A client computer can steal the Configuration Manager GUID of an Unknown Computer object during imaging
This article provides the information to solve the issue that the Configuration Manager Unique Identifier (GUID) of an Unknown Computer object is taken by a client computer that's being imaged.
Original product version: Configuration Manager (current branch)
Original KB number: 4471061
Symptoms
Configuration Manager current branch version 1702 included a new feature that lets you use the Previous button to retry a failed task sequence in the Task Sequence Wizard when it runs on Microsoft Windows Preinstallation Environment (Windows PE).
For more information about this feature, see Return to previous page when a task sequence fails.
This feature introduced the following issue:
When the Previous button is selected, the client PC that's being imaged can steal the Configuration Manager Unique Identifier (GUID) of the Unknown Computer object that's being used (either the x64 Unknown Computer or the x86 Unknown Computer).
This issue was fixed in Update rollup for Configuration Manager current branch, version 1702.
This issue is also fixed in all subsequent versions of Configuration Manager current branch.
However, starting in Configuration Manager current branch version 1702, unknown computers that are started from media or preboot execution environment (PXE) may not find task sequences that are targeted to them. In this scenario, the following error message is logged in the SMSTS.log:
There are no task sequences available to this computer. Please ensure you have at least one task sequence advertised to this computer.
Unspecified error (Error: 80004005; Source: Windows)
This issue may occur if the Previous button on the Select a task sequence to run page is selected on the unknown computer.
This issue is also fixed in all subsequent versions of Configuration Manager current branch.
Despite applying the update rollup in Configuration Manager current branch version 1702 or upgrading to a later version of Configuration Manager, the issue still occurs.
Cause
This issue may continue to occur because the fix in the update rollup for Configuration Manager current branch version 1702 and later Configuration Manager current branch versions prevents the issue from occurring only going forward. It doesn't fix the issue if the issue currently exists in the environment.
Therefore, the issue can continue to occur in Configuration Manager current branch version 1702 or newer even after the version 1702 update rollup or a later version is applied. This is true unless the following steps are taken:
- Update the boot images on distribution points.
- Recreate the boot media by using the updated images.
- Correctly clean the client PC that stole the GUID.
Resolution
Warning
Do not try to fix this issue by recreating the Unknown Computer objects. This doesn't correctly fix the issue, and it doesn't prevent the issue from reoccurring going forward. Additionally, there are known issues that occur in environments that have multiple Unknown Computer objects for a single site. If you have previously tried to resolve this issue by recreating the Unknown Computer objects, see Remove duplicate Unknown Computer objects.
To resolve this issue and prevent it from returning in the environment, follow these steps:
Update all boot images in the environment. To do this, right-click the images in the Configuration Manager console, and then select Update Distribution Points. This puts the updated Configuration Manager binaries that contain the fix into the boot image. For more information, see Update distribution points with the boot image.
If you use media in the environment, recreate all media in the environment after you update all boot images on the distribution points. This makes sure that the updated boot images that have the fix are in the media that's being used in the environment.
To prevent media that has old boot images from being used, the certificates for those boot images can be blocked in the Configuration Manager console under the Administration > Security > Certificates node. To make sure that the issue doesn't recur, we recommend that you block all certificates for all media created before the boot images were updated in step 1. The date on which the media was created is displayed in the Start Date column.
For more information about how to create media, see Create task sequence media.
The client computer that stole the GUID must be cleaned correctly.
To correctly clean the client that stole the GUID, follow these steps:
Identify the computer that acquired the GUID. To do this, examine the properties of the Unknown Computer object (usually x64 Unknown Computer), note the value of Configuration Manager Unique Identifier, and then run a query in the Configuration Manager console to identify the computer object that has the same GUID. You can do all these steps from the console. You do not have to go into the SQL Server database to do this.
After you identify the computer that acquired the stolen GUID, remotely connect to that computer, and then completely clean the Configuration Manager client. This involves more than simply uninstalling the client. Instead, you must follow steps 3-7.
