You are browsing the archive for 2008 October.

SCCM OSD/PXE Issues in Native Mode

9:54 am in ConfigMgr, ConfigMgr 2007, sccm, SCCM 2007 by Kenny Buntinx [MVP]

Some people are really experiencing hell with the PXE/OSD features when their site is in native mode. Below I have written a small guide on what to do and what to check to get things going in native mode for Operating system deployment .

Step 1

In the site properties , check that you have imported your Root CA certificates. If you have subordinate CA servers , import them as well as I have seen issues arriving when not importing them .The picture below will give you the idea :

SNAG-0169 SNAG-01701

Step 2

Create your OSD PXE service point Certificate & export it . Go to your certificate authority and duplicate the Computer certificate , name it Configmgr OSD certificate and make sure that you could export the private key !

SNAG-0172 SNAG-0173

When you have created the certificate , export it to a DER format by going to MMC – Certificates – personal – Request new certificate . Select the Configmgr OSD certificate and install it on your machine . When done , right click on the certificate and select export . Export the certificate with private key and when exported , delete the certificate you have requested .

Step 3

Import you in the PXE role configuration pane .

Now we go to the SCCM console and go to Site systems – PXE Role , import the certificate you just exported . The picture below explains it :


You will get the following warning when you exported the certificate on the Site server itself . This is no problem and you should select “yes” to continue


Check the PXE Certificate in the SCCM console.  Verify that the Root CA is trusted.

Try opening the Certificates | PXE node in SCCM.  Find the certificate that is not “blocked” and right-click to Open it.  Check the status of the CA Certificate.  I found that it was “Not Trusted” in my environment. 

When I clicked the Install button and selected the Trusted Root CA Authorities, the certificate was then “valid” when I reopened the certificate.  My SMSPXE.log no longer reflected that the certificate was not set.


 Step 4

Check that the following things below are set correctly

Network Access Account Not Set

Go into the Client Policy in SCCM and set a Network Access Account.  It sometimes “disappears” even after everything has been working fine. And then the OSD Task sequence cannot access the content on the Distribution point !


Hope it helps !


Kenny Buntinx

SCCM : In place upgrade / Refresh Scenario issues – solutions with tranguid.exe Part 1.

2:43 pm in ConfigMgr, ConfigMgr 2007, migration, sccm, SCCM 2007, script by Kenny Buntinx [MVP]


It all started with the great idea of a customer of reserving the same SMSGuid for an Inplace upgrade / Refresh scenario that would :

– Keep the same hardware

– Do an USMT capture of the settings for that machine.

– Replace the OS from W2K to XP SP2 or from XP SP2 to XP SP2

– Rename the computer account to the new standard from GTxxxxx to TGNxxxxx

– Maintain the same SMS Guid , so no duplicate entry’s

– Restore the USMT state to the local machine .


What a challenge , but we had a kind of scenario in place :

Step -1 : Add the %OSDNEWNAME% variable to your computerobject


2 1

Advertise your PC to your collection that has the correct Task Sequence assigned .


Step 1 : Request the state store

Step 2 : Capture user settings to the SMP

Step 3 : Capture the windows settings and select “Migrate computername”

Step 4 : Run Tranguid.exe and save the SMScfg.ini file in the old computer names folder witch contain the current SMS Guid  to a network share

Step 5 : Request a release state

Step 6 : Reboot in Winpe 2.0

Step 7 : Format the disk

Step 8 : Deploy the fat image without sysprep.inf

Step 9 : Install and configure the SCCM Client

Step 10 : Copy the SMScfg.ini from the networkfolder to the %windir%

Step 11 : Request the state store

Step 12 : Restore the user state to the new machine

Step 13 : Rename the computer account to the new name with netdom

Step 14 : Reboot

step 15 : Upgrade finished


Building the task sequence it is looking like this :


The problem I am experiencing now is the problem to make my “map network drive” flexible and use the local Distribution point as a variable to connect to the sharename.All the rest running into production.

Hope it makes sense ,

Kenny buntinx

SCCM 2007: The %SMSDP% variable is not available in SCCM 2007 OSD Task Sequences when Microsoft Deployment Toolkit 2008 is integrated

6:25 pm in ConfigMgr, ConfigMgr 2007, sccm, SCCM 2007 by Kenny Buntinx [MVP]

Here’s another cool tip on OSD Task Sequences that Frank Rojas made me aware of. 


Issue: When using SMS 2003 Operating System Deployment with Microsoft Deployment Toolkit (MDT) or Business Desktop Deployment (BDD), a variable called %SMSDP% was available for use in Task Sequences that pointed to the local Distribution Point (DP) for the PC that the OSD Task Sequence was running on. However, in SCCM 2007 OSD with Microsoft Deployment Toolkit 2008 (MDT 2008) integrated, this variable does not exist and is not available to be used in Task Sequences.

