[How-To] Upgrade the firmware on a Dell PowerConnect N2000/3000 series switch

  1. Download the latest firmware from Dell’s website
    1. Navigate to http://www.dell.com/support/ and enter in your service tag.  You should see downloads for this product, grab the latest firmware that is in a zipped folder.
  2. Extract the .zip folder of the firmware
    N2000 Firmware
  3. Console into the switch via SSH or direct console
  4. Copy the current configuration to startup
    1. console#> copy running-config startup-config
      N2000-3000 - copy running-config startup-config
  5. Transfer the firmware to the switch
    1. TFTP Method
      1. console#> tftp://N3000_2000v6.1.2.4.stk backup
    2. USB Method (Directly attached to switch)
      1. console#> usb://N3000_2000v6.1.2.4.stk backup
        N2000-3000 - usb transfer - backup
  6. Verify the backup version is the new build
    1. console#> show version
      N2000-3000 - backup - version
  7. Activate the new firmware
    1. console#> boot system backup
      N2000-3000 - backup - boot system backup
  8. Reboot the switch
    1. console#> reload
      N2000-3000 - update bootcode - reload
  9. Verify the build is now up-to-date
    1. console#> show version
      N2000-3000 - show version - active - 6_1_2_4
  10. Update the boot code
    1. console#> update bootcode
      N2000-3000 - show version - active - 6_1_2_4 - update bootcode
  11. Reboot the switch
    1. console#> reload
      N2000-3000 - update bootcode - reload

That should do it!

Office 365 – Renew your certificates (on-premise ADFS) alert

Symptom: After you replace your SSL certificates on your ADFS servers you continue to receive the following alert inside of the Office 365 portal.

Renew your certificates
One of your on-premises Federation Service certificates is expiring.  Failure to renew the certificate and update trust properties within XX days will result in a loss of access to all Office 365 services for all users.  Update now

Office 365 - Alert - Renew your certificates

Solution: This error can be caused if any of the three primary SSL Certificates that are required to federate to an external identity are nearing their experation date (Service Communications, Token-decrpting, and Token-signing).

Verify which SSL certificate is about to expire

  1. Login to your primary ADFS server
  2. Open up Server Manager
    Server 2012 R2 - Server Manager
  3. Select Tools -> AD FS Management
    Server Manager - Tools - AD FS Management
  4. Under AD FS expand Service and select Certificates
    AD FS Management Console - AD FS - Service - Certificates
  5. Verify if any certificates are set to expire
    1. Note: In this case, you can see the Token-decrypting and Token-signing certificates are set to expire soon

Replace the expir(ed)(ing) certificates

Unfortunately, I don’t currently have a tutorial on the processes behind replacing each certificate.  The process for replacing each certificate is a tad different.  Here are a few articles that might help you:

Replacing the Service Communication certificate: http://blogs.technet.com/b/tune_in_to_windows_intune/archive/2013/11/13/replace-certificates-on-adfs-3-0.aspx

Replacing the token-signing and token-decrypting certificates can be found here: http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-2-0-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx#Replacing_the_Token-Signing_certificate

Update the federated trust with Office 365

  1. Once your certificates are not nearing their experation date, open up the Windows Azure Active Direcotry Module for Windows PowerShell as an administrator
    1. Note: Installation instructions and the download for this can be found here: http://technet.microsoft.com/en-us/library/jj151815.aspx
      Windows Azure Active Directory Module for Windows PowerShell
  2. Execute the following command
    1.  Connect-MsolService
      Windows Azure Active Directory Module for Windows PowerShell - Connect-MsolService

      1. Note: Enter in your Office 365 administrator credentials on this step
  3. Execute the following command
    1. Update-MsolFederatedDomain -DomainName mydomain.com -SupportMultiDomain
      Windows Azure Active Directory Module for Windows PowerShell - Connect-msolservice - update-msolfederateddomain

      1. Note: Replace mydomain.com with your federated domain.  If you have multiple domains you are federating with Office 365, add the optional -SupportMultiDomain paramter as well

[Tutorial] Deploying a reverse proxy for Lync Server 2013

In this tutorial we will go over deploying a reverse proxy for Lync Server 2013.  The original method for deploying a reverse proxy was to use Microsoft’s product ForeFront TMG (Threat Management Gateway), however shortly after the release of Lync Server 2013, TMG was discontinued.  In turn, a few tutorials have popped up on how to achieve this using Apache and IIS, but there wasn’t an official recommendation on what to use until Server 2012 was released.

Per Microsoft’s documentation, we can use IIS with an additional extension called Application Request Routing to achieve this task: http://technet.microsoft.com/en-us/library/gg398069.aspx

Details on the IIS Application and Request Routing extension can be found here: http://www.iis.net/downloads/microsoft/application-request-routing

Side note, much of this guide is largely based on an older technet article published here, which has some additional fine details on how exactly IIS is working to proxy the requests: http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx

This tutorial will go over installation instructions from start to finish for Server 2012 and Server 2012 R2.  I have attached the links on how to get Server 2008 and Server 2008 R2 prepped, so you can continue the tutorial once the IIS Application Request Routing extension has been installed.

Download Prerequisite Software

  1. Windows Server 2012 R2
    1. Download IIS Application Request Routing (ARR) 3: http://www.microsoft.com/web/gallery/install.aspx?appid=ARRv3_0
  2. Windows Server 2012
    1. Download (don’t install yet) Hotfix for Microsoft Application Request Routing Version 2.5 for IIS7 (KB 2732764) (x64)
    2. Download IIS Application Request Routing (ARR) 3: http://www.microsoft.com/web/gallery/install.aspx?appid=ARRv3_0
  3. Windows Server 2008 and 2008 R2
    1. Ensure you have IIS v7.X installed; instructions on how to do this can be found here: http://www.iis.net/learn/install/installing-iis-7/installing-iis-7-and-above-on-windows-server-2008-or-windows-server-2008-r2
    2. Install Application Request Routing version 2
      1. Instructions can be found here: http://www.iis.net/learn/extensions/installing-application-request-routing-(arr)/install-application-request-routing-version-2

Install IIS for Server 2012 and Server 2012 R2

  1. Please follow my tutorial here: http://jackstromberg.com/2014/11/tutorial-how-to-install-iis-on-server-2012-and-server-2012-r2/

Installing IIS Application Request Routing (ARR) 3

  1. Run the ARRv3_0.exe application as an administrator
    ARRv3_0 - Run as administrator
  2. Click Install
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - Cart

    1. Note:  The cart for the v3.0 installer is shown above.  If you are running version 2.5, you will see 2 items needed for install.  Version 3, only needs one.  This is okay.
      Web Platform Installer 5.0 - Aplication Request Routing 2.5 - Cart
  3. Click I Accept
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - I Accept
  4. Click Finish
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - Finish
  5. Click Exit
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - Exit

