RESOLVED! SQL Server Configuration Manager – Cannot connect to WMI Provider Error

I’m back; it has been too long!

So I was stuck attempting to open the SQL Server Configuration Manager Application on my Configuration Manager Server.

Error Below;



This problem would have arose when we uninstalled an instance of SQL server; the WMI provider would have been removed during this process. From what I’ve researched, both the 32bit and 64bit instance of SQL Server share the same WMI configuration file.

Location – %programfiles(x86)% directory.


Open a CMD prompt as an Administrator.

Now browse to the following location, which would be the version of SQL you’re using on your SCCM server (or where the DB resides for your SCCM environment).

We’re using SQL 2012 so the directory below responds to our requirements;

cd “c:\Program Files (x86)\Microsoft SQL Server\110\Shared”


Now, once in the appropriate location, run the following command;

mofcomp sqlmgmproviderxpsp2up.mof


We’re now able to re-open the SQL Server Configuration Manager Window!


Hope this is helpful!

SCCM Application Deployment Error – 0x87D00607 Fix!

Down the other end of the office I could hear one of my colleagues complaining that an App deployment failed when installing from their SCCM’s Software Center Console on their workstation.

They received the following error message;

Generally, the first place to check is with your boundaries and boundary groups and to ensure that they’re setup correctly. Actually, reviewing your boundaries and boundary groups should be the first place to check when troubleshooting these errors.

The way we’ve configured the boundary groups within our environment(s) is through the use of Active Directory. Some choose to use IP subnets to define their boundaries, however we found that Active Directory would best suit our environment/setup. Resolution; Change the Deployment option under the Application deployment section.

I had ‘Do not download content’ selected from the dropdown menu. As soon as I changed it to ‘Download content from distribution point and run locally‘, I was able to install the application successfully.

We now have a quieter office thanks to this resolution! Good Luck!

Easy Way of Exporting from SCCM 2012

So there have been several requests internally who are NOW starting to leverage off the information that is readily available within SCCM.

Question; How do I export a list of devices from SCCM into Excel?

Solution; Easy! Ctrl A, Ctrl C, (select Excel spreadsheet), Ctrl V. Done.

Here’s the walk through guide –

As I need the list of Active PCs on the network, I have used the search functionality within devices. Note; this is just an example, as you can easily achieve this by using the Active/Inactive Collection under Device Collections.


Literally, use the Select All key combination (Ctrl + A) or Individual selection key combination (Ctrl + Left Mouse Click) and Copy the data (Ctrl + C).

(Select All)


(Individual Selection)


Now simply, head over to to your spreadsheet and paste the results (Ctrl + P)


As you can see, you should now have your ‘export’ performed successfully.


See the comparison below; requirement achieved.


Good luck!

Ahh Facebook’s Offline!

It appears that many Facebook users, my family and friends included have noticed that their timeline isn’t refreshing, their notifications aren’t coming up and that their friends posts are not appearing!


Issues with Facebook was first reported around 3PM Australian Eastern Standard Time (I wouldn’t have known considering I was attempting [key word, ‘attempting’] to pump iron at the gym!). I did notice however that I couldn’t tag myself after my gym session, but it only clicked when I got home to check what everyone else was up to, that I knew something was up!

Other applications like Tinder and Instagram are either offline or experiencing difficulties at this point in time. WhatsApp, owned by Facebook though, appears to be working as per normal.

To resolve this issue, closing down the Facebook app on your iPhone won’t do it, powering your mobile device on/off won’t bring it back online, restarting your router will not resolve it… The issue appears to be with Facebook and it’s servers at moment.

Right now, should you need to contact someone, it’s probably best that you get up off your arse, head over to your friend/colleague/family member and actually speak to them, face-to-face, rather than using social media to communicate/conversate (if that’s even a word!).

Trust Relationship Errors – Not the ones you need to hand over your mobile phone for!

So this week, I was given a task to resolve an error that was evident on one of our Hyper-V servers in our cluster. The error message; The trust relationship between this workstation and the primary domain failed.


As you do when troubleshooting, you work from the bottom up, whilst applying a bit of logic along the way. I did the standard troubleshooting steps of ensuring that a Domain Controller is present and communicating on the network and that the network was configured correctly.

