Upgrading DirSync to AADSync for Office 365 and Azure environments

7 Replies

As of 11/11/2014, Microsoft has released their next generation tool for providing synchronization between an on-premise Active Directory environment and Microsoft based cloud service (Azure, Office 365 Suite (Lync Online, CRM, SharePoint, Exchange, etc.)).  The utility is now referenced as Microsoft Azure Active Directory Sync Services (AADSync).

In this tutorial, we will go over the process to ensure you are on the new generation of their synchronization tool.  The process is fairly straight forward, uninstall the old DirSync utility, install the new AADSync utility.  If you wish to install the utility on a new server, stop the DirSync service, install the AADSync utility on the new server, and then uinstall DirSync after you have verified synchronization is successful on the new machine.

Here is the uninstall DirSync and install AADSync process

  1. Download a copy of the AADSync utility from Microsoft's website: http://www.microsoft.com/en-us/download/details.aspx?id=44225
  2. Login to the server currently running DirSync
  3. Open up Control Panel
    Server - Start Menu - Control Panel
  4. Select Programs and Features (notice I am in the View By Small icons view)
    Control Panel - Small Icons - Programs and Features
  5. Uninstall the Windows Azure Active Directory Sync tool
  6. Select Yes to uninstall when prompted
    Windows Azure Active Directory Sync - Another instance dialog - Uninstall
  7. Uninstall Forefront Identity Manager Synchronization Service if it wasn't uninstalled already
    Uninstall - Forefront identity Manager Synchronization Service
  8. Run the MicrosoftAzureADConnectionTool.exe application you downloaded from Microsoft
    MicrosoftAzureADConnectionTool Installer
  9. Check I agree to the license terms and click Install
    Microsoft Azure Active Directory Sync Services - Install
  10. Once the install has finished, open up Computer Management and navigate to System Tools -> Local Users and Groups, Groups, and double click on ADSyncAdmins
    Computer Management - Local Users and groups - Groups - ADSyncAdmins
  11. Ensure your user account, user group, or local machine has been added to the security group
    ADSyncAdmins - Group Membership
  12. Log out of Windows
    Windows 8-Server 2012 - Sign Out

    1. Note: This step is needed to ensure you have proper user privileges when running the sync tool.  When running through the sync tool's installer, your user account will automatically be placed in a local security group called ADSyncAdmins.  A logout is needed to update your session otherwise you may receive the following error message:
      Your account is not a member of the ADSyncAdmins security group.  If you have recently installed Azure AD Sync, sign out before running this installation guide again.
      Microsoft Azure Active Directory Sync Services - Your account is not a member of the ADSyncAdmins security group
  13. Upon login, open up the DirectorySyncTool application
    DirectorySyncTool
  14. Enter your Azure or Office 365 admin credentials and click Next
    Microsoft Azure Active Directory Sync Services - Azure AD Credentials
  15. Enter in your forest name, username (must be in domain\username format), and password (Active Directory on-premise credentials) and click Add Forest
    Microsoft Azure Active Directory Sync Services - AD DS Credentials

    1. Note: If you are unsure what your forest name is, login to your domain controller and execute the following powershell command to list all forests in your deployment:
       Get-AdForest | FT Name
  16. Click Next once your forest has been validated
    Microsoft Azure Active Directory Sync Services - AD DS Credentials - Forests Validated
  17. Click Next on User Matching
    Microsoft Azure Active Directory Sync Services - User Matching
  18. Check the boxes that are applicable to your deployment and click Next
    Microsoft Azure Active Directory Sync Services - Optional Features
  19. Click Configure
    Microsoft Azure Active Directory Sync Services - Configure
  20. Click Finish
    Microsoft Azure Active Directory Sync Services - Finish

 

How to administratively forward Lync calls or numbers

1 Reply

Scenario: A user leaves the organization and you would like to forward their number/calls to a manager.

Solution: Microsoft has a Lync Server 2013 (and 2010) Resource Kit that contains a command-line tool called SEFAUtil (secondary extension feature activation) which can be used to achieve this task.  Before beginning, I would recommend taking a look at the official TechNet article/documentation on the utility itself: http://technet.microsoft.com/en-us/library/jj945604.aspx  In this tutorial, we will download the tool and execute the proper commands to configure call forwarding for a specified user.

  1. Download a copy of the Lync Server 2013 Resource Kit from Microsoft's website here: http://go.microsoft.com/fwlink/p/?LinkID=330429
  2. Run the installer from your Front End Server/Pool
    OCSReskit_msi
    Lync Server 2013 - Resource Kit - Welcome
    Lync Server 2013 - Resource Kit - EULA
    Lync Server 2013 - Resource Kit - Destination Folder
    Lync Server 2013 - Resource Kit - Install
    Lync Server 2013 - Resource Kit - Finish
  3. Create a trusted application pool
    1. Execute the following command
      1. $Site=Get-CsSite -Identity "My Site"
        Lync Server 2013 - Get-CsSite - Variable

        1. Note: If you don't know what to substitute for My Site, execute the following command to see what sites you have available and then use the Identity value.
          1. Get-CsSite
            Lync Server 2013 - Get-CsSite
      2. Execute the following command
        1. New-CsTrustedApplicationPool -id <Pool FQDN> -Registrar <Pool Registrar FQDN> -site $Site.SiteID
          Lync Server 2013 - New-CsTrustedApplicationPool

          1. Note: Technically we didn't need to run the 1st command, however this can help cut-down on user error.  Additionally, if you have multiple sites and you knew what site you wanted to use but not the ID, this helps skip a step.
  4. Define SEFAUtil as a trusted application in the Lync topology
    1. Execute the following command
      1. New-CsTrustedApplication -ApplicationId sefautil -TrustedApplicationPoolFqdn <Pool FQDN> -Port 7489
        Lync Server 2013 - New-CsTrustedApplication sefautil
  5. Enable the Lync topology to commit the changes
    1. Enable-CsTopology
      Lync Server 2013 - New-CsTrustedApplication sefautil - Enable-CsTopology
  6. Forward a user's number
    1. Navigate to %ProgramFiles%\Microsoft Lync Server 2013\ResKit
      Lync Server 2013 - Navigate ResKit
    2. Execute the following command
      1. SEFAUtil.exe /Server:<Pool FQDN> [email protected] /enablefwdimmediate /setfwddestination:[email protected]
        SEFAUtil enablefwdimmediate setfwddestination

That should be it!