Configuring IIS for SSL

  1. Open up Internet Information Services (IIS) Manager
    Server Manager - Tools - Internet Information Services IIS Manager
  2. Select your server and double click on Server Certificates
    LyncRP - Internet Information Services IIS Manager - Home - Server Certificates
  3. Generate or Import your SSL Certificate trusted by a public CA (VeriSign, GoDaddy, etc.)
    1. Note: Generation of this certificate is outside the scope of this tutorial.  This SSL certificate should be the UCC certificate that allows for SAN addresses such aslync, meet, dialin, lyncdiscover, etc.
      LyncRP - Internet Information Services IIS Manager - Server Certificates
  4. Expand your server, expand Sites, select Default Web Site, select Bingings…
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings
  5. Click on Add…
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings - Add
  6. Select https, and choose your SSL certificate you imported in the previous step, click OK
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings - Add - https
  7. Click Close
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings - Add - Close

Create Server Farms

  1. Select Server Farms and then click on Create Server Farm…
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm
  2. Enter in the Server farm name and click Next
    1. Note: We will end up creating farm names for each externally published URL.  This can be lync, dialin, meet, etc, order will not matter. For the sake of this tutorial, I am going to use lync first.
      LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Server Farm Name
  3. Enter the Server address (same as farm name before), click Advanced Settings…, expand applicationRequestRouting
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server
  4. Change the httpPort to 8080 and httpsPort to 4443 and click Add
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - applicationRequestRouting Ports
  5. Click Finish
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - applicationRequestRouting Ports - Finish
  6. Click Yes on the Rewrite Rules dialog
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - applicationRequestRouting Ports - Finish - Rewrite Rules Dialog
  7. Repeat steps 1-6 for dialin, meet, and lyncdiscover
    LyncRP - Internet Information Services IIS Manager - Server Farms - meet-dialin-lyncdiscver
  8. For your Lync Web Apps server (lyncwac), continue repeat steps 1-6, however ensure you use ports 80 and 443 instead of 8080 and 4443.  This is needed to communicate properly with the WAC server.
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - lyncwacLyncRP - Internet Information Services IIS Manager - Server Farms - meet-dialin-lyncdiscver-lyncwac

Configure IIS Caching, Proxy Timeouts, and Routing Rules

For each of the server farms we created, repeat the following steps:

  1. Select a Server Farm and double click on Caching
    LyncRP - Internet Information Services IIS Manager - Server Farms - Caching
  2. Uncheck Enable disk cache and click Apply
    LyncRP - Internet Information Services IIS Manager - Server Farms - Caching - Uncheck Enable disk cache
  3. Select the same Server Farm object and double click on Proxy
    LyncRP - Internet Information Services IIS Manager - Server Farms - Proxy
  4. Change the Time-out (seconds) from 30 seconds to 200 and click Apply
    1. Note: This is needed to prevent the Lync Web Apps server from timing out unexpectedly.LyncRP - Internet Information Services IIS Manager - Server Farms - Proxy - Time-out 200
  5. Select the same Server Farm object and double click on Routing Rules
    LyncRP - Internet Information Services IIS Manager - Server Farms - Routing Rules
  6. Uncheck Enable SSL offloading and click Apply
    LyncRP - Internet Information Services IIS Manager - Server Farms - Routing Rules - Uncheck Enable SSL offloading

Configure IIS URL Rewrites

  1.  Select your IIS Server and double click on URL Rewrite
    LyncRP - Internet Information Services IIS Manager - URL Rewrite
  2. Go through and Remove all of the non _SSL Inbound Rules
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Remove - Non-SSL
    The result should look like this:
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Remove - Non-SSL - Removed
  3. Select a rule and click on Add… underneath the Conditions actions pane
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Add
  4. Enter {HTTP_HOST} for the Condition input and enter role.* for your Pattern
    1. Where role is meet, dialin, lyncdiscover, etc.
      LyncRP - Internet Information Services IIS Manager - URL Rewrite - Add - HTTP_HOST
  5. Repeat steps 3-4 for each SSL rule for a result like this
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Rules

That should be it! :)

[Tutorial] How to install IIS on Server 2012 and Server 2012 R2

Here is a tutorial on how to install IIS on Server 2012 and Server 2012 R2.  The installation process for this is very straight forward and does not differ much from Server 2008 R2.  This guide will only go over the basic install, additional configuration of IIS is outside the scope of this tutorial.  Before beginning, you can choose to install IIS via PowerShell or the GUI.  Either option will result with the exact same configuration.

PowerShell

  1. Open an elevated PowerShell console
    Server 2012 - PowerShell - Run as Administrator
  2. Execute the following command
    1. Install-WindowsFeature -Name Web-Server, Web-Mgmt-Tools
      PowerShell - Install-WindowsFeature -Name Web-Server Web-Mgmt-Tools

      1. Note: Web-Mgmt-Tools is optional, but in most instances to get the Internet Information Services (IIS) Manager GUI snap-in to manage IIS

GUI

  1. Open Server Manager
    Server Manager
  2. Click on ManageAdd Roles and Features
    Server 2012 - Manage - Add Roles and Features
  3. Click Next > on the Before You Begin screen
    Add Roles and Features Wizard - Before you begin
  4. Click Next > on the Installation Type screen
    Add Roles and Features Wizard - Select installation type
  5. Click Next > on the Server Selection screen
    Add Roles and Features Wizard - Confirm installation selections - Restart the destination server automatically if required
  6. Select Web Server (IIS) from the list on Server Roles and click on the Add Features button once prompted.  Click Next >
    Add Roles and Features Wizard - Add features that are required for web server iis
    Add Roles and Features Wizard - Server Roles - Web Server IIS
  7. Click Next > on the Features screen
    Add Roles and Features Wizard - Features - Default
  8. Click Next > on the Web Server Role (IIS) screen
    Add Roles and Features Wizard - Web Server Role IIS
  9. Click Next > on the Role Services screen
    Add Roles and Features Wizard - Web Server Role IIS - Role Services
  10. Click Install on the Confirmation screen
    Add Roles and Features Wizard - Web Sever Role - Confirmation

[Tutorial] How to change the asset tag on a Surface Pro 3

Scenario: When logging into the UEFI BIOS, you can see the asset tag’s current value set as 0, but are unable to change it.

Solution: To change the asset tag on a Surface Pro 3, you must download a utility by Microsoft.

  1. Download a copy of the Surface Pro 3 Asset Tag CLI Utility
    http://www.microsoft.com/en-us/download/details.aspx?id=44076
  2. Extract the files from the zipped folder
  3. Open up an elevated command prompt
    Elevated Command Prompt
  4. Navigate to the folder you extracted the Surface Pro 3 Asset Tag CLI utility to
    Surface pro 3 AssetTag Directory
  5. Execute the following command
    1. AssetTag.exe -s ENTERYOURASSETTAGHERE
      AssetTag set Surface Pro 3

      1. Note: The asset tag can be up to 36 characters long. Valid characters include A-Z, a-z, 0-9, period and hyphen.
  6. Reboot the machine for the changes to take effect

 

About the tool

The utility comes with a readme on additional functionality.  This is copied directly from the Surface Pro 3 Asset Tag README.txt file for convience:

This tool gets or sets the proposed Asset Tag, which will be applied on next reboot.

