SCCM (Anglais)

Recently Published KB articles and Support Content 9-15-2017

The Official Configuration Manager Support Team Blog -

We have recently published or updated the following support content for Configuration Manager.

How-To or Troubleshooting

10082 Troubleshooting PXE boot issues in Configuration Manager

  • Online Troubleshooting Guide that helps administrators diagnose and resolve PXE boot failures in System Center 2012 Configuration Manager (ConfigMgr 2012 or ConfigMgr 2012 R2) and later versions. Read More https://support.microsoft.com/help/10082.

4040243 How to enable TLS 1.2 for Configuration Manager

  • This article describes how to enable TLS 1.2 for Microsoft System Center Configuration Manager. This description includes individual components, update requirements for commonly-used Configuration manager features, and high-level troubleshooting information for common problems.  Read More https://support.microsoft.com/help/4040243/.
Issue Resolution

4037828 Summary of changes in System Center Configuration Manager current branch, version 1706

  • Release version 1706 of System Center Configuration Manager Current Branch contains many changes to help you avoid issues and many feature improvements. The “Issues that are fixed” list is not inclusive of all changes. Instead, it highlights the changes that the product development team believes are the most relevant to the broad customer base for Configuration Manager. Read More https://support.microsoft.com/help/4037828.

4036267 Update 2 for System Center Configuration Manager version 1706, first wave

  • An update is available to administrators who opted in through a PowerShell script to the first wave (early update ring) deployment for System Center Configuration Manager current branch, version 1706. You can access the update in the Updates and Servicing node of the Configuration Manager console. This update addresses important late-breaking issues that were resolved after version 1706 became available globally. Read more https://support.microsoft.com/help/4036267.

4039380 Update for System Center Configuration Manager version 1706, first wave

  • This update address important issues in the first wave (early update ring) deployment for Microsoft System Center Configuration Manager current branch, version 1706.This update is no longer available and has been replaced by update KB 4036267. Read more https://support.microsoft.com/help/4039380.

4041012 1702 clients do not get software updates from Configuration Manager

  • After installing Configuration Manager version 1702, newly installed clients are unable to get updates from the Software Update Point. This can also occur if the Software Update Point is moved to a different server after installation of version 1702.  Read More https://support.microsoft.com/help/4041012.

4019125 FIX: System Center Configuration Manager replication process by using BCP APIs fails when there is a large value in an XML column. Read More https://support.microsoft.com/help/4019125.

4038659 Existing computer records are not updated when new information is imported in System Center Configuration Manager version 1702

  • When new information for an existing computer is imported, either through the Configuration Manager console or the ImportMachineEntry method, a new record is created for that computer. This causes changes to the existing collection membership, discovery properties, and task sequence variables for that computer. Read More https://support.microsoft.com/help/4038659.

HOTFIX: Clients cannot download peer cache content in Configuration Manager version 1706

The Official Configuration Manager Support Team Blog -

After you upgrade to Configuration Manager current branch version 1706, clients may not be able to download content from peer cache sources.  We have released a hotfix that resolves this issue.  This is a targeted hotfix and will be available in the Updates and Servicing node of the Configuration Manager console for sites that need it.

For the latest information about the issue and how to install the hotfix, please see the following:

4042345Clients cannot download peer cache content in Configuration Manager version 1706 (https://support.microsoft.com/help/4042345)

Update 2 for Configuration Manager current branch, version 1706 first wave is now available

The Official Configuration Manager Support Team Blog -

Administrators who opted-in to the first (early) wave deployment for System Center Configuration Manager current branch, version 1706, have an update available in the Updates and Servicing node of the Configuration Manager console. This update, made available on August 31, 2017, addresses important late-breaking issues that were discovered during the final release process for version 1706. 

For more information, including the issues fixed and the applicability of the update, please read:

4036267 : Update 2 for System Center Configuration Manager version 1706, first wave – https://support.microsoft.com/help/4036267

High CPU/High Memory in WSUS following Update Tuesdays

The Official Configuration Manager Support Team Blog -

Recently, we’ve seen an increase in the number of high CPU/High Memory usage problems with WSUS, including WSUS in a System Center Configuration Manager environment – these have mostly corresponded with Update Tuesdays.

