Hello everyone!
Besides the preparations for Community Day and Best of MMS, SCUG.be is preparing another great event for you.
We will organize a Configuration Manager Day, a day full of deep dive ConfigMgr content.
As we are still in the middle of preparing the event not much can be communicated yet,
only the following:
- Put the 4th of July in your agenda
- The complete SCUG.be team will be available delivering content and answering your System Center questions
- and oh yeah… Wally Mead is coming as well.
So no kidding, the rising star of the ConfigMgr Product Team will be on the scene.
Stay tuned for more details like location and agenda!
See you there!
If you haven’t registered yet for Community Day or Best of MMS, do it now!
Nico Sienaert
Hi there!
For those that are already testing with Service Manager 2012. It might be possible that you run into the following behaviour.
I noticed that my Orchestrator Runbooks did not show up in Service Manager.
My SCORCH connector in Service Manager was setup correctly and when syncrhonizing I saw a successful entry in Service Manager but in fact nothing happened.
The reason of this behaviour is that the Orchestrator Console is refreshing every 10 minutes.
Flushing the cache of the Orchestrator database can speed this up.
TRUNCATE TABLE[Microsoft.SystemCenter.Orchestrator.Internal].AuthorizationCache
Till next time!
Nico Sienaert
Hi there!
When installing the latest release of Service Manager I bumped on an odd issue during the installation. Almost at the end of the installation I received following error and a rollback of my installation happened.
Error: “the upgrade has failed before permanent modifications were made…”
Just to be clear, I’m not upgrading this is just a fresh installs so not a real helpful error.
When investigating the SCCMInstall log file (which is located under %temp%) with my favorite CMTrace tool 
I could see only one red line telling me the MSI 1603 error which isn’t really helpful either.
When analysing the log file more in detail the following was specified:
I decided to reinstall SQL and hey guess what…
Till next time.
Nico Sienaert
Hi there!
The Solution Accelerator team has released recently a new interesting tool, MVMC which is in CTP.
Today the only supported way to convert VMDK files to VHD files was using System Center Virtual Machine Manager.
Nothing wrong with that but as we all will massively convert our VMDK files to VHD format with Windows 8 Client its Hyper-v role that is coming up, it would be nice to have a lite tool for this isn’t it? 
Well that’s exactly when MVMC comes along.
Currenlty it’s a very simple command line tool which will do your conversion, nothing more nothing less.
Command line:
mvmc.exe “<path>\test.vmdk” “<path>\test.vdh” /dyn
The “/dyn” switch is optional if you want to create a dynamic VHD disk instead of a fixed VHD.
Here you have a screenshot of the user experience. You execute the command line and you will see that your VHD will be created.
Some notes you have to be aware of:
- only support of Windows Vista \ Server 2008 and above
- disks up to 150GB are currrently not supported
- Bulk conversion of multiple virtual machines are not supported
- Full machine conversion is unsupported for this release.
For more details, download the tool and read the Release Notes at the Connect site.
Till next time!
Nico Sienaert
Hi There!
On Thursday March 22 from 6:00 PM to 9:00 PM (GMT+0100) SCUG organizes an SCCM 2012 “offline” event in the Microsoft premises at Zaventem, Belgium
Speakers:
Kenny Buntinx: Package Conversion Manager
Nico Sienaert: What’s new on OS Deployment?
Register: http://www.eventbrite.com/event/1999070273
Pizza will be foreseen.
Hope to see you all there!
Nico Sienaert
Hi There,
Now RC is out for a few weeks, it’s time to share some experience.
1. Did you know that you cannot deploy a Task Sequence when using the Configuration Manager Client Agent Package that is created during setup?
The reference to the default client agent package is not valid in a task sequence.
You have to create a new package.
2. If you want to deploy Client Settings you can find the ADM files on your installation media: SMSSetup\Tools\ConfigMgrADMTemplates. Yes ADM files, no ADMX but there are tools to convert. I haven’t tested yet for these kind of policies.
3. How do Deployment Types get evaluated?
The deployment types will be evaluated by priority. By default this is the order when they are created but you can change that. The evaluation happens top down until a DT is found that meets the requirements and that moment the process stops.
4. Reports not visible in the ConfigMgr console, message “No items found”. When browsing to the Reports URL the “ConfigMgr_SiteCode” folder is visible but without reports below.
First of all in case of SQL reporting issues you should look into srsrp.log
In this case I found a line:
“The operation you are attempting requires a secure connection (HTTPS). “
This issue occurs when the SRS report server config file specifies that secure connections are required, but the SRS installation itself is not configured for SSL. This can be solved by doing the following:
1. Open the file rsreportserver.config in notepad (%programfiles%\Microsoft SQL Server\INSTANCE\Reporting Services\ReportServer\rsreportserver.config)
2. Find the entry for <add Key=”SecureConnectionLevel”>, the value attribute is most likely set to 2. Change the value to 0.
3. Save and close the file
4. Stop and start the report server service “net stop reportserver”, “net start reportserver”
OR you can enable HTTPS but then you need to reinstall the RSP role.
5. Did you realize that Dependencies are considered ONLY for install but not for uninstall?
If App A depends on App B. An install deployment of A will install B followed by A. An uninstall deployment of A will uninstall ONLY A and will not try to uninstall B.
6. When deploying an OSD task sequence the deployment option "Run from distribution point" is missing.
The reason for this is that for each package that you want to use for OSD you have to enable them to use a package share. At that time you can “run from DP”. All packages of the appropriate Task Sequence need to have this set before you the “Run from DP” option.
7. In Beta2 there was a setting “this site manages only ConfigMgr 2012 clients”. This check box has been renamed to "Require SHA-256" and is on the Signing and Encryption tab of the Site Properties dialog box.
8. How to limit package storage to one drive?
During the installation of a DP you can specify a drive letter for package storage. But are you sure only that drive will be used to store packages?
Not really, the single drive will be used until it is full (disk space left of 50mb by default) and then automatically another drive will be found. The only option to avoid this is the good old NO_SMS_ON_DRIVE.SMS file as DP Server Shares do not exist anymore.
9. As mentioned in my earlier blogs Global Data and Site data is replicated via SQL Replication. In the ConfigMgr console you have the Monitoring node to troubleshoot Database Replication. The corresponding log file is rcmctrl.log and you might have a chance to see more details in there.
10. Don’t panic if your Software Inventory is blank, it does not mean your inventory does not work. By default the software scanning is not including any files or file types other than with CM07.
- UPDATE and another important one:
There is no way anymore to control the location of the .PCK files. (cf. CM07 Component Configuration\Software Distribution in Site Management). You need to use the SDK if you want to control this.
