[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now







Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.

Share tech news, updates, or what's on your mind.

Sign up to Post

Trouble shooting the Application Catalog 

Issue Identification: http://<sccm servername>/CMApplicationCatalog is not displaying the Catalog Content 

Site Roles involved: Application catalog web service point and application catalog website point 

Site Status Critical: Application Catalog website point 


Error Found: http://localhost/CMApplicationCatalog/default.aspx is displaying error in default website in SCCM Server 

Log files: smsportalwebsetup.log 

Solutions which didn’t work

  • Reference from internet: 

Browse to the Windows\Microsoft.NET\Framework\v4.0.30319 folder DOS. 

Run the following command: 

aspnet_regiis.exe -i 

After that restarted the sccm services but still component in critical state and log shows the same error 

Note: Latest one dot net version should be used for the above command ( ex: 4.0 in my case) 

So reference from internet didn’t helped here 

  • Removing the role application catalog website point(which is critical in site status)and readding the role also didn’t help 

Solution did worked

So thought of doing the manual installation with all parameters to track the error in GUI Mode 

Command line used is d:\Program Files\Microsoft Configuration Manager\bin\x64\portlweb.msi 


PORTALLANGPACKFOLDER="d:\Program Files\Microsoft Configuration Manager\bin\x64\catalog\" 


After this checked the url http://localhost/CMApplicationCatalog/default.aspx in SCCM Server , I can see it loads the application catalog web page but no application were listed with permission error info. 

One main thing is Patience. Log will display as installation was successful but if you look at the task manager still rolesetup.exe is still running. Once rolesetup.exe is exit from task manager we can check the url again 

Bingo it starts working now 

New feature and membership benefit!
LVL 10
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Hi Team,

I got the requirement to setup PXE distribution point for our lab where we use to image the bare metal machines. We got the vlan setup and got the IP range of the Vlan from our network team. But the issue is we already have a separate boundary created in sccm where my Vlan IP address range also a part of it. Example already set boundary IP range: - MY new Vlan IP range: - which is also falling under same range.

So my question is if I create separate boundary for my IP range and add it to boundary group and substantially adding that group to my PXE distribution point and then deploying my task sequence to All unknown computers. Then only my ip range machine's will get the deployment or all machines part of already created boundary range( - receive IP's?

Thanks ,


  1. Sccm      Client Center
  2. Deployment      id , package id ,program
  3. Windows      PowerShell(by default)
  4. List      of machines.

When there is a scenario where 15 percentages of machines where applications failed due to run time exceed error. The application uninstalled the older version but it doesn’t install the latest versions and throw error as Run time exceed even though the maximum Run time was extended to 45 mins.

The 15 percentage is almost 800 machines but rest of the machines was able to receive and get the application deployed successfully.

While the deployment\advertisement was re-run via sccm client center, the application was successfully deployed. Hence planned to automate the re-run task for 800 machines and it works like a charm


Hope most of us have seen the dll file in SCCM Client Center folder which is core for this application.

Powershell has the capability of working with dll files.



Add-Type -Path 'C:\SCCM Client Center\smsclictr.automation.DLL'

$strcomp=Get-Content "C:\computers.txt"

$strcomp | where{test-connection $_ -quiet -count 1} |ForEach-Object{

$ReRun = New-Object -TypeName smsclictr.automation.SMSClient($_)

$ReRun.SoftwareDistribution.RerunAdv("<Deploymentid>", "<PackageID>", "<PROGRAMNAME>")



This script will fail to execute on below scenarios

  1. WMI      Corrupted
  2. Access      denied on target machines
  3. RPC      issues
  4. When      deployment is not targeted
We've just configured OSD on a new SCCM Current Branch 1706 server, following the steps laid out here -


We're using the Windows 10 LTSB N ISO.
We installed Windows ADK 1703, which is the correct release for SCCM 1706 and Windows 10 deployments.
We created the Windows 10 1703 boot image as described in the windows-noob article.

We testing a deployment of Windows 10 to a VM. The VM does PXE boot, and I confirmed it has an IP address.

I'm prompted to enter the PXE password, and then the TS times out trying to retrieve the "policy". Eventually I get the following error:

An error occurred while retrieving policy for this computer (0x80004005).

When I check the smsts.log file, the first error (red herring or not b/c there are other entries in the log file that seem to succeed) is:

ShellExecute ('raserver.exe') failed. 0x80070002.

I also see the following error later in the smsts.log file:

Error. Received 0x80072ee7 from WinHttpSendRequest

What I've confirmed so far:

- Network access account is setup and has permissions to all images and packages.
- Time on VM is synch'd when compared to SCCM server
- Anonymous Authentication is enabled in IIS on the SCCM server

The VM is using the E1000 network adapter. I was under the impression a Windows 10 ISO would include this rather …
I have SCCM (Version 1706) installed.

