Tag Archives: Configuration Manager

Drivers Showing as Unsigned in Configuration Manager 2012 R2

A customer has a problem with importing drivers for their Surface Pro 3 devices in System Center Configuration Manager 2012 R2.

We keep noticing some of the drivers are unsigned. I immediately realized something is up as Microsoft releasing unsigned drivers isn’t going to happen. So I started digging and immediately came to KB3025419 which seems to cover my situation. My customer uses Windows 2008 R2 as the Host operating system for the Configuration Manager server and so this KB is relevant. Basically, Microsoft changed the way they signed drivers and now use a different method. This new method is different than what Server 2008 R2 recognizes and thus the change.

It affect Configuration Manager 2007, 2012 and 2012 R2 so you might see this as well down the road once hardware vendors use the new method.

Install the patches and don’t forget to reboot. A reboot is required even if it doesn’t prompt for a reboot. How do I know this, experience. Our server was patched by a different team but they didn’t reboot. The problem still persisted until the reboot.

Another thing you have to do is remove the “unsigned drivers”. This means delete the drivers that are showing unsigned before re-importing the drivers again. Once these two steps were performed we were back in business.

If you are running Windows Server 2008 R2 for your System Center Configuration Manager install you might just want to install this patch during your next maintenance schedule. As more vendors sign their drivers in the new method, you might start to see issues even if you don’t deploy Surface Pro. Of course, if you are running Windows Server 2012 R2 you probably have never saw this issue and the patches are not required.


Problems Deploying Apps with System Center 2012 R2 in an OSD Task Sequence

Onsite at one of my customer’s sites we are deploying operating systems with a Config Manager 2012 R2 task sequence (TS). The issue I was having was the applications were not installing. They were set to deploy in a task sequence without deployment so that wasn’t the issue. Looking at the log, (logs are your friend, use them) and I discovered this:

Unknown operating system build number 9600 found, setting OSVersion to 'Other'.

Ouch, what does this mean. It means my CM12 deployment has something not right with it. I don’t what the issue is but I will bring it up with Garth of Enhansoft who is an Enterprise Client Management MVP. He might have an idea on how to fix this.

In the meantime, I just changed the settings so that the software doesn’t have an OS requirement to install it. Basically I can set the package so it only installs on Windows 7 or Windows 8.1. In this case we can’t use that as we don’t know the OS.

Just change the package or app and allow it to be installed on all operating systems and it will deploy fine. Not a great solution for those trying to lock down apps to specific operating systems but it works.

Once I figure out why 9600 is not being recognized, I’ll update the post and we can all fix.


Pushing out the Windows 8.1 Update

Windows 8.1 Update 1 came out last week. There is a way as a user you can fetch this, but if you are an admin you can push this out. Let me walk you through this. If you are running Windows 8.1 you will need to upgrade if you plan to continue receive security fixes.

Windows Update
If you are running Windows 8.1, you can use Windows update to install the upgrade from 8.1 to 8.1 U1.

If you are an admin, be aware of an issue with using SSL for WSUS and this new patch. http://blogs.technet.com/b/wsus/archive/2014/04/08/windows-8-1-update-prevents-interaction-with-wsus-3-2-over-ssl.aspx

As an admin, you simply approve the upgrade (and a patch required for the update to happen) and then your machines should start getting updates.

System Center Configuration Manager
If you are an administrator for your corporate network, you can use Software Update Services to deploy the upgrade (once its added back in to WSUS again for synching) or you add the whole Windows CD as an application to SCCM 2012 R2 or any version that support Windows 8.1 as a client. You will want to invoke setup with the setup with /auto:upgrade and make it available to users via the software center.

Happy installing.

Managing Drivers in Task Sequences with System Center Configuration Manager 2012

When of the question I always get when deploying Windows whether it be Microsoft Deployment Toolkit or System Center Configuration Manager is how to I properly deploy drivers.

Now there is no right or wrong way, but I always steer people away from putting them in one big folder and letting the OS figure out which to use. Have you ever seen a Dell using an HP Driver? Been there so here is a flashback of a back post of how to manage drivers in MDT.

Let’s take a quick look at how to clean this up in System Center Configuration Manager. Basically add your drivers and put them into folders and then add them in as driver packages.

Then when setting up your task sequences, add a section where it evaluates the machine type and if it matches, apply the drivers.

Here is a screen shot of a task sequence in System Center Configuration Manager I did for a customer.

System Center Configuration  Manager SCCM Task Sequence Drivers

What happens here is as the task sequence continues along, it checks to see if the drivers need to be applied based on a WMI query. To get this information use WMIC to pull out the model information.

Further along we install applications that are drivers, but poor ones in that they need to be installed. Again we use a WMI query to only install the application if it matches the make and model of the device we specify.