If you haven't tried SCCM 2012 yet or you want to test one of the other tools of the System Center 2012 family you can find them here:
http://technet.microsoft.com/nl-be/evalcenter/hh505660.aspx
Till next time!
Nico Sienaert
Hi There!
17th of January at 7.30 pm (GMT + 1) I will present a TechNet LiveMeeting talking about Microsoft Deployment Toolkit 2012.
ZTI, LTI, UDI, Thin, Thick, Hybrid,… all this image terminology what is it all about?
Do you want to see how MDT can help you with your Windows 7 image approach?
Do you want to know why you might consider this to integrate with SCCM?
Do you want to learn some best practices?
And what about Windows 8?
Long story short, if you want to learn about MDT you cannot miss this session!
You can register here! Hope to meet you there!
Till next time!
Nico Sienaert
Hi There,
It’s clear that SCCM 2012 has a bunch of new features and improvments on board. Don’t know if anyone found some time to make the list but what I know is that the list will be long, very long.
After testing a while the RC version following improvements make me very happy. (so this is personal of course 
)
A lot of cool stuff on Client Settings side:
- Suspend Bitlocker PIN on restart.
How cool is that. I know quite some customers that didn’t want the Bitlocker PIN because of application installs that need a reboot. With this setting they don’t have to bother anymore.
- No escape anymore. Set Execution policy for Powershell
- Set install permissions (all users, no users, only admins, only admins & primary users)
- Configure firewall settings for remote control
Discovery methods:
With CM07 I was always confused with “System Group Discovery” and “Security Group Discovery”. Probably I was not the only one, as they changed it now.
With RC “System Group” is removed and “Security Group” is renamd to “Group Discovery”.
So now it’s clear with “Group Discovery” you discover groups and membership of these groups.
AD Forest/Group/System/User Discovery, sounds more obvious to me.
Delta Discovery:
Introduced in CM07 R3, cool feature but quite annoying that it only worked for new resources in AD. In Beta2 there were already some impromvents in RC it rocks!
Misc:
- Auto Remediation in DCM is very nice but with RC DCM respects Maintenance Windows. NICE
- Client health state is from now live data instead of summarized data.
- Our favorite tool to read logs (I know some prefer Notepad… Wally
) is now part of the installation so you don’t need to install a toolkit. It’s also renamed into “cmtrace”. You can find it in the Installation Directory under “Tools”.
- Simulate Application deployments, called preflight. Very nice to analyze your application deployment type behaviour without installing anything.
CAUTION: A simulated deployments counts as a real one which prevents a real
deployment being targeted to the same collection as a simulation is targeted.
Till next time!
Nico Sienaert
Hi There!
Last week I presented a Technet Livemeeting talking about DaRT 7.0.
For people that missed it you can find the recording HERE.
During the presentation we talked about tHe new DaRT feature, Remote Connection and how we can use the involved files to monitor OSD Deployments.
The Remote Connection tool works with the DaRT Remote Viewer tool where the ticketnumber of the remote sessions, IP address and port needs to be provided to establish the remote RDP connection.
Remote Viewer tool:
As in quite some circumstances IT people are not available “on the other side” to communicate the appropriate info to the IT Admin that wants to establish the remote connection. I have created a script that automates this process. Without the script the RDP connection will stay in a pending state as showed in the picture below until someone fills in the info in the Remote Viewer tool.
So what is the script doing exactly? Well quite simple…
- it will look into inv32.xml to find the IP Address, Port and TicketNumber of the remote session.
- it will create a batch file on a central store with the necessary parameters:
ex.: DartRemoteViewer.exe -ticket=361-970-210 -IPaddress=172.30.14.131 -port=3388
Make sure following files are in the central store:
-If you as admin want to remote view, just hit the batch file and the connection will be established.
If some stuff is not clear, please check the recording first.
The script:
'====================================================================
'
'
' NAME: Automate Remote Monitoring (DaRT)
'
' AUTHOR: Nico Sienaert,
' DATE : 20/09/2011
'
'
'=====================================================================
'Map network drive
Set objNetwork = CreateObject("WScript.Network")
strDriveLetter = "M:"
strHomeServer = "\\<SERVER>\DaRT_Remote$"
strusername = "<domain>\<account>"
strPassword = "<password>"
strprofile = "false"
objNetwork.MapNetworkDrive strDriveLetter, strHomeServer, strprofile, strUsername, strPassword
Set oFSO = CreateObject("Scripting.FileSystemObject")
sFile = "X:\windows\system32\inv32.xml"
If oFSO.FileExists(sFile) Then
Set oFile = oFSO.OpenTextFile(sFile, 1)
Do While Not oFile.AtEndOfStream
sText = oFile.ReadLine
If Trim(sText) <> "" Then
'Find Session ID
strfindID = InStr(sText, "ID=")
strfindID1 = strfindID + 4
strtofindID = Mid(sText,strfindID1,11)
'Find Port
strfindPort = InStr(sText, "P=")
strfindPort1 = strfindPort + 3
strtofindPort = Mid(sText,strfindPort1,4)
'Find IP Address
strcomputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
strCount = 1
For Each objitem in colItems
If strCount = 1 Then
stripaddress = objitem.IPAddress(0)
'Create Batch File
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Open write stream
Set outFile = objFSO.CreateTextFile("M:\"& strtofindid &".cmd", True)
'Write each command line
outFile.WriteLine "DartRemoteViewer.exe" & " " & "-ticket=" & strtofindid & " " & "-IPaddress=" & stripaddress & " " & "-port=" & strtofindport
'Close write stream
outFile.Close
Else
End If
Next
End If
Loop
oFile.Close
Else
'WScript.Echo "The file was not there."
End If
Till next time!
Nico Sienaert
Hi there!
As I explained already in my previous posts deploying MSI software is really they way to go in SCCM 2012. Also, Packages (with their program(s)) like we know them with SCCM 2007 are not the prefered way anymore since there is the new Application model in SCCM 2012.
As I explained in my Migration posts you can still migrate such Packages, so yes SCCM 2012 does still support them. But to get benefit of the new Application model and to get control of your complete Application Life Cycle management it’s strongly recommended to move away from Packages.
Well, to help you with this Microsoft created Package Conversion Manager (PCM) to convert such Packages into Applications. PCM integrates seamlessly with SCCM 2012 and is available since last week on Connect.