The current Asset Tag is an SMBIOS setting which can be queried via WMI:
(Get-WmiObject -query “Select * from Win32_SystemEnclosure”).SMBiosAssetTag

Get proposed asset tag:
AssetTag -g

Clear proposed asset tag:
AssetTag -s

Set proposed asset tag:
AssetTag -s ABc-45.67

Valid values:
The asset tag can be up to 36 characters long.
Valid characters include A-Z, a-z, 0-9, period and hyphen.

PowerShell script demonstrating way to get proposed value and interpret errors.
Note that stout contains the Asset Tag and stderr contains error messages.

AssetTag -g > $asset_tag 2> $error_message
$asset_tag_return_code = $LASTEXITCODE
$asset_tag = $asset_tag.Trim(“`r`n”)

if ($asset_tag_return_code -eq 0) {
Write-Output (“Good Tag = ” + $asset_tag)
} else {
Write-Output (
“Failure: Code = ” + $asset_tag_return_code +
“Tag = ” + $asset_tag +
“Message = ” + $error_message)
}

Cisco AnyConnect – Windows 8 – The VPN client driver encountered an error. Please restart your computer or device, then try again error

Symptom: You receive the following error when trying to establish a connection with the Cisco AnyConnect client on Windows 8 x64.

Cisco AnyConnect VPN Client - The VPN client driver encountered an error.  Please restart your computer or device then try again error

Solution:

Option 1: PowerShell Method

  1. Go to the Windows 8 Start screen, search for PowerShell, Run as an Administrator
    Windows 8 - Search - powershell - run as administrator
  2. Execute the following powershell command
    1. Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\vpnva -Name DisplayName -Value ‘Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64‘
      PowerShell-Set-vpnva-DisplayName-Cisco-AnyConnect-VPN
  3. Exit and reopen the Cisco AnyConnect Program

Option 2: Registry Editor GUI Method

  1. Go to the Windows 8 Start screen, search for regedit, right click Run as administrator
    Windows 8 - Search - regedit - Run as administrator
  2. Navigate to the following registry key
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vpnva
    HKEY_LOCAL_MACHINE-System-CurrentControlSet-Services-vpnva
  3. Double cick on the DisplayName value and replace the value with Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    HKEY_LOCAL_MACHINE-System-CurrentControlSet-Services-vpnva - DisplayName - Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    HKEY_LOCAL_MACHINE-System-CurrentControlSet-Services-vpnva - DisplayName - Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 - regedit
  4. Exit and reopen the Cisco AnyConnect VPN client

System Center 2012 R2 Configuration Manager – CcmSetup failed with error code 0x87d00280

Symptom: When trying to install the System Center 2012 R2 Configuration Manager client manually, the client seems to never finish the install.  When opening the install log in C:\Windows\ccmsetup\Logs\ccmsetup.log, you will notice the following behavior, pointing mostly to client HTTPS/certificate errors.

