You are browsing the archive for Conficker.

Video New Efficiency: Deploying Windows 7 with SCCM – Dutch

10:01 am in chopsticks, Conficker, ConfigMgr 2007, ConfigMgr 2007 R2, configmgr2007, events, Windows 7 by Kenny Buntinx [MVP]

This session introduces tool enhancements new to Windows 7 and System Center Configuration manager for every stage of a Windows 7 desktop deployment project. During this talk you will learn more on how to test your application against possible compatibility issues and different technologies you can use to help you against these issues.

Furthermore we will discuss other deployment mechanisms based on the free Microsoft Deployment toolkit.

[evid:technet:1452]

SCCM 2007 MP horror : “Cannot create the internet virtual directory CCM_Incoming. The error code is 8007005”.

4:39 pm in Conficker, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, MP, sccm, SCCM 2007, SCCM 2007 R2 by Kenny Buntinx [MVP]

This story happened at one of my customers , but lucky it happenend into an acceptance environment instead of production

After discovering that a reboot happened in our acceptance environment around the 19th of july 2009 , we saw that the management point did not communicate anymore with their clients.

After some investigation , we decided to uninstall the mgmt point and reinstall it. This should always go smooth and without issues.

Guess what , at my client it didn’t. Below you will find the detailed log files of the installation failing.

clip_image002

These errors didn’t worry me to much as the mgmt point was not existing anymore . Below you will find the rest of the log and that was really worrying me .

 

clip_image002[6]

 

As you can see it says : “Cannot create the internet virtual directory CCM_Incoming. The error code is 8007005” ==> This means somewhere access denied .

After checking the default permissions on the following accounts (IUSR,IWAM,IIS_WPG), I checked if the accounts did not give any Failure audits in the security log of the eventvwr to see if the account wasn’t locked out.

Guess what , it wasn’t the case.

So after that I started to dig any further to see if any patches where installed / deinstalled on the server ( remember the reboot ) . Well it seemed that the 18/07/09 the following hot fix KB923845 was uninstalled for whatever reason . Unlucky this was a BITS 2.5 hotfix …

clip_image002[8]

 

clip_image002[10]

I downloaded the hot fix and reinstalled it on the server . Same issue . It could just be a coincidence . After that I tried to see in IIS if Bits would still work and I tried to apply the bits into the default website and got the following error message : “Task scheduler could not be started . Cleanup cannot be scheduled now…” .

This triggerd me thinking it thru and I verified the service was running . The service was up and running . So the only one place to look further into ….GPO’s !

clip_image002[12]

I saw directly something strange . A GPO applied into the root of the forest doing the following as shown below :

clip_image002[14]

Here is the problem ! They are killing the TASKS service by reducing security . Well , they killed BITS in one go as well as the MP and DP are using this feature !

So my next step was to create a separate OU , block inheritance of existing GPO’s and create and apply a UNDO_KB958644 to reset permission.

The server team at my customer implemented this for fighting the Conficker Virus , witch is recommended by Microsoft …but they didn’t do the last part in the article.

Well they (Customer server team)  killed my Mgmt Point on my SCCM server ….

 

*******************************************************************************************************

If you are experiencing this kind of issues and it worked before , make sure to check your GPO’s for security add-ons !

(Thanks to Kim Oppalfens to put me on track for looking into GPO security add-ons)

*******************************************************************************************************

 

Hope it Helps ,

 

Kenny Buntinx