Unable to compile Sql CE script file during SCCM client install or upgrade

I've had issues with the SCCM client on our internet (IBCM) server. At first it was the issue with configuration manager software not on C-drive, and client patches failing to apply. Then with SCCM 1511 and 1602 client installs on the server resultet in

MSI: Setup was unable to compile Sql CE script file F:\SMS_CCM\StateMessageStore.sqlce.
The error code is 80004005.    ccmsetup.

This is due to the old Sql CE databases still being present. 

To fix this, uninstall all SCCM client components. Find the Windows Installer Code with this Powershell command.

(Get-WmiObject -Class CCM_InstalledProduct -Namespace "root\ccm").ProductCode

Then move the following files to a backup folder. These are the old client Sql CE database files. They are located in the client install folder %windir%\CCM\ or in the SMS_CCM folder).

  • CcmStore.sdf
  • CertEnrollmentStore.sdf
  • ComplRelayStore.sdf
  • InventoryStore.sdf
  • UserAffinityStore.sdf

Abort any running ccmsetup processes by stopping any ccmsetup services running, and then run the following command from you SCCM client install folder (or %windir%\ccmsetup):

ccmsetup.exe /uninstall

Then install the client as usual with ccmsetup.exe


 

 

 

No secure connection to Plex on same subnet

I have never been able to connect to my Plex Media Server securely on my local area network so I decided to fix it today. The official troubleshooting article mentions pfSense 2.2 which I run. It tells users to configure DNS rebinding. This was not enough in my case, so I searched some more for a solution. The forums had a hint about how to solve this in a post by snm77. His suggestion is to add a host override point plex.direct to your servers local IP address. This did not work, but pointing the FQDN did! The FQDN can be found by using the inspector in your browser and reload https://app.plex.tv/web/app , in Chrome you would look at the Network tab and find connections to IP.*.plex.direct, the one with your servers IP is your FQDN.

In pfSense 2.2+ do the following:

1) Configure DNS Rebinding by going to System > Advanced > Admin Access and enter plex.direct under Alternate Hostnames.

2) Configure Host Override by going to Services > DNS Forwarder and create a new entry under Host Overrides. Enter the IP part for your FQDN in the Host field, the rest in the Domain field and enter your servers local IP in the IP address field. Like the image below:

Skjermbilde 2016-01-13 kl. 21.26.55.png

After these configurations, reload with the new DNS settings and you will have secure connections on both the internal network and on the internet!

WinPE SCCM PXE boot problem and solution

This is a writeup on how we solved this problem at my workplace. Written because there where few solutions available online for this problem.

Our SCCM 2012 install have been working great for OSD ever since we got it installed. We have been deploying Windows 7 to HP Elitebooks on the client VLAN, and WIndows 2008R2 to ProLiant BL460c G1 blades the server VLAN. But when we tried G7's and G8's the PE boot would halt. It would be slow, then crash with an error message. This buggered us for months. PXE booting from our Linux PXE server with utilities, firmware CD's etc. works. So it is something Microsoft do differently. Googling would mostly show results for the usual PXE issues like IP helpers, or be for SCCM 2007 wich does PXE differently.

​Boot failure right after boot.sdi message. Error 0xc0000001. "A required device isn't connected or can't be accessed."

After a lot of trial and error for WinPE (both 3.0 and 4.0) PXE booting from the Configuration Manager server it looked like this:

​ProLiant BL460c G1 - Embedded Internet - Server VLAN - WORKS
ProLiant BL465c G7 (same blade enclosure) - FlexFabric Embedded Ethernet - Server VLAN - FAILS
ProLiant BL465c Gen8 - HP FlexFabric 10Gb 2-port 554FLB Adapter - Server VLAN - FAILS 
VMware Workstation 9 (hw9) VM - E1000 - Client VLAN - WORKS
VMware ESXi VM (on Gen8) - vmxnet3 & E1000 - Server VLAN - FAILS

After this we ruled out drivers, and WinPE issues. It had to be something with the network. I had been monitoring the WDS processes (TFTP and the WDS server) with perfmon.exe and it looked ok. A colleague set up our test vm with a mirror port to a machine running Kali with Wireshark running. Then it became obvious what was happening. WDS uses 1456 as the packet size for its TFTP transfers. After the initial transfer of the bootloader, it hands the process to the distribution point service that then fills fills the ramdisk. Microsoft explains this in this technet article. SCCM DP requests 16384 as the packet size. Google quickly pointed us to a registry key that got things flying:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP

Change RamDiskTFTPBlockSize from 16384 to 1456.

