I moved to http://www.thesccm.com

NOTE: I moved to http://www.thesccm.com

IE print pdf file error “Bad parameter”

NOTE: I moved to http://www.thesccm.com

How is this related with SCCM? No, it doesn’t 🙂

But because of Adobe Reader was deployed by SCCM, and there is print problem, so it became “SCCM package” problem, and it became my problem. 🙂

So the problem is when open a pdf file in IE, when you click this little “print” icon in IE, we got an error from Adobe Reader “Bad parameter.”


Although I am 100% sure nothing wrong with our Adobe Reader SCCM package, but I intend to find out what is the reason.

This is the setting what cause this “print issue” in my case.

Computer Configuration\Policies\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows


It was set “Enabled”. As “Help” mentioned, Some ActiveX controls and toolbars maybe not be available when 64-bit processes are used.

As you see, Adobe Reader XI is using 32-bit processes, so in this case, it stop working. (I am using 64-bit Windows 10)


I would suggest set it “Disable” or “Not Configured” if you wants to use Enhanced Protected Mode, and if you are not sure if all your ActiveX components work on 64-bit processe.

This setting you will find in your IE:

Internet Options->Advanced->Settings->Security->Enable 64-bit processes for Enhanced Protcted Mode


By change this setting in GPO “Disable” or “Not Configured”, or uncheck that in IE Advanced Setting, it fixed “bad parameter” problem.


#gpo, #ie, #troubleshooting

SCCM PXE boot failed after unintall WSUS.

NOTE: I moved to http://www.thesccm.com

Setup my test lab in this weekend to test SCCM TP 1609, and my PXE boot failed. SMSPXE.log shows:

RequestMPKeyInformation: Send() failed.
Unsuccessful in getting MP key information. 80004005.
PXE::MP_InitializeTransport failed; 0x80004005
PXE::MP_ReportStatus failed; 0x80070490,
PXE::CPolicyProvider::InitializeMPConnection failed; 0x80070490


When tried to open MP list, http://my_sccm_server/sms_mp/.sms_aut?mplist, it gave me HTTP Error 500.19

mplist failed 2.PNG

Error Code 0x800700e, unable to load DLL.

So what happend? Well, because I uninstalled WSUS (not ask my way, I had my reason. 😀 ), applicationHost.config files didn’t updated itself.

How to fix it:

Open “C:\Windows\System32\inetsrv\config\applicationHost.config”, search “suscomp.dll”, and remove the whole line.
Problem soveled.

<scheme name="xpress" doStaticCompression="false" doDynamicCompression="true" dll="C:\Program Files\Update Services\WebServices\suscomp.dll" staticCompressionLevel="10" dynamicCompressionLevel="0" />


Well, you can also install WSUS back, it will fix the problem for you. 🙂

#pxe, #sccm, #troubleshooting

Manually enable Bitlocker on Hyper-V Gen 2 Virtual Machine

Yes, you can automatic enable Bitlocker on your Hyper-V Gen 2 virtual machine during OSD, please read Niall Brady’s post https://www.windows-noob.com/forums/topic/12608-how-can-i-enable-bitlocker-on-hyper-v-gen-2-virtual-machines-during-osd-using-system-center-2012-r2-configuration-manager/

But if you already install a Hyper-V Gen 2 virtual machine, and you want to enable bitlocker, you can do it manually.

Wait a sencond, why do I want bitlocker on my virtual machine? Well, I need to test how bitlocker effect Windows 10 InPlace Upgrade. sepecially when using bitlocker start up PIN. So in virtual machine, I can setup bitlocker start up password, and see does SCCM know how to suspend the bitlocker password and continue InPlace upgrade.

Here are the steps:

  1. Open cmd as administrator.
  2. Set AES-256 Engryption
    REG.exe add "HKLM\Software\Policies\Microsoft\FVE" /v "EncryptionMethod" /t REG_DWORD /d 2


  3. Allow enable bitlocker for no TPM chip
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseAdvancedStartup /t REG_DWORD /d 00000001 /f
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v EnableBDEWithNoTPM /t REG_DWORD /d 00000001 /f
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseTPM /t REG_DWORD /d 00000002 /f 
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMPIN /t REG_DWORD /d 00000002 /f
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKEY /t REG_DWORD /d 00000002 /f
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKeyPIN /t REG_DWORD /d 00000002 /f

    bitlocker1Set AES-256 and enable allow bitlocker without TPM

  4. Enable bitlocker with password
    manage-bde -on C: -pw


  5. Create a password, you won’t see anything when you type it.

    Enable bitlocker on C: Drive and create password


  6. Restart virtual machine, it will ask for your bitlocker password.
  7. Check if you C drive has bitlocker enabled.

Continue reading

#bitlocker, #windows10

Is this a good way to update ADK 1607 and custom boot image in SCCM?


