You are browsing the archive for 2012 September.

Configmgr 2012 : Automate / Create User Collections from AD user Groups (based on Active Directory group discovery)

8:40 am in CM12, collection, ConfigMgr 2012, ConfigMgr 2012 SP1, query, SCCM 2012, SCCM 2012 SP1, System Center, users by Kenny Buntinx [MVP]


Did you ever wanted to automate the creation of “User Collections” based on your AD user Groups (which is based on User group discovery)

I have posted the script here ( ) and these are the steps to follow :

1) Create/Configure your AD group discovery to target your AD application groups.


2) Run this script from a site server machine and this will require appropriate RBAC rights for the user to create collections.

2) Open a command prompt and run the following cmd:

Cscript CreateCollectionForUserGroups.vbs


3) The script will create a user collection for each AD security group with the same name as the unique user group name retrieved from active directory. The appropriate AD group will be added as a direct member of that user collection. This will avoid the refresh that you would need if you would use a query method !



4) On subsequent reruns the script will check if a collection with the same name exists or not and if it does it will skip.

The only 2 things I would still add to the script and I am busy trying to figure it out is :

– Check for incremental updates ( in case you would add a user directly into it )

– Check the default collection update (7days)


Note : I have not written this script myself . I would like to thank the Configmgr Product group and in particular Bhaskar, as he created the script . However you should first try this script in a lab and see if it fits your needs . We’ll take no responsibility what so ever .


Hope it Helps ,

Kenny Buntinx

Configmgr 2012 SP1 requires PCM 2.0 (Package Conversion Manager)

7:39 pm in Uncategorized by Kenny Buntinx [MVP]


With Package Conversion Manager (PCM) V 2.0 is available for System Center Configuration Manager 2012 (SCCM 2012) !!!

Microsoft System Center 2012 ConfigMgr SP1 Package Conversion Manager v2.0 (PCM) is a feature pack download that lets you convert ConfigMgr 2007 packages into System Center 2012 ConfigMgr SP1 applications. PCM has been updated and v2.0 Beta is being released to the public with ConfigMgr SP1 Beta to support the ConfigMgr SP1 configuration.

You can download it here :

Please note the RTM release of PCM is not compatible with ConfigMgr SP1 Beta – you will need to use PCM v2.0 if you are converting ConfigMgr 2007 packages to ConfigMgr SP1.

Hope it Helps ,

Kenny Buntinx

Configmgr 2012 RTM / SP1 and remote management points not healthy when running Configmgr DB on a SQL cluster.

7:01 pm in ConfigMgr 2012, ConfigMgr 2012 SP1, SCCM 2012, SCCM 2012 SP1, SQL, SQL Cluster by Kenny Buntinx [MVP]


This week I needed to upgrade our TAP customer Configuration Manager 2012 infrastructure from RTM to SP1 beta. Our SQL Server 2008 R2 environment is clustered.

A bit of background information :

At the time I installed this customers Configuration Manager 2012 RTM’s infrastructure , I ran into this issue : and the solution here was to removing the SQL Server 2008 R2 Native client and installing the SQL Server 2008 Native client as we have seen some issues with a SQL 2008 R2 Native Client talking to a cluster on the SQL technet forums.

My SQL Database server is a two-node SQL Cluster, with SC-SCCM-CLUSTER as the name. In addition to the primary site DB, SC-SCCM-CLUSTER also hosts the WSUS database (WSUS is set up on the primary site server as it will have a SUP). The SQL cluster is Windows 2008 R2 SP1, and the SQL Cluster is a 2-node SQL Cluster 2008 R2 SP1 with CU6 (required for SP1).

Now the upgrade and the MP issues :

A fairly simple task but you need to keep a couple of things in mind when upgrading from Configuration Manager 2012 RTM to SP1 . In my environment I have 1 Primary site server and 35 remote sites ( Remote DP with PXE ) where 7 of them have a Management Point installed .

After the upgrade suddenly the Remote Management Points became unhealthy and throwing errors with status code 500 in the mpcontrol.log file  .

*** [08001][-2146893019][Microsoft][SQL Server Native Client 10.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.
*** [08001][-2146893019][Microsoft][SQL Server Native Client 10.0]Client unable to establish connection
*** Failed to connect to the SQL Server, connection type: MP_CONTROL_ACCESS.
Failed to get connection to the configured SQL database.


The solution :

The way we resolved the issue was to make the SQL Server certificate trusted. Go to the SQL cluster server and pick a node .

Here are the screenshots of SQL server certificate which you need to export and import to “Trusted Root Certification Authorities” list. You may need to repeat the steps on both SQL nodes and all REMOTE Management Point servers


Export the certificate and import it over here . When successful you should see this :


When it is done , reboot your server or reboot your Configmgr services and go into the MPcontrol.log . You will see the server talking correctly



The management point finds it database and can connect to it thanks to the certificate import . You can also verify and look into Certmgr.log at the primary site .

Hope it Helps ,

Kenny Buntinx

KMS Update to Support Windows 8 / Windows Server 2012

9:30 am in Uncategorized by Kenny Buntinx [MVP]


There is an update available that allows your KMS server to activate Windows 8 and Windows Server 2012 operating systems when you are testing out Configmgr 2012 sp1 .

An update is available for Windows 7 and Windows Server 2008 R2 KMS hosts to support Windows 8 and Windows Server 2012

Hope it Helps ,

Kenny Buntinx

Configmgr 2012 SP1 CTP: Enabling NTLM Authentication (Single Sign-On) in Firefox to let the Configmgr AppCatalog work

7:39 am in Application Catalog, ConfigMgr, ConfigMgr 2012, ConfigMgr 2012 SP1, SCCM 2012 by Kenny Buntinx [MVP]


Firefox support is new in Configmgr 2012 SP1. The Catalog portal UI experience will be the same as ConfigMgr 2012

How many of you have noticed that when you are using Internet Explorer and you browse to your companies intranet page that it will automatically authenticate you but when you use Firefox you will be prompted with a login box? This is the same for our Configmgr Appcatalog .

I recently, in searching for solutions to allow NTLM authentication and how to set a preference in Firefox that will pass the NTLM authentication information to a web server. The preference is network.automatic-ntlm-auth.trusted-uris.

So how do you do it?

1) Open Firefox and type “about:config” in the address bar. (without the quotes of course)
2) In the ‘Filter’ field type the following “network.automatic-ntlm-auth.trusted-uris”
3) Double click the name of the preference that we just searched for
4) Enter the URLs of the sites you wish to pass NTLM auth info to in the form of:,

5) Notice that you can use a comma separated list in this field.

Hope it Helps ,

Kenny Buntinx