Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit (MDT) & Windows Deployment Services (WDS) – “Lite Touch”


Hello again, in this blog I’m going to walk you through a Windows 10 deployment using Microsoft Deployment Toolkit (MDT) referencing this TechNet Link, I used the below in my lab :-

  1. DC1: Server running Windows Server 2016 acting as a domain controller and a DHCP server.
  2. SCCM1: this is actually my SCCM server, running Windows Server 2016, I also installed the WDS role, Windows Assessment & Deployment Toolkit & MDT of course v8450 , (SCCM will not be part of this blog)
  3. Hyper-V is used as the virtualization platform in this lab.

To follow the same steps of the article, please note that this blog will be divided into sections as follows :-

  1. Install MDT.
  2. Create a deployment share and reference image.
  3. Deploy a Windows 10 image using MDT.

Refreshing and Replacing Windows 10 will be covered in other blogs.

So, let’s start.

1.Install MDT

Installing MDT is a straight forward process, I followed the wizard till the end like below after downloading it from here

2018-01-30 08_09_10-Microsoft Deployment Toolkit (6.3.8450.1000) Setup2018-01-30 08_09_11-Microsoft Deployment Toolkit (6.3.8450.1000) Setup2018-02-02 08_46_12-Microsoft Deployment Toolkit (6.3.8450.1000) License Agreement2018-01-30 08_11_07-Microsoft Deployment Toolkit (6.3.8450.1000) Setup2018-02-02 08_47_21-Microsoft Deployment Toolkit (6.3.8450.1000) Setup

2.Create a deployment share and reference image

First we need to mount the Windows 10 Enterprise DVD into the server, which I did like below, I mounted the .iso file into the VM from the VM settings.

Below screenshot is showing it is Windows 10 pro, I replaced it with Enterprise but you got the idea ūüôā

2018-02-02 08_55_38-This PC

From the Start Menu, type “Deployment Workbench”, click it so that the management console opens

2018-02-02 08_58_05-2018-02-02 08_59_31-DeploymentWorkbench - [Deployment Workbench]

From “Deployment Shares” section we will create our first shared place for our reference image, so, click on “New Deployment Share”

2018-02-02 09_00_13-DeploymentWorkbench - [Deployment Workbench_Deployment Shares]

We will follow the wizard exactly as the TechNet article guides us, we will define the deployment share path, name, description and the deployment wizard behavior, after that we will be able to see the new deployment share folder in the deployment workbench as below

2018-02-02 09_01_29-New Deployment Share Wizard2018-02-02 09_01_51-New Deployment Share Wizard2018-02-02 09_02_08-New Deployment Share Wizard2018-02-02 09_02_22-New Deployment Share Wizard2018-02-02 09_02_48-New Deployment Share Wizard2018-02-02 09_02_57-New Deployment Share Wizard2018-02-02 09_03_14-New Deployment Share Wizard2018-02-02 09_03_33-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT build lab (C__

Now we are going to add the operating system from the “Operating Systems” subfolder, we will call it “Windows 10” as below: –

2018-02-02 09_04_39-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT build lab (C__2018-02-02 09_05_11-New Folder2018-02-02 09_05_19-New Folder

Now let’s import the OS, click on “import Operating System” and follow the wizard, we are going to use the DVD we mounted before as our source, continue till the OS appears under the operating systems folder (the wizard will copy the necessary files to the deployment share we created earlier)

2018-02-02 09_05_39-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT build lab (C__2018-02-02 09_07_00-Import Operating System Wizard2018-02-02 09_26_19-Import Operating System Wizard2018-02-02 09_27_01-Import Operating System Wizard2018-02-02 09_27_08-Import Operating System Wizard2018-02-02 09_27_29-Import Operating System Wizard2018-02-02 09_29_29-Import Operating System Wizard2018-02-02 09_29_47-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT build lab (C__

Now is the part of the task sequence we are going to associate with the OS, we will click “New Task Sequence” and define the following: –

  • Task Sequence ID, name and comments.
  • The starting point template.
  • The OS we want to associate the task sequence with.
  • The product key.
  • OS settings like organization name and IE homepage.
  • Admin Password.