Note: If you are more comfortable using a GUI or don't wish to type in multiple powershell commands, I would highly recommend checking out Johan Veldhuis's SefaUtil GUI PowerShell script.  Once you are done following steps 1-5 above, you you can grab a copy of the script here: http://johanveldhuis.nl/sefautil-gui/sefautil-gui/

[How-To] Import large .sql file into MSSQL (Microsoft SQL) Server

Leave a reply

Objective: You have a .sql file you wish to import in Microsoft SQL Server (MSSQL)

Solution: Microsoft has a command line utility called Sqlcmd that can be used to import very large datasets into SQL server without having to open the file.  More information on this utility can be found here: http://msdn.microsoft.com/en-us/library/ms162773.aspx

Here is a snippit of the utility and its available switches before beginning:

C:\Users\Administrator>sqlcmd /?

usage: Sqlcmd            [-U login id]          [-P password]
  [-S server]            [-H hostname]          [-E trusted connection]
  [-N Encrypt Connection][-C Trust Server Certificate]
  [-d use database name] [-l login timeout]     [-t query timeout]
  [-h headers]           [-s colseparator]      [-w screen width]
  [-a packetsize]        [-e echo input]        [-I Enable Quoted Identifiers]
  [-c cmdend]            [-L[c] list servers[clean output]]
  [-q "cmdline query"]   [-Q "cmdline query" and exit]
  [-m errorlevel]        [-V severitylevel]     [-W remove trailing spaces]
  [-u unicode output]    [-r[0|1] msgs to stderr]
  [-i inputfile]         [-o outputfile]        [-z new password]
  [-f  | i:[,o:]] [-Z new password and exit]
  [-k[1|2] remove[replace] control characters]
  [-y variable length type display width]
  [-Y fixed length type display width]
  [-p[1] print statistics[colon format]]
  [-R use client regional setting]
  [-K application intent]
  [-M multisubnet failover]
  [-b On error batch abort]
  [-v var = "value"...]  [-A dedicated admin connection]
  [-X[1] disable commands, startup script, environment variables [and exit]]
  [-x disable variable substitution]
  [-? show syntax summary]

Here is an example of how to use the utility:

  1. Open up a command prompt
    1. Note: Administrative privileges are optional depending on how you have your security settings configured.
      Server 2012 - Administrative Command Prompt
  2. Execute the following command
    1. sqlcmd -S SERVERNAME\INSTANCE_NAME -i C:\path\mysqlfile.sql
      1. Here are some notes/tricks you might want to use:
        • If you are using the default instance when you installed MSSQL server, you don't have to specify \INSTANCE_NAME
        • You can log results to a text file by appending the following switch: -o C:\path\results.txt
        • You can specify a database to import to by appending the following switch: -d MYDATABASE
        • You can specify username and password by appending the following switch: -u USERNAME -p PASSWORD
          --Note: You can wait to be prompted for credentials by optionally leaving out the -p switch, however if you are piping the results out to notepad, the command will not fully execute.

 

[How-To] Upgrade the firmware on a Dell PowerConnect N2000/3000 series switch

6 Replies
  1. Download the latest firmware from Dell's website
    1. Navigate to http://www.dell.com/support/ and enter in your service tag.  You should see downloads for this product, grab the latest firmware that is in a zipped folder.
  2. Extract the .zip folder of the firmware
    N2000 Firmware
  3. Console into the switch via SSH or direct console
  4. Copy the current configuration to startup
    1. console#> copy running-config startup-config
      N2000-3000 - copy running-config startup-config
  5. Transfer the firmware to the switch
    1. TFTP Method
      1. console#> tftp://N3000_2000v6.1.2.4.stk backup
    2. USB Method (Directly attached to switch)
      1. console#> usb://N3000_2000v6.1.2.4.stk backup
        N2000-3000 - usb transfer - backup
  6. Verify the backup version is the new build
    1. console#> show version
      N2000-3000 - backup - version
  7. Activate the new firmware
    1. console#> boot system backup
      N2000-3000 - backup - boot system backup
  8. Reboot the switch
    1. console#> reload
      N2000-3000 - update bootcode - reload
  9. Verify the build is now up-to-date
    1. console#> show version
      N2000-3000 - show version - active - 6_1_2_4
  10. Update the boot code
    1. console#> update bootcode
      N2000-3000 - show version - active - 6_1_2_4 - update bootcode
  11. Reboot the switch
    1. console#> reload
      N2000-3000 - update bootcode - reload

That should do it!

Office 365 - Renew your certificates (on-premise ADFS) alert

1 Reply

Symptom: After you replace your SSL certificates on your ADFS servers you continue to receive the following alert inside of the Office 365 portal.

Renew your certificates
One of your on-premises Federation Service certificates is expiring.  Failure to renew the certificate and update trust properties within XX days will result in a loss of access to all Office 365 services for all users.  Update now

Office 365 - Alert - Renew your certificates

Solution: This error can be caused if any of the three primary SSL Certificates that are required to federate to an external identity are nearing their experation date (Service Communications, Token-decrpting, and Token-signing).

