Windows

SCCM 2012 – How to deploy a msu update package

https://fearthemonkey.co.uk/sccm-2012-how-to-deploy-a-msu-update-package

 

Today I had to deploy a Microsoft hotfix that would fix an issue we were experiencing.  The hotfix was a msu file and although I had deployed many msu’s in the past, I realised that I hadn’t blogged the process.  So here we are!

To deploy the msu I will be using the wusa.exe (Windows update standalone installer) that is built into most versions of Windows operating systems.  You can find out more about wusa here: http://support.microsoft.com/kb/934307

The first thing I did was download the hotfix and store the resulting .msu file on my SCCM server where I normally keep all of my application source files.

Next up, I chose to create a new Application:

  1. Select to ‘Manually specify the application information’
    1 - Manually specify app info
  2. Complete the ‘General Information’ screen to your tastes…
    2 - General Info
  3. I chose to leave the ‘Application Catalog’ screen at the defaults as I will not be making this available to the catalog; rather it will be a required device deployment.
    3 - App Catalog
  4. Click the ‘Add’ button so that we can add a new deployment type.
    4 - Deployment Type - Add
  5. Select ‘Script Installer’ and to ‘Manually specifiy the deployment type information’
    5 - Script Installer
  6. For the General Information screen, complete any fields with the appropriate information.  I chose to add ‘x64’ in the name as I downloaded the x64 msu so this deployment type will be for x64 computers only.  Later, you could add a x86 deployment type if you needed to.
    6 - General Info
  7. Browse to where you have stored your msu file and then add the following for the:
    Installation Program:

    wusa.exe "nameOfTheMsu.msu" /quiet /norestart

    Uninstall Program:

    wusa.exe /uninstall "nameOfTheMsu.msu" /quiet /norestart

    * Note that I chose to suppress reboots.
    * Note that the screenshot below will look slightly different to yours as you go through the new application wizard as I made a typo in my original screenshot and fixed it after the application was complete – this gives you a slightly different view but essentially it’s the same.
    uninst

  8. Click the ‘Add Clause’ button
    8 - Add Clause
  9. This is where we will add our detection rule.  In this instance, I looked at the KB article from Microsoft for this particular msu and it showed me the name of the file that would be changed along with the new version number of the changed file.  You will find this information on most hotfix KB’s:
    9 - Detection Rule - Finding out version numbers
  10. Here’s the current version on one of our affected computers…as you can see, the version number is older than the one listed in the hotfix (Step 9 above):
    10 - Current Location and version
  11. Now we know what to look for, the detection rule is easy.  Here’s what my resulting rule looked like which is based on the Microsoft KB:
    11 - Detection Rule
  12. Click next!
    12 - Detection Method Complete
  13. Change the user experience to ‘Install for system’ and ‘Whether or not a user is logged on’ (As I will be making this a required device deployment.)
    13 - User Experience
  14. Click the Add button for our system requirement
    14 - Add Requirements
  15. I simply chose all Windows 7 x64 computers as that is what this particular msu applies to:
    15 - Create Req
  16. The completed requirement:
    16 - Completed req
  17. I did not have any dependencies to add so I clicked next.
    17 - Dependencies
  18. Take a look at the Summary screen:
    18 - Deployment Summary
  19. We have success!
    19 - Deployment Type Success
  20. At this point, we could add a secondary deployment type if we were going to deploy the x86 version of this MSU by clicking the add button.  I am not so I clicked next.
    20 - Next
  21. Another Summary:
    21 - Summary
  22. And we’re done.
    22 - Completion

All that’s left is to upload this to your distribution point and deploy it to your computer collection.

That’s it!

Internet Explorer Install Failing Even Though Prerequisites Are Installed

Check the IE11_main.log file in C:\Windows. Find which prerequisites the installer is not seeing. Will usually be a time out issue with the WMI Query. Can possibly see one or both of the following errors:

Setup exit code: 0x00009C47 (40007) – Required updates failed to download.