Thankfully, this was just a case where a server/device had lost itself in the environment and need to be reconnected back.

In this blog, we’ll look at a couple ways to resolve this issue.

1st Option – Offline Access & Reconnection (Laptops /Workstations /Servers).

(Prerequisite; This assumes you have a Domain User Account with local administrative permissions and/or a Domain Administrative Account to re-join the machine back to the Domain).

If this is a physical machine, and that you’re able to remove the network cable from it, then do so. You too can achieve this if this machine is a virtual machine. Jump onto Hyper-V manager and disconnect the network from it.

Once you’ve put the machine into effectively an ‘offline’ state, you will then be able to log-in with the ‘cached’ domain credentials. Once logged in, plug back the Ethernet cable into the machine to restore network connectivity. If you’re working with a VM, re-enable the network.

Now, go to System and re-join the machine to the domain using the Domain Administrative credentials.

This too can be achieved by logging into the machine with a local administrative account, and then using the Domain Administrative credentials to re-join the workstation to the domain (without having to remove the machine off the network).

Soon you will be prompted to reboot the machine to take in the changes. Perform the reboot and try to login to your machine with your domain credentials.

2nd Option – Changing the Domain (ever-so-slightly) – the process I used.

(Prerequisite; This assumes you have a local Administrative Account to login to the server, and a Domain Administrative Account to re-join the server back to the domain once logged in.)

So going back to the opening paragraph about being assigned this job, I had to find out how to achieve disconnecting/reconnecting this Hyper-V Server from the network without causing havoc on/within the environment.

What I did: I logged into the server with the local administrative account credentials. I see the Server 2012 R2 desktop. I right click the Start Menu and select System.

Under Computer Name, Domain, and Workgroup Settings, I select Change Settings. Under the Computer Name Tab, I select Change… next to ‘To rename this computer or change its domain or workgroup, click change.’

Here you will be prompted with the Computer Name and Domain. Under Domain, you should have the FQDN of the domain this machine is connected to, in my case, our Hyper-V Server. What you do now, is remove parts of the domain name.

For example, if the domain is called, CompanyX.Local, remove the .local and leave CompanyX. Simple as that. After that, select Ok. Here the server will go off and look for a/the Domain Controller within the environment. Once found, it will then prompt you for credentials to re-join the machine back to the domain. Enter the Domain Administrative credentials on hand.

Once completed it will prompt you to rejoin the server back to the domain. Reboot the server and you should be able to login to the server, once rebooted, with the Domain User credentials /Domain Administrative credentials.

If you have SCOM installed on the machine, remember, put it into Maintenance Mode, otherwise the gremlins that manage/monitor SCOM, will come after you with bells and whistles.

Remote Access Support Tool available through SCCM’s Software Center!

Have there been times where a 3rd party service provider requires remote access to an Application Server (or any server) to work on an upgrade or to diagnose an issue?

Because we’re all security conscious System Admins (right?), we DO NOT want to install any ‘remote application’ that could potentially expose/compromise the environment, let alone that server.

To reduce the surface attack space on our servers, we (Vigilant.IT) have verified remote applications that we have published to our Software Center. This doesn’t mean that we are installing as soon as it’s available in Software Center; we are simply making the remote application available should we need it.

Our primary remote application we use with our many 3rd party service providers is TeamViewer. In this instance we have used GmbH’s Quick Support version of TeamViewer which is ideal in terms of security and minimal surface attack space. We want to install the application on the server, but simply run the executable from the Software Center.

Let’s start off with identifying the process –

What: Make TeamViewer QS available within Software Center.

When: ASAP.

Why: To have available should a 3rd party service provider require remote access to a server in your environment.

How: SCCM’s Application Deployment.

Prerequisites; We’ve created a custom TeamViewer Quick Support application using the TeamViewer website creation portal. Browse here to create your own customised version of TeamViewer Quick Support.

Ours look like below (obviously with an ID and Password);


Here’s how we’ve done it!

Creating the Application

Browse to Software Library and Select Overview > Application Management > Applications.


Right click on the clear space in the middle panel and select Create Application.