Chris Adams wrote some great high level blogs about PCM, explaining:
The look and feel in the SCCM Console
http://blogs.technet.com/b/chrad/archive/2011/11/07/configmgr-2012-introducing-package-conversion-manager-pcm-for-seamless-migration-to-appmodel.aspx
Automatic Conversion
http://blogs.technet.com/b/chrad/archive/2011/11/09/configmgr-2012-package-conversion-manager-pcm-amp-readiness-state.aspx
“Manual" Conversion (Fix & Convert)
http://blogs.technet.com/b/chrad/archive/2011/11/16/using-package-conversion-manager-pcms-fix-amp-convert-moving-manual-readiness-packages.aspx
Till next time!
Nico Sienaert
Hi there!
Microsoft is organizing an MDOP IT Pro Event. I will be one of the speakers.
If you want a showcase of some MDOP tooling register now.
Hope to see you there!
Nico Sienaert
Hi there,
First of all I want to thank all the attendees for joining the meeting and giving a lot of positive feedback.
Some people subscribed and couldn’t make it. Now they are waiting for the recording but I have some bad news…
Because of technical issues we have a recording without audio 
.
The good news is, that I will do the same presentation internally at Microsoft and at that time we will try a second attempt.
This is scheduled in the beginning of December so please have some patience.
During the LiveMeeting there were some questions that I couldn’t answer directly. Here you have the answers.
- Will there be MBAM support with Intune?
Most probably yes. No official statements can be given so far. In addition to that, there are also rumours to integrate the MBAM agent into the SCCM agent.
- Is there a way to force users to encrypt rather than allow them continue to postpone?
In this version of MBAM it is not possible. In the next version it might be included.
Another attendee asked a question about how to handle Bitlocker with MBAM in a Refresh scenario when booting in Windows PE. I explained that Niall wrote a great blog about this.
Here you have the link.
http://www.windows-noob.com/forums/index.php?/topic/4173-how-can-i-retrieve-my-bitlocker-recovery-key-from-mbam-in-windows-pe/
Till next time!
Nico Sienaert
Hi there!
I’m presenting another TechNet LiveMeeting about another MDOP tool:
Diagnostics and Recovery Toolset (DaRT) 7.
What is this toolset? How should you use it an Enterprise? How can you integrate this in your OS Deployment? How can you customize it?
We start Thursday 17 November at 2pm (GMT +1).
Don’t underestimate the power of DaRT, subscribe, watch and learn.
Hope to meet you all there!
Nico Sienaert
Hi There,
I was planned to blog something about RBAC basics. I’m not gonna reinvent the wheel as Lin Tang did already a great job last week regarding this topic.
http://blogs.technet.com/b/configmgrteam/archive/2011/09/23/introducing-role-based-administration-in-system-center-2012-configuration-manager.aspx
Till next time!
Nico Sienaert
Hi There!
In this post I’ll talk about the infrastructure enhancements in SCCM 2012.
The product team re-engineered the infrastructure components to simplify and flatten the hierarchy.
1. Today with SCCM 2007, child primary sites were often created mostly for security reasons and to differ site settings.
This “tiered” setup of parent and child primary sites is not supported anymore.
So how do we handle security and site settings today?
Security: You don’t need extra primaries anymore to decentralized management. With a new concept which is called RBAC (Role Based Administration Control) we can now assign roles and scopes to SCCM Console users. I’ll talk about RBAC in detail in my next post.
Clients Settings: These settings are not longer site settings only. You can still configure them on site level but now you can configure these client settings also on collections.
2. Secondary sites do still exist. With SCCM 2012 you will probably decide to use Secondary sites if you still want to manage you upward-flowing WAN traffic via a Proxy Management Point. So not much changed here.
New is that each secondary has also a SQL DB installed (can be SQL Express). Global Data will be replicated to this SQL DB. I talk about Global Data later on in this post.
With Secondary site you can also do Content Routing, which means that you can redirect traffic between secondary sites. This can be interesting in a scenarios where the WAN connection between 2 secondary sites is better than a connection between a primary and a secondary site.
3. Distribution Points improved a lot regarding infrastructure capabilities. Another reason to install a secondary site with SCCM 2007 was to control the network traffic as we could throttle and schedule. Now we can do the same on a Distribution Point role similar like we do on the Site Addresses.
Probably you will also want a local DP when using multicast and App-V streaming.
4. Branch DPs do not exist anymore. For small branches you can look into BranchCache. Prerequisites to use this:
-
- Clients need to be compatible with BranchCache
- Windows 7
- Windows Vista with KB 960568 installed
- Your DP needs to be Windows 2008 Server R2 to activate the BranchCache role
New capabilities to simplify Infrastructure administration
1. Content Prestaging
Tools that we knew before with SCCM 2007 like Courier Sender, PkgPreLoadOnSite and Manual Prestaging (Branch DP) regarding prestating content is now collected in one tool, extractcontent.exe.
This tool will be used under the hood to create the prestaged content file. (.pkgx)
The way how it works is still similar. You send out the media to read the packages in to the remote DP and registration on the primary site server will happen via extractcontent.exe which you can find on the installation media.
Additionally there is also conflict detection, so if there are changes between the prestaging and when the media arrives, SCCM knows which delta’s to update.
2. Regarding boundaries, Forest Discovery can be done with SCCM 2012. Further domain, sites and IP subnets are still possible as we know them of SCCM 2007.
Untrusted forests can be discovered as well by providing the necessary credentials of course.
Another cool thing is that you can choose to auto-create boundaries.
As I mentioned already in previous blogs, boundary groups are another new concept. You can consider them as logical containers to put boundaries in. So far, so good…
The most important thing to know is that these boundary groups will be used for sites assignments and content lookup, so no longer the boundary itself. So don’t forget to specify your boundary groups on your DPs (see previous post)
3. SCCM 2012 has a new replication model to simplify your administration.
We talk about:
- Global Data which is replicated via SQL all over the hierarchy. (CAS, Primaries and Secondaries). A rule of thumb to know what Global Data is –> everything created by the admin in the SCCM console.
Examples: Package metadata and collection rules.
- Site Data which is also replicated via SQL. The rule of thumb is here, everything that is created by the system itself.
Examples: collection members, HINV, messages
This data can be found on the CAS and originating primary
- Content Replication is still file-based.
Luckily Microsoft did a good job to keep the SQL replication simple and automated a
lot under the hood.
So you don’t need to be a SQL guru at this point but of course as SCCM Admin it’s
always interesting to have a good relationship with your DBA.
Also, diagnostic files (csv format) can be exported easily so your DBA friend can
examine them. 
The clever ones under us might have the remark. “OK so everything is SQL replication but why do I still see inboxes and outboxes on my SCCM Server?” Well that is still used for local registration on the Management Point.
