Configuration Manager – The server cannot be deleted because it contains the following site system roles – Unable to remove Site Systems from SCCM

Unable to remove Site Systems from SCCM when Multicast Service Point has been enabled

All roles have been removed but Component server still shows

 

First step is to check what roles may be remaining but not showing in the console by running the powershell command

 

Get-CMSiteRole -SiteCode “ABC” -SiteSystemServerName “xxx.contoso.com” | Select RoleName

 

As you can see above the SMS Multicast Service Point is showing but its not possible to remove this role via the console as the Distribution Point role has already been removed.

And of course I cannot remove the site system as not all roles are removed

 

 

 

Solution:

Run the command in powershell

Remove-CMSiteRole -SiteCode ABC -SiteSystemServerName abc.contoso.com -RoleName “SMS Multicast Service Point”

 

Then restart the SMS_SITE_COMPONENET_MANAGER Service

 

You should now be able to remove the site system after some time once the component server is no longer showing under Servers and Site System Roles

If you still find the component server is still showing after a long wait you can remove the entry in the registry and restart the same service:

HKLM\Software\Microsoft\SMS\Components\SMS_SITE_COMPONENT_MANAGER\Component Servers\SERVERNAME

 

Windows 10 1511 & SCCM CB WSUS Error – 0x80240fff – Fix

I have finally had time to test a permanent fix for the 1511 scan fail issue. Please take note this fix is performed in a lab environment and not tested in production.

While it is a fix there may be others available, please make sure you try this in pilot/dev environment before implementing in a production environment. I take no responsibility for it going wrong in production  🙂

 

 

First you need to download the latest CU for 1511 form the Microsoft Update Catalog –

http://www.catalog.update.microsoft.com/Search.aspx?q=4022714 

 

X64 – Download Here

X86 – Download Here

 

Once downloaded add it to your SCCM Package Share folder and proceed to package as shown below

 

 

Create a Standard program and make sure the settings reflect the below

 

Here is the command line – wusa.exe <Insert Package.msu>  /quiet /norestart

Example – wusa.exe windows10.0-kb4022714-x64_edf4e51111abeea65f7cbcf75755210bb6a711e3.msu /quiet /norestart

 

 

 

 

Once packaged right click the package and distribute the content to your required distribution points

 

Now time to deploy

You want to make sure you are deploying only to Windows 10 1511 so create a collection with the following query

 

 

Now right click your program and select deploy choosing the collection created in the above step

 

Its up to you what you do here but keep in mind ‘required’ will force the install,  for testing purposes I have set it to available.

 

 

 

 

 

 

Review your summary and finalise.

Now lets wait for the test machine to pick up the new advertisement in software centre

 

 

Before we start take note the error showing in wuahandler.log

 

 

Windows Update Agent Version is 10.0.10586.0

 

 

Choose Install

 

 

 

Verify the installation by looking for Windows Update Standalone Installer & Windows Module Installer (it may take a while) my lab machine took 40 minutes to complete.

 

 

 

 

 

 

 

Once completed restart the machine

 

 

 

Check the Windows Update Agent Version

Now run a software update scan cycle

Watch the WUHandler.log – you will now see the pc is completing its scan.

In my case there is a new warning due to the June Malicious Software Update having a problem accepting the license. I have seen this in a few environments and leads me down the next rabbit hole…..

 

Overall your client should now be healthy and ready to update.

I can now see the feature update for 1607

Hope this nails it once and for all!

Please feel free to comment your experiences and Ill do my best to help.

Configuration Manager Health Check Script

With the recent events (wannacry) in the last few months making sure your environment has a collection of healthy clients including the latest Windows Update Agent is crucial to surviving the threats being unleashed in the modern world. Although you may be able to produce compliance reports showing good figures >96% ( lets get real that almost impossible ) what about the clients that are not showing in your compliance report that should be present. Are you reporting against the unknown? How are you tackling those clients falling into the category?

Here is some help:

Thanks to Anders Roland there is a health script available to help take care of those pesky clients you don’t have the time to take care of yourself, or maybe have been queuing that task up for later, now you can once and for all (99.9%) of the time – nothing is ever perfect right……

 

Please follow Anders instructions on the implementation guide –

https://www.andersrodland.com/configmgr-client-health/ 

 

I strongly recommend following the Group Policy guide found here also

 

Powershell Script with Arguments as a Scheduled Task