Below are all the variables for the reference image task sequence, after finishing the wizard the task sequence will appear under the task sequence folder

2018-02-02 09_30_28-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT build lab (C__2018-02-02 09_31_25-New Task Sequence Wizard2018-02-02 09_31_47-New Task Sequence Wizard2018-02-02 09_32_06-New Task Sequence Wizard2018-02-02 09_32_17-New Task Sequence Wizard2018-02-02 09_33_02-New Task Sequence Wizard2018-02-02 09_33_21-New Task Sequence Wizard2018-02-02 09_33_37-New Task Sequence Wizard2018-02-02 09_33_45-New Task Sequence Wizard2018-02-02 09_34_03-

Now double click on the task sequence we just created, click on “Tattoo”, from the “add” tab, click on “new group”

2018-02-02 09_35_48-Windows 10 Enterprise x64 Default Image Properties

We will add additional step, what is it? we will add .NET Framework 3.5 to the image since many apps require it, this is an example of how to you can alter the task sequence and add the roles and features you like

So, after adding the group give it a name like (Custom Tasks (Pre-Windows Update)), click somewhere else for the name to appear

2018-02-02 09_36_40-Windows 10 Enterprise x64 Default Image Properties2018-02-02 09_37_20-Windows 10 Enterprise x64 Default Image Properties

Now add .NET Framework 3.5 like below

2018-02-02 09_38_21-Windows 10 Enterprise x64 Default Image Properties2018-02-02 09_39_34-Windows 10 Enterprise x64 Default Image Properties

Press apply when done, by default you will see that Windows Update is disabled, we can uncheck the below checkbox to allow the updates, press ok when done

2018-02-02 09_40_28-Windows 10 Enterprise x64 Default Image Properties.jpg

We will visit the properties now for our deployment share to add the rules the image will follow, please copy the below rules and paste them as below


TimeZoneName=Pacific Standard Time

Important: please alter the variables the way you see fit your organization and lab

This is where I paste the rules

2018-02-02 09_42_59-MDT build lab (C__MDTBuildLab) Properties.jpg

And for the Bootstrap.ini, you will paste the following (Please alter the account who has the right to access the deployment share and grab our image)



This is my rules for the Bootstrap.ini

2018-02-02 09_48_23-Bootstrap - Notepad.jpg

OK! great!, press ok when done on all wizards to exit editing the rules, let’s now update our deployment share to tell it that we have finished editing the reference image for it to generate the .iso file for us, so, from the main folder we will click on “Update Deployment Share” and follow the wizard.

2018-02-02 09_49_12-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT build lab (C__2018-02-02 09_50_11-Update Deployment Share Wizard2018-02-02 09_50_24-Update Deployment Share Wizard2018-02-02 09_50_41-Update Deployment Share Wizard2018-02-02 09_58_47-Update Deployment Share Wizard

OK now let’s use the image below to create and capture our VM (LiteTouchPE_x86.iso)

2018-02-02 10_00_08-Boot.jpg

Copy c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso on SRV1 (or your MDT server) to the c:\VHD directory on the Hyper-V host computer.

Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).

Now on the Hyper-V host itself, you can run the below script to create a new VM from our .iso file and connect to it like below

New-VM REFW10X64-001 -SwitchName poc-internal -NewVHDPath “c:\VHD\REFW10X64-001.vhdx” -NewVHDSizeBytes 60GB
Set-VMMemory REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
Set-VMDvdDrive REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
Start-VM REFW10X64-001
vmconnect localhost REFW10X64-001

Please make sure you alter the -SwitchName parameter to fit your environment (this should be the Switch connected to the MDT Server) and alter other specs. as well if you need, for me, I ran the script like below and got my VM created and turned off, what this setup will actually do is : –

  • Install the Windows 10 Enterprise operating system.
  • Install added applications, roles, and features.
  • Update the operating system using Windows Update (or WSUS if optionally specified).
  • Stage Windows PE on the local disk.
  • Run System Preparation (Sysprep) and reboot into Windows PE.
  • Capture the installation to a Windows Imaging (WIM) file.
  • Turn off the virtual machine

2018-02-02 22_14_24-2018-02-02 22_14_58-REFW10X64-001 on localhost - Virtual Machine Connection2018-02-02 22_15_32-REFW10X64-001 on localhost - Virtual Machine Connection2018-02-02 22_16_21-REFW10X64-001 on localhost - Virtual Machine Connection2018-02-02 22_16_41-REFW10X64-001 on localhost - Virtual Machine Connection2018-02-02 22_23_08-REFW10X64-001 on localhost - Virtual Machine Connection2018-02-02 22_52_05-REFW10X64-001 on TOUNY-PC - Virtual Machine Connection2018-02-02 22_52_38-Settings

