You are browsing the archive for Application Model.

MMS 2015 unplugged: Unable to publish application globally if targeted user-based within Configmgr workaround

2:55 pm in App-V, App-V 5.0, Application Model, applications, AppV, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 R2 SP1, ConfigMgr 2012 SP1, ConfigMgr SP2, ConfigMgr V.next, sccm, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 R2 SP1, SCCM 2012 SP1, SCCM v.Next by Kenny Buntinx [MVP]

 

If you have been to our session called App-V standalone compared to CM12 Integrated: The Good, The Bad and The Ugly at MMS 2015 , we have showed you that some things by default cannot be done in Configmgr .

We showed a strong business case around the Application model in CM12 SP1 and using App-V 5.0 to do user-based software targeting. As most people are doing App-V integration in Configuration Manager and exploring the possibilities , they ran into some challenges I believe are critical and needs to be solved in a certain way . What the correct way is , I leave that up to the smart engineering guy’s in Redmond .

One of the great promises of application virtualization is dynamic delivery of software to end-users; however delivering plug-ins or add-ons to installed (i.e. not virtualized) software has thus far been a stumbling block. Internet Explorer has been particularly challenging due to the inability to separate the browser from the OS in a supported manner. So using App-V to deploy plug-ins like Flash or Java has meant changing the user experience with virtualization or falling back to standard install methods. Since App-V 5.0 SP2 this is very good news though, with the ability to seamlessly run an installed application inside a specified virtual environment. This means that the Flash plug-in can be delivered as a virtual package and made available to Internet Explorer without resorting to hacks or changing the user experience by providing a special shortcut.

The only requirement for specific Virtual Extensions (like the flash add-in) is that the package needs to be published Globally… only it doesn’t work great when deploying all your virtualized apps to users with System Center Configuration Manager and App-V 5.x. The table below will explain in what cases you will have to use Global publishing.

imageimage

We can overcome that hurdle with a sort of workaround that we are not going to explain in absolute detail as every customer has specific needs. See the steps below as a guide to think outside the box.

Workaround :

1. We are going to create a scheduled task which triggers on a eventID action 1003 from the eventlog “Microsoft-AppV-Client/Operational”

The script to create the scheduled task :

param( [Parameter(ParameterSetName='Register')] [switch]$Register, [Parameter(ParameterSetName='UnRegister')] [switch]$UnRegister ) switch($PsCmdlet.ParameterSetName){ "Register"{ $Xml = Get-Content (Join-Path $PSScriptRoot "ScheduledTaskTemplate_Publish.xml") $hReplace = @{ _Date_=(Get-Date -Format s) _Author_="Publish_User2Global_1.0_EN" _WorkingDirectory_=$PSScriptRoot } foreach($key in $hReplace.Keys) { $Xml = $Xml -creplace $key, $hReplace.$key } Register-ScheduledTask -Xml ($Xml | Out-String) -TaskName "1_user_Publish_User2Global" -TaskPath "Microsoft\AppV\Publishing" -Force | Out-Null $Xml = Get-Content (Join-Path $PSScriptRoot "ScheduledTaskTemplate_UnPublish.xml") $hReplace = @{ _Date_=(Get-Date -Format s) _Author_="UnPublish_User2Global_1.0_EN" _WorkingDirectory_=$PSScriptRoot } foreach($key in $hReplace.Keys) { $Xml = $Xml -creplace $key, $hReplace.$key } #Register-ScheduledTask -Xml ($Xml | Out-String) -TaskName "1_user_UnPublish_User2Global" -TaskPath "Microsoft\AppV\Publishing" -Force | Out-Null } "UnRegister"{ Get-ScheduledTask -TaskPath "\Microsoft\AppV\Publishing\" -TaskName "1_user_Publish_User2Global" | Unregister-ScheduledTask -Confirm:$False | Out-Null #Get-ScheduledTask -TaskPath "\Microsoft\AppV\Publishing\" -TaskName "1_user_UnPublish_User2Global" | Unregister-ScheduledTask -Confirm:$False | Out-Null } }

The script is based on the following templates :