Verify which SSL certificate is about to expire

  1. Login to your primary ADFS server
  2. Open up Server Manager
    Server 2012 R2 - Server Manager
  3. Select Tools -> AD FS Management
    Server Manager - Tools - AD FS Management
  4. Under AD FS expand Service and select Certificates
    AD FS Management Console - AD FS - Service - Certificates
  5. Verify if any certificates are set to expire
    1. Note: In this case, you can see the Token-decrypting and Token-signing certificates are set to expire soon

Replace the expir(ed)(ing) certificates

Unfortunately, I don't currently have a tutorial on the processes behind replacing each certificate.  The process for replacing each certificate is a tad different.  Here are a few articles that might help you:

Replacing the Service Communication certificate: http://blogs.technet.com/b/tune_in_to_windows_intune/archive/2013/11/13/replace-certificates-on-adfs-3-0.aspx

Replacing the token-signing and token-decrypting certificates can be found here: http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-2-0-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx#Replacing_the_Token-Signing_certificate

Update the federated trust with Office 365

  1. Once your certificates are not nearing their experation date, open up the Windows Azure Active Direcotry Module for Windows PowerShell as an administrator
    1. Note: Installation instructions and the download for this can be found here: http://technet.microsoft.com/en-us/library/jj151815.aspx
      Windows Azure Active Directory Module for Windows PowerShell
  2. Execute the following command
    1.  Connect-MsolService
      Windows Azure Active Directory Module for Windows PowerShell - Connect-MsolService

      1. Note: Enter in your Office 365 administrator credentials on this step
  3. Execute the following command
    1. Update-MsolFederatedDomain -DomainName mydomain.com -SupportMultiDomain
      Windows Azure Active Directory Module for Windows PowerShell - Connect-msolservice - update-msolfederateddomain

      1. Note: Replace mydomain.com with your federated domain.  If you have multiple domains you are federating with Office 365, add the optional -SupportMultiDomain paramter as well

[Tutorial] Deploying a reverse proxy for Lync Server 2013

Leave a reply

In this tutorial we will go over deploying a reverse proxy for Lync Server 2013.  The original method for deploying a reverse proxy was to use Microsoft's product ForeFront TMG (Threat Management Gateway), however shortly after the release of Lync Server 2013, TMG was discontinued.  In turn, a few tutorials have popped up on how to achieve this using Apache and IIS, but there wasn't an official recommendation on what to use until Server 2012 was released.

Per Microsoft's documentation, we can use IIS with an additional extension called Application Request Routing to achieve this task: http://technet.microsoft.com/en-us/library/gg398069.aspx

Details on the IIS Application and Request Routing extension can be found here: http://www.iis.net/downloads/microsoft/application-request-routing

Side note, much of this guide is largely based on an older technet article published here, which has some additional fine details on how exactly IIS is working to proxy the requests: http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx

This tutorial will go over installation instructions from start to finish for Server 2012 and Server 2012 R2.  I have attached the links on how to get Server 2008 and Server 2008 R2 prepped, so you can continue the tutorial once the IIS Application Request Routing extension has been installed.

Download Prerequisite Software

  1. Windows Server 2012 R2
    1. Download IIS Application Request Routing (ARR): http://www.microsoft.com/web/gallery/install.aspx?appid=ARRv3_0
  2. Windows Server 2012
    1. Download (don't install yet) Hotfix for Microsoft Application Request Routing Version 2.5 for IIS7 (KB 2732764) (x64)
    2. Download IIS Application Request Routing (ARR): http://www.microsoft.com/web/gallery/install.aspx?appid=ARRv2_5
  3. Windows Server 2008 and 2008 R2
    1. Ensure you have IIS v7.X installed; instructions on how to do this can be found here: http://www.iis.net/learn/install/installing-iis-7/installing-iis-7-and-above-on-windows-server-2008-or-windows-server-2008-r2
    2. Install Application Request Routing version 2
      1. Instructions can be found here: http://www.iis.net/learn/extensions/installing-application-request-routing-(arr)/install-application-request-routing-version-2

Install IIS for Server 2012 and Server 2012 R2

  1. Please follow my tutorial here: http://jackstromberg.com/2014/11/tutorial-how-to-install-iis-on-server-2012-and-server-2012-r2/

Installing IIS Application Request Routing (ARR) 3

  1. Run the ARRv3_0.exe application as an administrator
    ARRv3_0 - Run as administrator
  2. Click Install
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - Cart

    1. Note:  The cart for the v3.0 installer is shown above.  If you are running version 2.5, you will see 2 items needed for install.  Version 3, only needs one.  This is okay.
      Web Platform Installer 5.0 - Aplication Request Routing 2.5 - Cart
  3. Click I Accept
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - I Accept
  4. Click Finish
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - Finish
  5. Click Exit
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - Exit

Configuring IIS for SSL

  1. Open up Internet Information Services (IIS) Manager
    Server Manager - Tools - Internet Information Services IIS Manager
  2. Select your server and double click on Server Certificates
    LyncRP - Internet Information Services IIS Manager - Home - Server Certificates
  3. Generate or Import your SSL Certificate trusted by a public CA (VeriSign, GoDaddy, etc.)
    1. Note: Generation of this certificate is outside the scope of this tutorial.  This SSL certificate should be the UCC certificate that allows for SAN addresses such aslync, meet, dialin, lyncdiscover, etc.
      LyncRP - Internet Information Services IIS Manager - Server Certificates
  4. Expand your server, expand Sites, select Default Web Site, select Bindings...
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings
  5. Click on Add...
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings - Add
  6. Select https, and choose your SSL certificate you imported in the previous step, click OK
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings - Add - https
  7. Click Close
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings - Add - Close

Create Server Farms

  1. Select Server Farms and then click on Create Server Farm...
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm
  2. Enter in the Server farm name and click Next
    1. Note: We will end up creating farm names for each externally published URL.  This can be lync, dialin, meet, etc, order will not matter. For the sake of this tutorial, I am going to use lync first.
      LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Server Farm Name
  3. Enter the Server address (same as farm name before), click Advanced Settings..., expand applicationRequestRouting
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server
  4. Change the httpPort to 8080 and httpsPort to 4443 and click Add
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - applicationRequestRouting Ports
  5. Click Finish
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - applicationRequestRouting Ports - Finish
  6. Click Yes on the Rewrite Rules dialog
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - applicationRequestRouting Ports - Finish - Rewrite Rules Dialog
  7. Repeat steps 1-6 for dialin, meet, and lyncdiscover
    LyncRP - Internet Information Services IIS Manager - Server Farms - meet-dialin-lyncdiscver
  8. For your Lync Web Apps server (lyncwac), continue repeat steps 1-6, however ensure you use ports 80 and 443 instead of 8080 and 4443.  This is needed to communicate properly with the WAC server.
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - lyncwacLyncRP - Internet Information Services IIS Manager - Server Farms - meet-dialin-lyncdiscver-lyncwac