OK when I revisited my MDT server I found out that the previous procedure has captured the image to the directory below

2018-02-02 11_01_55-Captures.jpg

3.Deploy a Windows 10 image using MDT

We will use the .wim file captured in the previous step for our production imaging deployment, So, again we will create a new deployment share like the one we did before with the following variables

2018-02-02 11_12_41-New Deployment Share Wizard2018-02-02 11_12_58-New Deployment Share Wizard2018-02-02 11_13_12-New Deployment Share Wizard2018-02-02 11_13_25-New Deployment Share Wizard2018-02-02 11_13_37-New Deployment Share Wizard2018-02-02 11_13_51-New Deployment Share Wizard2018-02-02 11_13_55-New Deployment Share Wizard

Then we will create a folder under the “Operating Systems” to import the OS to it based on our captured image this time like below, through the wizard, we will point to the directory of Windows 10 source folder which was copied before to the MDTBuildLab deployment share, please follow the steps below : –

2018-02-02 11_17_02-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT Production (C_2018-02-02 11_17_30-New Folder2018-02-02 11_17_35-New Folder2018-02-02 11_17_41-New Folder2018-02-02 11_17_50-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT Production (C_2018-02-02 11_18_46-Import Operating System Wizard2018-02-02 11_19_48-Open.jpg2018-02-02 11_20_14-Import Operating System Wizard2018-02-02 11_20_48-Import Operating System Wizard2018-02-02 11_21_17-Browse For Folder2018-02-02 11_21_24-Import Operating System Wizard2018-02-02 11_21_50-Import Operating System Wizard2018-02-02 11_21_55-Import Operating System Wizard2018-02-02 11_22_03-Import Operating System Wizard2018-02-02 11_26_38-Import Operating System Wizard

I gave my image a friendly name by changing it to “Windows 10 Enterprise x64 Custom Image”, just double click on the newly created image and change the first field then press OK!

2018-02-02 11_27_25-2018-02-02 11_28_00-REFW10X64-001DDrive in REFW10X64-001 REFW10X64-001.wim Properties

Also like before, we will create the below task sequence for our new custom image like below: –

2018-02-02 11_28_38-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT Production (C_2018-02-02 11_29_53-New Task Sequence Wizard2018-02-02 11_30_06-New Task Sequence Wizard2018-02-02 11_30_21-New Task Sequence Wizard2018-02-02 11_30_33-New Task Sequence Wizard2018-02-02 11_31_01-New Task Sequence Wizard2018-02-02 11_31_33-New Task Sequence Wizard2018-02-02 11_31_40-New Task Sequence Wizard2018-02-02 11_31_51-New Task Sequence Wizard2018-02-02 11_31_58-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT Production (C_

Also like before, we will edit the CustomSettings.ini & Bootstrap.ini files in the MDT Production deployment Rules tab, to follow the article we need to copy those files from the templates directory in MDT by running the below script: –

copy-item “C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini” C:\MDTProd\Control\Bootstrap.ini -Force
copy-item “C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini” C:\MDTProd\Control\CustomSettings.ini -Force

2018-02-02 11_35_05-Administrator_ Windows PowerShell ISE.jpg

This we will edit the Rules by running the below script, don’t forget to alter the rules to fit your environment


TimeZoneName=Pacific Standard Time
ScanStateArgs=/ue:*\* /ui:CONTOSO\*

Notice how we are going to join our new machine to the domain, notice also that you need to specify the domain admin password in this step and other information, make sure you edit this accurately to save you from troubleshooting errors afterwards

2018-02-02 11_40_13-MDT Production (C__MDTProd) Properties.jpg

I edited the Bootstrap.ini like I did before, by the way, I edited this section wrongly and it caused me a big headache to troubleshoot and figure out why PXE is not able to connect to my MDT server, I then discovered I typed CMAdmiin instead of CMAdmin ūüôā please be careful and accurate

2018-02-02 09_48_23-Bootstrap - Notepad.jpg

Press OK on all wizards to exit rules editing.

