SCCM - System Center Configuration Manager

ConfigMgr SRS Web Reporting : Issue with report: "Computers that have run a specific metered software program"

Issue :

When running the report "Computers that have run a specific metered software program" thru the SRS reporting web page & If you want to select the month in the report , you will see years instead of months.

Just look at the screenshot below  :

Solution :

Easiest way would be to just edit the report directly in the AdminUI.

Go to Site Database -> Computer Management –> Reporting –> Reporting Services –> Server –> Report Folders –> Software Metering in your ConfigMgr Console .

Right-click “Computer that have run a specific metered software program”, select Properties.

1. Change to the “Datasets” tab.
2. Change the “Dataset Name” dropdown to DataSet2.
3. Click the 3^rd icon, “Report Parameters”.

As shown below in the picture :

When the “Report Parameters” section opens , Change the selection to “Month” in the top box.

Change the Label field to the correct value (which should already be in the drop-down selection anyway).

Now your report should look OK ….

Hope it Helps ,

Kenny Buntinx

Computers with a specific BIOS version or manufacturer in a specific collection

You ever wanted to know by a report what your BIOS version from a particular set of machines in a particular collection where ? Than use the SQL statement below :

SELECT COLL.Name, BIOS.SMBIOSBIOSVersion0,BIOS.ReleaseDate0, BIOS.Manufacturer0
FROM v_FullCollectionMembership COLL, v_GS_PC_BIOS BIOS
WHERE COLL.ResourceID = BIOS.ResourceID AND COLL.CollectionID = @variable
ORDER BY COLL.Name

All credits go to my colleague Merlijn Vanwaeyenberghe for this report

Hope it Helps,

Kenny Buntinx

MVP Award Renewal: System Center Configuration Manager

I’m very proud to inform you that my MVP award got renewed for the year 07/2010 – 07/2011 on System Center Configuration Manager. This is certainly a great honor for me.

Thank you Microsoft, blog readers and all the community members that helped me out!

Thanks for the recognition. I am delighted.

Last , but not least , I’m also very proud as a Co-Founder to announce that one of the SCUG.be members of the user-group and friend Mike Resseler has been awarded with the prestigious MVP award System Center Data Protection Manager !

This means that we have four MVP’s in Belgium who are specialized in the system Center area . I will list them once more :

• Mike Resseler – System Center Data Protection Manager MVP
• Alexandre Verkinderen – System Center Operations Manager MVP
• Kim Oppalfens – System Center Configuration Manager MVP
• Myself - System Center Configuration Manager MVP

Hope it helps ,

Kenny Buntinx

New changes to System Center Configuration Manager support

The Configmgr team is announcing support changes for the following releases.  You'll probably want to check Yvette O’Meally her post to make sure you have the latest information.

Please look for these changes to be reflected in the Supported Configuration pages within a few months.

Microsoft SQL Server 2008 R2 is now supported on Configuration Manager 2007 SP1 and SP2 and Configuration Manager 2007 R2

System Center Configuration Manager 2007 SP1 and SP2 now support Microsoft SQL Server 2008 R2 as a Configuration Manager 2007 site database.  System Center Configuration Manager 2007 R2 now supports Microsoft SQL Server 2008 R2 Reporting Services.

No software updates are required.

Microsoft Application Virtualization 4.5 Service Pack 2 is now supported on Configuration Manager 2007 R2 with Configuration Manager 2007 SP2

System Center Configuration Manager 2007 R2 with System Center Configuration Manager 2007 SP2 now supports Microsoft Application Virtualization 4.5 Service Pack 2.

No software updates are required.

Hyper-V Server 2008 R2 is now supported with Configuration Manager 2007 Service Pack 2.

System Center Configuration Manager 2007 SP2 now supports client installation and all site server roles in the Hyper-V Server 2008 R2 virtualization environment.

No software updates are required.

Microsoft Windows Embedded Standard 7 is now supported on Configuration Manager 2007 SP2

System Center Configuration Manager 2007 SP2 now supports Windows Embedded 2011 as a client platform.  General limitations for managing Windows Embedded devices can be found in this article, http://technet.microsoft.com/en-us/library/bb932123.aspx,

No software updates are required.

.NET Framework 4.0 is now supported with Configuration Manager 2007 SP1 and SP2.

System Center Configuration Manager 2007 SP1 and SP2 now support the .NET Framework 4.0 with the following limitations.

• Forcing the system to use only the .NET 4.0 CLR by enabling the following registry key is not supported.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR

• .NET Framework 2.0 is required to be installed on Windows XP and Windows 2003 in order for the Desired Configuration Management (DCM) feature to check compliance.

No software updates are required.

Application Compatibility Toolkit 5.6 is now supported with the Application Compatibility Toolkit Connector.

