System Center Endpoint Protection (SCEP) Installation Error code 0x8004FF91

I had provisioned a windows server 2012 R2 (Yes, it is 2012 R2) and while installing the SCEP client (System Center Endpoint Protection client installation files are picked from current branch 2010), it failed with the following error code. Setup - Cannot complete the System Center Endpoint Protection installation. An error has prevented the System…
Troubleshooting WSUSContent folder size when it grows bigger and bigger

I was recently helping out a customer who had issues with wsuscontent folder size which was about 330GB. This folder size usually around 5-6GB if you are not using standalone WSUS or 3rd party updates for patching. This folder primarily stores the information about. 1. Software update end-user license agreement (EULA). 2. Microsoft patches for…
How to fix client automatic upgrade that happens immediately after the site upgrade in 1910

Microsoft recently released notes for customers who are running on current branch 1910 , Client automatic upgrade happens immediately for all clients after you update the site to 1910. For more information about the release notes, please refer https://docs.microsoft.com/en-us/configmgr/core/servers/deploy/install/release-notes#client-automatic-upgrade-happens-immediately-for-all-clients Today ,Microsoft has released an update to fix for this issue and is now available in…
SCCM remote control failed to do Handshake in Server. An existing connection was forcibly closed by the remote host Error 80072746

You can use Configuration Manager remote control to remotely administer, provide assistance, or view any client computer in the hierarchy. You can use the remote control to troubleshoot hardware and software configuration problems on client computers and to provide support. Configuration Manager supports the remote control of all workgroup computers and domain-joined computers that run…
Client assignment failed from http to pki with error code failed to verify message could not retrieve certificate from MPCERT

Starting in version Microsoft Endpoint Configuration Manager current branch 1910, we can use the optional feature called BitLocker management to manage BitLocker Drive Encryption (BDE) for on-premises Windows clients. It provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring (MBAM). Configuration Manager doesn't enable this optional feature by…