The only step remaining is …. yes you guessed it, let’s update the deployment share as we need it to give us our new custom boot image

2018-02-02 11_41_29-DeploymentWorkbench - [Deployment Workbench_Deployment Shares_MDT Production (C_2018-02-02 11_42_01-Update Deployment Share Wizard2018-02-02 11_42_08-Update Deployment Share Wizard2018-02-02 11_42_23-Update Deployment Share Wizard2018-02-02 11_42_34-Update Deployment Share Wizard2018-02-02 11_50_53-Update Deployment Share Wizard

Now let’s start our WDS server services by running the below script

WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:”C:\RemoteInstall”
WDSUTIL /Set-Server /AnswerClients:All

2018-02-02 11_52_06-Administrator_ Windows PowerShell ISE2018-02-02 11_53_21-Administrator_ Windows PowerShell ISE2018-02-02 11_53_50-Administrator_ Windows PowerShell ISE

We will open the Windows Deployment Services and add our custom boot image to the boot images folder for deployment

2018-02-02 11_54_25-2018-02-02 11_55_35-Windows Deployment Services2018-02-02 11_56_09-Add Image Wizard2018-02-02 11_56_24-Select Windows Image File.jpg2018-02-02 11_56_42-Add Image Wizard2018-02-02 11_56_54-Add Image Wizard2018-02-02 11_56_58-Add Image Wizard2018-02-02 11_57_04-Add Image Wizard2018-02-02 11_57_36-Add Image Wizard2018-02-02 11_57_43-Windows Deployment Services

I have an external network adapter which I also disabled before the deployment

2018-02-02 11_58_52-Network Connections.jpg

The cool thing is that we can monitor the deployment process from the deployment workbench by turning on the monitoring for the deployment share like below

2018-02-02 12_00_40-2018-02-02 12_01_21-MDT Production (C__MDTProd) Properties

We can make sure that monitoring service is functional by visiting this link http://localhost:9800/MDTMonitorEvent/

2018-02-02 12_02_18-MonitorEventService Service.jpg

We can also quickly configure our DHCP scope options, below are the options I created, make sure you configured your DHCP correctly, and in case your WDS server is the same as DHCP, make sure you check both checkboxes under the WDS server properties–>DHCP tab

2018-02-03 02_37_00-DC1 on TOUNY-PC - Virtual Machine Connection.jpg

OK, in my Hyper-V host, I ran the below script to create a new generation 1 VM with the specs mentioned in the script, again, make sure you accurately alter the parameters to fit your environment

New-VM ‚ÄďName “PC2” ‚ÄďNewVHDPath “c:\vhd\pc2.vhdx” -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 1
Set-VMMemory -VMName “PC2” -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20

I then connected to the VM, pressed F12 multiple times till I was able to connect to the WDS server and download the boot image, the OS installation was successful, I logged in as the domain admin as a proof that the machine was successfully joined to the domain, I checked also the system information and the TCP/IP configurations and all seemed fine.

2018-02-03 00_04_35-Administrator_ Windows PowerShell ISE2018-02-03 00_19_02-Administrator_ Windows PowerShell ISE2018-02-03 00_19_17-Hyper-V Manager2018-02-03 01_38_35-PC2 on TOUNY-PC - Virtual Machine Connection2018-02-03 01_39_48-2018-02-03 01_41_23-PC2 on TOUNY-PC - Virtual Machine Connection2018-02-03 01_50_53-PC2 on TOUNY-PC - Virtual Machine Connection2018-02-03 02_08_09-PC2 on TOUNY-PC - Virtual Machine Connection2018-02-03 02_08_31-PC2 on TOUNY-PC - Virtual Machine Connection2018-02-03 02_08_59-PC2 on TOUNY-PC - Virtual Machine Connection2018-02-03 02_34_47-PC2 on TOUNY-PC - Virtual Machine Connection.jpg2018-02-03 02_35_50-PC2 on TOUNY-PC - Virtual Machine Connection

Notice how we can monitor the process in the monitoring section in the deployment workbench under the our deployment share, we also have the options to make a remote desktop or a VM connection

2018-02-03 02_33_13-SCCM1 on TOUNY-PC - Virtual Machine Connection

2018-02-03 02_33_44-SCCM1 on TOUNY-PC - Virtual Machine Connection.jpg

OK! great! now we have a Windows 10 PC up and running, the options really are limitless when it comes to editing the rules of the image, we can add roles, features and many other custom tasks to the task sequence.