<?xml version="1.0" encoding="UTF-16"?> <Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <RegistrationInfo> <Date>_Date_</Date> <Author>_Author_</Author> <URI>\Microsoft\AppV\Publishing\1_user_Publish_User2Global</URI> </RegistrationInfo> <Triggers> <EventTrigger> <Enabled>true</Enabled> <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="Microsoft-AppV-Client/Operational"&gt;&lt;Select Path="Microsoft-AppV-Client/Operational"&gt;*[System[Provider[@Name='Microsoft-AppV-Client'] and EventID=1003]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription> <ValueQueries> <Value name="ThePackageId">Event/EventData/Data[@Name='Package']</Value> <Value name="TheVersionId">Event/EventData/Data[@Name='Version']</Value> <Value name="UserSid">Event/System/Security/@UserID</Value> </ValueQueries> </EventTrigger> </Triggers> <Principals> <Principal id="Author"> <GroupId>S-1-5-18</GroupId> <RunLevel>LeastPrivilege</RunLevel> </Principal> </Principals> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>false</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>false</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>true</Hidden> <RunOnlyIfIdle>false</RunOnlyIfIdle> <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession> <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine> <WakeToRun>false</WakeToRun> <ExecutionTimeLimit>P3D</ExecutionTimeLimit> <Priority>7</Priority> <RestartOnFailure> <Interval>PT1M</Interval> <Count>3</Count> </RestartOnFailure> </Settings> <Actions Context="Author"> <Exec> <Command>powershell.exe</Command> <Arguments>-NonInteractive -ExecutionPolicy RemoteSigned -WindowStyle Hidden -File User2Global.ps1 -Publish -PackageId $(ThePackageId) -VersionId $(TheVersionId) -UserSid $(UserSid)</Arguments> <WorkingDirectory>_WorkingDirectory_</WorkingDirectory> </Exec> </Actions> </Task>

2. When the scheduled task is triggered by event-ID action 1003 from the eventlog “Microsoft-AppV-Client/Operational” , we kick-off the following Powershell script (see below). It will unpublished the  package from the user and will publish the package globally instead.

param( [Parameter(ParameterSetName='Publish')] [switch]$Publish, [Parameter(ParameterSetName='UnPublish')] [switch]$UnPublish, [guid]$PackageId, [guid]$VersionId, [string]$UserSid ) Function New-BurntToastNotification{ <# This function will show a BurnToastNotification #> [CmdletBinding(SupportsShouldProcess = $True)] Param ( [Parameter(Mandatory=$True)] $Text, [Parameter(Mandatory=$True)] $Title ) # create toast template TO xml [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] > $null $toastXml = ([Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent([Windows.UI.Notifications.ToastTemplateType]::ToastImageAndText02)).GetXml() # message to show on toast $stringElements = $toastXml.GetElementsByTagName("text") | select -First 1 $stringElements.AppendChild($toastXml.CreateTextNode($Title)) > $null $stringElements = $toastXml.GetElementsByTagName("text") | select -Last 1 $stringElements.AppendChild($toastXml.CreateTextNode($Text)) > $null # image $imageElements = $toastXml.GetElementsByTagName("image") $imageElements[0].src = "file:///" + "$PSScriptRoot\appv.png" # convert from System.Xml.XmlDocument to Windows.Data.Xml.Dom.XmlDocument $windowsXml = New-Object Windows.Data.Xml.Dom.XmlDocument $windowsXml.LoadXml($toastXml.OuterXml) # send toast notification $toast = New-Object Windows.UI.Notifications.ToastNotification ($windowsXml) [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier("App-V").Show($toast) } Import-Module "$env:ProgramFiles\Microsoft Application Virtualization\Client\AppvClient\AppvClient.psd1" $package = Get-AppVClientPackage -PackageId $PackageId -VersionId $VersionId -All switch($PsCmdlet.ParameterSetName) { "Publish" { try { Unpublish-AppvClientPackage $package -UserSID $UserSid if (! $package.IsPublishedGlobally) { Publish-AppVClientPackage $package -Global New-BurntToastNotification -Text "$($package.name)`nSuccesfully Published Globally." -Title "App-V User2Global" } } catch { New-BurntToastNotification -Text "Something went wrong while Publishing: `n$($package.name)." -Title "App-V User2Global" } } "UnPublish" { try { if (($package = Get-AppVClientPackage -PackageId $PackageId -VersionId $VersionId -All).IsPublishedGlobally) { $package | stop-AppVClientPackage -Global -ErrorAction SilentlyContinue | Unpublish-AppvClientPackage -Global New-BurntToastNotification -Text "$($package.name)`nSuccesfully UnPublished Globally." -Title "App-V User2Global" } } catch { New-BurntToastNotification -Text "Something went wrong while unpublishing: `n$($package.name)." -Title "App-V User2Global" } } }

