ConfigMgr Reporting Error – UserTokenSIDs LDAP Server Unavailable

I recently switched to using my new-ish laptop (Lenovo P1) for my day-to-day technical work and decided I should redo my test lab in Hyper-V, particularly for my ConfigMgr / MEMCM / Intune testing and troubleshooting stuff. While I have been actively using my ConfigMgr site in my lab, I didn’t pay much attention to the built-in reports until very recently, when I discovered I had an issue as all the reports produced an error.

The Component Status in the Monitoring node of the ConfigMgr console indicated no issues with the Reporting Services Point Role.

The Site Status was lit up nice and green and indicated all was working fine with my ConfigMgr site.

When a report is run from the ConfigMgr console or SSRS, the following error is produced (see image above):

The DefaultValue expression for the report parameter ‘UserTokenSIDs’ contains an error: The LDAP server is unavailable. (rsRuntimeErrorInExpression)

The full error is provided below:

System.Web.Services.Protocols.SoapException: The DefaultValue expression for the report parameter ‘UserTokenSIDs’ contains an error: The LDAP server is unavailable.
at Microsoft.ReportingServices.Library.ReportingService2005Impl.GetReportParameters(String Report, String HistoryID, Boolean ForRendering, ParameterValue[] Values, DataSourceCredentials[] Credentials, ParameterInfoCollection& Parameters)
at Microsoft.ReportingServices.WebServer.ReportingService2005.GetReportParameters(String Report, String HistoryID, Boolean ForRendering, ParameterValue[] Values, DataSourceCredentials[] Credentials, ReportParameter[]& Parameters)


Microsoft.ConfigurationManagement.ManagementProvider.SmsException
The DefaultValue expression for the report parameter ‘UserTokenSIDs’ contains an error: The LDAP server is unavailable.

Stack Trace:
at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ParameterPresenter.GetParameters()
at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ParameterPresenter.LoadParameters(IReport report, Collection`1 navigationParameters, IResultObject resultObject)
at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ReportViewerPresenter.Worker_DoWork(Object sender, DoWorkEventArgs e)
at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)


I tried several troubleshooting steps including the following:

1. Uninstalled the Reporting role from ConfigMgr
2. Uninstalled the SQL Reporting Services
3. Reinstalled SQL Reporting Services
4. Reinstalled the Reporting role in ConfigMgr
5. Changed the registry key: “HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Microsoft/ConfigMgr10/
AdminUI/Reporting/ReportBuilderApplicationManifestName” from the value “ReportBuilder_2_0_0_0.application” to “ReportBuilder_3_0_0_0.application”
6. Edited the file:
“C:\Program Files (x86)\Microsoft Configuration
Manager\AdminConsole\bin\Microsoft.ConfigurationManagement.exe.config” and changed the 2 to a 3 in the two locations:
<add key=”10.0″ value=”ReportBuilder_3_0_0_0.application”/>
<add key=”DEFAULT” value=”ReportBuilder_3_0_0_0.application”/>
7. Checked accounts including the service account for SQL reporting

None of the above steps helped fix the UserTokenSIDs issue. I searched high and low on Google / Bing and did not discover anything regarding “LDAP server is unavailable” specifically relating to UserTokenSIDs. I finally got the big guns out and contacted my close friend, Garth Jones, who is a known industry expert with SQL and SSRS. He is a Microsoft MVP and also owns a company called Enhansoft which provides a subscription service for all things reports, which extends the reporting capabilities in ConfigMgr. Enhansoft also provides a free report as a giveaway each month.

RESOLUTION:

With Garth’s help, the issue was quickly discovered and fixed quite easily. Bottom line is that I was using a local administrator account (CM01\Administrator) to login to my ConfigMgr server as opposed to using a Domain account (Dhalico\Harjit) with the necessary privileges. FYI, “Dhalico” is my domain.
1. Added the Dhalico\Harjit account in the ConfigMgr console under
Administration > Overview > Security > Administrative Users (see image below)
2. Provided “Full Administrator” security role
3. Logged on to the ConfigMgr server as “Harjit” and tested running reports
4. Success! And Thank you Garth! 🙂

Windows PXE Boot Issues – KB4493467 (April 9, 2019)

Microsoft has acknowledged an issue with PXE boot affecting Windows 8.1 and Windows Server 2012 R2 systems caused by a Security-Only update (KB4493467) released on April 9, 2019.

The Issue:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

The Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:
Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:
Use the Windows Deployment Services UI.