I took a snapshot of my Windows 10 VM as a preparation for the next lab as we’re going to try the refreshment and replacement of the OS.

We will also continue to see how the OSD process are made from the SCCM perspective.

Thanks for reading, see you in another blog.


Deploying SCCM CB 1702 (Including Upgrading to 1710)


Hello again, in this blog we are going to install SCCM 1702 and upgrade it to version 1710 then applying a hotfix rollup, this is a starter blog which I’m going to write a series of blogs afterwards on how to deploy windows 10 with both MDT & SCCM using the Lite-Touch & Zero-Touch deployment methods.

I will also follow this Link¬†but the difference is that I’m going to use Windows Server 2016 & SQL Server 2014 SP1 since they are supported, I also made sure I installed all the Windows Server & SQL prerequisites¬†in addition to SQL default instance, I strongly recommend you visit the below 2 sites prior to the installation to install all the requirements: –

  1. Site and site system prerequisites for System Center Configuration Manager
  2. Set up your System Center Configuration Manager lab

After installing all the requirements let’s install SCCM, from the source DVD double click on the Splash app to initiate and then click on install to begin

2018-01-26 12_10_39-System Center Configuration Manager

Press next to proceed, it is a good idea to read the notes in the (Before You Begin) section

2018-01-26 12_10_47-System Center Configuration Manager Setup Wizard.jpg

Since this is a lab environment, I will tick the checkbox to make it a typical installation as below, press next afterwards to proceed

2018-01-26 12_10_55-System Center Configuration Manager Setup Wizard.jpg

If you have the product license you can type it or you can choose to proceed with an evaluation version

2018-01-26 12_11_17-System Center Configuration Manager Setup Wizard.jpg

Accept the license terms as below

2018-01-26 12_11_38-System Center Configuration Manager Setup Wizard.jpg

I happened to download the files before, in your case you can select the first option to start downloading the files, create a folder as below to store all the downloads, press next to proceed

2018-01-26 12_11_54-System Center Configuration Manager Setup Wizard.jpg

Let SCCM verify the files

2018-01-26 12_12_02-Configuration Manager Setup Downloader.jpg

Give your site a code and a name, also choose the installation directory

2018-01-26 12_12_37-System Center Configuration Manager Setup Wizard.jpg

This is an exciting new section, you can choose to stay connected to Microsoft cloud services to gain the latest updates and patches for SCCM, this is a cool feature which we will use to patch SCCM in later steps and to upgrade to later version, so, I ticked the checkbox as below

2018-01-26 12_12_47-System Center Configuration Manager Setup Wizard.jpg

Finally, you will have a summary of all your choices before you begin the installation

2018-01-26 12_12_54-System Center Configuration Manager Setup Wizard.jpg

Let the prerequisite checker check if everything is ok before you press “Begin Install”, in my case as it is a lab I got warnings about memory, nothing is missing, so, I pressed “Begin Install”

2018-01-26 12_13_33-System Center Configuration Manager Setup Wizard.jpg

Voila! that’s it! SCCM 1702 is now installed, if you need to check the version you can click on the arrow in the upper left section and click “About Configuration Manager”

2018-01-27 04_41_25-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

2018-01-27 04_41_45-About System Center Configuration Manager.jpg

OK, to follow the rest of the guide, we will make sure to enable the AD forest discovery and let it create the boundaries automatically for us like below, from Administration>Discovery Methods, click on the Active Directory Forest Discovery then click on Properties

2018-01-27 04_41_57-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

Make sure you tick both checkboxes below to enable the discovery and to create the boundary automatically for the site, press OK

2018-01-27 04_42_09-Active Directory Forest Discovery Properties.jpg

You will get a message asking you if you want to initiate a discovery as soon as possible, press yes!

2018-01-27 04_42_22-Configuration Manager.jpg

In the same section we can also choose to “Run Forest Discovery Now” like below

2018-01-27 04_42_48-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

From Administration>Hierarchy Configuration, click on the Active Directory Forests to make sure our forest is successfully discovered

2018-01-27 04_43_12-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

It is!

