SCCM: Dealing with an out of sync child primary

March 31, 2014 FoxDeploy

Hi all,

Recently I had a client in which one primary seemed to gradually fall behind in reporting on the central site.   Eventually, clients would be listed as ‘Not Approved’ in the Central Site, and this would cause advertisements and requests for policy to fail with frequent messages like this one:


MP has rejected a policy request from GUID:XXXXX-XXXX-XXX-XXX-XXXXXXXXXXXXXX because it was not approved.

It’s pretty straightforward here, advertisements from the central site will not register in many cases on these clients from the child primary sites.  In this case, this communication issue is serious.

There are many causes for situations like this, either an unreliable communication link to the primary, or address and sender settings being set too strictly.  Regardless, here is the method to fix this issue quickly.

  1. Connect to the affected Child primary and make a backup of all of the files in the folder (in case they are needed). Then delete all of those items, getting rid of the backlog.  We don’t need these files as we’re about to instruct ConfigMan to seriously overshare and re-report pretty much everything.

    I’m actually not convinced you need to do this.  If your replication issue isn’t fixed at first go, give this a shot and then repeat the remaining steps.

  2. Next, connect to the central site, and from an administrative command prompt, browse to your SCCM install directory.  From there, browse to \bin\i3860000409\ and run preinst.exe /SyncChild [ChildSiteCode]
  3. Finally, connect back to the Child Primary site and runn preinst.exe /SyncParent

If all works as expected, grab some popcorn and then get ready for some excitement in the log files.  Open up sender.log/replmgr.log on the central site, as well as despool/replmgr.log on the Child, and you should see a flurry of replication activity.

When things settled down, refresh the SCCM console from the Primary, and all of the clients from the Child primary should now be listed as Approved.

Big thanks to Xin from the MS forums for setting me on the appropriate path to solving this.

Continue Reading...

Desired State Configuration - What it is and why you should care

March 10, 2014 FoxDeploy

f you've been following Microsoft management news, you've no doubt heard of Desired State Configuration.  You might be wondering what it is. Continue Reading...

Nomad Question : How do I push content out ahead of an advertisement?

March 09, 2014 FoxDeploy

Hi all,

Recently I recieved a question about 1E Nomad that I wanted to answer.

In SCCM, it is a common practice to distribute content to your DPs before creating an advertisement.  How do I do that with Nomad, considering that all of your Nomad clients as a whole act as kind of a pseudo-Distribution Point?  How do you distribute content without creating an advertisement?  How do you verify that content is there?

With Nomad, content is only distributed to clients if an advertisement exists, so if you want to be certain the content will be present in an area before the clients begin to execute, you’d set an available date sufficiently in advance of the mandatory execution date for your advert.  In short, you have to create an advert to get content out to your clients when Nomad is used.

You can mandate that a number of packages, driver images, or boot images to be distributed out by creating a content pre-staging task sequence.  In this case, you’d add as many steps as needed for all of your content, and then advertise it to as many PCs as you want to distribute the content, with an available date of now, and an install date set to far, far in the future.  You can also place all of the content steps within a Task Sequence group that has a condition which would never evaluate to true, like “If ChasisType -equals SomethingUnlikely”

As for verifying the content is on the sites, installation of Nomad includes a number of reports that list package availability by subnet.  You can use this report to verify that content is available on a particular subnet.  If so, this would roughly correlate to a package existing on a DP in a traditional SCCM hierarchy.

These reports depend on some additions to SMS_DEF and Configuration.mof files, which will increase the size of the files processed by your SCCM servers.  Watch out for an increase of data to be processed by your site servers, after importing these new definitions.  It can result in increased memory usage by WMI, and you may find ‘Quota Exceeded 0x8004106c’ errors in your SMS Provider log file.  If you run into this, increase the WMI memory quota.

Continue Reading...

PowerShell Question Time: Whats the deal with Positional Parameters?

February 19, 2014 FoxDeploy

Hi guys,

Recently a colleague reached out to me with a question about PowerShell that I thought might benefit others.  I thought I’d share it with you here.

Hi Stephen,

Get-ChildItem -filter *.exe -Recure  -path c:\windows Get-ChildItem -path c:\windows -filter *.exe -recurse

-Path <String[]> Specifies a path to one or more locations. Wildcards are permitted. The default location is the current directory (.).

Required?                    false
Position?                    1
Default value                Current directory
Accept pipeline input?       true (ByValue, ByPropertyName)
Accept wildcard characters?  true

I’m confused in the two commands displayed at the top which both return the same value, how do they both work. If -path requires position 1 and in the first command its all the way at the end how can it be acceptable, or am I not seeing the information correctly. Perhaps this reads

Hopefully that made sense and hopefully I am assuming correctly.


Good question!  Well, first and foremost let me begin by saying that you should never use positional parameters, so just forget about them and move on! No, you’re still here?  You clicked past the ‘More’ button?  Okay, fine I’ll give a better explanation.

Simply put positional parameters only matter when you leave out the parameter name.

The reason you’re getting the same result, is that you’re explicitly specifying the parameter when you name it with its full or abbreviated name.   An argument is simply only assigned to a particular parameter by its position if you omit the parameter name.

That’s why you can run :

Get-ChildItem C:\windows *.exe  

but you can’t run

Get-ChildItem *.exe c:\windows.  

As the Positional parameter for position one for the command Get-ChildItem is ‘Path’, while Positional Parameter two is reserved for filtering operations.

