RE: [mssms] RE: TS Media creation error

[Mote, Todd]

I should play the lottery!  ☺

Not sure of the ID but here’s the link.  
https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/778489/can-no-longer-set-security-scopes-on-antimalware-policies-in-sccm-2012-sp1

My current TP expired and I haven’t had a chance to get the latest on it yet, 
but I will definitely make the time to check it out.  For those of us that 
federate/delegate to downstream consumers, this is a big deal for us.  Thanks 
for the insight on what each status means, that helps.  Thanks for the insights 
in general, we appreciate it.

Todd

From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On 
Behalf Of Aaron Czechowski
Sent: Wednesday, September 9, 2015 11:18 AM
To: ms...@lists.myitforum.com
Subject: RE: [mssms] RE: TS Media creation error

You filed that at an opportune time. ☺

If the state is active, then it’s still “open” and either being worked or on 
the backlog for the future. If the state is resolved, then whatever resolution 
applies (in your case “fixed”), but hasn’t yet been verified/tested. Only once 
that resolution is verified is it closed.

What’s the Connect ID for the scoping AV policies item you mention? One of our 
TAP customers originally filed it back in 2012 which we actually fixed this 
summer – have you looked at TP2 or TP3? ☺ Behavior is the same as setting 
security scopes on client settings.

Aaron


From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Mote, Todd
Sent: Tuesday, September 8, 2015 1:33 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: RE: [mssms] RE: TS Media creation error

For anybody following in this circumstance, I filed this on Connect and got a 
‘Resolved as Fixed’ response within a couple of days.  Hopefully we’ll see this 
in the product sometime sooner than being able to scope AV polices again (you 
could pre RTM SP1), that one was ‘Closed as Fixed’ (30 months ago)  ;-P  is 
there a difference between Closed and Resolved as Fixed?

https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/1741571/task-sequence-media-creation-error-2147217379-8004101d<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fconnect.microsoft.com%2fConfigurationManagervnext%2ffeedback%2fdetails%2f1741571%2ftask-sequence-media-creation-error-2147217379-8004101d&data=01%7c01%7caaron.czechowski%40microsoft.com%7c1f03bca7a1b54b08064908d2b88d12c7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=j1E28%2fq79DfiR2LzYm3dnbsQK5nHKJsWyEgmFCidhn0%3d>

Todd

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Mote, Todd
Sent: Tuesday, September 1, 2015 3:48 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: RE: [mssms] RE: TS Media creation error

I’m doing this on the Site Server and getting this same result.  Does anybody 
know if you only need the Root  CA cert loaded there or if you have an 
intermediate CA, that has to be in there too?

How many people manage more than one domain with https?  I’m curious that this 
hasn’t been a bigger issue, or does no one use https, or more than one domain?

Todd

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of CESAR.ABREG0 .
Sent: Friday, August 28, 2015 7:46 AM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: Re: [mssms] RE: TS Media creation error


We had similar issues in the past and restarting WMI on the CAS worked each 
time.

On Fri, Aug 28, 2015, 1:11 AM Mawdsley R. 
<r.mawds...@soton.ac.uk<mailto:r.mawds...@soton.ac.uk>> wrote:
I had this a long time ago, when I tried creating it on a random machine with 
the console installed.

Doing it on the server worked.

Rich

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com>] 
On Behalf Of Aaron Czechowski
Sent: 27 August 2015 19:49
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: {Disarmed} [mssms] RE: TS Media creation error

Not a known issue of which we’re aware, and no other thoughts on a workaround 
other than what you mention. If you need quick relief, call support. If you’re 
ok with the workaround but want it fixed for the future, file on Connect.

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Mote, Todd
Sent: Wednesday, August 26, 2015 9:22 AM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] TS Media creation error

Hi folks

I have an interesting problem that I wonder if anyone knows more about than I 
can find in one thread on technet forums.

SCCM 2012 R2 SP1
Problem: when creating TS media I get an error -2147217379 (8004101d).

From here: MailScanner has detected a possible fraud attempt from 
"na01.safelinks.protection.outlook.com" claiming to be 
https://social.technet.microsoft.com/Forums/en-US/c03aac99-2666-4da7-a7b4-ca3aea1ca918/create-boot-mediacapture-media-error-2147217379-8004101d?forum=configmanagerosd<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fsocial.technet.microsoft.com%2fForums%2fen-US%2fc03aac99-2666-4da7-a7b4-ca3aea1ca918%2fcreate-boot-mediacapture-media-error-2147217379-8004101d%3fforum%3dconfigmanagerosd&data=01%7c01%7caaron.czechowski%40microsoft.com%7c3d64703bbdee484ebddf08d2ae32b14e%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=WbO6A%2fWHiM0RjqfbYhskQukxsJ1opqUu8qpqBGU5vac%3d>
 I get advice to look at smsprov.log and I see exactly what the thread 
describes.

“Execute SQL =select  all SMS_SCI_Component.Props,SMS_SCI_Component.PropLists 
from vSMS_SC_Component_SDK AS SMS_SCI_Component  where…”
“SQL Message: - String data, right truncation”
“Failed to load propertyList XML (<PropLists><PropList 
name="RootCACertificates"><Value 
index="0">308203D4308202BCA003020102…</Value><Value 
index="1">308206CB308205B3A… ”
“*~*~e:\nts_sccm_release\sms\siteserver\sdk_provider\smsprov\sspsitesettingitem.cpp(974)
 : ERROR ON Property Convert~*~*”

The sql select returns a property list XML that is quite large, each of those 
value sections above contain a huge string of numbers for each Root CA, because 
I have two untrusted domain CA certs and their intermediate certs loaded in 
site settings because I manage clients in those domains.

Reportedly there is a 32KB limit on WMI, and the posters solution is to remove 
the CA certificates.  Am I really going to have to remove certificates and then 
put them back every time I need to create TS media?

I couldn’t find any bugs on Connect that match.  File a one? maybe PSS?  Aaron? 
 :D

Todd