Solved

SCCM 2012 R2 Package Deployment Compliance Stuck at 0%

Posted on 2014-03-15
9
4,270 Views
Last Modified: 2014-04-09
Hi all;

I'm trying to deploy a couple of packages using SCCM 2012 R2 running on Win2K8 R2 with no luck, knowing that I could install the packages on a test VM, but when trying to deploy the packages to production PC, packages deployment compliance stuck at 0%

Infrastructure:

3 SCCM servers: CAS, PRI & SEC. Both CAS and PRI are in the DataCenter site, and SEC is in the Office site. The office site has several IP subnets.

Boundaries are configured per AD sites since that the AD site should contain all the IP subnets the the AD site contains, Boundaries groups are also configured and a site reference server is configured for each group respectively.

A OU based Collection has been configured that contains 13 PC "the collection contains the PCs that the packages should be installed.

Packages are configured correctly since that I could successfully deploy the packages to the test VM which is on the same subnet as the CAS and the PRI servers "the DataCenter subnet". The issue is that I can't deploy the packages to production PCs in the Office subnet!

Firewall rules are configured and applied via GP, and I even turned Windows Firewall off, and still nothing! I tried to manually initiate Computer Policy download via the SCCM GUI and via a script, still no luck!

I tried configuring IP Subnet Boundaries, still no luck!!

What I'm I missing?

Please help...
0
Comment
Question by:Kinan Al-Haffar
  • 7
9 Comments
 

Author Comment

by:Kinan Al-Haffar
Comment Utility
I set the Boundaries as AD sites since that the AD site should contain all the IP subnets with in that site. Therefore; I have 2 Boundaries, One for the DataCenter and one for the office that reflicts the AD sites and services current configuration, and each Boundary belongs to a Boundary group group that contains the reference site server for each site. I also did configure IP subnets for the different IP sunbents in each site and join them to the respective Boundary group, but still no luck.
0
 

Author Comment

by:Kinan Al-Haffar
Comment Utility
I changed the Boundaries to IP Ranges, recreated the package and still no luck... the compliance still 0% and the package is still in the Unknown status....
0
 

Author Comment

by:Kinan Al-Haffar
Comment Utility
Changed the Boundaries to Automatic by Forest Discovery, and recreated the package, and still no luck.....

Please help....
0
 

Author Comment

by:Kinan Al-Haffar
Comment Utility
Update:

I created Automatic Boundaries "IP Range & AD Sites" via Forest Discovery, and created  a new Client Settings and deployed it, recreated the Package and deployed it.

Results:

1. The package was installed on 5 PCs out of 13

2. 3 show as success and 10 show as Unknown, although that the package has been installed on 5 PCs!

3. All PCs run Win7 SP1 64x with the latest updates, firewall rules have been configured via GP and deployed to all PCs

Can anyone please advise why the package isn't getting installed on the remaining PCs, and why the 2 PCs that have the package installed are still showing as unknown in the Package status?

Please help...
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:Kinan Al-Haffar
Comment Utility
Anybody...
0
 
LVL 21

Expert Comment

by:eeRoot
Comment Utility
Have you been able to push updates to these PC's before?  Or are these PC's getting patched via SCCM for the first time?  can yo verify that the Windows Update service is running and issue the "gpupdate /force" command on a few of them?  Can you post a few screenshots of how the deployment is currently configured?  And can you check of of the PC's for any update related errors in the event logs?
0
 

Accepted Solution

by:
Kinan Al-Haffar earned 0 total points
Comment Utility
The issue is solved for now and things are stable.

Here is how the issue was resolved:

1.      Client side: Upgraded the Test VM to Win7 SP1, and installed all the required Windows Updates, then I performed the following concerning the following errors:

A.      For the “SHA could not bind as nap agent might not be running” error, I did the following fix:

1. Open regedit
2. Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B292921D-AF50-400c-9B75-0C57A7F29BA1}
3. Right click the {B292921D-AF50-400c-9B75-0C57A7F29BA1} folder and select "Permissions"
4. Click Advanced
5. Click the "Owner" tab
6. Change owner to the local "Administrators" group and click OK.
7. Grant the local "Administrators" group Full Control over the {B292921D-AF50-400c-9B75-0C57A7F29BA1} key and click OK.
8. Launch “Component Services” under Start -> Programs -> Administrative Tools
9. Navigate to Component Services -> Computers -> My Computer -> DCOM Config
10. Right-click the "NAP Agent Service" and select properties.
11. Click the security tab
12. Click the "Edit..." button under the "Launch and Activation Permissions"
13. Highlight the "SYSTEM" user. Grant the user "Local Launch" permission.
14. Click OK and exit out of Component Services and regedit.

B.  For the “could not load logging configuration for component CcmTask using default values” error, I did the following: I uninstalled the client and pushed it again from the console, rebooted, and the error vanished.

2.       On the backend, I added TCP and UDP port 1434 to both inbound and outbound FW rule to the FW GP.
3.      Uninstalled the SQL 2008R2 Native client and reinstalled again across all SCCM 3 servers, rebooted, tested the App Deployment and it worked fine.
0
 

Author Closing Comment

by:Kinan Al-Haffar
Comment Utility
Issue was solved
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now