Microsoft Sysadmin & Migration Thoughts

Issue
Downloading and installing in Active Directory the latest 1809 policy Definition files - ADMX and Language specific ADML files, results in errors during gpresult for the non en-US template files for MicrosoftEdge.adml

Solution
My quick fix was to copy the en-US MicrosoftEdge.adml file into the non en-US folders until we get an update from Microsoft.

I have raised a ticket with Microsoft for this.

Details
using powershell to parse the xml (adml files) and doing a comparison with en-US version shows a lot of missing ID Tags:

[xml]$a = Get-Content D:\admx\PolicyDefinitions\en-US\Windows.adml

[xml]$b = Get-Content D:\\admx\PolicyDefinitions\fr-FR\Windows.adml

Compare-Object $(($a | Select-Xml -XPath "//@id").Node.Value) $(($b | Select-Xml -XPath "//@id").Node.Value)

InputObject                                                       SideIndicator
-----------                                                       -------------
PreventTabPreloading                                              =>
PreventTabPreloading_Explain                                      =>
PreventTabPreloadingDropdown_PreventTabPreloading                 =>
PreventTabPreloadingDropdown_AllowTabPreloading                   =>
PreventTabPreloading                                              =>
SUPPORTED_INTERNET_BROWSER_RS5_DisplayName                        <=
PreventCertErrorOverrides                                         <=
PreventCertErrorOverrides_Explain                                 <=
AllowFullScreenMode                                               <=
AllowFullScreenMode_Explain                                       <=
AllowPrinting                                                     <=
AllowPrinting_Explain                                             <=
AllowSavingHistory                                                <=
AllowSavingHistory_Explain                                        <=
AllowSideloadingOfExtensions                                      <=
AllowSideloadingOfExtensions_Explain                              <=
ConfigureFavoritesBar                                             <=
ConfigureFavoritesBar_Explain                                     <=
ConfigureHomeButton                                               <=
ConfigureHomeButton_Explain                                       <=
ConfigureHomeButton_StartPage                                     <=
ConfigureHomeButton_NewTabPage                                    <=
ConfigureHomeButton_SpecificPage                                  <=
ConfigureHomeButton_HideHomeButton                                <=
ConfigureOpenEdgeWith                                             <=
ConfigureOpenEdgeWith_Explain                                     <=
ConfigureOpenEdgeWithList_EdgeStartPage                           <=
ConfigureOpenEdgeWithList_NewTabPage                              <=
ConfigureOpenEdgeWithList_PreviousPages                           <=
ConfigureOpenEdgeWithList_ProvisionedHomePages                    <=
PreventTurningOffRequiredExtensions                               <=
PreventTurningOffRequiredExtensions_Explain                       <=
SetHomeButtonURL                                                  <=
SetHomeButtonURL_Explain                                          <=
SetNewTabPageURL                                                  <=
SetNewTabPageURL_Explain                                          <=
ShowMessageWhenOpeningSitesInInternetExplorer_Show_ContinueInEdge <=
ShowMessageWhenOpeningSitesInInternetExplorer_Hide_ContinueInEdge <=
UnlockHomeButton                                                  <=
UnlockHomeButton_Explain                                          <=
AllowTabPreloading                                                <=
AllowTabPreloading_Explain                                        <=
AllowTabPreloadingDropdown_AllowTabPreloading                     <=
AllowTabPreloadingDropdown_PreventTabPreloading                   <=
ConfigureTelemetryForMicrosoft365Analytics                        <=
ConfigureTelemetryForMicrosoft365Analytics_Explain                <=
ZonesList_IntranetOnly                                            <=
ZonesList_InternetOnly                                            <=
ZonesList_Both                                                    <=
ZonesList_None                                                    <=
AllowPrelaunch                                                    <=
AllowPrelaunch_Explain                                            <=
AllowPrelaunchDropdown_AllowPrelaunch                             <=
AllowPrelaunchDropdown_PreventPrelaunch                           <=
ConfigureKioskMode                                                <=
ConfigureKioskMode_Explain                                        <=
ConfigureKioskResetAfterIdleTimeout                               <=
ConfigureKioskResetAfterIdleTimeout_Explain                       <=
ConfigureOpenEdgeWith_Presentation                                <=
ConfigureHomeButton_Presentation                                  <=
SetHomeButtonURL_Presentation                                     <=
SetNewTabPageURL_Presentation                                     <=
PreventTurningOffRequiredExtensions_Presentation                  <=
AllowTabPreloading                                                <=
AllowPrelaunch                                                    <=
ConfigureTelemetryForMicrosoft365Analytics_Presentation           <=
ConfigureKioskMode_Presentation                                   <=
ConfigureKioskResetAfterIdleTimeout_Presentation                  <=
ShowMessageWhenOpeningSitesInInternetExplorer_Presentation        <=

The symptom is that in C:\Windows\CCM\Logs\WUAHandler.log entries similar to the following are recorded when executing a “Software Updates Scan Cycle” form the Control Panel Configuration Manager Actions pane:

Unable to read existing WUA resultant policy. Error = 0x80070002. WUAHandler 10/26/2017 4:45:09 PM 4752 (0x1290)

Group policy settings were overwritten by a higher authority (Domain Controller) to: Server and Policy NOT CONFIGURED WUAHandler 10/26/2017 4:45:09 PM 4752 (0x1290)

Failed to Add Update Source for WUAgent of type (2) and id ({63744FD0-7F66-4324-BD04-3E601F50387B}). Error = 0x87d00692. WUAHandler 10/26/2017 4:45:09 PM 4752 (0x1290)

The Cause

A Domain policy was found to contain a corrupted entry which can only be found using PowerShell.

The GPO Management GUI does not display any entries for Windows Updates, however there was a single legacy stub entry.

PS C:\Windows\system32> Get-GPRegistryValue -Name "POLICYName" -Key "HKLM\software\Policies\Microsoft\Windows\WindowsUpdate\AU"

KeyPath : software\Policies\Microsoft\Windows\WindowsUpdate\AU

FullKeyPath : HKEY_LOCAL_MACHINE\software\Policies\Microsoft\Windows\WindowsUpdate\AU

Hive : LocalMachine

PolicyState : Delete

Value :

Type : Unknown

ValueName :

HasValue : False

The Solution

Is that this entry can be removed, again using PowerShell using the command:

PS C:\Windows\system32> Remove-GPRegistryValue -Name "POLICYName" -Key "HKLM\software\Policies\Microsoft\Windows\WindowsUpdate\AU"

The correct end goal is that there should be no WSUS setting applied in any domain GPO for SCCM to work.

Microsoft Sysadmin & Migration Thoughts

Wednesday 5 December 2018

1809 PolicyDefinitions Error in non en-US ADML templates for MicrosoftEdge.adml

Friday 27 October 2017

SCCM Patching: Error in WUAHandler.log: Group policy settings were overwritten by a higher authority

Friday 14 February 2014

Connecting to MS AD server using Principlecontext Fails with error "The server cannot handle directory requests"

Background