So, don’t get caught up on positional parameters, using them is EXPRESSLY a bad PowerShell practice for code simplicity and readability sake. You can always put all of your parameters in whichever order you want, and you should always write out your parameter names in entirety, which means that Positional Parameters aren’t helpful whatsoever.

Continue Reading...

Upgrade your SCOM Notifications with PowerShell

February 17, 2014 FoxDeploy

in this post, we talk about how to provide more detailed alerts in SCOM Messages. This was for a project with a customer I've now forgotten, where we did a rip and replace of another product that I've also forgotten. I bascally don't remember any of this... Continue Reading...

Two ways to provide GUI interaction to users

February 17, 2014 FoxDeploy

Learning PowerShell GUIs

This post is part of the Learning GUI Toolmaking Series, here on FoxDeploy. Click the banner to return to the series jump page!

In this blog post, I’ll outline two methods you can use in your PowerShell scripts to provide GUI interactivity to your users, and allow them to select an object from a list.  These may not be the best method to achieve a goal, but are quick and simple enough that you can throw them in your scripts.

Method One

First, the System.Windows.Forms .Net way of building a form.  In this case, we’ll have a string $users, which will contain the results of an Active Directory Query to return all users with a name like ‘Fox-*’, so Fox-01, Fox-07, and so on.  One thing that is tricky to many (I know it was to me!) when they first start using .net forms to build GUIs is that it can be hard to understand how to list dynamic content in a ComboBox or ListBox.

One thing to keep in mind when choosing between the two is that only a ListBox allows for the selection of more than one object.

ListBox v. ComboBox - Bitter Enemies

Assume we have a ListBox defined and added to our Form.  This is the code you’d need to do so.

`#begin to draw list box 
$ListBox = New-Object System.Windows.Forms.ListBox $ListBox.Location = New-Object System.Drawing.Size(10,40) 
$ListBox.Size = New-Object System.Drawing.Size(160,20) 
$ListBox.Height = 80 
$ListBox.Name = 'ListBox_UserName' 
$ListBox.SelectionMode = "MultiExtended"`

Note : in all of these examples, you could use a .ComboBox instead of a .ListBox and it would still work.

If we run this code in PowerShell and then pipe $ListBox to Get-Member, we’ll see a number of interesting properties and methods available.  The one which will store the content happens to be titled .Items, to access the contents, check $ListBox.Items. The trick to adding Dynamic content (e.g. the results of a query or search) to your UI elements is to add each element to the $ListBox.Items Property using the .Add method, as seen below.

$ListBox.Items.Add("Something we want to add") $ListBox.Items.Add("waffles")

For those of you following along at home, if you input $ListBox.Items, you’ll see the following.

Maybe it should say ‘Something we want to eat’[/caption]

Now, that we know it is so easy to add items to a list or combo box, if we want to add the results of a query or function, we just use a ForEach function!

#For each object within Users... 
$users| ForEach-Object{ 
  #the [void] below adds this element to our form, but suppresses any output associated 
  [void] $ListBox.Items.Add($_.Name) }`

Now, we’ll jump ahead for a bit and assume you’ve built a form and added listeners for Enter and Escape (code available here).

If you run this in PowerShell, you’ll see output similar to this.  In this lazy example, we’ll depend on the user hitting Enter to leave the form.  If you want to add an okay button, I suppose that is acceptable as well.  Throw this bad boy into your code.

#Set Properties for the Ok button 
$OKButton = New-Object System.Windows.Forms.Button $OKButton.Location = New-Object System.Drawing.Size(180,75) 
$OKButton.Size = New-Object System.Drawing.Size(75,23) 
$OKButton.Text = "OK" 
#What to do when the button is clicked, you can treat this like a function 
#Add the button to our form 

You should be left with a result like this [Link to code] and it will look like this.

If we need to access the objects selected, we can call $Listbox.SelectedItems to see all of the items that were selected.

So, this worked and was relatively simple.  But not that simple, and it really is quite a lot of code to do all this.  There is an easier method.

Method Two

Sure, it’s a lot of fun to add all of this code to our scripts to create a GUI, but starting in PowerShell v3, a very powerful new ability was bestowed upon Out-GridView: the new -PassThru switch!

Lets recreate functionally the same tool, but using this new method.  Stretch your typing fingers, kiddies, its going to be quite a stretch!

$users = get-aduser -filter {Name -like "Fox-*"}

$x = $users | Select Name | Out-GridView -PassThru -Title 'Pick a user' | % {$_}

Surely that can’t be it.  Lets just give it a try…

No fliiping way!

And the objects are available for you to act on at the end as well, stored in $x.

I’ve sworn by creating WPF GUIs in PowerShell for a long while now.  However, this new flexibility at least gives me some pause.

Readers: do you like posts like this?  The skies the limit to the complexity of UI we create in PowerShell.  If you’d like to see more, let me know!``

Continue Reading...

Microsoft MVP

Five time Microsoft MVP, and now I work for the mothership

Need Help?

Get help much faster on our new dedicated Subreddit!

depicts a crowd of people in a night club with colored lights and says 'join the foxdeploy subrreddit today'

Blog Series
series_sml_PowerShellGUI series_sml_IntroToRaspberryPi Programming series_sml_IntroToWindows Remote Management Series The Logo for System Center Configuration Manager is displayed here Depicts a road sign saying 'Learning PowerShell Autocomplete'

Blog Stats