System Center Endpoint Protection (SCEP) Installation Error code 0x8004FF91

I had provisioned a windows server 2012 R2 (Yes, it is 2012 R2) and while installing the SCEP client (System Center Endpoint Protection client installation files are picked from current branch 2010), it failed with the following error code. Setup - Cannot complete the System Center Endpoint Protection installation. An error has prevented the System…
Managing windows updates using Configuration Manager and Group policy

When a Configuration Manager client is installed and configured to use the software updates agent, it will automatically configured with a local Group Policy setting that specifies the Configuration Manager software update point. The Group Policy setting used is the intranet Microsoft update service location, specified as a Windows Update computer administrative template. The following…
Microsoft MVP Award for 2020-2021 (4th Time)

I am super excited and honored to receive an email from Microsoft about my MVP (Microsoft Most Valuable Professional) award renewal for the year 2020-2021 in Enterprise Mobility area . This is my 4th consecutive year MVP award (First year 2017) and glad that, I am still part of great MVP community for another year. Following is…
SCCM remote control failed to do Handshake in Server. An existing connection was forcibly closed by the remote host Error 80072746

You can use Configuration Manager remote control to remotely administer, provide assistance, or view any client computer in the hierarchy. You can use the remote control to troubleshoot hardware and software configuration problems on client computers and to provide support. Configuration Manager supports the remote control of all workgroup computers and domain-joined computers that run…
Client assignment failed from http to pki with error code failed to verify message could not retrieve certificate from MPCERT

Starting in version Microsoft Endpoint Configuration Manager current branch 1910, we can use the optional feature called BitLocker management to manage BitLocker Drive Encryption (BDE) for on-premises Windows clients. It provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring (MBAM). Configuration Manager doesn't enable this optional feature by…
SCCM Collection–how to identify devices that have old AD system discovery timestamp ?

SCCM has multiple discovery methods help you discover devices on your network, devices and users from Active Directory, or users from Azure Active Directory (Azure AD). Read more about the discovery methods in SCCM https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/about-discovery-methods AD system discovery help to discover computer resources that can be used to create collections and queries. You can also…
Check Microsoft office activation status using SCCM Compliance Settings

I did detailed blog post on 'how to get  office 365 proplus activation status' with help of extended MOF file and inventory changes. With this method ,you will get the activation details such as user email address, shared computer activation etc. For more information, please refer http://eskonr.com/2018/10/how-to-get-office-365-proplus-activation-status-and-excluded-apps-etc-using-sccm-configmgr/ . This method requires extension of MOF files…
How to find custom hardware inventory classes imported (MOF) into ConfigMgr database

Configuration Manager site database contains a large collection of information about the network, computers, users, user groups, and many other components of the computing environment. Being SCCM Admin, you need to understand the different categories of the SQL views, what information is stored in each view, and how the SQL views can be joined to…