Learn how to a build a cloud-first strategyRegister Now







Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello All,

I recently upgraded SCCM 2012 to Current Branch 1706 with the hotfix roll up. Server is 2012 R2 with SQL installed.

On client machines I am getting errors below. (The clients are on the latest client version)
Fault bucket 127972423668, type 5
Event Name: WindowsUpdateFailure3
Response: Not available
Cab Id: 0

Problem signature:
P1: 10.0.15063.502
P2: 80244019
P3: 00000000-0000-0000-0000-000000000000
P4: Scan
P5: 0
P6: 1
P7: 0
P8: CcmExec
P9: {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
P10: 0

Attached files:

These files may be available here:

Analysis symbol: 
Rechecking for solution: 0
Report Id: 33b8d278-bacb-4d7a-a89f-4acef15a6003
Report Status: 268439552
Hashed bucket: 7061dc55197acc44fd7ad4e019d20ce4

Open in new window

When I look at the WUAHandler log on the client machine I am getting
Its a WSUS Update Source type ({DDC75532-F0EE-4F63-B596-0D3B74769583}), adding it.	WUAHandler	12/7/2017 5:00:55 PM	1244 (0x04DC)
SourceManager::GetIsWUfBEnabled - There is no Windows Update for Business settings assignment. Windows Update for Business is not enabled through ConfigMgr	WUAHandler	12/7/2017 5:00:55 PM	14240 (0x37A0)
Existing WUA Managed server was already set (http://SCCM.corp.server.com:80), skipping Group Policy registration.	WUAHandler	

Open in new window

Upgrade your Question Security!
LVL 11
Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.


since a few weeks I have one update for .NET that is causing production outages.

According to ressources and discussions such update can be blocked via Custom Severity - Low and None, in the ADR's, that way all updates categorised as Low are not deployed.

Last week the problematic update passed into obsolote with a red x next to it, I wa hoping it will not come back, but I was wrong.

This week it has been set back to active and deployed to some serveres, even though all ADR's contain the Custom Severity setting as described in an external blog.

Tel wuahandler.log says on the impacted server states:

2. Update (Missing): 2017- Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1 and Server 2012 R2 for x64 (KBedited) (dc4eb637-5391-4ca8-8f08-98584d61effa, 201) WUAHandler 06/12/2017 03:00:05 83708 (0x146FC)

Could someone please share a method on how can permanently block this update from installing again?

I would like to query (via powershell)sccm or sql behind sccm the overall health of antivirus in a domain.
F.e.: 90 percent of clients have recent virus update (definition xyz), y number has definition older then a week,z pcs are infected etc.

The data is there in sccm and reportingserver but how can I retrieve this via Powershell?
Goal is to present this in a simple kpi dashboard, together with other figures.
Really prefer Powershell since it is most flexible vs Sql report of which my knowledge is basic.


Hi guys,

I have a collection that should list all Exchange Servers, but it shows zero members.
The query is the following

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SERVICE on  SMS_G_System_SERVICE.ResourceId = SMS_R_System.ResourceId  where SMS_G_System_SERVICE.Name like "Microsoft Exchange%"

Do you think the query is wrong ?

I'm not an SCCM expert. Is there a way to debug these queries in a simple manner ?

Thanks in advance
Hi Team,

I have a requirement from my client to find the encrypted & non-encrypted devices from SCCM report. We are using McAfee as  a encryption software and want to identify which devices are encrypted & which are not using SCCM query or any report. Can someone help me with a best possible solution. We are not using bitlocker through our OSD task sequence. McAfee team is handling this and need some help in identifying this scenario.

Two questions.
2 primary sites
1. I created a device collection in CAS1 server. But the collection entry only shows on primary siteA server and not on siteB server.
What could be the reason? and what log to check?

2. SiteA server shows 'Members visible on Site 'is 40, but on CAS server, it's 0. Why it's so slow syncing data between CAS and siteA server? If it's normal after 3 hours???
Hello Everyone !

I have to create a W10 1703 template on my vCenter infrastructure.
To do this, I just repeated the same process than for the 1607 version.

1/ Create a VM and deploy our W10 1703 image
2/ Add the VM in WORKGROUP
3/ Convert in template
4/ Deploy a machine from this template with the associated customization

We have to use custom sysprep answer file (unattended file). I tried with the customization used by 1607 version but it doesn't work.

