How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr 1

How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr

How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager. SCUP 2017 has four 3rd party software update catalogs.

Dell, HP, Fujitsu, and Adobe are the four third-party software update catalog providers in the SCUP 2017 Preview version.

In previous blog posts and video tutorials, I explained the installation, configuration, and integration process of SCUP with SCCM.

This post will show how “How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB“. We must follow the same process for publishing HP and Fujitsu software updates.

How to Publish Dell BIOS Firmware Updates Via SCUP and SCCM CB

Dell Software updates Catalog (Bios, Drivers and Applications, Firmware) are added to the SCUP console. Click on the Dell Folder and expand the Dell folder to see subfolders.

How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr – Video 1

How to Add Dell Software Update Catalog to SCUP

Open the SCUP 2017 console. Navigate to “Update Workspace—Overview” and click Add Partner Software Updates catalogs. Select Dell and click on the Add button.

This will add the Dell updates to the SCUP database. Dell updates include Dell Bios, Drivers, Applications, and Firmware updates.

How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr
How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr – Fig.1

How Do you Publish Dell Software Updates to SCUP, WSUS, and SCCM CB?

Dell Software updates Catalog (Bios, Drivers and Applications, Firmware) are added to the SCUP console. Click on Dell Folder. Expand the Dell folder to see subfolders. Select the updates from the right pane of the SCUP console that you want to publish to SCCM CB.

Specify the publish option—There are three options while posting updates: Automatic, Full content, and Metadata Only. I usually recommend selecting the Automatic option. The reasons for choosing the Automatic option are given below. This has been shown in the video here.

Click Automatic to all updates publisher to query SCCM to determine whether the selected software updates are published with full content or only metadata.

In this mode, software updates are only published when they meet the client request count and package source size thresholds specified on the SCCM server page of the Options dialog box. Automatic is available only when SCCM integration is selected on the SCCM server page.

Select the checkbox at the bottom of the SCUP publish wizard. When published software updates have not changed, but their certificate has changed, this checkbox will sign all software updates with a new publishing certificate.

How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr - Fig.2
How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr – Fig.2

How to Select Dell Products from SUP Component Properties in SCCM? How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr

Once the updates are published from the SCUP console, you can go to the SCCM CB console to configure the rest. Navigate SCCM console – \Administration\Overview\Site Configuration\Sites.

Click on Settings—Configure Site Components—Software Update point component—Properties. Go to the Products tab and Select Dell, Bios, Drivers and Applications, and Firmware. This is the same thing I showed in the video.

Dell
Bios
Drivers and Applications
Firmware
How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr – Table 1
How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr - Fig.3
How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr – Fig.3

Once the appropriate products are selected, navigate \Software Library\ Overview\Software Updates in the SCCM CB console. Right-click on the Software Updates node & select Synchronize Software Updates.

This will help sync and get the Dell updates to the SCCM CB console. WsyncMgr.log will provide you with the details about Dell updates.

How to Deploy Dell Updates via the Software Updates Deployment Method?

In the following post, I have already blogged about the SCCM Software Update process, “Step by Step Guide SCCM ConfigMgr CB Software Update Patching Process“. Deploying Dell software updates to Windows 10 devices is similar to any other software update deployment.

As shown in the video, select all the Dell Bios and Firmware updates you want to deploy from the All Software Updates node. Once selected, right-click those updates and click on Deploy.

How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr - Fig.4
How to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr – Fig.4

For Dell software updates, you must provide the Deployment name and software update group name. On the next screen, select the collection name from the list.

The members of that collection will get the Dell software updates deployment. Schedule the deployment and make sure you set a good user experience.

Also, provide the new Dell software update package name and the shared folder location to store the Dell software updates. You also need to select the DPs to distribute this package.

Example of the Dell Software Update Deployment via SCUP and SCCMHow to Deploy Dell Bios Firmware Updates Via SCUP and SCCM CB Configuration Manager ConfigMgr

It would be best to have an internet connection to the server to download the Dell updated from Dell. Otherwise, you must have already downloaded the binaries from Dell and stored them in a shared location, as shown in the video here.

Do you want to download these Dell software updates in different languages? If so, you can select other languages on the Language Selection page.

• Dell Latitude 10 ST2 System BIOS,A09 0XM7C(Article ID)
• Dell Latitude 10 ST2e System BIOS,A07 T47W6(Article ID)
• Dell Latitude 12 Rugged Extreme 7204 System BIOS,A11 J6PG2(Article ID)
• Dell Latitude 12 Rugged Tablet,A15 X2GXX(Article ID)
• Dell Latitude 3180/3189 System BIOS,1.1.1 M6HF7(Article ID)
• Dell Latitude 3330 System BIOS,A08 800F5(Article ID)
• Dell Latitude 3340 System BIOS,A13 48CH6(Article ID)
• Dell Latitude 3350 System BIOS,A09 0468G(Article ID)
Success: General:
• Deployment Name: 3rd Party Updates SCUP - Dell Software Updates
• Collection: All Desktop and Server Clients
Deployment Settings:
Send wake-up packets: No
• Verbosity Level: Only success and error messages
Scheduling:
• Deployment schedules will be based on: Client local time
• Available to target computers: 23-09-2017 07:25:00
• Deadline for software update installation: 30-09-2017 07:23:00
• Delayed enforcement on deployment: False
User Experience:
• User Notifications: Display in Software Center and show all notifications
• Install software updates outside the maintenance window when deadline is reached: No
• Restart system outside the maintenance window when deadline is reached: Suppressed
• If a restart is required it will be: Allowed
• Commit changes at deadline or during a maintenance window (requires restarts): Yes
• If any update in this deployment requires a system restart, run updates deployment evaluation cycle after restart: No
Alerts:
• On software update installation error generate a Window Event: No
• Disable Window Event while software updates install: No
Download Settings:
• Computers can retrieve content from remote distribution points: No
• Download and install software updates from the fallback content source location: Yes
Package:
Success: The software updates were placed in a new package:
• 3rd Party Updates SCUP - Dell Software Updates
Success: Content (1):
• SCCMTP1.INTUNE.COM
Software updates downloaded from the internet
Success: Dell Latitude 10 ST2 System BIOS,A09
Success: Dell Latitude 10 ST2e System BIOS,A07
Success: Dell Latitude 12 Rugged Extreme 7204 System BIOS,A11
Success: Dell Latitude 12 Rugged Tablet,A15
Success: Dell Latitude 3180/3189 System BIOS,1.1.1
Success: Dell Latitude 3330 System BIOS,A08
Success: Dell Latitude 3340 System BIOS,A13
Success: Dell Latitude 3350 System BIOS,A09
Language Selection:
English

References

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM Management Insights Configuration Manager ConfigMgr Details 2

SCCM Management Insights Configuration Manager ConfigMgr Details

Let’s discuss the SCCM Management Insights Configuration Manager ConfigMgr Details. SCCM team introduced a new feature called Management Insights with SCCM CB 1708 preview version.

I mentioned the management insights feature in my previous post, “SCCM CB 1708 Preview Upgrade Video Guide and New Features”. In this post, we will look at the details of management insights, and you will get some ideas about SCCM CB Management insights. Video tutorial here.

Management Insights will help you gain valuable insights into the current state of the SCCM CB environment based on data analysis in the site database.

One of the scenarios in the management insight would be useful for better understanding your environment and taking action based on that insight.

What are SCCM ConfigMgr CB Management Insights? – SCCM Management Insights Configuration Manager ConfigMgr Details

SCCM CB Management Insights will provide the details of EMPTY collections & applications without any deployments in your SCCM environment.

[New Post – Read this post to get the latest details about SCCM Management Insights]

I hope the SCCM team will include loads of other data or details into management insights in future releases of SCCM CB. You don’t have to dig into the SQL Database and run SQL queries to find out these details anymore!

SCCM Management Insights Configuration Manager ConfigMgr Details - Fig.1
SCCM Management Insights Configuration Manager ConfigMgr Details – Fig.1

Where Can You Find the Node for SCCM CB Management Insights?

Navigate through SCCM CB 1708 preview console – \Administration\Overview\Management Insights\All Insights. I have explained this in the video tutorial here.

How Do We Find Applications without Deployments in the SCCM CB Environment?

You can find the details or list of applications without deployments from the SCCM CB console. This is under \Administration\Overview\Management Insights\All Insights – Application without deployments node.

I have explained the scenario in the video tutorial here. From the Application without the deployment node, you will get an option to delete the application directly.

You don’t have to go to the Software Library—Applications node to delete a particular application without deployment.

The last run time tab will tell you the last time the rule ran against your SCCM CB site database. To simplify the list of applications, we can find the list of undeployed applications.