Select ‘Manually specify the application information‘ radio button and select Next >


Fill in the information below. If you are deploying TeamViewer QS or another remote application, update the form as you see fit relating to your choice of application. Once updated, select Next >


In the Application Catalog, fill in the details as below.

The Application Name is standard to our naming convention here, but, should you not have one, simply name the application as you see fit.


Under Localized Description, I’ve added a little insight on what we are wanting to achieve. Add in the Keywords respective to the application we’re/you’re building.

(Note: In this example, I have pre-installed TeamViewer (unattended support) to be able to select the icon. If you already use TeamViewer, continue on. If not, simply download and install to collect the appropriate icon/image).

Once updated, we are now going to add a little icon image to our application. Select Browse…


Browse to location of the executable for TeamViewer. Once identified select it and select Open.


Once selected you should be now, able to select the TeamViewer Icon. Select the icon and select OK.


Your Application Catalog should look like below, if you’re deploying TeamViewer. If not, do a quick review and make sure all information is correct.

Select Next >


Once selected we are now going to create a Deployment Type for our TeamViewer Application. Because we are going to use a script based installer select Script Installer and select ‘Manually specify the deployment type of information’. Select Next >


Fill in the details below and select Next >


Fill in the information below as you would according to the way you’ve setup your SCCM environment.


Content Location: (would be the repository where you would keep your applications, i.e. Primary Site Server, Management or Distribution Point Servers).

Select the folder the TeamViewer executable is located on your specific server and hit Select Folder. (as you can see, we have other Applications available)


Now under Specify the command used to install this content, browse to the TeamViewer executable and Select Open.


Once selected hit Next >

Under Detection Method, we’re going to create a rule which will determine whether or not the application is applicable to the server we’re going to deploy against. Select Add Clause…


As we’re deploying the Quick Support version of TeamViewer, we’ll need to find the location in which the application is ‘installed’.

We’re going to use the Setting Type; as File System. Remember, we’re going to interrogate the location in which the application is installed.

With the QS version of TeamViewer, we know that the installation file path is as follows; %AppData%\Local\Temp\TeamViewer. We’re going to look for a folder called ‘Version9’ (or whatever version you’re using at the time).

Leave the first radio button selected. Select Ok.


Now that we’ve got a detection method, select Next >


Under User Experience, select the following and then select Next >;

Installation behavior; Install for user

Installation program visibility; Normal

I’ve left the Maximum allowed run time (minutes); 15

Estimated installation time (minutes); 0


Under Requirements, select Add..


Select Operator; Equals and Value; False. Select Ok.


Select Next > as we’re not configuring any dependencies.


Review the Summary information and select Next >


It should complete successfully.




Distributing Application to Distribution Point Servers

Now that we’ve created the Application within the SCCM Application section, we now need to Distribute the Application to our Distribution Point servers.

Right Click on the Application that we’ve just created and select Distribute Content in the dropdown menu.


Leave the following tick box ‘Detect associated content dependencies and add them to this distributionenabled and select Next >


Select Next >


Here I’m going to select the Distribution Point Group.


Because I want the Application to be available to all our Distribution Groups, I’ve selected ALL DP Groups within our environment.


Select Next >


Review the summary of the distribution deployment and select Next > once you’re happy.



You can review the status of the distribute content process by selecting the TeamViewer QS Application and reviewing the Content Status section (i.e. pie graph).




Deploying /Making Available the Application to Collection Groups.

We’ve distributed the application to the appropriate Distribution Point servers, we can now start pushing it out /deploying it to our respective collection groups.

Right click on the Application and select Deploy.


Select the Browse… button and select the collection you would like to deploy to.


Select your collection group you would like to push out to.


Once selected hit the Next > button.


In the Distribution Points section, you should see that your DPs and/or Distribution Point Groups are pre-selected. If they’re not, select the appropriate DPs or Distribution Point Groups.

Once completed, select Next >


Under Deployment Settings, we’ll leave the action and purchase as default (below). Remember, we want this application to be ‘available’, not ‘required’.

