Hey guys,

we are using the WebService (1.8.0) and I have a problem when requesting the GetCMDeviceCollection endpoint.
I'll use the python requests library and the payload looks like this:

<!--  Secret is removed. -->

<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
      <soap12:Body>
           <GetCMDeviceCollections xmlns="http://www.scconfigmgr.com">
           <secret>XXXXXXX-XXXXXXX-XXXXXXX-XXXXXX-XXXXXX</secret>
           <filter>[OSD]></filter>
           </GetCMDeviceCollections>
      </soap12:Body>  
</soap12:Envelope>

I try to filter something with square brackets and it is showing me everything... the request is not filtered... i also tried to use a CDATA element or some XML encoding... but this does not work either.

What is wrong?

Good day,
I receive error when tried to do first connect in ConfigMgr Web Service Diags:

Invoke-WebRequest :
IIS 10.0 Detailed Error - 403.14 - Forbidden
HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.

I have MECM Version 2010, Console 5.2010.1093.3100, Site 5.0.9040.1000
DAT Version: 6.5.2 (for 20H2 machines)

I tried to fill SQL and MDT keys but without any success.

I followed the manual installation guide and all seems to be configured properly. I provided my domain admin credentials as this is my lab to the IIS app pool, so I know it's not a permissions issue.

I intend on using this with OSDFrontEnd eventually. I'm running SCCM 1910.

Hi,

an application is configured with a dependency. All applications are loaded within a Task Sequence. GetCMApplication is used. The dependency isn't shown by GetCMApplication, therefore the Task Sequence breaks as the Dependency needs a reboot.

Any ideas? Is this a bug?

Thanks

Using the Global Catalog instead of LDAP

If you update line 5673

from:
string currentDomain = String.Format("LDAP://{0}", defaultNamingContext);

to:
string currentDomain = String.Format("GC://{0}", defaultNamingContext);

Not necessarily an issue, but a request to have a means of getting the Program/DeploymentType details for a specified Package or Application.

Hello,

I need a little help on this one. I'm a complete beginer when it comes to use webservices in deployment with MDT, but I'm trying my best to make my way through it :)

So here is my issue :

In MDT I use the following customsettings.ini file to call the WebService but in return I get an error. To me it seems like I have an issue with the URL syntax in "WebService=http://srvdeploy01/ConfigMgrWebService/ConfigMgrWebService.asmx/GetADComputerDescription"

It's working fine when i'm testing it on my browser at : http://srvdeploy01/ConfigMgrWebService/ConfigMgrWebService.asmx?op=GetADComputerDescription

And it's working too when I'm using it trough powershell with try { $URI = "http://srvdeploy01/ConfigMgrWebService/ConfigMgrWebService.asmx" $WebService = New-WebServiceProxy -Uri $URI -ErrorAction Stop } catch [System.Exception] { Write-Warning -Message "An error occured while attempting to calling web service. Error message: $($_.Exception.Message)" ; exit 2 } $Invocation = $WebService.SetADComputerDescription($SecretKey, $ComputerDescription)

Any help, even a little would be greatly appreciated as I've no idea how to make this work on my own...

Thanks !

CustomSettingsini.txt
error 500 in ZTIGather log.txt

PS: The glimpse of my ZTIGather.log is partially in French, if that's an issue I can translate it with pleasure !

Would like the ability to exclude functions with an application setting in IIS/web.config. Similar to how Maik Koster's web service was configured https://maikkoster.com/deployment-web-service-7-3-basic-security

When using the function GetCMPrimaryUserByDeviceName I get several users back in my result that are not Primary Users, at least not according to the SCCM console.

I am using ConfigMgr WebService 1.8.0

Hi Nickolaj,

First of all: great work with all your blogposts and ConfigMgr related solutions. Appreciate the effort and dedication!

I have a question for the function SetADOrganizationalUnitForComputer and the other AD related functions..

Scenario: Installed computer is located in site A and the ConfigMgrWebService server is installed in site B. Both sites have another AD controller assigned. If the computer is freshly installed and joined to AD, it will contact AD controller in site A. If I would like to move this computer object with the web services, it will connect to the DC in site B. If replication hasn’t taken place, it won’t find the computer and can’t manipulate it.

Have you taken this in consideration or how would you best solve this issue? Thanks!

It looks like the function GetCMPrimaryDeviceByUser filters by the wrong parameter. The query is identical to the one used in GetCMPrimaryUserByDevice and yelds the same result.