How to Find Out Applications without Deployments in the SCCM CB Environment?
Administration
Overview
Management Insights
All Insights
SCCM Management Insights Configuration Manager ConfigMgr Details – Table 1
SCCM Management Insights Configuration Manager ConfigMgr Details - Fig.2
SCCM Management Insights Configuration Manager ConfigMgr Details – Fig.2

How Do You Find Empty Collections in the SCCM CB Environment?

The details or list of Empty collections can be found in the SCCM CB console. This is beneficial information, as you no longer need to dig into SQL DB and run SQL queries to find these details.

This is under \Administration\Overview\Management Insights\All Insights – EMPTY Collections node.

In the following screenshot, you can see the list of empty collections of the SCCM CB environment from the management insights node in the SCCM console.

You may also delete the empty collections from the “Management Insights – All Insights – Empty Collections” node.

You can Right-click on the empty collection and delete it. Otherwise, you can select the collection you want to delete and click the “Delete” button from the ribbon menu of the SCCM CB console. More details in the video tutorial are here.

SCCM Management Insights Configuration Manager ConfigMgr Details - Fig.3
SCCM Management Insights Configuration Manager ConfigMgr Details – Fig.3

Is SCCM CB Management Insights not Working as Expected?

Check out the log SMS_CLOUDCONNECTION.log and look for any error in the log file. Registry Key details of SCCM CB management insights component:- HKEY_LOCAL_ MACHINE \SOFTWARE \Microsoft\SMS\Components\SMS_CLOUDCONNECTION.

ERROR: Found exception System.IO.FileLoadException: Could not load file or assembly 'Microsoft.ConfigurationManager.ManagementInsights.MIWorker, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A)~~File name: 'Microsoft.ConfigurationManager.ManagementInsights.MIWorker, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' ---> System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0x8013141A)~~The Zone of the assembly that failed was:~~MyComputer~~ at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)~~ at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)~~ at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean forIntrospection)~~ at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)~~ at System.Reflection.Assembly.Load(String assemblyString)~~ at Microsoft.ConfigurationManager.TaskExecutionManager.TaskExecution.InvokeWorker(String assemblyToLoad, String typeToLoad, String componentName)

What is SCCM CB Management Insights – Find Out Unused Collections and Applications

The Management Insights node in the SCCM CB console. This feature will help you maintain SCCM infra. At the moment, it will help you get the details of EMPTY collections and Applications without deployments.

SCCM Management Insights Configuration Manager ConfigMgr Details – Video 1

References

  • SCCM CB 1708 Preview Upgrade Video Guide and New Features – Here
  • Update 1708 for Configuration Manager Technical Preview Branch – Available Now! – here

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps 3

How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps

Let’s discuss how to Troubleshoot and Fix Intune Issues with Easy Steps. Intune troubleshooting is easy with the Azure portal. You should start with the “Microsoft Intune—Help and Support” page in the Intune portal whenever you face any issue with Intune.

This post will see “How to start Troubleshooting Intune Policy Deployment Issues from the Intune portal.” For more tips, see Troubleshoot Intune Issues.

You can also check the user-based Intune security policy troubleshooting from the following post – Intune User Policy Troubleshooting Tips For Prevent Changing Theme. One post will help you resolve device-based Intune security policy issuesTroubleshoot Microsoft Edge Security Policy Deployment Issues with Intune.

Update 20-Jan-2018 – When you have an iOS device and want to perform the Intune side of troubleshooting, Microsoft released an excellent document here, “Troubleshooting iOS device enrollment problems in Microsoft Intune.”

Latest Intune Troubleshooting Strategies | Fix Intune Policy Conflicts | Methods IT Admins -Helpdesk

In this video, you will learn about the Latest Intune Troubleshooting strategies to simplify Intune app and policy deployment troubleshooting!

How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps – Video 1

How Do You Check the Status of the Intune Service? – Troubleshooting Intune Issues

When you have a major issue with Intune managed devices, the first place is to look at the current status of the Intune and other dependent services. You can check that from the Intune Tenant Admin – tenant status tab from the MEM Admin Center portal.

Under the Tenant status tab, there is a link to check the status of your Intune and other services for your tenant. Intune service status – See the current level of the service where you can get the position.

You can check Intune service health for your tenant from the Service Health and Message Center tab. The Intune message center also provides details about new changes and related information.

How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps - Fig.1
How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps – Fig.1

How to Start Troubleshooting Intune Policy Deployment?

When you significantly impact all Intune-managed devices/users, ensure that the tenant’s health is OK. Once you are sure there is no issue from the Intune service side for your tenant, it’s time to proceed with your policy assignment and other detailed troubleshooting.

When the issue is NOT impacting all devices or users, it’s better to start with the second stage of Intune troubleshooting.

[Related Posts – How to Troubleshoot Windows 10 Intune MDM Issues]

Troubleshoot +Support is the tab from the MEM admin center portal. Select one of the users having issues with application or policy deployment. For example, when a user is not getting the application assigned to AAD Group. Another example is that the user is not compliant with the configuration policies assigned.

How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps - Fig.2
How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps – Fig.2

I selected Anoop Nair as the user. All the details of this user will be available in the troubleshooting tab. This will help the Intune admin to confirm whether we have targeted all the applications and policies to correct AAD groups. You can check and confirm whether the user.

You can check and confirm whether the user
Does the user have a valid Intune license or not
Is the user part of the correct AAD group or not
Is the Device compliant or not
Status of Company Data Removal/wipe from a device
How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps – Table 1

Another set of user details you can check in the troubleshooting tab of Intune Blade is the Principal name of the selected user and Email ID. All the other information available in the Intune troubleshooting blade are

  • Intune license assigned to a user or not
  • Whether Devices compliant status
  • Whether apps are in a compliant state or not
  • Azure AD Group membership for the user
  • Mobile Apps Assignment to the user
  • Compliance policies deployed or assigned to users
  • App protection status for the devices
  • Configuration profile deployment status for the user
  • List of the devices for that user and status of devices

There are some red icons, as seen in the video tutorial and the screenshot below. Those red icons could indicate potential issues with application or policy deployments. I could see problems with Anoop’s Android device. The app protection status does not look suitable for Android devices. The Intune troubleshooting blade provides a valuable report that “31 apps non-compliant“.

How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps – Video 2

Intune Troubleshooting Blades has six (6) Assignment categories. Each type provides details about the user assignments. If some terms are missing, we need to examine the targeting AAD groups of those policies.

  • Mobile Apps
  • Compliance Policies
  • Configuration Profiles
  • App Protection Policies
  • Windows 10 Update Rings
  • Enrollment Restrictions
How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps - Fig.3
How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps – Fig.3

The above information is essential to start Intune troubleshooting from the Azure portal. From the troubleshooting tab, we can directly access details of each assigned policy for that user. We can also look at the device properties and hardware information for more detailed troubleshooting.

For example, you have started a company data wipe action for a device, but the device or user can still access the corporate mail from the device. Intune admin can directly search for the user from the Intune troubleshooting session and get all the user’s device details. Once the device is identified, you can check the following information about it.

Device name, Managed by, Azure AD join type, Ownership, Intune compliant, Azure AD compliant, OS, OS version, and Last check-in.

How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps - Fig.4
How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps – Fig.4

Last Check-In details are essential in this device retirement or company data wipe troubleshooting scenario. The previous check-in details will tell you when the device was in touch with Intune service for the last time. You can check the Company Data Removal action, Factory reset details, and status from the Intune troubleshooting blade.

[Related Posts – How to Troubleshoot Windows 10 Intune MDM Issues]

The Intune Troubleshooting Blade is a one-stop shop for all the troubleshooting activities related to Intune device management, compliance policies, configuration profile deployments, etc.

How Do You Raise a Free Intune Support Case for Intune Issues?

Microsoft provides an option to raise a support case for Intune issues from the Intune MEM admin center portal’s Help and Support tab. The charges for these support cases are directly linked to your Intune subscription contract.

There is an option to raise an Intune support case with Microsoft’s exclusive contract. I recommend using premier contract support for high-impact Intune issues and if you need immediate help.

How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps - Fig.5
How to Start Troubleshooting Intune Issues Fix Intune Issues with Easy Steps – Fig.5

Severity options are essential while raising an Intune support case. Severity options should be selected based on the impact of the issue. Also, depending on the severity of the problem, the response time will vary. There are three categories, as you can see below:-

  • C- Minimal Impact – The issue impacts only a few users, devices, etc.
  • B—Moderate Impact—These issues can become critical in a couple of days if they aren’t resolved ASAP.
  • A – Critical Impact – Priority issues that are impacting a whole lot of users

[Related Posts – How to Troubleshoot Windows 10 Intune MDM Issues]

References

  • How to get support for Microsoft Intune – here
  • How to Troubleshoot Windows 10 MDM Policy Deployments – here
  • Intune Support Case Severity Levels and Response time – here

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Schedule iOS Automatic Updates Using Intune Policies 4

How to Schedule iOS Automatic Updates Using Intune Policies

Let’s discuss how to Schedule iOS Automatic Updates Using Intune Policies. Do you have supervised iOS devices managed through Intune?

