SCCM Replication Issue – SQL Replication Troubleshooting Guide

SCCM Database replication issues are common when you have an SCCM hierarchy with CAS, Primary, or Secondary servers. Let’s check what the necessary troubleshooting steps an SCCM admin can perform are.

SCCM replication issue is not very easy to troubleshoot via forums or offline.  The above SCCM Replication Issue troubleshooting video will help you fix some of the common SCCM replication issues.

Latest Updated Post – FIX SCCM SQL Replication Issues Using Replication Link Analyzer

SCCM Co-Management Video Guide with 16 Posts

First of all, co-management is not SCCM and Intune feature, but it’s a Windows 10 feature. Windows 10 provides an option to device management applications to concurrently manage a device. For example, you can manage a Windows 10 device with SCCM and Intune at the same time. Even this could true for other vendors and solutions like Airwatch and Kace? More SCCM Co-Management details are below with 16 posts and more than ten (10) video tutorial. This post also includes the latest updates of co-management.

Windows 10 Version Requirement?

Co-management is a dual management capability available with Windows 10 1709 version (Fall Creators Update) and later. Co-management is the bridge between traditional management and modern management. So if your Windows 10 version is not 1709 or later, then you can’t manage that device with SCCM and Intune at the same time.

SCCM Version Required for Co-management?

Your SCCM version should be SCCM 1710 or later to support co-management scenario. If you have the latest version of SCCM 1806 or 1810, then you can avoid creating many PKI certificates to implement co-management. Co-management setup for SCCM is getting simplified with latest releases of SCCM.

Firewall Ports Required for Co-Management?

We do not need to open any inbound ports to your on-premises network. The SCCM service connection point and CMG connection point initiate all communication with Azure and the CMG. These two site system roles must be able to create outbound connections to the Microsoft cloud.

Is CMG Mandatory for SCCM Co-Management

No, SCCM CMG is not mandatory for Co-Management. When you use Intune to install the SCCM client, enable a cloud management gateway in SCCM.  More details in Microsoft documentation here.

Co-Management Related Posts

SCCM co-management related posts are available in the following list. Some of them are outdated as I mentioned in the video above. I would recommend reading the Microsoft documentation on co-management to get the latest updates.

  1. How to Setup Co-Management – Introduction – Prerequisites Part 1
  2. How to Setup Co-Management – Firewall Ports Proxy Requirements Part 2
  3. Setup Co-Management – AAD Connect UPN Suffix Part 3  
  4. Setup Co-Management – CA PKI & Certificates Part 4
  5. Setup Co-Management Cloud DP Azure Blob Storage Part 5
  6. Setup Co-Management Azure Cloud Services CMG Part 6
  7. SCCM Configure Settings for Client PKI certificates Part 7
  8. How to Setup SCCM Co-Management to Offload Workloads to Intune – Part 8
  9. How to Deploy SCCM Client from Intune – Co-Management – Part 9
  10. End User Experience of Windows 10 Co-Management – Part 10
  11. Overview Windows 10 Co-Management with Intune and SCCM
  12. Custom Report to Identify Machines Connected via SCCM CMG
  13. How to Setup SCCM Cloud Management Gateway as cloud DP
  14. Troubleshooting Tips SCCM CMG Connection Analyzer
  15. Learn How to Remove SCCM Cloud DP
  16. Clean-up SCCM CMG and Cloud Services from SCCM

SCCM Co-Management Video Posts

#1 How to enable AAD Connect and UPN Suffix change

#2 – PKI Certificate Details for SCCM Co-management

#3 How to enable Cloud DP in SCCM CMG

#4 Remove or Delete SCCM Cloud DP

#5 Remove or Delete SCCM CMG

#6 SCCM CMG troubleshooting

Resource

https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-overview

Another interesting blog post https://blogs.technet.microsoft.com/arnabm/2018/10/24/cmg-with-just-one-cert/

Windows Autopilot Video Starter Kit – https://howtomanagedevices.com/windows-autopilot-video-guide/

Windows Autopilot Video Starter Kit

I covered end to end process to provision Windows 10 devices with Windows AutoPilot service with Intune.  I already have four to five posts to explain different scenarios in Windows Autopilot. In this WIndows Autopilot Video Guide, you can see the overall process to provision Autopilot devices.

  • How to start testing Windows Autopilot
  • Prerequisites for Windows Autopilot
  •  How to build a Lab environment for testing
  • How to take a trial version of Intune and Azure AD
  • How to user Hyper-v to test

What is Windows Autopilot?

Windows Autopilot is a collection of technology used to provide modern provisioning experience to end users. Windows Autopilot is a collection of technologies used to simplify the Windows 10 OOBE experience.

Windows Autopilot is also a group technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows Autopilot to reset, repurpose and recover devices. This is what I explained in the WIndows Autopilot Video Guide above.

More details available – https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot

What is Repurposing Existing Devices into Windows Autopilot?

How to repurpose existing Windows 7 and Windows 10 devices in your environment to Autopilot. So that your business can avoid the cost of managing the golden images and OSD infra. And also Autopilot gives better end-user experience if you are connected an open internet. I have seen Autopilot giving problems and end-user experience going for a toss because of enterprise Firewall and proxy issues.

All the details about repurposing existing devices are also given in the following posts and the video guide tutorial.

Previous Posts on WIndows Autopilot – WIndows Autopilot Video Guide above.

I have spent several time testing and deploying Autopilot in my lab environment. I also have more than four posts to help you with Autopilot implementation.

I presented a session on Windows Autopilot at Bangalore IT Pro event. I covered end to end process to provision Windows 10 devices via Windows AutoPilot service with Intune. It was great to have feedback from fellow IT Pros on modern management and Windows AutoPilot topics. This is what I explained in the WIndows Autopilot Video Guide above.

Helpful Post

Intune Certificate Deployment Step By Step Guide

Fix SCCM Updates and Servicing Issue with CMUpdateReset Tool

CMUpdateReset.exe is in build Tool provided by Microsoft SCCM to fix download issue. In this video post, you will get more details about how to SCCM updates and Servicing issue.  You can find the CM Update Reset tool in the following folder \cd.latest\SMSSETUP\TOOLS.

Run the CMUpdateReset.exe tool from?

  1. CAS/SQL server
  2. standalone primary/SQL server

The SCCM download reset tool (CMUpdateReset.exe) must be run on the top-level site (CAS or standalone primary) of the hierarchy. When you run the tool, use CM Update Reset tool command-line parameters to specify:

    • The CAS/Primary SQL Server at the top-tier site of the hierarchy
    • The CAS/Primary site database name at the top-tier site
  • The GUID of the update package you want to reset

What are the SCCM Update Reset Options?

There are two options to fix SCCM Updates and Servicing Issue using the CMUpdateReset.exe tool.

  1. Reset an update and restart the download
  2. Force deletion of the problematic update package

What is Next SCCM Updates and Servicing issue is not Fixed?

What if CMUpdateReset.exe didn’t help to fix SCCM Updates and Servicing? The following are the steps to download SCCM updates. You can check this download status from SCCM monitoring workspace. More details in the log file ConfigMgrSetup.log.

  1. Process update package
  2. Download update package cab file
  3. Extract update package payload
  4. Download redist
  5. Report package as downloaded

SCCM Updates and Servicing Issue

Fix SCCM Updates and Servicing with REDIST Files?

You can fix the issue with downloading SCCM redist prerequisite files using the following method.

  • When you have an issue with downloading SCCM REDIST prerequisite files,  you can try to use the old method to download prerequisite files.
  • Once the prerequisite files are downloaded with the old way, then you can copy those files to D:\Program Files \Microsoft Configuration Manager\EasySetupPayload\<Update PackageGUID >\Redist folder. This can be used a workaround.

All the above steps will ensure that you will fix the SCCM Updates and Servicing Issue.

Resources:

Fix to SCCM CB Redist Download Issue

CM Update Reset Tool Fixes SCCM CB Update Download Issue

SCCM Restore and Recovery Guide

Intune Certificate Deployment Step by Step Guide

The first before deploying SCEP certificate is to check the prerequisites of Intune certificate deployment. I’m going share the details of Microsoft PKI related certificate deployments in this video post. If you have a non-Microsoft PKI environment, you need to check the supportability of Intune.

SCEP does not support all third-party Certificate Authority (CA), providers.  In the recently Ignite Microsoft announced new 3rd party certificate authority partners. Recently, Intune included support for Device based SCEP deployment. Intune already supported User-based SCEP certificate.

Newly Announced Certificate Authority Partners

Intune Certificate Deployment

  1. Entrusted Datacard
  2. GlobalSign
  3. EJBCA
  4. COMODO
  5. Digicert
  6. IDNOMIC

The above is the list of  3rd party CA partners supported by SCEP. Hence you can deploy SCEP Certificate from these CAs via Intune. If you have a customer looking for any of the other third part CA to support SCEP, you can contact Microsoft and they will able to help you with the onboarding process.

Prerequisite for SCEP Certificate Deployment via Intune

Following are the Prerequisites for Intune Certificate Deployment. SCEP Certificate deployment to users and devices.

  1. PKI or CA infrastructure
  2. NDES Server
  3. Azure AD App Proxy Connector
  4. Microsoft Intune Certificate Connector:

I would recommend reading Microsoft documentation to get more details about SCEP or Intune certificate deployment prerequisites.

How to Create a SCEP certificate Certificate

Before deploying SCEP Certificate, you need to deploy PKI or CA chain of certificates to your devices or users.

  1. Root CA Cert
  2. Intermediate or Issuing CA cert 1
  3. Intermediate or Issuing CA cert 2
  4. Intermediate or Issuing CA cert 3 etc..
  5. SCEP Certificate issuing from CA

You need to make sure all the intermediate or Issuing CA certs have already reached the device. Once all the required certs are already there in the machine, you can deploy SCEP Certificate to the user or device. The device certificate can be secured using TMP chip.

As I mentioned in the above video, you can log in to the Azure portal with correct Intune RBAC access and create a SCEP certificate deployment profile.

  1. Azure portal
  2. Intune Blade
  3. Device Configurations – Profiles
  4. Create Profile
  5. Platform – Windows 10 or later
  6. Profile Type – SCEP Certificate
  7. SCEP Certificate Type – User or Device
  8. More details available https://www.anoopcnair.com/learn-intune-create-deploy-scep-profile-windows10-devices/

Intune Certificate Deployment SCEP Certificates

Troubleshoot on Intune Certificate Deployment Issue?

I have already shared a post about the Intune application, certificate or profile deployment troubleshooting options. I would recommend readin that post for more troubleshooting details from Intune side.

Other part of troubleshooting is done from CA, NDES, NDES Intune connector, Azure App Proxy connector etc…

https://howtomanagedevices.com/intune-troubleshooting/

Troubleshoot Intune Deployments – Applications Policies Profiles Intune Issues

Troubleshooting Intune deployments are challenging for new admins in device management world. The above video will help you to troubleshoot Intune deployment issues.

Phases of Intune Troubleshooting

There are FOUR (4) phases in Intune Deployment Troubleshooting. All these four steps are explained in this videos. You can find more details below.

  • Server/Cloud Console Side – Intune Health check
  • Server/Cloud Console Side – Intune Troubleshooting Blade
  • Server/Cloud Console Side – Deep dive into Intune App Deployment Troubleshooting
  • Client Side (Device Side) – Troubleshooting Logs/Events etc

It was far more difficult to troubleshoot on Intune issues at the time of Silverlight console. But after migrating to Azure portal Intune troubleshooting became more easy.

How to Start Intune Troubleshooting

  • Login to Azure portal – http://portal.azure.com
  • Navigate to Intune Blade
  • Click on Troubleshoot node
  • Click on Select User button
  • Search and select the user id which you want to troubleshoot
  • Click Select to start Intune troubleshooting
  • Troubleshooting blade will give you all the details of selected user
  • Drill down each part of troubleshooting guide get into the root of the Intune issue

Troubleshoot Intune Issues

Most of us know how to start troubleshooting with Intune Silverlight console. Intune troubleshooting made easy after the migration to Azure portal. More details https://www.anoopcnair.com/start-troubleshooting-intune-policy-deployment-issues/ Troubleshooting on Windows 10 MDM issues are pretty new for most of us. The importance of MDM policies are getting increased day by day. In this blog post you will see tips to start MDM way of Windows 10 troubleshooting.

How to Troubleshoot Windows 10 Event Logs

Windows 10 MDM Issues Troubleshooting using registry WMI and Event Logs. More detailed discussions are available in the following blog post – https://www.anoopcnair.com/windows-10-mdm-troubleshooting-guide/

Intune Error Codes Table

Intune error codes can find the details of Intune Apps, Intune Policies, and Intune compliance policies.  you’ll be able to review applications installation status and enrollment status for devices. Here’s a list of user details you can view for each user in the Troubleshooting portal:

  • User status
  • Group assignment
  • Application and policy Assignments
  • App protection Status
  • Compliance issues
  • Device status
  • Device details such as OS type and version

Resource

How to Delete Azure AD Device https://howtomanagedevices.com/delete-azure-ad-devices/

SCCM Admin Console Walkthrough Video Guide

Device Management training videos to start learning SCCM device management technology. SCCM is managing more than 70% corporate Windows PCs in the world. I call this series of video posts as SCCM Educational post series. I would love to cover the basic things of SCCM in this series of posts. In case you are a newbie to SCCM Admin Console then this is the helpful guidelines for you.