I have created a custom WIM file for Windows 10 1703 that is en-gb and has the most current drivers for my Dell Optiplex client computers and well as the latest windows updates.

I would like to use this image to update all my client pc's - they are currently on Windows 10 1511.

I cannot find a way to do this - other then to treat it as a new installation - and will format the drive and do a clean install.

is there anyway to use a custom WIM that is stored as an Operating System Image as a Operating System Upgrade Package?


I have sccm 2012 on win server 2012 R2 and have a single site with database installed on same server.

I am getting the following error in site status .please find the attached snspshot

i tried uninstalling client from the site server but no luck

i am not able to push the client on discovered computers.
I have some PowerShell Scripts that were used in MDT to make some customizations to a reference machine (1607 build).  We are upgrading 1511 to 1607 and wanting to make the customizations that were not made for the 1511 image.  Several of the scripts work when run as a task sequence in SCCM 1706, but some of them fail.  They run properly when run manually.  I also noticed that even though the scripts have built-in logging, the log files are empty in MDT and the log files will be in different locations depending on how they are run.  Any suggestions?
Hi Buddies

how do I use a custom answer file when deploying a image with sccm 2012r2?

Any ideas please let me Know
Thank in advance
Can some one please help to get SCCM Query regarding One drive versions installed at user laptops.

I tried several method and scripts but no result. any quick help would be appreciated. thanks.
I need to join a number of servers to my domain and install software on them. But I don't want SCCM 2012 to install Endpoint Protection on them and block my attempts to install said software. How do I determine which policy or policies are deploying endpoint protection? How do I determine which OUs each policy is being deployed to? Is it possible to disable a policy?
Tech or Treat!
LVL 10
Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Hi Team,

I am looking for a SCCM query to get the user's Full Name or First & Last Name also Email ID's for a specific collection. Can someone help me with this. Also I need to get the longest logon user instead of last login user to know who is the actual user.

I am trying with below query but it throwing some error. Please help.

SMS_R_User.FullUserName, SMS_R_System.Name
SMS_R_System inner join SMS_G_System_SYSTEM_CONSOLE_USAGE
SMS_G_System_SYSTEM_CONSOLE_USAGE.ResourceId = SMS_R_System.ResourceId
SMS_R_User ON SMS_G_System_SYSTEM_CONSOLE_USAGE.TopConsoleUser = SMS_R_User.UniqueUserName  
SMS_FullCollectionMembership on SMS_FullCollectionMembership.ResourceID = SMS_R_System.ResourceID
WHERE SMS_FullCollectionMembership.CollectionID = 'xxxxx'

I need to create a report that specifically shows all the devices, and in particular all the servers, that do not have Symantec Endpoint Protection version 12.* installed.

Managed to create a collection using the following syntax which I think is working:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName not like "Symantec Endpoint Protection" and SMS_G_System_OPERATING_SYSTEM.Name like "%Server%" and SMS_G_System_ADD_REMOVE_PROGRAMS.Version not like "12.%"

However, i'm going round in circles with the sql2016 report builder and just can't seem to get what I need.

Any help appreciated?


Sorry if this a easy question for everyone.

After are upgrade to SCCM 1703, we have been running into issue with are TS not report back errors correct to the deployment status with in SCCM. No matter if it fails or successes it reports successful. Below is what we are doing for error reporting and it all worked before.

All the parts / steps leading up to reporting the error code back works. Logs do get copy to are log share, if an error get triggered in the TS.

Just trying to figure out if i am doing this whole error handling and logging thing wrong.

Thank you for support of this.
I want to deploy a series of packaged applications (packages and not applications) to a pc that has already been imaged.

Instead of deploying each package one-by-one and then deleting the deployments one-by-one, I was hoping to deploy the packages via a Task Sequence.

I put the packages into a TS and deploy it.  The TS appears in the client's Software Center and I select Install.  What happens next is not what I was expecting.  The download portion of the first package hangs up for a seemingly long time.  I should note that these packages installs without delay during PXE OSD.

So I press F8 and look at smsts.log.  It states that the file can't be downloaded but if I wait it out, the package eventually loads and installs and other times, the same package doesn't download and the entire TS fails (probably due to timeout).

Is it possible to deploy a TS to a device collection that already has an OS?
I heard NTP server sync using a protocol to its NTP clients / endpoints so
no credentials (or authenticators) is involved.

What about MS SCCM & MS Dsktop Central?  Do they contain authenticators
of the endpoints they manage?  Can point me to some authoritative/MS
links that state this?  

If they contain them, when the authenticators are being sent to the endpoints,
are they encrypted?