Microsoft support has determined that the issue is driven primarily by the Windows 10 1607 updates, for example KB4022723, KB4022715, KB4025339, etc. See here for the list of Windows 10 1607 updates.

Microsoft is also aware of a known issue with KB4034658 that will cause Windows 10 1607 clients to run a full scan after install – Microsoft is investigating and the latest information is available here.

These updates have large metadata payloads for the dependent (child) packages because they roll up a large number of binaries. Windows 10, versions 1507 (Windows 10 RTM) and 1511 updates can also cause this, though to a lesser extent.  Windows 10, version 1703 is still recent enough that the metadata is not that large yet (but will continue to grow).

Symptom

The symptoms include

  • High CPU on your WSUS server – 70-100% CPU in w3wp.exe hosting WsusPool
  • High memory in the w3wp.exe process hosting the WsusPool – customers have reported memory usage approach 24GB
  • Constant recycling of the W3wp.exe hosting the WsusPool (identifiable by the PID changing)
  • Clients failing to scan with 8024401c (timeout) errors in the WindowsUpdate.log
  • Mostly 500 errors for the /ClientWebService/Client.asmx requests in the IIS logs
Cause

Microsoft support has determined that the issue is driven primarily by the Windows 10 1607 updates, for example KB4022723, KB4022715, KB4025339, etc. See here for the list of Windows 10 1607 updates.

These updates have large metadata payloads for the dependent (child) packages because they roll up a large number of binaries. Windows 10, versions 1507 (Windows 10 RTM) and 1511 updates can also cause this, though to a lesser extent. Windows 10, version 1703 is still recent enough that the metadata is not that large yet (but will continue to grow).

How to determine if the 1607 Updates are the cause

To determine if WSUS is affected by this problem, decline the Windows 10 updates (including the latest cumulative update). If CPU and memory quickly drop back to normal, then the issue is likely the result of metadata size from the Windows 10 updates. They can be reapproved after you have determined if the updates are causing this issue, assuming you want to deploy them.

If declining the Windows 10 updates does not help, then the problem may be due to too many superseded updates in the WSUS server. Take the steps outlined in The Complete Guide to Microsoft WSUS and Configuration Manager SUP maintenance to decline the superseded updates. If, after doing this you are still having problems, read on.

This blog post may help alleviate some of these problems, but is not a magic bullet. After these changes are made, you will still see high CPU and memory until the system stabilizes as I explain further down.

WSUS Caching

WSUS has a caching mechanism whereby the first time update metadata is requested by any client WSUS will store it in memory. Further requests for the same update revision will retrieve the update metadata from memory instead of reading it from the database. Some of the metadata in the database is compressed, so not only must it be retrieved, it must be decompressed into memory, which is an expensive operation.

You can monitor the current number of updates stored in the cache via Performance Monitor with the counter WSUS: Client Web Service/Cache size and instance spgetcorexml. Keep in mind that this counter provides the number of cached items, not the amount of memory consumed by cached metadata. w3wp.exe process memory can be used as a proxy for the amount of space consumed by the metadata cache.

The Problem

For large metadata packages and many simultaneous requests, it can take longer than ASP.NET’s default timeout of 110 seconds to retrieve all of the metadata the client needs. When the timeout is hit, ASP.NET disconnects the client and aborts the thread doing the metadata retrieval. If you look at Program Files\Update Services\LogFiles\SoftwareDistribution.log, the abort looks like this:

System.Threading.ThreadAbortException: Thread was being aborted.   at System.Buffer.__Memcpy(Byte* dest, Byte* src, Int32 len)    at System.Buffer._Memcpy(Byte* dest, Byte* src, Int32 len)     at System.Buffer.Memcpy(Byte* dest, Byte* src, Int32 len)   at System.String.CtorCharPtrStartLength(Char* ptr, Int32 startIndex, Int32 length)    at Microsoft.UpdateServices.Internal.CabUtilities.ExpandMemoryCabToString(Byte[] src)    at Microsoft.UpdateServices.Internal.DataAccess.ExecuteSpGetCoreUpdateXml(Int32[] revisionIds)    at Microsoft.UpdateServices.Internal.DataAccessCache.GetCoreUpdateXml(Int32[] revisionIds, DataAccess da, Int64 maxXmlPerRequest)    at Microsoft.UpdateServices.Internal.ClientImplementation.GetSyncInfo(Version clientProtocolVersion, DataAccess dataAccess, Hashtable stateTable, Hashtable deploymentTable, Boolean haveGroupsChanged, Boolean driverSyncNeeded, Boolean doChunking)    at Microsoft.UpdateServices.Internal.ClientImplementation.SoftwareSync(DataAccess dataAccess, UnencryptedCookieData cookieData, Int32[] installedNonLeafUpdateIds, Int32[] leafUpdateIds, Boolean haveGroupsChanged, Boolean expressQuery, Guid[] filterCategoryIds, Boolean needTwoGroupOutOfScopeUpdates)    at Microsoft.UpdateServices.Internal.ClientImplementation.SyncUpdates(Cookie cookie, SyncUpdateParameters parameters)    at Microsoft.UpdateServices.Internal.ClientImplementation.SyncUpdates(Cookie cookie, SyncUpdateParameters parameters)

Note: What you are looking for is a ThreadAbortException with ExecuteSpGetCoreUpdateXml on the stack (ThreadAbortExceptions could happen for other reasons as well – we are concerned with this specific scenario).

When the thread abort happens, all of the metadata that has been retrieved to that point is discarded and is not cached. As a result, WSUS enters a continuous cycle where the data isn’t cached, the clients can never complete the scan and continue to rescan.

Another issue that can occur is the WSUS application pool keeps recycling because it exceeds the private memory threshold (which it is very likely to do if the limit is still the default of 1843200). This recycles the app pool, and thus the cached updates, and forces WSUS to go back through retrieving updates from the database and caching them.

Solution

Configure IIS to stop recycling the App Pool

The goal is to stop the app pool recycling since a recycle clears the cache. The defaults in IIS for Private Memory limit of 1843200 will cause the pool to constantly recycle. We want to make sure it doesn’t recycle unless we intentionally restart the app pool.

  • Open IIS Manager for the WSUS server
  • Expand <Server name> and click Application Pools.
  • Find WSUSPool > Right-click > Advanced Settings.
  • Find the setting Private Memory Limit (KB) under Recyling and set it to 0.
    • Check and verify Virtual Memory Limit (KB) is set to 0 .
    • This will prevent IIS from recycling due to a memory limit.
  • Find the setting Regular Time Interval (minutes) below the Private Memory limit and set to 0.
  • Find the Ping Enabled setting and set it to False.
    • This will prevent IIS from recycling the pool if it gets too busy and doesn’t respond to the ping.
  • Click OK.
  • From an elevated command prompt, run IISReset to restart IIS.

Limit the number of inbound connections to WSUS

Reducing the number of allowed connections will cause clients to receive 503 errors (service not available), but they will retry. If the performance counter Web Services | Current Connections for the website on which WSUS is hosted has more than 1000 connections, complete this step:

  • Open IIS Manager for the WSUS server.
  • Expand <Server name> and then Sites.
  • Select the site hosting WSUS.
    • If you aren’t sure, expand each site and look for the ClientWebService directory underneath it – that is the WSUS site the clients use.
  • With the site selected, click the Limits link in the toolbar on the right side.
  • Check the option Limit number of connections and change it to 1000 (or even smaller).
  • Click Ok to save the changes.
  • From an elevated command prompt, run IISReset to restart IIS.

Increase the ASP.NET timeout

  • Make a copy of \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
  • Open \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
  • Find the element “<httpRunTime”. It will look like this (in an unmodified web.config):
<httpRuntime maxRequestLength="4096" />
  • Modify httpRunTime by adding an executionTimeout attribute:
<httpRuntime maxRequestLength="4096" executionTimeout="3600" />
  • Save the web.config to a different location and copy the modified one into the directory.
  • From an elevated command prompt, run IISReset to restart IIS.