Configure IIS Caching, Proxy Timeouts, and Routing Rules

For each of the server farms we created, repeat the following steps:

  1. Select a Server Farm and double click on Caching
    LyncRP - Internet Information Services IIS Manager - Server Farms - Caching
  2. Uncheck Enable disk cache and click Apply
    LyncRP - Internet Information Services IIS Manager - Server Farms - Caching - Uncheck Enable disk cache
  3. Select the same Server Farm object and double click on Proxy
    LyncRP - Internet Information Services IIS Manager - Server Farms - Proxy
  4. Change the Time-out (seconds) from 30 seconds to 600 and click Apply
    1. Note: This is needed to prevent the Lync Web Apps server from timing out unexpectedly.  Microsoft recommends this setting to be 200, but this isn't long enough for iOS clients.  Increasing this to 600 will fix the issue where iOS clients prompt with the following error message "Your server configuration has changed. Please restart Lync.".LyncRP - Internet Information Services IIS Manager - Server Farms - Proxy - Time-out 200
  5. Select the same Server Farm object and double click on Routing Rules
    LyncRP - Internet Information Services IIS Manager - Server Farms - Routing Rules
  6. Uncheck Enable SSL offloading and click Apply
    LyncRP - Internet Information Services IIS Manager - Server Farms - Routing Rules - Uncheck Enable SSL offloading

Configure IIS URL Rewrites

  1.  Select your IIS Server and double click on URL Rewrite
    LyncRP - Internet Information Services IIS Manager - URL Rewrite
  2. Go through and Remove all of the non _SSL Inbound Rules
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Remove - Non-SSL
    The result should look like this:
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Remove - Non-SSL - Removed
  3. Select a rule and click on Add... underneath the Conditions actions pane
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Add
  4. Enter {HTTP_HOST} for the Condition input and enter role.* for your Pattern
    1. Where role is meet, dialin, lyncdiscover, etc.
      LyncRP - Internet Information Services IIS Manager - URL Rewrite - Add - HTTP_HOST
  5. Repeat steps 3-4 for each SSL rule for a result like this
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Rules

That should be it! 🙂

[Tutorial] How to install IIS on Server 2012 and Server 2012 R2

1 Reply

Here is a tutorial on how to install IIS on Server 2012 and Server 2012 R2.  The installation process for this is very straight forward and does not differ much from Server 2008 R2.  This guide will only go over the basic install, additional configuration of IIS is outside the scope of this tutorial.  Before beginning, you can choose to install IIS via PowerShell or the GUI.  Either option will result with the exact same configuration.

PowerShell

  1. Open an elevated PowerShell console
    Server 2012 - PowerShell - Run as Administrator
  2. Execute the following command
    1. Install-WindowsFeature -Name Web-Server, Web-Mgmt-Tools
      PowerShell - Install-WindowsFeature -Name Web-Server Web-Mgmt-Tools

      1. Note: Web-Mgmt-Tools is optional, but in most instances added to get the Internet Information Services (IIS) Manager GUI snap-in to manage IIS

GUI

  1. Open Server Manager
    Server Manager
  2. Click on Manage - Add Roles and Features
    Server 2012 - Manage - Add Roles and Features
  3. Click Next > on the Before You Begin screen
    Add Roles and Features Wizard - Before you begin
  4. Click Next > on the Installation Type screen
    Add Roles and Features Wizard - Select installation type
  5. Click Next > on the Server Selection screen
    Add Roles and Features Wizard - Confirm installation selections - Restart the destination server automatically if required
  6. Select Web Server (IIS) from the list on Server Roles and click on the Add Features button once prompted.  Click Next >
    Add Roles and Features Wizard - Add features that are required for web server iis
    Add Roles and Features Wizard - Server Roles - Web Server IIS
  7. Click Next > on the Features screen
    Add Roles and Features Wizard - Features - Default
  8. Click Next > on the Web Server Role (IIS) screen
    Add Roles and Features Wizard - Web Server Role IIS
  9. Click Next > on the Role Services screen
    Add Roles and Features Wizard - Web Server Role IIS - Role Services
  10. Click Install on the Confirmation screen
    Add Roles and Features Wizard - Web Sever Role - Confirmation

[Tutorial] How to change the asset tag on a Surface Pro 3

Leave a reply

Scenario: When logging into the UEFI BIOS, you can see the asset tag's current value set as 0, but are unable to change it.

Solution: To change the asset tag on a Surface Pro 3, you must download a utility by Microsoft.

Note: Before beginning, please ensure you are using UEFI firmware version 3.9.150.0 or later

  1. Download a copy of the Surface Pro 3 Asset Tag CLI Utility from here (Surface Asset Tag.zip):
    https://www.microsoft.com/en-us/download/details.aspx?id=46703
  2. Extract the files from the zipped folder
  3. Open up an elevated command prompt
    Elevated Command Prompt
  4. Navigate to the folder you extracted the Surface Pro 3 Asset Tag CLI utility to
    Surface pro 3 AssetTag Directory
  5. Execute the following command
    1. AssetTag.exe -s ENTERYOURASSETTAGHERE
      AssetTag set Surface Pro 3
       

       

      1. Note: The asset tag can be up to 36 characters long. Valid characters include A-Z, a-z, 0-9, period and hyphen.
  6. Reboot the machine for the changes to take effect

 

About the tool

The utility comes with a readme on additional functionality.  This is copied directly from the Surface Pro 3 Asset Tag README.txt file for convience:

This tool gets or sets the proposed Asset Tag, which will be applied on next reboot.

The current Asset Tag is an SMBIOS setting which can be queried via WMI:
(Get-WmiObject -query "Select * from Win32_SystemEnclosure").SMBiosAssetTag

Get proposed asset tag:
AssetTag -g

Clear proposed asset tag:
AssetTag -s

Set proposed asset tag:
AssetTag -s ABc-45.67

Valid values:
The asset tag can be up to 36 characters long.
Valid characters include A-Z, a-z, 0-9, period and hyphen.

PowerShell script demonstrating way to get proposed value and interpret errors.
Note that stout contains the Asset Tag and stderr contains error messages.

