Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SCCM 2012 R2 Package Deployment Compliance Stuck at 0%

Posted on 2014-03-15
9
Medium Priority
?
5,260 Views
Last Modified: 2014-04-09
Hi all;

I'm trying to deploy a couple of packages using SCCM 2012 R2 running on Win2K8 R2 with no luck, knowing that I could install the packages on a test VM, but when trying to deploy the packages to production PC, packages deployment compliance stuck at 0%

Infrastructure:

3 SCCM servers: CAS, PRI & SEC. Both CAS and PRI are in the DataCenter site, and SEC is in the Office site. The office site has several IP subnets.

Boundaries are configured per AD sites since that the AD site should contain all the IP subnets the the AD site contains, Boundaries groups are also configured and a site reference server is configured for each group respectively.

A OU based Collection has been configured that contains 13 PC "the collection contains the PCs that the packages should be installed.

Packages are configured correctly since that I could successfully deploy the packages to the test VM which is on the same subnet as the CAS and the PRI servers "the DataCenter subnet". The issue is that I can't deploy the packages to production PCs in the Office subnet!

Firewall rules are configured and applied via GP, and I even turned Windows Firewall off, and still nothing! I tried to manually initiate Computer Policy download via the SCCM GUI and via a script, still no luck!

I tried configuring IP Subnet Boundaries, still no luck!!

What I'm I missing?

Please help...
0
Comment
Question by:Kinan Al-Haffar
  • 7
9 Comments
 

Author Comment

by:Kinan Al-Haffar
ID: 39932052
I set the Boundaries as AD sites since that the AD site should contain all the IP subnets with in that site. Therefore; I have 2 Boundaries, One for the DataCenter and one for the office that reflicts the AD sites and services current configuration, and each Boundary belongs to a Boundary group group that contains the reference site server for each site. I also did configure IP subnets for the different IP sunbents in each site and join them to the respective Boundary group, but still no luck.
0
 

Author Comment

by:Kinan Al-Haffar
ID: 39932055
I changed the Boundaries to IP Ranges, recreated the package and still no luck... the compliance still 0% and the package is still in the Unknown status....
0
 

Author Comment

by:Kinan Al-Haffar
ID: 39932058
Changed the Boundaries to Automatic by Forest Discovery, and recreated the package, and still no luck.....

Please help....
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:Kinan Al-Haffar
ID: 39933151
Update:

I created Automatic Boundaries "IP Range & AD Sites" via Forest Discovery, and created  a new Client Settings and deployed it, recreated the Package and deployed it.

Results:

1. The package was installed on 5 PCs out of 13

2. 3 show as success and 10 show as Unknown, although that the package has been installed on 5 PCs!

3. All PCs run Win7 SP1 64x with the latest updates, firewall rules have been configured via GP and deployed to all PCs

Can anyone please advise why the package isn't getting installed on the remaining PCs, and why the 2 PCs that have the package installed are still showing as unknown in the Package status?

Please help...
0
 

Author Comment

by:Kinan Al-Haffar
ID: 39938030
Anybody...
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 39949486
Have you been able to push updates to these PC's before?  Or are these PC's getting patched via SCCM for the first time?  can yo verify that the Windows Update service is running and issue the "gpupdate /force" command on a few of them?  Can you post a few screenshots of how the deployment is currently configured?  And can you check of of the PC's for any update related errors in the event logs?
0
 

Accepted Solution

by:
Kinan Al-Haffar earned 0 total points
ID: 39978130
The issue is solved for now and things are stable.

Here is how the issue was resolved:

1.      Client side: Upgraded the Test VM to Win7 SP1, and installed all the required Windows Updates, then I performed the following concerning the following errors:

A.      For the “SHA could not bind as nap agent might not be running” error, I did the following fix:

1. Open regedit
2. Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B292921D-AF50-400c-9B75-0C57A7F29BA1}
3. Right click the {B292921D-AF50-400c-9B75-0C57A7F29BA1} folder and select "Permissions"
4. Click Advanced
5. Click the "Owner" tab
6. Change owner to the local "Administrators" group and click OK.
7. Grant the local "Administrators" group Full Control over the {B292921D-AF50-400c-9B75-0C57A7F29BA1} key and click OK.
8. Launch “Component Services” under Start -> Programs -> Administrative Tools
9. Navigate to Component Services -> Computers -> My Computer -> DCOM Config
10. Right-click the "NAP Agent Service" and select properties.
11. Click the security tab
12. Click the "Edit..." button under the "Launch and Activation Permissions"
13. Highlight the "SYSTEM" user. Grant the user "Local Launch" permission.
14. Click OK and exit out of Component Services and regedit.

B.  For the “could not load logging configuration for component CcmTask using default values” error, I did the following: I uninstalled the client and pushed it again from the console, rebooted, and the error vanished.

2.       On the backend, I added TCP and UDP port 1434 to both inbound and outbound FW rule to the FW GP.
3.      Uninstalled the SQL 2008R2 Native client and reinstalled again across all SCCM 3 servers, rebooted, tested the App Deployment and it worked fine.
0
 

Author Closing Comment

by:Kinan Al-Haffar
ID: 39988228
Issue was solved
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question