The Application Compatibility Toolkit (ACT) Connector now supports ACT 5.6.  Limitations and workarounds for upgrade issues from ACT 5.5 are documented in the following blog post:  http://blogs.technet.com/b/configmgrteam/archive/2010/06/20/act-connector-and-act-5-6.aspx

No software updates are required

Hope it helps ,

Kenny Buntinx

Community Day 2010 : Getting Ready

Thursday 24/06 I am co-presenting a session with my SCUG buddy Kurt Van Hoecke about “Service Manager Integration with System Center” at the Community day 2010. After a hectic week , we are building heavy on the demo and our slide deck.

The session will be from 17.00 – 18.00 @ Utopolis Mechelen

Finally everything is falling into place , so relax , sit back and enjoy the show for thursday!

See you there  ,

Kenny

ConfigMgr 2007 R2 & R3 : How to back up SCCM 2007 SQL Reporting Services

A recent implementation at my ConfigMgr 2007 R3 TAP customer of R3 and SQL reporting services  put me thinking ahead for our disaster recovery procedure .

SRS Reporting role needs to be installed in the DEFAULT Instance ! Named instances are not supported !!

The standard ConfigMgr 2007 backup task does not back up the SSRS reports or the SRS configuration.You need to take this into consideration if you :

• you have created any custom reports
• you have created any custom report models
• Set some custom security
• etc

I am not going to claim any credit for this , as I found one of my fellow MVP’s Steve Thompson ( in fact a great SRS report Guru ) has created an awesome blog post about it right here : http://myitforum.com/cs2/blogs/sthompson/archive/2009/06/16/how-to-back-up-sccm-2007-r2-reporting-services.aspx

Hope it Helps ,

Kenny Buntinx

ConfigMgr 2007 SP2 State Message : MP has discarded a report when processing Ddr.

Today , I was at a customer and I was struggling with a specific status message ID 5413 in the status messages. I just installed a brand new Configmgr site with sitecode ABC … What is happening ?

What I didn’t know is that they already installed a primary site in production with sitecode XYZ before me , played with it and deleted it without further notice .

The specific message ID 5413 :

**************************************************************************

MP has discarded a report when processing Ddr.

Possible cause: Corruption or invalid user definition.
Solution: Check the logs to identify the cause. If the problem is persistent raise the issue with Microsoft support

***************************************************************************

Reason:
==========
The error "MP has discarded a report when processing Ddr" is happening because the "old" clients are trying to send inventory/discovery data to the new MP which is pointing to an old site code.
This can occur if you have old SMS or SCCM server and you deploy a new SCCM server.

Solution:
===========
The problem will go away once you retarget your "old" clients to the new sitecode , they will send their inventory/discovery data to the new MP .The MP will detect that the client wants to update inventory information in the SMS site database that does not already exist.The MP will force the client to resynchronize the complete inventory, which will be done automatically.

Hope it Helps ,

Kenny Buntinx

SCCM R3 : Power Management In Practice (how-to) Part 1

Hi there ,

I have recently deployed Configuration Manager 2007 R3 beta (refresh) in production at my TAP customer.In my previous blog post I highlight the R3 the beta installation on your SCCM 2007 SP2 lab environment .

See “http://scug.be/blogs/sccm/archive/2010/05/14/sccm-2007-r3-beta-refresh-installation-howto.aspx”

Disclaimer: You are not allowed to install any beta products in your production environment!!! This is only allowed for selected TAP Customers !!! Always install beta products in lab environments !!!

This blog post highlights the R3 Powermgmt feature ; how to use it in your environment and start using reporting on your powerconsumption.

Prerequisites :

First you need to start rolling out the R3 Client mgmt hotfix to your clients.When done the SCCM client will show up with a newer version build.The current version is 4.00.6487.2125.

Enable your Power management client under “Client Agents”:

Configuration Manager 2007 R3 beta Client upgrade Validation Report

After you have deployed the R3 beta Client hotfix, you can use the below query to create a web or SQL SRS report for tracking the R3 beta Client upgrade status

SELECT  CASE sis.Client_Version0
             WHEN '4.00.6487.2000' THEN 'ConfigMgr SP2 RTM'
             WHEN '4.00.6487.2125' THEN 'ConfigMgr SP2 R3 beta'
        END AS [ClientVersion]
       ,COUNT(1) AS [Total]
  FROM v_R_System sis where
         sis.Client0 = 1
         AND sis.Obsolete0 = 0
         AND sis.Client_Version0 IN ('4.00.6487.2000','4.00.6487.2125')
GROUP BY CASE sis.Client_Version0
               WHEN '4.00.6487.2000' THEN 'ConfigMgr SP2 RTM'
               WHEN '4.00.6487.2125' THEN 'ConfigMgr SP2 R3 beta'
          END

Collections :

You basically need 3 collections :

• A Baseline collection : This collection contains the members that have will be in scope for Powermgmt.
• An Enforcement collection : This collection are going to have a Powermgmt plan applied.
• An Opt-Out collection : This collection will never have a Powermgmt plan applied.