AssetTag -g > $asset_tag 2> $error_message
$asset_tag_return_code = $LASTEXITCODE
$asset_tag = $asset_tag.Trim("`r`n")

if ($asset_tag_return_code -eq 0) {
Write-Output ("Good Tag = " + $asset_tag)
} else {
Write-Output (
"Failure: Code = " + $asset_tag_return_code +
"Tag = " + $asset_tag +
"Message = " + $error_message)
}

Update: Microsoft has posted official documentation on these steps here: https://docs.microsoft.com/en-us/surface/assettag

Cisco AnyConnect - Windows 8 - The VPN client driver encountered an error. Please restart your computer or device, then try again error

4 Replies

Symptom: You receive the following error when trying to establish a connection with the Cisco AnyConnect client on Windows 8 x64.

Cisco AnyConnect VPN Client - The VPN client driver encountered an error. Please restart your computer or device then try again error

Solution:

Option 1: PowerShell Method

  1. Go to the Windows 8 Start screen, search for PowerShell, Run as an Administrator
    Windows 8 - Search - powershell - run as administrator
  2. Execute the following powershell command
    1. Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\vpnva -Name DisplayName -Value ‘Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64‘
      PowerShell-Set-vpnva-DisplayName-Cisco-AnyConnect-VPN
  3. Exit and reopen the Cisco AnyConnect Program

Option 2: Registry Editor GUI Method

  1. Go to the Windows 8 Start screen, search for regedit, right click Run as administrator
    Windows 8 - Search - regedit - Run as administrator
  2. Navigate to the following registry key
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vpnva
    HKEY_LOCAL_MACHINE-System-CurrentControlSet-Services-vpnva
  3. Double cick on the DisplayName value and replace the value with Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    HKEY_LOCAL_MACHINE-System-CurrentControlSet-Services-vpnva - DisplayName - Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    HKEY_LOCAL_MACHINE-System-CurrentControlSet-Services-vpnva - DisplayName - Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 - regedit
  4. Exit and reopen the Cisco AnyConnect VPN client

System Center 2012 R2 Configuration Manager - CcmSetup failed with error code 0x87d00280

Leave a reply

Symptom: When trying to install the System Center 2012 R2 Configuration Manager client manually, the client seems to never finish the install.  When opening the install log in C:\Windows\ccmsetup\Logs\ccmsetup.log, you will notice the following behavior, pointing mostly to client HTTPS/certificate errors.