2018-01-27 04_43_26-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

Upgrade to SCCM 1710

From Administration>Updates & Servicing, we can see the latest SCCM updates and patches, from here, we can choose to Download Configuration Manager 1710 version like below

2018-01-27 04_44_16-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

We will get the below message saying that updates are currently being synced, we can view what’s going on by firing up the famous CMTrace tool and open the Dmpdownloader.log file, so let’s go, below in the default directory of the CMTrace, I pinned it to my task bar and opened the dmpdownloader.log file from within like below

Logs directory by default is C:\Program Files\Microsoft Configuration Manager\Logs

2018-01-27 04_45_19-tools.jpg

2018-01-27 04_45_55-Configuration Manager Trace Log Tool.jpg

2018-01-27 04_46_45-Open.jpg

Now we can see clearly what’s going on behind the scene

2018-01-27 04_47_00-Configuration Manager Trace Log Tool - [C__Program Files_Microsoft Configuration.jpg

From Monitoring>Updates and Servicing Status, We can see also that our files are being downloaded, if we press on “Show Status”, we can see the process in details

2018-01-27 04_47_30-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

2018-01-27 04_47_50-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

2018-01-27 04_47_58-Update Pack Installation Status.jpg

After completing the download, the package is ready to install, we can now press “Install Update Pack” and follow the wizard

2018-01-27 06_28_01-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

2018-01-27 06_28_38-Configuration Manager Updates Wizard.jpg

I selected all the features so that I can try them in later stages, select the features you want then press next, not selected features can be turned on later from the “Features” section

2018-01-27 06_29_52-Configuration Manager Updates Wizard.jpg

I chose to continue without validation

2018-01-27 06_30_03-Configuration Manager Updates Wizard.jpg

Accept the license terms

2018-01-27 06_30_12-Configuration Manager Updates Wizard.jpg

At the end you will find a summary of all your choices, press next

2018-01-27 06_30_21-Configuration Manager Updates Wizard.jpg

When successful, a message will appear confirming that, by the way this is not a confirmation that installation is done rather the completion of the current wizard!

2018-01-27 06_30_41-Configuration Manager Updates Wizard.jpg

As we’ve done previously we can go to the Monitoring section and show the status of the current installation process

2018-01-27 07_05_22-Update Pack Installation Status.jpg

Voila! SCCM is upgraded to 1710 version, you can make sure by navigation to the “About Configuration Manager” as we did at the beginning of the blog to see that the system is upgraded successfully

2018-01-27 08_20_59-About System Center Configuration Manager.jpg

Install SCCM 1710 Hotfix Rollup (KB4057517)

Again, nothing new, you will find all the new patches in the same “Updates and Servicing” area, you will follow the same steps to install the rollup

2018-01-27 08_30_35-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg

2018-01-27 08_30_51-Configuration Manager Updates Wizard.jpg

2018-01-27 08_30_59-Configuration Manager Updates Wizard.jpg2018-01-27 08_31_07-Configuration Manager Updates Wizard.jpg

2018-01-27 08_31_15-Configuration Manager Updates Wizard.jpg

2018-01-27 08_31_30-Configuration Manager Updates Wizard.jpg

In the Monitoring area, Show the status of the Rollup installation

2018-01-27 08_31_53-System Center Configuration Manager (Connected to LAB - Contoso HQ).jpg


2018-01-27 08_32_08-Update Pack Installation Status.jpg

Voila! the Rollup is also installed

2018-01-27 08_57_50-Update Pack Installation Status.jpg

The final step will be to upgrade the console as well, by the way, when upgrading to 1710 version and applying the rollup afterwards you well be asked in both times to close the console for the system to finish the update process, just press ok and follow the wizards and reopen the console after you finish

2018-01-27 08_59_44-Configuration Manager Console Setup.jpg

2018-01-27 09_02_23-Configuration Manager Console Setup.jpg

That’s it! SCCM CB 1702 is installed, upgraded to 1710 and patched, remember this is our first step towards beginning the process of using the system to deploy Windows 10, this is our first step in the journey.

See you in the other blogs, thanks for reading.

Getting The “A discovery data item was rejected because the item is already bound to another Membership relationship” Error with SCSM!


Hello again,

Today when I tried to submit a Service Request through the SCSM portal I got the below error: –

2016-07-24 21_46_04-A discovery data item was rejected because the item is already bound to another

A discovery data item was rejected because the item is already bound to another Membership relationship

Now what is this ?! I decided to copy the error message and start searching, well, If you are lucky like me you will get to Travis blog here explaining what the error is and how to resolve it, I will explain the error a little more.

