Config Manager Current Branch Delta Downloads and WSUS

Well!

So I am having a bit of fun with finally getting round to migrating to Current Branch. there are a lot of cool new features, which tbh, I probably don’t need but I am like a child in a sweet shop!

I noted that we have a new log called DeltaDownload – it was just sat there humming quietly to itself though. Little did I know it was about to unleash hell.

Continue reading

SUP, WSUS and the 500!

I am, again, having issues with the WSUS database. After trying a multitude of things, I pulled the SUP off, and unijstalled WSUS. I then rebooted… all good, or so I thought.

The next day, I noted Config Manager node alerts from point of reboot. Yeah, that usual sinking feeling…

Continue reading

Config Manager client scan error

Yup, I’ve been a bit quiet of late.

Out of the blue, my Windows 10 device suddenly stopped patching. I checked the WUAHANDLER.log and found something new. Which is always nice. Here is the log:

Cheers Microsoft.

Continue reading

Key Management Service – Troubleshooting!

So, is the KMS working? I’ve popped together some things to run through to verify Thingsβ„’. No glossy pictures – I’ve covered most of this in greater depth with pretty pictures in my previous KMS posts πŸ™‚

  • Verify the KMS server record(s) is available via DNS.

The KMS servers must be registered in DNS so that the KMS clients can find them. Execute the following command:

nslookup -type=srv _vlmcs._tcp

Continue reading

Key Management Service – Shutting Down the Old KMS

Just a couple of quick tips from my experience. I kept the original KMS server active, but offline in case I needed a fallback.

1: Disable the KMS service. Seriously, stop it. In fact, burn it with fire as it has a habit of restarting at the most inopportune of times πŸ˜›

2: Your old KMS server will still receive requests if it remains in DNS. This isn’t too bad, as when a client cannot get to the KMS server, it will try something else from DNS.

As stated in earlier blogs, use the nslookup ocmmand to find the _VLMCS entries. You *must* have your new KMS servers in DNS!

3: If you’re happy with hte new KMS sevrer(s), then you need to remove DNS publishing and from DNS itself.

This is a great step by article, and really helped me through this process.

IIS 8.5 – Certificate Rebind

Heya! It has been a while, but the sun is out so I thought I’d share a gem of a find!

One of the longest running logistical headaches with certificates has been renewing them, and subsequently binding them in IIS. Client certificates aren’t a problem; a wee sprinkle of Group Policy, and all your certificates just automagically renew. However, when you throw server authentication couple with Subject Alternative Names into the mix, you lose the truly luxurious option of automatic renewal.

Continue reading

Key Management Service – Interpretting the Event Logs

At first glance, you may think the event logs on the KMS client are simple, but they actually provide a wealth of information, if you know what to look for.

A successful client to host communication will result in two events being recorded on the KMS client:

  • 12288
  • 12289

Continue reading