WMI query for Hotfixes timed out. Query string: ‘Select HotFixID from Win32_QuickFixEngineering WHERE HotFixID=”KB2729094″‘  Error: 0x00040004 (262148).

 

  1. Open a powershell window for each prerequisite
  2. Run the following loop command changing the KB number for each prerequisite
    1. While($true){
      Get-WmiObject -Query ‘Select HotFixID from Win32_QuickFixEngineering WHERE HotFixID=”KB2729094″‘}

 

http://www.joejoeinc.com/2015/12/internet-explorer-11-failing-on.html

 

Getting Schannel 36874 Errors

https://social.technet.microsoft.com/Forums/exchange/en-US/7b95a21c-67fc-49a9-8198-b9e364523d27/getting-schannel-36874-errors-on-my-casht-servers?forum=exchange2010

 

 

To workaround this issue, we can set the event logging value to 0 under:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Basically turning off Schannel alerting.

[SOLVED] The Group Policy Client service failed the logon. Access denied

http://www.top-password.com/blog/fix-the-group-policy-client-service-failed-the-logon-access-denied/

 

2 Methods to Fix “The Group Policy Client service failed the logon. Access denied.”

 

When you try to log on to your Windows account, you might encounter the error “The group Policy Client service failed the logon. Access is denied.

group-policy-failed-logon

When you click OK, the system will return you back to the login screen. Searching this on the net gave a lot of answers but none of them seemed to solve it. In the end we discovered that it is a permissions problem and not a corrupt profile problem. Here’s two methods to fix this issue.

Before getting started, you need to log on to your computer with a working administrator account. Then follow the solutions below to fix the problem for your affected account.

Method 1: Regain Registry Permissions

  1. Press the Windows key + R to bring up the Run box. Type regedit and hit Enter.
  2. When the Registry Editor opens, select HKEY_USERS in the left pane. Now, pull down the File menu and choose the Load Hive option.

    load-hive

  3. When the Load Hive dialog appears, select All Files in the Files of type box. Navigate to your affected profile folder (for example, C:\Users\<user_name>) and select the NTUSER.DAT hive. Click Open.

    select-hive

    Note: if the NTUSER.DAT file doesn’t show up, you might need to configure Windows to display the hidden files.

  4. It will ask you for a name. Give it any name, it doesn’t matter what it is.

    import-key-name

  5. You will now see the hive you just loaded with the name you gave it under the HKEY_USERS key. In my example, the entire NTUSER.DAT hive has been loaded into the Registry Editor under the registry location: HKEY_USERS\NTUSER.
  6. Right-click on HKEY_USERS\NTUSER and select Permissions.

    registry-permissions

  7. Here you should see at least three accounts: System, Administrators and the name of your affected user account who’s profile you are fixing. If ANY of these are not shown it will not work. You need to add all three and then give them full control in the Permissions section.

    change-permissions

  8. Once you have added all three and given them the correct permissions, click the File menu and select Unload Hive. Close the Registry Editor.

    unload-hive

  9. Log off or restart your computer. You should be able to login successfully with your account that you were having trouble with.

Method 2: Deleting the Local Profile

This method works by deleting your affected local profile, so you can then log back on. After successfully logging on, Windows will automatically create a new profile for your account. Here’s how to delete the profile for your affected Windows account in Windows 10, 8, 7 and Vista:

  1. Right-click on My Computer icon on your desktop, and then select Properties.

    computer-properties

  2. From there, click the Advanced System Settings link on the left-hand side.

    advanced-system-settings

  3. When you see the System Properties dialog, click the Settings button in the User Profiles section.

    user-profiles

  4. In the User Profiles dialog box, select the profile of your affected user account and click on Delete.

    delete-user-profile

  5. Click OK to confirm. Now you’ve successfully deleted a user profile. Your problem should be fixed by now.