The bottom line is: you have two templates (or more) having the same file attachment or action log!, in my case I changed the Assigned-to field in more than one template like below and that what led to creating the SAME LOG ENTRY in all the templates I made the change in: –

2016-07-24 21_28_32-SCSM2012 on TAREK-ALTOUNY - Virtual Machine Connection

So, the next time you submit different service requests based on the different templates you made the change(s) in, the same log entry will be attached in every request which can’t happen as this will not make each request unique, so, your request submission will fail!


OK! this is mentioned in Travis blog as well you can either: –

  1. Use SMLets to remove the action log in each template (If you are experienced with that).

  2. Remove and recreate the template(s) from scratch, OK this was so hard for me (and maybe for you as well) as I already created many templates.

  3. If it is just a billable hours or file attachments you can simply remove them and save the templates (not my case).

  4. Export the MP containing the templates and manually remove the action log for each template under the templates section (and this is what I did as below).

2016-07-24 21_42_58-C__Users_Tarek.Altouny_Desktop_My MP_ManagementPack.f59936357bd54bdabafa9b8ddf52

After importing the MP again, I opened my templates and noticed that the action log is empty this time, submitting request was successful afterwards.

Note: Please make sure to backup (export) any MP first before editing it.

I hope this was helpful to you.

Thanks for reading.

Create Multiple SLOs For Multiple Countries in Service Manager


Please note that I will not dive in details to show how to create queues, calendars and SLOs rather than discussing the idea, I assume you already has the knowledge of creating SLOs inside SCSM and you can always refer to the following link: –

Configuring Service Level Management in System Center 2012 – Service Manager

Hello again, the topic of creating SLOs inside Service Manager is vital and you can read about it here, in brief SLO or Service Level Objective is a way of making sure that different tickets inside the system will be solved and completed within a defined time to ensure the satisfaction of the end users and to encourage the analysts and the resolvers to work on the requests in a timely fashion.

The question here is: what If Service Manager is dealing with end users who belong to different countries, as we know the working days and holidays vary from one another, How can SCSM deal with SLOs in this case ?.


First we need to create different calendars for each country and define the working hours and holidays in each, eventually you will have multiple calendars inside the system as below:-


Second we can leave the metrics as they are, by default in SCSM you have two metrics one for Incidents Resolution and the other is for Service Request Completion as below (unless you want more metrics for measuring the response time and other milestones): –


The most important part here is the queues.

We need to create queues for each country, for example, in a one country scenario, If I need to create queues for Mail Problems, it will be done once, here we will create this queue for each country, the criteria will be the Incident / Service Request Category / Area and the Affected User’s Country

Please note that a functioning AD connector must be created and the attribute of country must be updated in all the AD users

Country Q - Start

In work item type please (whether you are going to create a queue for incident or service request) choose the incident (advanced) or service request (advanced) from the list of combination classes 

The “advanced” work item type will give you the ability to expand the class to be able to add more criteria, the criteria we need here will be the Affected User’s country as we discussed.

Incident Advanced


Repeat the previous steps for all the countries, create queues for each incident category or service request area you want to use for SLOs and don’t forget to add the criteria of the country (If you have let’s say 8 countries this means that a created queue will be created 8 times).

Finally create the SLO for the country putting the calendar, the metrics and the queues all together.


Another Possible Scenario

You may face another scenario when you want the end users to choose the country!, you will do the following:-

1- Extend the incident/service request classes and make a custom country lists, you can use this document to know how to do it.

2- Fill the custom list with countries (From Library –> Lists –> <Countries_List_Name>)

3- When creating queues as we discussed, the additional criteria this time besides the category / area will be the country in the custom list in step 2.

4- Finally when making an offering through the portal you will make the end user choose the list from the request form or If you open the ticket from the console you will choose the end user’s country from the list of countries extension.


I hope this was informative for you.

Thanks for reading.

Getting The “Your Machine isn’t Setup For IRM” Message


Hello again .. In a scenario when you integrate your on-prime. Exchange Server with Azure RMS, you followed each step mentioned here¬†and now you are ready to send a protected mail using one of your templates you made in Azure like below: –


You may encounter the following error when pressing “Permission”

Your machine isn’t setup for Information Rights Management (IRM).To set up IRM, Sign in to Office, open an existing protected message or document, or contact your help desk.

