Laptops

Please note some people have commented that running this CI on Laptops changed the WLAN too, and it can sometimes trigger Bitlocker to ask for the recovery key. So maybe don’t add Laptops to your collection at the moment. Will hopefully update this post soon restricting this to desktops only. 

What is Wake On Lan and how does it work?

Wake On Lan is an industry standard protocol for waking computers up from various sleep states, see below. In essence it’s the ability to wake computers up when you need to, well that’s the theory. Getting all the machines to wake up is like finding the holy grail sometimes.

Last Friday WannaCryrpt ransomware started hitting machines around the world and I contacted my department head and asked for permission to update all workstations and ignore maintenance windows, he agreed and I got to work. To my horror when I deployed the updates almost all of my 4000 workstations didn’t wake up. It turned out to be an issue with ACL lists on the switches, but to me it shows how hard it is to get WOL to work consistently. You need many ducks in a row for this to work.

So today I wanted to talk about how you get this to work or more likely how to give you the best chance of it working consistently. Wake on LAN uses what’s called a magic packet which is broadcasted across your environment, it contains the subnet information, network address, and the MAC address of the target computer’s network card. A Magic Packet consists of 6 bytes of all 255 (FF FF FF FF FF FF), followed by sixteen repetitions of the target computer’s MAC address.

Going forward I am assuming your BIOS supports and is configured for WOL

If you want to add support for Surface add this (WOL Surface)

Sleep States

Below are the different sleep states, in a previous post I spoke about how Windows fast startup can interfere with WOL. The machine should wake up from most of these states.

State Description
S0  The computer is on and fully functional.
S1  The computer appears to be off with the CPU stopped. RAM is refreshed, and the computer is running in a low power mode.
S2  The computer appears to be off with the CPU stopped. RAM is refreshed, and the computer is running in a lower power mode than S1.
S3 (Standby)  The computer appears to be off with no power to the CPU. RAM is in slow refresh.
S4 (Hibernate)  The computer appears to be off with no power to the hardware. System memory has been saved as a temporary file on the hard disk.
S5 (Off)  The computer is off with no power to the hardware, and the operating system has been shut down without saving system memory to disk.

Default Network Adapter settings for WOL

  1. This is an example of a network adapter that wont allow WOL
  2. If we look in WMI we can see the setting for “Allow this device to wake the computer” and “Only allow a magic packet to wake the computer” by default they are disabled.

Subnet-directed broadcast Versus Unicast

What ever method you pick its work consulting your network team first.

Subnet Directed Broadcast: This method retrieves the subnet address and MAC address from Hardware Inventory and then the magic packets are targeted at the subnet. The magic packet is sent to all machines on that subnet but should only wake up its intended target. If ConfigMgr doesn’t have the IP and Mac address this wont work, plus subnet broadcast is normally disabled on routers and switches.

Unicast: This method transmits the IP address and MAC address that is stored in the Hardware Inventory and the magic packets are targeted directly. This will not work if the ARP cache on the switch has flushed out the MAC and IP of the computer. The ARP cache keeps a record of the MAC and IP address, normally the ARP cache is only held between 8 and 40 minutes but depends on your set up.

Configure System Center Configuration Manger for WOL

Go to the properties of the Site Server.

Go to the Wake on Lan tab, I use “Subnet-directed broadcasts”

Click on Advanced. I changed the retries from 3 to 5 and set the delay to 2 minutes. It works better for my environment.

Next go to the ports tab, currently its set to UDP port 9 Microsoft suggest changing this.

 

Automating adapter configuration with ConfigMgr CB

A few years ago I used a Vb script to alter the settings on our network adapters but this had a few flaws. The first was if the network adapter reset the settings reset to the default, the second was it tried to change all adapters settings (including Virtual) and finally I didn’t have a way to confirm that it actually worked. Now Maurice and I are pretty big fan boys when it comes to Configuration Items and Configuration Baselines. If you have never used them before my brother from another mother wrote a great article on this here (ConfigMgr Configuration Baselines – A Beginners Guide).

