Article you should read: 'Play the Angel's Advocate' by Don Jones

May 09, 2014 FoxDeploy

In hindsight this attitude could have helped me to design better solutions for my clients. I’ll keep this in mind for the future.

For instance, if your CIO is afraid of change and says ‘no’ to critical updates to infrastructure, that should start you down the path to questioning why it is that he fears change.  Once you understand the reason, you can begin designing a product that would address all of his issues (for instance, maybe he feels but isn’t saying that your team has dropped the ball in testing things in the past, or perhaps he’s been burned elsewhere).  If a CIO doesn’t want to rock the boat, try to begin by pointing out previous successes that were game changing and examine how everyone felt about it at that time.

Everyone wants to be respected and looked to as an authority on the future of their industry; if you provide your client with clear cut reasons that he may want to take a choice of action, and then support him along the way, you may find you’re able to work your way past ‘No’.

Continue Reading...

SCCM: Dealing with an out of sync child primary

March 31, 2014 FoxDeploy

Hi all,

Recently I had a client in which one primary seemed to gradually fall behind in reporting on the central site.   Eventually, clients would be listed as ‘Not Approved’ in the Central Site, and this would cause advertisements and requests for policy to fail with frequent messages like this one:


MP has rejected a policy request from GUID:XXXXX-XXXX-XXX-XXX-XXXXXXXXXXXXXX because it was not approved.

It’s pretty straightforward here, advertisements from the central site will not register in many cases on these clients from the child primary sites.  In this case, this communication issue is serious.

There are many causes for situations like this, either an unreliable communication link to the primary, or address and sender settings being set too strictly.  Regardless, here is the method to fix this issue quickly.

  1. Connect to the affected Child primary and make a backup of all of the files in the folder (in case they are needed). Then delete all of those items, getting rid of the backlog.  We don’t need these files as we’re about to instruct ConfigMan to seriously overshare and re-report pretty much everything.

    I’m actually not convinced you need to do this.  If your replication issue isn’t fixed at first go, give this a shot and then repeat the remaining steps.

  2. Next, connect to the central site, and from an administrative command prompt, browse to your SCCM install directory.  From there, browse to \bin\i3860000409\ and run preinst.exe /SyncChild [ChildSiteCode]
  3. Finally, connect back to the Child Primary site and runn preinst.exe /SyncParent

If all works as expected, grab some popcorn and then get ready for some excitement in the log files.  Open up sender.log/replmgr.log on the central site, as well as despool/replmgr.log on the Child, and you should see a flurry of replication activity.

When things settled down, refresh the SCCM console from the Primary, and all of the clients from the Child primary should now be listed as Approved.

Big thanks to Xin from the MS forums for setting me on the appropriate path to solving this.

Continue Reading...

Desired State Configuration - What it is and why you should care

March 10, 2014 FoxDeploy

f you've been following Microsoft management news, you've no doubt heard of Desired State Configuration.  You might be wondering what it is. Continue Reading...

Nomad Question : How do I push content out ahead of an advertisement?

March 09, 2014 FoxDeploy

Hi all,

Recently I recieved a question about 1E Nomad that I wanted to answer.

In SCCM, it is a common practice to distribute content to your DPs before creating an advertisement.  How do I do that with Nomad, considering that all of your Nomad clients as a whole act as kind of a pseudo-Distribution Point?  How do you distribute content without creating an advertisement?  How do you verify that content is there?

With Nomad, content is only distributed to clients if an advertisement exists, so if you want to be certain the content will be present in an area before the clients begin to execute, you’d set an available date sufficiently in advance of the mandatory execution date for your advert.  In short, you have to create an advert to get content out to your clients when Nomad is used.

You can mandate that a number of packages, driver images, or boot images to be distributed out by creating a content pre-staging task sequence.  In this case, you’d add as many steps as needed for all of your content, and then advertise it to as many PCs as you want to distribute the content, with an available date of now, and an install date set to far, far in the future.  You can also place all of the content steps within a Task Sequence group that has a condition which would never evaluate to true, like “If ChasisType -equals SomethingUnlikely”

As for verifying the content is on the sites, installation of Nomad includes a number of reports that list package availability by subnet.  You can use this report to verify that content is available on a particular subnet.  If so, this would roughly correlate to a package existing on a DP in a traditional SCCM hierarchy.

These reports depend on some additions to SMS_DEF and Configuration.mof files, which will increase the size of the files processed by your SCCM servers.  Watch out for an increase of data to be processed by your site servers, after importing these new definitions.  It can result in increased memory usage by WMI, and you may find ‘Quota Exceeded 0x8004106c’ errors in your SMS Provider log file.  If you run into this, increase the WMI memory quota.

Continue Reading...

PowerShell Question Time: Whats the deal with Positional Parameters?

February 19, 2014 FoxDeploy

Hi guys,

Recently a colleague reached out to me with a question about PowerShell that I thought might benefit others.  I thought I’d share it with you here.

Hi Stephen,

Get-ChildItem -filter *.exe -Recure  -path c:\windows Get-ChildItem -path c:\windows -filter *.exe -recurse

-Path <String[]> Specifies a path to one or more locations. Wildcards are permitted. The default location is the current directory (.).

Required?                    false
Position?                    1
Default value                Current directory
Accept pipeline input?       true (ByValue, ByPropertyName)
Accept wildcard characters?  true

I’m confused in the two commands displayed at the top which both return the same value, how do they both work. If -path requires position 1 and in the first command its all the way at the end how can it be acceptable, or am I not seeing the information correctly. Perhaps this reads

Hopefully that made sense and hopefully I am assuming correctly.


Good question!  Well, first and foremost let me begin by saying that you should never use positional parameters, so just forget about them and move on! No, you’re still here?  You clicked past the ‘More’ button?  Okay, fine I’ll give a better explanation.

Simply put positional parameters only matter when you leave out the parameter name.

The reason you’re getting the same result, is that you’re explicitly specifying the parameter when you name it with its full or abbreviated name.   An argument is simply only assigned to a particular parameter by its position if you omit the parameter name.

That’s why you can run :

Get-ChildItem C:\windows *.exe  

but you can’t run

Get-ChildItem *.exe c:\windows.  

As the Positional parameter for position one for the command Get-ChildItem is ‘Path’, while Positional Parameter two is reserved for filtering operations.

So, don’t get caught up on positional parameters, using them is EXPRESSLY a bad PowerShell practice for code simplicity and readability sake. You can always put all of your parameters in whichever order you want, and you should always write out your parameter names in entirety, which means that Positional Parameters aren’t helpful whatsoever.

Continue Reading...

Upgrade your SCOM Notifications with PowerShell

February 17, 2014 FoxDeploy

in this post, we talk about how to provide more detailed alerts in SCOM Messages. This was for a project with a customer I've now forgotten, where we did a rip and replace of another product that I've also forgotten. I bascally don't remember any of this... Continue Reading...

Microsoft MVP

Five time Microsoft MVP, and now I work for the mothership

Need Help?

Get help much faster on our new dedicated Subreddit!

depicts a crowd of people in a night club with colored lights and says 'join the foxdeploy subrreddit today'

Blog Series
series_sml_PowerShellGUI series_sml_IntroToRaspberryPi Programming series_sml_IntroToWindows Remote Management Series The Logo for System Center Configuration Manager is displayed here Depicts a road sign saying 'Learning PowerShell Autocomplete'

Blog Stats