List installed ConfigMgr Hotfixes automatically

I tried to store the current ConfigMgr patch state during ConfigMgr Backup automatically to make sure i can restore the exaclty configuration after a Server Crash.
Unfortunately the command wmic qfe list does only list installed Windows Updates.
If you want to to the same you can use the following command

For a 64 Bit Windows Server
reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Updates\System Center Configuration Manager 2007\SP2" /s > ConfigMgrPatchState.txt

For a 32 Bit Windows Server
reg query "HKLM\SOFTWARE\Microsoft\Updates\System Center Configuration Manager 2007\SP2" /s > ConfigMgrPatchState.txt

You can automatically execute the command after the Backup by using the AfterBackup.bat


GPP - Power Plan not applying

Deployed Power Management options defined in the Group Policy Preferences (GPPs) are not applying on your Clients. Maybe other settings which are defined in the same Policy are working.

Check if you've configured the option apply once and do not reapply in the GPPs.

According to this article here is this behaviour a by design issue.
The Power Management options have to be applied two times. The first time the Power Plan gets created on your Client and at the second time the Plan is enabled. So if you've configured the above listed option the policy is only applied once and so the Power Management is not configured.

One option to get he Power Plan applied is to disable the "apply once and do not reapply" option. But in this case Power Plan changes from the Users are overwritten each time the policy is applied.

Another option is to create the following RegistryKey within the same Policy:
Path: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Name: EnablePowerPlan
Type: Reg_SZ
Value: cmd /c powercfg -s 381b4222-f694-41f0-9685-ff5bb260df2e

Make sure the Option "apply once and do not reapply" is also enabled for this Key. With this Workaround the PowerOptions are applied and enabled as soon as the User logs on to the client. If the policy is applied after the logon process, then the PowerOptions are enabled at the next logon


Task Sequence Error Code 80070002 in ConfigMgr 2012

The OSD Task Sequence in ConfigMgr 2012 fails with error code 80070002.
Also you see the following errors in smsts.log:

Authentication failure - 401
Resending the request by setting the credentials on getting an unauthorized response
HTTP result: 401
Tried all the available http based locations. SMB based locations will be attempted now
!saSMBContentSources.empty(), HRESULT=80070002
Exit Code 2147942402

One possible solution is to configure a Network Service Account.
ConfigMgr Console -> Administration -> Site Operations -> Sites -> Your Site -> Configure Site Components -> Software Distribution -> Network Access Account


Backup SQL 2008 R2 DB with HP Data Protector

To Backup a Database on a SQL 2008 R2 Server with HP Data Protector (e.g. Version 6.11) you've to install the SQL 2005 Backwards compatibility tools on the SQL Server. They are part of the SQL 2005 Distributed Management Objects toolkit


L2TP VPN Connection fails

Your L2TP VPN Connection fails on a Client with the following error:

Error: 789 "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer"

The error occurs because your client connects to the VPN Server via a NAT Device. By default you've to configure your clients to allow this type of VPN connection.

To make it work configure the following on your clients:

Windows XP
RegPath: HKLM\SYSTEM\CurrentControlSet\Services\IPSec
RegKey: AssumeUDPEncapsulationContextOnSendRule
RegType: DWORD 32 bit
RegValue: 2

Windows Vista/7
RegPath: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
RegKey: IPsecThroughNAT
RegType: DWORD 32 bit
RegValue: 2


RegPath: HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\
RegKey: AssumeUDPEncapsulationContextOnSendRule
RegType: DWORD 32 bit
RegValue: 2

Then reboot the Client or restart the Service IKE and AuthIP IPsec Keying Modules