The new replication model:
So yes, if you create a collection on the US site it might be visible at the Europe site. To keep control about this you can use Collection limiting and RBAC that will help you to fine-tune security.
Till next time!
Nico Sienaert
Hi There!
I would like to announce that I will present a TechNet Live Meeting session about:
BitLocker in the Enterprise
BitLocker (To Go) is one of the features that are shipped with Windows 7. First, what is the best approach to deploy this in an environment? How does this integrate with OS Deployment? How do you keep control? And how do you recover? Second, Microsoft BitLocker Administration and Monitoring (MBAM). What is this tool? Does it have any added value for you?
If you want to have answers on these questions or just want to win a Microsoft TechNet Laptop Sticker AND TechDays Pen 
you cannot miss this session!
Subscribe now!
Hope to meet you all there!
Nico
Hi there!
As discussed in the previous blog, the package content does not get migrated, only the metadata.
During the migration SCCM 2012 clients can still use the SCCM 2007 DPs to locate content.
You can select such DPs by using “Share Distribution Points”.
How does this work?
Well, all DPs will be gathered, also boundaries associated with these DPs will be migrated. So in case of protected DPs, you are safe.
Stuff you need to take into account regarding Shared DPs.
- the SCCM 2012 site server needs at least read access to this location.
- a requirement is that no other Site System roles exist, only the DP role.
- note that this does not work for boot images and App-V content.
In a later phase the DPs can be upgraded to SCCM 2012 DPs.
Now content gets migrated to SCCM 2012, meaning Single Instance Content Store. So no duplicated files will exist anymore on your SCCM 2012 DPs.
Last but certainly not least we have to talk about collections. As you might know subcollections are not supported anymore in SCCM 2012. So how will the migration tool handle SCCM 2007 subcollections?
SubCollections
When subcollections are discovered, the parent collection will get inclusion and exclusion rules to re-establish the relationship between the child collections. A folder will be created to keep the administrative overview.
Limited Collections
The migration tool will automatically create organizational folders for all collections that don’t have any members or collections membership rules specified in SCCM 2007. Such collections were basically created in SCCM 2007 to have an administrative overview.
So SCCM 2012 will replace them with folders and create an inclusion rule for the corresponding collection.
In this example is “Brussels” included into “Laptops Europe”
Note, as discussed in an earlier blog, Collections with “limit to” queries to mulitple collections will not be migrated but the migration tool will identify them for you.
So I think I have touched “high-level” all the involved steps and topics regarding a SCCM 2007 \ SCCM 2012 migration scenario. Next time I’ll talk about…... don’t know it yet 
so stay tuned!
Till next time!
Nico Sienaert
Hi there!
I would like to start the discussion.
I see a lot of customers still running Windows XP and finally the most of them are thinking to migrate to Windows 7. But is it still worth?
Here are my thoughts…
- Support of XP is guaranteed till 2014, following my XP Gadget I have installed
still 965 days as we speak.
- Windows 8 is expected somewhere in 2012.
- Microsoft guarantees in their first Team Blog that each software and hardware that works with Windows 7, will work with Windows 8.
In theory a company can start today with its AppCompat Envisioning and Remediation on Windows 7 to make sure the all Applications are working properly with Windows 7 (and 8).
So once Windows 8 is out they can migrate right away.
Three constraints so far:
- The customer is willing to be an Early Adopter.
- A Management Tool needs to be available to administer and deploy Windows 8. (I expect SCCM 2012 will support Windows 8)
- A tool supports the migration of user data from XP to Windows 8 (USMT?)
What are your thoughts?
Nico Sienaert
Hi there!
Today there was a CEP session about the new SDK that will be released with SCCM 2012.
A high-level overview…
Release plan:
As from MMS2011 the SDK was available for a selected audience.
The future plans are a release together with CM 2012 RTM. This version will have details of all modified classes on board.
6 months after RTM a new release will explain the new classes and will have more “How To” guides included.
SDK Architecture:
There will be a possibility to create multiple instances on the SMS Provider
1. Admin Console SDK, it will be possible to
- Program Right Click options
- Launch executables
- ShowDialog
- Group – create submenu
- Actions can be associated with icons
- Create Forms
- Create Wizards
- Create Navigation Nodes
- Create Views
- Create Folders (add folders beneath nodes)
2. MP SDK
- Programmatic access to Management Point
- Primary used to provide a MP proxy enabling control of non-standard clients
3. SMS Provider:
- Application automation for UI activity
- Actions through WMI classes, properties and methods
- 60% of the entire SDK
- Support of all actions through SMS Admin Console
Scenarios that are not supported:
- modify or remove core Microsoft provided
- configmgr console elements and behaviour
- make changes to the root console XML
- adding new wunderbars
- new top level nodes
- new tabs in the ribbon
Changes:
Support Areas:
New SDK Areas:
A Porting Guide will be available explaining which functions are changed compared with CM2012:
Powershell Support:
cmdlets designed around <verb>-<noun>
eg: get-CMadvert, new-CMcollection, update-CMcollection
Till next time!
Nico Sienaert
Hi There!
In my previous post we have talked about the migration concept and how you establish a connection between a SCCM 2007 hierarchy and a SCCM 2012 hierarchy.
In this post we will talk about the actual Migration Jobs that can be created.
The migration wizard you can start by selecting “Create Migration Job”. I will highlight the most important windows.
In the wizard you can select the different objects you want to migrate. Nice, but the option to execute Collection Migration is even nicer! Because everything what is associated with these collections (Advertisements, Packages, Task Sequences,…) can be migrated as well.
You select the collections you want:
The wizard will list the associated objects and you can select which ones you want to migrate.
A Security Scope can be set (RBAC).
Role Based Access Control, I’ll blog about that in the future.
In one of my next blogs I will talk about the new replication model that is introduced with SCCM 2012. It might be possible that the next item is not really clear right now but please be patient. 
With the new replication model collections become “Global Data” which means that collections will be replicated all over the hierarchy, so it might be possible that the collection scope will increase. To avoid this, the migration tool will inform you and you will be able to limit the particular collections to another collection.
In this example I don’t have such a collection as this is a single server installation. But in a scenario where you have Central – Primary relations this will be common. For instance a collection created on a child primary site will now be migrated and replicated all over the hierarchy so the scope might increase.
If it’s not 100% clear it will hopefully be in my future post regarding the replication model. But now you know at least that the migration tool can deal with it.
The migration tool will also evaluate all the queries on the collections. When a query is detected that is using an old Site Code you will be aware of that and you can change it on-the-fly.
