Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium







Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am pretty new to using SCCM, in this current account I am working on, they  use it to deploy software and 80% of the time the Software fails to install. I do not see any errors, or know where to look for error log files. Any assistance would be appreciated.
Free Tool: ZipGrep
LVL 11
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Ive got a couple of DCs which are not seeing any SCCM Windows patches, they both have a GPO pointing them to a WSUS server, Ive checked the Windows update logs and it states something about a proxy issue but I doubt servers need a proxy to be set for WSUS/SCCM updates. Any ideas on where I should start?
I am about to distribute SCEP to users who are not being managed by our SCCM infra, but we need to provide them antimalware software. One thing I noticed is as soon as I install SCEP on a machine, All settings are grayed out so users can change the settings.
On settings page of SCEP, it says 'For your protection, some settings are managed by your security administrator"

How can I unlock the settings so that users can have full control to the settings or is it how SCEP work, supposed to be managed by SCCM?
Hello SCCM Experts,

I have inherited an SCCM 2012 server where the WSUSContent is growing out of control.  I first ran into problems with drive space last week.  I added more space (100GB) but synchronization was still not working.  I had to do a wsusutil reset to get synchronization to work.  I didn't empty the contents of the WSUSContent folder before I did the wsusutil reset.  Here are my questions/thoughts:

1.  If I follow the delete the contents of WSUSContent per this article: https://blogs.technet.microsoft.com/gborger/2009/02/27/what-to-do-when-your-wsuscontent-folder-grows-too-large/, will this work with my version of SCCM?
2.  Can I uninstall and reinstall the WSUS portion of SCCM.  I found an the following article explaining the procedure to do this if the Windows Internal Database is used in SCCM.  https://blogs.technet.microsoft.com/sus/2016/10/18/recreating-the-susdb-and-wsus-content-folder-for-a-windows-server-2012-based-wsus-computer/

The article states:  Note that if you see ##SSEE (in HKLM\Software\Microsoft\Update Services\Server\Setup\SQLServerName), this blog post is not applicable to you.   Of coarse this is what we have.  Does anyone know the steps for recreating the SUSDB and WSUSContent folder on a build using SQL Server?

Any help would be greatly appreciated.

Hi ,
i have installed sccm on our one site and have created a sccm server for our another site which is connected with different domain, trusted relationship though.
can anyone please tell me if i need to configure and install the second site same as my first site with all the pre-requisites and sql in it??
Afternoon all,
    I am looking for a report or Query to list out all screens connected to computers within the estate. this is to support compliance and billing and so will need the following:

Screen reference (serial number or some other unique ID)
PC name this is connect to
PC IP address or Subnet
- Export to a file

I have found the following but just cant get it to work.. Idiots guide would be appreciated:
When WSUS is configured in SCCM, Windows 7 and 10 act differently.
For example Windows 7 downloads/installs only udpates from SCCM/WSUS, but Windows 10 downloads/installs other updates.
Is this because 'Update from more than one place' is on and set to PCs on my local network in Windows 10?
Unable to Run vbs after batch file through sccm
Attached is the log

Successfully selected content location C:\WINDOWS\ccmcache\bk      execmgr      11/01/2018 02:28:32      10768 (0x2A10)
Executing program as a script      execmgr      11/01/2018 02:28:32      10768 (0x2A10)
Successfully prepared command line "C:\WINDOWS\ccmcache\bk\Extract Inventory v1.7_standalone.bat"      execmgr      11/01/2018 02:28:32      10768 (0x2A10)
Command line = "C:\WINDOWS\ccmcache\bk\Extract Inventory v1.7_standalone.bat", Working Directory = C:\WINDOWS\ccmcache\bk\      execmgr      11/01/2018 02:28:32      10768 (0x2A10)
Running "C:\WINDOWS\ccmcache\bk\Extract Inventory v1.7_standalone.bat" with 32bitLauncher      execmgr      11/01/2018 02:28:32      10768 (0x2A10)
Created Process for the passed command line      execmgr      11/01/2018 02:28:32      10768 (0x2A10)
Raising event:
[SMS_CodePage(866), SMS_LocaleID(1049)]
instance of SoftDistProgramStartedEvent
      AdvertisementId = "GS220497";
      ClientID = "GUID:0E4E7A54-D702-4A14-BF56-3A5A91C403E7";
      CommandLine = "\"C:\\WINDOWS\\ccmcache\\bk\\Extract Inventory v1.7_standalone.bat\"";
      DateTime = "20180110192832.507000+000";
      MachineName = "EOMWW7JF9K35J";
      PackageName = "GS201022";
      ProcessID = 8840;
      ProgramName = "Extract inventory Batch v 1 7";
      SiteCode = "EU2";
      ThreadID = 10768;
      UserContext = "NT AUTHORITY\\SYSTEM";
      WorkingDirectory = "C:\\WINDOWS\\ccmcache\\bk\\";
      execmgr      11/01/2018 02:28:32      10768 (0x2A10)
Raised Program Started Event for Ad:GS220497, Package:GS201022, Program: Extract …