NOTE: Read this article before you start do anything 

I don’t know if this is a good way to update ADK 1607 and custom the winpe.wim, that is how I did it. Since I have not been any MS events, classes or trainings. Honestly I have been only one day SCCM class in my career as an IT. So don’t trust everything what I said. 🙂

PS. if this it not a correct way to do, please let me know and comments are always welcome.

First: Update ADK 1607

  1. Download ADK 1607 https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit
  2. Uninstall earlier version of ADK.
  3. Install ADK 1607.
  4. Install to default path C:\Program Files (x86)\Windows Kits\10\
  5. These are the basic components you must install.
    Deployment Tools, Windows Preinstallation Environment, User State Migration Tool
  6. After ADK 1607 is installed, restart your server

Second: Custom default winpe.wim

Why do I custom the winpe? Well I want every boot image I am going to create has the language, keyboard layout, and timezone which are suitable for me, I don’t want to mount and umount my boot image each time. (I am lazy.)

  1. Create a folder C:\WIM
  2. Create a folder C:\WIM\Mount
  3. Copy “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim” to C:\Temp\WIM
  4. Change “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim” name to winpe.wim.bak
  5. Run Deployment and Imaging Tools Environment as administrator
  6. Modify, copy and paste those dism lines what are suitable for you, and run it:
    # Mount winpe.wim to c:\wim\mount folder
    dism /mount-wim /wimfile:C:\wim\winpe.wim /mountdir:c:\wim\mount /index:1
    #set your timezone, in my case I use “FLE Standard Time”
    dism /image:C:\wim\mount /Set-TimeZone:"FLE Standard Time"
    #(Optional) if you are using other language than English, you can use these to set your winpe enviroment.
    Example: in my case is "fi-FI"
     dism /image:C:\wim\mount /Set-SysLocale:fi-FI
     dism /image:C:\wim\mount /Set-UserLocale:fi-FI
     dism /image:C:\wim\mount /Set-InputLocale:fi-FI 
  1. Create a new file name smsts.ini in C:\wim folder
  2. Copy and paste these to the smsts.ini file and save it.


  1. Copy smsts.ini file to C:\WIM\Mount\windows
  2. (Optional) Add Active Directory Module if you need it. Mick Pletcher has a blog post about it. Read here
  3. (Optional) Add Dell Command PowerShell Provider Read here
  4. Unmount and save the winpe.wim
    #unmount and commit changes
    dism /unmount-wim /mountdir:c:\wim\mount /commit
  5. Copy C:\WIM\winpe.wim to “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\

NOTE: Repeat 1-11 for x86 boot winpe image if you deploy 32bit machines.

Third: Update OSD boot image for SCCM

Use the script https://gallery.technet.microsoft.com/RegenerateBootImageWinPE10-f508f1e4

NOTE: Read the instruction how to use this script, it will update your older version of OSD boot image to the newest version, but it doesn’t update you custom made boot image, example MDT boot image.

At last: Create/Update custom boot image

If you are using custom made boot image, example MDT boot image, you will need to recreate that again. You can use this script to reimport your drivers from you older boot image. download here.

NOTE: When I test this script, I noticed that script itself is just a function, you can either use import-module to import this script, then run it. or you can use my modified script.  Download here


#adk, #osd, #sccm

Add/Remove computers to/from AD Group based on OU changes

NOTE: I moved to http://www.thesccm.com

This has nothing to do with SCCM. For a special reason, I just needed to have a way to add computers to AD group based on their OU.

Example you have created different OU name based on which city your computers are, and you also want to add those computers to AD group based on the city, and remove those computers from the AD group when computers are moved to another city OU.