Solution:
Change the query from "WHERE ResourceName" to "WHERE UniqueUserName"

The RemoveADComputer function in child domain (parent domain works fine) does not work. The permissions in Active Directory is not the problem. When trying the function on http://server/ConfigMgrWebService/ConfigMgr.asmx, the following error is displayed:

System.NullReferenceException: Object reference not set to an instance of an object.
at ConfigMgrWebService.ConfigMgrWebService.RemoveADComputer(String secret, String samAccountName)

The GetADComputer function is working without problems in the child domain. Setting the Description with SetADComputerDescription is working as well.

Added web method SetDataDiscoveryRecord and GetDataDiscoveryRecord. Allows to set custom discovery data.

For example:
Operating System Name and Version = “Contoso Windows 10 1903”

OSD Collection Query:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion = " Contoso Windows 10 1903"

After the client sends the heartbeat, It will automatically fall out of the OSD install collection

https://docs.microsoft.com/en-us/sccm/develop/core/servers/configure/how-to-create-a-data-discovery-record

That would be very helpful

going through the setup, the download did not include the compiled dll file. can you please provide.

Hi Nickolaj!

Thanks for all the good work! I have received several requests, to get the LastLogonUser By Device with your ConfigMgrWebService. Can you include that please? Thank you!

I know very little about hosting/deploying web services, so please take that into account if you respond :)

I have been using this web service productively in my SCCM environment for some time now to perform just a few infrequent operations. On a couple of occasions, I've tried to use the webservice as part of a larger deployment operation that targeted a number of existing clients at the same time. It didn't go well, as many of the calls to the web service will timeout if too many calls are made around the same time by different clients. At this time, I really don't have a feel for what that threshold is, though.

In general, what is a realistic expectation for the level of workload that this web service is designed to handle if installed/configured using the default settings on a "typical" Windows Server? In general, does the service simply construct an internal queue of incoming requests and evaluate them one-at-a-time in the order received? And is there anything that can be done on the IIS side or in the configuration of the service to allow the service to handle a greater number of requests in a short period of time?

Again, I know very little about IIS, so any feedback (whether specific solutions or links to general IIS concepts) is appreciated!

When RemoveADComputerFromGroup is invoked and group contains more than 1500 members, method fails.

Hello everybody,

we have a problem with the authentication in OSDFrontend with our Users from child domain. Under our doman are many child domains and we would like a central group to put our "OSD Admins" in.

It is a universal security group with members from the child domains, these members could not authenticate in OSDFrontend.

There are no errors in the Event Log "ConfigMgr Web Service Activity".
The "OSDFrondEnd.log" return the following error message:

I have already done some research, it seems that in general the cmdlet "GetADGroupMemberByUser" does not work for child domains. I've also tried to create a group with the same name in the child domain, but this does not work either.

Is there anything else I can check or is there a way to fix this? Thank you in advance.

Hi,
I am getting the above error when trying to install version 1.5.0. Where can I look to see what the issue is?
Thanks!

Hi Nicolaj,

First of all, great job on this web service it has been of tremendous value to us.

As a requirement from our security team, we tried to make the web service to run on HTTPS without success. Are there any special requirements for the web service to support https?

Thanks
Ioan

the GetCMOSImageForTaskSequence is not able to pull OS information if the Apply Operating System Image step in a TS is set to use an operating system from an original installation source

4 - Set Application Settings

Open IIS management console, expand Sites and Default Web Site.
Select ConfigMgrWebService application and go to Application Settings.

Getting below error's
Config File \?\C:\inetpub\ConfigMgrWebService\web.config
Config Error Configuration file is not well-formed XML

Thiswebconfig file is present web.release.config. As per instruction I have changed web.config and pasted configmgrwebservice folder under..

Possibility to retrieve current time from the web service. This way we could easily sync computer clock, evaluate how long deployments are lasting without caring WinPE time etc.

I think it would be a great and fast to implement feature to add.

What do you think?

Hi,
If we add a new device to our computer park to replace an old device, we give it a new name. Then we will have to find the directs rules.
Example device name:
Old device: Computer-Tony
New device: Computer-TonyX

It would be interesting to be able to retrieve the direct rules from a specific device:

GetCMCollectionsDirectMembershipRuleByDeviceName
GetCMCollectionsDirectMembershipRuleByResourceID
GetCMCollectionsDirectMembershipRuleByUUID

Can you include that please?
Thank you!

Would like to see user based functions such as the following:

AddCMUserToCollection
GetCMCollectionsForUserByName
GetCMCollectionsForUserByID
GetCMUserCollections
RemoveCMUserFromCollection

I don't know if this is possible in another way, but it would be helpful for us tho have this functionality.
We want to migrate our customers to one site and all of them use PXE OSD with (Unknown Computers deployment). We need a way to figure out which client owns the deployed computer and dynamically generate a list of task sequences for a specific computer without doing pre-staging. I was thinking to use boundary groups for that, hence the request.