I have existing windows defined for my monthly patching windows.  I have a need to deploy applications and programs outside of the already defined software update maintenance windows.  The problem I am running into is when the maintenance window hits for the collection that has the application deployed, it is also deploying the software updates (different collection).  I've confirmed the client settings are set to not deploy all patches if the maintenance windows aren't the same.  I also confirmed the maintenance windows are not overlapping.  Is there another setting somewhere else I am missing?  Any suggestions?

Thank you!

I have a monthly patch that I push out via sccm as we normally do each month but this month only 2 machines received the updates out of 20 others. the status of the deployment shows compliant as if the machines received the updates but they did not as they do not appear in software center. I have checked the log files but nothing seems to stand out, different. Any suggestions?
[Webinar On Demand] Database Backup and Recovery
LVL 11
[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Published some critical updates from SCUP.
SCCM synchronized the updates but I can't download them.
Looking in the update properties in SCCM, the content locationBad Location   points to a folder that doesn't exist Folder Doesn't Exist in SCCM WSUS-CONTENT. - explains why I can't download.
I just did a SCUP publish with another new update and the proper folder was createdNew SCUP Publish Creates correct folder.. - and I could download.
If I try to republish the first updates from SCUP, it says the the updates were already published and I can't re-publish them. Can't re-publish update from SCUP
1. What would have caused this?
2. Can I delete the updates in SCCM and re-publish them from SCUP. -Could I delete the folders in WSUSContent?
3. How do I re-publish them with the correct folder and name?

..or if I'm asking the wrong questions - how do I get these updates to publish, sync, and download properly

If I couldn't publish now, I'd think there was something wrong with my setup.  It only affected the 4 critical driver updates that I need to push asap.

These are kind of critical, so I don't want to experiment by deleting folders willy-nilly.

I have a ConfigMgr 2012 R2 [5.00.8540.1611] environment. Clients are unable to install Applications from the Catalogue Web, by Software Center is working.

The application could not be installed. The most common reason is that software does not support the version of Windows currently installed on your computer. You can try starting the application installation from the Application Catalog again. If the problem continues, contact your network administrator

I've already tried:

- I reinstalled IIS;
- Reinstalled the two Roles of the Web Application Catalog and Service;
- Uninstall and Install the Client;
- Validation of the Application Catalog URL in the trust sites in IE;
- I tried to add the Application Catalog URL to the Intranet Zone
- Communication with the DB by the Collection Evaluator Viewer
- I checked the Silverlight records are Ok.
   (  https://social.technet.microsoft.com/Forums/en-US/3f515846-24c5-43ba-a18e-e79179f5c3d1/cannot-install-any-software-from-application-catalog-after-sp1-upgrade?forum = configmanagerapps )

Could anyone give me any hints as to what might be happening? Follow logs the client and server.
Hello! :)

In our environment we have a SCCM Current Branch Primary Site Server integrated with a WSUS Server in our Data Center to retrieve Microsoft Security patches.

We have several geographically distributed locations where we have a lot of computers not being administered by SCCM due to business needs.

Recently we were given the task of providing some power users with the capability to update the computers that are not SCCM clients with Microsoft Security patches at their convenience.

I want to re-use the existing central WSUS "SCCM-integrated" server so that in addition of being used by SCCM it also is capable of acting as an upstream server - for this manual patching process - and then configure additional WSUS downstream servers connected to it at each large site to relieve traffic from the WAN links.

Is this solution possible (have an existing WSUS "SCCM-integrated" server to both be used by SCCM and also be capable of act as an upstream server for a manual patching process)... or should a separate server be setup and configured to be the upstream WSUS server for the manual patching process?

We have SCCM current branch running. We would like to take advantage of "application" deployment instead of the old school "package" deployment for some of our applications that licensing considerations that need to be honored.

Take Adobe Acrobat for example.

It's easy enough to create an application to install our customized 11.0.0 version. But what I can't figure out how to do is to layer on one more MSP's to get it to the current patched version. Let's start small and say I want to layer on the 11.0.13 MSP. Is that a second deployment type within the same application?

Or can I layer on the MSP's in the same command line that does the original install?  I've not had much luck with that when I tried it in the past.

