SCCM 2012 – How to deploy a msu update package

https://fearthemonkey.co.uk/sccm-2012-how-to-deploy-a-msu-update-package

 

Today I had to deploy a Microsoft hotfix that would fix an issue we were experiencing.  The hotfix was a msu file and although I had deployed many msu’s in the past, I realised that I hadn’t blogged the process.  So here we are!

To deploy the msu I will be using the wusa.exe (Windows update standalone installer) that is built into most versions of Windows operating systems.  You can find out more about wusa here: http://support.microsoft.com/kb/934307

The first thing I did was download the hotfix and store the resulting .msu file on my SCCM server where I normally keep all of my application source files.

Next up, I chose to create a new Application:

  1. Select to ‘Manually specify the application information’
    1 - Manually specify app info
  2. Complete the ‘General Information’ screen to your tastes…
    2 - General Info
  3. I chose to leave the ‘Application Catalog’ screen at the defaults as I will not be making this available to the catalog; rather it will be a required device deployment.
    3 - App Catalog
  4. Click the ‘Add’ button so that we can add a new deployment type.
    4 - Deployment Type - Add
  5. Select ‘Script Installer’ and to ‘Manually specifiy the deployment type information’
    5 - Script Installer
  6. For the General Information screen, complete any fields with the appropriate information.  I chose to add ‘x64’ in the name as I downloaded the x64 msu so this deployment type will be for x64 computers only.  Later, you could add a x86 deployment type if you needed to.
    6 - General Info
  7. Browse to where you have stored your msu file and then add the following for the:
    Installation Program:

    wusa.exe "nameOfTheMsu.msu" /quiet /norestart

    Uninstall Program:

    wusa.exe /uninstall "nameOfTheMsu.msu" /quiet /norestart

    * Note that I chose to suppress reboots.
    * Note that the screenshot below will look slightly different to yours as you go through the new application wizard as I made a typo in my original screenshot and fixed it after the application was complete – this gives you a slightly different view but essentially it’s the same.
    uninst

  8. Click the ‘Add Clause’ button
    8 - Add Clause
  9. This is where we will add our detection rule.  In this instance, I looked at the KB article from Microsoft for this particular msu and it showed me the name of the file that would be changed along with the new version number of the changed file.  You will find this information on most hotfix KB’s:
    9 - Detection Rule - Finding out version numbers
  10. Here’s the current version on one of our affected computers…as you can see, the version number is older than the one listed in the hotfix (Step 9 above):
    10 - Current Location and version
  11. Now we know what to look for, the detection rule is easy.  Here’s what my resulting rule looked like which is based on the Microsoft KB:
    11 - Detection Rule
  12. Click next!
    12 - Detection Method Complete
  13. Change the user experience to ‘Install for system’ and ‘Whether or not a user is logged on’ (As I will be making this a required device deployment.)
    13 - User Experience
  14. Click the Add button for our system requirement
    14 - Add Requirements
  15. I simply chose all Windows 7 x64 computers as that is what this particular msu applies to:
    15 - Create Req
  16. The completed requirement:
    16 - Completed req
  17. I did not have any dependencies to add so I clicked next.
    17 - Dependencies
  18. Take a look at the Summary screen:
    18 - Deployment Summary
  19. We have success!
    19 - Deployment Type Success
  20. At this point, we could add a secondary deployment type if we were going to deploy the x86 version of this MSU by clicking the add button.  I am not so I clicked next.
    20 - Next
  21. Another Summary:
    21 - Summary
  22. And we’re done.
    22 - Completion

All that’s left is to upload this to your distribution point and deploy it to your computer collection.

That’s it!

SQL Server 2008, can’t save changes to tables

 

https://chrisbarba.com/2009/04/15/sql-server-2008-cant-save-changes-to-tables/

SQL Server 2008, can’t save changes to tables

When you design a table in a database and then try to make a change to a table structure that requires the table to be recreated, the management tools will not allow you to save the changes.
You will get an error stating, “You have either made changes to a table that can’t be re-created or enabled the option Prevent saving changes that require the table be re-created.”