You can choose how to deploy the script. You can create an App-V bubble or simply deploy this with Configmgr or GPO ….

Disclaimer : The script are delivered AS-IS and are not the complete solution to this story. It is an example on how to think outside the box and make a potential solution that will fit your specific company issue.

Hope it Helps ,

Kenny Buntinx & Roy Essers .

Configmgr 2012 : Broken Applications in your task sequences after an upgrade (error 615)

1:08 pm in 615, Application Model, applications, CM12, CM12 R2, CM12 R2 SP1, CM12 SP1, CM12 SP2, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 R2 SP1, ConfigMgr 2012 SP1, ConfigMgr SP2, coretech, err, error 615, OSD, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 R2 SP1, SCCM 2012 SP1, troubleshooting, xmasblogroll by Kenny Buntinx [MVP]

 

Scenario: Upgrading a Configmgr 2012 RTM/SP1/R2 environment to a new R2 SP1 environment will end up into broken applications in your Task sequences with error 615 in the status messages.

Issue: After the upgrade was successfully performed , suddenly all applications within my OSD task sequence start failing with the following error code :

The task sequence failed to install application Intel Management Engine 6.0.40.1215(ScopeId_67A221E3-64F0-47D4-AA5A-BB3729EC221F/Application_2071f753-7604-42a5-b6be-b1b45c3c1f0a) for action (Install HW Driver Applications for HP8540P) in the group () with exit code 615. The operating system reported error 615: The password provided is too short to meet the policy of your user account. Please choose a longer password.

clip_image002

To be honest with my blog readers, this particular message can be caused by multiple reasons. I will list all possible solutions / workarounds that I have come across to solve this issue.

Cause 1 – Applications have no ContentID associated:

I blogged about this beginning of 2013 at http://scug.be/sccm/2013/01/08/configmgr-2012-sp1-broken-applications-after-upgrading-from-rtm/

After some checks, I saw that it concerned only applications and I discovered that had no ContentID associated to each Deployment Type. In other words, all the applications created and that are embedded in a TS with no direct deployments attached to the Application. It appears that the upgrade process broke all applications.

You can confirm this with the Application Catalog downloads as well. You will see “+++ Did not detect app deployment type”… in the AppDiscovery.log file. Additionally, the Software Center will show the error message “Failed”. Clicking on the details will result in “The software change returned error code 0x87D00607(-2016410105).”

We found as workaround, you have simply to add a comment to each DT and it will update the content ID. Nevertheless, the change means that a redistribution of your application on all your DP’s.

Following the steps as further discussed in this blog post at http://scug.be/sccm/2013/01/27/configmgr-2012-sp1-powershell-script-to-repair-broken-applications-after-upgrading-them-from-rtm/, the application will successfully install afterwards.

Cause 2 – Corrupt task sequence:

In some cases the policy that is related to the task sequence gets corrupt. This can be easily solved by creating a brand new task sequence and copying the steps from the older one side-by-side. Delete the old task sequence & create a new deployment for the just newly created task sequence.

Cause 3 – SMSMP parameter set incorrect:

I had also had problems after upgrading to SCCM R2 SP1. I was not able to install any applications as part of a task sequence as they all failed with error 615 or error 0x80004005. Installing applications outside of a Task sequence did work normally. The status message reported was exactly the same as described above "615 Password too short".