Configuration Item

  1. Open the SCCM Console and expand the Compliance Settings section
  2. Right click on the Configuration Item and select Create Configuration Item
  3. Give your CI a name, always good to follow a naming pattern.
  4. I selected Windows 7, 8, 8.1, and 10
  5. Under Settings tab, new
    • Name: All this device to wake the computer
      Description: This allows the NIC to wake up the machine.
      Setting type: WQL query
      Data type: Boolean
      Namespace: root\wmi
      Class: MSPower_DeviceWakeEnable
      Property: Enable
      WQL query: InstanceName Like ‘PCI%’

      Warning when I copied this to the site it changed the formatting

  6. Under Compliance rules
  7. Under Settings tab, new
    • Name: Only allow a magic packet to wake the computer
      Description: Magic packets only.
      Setting type: WQL query
      Data type: Boolean
      Namespace: root\wmi
      Class: MSNdis_DeviceWakeOnMagicPacketOnly
      Property: EnableWakeOnMagicPacketOnly
      WQL query: InstanceName Like ‘PCI%’

      Warning when I copied this to the site it changed the formatting

  8. Under Compliance rules
  9. Review the settings
  10. Review Compliance Rules

 

 

Configuration Baseline

With the Configuration Items created the next step is to create a Configuration Baseline and deploy it to your collection.

  1. Right click on Configuration Baseline and click Create Configuration Baseline.
  2. Give the baseline a name.
  3. The final step is to deploy the Configuration Baseline to the Collection, so right click on the Configuration Baseline and Deploy. Ensure that “Remediate noncompliant rules when supported” is ticked.

Compliant

On a client machines you should see this.

The network adapter now has the settings ticked.

Under WMI you can see the settings enabled and only for the physical adapters.

Monitoring

Under the monitoring node I can see compliant machines.

And there we go.

30/06/2017

As requested here is the 
CI-Enable-Wake-on-Lan.zip (62 downloads)

I am originally from Dublin – Ireland but moved to London in 2000 to study for a Computer Science degree. I currently work for London Metropolitan University, It’s a challenging but also a creative environment.

I specialise in system center configuration manager and application packaging, I’m working on increasing my online presence though my website and twitter account so please feel to drop me a line.

(3069)

comments
  • Matthew Davidson
    Posted at 16:27 May 19, 2017
    Matthew Davidson
    Reply
    Author

    Great article! Very timely!!

  • Ben
    Posted at 23:33 May 19, 2017
    Ben
    Reply
    Author

    Great article! Great way to enable WOL. Do you use RCT to actually wake them up individually if needed or just rely on the deployment to wake them up? I have scenarios where I just need to switch a remote PC on without a deployment.

    • Terence Beggs
      Posted at 06:36 May 20, 2017
      Terence Beggs
      Reply
      Author

      Hi Ben, yes I use RCT tools. If I’m in a hurry I use the RCT tools to wake machines up rather than wait on a deployment. As the site server is one of the only VMs allowed to wake up machines, the RCT tools must be run from there, but that is just my environment. Thanks.

  • MD Arif Hussain
    Posted at 22:39 May 20, 2017
    MD Arif Hussain
    Reply
    Author

    This is a great article! I really appreciate it!
    Genius like you are make ConfigMgr Admin life easier.

  • Stephane
    Posted at 03:15 May 21, 2017
    Stephane
    Reply
    Author

    Awesome article, I’m wondering, do we need to change some bios settings in order to make this work, or we just need to follow your guide? Thks

    • Terence Beggs
      Posted at 07:43 May 21, 2017
      Terence Beggs
      Reply
      Author

      Yes you will need to a) confirm your motherboard supports this (most do), but I have been screwed over by this in the past b) you will need to turn this on, if your lucky enough to have dell or hp this should be pretty easy to do.

  • Ben
    Posted at 12:48 May 21, 2017
    Ben
    Reply
    Author

    Thanks for the reply mate. I’m gonna have to dip into this SCCM magic. We have machines waking on randomly and we can’t figure out why. I assume we can nominate a couple of PCs in each subnet to act as WOL/WOW agents.

    • Terence Beggs
      Posted at 14:46 May 21, 2017
      Terence Beggs
      Reply
      Author

      Yes you can test WOL within a subnet, as for randomly waking machines, check wake on alarm in the bios. We had machines randomly waking at 7am the poor cleaner probably thought the room was haunted.

  • Rasheed
    Posted at 18:41 May 22, 2017
    Rasheed
    Reply
    Author

    Hi and thanks for this article really appreciated !

