Fix For Error: Failed To Process Configuration Manager Update 0x87d20b15

With the release of version 1710 for System Center Configuration Manager Current Branch on November 20, 2017, I pursued to update my ConfigMgr 1706 site to take advantage of some of the exciting new features, which you can read more here! Use this PowerShell script to enable the early update ring for ConfigMgr 1710.

I tested the update in my test lab and the upgrade to v1710 worked just fine. As usual with my production environment, I always run the prerequisite checker to make sure nothing is flagged as an issue, which in my case all was fine with green checkmarks. However, the actual installation of the update failed on the Installation step for “Upgrade ConfigMgr database” as seen in the screen capture above. The description for the error indicates: [Failed]: Upgrading ConfigMgr database. Check cmupdate.log for details.

The following is an error was seen in the cmupdate.log: Failed to apply update changes 0x87d20b15

I located a blog post by my friend Anoop dated from October 2016 referencing a similar error code where he points to providing the NT Authority/System account in SQL with the sysadmin security role, however that was not the cause of my upgrade failure and the security roles were already defined correctly. The following TechNet thread was a dead end as well.


My post on Twitter as seen above caught the attention of another friend of mine, David James, Director of Engineering for ConfigMgr at Microsoft, who with his team were able to pinpoint the problem in no time at all and quickly provided a solution which resolved my ConfigMgr 1710 upgrade installation hang up. Thanks David and to the ConfigMgr team! The gist of the problem is that my environment had an old compatibility level 100 set for the SQL Server database for the CM_XXX database, and you can find this referenced in the cmupdate.log file. Changing it to 110 fixed the compatibility level needed for ConfigMgr 1710.

Run the following query in SQL Management Studio (please change XXX to your ConfigMgr Site Code) and retry the installation via the Update and Servicing node in the ConfigMgr Admin Console. This also addresses the issue where TRY_CONVERT is not recognized as a built-in SQL function:

ALTER DATABASE CM_XXX SET COMPATIBILITY_LEVEL = 110

SUCCESS!!

** Additional Mention **

Check out this blog post, “In Telemetry We Trust?” written by a friend and fellow ConfigMgr admin, Peter Egerton, who shares a similar experience and the positive nature of telemetry data especially in the ConfigMgr space.

Please like & share:

ConfigMgr Technical Preview 1706 Released

Friday, June 23rd, 2017 brought us a brand new build of ConfigMgr Technical Preview (1706), which has some stunning new features. The Microsoft System Center Configuration Manager (ConfigMgr) team has been rapidly implementing new features and improving the product following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

    • Improved boundary groups for software update points
    • Site server role high availability
    • Include trust for specific files and folders in a Device Guard policy
    • Hide task sequence progress
    • Accessibility improvements
    • Upgrade Readiness support with Azure Services Wizard
    • New client settings for cloud services
    • Create and run PowerShell scripts from the ConfigMgr console
    • PXE network boot support for IPv6
    • Microsoft Surface driver update management
    • Configure Windows Update for Business deferral policies
    • Support for Entrust certification authorities
    • Cisco (IPsec) support for macOS VPN profiles
    • New Windows configuration item settings
    • Device compliance policy improvements
    • New mobile application management (MAM) policy settings
    • Android and iOS enrollment restrictions
    • Android for Work application management policy for copy-paste
    • Device Health Attestation assessment for compliance policies for conditional access

The above features are listed in detail in the Capabilities in Technical Preview 1706 doc.

You can update to the 1706 Tech Preview release via the ConfigMgr console under the Updates & Servicing node.

Here’s my video tutorial which I did for version 1701. The steps are the same for 1706.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

Review – Microsoft Systems Center Endpoint Protection Cookbook

System endpoint security is a critical aspect of modern day computing and we all have had our fair share in dealing with malware infections, and in some cases ransomware and cryptolocker attacks in our organizations. Microsoft has made great efforts in mitigating these security risks by providing a superior product called System Center Endpoint Protection (SCEP) for enterprises and Windows Defender which by default is included with Windows 10.

A System Center Configuration Manager (ConfigMgr or SCCM) or a Microsoft Intune administrator is familiar with SCEP as it is the way to administer and manage SCEP in the enterprise. However, there are many aspects and intricacies of SCEP one is not aware of and has not fully utilized, and should. While I was dealing with some SCEP updates and anti-malware policies in my organization, I came across this awesome book written by Nicolai Henriksen, a Microsoft MVP in Enterprise Mobility. I decided to write a non-biased review of this book and credit the wonderful information contained within it.