After investigating the client side log files it turned out, that the SCCM client was trying to download the application package using https first and after a few retry’s would switch to http only.

Because my DP is configured to accept http and https as like default behavior. I fixed the Problem by changing the value of the SMSMP parameter in the Task sequence step "Setup Windows and Configuration Manager" from

SMSMP=myserver.mydomain.local

to this:

SMSMP=http://myserver.mydomain.local

After this change, application installation worked as expected again.

clip_image004

Cause 4 – FIPS has been enabled :

Enabling FIPS mode makes Windows and its subsystems use only FIPS-validated cryptographic algorithms. An example is Schannel, which is the system component that provides SSL and TLS to applications. When FIPS mode is enabled, Schannel disallows SSL 2.0 and 3.0, protocols that fall short of the FIPS standards. Applications such as web browsers that use Schannel then cannot connect to HTTPS web sites that don’t use at least TLS 1.0. (Note that the same results can be achieved without FIPS mode by configuring Schannel according to KB 245030 and this blog post.)

Enabling FIPS mode also causes the .NET Framework to disallow the use of non-validated algorithms.

Microsoft advises not to use FIPS anymore as shown in the screenshot below : http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx

clip_image006

In our case this solved the issue with the error 615. Probably it was a combination of things , but this is certainly something to disable and try.

Cause 5 – Use the latest CU2 on CM12 R2 SP1 :

Always make sure to use the latest CU’s as they include important fixes . You can download CU2 over here : https://support.microsoft.com/en-us/kb/3100144#/en-us/kb/3100144

The two most important fixes that may help to avoid error 615 in CU2 for R2 SP1 are :

– Applications will not install when you use them with a dynamic variable list in a task sequence if no SMB package share was defined for the content. This affects only installations that use a dynamic variable list. Other installation methods are unaffected.

No Http location found
Failed to download content for SMS package PRI00080, hr=0x80004005
Install Dynamic software action failed to resolve content for packageID: ‘PRI00080′, programID: ‘TestApp’. Error Code 0x80004005

– In a Configuration Manager environment in which multiple certificates are deployed to client computers, the client may select the wrong certificate for use in management point communication. This occurs when one certificate is based on a version 2 template and one is based on version 3. The client will select the certificate that has the longest validity period. This may be the version 3 certificate, and this certificate may not be currently supported by Configuration Manager. Errors that resemble the following are recorded in the ClientIDManagerStartup.log file.

[RegTask] – Executing registration task synchronously.
RegTask: Failed to create registration request body. Error: 0x80090014

 

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Mobility

SCCM 2012 : “Another Installation is already in Progress” when deploying Applications thru OSD deployment.

11:26 am in agent, Application Model, applications, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, OSD, SCCM 2012, SCCM 2012 R2, SCCM 2012 SP1, Task Sequence by Kenny Buntinx [MVP]

 

At one of my current customers, I have been stuck for two days now, that one or two randomly selected applications where failing If we looked in the ‘Status Messages’ and dig al little deeper , we saw in there that :

‘Another installation is already in progress.Complete that installation before proceeding with this install.’

 image

Knowing this is a highly secured environment , my first guess would be policies. However I overruled this thinking strategy because during the OSD process , GPO’s aren’t applied …—> That is a fact , except for one scenario I already blogged about it as described here  ‘http://scug.be/sccm/2013/02/13/configmgr-2012-rtmsp1-applications-failed-to-install-during-osd-with-error-code-16389-and-denied-logon-for-domain-users-policy/’ , but that was not the issue…

Back to the drawing board and digging deeper in the smstslog file … Suddenly when hitting the F8 button a popup arrived that I needed a reboot to complete the “Kaspersky Antimalware Client”  … WTF is that doing in my task sequence.

Apparently someone at the customer decided to set a policy at the Kaspersky management server , to Push / Install a Kaspersky client when he detects and scans the network for computers that did not had a Kaspersky mgmt. agent installed. That little process hijacked my Task sequence installation process and jumped in the middle to install that Kaspersky agent .