<![LOG[==========[ ccmsetup started in process 2576 ]==========]LOG]!><time=”16:00:01.707+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:9437″>
<![LOG[Running on platform X64]LOG]!><time=”16:00:01.817+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”util.cpp:1837″>
<![LOG[Launch from folder \\SCCM01\Manual Client Install\]LOG]!><time=”16:00:01.817+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:721″>
<![LOG[CcmSetup version: 5.0.7958.1000]LOG]!><time=”16:00:01.817+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:727″>
<![LOG[Running on ‘Microsoft Windows 7 Professional ‘ (6.1.7601). Service Pack (1.0). SuiteMask = 272. Product Type = 18]LOG]!><time=”16:00:01.895+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”util.cpp:1919″>
<![LOG[Ccmsetup command line: “\\SCCM01\Manual Client Install\ccmsetup.exe” ]LOG]!><time=”16:00:01.895+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:3590″>
<![LOG[Local Machine is joined to an AD domain]LOG]!><time=”16:00:01.895+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsad.cpp:714″>
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time=”16:00:02.035+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:842″>
<![LOG[Domain joined client is in Intranet]LOG]!><time=”16:00:02.035+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:1047″>
<![LOG[DhcpGetOriginalSubnetMask entry point is supported.]LOG]!><time=”16:00:02.035+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:117″>
<![LOG[Begin checking Alternate Network Configuration]LOG]!><time=”16:00:02.035+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:1095″>
<![LOG[Finished checking Alternate Network Configuration]LOG]!><time=”16:00:02.035+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:1172″>
<![LOG[Adapter {39CB0535-CE77-4ED9-9807-2DB558378C86} is DHCP enabled. Checking quarantine status.]LOG]!><time=”16:00:02.051+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:436″>
<![LOG[Current AD site of machine is SomewhereOverTheRainbow]LOG]!><time=”16:00:02.066+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:770″>
<![LOG[Attempting to query AD for assigned site code]LOG]!><time=”16:00:02.066+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsad.cpp:2071″>
<![LOG[Performing AD query: ‘(&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=3232279113)(MSSMSRangedIPHigh>=3232279113))))’]LOG]!><time=”16:00:02.456+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsad.cpp:656″>
<![LOG[Performing AD query: ‘(&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=192.168.1.0)(mSSMSRoamingBoundaries=SomewhereOverTheRainbox)(mSSMSSiteCode=001)))’]LOG]!><time=”16:00:02.924+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsad.cpp:656″>
<![LOG[LSIsSiteCompatible : Verifying Site Compatibility for <001>]LOG]!><time=”16:00:02.924+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:5419″>
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time=”16:00:02.924+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:842″>
<![LOG[Domain joined client is in Intranet]LOG]!><time=”16:00:02.924+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:1047″>
<![LOG[LSGetSiteVersionFromAD : Attempting to query AD for MPs for site ‘001’]LOG]!><time=”16:00:02.924+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsad.cpp:5248″>
<![LOG[Performing AD query: ‘(&(ObjectCategory=mSSMSManagementPoint)(mSSMSSiteCode=001))’]LOG]!><time=”16:00:02.924+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsad.cpp:656″>
<![LOG[LSGetSiteVersionFromAD : Successfully retrieved version ‘5.00.7958.1000’ for site ‘001’]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:5317″>
<![LOG[LSIsSiteCompatible : Site Version = ‘5.00.7958.1000’ Site Capabilities = <Capabilities SchemaVersion=”1.0″><Property Name=”SSL” Version=”1″/><Property Name=”SSLState” Value=”63″/></Capabilities>]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsad.cpp:5474″>
<![LOG[LSIsSiteVersionCompatible : Site Version ‘5.00.7958.1000’ is compatible.]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:5385″>
<![LOG[LSIsSiteCompatible : Site <001> Version ‘5.00.7958.1000’ is compatible.]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:5486″>
<![LOG[LSGetAssignedSiteFromAD : Trying to Assign to the Site <001>]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:2192″>
<![LOG[Got site code ‘001’ from AD.]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:266″>
<![LOG[Performing AD query: ‘(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=001))’]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsad.cpp:656″>
<![LOG[OperationalXml ‘<ClientOperationalSettings><Version>5.00.7958.1000</Version><SecurityConfiguration><SecurityModeMask>63</SecurityModeMask><SecurityModeMaskEx>63</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers>CN=My Domain Root CA; OU=IT; O=My Domain; C=US</CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>CertificateInfoRemoved</SiteSigningCert></SecurityConfiguration><RootSiteCode>001</RootSiteCode><CCM> <CommandLine>SMSSITECODE=001</CommandLine> </CCM><FSP> <FSPServer></FSPServer> </FSP><Capabilities SchemaVersion =”1.0″><Property Name=”SSL” Version=”1″ /><Property Name=”SSLState” Value=”63″ /></Capabilities><Domain Value=”mydomain.local” /><Forest Value=”mydomain.local” /></ClientOperationalSettings>’]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsadcache.cpp:236″>
<![LOG[Unable to open Registry key Software\Microsoft\CCM. Return Code [80070002]. Client HTTPS state is Unknown.]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmutillib.cpp:373″>
<![LOG[The MP name retrieved is ‘SCCM01.mydomain.local’ with version ‘7958’ and capabilities ‘<Capabilities SchemaVersion=”1.0″><Property Name=”SSL” Version=”1″/><Property Name=”SSLState” Value=”63″/></Capabilities>’]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsadcache.cpp:334″>
<![LOG[MP ‘SCCM01.mydomain.local’ is compatible]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsadcache.cpp:339″>
<![LOG[Retrieved 1 MP records from AD for site ‘001’]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsadcache.cpp:287″>
<![LOG[FromAD: command line = SMSSITECODE=001]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:288″>
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:842″>
<![LOG[Domain joined client is in Intranet]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:1047″>
<![LOG[CMPInfoFromADCache requests are throttled for 01:07:09]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”lsadcache.cpp:173″>
<![LOG[Found MP https://SCCM01.mydomain.local from AD]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:6197″>
<![LOG[SslState value: 255]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:4425″>
<![LOG[Ccmsetup was run without any user parameters specified. Running without registering ccmsetup as a service.]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:4490″>
<![LOG[Detected sitecode ‘001’ from AD.]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:4500″>
<![LOG[CCMHTTPPORT: 80]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:8617″>
<![LOG[CCMHTTPSPORT: 443]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:8632″>
<![LOG[CCMHTTPSSTATE: 255]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:8650″>
<![LOG[CCMHTTPSCERTNAME: ]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:8668″>
<![LOG[FSP: ]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:8720″>
<![LOG[CCMCERTISSUERS: CN=My Domain Root CA; OU=IT; O=My Domain; C=US]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:8746″>
<![LOG[CCMFIRSTCERT: 1]LOG]!><time=”16:00:02.940+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:8778″>
<![LOG[Config file: ]LOG]!><time=”16:00:03.018+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:4539″>
<![LOG[Retry time: 10 minute(s)]LOG]!><time=”16:00:03.018+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:4540″>
<![LOG[MSI log file: C:\Windows\ccmsetup\Logs\client.msi.log]LOG]!><time=”16:00:03.018+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:4541″>
<![LOG[MSI properties: SMSSITECODE=”001″ CCMHTTPPORT=”80″ CCMHTTPSPORT=”443″ CCMHTTPSSTATE=”255″ CCMCERTISSUERS=”CN=My Domain Root CA; OU=IT; O=My Domain; C=US” CCMFIRSTCERT=”1″]LOG]!><time=”16:00:03.018+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:4542″>
<![LOG[Source List:]LOG]!><time=”16:00:03.018+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:4550″>
<![LOG[MPs:]LOG]!><time=”16:00:03.018+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:4569″>