Select Next >


Under Scheduling leave it as default, hit Next >


Again, you can leave this section, User Experience as default and select Next >


Leave the Alerts section as Default as well, and select Next >


Review the Summary section and make sure you’re happy with the information. Once reviewed, select Next >


You should see the deployment to the collection group, successful.




 Test Deployment Phrase

We will now look at installing this onto one of the servers that is in the Test Collection Group.

One the server in question, browse to ‘Software Center‘.


Generally, you should give the server a minute or two prior to seeing the application appear within the Software Center.


You should see the below image state that the application is available to Install. As you can see, I have initiated the installation.


Once installed, you should see your customised remote application, appear and ready for your 3rd party service company to connect.



Clearing Windows Temp Directory using SCCM’s Compliance Settings

In order to meet the objectives I’ve been assigned which are to perform Routine Infrastructure Tasks (i.e. Maintenance work) against ALL servers we manage, I have taken advantage of SCCM (and as well learning from an SCCM expert) to automate these mundane, lame and boring tasks!

The first step with anything is to map out what you want to achieve. Taking the time to plan out your steps from start to finish will allow you to stay focused and keep on track. What you don’t want to do is to lose the momentum you gain when working on a task/project. You also do not want to deviate away from the task at hand as well. Check out Steven Hosking’s blog on Logical Steps to Automate A Task.

What: Clear the Windows Temp directory

When: Once a Week

Why: Stop accumulating unnecessary data on the system drive.

How: SCCM Compliance Settings.

Within SCCM Compliance Settings we will use the ‘detection’ and ‘remediation’ method to achieve our task of cleaning the Windows Temp directory.

Under Assets and Compliance select Configuration Items. When selected right click in the clear space and select Create Configuration Item.


Fill in the below details as you see fit. In the example below, I have named it RITs – Clear Windows Temp Folder. As this task is targeted to the Windows devices, we will leave it as is. Use the Categories too, as you see fit. Select Next once completed.


As we are targeting servers only, we have selected the below. If however you’re managing ALL Windows devices, leave it as default (Select All). Select Next.


Select New…


Enter a Name and Description. From the drop down menus, select Script from the Settings Type and select String from Data Type. Let’s Add Script.. now under Discovery Script.


Now with the Discovery Script I have used the following to identify if there are any data within the Temp directory.


on error resume next
Set FSO = CreateObject(“Scripting.FileSystemObject”)
If fso.folderexists(“C:\Windows\Temp”) Then
If fso.getfolder.Count = 0 And fso.SubFolders.Count = 0 Then
wscript.echo “Compliant”
wscript.echo “Non-Compliant”
End If
wscript.echo “Compliant”
End if

You ask why have I used VBScript to achieve this detection method. Can I use PowerShell instead?

The reason why I have used VBscript over PowerShell in this instance is because of the multitude of servers we manage (also trial and error as I had PowerShell scripts to do ALL my tasks). Because it ranges from Windows Server 2003 to Windows Server 2012 R2, certain PowerShell commandlets may not work with older versions of PowerShell. VB on the other hand is compatible on the majority, if not all Windows servers.

Now with the Remediation Script I have left my PowerShell commands from the start. Reason being is that the Powershell commandlet is compatible across ALL PowerShell versions, therefore there was no reason to change.


Remove-Item C:\Windows\Temp\* -Force -Recurse
$ErrorActionPreference = “SilentlyContinue”

Once completed, you should see the below screenshot match your Settings.


Now Select the Compliance Tab. Once selected, select New…

When prompted with the Create Rule Window, fill in the Name and Description. Leave the Rule Type as default, Value. Set ‘The value returned by the specified script’ as Equal and ‘the following value:’ to Compliant.

Tick ‘Run the specified remediation script when this setting is noncompliant’.

Set ‘Noncompliance severity for reports;’ to Critical.

Once completed, hit OK.


You should now see the newly created Compliance Rule. Hit OK.


You should now see the Detection Method in the Specified settings for the operating system. Select Next >


As we have already created the Compliance Rule we can simply hit Next >


Under the Summary do a quick review before hitting Next > to process and create the Configuration Item.


You have now created the Compliance Item. Time to create the Compliance Baseline and deploy it to a Collection(s).



