anyone that might also run into these issues.
This post was last updated on 3/13/2014.
KB’s that have been released to address R2 issues to date:
An update is available for the "Operating System Deployment" feature of System Center 2012 R2 Configuration Manager
You cannot stage a Windows PE 3.1 boot image to a Windows XP-based computer in System Center 2012 R2 Configuration Manager
Per-computer variables for imported computers are not read in System Center 2012 R2 Configuration Manager
If you have a ConfigMgr client installed on a site system hosting a MP, the MP upgrade will fail. If this happens, then you will need remove the MP, remove the ConfigMgr client. Reinstall the MP, and then install the new R2 ConfigMgr client.
If you have a secondary site, you won’t be able to uninstall the client or MP, you’ll need use the old school ccmclean (using the /all switch) to remove the MP and client. Once that is removed, the MP will automatically reinstall, then you can proceed to install the new client.
Easy solution for all, is to simply remove the ConfigMgr client prior to the upgrade
Take a screenshot of your drivers added to your boot images. Once you upgrade the ADK to 8.1, and you will have new boot images in R2, you won’t be able to see what drivers are on your old boot images. ConfigMgr supports legacy boot images, but you can’t modify the drivers and they have removed the tab so you can’t see what you had added either.
Better yet, get in the habit of categorizing your drives. I always create a WinPE_x64 and WinPE_x86 category and any time I add a driver to the boot image, I also add it to that category so I can see what is in use easily.
Keep in mind with ConfigMgr 2012 R2, your boot images are now WinPE 5.0, which is Windows 8.1 based, so the network/storage drivers you are adding will be need to be Windows 8.1, regardless of the OS you are deploying (Windows 7, Windows 8, etc).
I’ve seen a few times where the SRS doesn’t get upgraded properly. When attempting to run reports I’ve seen "cannot read from the next data row for the dataset.."
This can be resolved by recompiling the mof using the following command:
mofcomp "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof"
I’ve also seen permission issues, which can be resolved by granted the Execute permission to the account configured as the SRS service account.
It’s been already reported that some people will experience issues with the NAA credentials being lost. So if you fail to download files during WinPE, you can try adding a new NAA and removing your old one. If you want to add your original one back, you need to add a new one, remove the original, then re-add the original and remove the 2nd one, confused yet?
In general it’s a good idea to recreate new MDT 2013 Task Sequences as well, your old MDT 2012 Update 1 TS’s should work as long as you still have the old toolkit package available, however it’s a good idea to create new ones and move your custom steps over into the new Task Sequence.
I’ve also ran into issues where the OS Image download is slow. In addition, in combination with this, I’ve seen where the Task Sequence will apply the OS, install the ConfigMgr client and then reboot and suddenly fail. Reviewing the logs you’ll see a 80072ee2 error (system cannot find the file specified).
If you encounter this, you will need to add two new R2 variables to beginning of your Task Sequence.
- SMSTSDownloadRetryCount: Use this variable to specify the number of times that Configuration Manager attempts to download content from a distribution point.
- SMSTSDownloadRetryDelay: Use this variable to specify the number of seconds that Configuration Manager waits before it retries to download content from a distribution point.
Recently encountered a SQL issue when trying to open the SQL Server Configuration Manager on my ConfigMgr Database server. This KB was the resolution for me: http://support.microsoft.com/kb/956013
I received the following error when attempting to open the tool.
Cannot connect to WMI provider. You do not have permission or the server is unreachable. Note that you can only manage SQL Server 2005 and later servers with SQL Server Configuration Manager.
Invalid namespace [0x8004100e]
My SQL Server install was SQL Server 2012 SP1.
Running the mofcomp of sqlmgmproviderxpsp2up.mof resolved the issue for me after a restart of the WMI service.
If you are working with Windows 8.1 and ConfigMgr/MDT, you may run into the Windows Wireless screen prompting you to connect to a wireless network in the middle of your deployment.
It’s a relatively easy fix, you need to modify your unattend.xml and add the following 3 sections.
Add the following section to the Unattend:
Enable the following sections for True:
Lee Berg is a good friend of mine and has been developing quite an impressive YouTube channel lately. I did an interview with him this week and you can find that linked below. We talk about ConfigMgr, Wisconsin weather (we both live in WI) and other things.