Some people have different requirements for implementing power plan: some people will have longer work hours (eg. From 6 am – 11 pm), some branch office may have different working hours, etc. To define different power policy, people need to communicate with different teams and make different power settings for different requirements. So you will define different PowerMgmt collections to meet different needs.
In this blog post example, we will only enforce power policy for one set of regular working hours.

This is how my collection structure looks like :

Like you see here , I have made the difference between laptops/Desktops . This has been done to monitor more closely of what the consumption/savings would be , but also with in the back of my mind for later enabling different powerplans between desktops/laptops.

[PC-DESKTOP-POWERMGMT-SITE] PowerPlan Baseline Collection query :

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_POWER_MANAGEMENT_CAPABILITIES on SMS_G_System_POWER_MANAGEMENT_CAPABILITIES.ResourceId = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like "Microsoft Windows NT Workstation %" and SMS_R_System.Name not like "OCHP%" and SMS_R_System.Client is not null  and SMS_R_System.ADSiteName = "CDM-Hoofdzetel" and SMS_G_System_POWER_MANAGEMENT_CAPABILITIES.PreferredPMProfile = 1

It looks like this :

As you can see I use the “Power Capabilities.PreferedPMProfile” .

This value is been returned from your HW inventory that reads out the value from the BIOS that have the ACPI v2.0 Specification  The set of values is currently:

• 0–Unspecified
• 1–Desktop
• 2–Mobile
• 3–Workstation
• 4–Enterprise Server
• 5–SOHO Server
• and more

[PC-DESKTOP-POWERMGMT-SITE] PowerPlan Disabled Collection query :

This is right now a static collection membership as I want to add different computers quickly

[PC-DESKTOP-POWERMGMT-SITE] PowerPlan Enabled Collection query :

I had the need to make a collection that toke all the members from my baseline “[PC-DESKTOP-POWERMGMT-SITE] PowerPlan Baseline Collection” collection and exclude members from my “[PC-DESKTOP-POWERMGMT-SITE] PowerPlan Disabled” collection.I needed to seperate several custom machines that I don't want to be treated by my powermgt plan . I had a really hard time trying to find and/or build a query that actually worked.

The query to use :

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Client = 1

and SMS_R_System.ClientType = 1

and SMS_R_System.ResourceId in (select ResourceID from SMS_CM_RES_COLL_xxxxxxx)

and SMS_R_System.ResourceId not in (select ResourceID from SMS_CM_RES_COLL_yyyyyyy)

Replace the item in red with the Collection ID of the baseline collection : “[PC-DESKTOP-POWERMGMT-SITE] PowerPlan Baseline Collection” and replace the item in Blue with the Collection ID of the collection : “[PC-DESKTOP-POWERMGMT-SITE] PowerPlan Disabled” you are trying to exclude, which is located under the General tab of the properties window.

It looks like this :

Power Plans :

Before enabling Powerplans to your collections , you need to know about which clients are capable to apply any of your powerplan settings and eventually at that moment take corrective measures.

To do that we will use SRS reporting  and I will explain that in my other blog post next week . So stay tuned to see my next blog post on how to indentify machines that will need different powerplans and actions taken to resolve some of the issues found.

Hope it Helps ,

Kenny Buntinx .

Microsoft EndPoint protection team and System center development team are merging!

As part of STB's strategy to align future Windows endpoint security and systems management engineering, the Forefront endpoint protection development team will join the System Center development team which is led by Brad Anderson. With this change, Brad's new organization will be called the Management and Security Division.

The entire press release can be found here:

http://www.microsoft.com/presspass/press/2007/may07/05-02SecManPR.mspx

Which is in line with the decision that was made in october to rebuild Forefront on top of SCCM (a systems management product) as opposed to its old mom 2005 architecture (a monitoring product).

As you can read here:

http://blogs.technet.com/b/forefront/archive/2010/04/21/converging-endpoint-security-and-management-it-just-makes-sense.aspx

On top of that it also moves SCCM into the area that Gartner predicts for several years already that lifecycle management is moving to (Endpoint protection integration).

Symantec and Altiris are moving in that direction, and so is Microsoft now.

Gartner lifecycle management magic quadrant: http://www.gartner.com/technology/media-products/reprints/microsoft/vol12/article3/article3.html

Gartner extract:

“PCCLM and Endpoint Protection: The PCCLM and endpoint protection markets are both mature. There is less of a need for best-of-breed point solutions than there was five years ago, and organizations are placing greater value on the integration between these sets of tools and the preservation of a single vendor strategy. For example, with this type of capability, the PCCLM tool can discover the last time a machine's antivirus (AV) client scanned, and force a scan if appropriate. The implication here is that security can set the policy that defines when scans must take place, but the discover, detect, remediate function can be handled by operations, which is its competency.”

