Configuration Manager – The server cannot be deleted because it contains the following site system roles – Unable to remove Site Systems from SCCM

Unable to remove Site Systems from SCCM when Multicast Service Point has been enabled

All roles have been removed but Component server still shows


First step is to check what roles may be remaining but not showing in the console by running the powershell command


Get-CMSiteRole -SiteCode “ABC” -SiteSystemServerName “” | Select RoleName


As you can see above the SMS Multicast Service Point is showing but its not possible to remove this role via the console as the Distribution Point role has already been removed.

And of course I cannot remove the site system as not all roles are removed





Run the command in powershell

Remove-CMSiteRole -SiteCode ABC -SiteSystemServerName -RoleName “SMS Multicast Service Point”


Then restart the SMS_SITE_COMPONENET_MANAGER Service


You should now be able to remove the site system after some time once the component server is no longer showing under Servers and Site System Roles

If you still find the component server is still showing after a long wait you can remove the entry in the registry and restart the same service:

HKLM\Software\Microsoft\SMS\Components\SMS_SITE_COMPONENT_MANAGER\Component Servers\SERVERNAME


Windows 10 1511 & SCCM CB WSUS Error – 0x80240fff – Fix

I have finally had time to test a permanent fix for the 1511 scan fail issue. Please take note this fix is performed in a lab environment and not tested in production.

While it is a fix there may be others available, please make sure you try this in pilot/dev environment before implementing in a production environment. I take no responsibility for it going wrong in production  🙂



First you need to download the latest CU for 1511 form the Microsoft Update Catalog – 


X64 – Download Here

X86 – Download Here


Once downloaded add it to your SCCM Package Share folder and proceed to package as shown below



Create a Standard program and make sure the settings reflect the below


Here is the command line – wusa.exe <Insert Package.msu>  /quiet /norestart

Example – wusa.exe windows10.0-kb4022714-x64_edf4e51111abeea65f7cbcf75755210bb6a711e3.msu /quiet /norestart





Once packaged right click the package and distribute the content to your required distribution points


Now time to deploy

You want to make sure you are deploying only to Windows 10 1511 so create a collection with the following query



Now right click your program and select deploy choosing the collection created in the above step


Its up to you what you do here but keep in mind ‘required’ will force the install,  for testing purposes I have set it to available.







Review your summary and finalise.

Now lets wait for the test machine to pick up the new advertisement in software centre



Before we start take note the error showing in wuahandler.log



Windows Update Agent Version is 10.0.10586.0



Choose Install




Verify the installation by looking for Windows Update Standalone Installer & Windows Module Installer (it may take a while) my lab machine took 40 minutes to complete.








Once completed restart the machine




Check the Windows Update Agent Version

Now run a software update scan cycle

Watch the WUHandler.log – you will now see the pc is completing its scan.

In my case there is a new warning due to the June Malicious Software Update having a problem accepting the license. I have seen this in a few environments and leads me down the next rabbit hole…..


Overall your client should now be healthy and ready to update.

I can now see the feature update for 1607

Hope this nails it once and for all!

Please feel free to comment your experiences and Ill do my best to help.

Configuration Manager Health Check Script

With the recent events (wannacry) in the last few months making sure your environment has a collection of healthy clients including the latest Windows Update Agent is crucial to surviving the threats being unleashed in the modern world. Although you may be able to produce compliance reports showing good figures >96% ( lets get real that almost impossible ) what about the clients that are not showing in your compliance report that should be present. Are you reporting against the unknown? How are you tackling those clients falling into the category?

Here is some help:

Thanks to Anders Roland there is a health script available to help take care of those pesky clients you don’t have the time to take care of yourself, or maybe have been queuing that task up for later, now you can once and for all (99.9%) of the time – nothing is ever perfect right……


Please follow Anders instructions on the implementation guide – 


I strongly recommend following the Group Policy guide found here also


Powershell Script with Arguments as a Scheduled Task