Note: A larger number should increase performance. 16384 is the maximum.

Utvilklingen av mine Bitcoin mining rigger

​Til å starte med minet jeg på 6970 kortet som stod i min spillpc. Etterhvert skjønte jeg at man kunne investere i en dedikert mining rig uten for stor risiko. Jeg investerte i en AMD APU plattform siden jeg også da kunne mine effektivt på prosessoren, samt at de er billig. Da det gjelder å holde kostnadene nede droppet jeg kabinett, og benyttet strømforsyning fra ee-avfallet. To trepinner og en stein fikk gjøre nytten.

​Asus F1A75-M LE, A6 3500, 7970, 2x 5850 og 5570. To 400W strømforsyninger.

​Asus F1A75-M LE, A6 3500, 7970, 2x 5850 og 5570. To 400W strømforsyninger.

Etterhvert fikk jeg donert et ekstra hovedkort av Diddern som ble basen for min andre dedikerte mining rig. Dette var også ikke lenge etter at jeg fikk min Bitforce SHA256 Single enhet, som er en FPGA programmert for Bitcoin mining. Noen billige trehyller og en bedre veggmontert skjerm senere så det omtrent slik ut:

​A6 3500, 7970, 2x 5850, 5770 (en til som ikke var tilkoplet på bildet), 5570 og Bitforce SHA256 Single

​A6 3500, 7970, 2x 5850, 5770 (en til som ikke var tilkoplet på bildet), 5570 og Bitforce SHA256 Single

​Da maskinvaren står noe utsatt, ikke er spesielt kompakt og ihvertfall ikke mobil har jeg valgt å gå til anskaffelse av en energieffektiv strømforsyning som kan drive en feitere rig og samtidig gi strøm til SHA256 Singelen min. Jeg kjøpte meg en brukt Corsair AX 1200 på BitCoinTalk.org forumet til under halv pris, og handlet kabinett (også halv pris pga. fargen), hovedkort og en Celeron prosessor på Komplett. Så nå har jeg bygget om en av maskinene til et hendig kabinett som yter 2,3 GHash/s. Dette får bli min siste GPU rig før ASICene tar over. Avalon bygger ASIC rigger på samme størrelse som yter 60GHash/s. Er veldig fornøyd med mitt siste bygg, selv om grafikkkortene har det noe trangt.

​Corsair C70, Asus P8C WS, Celeron G550, 7970, 3x 5850 + BFL SHA256 Single. Corsair AX 1200.

​Corsair C70, Asus P8C WS, Celeron G550, 7970, 3x 5850 + BFL SHA256 Single. Corsair AX 1200.

Et par tips jeg har lært underveis.

  • Ha nok USB minnepinner i reserve. De blir slites i stykker raskt og må man erstatte de raskt. Maskinene selv kjører uten minnepenn etter boot og ha gått en stund, men ved omstart/oppgradering vil man ofte få rare feil.
  • Fysisk skjerm hjelper for å identifisere oppstartsfeil pga. døende minnepenn, og andre feil som strøm og temperaturproblemer i BIOS.
  • Invester i en ordentlig strømforsyning med høyt effektivitetsgrad, single rail og med mange PCIE kontakter. ​
  • Kjøp kort så billig du kan, du må regne med å bytte vifter på referanse AMD kort etter 2 år i kontinuerlig drift.​
  • Kondens er ikke noe problem. Maskinene kjører fint i friluft, i minus 25, men må stå beskyttet mot snø og regn. ​Hovedproblemet med kulde er at plast på kontakter og ledninger blir sprø og kan knekke.

Lurer du på hva du skal gjøre med GPU riggene når ASIC tar over for fullt kan Litecoin mining være noe å kikke på. Det har til tider vært mer lønnsomt enn Bitcoin mining, selv om man som regel må veksle til norske kroner eller bitcoins for å få brukt pengene.​