Monitor

Open Windows Performance monitor and add the following counters

  • WSUS: Client Web Service | Cache Size counter for spgetcorexml instance.
  • Process | Private Memory counters.
    • If there is more than one w3wp.exe, add them all – the one with the highest memory usage is probably the WSUSPool, but you can also add Process | ID Process to determine which worker process should be monitored.

Monitor the cache size counter – it should increase and eventually reach a peak value that does not change. This indicates all metadata that clients need is cached. It can take several hours for this to stabilize, so be patient.

Monitor the IIS logs and filter on ClientWebService/Client.asmx. The majority will be 500s, but as the cache increases, the number of 200s will increase with it. Once the cache is fully built, you should see mostly 200s.

If you see the cache size drop, then one of two things has happened:

  1. The App pool was recycled (or it crashed), or
  2. The cache was purged due to memory pressure

If the app pool process ID didn’t change and you didn’t make any changes to IIS config that would cause the app domain to unload (such as changing IIS connection limit), then you have most likely hit scenario #2. To get around this, you can force the cache to be a certain size before items will be trimmed from it. You can also make this change beforehand if you wish.

  • Make a copy of \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
  • Open \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
  • Find the element <system.web>.
  • Immediately under it add a new element:
<caching> <cache privateBytesLimit = "8000000000"/> </caching>
  • The privateBytesLimit value can be changed to be larger. 8,000,000,000 is usually enough
  • Save the web.config to someplace else, backup the old one, then copy the modified one into the directory.
  • From an elevated command prompt, run IISReset to restart IIS.

Again monitor the cache size – if it continues to bounce around and the PID isn’t changing and memory is high ( > 8GB) then you probably need increase the privateBytesLimit further.

Refresh of Update 1706 for System Center Configuration Manager (Current Branch)

The Official Configuration Manager Support Team Blog -

On July 28th we released version 1706 for the Current Branch of System Center Configuration Manager and made it available for customers to opt-in for early deployments. On August 8th, we updated the 1706 package to address a few issues found during these initial deployments. We quickly noticed that we had a problem with both download and the package. We pulled it and replaced it with a fixed version as fast as we could but a small number of customers still managed to install it during this time window. We have already released a hotfix targeted to those customers to update them to the latest build. This hotfix will be available in the Updates and Servicing node of the Configuration Manager console. For more information, please see:

KB 4039380: Update for System Center Configuration Manager version 1706, first wave

Also, if you have installed the original version of the 1706 update, we will have a hotfix package for you in the coming weeks to bring you up to the latest build.

For assistance with the upgrade process please post your questions in the Site and Client Deployment forum. To provide feedback or report any issues with the functionality included in this release, please use Connect.

Thank you,

The System Center Configuration Manager team

Error: “There are no task sequences available to this computer” during a PXE boot

The Official Configuration Manager Support Team Blog -

Starting with System Center Configuration Manager, version 1702, unknown computers that are started from media or PXE may not find task sequences targeted to them. The SMSTS.log shows:

There are no task sequences available to this computer. Please ensure you have at least one task sequence advertised to this computer" Unspecified error (Error: 80004005; Source: Windows)

This issue may occur if the Previous button on the “Select a task sequence to run” page is selected on the unknown computer.

This is a known issue that is now fixed by applying Update rollup for System Center Configuration Manager current branch, version 1702.

 

 

 

ConfigMgr 1702: Adding a new Secondary Replica to an existing SQL AO AG

The Official Configuration Manager Support Team Blog -

Hello everyone,

Our colleague Umair Kahn has a helpful post on his blog where he and Sean Mahoney walk through adding a new secondary replica node to an existing SQL Server Always On availability group for a primary site server.

This process involves several steps

  • Adding the new server as a secondary replica.
  • Stopping the Configuration Manager site.
  • Backing up and restoring the site database from the primary replica to the new secondary replica.
  • Configuring each secondary replica.