<![LOG[==========[ ccmsetup started in process 2576 ]==========]LOG]!><time="16:00:01.707+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:9437">
<![LOG[Running on platform X64]LOG]!><time="16:00:01.817+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="util.cpp:1837">
<![LOG[Launch from folder \\SCCM01\Manual Client Install\]LOG]!><time="16:00:01.817+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:721">
<![LOG[CcmSetup version: 5.0.7958.1000]LOG]!><time="16:00:01.817+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:727">
<![LOG[Running on 'Microsoft Windows 7 Professional ' (6.1.7601). Service Pack (1.0). SuiteMask = 272. Product Type = 18]LOG]!><time="16:00:01.895+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="util.cpp:1919">
<![LOG[Ccmsetup command line: "\\SCCM01\Manual Client Install\ccmsetup.exe" ]LOG]!><time="16:00:01.895+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:3590">
<![LOG[Local Machine is joined to an AD domain]LOG]!><time="16:00:01.895+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsad.cpp:714">
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time="16:00:02.035+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:842">
<![LOG[Domain joined client is in Intranet]LOG]!><time="16:00:02.035+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:1047">
<![LOG[DhcpGetOriginalSubnetMask entry point is supported.]LOG]!><time="16:00:02.035+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmiputil.cpp:117">
<![LOG[Begin checking Alternate Network Configuration]LOG]!><time="16:00:02.035+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmiputil.cpp:1095">
<![LOG[Finished checking Alternate Network Configuration]LOG]!><time="16:00:02.035+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmiputil.cpp:1172">
<![LOG[Adapter {39CB0535-CE77-4ED9-9807-2DB558378C86} is DHCP enabled. Checking quarantine status.]LOG]!><time="16:00:02.051+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmiputil.cpp:436">
<![LOG[Current AD site of machine is SomewhereOverTheRainbow]LOG]!><time="16:00:02.066+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:770">
<![LOG[Attempting to query AD for assigned site code]LOG]!><time="16:00:02.066+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsad.cpp:2071">
<![LOG[Performing AD query: '(&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=3232279113)(MSSMSRangedIPHigh>=3232279113))))']LOG]!><time="16:00:02.456+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsad.cpp:656">
<![LOG[Performing AD query: '(&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=192.168.1.0)(mSSMSRoamingBoundaries=SomewhereOverTheRainbox)(mSSMSSiteCode=001)))']LOG]!><time="16:00:02.924+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsad.cpp:656">
<![LOG[LSIsSiteCompatible : Verifying Site Compatibility for <001>]LOG]!><time="16:00:02.924+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:5419">
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time="16:00:02.924+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:842">
<![LOG[Domain joined client is in Intranet]LOG]!><time="16:00:02.924+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:1047">
<![LOG[LSGetSiteVersionFromAD : Attempting to query AD for MPs for site '001']LOG]!><time="16:00:02.924+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsad.cpp:5248">
<![LOG[Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSSiteCode=001))']LOG]!><time="16:00:02.924+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsad.cpp:656">
<![LOG[LSGetSiteVersionFromAD : Successfully retrieved version '5.00.7958.1000' for site '001']LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:5317">
<![LOG[LSIsSiteCompatible : Site Version = '5.00.7958.1000' Site Capabilities = <Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsad.cpp:5474">
<![LOG[LSIsSiteVersionCompatible : Site Version '5.00.7958.1000' is compatible.]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:5385">
<![LOG[LSIsSiteCompatible : Site <001> Version '5.00.7958.1000' is compatible.]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:5486">
<![LOG[LSGetAssignedSiteFromAD : Trying to Assign to the Site <001>]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:2192">
<![LOG[Got site code '001' from AD.]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:266">
<![LOG[Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=001))']LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsad.cpp:656">
<![LOG[OperationalXml '<ClientOperationalSettings><Version>5.00.7958.1000</Version><SecurityConfiguration><SecurityModeMask>63</SecurityModeMask><SecurityModeMaskEx>63</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers>CN=My Domain Root CA; OU=IT; O=My Domain; C=US</CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>CertificateInfoRemoved</SiteSigningCert></SecurityConfiguration><RootSiteCode>001</RootSiteCode><CCM> <CommandLine>SMSSITECODE=001</CommandLine> </CCM><FSP> <FSPServer></FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSL" Version="1" /><Property Name="SSLState" Value="63" /></Capabilities><Domain Value="mydomain.local" /><Forest Value="mydomain.local" /></ClientOperationalSettings>']LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsadcache.cpp:236">
<![LOG[Unable to open Registry key Software\Microsoft\CCM. Return Code [80070002]. Client HTTPS state is Unknown.]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmutillib.cpp:373">
<![LOG[The MP name retrieved is 'SCCM01.mydomain.local' with version '7958' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>']LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsadcache.cpp:334">
<![LOG[MP 'SCCM01.mydomain.local' is compatible]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsadcache.cpp:339">
<![LOG[Retrieved 1 MP records from AD for site '001']LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsadcache.cpp:287">
<![LOG[FromAD: command line = SMSSITECODE=001]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:288">
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:842">
<![LOG[Domain joined client is in Intranet]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="lsad.cpp:1047">
<![LOG[CMPInfoFromADCache requests are throttled for 01:07:09]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="lsadcache.cpp:173">
<![LOG[Found MP https://SCCM01.mydomain.local from AD]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:6197">
<![LOG[SslState value: 255]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:4425">
<![LOG[Ccmsetup was run without any user parameters specified. Running without registering ccmsetup as a service.]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:4490">
<![LOG[Detected sitecode '001' from AD.]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:4500">
<![LOG[CCMHTTPPORT: 80]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:8617">
<![LOG[CCMHTTPSPORT: 443]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:8632">
<![LOG[CCMHTTPSSTATE: 255]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:8650">
<![LOG[CCMHTTPSCERTNAME: ]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:8668">
<![LOG[FSP: ]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:8720">
<![LOG[CCMCERTISSUERS: CN=My Domain Root CA; OU=IT; O=My Domain; C=US]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:8746">
<![LOG[CCMFIRSTCERT: 1]LOG]!><time="16:00:02.940+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:8778">
<![LOG[Config file: ]LOG]!><time="16:00:03.018+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:4539">
<![LOG[Retry time: 10 minute(s)]LOG]!><time="16:00:03.018+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:4540">
<![LOG[MSI log file: C:\Windows\ccmsetup\Logs\client.msi.log]LOG]!><time="16:00:03.018+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:4541">
<![LOG[MSI properties: SMSSITECODE="001" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="255" CCMCERTISSUERS="CN=My Domain Root CA; OU=IT; O=My Domain; C=US" CCMFIRSTCERT="1"]LOG]!><time="16:00:03.018+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:4542">
<![LOG[Source List:]LOG]!><time="16:00:03.018+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:4550">
<![LOG[MPs:]LOG]!><time="16:00:03.018+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:4569">
<![LOG[ https://SCCM01.mydomain.local]LOG]!><time="16:00:03.018+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:4584">
<![LOG[No version of the client is currently detected.]LOG]!><time="16:00:03.018+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:2748">
<![LOG[Folder 'Microsoft\Configuration Manager' not found. Task does not exist.]LOG]!><time="16:00:03.018+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="wintask.cpp:622">
