Search This Blog

Friday, December 23, 2016

New Feature in SCCM 1610: Client peer cache

SCCM 1610 has a new feature called Peer Cache to improve content download in remote locations which don't have a local distribution point. It works like this:

  1. You configure SCCM clients to for this new feature using client settings, select option called "Enable Configuration Manager client in full OS to share content"
  2. SCCM client will configure necessary Windows Firewall ports on client, but if there are any network firewalls, ports must be opened also there.
  3. If SCCM client with Peer Cache enabled will have a package it will tell to management point that it has the package.
  4. If another SCCM client will ask for content then management point will return all distribution points and Peer Cache enabled SCCM clients for it (if they are in clients current boundary group).
  5.  Peer Cache is fully SCCM technology and does not rely on Windows Branch Cache feature.

Keep in mind that although this is a nice feature, you must not enable it for all clients and your boundary groups must be configured correctly for this to work as expected.

Microsoft documentation here

Windows Server 2016 New Features: Nested Virtualization

Nested virtualization is a new feature available in Windows Server 2016 and Windows 10 v 1607 and it allows to run Hyper-V feature inside a virtual machine:
There are some prerequisites for nested virtualization:

  • Hyper-V host or guest must be Windows Server 2016 or Windows 10 v 1607
  • Guest must be with configuration version 8.0 or higher
  • Host must have Intel processor with VT-x and EPT technology.

Note alsow that dynamic memory and hot add/remove memory feature does not work in nested VMs.
There are also additional networking configuration necessary for this to work.

More info here:

Thursday, December 22, 2016

Changes in SCCM 1610 Boundary Group behavior

SCCM 1610 introduces changes how boundary groups work. The main differences are following:
1. There is a new term relationships, these are boundary group relations between them.
2. If a SCCM client is in boundary group, then now it is called its current boundary group.
3. Neighbor relationships can be defined between boundary groups. Neighbor relationships define period in minutes when client can fallback to next boundary group.
4. Boundary groups are converted to new model when SCCM is upgraded to version 1610.

So lets have an example. Client is in boundary group 1 (its current boundary group) that has 30 minute neighbor relationship with boundary group 2. Each boundary group has one distribution point associated to it.
Client first tries to locate content on DP which associated to boundary group 1. If it does not get content in 30 minutes, then it starts to query also DP in boundary group 2. 

Here is full documentation

Friday, December 16, 2016

Windows 10 feature upgrade to v1607 fails with error 0xC1800118 when deployed through SCCM Servicing

I guess most of you already know that with Windows 10 you will have to do OS feature upgrades frequently to stay supported.
If you are using SCCM then this is done through feature called Windows 10 Servicing. It works almost the same as Auto Deployment Rules.
If you upgrade to Windows 10 v1607 through Servicing and get 0xC1800118 error

 then most likely you have not installed required update when synchronizing Upgrades classification in SCCM Software Update Point / WSUS.

These WSUS updates  and must be installed before you synchronize Upgrades classification.

To solve 0xC1800118 the error you must follow the steps described in Workaround section in this KB article

FIXED: Outlook drag and drop does not work on Windows 10 v1607

Previously I blogged about an issue with Outlook drag and drop feature in Windows 10 v1607. The issues has been finally fixed in latetest Windows 10 v1607 cumulative update KB3206632 (

I installed the update and so far it seems that the problem is gone :)

Thursday, December 15, 2016

Step-by-step: How to create a virtual machine from VHD in Azure Portal

You cannot create a new VM in Azure portal from Azure web portal, so the only way at this point is to use Powershell. Here are steps to create a working VM from existing VHD:

1. Upload the VHD to Azure using Azure Storage Explorer or other tool. Make sure that it really is VHD format, upload it as Page Blob and the OS in VHD has been configured to obtain IP address from DHCP.

2. Start Powershell.
3. Login-AzureRmAccount to login to Azure tenant.
4. Use these commands
$resourceGroupName = "ResourceGroupName"

$virtualNetworkName = "VirtualNetworkName"

$virtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $resourceGroupName -Name $virtualNetworkName

5. Create a Network interface in Azure Portal
6. Use these Powershell commands
$networkInterface = Get-AzureRmNetworkInterface -Name "NetworkInterfaceName" -resourcegroupname $resourceGroupName

$vmConfig = New-AzureRmVMConfig -VMName "VMName" -VMSize "Standard_D1_v2"

$vmConfig = Set-AzureRmVMOSDisk -VM $vmConfig -Name "VirtualDiskName" -VhdUri UploadedVHDUrl -CreateOption Attach -Windows

$vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $networkInterface.Id

$vm = New-AzureRmVM -VM $vmConfig -Location $locationName -ResourceGroupName $resourceGroupName

You can obtain VHD URL from Azure Storage Explorer when you right-click onto VHD.
After you execute the last command it will take a while to create the VM.

Saturday, December 10, 2016

Delegate Unlock Account permissions in Active Directory

To delegate "Unlock account" permissions follow these steps:
1) Open Active Directory Users and Computers console
2) Select Properties for the target Organizational Unit where you want to delegate permissions;
3) Select Security tab and then click Advanced
4) Add user to which you want to delegate permissions and select to apply to "Descendant User objects":
5) Select permissions Read lockoutTime and Write lockoutTime:

And that's it!

Friday, December 9, 2016

Enable Windows Firewall remotely, through registry

If you happen to be in situation where you have remote registry access and need to disable Windows Firewall through registry, then open this registry key


Select necessary firewall profile (DomainProfile, PublicProfile, StandardProfile) and modify EnableFirewall value to 0:

Then restart Windows Firewall service and firewall will be disabled.

Tuesday, December 6, 2016

Outlook drag and drop does not work on Windows 10 v1607

Previously I wrote here and here about Outlook drag and drop issues.
The problem again appeared on my Windows 10 v1607 with Outlook 2016 (365) machine. As I use this feature all the time, I wanted to find out the root cause.
After some googling I found that this is a bug with Windows 10 v1607 and hopefully will be fixed in mid-December, as written here

Sunday, December 4, 2016

Windows Server 2016 New Features: Hot Add/Remove Network adapter for VM

One more cool feature on Windows Server 2016 Hyper-V host is that you can add/remove network adapters while the VM is running.
This works only for Generation 2 VMs, but both on Windows and Linux VMs.

Saturday, December 3, 2016

Windows Server 2016 New Features: Hot Add/Remove Memory for VM

Starting from now on I will blog about new features in Windows Server 2016.
The first one is about new feature in Hyper-V - starting from Windows Server 2016 (and also Windows 10 v1607) you can add or remove memory for guest virtual machine while it is runnning. If you do this, actual memory amount in guest VM Task Manager will also change.

The requirement for guest OS is Windows 10 or Windows Server 2016. And this feature works both for Generation 1 and Genereation 2 virtual machines.