Case Closed …My advise – before troubleshooting Configmgr , just start asking questions who did changes on other parts of the environment Emoticon die tong uitsteekt

Hope it Helps ,

Kenny Buntinx

Enterprise Client Management MVP

Configmgr 2012 SP1 : PowerShell Script to repair “Broken Applications after upgrading them from RTM”

7:52 pm in Application Model, applications, CM12, ConfigMgr, ConfigMgr 2012, ConfigMgr 2012 SP1, Deployment, deployment types, SCCM 2012, SCCM 2012 SP1, upgrade by Kenny Buntinx [MVP]

 

Upgrading a Configmgr 2012 RTM environment to a new SP1 environment . After the upgrade was successfully performed , suddenly all applications within my OSD task sequence start failing as described in my previous blog post here : http://scug.be/sccm/2013/01/08/configmgr-2012-sp1-broken-applications-after-upgrading-from-rtm/

Finally we have found some other errors as well , they are listed here :

  • The task sequence failed to install application Intel Management Engine 6.0.40.1215(ScopeId_67A221E3-64F0-47D4-AA5A-BB3729EC221F/Application_2071f753-7604-42a5-b6be-b1b45c3c1f0a) for action (Install HW Driver Applications for HP8540P) in the group () with exit code 615. The operating system reported error 615: The password provided is too short to meet the policy of your user account. Please choose a longer password.
  • The task sequence failed to install application NVIDIA Quadro/NVS Mobile Drivers 305.93(ScopeId_67A221E3-64F0-47D4-AA5A-BB3729EC221F/Application_17e0153e-3d4f-467b-a2b3-68491516b0e1) for action (Install HW Driver Applications for HP8540P) in the group () with exit code 580. The operating system reported error 580: An event pair synchronization operation was performed using the thread specific client/server event pair object, but no event pair object was associated with the thread.
  • The task sequence failed to install application Synaptics Touch Pad Driver(ScopeId_67A221E3-64F0-47D4-AA5A-BB3729EC221F/Application_a0628bfc-3f06-4096-a001-c1a6c92675ea) for action (Install HW Driver Applications for HP8540P) in the group () with exit code 16389. The operating system reported error 2: The system cannot find the file specified.

We found a workaround, you have simply to add a comment to each DT and it will update the content ID. Nevertheless, the change means that a redistribution of your application on all your DP’s.

BUT , that is all manual work , and we hate that , don’t we Smile with tongue out . Luckily we have an excellent PowerShell scripter in our team and all credits for creating this script goes to  Bart Serneels. He has written a PowerShell script to do all the work . He was happy to share this with you guys.

Here is the script : (replace VVM with your “Site Code” )

 

What the script will do is :

  1. Look for any application that has no deployment attached to it
  2. Opens the application deployment type(s) and looks for a description .
  3. If the description field is empty , it will update that field with the deployment type name.
  4. If the description field exists , it will make a backup , adapt it with the deployment type name , save it , reopen and revert to the backup descriptions and save it once more .

Again  , this is a workaround that helped us fixing our issues and no guarantee it will work for you .

Hope it Helps ,

Kenny Buntinx

MVP ConfigMgr

How to create an application for deploying the App-V 5.0 Client with Configmgr 2012

9:09 pm in App-V, App-V 5.0, Application Model, AppV, CM12, ConfigMgr 2012 SP1, Deployment, deployment types, detection methods, Operating System Deployment, OSD, sccm, SCCM 2012 SP1, vbscript by Kenny Buntinx [MVP]

 

In this blog post we will show you how to create the application for deploying the App-V 5.0 client which is part of the MDOP ( Microsoft Desktop Optimization Pack )suite.