The tool will track as well collections that can’t be migrated like mixed collections (users and computers). Since UDA in SCCM 2012 does not like that anymore.
Collections which are limited to muliple collections in SCCM 2007 will not be migrated as well. The tool will identify them so you are aware of these collections.
During the wizard specific info can be saved to a file for review afterwards.
You can select the required run time of the migration job, if objects can be overwritten, whether advertisements needs to be enabled,…
In the console you can see an overview of the migration jobs.
Detailled log info can be found in the Migmctrl.log.
Next time, in the last part, we talk about how the migraton tool will handle subcollections and the principal of Shared Distribution Points.
Till next time!
Nico Sienaert
Hi There!
If you are running SCCM 2007 today you will probably migrate in the future to the latest SCCM release. The bad news is that you cannot upgrade in-place, the good news is that Microsoft created an excellent migration tool inside SCCM 2012 to migrate side-by-side.
Before we start:
1. A prerequiste to use the migration tool is that your SCCM 2007 servers are SP2 at least.
2. SCCM 2012 likes UNC very much, in case of Applications you HAVE to use UNC paths to browse to your data source. If you want to start following the best practices and you have packages in SCCM 2007 that are pointing to a local drive, you can use Kent Agerlund his tool to change all these local data source paths into UNC.
http://www.myitforum.com/myITToolbar/frame-click.asp?url=http://blog.coretech.dk/kea/updating-the-package-source-in-configuration-manager-2007/
3. Install your new corresponding SCCM 2012 server, install all the required roles and configure SUP.
The reason why SUP needs to be configured is to make sure that update lists gets converted to Update Groups and Update Deployments are migrated to Deployments and Update Groups.
During the migration updates don’t get migrated, only the metadata. For that it’s also important that the catalog is identical.
You can use wsusutil.exe export/import for this or make sure if you sync with Microsoft Update that you select the same classifications.
So let’s look into the tool.
Active Source Hierarchy:
With this wizard we will connect the SCCM 2012 site to SCCM 2007 site.
Add the necessary credentials to get access to the SCCM 2007 site.
Start the gathering process…
In a complex hierarchy you will install your top SCCM 2012 server (CAS) and connect that one to the SCCM 2007 Central server to gather all necessary hierarchy info.
If you have multiple primary sites you will create an active Source Hierarchy for each SCCM 2007 site to the SCCM 2012 CAS to gather all objects metadata.
By default SCCM 2012 will check each 4 hours to keep the gathered data up-to-date.
Secondary sites need to uninstalled manually from the SCCM 2007 site. If you reinstall a secondary site on the SCCM 2012 consider if it’s still required –> Simplify hierarchy! Maybe a DP role is enough as we can now throttle DPs with SCCM 2012.
So what will be migrated?
Well everything, except:
-
Data Source content (see next post for more info)
-
OSD: boot images, because of the new WAIK in SCCM 2012
-
SubCollections, I talk about that in a next post.
Some things you need to know.
- Classic Packages and Programs get migrated as-is, so no conversion to Applications. Microsoft will release later on a tool for doing the conversion to the new Application Model later on this year.
- Clients retain execution history so they will not re-rerun advertisements if they don’t need to. You can upgrade them via your prefered deployment method (GPO, Push, OSD,…). Once upgraded a Full inventory data will be send once upgraded –> phased approach is advisable.
- Keep Site Codes unique
- Don’t use SMSSITECODE=AUTO
- SCCM 2007 Hardware Inventory can be imported into SCCM 2012 on Client Settings level.
- 5 new reports are available to get more detailled info about the migration jobs.
So, we have talked about the existence of the built-in tool, how you connect sites and what things you have to take into account.
Next time, we will talk about the Migration jobs, shared SCCM 2007 DPs and many more.
Till next Time!
Nico Sienaert
Hi There!
Just a quick note of an odd issue I encountered today.
While installing the latest VMM I bumped into a fatal error.
When expecting the SetupWizard.log under C:\programdata\VMMLogs I could see that the MSI stopped with error the All-Fully-Self-Declaring error 1603… NOT 
The last action before the error was “AddCarmineToServersGroup”, so it looks like the installer wants to add my machine into a group.
And indeed my machine needs to be added to the local group “Virtual Machine Manager Servers”.
My idea got confirmed when reading following TechNet page.
http://technet.microsoft.com/en-us/library/dd239264.aspx
So why couldn’t my machine be added to the local group?
Well… for some reason my Computer Account was disabled in Active Directory 
The same symptom occurs as well when you have problems with your SIDs.
Till next Time!
Nico Sienaert
Hi there!
At the latest MMS Microsoft announced a new project regarding OS Deployment called Deployment Manager (DM) .
DM is an OS Deployment process management Pack for System Center Service Manager.
DM will provide deployment readiness forecasting, standardized processes and project management tooling.
So just to be clear, it’s not another version of MDT, it’s complimentary to MDT, you could consider it that MD is another layer in the Deployment stack.
Why Deployment Manager?
- How do I plan my Deployment Project?
- What hardware needs to be replaced?
- Are my Applications compatible?
- How do I make sure users get what they need?
- How do I manage the schedule of the deployments?
DM will keep keep track and answer these kind of questions for you.
DM will collect all necessary data that is required to guarantee a successfull end-to-end OS Deployment migration project.
For instance DM will keep track of:
- Application Readiness
- Driver Readiness
- OS Configurations
- User Details (for instance are they eductated to work with W7 & Office 2010)
Taking into account all these dependencies and align them with each other, DM will be able to detect which machines are ready to deploy.
Why an integration with Service Manager and not with Configuration Manager?
Configuration Manager does not really focus on process workflows.
For instance in the scenario where an application is not compatible with Windows 7, you can assign with Service Manager an application owner to remediate the application. Once that is done we can approve the fix with Service Manager and build a complete Change & Release management flow.
Of course Configuration Manager is stronly linked to it as inventory data is coming from ConfigMgr and ConfigMgr will be the tool that executes the OS Deployments or that will provision applications.
A preview release is expected by the end of the summer and the final release will be released early next year. To goal is to align with the Service Manager R2 Release.
Till next Time!
Nico Sienaert
Hi There!
In my last blog post I have started exploring the P2V Migration Toolkit for Configuration Manager. I talked you through the wizard and explained the context and the purpose of the tool.
In this post we complete the P2V migration process by booting up the ISO that we have created in Part 1.
Before we do that, let's first check high-level the most important steps of the Task Sequence that has been auto-created for us. The engine behind the Task Sequence is the Virtualization package that we have created before.