On the client computer, under
C:\Windows\CCMSetup
, run theCCMSetup.exe /uninstall
command at an elevated command prompt.Monitor Task Manager until CCMSetup finishes running. Double-check the ccmsetup.log file to make sure that the client was uninstalled correctly.
On the client computer, delete the following directories:
- C:\Windows\CCM
- C:\Windows\CCMSetup
Note
To fully delete these directories, you may have to restart the computer.
On the client computer, delete the following registry keys (if they exist):
HKEY_LOCAL_MACHINE\Software\Microsoft\CCM
HKEY_LOCAL_MACHINE\Software\Microsoft\CCMSetup
HKEY_LOCAL_MACHINE\Software\Microsoft\SMS
On the client computer, delete the C:\Windows\SMSCFG.ini file.
On the client computer, delete all certificates under the SMS > Certificates node in the Certificates console for the Computer account. To do this, follow these steps:
Run
MMC.exe
at an elevated command prompt.On the File menu, select Add/Remove Snap-in.
Select Certificates, and then select Add.
Select Computer account and then select Next.
Select Local computer and then select Finish.
Select OK.
Navigate to Certificates > SMS > Certificates.
In the results pane, right-click each certificate listed under the Certificates > SMS > Certificates node, and then select Delete. Repeat this step until all certificates are deleted.
Close the Certificates console.
Delete the record of the offending computer from the Configuration Manager console. Again, you do not have to go into the SQL Server database to do this. You can delete the record from the Configuration Manager console. Make sure that you do this after you complete steps 1-8. Doing this first may cause the record to be recreated if the client reports are backed up before they are fully cleaned.
Reinstall the Configuration Manager client on the offending client computer.
Remove duplicate Unknown Computer objects
If the Unknown Computer objects have been recreated at the site when you tried to fix the problem, the extra Unknown Computer objects should be deleted. To accomplish this, all of the current Unknown Computer objects should be deleted for the affected site followed by creating a brand new set of Unknown Computer objects for the site. Deleting Unknown Computer objects can be completed only from the SQL Server database. It cannot be done from the Configuration Manager console.
Note
It's acceptable to have multiple Unknown Computer objects if there are multiple primary sites. However, each site should have only one Unknown Computer object per architecture. For example, there should be only one x64 object that's labeled x64 Unknown Computer and only one x86 object that's labeled x86 Unknown Computer.
To delete the extra Unknown Computer objects, follow these steps:
Make sure you have a current and valid backup of the Configuration Manager site by using the built-in Backup maintenance task.
Open the Configuration Manager console. If there are multiple primary sites, we recommend that you open a Configuration Manager console that's connected to the central administration site.
In the Configuration Manager console, go to Assets and Compliance > Overview > Device Collections.
Double-click the All Unknown Computers collection.
In the results pane, sort the objects in the All Unknown Computers collection by selecting the Site Code column.
Note whether there are multiple x64 Unknown Computer objects or x86 Unknown Computer objects for any individual site.
If there are multiple x64 Unknown Computer objects or x86 Unknown Computer objects for any individual site, right-click the columns in the results pane, and add Resource ID to the list of columns.
Determine the Resource ID value for each x64 Unknown Computer object and each x86 Unknown Computer object for any one site. Make sure to note the resource ID for all of the Unknown Computer objects even if only one of the Unknown Computer objects is duplicated.
After you determine the Resource IDs of the Unknown Computer objects for a site, the x64 Unknown Computer objects and the x86 Unknown Computer objects for the site can be deleted.
Open SQL Server Management Studio, and then connect to the database for the site that hosts the extra Unknown Computer objects.
Expand the Databases node, and select the Configuration Manager database (usually CM_Site_Code).
On the toolbar, select New Query.
Make sure that the correct database is selected in the drop-down menu to the left of the Execute button on the toolbar.
In the query pane, run the following SQL query:
SELECT C.CollectionID, C.SiteID, C.CollectionName, CM.MachineID, CM.Name FROM Collections C JOIN CollectionMembers CM ON C.SiteID = CM.SiteID JOIN UnknownSystem_DISC USD ON USD.ItemKey = CM.MachineID
This query displays all the collections that all the Unknown Computer objects belong to. Use this query to determine which collections the Unknown Computer objects are members of. Make a note of this information so that when the new set of Unknown Computer objects are created, they can be added back to the appropriate collections. The Resource ID is listed in the MachineID column.