It's a query raised by our Audit.  By authenticators, I assume it refers to
login id & password?
I'd like to use SCCM to push out a Powershell script as detailed in this article, but the deployment status is always an error or unknown.

We have defined a VPN boundary group for our remote employees in single site, single server SCCM current branch (1706) setup. Our company's setup is very simple - one server is the site server, DP, and MP. We're all in one building. However we need to define the "VPN" boundary group to be a "slow" link for those that connect remotely.

I cannot find a way to do this in SCCM 1706. Does anyone know how to do this?

how do I remove files and folders from multiple client machines using sccm 2016? do I use application or package?
I am looking to delete certain .exe files and some folders from few location on client machines.

what script should I use? do I use powershell or vbscript? and what is the installation command line for using either one?


hello dears,

I'm planning to deploy sccm 2016 and need to have a high available design architecture. below is overview of my environment and the required site system roles.


single domain
clients: 20000
OS : w7sp1 and W10
Mobile device OS: ios, android, and windows phone

Required site system roles:

Software update management
OS deployment
App deployment
Inventory management
Mobile device management
Report generation
End point protection
Compliance and setting management.

The solution should be High available in both client perspective and server side.
How can i have a design to achieve these requirements. Any suggestion appreciated!

Thank you
Free Tool: Port Scanner
LVL 10
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I hope you have good day. i've server (WIN 2012 datacenter R2)installed on it wsus role and also SCCM 2012 (with external SQL DB) i just need to configure the autmatic update that sccm will take it from wsus and deploy it on the PCs in my network, how can i make that?
One audit finding was raised to us:

a) it's a risk if SCCM (which we use to manage PCs, workstations, including critical payment workstations),
    WSUS (which we used to patch servers in Prod DMZ, Prod internal zones as well as Development/UAT),
    Desktop Central (to manage PCs, laptops), AD & NTP contain authenticators (eg: login id & password) of
    the endpoints they manage.  Do these managemt tools truly contain the authenticators?
    They may use AD credentials or even local credentials (eg: local administrator) to login to control
     the endpoints but do they actually contain the authenticators ?

b) if the answer is "yes", we were told to place all these mgmt tools (SCCM, DCentral, AD server, NTP etc)
     in an isolated secure zone rather than in DMZ so that the authenticators are not easily "stolen" : is
     this a valid mitigation/recommendation?    
    If it's too much to overhaul this, can we create Windows Firewall on these devices to block all traffic
     except the required traffic to mitigate ?

One more tool that we use to lodge privileged accounts credentials : the vendor actually recommend
we put it in DMZ when we 1st set it up, so quite confused if the vendor or the auditor is right

Running SCCM Current branch version 1606.  Deployed a new child primary without any issues, and can distribute content to that primary without any issues.

I have also been able to without issues deploy the client from the child primary to clients.

Now I need to deploy packages and applications using the child primary.  Multiple errors:

> When I deploy one application to multiple clients the first error I see is that on the software catalogue on the clients it just says waiting to download and stays at 0%
> On some clients the application is downloaded/installed successfully but when I try to deploy software updates it fails to receive them

All other clients on other sites are fine, so it is something specific with this child primary.  I've checked/tried the following to resolve it:

>  Changed the distribution settings for the application to "Automatically download content when packages are assigned to distribution points" - This stopped the clients from trying to download the application completely and it just says "past due".  When I then try to manually click install it brings up an error message stating that Software Center can not be loaded (attached)
>  Checked the BITS and .net are installed correctly on the Primary
>  Restarted the clients and the primary
>  Checked the boundary setup is correct and that there is not a duplicate.  It is and I don't think i would be able to deploy the client if this was incorrect
>  Reinstalled the SCCM …
Hi all,
We are going to deploy Office 2016 (Currently using Office 2010) through SCCM 2012, what do we have to take into account before update process?
Also how does SCCM uninstalls the old office and installs the new one on the top? how does it differentiates between office32 bit and 64? and then install the right version?
Any articles and steps on how to deploy and configure it will be helpful.
Would installing office 2016 through SCCM would be the best way? or deploying it through Group policy will be better?

We have SCCM current branch 1706, with a SQL 2012 server on the back end running SSRS. I would like to allow our Service Desk access to create their own reports in one specific folder only - protecting all the other folders containing the standard SCCM reports.

Is there a way to define a security scope that's SSRS folder aware? I don't think I can do this from the SSRS side. I believe SCCM sets all permissions via policy on those SSRS folders every 15 minutes.
Hi, we have noticed that the temp folder in C:\Windows\CCM\Temp is getting filled with the end result of running out of disk space in Windows.
We are running CM 2012 CB.
Doesn't seem to be affecting all users.
I have googled but not able to find anything about this folder and how we can control the size of the content.
Any ideas are welcome.







Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.