<![LOG[Updated security on object C:\Windows\ccmsetup\.]LOG]!><time="16:00:03.033+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9281">
<![LOG[A Fallback Status Point has not been specified. Message with STATEID='100' will not be sent.]LOG]!><time="16:00:03.033+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:9763">
<![LOG[Downloading file \\SCCM01\Manual Client Install\ccmsetup.exe]LOG]!><time="16:00:04.048+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:5685">
<![LOG[Downloading \\SCCM01\Manual Client Install\ccmsetup.exe to C:\Windows\ccmsetup\ccmsetup.exe]LOG]!><time="16:00:04.048+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:5769">
<![LOG[File download 3% complete (61440 of 1614520 bytes).]LOG]!><time="16:00:04.079+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 7% complete (122880 of 1614520 bytes).]LOG]!><time="16:00:04.079+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 11% complete (184320 of 1614520 bytes).]LOG]!><time="16:00:04.079+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 15% complete (245760 of 1614520 bytes).]LOG]!><time="16:00:04.126+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 19% complete (307200 of 1614520 bytes).]LOG]!><time="16:00:04.126+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 22% complete (368640 of 1614520 bytes).]LOG]!><time="16:00:04.126+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 26% complete (430080 of 1614520 bytes).]LOG]!><time="16:00:04.126+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 30% complete (491520 of 1614520 bytes).]LOG]!><time="16:00:04.172+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 34% complete (552960 of 1614520 bytes).]LOG]!><time="16:00:04.172+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 38% complete (614400 of 1614520 bytes).]LOG]!><time="16:00:04.172+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 41% complete (675840 of 1614520 bytes).]LOG]!><time="16:00:04.172+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 45% complete (737280 of 1614520 bytes).]LOG]!><time="16:00:04.219+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 49% complete (798720 of 1614520 bytes).]LOG]!><time="16:00:04.219+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 53% complete (860160 of 1614520 bytes).]LOG]!><time="16:00:04.219+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 57% complete (921600 of 1614520 bytes).]LOG]!><time="16:00:04.219+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 60% complete (983040 of 1614520 bytes).]LOG]!><time="16:00:04.250+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 64% complete (1044480 of 1614520 bytes).]LOG]!><time="16:00:04.250+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 68% complete (1105920 of 1614520 bytes).]LOG]!><time="16:00:04.266+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 72% complete (1167360 of 1614520 bytes).]LOG]!><time="16:00:04.266+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 76% complete (1228800 of 1614520 bytes).]LOG]!><time="16:00:04.313+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 79% complete (1290240 of 1614520 bytes).]LOG]!><time="16:00:04.313+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 83% complete (1351680 of 1614520 bytes).]LOG]!><time="16:00:04.313+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 87% complete (1413120 of 1614520 bytes).]LOG]!><time="16:00:04.313+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 91% complete (1474560 of 1614520 bytes).]LOG]!><time="16:00:04.344+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 95% complete (1536000 of 1614520 bytes).]LOG]!><time="16:00:04.344+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 98% complete (1597440 of 1614520 bytes).]LOG]!><time="16:00:04.344+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[File download 100% complete (1614520 of 1614520 bytes).]LOG]!><time="16:00:04.391+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:9185">
<![LOG[Download complete.]LOG]!><time="16:00:04.391+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:5867">
<![LOG[Running as user "ej.admin"]LOG]!><time="16:00:05.311+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:1995">
<![LOG[Detected 223212 MB free disk space on system drive.]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="util.cpp:628">
<![LOG[Checking Write Filter Status.]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:2024">
<![LOG[This is not a supported write filter device. We are not in a write filter maintenance mode.]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:2051">
<![LOG[SiteCode: 001]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:2076">
<![LOG[SiteVersion: 5.00.7958.1000]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:2077">
<![LOG[Only one MP https://SCCM01.mydomain.local is specified. Use it.]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:10080">
<![LOG[Searching for DP locations from MP(s)...]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:11018">
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="LocationServices" context="" type="1" thread="2624" file="lsad.cpp:842">
<![LOG[Domain joined client is in Intranet]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="LocationServices" context="" type="1" thread="2624" file="lsad.cpp:1047">
<![LOG[Current AD site of machine is SomewhereOverTheRainbow]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="LocationServices" context="" type="1" thread="2624" file="lsad.cpp:770">
<![LOG[DHCP entry points already initialized.]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="LocationServices" context="" type="0" thread="2624" file="ccmiputil.cpp:75">
<![LOG[Begin checking Alternate Network Configuration]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="LocationServices" context="" type="0" thread="2624" file="ccmiputil.cpp:1095">
<![LOG[Finished checking Alternate Network Configuration]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="LocationServices" context="" type="0" thread="2624" file="ccmiputil.cpp:1172">
<![LOG[Adapter {39CB0535-CE77-4ED9-9807-2DB558378C86} is DHCP enabled. Checking quarantine status.]LOG]!><time="16:00:05.327+300" date="09-19-2014" component="LocationServices" context="" type="0" thread="2624" file="ccmiputil.cpp:436">
<![LOG[Sending message body '<ContentLocationRequest SchemaVersion="1.00">
<AssignedSite SiteCode="001"/>
<ClientPackage/>
<ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0" UseInternetDP="0">
<ADSite Name="SomewhereOverTheRainbow"/>
<Forest Name="mydomain.local"/>
<Domain Name="mydomain.local"/>
<IPAddresses>
<IPAddress SubnetAddress="192.168.1.0" Address="192.168.1.73"/>
</IPAddresses>
</ClientLocationInfo>
</ContentLocationRequest>
']LOG]!><time="16:00:05.342+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="siteinfo.cpp:96">
<![LOG[Sending message header '<Msg SchemaVersion="1.1"><ID>{F41949F6-9FCA-4C08-AB45-AD13397E03E4}</ID><SourceHost>MACHINENAME</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:MACHINENAME:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>https://SCCM01.mydomain.local</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-09-19T21:00:05Z</SentTime><Body Type="ByteRange" Offset="0" Length="1146"/><Hooks><Hook3 Name="zlib-compress"/></Hooks><Payload Type="inline"/></Msg>']LOG]!><time="16:00:05.342+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="siteinfo.cpp:177">
<![LOG[CCM_POST 'https://SCCM01.mydomain.local/ccm_system/request']LOG]!><time="16:00:05.342+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="httphelper.cpp:807">
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="16:00:05.389+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4393">
<![LOG[Certificate Issuer 1 [CN=My Domain Root CA; OU=IT; O=My Domain; C=US]]LOG]!><time="16:00:05.389+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4409">
<![LOG[Finding certificate by issuer chain returned error 80092004]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="2" thread="2624" file="ccmcert.cpp:4516">
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4550">
<![LOG[Unable to find any Certificate based on Certificate Issuers]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="2" thread="2624" file="ccmcert.cpp:4702">
<![LOG[Locate client certificate bypassing Certificate Issuers restriction]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:6121">
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4393">
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4550">
<![LOG[Begin to select client certificate]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4706">
<![LOG[The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmcert.cpp:4742">
<![LOG[There are no certificates in the 'MY' store.]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4764">