  1. Open Windows Deployment Services from Windows Administrative Tools.
  2. Expand Servers and right-click a WDS server.
  3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:
Set the following registry value to 0:

HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Fix WordPress “Destination Folder Already Exists”Issue

I encountered an issue with my WordPress hosted site when I was attempting to install a plugin, in this case the WP Statistics plugin. I know I had previously installed this plugin but it did not show up in my installed plugin list in the WordPress Admin dashboard. The installation fails with an error: “Installation failed: Destination folder already exists.”

When you install a WordPress theme or plugin, WordPress will extract and copy the folder from a zip file into the wp-content/themes or wp-content/plugins directory. If the folder already exist, then WordPress is unable to copy the files and therefore generates the error. This can happen if the theme or plugin files that are already installed are missing or corrupted.

Here’s the fix for this issue:

  • Use a FTP client such as FileZilla, and connect to your WordPress site.
  • Drill down into the wp-content/plugins directory and delete the plugins folder which you are having issues with. In my case the WP Statistics plugin folder.
  • Once the folder is deleted, go back to your WordPress admin site and reinstall the plugin. You should see a successful installation and at which point, you can activate the plugin and configure the settings if necessary.

ConfigMgr Guidance For SQL CE Levels

What is Cardinality Estimation or SQL CE Level?
The Cardinality Estimator is a SQL Server Query Processor component that is responsible for predicting the number of rows that the query will return. Microsoft provides some great documentation about SQL CE which you can read more on Microsoft Docs.

As for how SQL CE works and it’s importance with ConfigMgr, Umair Khan of Microsoft has shared a great blog post explaining the details, which you can read more here:
https://blogs.technet.microsoft.com/umairkhan/2019/01/28/configmgr-current-branch-1810-guidance-for-the-sql-ce-levels-with-various-sql-versions

Finding and Removing Unused VMware Horizon View Replica Virtual Machines

vmware-vr-1

Purpose

This article provides steps to find one or more unused replicas in the datastore and to safely remove them.

Resolution

If the parent virtual machine or snapshot is changed in the pool settings, a new replica virtual machine is created. The previous replica becomes unused and is deleted after the recompose completes. The View composer automatically deletes the replica from vCenter Server and the Composer database. Under certain conditions, the replica virtual machine information may exist in the Composer database and the vCenter Server Inventory after any linked clone associated with the replica is deleted. This results in an unused replica.

Finding and removing unused replicas

To find and remove unused replicas:
  1. In vCenter Server or the server where the composer is installed, stop the VMware View Composer service.Note: When this service is down, no recompose, refresh, or provisioning operations occur. Use a convenient maintenance window.
  2. Click Start, type Services, and Press Enter.
  3. Click VMware View Composer Service.
  4. Click Stop.
  5. Click Start > Run, type cmd, and click OK. The command prompt opens.
Note: In the Windows Server 2008 machines, the command prompt must be run as an Administrator.
To run the command prompt as an Administrator:
  1. Click Start > Run, type cmd, and click OK. The command prompt opens.
  2. Hold Ctrl + Shift, and press Enter.
  3. Navigate to the View Composer install directory.
    • On a Windows 32-bit server, navigate to C:\Program Files\VMware\VMware View Composer.
    • On a Windows 64-bit server, navigate to C:\Program Files (x86)\VMware\VMware View Composer.
  4. Run the sviconfig.exe command with the FindUnusedReplica operation:

    SviConfig.exe -operation=FindUnusedReplica -DsnName=DSN_Name -Username=User_Name -Password=Password

    Where:

    • DSN_Name is the name of the compose database DSN
    • User_name is the user name of composer database owner
    • Password is the password of composer database ownerFor example:SviConfig.exe -operation=FindUnusedReplica -DsnName=ComposerDB -Username=sa -Password=secretNotes:
    • If the DsnName contains spaces, use quotes around the value.
    • If there are two composer databases on the server due to an older database, and the command is run against the incorrect database, the currently used replicas is moved to the unused folder as the old database does not recognize them.

    To determine the Composer DB DSN, user and password:

    1. In the vCenter Server hosting the Composer service, Click Start > Programs > Administrative Tools > Data Sources (ODBC).
    2. Click the System DSN tab.
    3. Click the Composer database entry. This is the value you enter for DsnName in the sviconfig command.
    4. Click Edit.
    5. The username is visible and should match the entry in the Composer configuration in the View Manager.
  5. If the command finds any unused replicas, they are listed in a new file created in the current directory ( unused-replica-*.txt).
  6. Unused replicas can be unprotected and moved to a unique folder with the parameter:-move=trueFor example:SviConfig.exe -operation=FindUnusedReplica -DsnName=ComposerDB -Username=sa -Password=secret -Move=trueNotes:
    • When using the move=true option, you receive warning pop-ups. These are safe to ignore.
    • Note the UnusedViewComposerReplicaFolder is created automatically if it does not exist, and unused replicas are moved to this folder.
  7. Open a vSphere Client and connect to vCenter Server.
  8. Click Inventory > VMs and Templates.
  9. Remove the replicas located at the UnusedViewComposerReplicaFolder.
  10. Start the VMware View Composer service.
Note: To view the help file for findUnusedReplicas:
  1. Click Start > Run, type cmd, and click OK. The command prompt opens and navigate to the View Composer install directory.
  2. Run this command:SviConfig.exe -operation=findUnusedReplica

