Jean-Sébastien DUCHENE Blog's

Actualité, Tips, Articles sur l'ensemble des Technologies Microsoft (SCCM/SMS, EMS, Microsoft Intune, Microsoft Azure, Windows 10, SCOM, MDOP...)

[SCCM] Une KB XP bloque la capture des paramètres utilisateurs

Voila une news qui m'en aura fait baver… L’application d’une mise à jour de sécurité bloque la sauvegarde des paramètres utilisateurs avec USMT et SCCM.
Le bulletin de sécurité MS09-056 datant du mois d’octobre dernier pose des problèmes avec USMT.
Cette mise à jour qualifiée d’importante corrige deux vulnérabilités révélées publiquement dans Microsoft Windows. Ces vulnérabilités pourraient permettre une usurpation de contenu si un attaquant parvenait à accéder au certificat utilisé par l'utilisateur final pour son authentification.

Sur SCCM dans les logs de la séquence de tâches (smsts.log) vous obtenez les erreurs suivantes :

The task sequence execution engine failed executing the action (Capture User State) in the group (State Capture) with the error code 2147500037

Action output: TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/SFPATW7.INF to C:\_SMSTaskSequence\Packages\PTX0003A\x86/SFPATW7.INF

Downloaded file from http://TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/SFPATXP.INF to C:\_SMSTaskSequence\Packages\PTX0003A\x86/SFPATXP.INF

Downloaded file from http://TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/unbcl.dll to C:\_SMSTaskSequence\Packages\PTX0003A\x86/unbcl.dll

Downloaded file from http://TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/usmtutils.exe to C:\_SMSTaskSequence\Packages\PTX0003A\x86/usmtutils.exe

Downloaded file from http://TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/wdscore.dll to C:\_SMSTaskSequence\Packages\PTX0003A\x86/wdscore.dll

USMT package path = 'C:\_SMSTaskSequence\Packages\PTX0003A'Initiailization succeeded

Invoking ReleaseSource on USMTPackagePath C:\_SMSTaskSequence\Packages\PTX0003A

'OSDStateStorePath' TS environment variable is empty

Failed to construct USMT commandline (0x80004005)

OSDMigrateUserState finished: 0x80004005. The operating system reported error 2147500037: Unspecified error

 

The task sequence execution engine ignored execution failure of the action (Request State Store) in the group (State Capture).

 

The task sequence execution engine failed executing the action (Request State Store) in the group (State Capture) with the error code 8228

Action output: ==============================[ OSDSMPClient.exe ]==============================

Command line: "osdsmpclient.exe" /capture

Client joined to the TEST domain.

Client is a member of the ParH site.

GetAdaptersAddressess entry point is supported.

DhcpGetOriginalSubnetMask entry point not supported.

Adapter {28CD6CDC-F693-486C-8CB6-30BBDEE1AC96} is DHCP enabled. Checking quarantine status.

Adapter {6591187E-886F-4B34-AA8B-A9F5ED7B56C2} is DHCP enabled. Checking quarantine status.

Loading client certificates.

OSDSMPClient finished: 0x00002024

Failed to import the client certificate store (0x80092024)

ClientRequestToMP::DoRequest failed (0x80092024).

ExecuteCaptureRequestMP failed (0x80092024).

ExecuteCaptureRequest failed (0x80092024).. The operating system reported error 8228: The administrative limit for this request was exceeded.

 

La solution consiste à désinstaller la KB974571

 

 

Facebook Like
Anonymous