In the query pane, run the following SQL query:
SELECT * FROM UnknownSystem_DISC WHERE ItemKey IN ('Resource_ID_1','Resource_ID_2', 'Resource_ID_3')
In this query,
Resource_ID_x
is the Resource ID of each of the Unknown Computer objects for the site, as determined in step 9. For example, if the Resource IDs are 2046820354 and 2046820355, the query would be as follows:SELECT * FROM UnknownSystem_DISC WHERE ItemKey IN ('2046820354','2046820355')
Verify that the records that are returned by the query in step 15 are correct. If they are, then run the following query to delete the records:
DELETE FROM UnknownSystem_DISC WHERE ItemKey IN ('Resource_ID_1','Resource_ID_2', 'Resource_ID_3')
In this query,
Resource_ID_x
is the Resource ID of each of the Unknown Computer objects for the site, as determined in step 9. For example, if the Resource IDs are 2046820354 and 2046820355, the delete query would be as follows:DELETE FROM UnknownSystem_DISC WHERE ItemKey IN ('2046820354', '2046820355')
Note
Remember to delete all of the Unknown Computer objects for the affected site, both x64 and x86, even if only one of them was duplicated.
Follow the section Recreate Unknown Computer objects in case of accidental deletion to create new Unknown Computer objects for the affected site.
Return to the Configuration Manager console, and then go to Assets and Compliance > Overview > Device Collections.
Right-click the All Unknown Computers collection, and then select Update Membership.
Wait a few minutes, and then select Refresh. Verify that only one x64 Unknown Computer object or x86 Unknown Computer object exists for each site. If the objects do not display, wait a few more minutes and try again.
Once the new Unknown Computer objects appear, add them back to the appropriate collections as determined in step 14.
Repeat steps 10-21 for all additional primary sites, as necessary.
Recreate Unknown Computer objects in case of accidental deletion
If, for whatever reason, all Unknown Computer objects are accidentally deleted for any one site that uses this process, they can be recreated by using the following steps. These steps should be taken only if there are no Unknown Computer objects for a site. If only one of the two Unknown Computer objects exists at a site, delete the one remaining Unknown Computer object by using the steps in the Remove duplicate Unknown Computer objects section of this article, and then follow these steps:
Sign in to the primary site server that the Unknown Computer objects are missing from.
At an elevated command prompt, run the following command:
REG.exe ADD "HKLM\SOFTWARE\Microsoft\SMS\COMPONENTS\SMS_DISCOVERY_DATA_MANAGER" /v CreatedUnknownDDR /t REG_DWORD /d 0 /f
After this registry key value is updated, the Unknown Computer objects should be automatically recreated soon afterward. You can check the progress of the creation of the Unknown Computer objects in the DDM.log file on the primary site server.
To speed up the recreation of the Unknown Computer records, restart the SMS_DISCOVERY_DATA_MANAGER
thread by following these steps:
Open the Configuration Manager console on the primary site from which the Unknown Computer objects are missing, and then go to Monitoring > Overview > System Status > Component Status.
On the toolbar, select Start > Configuration Manager Service Manager.
In Configuration Manager Service Manager, expand the node under the site code and then select Components.
In the results pane, right-click SMS_DISCOVERY_DATA_MANAGER and select Query. The thread should display as Running.
Right-click SMS_DISCOVERY_DATA_MANAGER, and then click Stop.
Right-click SMS_DISCOVERY_DATA_MANAGER, and then click Query.
Note
The thread should display as Stopped.
Right-click SMS_DISCOVERY_DATA_MANAGER, and then click Start.
Right-click SMS_DISCOVERY_DATA_MANAGER, and then click Query.
Note
The thread should display as Running.
Close the Configuration Manager Service Manager window.
The Unknown Computer objects should be automatically recreated soon. You can check the progress of this process in the DDM.log file on the primary site server.