Now go back to Assets and Compliance and select Configuration Baselines. From here right click in the clear space and select Create Configuration Baseline.


Fill in the Compliance Baseline Name and Description details as you see fit.

In the Configuration Data field, select Add and then Configuration Item.


Search for the the created Compliance Item and select OK.


You should now see the Configuration Item now displaying in the Configuration Baseline data section. With any other tasks specific to clean-up/maintenance, I would include them as well into this Baseline. Once completed, select OK.


You should now see your recently created Compliance Baseline. Now it is time to deploy.


Right click on the Baseline and select Deploy.


By default, the Baseline should already be selected. Tick ‘Remediate noncompliant rules when supported’ and ‘Allow remediation outside the maintenance window’.

If you are taking advantage of SCOM (System Center Operations Manager) you can generate alerts depending on the compliance rate. We will leave this disabled.

In the Collections section, select the Collection you would like to deploy this baseline to. In our case, I will deploying it to our Test Deployment Group.

Now set a schedule as to when you would like this performed and hit OK.


You should now see the baseline marked as deployed.


Now lets browse to a server associated with that Collection and check to see if it has been deployed successfully.

Browse to a server that the Baseline has been deployed to and open the Configuration Manager Properties. Generally it would take several minutes to deploy or pick up (depending on the type of collections available) but you can accelerate the process by going into Actions and selecting Machine Policy & Evaluation Cycle.

Once it has been selected, wait about a minute, close and reopen the Configuration Manager Properties.


This time in Configuration Manager Properties, select Configurations and in here, you should now see the Baseline we created earlier. You should see the Last Evaluation status as N/A and Compliance State as Unknown…


On the server, bring up the Windows Temp directory and lay it side-by-side the Configuration Manager Properties window. Now select Evaluate.

Windows Temp Directory with Data


After a few seconds, you should see the data disappear within the Widows Temp directory.



Back in the Configuration Manager Properties window, you should see the following status.


You have no successfully completed/automate the task of clearing Windows Temp directory!

My Introduction to Microsoft’s System Center Suite – Configuration Manager.

Over the past year or so, I have been working with Microsoft’s System Center Configuration Manager. The role I have with our company (along with support, project work and other IT related tasks) is to perform Routine Infrastructure Tasks on a weekly basis. Prior to using and leveraging off Configuration Manager, I would have to go through each server (client & internal) and perform mundane, boring, manual tasks. Tasks such as clearing the temp directories, clearing the downloads directory under the Software Distribution folder, performing a backup of the System Info on each server. This is feasible if you’re working with a handful of servers; I was looking at close to 60-70 servers which would take up my entire day. This all changed when introduced to Microsoft’s System Center, Configuration Manager. The following posts will be on how I have used Configuration Manager to my advantage to allow me to automate, monitor and report on the mundane, boring and manual tasks. I will also describe how we’ve used Configuration Manager to patch and update our internal/client servers.

Office 365 – The Way Forward

As companies of all shapes and sizes begin to understand and accept that the way forward is operating from the so-called ‘cloud’, having your data stored on a server in your office (in a cupboard hidden away) is definitely legacy, old practice, and limiting. You could say this was so 2000’s era!

Now with a lot of major companies out there offering their form of ‘cloud’ services, Amazon, Google and Dropbox just to name a few, we look at one in particular, Microsoft’s Office 365 suite.

Office 365 in a nutshell offer a range of services and plans – Storage (OneDrive/SharePoint), Mail (Exchange), Conferencing (Lync), Security (Exchange Online Protection).

Microsoft offer Home and Small Business options which target the 1-10 employees. Yes, even though some of you out there may be at the 1-10 employee stage at the moment, in terms of allowing for growth and expansion, I would avoid these plans because, when the time comes and you do expand, migrating to bigger plans (i.e. Enterprise) is time consuming and not easy (i.e. manual export/import anyone?).

The Enterprise Plans – The Enterprise plans are definitely my recommendation when looking to utilise the Office 365 services. For example, if you are a company that needs to hold onto all emails for legal reasons, Information Rights Management and Legal Hold is available within the Enterprise plans. Also, each E plan comes with an unlimited mailbox size.