SCCM 2012 R2 - Add Untrusted Forest - 8007052E "The Username or password is incorrect"

Issue:
You try and add a new, untrusted forest into your SCCM 2012 setup but SCCM refuses to accept the credentials of the discovery account account

Error Code: 0x8007052E
Error details: The user name or password is incorrect

Cause:
The user name or password is incorrect..........or is it? Turns out this is a pretty misleading error message. SCCM is basically blaming you for getting the password or username wrong. The root cause, however, is more to do with what you're trying to authenticate against.

Fix:
Enter the name of a domain controller as a prefix to the LDAP lookup. So rather than LDAP://DC=test,DC=local you'd need to enter LDAP://dc01.test.local/DC=test,DC=local

SCCM 2012 R2 - OSD - The BCD file from the PXE server does not contain a a valid operating system entry

Issue:
You've just installed SCCM 2012 R2. You've imported all your machine accounts from Active Directory. You add one of the machine accounts into one of your OSD Collections and PXE boot the machine...After hitting F12, you encounter the following Blue Screen of Boot Failure:

"Your PC needs to be repaired
The Windows Boot Configuration Data (BCD) file from the PXE server does not contain a a valid operating system entry. Ensure that the server has boot images installed for this architecture.
File:\Tmp\x86x64.....bcd
Error Code: 0xc0000098"

Cause:
On your SCCM server, navigate to the SCCM install directory and open smspxe.log. In here you need to have a look for the MAC address of the machine you've just tried to boot. In spite of the fact that SCCM had a entry for the machine and allowed you to add the machine to your OS deployment collection, you see the following message:

So the problem is that SCCM does not recognise the machine, since it can't find it in the database it won't be able to deploy the build to it.

Resolution:

Delete the machine account from SCCM and, if you're being extra vigilant, you may also want to delete it from Active Directory. Once you've confirmed the machine has gone from SCCM, import the machine into SCCM using the 'Import Computer Information' option:

Import the machine into the All Systems collection. Once it has appeared in All Systems, add the machine account into your Operating System Deployment collection. No when you boot up the machine, it should load up WinPE!



Other Stuff to Try:

> Remove and re-add PXE from the Distribution Point. When doing this, it's worth checking that the PXE removal also propogated an un-installation of WDS as well. Likewise, after you've rebooted the machine to complete the uninstall, the reinstall of PXE should prompt SCCM to reinstall WDS.

> If you are trying to deploy to Unknown Computers, try ticking or unticking the "Enable unknown computer support" option on the DP.

> Double check that you've actually got an OSD Task Sequence deployed to the collection with the machine in.

SCCM 2012 R2 - Basic OSD/Task Sequence Troubleshooting

Task Sequence Troubleshooting

“The build’s not working properly….”

PXE Issues:

Log on to the SCCM server. Open the smspxe.log (D:\Program Files\Microsoft Configuration Manager\Logs) file with CMTrace (C:\Program Files). Get the MAC address of the machine which is failing to boot and then scan through the recent log entries for it.

Here is an example of what the log looks like when two machines PXE boot correctly and have an option Task Sequence advertised to them:

If you see “Device is not in database” then you need to examine whether the machine has been added into SCCM correctly. Check the MAC address you entered when importing the machine is correct, check you added the machine to the right collection, try removing and re-adding the machine account from SCCM.

If you see “no advertisement found”, then you need to check what’s being advertised to the collection you’ve put the new machine account into. Is there an advertisement actually linked to the collection? Has the advertisement been configured correctly? In essence, this message means SCCM has recognised the new machine as valid but simply cannot find anything to give it.

Task Sequence Issues:

So the Task Sequence has deployed but something has gone wrong and it’s either bombed out or the finished build is missing some stuff. Good to check the following places........

Option 1: Watch the build like a Hawk! If anything goes wrong, the Task Sequence will pop up a message saying the deployment has failed and will begin a 15 minute countdown. Behind this countdown window will be a smaller window containing the name of the step the TS was performing when it bombed out.

