Voila une news qui m'en aura fait baver… L’application d’une mise à jour de sécurité bloque la sauvegarde des paramètres utilisateurs avec USMT et SCCM. Sur SCCM dans les logs de la séquence de tâches (smsts.log) vous obtenez les erreurs suivantes : The task sequence execution engine failed executing the action (Capture User State) in the group (State Capture) with the error code 2147500037 Action output: TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/SFPATW7.INF to C:\_SMSTaskSequence\Packages\PTX0003A\x86/SFPATW7.INF Downloaded file from http://TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/SFPATXP.INF to C:\_SMSTaskSequence\Packages\PTX0003A\x86/SFPATXP.INF Downloaded file from http://TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/unbcl.dll to C:\_SMSTaskSequence\Packages\PTX0003A\x86/unbcl.dll Downloaded file from http://TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/usmtutils.exe to C:\_SMSTaskSequence\Packages\PTX0003A\x86/usmtutils.exe Downloaded file from http://TEST:80/SMS_DP_SMSPKGE$/PTX0003A/x86/wdscore.dll to C:\_SMSTaskSequence\Packages\PTX0003A\x86/wdscore.dll USMT package path = 'C:\_SMSTaskSequence\Packages\PTX0003A'Initiailization succeeded Invoking ReleaseSource on USMTPackagePath C:\_SMSTaskSequence\Packages\PTX0003A 'OSDStateStorePath' TS environment variable is empty Failed to construct USMT commandline (0x80004005) OSDMigrateUserState finished: 0x80004005. The operating system reported error 2147500037: Unspecified error The task sequence execution engine ignored execution failure of the action (Request State Store) in the group (State Capture). The task sequence execution engine failed executing the action (Request State Store) in the group (State Capture) with the error code 8228 Action output: ==============================[ OSDSMPClient.exe ]============================== Command line: "osdsmpclient.exe" /capture Client joined to the TEST domain. Client is a member of the ParH site. GetAdaptersAddressess entry point is supported. DhcpGetOriginalSubnetMask entry point not supported. Adapter {28CD6CDC-F693-486C-8CB6-30BBDEE1AC96} is DHCP enabled. Checking quarantine status. Adapter {6591187E-886F-4B34-AA8B-A9F5ED7B56C2} is DHCP enabled. Checking quarantine status. Loading client certificates. OSDSMPClient finished: 0x00002024 Failed to import the client certificate store (0x80092024) ClientRequestToMP::DoRequest failed (0x80092024). ExecuteCaptureRequestMP failed (0x80092024). ExecuteCaptureRequest failed (0x80092024).. The operating system reported error 8228: The administrative limit for this request was exceeded. La solution consiste à désinstaller la KB974571
Le bulletin de sécurité MS09-056 datant du mois d’octobre dernier pose des problèmes avec USMT.
Cette mise à jour qualifiée d’importante corrige deux vulnérabilités révélées publiquement dans Microsoft Windows. Ces vulnérabilités pourraient permettre une usurpation de contenu si un attaquant parvenait à accéder au certificat utilisé par l'utilisateur final pour son authentification.