<![LOG[ https://SCCM01.mydomain.local]LOG]!><time=”16:00:03.018+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:4584″>
<![LOG[No version of the client is currently detected.]LOG]!><time=”16:00:03.018+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:2748″>
<![LOG[Folder ‘Microsoft\Configuration Manager’ not found. Task does not exist.]LOG]!><time=”16:00:03.018+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”wintask.cpp:622″>
<![LOG[Updated security on object C:\Windows\ccmsetup\.]LOG]!><time=”16:00:03.033+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9281″>
<![LOG[A Fallback Status Point has not been specified. Message with STATEID=’100′ will not be sent.]LOG]!><time=”16:00:03.033+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:9763″>
<![LOG[Downloading file \\SCCM01\Manual Client Install\ccmsetup.exe]LOG]!><time=”16:00:04.048+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:5685″>
<![LOG[Downloading \\SCCM01\Manual Client Install\ccmsetup.exe to C:\Windows\ccmsetup\ccmsetup.exe]LOG]!><time=”16:00:04.048+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:5769″>
<![LOG[File download 3% complete (61440 of 1614520 bytes).]LOG]!><time=”16:00:04.079+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 7% complete (122880 of 1614520 bytes).]LOG]!><time=”16:00:04.079+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 11% complete (184320 of 1614520 bytes).]LOG]!><time=”16:00:04.079+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 15% complete (245760 of 1614520 bytes).]LOG]!><time=”16:00:04.126+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 19% complete (307200 of 1614520 bytes).]LOG]!><time=”16:00:04.126+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 22% complete (368640 of 1614520 bytes).]LOG]!><time=”16:00:04.126+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 26% complete (430080 of 1614520 bytes).]LOG]!><time=”16:00:04.126+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 30% complete (491520 of 1614520 bytes).]LOG]!><time=”16:00:04.172+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 34% complete (552960 of 1614520 bytes).]LOG]!><time=”16:00:04.172+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 38% complete (614400 of 1614520 bytes).]LOG]!><time=”16:00:04.172+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 41% complete (675840 of 1614520 bytes).]LOG]!><time=”16:00:04.172+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 45% complete (737280 of 1614520 bytes).]LOG]!><time=”16:00:04.219+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 49% complete (798720 of 1614520 bytes).]LOG]!><time=”16:00:04.219+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 53% complete (860160 of 1614520 bytes).]LOG]!><time=”16:00:04.219+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 57% complete (921600 of 1614520 bytes).]LOG]!><time=”16:00:04.219+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 60% complete (983040 of 1614520 bytes).]LOG]!><time=”16:00:04.250+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 64% complete (1044480 of 1614520 bytes).]LOG]!><time=”16:00:04.250+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 68% complete (1105920 of 1614520 bytes).]LOG]!><time=”16:00:04.266+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 72% complete (1167360 of 1614520 bytes).]LOG]!><time=”16:00:04.266+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 76% complete (1228800 of 1614520 bytes).]LOG]!><time=”16:00:04.313+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 79% complete (1290240 of 1614520 bytes).]LOG]!><time=”16:00:04.313+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 83% complete (1351680 of 1614520 bytes).]LOG]!><time=”16:00:04.313+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 87% complete (1413120 of 1614520 bytes).]LOG]!><time=”16:00:04.313+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 91% complete (1474560 of 1614520 bytes).]LOG]!><time=”16:00:04.344+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 95% complete (1536000 of 1614520 bytes).]LOG]!><time=”16:00:04.344+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 98% complete (1597440 of 1614520 bytes).]LOG]!><time=”16:00:04.344+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[File download 100% complete (1614520 of 1614520 bytes).]LOG]!><time=”16:00:04.391+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:9185″>
<![LOG[Download complete.]LOG]!><time=”16:00:04.391+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:5867″>
<![LOG[Running as user “ej.admin”]LOG]!><time=”16:00:05.311+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:1995″>
<![LOG[Detected 223212 MB free disk space on system drive.]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”util.cpp:628″>
<![LOG[Checking Write Filter Status.]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:2024″>
<![LOG[This is not a supported write filter device. We are not in a write filter maintenance mode.]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:2051″>
<![LOG[SiteCode: 001]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:2076″>
<![LOG[SiteVersion: 5.00.7958.1000]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:2077″>
<![LOG[Only one MP https://SCCM01.mydomain.local is specified. Use it.]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:10080″>
<![LOG[Searching for DP locations from MP(s)…]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:11018″>
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:842″>
<![LOG[Domain joined client is in Intranet]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:1047″>
<![LOG[Current AD site of machine is SomewhereOverTheRainbow]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:770″>
<![LOG[DHCP entry points already initialized.]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:75″>
<![LOG[Begin checking Alternate Network Configuration]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:1095″>
<![LOG[Finished checking Alternate Network Configuration]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:1172″>
<![LOG[Adapter {39CB0535-CE77-4ED9-9807-2DB558378C86} is DHCP enabled. Checking quarantine status.]LOG]!><time=”16:00:05.327+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:436″>
<![LOG[Sending message body ‘<ContentLocationRequest SchemaVersion=”1.00″>
<AssignedSite SiteCode=”001″/>
<ClientPackage/>
<ClientLocationInfo LocationType=”SMSPACKAGE” DistributeOnDemand=”0″ UseProtected=”0″ AllowCaching=”0″ BranchDPFlags=”0″ AllowHTTP=”1″ AllowSMB=”0″ AllowMulticast=”0″ UseInternetDP=”0″>
<ADSite Name=”SomewhereOverTheRainbow”/>
<Forest Name=”mydomain.local”/>
<Domain Name=”mydomain.local”/>
<IPAddresses>
<IPAddress SubnetAddress=”192.168.1.0″ Address=”192.168.1.73″/>
</IPAddresses>
</ClientLocationInfo>
</ContentLocationRequest>
‘]LOG]!><time=”16:00:05.342+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”siteinfo.cpp:96″>
<![LOG[Sending message header ‘<Msg SchemaVersion=”1.1″><ID>{F41949F6-9FCA-4C08-AB45-AD13397E03E4}</ID><SourceHost>MACHINENAME</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:MACHINENAME:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>https://SCCM01.mydomain.local</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-09-19T21:00:05Z</SentTime><Body Type=”ByteRange” Offset=”0″ Length=”1146″/><Hooks><Hook3 Name=”zlib-compress”/></Hooks><Payload Type=”inline”/></Msg>’]LOG]!><time=”16:00:05.342+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”siteinfo.cpp:177″>
<![LOG[CCM_POST ‘https://SCCM01.mydomain.local/ccm_system/request’]LOG]!><time=”16:00:05.342+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”httphelper.cpp:807″>
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time=”16:00:05.389+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4393″>
<![LOG[Certificate Issuer 1 [CN=My Domain Root CA; OU=IT; O=My Domain; C=US]]LOG]!><time=”16:00:05.389+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4409″>
<![LOG[Finding certificate by issuer chain returned error 80092004]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”2″ thread=”2624″ file=”ccmcert.cpp:4516″>
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4550″>
<![LOG[Unable to find any Certificate based on Certificate Issuers]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”2″ thread=”2624″ file=”ccmcert.cpp:4702″>
<![LOG[Locate client certificate bypassing Certificate Issuers restriction]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:6121″>
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4393″>
