Adventures when upgrading SCCM 2012 to SP1

I recently upgraded our newly installed SCCM 2012 RTM infrastructure to SP1 after it's release in late December and after doing so I encountered a number of issues, below are the issues that I experienced and the associated fixes.


Broken MDT Database Connectivity

We have MDT 2012 U1 integrated with our SCCM infrastructure and use the MDAC based database functionality to lookup various details but after the SP1 upgrade,  the following errors could be found in the BDD.log;

Unable to create ADODB.Connection object, impossible to query SQL Server: ActiveX component can't create object (429)

After some research and forum posts I managed to confirm that the upgrade process had removed MDAC from the MDT Boot Image and therefore crippling database connectivity when inside WinPE. To resolve this, I found it necessary to recreate the the MDT Boot Image from within the SCCM Admin Console.


Misassignment of drive letters during OSD of Windows 7

Another side effect of the SP1 upgrade was that previously working Windows 7 images were installing but assigning drive letters D: or E: instead of the normal C: drive assignment. This appears to be a result of the introduction of the new Task Sequence variable OSDPreserveDriveLetter. When investigating my existing Task Sequences I found that a new step had been added to named 'Set Variable for Drive Letter' which declares the value of this variable as False. By changing this value to True, this ensures that the intended drive letter assignment is honoured and therefore future OS drives are assigned C:.

Offline USMT excluding Local Accounts in SCCM 2012 & MDT 2012

Local Machine accounts can be excluded from the USMT process by specifying an additional Task Sequence variable and then either explicitely excluding the local account(s) or explicity including the domain accounts. An issue with the offline USMT method is that the machine is unable to determine the domain by it's name and therefore it's necessary to use the Domain's SID based on the fact that each user account within a given domain will have a similar SID apart from the RID which forms the last section of the SID string.

See the Wikipedia explanation

1. First of all create the necessary TS variable in a new step before the Scanstate operation named OSDMigrateAdditionalCaptureOptions
2. Give it a value of /ue:* /ui:<Domain SID>*

Multiple instances of /ui can be used to specify additional domains if required.

A domain's SID can be retrieved by using PSGetSID.exe from SysInternals and using the following syntax; psgetsid.exe <Domain Name>

SCCM 2012 Application Catalog - Login Prompt (Multiple Domains)

In a AD Multi Domain environment, I've found that even after following the guidance from Microsoft regarding delegating permissions to the relevant web application folders (found here) I've still encountered prompts for credentials when accessing the web based Application catalogue which is by default http://servername.domain.com/CMApplicationCatalog.

Based on some research and also backed up by Chris Bradford's blog post, it appears that the problem can be caused by the 'Add default Application Catalog website to Internet Explorer trusted sites zone' option in the SCCM Client Settings. I've found it best to set this to 'False' and fallback on our internal namespace being registered via other means in the correct IE Security Zone.

To ensure that the NTLM credentials are passed through when accessing internal namespace addressed resources either add your domain with a wildcard (*.domain.com) or your server name to your IE Intranet Zone. This can be done via manually or by script but certainly appears to produce better results than using the SCCM Client option.

Portal Web Site Control Manager detected PORTALWEB is not responding to HTTP requests. The http status code and text is 401, Unauthorized.

I've found the message "Portal Web Site Control Manager detected PORTALWEB is not responding to HTTP requests.  The http status code and text is 401, Unauthorized." in the logs of the server which hosts our SCCM 2012 Application Catalog, when diagnosing the issues with the 'SCCM Software Center' failing to display available software showing a message of "Loading Software Center returned error code 0x80041001(-2147217407)". Also when browsing to the Application Catalog it displays a "Server Error in '/' Application" error. Googling the issue, it appears to be widespread with SCCM 2012 and related to WCF Activation.

The resolution can be found in the following MS KB - http://support.microsoft.com/kb/2015129

I would also recommend testing any Application Catalog related issues experienced on a client by accessing the Catalog via other clients. I have found clients can be at fault more times than the server.