ConfigMgr 2012 R2 SP1 Application Catalog promts for cridentials

sccm2012_logo.gif-1200x0[1]

If you start using the Application Catalog from Configuration Manager 2012 R2 SP1 you have to configure some settings before the users can access it.

Probably you recieve a login propt when accessing the application catalog from your client.

Solution

After installing the role and checking the logs for a successfull installtion (SMSAWEBSVCSetup.log & SMSPORTALWEBSetup.log) you have to change the client settings:

  • Change the “Computer Agent” settings:

1

  • Select your Application Catalog website:
2
  • Add your Application Catalog website to your clients by using Group Policy:
3
This steps will allow you to use the Application Catalog without any logon prompts. Configure also your Enterprise Mode settings when you use Windows 10 EDGE Browser. EDGE does not support Silverlight but the Software Center and the Application Catalog is using Silverlight.
Cheers
Al

New blog

After blogging on sccmfaq.ch I finally started my own blog – blog.alschneiter.com. I’m focused on all the new and rising Microsoft Windows Client technologies. This includes stuff like, Windows 10, Configuration Manager (ConfigMgr), EMS, Office365, Azure RemoteApps, Remote Desktop Services (RDS), MDOP and much more! Just the modern workplace. Any questions to me? Feel free to contact me using this blog or twitter!

And, don’t miss all the technical deep dives, technical news and also some fun stuff. Subscribe right now!

Cheers,
Al

itnetX_portraits_2015_14

Replace RD Web Certificate

Hi,

In some cases (DNS changes, expired certificate, etc.) you have to renew a certificate on your RD Webservers. I hat to do this today on a environment wit two RD Web Servers load balanced by a F5 Loadbalancer. But just replacing the web certificate on the RD Connection broker was not enough.

For some reason the cert was not valid after the replacement.

Solution:

  1. Delete all the old certificates in the personal store of the RD Webservers
  2. Reboot the Webservers
  3. Request a new certificate by using certlm.msc of one of the RD Webservers
  4. Export the .pfx file for the Connection Broker
  5. Redeploy the certificate using the Server Manger / Remote Desktop Services / Deployment Overview / Tasks / Edit Deployment Settings

This should allow you to access the RD Websites without having any certificates warnings.

Cheers,
Al

 

Deploy Skype for Business using Click-to-Run Tool and ConfigMgr 2012 R2

Hi folks,

Today I had to deploy Skype for Business for a Office 365 Business Premium Plan using ConfigMgr 2012 R2. This is a special O365 plan for a maximum of 300 users.

Normally with an E3 plan you can use a config.XML file with the lync product code entry called “LyncRetail”.

This is not working for all other plans like E1, E2, Business, BusinessPremium etc.! You have to change the product code to “LyncEntryRetail” otherwise you won’t be able to activate your Skype for Business installation.

This is how my config file now looks like:

<Configuration>

<Add OfficeClientEdition=”32″>
<Product ID=”O365BusinessRetail”>
<Language ID=”en-us” />
</Product>
<Product ID=”LyncEntryRetail”>
<Language ID=”en-us” />
</Product>
</Add>
<Update Enabled=”TRUE” />
<Display Level=”None” AcceptEULA=”TRUE” />
<Logging Name=”OfficeSetup.txt” Path=”%temp%” />

</Configuration>

Here you can find a list of all supported products: https://support.microsoft.com/en-us/kb/2842297

 

Maybe this helps.

Cheers,
Al

ADFS 3 login issues 8004789A after rebuilding the farm – Office 365 relaying trust missing

Hi Folks,

One of our customer had an issue with the ADFS farm running on Windows Server 2012 R2. There was a problem with the ADFS proxy which was domain joined. This is not a recommended configuration so we changed that to a workgroup machine.

The https://adfs.DOMAIN.COM/adfs/ls/IdpInitiatedSignon.aspx could be contacted after that and a Login was possible. Hovever, an enrollemnt of devices using Microsoft Intune was still not working. We recoginized that the realying trust to Office 365 was missing on the ADFS Server:
1

Using powershell to create the trust worked but didn’t allow the user to Login to https://account.manage.microsoft.com or the comany portal and enroll devices.

$cred=Get-Credential
Connect-MsolService –Credential $cred
Set-MsolAdfscontext -Computer “FQDN of Server”
Convert-MsolDomainToFederated –DomainName “Your Domain Name”

The error 8004789A occured on the Login page.

Reason
You have to use the powershell command
Update-MsolFederatedDomain –DomainName “Your Domain Name”

This did the trick.

2

Maybe this helps someone.

Cheers,
Al