Additional Information

See Also

PCoIP connections to VMware Horizon View 5.1.x / 6.1 Desktops With Multiple Network Adapters Fail

PCoIP connections to VMware Horizon View 5.1.x / 6.1 desktops with multiple network adapters fail (2062604)

Symptoms

  • Attempting to connect to Horizon View desktops with multiple network adapters fail.
  • You see errors similar to:
    • Unable to launch from Pool <pool> for user <domain/user>: There were no machines available that reported protocol [PCoIP] as ready
    • The Display Protocol For this Desktop is currently not available
    • The connection to the remote computer ended
Note: The issue can also be observed when connecting to View desktops having single network adapter.

Resolution

To resolve this issue, configure the subnet that the View Agent uses by setting the value for the subnet mask registry in Parent Virtual Machine.
Warning: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information, see Microsoft KB article 136393.
Note: The preceding link was correct as of June 17, 2015. If you find a link is broken, provide a feedback and a VMware employee will update the link.
To open the Windows Registry:
  1. Click Start > Run, type regedit, and click OK.
  2. Go to the registry key – HKEY_LOCAL_MACHINE\software\vmware inc\vmware vdm\node manager\subnet.

    For View 6.1 – Go to the registry key HKEY_LOCAL_MACHINE\software\vmware inc\vmware vdm \IpPrefix
  3. Set the value to n.n.n.n/m (REG_SZ). Note: where n.n.n.n is the TCP/IP subnet and m represents the number of bits in the subnet mask.
For more information:

Source: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2062604

Windows 7 Network Controller Issues – KB4338818 (July 2018)

The July 2018 Windows Updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 introduces a bug that could cause the network interface controller to stop working. The update referenced is KB4338818.

In case your systems run into this issue, the workaround from Microsoft is to do the following:

Please use your best judgement and evaluate the risks of applying this update to your Windows 7 SP1 and Windows Server 2008 R2 systems.

** Update **
According to an IT Pro who opened a support case with Microsoft, this is the information provided at this time:

“Regarding the known issue in the July monthly rollup about the network interface controller that will stop working. We are still looking at the data gathered from multiple customers and we do not have a list third party software that is causing the issue. What we do know until now, is that the issue is reproducing mainly on VM over VMware.”

Fix For Error: Failed To Process Configuration Manager Update 0x87d20b15

With the release of version 1710 for System Center Configuration Manager Current Branch on November 20, 2017, I pursued to update my ConfigMgr 1706 site to take advantage of some of the exciting new features, which you can read more here! Use this PowerShell script to enable the early update ring for ConfigMgr 1710.

I tested the update in my test lab and the upgrade to v1710 worked just fine. As usual with my production environment, I always run the prerequisite checker to make sure nothing is flagged as an issue, which in my case all was fine with green checkmarks. However, the actual installation of the update failed on the Installation step for “Upgrade ConfigMgr database” as seen in the screen capture above. The description for the error indicates: [Failed]: Upgrading ConfigMgr database. Check cmupdate.log for details.

The following is an error was seen in the cmupdate.log: Failed to apply update changes 0x87d20b15

I located a blog post by my friend Anoop dated from October 2016 referencing a similar error code where he points to providing the NT Authority/System account in SQL with the sysadmin security role, however that was not the cause of my upgrade failure and the security roles were already defined correctly. The following TechNet thread was a dead end as well.


My post on Twitter as seen above caught the attention of another friend of mine, David James, Director of Engineering for ConfigMgr at Microsoft, who with his team were able to pinpoint the problem in no time at all and quickly provided a solution which resolved my ConfigMgr 1710 upgrade installation hang up. Thanks David and to the ConfigMgr team! The gist of the problem is that my environment had an old compatibility level 100 set for the SQL Server database for the CM_XXX database, and you can find this referenced in the cmupdate.log file. Changing it to 110 fixed the compatibility level needed for ConfigMgr 1710.

Run the following query in SQL Management Studio (please change XXX to your ConfigMgr Site Code) and retry the installation via the Update and Servicing node in the ConfigMgr Admin Console. This also addresses the issue where TRY_CONVERT is not recognized as a built-in SQL function:

ALTER DATABASE CM_XXX SET COMPATIBILITY_LEVEL = 110

SUCCESS!!

