Archive

Author Archive

Lowlands Unite Belgium Edition–Debrief

October 24, 2017 Leave a comment

Just a quick blog post to share the slides from my new blips on the radar session at Lowlands Unite Belgium last week.

Thanks to those who attended – in case you have any further questions or feedback make sure to leave them in the comments. I will get back to you as soon as possible.

Link to Slideshare.

Also check out this Sway looking back at Lowlands Unite Belgium Edition 2017.

Looking forward to the next edition in 2018!

Tim

Advertisements

Lowlands Unite Belgium Edition Speaker

October 17, 2017 Leave a comment

LLUnite_BEIn two days we are ready to kick off the second leg of Lowlands Unite for this year. The event will take place at Lamot in Mechelen, Belgium.

Similar to the Netherlands edition there will be two tracks: one for EMS / ECM and one for CDM / Security. I will be presenting in the first track.

Based on the current agenda I will be kicking off the day and during my first session I will be flying solo. The objective of the session is to give an overview of the latest and greatest in the world of Configuration Manager. Additionally I will talk about the modern management capabilities that can be considered also.

For my second session in the afternoon I will be joining Kenny Buntinx for a presentation on servicing your workplace (like a boss). Here we will talk about servicing challenges Windows 10 brings into your environment and how you can tackle them.

For this event we will be joined by two international MVP’s: Ronni Pedersen and Mirko Colemberg, plus a special guest from Microsoft in Redmond: David James. David is the director of development of the Configuration Manager team. Belgium is the fourth stop of his European Tour visiting different user groups. This a unique opportunity which you honestly cannot afford to miss.

Interested in joining us? It’s not too late : registration ends in approximately 24 hours and there are still a few seats left. More information and registration here.

Adding languages for Office 365 update downloads in Configuration Manager only adds the first language

October 13, 2017 Leave a comment

During a recent customer visit I was asked to troubleshoot an issue with Office 365 language specific updates. This blog post outlines my findings and the solution.

The customer is running a Current Branch 1706 environment and needs to support Dutch and French languages for Office 365, next to the default English language. As such he wants to ensure all updates for these three languages are properly downloaded. To achieve this the engineer is following the procedure as documented here.

Background

Let’s first have a look at what is documented the TechNet Docs.

Beginning in Configuration Manager Current Branch 1610, you can add support for Configuration Manager to download updates for any languages that are supported by Office 365, regardless of whether they are supported in Configuration Manager.

The documentation contains a detailed procedure on how to add support to download updates for additional languages. This is done through WMI.

Configuring additional Office 365 update languages is a site-wide setting. After you add the languages using the procedure, all Office 365 updates are downloaded in those languages, as well as the languages that you select on the Language Selection page in the Download Software Updates or Deploy Software Updates wizards.

 

 

Initial findings

As the customer did not want to select the additional languages in the Software Updates wizard each month he opted for the site-wide setting and required modifications. As per the outlined procedure the required changes were made in WMI.

Notice in the screenshot below the values are specified exactly as per the screenshot in the TechNet Documentation.

clip_image002

Based on these settings the updates for Dutch and French should be downloaded. English does not have to be specified and is always downloaded. However, when checking the sources in the Software Update Deployment Package, only English and French updates have been provisioned. Dutch is missing.

clip_image004

During a second test the language tags in WMI were switched, so Dutch was first in the list.

clip_image005

After the download completed the Software Update Deployment Package source folder only contains English and Dutch updates. French is missing.

clip_image007

It appears as if only updates for the first language specified are being downloaded.

A few runs later (going through some variants with delimiters etc.) we tested with the following values in WMI

clip_image009

After the download completed we checked the Software Update Deployment Package source folder again – and finally updates for all three languages are properly provisioned.

clip_image011

 

 

Conclusion

The screenshot in the TechNet documentation is misleading as the language tags are separated with a comma and a space. Based on our above findings the language tags should be separated with a comma only, the space should be omitted for this to work when specifying multiple languages.

Side note: the TechNet documentation also mentions Use the following procedure on the software update point at the central administration site or stand-alone primary site. This is not correct as the procedure needs to be executed on the site server, not the SUP.

Hope it saves you some troubleshooting time!

Tim

ConfigMgr 1706 – BgbServer.log expecting more data from client errors

September 29, 2017 2 comments

After upgrading a Configuration Manager Current Branch environment to 1706 you may notice a lot of Expecting more data from client errors in the BgbServer.log .

This log records the activities of the notification server such as client-server communications and pushing tasks to clients. It also records information about online and task status files generation to be sent to the site server.

20170928-BGBServer

Feedback from Microsoft indicates this is related to the client not sending the final packet via TCP channel somehow or when the ccmexec service on the client restarts. The good news is that these events are harmless and are not impacting any functionality.

Logging improvements in future releases should fix this and avoid BgbServer.log from turning red.

Hope it helps!

Tim

*** Update 20/10 ***
I logged a case for this with Microsoft (ID 3141726) which changed status to Resolved just now. Expect this to be fixed in the next CB release.

Advanced Threat Analytics triggering Symantec Endpoint Protection alert

August 17, 2017 Leave a comment

During a recent proof of concept implementation of Microsoft Advanced Threat Analytics the customer reported a large number of workstations suddenly displaying a notification from Symantec Endpoint Protection.

The notification was indicating unusual traffic with packets originating from the ATA Gateway we had just implemented. An example screenshot is shown below:

image

As the main purpose of the ATA Gateway is to capture and inspect network traffic from the domain controller, the customer was unsure whether this was legitimate traffic or not. Why would an ATA Gateway send packets to a large number of workstations on the network?

Luckily we could confirm it is legitimate activity – and the rules for Symantec Endpoint Protection could safely be adapted to avoid have these popups again.

Some more background

Next to capturing the Domain Controller network traffic one of the other functions of the ATA Gateway is to perform resolution of network entities. When we inspect the ATA Gateway log files we clearly see the resolution steps taking place. It is the RPC NTLM resolution that actually triggered the alerts on the endpoints.

image

Backing up our statement above is a note which can be found in the ATA Prerequisites documentation.

clip_image001

Conclusion : make sure to check your other security solutions in place when implementing Advanced Threat Analytics. Without implementing and/or tweaking some rules you may accidently trigger some alerts on a large number of systems and make some security folks nervous.

Until next time!

Tim

Microsoft MVP 2017-2018 Award

July 11, 2017 Leave a comment

MVP1718Today I received my 2017-2018 MVP Award kit.

This is my fourth consecutive award in the Enterprise Mobility category.

I am excited, proud and honored to receive this. Thanks again for all the support and good times in the past months – much appreciated.

At the same time I am looking forward to more community fun and good times in the future!

See you soon!

Categories: Various Tags: ,

Lowlands Unite Netherlands Edition–Debrief

May 2, 2017 Leave a comment

2017-04-11 08.39.20A few weeks back I had the pleasure to present at the Lowlands Unite event in Amsterdam, The Netherlands.

The event was organized by the Dutch WMUG and hosted at EndemolShine, a rather unique location near the Amsterdam Arena.

 

 

Below you can find my slides from the session on Microsoft Advanced Threat Analytics.

 

Thanks for those who were there and attended the session. Off course any feedback or questions on the session are always welcome.

Hope to see you at the Belgian edition of Lowlands event in the fall of 2017.

Until next time!

Tim