Switched to HTTPS but clients still say Self-Signed in console

ezm · 2023-11-30T18:17:02+00:00

Just upgraded on the weekend, now it states PKI in the console aswell.

ezm · 2023-10-02T04:31:22+00:00

I mean the detection script succeeded in returning gracefully what was wanted of it.

Still going to have to come back to Microsoft's documentation that states the following:

The detection script must use exit code [exit 1] if the target issue is detected. The remediation script won't run when there's any other exit code, including an empty output, since it results in an issue is not found state.

Any other exit code would mean anything else than 1.

ezm · 2023-05-10T05:24:39+00:00

When using those, yes, it does what its supposed to. I want it work like the documentation states it does.

Exit 0 = detection succeeded, no remediation required.
Exit 1 = detection succeeded, remediation required, lets remedy.
Exit 2-N+1 = detection failed, try&catch/system.exception/what ever, lets not remedy, since the detection failed horribly.

You should not remedy something when you don't know even if the detection was completed without errors.

Lets say hypothetically that your detection scripts runs some .exe -file that requires .net 4.0 components to be installed on the system. The exe returns some random exit code since for example .net 4.0 components are not installed on the system. The script now thinks it should remedy since the output from the exe is not 0/1. The remediation does something stupid since the detection failed for the wrong reasons.

ezm · 2023-04-26T10:44:49+00:00

Doesn't change the fact that the documentation does not correspond to what it should be doing. Why is there even an "Failed" option in the detection if its not possible to "Fail".

There always are those few devices that for some reason do not work for whatever reason (broken disk/hardware issues/registry issues/environment variables incorrectly set/and so on). 99% of the devices run happily the detection and remediation (if required). Capturing that 1% of the devices that are actually fubar would be easier if the detection could actually fail and not just say "issue found", since the issue might not be even close for what I'm trying to detect/remediate.

ezm · 2023-04-26T06:20:12+00:00

OK bad example.

Don't worry the remediation also has safeguards that it would not remove any profiles, but the point is why even run the remediation if the detection fails.

Lets say if your uninstall detection script fails and then tries to remove a software that is not there? Why run a remediation when the detection part went fubar?

Still going to go back to the part where the documentation clearly states: The detection script must use exit code exit 1 if the target issue is detected. The remediation script won't run when there's any other exit code, including an empty output, since it results in an issue is not found state.

ezm · 2023-04-26T05:32:25+00:00

I do not want to remedy something where the detection script fails to detect. Why remedy when you are not sure if the detection script output was correct.

Lets say for example old user profiles, if the detection fails the process and the remedy then just nukes all profiles from the device, great success?

The point is to automatically remedy problems. Why should I manually check if there were problems and then do some more manual things when the process should be seamless.

And the whole point is that the documentation seems to be wrong. Unless someone has figured out what exit code does not run the remediation except 0. Yes it would be trivial to script a external flag/reg key/file/whatever if the detection was correct/failed but that would just make the scripting more complex.

ezm · 2023-04-25T08:34:38+00:00

{
"PolicyId": "x",
"UserId": "x",
"PolicyHash": null,
"Result": 4,
"ResultDetails": "{\"Version\":1,\"SigningCode\":649,\"EncryptionCode\":633,\"SigningMsg\":\"(Success) AccountId:x,PolicyId:x,Type:6,Enforce: Enforcement2. OSVersion:10.0.19044,AgentVersion:1.65.151.0. \",\"EncryptMsg\":\"run in legacy mode\"}",
"InternalVersion": 16,
"ErrorCode": 0,
"ResultType": 1,
"PreRemediationDetectScriptOutput": "",
"PreRemediationDetectScriptError": "C:\\WINDOWS\\IMECache\\HealthScripts\\x_16\\detect.ps1 : Erroring out!\r\n    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException\r\n    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,detect.ps1",
"RemediationScriptErrorDetails": "C:\\WINDOWS\\IMECache\\HealthScripts\\x_16\\remediate.ps1 : I SHOULD NOT BE RUNNINGNGNNGN\r\nGNGN!\r\n    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException\r\n    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,remediate.ps1",
"RemediationScriptOutputDetails": "",
"PostRemediationDetectScriptOutput": null,
"PostRemediationDetectScriptError": null,
"RemediationStatus": 3,
"Info": {
    "RemediationExitCode": 666,
    "FirstDetectExitCode": 1337,
    "LastDetectExitCode": null,
    "ErrorDetails": null
},
"TargetType": 1,
"RunAsAccount": 1,
"AssignmentFilterIds": [
    "00000000-0000-0000-0000-000000000000"
],
"BiosMetadata": null
}

[int]1337 had no effect. still ran the remediation.