App-V 5.0 client is supported on the following platforms (As you can see , there is NO XP support) :

image

First we need to have a look on the exact prerequisites needed to run the App-V 5.0 client . You will find that kind of information here : http://technet.microsoft.com/en-us/library/jj713458.aspx

However the information on what version you need on the Microsoft Visual C++ is vague. We will clarify that below :

  1. Microsoft Windows .NET Framework 4 (Full Package) (http://www.microsoft.com/en-us/download/details.aspx?id=17718)
  2. Windows PowerShell 3.0 (http://www.microsoft.com/en-us/download/details.aspx?id=34595)
  3. Download and install KB2533623 (http://www.microsoft.com/en-us/download/details.aspx?id=26746)
  4. The Microsoft Visual C++ 2010 SP1 x64 Redistributable –> v10.0.40219 (http://go.microsoft.com/fwlink/?LinkId=268896)

image

  1. The Microsoft Visual C++ 2005 SP1 x86 Redistributable –> v8.0.61001 http://www.microsoft.com/en-us/download/details.aspx?id=26347

image

Now we need to create for each component an application . Lets start :

Windows .NET Framework 4 (Full Package)

Knipsel

Knipsel2

Knipsel3

Full installation code : dotNetFx40_Full_x86_x64.exe /q /norestart /ChainingPackage ADMINDEPLOYMENT

Knipsel4

Create 2 detection methods as shown below

Knipsel5

Detection Method 1 : {8E34682C-8118-31F1-BC4C-98CD9675E1C2}

Knipsel6

Detection Method 2 : {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Windows PowerShell 3.0

31

Full installation code : c:\windows\System32\wusa.exe "Windows6.1-KB2506143-x64.msu" /quiet /norestart

32

Use a script as detection method :

33

Full detection script :

KB2533623 –> Apply hotfix in your base image or use CBS updates with offline updates

Microsoft Visual C++ 2010 SP1 –> Use download link specified above and use MSI detection methods

Microsoft Visual C++ 2005 SP1 –> Use download link specified above and use MSI detection methods

App-V 5.0 Client itself

When done , we going to create the App-V 5.0 Client Application . Deploy one of the following Windows Installer files to the target computer. The Windows Installer file you specify must match the configuration of the target computer.

  • If the target computer is running a 32-bit Microsoft Windows operating system, deploy the appv_client_MSI_x86.msi.
  • If the target computer is running a 64-bit Microsoft Windows operating system, deploy the appv_client_MSI_x64.msi.
  • If you are deploying the App-V 5.0 Remote Desktop Services client, deploy the appv_client_rds_MSI_x64.msi.

14

Create your application.

10

Create 2 deployment types : x64 and x86

11

For the X64 deployment type

13

Use the regular msi install parameters

15

Use the regular msi detection method

16

Now you must create dependencies . Make sure you select AUTO Install !

17

First create the Visual C++ 2005 SP1 x86 and select the deployment type you created earlier .

18

Then create a WMF 3.0 one and select the deployment type you created earlier .

19

Then create the Visual C++ 2010 SP1 x86 and select the deployment type you created earlier .

20

Then as the last one , create the Visual C++ 2010 SP1 x64 and select the deployment type you created earlier .

21

 

Your al set , your App-V 5.0 install is ready to be used .

Hope it Helps ,

Kenny Buntinx

Configmgr 2012 SP1 : Broken Applications after upgrading from RTM

10:45 am in a, Application Model, applications, ConfigMgr, ConfigMgr 2012, ConfigMgr 2012 SP1, SCCM 2012, SCCM 2012 SP1, upgrade by Kenny Buntinx [MVP]

Scenario : Upgrading a Configmgr 2012 RTM environment to a new SP1 environment . It was a standalone primary site RTM Build without any CU (5.00.7711.0000).

Issue : After the upgrade was successfully performed , suddenly all applications within my OSD task sequence start failing with the following error code :

The task sequence failed to install application Intel Management Engine 6.0.40.1215(ScopeId_67A221E3-64F0-47D4-AA5A-BB3729EC221F/Application_2071f753-7604-42a5-b6be-b1b45c3c1f0a) for action (Install HW Driver Applications for HP8540P) in the group () with exit code 615. The operating system reported error 615: The password provided is too short to meet the policy of your user account. Please choose a longer password.

Identifying the cause:  After some checks, I saw that it concerned only applications and I discovered that had no ContentID associated to each Deployment Type. In other words, all the applications created and that are embedded in a TS with no direct deployments attached to the Application.  It appears that the upgrade process broke all applications.