What I'd like to do is find out the right way to do it so we can do this sort of thing the same way for any MSI where we have MSP's to add on later. We're not looking for a one-off. We're just using Acrobat as the example.
anyone have any experience with upgrading windows 10 machines to 1709 using a SCCM service plan?  We have the latest version of SCCM loaded, i have created a service plan and my results pushing it have varied.  I have one Windows 10 1511 machine that doesn't see the update at all, another that is running windows 1703 that reports the 1709 update as "failed" with out actually trying to install it and one machine that it worked like a typical Windows update being pushed from SCCM.  The latter is my ultimate goal, but i cannot release the 1709 upgrade without getting more consistent successful results.  
The errors from the 1703 that report failed are below.  Any input would be appreciated.

Upgrade installation result indicates that commit cannot be done.
Installation job encountered some failures. Error = 0x80240022. Commit Result = 0x00000001.
 I am deploying Windows updates to a group of servers and the maintenance window is 0245-0300 to download the updates . Then the updates are scheduled to be installed and the server to be rebooted at 0300-0400  this is configured via SCCM 2012 using WSUS. However for some of the servers in the group there  install and reboot between those times. However other servers install the updates during 0900-1700 and reboot which is outside the maintenance window configured in SCCM 2012. When l look at one of the servers that reboot outside the maintenance window there show error below in the log file. I need assistance with finding out how to stop the reboot of the servers. I would greatly appreciate your assistance
I have one CAS and two primary site servers.
By adding 3rd primary site server, I tested PKI for Mac computers.
We plan to enable HTTPS only for Mac computers for now and gradually  migrate Windows clients from HTTP to HTTPS.
In this case, how can I accomplish the migration without giving errors on Windows computers? Will following settings on primary sites servers for HTTPS accommodate both non HTTP and HTTPS Windows computers?
HTTP and HTTPS options in MP and DP are radio buttons, so does it mean it only supports either, can't support both at the same time?
I just changed site code on one of SCCM clients to the site which has HTTPS enabled, it failed to connect to the MP.
So even though the site is configured as 'HTTP or HTTPS', MP takes only HTTPS connection.
And when I look at CCM_CLIENT in MP IIS, it's checked as HTTPS required. There about 20 virtual directories under IIS for SCCM, not sure which one should be changed from required to accepted so that it can support both HTTP and HTTPS.
Am I interpreting 'HTTP or HTTPS' in Site configuration wrong? I thought it means 'a client can be either HTTP or HTTPS', but it seems actually 'HTTP or HTTPS'. But then why there is 'HTTP only' in option to choose???
Having an issue with System Center and getting the Management Point working. The error appears to be the installation of the bgbisapi.msi install, keeps failing with the following msg:

<12/18/17 11:41:50> Installing the SMSBGB
<12/18/17 11:41:50> Passed OS version check.
<12/18/17 11:41:50> IIS Service is installed.
<12/18/17 11:41:50> No versions of SMSBGB are installed.  Installing new SMSBGB.
<12/18/17 11:41:50> Enabling MSI logging.  bgbisapi.msi will log to C:\Program Files\Microsoft Configuration Manager\logs\bgbisapiMSI.log
<12/18/17 11:41:50> Installing C:\Program Files\Microsoft Configuration Manager\bin\x64\bgbisapi.msi CCMINSTALLDIR="C:\Program Files\SMS_CCM" CCMSERVERDATAROOT="C:\Program Files\Microsoft Configuration Manager" USESMSPORTS=TRUE SMSPORTS=80 USESMSSSLPORTS=TRUE SMSSSLPORTS=443 USESMSSSL=TRUE SMSSSLSTATE=63 CCMENABLELOGGING=TRUE CCMLOGLEVEL=1 CCMLOGMAXSIZE=1000000 CCMLOGMAXHISTORY=1
<12/18/17 11:41:52> bgbisapi.msi exited with return code: 1603
<12/18/17 11:41:52> Backing up C:\Program Files\Microsoft Configuration Manager\logs\bgbisapiMSI.log to C:\Program Files\Microsoft Configuration Manager\logs\bgbisapiMSI.log.LastError
<12/18/17 11:41:52> Fatal MSI Error - bgbisapi.msi could not be installed.
<12/18/17 11:41:52> ~RoleSetup().