** Additional Mention **

Check out this blog post, “In Telemetry We Trust?” written by a friend and fellow ConfigMgr admin, Peter Egerton, who shares a similar experience and the positive nature of telemetry data especially in the ConfigMgr space.

Malware Isn’t Just For Windows Anymore – Fruitfly Is Hitting Macs Hard

This year’s cyber threat epidemic started with Windows, then spread over to Linux and third-party apps, and now is here for Macs. While the latest malware Fruitfly is targeting Mac computers, its malware library is also capable of running on Linux systems. 

Though it was recently found conducting surveillance attacks, it’s possible Fruitfly has been infecting Mac systems for over two years. It appears that the base code of Fruitfly is over a decade old, which begs the question: how can decade-old malware start breaching systems now? Haven’t our systems been updated over the last ten years?

It seems the Fruitfly developers have reused old code and modified it to give this malware extra power and capabilities. This cross-platform malware uses old APIs, but if there are any changes in the API, it will break the legitimate program to maintain reverse compatibility as long as possible. Fruitfly may have escaped detection for a long time because it appears that its creators have intentionally limited how many computers it targets. And since Mac systems don’t usually face as many threats as Windows, many administrators have been more lenient with patching their Macs, leaving them vulnerable to attacks such as Fruitfly.

You can identify Fruitfly infections by detecting suspicious network traffic. A file integrity monitor or log analyzer can help you identify an attack on your network, but a breach could be avoided altogether by keeping your systems up-to-date. Since most enterprises comprise different operating systems, it isn’t advisable to employ a separate patching tool for Windows, Mac, and Linux. The smarter alternative would be for an enterprise to employ a multi-platform patch management solution that helps update every computer from a single console. However, there are only a few solutions on the market that even support third-party patching, and even less that provide complete control over all enterprise devices, including mobile devices

These last few months have already given security professionals a lot to cover, and since cyber attacks are evolving at rapid rate, its high time enterprises maintain endpoint security by keeping their systems up-to-date. The best way to do this is to employ a patch management solution to stay safe from future ransomware and malware. One such solution is ManageEngine’s Desktop Central.

Desktop Central is integrated desktop and mobile device management software. This multi-platform solution helps automate your overall patch management process, and also has some other enhanced features to help secure your networkDownload ManageEngine Desktop Central Now and keep your Windows, Mac, Linux and all your third party applications completely safe and up-to-date. 

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Five Routine’s That Sums Up Desktop Management

IT departments play a major role in systems maintenance and it takes some effort for a system administrator to keep servers and end user workstations up and running for stability and productivity reasons. Lets take a look at system administrator’s daily routine and the importance of it.

1. Downloading and Deploying patches to user computers

System administrator has to identify required patches (3rd party) on systems, download them from the vendor websites and deploy them to end user computers. Managing these patches on a one of basis seems straightforward but it becomes cumbersome on a routine basis and especially when there are many systems to patch. Using a Patch Management solution, these routine tasks can be automated and scheduled to lessen the cumbersome workload on system administrators.

2. Installing software to user computers

Manually installing software on remote computers can be a daunting task and is challenging. A Software Management solution can resolve this complication by allowing a system administrator to deploy software from any location, handle tickets with ease and assist users demands in software installation with simplicity.

3.Troubleshooting remote computers

Troubleshooting servers and workstations for Operating System issues, software installations, security patches, system crashes can be remedied much easily with software management solutions, especially with remote capabilities and centralized management interface.

4. Managing IT assets in your network

Asset tracking for hardware and software in your organization is highly important and can be done with ease with the use of an asset management software. Apart from tracking the hardware and software in the organization, software license management, hardware warranty management, and identifying the usage of software particularly for licensing, restricting unwanted software in your network is important as well. An asset management solution provides a systems administrator the tools needed to effectively gather and manage this data.

5. Deploying configurations and managing mobile devices

Managing and configuring devices such as computers, tablets, phones, and peripherals in a growing organization with rapid demands for technology can be a challenging task for system administrators. MDM and desktop management solutions provide much flexibility and the tools needed to handle these technology challenges in the enterprise.

ManageEngine Desktop Central is one such ideal solution for desktop management, with its bundle of features and pricing compared to some known industry solutions. Desktop Central offers Patch management, Software management, Asset management, Remote support, Mobile device management, Failover Service, and Auditing capabilities. Desktop Central supports heterogeneous platform in 16 different languages. Finally, Desktop Central offers a fully functioning edition to manage 50 endpoints completely free with no hidden cost.

Download Desktop Central now and experience simplified IT management.

Follow @Hoorge on Twitter and join Tech Konnect on Facebook and Twitter to stay current on technology related matters.