Workaround :

We found a workaround, you have simply to add a comment to each DT and it will update the content ID. Nevertheless, the change means that a redistribution of your application on all your DP’s.

Hope it Helps ,

Kenny Buntinx

Configmgr 2012 RTM/SP1 Part 1: Not so basic Applications and there Detection Methods

2:44 pm in Application Model, applications, ConfigMgr, ConfigMgr 2012, ConfigMgr 2012 SP1, Deployment, deployment types, detection methods, sccm, SCCM 2012, SCCM 2012 SP1, vbscript by Kenny Buntinx [MVP]

 

Hi Guys ,

I will start a series of blog posts that will list all common applications with requirements and dependencies you need to build your general OSD Task Sequence.

Today I will start with 2 great examples such as :

  1. Installing a or multiple certificate(s) for SCUP 2011 which is using a registry key as detection method
  2. Internet explorer 9 Post install hotfix which is using a script as detection method

Scenario 1 :

So let’s start with the first example , being certificate deployment as an application in a  task sequence :

Let’s ask ourselves first this question : Why would we use an application to deploy certificates during an OSD deployment if we have Group Policy Object to do it for us ? Well , the answer is :  This Microsoft document at: http://technet.microsoft.com/en-us/library/bb693951.aspx states that "The Setup Windows and ConfigMgr” task sequence action is responsible for running Group Policy on the newly installed computer. At which point during the task sequence action that Group Policy is applied depends on the operating system being deployed. On Windows XP and Windows Server 2003, Group Policy runs after the task sequence is finished, the task sequence GINA has been unloaded and then replaced with the GINA on Windows. On Windows Vista and Windows Server 2008, Group Policy runs after the Setup Windows and ConfigMgr task sequence action completes. "

Let’s build our Application now :

1. Export your self signed certificate , and place it in a source folder . For Windows 7 , you don’t need any additional tooling , for XP you do. You need “certutilxp.exe and certadm.dll”

image

2. Create 2 batch files :

Install.cmd –> For Win7

SNAGHTML105afa45

Install_XP.cmd –> For XP

image

3. Create your application . In this example “ WSUS Self Signed Certificate”

SNAGHTML10537a2a

4. Create 2 deployment types . One for XP and one for Win7 .

SNAGHTML1056340b

5. On the “Detection Method” tab , specify a registry key

In my case : HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6BFF5439A57586FEF61B8D8E2194A96DD459B511 and HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6BFF5439A57586FEF61B8D8E2194A96DD459B511

image

Where does the “6BFF5439A57586FEF61B8D8E2194A96DD459B511” value comes from ? It will come from the properties of your exported certificate.

Take the properties of your certificate and take a look at the value “ Thumbprint” as shown below :

SNAGHTML10644ee2

6. Define your requirement here directly or with a global condition :

SNAGHTML10661df4

7. Your done !

Scenario 2 : Internet explorer 9 Post install hotfix

So let’s start with the second example , being an Internet explorer 9 fix  deployment as an application in a  task sequence :

Why ? I was looking at several Windows 7 machines in an environment that whenever a new domain user who had never logged onto a machine before got the following error message:

The User Profile Service service failed the logon.

User profile cannot be loaded.

image

Now in this case there was an existing Microsoft KB article for this located here http://support.microsoft.com/kb/947215

Let’s build our Application now :

1. Create a VBS with the following lines :

image

 

2.  Create your application . In this example “ Internet Explorer 9 Post Install Fix”

SNAGHTML10727ca4

3. Create a deployment type.

image

4. Specify your Program to run . In this case “IE9….vbs”

SNAGHTML1074c859

5. Now we will use a script as detection method . If the exit code is a non-zero value, then the script has failed and the application detection status is unknown. If the exit code is zero and STDOUT contains data then the application detection state is installed. –> see http://technet.microsoft.com/en-us/library/b2483e0f-3b9b-4551-ba5e-19fe0f5be3be#BKMK_Step4

From my experience, if you use a vbscript method of detection; any returned value from wscript.echo, anything at all, means that the detection passed.  Even if you wscript.echo "FALSE", it doesn’t matter; something was returned, the script passed.