    I get an error ID 0X80041010 ” NON VALID CLASS” on the deployment Status. Can you tell me what i’m doing wrong ?

    • Terence Beggs
      Posted at 18:56 May 22, 2017
      Terence Beggs
      Reply
      Author

      Double check to make sure the class is root\wmi

      • Terence Beggs
        Posted at 11:13 May 23, 2017
        Terence Beggs
        Reply
        Author

        Look at the post again as someone else pointed out that InstanceName Like ‘PCI%’ is changed to InstanceName Like ‘PCI%’ when i copy it to the blog

  • Andreas
    Posted at 10:39 May 23, 2017
    Andreas
    Reply
    Author

    Thanks for this post, was kinda waiting for it 😉

    But unfortunately, it doesn’t work for me. This is DcmWmiProvider.log:

    WQLRealizer::QueryValues- failed at Namespace.Query with Error=0x80041017 DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed in discovering instance.
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed to do HandleExecQueryAsync().
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed to process CWqlQueryProvider::ExecQueryAsync.
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    WQLRealizer::QueryValues- failed at Namespace.Query with Error=0x80041017 DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed in discovering instance.
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed to do HandleExecQueryAsync().
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed to process CWqlQueryProvider::ExecQueryAsync.
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)

    • Terence Beggs
      Posted at 10:41 May 23, 2017
      Terence Beggs
      Reply
      Author

      Double check to make sure the class is root\wmi
      Are the NIC’s intel?

    • Andreas
      Posted at 10:43 May 23, 2017
      Andreas
      Reply
      Author

      ooohhhh that’s evil!
      I figured it out:
      I copyed your WQL query ” InstanceName Like ‘PCI%’ ” and the ’ you used on the site is not the ‘ you have to use in your query. Replaced your ’ by ‘ and now it works. 🙂

      • Terence Beggs
        Posted at 10:47 May 23, 2017
        Terence Beggs
        Reply
        Author

        You know what i have had that before from other sites. I will update the post to warn people.

      • Terence Beggs
        Posted at 11:12 May 23, 2017
        Terence Beggs
        Reply
        Author

        Ok i have updated the post, for some reason it changes the formatting when I copy it to the post.

  • Big Geoff
    Posted at 14:46 May 23, 2017
    Big Geoff
    Reply
    Author

    Great work, you are making me look good!

  • Greg
    Posted at 19:45 May 23, 2017
    Greg
    Reply
    Author

    Thank you. That worked great.

    • Bharat
      Posted at 10:29 May 29, 2017
      Bharat
      Reply
      Author

      Hi Terence Beggs,

      Is this only applicable to intel based nic and does not matter who is the maker of laptop or desktop.

      Bharat

      • Terence Beggs
        Posted at 12:53 May 29, 2017
        Terence Beggs
        Reply
        Author

        Hello Bharat,

        I have mostly Intel in my environment but we do have about 100 Broadcom and it’s works for that too. Some NICs are just rebranded Intel too, might need a bit of trial and error. Doesn’t matter about the make and model.
        Hope that helps.

        Thanks.

  • Kyle
    Posted at 16:16 June 30, 2017
    Kyle
    Reply
    Author

    Can you make this a .CAB file so I can import. what mark should go around the PCI% quotes or the tick make below the ~ key.

    • Terence Beggs
      Posted at 16:27 June 30, 2017
      Terence Beggs
      Reply
      Author

      Good idea, done.

      Check the bottom of the post, will transfer this to technet when i get a chance

  • Kyle
    Posted at 16:58 June 30, 2017
    Kyle
    Reply
    Author

    I added that .CAB file and I get an error. : Error Type
    Error Code
    Error Description
    Error Source
    Setting Discovery Error
    0x80041010
    Invalid class
    WMI
    Error Type
    Error Code
    Error Description
    Error Source
    Setting Discovery Error
    0x80041010
    Invalid class
    WMI

    We have all HP Devices

    • Terence Beggs
      Posted at 23:06 July 1, 2017
      Terence Beggs
      Reply
      Author

      What version of ConfigMgr are you running.

