January 24 2013

Popup message during SCCM task sequence in full OS

So it’s pretty easy to create a VB script popup during a task sequence when it is running in WinPE, however it’s a bit more difficult to have a VB script popup to show to the user when the task sequence is still running in the full OS – eg Windows 7 with a user logged on.

 

This is one method that I used to get it working, maybe there are easier or cleaner ways, but this one works well for me. We can achieve something like this:

Popup

 

In the task sequence, somewhere after the MDT Use Toolkit Package step, add a command line step:

TS Warning

 

Use the following command line:

“%ScriptRoot%ServiceUI.exe” -process:tsprogressui.exe %SYSTEMROOT%system32wscript.exe “%ScriptRoot%Warning.wsf”

 

This is the warning VB script (Warning.wsf) that I’ve used in my example, you just need to put this in your MDT scripts folder:

 

<job id=”setEnv”>

<script language=”VBScript” src=”ZTIUtility.vbs”/>
<script language=”VBScript”>

Dim oTSProgressUI
set oTSProgressUI = CreateObject(“Microsoft.SMS.TSProgressUI”)
oTSProgressUI.CloseProgressDialog()

MsgBox “Popup warning message to go here. This is shown in the user session.” & chr(13) & chr(13) & “Press OK to continue.”,0, “Warning”

</script>
</job>

 

 

There is also a bit of info over here on ServiceUI.exe – http://blogs.technet.com/b/cameronk/archive/2011/01/25/can-i-use-serviceui-exe-to-launch-other-programs-besides-the-udi-setup-wizard.aspx

 

 

January 4 2013

SCCM 2012 signature verification failure and Schannel errors

I came across an interesting problem when working with a client on a SCCM 2012 implementation:

Problem

Clients in the secondary site boundary failed to request application installation in software center, and the locationservices.log shows errors about failure to verify signatures eg:

LocationServices::CCMVerifyServiceSignature: Signature verification of data failed after refreshing web service certificate.
LocationServices::VerifyDataSignature: Overall signature verification failed – 0x80004005; checking if status message should be sent.

Meanwhile, in the system event log on the secondary site servers we can find a lot of error events with ID 36888 and 36884, eg:

Event ID: 36884

Source: Schannel

Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is <Name of the SQL cluster instance>. The SSL connection request has failed. The attached data contains the server certificate.

 

Environment

  • SCCM 2012 RTM is running (no service packs or hotfixes)
  • The primary site database server is on an SQL cluster instance
  • Secondary sites are using SQL express as the database and was installed by push installation from primary site
  • As per http://support.microsoft.com/kb/2688247 the SQL server 2008 R2 SP1 CU4 was applied on the secondary site servers with SQL Express, but it did not resolve the problem

 

Further info

  • We found the SQL server native client version on primary site is SQL server 2008 (without R2), however on the secondary site server is SQL server 2008 R2.
  • There is a Microsoft known issue when the SQL native client version is 2008 R2 and the primary site database is on a cluster, the access will fail.
  • By default during SCCM installation on the primary site server it installs the SQL native client, it’s SQL 2008 (without R2), however on secondary site servers it installed SQL server 2008 Express, and SQL Express would install the SQL server 2008 R2 native client.

 

Solution

  • Uninstall SQL server 2008 R2 native client on secondary site server
  • Restart secondary site server
  • Install SQL server 2008 native client on secondary site server
  • Restart all SCCM services on secondary site servers

 

As mentioned above, this is a known issue with SCCM 2012 and expected to be fixed by Microsoft with the release of Service Pack 1 for SCCM 2012.