.NET 3.5 (NetFx3) Installation Fails With Error 3017 And HRESULT 80070BC9 on Server 2012 R2

Recently, when rebuilding my System Center Configuration Manager 2012 lab, I ran into an issue.  I was preinstalling SQL Server 2012 and hit a snag.

Image: Error while enabling Windows Feature: NetFx3 Please enable Windows Feature NetFx3 from Windows management tools and then run setup again.

It seems that for whatever reason the SQL installer could not install the .NET 3.5 framework. Thinking this would be a simple fix I opened up PowerShell, fired off a quick Install-WindowsFeature and… it also failed.  Puzzled I headed to the Internet.  As it turns out this was a common problem and quite a few others suggested using DISM in online mode to install the feature either by pointing direct to the source media

Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess

or by obtaining the feature from windows update

Dism /online /enable-feature /featurename:NetFx3 /All

Neither worked.  Both returned the error 3017, which basically means “something broke, you need to restart to roll back the installation”.  Examining C:\Windows\Logs\DISM\dism.log revealed the following:

DISM Package Manager: PID=2536 TID=352 Error in operation: (null) (CBS HRESULT=0x80070bc9) - CCbsConUIHandler::Error
DISM Package Manager: PID=2536 TID=2292 Failed finalizing changes. - CDISMPackageManager::Internal_Finalize(hr:0x80070bc9)
DISM Package Manager: PID=2536 TID=2292 Failed processing package changes with session options - CDISMPackageManager::ProcessChangesWithOptions(hr:0x80070bc9)
DISM Package Manager: PID=2536 TID=2292 Failed ProcessChanges. - CPackageManagerCLIHandler::Private_ProcessFeatureChange(hr:0x80070bc9)
DISM Package Manager: PID=2536 TID=2292 Failed while processing command enable-feature. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x80070bc9)
DISM Package Manager: PID=2536 TID=2292 Further logs for online package and feature related operations can be found at %WINDIR%\logs\CBS\cbs.log - CPackageManagerCLIHandler::ExecuteCmdLine
DISM.EXE: DISM Package Manager processed the command line but failed. HRESULT=80070BC9

While not terribly helpful the DISM log tells us where we can get more information.  The cbs.log showed:

Info CSI 000000a7 Begin executing advanced installer phase 34 (0x00000022) index 246 (0x00000000000000f6) (sequence 278)
     Old component: [l:0]""
     New component: [ml:276{138},l:274{137}]"WWF-PerfCnt_ini, Culture=neutral, Version=6.3.9600.16384, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=x86, versionScope=NonSxS"
     Install mode: install
     Installer ID: {d82eedee-854e-4f9a-b458-ae1bc62a0e6b}
     Installer name: [16]"LodCtr Installer"
Info CSI 000000a8 Performing 1 operations; 1 are not lock/unlock and follow:
     (0) LockComponentPath (10): flags: 0 comp: {l:16 b:547843cbc942cf0124030000e4088408} pathid: {l:16 b:547843cbc942cf0125030000e4088408} path: [l:184{92}]"\SystemRoot\WinSxS\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.3.9600.16384_none_086429b116eaedfd" pid: 8e4 starttime: 130396348381515426 (0x01cf42c9b949cea2)
Error CSI 00000002@2014/3/18:16:47:48.324 (F) Logged @2014/3/18:16:47:48.324 : [ml:242{121},l:240{120}]"RegQueryValue_ServiceFirstCounter("SYSTEM\CurrentControlSet\Services","Windows Workflow Foundation") fails (2,0)"
Error CSI 00000003@2014/3/18:16:47:48.324 (F) Logged @2014/3/18:16:47:48.324 : [ml:354{177},l:352{176}]"Extract actual INI path "C:\Windows\inf\Windows Workflow Foundation\PerfCounters.ini" from "C:\Windows\inf\Windows Workflow Foundation\PerfCounters_D.ini"."
Error CSI 00000004@2014/3/18:16:47:48.324 (F) Logged @2014/3/18:16:47:48.324 : [ml:354{177},l:352{176}]"Extract actual INI path "C:\Windows\inf\Windows Workflow Foundation\PerfCounters.ini" from "C:\Windows\inf\Windows Workflow Foundation\PerfCounters_D.ini"."
Error CSI 00000005@2014/3/18:16:47:48.340 (F) CMIADAPTER: Inner Error Message from AI HRESULT = HRESULT_FROM_WIN32(1010)
[44]"The configuration registry key is invalid.
Error CSI 00000006@2014/3/18:16:47:48.340 (F) CMIADAPTER: AI failed. HRESULT = HRESULT_FROM_WIN32(1010)

Checking the registry key mentioned in the error revealed that the key was related to performance counters. A little more research led me to the lodctr.exe tool, and running

lodctr.exe /R

performed a rebuild of the performance counters. After rebuilding the performance counters installing the .Net 3.5 framework feature with DISM succeeded.