Option 2: SMSTS.log – a super useful log to check since it contains the details on how the Task Sequence progressed. Depending on where the TS failed, you can find it in one of the following locations:

Win PE

(pre-formatting of the hard disk)                   

x:\windows\temp\smstslog\smsts.log

WinPE 

(post formatting of the hard disk)

x:\windows\temp\smstslog\smsts.log & c:\_SMSTaskSequence\Logs\Smsts.log

Windows Operating System

(before installation of SCCM client) 

c:\_SMSTaskSequence\Logs\Smstslog\smsts.log 

                                                                                    

Windows Operating System

(post SCCM client installation)                 

c:\windows\ccm\logs\Smstslog\smsts.log

Windows Operating System

(once the TS is finished)                          

c:\windows\ccm\logs\smsts.log

Either open this log with notepad (or CMTrace if you've included that in the build) and see what it can tell you or copy it to a network location and check it on your desktop.

Option 3: Check in SCCM

In SCCM 2012 R2 you can check to see how any deployment (including a Task Sequence) has performed by navigating to Monitoring > Deployments > Find the Deployment you’re interested in. Double click on it, the select the appropriate tab (sort of depends on how the deployment went) and then right click the machine which received the deployment and choose More Details:

In the More details window, switch to Status and sort by Date. Here you can see what steps succeeded and what steps failed:

Option 4: Check the Reports.

If you navigate to Monitoring > Reporting > Reports and then perform a search for ‘Task Sequence’ you should be presented with a selection of reports which can be used, once you’ve drilled down into them, to provide you with detailed information on every steps of the task Sequence:

Quest Active Roles Server - Failed to connect to Administration Service

Issue:

When you open the Active Roles Server MMC on the server you encounter the following message: 

Connecting to Administration Service on 'SERVER NAME HERE'...

Loading schema...

Failed to connect to Administration Service on 'SERVER NAME HERE'.

Building startup information is in progress. Wait until the information is built, and then try again.

Value cannot be null.

Chances are you'll also find that the web interface isn't working.

Fixes to Try:

1] The Service. Open up Services on the server and check the Administration Service is definitely running. If it's not then Start it up. If it is, try Restarting the service.

2] The Source. When you open up the MMC, rather than choosing the SERVER NAME as the location of the Administration Service simply choose <any server in the forest..>. This may seem a bit random but it worked for us after the infrasturcture team had moved the ARS Server and SQL Server onto a new part of the network.

3] is the service account which runs the Administration Service still good? Has its password expired or has it become locked for some reason?

Long Shots:

1] Can ARS talk to SQL? If you have the sql backend installed on a remote server then it's worth testing that the server can connect to the database. Go to Admin Tools on the ARS server and set up a System DSN connection to the ARS database on the remote SQL server. Check everything works ok.

2] DNS. Have a check in DNS to make sure nothing has changed and that the server and the remote sql db server still have the right names/ip addresses.

3] Firewalls. Are there any firewalls between the server and the remote SQL server? If so, can you view the logs to determine if any traffic is getting blocked.

Nuclear Option:
1] Remove the ARS Admin service from the server. Rename the ARS database that ARS uses (should be called ARServer67, ActiveRoles69 or something similar) to database_nameOLD. Reinstall the Admin Service from the installation kit. Import the data from the old database_nameOLD database into the new database which will have been created by the fresh install.

SCCM 2012 R2 - PXE Boot - No Advertisement Found

Problem:
You've imported a new computer into SCCM 2012 R2 and have put it into a Collection which has a Operating System Task Sequence deployed to it. When you boot the machine up, however, it talks to the SCCM server and then returns an abortpxe error message.

Furthermore, when you check the SMSPXE.log file on your SCCM server, you see that although SCCM knows about the machine it has no advertisement available for it:

Cause:
The Task Sequence hasn't been advertised to the Collection correctly.

Fix:
Part 1
Check that the Task Sequence is actually available to the client. Locate the client in whichever Collection you have added it to and right click > Properties of the client. Under the Deployments tab you should be able to see your Operating System Task Sequence:

If there is nothing visible here then you need to go to your Operating System Task Sequence > Right Click > Deploy and then aim it at the relevant collection.

Part 2

If the machine can see the Deployment then it's time to check the actual settings in the deployment itself. It's easy to miss when you whiz through the "Deploy" a Task Sequence wizard but it's important to check that you've actually made the TS available to PXE. To do this, right click on the Deployment and view the Properties. Switch to the Deployment Settings tab and make sure that the TS is available to whichever areas are appropriate:

If both Parts 1 and 2 are looking OK then it's time to go back to basics and have a shot or two in the dark:

• Fully delete the client from SCCM and re-import it. 
• Try rebooting your SCCM server. 
• Try restarting the WDS service.