If so, you may know that iOS software updates will force installation updates on supervised mode iOS devices. Intune has a new policy to prevent/delay these force updates.

This option will also give more granular control over iOS software updates. This post will discuss how to Prevent iOS Automatic Updates Using Intune Policies.

New options have been added to the automatic iOS and iPad OS updates. The following are the exciting options available for this update.

  • Update policy schedule settings
    • Update During the scheduled time
    • Updates Outside the scheduled time

If you are looking for Windows 10 update ring policies with Intune, I have a blog post titled “How to Setup Windows 10 Software Update Policy Rings in Intune Azure Portal.”

How to Create iOS Software Update Policies in Intune? iOS Automatic Updates Using Intune

This Intune policy will help delay iOS automatic updates. iOS devices should be part of the Apple DEP program and managed through supervised mode. Create a profile to force assigned devices to automatically install the latest iOS/iPadOS updates.

These settings determine how and when software updates deploy. This profile doesn’t prevent users from updating the OS manually, which can be controlled for up to 90 days with a device configuration restriction policy. Updates will only apply to devices enrolled through Apple’s Automated Device Enrollment (ABM or ASM).

How to Create iOS Software Update Policies in Intune
Login to the MEM Admin Center portal
Navigate via the Devices – iOS/iPad Update Policies (Update policies for iOS/iPadOS)
Click on + Create update policy
From the Update Policy Settings page for iOS/iPad OS update – The version of iOS/iPadOS to install on devices at the time of update
How to Schedule iOS Automatic Updates Using Intune Policies – Table 1

You can create a new policy with a proper name and description of the policy. This policy will prevent iOS Automatic Updates from forcefully getting installed on supervised iOS devices.

How to Schedule iOS Automatic Updates Using Intune Policies - Fig.1
How to Schedule iOS Automatic Updates Using Intune Policies – Fig.1

Update Policy Schedule Settings for iOS/iPad OS Devices

Update policy schedule settings: By default, when an iOS/iPadOS Software Updates policy is assigned to a device, Intune deploys the latest updates at device check-in (approximately every 8 hours).

You can instead create a weekly schedule with customized start and end times. If you choose to update outside the scheduled time, Intune won’t deploy updates until the scheduled time ends.

  • Select Type and Schedule for iOS update (When the updates will occur. Additional input is required to schedule updates during or outside of scheduled times)
    • Update at next check-in
    • Update During the scheduled time
    • Update Outside of the scheduled time
How to Schedule iOS Automatic Updates Using Intune Policies - Fig.2
How to Schedule iOS Automatic Updates Using Intune Policies – Fig.2

Update During the scheduled time, stop updates from being installed at any random time. By configuring this policy, you can delay the software update (automatic update) of iOS on the device.

Weekly Schedule -> TimeZone, Start Day, Start Time, End Day, End Time

You can select the Time zone, Date, and time for iOS/iPad OS updates. Select the time zone of the targeted devices – In this section, you must select the Time Zone of the devices you want to target for this policy. For the India Time Zone, I selected UTC+5:30.

Start Time—Select the beginning of the interval to stop iOS software updates from Installing on supervised iOS devices. You usually don’t want to install software updates on iOS devices during business hours. This will help you schedule iOS phone updates via Intune policies.

End Time – Select the end of the interval to stop iOS software updates from installing on supervised iOS devices.

Start Day of the update: You can select any day of the week from the start and end day options, from Sunday to Saturday. End the Day of the iOs/iPad OS update by selecting any day between Sunday and Saturday.

How to Schedule iOS Automatic Updates Using Intune Policies - Fig.3
How to Schedule iOS Automatic Updates Using Intune Policies – Fig.3

You can select the iOS/iPad updates outside the scheduled time. You must set a scheduled time when you don’t want this update to happen on iOS devices. The update will be initiated outside the scheduled time configured below.

How to Schedule iOS Automatic Updates Using Intune Policies - Fig.4
How to Schedule iOS Automatic Updates Using Intune Policies – Fig.4

How to Deploy or Assign Intune iOS Software Update Prevention Policy?

Once the Intune iOS Automatic Updates prevention Intune Policy is created, you can start assigning this policy to Azure AD Device groups. Deploy Updates Prevention Policy to iOS Devices. 

Select Assignments—Click on Select Groups to find the appropriate Azure AD group to target the iOS update prevention policy. Once the policy is deployed to devices, the iOS software update will be postponed.

It would help to be careful about the policy settings while targeting the AAD device groups. In the policy configuration, there is an option to configure the devices’ time zones. Time zone configuration in this policy is a bit tricky.

It seems we need to segregate devices according to their time zones. I have not tested this, but it is my assumption regarding this policy setting. Learn how To Create Azure AD Dynamic Groups For Managing Devices Using Intune.

Reporting options for iOS update policies in Intune are coming soon.

How to Schedule iOS Automatic Updates Using Intune Policies – Video 1

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM Package Vs Application 32 Vs 64 Context 5

SCCM Package Vs Application 32 Vs 64 Context

Let’s understand the differences between SCCM Package Vs Application 32 Vs 64 Context. Discussing the differences between SCCM CB packages and the application model is not new.

I have seen several posts and discussions about the advantages of using an application model rather than “classic” packages. Let’s see more details about the SCCM Package Vs. Application.

I recommend using applications rather than packages for several reasons. I’m not getting into the details of the advantages of using the SCCM CB application model.

In this post, we will see a video experience of the SCCM CB package running in 32-bit and the application running in a 64-bit context. SCCM 2007 was a 32-bit application, and if I understand correctly, SCCM 2007 packages always run in a 32-bit context.

SCCM CB Package Runs in 32 Bit Context and Application in 64-bit – SCCM Package Vs Application 32 Vs 64 Context

In this video, you will get all the details about the SCCM CB Package Runs in 32 Bit Context and Application in 64 Bit. Create and RUN Powershell script almost in real-time through the SCCM CB version. Real-time example scenarios are explained in the video.

SCCM Package Vs Application 32 Vs 64 Context – Video 1

History of SCCM Packages?

This could be because the package implementation is simply a 32-bit code. The packages can’t run in a 64-bit context. Is this true for SCCM CB as well?

SCCM Package Vs Application
SCCM Package Vs Application 32 Vs 64 Context – Fig.1

Per my testing and video tutorial here, the packages in SCCM CB always run in a 32-bit context. This statement is true for Windows 10 32-bit and 64-bit machines. It won’t be easy to understand and reproduce this scenario when deploying MSI or EXE applications as a package.

The MSI/EXE applications, packaged to run only with 32-bit, will work fine with SCCM CB packages. However, these apps will fail when trying to convert these 32-bit packages into a new application model.

To fix this issue, we need to enable an option in the SCCM app model (Deployment type properties) called “Run installation and uninstall the program as 32-bit process on 64-bit clients“.

Programs
Run installation and uninstall the program as 32-bit process on 64-bit clients
SCCM Package Vs Application 32 Vs 64 Context – Table 1
SCCM Package Vs Application 32 Vs 64 Context - Fig.2
SCCM Package Vs Application 32 Vs 64 Context – Fig.2

How to Confirm SCCM Packages Run with a 32bit Code?

I created a PowerShell script to use package options in SCCM CB. Navigate \ Software Library \ Overview\Application Management\Packages” and right-click and create a package with the PowerShell script. Deploy the script to a Windows 10 64bit machine.

When we deploy the PowerShell script to a Windows 10 64-bit machine, the Windows PowerShell 32-bit application is executed, as shown in the video above. This proves that the SCCM CB package uses 32-bit code, which can’t run in a 64-bit context.

You can deploy 64-bit MSI/EXE/Scripts using SCCM packages. The best method is to run the package from the SysNative context. Sysnative is a virtual folder that will help us access the 64-bit System32 folder from a 32-bit application or script.

SCCM Package Vs Application 32 Vs 64 Context - Fig.3
SCCM Package Vs Application 32 Vs 64 Context – Fig.3

SCCM CB Software Center client is still a 32-bit application. The app SCClient(32-bit) is visible in the above picture. This proves that the new software center is a 32-bit client on a Windows 10 64-bit machine.

How to Confirm SCCM Applications Run with 64-bit Code?

SCCM CB application always runs in a 64-bit context. By default, all the applications created using the SCCM CB app model use 64-bit context to start the execution. Your 32-bit application will fail if you create and deploy an SCCM application to clients.

When a specific requirement to run within a 32-bit context exists, you need to enable the following option: “Run installation and uninstall the program as a 32-bit process on 64-bit clients.” You can find this option in Application—deployment type properties.

To prove SCCM applications use 64bit context to run MSI/EXE/Scripts, I have created an application via \Software Library\Overview\Application Management\Applications. I used the same PowerShell script (which I used to develop the SCCM package). Deployed application to Windows 10 device.