So here is the shorter version of script I came up with:

$OU = "OU=Helsinki,OU=Computers,DC=Z-IT,DC=com"
$Group = "CN=Helsinki Computers,OU=Groups,DC=Z-IT,DC=com"

#Example City Helsinki
#remove from group
Get-ADGroupMember –Identity $Group | Where-Object { $_.distinguishedName –NotMatch $OU } | ForEach-Object {
         Remove-ADGroupMember $Group -Members $_.DistinguishedName -Confirm:$false

#Add to group
Get-ADComputer –SearchBase $OU –SearchScope OneLevel –LDAPFilter "(!memberOf=$Group)" | ForEach-Object {
         Add-ADGroupMember $group -Members $_.DistinguishedName

Here is the longer version, which writes log file, and send log file to you email.
Download Link: Click here

#ad, #powershell

SCCM Search Tool (beta)

Has been in my mind to make a new tool, just didn’t know what do I make. Finally on Friday I made up my mind to make a SCCM search tool. Some time ago when we were doing troubleshooting, reading sccm log files, and have no idea what those long numbers means, example: 674ab-eec5-40e1-a5f2-9. 😀

You need Admin Console installed and connection to SCCM server before you run the tool.

This is just a beta, so it doesn’t search everything. And please don’t use too short search keywords. 😀

I will continue make it better when I have time.

Download from TechNet Gallery:  Click here

Updates: 22.9.2016. Added Software Updates search




All components Type and Availability shows “Unknown”. Failed to read the required Operations Management component registry key values on local computer; error = 6 (0x6).

This morning, I noticed in our SCCM Primary server, all components Type and Availability shows “Unknown”


After awhile, “Type” and “Availability” shows correctly, about 60 minutes later, it shows “Unknown” again, and it just repeatedly changes itself. We rebooted the server, but it didn’t help.

Investigating further, I saw that the compmon.log on the site server displayed the following errors:

"Failed to read the required Operations Management component registry key values on local computer; error 6 (0x6)"

And it repeatedly try to  add all the components to monitored component list again and again about each hour.


I found this post has same kind issues http://sccmstuff.com/troubleshooting/compmon-log-errors-6-0x6/ ,  so I start check our registry, found out what is our problem key:

HKLM\Software\Microsoft\SMS\Operations Manager\Components\SMS_NETWORK_DISCOVERY

This registry key was empty, unlike other components registry keys. I remember we tested use Network Discovery to create boundaries automatically, but later we decided not to use Network Discovery and we deselected it. It seems the component’s registry has left behind.

I made a backup of the Components registry, deleted SMS_NETWORK_DISCOVERY registry key, restarted SMS_EXECUTIVE service. The log is clear without errors. It didn’t try to add those components to monitored list again. All components shows status correctly.

#sccm, #troubleshooting

SCCM 1606 BUG? 32-bit process Powershell detection method doesn’t work

As you know, you can use powershell detection method when you create Application in SCCM.

Usually, I use this script, and it has been working for many years:

$app = Get-WmiObject Win32Reg_AddRemovePrograms  | where-object {$_.DisplayName -like “Your Application name”}
if ($app -ne $null) {
write-host Installed

I choosed “Run script as 32-bit process on 64-bit clients”. Because clients are 64bits Windows 10 machines, and my application is 32-bits.


As usual, I tested the detection script in my machine that has the application already installed. Run the script in ISE (x86), it will get you “Installed”. If run it in ISE (x64), it gives you nothing.

Yesterday, users complains softwares are trying to install again and again, and I started to check out what is going on.

I checked “C:\Windows\CCM\Logs\AppDiscovery.log” in few machines, applications that are using this 32-bit powershell detection method gave result “not detected”, although applications are installed.

No one has changed those Applications detection method, I wonder what went wrong.

At the end, I found the “Run script as 32-bit process on 64-bit clients” powershell dection method didn’t work right after machines have updated SCCM Client 1606. 5.00.8412.1007, based on time stamp of ccmsetup.log and AppDiscovery.log.

I have tested few more Applications, results are same.


#application, #sccm, #troubleshooting

A computer that is running Windows 10 Version 1511 reverts to a previous date and time

Perhaps not many people have this issue, but I would like to mention it here.

The system date and time setting on a computer that is running Windows 10 Version 1511 (build 10586.xx) incorrectly reverts to a date and time that is at least one day in the past.


If your envirment is in a private network or proxy, I suggest you run this step in your win 10 image capture process:

Net stop w32time

W32tm.exe /unregister

W32tm.exe /register

net start w32time

W32tm.exe /resync /force

How do you know you have time sync problem?

  1. After machine is installed, time in the log on screen is wrong.
  2. installation log file smsts.log, you will see the time is jumping in Data/Time column. (use cmtrace to read log files, not notepad)
  3. machine BIOS clock might changed itself.
  4. SMSTSUDAUSERS is not set



#troubleshooting, #windows10