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4550″>
<![LOG[Begin to select client certificate]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4706″>
<![LOG[The ‘Certificate Selection Criteria’ was not specified, counting number of certificates present in ‘MY’ store of ‘Local Computer’.]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmcert.cpp:4742″>
<![LOG[There are no certificates in the ‘MY’ store.]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4764″>
<![LOG[GetSSLCertificateContext failed with error 0x87d00280]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”ccmsetup.cpp:6141″>
<![LOG[A Fallback Status Point has not been specified. Message with STATEID=’315′ will not be sent.]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:9763″>
<![LOG[GetHttpRequestObjects failed for verb: ‘CCM_POST’, url: ‘https://SCCM01.mydomain.local/ccm_system/request’]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”httphelper.cpp:947″>
<![LOG[GetDPLocations failed with error 0x87d00280]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”siteinfo.cpp:532″>
<![LOG[Failed to get DP locations as the expected version from MP ‘https://SCCM01.mydomain.local’. Error 0x87d00280]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”2″ thread=”2624″ file=”ccmsetup.cpp:11261″>
<![LOG[A Fallback Status Point has not been specified. Message with STATEID=’101′ will not be sent.]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:9763″>
<![LOG[Next retry in 10 minute(s)…]LOG]!><time=”16:00:05.436+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmsetup.cpp:8835″>
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time=”16:10:09.190+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:842″>
<![LOG[Domain joined client is in Intranet]LOG]!><time=”16:10:09.190+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:1047″>
<![LOG[Current AD site of machine is SomewhereOverTheRainbow]LOG]!><time=”16:10:09.299+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”1″ thread=”2624″ file=”lsad.cpp:770″>
<![LOG[DHCP entry points already initialized.]LOG]!><time=”16:10:09.299+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:75″>
<![LOG[Begin checking Alternate Network Configuration]LOG]!><time=”16:10:09.299+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:1095″>
<![LOG[Finished checking Alternate Network Configuration]LOG]!><time=”16:10:09.299+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:1172″>
<![LOG[Adapter {39CB0535-CE77-4ED9-9807-2DB558378C86} is DHCP enabled. Checking quarantine status.]LOG]!><time=”16:10:09.299+300″ date=”09-19-2014″ component=”LocationServices” context=”” type=”0″ thread=”2624″ file=”ccmiputil.cpp:436″>
<![LOG[Sending message body ‘<ContentLocationRequest SchemaVersion=”1.00″>
<AssignedSite SiteCode=”001″/>
<ClientPackage/>
<ClientLocationInfo LocationType=”SMSPACKAGE” DistributeOnDemand=”0″ UseProtected=”0″ AllowCaching=”0″ BranchDPFlags=”0″ AllowHTTP=”1″ AllowSMB=”0″ AllowMulticast=”0″ UseInternetDP=”0″>
<ADSite Name=”SomewhereOverTheRainbow”/>
<Forest Name=”mydomain.local”/>
<Domain Name=”mydomain.local”/>
<IPAddresses>
<IPAddress SubnetAddress=”192.168.1.0″ Address=”192.168.170.73″/>
</IPAddresses>
</ClientLocationInfo>
</ContentLocationRequest>
‘]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”siteinfo.cpp:96″>
<![LOG[Sending message header ‘<Msg SchemaVersion=”1.1″><ID>{6DCC55BE-D180-41DC-ACF9-2B909F186F1A}</ID><SourceHost>MACHINENAME</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:MACHINENAME:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>https://SCCM01.mydomain.local</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-09-19T21:10:09Z</SentTime><Body Type=”ByteRange” Offset=”0″ Length=”1146″/><Hooks><Hook3 Name=”zlib-compress”/></Hooks><Payload Type=”inline”/></Msg>’]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”siteinfo.cpp:177″>
<![LOG[CCM_POST ‘https://SCCM01.mydomain.local/ccm_system/request’]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”httphelper.cpp:807″>
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4393″>
<![LOG[Certificate Issuer 1 [CN=My Domain Root CA; OU=IT; O=My Domain; C=US]]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4409″>
<![LOG[Finding certificate by issuer chain returned error 80092004]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”2″ thread=”2624″ file=”ccmcert.cpp:4516″>
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4550″>
<![LOG[Unable to find any Certificate based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”2″ thread=”2624″ file=”ccmcert.cpp:4702″>
<![LOG[Locate client certificate bypassing Certificate Issuers restriction]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:6121″>
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4393″>
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4550″>
<![LOG[Begin to select client certificate]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4706″>
<![LOG[The ‘Certificate Selection Criteria’ was not specified, counting number of certificates present in ‘MY’ store of ‘Local Computer’.]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmcert.cpp:4742″>
<![LOG[There are no certificates in the ‘MY’ store.]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4764″>
<![LOG[GetSSLCertificateContext failed with error 0x87d00280]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”ccmsetup.cpp:6141″>
<![LOG[GetHttpRequestObjects failed for verb: ‘CCM_POST’, url: ‘https://SCCM01.mydomain.local/ccm_system/request’]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”httphelper.cpp:947″>
<![LOG[GetDPLocations failed with error 0x87d00280]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”siteinfo.cpp:532″>
<![LOG[Failed to get DP locations as the expected version from MP ‘https://SCCM01.mydomain.local’. Error 0x87d00280]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”2″ thread=”2624″ file=”ccmsetup.cpp:11261″>
<![LOG[Failed to find DP locations from MP ‘https://SCCM01.mydomain.local’ with error 0x87d00280, status code 200. Check next MP.]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”2″ thread=”2624″ file=”ccmsetup.cpp:11117″>
<![LOG[Only one MP https://SCCM01.mydomain.local is specified. Use it.]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:10080″>
<![LOG[Have already tried all MPs. Couldn’t find DP locations.]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”ccmsetup.cpp:11146″>
<![LOG[GET ‘https://SCCM01.mydomain.local/CCM_Client/ccmsetup.cab’]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”httphelper.cpp:807″>
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4393″>
<![LOG[Certificate Issuer 1 [CN=My Domain Root CA; OU=IT; O=My Domain; C=US]]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4409″>
<![LOG[Finding certificate by issuer chain returned error 80092004]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”2″ thread=”2624″ file=”ccmcert.cpp:4516″>
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4550″>
<![LOG[Unable to find any Certificate based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”2″ thread=”2624″ file=”ccmcert.cpp:4702″>
<![LOG[Locate client certificate bypassing Certificate Issuers restriction]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:6121″>
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4393″>
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4550″>
<![LOG[Begin to select client certificate]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4706″>
<![LOG[The ‘Certificate Selection Criteria’ was not specified, counting number of certificates present in ‘MY’ store of ‘Local Computer’.]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”0″ thread=”2624″ file=”ccmcert.cpp:4742″>
<![LOG[There are no certificates in the ‘MY’ store.]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmcert.cpp:4764″>
<![LOG[GetSSLCertificateContext failed with error 0x87d00280]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”ccmsetup.cpp:6141″>
<![LOG[GetHttpRequestObjects failed for verb: ‘GET’, url: ‘https://SCCM01.mydomain.local/CCM_Client/ccmsetup.cab’]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”httphelper.cpp:947″>
<![LOG[DownloadFileByWinHTTP failed with error 0x87d00280]LOG]!><time=”16:10:09.315+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”3″ thread=”2624″ file=”httphelper.cpp:1081″>
<![LOG[CcmSetup failed with error code 0x87d00280]LOG]!><time=”16:10:09.331+300″ date=”09-19-2014″ component=”ccmsetup” context=”” type=”1″ thread=”2624″ file=”ccmsetup.cpp:10879″>