 UnattendedFile.xml :
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

We currently block the Microsoft Store via GPO as we don't want to allow users to go off and download whatever they want.  However, we would like to use the functionality of creating SCCM applications from the Store.  While the creation of app works fine, the deployment doesn't as it requires access to the store.

Is there a way to block the Microsoft Store for normal use, but to allow access to it when deploying apps?

Hello all,

We have the latest version of SCCM running on Windows Server 2016, and I have noticed a discrepancy in the  Primary User Report that you run against a device collection.  It is missing some primary users.  To test this problem, I looked up a computer in SCCM and clicked Primary User in the lower right which came up with the correct Primary User.  Also, just to make sure it works in reverse, I clicked on Primary Computer for that user, and it came up with the correct computer.  Next, I ran the Primary User Report against a collection that contains that user's PC, and his name did not show up on the list.  The problem is also not limited to just one user.  I have at least 30 computers in that collection that have a primary user association, but those users do not show up in the report.  Additionally, we have a multi site system setup in SCCM, but I ran the report from the CAS, and I saw primary users from both sites which hopefully means that is not the issue.  Any and all help is greatly appreciated.
Is there any way to block applications to run on client computers with SCCM EndPoint protection? what are the steps?
Free Tool: Site Down Detector
LVL 11
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hi Team,

I have a requirement from our customer to find the windows 10 machines which are using our customized image and the ones without(Vanilla). This is because we have many users who brings their own windows 10 laptops and connects to our domain. I taught of using registry key which gets created using OSD task sequence variable but not sure how to do it. I need to create a collection to get this list of machines to identify the Windows 10 machines with our organization image. Please let me know the best solution query for this to find the machine list using registry or OSD Task sequence variable or any other best possible way.

Thanks in advance.
I just upgraded my SCCM 2012 R2 --> SCCM 1702 and all seems to be good.  
Now I am wanting to have all my client upgrade to the newest client via the automated process and leverage Pre-Production for testing, but the Monitoring  > Client Status > Pre-Production Client Deployment under Monitoring  is greyed out.

I did some preliminary searches on the internet and found something about RBAC, but that did not seem to resolve my issue.  

Note: I was able to right click a device object and successfully install the client.
I have a issue with gererating some reports in SCCM 2012.
I have imported some Reports for Office counting in my SCCM 2012, but I can't run them.
When I run them, I get this error:  "An error has occurred during report processing. (rsProcessingAborted)", with these details:

An error has occurred during report processing. (rsProcessingAborted)

Stack Trace:
   ved Microsoft.Reporting.WinForms.ServerReport.ServerUrlRequest(Boolean isAbortable, String url, Stream outputStream, String& mimeType, String& fileNameExtension)
   ved Microsoft.Reporting.WinForms.ServerReport.InternalRender(Boolean isAbortable, String format, String deviceInfo, NameValueCollection urlAccessParameters, Stream reportStream, String& mimeType, String& fileNameExtension)
   ved Microsoft.Reporting.WinForms.AsyncMainStreamRenderingOperation.RenderServerReport(ServerReport report)
   ved Microsoft.Reporting.WinForms.AsyncRenderingOperation.PerformOperation()
   ved Microsoft.Reporting.WinForms.ReportViewer.AsyncReportOperationWrapper.PerformOperation()
   ved Microsoft.Reporting.WinForms.ProcessingThread.ProcessThreadMain(Object arg)


Query execution failed for dataset 'DataSet1'. (rsErrorExecutingCommand)

Stack Trace:
   ved Microsoft.Reporting.WinForms.ServerReport.ServerUrlRequest(Boolean isAbortable, String url, Stream
WSUS Upstream Server Update Source Settings change itself by nt authority\system

i want offline wsus with sccm " 1 CAS . 2  primary "

i make wsus in the primary site is upstream to wsus in CAS  put Wsus is change in CAS from downstream to upstream
Hi All,

Just started up a blog, once I get some more free time at the end of Xmas, may do more of an Exchange, SCCM build and deployment guides.



Warwick :)
In our citrix environment patching will be performed on Master image (Base machine) and promoted to target device through PVS console.

Patching is configured through SCCM software but due to Windows update service getting terminated/stopped /disabled automatically patches through SCCM console is not downloading on Master Image Citrix server.