As you can see in the video here, I initiated the PowerShell execution from the software center. The PowerShell script (Windows PowerShell) runs within a 64-bit context. When deployed as an SCCM package, the same PowerShell script ran in a 32-bit context.

SCCM CB Task Sequence Runs within a 64bit Context

The Task Sequence in SCCM CB runs within a 64-bit context. However, the SCCM CB TS engine provides a similar option for applications to run 32-bit applications/scripts.

The option is to enable the following: “Run installation and uninstall the program as 32-bit process on 64-bit clients“.

References – SCCM Package Vs. Application

  • SCCM Application Versus Package – here
  • ConfigMgr 2012 and 32-bit Application Installers – here
  • PowerShell App Deployment Toolkit – here

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr 6

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

Let’s discuss the SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr. SCCM CB fast channel has an option to push PowerShell scripts to devices. These PowerShell scripts can be pushed almost in real time.

The video tutorial attached above explains this real-time push of the RUN PowerShell script. This post will see “SCCM Run Scripts options and architecture“.

For more details about the run PowerShell script option, refer to SCCM CB Run PowerShell Script Directly from the Collection post.

Post PowerShell script deployment feature architecture and troubleshooting guide. The new communication channel between SCCM server components and clients. More details about Real-Time Graphical Representation SCCM Run Script Results.

SCCM 1810 Updates – Improvements in SCCM Run Scripts

There have been many improvements to SCCM run script deployment in recent releases. One of the latest releases is SCCM 1810, and the following are some upgrades that Microsoft brought in.

With SCCM 1810,  you can view detailed script output in raw or structured JSON format. The following SCCM script performance and troubleshooting improvements apply from the SCCM 1810 version onwards:

  • Updated SCCM 1810, clients return output of less than 80 KB to the site over a fast communication channel. This change increases the performance of viewing script or query output.
  • Additional logs for troubleshooting, as I mentioned in the CMPivot post.
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr - Fig.1
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr – Fig.1

What is the Process of Pushing PowerShell Scripts using the SCCM Right Click Option?

SCCM CB 1706 supports pushing normal PowerShell scripts using this method. However, the SCCM team included two new features in the Run Script option in SCCM CB preview releases. The architecture details of SCCM Run Scripts are explained.

  1. Enable the Create and Run Script feature
  2. Import PowerShell Script
  3. Approve or Decline the PowerShell Script
  4. Right-click on Device Collection and run the script
  5. Get the status of PowerShell script execution via the Monitoring workspace
  • Read parameters from the PowerShell script.
  • The capabilities of PowerShell script parameters have been improved. They now detect mandatory and optional parameters and prompt you to enter mandatory and optional parameters.
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr - Fig.2
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr – Fig.2

Why is the “Script” Node Not Visible in the SCCM CB Console?

Create and Run Script is a pre-release feature of SCCM CB 1706. The script node is visible in the Software Library workspace. So, if you have not enabled this feature from “Administration – Updates & Servicing – Features, “Navigate through the console path \Administration\ Overview\Updates and Servicing\Features. Right-click on the “Create and Run Script” feature and select Turn On.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr - Fig.3
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr – Fig.3

How to Import PowerShell Script to SCCM CB?

As I explained in the video, navigate the SCCM console Software Library workspace (“\Software Library\Overview\Scripts”) and click on the Scripts node. Right-click on the script node and select the Create Script option. Script wizard will guide you through importing PowerShell script to SCCM CB.

Provide the appropriate Script name, “Create Files and Folders.” The supported script language is ONLY PowerShell now. We may soon have some other supported options. Don’t expect SCCM to check the PowerShell script syntax errors before importing.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr - Fig.4
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr – Fig.4

How to Approve PowerShell Script via Fast Channel Push Method?

The SCCM team included an approval flow into the Run Script engine to avoid accidental PowerShell script pushes to devices. By default, you can’t approve your PowerShell script.

To enable the approval script option to yourself, you must disable the following option from Hierarchy settings properties “Do Not Allow Script authors to approve their scripts“.

You can right-click on the script you want to execute and select the Approve/Deny button. The Approve or Deny script wizard will walk you through the script Approval process. The video guide has more details.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr - Fig.5
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr – Fig.5

How to Execute the PowerShell Script via SCCM CB Fast Channel using the Push Method? SCCM Run Scripts?

Once SCCM approves the Script, that script will be available for execution. The PowerShell script is initiated from “\Assets and Compliance\Overview \Device Collections” in the SCCM CB console.

Select the device collection you want to target to execute the PowerShell script and right-click on the group – select the Run Script  (SCCM Run Scripts) option.

The Run Script wizard will not show all the PowerShell scripts imported into SCCM. It will only show the scripts that admins have approved. You can select one approved script at a time from the SCCM Console.

How to Execute the PowerShell Script via SCCM CB Fast Channel
Device Collections
All Desktop and Server Clients
Run Script
Confirm the Script Execution Details
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr – Table 1
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr – Fig.6

End-User Experience of Run PowerShell Script via Fast Channel Push Method?

Once the script is initiated for a collection, all the devices with the correct SCCM client version (SCCM CB 1706 and above) will get a push notification to execute a script (SCCM Run Scripts). The SCCM client Windows 10 devices will immediately execute the script on the device.

As you can see in the video here, I initiated a file and Folder creation script for Windows 10 devices. The SCCM client received a notification from the notification server and immediately executed the script on the Windows 10 machine.

The script created 20 files and folders in the C drive root of the Windows 10 device.  I have another post explaining troubleshooting of running a script, “What is Fast channel push notification“.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr - Fig.7
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr – Fig.7

How to Monitor the Execution of PowerShell Scripts through Push channel?

Once the PowerShell script is executed on a Windows 10 machine, the client will send the result to the SCCM notification server. You can see the results in “\Monitoring \Overview\ Client Operations”. If I’m not wrong, the operation Name is “Run Script (SCCM Run Scripts)”, and each task will be active for 1 hour.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr - Fig.8
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr – Fig.8

References

  • Video Guide to Troubleshoot SCCM CB Fast Channel Push Notification Issues – here
  • Fast Channel Client Notification in SCCM  – Here
  • Fast channel notification and MP replica issues – Here
  • What’s New With ConfigMgr’s Client Notification Feature – Here

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM How to Hide Tabs in New Software Center Customization 7

SCCM How to Hide Tabs in New Software Center Customization

SCCM How do you hide tabs in New Software Center Customization? SCCM CB 1708 has introduced new features into software center customization. Earlier, enterprise-level customization of software centers was possible only with Intune subscription.

With the new software center feature, you can customize the software center without an Intune subscription. This post will show SCCM CB How to Hide Tabs in the New Software Center.

In the future version of SCCM CB, the Software center can be customized according to your enterprise customer requirements. The first step toward using new customization features is to enable a new software center policy in client settings.

Also, you must know that “Application Catalog” website support ends with the first update released after June 1, 2018.

SCCM How to Hide Tabs in New Software Center Customization

SCCM Admins can add enterprise branding elements to the software center, which will help specify each tab’s visibility. In the video below, you will get all the details on hiding tabs in New Software Center Customization.

Read More DetailsCustomize ConfigMgr Software Center Appearance | Best Branding Options

SCCM How to Hide Tabs in New Software Center Customization – Video 1

The First Step to Getting New Customization Options in the Software Center?

Ensure you enable the client setting policy for the “New Software Center”. The SCCM team already documented that the previous version of Software Center will no longer be available.

  • The new policy can be enabled via client settings, Computer Agent > Use new Software Center.
SCCM How to Hide Tabs in New Software Center Customization - Fig.1
SCCM How to Hide Tabs in New Software Center Customization – Fig.1

What are the New Features Coming up in the SCCM CB Software Center?

These options are available only with the preview version of SCCM CB 1708. I assume that these features (even more) will be available in the next production release of SCCM CB 1710.

  • Set Software Center-specific company name
  • Change/Set a Software Center color theme
  • Set a company logo
  • Hide/Disable tabs on Software Center for SCCM client devices
SCCM How to Hide Tabs in New Software Center Customization - Fig.2
SCCM How to Hide Tabs in New Software Center Customization – Fig.2

What is the Recommendation for Implementing Software Center Changes?

The Recommendation is NOT to change default client setting policies. It’s better to create a new custom client setting policy to test new software centre features and deploy it to pilot client devices. Once you have tried and confirmed that everything is OK with testing new software centre features, you can deploy it to all SCCM CB client devices.

More Details about Logo Setting in SCCM CB New Software Center

Specify settings that apply to all clients in the hierarchy and can be modified by custom settings. You may disable new features for some client devices. You must say NO for the following location: “Select these new settings to specify company information.”

I could see that the following 3 settings of the new software center are disabled when I set NO to the “Select these new settings to specify company information” policy. When you put this policy to YES, you can set Company Name, color Scheme for the Software center can be selected from this option.