- When booting the media a Rehost Wizard will start to declare our variables that will be used later in the Task Seuquence.
- The specified disk will be captured into a VHD which we will save to a network path.
- Install Windows 2008 R2 and enable the Hyper-V role
- Domain Join, Install Updates,...
- Create the virtual machine into Hyper-V (VMCreator Tool)
- Install additional applications
Some screenshots (taken with my WP7 
)
Boot the DVD and start the Task Sequence
The UDI Wizard will start
Prerequisites checking
Specify Domain info.
Local Admin PW and Local Administrators
Pretty Straight forward...
Pretty Straight forward...
Location to Save the VHD. (I know, challenging PC name 
)
Specify some Hyper-v Settings
Summary
The process will start now…
The total elapsed time is of course depending on the size of the disk, disk I/O and network connectivity but to give you an idea it took 3 hours to virtualize 50GB of data on a local Gigabit LAN and on laptop hardware with 2.0Ghz CPU and disks of 7200 RPM.
Once the process is done I can login on my machine and see that indeed Server 2008 R2 is installed with the Hyper-v role enabled and my Primary server is added.
Everything looks fine in the console.
The MP is up and running so the clients can talk to the server and on my central server despool.log, replmgr.log and sender.log look normal so also the site-to-site connection is up and running again.
So good stuff if you ask me!
Now it's time to do a side-by-side migration to SCCM 2012 (you would forget that this was to original goal ) which I will discuss in one of the next blogs.
Stay tuned!
Nico Sienaert
Hi There!
The ConfigMgr Product Team is developing a tool to migrate your ConfigMgr07 Site server on remote sites with limited on-site support. The P2V Migration Toolkit is currently in CTP release since the end of March.
As ConfigMgr07 only can migrated side-by-side to ConfigMgr12 a second server needs to be available or a virtualization solution can help you out. And that ‘s what this toolkit is all about.
Virtualizing the ConfigMgr07 Site Server so you can install the new ConfigMgr12 Site Server on that same server next to the virtualized ConfigMgr07 Site.
Sounds maybe complicated, but in fact it isn’t, so lets have a look.
Install the Toolkit on your Central Server. You probably haven’t installed the Desktop Experience feature on your machine. If not, the Toolkit will ask you to do so.
Once you have installed this feature, a reboot (!) is required.
Install the Toolkit…
Once installed, open the application with “Run as Administrator”.
On the left you will notice that you can select 3 wizards.
- Create a task sequence: This will create the VHD, copy the VHD to a network drive, Reinstall the machine, enable the Hyper-v Role and mount the VHD. –> Make sure that the hardware is x64 compatible!
- Create Standalone Task Sequence media: This will create the media that will install the task sequence
- Create a Windows PE boot Image
On the right you can see the 4 necessary steps you have to accomplish with the help files attached.
- Create the Task Sequence
- Create Standalone media
- Boot off the Standalone media
- Run the Task Sequence (an LTI wizard will kick off the process. Fill in the domain, path to save the VHD, specifiy computername,… will be required steps)
If you select one of the wizards the toolkit will connect to the Site Server.
When creating the task sequence a simple wizard needs to be executed. Specify the ConfigMgr Client Package, specify the Image Package (Server 2008 R2 capture WIM file), a virtualization package (the wizard will create this for you) and you can also specify additional packages\applications that you like to have installed during the Task Sequence process.
Once the wizard is finished, the task sequence gets created together with the Virtualization package. The content of this package are all the necessary files to cover the virtualizaton part.
Note that no program is created for this virtualizaton package. Make sure you distribute this new package to the appropriate DP.
If we open the Task Sequence we see a bunch of steps that are added automatically. Also a lot of variables are used which we will declare during the wizard when starting the Task Sequence. So actually, despite of maybe so minimal customizations this is ready to use!
Now it’s time to create the bootable media (CD, DVD or USB Flash Drive) that we will send to the remote branch.
Again a simple wizard needs to be accomplished. Select the x64 boot image with the correct NIC and storage drivers included and select the new Task Sequence.
For the sake of demo I have created an ISO that I will burn on a DVD. I’ll send it now with a courrier to the other side of my lab… 
In the next part we will boot from the media and see how this ConfigMgr07 server gets virtualized.
Till next time!
Nico Sienaert (twitter: nsienaert)
Hi there!
At MMS we could hear that the MDT team will try to release MDT 2012 RTM 30 days after the RTM release of SCCM 2012.
Last week the Beta1 was released. Let's have a sneak peak.
With this version there is support of:
- The SCCM App Model & UDA
- Integration with the SCCM 2012 Console
- New UDI components (new wizard & Designer) and more customization will be possible
- Support UEFI
- Support of new OSes: Windows POSReady7 & Windows ThinPC
- Cross-platfrom deployment (Install x64 OS from x86 windows PE) The other combination, booting from an x64 boot image and deploying an x86 OS, isn’t supported by Windows Setup.
- Deploy to VHD – creating a VHD file during the task sequence that can then be used for booting the OS (“boot from VHD”).
Maybe you are wondering if there are changes on USMT, Windows PE and WAIK. Well no, only bug fixes. WAIK (USMT is part of WAIK) is depending on Windows releases not MDT releases, that's why.
The MDT Team wants to remove support of Windows XP & Server 2003 but SCCM 2012 does still support XP SP3, so probably MDT will 2012 still support XP SP3 as Source OS, not as Target OS.
Features that will be added in next releases:
- Integration of Windows RE (Set Recovery partition during OS Process)
- Integration with MDOP tools like App-V and DaRT
- Powershell support in Task Sequence
- LTI Facelift
At first glance, visually not much has been changed in the SCCM console. One button has been added to the Tab Bar to start the MDT Task Sequence wizard.
Once we have created an MDT Task Sequence via the wizard, we don't notice much changes in the Task Sequence.
Probably the 2 most biggest changes are:
- USMT has more GUI options
2. The New App Model
Note that the MDT Team added an extra script before the Install Application step to "workaround" something. Application variables end up with 2 digit suffixes (ex. Applications01), MDT expects 3 digit suffixes (ex. Packages001). The script is making a 3 digit list and convert it to a 2 digit list so SCCM can install the applications.
Also in the MDT LTI Workbench no much changes can be observed.
- Integration of the new App Model (note: also ConfigMgr Packages can still be used)
2. The Deploy to VHD Templates. (only supported in LTI scenarios)
So, now we have looked into the changes, let's deploy a Bare Metal image via the MDT Wizard in the SCCM Console.
