SCCM 2012 R2 Compliance Error 87D00329

We have a few compliance items set up in SCCM 2012 R2 that use PowerShell scripts for detection and remediation. Most of these scripts are relatively simple, and have been working fine as compliance items using PowerShell 2.0. We have recently upgraded our workstations to Windows Management Framework 4, in an effort to bring them up to WMF 5. Unfortunately, this appears to have broken the compliance items. The scripts still run fine locally, but return error 0x87d00329 when initiated during compliance evaluation. The following gets reported to the event log when the compliance items try to run:


Version=1
EventType=PowerShell
EventTime=130912064509210575
ReportType=1
Consent=1
ReportIdentifier=7b8c723e-83c7-11e5-b958-9890969d9453
Response.type=4
Sig[0].Name=NameOfExe
Sig[0].Value=powershell.exe
Sig[1].Name=FileVersionOfSystemManagementAutomation
Sig[1].Value=10.0.10105.0
Sig[2].Name=InnermostExceptionType
Sig[2].Value=System.ArgumentException
Sig[3].Name=OutermostExceptionType
Sig[3].Value=System.ArgumentException
Sig[4].Name=DeepestPowerShellFrame
Sig[4].Value=werShell.ConsoleHost.InitializeStandardInputReader
Sig[5].Name=DeepestFrame
Sig[5].Value=System.IO.FileStream…ctor
Sig[6].Name=ThreadName
Sig[6].Value=Consol… main thread
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.4
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
FriendlyEventName=PowerShell
ConsentKey=PowerShell
AppName=powershell
AppPath=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Here is an example of one of the scripts that is having problems now:


$compliance = “Non-Compliant”
$domain = “MyDomain”
$add = “MyLocalAdmins”
$group = [ADSI]“WinNT://./Administrators,group”
$test = @($group.Invoke(“Members”))
Foreach ($member in $test) {
If ($member.GetType().InvokeMember(“Name”,‘GetProperty’, $null, $member, $null) -eq $add){
$compliance = “Compliant”
}
}
$compliance

I would start with running the script manually on a failing node. If that works I would look into executionpolicy for the user the script runs as. Does the script execute from a local drive or does it reside on a network disk/mapped disk?

The eventlog information hints at system.io.filestream constructor thingy. If you have a compliance script that involves fileoperation, you could try to look at that.

If you are still stuck after this, I would set up powershell transcript for a single workstation and inspect the logfile after the complicance script has been invoked.

Cheers

Tore