Nicolai’s SCEP cookbook is well written and vetted by another well respected Microsoft MVP in Enterprise Mobility, Ronni Pedersen, who I often interact with on social media on all things ConfigMgr. This book is shy of 200 pages and is laid out in eight easily digestible chapters and covers everything you need to know about SCEP from soup to nuts. You’ll learn how to plan and get started with SCEP, configuration, operations and maintenance, updates, security and privacy, configure advance protection, troubleshooting, and malware handling to name a few. It’s an information filled book with great tips and how to’s, and I particularly enjoyed how Nicolai included little segments throughout the book with tidbits such as “Getting ready….”, “How it works….”, and “How to do it….” which was perfect for my learning and understanding of the various concepts presented.

The Table of Contents of this book:

As a ConfigMgr admin who has been working with the product for a number of years including working with System Center Endpoint Protection, I have learned things that I didn’t know, picked up some tips and tricks, have a better insight and understanding of SCEP, and I have gained a great reference for the product. I highly recommend this book to all ConfigMgr and Intune admins. This book is available for purchase in Kindle and Paperback format on Amazon. If you would like to connect with Nicolai and have some feedback or suggestions, you’ll find him on Twitter as @nicolaitwitt.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

ConfigMgr Tech Preview 1703 Released

March 30, 2017 brought us a brand new build of ConfigMgr Tech Preview (1703), which are now made available on a monthly basis. The Microsoft System Center Configuration Manager (ConfigMgr) team has been rapidly implementing new features and improving the product following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

    • Windows Analytics Commercial ID and Windows telemetry levels – You can specify the Windows Analytics Commercial ID and configure telemetry, commercial data, and Internet Explorer data collection settings in Client Settings for use with Upgrade Analytics.
    • In-place UEFI conversion – You can customize a Windows 10 in-place upgrade task sequence to include the Windows 10 UEFI conversion tool.
    • Collapsible task sequence groups – Groups in the task sequence editor can be collapsed or expanded.
    • Azure Services wizard – The Azure Services wizard provides a common configuration for the cloud Azure services you use with ConfigMgr. This is done by using Azure web apps to provide the common subscription and configuration details that administrators would otherwise have to re-enter for each additional cloud Azure cloud service you use.
    • Direct links to applications in Software Center – You can now provide end users with a direct link to an application in Software Center. This means they no longer must open Software Center and search for an application before they can install it.
    • Import PFX certificate feature for ConfigMgr clients – Import PFX certificate profiles are now supported on ConfigMgr clients running on Windows 10 desktops. See How to create PFX certificate profiles in System Center Configuration Manager and this blog post.
    • Apple Volume Purchase Program (VPP) enhancements – Support has been added to tag education vs business volume purchase program tokens, device licensing, and adding multiple volume purchase program tokens.

You can update to the 1703 Tech Preview release via the ConfigMgr console under the Updates & Servicing node. The baseline version of the Technical Preview branch will be updated to 1703 and available on the TechNet Evaluation Center.

Here’s my video tutorial which I did for version 1701. The steps are the same for 1703.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

“Unofficial” MVP Perk From Special Friends

A couple of weeks after receiving my MVP Award from Microsoft, I asked my IT Pro peers for some feedback via a Facebook group (Tech Konnect) and MVP Yammer Community on what they use for computer systems to run test environments such as ConfigMgr, Windows builds, Server OS, etc. I realized as a MVP, I need to up my game and build a portable lab environment to conduct testing and create tutorials for the IT Pro community in order to share some technical knowledge. Also, I’m often asked to test various software and tools in return for reviews or product QA feedback, so a proper lab environment is a must.

For those of you who run test environments on your laptops using Hyper-V or VMware Workstation, what make and model laptop are you using and what are the specs (Hard Drive(s), memory, CPU, etc)?

I received an overwhelming response with many different hardware specifications including suggestions of various makes and models of laptops and much more. One thing that stood out was the amount of memory (RAM) one should consider in order to have a decent lab environment, at least to sustain for example, a Domain Controller, ConfigMgr server, SQL, MDT, and some Windows clients to name a few. “You need at least 32GB of memory”, the crowd roared!