Master Image server OS : 2008 R2

Requesting anyone to help out to find a sustainable solution.
Hi, I have created a lab environment with 2 windows 2016 servers on Vmware workstation. Custom network 0

This is my setup

DC216: windows 2016
Domain Cotroller

Server1: windows 2016
SCCM 2016
SQL 2014
Windows Deployment Server
PXE Point

Deploy Windows 10 x64

SCCM 2016PXE Boot Media - fails at network settings

Client Trouble Shooting steps
DHCP Server OK
Network Configuration account can map distribution point

Please help.
Best Regards
Mattias Kihl
I am using SCCM to deploy my OS and patch work.  Currently I am on W7 environment and I am looking to start testing W10 deployments.  I have MS VL with SA.  

I will be deploying W10 Enterprise and want to know would you use LTSB or CB for the OS?
I need a way to tell when a computer name was changed.  This could be through PowerShell, SCCM, WMI, etc....  

Bonus for being able to retrieve old and new name at the same time.

Anyone have a way to do this?
Free Tool: ZipGrep
LVL 11
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

We use SCCM 2012 to remote our user computers.
RDP works on all computers but Remote Control only works on some ones.
I check some of these failing computers and SCCM client is installed and the Remote Control setting enable.
If I run "Msiexec /i Client.msi SMSFULLREMOTETOOLS=1" this fix the problem.  Apparently the Remote Tool component is missing in these computers.
Is it a way to fix this problem remotely?

I have SCCM 1706 running and manage about 20 Dell 7040 Micro desktops.

I would really like to set up OOB Management using AMT so that I can configure software updates to be installed over night i.e. SCCM can turn on the desktop at say 2am and install any software and updates etc.

I have installed the newly released Dell Command | Integration Suite for System Centre v5.0 which now includes the Dell Command | Intel vPro Out of Band.

I have SCCM 1706 installed on a Windows Server 2012 R2 Virtual Machine (Hypervisor is Server 2012 R2)

Every time I open the Intel vPro Out Of Band App on the SCCM 1706 server the Settings are lost - I do not know if this is correct? Intel vPro Out Of Band Settings
Intel vPro Out Of Band Settings Questions:
(1) Should the settings be remembered?
(2) Should (or can) the "Operating System User Account" be the Domain Admin Account
(3) Should (or can) the "AMT Administrative User Account" be the Domain Admin Account
(4) On the "Intel vPro Out Of Band Settings Indications Tab" what IP address should be in the "Listener IP Address" Intel vPro Out Of Band Settings Indications Tab
USB Provisioning
Intel vPro Out Of Band USB Provisioning
(1) The Password Section is the AMT Password? Default password for non-configured Dell AMT systems is just "admin"?
(2) Provisioning
(2i) User Consent: Shall I leave "Enable remote configuration of user consent policy" checked?
(2ii) Out of band provisioning: "Enable (will start "hello" packets immediately") - I assume I should check this
Hi there,
Running SCCM server version 1706 with following hotfixes:
configuration manager current branch 1706        full version 5.00.8540.1000    client version  5.00.8540.1000
configuration manager 1706 hotfix (kb4042345)    5.00.8540.1602
configuration manager 1706 hotfix (kb4042949)    5.00.8540.1611

In sccm no more updates are downloaded apparently when I click on download updates.  I am deploying windows 10 image from sccm for some reason once the image is done with no errors the _SMSTASKSEQUENCE folder is not deleted.  It is created on D drive of the client.  Attached is my SMSTS.log file.  Need help, not sure even though the image is deployed properly the folder for _smstasksequence folder is not deleted.
I need to initiate an uninstall of Skype for Business 2016 from a command line for mass uninstall across the company.  This will be deployed via SCCM.

I originally used setup.exe /admin to generate the MSP file which worked fine but now need to uninstall it and deploy a new MSP that does not contain a license key (we switched to KMS).

However, I don't know the structure of the command line to use nor do I know the product id.

Can someone assist with both?
All of the sudden our imaging through CM has stopped working. The only change I have made was to add drivers to our USB boot disk to support the new Surface laptop. Imaging did work post this as I was able to image the Surface laptop.
We are running version 5.00.8540.1000 - 2012 Current Branch.
I have attached the SMSTS Log from one of the failed Surface Pro's earlier.
Also I have followed this article http://henkhoogendoorn.blogspot.co.uk/2014/11/how-to-deploy-windows-image-on-uefi.html but with no succuss.
Thanks for your help.

I am trying to upgrade window 7 into window 10 through SCCM via task sequence and the upgrade failed with error code Error: 0x4005(16389). Please suggest







Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.