I ran a script to ensure the root\ccm is not there,  and it is not. I also checked the regsvcs.exe.config and the installutil.exe.config and made sure the line   <loadFromRemoteSources …
dear sir,
we have sccm 2012 and we are planning to migrate all machine to sccm but we are facing issue after migrating mahine to sccm ou machine shut down option has been hide.
we have attched screen shot to clarification some issue of sccm client policy.
Free Tool: Port Scanner
LVL 11
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

This subject concerns an issue with sccm 1710. I want my remote distribution points on other subnets to get their updates from the monthly updates from the management point our "software update point" which is located at our central site which hosts all the roles including management and software update point roles. These remote client are setup in their client device settings to "enable software updates on clients" like all the local computers.  When I open up windows software updates on the client computer in a remote distribution group site location, it does not show the option to use either the "managed by your system administrator" for getting Microsoft updates. They only get updates from " online from Microsoft Update". Computers in the local site distribution group do have both these options and will only update from our update server. The remote clients report the correct management point and are members of their own "distribution group" which point to the local distribution point server as their site server. Sorry if this question sounds convoluted. I want my computers and servers that are part of a remote subnet which has a distribution point server in it to get their updates as part of the managed updates from sccm settings and not directly from Microsoft update.
Hi guys,

I have a collection that should list all Exchange Servers, but it shows zero members.
The query is the following

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SERVICE on  SMS_G_System_SERVICE.ResourceId = SMS_R_System.ResourceId  where SMS_G_System_SERVICE.Name like "Microsoft Exchange%"

Do you think the query is wrong ?

I'm not an SCCM expert. Is there a way to debug these queries in a simple manner ?

Thanks in advance
I have a issue with gererating some reports in SCCM 2012.
I have imported some Reports for Office counting in my SCCM 2012, but I can't run them.
When I run them, I get this error:  "An error has occurred during report processing. (rsProcessingAborted)", with these details:

An error has occurred during report processing. (rsProcessingAborted)

Stack Trace:
   ved Microsoft.Reporting.WinForms.ServerReport.ServerUrlRequest(Boolean isAbortable, String url, Stream outputStream, String& mimeType, String& fileNameExtension)
   ved Microsoft.Reporting.WinForms.ServerReport.InternalRender(Boolean isAbortable, String format, String deviceInfo, NameValueCollection urlAccessParameters, Stream reportStream, String& mimeType, String& fileNameExtension)
   ved Microsoft.Reporting.WinForms.AsyncMainStreamRenderingOperation.RenderServerReport(ServerReport report)
   ved Microsoft.Reporting.WinForms.AsyncRenderingOperation.PerformOperation()
   ved Microsoft.Reporting.WinForms.ReportViewer.AsyncReportOperationWrapper.PerformOperation()
   ved Microsoft.Reporting.WinForms.ProcessingThread.ProcessThreadMain(Object arg)


Query execution failed for dataset 'DataSet1'. (rsErrorExecutingCommand)

Stack Trace:
   ved Microsoft.Reporting.WinForms.ServerReport.ServerUrlRequest(Boolean isAbortable, String url, Stream
In our citrix environment patching will be performed on Master image (Base machine) and promoted to target device through PVS console.

Patching is configured through SCCM software but due to Windows update service getting terminated/stopped /disabled automatically patches through SCCM console is not downloading on Master Image Citrix server.

Master Image server OS : 2008 R2

Requesting anyone to help out to find a sustainable solution.
I am using SCCM to deploy my OS and patch work.  Currently I am on W7 environment and I am looking to start testing W10 deployments.  I have MS VL with SA.  

I will be deploying W10 Enterprise and want to know would you use LTSB or CB for the OS?

I have SCCM 1706 running and manage about 20 Dell 7040 Micro desktops.

I would really like to set up OOB Management using AMT so that I can configure software updates to be installed over night i.e. SCCM can turn on the desktop at say 2am and install any software and updates etc.

I have installed the newly released Dell Command | Integration Suite for System Centre v5.0 which now includes the Dell Command | Intel vPro Out of Band.

I have SCCM 1706 installed on a Windows Server 2012 R2 Virtual Machine (Hypervisor is Server 2012 R2)

Every time I open the Intel vPro Out Of Band App on the SCCM 1706 server the Settings are lost - I do not know if this is correct? Intel vPro Out Of Band Settings
Intel vPro Out Of Band Settings Questions:
(1) Should the settings be remembered?
(2) Should (or can) the "Operating System User Account" be the Domain Admin Account
(3) Should (or can) the "AMT Administrative User Account" be the Domain Admin Account
(4) On the "Intel vPro Out Of Band Settings Indications Tab" what IP address should be in the "Listener IP Address" Intel vPro Out Of Band Settings Indications Tab
USB Provisioning
Intel vPro Out Of Band USB Provisioning
(1) The Password Section is the AMT Password? Default password for non-configured Dell AMT systems is just "admin"?
(2) Provisioning
(2i) User Consent: Shall I leave "Enable remote configuration of user consent policy" checked?
(2ii) Out of band provisioning: "Enable (will start "hello" packets immediately") - I assume I should check this






Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.