Resolution: This behavior is 100% caused by an invalid configuration using HTTPS.  In this particular case, machines were not autoenrolling in machine based certificates, thus, System Center could not authenticate the client and would not allow setup to complete.

Here are some things to try to point you in the general direction of where something may have gone wrong in your deployment:

  1. If you are not using HTTPS (do not have a PKI environment), make sure you have turned off HTTPS configurations for your site.
  2. Ensure your clients are properly configured for autoenrollment
  3. Ensure your clients are actually receiving a machine certificate from autoenrollment
  4. Ensure your certificate authority’s certificate and CRL lists are not expired

DirSync (Directory Synchronization) (Windows Azure Active Directory Sync Tool) attributes federated to Office 365

Here is a complete listing of the attributes that are federated to Office 365 by your on-premise Active Directory environment.

An official listing of these attributes can be found on the following technet article: http://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-windows-azure-active-directory-sync-tool.aspx

Synced Object Attribute User Group Contact (Src) Description
assistant Read - Read The name of the assistant for an account.
authOrig Read Read Read Relationship that indicates that the mailbox for the target object is authorized to send mail to the source object.
C - - Read Two-letter ISO 3166 [ISO3166] country code.
cn Read Read Read The common name of the object.
co Read - Read The country/region in which the person (user or contact) or company is located.
company Read - Read The person’s (user or contact) company name.
countryCode Read - Read The country code for person’s (user or contact) language of choice.
department Read - Read The name of the person’s (user or contact) department.
description Read Read Read Human-readable descriptive phrases about the object.
displayName Read Read Read The display name for an object, usually the combination of the person’s first name, middle initial, and last name.
dLMemRejectPerms Read Read Read Relationship that indicates that members of the target object are not authorized to send mail to the source object.
dLMemSubmitPerms Read Read Read Relationship that indicates that members of the target object are authorized to send mail to the source object.
ExtensionAttribute1 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute10 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute11 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute12 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute13 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute14 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute15 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute2 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute3 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute4 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute5 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute6 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute7 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute8 Read Read Read Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute9 Read Read Read Custom attribute that is defined in the customer on-premises directory.
facsimiletelephonenumber Read - Read Telephone numbers (and, optionally, the parameters) for facsimile terminals.
givenName Read - Read Name strings that are the part of a person’s (user or contact) name that is not their surname.
GroupType - Read - Flag attribute indicating the type of group (security, global, etc.)
hideDLMembership - Read - Hide the membership list on a distribution list from senders.
homephone Read - Read The person’s (user or contact) main home telephone number.
info Read Read Read “Notes” field on “Telephone” tab of ADUC.
Initials Read - Read Strings of initials of some or all of an individual’s names, except the surname(s).
ipPhone Read - Read The TCP/IP address for the telephone.
l Read - Read Names of a locality or place, such as a city, county, or other geographic region.
legacyExchangeDN Read Read Read
mail Read Read Read The list of email addresses for a person (user or contact).
mailnickname Read Read Read
managedBy - Read - Resource/owner relationship, where the source object (a group) is the resource, and the target object is the owner.
manager Read - Read Manager/direct report relationship between two individuals, where the source object is the direct report, and the target object is the manager.
member - Read - Membership of the target object (of class User, Contact, or Group) in the group that is identified as the source object.
middleName Read - Read Additional names for a person (user or contact), for example, middle name, patronymic, matronymic, or other names.
mobile Read - Read The primary mobile phone number for a person (user or contact).
msDS-HABSeniorityIndex Read Read Read
msDS-PhoneticDisplayName Read Read Read
MsExchArchiveGUID Read - -
MsExchArchiveName Read - -
msExchArchiveStatus Read/Write - - Created in the Exchange cloud for “write back” to on-premises when the customer has a cloud archive.
msExchAssistantName Read - Read The name of the assistant for an account.
msExchAuditAdmin Read - -
msExchAuditDelegate Read - -
msExchAuditDelegateAdmin Read - -
msExchAuditOwner Read - -
MsExchBlockedSendersHash Read/Write - Read Populated through an upgrade from Business Productivity Online Standard Suite. Not synced from on-premises.
msExchBypassAudit Read - -
MsExchBypassModerationFromDLMembersLink Read Read Read
MsExchBypassModerationLink Read Read Read
msExchCoManagedByLink - Read -
msExchDelegateListLink Read - -
msExchELCExpirySuspensionEnd Read - -
msExchELCExpirySuspensionStart Read - -
msExchELCMailboxFlags Read - -
MsExchEnableModeration Read Read -
msExchExtensionCustomAttribute1 Read Read Read
msExchExtensionCustomAttribute2 Read Read Read
msExchExtensionCustomAttribute3 Read Read Read
msExchExtensionCustomAttribute4 Read Read Read
msExchExtensionCustomAttribute5 Read Read Read
MsExchGroupDepartRestriction - Read -
MsExchGroupJoinRestriction - Read -
msExchHideFromAddressLists Read Read Read Indicator to control the visibility of a mail recipient for name resolution.
MsExchImmutableID Read - -
msExchLitigationHoldDate Read Read Read
msExchLitigationHoldOwner Read Read Read
MsExchMailboxGuid Read - - The GUID of the user’s mailbox.
msExchMailboxAuditEnable Read - -
msExchMailboxAuditLogAgeLimit Read - -
MsExchModeratedByLink Read Read Read
MsExchModerationFlags Read Read Read
MsExchRecipientDisplayType Read Read Read
msExchRecipientTypeDetails Read Read Read
MsExchRemoteRecipientType Read - -
msExchRequireAuthToSendTo Read Read Read When enabled for a distribution list (DL), unauthenticated users are rejected.
MsExchResourceCapacity Read - -
MsExchResourceDisplay Read - -
MsExchResourceMetaData Read - -
MsExchResourceSearchProperties Read - -
msExchRetentionComment Read Read Read
msExchRetentionURL Read Read Read
MsExchSafeRecipientsHash Read/Write - Read Populated through an upgrade from Business Productivity Online Standard Suite. Not synced from on-premises.
MsExchSafeSendersHash Read/Write - Read Populated through an upgrade from Business Productivity Online Standard Suite. Not synced from on premises.
MsExchSenderHintTranslations Read Read Read
msExchTeamMailboxExpiration Read - -
msExchTeamMailboxOwners Read - -
msExchTeamMailboxSharePointLinkedBy Read - -
msExchTeamMailboxSharePointUrl Read - -
msExchUCVoiceMailSettings Read/Write - -
msExchUsageLocation Read - -
msExchUserHoldPolicies Read/Write - - Litigation Hold allows cloud services to determine which users are under Litigation Hold
msOrg-IsOrganizational - Read -
msRTCSIP-ApplicationOptions Read - -
msRTCSIP-DeploymentLocator Read - Read Fully qualified DNS name of the Microsoft Lync Server 2010 deployment, as specified in the authoritative (customer, on-premises) directory.
msRTCSIP-Line Read - Read The device ID (either the Session Initiation Protocol (SIP) uniform resource identifier (URI) or the TEL URI) of the telephone that the user controls.
msRTCSIP-OwnerUrn Read - -
msRTCSIP-PrimaryUserAddress Read - Read SIP URI for instant messaging, as specified in the authoritative (customer, on-premise) directory.
msRTCSIP-UserEnabled Read - Read Indicates whether the user is currently enabled for SIP instant messaging, as specified in the authoritative (customer, on-premises) directory.
msRTCSIP-OptionFlags Read - Read
objectGUID Read Read Read Key for the object: this key is immutable, even if the object moves from one context to another, for example, as a result of a company merge or split.
oOFReplyToOriginator - Read - Governs whether out-of-office notifications should be sent to a sender of a message to this distribution list (DL).
otherFacsimileTelephone Read - Read A list of alternative facsimile numbers.
otherHomePhone Read - Read A list of alternative home telephone numbers.
otherIpPhone Read - Read A list of alternative TCP/IP addresses for the telephone.
otherMobile Read - Read A list of alternative mobile phone numbers.
otherPager Read - Read A list of alternative pager numbers.
otherTelephone Read - Read A list of alternative office telephone numbers.
pager Read - Read The primary pager number.
photo Read - -
physicalDeliveryOfficeName Read - Read Names that a postal service uses to identify a post office.
postalCode Read - Read Codes that a postal service uses to identify postal service zones.
postOfficeBox Read - Read Postal box identifiers that a postal service uses when a customer arranges to receive mail at a box on the premises of the postal service.
PreferredLanguage Read - - The preferred written or spoken language for a user.
proxyAddresses Read/Write Read/Write Read/Write The address by which a Microsoft Exchange Server recipient object is recognized in a foreign mail system.
PublicDelegates Read/Write Read Read Cross-premises public delegation: allows users to specify delegates for their mailbox.
reportToOriginator - Read - Governs whether to send delivery reports to the message originator when a message that is sent to a group is not delivered. The delivery report lets the group owner know that the message was not delivered.
ReportToOwner - Read -
samAccountName Read - -
sn Read - Read Name strings for the family names of a person (user or contact).
st Read - Read The full names of states or provinces.
streetAddress Read - Read The person’s (user or contact) address.
targetAddress Read - Read The destination address for the person (user or contact).
TelephoneAssistant Read - Read
telephoneNumber Read - Read Telephone numbers that comply with the ITU Recommendation E.123.
thumbnailphoto Read - Read Persons Photo – 10kb maximum size limit
title Read - Read The title of a person (user or contact) in the person’s organizational context.
unauthOrig Read Read Read Relationship that indicates that the mailbox for the target object is not authorized to send mail to the source object.
url Read - Read The list of alternative web pages.
userAccountControl Read - - Flag attribute to indicate settings.
userCertificate Read Read - Contains certificates used as part of the Exchange SMIME feature set.
UserPrincipalName Read - - The user principal name (UPN) that is an Internet-style logon name for a user, as specified in RFC 822.
userSMIMECertificate Read Read - Contains certificates used as part of the Exchange SMIME feature set.
wWWHomePage Read - Read The primary web page.