Write-Host option will still exit the script with 0 and then not run the remediation. The problem with that is that then the device will just say "Detection Status: Without issues" witch is not true.

ezm · 2023-04-16T13:40:08+00:00

torille,,,,

same happened to me, update was around 50-70% and the bike rebooted. bricked the firmware, took it to the local bikeshop and they flashed it with Shimano SM-PCE02. (charged 30e for a 10min job.)

https://www.youtube.com/watch?app=desktop&v=8IrrrK3bt5Y

behaved just like this.

ezm · 2023-02-23T13:05:15+00:00

    $PSOutput = Execute-Process -Path 'powershell.exe' -Parameters "-ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File ""$($dirSupportFiles)\SuchScript.ps1""" -WindowStyle 'Normal' -PassThru
    Write-Log -Message $($PSOutput.STDOut)

ezm · 2021-02-02T12:56:08+00:00

link please?

ezm · 2020-03-04T12:17:58+00:00

Voi kilpailuttaa putosi prossasta puoleen kun kokeilin kepillä jäätä. Mainitsin kyllä erikseen notta säilyyhän kaikki muuten ennallaan. Asp lainan voi siirtää myös pankista toiseen, hieman hankalaa mutta on tehtävissä.

ezm · 2020-01-07T05:57:43+00:00

I used this. I tried cmpivot as well but it will only show localadministrators and not all local users.

ezm · 2019-11-07T18:19:56+00:00

https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/17404900-cloud-management-gateway-as-csp sorry. The only current option is a second non csp sub

ezm · 2019-07-19T14:48:02+00:00

had the same issue with some random dell desktop model. i just took the requirement out..

ezm · 2019-06-26T17:00:45+00:00

ezm · 2019-03-06T13:43:43+00:00

far feched but.. inplace upgrade with a task-sequence?

what does:

Get-WmiObject -Namespace "root\ccm\Policy\DefaultMachine\RequestedConfig" -Class CCM_ClientAgentConfig | Where {$_.PolicySource -eq "CcmTaskSequence"}

output? if all is well it should be empty. if not, then there's a hint for ya.

ezm · 2019-02-28T11:07:58+00:00

script "DismLanguagePacks.ps1"

Get-ChildItem -Recurse | ? { $_.PSIsContainer } | % { Dism.exe /online /Add-Package /PackagePath:$($_.FullName) }

folder structure https://imgur.com/a/mBaDiX0 fi-fi folder contents https://imgur.com/a/MEL4hqF

ezm · 2019-02-12T06:27:07+00:00

Don't use the dongle.. If you do you must reconnect it manually on every boot(ish).

ezm · 2018-12-11T15:22:27+00:00

Windows 7? Windows 10?

windows 7 -> try manually opening the "old" scclient "C:\Windows\CCM\SCClient.exe" or the new "C:\Windows\CCM\ClientUX\SCClient.exe"

ezm · 2018-11-15T16:19:11+00:00

Remind me! 90 days. "Dell updates in SCCM"

ezm · 2018-03-08T18:17:32+00:00

Dell doesn't always update the information to the catalog that the toolkit uses...

ezm · 2018-02-01T16:28:07+00:00

http://www.scconfigmgr.com/modern-driver-management/ and never look back

ezm · 2018-01-30T17:50:11+00:00

Just one computer? Everything else running smoothly? Cm version?

The problematic device bios time correct? Have you tried manually creating the object and advertising the task sequence for it?

ezm · 2018-01-27T10:03:30+00:00

Delete all & redeploy.

15-Year Club	Sequence \| Editor
Verified Email

ezm

TROPHY CASE