Solved

SCCM 2012 R2 Package Deployment Compliance Stuck at 0%

Posted on 2014-03-15
9
4,511 Views
Last Modified: 2014-04-09
Hi all;

I'm trying to deploy a couple of packages using SCCM 2012 R2 running on Win2K8 R2 with no luck, knowing that I could install the packages on a test VM, but when trying to deploy the packages to production PC, packages deployment compliance stuck at 0%

Infrastructure:

3 SCCM servers: CAS, PRI & SEC. Both CAS and PRI are in the DataCenter site, and SEC is in the Office site. The office site has several IP subnets.

Boundaries are configured per AD sites since that the AD site should contain all the IP subnets the the AD site contains, Boundaries groups are also configured and a site reference server is configured for each group respectively.

A OU based Collection has been configured that contains 13 PC "the collection contains the PCs that the packages should be installed.

Packages are configured correctly since that I could successfully deploy the packages to the test VM which is on the same subnet as the CAS and the PRI servers "the DataCenter subnet". The issue is that I can't deploy the packages to production PCs in the Office subnet!

Firewall rules are configured and applied via GP, and I even turned Windows Firewall off, and still nothing! I tried to manually initiate Computer Policy download via the SCCM GUI and via a script, still no luck!

I tried configuring IP Subnet Boundaries, still no luck!!

What I'm I missing?

Please help...
0
Comment
Question by:Kinan Al-Haffar
  • 7
9 Comments
 

Author Comment

by:Kinan Al-Haffar
ID: 39932052
I set the Boundaries as AD sites since that the AD site should contain all the IP subnets with in that site. Therefore; I have 2 Boundaries, One for the DataCenter and one for the office that reflicts the AD sites and services current configuration, and each Boundary belongs to a Boundary group group that contains the reference site server for each site. I also did configure IP subnets for the different IP sunbents in each site and join them to the respective Boundary group, but still no luck.
0
 

Author Comment

by:Kinan Al-Haffar
ID: 39932055
I changed the Boundaries to IP Ranges, recreated the package and still no luck... the compliance still 0% and the package is still in the Unknown status....
0
 

Author Comment

by:Kinan Al-Haffar
ID: 39932058
Changed the Boundaries to Automatic by Forest Discovery, and recreated the package, and still no luck.....

Please help....
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Kinan Al-Haffar
ID: 39933151
Update:

I created Automatic Boundaries "IP Range & AD Sites" via Forest Discovery, and created  a new Client Settings and deployed it, recreated the Package and deployed it.

Results:

1. The package was installed on 5 PCs out of 13

2. 3 show as success and 10 show as Unknown, although that the package has been installed on 5 PCs!

3. All PCs run Win7 SP1 64x with the latest updates, firewall rules have been configured via GP and deployed to all PCs

Can anyone please advise why the package isn't getting installed on the remaining PCs, and why the 2 PCs that have the package installed are still showing as unknown in the Package status?

Please help...
0
 

Author Comment

by:Kinan Al-Haffar
ID: 39938030
Anybody...
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 39949486
Have you been able to push updates to these PC's before?  Or are these PC's getting patched via SCCM for the first time?  can yo verify that the Windows Update service is running and issue the "gpupdate /force" command on a few of them?  Can you post a few screenshots of how the deployment is currently configured?  And can you check of of the PC's for any update related errors in the event logs?
0
 

Accepted Solution

by:
Kinan Al-Haffar earned 0 total points
ID: 39978130
The issue is solved for now and things are stable.

Here is how the issue was resolved:

1.      Client side: Upgraded the Test VM to Win7 SP1, and installed all the required Windows Updates, then I performed the following concerning the following errors:

A.      For the “SHA could not bind as nap agent might not be running” error, I did the following fix:

1. Open regedit
2. Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B292921D-AF50-400c-9B75-0C57A7F29BA1}
3. Right click the {B292921D-AF50-400c-9B75-0C57A7F29BA1} folder and select "Permissions"
4. Click Advanced
5. Click the "Owner" tab
6. Change owner to the local "Administrators" group and click OK.
7. Grant the local "Administrators" group Full Control over the {B292921D-AF50-400c-9B75-0C57A7F29BA1} key and click OK.
8. Launch “Component Services” under Start -> Programs -> Administrative Tools
9. Navigate to Component Services -> Computers -> My Computer -> DCOM Config
10. Right-click the "NAP Agent Service" and select properties.
11. Click the security tab
12. Click the "Edit..." button under the "Launch and Activation Permissions"
13. Highlight the "SYSTEM" user. Grant the user "Local Launch" permission.
14. Click OK and exit out of Component Services and regedit.

B.  For the “could not load logging configuration for component CcmTask using default values” error, I did the following: I uninstalled the client and pushed it again from the console, rebooted, and the error vanished.

2.       On the backend, I added TCP and UDP port 1434 to both inbound and outbound FW rule to the FW GP.
3.      Uninstalled the SQL 2008R2 Native client and reinstalled again across all SCCM 3 servers, rebooted, tested the App Deployment and it worked fine.
0
 

Author Closing Comment

by:Kinan Al-Haffar
ID: 39988228
Issue was solved
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question