Had an issue with MDT failing to install Windows 10 via WSUS. I kept getting the 0x8024401C error.
I upgraded my WSUS on the Windows Server 2012R2 to version 4.0. Then upgraded the host to Windows Server 2016. Still receiving the same error.
After some more googling and trial and error I made the following changes to the IIS server for the WSUS Application Pool:
- Queue Length: From 10000 to 25000
- Limit Interval (minutes): From 5 to 15
- “Service Unavailable” Response: From HttpLevel to TcpLevel
- Private Memory Limit (KB): From 18342456 to 0
Build is now receiving updates from the WSUS server.
Due to the issues with the Windows 10 1607 build and WSUS updates, I have added the April 2017 Cumulative update into my Windows 10 image (install.wim).
Here are the steps that I completed:
Dism /Mount-Image /ImageFile:"C:\Servicing\Images\install.wim" /Index:1 /MountDir:C:\Servicing\mount\Windows
Dism /Add-Package /Servicing/Image:C:\Servicing\mount\Windows /PackagePath:C:\Servicing\MSU\windows10.0-kb4016635-x64_2b1b48aa6ec51c019187f15059b768b1638a21ab.msu /LogPath C:\Servicing\AddPackage.log
Dism /Unmount-Image /MountDir:C:\Servicing\mount\Windows /Commit
Once completed the Windows 10 WIM image will have the latest cumulative update installed.
Some light reading for the bus ride home:
Dell devices with TPM at the 2.0 level will not build on legacy BIOS systems.
A solution around this is to downgrade the TPM to 1.2 level.
This can be done using the Dell provided TPM firmware update utility.
Have a look here for the details: http://en.community.dell.com/techcenter/enterprise-client/w/wiki/11850.how-to-change-tpm-modes-1-2-2-0
So you have just joined your Windows 10 device to Azure AD with Azure AD Join and the device has auto enrolled into Microsoft Intune (MDM). We done.
Now you want to install the Intune Client to get all those Intune console features you seen and heard about.
Sorry, no go:
Device is registered to be managed by MDM service. Please unregister the device from MDM service before installing Microsoft Intune, 0x80043010
There are two different ways that Intune can manage a Windows 10 system:
- Enroll it as “mobile device” using the MDM agent built into Windows 10. Use Policy configuration service provider (OMA-DM) Future technology.
- Install the Intune client agent. All the cool configuration policies you see in the Intune console.
These are mutually exclusive though. Each has its pros and cons. The long term goal is for the built-in MDM agent to be the end-all be-all for managing Windows 10 and it does a good job today but it doesn’t cover everything like Defender management or software updates. The full Intune agent is generally preferred today because it does provide these things but it depends upon your scenario.
Had this issue during the building of a Windows 10 reference image using build 1607.
During the Windows Update Pre-Application Installation the build would stop and progress no further. The update was the Definition Update for Windows Defender – KB2267602 (Definition 1.63…)
Looking at the ZTIWIndowsUpdate.log the download did not start and the progress was at 0%.
I have included the update KB######### to allow the Windows 10 1607 build to communicate with the local WSUS server.
I have added the Definition Update to the exclusion list in the customsettings.ini property using WUMU_ExcludeKB as shown below:
After kicking off a new reference build the task sequence continued on with no issues.
Here is the new Office Click-To-Run Configuration XML Editor. It make the configuration and deployment simple and easy.
Administrators can modify the Configuration.xml file to configure installation options for Click-to-Run for Office 365 products using this tool.
The Click-to-Run Configuration.xml file is a necessary component of the Office Deployment Tool. Click-to-Run customizations are performed primarily by starting the Office Deployment Tool and providing a custom Configuration.xml file. The Office Deployment Tool performs the tasks that are specified by using the optional properties in the configuration file.
Great post by John Vintzel (ExEDS GM Account) on adding a cust Security Role into Configuration Manager. By default there is no built-in security role (apart from Full Administrator) to import devices into CM.
Here are the steps required:
- Create XML file with the code at the bottom of the page
- Navigate to Administration > Security > Security Roles in the CM Console
- Select Import Security Role from the ribbon
- Browse to the XML, click OK
- You will now see a new custom security role ‘Computer Import Manager’
<SMS_Role CopiedFromID=”SMS00001″ RoleName=”Import Computer Role” RoleDescription=”Add this role to an administrative user. Associate this security role specifically with All Systems.”>
<Operation GrantedOperations=”129″ ObjectTypeID=”1″ />
<Operation GrantedOperations=”524289″ ObjectTypeID=”6″ />
Quick little note for me to remember the silent install command for the HP Softpaq. No need to extract and search the %Temp% location for the MSI files. Use the the following command to install the Softpaq silently without reboot:
setup.exe /S /v"/qn /norestart"