Office 365 – Change the Alias attribute of an Exchange mailbox for a federated user

Scenario: A federated Office 365 user’s Alias is incorrect.  You wish to change it, but changing the proxyAddress or Mail attribute in Active Directory does not update the Alias.

Before this tutorial, you can see the Alias has a typo in it (the m and o are out of place)

Office 365 - User Mailbox - Alias - TypoAfter completing this tutorial, we will update the Alias to look correct

Office 365 - User Mailbox - Alias - Typo Fixed

Solution: Complete the following steps below to update the Alias

  1. Login to one of your Domain Controllers and open up Active Directory Users and Computers
    Server Manager - Active Directory Users and Computers
  2. Find the user that owns the mailbox, right click on them, and select Properties
    Active Directory Users and Computers - User - Properties
  3. Select the Attribute Editor Tab and find the mailNickname attribute
    Active Directory Users and Computers - User - Properties - Attribute Editor - mailNickname

    1. Note: You will need to Enable Advanced Features on Active Directory Users and Computers to see this tab
      Active Directory Users and Computers - View - Advanced Features
  4. Type in the desired value you wish to show up in the Alias field on the Office 365 Exchange Portal and click OK
    Active Directory Users and Computers - User - Properties - Attribute Editor - mailNickname - String Attribute Editor
  5. Click Apply on the Active Directory Users and Computers dialog
    Active Directory Users and Computers - User - Properties - Attribute Editor - mailNickname - Apply
  6. Wait for the Office 365 Directory Synchronization tool runs and updates the users online
    1. Note: Tutorial on how to do this can be found here: http://jackstromberg.com/2012/08/force-directory-synchronization-with-office-365/
  7. Ensure that the Alias field has updated in the Exchange Administrative portal
    Office 365 - User Mailbox - Alias - Typo Fixed

 

System Center 2012 R2 Configuration Manager – Configuration Manager console cannot connect to the Configuration Manager site database (SQL Server)

Symptom: When opening up the System Center 2012 R2 Configuration Manager, you receive the following error message.

Configuration Manager cannot connect ot the site (CODE – FQDN)

The Configuration Manager console cannot connect to the Configuration Manager site database. Verify the following:

• This computer has network connectivity to the SMS Provider computer.
• Your user account has Remote Activation permission on the Configuration Manager site server and the SMS Provider computer.
• The Configuration Manager console version is supported by the site server.
• You are assigned to at least one role-based administration security role.
• You have the following WMI permissions to the Root\SMS and Root\SMS\site_<site code> namespaces: Execute Methods, Provider Write, Enable Account, and Remote Enable.

System Center 2012 R2 Configuration Manager cannot connect to the site

Additionally, when you browse to INSTALLEDDRIVE:\Program Files\Microsoft Configuration Manager\AdminConsole\AdminUILog\SmsAdminUI.log, you see the following error:

[15, PID:11000][06/24/2014 08:20:34] :System.Management.ManagementException\r\nGeneric failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()\r\nManagementException details:
instance of SMS_ExtendedStatus
{
CauseInfo = “”;
Description = “Unable to get SQL connection.”;
ErrorCode = 3242263810;
File = “e:\\nts_sccm_release\\sms\\siteserver\\sdk_provider\\smsprov\\sspobjectquery.cpp”;
Line = 2181;
Operation = “ExecQuery”;
ParameterInfo = “SELECT * FROM SMS_CombinedDeviceResources WHERE ((ClientType is null AND EASDeviceID is null) OR ClientType != 3)”;
ProviderName = “WinMgmt”;
SQLMessage = “[08001][-2146893022][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection”;
SQLSeverity = 0;
SQLStatus = 2148074274;
StatusCode = 2147749889;
};
\r\n
[15, PID:11000][06/24/2014 08:20:34] :Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException\r\nThe SMS Provider reported an error connecting to the ConfigMgr site database server. Verify that the SQL Server is online and that ConfigMgr site server computer account is an administrator on the ConfigMgr site database server.\r\n at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()
at Microsoft.ConfigurationManagement.AdminConsole.QueryAdapter.DoAction(DataQueryBase query, IList`1 dataSources, IDictionary`2 parameters, IList`1 inputs, String outputCollectionName)\r\nConfigMgr Error Object:
instance of SMS_ExtendedStatus
{
CauseInfo = “”;
Description = “Unable to get SQL connection.”;
ErrorCode = 3242263810;
File = “e:\\nts_sccm_release\\sms\\siteserver\\sdk_provider\\smsprov\\sspobjectquery.cpp”;
Line = 2181;
Operation = “ExecQuery”;
ParameterInfo = “SELECT * FROM SMS_CombinedDeviceResources WHERE ((ClientType is null AND EASDeviceID is null) OR ClientType != 3)”;
ProviderName = “WinMgmt”;
SQLMessage = “[08001][-2146893022][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection”;
SQLSeverity = 0;
SQLStatus = 2148074274;
StatusCode = 2147749889;
};

Unable to get SQL connection.

SmsAdminUI_log - Unable to get SQL connection

Solution: During your installation you may have tried to change the default SSL certificate on the database.  Based on what documentation I could find, by design, System Center requires you use the default SSL certificate that gets autogenerated during the installation process.  In this case, you need to ensure you have a seperate SQL Server instance dedicated solely to the System Center installation and can use the dedicated system center SSL certificate.

Notes: If you receive errors like  like [SQL Server Native Client 10.0] SSL provider: The target principle is incorrect or  [SQL Server Native Client 10.0] Client unable to establish connection. you might need to install the Server 2008 Native SQL Client (which can be obtained from here).