Umair and Sean call out the issues that are specific to primary site servers. You’ll find the complete text for Umair’s post here:

ConfigMgr 1702: Adding a new node (Secondary Replica) to an existing SQL AO AG

Recently Published KB Articles for System Center Configuration Manager

The Official Configuration Manager Support Team Blog -

Hello Everyone, we have recently published the following Knowledge Base (KB) articles.

KB 4034393 Getting network captures from a task sequence in ConfigMgr

This is a how-to article about capturing a network trace in a Windows PE environment. For the step by step see https://support.microsoft.com/en-us/help/4034393.

KB 4035047 Configuration Manager 2007 client operations fail after you install a May 2017 security update for Windows Server 2008 or 2008 R2

This KB article describes client operations failures resulting from problems accessing the ConfigMgr 2007 server locator point after installation of one of the May 2017 security updates for Windows Server 2008 or 2008 R2. For more information and workarounds see http://support.microsoft.com/help/4035047.

Update 1706 for Microsoft System Center Configuration Manager is now available

The Official Configuration Manager Support Team Blog -

Happy Friday! We are delighted to announce that we have released version 1706 for the Current Branch (CB) of System Center Configuration Manager. To read about all of the great new features and enhancements that have been made, plus how to get the update today, check out this post by the Configuration Manager product team.

Hotfix: Client update for System Center Configuration Manager current branch, version 1702

The Official Configuration Manager Support Team Blog -

We have released a client update that fixes the following two issues:

  • Software update download failures from Microsoft Update
  • Content distribution failure if the SMS Agent Host service or the client computer is restarted during download.

For more details about the issues and symptoms, and installation instructions please see:

4035759Client update for System Center Configuration Manager current branch, version 1702 (https://support.microsoft.com/help/4035759)

 

Update 1707 for Configuration Manager Technical Preview released

The Official Configuration Manager Support Team Blog -

We are happy to let you know that update 1707 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. For information on this month’s new preview features, please see the following:

Update 1707 for Configuration Manager Technical Preview Branch – Available Now!

HOTFIX: Provisioning not completed when creating a Cloud Management Gateway in Configuration Manager version 1702

The Official Configuration Manager Support Team Blog -

If you have the Update rollup for Configuration Manager current branch version 1702 installed and you try to create a new Cloud Management Gateway (CMG)  in the Configuration Manager console, the provisioning cannot be completed. The status in the console remains displayed as “Provisioning.” If you also check the cloud service status from the Azure Portal, you find that the service keeps being provisioned.

We have released a hotfix that resolves this issue. For the latest information about the issue as well as how to obtain and install the hotfix, please see the following:

4033015Provisioning not completed when creating a Cloud Management Gateway in System Center Configuration Manager version 1702 (https://support.microsoft.com/help/4033015)

Update 1706 for Configuration Manager Technical Preview released

The Official Configuration Manager Support Team Blog -

We are happy to let you know that update 1705 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. For information on this month’s new preview features, please see the following:

Update 1706 for Configuration Manager Technical Preview Branch – Available Now!

Update rollup for System Center Configuration Manager current branch, version 1702, is now available

The Official Configuration Manager Support Team Blog -

An update rollup for System Center Configuration Manager current branch, version 1702, is now available. This update is available for installation in the Updates and Servicing node of the Configuration Manager console. Please note that if the Service Connection Point is in offline mode, you must re-import the update so that it is listed in the Configuration Manager console. Refer to Updates for System Center Configuration Manager for details.

For complete details regarding the update rollup for ConfigMgr current branch v1702, including the list of issues that are fixed, please see the following:

4019926 – Update rollup for System Center Configuration Manager current branch, version 1702 (https://support.microsoft.com/help/4019926)

Update 1705 for Configuration Manager Technical Preview Branch released

The Official Configuration Manager Support Team Blog -

We are happy to let you know that update 1705 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. For information on this month’s new preview features, please see the following:

Update 1705 for Configuration Manager Technical Preview Branch – Available Now!
S'abonner à Philippe BARTH agrégateur - SCCM (Anglais)