<![LOG[GetSSLCertificateContext failed with error 0x87d00280]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="ccmsetup.cpp:6141">
<![LOG[A Fallback Status Point has not been specified. Message with STATEID='315' will not be sent.]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:9763">
<![LOG[GetHttpRequestObjects failed for verb: 'CCM_POST', url: 'https://SCCM01.mydomain.local/ccm_system/request']LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="httphelper.cpp:947">
<![LOG[GetDPLocations failed with error 0x87d00280]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="siteinfo.cpp:532">
<![LOG[Failed to get DP locations as the expected version from MP 'https://SCCM01.mydomain.local'. Error 0x87d00280]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="2" thread="2624" file="ccmsetup.cpp:11261">
<![LOG[A Fallback Status Point has not been specified. Message with STATEID='101' will not be sent.]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:9763">
<![LOG[Next retry in 10 minute(s)...]LOG]!><time="16:00:05.436+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmsetup.cpp:8835">
<![LOG[Current AD forest name is mydomain.local, domain name is mydomain.local]LOG]!><time="16:10:09.190+300" date="09-19-2014" component="LocationServices" context="" type="1" thread="2624" file="lsad.cpp:842">
<![LOG[Domain joined client is in Intranet]LOG]!><time="16:10:09.190+300" date="09-19-2014" component="LocationServices" context="" type="1" thread="2624" file="lsad.cpp:1047">
<![LOG[Current AD site of machine is SomewhereOverTheRainbow]LOG]!><time="16:10:09.299+300" date="09-19-2014" component="LocationServices" context="" type="1" thread="2624" file="lsad.cpp:770">
<![LOG[DHCP entry points already initialized.]LOG]!><time="16:10:09.299+300" date="09-19-2014" component="LocationServices" context="" type="0" thread="2624" file="ccmiputil.cpp:75">
<![LOG[Begin checking Alternate Network Configuration]LOG]!><time="16:10:09.299+300" date="09-19-2014" component="LocationServices" context="" type="0" thread="2624" file="ccmiputil.cpp:1095">
<![LOG[Finished checking Alternate Network Configuration]LOG]!><time="16:10:09.299+300" date="09-19-2014" component="LocationServices" context="" type="0" thread="2624" file="ccmiputil.cpp:1172">
<![LOG[Adapter {39CB0535-CE77-4ED9-9807-2DB558378C86} is DHCP enabled. Checking quarantine status.]LOG]!><time="16:10:09.299+300" date="09-19-2014" component="LocationServices" context="" type="0" thread="2624" file="ccmiputil.cpp:436">
<![LOG[Sending message body '<ContentLocationRequest SchemaVersion="1.00">
<AssignedSite SiteCode="001"/>
<ClientPackage/>
<ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0" UseInternetDP="0">
<ADSite Name="SomewhereOverTheRainbow"/>
<Forest Name="mydomain.local"/>
<Domain Name="mydomain.local"/>
<IPAddresses>
<IPAddress SubnetAddress="192.168.1.0" Address="192.168.170.73"/>
</IPAddresses>
</ClientLocationInfo>
</ContentLocationRequest>
']LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="siteinfo.cpp:96">
<![LOG[Sending message header '<Msg SchemaVersion="1.1"><ID>{6DCC55BE-D180-41DC-ACF9-2B909F186F1A}</ID><SourceHost>MACHINENAME</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:MACHINENAME:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>https://SCCM01.mydomain.local</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-09-19T21:10:09Z</SentTime><Body Type="ByteRange" Offset="0" Length="1146"/><Hooks><Hook3 Name="zlib-compress"/></Hooks><Payload Type="inline"/></Msg>']LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="siteinfo.cpp:177">
<![LOG[CCM_POST 'https://SCCM01.mydomain.local/ccm_system/request']LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="httphelper.cpp:807">
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4393">
<![LOG[Certificate Issuer 1 [CN=My Domain Root CA; OU=IT; O=My Domain; C=US]]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4409">
<![LOG[Finding certificate by issuer chain returned error 80092004]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="2" thread="2624" file="ccmcert.cpp:4516">
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4550">
<![LOG[Unable to find any Certificate based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="2" thread="2624" file="ccmcert.cpp:4702">
<![LOG[Locate client certificate bypassing Certificate Issuers restriction]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:6121">
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4393">
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4550">
<![LOG[Begin to select client certificate]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4706">
<![LOG[The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmcert.cpp:4742">
<![LOG[There are no certificates in the 'MY' store.]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4764">
<![LOG[GetSSLCertificateContext failed with error 0x87d00280]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="ccmsetup.cpp:6141">
<![LOG[GetHttpRequestObjects failed for verb: 'CCM_POST', url: 'https://SCCM01.mydomain.local/ccm_system/request']LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="httphelper.cpp:947">
<![LOG[GetDPLocations failed with error 0x87d00280]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="siteinfo.cpp:532">
<![LOG[Failed to get DP locations as the expected version from MP 'https://SCCM01.mydomain.local'. Error 0x87d00280]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="2" thread="2624" file="ccmsetup.cpp:11261">
<![LOG[Failed to find DP locations from MP 'https://SCCM01.mydomain.local' with error 0x87d00280, status code 200. Check next MP.]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="2" thread="2624" file="ccmsetup.cpp:11117">
<![LOG[Only one MP https://SCCM01.mydomain.local is specified. Use it.]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:10080">
<![LOG[Have already tried all MPs. Couldn't find DP locations.]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="ccmsetup.cpp:11146">
<![LOG[GET 'https://SCCM01.mydomain.local/CCM_Client/ccmsetup.cab']LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="httphelper.cpp:807">
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4393">
<![LOG[Certificate Issuer 1 [CN=My Domain Root CA; OU=IT; O=My Domain; C=US]]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4409">
<![LOG[Finding certificate by issuer chain returned error 80092004]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="2" thread="2624" file="ccmcert.cpp:4516">
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4550">
<![LOG[Unable to find any Certificate based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="2" thread="2624" file="ccmcert.cpp:4702">
<![LOG[Locate client certificate bypassing Certificate Issuers restriction]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:6121">
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4393">
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4550">
<![LOG[Begin to select client certificate]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4706">
<![LOG[The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="0" thread="2624" file="ccmcert.cpp:4742">
<![LOG[There are no certificates in the 'MY' store.]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmcert.cpp:4764">
<![LOG[GetSSLCertificateContext failed with error 0x87d00280]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="ccmsetup.cpp:6141">
<![LOG[GetHttpRequestObjects failed for verb: 'GET', url: 'https://SCCM01.mydomain.local/CCM_Client/ccmsetup.cab']LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="httphelper.cpp:947">
<![LOG[DownloadFileByWinHTTP failed with error 0x87d00280]LOG]!><time="16:10:09.315+300" date="09-19-2014" component="ccmsetup" context="" type="3" thread="2624" file="httphelper.cpp:1081">
<![LOG[CcmSetup failed with error code 0x87d00280]LOG]!><time="16:10:09.331+300" date="09-19-2014" component="ccmsetup" context="" type="1" thread="2624" file="ccmsetup.cpp:10879">

Resolution: This behavior is 100% caused by an invalid configuration using HTTPS.  In this particular case, machines were not autoenrolling in machine based certificates, thus, System Center could not authenticate the client and would not allow setup to complete.

Here are some things to try to point you in the general direction of where something may have gone wrong in your deployment:

  1. If you are not using HTTPS (do not have a PKI environment), make sure you have turned off HTTPS configurations for your site.
  2. Ensure your clients are properly configured for autoenrollment
  3. Ensure your clients are actually receiving a machine certificate from autoenrollment
  4. Ensure your certificate authority's certificate and CRL lists are not expired