Ensure you have the correct logo dimension and size per the following description. Select a logo for the software center. The Maximum dimensions are 100×400 pixels, and the file cannot be larger than 750 kb. This is the information for the 1708 preview version of SCCM CB.

SCCM How to Hide Tabs in New Software Center Customization - Fig.3
SCCM How to Hide Tabs in New Software Center Customization – Fig.3

How to Hide/Disable Options Tab in the SCCM Software Center

Disabling or hiding the options tab in SCCM CB’s new software center is easy. This option is part of the client-setting policy. It’s better to disable or hide the software center options tab from client devices when you don’t want to allow users to change their work hours settings.

You can disable or hide other tabs of the software center as per your requirements. For example, if you don’t want a user to see the Software update installations, you can turn off the UPDATES tab in the software center and all the tabs mentioned in the list below.

Select NO to disable or hide tabs in the new Software Center for SCCM CB client devices. At least one tab must be set to be visible or should be enabled.

  • Disable Applications tab
  • Disable Updates tab
  • Disable the Operating Systems tab
  • Disable the Installation Status tab
  • Disable the Device Compliance tab
  • Disable Options tab
SCCM How to Hide Tabs in New Software Center Customization - Fig.4
SCCM How to Hide Tabs in New Software Center Customization – Fig.4

End-User Experience of New Software Center in Windows 10

I have disabled the Updates, Operating System, and Options tabs for my testing. Also, I have changed the colour theme of the new software center and deployed the client setting policies to Windows 10 devices.

The user on that device can see only three tabs in the Software Center: Applications, Installation Status, and Device Compliance. 

The user on that device can see only three tabs in the Software Center
Applications
Installation Status
Device Compliance
SCCM How to Hide Tabs in New Software Center Customization – Table 1
SCCM How to Hide Tabs in New Software Center Customization - Fig.5
SCCM How to Hide Tabs in New Software Center Customization – Fig.5

References

  • SCCM CB Software Center customization Preview – here
  • Future of old version of Software Center – here

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification 8

SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification

Let’s discuss the SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification. SCCM CB 1708 version added a new feature called the “Reboot” action to the fast channel push client notification. 

SCCM CB preview version 1708 has been released. I have the pleasure of upgrading my lab environment to this preview version

We can use the SCCM console to identify client devices that are pending reboot. Once identified, the devices can be restarted using a client notification action.

This post will show the Video Experience of the SCCM Reboot Task for the Collection of Devices via Fast Channel Push Notification. The YouTube video tutorial is here.

Reboot Task via Fast Channel SCCM CB 1708

This video provides all the details of the Reboot Task via Fast Channel SCCM CB 1708. The video details are shown below.

SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification – Video 1

How to Restart Computers from the SCCM Console – SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification

Using the SCCM CB 1708 preview version, you can restart the computers in a device collection. The first step is to identify the computers in a “pending restart” state.

How Do you Find Out the Restart/Reboot of Pending Devices?

Once restart pending devices are identified, right-click on collection or device to initiate the REBOOT action. This reboot action is created via the FAST client notification channel.

SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification - Fig.1
SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification – Fig.1

We don’t have a reboot script that can be deployed to machines. Most importantly, this “REBOOT” action is triggered via the PUSH channel of SCCM CB client notification.

SCCM Reboot Task for Collection of Devices
Assets and Compliance
Overview
Devices
All Desktop and server clients
Client Notification
Reboot
SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification – Table 1
SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification - Fig.2
SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification – Fig.2

Restart Action Failed on a Client Device?

I initiated a reboot action for the Pending reboot machine, and it didn’t work. Why? I checked the log files and ConfigMgr applet on a Windows 10 machine.

I realized that I had upgraded the SCCM CB server version (5.00.8549.1000) to 1708, but we didn’t upgrade the Windows 10 machine’s SCCM client version (5.00.8542.1000) to 1708.

CcmNotificationAgent.log is the best log to check for troubleshooting fast-channel push notification tasks.

You can check the status of the REBOOT action in the monitoring workspace, the “Client Operations” node in the SCCM console.

The operation name for the REBOOT action is Task 17! But I’m sure this will be changed in the production version of the release. The error logging can be improved because the error message was “Failed to execute task, error 0.”

CcmNotificationAgent LOG with Errors

<![LOG[NetworkInfo: IPAddress 20.20.20.23,fe80::b09e:95a3:172a:4212]LOG]!><time="21:07:18.726-330" date="08-26-2017" component="BgbAgent" context="" type="1" thread="6212" file="bgbconnector.cpp:124">
<![LOG[NetworkInfo: IPSubnet 255.0.0.0,64]LOG]!><time="21:07:18.726-330" date="08-26-2017" component="BgbAgent" context="" type="1" thread="6212" file="bgbconnector.cpp:147">
<![LOG[NetworkInfo: AccessMP SCCMTP1.Intune.com]LOG]!><time="21:07:18.757-330" date="08-26-2017" component="BgbAgent" context="" type="1" thread="6212" file="bgbconnector.cpp:155">
<![LOG[NetworkInfo: IsClientOnInternet 0]LOG]!><time="21:07:18.757-330" date="08-26-2017" component="BgbAgent" context="" type="1" thread="6212" file="bgbconnector.cpp:159">
<![LOG[Update the timeout to 900 second(s)]LOG]!><time="21:07:18.757-330" date="08-26-2017" component="BgbAgent" context="" type="1" thread="6212" file="bgbtcpclient.cpp:916">
<![LOG[Receive signin confirmation message from server, client is signed in.]LOG]!><time="21:07:18.851-330" date="08-26-2017" component="BgbAgent" context="" type="1" thread="6212" file="bgbconnector.cpp:221">
<![LOG[Receive task from server with pushid=1002, taskid=1007, taskguid=5AFF6AEA-67D5-4124-B04F-162FDB0E314E, tasktype=17 and taskParam=]LOG]!><time="21:13:36.115-330" date="08-26-2017" component="BgbAgent" context="" type="1" thread="6212" file="bgbconnector.cpp:312">
<![LOG[Failed to find action instance for task type 17]LOG]!><time="21:13:36.115-330" date="08-26-2017" component="BgbAgent" context="" type="3" thread="6212" file="bgbcontroller.cpp:682">
<![LOG[Failed to execute task, error 0]LOG]!><time="21:13:36.115-330" date="08-26-2017" component="BgbAgent" context="" type="3" thread="6212" file="bgbcontroller.cpp:646">

Results of Successful REBOOT PUSH Task

Upgraded the client version to 5.00.8549.1000 and reinitiated the REBOOT task by right-clicking on a collection – Client Notification – Reboot. This action created a new task for the devices (pending reboot) in that collection through SCCM PUSH fast channel notification.

What is the architecture flow of SCCM CB Fast channel push notification? I have explained fast channel architecture flow in the post here.

The SCCM fast channel push client notification service will immediately notify the client about the task assigned. However, the client won’t be restarted immediately after receiving the task from the notification server component. The SCCM client will check the policy settings for “Computer Restart”  and schedule the restart per the policy.

The computer restart policy is 90 minutes by default, and you can customize this policy from the client settings tab. The reboot or restart notification is very well integrated with the “Software Center” experience, which is a great advantage of this feature.

SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification - Fig.3
SCCM Reboot Task for Collection of Devices via Fast Channel Push Notification – Fig.3

Resources

  • Update 1708 for Configuration Manager Technical Preview Branch – Available Now! – here
  • Capabilities in Technical Preview 1708 for System Center Configuration Manager – here
  • Video Guide to Troubleshoot SCCM CB Fast Channel Notification Issues – here

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Troubleshoot SCCM Fast Channel Push Notification Issues 9

Troubleshoot SCCM Fast Channel Push Notification Issues

Let’s discuss how to Troubleshoot SCCM Fast Channel Push Notification Issues. The fast channel notification feature has been in SCCM products since 2012 SP1. SCCM fast channel notification was mainly used to notify clients about vital policies, collect inventories, etc.

For more details about the run PowerShell script option, refer to the SCCM CB Run PowerShell Script Directly from the Collection post.

SCCM CB 1706 introduced the “RUN Script” option through the fast channel push notification. This post will use a video guide to troubleshoot SCCM CB fast channel push notification issues. A video tutorial about SCCM CB fast channel push notification is here.

Let’s understand Fast channel notifications for clients. SCCM Fast channel notification is a “PUSH” method of notifying clients about the new policies. This communication channel for SCCM client fast notification is TCP (port 10123) or HTTP (port 80).

How to Troubleshoot SCCM CB Fast Channel Notification Issues

In the video, you’ll find comprehensive details on troubleshooting SCCM CB Fast Channel Notification issues. This guide will cover scenarios where Fast Channel Notifications may fail or encounter issues within the SCCM environment.

