Config Manager Powershell 2012 R2 CU2


Hello,

 

Recently tried to perform a fairly simple action in config manager : create a new DP and modify the required parameters. Since this would be done during SCCM Server OSD we decided to go for an orchestrator runbook using powershell. Sounds good.

 

However … we had some issues.

 

First if you attempt to run the config manager cmdlets on a machine where the console is installed you’ll notice that the new-cmsiteserversystem crashes the powershell, other commands work fine ( remote )

 

Hey no problem … you can use remote powershell to connect to the pss and run the script from there.

 

Issue 1 : enter-pssession refuses to find the psd1 file

 

The script refuses to load the required psd1 if we use a enter-session. We had to use a scriptblock for the execution.

 

Issue 2 : The script will not enter the required cm site. Drive not found exception.

 


 

Solution :

 

Import the required digital cert or run the cm powershell once from the pss with the correct user.

 


 


 

Issue 3 : We sometimes recieve a warning : The self signed certificate could not be created succesfully.

 


 

This happens during the addition of the DP role. The reason is that a specific temporary folder under the user profile does not exist so the solution is to log on to the PSS with the required user and perform the same action once in order to make sure the required folder exists.

 

Issue 4 : From time to time we randomly recieve an access denied error . ( without credssp )

 

When this happens we see the following in the powershell event viewer on the PSS.

 


 

 

Solution : Use the credssp parameter in order to allow double hopping. See http://blogs.technet.com/b/heyscriptingguy/archive/2012/11/14/enable-powershell-quot-second-hop-quot-functionality-with-credssp.aspx for additional info. However as soon as we added this parameter we arrive at issue 5.

 

Issue 5 : powershell crashes while using new-cmsiteserversystem with credssp

 

So if we add the credssp parameter then we see that the remote session is in a broken state because the powershell.exe crashes when we use new-cmsiteserversystem for a non-existing site server.

 


 

 

If you run the cmdlet on an existing object you’ll notice that you recieve an “object allready exists” but the powershell.exe does not crash.

 


 


 

Bottom line : if you connect to the pss , open the cm console and run a config manager powershell prompt and execute a new-cmsiteserversystem the powershell.exe will also crash. Locally on the server.

 

 


 

 

 

We noticed that this issue is proper to the installation of CU2 before we did not experience this behavior.

 

A bug has been filed using microsoft connect for this issue. Will keep you posted.

 

This is the script we were using :

 

$Error.clear()
$ErrorActionPreference = “Stop”
Try
{
$pw = convertto-securestring -AsPlainText -Force -String “xxx”
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist “xxx”,$pw
write-host “================= Starting remote ps-session ========================”
$s= new-pssession -computer server1.domain.local -name PSSSession -credential $cred -ConfigurationName Microsoft.Powershell32 -Authentication CredSSP   

$Scriptblock = {
write-host $env:COMPUTERNAME
$SCCMAdminConsolePath = Split-Path -parent $ENV:SMS_ADMIN_UI_PATH
write-host $SCCMAdminConsolePath
Import-Module “$SCCMAdminConsolePath\ConfigurationManager.psd1”
Set-location ps1:
write-host “================= Creating New site server ========================”
New-CMSiteSystemServer -ServerName “server1.domain.local” -SiteCode PS1
write-host “================= Creating new distribution point server ========================”
Add-CMDistributionPoint -SiteSystemServerName “server1.domain.local” -SiteCode “PS1” -InstallInternetServer -CertificateExpirationTimeUtc “2112/11/26 17:45:00” -MinimumFreeSpaceMB “50”
write-host “================= Adding server to boundary ========================”
Set-CMDistributionPoint -SiteCode “PS1” -SiteSystemServerName server1.domain.local  -AddBoundaryGroupName “Group1” -AllowFallbackForContent 0
write-host “================= Adding server to distribution point group ========================”
Add-CMDistributionPointToGroup -DistributionPointName server1.domain.local -DistributionPointGroupName “All Distribution Points”
}
write-host “================= Running scriptblock ========================”
Invoke-Command -Session $s -ScriptBlock $Scriptblock
Remove-PSSession $s
}

Finally
{
$errmsg = $Error[0]
}

 

if ($errmsg)
{
write-host $errmsg
}

 

Enjoy.

 

UPDATE : FIX released by MS , install on Site server and consoles

http://support.microsoft.com/kb/2984644/en

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s