PXE Boot Fails and WDS Fails to Start With Event 258 and Error 0xC1030104 After Removing Multicast Service Point Role form an SCCM / ConfigMgr 2007 Distribution Point

During an office-wide Windows 7 OSD migration this weekend we had some workstations downloading extremely slow over multicast. While that is a problem unto itself that may need to be solved at a later date we were down to 8 workstations so I decided to cut multicast off and let them fall back to SMB since SMB downloads on other workstations seemed to be working just fine. It seemed the best way to accomplish this was to simply remove the multicast role from the distribution point. This strategy appeared to work. The workstations did in fact fall back to SMB and the installations completed in a reasonable amount of time.

Of course if that were the end of the story I wouldn’t be writing this now. We tried to PXE boot one last workstation that had failed the night before and found that it couldn’t contact the PXE service point for a boot file. This behavior seemed odd as it was working fine only a few hours ago. Checking the pxecontrol.log showed the following:

adding address to server list [Site System IP]
adding address to server list
Sending availiability packet to: [Site System IP]
Sent 274 bytes to [Site System IP]:4011
Recieved Packet 04EC6B38 does not have associated request.
Error validating replies
Sending availiability packet to:
Sent 274 bytes to
Error receiving replies

A quick inspection of the Windows Deployment Services Server service showed it to be stopped and attempting to manually start the service gave an error.  Checking the event log showed (among other things) Event 258 which looked like this:

An image from the event view showing event 258 with the text The description for Event ID 258 from source WDSIMGSRV cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: 0xC1030104

I’ll skip all the boring troubleshooting and cut right to the solution.  To correct the issue:

  • Remove the boot images from the PXE distribution point
  • Remove the PXE service point from the site server
  • Remove the WDS roles from the server
  • Restart (as requested by the role removal)
  • Reinstall the WDS roles on the server
  • Add the PXE service point back to the site server
  • Copy the boot images back to the PXE distribution point (note that this doesn’t take too long because the server will still have the compressed copy of the package so it just has to decompress it)

Setting the color and properties for all CMD and PowerShell windows based on admin / elevation status.

To quote Mark Twain, “The rumors of my death have been greatly exaggerated”. 

This blog is not dead. I realize it’s been quite some time since my last post. Two factors have contributed to the lengthy hiatus. First, I’m busy. Not just “I wish I had some time to catch up on some television, movies, and books.” busy, but “I wonder just how few hours of sleep the human body actually needs to survive.” busy. Second, my goal with this blog is not just to aggregate what’s already out there, but to add unique value to this little corner of the internet. If I don’t have something useful to say that hasn’t been covered elsewhere I see no need to add to the din.

Now, on to the “value”!

Several years ago Aaron Margosis posted a way to make all your CMD windows running as admin “visually different” than your non-admin windows. You can (and should) read that blog here. Fast forward a few years and I find myself using PowerShell more and more.  Furthermore, UAC makes it even more valuable to know which CMD and PowerShell windows are running with administrative credentials and which are not. Needless to say, as someone who has become accustomed to the functionality Aaron provided for CMD windows I wanted to port this same behavior to my PowerShell windows.  Here is how I did it…

Read more of this post

Unable to Pin an Item to the Start Menu

Admittedly this is not specifically SCCM or managed desktop related but I thought I’d share anyway.

As part of an OSD build I was trying to automate pinning a company-wide in-house application to the start menu, but my pinning script* wasn’t working. Right clicking on the EXE for the item revealed why. There was no option for “Pin to Start Menu” or “Pin to Taskbar” available on the item’s context menu. A little digging on the internet lead me to the following MSDN page: How to Exclude Items from Taskbar Pinning and Recent/Frequent Lists

The Remarks section at the end of that page revealed the answer to my problem. The application I was trying to Pin contained the word “help” in the filename, which is on a list of “restricted” items. The documentation states “This automatic exclusion can be overridden by applying an explicit AppUserModelID.”, and if you’d like more information on applying an explicit AppUserModelID feel free to read this page.  Now, setting up this AppUserModelID would have probably been the right way to solve my problem, but I didn’t have that kind of time to investigate what that entailed and work out this little issue.  All I wanted was to not have to worry about if the program I wanted to pin had the word “help” in the file name so I took the easy way out and just removed the “help” entry from the AddRemoveNames value under the HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation key and viola I was able to pin the program.

