Monday, October 31, 2016

SCOM Dynamic Groups and Regex

Came across the need to create SCOM groups that consist of both Development and Production servers. While it is easier to have them explicitly populated into the correspondent groups but that would required exhaustive administrative effort from the SCOM admins to always validate the membership of the groups from time to time.

Most of you may know that not every organization has a standard naming convention for their servers like XXX-XXX , and the question now is what will be the regex expression for servers that either ends with d or p indicating whether this is a development or production servers ?

Well it might sound complicated (or at least to me) where how many characters or numbers that we need to consider, since the server names do no have a fixed length.

After some trials and errors, turned out to be quite a simple fix. The following expression will fit in

(?i:p$) –> means case insensitive and ending with a p (or P). Feel free to change the expression to suit your needs.

Thursday, November 26, 2015

SCCM 2012 R2 Clients failed downloading content

Was required to manage clients in untrusted domain in a recent SCCM deployment and one of pilot machine (Windows 7) was not able to have the published app successfully installed, while the other got installed successfully.

Checking on the DataTransferService.log, it includes log saying “DAV request. HTTP code 401, status 'Unauthorized'

Checked and verified that the network access account for SCCM has been configured and there’s no firewall restriction between the client and SCCM server.

Googled around and found out that KB2522623 might be able to fix the problem, and it really did once the patch was applied.

Monday, July 13, 2015

Automated Profile Migration with SCCM–Orchestrator

Had a chance to be involved in a project whereby a client had requested to implement user state and profile migration via SCCM / USMT.

This basically requires configuring the State Migration Point in the SCCM site server and creating computer association, determining from which machine (Source) the user’s profile and data files are being migrated over to (Target)

Then, there will be 2 separate Task Sequences to capture and restore user’s profile and files via USMT scanstate and loadstate executions. As the rule of thumb, the Task Sequence to restore user’s data should only be run after the data capture has successfully executed.

I decided to take a step further by further automating the entire process via System Center 2012 R2 Orchestrator.

It consists of several runbooks, ranging from

  • Performing readiness check, making sure both machines are ready for user’s profile and data transfer

  • Performing user’s profile and data migration by
    • creating the computer association
    • pushing the task sequences to both source and target machines and verify its execution
  • Replicating all the SCCM direct membership collections from the source to destination, ensuring additional software / applications are successfully pushed to the target machine


which are all called from a main runbook


Wednesday, March 18, 2015

SCOM 2012 R2 UR 5

With the recently launched of the SCOM 2012 R2 UR5, one of the issue it addressed was the “Specific Case is not valid” error when you remove the agent in a server that has SQL server installed, without removing it from the SQL runas account distribution. Please refer to the previous posting here. This should save us the hassle of having to manually update the SCOM databases, without fearing that it might affect the supportability from Microsoft.

As for how to apply the patch, this is one of my favorite blog for SCOM resources 

Information about the patch can be found here, as well as the link to download

Monday, February 9, 2015

SCOM Run As Account - Specific Cast Is Not Valid

Got the following error when i tried to add new servers into my SQL MP RunaAs account distribution


Once you click “Close”, you won’t get to see any other computers which this run as account has been distributed previously.


Well, the cause of this is actually due to agents are manually removed from the “Agent Managed” within the SCOM console, but without cleaning up the distribution of the RunAs Account.

In order to resolve this, i had deleted the specific entry from the OperationsManager database based on the solution found in 

Once done, the server which this account is distributed is visible again


p/s: updating the data directly in SCOM databases might impact the supportability from Microsoft. So do it at your own risk

Thursday, January 8, 2015

Windows Data Deduplication – Garbage Collection

Running on a limited SSD storage in machine, the first thing after it was setup is to create 2 logical disk partitions (OS and Data) and to enable data deduplication on the data drive (well, you might know now that we are not able enable data deduplication for OS partition)

Windows 8.1 does not come with a data dedup feature but i supposed there should be lot’s of links in the net that can guide you to enable data deduplication in windows 8.1

Once configured, you should be able to reap the rewards of huge disk space saving especially if you the machine is hosting some test VMs. But after a while, you might find that the disk space does not decrease over time, even after you manually run the “start-dedupJob” cmdlets.


One of the reason is that, there’s a garbage collection job, scheduled at 2.45 am every Saturday and if the machine is not turned on all the time, the job might not even been executed.

One of the way is to manually run the dedup job again using the “GarbageCollection” parameter

Start-DedupJob -Volume <volume> -Type GarbageCollection

and this should get rid of the unwanted file chunks.

Wednesday, January 7, 2015

Install Windows Roles & Features from Configuration File

Used to be launching the wizard while installing the Roles & Features for every new server setup, but it might be tiring and repetitive if you have multiple servers to setup at the same time.

One of the ways is to construct a powershell script to include all the features that are needed and run in.

As for someone with limited powershell knowledge like me, there is actually another way to simplify the amount of time needed to each configuration, via an exported configuration settings file

For a start, you will still need to launch the add Roles & Features wizard to customize the required components you need. However, towards the end of the wizard (just before confirming the installation), you can actually click on the “Export configuration settings” and save it as an xml file (default filename is DeploymentConfigTemplate.xml).


Next, once you have the xml file, login in to the server you want to have the exact Roles & Features install, run the following powershell command (with admin rights of course !!) and the server will now start the install the roles and features according to what’s in the configuration template.

install-WindowsFeature –configurationfilepath <full path of your config file>

and displays a status once done


* if you include .net framework 3.5, make sure in include the –source pointing to the sxs folder, if not it will attempt to download from the internet