GitHub embedding

wp-read-more-redirectwp-read-more-redirectNo Gravatar

This is an example of embedding a GitHub repository script in WordPress using the WP-GitHub plugin (with customized prism.js to add PowerShell, Batch, SQL and AutoIt language support)

And an example of a custom plugin (not yet published) with shortcode: Read More Redirect
continue reading on CatapultSystems.com

January 5, 2017

Posted In: Uncategorized

ConfigMgr and SQL – NTFS allocation unit size

No Gravatar

It’s been many years since I read that SQL databases should use an NTFS volume formatted with at 64KB file allocation unit size (block size). So long that I didn’t remember why or if it is still considered best/good practice. It appears that it is according to Microsoft and the foremost authority on SQL with ConfigMgr.

keep reading at http://blogs.catapultsystems.com/chsimmons/archive/2016/12/23/configmgr-and-sql-ntfs-allocation-unit-size

December 23, 2016

Posted In: ConfigMgr 2012, Scripting, T-SQL

ConfigMgr Content Source Path migration

No Gravatar

Several ConfigMgr scenarios require that the content Source Path be changed.  This typically includes migrating to a new ConfigMgr environment (2007 to 2012, 2012 to Current Branch, etc.), and simply moving the source content to a new location such as a DFS Share or low-speed NAS device.

Updating the Source Path can be done manually via the ConfigMgr console.  For Packages, Software Update Deployment Packages, Drivers, Driver Packages, Operating System Images, Operating System Upgrade Packages, Boot Images, and Virtual Hard Disks, just add the Pkg Source Path or Package Source Path column to the console view to review the paths, then edit the object’s Source Folder in the Data Source tab.

However, for Applications, you’ll have to step through each Deployment Type on each Application, view the properties and modify the Content Location in the Content tab.

This is all painfully slow if you have more then a handful to deal with.  So, automate it!

image image

The community has developed at least 5 solutions to this including

CoreTech and Nickalaj have the slickest solutions.  Sometimes a GUI gives the visual feedback you need to be confident in the final outcome.

158_1 image

Either of these two tools should effectively handle the changes.  As a bonus, both will actually copy the content files from the old to the new path.  Awesome!

Happy migrating!

September 28, 2016

Posted In: ConfigMgr 2012, Scripting

Tags:

Azure AD Join error code 80180026

No Gravatar

When attempting to join Azure AD you are presented with the message “contact your system administrator with the error code 80180026

image

Something went wrong.  Confirm you are using the correct sign-in information and that your organization uses this feature.  You can try to do this again or contact your system administrator with the error code 80180026.  Try again.

keep reading at http://blogs.catapultsystems.com/chsimmons/archive/2016/09/07/azure-ad-join-error-80180026

September 7, 2016

Posted In: Microsoft Intune

Tags: ,

Azure AD join error code 8018000a

No Gravatar

Recently when attempting to perform an Azure AD Join with a Windows 10 v1511 computer I got the following error:

Something went wrong.  The device is already enrolled.  You can contact your system administrator with the error code 8018000a.

image

That didn’t make sense because I had recently disjoined the computer from Azure AD.  I could find no reference to the object in the Azure portal either.

Keep reading at http://blogs.catapultsystems.com/chsimmons/archive/2016/08/26/azure-ad-join-error-code-8018000a

August 27, 2016

Posted In: Microsoft Azure

Tags:

Recovering from BCD error 0xC000000D with BitLocker and Hyper-V

No Gravatar

I recently had a nasty issue with my seriously awesome laptop (Lenovo ThinkPad P50 with a Samsung 950 Pro NVMe n.2 SSD).  After a full shutdown (hold Shift when shutting down Windows 10) on the next power on I got a BitLocker recovery prompt.

That’s happened before, so I just powered off and back on like I’ve always done.  However, this time I was greeted with a foreboding BCD error:

image

Keep reading at http://blogs.catapultsystems.com/chsimmons/archive/2016/08/12/recovering-from-bcd-error-0xc000000d-with-bitlocker-and-hyper-v

August 12, 2016

Posted In: Windows 10

Using a Task Sequence Secret Value when changing a local password

No Gravatar

At one time it became routine to manage Windows local account passwords with a Group Policy Preference.  However, some time ago the process was was discovered to have a significant venerability and Microsoft released security bulletin MS14-025 to address the issue.  But Microsoft didn’t fix the vulnerability.  Instead they removed the ability for GPP to save user names and passwords in Local Users and Groups, Drive Maps, Scheduled Tasks, Services, and Data Sources.

There are many options to handle managing local account passwords including:

  • MS14-025 includes a lengthy PowerShell script which will reach-out to remote computers to change the password and log the change in a central text file
  • Microsoft Local Administrator Password Solution (LAPS) is a great free solution which should be seriously considered
  • ConfigMgr (SCCM / Microsoft System Center Configuration Manager) deployment
  • a dozen other options not listed here

While discussing the ConfigMgr options with a few colleagues we came up with the following:

  • Application or Package deployment with a script which has an embedded password or uses a password formula / calculation
  • A Compliance Setting and Baseline with a script a script which has an embedded password or uses a password formula / calculation
  • A Task Sequence deployment with a script which has an embedded password

I’ve created a Compliance Setting and Baseline for a customer in a situation where they had ConfigMgr clients on workgroups and joined to domains which they could not manage.  This worked really well for them.  The embedded script used a simple Base64 conversion to obfuscate the password and the password was not exposed on the command line, but there was no actual encryption.