Troubleshoot SCCM Fast Channel Push Notification Issues – Video 1

What is SCCM Fast Channel Push Notification? – Troubleshoot SCCM Fast Channel Push Notification Issues

The SCCM client communicates to its MP every 15 minutes to confirm that it’s still online. When your client does not show as ONLINE in the SCCM console, we may have a problem with the fast notification communication channel.

SCCM Push Vs. Pull

Historically, SCCM uses the PULL method, expecting the client to ask for new policies regularly. But, the fast channel uses the PUSH method. What is BGB in SCCM? BGB = Fast Channel Notification related components. I don’t know whether this notification channel was codenamed “Big Green Button” or not 😉

Troubleshoot SCCM Fast Channel Push Notification Issues - Fig.1
Troubleshoot SCCM Fast Channel Push Notification Issues – Fig.1

What are the Components of SCCM CB Fast Channel Notification?

SCCM CB fast channel notification has three components. The notification manager will be located along with site servers (Primary/Secondary). It generates “push messages” for clients, sends notifications to the BGB server (MP), and stores the results. 

The notification manager initiates push notifications from the site server. The log file BGBmgr.log provides more details about the notification manager. Notification files (*.BOS files) are stored in the INBOX/BGB.box folder. The video tutorial here shows the BOS file being created.

As you can see in the following fast channel notification architecture diagram, when the primary server has an MP component, the notification manager and notification server are also on that primary server.

The notification server will be located along with the Management Point (MP) and secondary sites. It will have TCP and HTTP listeners. These will help listen to the notification manager (DB) push notifications and confirm the client’s online status.

The notification manager pushes result files (*.BTS) from clients. BGBServer.log is the file on the MP setup or site server setup directory.

The Notification Agent is a fast-channel notification component at the SCCM client end. It’s part of the SMS agent (CCMEXEC). The agent establishes a persistent connection with its notification server.

This will receive the PUSH messages from MP. CcmNotificationAgent.log is the log file on the SCCM client device. The log can note MP/Notification server communication errors.

What is the architecture flow of SCCM CB Fast channel push notification?

Troubleshoot SCCM Fast Channel Push Notification Issues - Fig.2
Troubleshoot SCCM Fast Channel Push Notification Issues – Fig.2

Why is the SCCM CB Client NOT Showing as ONLINE?

The problem is that the SCCM CB client is not showing as ONLINE in the console. Instead, it always stays offline. The problem is ONLY with FAST notification channel communication; normal deployments and policies are working fine.

Troubleshooting of SCCM CB Fast Channel Notification

First, you must ensure all the notification components are installed correctly on the server and client sides. The following log files can confirm this for installation issues and troubleshooting.

Installation Issues and Troubleshooting
SCCM CB Notification Server/Manager
BGBServer.log
BgbHttpProxy.log
BgbSetup.log
BGBisapiMSI.log
Troubleshoot SCCM Fast Channel Push Notification Issues – Table 1

Fast Channel Notification – Server-Side Troubleshooting

I checked the log files on my primary and MP (both are on the same server), and BGBServer.log shows a warning all the time: “WARNING: Notification Server (% systemroot%system32dllhost. exe) with TCP port 10123 is NOT allowed by Windows Firewall on all interfaces I.” But I thought it should work with the port 80 HTTP channel. It was not working as expected.

Following are the extracts of troublesome logs on the BGB notification serverBGBServer.log

  • Starting SMS Notification Server…~~
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:16:02.005-330> Server GC is OFF~~
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:16:02.006-330> Trigger to start TCP listener~~
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:16:02.022-330> The HTTP listener is started~~
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:16:02.030-330> Listening connections on port 10123. Waiting for clients to connect…~~
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:16:02.051-330> STATMSG: ID=9807 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_NOTIFICATION_SERVER” SYS=SCCMTP1.INTUNE.COM SITE=TP1 PID=3280 TID=1968 GMTDATE=Mon Aug 14 19:46:02.059 2017 ISTR0=”SCCMTP1.INTUNE.COM” ISTR1=”10123″ ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:16:02.061-330> WARNING: Notification Server (%systemroot%\system32\dllhost.exe) with TCP port 10123 is NOT allowed by Windows Firewall on all interfaces.~~
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:16:02.062-330> Total online clients: 0 (TCP: 0 HTTP: 0)~~
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:21:02.039-330> Generated BGB online status FULL report C:\Program Files\Microsoft Configuration Manager\inboxes\bgb.box\Bgb72ul2.BOS (version: 0) at 08/15/2017 01:21:02~~
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:21:02.055-330> WARNING: Notification Server (%systemroot%\system32\dllhost.exe) with TCP port 10123 is NOT allowed by Windows Firewall on all interfaces.~~
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:21:02.067-330> Wait 300 seconds for notifications…
  • lt;SMS_NOTIFICATION_SERVER><08-15-2017 01:21:02.276-330>

Client-Side Troubleshooting Fast Channel Notification Component

The notification agent was running. But, the  CcmNotificationAgent.log log showed loads of errors. One of the errors indicated that there could be a communication issue between the server and the client.

Troubleshoot SCCM Fast Channel Push Notification Issues - Fig.3
Troubleshoot SCCM Fast Channel Push Notification Issues – Fig.3

Error 10060 means ==> A connection attempt failed because the connected party did not appropriately respond after a period, or an established connection failed because the connected host could not respond. BGBAgent component log :-

<![LOG[Bgb client agent is starting...]LOG]!><time="01:23:55.212-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="6372" file="agentendpoint.cpp:238">
<![LOG[BgbController main thread is started with settings: {bgb enable = 1}, {tcp enabled = 1}, {tcp port = 10123} and {http enabled = 1}.]LOG]!><time="01:23:55.259-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="6372" file="bgbcontroller.cpp:126">
<![LOG[Startup random sleep for 1 seconds.]LOG]!><time="01:23:55.290-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbcontroller.cpp:416">
<![LOG[Critical Battery: [FALSE]]LOG]!><time="01:23:56.306-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbcommon.cpp:60">
<![LOG[Connection Standy: [FALSE]]LOG]!><time="01:23:56.306-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbcommon.cpp:61">
<![LOG[Network allowed to use: [TRUE]]LOG]!><time="01:23:56.306-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbcommon.cpp:62">
<![LOG[Access point is SCCMTP1.INTUNE.COM. (SSLEnabled = 0)]LOG]!><time="01:23:56.415-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbcontroller.cpp:276">
<![LOG[CRL Checking is Enabled.]LOG]!><time="01:23:56.431-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbcontroller.cpp:284">
<![LOG[Both TCP and http are enabled, let's try TCP connection first.]LOG]!><time="01:23:56.431-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbcontroller.cpp:792">
<![LOG[Connecting to server with IP: 20.20.20.22 Port: 10123 
]LOG]!><time="01:23:56.447-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbtcpclient.cpp:699">
<![LOG[Failed to connect to server with IP v4 address with error 10060. Try next IP...
]LOG]!><time="01:24:17.468-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbtcpclient.cpp:703">
<![LOG[Failed to signin bgb client with error = 80004005.]LOG]!><time="01:24:17.468-330" date="08-15-2017" component="BgbAgent" context="" type="3" thread="5200" file="bgbcontroller.cpp:635">
<![LOG[Connecting to server with IP: 20.20.20.22 Port: 10123 
]LOG]!><time="01:25:17.482-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbtcpclient.cpp:699">
<![LOG[Failed to connect to server with IP v4 address with error 10060. Try next IP...
]LOG]!><time="01:25:38.501-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbtcpclient.cpp:703">
<![LOG[Failed to signin bgb client with error = 80004005.]LOG]!><time="01:25:38.501-330" date="08-15-2017" component="BgbAgent" context="" type="3" thread="5200" file="bgbcontroller.cpp:635">
<![LOG[Fallback to HTTP connection.]LOG]!><time="01:25:38.501-330" date="08-15-2017" component="BgbAgent" context="" type="1" thread="5200" file="bgbcontroller.cpp:828">
[CCMHTTP] ERROR: URL=http://SCCMTP1.Intune.com/bgb/handler.ashx?RequestType=Continue, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
Successfully queued event on HTTP/HTTPS failure for server 'SCCMTP1.Intune.com'.
Failed to post continue request with error code 87d0027e.
Troubleshoot SCCM Fast Channel Push Notification Issues - Fig.4
Troubleshoot SCCM Fast Channel Push Notification Issues – Fig.4

Fix for SCCM CB Fast Channel Notification Issues

The Firewall port 10123 was not opened between the SCCM client and the primary BGB server. I ran the following command from the client, “Telnet 10123,” and it didn’t work (the port was not opened).

I checked the software and hardware firewalls on the server side and discovered that Windows Firewall was blocking the port communication 10123.

Disabled the Windows Firewall on the notification server for testing and restarted the client agent services (SMS Agent) on the client machine. This helped to resolve the fast channel notification issue with the SCCM CB environment.