    • Terence Beggs
      Posted at 09:30 July 3, 2017
      Terence Beggs
      Reply
      Author

      Managed to sort the issue, please download again. thanks

  • Eric Schloss
    Posted at 17:00 July 10, 2017
    Eric Schloss
    Reply
    Author

    Great post. Playing around with it and came across something.
    On at least some HP systems, the default boot order for wake on lan is PXE first and then the internal hard drive.
    If your normal boot order is internal hard drive first and you have BitLocker is enabled, that change in boot order causes the system to prompt for the encryption key. I will have to change the WOL boot order in addition to the WMI changes to set this up in our environment.

    • Terence Beggs
      Posted at 17:03 July 10, 2017
      Terence Beggs
      Reply
      Author

      That is a very interesting comment, i will need to look at this as i have found my Toshiba laptops doing something similar.

  • Adam
    Posted at 22:04 August 22, 2017
    Adam
    Reply
    Author

    I ended up using the following because it wasn’t ticking all the boxes correctly for me on some machines:

    MSNdis_DeviceWakeOnMagicPacketOnly
    MSPower_DeviceEnable
    MSPower_DeviceWakeEnable

    I didn’t put the ‘PCI’ part in as I was testing that behavior. I see it has applied to the WLAN Cards on the machines and I’m seeing some of them wake up from sleep quite consistently. That may be because in the BIOS on these machines WOL is set to ‘LAN & WLAN.’ I’m testing that now but just curious if ‘PCI’ would have excluded the wireless cards?

    • Terence Beggs
      Posted at 09:30 August 23, 2017
      Terence Beggs
      Reply
      Author

      Hello Adam

      Yes i set it out to only change the ethernet cards, adding PCI excluded Wireless on my laptops. Im going to be taking a second look at this post soon.
      Thanks

      • Adam
        Posted at 15:22 August 23, 2017
        Adam
        Reply
        Author

        Ya, I may have put myself in an awkward position. I guess I would have to make two copies of these policies, one for LAN and one for WLAN. Is there an ‘instance’ filter I can use for WLAN?

        • Terence Beggs
          Posted at 15:29 August 23, 2017
          Terence Beggs
          Reply
          Author

          I will have to look into this might be able to look tomorrow and get back to you.

          • Adam
            Posted at 14:54 August 28, 2017
            Adam
            Author

            Actually, the WLAN Card starts with ‘PCI’ as well, so it would apply there. Curious how I could separate that……….

          • Adam
            Posted at 21:21 September 13, 2017
            Adam
            Author

            What’s really odd is that I can disable ‘WoWLAN’ in the BIOS and it still wakes up. The only thing that fixes it is disabling all of these settings on the WLAN NIC in Device Manager. The setting specifies, however, to only wake on magic packet and I’m not sending any to these particular machines. If I do ‘powercfg -lastwake’ it just states the Wireless Card.

            Updated the BIOS and the NIC.

            Very odd……

          • Terence Beggs
            Posted at 10:16 September 14, 2017
            Terence Beggs
            Author

            Thanks for the update Adam, i’m going to put up a note on the blog advising people to be careful when using this on laptops. Another person commented that it was causing Bitlocker to ask for the recovery key, although i wasnt able to replicate that its worth noting.
            Im hopefully going revisit this blog again. Thanks

  • Bharat
    Posted at 17:46 August 23, 2017
    Bharat
    Reply
    Author

    Why not disable the packets on wireless and it can achievable and all you need to ask you network team to have separate VLAN for wireless and block the same on wireless vlan.

    • Adam
      Posted at 13:54 August 28, 2017
      Adam
      Reply
      Author

      I could look into that. I’m assuming, at some point, we may want that enabled as things go more wireless. So far it seems model-specific. Not sure why some models/nics seem to wake up more frequently.

    • Adam
      Posted at 21:33 August 28, 2017
      Adam
      Reply
      Author

      I could but not sure if that’s what is causing it. If I disable WoWLAN in the BIOS it still happens. Doesn’t seem to be all models, either. If I run an Insomnia Report in ConfigMgr, much of these machines show ‘MsMpEng’ as the reason. Now sure why Endpoint Protection would be waking these machines up?

      • Terence Beggs
        Posted at 11:29 August 29, 2017
        Terence Beggs
        Reply
        Author

        Think I need to look over this post again to adjust it for what you have found. Currently travelling so will look over it next week.

  • Leave a Reply to Terence Beggs
    Cancel Reply