The %SMSDP% variable was not originally part of MDT 2008. However, this variable has been added as part of MDT 2008 Update 1. By upgrading to MDT 2008 Update 1 and integrating it into SCCM 2007, the %SMSDP% variable can be used in SCCM 2007 OSD Task Sequences as long as the Use Toolkit Package and Gather tasks are run before a task that attempts to use the  %SMSDP% variable.

Please note that in SCCM2007 OSD with MDT 2008 Update 1 integrated, the %SMSDP% actually points to the DP where the Boot Image is located that the PC used as part of the SCCM 2007 OSD Task Sequence. Although this DP is usually a local DP, there may be times that it may not be a local DP. Please keep this in mind when using the %SMSDP% variable.

To force the %SMSDP% to be a local DP, protected DPs and PXE Service Points may need to be set up and configured.

Technorati Tags: ,,


Upgrading your sms 2003 admin skills to Sccm 2007 sp1 (November edition)

10:44 am in Uncategorized by Kenny Buntinx [MVP]

Hi all,


Note: Only 4 seats left for this training session!

I will be teaching a custom training class on how-to upgrade you sms 2003 admin skills to SCCM 2007 again in Novemer. This class is mainly aimed at current sms 2003 administrators that have transitioned to configmgr 2007 or are in the planning / preparation phase of transitioning.

This class is not about the upgrade / migration itself but on upgrading the administrator’s skillset. Quite a number of things have changed from Sms to Sccm and that’s what this class will focus on. Based on what you already know from sms2003 this class is meant to bring you up-to-speed with sccm 2007 sp1.

The idea is to make this a course that has lots of well-thought out hands-on-labs with clear instructions and examples that are usable in your production environment, mixed with me telling you everything I know about configmgr 2007.

More details on this class can be found here:


What: Customized SCCM 2007 training class

Where: Jca Facilities in Louvain, Belgium

When: 17th till the 19th of November

How Much: The attendance fee for this course is 1250€

Training Material: The custom class power point handout, The detailed lab instructions a copy of the SCCM Administrators companion Mspress book.

Instructor: Me, an enthusiastic sms trainer with a lot of training and field experience, and 4 Mvp awards.


“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS

ConfigManager OSD : Joining machines to a domain and its security

5:51 pm in ConfigMgr, ConfigMgr 2007, sccm, SCCM 2007 by Kenny Buntinx [MVP]

Today , I was at a customer and I was struggling to get a task sequence up and running . After analyzing the log files , I discovered that it had trouble to join the domain.I say to myself , that is strange , I never had any trouble with it before.

Looking up the account for joining the domain , we assigned it with special rights to just be able to add or modify computer objects in a certain container .Security for everything right :-)

Looking some deeper I discovered that the account was over the limit of joining / disjoining the domain . Only Domain admins are allowed to go over that limit .

Most of you know the limit of 10 times authenticated users can join machines to a domain. Upping the limit, or removing it is a very simple thing to do, however everytime someone asks me, I have to go back to look it up again. 

How to fix this issue :

The Active Directory attribute you need to change is mS-DS-MachineAccountQuota which is a property of the domain object. Here’s the steps to change it:

– Start ADSI Edit (start/run/adsiedit.msc)
– Expand out the Domain node, right click on DC=<yourdomain>,DC=com and select properties
– Scan down to ms-DS-MachineAccountQuota
– Modify the value as appropriate, or clear the value to remove the limit entirely.


After this I still got an access denied when I tried to join the domain with my special account , but the difference was that the computerobject already existed in AD . My special account only had the right to Create / Delete objects to the corresponding Organizational Unit .

So to be able to let this account also modify existing computer objects in AD on the specific container , I needed to do the following steps below :

Grant additional permissions to the account that you are using:

1. Start Adsiedit.msc.
2. Open the Domain NC, DC=domain, OU=your Organizational Unit node.
3. Click your Organizational Unit, and then click Properties.
4. On the Security tab, click Advanced.
5. Click Add, and then click the appropriate user account or group.
6. In the Apply onto box, click Computer Objects.
7. In the Permissions pane, click to select the Write All Properties, the Reset Password.
8. Click OK until the change is made.
9. Wait for Active Directory replication to occur, or force synchronization to occur.


Hope it helps ,


Kenny Buntinx

SCCM 2007 SP1: Asset Intelligence Catalog Update

5:43 pm in ConfigMgr, ConfigMgr 2007, sccm, SCCM 2007 by Kenny Buntinx [MVP]

Microsoft released a new catalog update to address a few issues with the SCCM 2007 SP1 catalog (the one containing the new schema from System Center Online). Specifically, it will update the Asset Intelligence Configuration Manager SP1 catalog to fix the MPC issue, correcting the LU_MSProd table.