In an ideal world, you should exclude/exempt port 10123/80 from the hardware and software firewall between the fast channel notification server and agent. This will help to resolve the issue.

More details are available in the video tutorial here

Troubleshoot SCCM Fast Channel Push Notification Issues - Fig.5
Troubleshoot SCCM Fast Channel Push Notification Issues – Fig.5

Server Side Logs After Successful Actions on Fast Channel Notification

I finished sending push tasks (PushID: 1 TaskID: 3) to 1 client and generated the BGB online status DELTA report, two critical lines of SCCM CB fast notification channel server log BGBServer.log.

C:\Program Files\Microsoft Configuration Manager\inboxes\bgb.box\Bgb7cbzg.BOS

  • Receiving a message from queue timeout.~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:07:50.411-330> Retrieving push tasks from database…~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:07:50.412-330> Retrieving online resync flag from database…~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:50.914-330> Total online clients: 1 (TCP: 1 HTTP: 0)~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:50.916-330> Online/Offline clients since last successful report: 1~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:50.919-330> Generated BGB online status DELTA report C:\Program Files\Microsoft Configuration Manager\inboxes\bgb.box\Bgb7cbzg.BOS (version: 18) at 08/24/2017 12:11:50~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:50.940-330> Get one push message from database.~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.184-330> Starting to send push task (PushID: 1 TaskID: 3 TaskGUID: 3700E17A-4BDC-45C7-990E-EA26FF92E5BF TaskType: 4 TaskParam: ) to 1 clients with throttling (strategy: 1 param: 42)~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.209-330> Finished sending push task (PushID: 1 TaskID: 3) to 1 clients~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.214-330> Starting to send push task (PushID: 1 TaskID: 4 TaskGUID: FD80647D-9748-4C96-AFC8-8BC71E00C235 TaskType: 1 TaskParam: ) to 1 clients with throttling (strategy: 1 param: 42)~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.216-330> Finished sending push task (PushID: 1 TaskID: 4) to 1 clients~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.237-330> Starting to send push task (PushID: 1 TaskID: 5 TaskGUID: 9D2B274B-F6E3-452F-A1C3-C1C166523EC8 TaskType: 1 TaskParam: ) to 1 clients with throttling (strategy: 1 param: 42)~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.238-330> Finished sending push task (PushID: 1 TaskID: 5) to 1 clients~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.261-330> Starting to send push task (PushID: 1 TaskID: 6 TaskGUID: CFB76FC4-BCC5-4525-AA53-80BCD4393E46 TaskType: 1 TaskParam: ) to 1 clients with throttling (strategy: 1 param: 42)~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.262-330> Finished sending push task (PushID: 1 TaskID: 6) to 1 clients~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.285-330> Starting to send push task (PushID: 1 TaskID: 7 TaskGUID: 1ED88E07-5E52-44FD-AF07-73769EDD7FA6 TaskType: 1 TaskParam: ) to 1 clients with throttling (strategy: 1 param: 42)~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.286-330> Finished sending push task (PushID: 1 TaskID: 7) to 1 clients~~
  • lt;SMS_NOTIFICATION_SERVER><08-24-2017 12:11:52.309-330>

Client BGB Agent Fast Notification:- Log files details of successful operations

After the firewall ports had been changed, the client notification agent started working fine. Following are some of the important log file snippets.

<![LOG[Bgb client agent is starting...]LOG]!><time="12:07:25.115-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="5368" file="agentendpoint.cpp:238">
<![LOG[BgbController main thread is started with settings: {bgb enable = 1}, {tcp enabled = 1}, {tcp port = 10123} and {http enabled = 1}.]LOG]!><time="12:07:25.162-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="5368" file="bgbcontroller.cpp:126">
<![LOG[Startup random sleep for 23 seconds.]LOG]!><time="12:07:25.178-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbcontroller.cpp:416">
<![LOG[Critical Battery: [FALSE]]LOG]!><time="12:07:48.178-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbcommon.cpp:60">
<![LOG[Connection Standy: [FALSE]]LOG]!><time="12:07:48.178-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbcommon.cpp:61">
<![LOG[Network allowed to use: [TRUE]]LOG]!><time="12:07:48.178-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbcommon.cpp:62">
<![LOG[Access point is SCCMTP1.Intune.com. (SSLEnabled = 0)]LOG]!><time="12:07:48.178-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbcontroller.cpp:276">
<![LOG[CRL Checking is Enabled.]LOG]!><time="12:07:48.178-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbcontroller.cpp:284">
<![LOG[Both TCP and http are enabled, let's try TCP connection first.]LOG]!><time="12:07:48.178-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbcontroller.cpp:792">
<![LOG[Connecting to server with IP: 20.20.20.22 Port: 10123 
]LOG]!><time="12:07:48.194-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbtcpclient.cpp:699">
<![LOG[Handshake was successful
]LOG]!><time="12:07:49.270-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbtcpclient.cpp:495">
<![LOG[Pass verification on server certificate.]LOG]!><time="12:07:49.329-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbtcpclient.cpp:823">
<![LOG[NetworkInfo: IPAddress 20.20.20.23,fe80::b09e:95a3:172a:4212]LOG]!><time="12:07:49.438-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:124">
<![LOG[NetworkInfo: IPSubnet 255.0.0.0,64]LOG]!><time="12:07:49.438-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:147">
<![LOG[NetworkInfo: AccessMP SCCMTP1.Intune.com]LOG]!><time="12:07:49.471-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:155">
<![LOG[NetworkInfo: IsClientOnInternet 0]LOG]!><time="12:07:49.471-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:159">
<![LOG[Update the timeout to 900 second(s)]LOG]!><time="12:07:49.471-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbtcpclient.cpp:916">
<![LOG[Receive signin confirmation message from server, client is signed in.]LOG]!><time="12:08:01.062-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:221">
<![LOG[Receive task from server with pushid=1, taskid=3, taskguid=3700E17A-4BDC-45C7-990E-EA26FF92E5BF, tasktype=4 and taskParam=]LOG]!><time="12:11:52.227-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:312">
<![LOG[Receive task from server with pushid=1, taskid=4, taskguid=FD80647D-9748-4C96-AFC8-8BC71E00C235, tasktype=1 and taskParam=]LOG]!><time="12:11:52.248-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:312">
<![LOG[Receive task from server with pushid=1, taskid=5, taskguid=9D2B274B-F6E3-452F-A1C3-C1C166523EC8, tasktype=1 and taskParam=]LOG]!><time="12:11:52.264-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:312">
<![LOG[Successfully sent keep-alive message.]LOG]!><time="12:35:51.339-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:290">
<![LOG[Successfully sent keep-alive message.]LOG]!><time="12:50:51.356-330" date="08-24-2017" component="BgbAgent" context="" type="1" thread="3864" file="bgbconnector.cpp:290">

References

  • Fast Channel Client Notification in SCCM  – Here
  • Fast channel notification and MP replica issues – Here
  • What’s New With ConfigMgr’s Client Notification Feature – Here

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM CB 1708 Preview Upgrade Video Guide New Features 10

SCCM CB 1708 Preview Upgrade Video Guide New Features

Let’s discuss the SCCM CB 1708 Preview Upgrade Video Guide New Features. SCCM CB preview version 1708 has been released.

I enjoy upgrading my lab environment to the SCCM CB 1708 preview version. However, upgrading to SCCM CB preview version 1708 will fail if you have an SCCM primary server in passive mode. 

It would help if you remembered that the SCCM ConfigMgr CB technical preview version should not be deployed to a production environment. This post will see the SCCM CB 1708 Preview Upgrade Video Guide. You can find the YouTube video tutorial here.

The SCCM CB preview version is similar to the Windows Insiders program, which helps SCCM admins test the new features of SCCM CB. Before installing this technical preview, you can review the limitations of the SCCM CB version here.

What is the Importance of SCCM Preview Releases?

We can’t install the CAS version of SCCM CB with the preview version. The prerequisite for installing the SCCM CB 1708 preview version has not changed.

SCCM CB 1708 Preview Upgrade Video Guide New Features - Fig.1
SCCM CB 1708 Preview Upgrade Video Guide New Features – Fig.1

How to Download SCCM CB Preview Version

The upgrade process is explained in the video tutorial here. Have you installed an SCCM CB preview version? If not, you can download the latest baseline version of ConfigMgr SCCM CB Technical Preview from here. One particular version of the SCCM preview has a maximum validity of only 3 months (90 days).

How to Upgrade from SCCM CB 1707 to 1708?

The SCCM CB update and servicing process are the same as before. Once the latest version of the preview is released, the update will be available in the SCCM console.

The update will automatically download to your server. This behavior depends on the Service connection point (SCP) mode. There are two modes for SCP: ONLINE and OFFLINE.

The next upgrade process step is the replication of new content to secondary servers. Once replication is completed successfully, the update component will start the prerequisite checks on the SCCM CB hierarchy. The prerequisite checks will run on all the site servers and site systems.

