Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5597
  • Last Modified:

SCCM 2012 R2 Package Deployment Compliance Stuck at 0%

Hi all;

I'm trying to deploy a couple of packages using SCCM 2012 R2 running on Win2K8 R2 with no luck, knowing that I could install the packages on a test VM, but when trying to deploy the packages to production PC, packages deployment compliance stuck at 0%

Infrastructure:

3 SCCM servers: CAS, PRI & SEC. Both CAS and PRI are in the DataCenter site, and SEC is in the Office site. The office site has several IP subnets.

Boundaries are configured per AD sites since that the AD site should contain all the IP subnets the the AD site contains, Boundaries groups are also configured and a site reference server is configured for each group respectively.

A OU based Collection has been configured that contains 13 PC "the collection contains the PCs that the packages should be installed.

Packages are configured correctly since that I could successfully deploy the packages to the test VM which is on the same subnet as the CAS and the PRI servers "the DataCenter subnet". The issue is that I can't deploy the packages to production PCs in the Office subnet!

Firewall rules are configured and applied via GP, and I even turned Windows Firewall off, and still nothing! I tried to manually initiate Computer Policy download via the SCCM GUI and via a script, still no luck!

I tried configuring IP Subnet Boundaries, still no luck!!

What I'm I missing?

Please help...
0
Kinan Al-Haffar
Asked:
Kinan Al-Haffar
  • 7
1 Solution
 
Kinan Al-HaffarSenior Systems EngineerAuthor Commented:
I set the Boundaries as AD sites since that the AD site should contain all the IP subnets with in that site. Therefore; I have 2 Boundaries, One for the DataCenter and one for the office that reflicts the AD sites and services current configuration, and each Boundary belongs to a Boundary group group that contains the reference site server for each site. I also did configure IP subnets for the different IP sunbents in each site and join them to the respective Boundary group, but still no luck.
0
 
Kinan Al-HaffarSenior Systems EngineerAuthor Commented:
I changed the Boundaries to IP Ranges, recreated the package and still no luck... the compliance still 0% and the package is still in the Unknown status....
0
 
Kinan Al-HaffarSenior Systems EngineerAuthor Commented:
Changed the Boundaries to Automatic by Forest Discovery, and recreated the package, and still no luck.....

Please help....
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
Kinan Al-HaffarSenior Systems EngineerAuthor Commented:
Update:

I created Automatic Boundaries "IP Range & AD Sites" via Forest Discovery, and created  a new Client Settings and deployed it, recreated the Package and deployed it.

Results:

1. The package was installed on 5 PCs out of 13

2. 3 show as success and 10 show as Unknown, although that the package has been installed on 5 PCs!

3. All PCs run Win7 SP1 64x with the latest updates, firewall rules have been configured via GP and deployed to all PCs

Can anyone please advise why the package isn't getting installed on the remaining PCs, and why the 2 PCs that have the package installed are still showing as unknown in the Package status?

Please help...
0
 
Kinan Al-HaffarSenior Systems EngineerAuthor Commented:
Anybody...
0
 
eeRootCommented:
Have you been able to push updates to these PC's before?  Or are these PC's getting patched via SCCM for the first time?  can yo verify that the Windows Update service is running and issue the "gpupdate /force" command on a few of them?  Can you post a few screenshots of how the deployment is currently configured?  And can you check of of the PC's for any update related errors in the event logs?
0
 
Kinan Al-HaffarSenior Systems EngineerAuthor Commented:
The issue is solved for now and things are stable.

Here is how the issue was resolved:

1.      Client side: Upgraded the Test VM to Win7 SP1, and installed all the required Windows Updates, then I performed the following concerning the following errors:

A.      For the “SHA could not bind as nap agent might not be running” error, I did the following fix:

1. Open regedit
2. Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B292921D-AF50-400c-9B75-0C57A7F29BA1}
3. Right click the {B292921D-AF50-400c-9B75-0C57A7F29BA1} folder and select "Permissions"
4. Click Advanced
5. Click the "Owner" tab
6. Change owner to the local "Administrators" group and click OK.
7. Grant the local "Administrators" group Full Control over the {B292921D-AF50-400c-9B75-0C57A7F29BA1} key and click OK.
8. Launch “Component Services” under Start -> Programs -> Administrative Tools
9. Navigate to Component Services -> Computers -> My Computer -> DCOM Config
10. Right-click the "NAP Agent Service" and select properties.
11. Click the security tab
12. Click the "Edit..." button under the "Launch and Activation Permissions"
13. Highlight the "SYSTEM" user. Grant the user "Local Launch" permission.
14. Click OK and exit out of Component Services and regedit.

B.  For the “could not load logging configuration for component CcmTask using default values” error, I did the following: I uninstalled the client and pushed it again from the console, rebooted, and the error vanished.

2.       On the backend, I added TCP and UDP port 1434 to both inbound and outbound FW rule to the FW GP.
3.      Uninstalled the SQL 2008R2 Native client and reinstalled again across all SCCM 3 servers, rebooted, tested the App Deployment and it worked fine.
0
 
Kinan Al-HaffarSenior Systems EngineerAuthor Commented:
Issue was solved
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now