Images showing the AddRemoveNames value in the Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation key that prevents an item from being pinned to the start menu

This certainly isn’t the recommended solution for a program you’re going to distribute to third parties since it would be considered bad form to go changing system wide settings on someone else’s computer without asking, but in this case it’s all in-house and the powers that be seem fine with my “quick fix” solution.  If you’re going to do this “in the real world” you should investigate the AppUserModelID route. 

On a side note, sure I could have re-named the EXE to something that didn’t contain the restricted word, but since the EXE or Shortcut, (ahem “Shell Link”) name gets used for the pinned item’s start menu text that would have meant coming up with some new creative name not using the word “help”.  Further, the new name would be different from what the users currently see on their XP start menu and we all know that means more support requests for the help desk which tends to make them grumpy.



*Technically not my pinning script, but rather the pinning script I use compliments of the fabulous Hey Scripting Guy! blog.  Check it out at: “Can I Pin a File to the Start Menu by Using a Script?

Secondary Site stuck in a pending state with the error “Cannot find a public key for instruction \inboxes\despoolr.box\receive\somefile.ist coming from site XYZ, retry it later” in the despool.log

I certainly like the fact that I can setup a new secondary site right from the Configuration Manager console and that additionally I can choose to push the installation files to the new secondary site as part of that setup process.  Sometimes it even works.  However, more often than not I end up with a site stuck in a pending state.  Usually checking the despool.log on the primary site I see something similar to:

Cannot find a public key for instruction \inboxes\despoolr.box\receive\somefile.ist coming from site XYZ, retry it later

To correct this problem log on to the secondary site server, open a command prompt, and from the \Bin\i386\00000409\ folder run

preinst /keyforparent

This command will create a <XYZ>.CT4 file in the root of the drive. Copy the <XYZ>.CT4 file into the \inboxes\hman.box\ folder on the primary site. Wait a few minutes for the hierarchy manager to import the file (it will disappear from the folder) and the despooler to finish processing its backlog and everything should be back on track.

Likewise, you may also subsequently encounter a similar issue where the new secondary site doesn’t have a key for the primary site.  In that case the despool.log on the secondary site server should show similar errors to what we saw in the primary site’s despool.log. In this case log on to the primary site server and run

preinst /keyforchild

Copy the resulting CT5 file to \inboxes\hman.box\ on the child site and wait for the child site to import the CT5 file and complete processing just like you did for the primary site.

Error 0x80070490 Running Task Sequence From Run Advertised Programs

Here’s a quick tip.  If you’re getting the errors below in your smsts.log when running a task sequence from Run Advertised Programs it may be because you’ve advertised the task sequence to a user rather than a computer.  Remove the user from the targeted collection, add the computer, and refresh policy and everything should work.

No execution request with PRG_DependentPolicy=FALSE found for advertisement <Advertisement ID>
Error getting running advert info. Code 0x80070490
Error getting package location and access account information. Code 0x80070490
Error initializing TS environment. Code 0x80070490
Task sequence launcher advertisement failed!. Code 0x80070490

Adding a Password to a Single PXE Boot Task Sequence

If you PXE boot for OSD and you need to add a password to your task sequences you can browse to your PXE service point properties, check the box labeled “Require a password for computers to boot using PXE” and enter a password. Any computers booting from that PXE service point will prompt for the password prior to presenting the user with the list of advertised Task Sequences.

PXE Service Point properties page with Require a password for computers to boot using PXE checkbox called out.
Simple enough, but what if you want to add a password to a single task sequence?  One possible solution is to create a script to do the password checking, which I’ve already done for you and you can find at the end of this post, then created a Run Command Line step as the first step in your task sequence that utilizes the script.  The script takes a single argument, the password, and when run prompts the user with a simple input box to enter the password.  If the input password matches the password from the command line the script exits with a success return code and the task sequence continues as normal.  If the user cancels the input or enters a blank password the script exits with a failure return code and the task sequence fails.

Task Sequence showing a Run Command Line step as the first step of the Task Sequence to perform password checking on a single PXE Booted task sequence.
To be fair this script is pretty basic.  It certainly could be expanded upon by masking the password or validating the user against Active Directory.  It also isn’t terribly secure since someone could easily examine the logs and discover the password, but the script suited my needs and it should be good enough for situations where you just want to keep the average user from shooting themself in the foot.

As always, the standard disclaimer applies.  This works for me, it may not work for you.  Use it at your own risk.