I knew my Microsoft Surface Pro 4 with 8GB of memory was not going to cut it and I was stuck since I can’t upgrade the memory and hard disk on the Surface Pro 4. Unbeknownst to me, two of my IT Pro friends who are well respected by me and by the global IT Pro community stepped up to the plate and very generously decided to provide me with a special gift to help me with my MVP and IT Pro endeavours, so I could further expand my technical skills and to give back to the community via my learning and knowledge. For confidentiality purposes, these two special friends of mine will remain anonymous. I have been shocked and speechless from the day I was told that I was to look out for a package (shipped) and even to this day as I use this laptop daily to setup my test lab. I’m so grateful and blessed to receive this generous gift and …………well….., I’m speechless! My friend said “Now that you are MVP, you need the right equipment for testing!”

So, here’s what I received:
1. HP Zbook 14 G2 laptop (Intel Core i7-5500U CPU 2.4GHz, 32GB memory, 256GB Hard Disk, 1TB SSD Hard Disk)
2. Power adapters (two)
3. HP UltraSlim docking station
4. Stickers

  

  

I love my “new” HP laptop, it’s shiny, it’s awesome, it’s perfect! Stay tuned for my future blog post on how I setup my test lab, what I used to build it, and some obstacles I ran into which I ended up resolving. To my two special friends, Thank you, Thank you, Thank you! 🙂

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

ConfigMgr Tech Preview 1701 Released

The Microsoft System Center Configuration Manager (ConfigMgr) team has been doing a great job with implementing new features and improving the product on a regular basis following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

The 45th President of the United States of America was inaugurated on Friday, January 20th and on this day the ConfigMgr team released SCCM Tech Preview build 1701 which is the first new release of 2017. This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

  • UEFI inventory data – Hardware inventory can now determine whether the device is UEFI-enabled.
  • Express files support for Windows 10 Cumulative Update – Configuration Manager can support Windows 10 Cumulative Update using Express files. This functionality is only supported in Windows 10 version 1607 with a Windows Update Agent update included with the updates released on January 10, 2017 (Patch Tuesday). For more information see https://docs.microsoft.com/sccm/core/get-started/capabilities-in-technical-preview-1612#express-installation-files-support-for-windows-10-updates.
  • Validate Device Health Attestation Data via Management Point – You can now configure management points to validate health attestation reporting data for cloud or on-premises health attestation service.
  • Updated Content Library Cleanup Tool – The command line tool (ContentLibraryCleanup.exe) used to remove content that is no longer associated with any package or application from a distribution point (orphaned content) has been updated with fixes for known issues.
  • Host software updates on cloud-based distribution points – Beginning with this preview version, you can use a cloud-based distribution point to host a software update package.
  • Support for Microsoft Azure Government cloud added to Operations Management Suite (OMS) Connector feature – You can now configure an OMS connector for the OMS workspace on Microsoft Azure Government cloud.
  • Additional boundary groups improvements – Clients now find software update points using Boundary Group associations.

You can update to the 1701 Tech Preview release via the ConfigMgr console under the Updates & Servicing node. You will need the baseline version of Tech Preview 1610 if you are installing it brand new.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

ConfigMgr Version Numbers

about_configmgr_version

Release/Update Version Build
ConfigMgr 2012 RTM 5.00.7711.0000 7711
ConfigMgr 2012 SP1 5.00.7804.1000 7804
ConfigMgr 2012 SP1 CU1 5.00.7804.1202 7804
ConfigMgr 2012 SP1 CU2 5.00.7804.1300 7804
ConfigMgr 2012 SP1 CU3 5.00.7804.1400 7804
ConfigMgr 2012 SP1 CU4 5.00.7804.1500 7804
ConfigMgr 2012 SP1 CU5 5.00.7804.1600 7804
ConfigMgr 2012 SP2 5.00.8239.1000 8239
ConfigMgr 2012 SP2 CU1 5.00.8239.1203 8239
ConfigMgr 2012 SP2 CU2 5.00.8239.1301 8239
ConfigMgr 2012 R2 5.00.7958.1000 7958
ConfigMgr 2012 R2 CU1 5.00.7958.1203 7958
ConfigMgr 2012 R2 CU2 5.00.7958.1303 7958
ConfigMgr 2012 R2 CU3 5.00.7958.1401 7958
ConfigMgr 2012 R2 CU4 5.00.7958.1501 7958
ConfigMgr 2012 R2 CU5 5.00.7958.1604 7958
ConfigMgr 2012 R2 SP1 5.00.8239.1000 8239
ConfigMgr 2012 R2 SP1 CU1 5.00.8239.1203 8239
ConfigMgr 2012 R2 SP1 CU2 5.00.8239.1301 8239
ConfigMgr 2012 R2 SP1 CU3 5.00.8239.1403 8239
ConfigMgr Version 1511 5.00.8325.1000 8325
ConfigMgr Version 1602 5.00.8355.1000 8355
ConfigMgr Version 1602 (Update Rollup 1) 5.00.8355.1306 8355
ConfigMgr Version 1606 5.00.8412.1000 8412