Detailed Status for the SCCM Technical Preview 1708Details
InstallationIn progress
Start WMICompleted
Install ServicesNot Started
SCCM CB 1708 Preview Upgrade Video Guide New Features – Table 1
SCCM CB 1708 Preview Upgrade Video Guide New Features - Fig.2
SCCM CB 1708 Preview Upgrade Video Guide New Features – Fig.2

Once prerequisite checks have been completed, the update component will start the actual upgrade/installation process of SCCM CB 1708. After the upgrade process, the post-installation or upgrade process will begin. All these are explained in the video tutorial here.

New Features of SCCM CB 1708 Preview Version

One of the newest features added to SCCM CB 1708 is the ability to create and run scripts with optional parameters. This script deployment is done through SCCM CB’s new fast channel.

Supported Scenarios of Run Script Option Scenarios

There is no need to deploy the script as a package or application; rather, you can directly import the PowerShell script. This Script can be targeted to collections or devices without creating any deployment.

  • Create and run PowerShell scripts on collections of devices from the Configuration Manager console.
  • Create and run PowerShell scripts with parameters to devices and collections from the Configuration Manager console.
  • Create and run PowerShell scripts with optional parameters to devices and collections from the Configuration Manager console.

SCCM Infra Management insights is another option in SCCM CB 1708. This will give you valuable insights into your environment’s current state based on the data analysis in the site database. This will provide the details of EMPTY collections and applications without deploying your environment.

  • You can view the management insights below – \Administration\Overview\Management Insights.
  • Scenarios: Review a management insight to understand your environment better and take action based on the insight
SCCM CB 1708 Preview Upgrade Video Guide New Features - Fig.3
SCCM CB 1708 Preview Upgrade Video Guide New Features – Fig.3

The two new features added to SCCM CB 1708 are initiating restarting computers from the admin console and the pending restart column. The restart computer action is also performed through SCCM fast channel notification.

The monitoring workspace in the SCCM CB 1708 console shows a different name for the Restart computer action: Operation Name #17.

SCCM CB 1708 Preview Upgrade Video Guide New Features - Fig.4
SCCM CB 1708 Preview Upgrade Video Guide New Features – Fig.4

References

  • Update 1708 for Configuration Manager Technical Preview Branch – Available Now! – here.
  • Capabilities in Technical Preview 1708 for System Center Configuration Manager – here
  • What is SCCM CB Management Insights – here

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips 11

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips

Let’s discuss the Step-by-Step Guide to Creating and Deploying APPX Apps via SCCM and Troubleshooting Tips. Windows 10 S will only run executable code signed with a Windows, WHQL, ELAM, or Store certificate. Is it correct to assume that the only supported application in the Windows 10 S version is Windows Store apps (APPX)

So, is this a good reason to start repackaging your LOB apps to APPX apps (SCCM App Deployment)? In this post, we will see a step-by-step video guide to create and Deploy APPX Apps via SCCM and Troubleshooting Tips.

To install the APPX app, the sideloading feature should be enabled on Windows 10 or Windows 11 machines. This can be done via Group Policies or Windows 10—Settings—Update & Security—For Developers—Use developer features and select the Sideload apps option.

Are you unfamiliar with the term “sideload“? In Windows 10, sideloading means installing apps on your computer that haven’t been certified to appear in the Store and run on a Windows device.

High-level Details about APPX App Packages (SCCM App Deployment) – Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips

What is unique with APPX apps? Windows APPX applications will be isolated from the rest of the host machine. This means UWP/APPX application apps won’t be able to access the kernel and system drivers. These are now containerized and more secured. UWP/APPX apps never create registry keys to the system registry.

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips - Fig.1
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Fig.1

Prerequisites for APPX App Package Installation

APPX application architecture is very important when creating the application package. I have seen APPX application deployment errors caused by the wrong architecture in the APPX package.

It is highly recommended that you build your APPX app package to target all architectures. Universal Windows Platform (UWP) apps can be configured to run on x86, x64, and ARM architectures.

Once the APPX package is created and tested on a Windows 10 machine, the appx app deployment through SCCM is straightforward.

Package Information
x64
neutral
x86
x64
arm
arm64
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Table 1
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips - Fig.2
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Fig.2

APPX Application Deployment Troubleshooting on Windows 10

I tried to install an APPX application package to Windows 10 devices, but it failed. As part of troubleshooting, I checked the requirement rules of automatically getting imported to SCCM from the APPXBundle file. SCCM App Deployment.

The application requirement is set to run only on Windows 10 mobile versions. I explained some of the issues and troubleshooting log files (AppDicover and AppEnforce) details in the video tutorial here.

Another problem I encountered was related to the APPX app-supported architecture. Windows cannot install applications because APPX requires ARM Architecture, but the computer has architecture x64 when deployed.

The following is one example of APPX application deployment. I have also seen installation failures of APPX applications when the APPX architecture is set to “Neutral.” Error details – Unable to make changes to your software. There was a problem applying modifications to the software.

Here is more information about error code 0x80073D10 (-2147009264). This error means the deployment operation failed because the package targets the wrong processor architecture.

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips - Fig.3
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Fig.3

How to Import or Create APPX Application Package in the SCCM Console

The video tutorial details creating Windows Store (UWP) apps. Open SCCM CB console – Application management – Applications – Create new Application. Now, from the app creation wizard, we need to specify settings for the appx application.

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Video 1

Select “Automatically detect information about this application from installation files,” and the application type should be “Windows app package (*.appx, *.appxbundle).” We need to provide the UNC path for the application source on the location on this page.

We can verify the imported information from the appx bundle file on the Import Information page. The General Information page is where you can change the name of the Windows 10 APPX application.

The application’s name, Publisher details, and Software version details could be changed from this page.

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips - Fig.5
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Fig.5

How to Distribute APPX App Content to DPs

Once the APPX application has been created, we must distribute the source files to SCCM CB distribution points (DPs). The DPs are where the client will get/download the source files during installation (SCCM App Deployment).

Right-click on the APPX application from the SCCM console and select the Distribute Content option, as I showed in the video tutorial above. The distributing Content Wizard helps complete the content distribution process.

We need to select the content destination details in the wizard. This is the place where you choose DP server details or collection details. The source files of the APPX application will be replicated to selected DP servers.

You can monitor the content distribution from the SCCM console’s monitoring workspace. To do so, go to the details pane and select View status.

The distmgr.log and PkgXFermgr.log files are your best friends for troubleshooting SCCM content replication issues.

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips - Fig.6
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Fig.6

How Do I Deploy the APPX Application to a Windows 10 Device?

Once the APPX application is created and the content is successfully distributed to DPs, we can deploy the Appx package to the SCCM client Windows 10 machines.

What is an application deployment from an SCCM perspective? Deployment is nothing but providing instructions to targeted machines/users (in a collection). The instructions include scheduling time, the application installation behavior, etc.

Deploy software wizard guides us through the SCCM APPX application deployment process. We need to specify general information for this deployment on the General page.

This page should automatically display the software name. We need to select target devices and user collections to deploy APPX apps.

Ensure we have selected the “Automatically distribute content for dependencies” option in this wizard to automatically distribute the content of dependent apps.

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips - Fig.7
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Fig.7

Deployment settings are another vital option for specifying settings to control how this software is deployed. To install the APPX application, we must select the action called Install. To uninstall the APPX application, we need to choose the action called uninstall.

The application has other control settings called Purpose. When you select purpose as available, the application will be available in the Software Center of the Windows 10 machine.

The APPX application installation won’t start automatically. The user needs to initiate the application’s structure manually.

The required option in deployment settings should be selected when we automatically install the APPX application onto the machine without any manual intervention.

When you choose purpose as Required in the deployment settings, another three checkboxes will be enabled on the page.

Pre-Deploy software to the user’s primary device
Send wake-up packets
Allow clients on a metered internet connection to download content after the installation deadline, which might incur additional costs.

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips - Fig.8
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Fig.8

The deploy software wizard guides us through the APPX application deployment schedule. We can schedule the application to be available after a specific time, which can be used in future applications.

Another option we can schedule for the application deployment is the installation deadline. The following deployment option we can specify on this deployment wizard page is user experience. SCCM App Deployment.

End-user Experience of APPX Deployment and Installation on Windows 10

The user will automatically receive a notification from the Software Center according to the user experience you set in the deployment setting wizard. The user can then open the Software Center and the listed APPX application.

Also, when you click on a specific application, you will get more details about the progress of the application installed on Windows 10 machines.

You can see the deployment status in the SCCM console when the installation is completed. The recently installed application will also be displayed in the Windows 10 start menu.

Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips - Fig.9
Step by Step Guide to Create Deploy APPX Apps via SCCM and Troubleshooting Tips – Fig.9

References

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.