Turning to the Task Sequence discussion option, a suggestion was made to call NET USER from a Run Command action.  This sounded easy.  Too easy.  Besides, wouldn’t the command including the password be exposed in SMSTS.log?  Not if a “Secret Value” Task Sequence Variable is used!

Follow these steps in configuring a Task Sequence:

Set a Task Sequence Variable named “ADMPW” or similar, enter the clear text value, then enable the “Secret value” check box.

Select OK to save/close the variable properties, then look at it again and notice that the value is quite different than what you’ve typed.  It’s encrypted!

image

Now, call the NET USER command line with the variable

NET USER administrator %ADMPW%

image

Reviewing the SMSTS.log helps validate that the password is not exposed.

image

The log only shows “Action command line: smsswd.exe /run: net user administrator %ADMPW%”

The ConfigMgr Task Sequence using a “Secret Value” Variable can be an effective method of changing local account password.

June 21, 2016

Posted In: ConfigMgr 2012

Tags: ,

ConfigMgr fails to distribute a package… failed to create instance of IRdcLibrary

No Gravatar

Awhile back I had an issue distributing a new Package in ConfigMgr (SCCM).  There didn’t seem to be anything unique about the package, it just didn’t want to process.  Digging into the SMS Distribution Manager log (distmgr.log), I noticed a number of errors about the file not being found, couldn’t be added, can’t create a snapshot,etc.  The IRdcLibrary keyword is the real clue.

After reinstalling the Windows feature Remote Differential Compression, Distribution Manager started working again.

Start adding package P010017D...
The Package Action is 2, the Update Mask is 268435456 and UpdateMaskEx is 0.
CDistributionSrcSQL::UpdateAvailableVersion PackageID=P010017D, Version=1, Status=2300
Taking package snapshot for package P010017D from source \\CM01\PackageSource\updates\2016\\CM01\PackageSource\updates\2016
failed to create instance of IRdcLibrary    SMS_DISTRIBUTION_MANAGER
CreateRdcSignature failed; 0x80040154   SMS_DISTRIBUTION_MANAGER
CreateSignature failed    SMS_DISTRIBUTION_MANAGER
CreateRdcFileSignatureW failed; 0x80040154        SMS_DISTRIBUTION_MANAGER
CFileLibrary::AddFile failed; 0x80040154  SMS_DISTRIBUTION_MANAGER
CFileLibrary::AddFile failed; 0x80040154  SMS_DISTRIBUTION_MANAGER
CContentDefinition::AddFile failed; 0x80040154   SMS_DISTRIBUTION_MANAGER
Failed to add the file. Please check if this file exists. Error 0x80040154               SMS_DISTRIBUTION_MANAGER
SnapshotPackage() failed. Error = 0x80040154      SMS_DISTRIBUTION_MANAGER
STATMSG: ID=2361 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=CM01.ad.contoso.com SITE=P01 PID=6244 TID=4488 GMTDATE=Fri Apr 15 14:06:24.604 2016 ISTR0="\\CM01\PackageSource\updates\2016" ISTR1="Test" ISTR2="P010017D" ISTR3="30" ISTR4="22" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="P010017D"         SMS_DISTRIBUTION_MANAGER  4/15/2016 9:06:24 AM    4488 (0x1188)
Failed to take snapshot of package P010017D
       SMS_DISTRIBUTION_MANAGER
CDistributionSrcSQL::UpdateAvailableVersion PackageID=P010017D, Version=1, Status=2302
STATMSG: ID=2302 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=CM01.ad.contoso.com SITE=P01 PID=6244 TID=4488 GMTDATE=Fri Apr 15 14:06:24.616 2016 ISTR0="Test" ISTR1="P010017D" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="P010017D"         SMS_DISTRIBUTION_MANAGER  4/15/2016 9:06:24 AM    4488 (0x1188)
Failed to process package P010017D after 3 retries, will retry 22 more times
Exiting package processing thread.            SMS_DISTRIBUTION_MANAGER

June 20, 2016

Posted In: ConfigMgr 2012

Tags: ,

SSRS Error 401.3 Access is denied

No Gravatar

So, you’ve been denied!  It’s OK.  It happens to the best of us.

If you are lucky enough be gifted with this message take a look at the NTFS rights of the SQL Server Reporting Services instance which will likely be a folder like C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services.  Granting the appropriate AD group read & execute rights may solve the problem.

clip_image002

Server Error in ‘/Reports’ Application.

Access is denied.

Description: An error occurred while accessing the resources required to serve this request.  You might not have permission to view the requested resources.

Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists).  Ask the Web server’s administrator to give you access.

Thanks to Mike and Jerry for pointing me in the right direction.  After carefully reading the error, it is quite obvious isn’t it.

http://stackoverflow.com/questions/17685452/ssrs-401-3-error-access-denied-due-to-access-control-lists

https://social.msdn.microsoft.com/Forums/sqlserver/en-US/747f9846-dd9a-4fb4-914a-283871d6cedf/client-failing-to-access-the-ssrs-2008-sp1-report-manager-url-with-access-denied-error-4013?forum=sqlreportingservices

https://social.msdn.microsoft.com/Forums/sqlserver/en-US/fd41a86b-976f-4851-8dae-5561ebc6d719/browse-reportserver-return-4013-error-after-joined-domain?forum=sqlreportingservices

June 20, 2016

Posted In: SQL Reporting

Tags: , , ,