What a pesky problem.  It prevents you from making progress when you making database changes. It’s a good thing you can turn it off.
This is caused when you make one of the following changes:

  • You change the Allow Nulls setting for a column.
  • You reorder columns in the table.
  • You change the column data type.
  • You add a new column.

Here’s how you fix it.
In Management Studio, go to Tools –> Options –> Designers –> Tables and Designers and uncheck the Prevent Saving Changes that require table re-creation option.
image

Now Management studio will work like expected.

 

WARNING:
Microsoft recommends you don’t turn this option off and that you use T-SQL to make changes to your tables.
Turning off this option will conflict if you have Change Tracking feature turned on.  If you turn off this option and make a change to table with change tracking on all the tracking changes  for that table will also be deleted.
To check if you have change tracking turned on, right click on your table and go to properties, look for the option Change Tracking.

image

Here is the kb article from microsoft: http://support.microsoft.com/default.aspx/kb/956176

 

Internet Explorer Install Failing Even Though Prerequisites Are Installed

Check the IE11_main.log file in C:\Windows. Find which prerequisites the installer is not seeing. Will usually be a time out issue with the WMI Query. Can possibly see one or both of the following errors:

Setup exit code: 0x00009C47 (40007) – Required updates failed to download.

WMI query for Hotfixes timed out. Query string: ‘Select HotFixID from Win32_QuickFixEngineering WHERE HotFixID=”KB2729094″‘  Error: 0x00040004 (262148).

 

  1. Open a powershell window for each prerequisite
  2. Run the following loop command changing the KB number for each prerequisite
    1. While($true){
      Get-WmiObject -Query ‘Select HotFixID from Win32_QuickFixEngineering WHERE HotFixID=”KB2729094″‘}

 

http://www.joejoeinc.com/2015/12/internet-explorer-11-failing-on.html

 

Getting Schannel 36874 Errors

https://social.technet.microsoft.com/Forums/exchange/en-US/7b95a21c-67fc-49a9-8198-b9e364523d27/getting-schannel-36874-errors-on-my-casht-servers?forum=exchange2010

 

 

To workaround this issue, we can set the event logging value to 0 under:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Basically turning off Schannel alerting.

How to renew a self signed certificate in Exchange Server 2007

http://www.ncol.net/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/

How to renew a self signed certificate in Exchange Server 2007

The Exchange 2007 self signs a certificate when the server role is first added for all the Exchange services that run in unison with IIS (smtp & owa etc). The  certificate expires after one  year from the date the server was first installed or the date the certificate was assigned manually.

First, check the status of the certificate by opening the Exchange Management Shell and executing the commandGet-ExchangeCertificate |FL’ – this displays all information about the currently assigned certificates and the status of each certificate.

It is common that they may be more than one certificate listed in the display – if that is the case, find the certificate that shows an expired date in the field ‘NotAfter‘ – as this defines when each certificate becomes invalid/expired. An expired certificate may cause problems such as connectivity to web services, SMTP transport and Outlook prompting certificate security warnings.

Use the following steps to generate a new certificate and enable it to run IIS services:

1. Type ‘Get-ExchangeCertificate |FL’ – This only lists details of certificates that are assigned to Exchange Services. Then note down the Thumbprint of the expired certificate.

2. Then type ‘Get-ExchangeCertificate –Thumbprint “9E6DD4B4EA2865CA9E6C34B42329A9AC994EBF63” | New-ExchangeCertificate’ . This generates a new certificate, and you will then be prompted to confirm if you want to overwrite the expired certificate and use the new one for the SMTP service.

3. If you run the cmdlet in step 1 you will notice the new certificate is not used to secure IIS services anymore. Make a note of the new thumbprint and run the following command typing the new thumbprint between the quotation marks: ‘Enable-ExchangeCertificate – Thumbprint “7A843B04EA2865CA9E6C34B42329AEE4456F9013” –Services IIS’

4. Be sure to verify all the services are working correctly after renewing and enabling the certificate – test Outlook clients by closing and opening Outlook to esnure there are no security certificate warnings.

6. Finally, Remove the old certificate by typing the following cmdlet into the management shell: Remove-ExchangeCertificate –Thumbprint “9E6DD4B4EA2865CA9E6C34B42329A9AC994EBF63″.