If you don’t want it to pass detection, simply don’t echo anything.

SNAGHTML1075574b

6. We specify VBScript as language and past a script to detect if the file is there or not .

SNAGHTML107627f9

 

Hope it Helps ,

Kenny Buntinx

Intel HD Graphics driver and software for HP Models in OSD in the New Configmgr 2012 Application model

9:04 am in Application Model, ConfigMgr 2012, ConfigMgr 2012 SP1, Deployment, deployment types, Drivers, Global Conditions, query, Requirements, SCCM 2012, SCCM 2012 SP1, System Center by Kenny Buntinx [MVP]

 

System Center 2012 Configuration Manager has a great feature called the Application model that has many great built-in requirement rules that will help you to get the right deployment type installed on the right machine type even during OSD.

For most of the drivers you need to install during OSD , the driver alone isn’t enough. A great example here is the Intel HD graphics or IDT high definition Audio drivers.

In the old CM07 days you would build packages and programs , use them in your task sequence with a condition that uses a WMI query to apply that TS step on the right HW model. Well , forget about that and start using applications to install your “bad drivers” that need software as well. Let those global conditions figure out on what HW model hardware it is applicable.

For most of my applications the built-in rules can get the job done, but some times we need to create our own Global Conditions, to fit the requirement rules for an application/Deployment Type. In this particular case , we will use a global condition to detect the right PNP ID so we are able to detect the HW. We simply don’t care on what HW model we apply this step , as the global condition will figure it out for you . This will allow you to simplify things in your TS.

Let me give you an example on how to do it :

1. Create your Application : HP Graphics driver and Software and fill in your supported models. Note: When downloading the driver software from the HP website , in the .inf file you will find on what HW models this software is applicable.

image

2. Create your Deployment Type and specify the install / uninstall parameters . In this case : “Setup –s”

image

3. Create your “Detection Method” . In this case we will look in to the registry :

Hive: “HKLM”

Key : \Software\Wow6432Node\Intel\GFX”

Value :”Version”

Data Type : “String”

Equals version “ 9.17.10.2967”

Now you can detect if the app is already installed or not .

image

4. Create your custom Global condition under the “Global Condition” Node in the Console .

image

5. Create your custom Global condition called:”Video is Intel HD Graphics Compatible Adapter” and specify the following settings :

Name :”Video is Intel HD Graphics Compatible Adapter”

Device Type : “windows”

Condition Type : “Setting”

Setting Type : ”WQL query”

Data Type :”String”

Namespace : “Root\Cimv2”

Class: ”CIM_LogicalDevice”

Property : “PNPDeviceID”

WQL query where clause  :

“PNPDeviceID like ‘%VEN_8086&DEV_0166%’ or PNPDeviceID like ‘%VEN_8086&DEV_0106%’ or PNPDeviceID like ‘%VEN_8086&DEV_0102%’ or PNPDeviceID like ‘%VEN_8086&DEV_0116%’ or PNPDeviceID like ‘%VEN_8086&DEV_0112%’ or PNPDeviceID like ‘%VEN_8086&DEV_0126%’ or PNPDeviceID like ‘%VEN_8086&DEV_0122%’ or PNPDeviceID like ‘%VEN_8086&DEV_010A%’ or PNPDeviceID like ‘%VEN_8086&DEV_0162%’ or PNPDeviceID like ‘%VEN_8086&DEV_016A%’ or PNPDeviceID like ‘%VEN_8086&DEV_0152%’ or PNPDeviceID like ‘%VEN_8086&DEV_0156%’ or PNPDeviceID like ‘%VEN_8086&DEV_015A%’”

image

To find the above information , you must open the corresponding inf file of the specified driver

clip_image002

6. Attach your previous defined “Global Condition” as a requirement on your deployment type. Make your sure to select that your global condition must exist on the client device .

image

7. Add the application to your OSD task Sequence . You’re done.

I hope you see that the power of Applications can also be used in your OSD deployment scenarios .

Hope it Helps ,

Kenny Buntinx