Once I finished the MDT wizard, it failed immediately with following error:
Started processing.
Creating boot image.
Generating boot image.
Error while importing Microsoft Deployment Toolkit Task Sequence.
System.Exception: Unable to mount image C:\Users\ADM-NS~1\AppData\Local\Temp\2\winpe.wim to C:\Users\ADM-NS~1\AppData\Local\Temp\2\PE20_mount.x86 ---> System.ComponentModel.Win32Exception: A required privilege is not held by the client
--- End of inner exception stack trace ---
at Microsoft.BDD.ConfigManager.PEManager.Generate()
at Microsoft.BDD.Wizards.SCCM_ImportTaskSequenceTask.DoWork(SmsPageData smspageData, Dictionary`2 data)
From my experience I remember that the deployment tools of WAIK like to be executed with "Run as Administrator".
So I have restarted my SCCM Console with "Run as Administrator", as from now the image could be mounted correctly and the wizard finished successfully.
Stay tuned for more blogs that go deeper into the MDT Topic.
Till next time!
Nico Sienaert (twitter: nsienaert)
Hi There!
Recently FEP 2012 Beta 2 was released. As announced at MMS, FEP is moving from the Enterprise CAL to the Core CAL, in other words if you have SCCM, you have FEP.
Knowing this, customers will be probably more interested to use and to integrate FEP within SCCM.
Also, one of the odd issues with FEP 2010 and SCCM is that there is no auto-approval process. There are some workarounds to do so but with SCCM 2012 auto-approval is an out-of-the-box feature.
Let’s have a look.
Make sure you have following prerequisites: (in my case SQL Database Engine was already installed)
- Install Analysis Services of SQL
- Install Integration Service for SQL
- Re-Run SQL 2008 SP1 or Above (if SQL was already installed)
- Make Sure SQL Server Agent service is set to automatic and started
Start the Installation:
If we open the SCCM Console for the first time what is changed?
1. There are FEP Security Roles
2. The 3 FEP packages are there…
Note: Microsoft is pushing to use Applications with SCCM 2012. For FEP they auto create Packages… 
3. The FEP Collections
4. Two FEP Policies which you can use as base for custom ones.
5. In-console monitoring
Now we have seen what it’s changed in the SCCM console, let’s make the environment secure…
First, I deploy the Forefront clients to all my client machines.
Second, I will make sure WSUS is downloading my Forefront Definition updates.
Third, I create an auto-approval rule (for more info check on of my previous posts)
Fourth, I create a custom FEP policy which I assign to my client machines.
Note: You can also import pre-created FEP policies for several server roles. You can find these templates under the installation directory.
Fifth, the status of:
- the deployment of the Forefront agent
- installed Definition updates
- policy deployment
can be monitored in the SCCM console.
Till next time!
Nico (twitter: nsienaert)
Hi There!
In this post I will talk about pre-deployment of applications.
Quite some customers are asking me to make sure that all user-dependent applications are getting installed during an OSD scenario before the user logs on.
With CM2012 this becomes more easy to do as we can link a user to a device. In one of my previous posts I explained how you can link a user during a task sequence.
Once that is done you should take care of the following.
In my scenario I want that Firefox gets installed on each primary device. I deployed to a collection which is linked to an AD User Group.
I will make sure that there is a requirement set that will install the app when the Primary Device = True
I will make sure the App gets installed with or without user log on.
When I deploy I make sure that the application will be required. Once I do that a new checkbox becomes available: "Deploy automatically according to schedule with or without user login".
I select this check box...
So now in my OSD scenario, the application will install after the client is registered and the client receives the policy for the application.
The client typically will receive policies right after registration success. Once the policy is received, it will be evaluated and if the install deadline is hit, the application will be installed. If you use default settings on scheduling page of the deploy software wizard, then it is as soon as possible. Otherwise it is the time that you specify.
TIP: Use Client Local Time
Till next Time!
Nico (twitter: @nsienaert)
Hi there!
Desired Configuration Management as we know it from CM2007 is called now Settings Management.
In the field I encounter quite some environments where DCM is not used… I expect that Settings Management within CM2012 will be more popular because of the simplified user experience, user targeting and last but not least auto remediation.
Technically with CM2007 you could auto remediate as well but you had to be creative by populating collections based on the results of DCM evaluation. By linking these collections to your remediation program you were able to solve your non-compliant situation.
With CM2012 it will be less complicated, let's have a look…
Under the "Assets and Compliance" wunderbar you can find the Compliance Settings node with Configuration items and Baselines underneath like in CM 2007.
For the sake of the demo I have created 2 baselines and each has one CI linked. Of course you can add multiple CI's per Baseline.
![clip_image001[4]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/nico/clip_5F00_image0014_5F00_thumb_5F00_3D012F0B.png "clip_image001[4]")
In the first Baseline (Windows 7 Labo) I will make sure that my machines have Remote Desktop enabled.
I'll do this by checking the corresponding registry key.
In this example I use the registry but you can also use AD queries, SQL queries, scripts (see below),… to check your compliance state.
" border="0" title="clip_image002
" style="background-image:none;border-bottom:0px;border-left:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" />
Pay attention to the browse button, besides browsing the server you can also browse to a reference machine!
In the Compliance Rule tab you can specify the required value of the particular registry AND here is a checkbox available to remediate the registry setting if the value does not meet the required value.
Further you can define which type of alerts you want regarding this CI.
![clip_image003[4]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/nico/clip_5F00_image0034_5F00_thumb_5F00_02A5B92A.png "clip_image003[4]")
I will add this CI now into a Baseline and target it to a machine OR user collection.
In the second baseline I will add a CI that checks if a certain folder exists, if it not it needs to be created. I'll do this by combining to 2 simple VB scripts.
In the General tab I select I want to use a script.
I need to specify a script to check the compliant state (does the folder exist)
and another script that will remediate (create the folder).
Based on an echo command (This Folder Does Not Exist) I generate in the first script, the second script will start.
" border="0" title="clip_image001
" style="background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" />
In the "Compliance Rules" tab I create a new rule. I specify here if ConfigMgr receives the echo of the first script which equals "This Folder Does Not Exist" it will start the second script to create the folder. (checkbox)
!! Without quotes it will not work!!
![clip_image002[10]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/nico/clip_5F00_image00210_5F00_thumb_5F00_282F368B.png "clip_image002[10]")
Also this CI will be added to a baseline called, Folder.
If we go to the clients and open the ConfigMgr client we see 2 baselines.
If we evaluate them we will see that the particular folder is created and Remote Desktop is enabled.