And this is how it pops up: –




In order to send protected mails through outlook you have to do two things: –

1- Download and install Microsoft Rights Management sharing application, Note also that this scenario is applicable for Office 2010 as Office 2013 and 2016 natively support Azure RMS but Microsoft recommends installing the sharing app on these PCs for the users to get benefits of the add-in.

Besides the ability to send protected mails this app provides,¬†Microsoft Rights Management sharing application for Windows provides the following features: –

  • Enhances File Explorer (also known as Windows Explorer in Windows 7 and earlier versions) to allow you to RMS-protect and share a single file, or bulk protect multiple files as well as all files within a selected folder.
  • Adds support for protection of any type of file.
  • A built-in viewer for commonly used text and image file types.
  • Adds new buttons to the Microsoft Office toolbar for Word, PowerPoint, and Excel, allowing you to share RMS-protected files from within Office.

2- Sign in to Office using an account that has Azure RMS license (i.e. EMS License), For an example, you can sign in to the word or Excel applications using your cloud account (having the OnMicrosoft UPN) or If your organization has setup ADFS the experience will be seamless and nothing more needs to be done here specially If your organization is using the email domain too as a federated one which is the typical case.

For more information please visit:  Configuring Applications for Azure Rights Management

After applying the above steps you should see the Azure RMS templates successfully and use them to protect the mail as below: –

Screenshot (38)

I hope this was helpful to you and I’d like to thank you for reading.

Getting The “User Realm Discovery Failed” Error With Microsoft Azure AD Connect Tool


Hello again! today when I tried to sync on premises Active Directory users with Azure AD using the Azure AD Connect tool I faced the following error:-

An error occurred executing Configure AAD Sync task: user_realm_discovery_failed: User Realm Discovery Failed

AD Connect Error

OK .. first open the setup log file to see If it has more useful info. about the error, in my case I couldn’t find any meaningful info. about the error so I sensed it was a connectivity issue so I jumped right away to the following link:-

Troubleshoot connectivity issues with Azure AD Connect



In my case the network was using proxy to reach the internet, the server was already using the proxy settings without any problems and reaching the internet! but I found out that I need to add a couple of lines to a machine.config file located here (screenshot below):-

Screenshot (36)

The lines will look like the following screenshot, make sure to paste the following lines before the last line which has the </configuration> brackets

        <defaultProxy enabled="true" useDefaultCredentials="true">

here is how the lines will look eventually in the machine.config file, replace <PROXYADDRESS:>:<PROXYPORT> with your own environment values:-


When pressing retry on the installation wizard it showed a success message and it synced the users successfully this time.

I hope this was helpful to you.

Thanks for reading

SCSM – Line Manager Should Review is Blank! (Thoughts).


In SCSM 2012 R2 (UR7 installed), when you try to open a Service Request on behalf of the user from the console and that SR is supposed to be reviewed by the user’s manager you will notice that the reviewer is blank like the following :-

Screenshot (28)

OK Let’s go to the SR to see the affected user put manually :-

Screenshot (29)

OK, the affected user is different than the created by user as I created this SR as the SCSM Admin, but I’m sure I updated the user’s manager properly in AD let’s go and check, we go to the CI section –> users, then search for the user name in the CMDB and see If our AD connector grabbed the user manager name attribute or not :-

Screenshot (33)Screenshot (34)

OK!, the manager is there, so what’s wrong ? let’s try to make a new SR for the same user but this time we will make it created by the user himself!, how ? you can add the user in the “Service Requests Analysts” security role to give him the privilege to do so, now let’s try again :-

Screenshot (30)

This time the manager name appeared! now let’s check the SR :-

Screenshot (31)

This time the created by user = the affected user

Conclusions & Thoughts

“The Line Manager Should Review” will work If the created by user = the affected user, this means that If you are creating a SR on behalf of a user in the SCSM console you should be aware of the types of SRs that need the user’s manager approval and the name of the user’s manager (from CMDB) then you put the manager name manually in the Review Activity without checking the box! or else, you will be having two reviewers, one blank and the manually added reviewer.

This means also that the checkbox is designed to work with the portal too.

Appreciate your thoughts and comments..

Thanks for reading, I hope that was helpful.

Many thanks to my colleague Mina Wagdy

Later ..