The Above video explains the details of SCCM Admin Console nodes. SCCM console buttons will give you an overall idea about UI capabilities. This post will help to learn and understand SCCM in a better way. I always think about a teaching technique which starts from the SCCM console. Do you think it would be ok to start SCCM learning with SCCM console overview?

SCCM Admin Console – More Details

SCCM console gives admin access to manage and monitor all the policies, applications, OD deployments, etc.. for the devices you manage with SCCM. Administrators use the SCCM Admin console to manage the SCCM environment. Each SCCM console can connect to a CAS or a primary site. You can’t connect an SCCM console to a secondary site.

An SCCM admin sees objects in the console based on the permissions assigned to their user account. For more information about role-based administration, see Fundamentals of role-based administration.

When you install the site server, you can install the SCCM Admin console at the same time. To install the console separate from site server installation, run the standalone installer. You can run the console from Windows 10 machines and manage the devices which you want to manage. You can install the SCCM console by using the standalone installer.

If you like to read more about this in a documentation format, I would recommend reading my previous post from the following link https://www.anoopcnair.com/newbies-guide-sccm-console-nodes-part1/

Resources

More Blog posts related to SCCM/Intune/Windows 10/Hyper-V/Cloud/IT Pro/Azure –

Learn SCCM Read

https://www.anoopcnair.com/sccm/

https://www.anoopcnair.com/learn-sccm-intune/

Learn Intune Read –

https://www.anoopcnair.com/intune/

https://www.anoopcnair.com/learn-microsoft-intune/

Learn Windows 10 Read –

https://www.anoopcnair.com/windows-10/

Learn Hyper-V Read – https://www.anoopcnair.com/hyperv-2/

Learn About Cloud Read – https://www.anoopcnair.com/cloud/

Learn about Azure Read – https://www.anoopcnair.com/cloud/azure/

Learn About IT Pros Events – https://www.anoopcnair.com/itpro/

Learn about me – https://www.anoopcnair.com/about/

Another Blogs related to SCCM Videos (now related to SCCM Admin Console ) – https://howtomanagedevices.com/sccm-patch-management/

PWA Windows Desktop and Mobile Experience

PWA is Progressive Web Application.  https://howtomanagedevices.com is my new blog and this blog is PWA enabled website. This blog is more for video blogs than text content. In this video post, you will see PWA Windows Desktop video experience. I will also cover PWA iOS and Android Mobile experience.

Google announced Desktop progressive web apps support for Chrome 70 or later. Once your website is PWA enabled, it (web site) can be ‘installed’ on the user’s device much like native apps. They’re fast.

PWA Windows Desktop apps provide more integrated, reliable experience because they launched in the same way as other apps, and run in an app window, without an address bar or tabs.

Advantages – PWA Windows Desktop

  • Fast
  • Integrated
  • Reliable
  • Engaging

PWA for Windows Devices

In this section, you will see how to install app (PWA) on Windows 10 desktop using Chrome 70 or later. PWA Windows Desktop experience is exaplained also in the video tutorial above.

  • Update your Chrome version to 70 or later on Windows 10 device
  • Launch (Re Launch) Chrome
  • Open https://howtomanagedevices.com or anyother PWA enabled website
  • Click options button as you can in the below picture
  • Click on Install “How to Manage Devices” button. How To Manage Devices is the name which I provided for this website.
  • Click on Install button from Install App popup
  • Launch the Desktop or Start menu shortcut to launch the PWA Windows Desktop app for HowToManageDevices blog
PWA Windows Desktop and Mobile Experience 3
Click on Install How To Manage Devices option
PWA Windows Desktop and Mobile Experience 4
Click on Install Button from Install App popup 
PWA Windows Desktop and Mobile Experience 5
Here is the PWA Windows Desktop Experience

PWA for iOS Devices

The following are the steps which we need to follow to get PWA iOS experience for you. The PWA Windows Desktop experience is different from this iOS experience. You can use Safari (default browser) on your iOS device.

  • Launch Safari
  • Go to https://howtomanagedevices.com (any website which is PWA enabled)
  • Click on Share button
  • Click on Add to Home Screen button
  • Click on ADD button
  • Click on App button  (HTMD) created on your iOS home screen
PWA Windows Desktop
Click on SHARE button from Safari Browser
PWA Windows Desktop and Mobile Experience 6
Click on Add to Home Screen Button
PWA Windows Desktop and Mobile Experience 7
Click on Add button to add PWA app to home page
PWA Windows Desktop and Mobile Experience 8
Click on the How To Manage Devices (HTMD) Icon
PWA Windows Desktop
PWA Windows Desktop and Mobile Experience 24

PWA Android Experience

PWA Android Experience is better than iOS and PWA Windows experience of obvious reasons.  The following are the steps which we need to follow to get PWA iOS experience for you. I have a video which explains PWA Windows Desktop experience.