Note that this update is only applicable to the Configuration Manager 2007 SP1 Asset Intelligence knowledge base. It is not intended for SMS 2003 SP3 release or Configuration Manager RTM release. An update for SMS2003 and Configuration Manager 2007 RTM will be provided at a later date.

Again: It is not intended for SMS 2003 SP3 release or Configuration Manager RTM release , ONLY for SCCM 2007 SP1!

You can get the download from:

Regards ,


Kenny Buntinx

System Center Data Protection Manager event organized by SCUG.BE

8:42 am in Uncategorized by Kenny Buntinx [MVP]



The Belgian System Center User Group organizes their second event and will have Karandeep Anand as a speaker. Karandeep is a Senior Program Manager on the System Center Data Protection Manager team and is very knowledgeable about this product.

They took the opportunity to host a session at the Microsoft offices on Tuesday Oct 14th from 18:00 until 20:00.

Come join us for a deep dive on System Center Data Protection Manager (DPM) 2007. In this session, we will provide an overview of DPM 2007, and deep dive of how DPM protects Microsoft SQL Server, Microsoft Exchange, Office SharePoint Server, and Microsoft Hyper-V/Virtual Server-using both near continuous protection to disk and long term archival to tape.

After the session you will have the opportunity to ask questions about DPM.

DPM was one of topics covered during this week’s Virtualization road show and this is an excellent opportunity to follow up on the Backup capability for our Hyper-V offering.

Call to action:

Invite your UG members, customers and/or colleagues. Blog about it

They can register by sending a mail to

Best Regards ,

Kenny Buntinx

SCCM 2007 : How to collect the TS variables in winpe

5:59 pm in ConfigMgr, ConfigMgr 2007, sccm, SCCM 2007 by Kenny Buntinx [MVP]

Now, OS Deployment is sometimes be a hard to troubleshoot when your Tasksequence is running in WINPE.I am always be interested to see the values of a few of the variables when having trouble.Therefore, you can paste the following code into a VBScript, and run it from the debug shell during WinPE?

How to get to the debug shell? Well you need to enable command line support in your properties of your boot images . When booted in WINPE , you press F8 when the task sequence is running .

You can pipe the results o a text file and copy to a mem stick or put it in the middle of the task sequence and copy it to a network folder.  So for example, in WinPE, you’d run: cscript yourscript.vbs > C:\variables.txt


Dim oVar, oTSEnv

Set oTSEnv = CreateObject(“Microsoft.SMS.TSEnvironment”)

For Each oVar In oTSEnv.GetVariables

WScript.Echo ” “& oVar & “=” & oTSEnv(oVar)



Technorati Tags: ,,,

Hope it helps ,

Kenny Buntinx

SCCM2007 supported on SQL2008

10:56 am in Uncategorized by Kenny Buntinx [MVP]

SQL Server 2008 is now supported on Configuration Manager 2007 RTM and SP1!

System Center Configuration Manager 2007 (RTM and SP1) now supports the use of SQL Server 2008 as a site database. In order to upgrade a site-server database to SQL 2008 there are 2 hot fixes required:

· ConfigMgr 2007 RTM customers must apply hot fix KB955229
· ConfigMgr 2007 SP1 customers must apply hot fix KB955262

The following are requirements when performing a clean install on a SQL Server 2008 database:

· A clean install of ConfigMgr 2007 RTM on a SQL Server 2008 database is not supported. You must first install SQL Server 2005, upgrade to SQL Server 2008 and then apply hot fix KB955229
· A clean install of ConfigMgr 2007 SP1 on a SQL Server 2008 database is supported, but should apply hot fix KB955262


Hope it helps !

Kenny Buntinx

SCCM : When using a USB key to run a offline OSD task sequence there was a massive 10 hour time change in the SMSTS.log

9:32 am in ConfigMgr, ConfigMgr 2007, sccm, SCCM 2007 by Kenny Buntinx [MVP]

This is a known issue and has been bugged. When you use the boot media option Win PE communicates with the Management Point to get the current local time and uses this information to set the BIOS clock. When you use the standalone media no network connectivity is assumed and the management point is not contacted for the local time. The stand-alone media therefore has no way to know whether the BIOS time is correct or not and it will think the BIOS time is based on GMT -8 time zone and try to adjust it.

Microsoft told us this is scheduled to be fixed in a later service pack however this can be worked around using a script in the post install stage which corrects the OS system clock and synchs with a DC.