Update scan failed due to Group policy settings were overwritten by a higher authority

Few years ago, I have blogged about the client update scan failure due to GPO’s. https://eskonr.com/2014/10/sccm-configmgr-2012-software-update-scan-error-group-policy-settings-were-overwritten-by-a-higher-authority-error-code-0x87d00692/ Introduction: When the software update point is configured for a site, client computers receive a machine policy that provides the active software update point server name (WSUS) and configures the Specify intranet Microsoft update service location local policy on…
System Center Endpoint Protection (SCEP) Installation Error code 0x8004FF91

I had provisioned a windows server 2012 R2 (Yes, it is 2012 R2) and while installing the SCEP client (System Center Endpoint Protection client installation files are picked from current branch 2010), it failed with the following error code. Setup - Cannot complete the System Center Endpoint Protection installation. An error has prevented the System…
Managing windows updates using Configuration Manager and Group policy

When a Configuration Manager client is installed and configured to use the software updates agent, it will automatically configured with a local Group Policy setting that specifies the Configuration Manager software update point. The Group Policy setting used is the intranet Microsoft update service location, specified as a Windows Update computer administrative template. The following…
Microsoft MVP Award for 2020-2021 (4th Time)

I am super excited and honored to receive an email from Microsoft about my MVP (Microsoft Most Valuable Professional) award renewal for the year 2020-2021 in Enterprise Mobility area . This is my 4th consecutive year MVP award (First year 2017) and glad that, I am still part of great MVP community for another year. Following is…
SCCM remote control failed to do Handshake in Server. An existing connection was forcibly closed by the remote host Error 80072746

You can use Configuration Manager remote control to remotely administer, provide assistance, or view any client computer in the hierarchy. You can use the remote control to troubleshoot hardware and software configuration problems on client computers and to provide support. Configuration Manager supports the remote control of all workgroup computers and domain-joined computers that run…
Client assignment failed from http to pki with error code failed to verify message could not retrieve certificate from MPCERT

Starting in version Microsoft Endpoint Configuration Manager current branch 1910, we can use the optional feature called BitLocker management to manage BitLocker Drive Encryption (BDE) for on-premises Windows clients. It provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring (MBAM). Configuration Manager doesn't enable this optional feature by…
SCCM Collection–how to identify devices that have old AD system discovery timestamp ?

SCCM has multiple discovery methods help you discover devices on your network, devices and users from Active Directory, or users from Azure Active Directory (Azure AD). Read more about the discovery methods in SCCM https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/about-discovery-methods AD system discovery help to discover computer resources that can be used to create collections and queries. You can also…