  • Launch Chrome browser
  • Launch the PWA enabled website
  • Click options button from chrome browser
  • Click on Add to Home Screen option
  • Click on Add button from the popup
  • Click OK on the next pop screen
  • Click on PWA app (HTMD) icon from home screen
PWA Windows Desktop
Click on Add to Home Screen option
PWA Windows Desktop
Click on ADD button from popup
PWA Windows Desktop
Click on OK button
PWA Windows Desktop
Launch PWA (HTMD) icon from Home Screen

Resources

Who helped me to design PWA enabled blog ? https://kloudboy.com/

Create Office 365 ProPlus Client Package

I have create this video a year back and there are many changes in the recent months. SCCM client installation wizard has integrated with Office Customization Tool. Office 365 ProPlus Client Package creation made easy in the latest version of SCCM. You need to remember that an internet connection is required to complete the Office 365 ProPlus client package creation wizard.

The office 365 ProPlus client package creation wizard includes an online Office Customization Tool. This tool needs an internet connection as this office customization tool is launched is web-based tool.

If you are looking for solution to update Office 365 ProPlus client with latest patches, then following post shall help you. I have another post which explain about “How to Deploy and Install Office 365 Software Updates (patches) with SCCM ADR“.

Launch Office 365 ProPlus Client Package Creation wizard

 Office 365 ProPlus client package
  • Launch SCCM console from a internet connected machine
  • Navigate to \SoftwareLibrary\Overview\Office 365 Client Management dashboard
  • Click on the + Office 365 Installer from the Office 365 Client Management Dashboard
  • Give the NAME of Office 365 Client Package
  • Browse to a location mostly on the file server or SCCM server package source folder.
  • Click on Next button
  • Click Office Customization tool to customize and import your xml file to SCCM application configuraion engine. Select Office 365 ProPlus Client Package from the menu options. This part is not covered in the above video tutorial.
  • Wait for the Office 365 client Package creation wizard to finish. This wizard will download the source files from the internet and save it to package source folder.
  •  Finish to close the wizard

When Microsoft publishes a new Office 365 proplus client update to the Office Content Delivery Network (CDN), Microsoft simultaneously publishes an update package to Windows Server Update Services (WSUS). Then, SCCM synchronizes the Office 365 ProPlus client update from the WSUS catalog to the site server. SCCM can then download the update and distribute it to distribution points selected by the administrator.

Resources

How to Deploy and Install Office 365 Applications via SCCM CB

How to Manage updates to Office 365 ProPlus

SCCM Patch Management Process With WSUS And SUP

Delete Azure AD Devices – AAD Device Management

Azure Active Directory is an identity solution from Microsoft. But Azure AD helps to perform device management actions also. Most organizations use Intune to manage AAD devices. In this video, you will learn how to delete Azure AD Devices.

The Devices registed to Azure AD are visible in Azure portal. You can login to Azure portal with Azure AD admin privileges to delete devices from there. You can also delete Azure AD devices if you have Intune Administrator access.

How to Get Devices into Azure AD Management?

You have two options to get a device under the Azure AD Management.

  • 1.Registering – iOS, Android, and Windows
  • 2.Joining – Windows

In bith the above scenarios Azure AD devices can be managed by MDM Solution like Intune. Registering a device to Azure AD enables you to manage a device’s identity. When a device is registered, Azure AD device registration provides the device with an identity that is used to authenticate the device when a user signs-in to Azure AD. You can use the identity to enable or disable a device. You can also Delete Azure AD devices and remove their identities from AAD.

Delete Azure AD Devices

How To Disable an Azure AD Devices

  • Login to Azure Portal with required permissions
  • Go to Azure Active Directory blade in Azure portal
  • Select All Devices option
  • Search the devices with Device Name or You can search with User Name
  • Select one device and click on Disable button as shown in the above video

How To Delete Azure AD Devices

  • Login to Azure Portal with required permissions
  • Go to Azure Active Directoty blade in Azure portal
  • Select All Devices option
  • Search the devices with Device Name or You can search with User Name
  • Select one device and click on DELETE button as shown in the above video

Resource

Learn How to Delete or Disable Devices from Azure Active Directory

What is device management in Azure Active Directory?