Source: ConfigMgr 2012 Version Numbers

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

Review – System Center Configuration Manager Reporting Unleashed

SCCM_Reporting_Unleashed

System Center Configuration Manager (SCCM / ConfigMgr) is a robust and complex tool used by SysAdmins to manage systems in their organizations. Similarly, working with reports, creating reports, and generating reports with ConfigMgr can become a complex task and challenging.

We all know that the built-in reports are not the best and often don’t yield the results we want to achieve. To get around some of the limitations, you either need to create your own reports or use third party solutions such as the wonderful reports from Enhansoft which are easy to install, configure, and to use. Well, Garth Jones, the owner of Enhansoft has released an awesome book to help clear the mystery of reports and make it super simple for anyone to follow the step-by-step instructions with the intelligently laid out chapters. The high level contents of the book is provided below but it doesn’t come close to listing the in-depth wealth of information this book provides.

SCCM_Reporting_Unleashed2

Whether you’re a beginner and want to learn how to create and work with ConfigMgr reports, or an expert who want to improve your reporting skills and rock it to the next level, this book is for you – I highly recommend it. The book is available on Amazon and comes in various formats. If you have any questions, feel free to contact Garth, who contributes tremendously to the ConfigMgr community via Twitter, Facebook, and various forums, to name a few.

Garth Jones – @GarthMJ
Enhansoft – @Enhansoft

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook to stay current on technology related matters.

Please like & share:

MDT 2013 Update 2 Released

mdt2013update2

The Microsoft Deployment Toolkit (MDT) 2013 Update 2 has been released and the most current version (6.3.8330) can be downloaded from the Microsoft Download Center.

According to the MDT blog post by Aaron Czechowski (Senior Program Manager), MDT 2013 Update 2 is basically a quality release which does not contain any new features. Some of the significant changes in this update include:

  • Security- and cryptographic-related improvements:
    • Relaxed permissions on newly created deployment shares (still secure by default, but now also functional by default)
    • Creating deployment shares via Windows PowerShell adds same default permissions
    • Updated hash algorithm usage from SHA1 to SHA256
  • Includes the latest Configuration Manager task sequence binaries
  • Enhanced user experience for Windows 10 in-place upgrade task sequence
  • Enhanced split WIM functionality
  • Fixed OSDJoinAccount account usage in UDI scenario
  • Fixed issues with installation of Windows 10 language packs
  • Various accessibility improvements
  • Monitoring correctly displays progress for all scenarios including upgrade
  • Improvements to smsts.log verbosity

There are no significant known issues in this release, however the previous post for MDT 2013 Update 1 has some information that may still be applicable, other than the fixes list above. The following post provides some information on How to get help with MDT, in case you need it.

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook to stay current on technology related matters.

Please like & share:

PowerShell & ConfigMgr Blogs

SCCM_Love_PS

My good friend Deepak Dhami (aka Dexter), who is an expert in PowerShell and System Center Configuration Manager (SCCM / ConfigMgr) is a frequent contributor for great information and resource in these fields. He conducts various user groups and workshops in India to help ConfigMgr admins improve their skills. Dexter has provided the links below on his blog and has generously allowed me to share them on mine in order to further share the goodness.

Feel free to follow and reach out to him. He is always happy to help.
PowerShell MVP profile
Blog
Twitter

Links:

Cmdlet ReferenceDavid O Brien’s Blog
PowerShell Script Repo by ConfigMgr MVP Kaido
Kaido’s personal blog
Coretech Blog by MVP kaido
Ronnie Jakobsen’s blog
Kent Agerlund’s blog
Johan Arwidmark’s blog
Henrik Hoe’s blog
PFE Heath’s Blog
Adam Meltzer’s Blog
Steve Rachui’s Blog
Nickolaj Andersen’s blog
Rob Looman’s Blog
Sean Lillis (Author of PS App deployment Toolkit)
Alex Verboon’s Blog
Laurie Rhodes’s Blog
Adam Bertram’s Blog
Stephane’s Blog

Please like & share: