Resolving: Service Manager (SCSM) 2016 not displaying Reports via Console

clip_image001
If you are here is because you have deployed your 2012/2016 environment and you realize that your Reports are not visible/accessible via the SCSM Console.

Problem/Symptom

On the Management Server saw this error under the Operations Manager Log.
Source: Console Operations
Event ID: 33569
Cannot connect to SQL Reporting Services Server.  Message= An unexpected error occured while connecting to SQL Reporting Services server: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)at Microsoft.EnterpriseManagement.Reporting.ReportingService.ReportingService2005.FindItems(String Folder, BooleanOperatorEnum BooleanOperator, SearchCondition[] Conditions at Microsoft.EnterpriseManagement.Reporting.EnterpriseReporting.FindItems(String searchPath, IList`1 criteria, Boolean And)at Microsoft.EnterpriseManagement.Reporting.EnterpriseReporting.FindItems(String itemPath)at Microsoft.EnterpriseManagement.Reporting.EnterpriseReporting.FindItem(String itemPath, ItemTypeEnum[] desiredTypes) at Microsoft.EnterpriseManagement.Reporting.EnterpriseReporting.GetFolder(String path) at Microsoft.EnterpriseManagement.Reporting.EnterpriseReportingGroup.Initialize()at Microsoft.EnterpriseManagement.Reporting.ServiceManagerReportingGroup..ctor(DataWarehouseManagementGroup managementGroup, String reportingServerURL, String reportsFolderPath, NetworkCredential credentials) at Microsoft.EnterpriseManagement.Reporting.ServiceManagerReportingGroup..ctor(DataWarehouseManagementGroup managementGroup, String reportingServerURL, String reportsFolderPath)  at Microsoft.EnterpriseManagement.UI.SdkDataAccess.ManagementGroupServerSession.TryConnectToReportingManagementGroup()  Remediation = Please contact your Administrator.

image

Resolution

If you are getting this error is because you haven’t registered the SPN’s and delegated the appropiate permissions to Service Manager and Reporting Services.

Open Command Line as administrator on the Management Server

Run the following commands:

This command will set the appropriate SPNs that are needed for SCSM and SSRS.

Setspn -A HTTP/SCSMDWSERVER.domain.com  DOMAIN\SCSMServiceaccount

To list the SPNs
Setspn –L DOMAIN\SCSMServiceaccount

clip_image001

Advertisements

SCSM MP migration that will break your install

I ran into some MP’s that after importing into a new environment found out the hard way will break your install.

User Roles
Linking Framework
Service level objects

Sadly there is nothing documented at MS to advise against importing these, And the system will actually let you import them. However if you do import them, you will get unexpected results. For instance, when I imported the SLO MP, my system would not allow me to create a AD connector.  I had to actually open a case with MS to undo the damage caused by importing these MPs.

 

Always keep your critical apps up to date

First a little bit of background.  My current project has me working at a federally regulated power company. (We’ll call them PowerBiz for anonymity sake) They are also publicly traded and accept credit cards so to say they have to be secure is an understatement.  They use a product called Bit9 as part of their protection strategy.

Bit 9 is a great product that is used for application white listing.  However it is a resource hog and a bit difficult to work around unless constant care and feeding is performed.  Part of that care and feeding is to keep it on the latest patch level as well as keep it “right sized” for your environment.

Now I have been fighting with getting a Win10 1803 image built for PowerBiz. As part of that build process PowerBiz wants to make sure that Bit9 is implemented the instant the image is laid down. to accomplish this, PowerBiz has set up their capture process to include the Bit9 parity agent installation and synchronization. This way there is never an instance of a computer being on the network without Bit9 installed. This is great saves me the trouble of having to build in wait steps to my imaging process. Not a problem Right? Wrong! as it turns out, PowerBiz is on an older version of Bit9. 7.2.3 to be exact. This version does not support 1803 much less even 1703. In order to bring it to a supported state, the Bit9 infrastructure would have to be raised to 7.2.4. Due to hardware constraints and the possible lack of knowledge regarding making hardware adjustments in a virtual environment, the bit9 infrastructure is not right sized for the current load and therefore would be directly impacted by patching.  This means in summary that PowerBiz is not going to be updating their environment until they can go through the process of building out a NEW environment

Having said all that, the troubleshooting to discover the above was a bit painful.  Nothing was being written in the SMSTS logs other than the task sequence failing with an obscure error code.  However this error code led me to the true source of logging used in the “configure Windows” step, the Setup.etl logs.  These logs though difficult to translate were a goldmine of information.  I had to first translate these from the .etl to something a little more readable.  this is where the command  tracerpt setup.etl -of csv came in handy.  This command converted the etl into 2 files, dumpfile.csv and summary.txt.  The first file is where I found the gold.  I did a quick search for the word “error” and came up with the following entries:

“SclRegProcessKeySub

keys”

“(c0000022): Failed to open child key: [Bit9]”
“SclRegProcessKey

RecursiveByHandle”

“(c0000022): Failed to process reg key or one of its descendants: [\REGISTRY\MACHINE\SOFTWARE\WOW6432Node]”
“SclRegProcessKey

RecursiveByHandle”

“(c0000022): Failed to process reg key or one of its descendants: [\REGISTRY\MACHINE\SOFTWARE]”

These entries or variants of the were repeated numerous times in the setup.etl logs.

This find led me to a discussion with the Bit9 SME who followed up with Carbon Black to find out the above mentioned support status.

Long story short.  Keep your critical applications updated so that they are always under support as well as allow support of OTHER critical applications.

 

Windows 10 OSD Error: Windows Could Not Finish Configuring The System

I have been hitting this error for several days now and finally came across the resolution.

I came across this very unexpected error message when my VM rebooted right after the Apply Operating System action while running a task sequence to install a custom Windows 10 image with an answer file:

clip_image0021

Long story short, the clue to resolving this lies in the setuperr.log file in the C:\Windows\Panther\UnattendGC directory. Since I was using a VM I simply attached the .vhdx disk using Disk Management and browsed to this directory to take a look. This is what the contents of the setuperr.log looked like in my case:clip_image004_thumb1

[Shell Unattend] ProductKey: ‘XXXXX-XXXXX-XXXXX-XXXXX-XXXXX’ installation failed (0xc004f050)

I ended up having to remove the entire <ProductKey></ProductKey> entry from the unattend.xml answer file to resolve this problem. Simply removing the product key within the opening and closing brackets didn’t cut it. I had to remove the entire line from the answer file and add the product key to the task sequence instead (in the Apply Windows Settings step).

[windeploy.exe] Failure occured during online installation. Online installation cannot complete at this time.; hr = 0x80004005

The resolution to this one is plain weird. If you have a space in the value within the <RegisteredOrganization> </RegisteredOrganization> and <RegisteredOwner></RegisteredOwner> entries in the unattend.xml file Setup will stop in its tracks when attempting to apply the answer file after the Apply Operating System action. I ended up having to remove “Me, Myself and IT” and settling with “EMENEYE” instead.

[windeploy.exe] Setup.exe failed, returning exit code [0x1f]

This one must’ve been related to one of the above error messages since after having made the above changes to the answer file I had no other problems.

Your mileage may vary but this is the process I went through to resolving this problem. I hope someone somewhere finds this useful.

Manual removal of SCCM client

If you need to remove the client you can do so fairly easily by running ccmsetup.exe /uninstall.  Ccmsetup should exist on all clients, usually under the windows folder.  In the event that the command line doesn’t work here is a list of things I usually check and remove to manually clean-up all the traces of the client so I can try a fresh install.

 

1. SMS Agent Host Service

2. CCMSetup service (if present)

3. \windows\ccm directory

4. \windows\ccmsetup directory

5. \windows\ccmcache directory

6. \windows\smscfg.ini

7. \windows\sms*.mif (if present)

8. HKLM\software\Microsoft\ccm registry keys

9. HKLM\software\Microsoft\CCMSETUP registry keys

10. HKLM\software\Microsoft\SMS registry keys

11. root\cimv2\sms WMI namespace

12. root\ccm WMI namespace

13.  In Task Scheduler library, under “Microsoft” delete the “Configuration Manager” folder and any tasks within it.

14. In the Machine Certificate store delete any certs under the SMS\certificates folder

Repair Windows server 2016 Install

We recently had problems with a development server not installing Windows Updates. The fix was to repair the installation using the Deployment Image Servicing and Management (DISM) tool.

All commands should be run from an elevated command prompt.

  1. Run dism /online /cleanup-image /scanhealth
  2. Run dism /online /cleanup-image /checkhealth
  3. Run dism /online /cleanup-image /restorehealth
  4. Mount the Windows Server 2016 ISO as a drive (E: in this case)
  5. Run dism /online /cleanup-image /restorehealth
    /source:WIM:E:\sources\install.wim:1 /limitaccess
  6. Run sfc /scannow
  7. Run Windows Update

Upgrade and conversion options for Windows Server 2016

Pulled from Technet

This topic includes information about upgrading to Windows Server® 2016 from a variety of previous operating systems using a variety of methods.

The process of moving to Windows Server 2016 might vary greatly depending on which operating system you are starting with and the pathway you take. We use the following terms to distinguish among different actions, any of which could be involved in a new Windows Server 2016 deployment.

  • Installation is the basic concept of getting the new operating system on your hardware. Specifically, a clean installation requires deleting the previous operating system. For information about installing Windows Server 2016, see System Requirements and Installation Information for Windows Server 2016. For information about installing other versions of Windows Server, see Windows Server Installation and Upgrade.
  • Migration means moving from your existing operating system to Windows Server 2016 by transferring to a different set of hardware or virtual machine. Migration, which might vary considerably depending on the server roles you have installed, is discussed in detail at Windows Server Installation, Upgrade, and Migration.
  • Cluster OS Rolling Upgrade is a new feature in Windows Server 2016 that enables an administrator to upgrade the operating system of the cluster nodes from Windows Server 2012 R2 to Windows Server 2016 without stopping the Hyper-V or the Scale-Out File Server workloads. This feature allows you to avoid downtime which could impact Service Level Agreements. This new feature is discussed in more detail at Cluster operating system rolling upgrade.
  • License conversion In some operating system releases, you can convert a particular edition of the release to another edition of the same release in a single step with a simple command and the appropriate license key. We call this “license conversion.” For example, if you are running Windows Server 2016 Standard, you can convert it to Windows Server 2016 Datacenter.
  • Upgrade means moving from your existing operating system release to a more recent release while staying on the same hardware. (This is sometimes called “in-place” upgrade.) For example, if your server is running Windows Server 2012, or Windows Server 2012 R2, you can upgrade it to Windows Server 2016. You can upgrade from an evaluation version of the operating system to a retail version, from an older retail version to a newer version, or, in some cases, from a volume-licensed edition of the operating system to an ordinary retail edition.

Important

Upgrade works best in virtual machines where specific OEM hardware drivers are not needed for a successful upgrade.

Important

For releases of Windows Server 2016 prior to 14393.0.161119-1705.RS1_REFRESH, you can only perform conversion from evaluation to retail with Windows Server 2016 that has been installed by using the Desktop Experience option (not the Server Core option). Starting with version 14393.0.161119-1705.RS1_REFRESH and later releases, you can convert evaluation editions to retail regardless of the installation option used.

Important

If your server uses NIC Teaming, disable NIC Teaming prior to upgrade, and then re-enable it after upgrade is complete. See NIC Teaming Overview for details.

Upgrading previous retail versions of Windows Server to Windows Server 2016

The table below briefly summarizes which already licensed (that is, not evaluation) Windows operating systems can be upgraded to which editions of Windows Server 2016.

Note the following general guidelines for supported paths:

  • Upgrades from 32-bit to 64-bit architectures are not supported. All editions of Windows Server 2016 are 64-bit only.
  • Upgrades from one language to another are not supported.
  • If the server is a domain controller, see Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012 for important information.
  • Upgrades from pre-release versions (previews) of Windows Server 2016 are not supported. Perform a clean installation to Windows Server 2016.
  • Upgrades that switch from a Server Core installation to a Server with a Desktop installation (or vice versa) are not supported.
  • Upgrades from a previous Windows Server installation to an evaluation copy of Windows Server are not supported. Evaluation versions should be installed as a clean installation.

If you do not see your current version in the left column, upgrading to this release of Windows Server 2016 is not supported.

If you see more than one edition in the right column, upgrading to either edition from the same starting version is supported.

If you are running this edition: You can upgrade to these editions:
Windows Server 2012 Standard Windows Server 2016 Standard or Datacenter
Windows Server 2012 Datacenter Windows Server 2016 Datacenter
Windows Server 2012 R2 Standard Windows Server 2016 Standard or Datacenter
Windows Server 2012 R2 Datacenter Windows Server 2016 Datacenter
Windows Server 2012 R2 Essentials Windows Server 2016 Essentials
Windows Storage Server 2012 Standard Windows Storage Server 2016 Standard
Windows Storage Server 2012 Workgroup Windows Storage Server 2016 Workgroup
Windows Storage Server 2012 R2 Standard Windows Storage Server 2016 Standard
Windows Storage Server 2012 R2 Workgroup Windows Storage Server 2016 Workgroup

Per-server-role considerations for upgrading

Even in supported upgrade paths from previous retail versions to Windows Server 2016, certain server roles that are already installed might require additional preparation or actions for the role to continue functioning after the upgrade. Consult the specific TechNet Library topics for each server role you intend to upgrade for details of additional steps that might be required.

Converting a current evaluation version to a current retail version

You can convert the evaluation version of Windows Server 2016 Standard to either Windows Server 2016 Standard (retail) or Datacenter (retail). Similarly, you can convert the evaluation version of Windows Server 2016 Datacenter to the retail version.

Important

For releases of Windows Server 2016 prior to 14393.0.161119-1705.RS1_REFRESH, you can only perform this conversion from evaluation to retail with Windows Server 2016 that has been installed by using the Desktop Experience option (not the Server Core option). Starting with version 14393.0.161119-1705.RS1_REFRESH and later releases, you can convert evaluation editions to retail regardless of the installation option used.

Before you attempt to convert from evaluation to retail, verify that your server is actually running an evaluation version. To do this, do either of the following:

  • From an elevated command prompt, run slmgr.vbs /dlv; evaluation versions will include “EVAL” in the output.
  • From the Start screen, open Control Panel. Open System and Security, and then System. View Windows activation status in the Windows activation area of the System page. Click View detailsin Windows activation for more information about your Windows activation status.

If you have already activated Windows, the Desktop shows the time remaining in the evaluation period.

If the server is running a retail version instead of an evaluation version, see the “Upgrading previous retail versions of Windows Server to Windows Server 2016” section of this topic for instructions to upgrade to Windows Server 2016.

For Windows Server 2016 Essentials: You can convert to the full retail version by entering a retail, volume license, or OEM key in the command slmgr.vbs.

If the server is running an evaluation version of Windows Server 2016 Standard or Windows Server 2016 Datacenter, you can convert it to a retail version as follows:

  1. If the server is a domain controller, you cannot convert it to a retail version. In this case, install an additional domain controller on a server that runs a retail version and remove AD DS from the domain controller that runs on the evaluation version. For more information, see Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012.
  2. Read the license terms.
  3. From an elevated command prompt, determine the current edition name with the command DISM /online /Get-CurrentEdition. Make note of the edition ID, an abbreviated form of the edition name. Then run DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula, providing the edition ID and a retail product key. The server will restart twice.

For the evaluation version of Windows Server 2016 Standard, you can also convert to the retail version of Windows Server 2016 Datacenter in one step using this same command and the appropriate product key.

Tip For more information about Dism.exe, see DISM Command-line options.

Converting a current retail edition to a different current retail edition

At any time after installing Windows Server 2016, you can run Setup to repair the installation (sometimes called “repair in place”) or, in certain cases, to convert to a different edition. You can run Setup to perform a “repair in place” on any edition of Windows Server 2016; the result will be the same edition you started with.

For Windows Server 2016 Standard, you can convert the system to Windows Server 2016 Datacenter as follows: From an elevated command prompt, determine the current edition name with the command DISM /online /Get-CurrentEdition. For Windows Server 2016 Standard this will be ServerStandard. Run the command DISM /online /Get-TargetEditions to get the ID of the edition you can upgrade to. Make note of this edition ID, an abbreviated form of the edition name. Then run DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula, providing the edition ID of your target and its retail product key. The server will restart twice.

Converting a current retail version to a current volume-licensed version

At any time after installing Windows Server 2016, you can freely convert it between a retail version, a volume-licensed version, or an OEM version. The edition remains the same during this conversion. If you are starting with an evaluation version, convert it to the retail version first, and then you can inter-convert as described here.

To do this, from an elevated command prompt, run: slmgr /ipk <key>

Where <key> is the appropriate volume-license, retail, or OEM product key.

SQL Server 2014 Express fails install

SQL 2014 Install failure

I tried installing SQL2014 and encountered a failure with the below messages in the Summary file in folder C:\Program Files\Microsoft SQL Server\110\Setup Bootstrap\Log\

Detailed results:

Feature:                       Database Engine Services

Status:                        Failed: see logs for details

Reason for failure:            An error occurred during the setup process of the feature.

Next Step:                     Use the following information to resolve the error, uninstall this feature, and then run the setup process again.

Component name:                SQL Server Database Engine Services Instance Features

Component error code:          0x851A001A

Error description:             Wait on the Database Engine recovery handle failed. Check the SQL Server error log for potential causes.

I looked at the Event Viewer to see what caused it and noticed the below messages logged in there:

The server was unable to initialize encryption because of a problem with a security library. The security library may be missing. Verify that security.dll exists on the system.

TDSSNIClient initialization failed with error 0x139f, status code 0x80. Reason: Unable to initialize SSL support. The group or resource is not in the correct state to perform the requested operation.

TDSSNIClient initialization failed with error 0x139f, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. The group or resource is not in the correct state to perform the requested operation.

Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

I installed SQL 2014 with the same setup file before successfully, but this time it failed. I tried to figure out what changed recently in the company and remembered that TLS 1.0 and SSL 3.0 protocols were disabled (because of known security vulnerabilities) on all the servers and newer version of TLS & SSL was enabled which is TLS 1.1/1.2 . Disabling those protocols will cause problems in SQL Install process. This issue is addressed in CU1 (after SP3) of SQL 2012.

To resolve this, I had go enable the registry keys of the older SSL 3.0 (which is TLS 1.0, Microsoft renamed SSL 3.0 as TLS 1.0) as indicated below

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL.3.0\Client:

Right–click on DisabledByDefault, click on Modify and enter the value 0 (hexadecimal)

Right click on ‘Enabled’, click on Modify and enter the value 1 (hexadecimal).

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL.3.0\Server:

Right–click on DisabledByDefault, click on Modify and enter the value 0 (hexadecimal)

Right click on ‘Enabled’, click on Modify and enter the value ffffffff (hexadecimal).
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client:

Right–click on DisabledByDefault, click on Modify and enter the value 0 (hexadecimal)

Right click on ‘Enabled’, click on Modify and enter the value 1 (hexadecimal).

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server:

Right–click on DisabledByDefault, click on Modify and enter the value 0 (hexadecimal)

Right click on ‘Enabled’, click on Modify and enter the value ffffffff (hexadecimal).
After I modified the registry keys, the SQL Install completed successfully. After the install is complete, make sure you patch it with SP3+CU1. At that point you can modify the registry keys back to normal.