Wednesday, October 12, 2022

Key 'ConfigMgrMigrationKey' not found, 0x80090016 in certificatemaintenance.log

 I was getting this error in certificatemaintenance.log.

And, in other logs:

Attempting to refresh certificate information from AD    LocationServices    04.10.2022 07:56:44    11280 (0x2C10)
Refreshed Certificate Information from AD    LocationServices    04.10.2022 07:56:44    11280 (0x2C10)
Retrieved thumbprints from AD    LocationServices    04.10.2022 07:56:44    11280 (0x2C10)
CCMVerifyMsgSignature failed.    LocationServices    04.10.2022 07:56:44    11280 (0x2C10)
Failed to verify received message 0xc000a000    LocationServices    04.10.2022 07:56:44    11280 (0x2C10)
CCMVerify failed with 0xc000a000    LocationServices    04.10.2022 07:56:44    11280 (0x2C10)
Failed to verify message. Could not retrieve certificate from MPCERT.    LocationServices    04.10.2022 07:56:44    11280 (0x2C10)
and
Key 'ConfigMgrMigrationKey' not found, 0x80090016.    CertificateMaintenance    04-10-2022 09:01:10    3544 (0x0DD8)

History: After a MECM upgrade to 2203,  my clients were showing errors in logs for missing certificate.

On the Configmgr app, the Client Certificate showed as : None

128772-clientcertificateerror.png 

Sample figure

 

The environment was eHTTP. no PKI.

 

There were no errors in logs on the Primary server.

Solution:

After log of checks, found that AD publishing was removed, for 1 of the two forests.

Added it back, restarted smsexec.exe

This fixed the AD publishing, and it fixed the certificate errors on the client.

 

 

Thursday, December 9, 2021

Error 2147944018 Another installation is already in progress- during Win10 Feature Updates

 You might get error 2147944018    Another installation is already in progress, while updating Win10 workstation to a higher version. This can be seen in updates deployment.log


This applies to Feature updates through SCCM.


Solution : 

Kill the process setuphost.exe

Restart the update installation.


Wednesday, June 9, 2021

Report on user logins on a particular DC using Security Logs

 Recently, there was requirement that I needed to generate report on user logins from a specific DC. Then, based on usage, that DC could be taken down.

User logins are logged into the Security Evenlogs on a DC. So, you can check Security eventlog for event ID-4624.

 

Solution:

The basic script was taken from https://www.netwrix.com/how_to_get_user_login_history.html?var=b

But it outputs only to the console.Generating a report in CSV readable format was a challenge.So, modified it for this. CSV output is saved in output.txt

It scans through Eventlog for last 90 days logins.

The script:

# Find DC list from Active Directory
$DCs = Get-ADDomainController -Identity <your DC>


# Define time for report (default is 1 day)
$startDate = (get-date).AddDays(-90)

# Store successful logon events from security logs with the specified dates and workstation/IP in an array
foreach ($DC in $DCs){
$slogonevents = Get-Eventlog -LogName Security -ComputerName $DC.Hostname -after $startDate | where {$_.eventID -eq 4624 }}
$output = ""

# Crawl through events; print all logon history with type, date/time, status, account name, computer and IP address if user logged on remotely

  foreach ($e in $slogonevents){
    # Logon Successful Events
    # Local (Logon Type 2)
    if (($e.EventID -eq 4624 ) -and ($e.ReplacementStrings[8] -eq 2)){
    $timegenerated = $e.TimeGenerated
    $user = $e.ReplacementStrings[5]
    $workstations = $e.ReplacementStrings[11]
    Write-output "Type Local Logon,Date:$timegenerated,Status:Success,User:$user,workstation:$workstation" | out-file output.txt -Append
    

    
    }
    # Remote (Logon Type 10)
    if (($e.EventID -eq 4624 ) -and ($e.ReplacementStrings[8] -eq 10)){
    $timegenerated = $e.TimeGenerated
    $user = $e.ReplacementStrings[5]
    $workstations = $e.ReplacementStrings[11]
    $IP = $e.ReplacementStrings[18]
    Write-output "Type Remote Logon,Date:$timegenerated,Status:Success,User:$user,workstation:$workstation,IP address:$IP" | out-file  output.txt -Append
    
    }}

Thursday, April 29, 2021

Error-You've been signed in with a temporary profile' Error on Windows 10

 Sometimes, after a cumulative update user gets this error after login-You've been signed in with a temporary profile'.


And, the settings, documents are not available.

Solution: The solution involves registry edit, so be careful and take a backup.



While signed in to the account with the temporary profile, open a command prompt.

Enter the command below into the command prompt, and press Enter.


 whoami /user

Make note of the SID (Security Identifier) for this current account. You will need to know the SID (ex: S-1-5-21-....-1001) for your account

 

 If this account is a standard user, then you will need to sign out and sign in to an administrator account to be able to continue on with the steps below.

 

Open regedit.

Navigate to the ProfileList key at the location below in the left pane of Registry Editor.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

 Find the userid

If it is listed as SID.bak, rename it without .bak

If it is listed as without .bak, then updated the "Profile Imagepath" Value name with correct path. 

 

The whole solution is described at - Fix You've been signed in with a temporary profile in Windows 10 | Tutorials (tenforums.com) 

 

Thursday, February 18, 2021

Error Result = 0x87d00668 in Updatesdeployment log

Problem:  Error Result = 0x87d00668 in Updatesdeployment log during patches installation

Solution: 

  1. Stop the Windows Update service.
  2. Rename C:\Windows\SoftwareDistribution to SofwareDistribution.old
  3. Rename C:\Windows\System32\GroupPolicy\Machine\registry.pol to registry.pol.old
  4. Restart Windows Update service.
  5. Run the Updates Scan cycle 2-3 times till successful.
  6. Run the Updates Evaluation cycle, patches will install

Tuesday, April 21, 2020

Error in ClientIDManagerStartup log: RegTask: Failed to get certificate. Error: 0x80004005

The SCCM Client is not working and shows like this:





The above error is logged in ClientidmanagerStartup log.

Solution:

There is a folder: C:\ProgrammData\Microsoft\Crypto\RSA   (on Windows10).
On the MachineKeys folder, check the Security permissions and fix it if required.
Then restart the ccmexec service.