Changing the settings and removing the folder will be fixed if you hit the Evaluate button again or you can also wait for the Re-Evaluation cycle.
" border="0" title="clip_image003" style="background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" />
To conclude I also point to the Revision & Audit tracking that is possible with CM2012.
So no more, "I didn't change anything!" 
" border="0" title="clip_image004" style="background-image:none;border-bottom:0px;border-left:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" />
Till next time,
Nico (twitter: @nsienaert)
Hi There!
As you all probably know one of the new features within SCCM 2012 is the user centric approach.
With this you can assign a User to a Primary device or vice versa.
This relationship is many-to-many, so you can assing different users to different devices and the other way around.
During an OS Deployment you can already set Primary Users for that device that you are installing. You can do this via 2 new variables that are introduced with SCCM 2012.
First you have the UDA Mode that needs to be defined with SMSTSAssingUsersMode
Other values: Pending and Disabled
This setting can also be configured on the PXE or Bootable media:
Second we need to specify the user via SMSTSUDAUsers
After the OS Deployment is done you can see on the machine record that the particular user is set as primary user via OSD.
Beta 2 Gotcha: I didn't got this to work by specifing the mode on PXE or media. It did only work so far by adding the variable directly in the Task Sequence or on the machine record itself.
In one of my next blogs I'll talk about pre-deployment of applications via OSD where we can re-use this process to define UDA during OSD.
Till next time!
Nico (twitter: @nsienaert)
Hi all,
Software Updates Mangement changed slightly compared with ConfigMgr 07. Update Lists and Deployments do not exist anymore and are replaced with Update Groups.
New features like automatically deleting expired updates on the DP and "Automatic Deployment Rules" are very cool. Let's talk about about these Automatic Deployment Rules...
View of new Software Updates node:
With these rules it possible to approve and deploy patches automatically. Once a rule has been created an appropriate Update Group and Update package will be created.
Let's elaborate a litte bit deeper....
I create an Update Deployment Rule, the wizard is quite straight forward, I show some screenshots of the most important windows.
I select which criteria should be compliant when an update can be approved. I choose that the custom sevirity needs to be "Important" for x64 architecture.
On the Deployment schedule tab 2 time intervals can be set.
"Time between rule run and Deployment available" => period to give SCCM time to distribute the package to the DPs or to give you time to cancel a deployment of a patch 
"Time between update available and deadline" => obvious setting which determines the time before the installation will happen mandatory.
Next, I go to the "All Software Updates" node and I select a few patches and change the custom severity into "Important"
With the excellent new search capabilities I list the updates for the sake of demo.
By default the rule will be evaluated each 7 days, this can be customized or run it automatically by by right clicking the rule and select "Run Now".
You can follow the status of the download, creation of the packages & groups in ruleengine.log located under SCCM Server Logs.
Beta 2 Gotcha:
It might be possible that you can download updates "manually" by right clicking an update\download even though when using the rules you might facing
issues downloading the updates and following error is listed in the log file.
By default, to connect to the Internet and download software updates when automatic deployment rules run Local System will be used to configure automatic deployment rules. When this account does not have access to the Internet, software updates fail to download, and the following entry is logged in ruleengine.log: Failed to download the update from internet. Error = 12007.
WORKAROUND Use the UpdDwnldCfg.exe tool to specify a different account to download the software updates from the Internet. The tool is located in <ConfigMgr Source Path>\SMSSETUP\BIN\x64\00000409 and has the following syntax:
UpdDwnldCfg.exe /s:<proxyserver:port> /u:<accountname> /allusers
Prior to this tool you need to install a required hotfix (2538394) which is avaiable on the Connect site for download.
Other posts will follow, so stay tuned!
Till next time,
Nico
Hi There!
Since a few months I'm working with SCCM 2012 and during my LAB experience I encountered some odd issues, which may sound stupid but quite blocking. :-)
As I'm quite sure I will not be the only one on this planet that will bump into these I'll post a small overview.
Gotcha 1: Application content could not be located
In the CIAgent.log I could see that my content could not be located.
How was that possible?
My Applications were stored correctly on the Distribution Point, I had no issues
with my environment (MP for instance) or what so ever.
Well the reason was Boundary Groups.
Boundary Groups are a new concept within SCCM 2012.
They are designed to simplify Boundary management.
To keep boundareis organized in logical containers, to avoid overlapping boundaries in migration scenarios.
BUT ALSO, now these groups are the primary object for content location so not longer the boundary itself.
Boundary Groups are added on the Distribution Point and on the State Migration Point.
Gotcha 2: User Device Affinity did not work
When starting to play with UDA I deployed a common scenario.
I had an application with 2 deployment types:
- One installing the MSI if the user is working on its primary device
- Another one installing the App-V version when NOT working on its primary device.
So what happend, I was 100% sure that my requirements were set correctly.
In AppIntentEval.log I could see that the MSI deployment type was always applicable even on a machine where a certain user was not the primary user...
The root cause was the application was deployed to a Machine collection.
If you target machines, primary device will always be true. BUMP.
Sounds logic of course but a mistake fast to make.
If you want to use UDA, you better target to User Collections.
Gotcha 3: Add tools to Windows PE
I like to add Trace32 into Windows PE for troubleshooting. If you open the properties of a boot image you will see that you are obliged to enable a prestart command hook, even if you don't need that, you have to otherwise you cannot inlcude files…
So what I did was….. WScript.Quit(0)
Gotcha 4: Where do you import a machine?
With Beta 1, if you wanted to import machines into SCCM you had to navigate to the "User State Migration" node and select "Import Computer Information".
Since Beta 2, you can only create a computer association on the "User State Migration" node.
So where is it now??
After digging for a while in the console I discovered it!
Right Mouse Click the device node and YES there you have it.
And yeah, if I watched the tabs more in detail I discovered it probably quite faster.
So lessons learned, use the new Tabs!
Gotcha 5: How do I troubleshoot the new App Model?
In this post I mentioned already some log files. With the new Application model there are quite some new log files. Here you have an overview of the most important ones and what they can tell you:
PolicyAgent.log: Check to ensure policy has been received by client
DCMAgent.log: Check log for Assignment ID (app + collection)
CIAgent.log: Evaluates CIs for App, DCM and SUM jobs
AppIntentEval.log: Contains highlevel information on applicability of each Application/Deployment Type.
AppProvider.log: Check Detection methods and install/uninstall specific failures
Also check these logs for infrastructure issues CIStore.log, CIStateStore.log, DCMReporting.log and CIDownloader.log.
All these test are done with SCCM Beta 2.
Till next time,
Nico Sienaert