--

Enjoy the dive into the Dark Magic of WMI.

"The M in WMI stands for Magic"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://myitforum.com/cs2/blogs/koppalfens/default.aspx

http://www.linkedin.com/in/kimoppalfens

http://twitter.com/thewmiguy

SCCM V.next Beta 1 : Released !!!

Today I am very excited to announce the release of Beta 1 for System Center Configuration Manager v.Next.

System Center Configuration Manager v.Next is uniquely positioned to provide for powerful and flexible user-centric client management, allowing users to be able to seamlessly access their data from virtually anywhere, across multiple device types while providing IT with unified management tools and centralized control.

This next release of Configuration Manager is focused on 3 main pillars:

User centric application management  - Empowering Administrators to define intent, and end users flexible access to the right application at the right time

• Allow the administrator to think users first
• Application management model to capture admin intent
• End user self-service software portal

Infrastructure simplification – Simplify management infrastructure, processes and administrative overhead

• Unified management across PCs and devices
• New role based administration and end-user experiences
• Automated content distribution and troubleshooting
• Redesigned core infrastructure and improved scalability

Simplify Client Management – Daily tasks, model based configuration management and improvements over existing capabilities

• Automated compliance remediation
• Client health and auto remediation
• Remote control enhancements
• Offline servicing of OS images

Read it further at Jeff’s Wettlaufers Blog post : http://blogs.technet.com/b/systemcenter/archive/2010/05/24/the-next-generation-of-client-management.aspx

You will see me blogging more and more on V.next when doing my Beta 1 test routines , so stay tuned …

Hope it Helps ,

Kenny Buntinx

SCCM 2007 R3 Beta (refresh) Installation (Howto)

I have recently deployed Configuration Manager 2007 R3 beta (refresh) in production at my TAP customer. Below I will outline the steps for deploying Configuration Manager 2007 R3 beta.

Disclaimer: You are not allowed to install any beta products in your production environment!!! This is only allowed for selected TAP Customers !!! Always install beta products in lab environments !!!

This blog post highlights R3 the beta upgrade preparation on your SCCM 2007 SP2 environment . You need SP2 in order to be allowed the installation of R3, so if you did not upgraded your environment , this is the first step !

We talk further about the actual server upgrade and validation tasks.

1. Prerequisites :

SCCM 2007 SP2 only environment

Below a table with the site roles where this R3 upgrade is applicable if you have SCCM 2007 SP2 installed :

SCCM 2007 SP2 R2 environment

Below a table with the site roles where this R3 upgrade is applicable if you have SCCM 2007 R2 already installed :

* Site Server (Secondary Site) :

If you have SCCM 2007 R2 installed on your secondary sites and then :

1. You don't need to install R3 on secondary sites if you do not use any "Proxy MP" or "AD discovery" feature at your secondary sites if you only use the "Power Mgmt" feature through your organization & run "AD discovery" on your Central or Primary sites.
2. You do need R3 on your secondary sites if you do use the "Proxy MP" functionality or "AD discovery" at your secondary sites.

If you are planning to use these features in secondary sites you need to install R3. Since most customers do use proxy MP role on secondary ,you need to install R3 there as well.

2. Pre-Flight Checks for R3 Beta (refresh) Upgrade

• Take a  ConfigMgr Site Backup and verify that it is successful.
• Make sure that ConfigMgr 2007 SP2 is installed correctly and that all site server components are healthy

3. Configuration Manager 2007 R3 Beta (refresh) Server Upgrade

• Install the server side hotfix (KB977384) (included in the dowload of the R3 media) .This hotfix, which comes with the R3 of SCCM 2007, is a prerequisite for SCCM 2007 R3. During the installation it also creates a SCCM Package/Program containing a MSP file allowing to update SCCM Advanced Clients Components. This client hotfix package has to be deployed to all ConfigMgr 2007 SP2 clients before power policies can be managed.

Click “Next”to continue.

Click “I accept …”to continue and select “Next”to continue.

Hit the Ïnstall” button.

The Hotfix starts to install.

It will prompt you to create a Package & Program for later deployment to your Configmgr 2007 SP2 clients.

During the installation process, when prompted to create a software distribution package for client hotfix deployment, Provide a name for the ConfigMgr package & Program. However your package & program needs to be done thru conformity of your production naming convention & deployment standards. This client hotfix package has to be deployed to all ConfigMgr SP2 clients in the environment before their power policies can be managed

Specify the package source & click “Next” to continue.

Click “Next” to continue.

Click “Finish” to exit.

• During the hotfix KB977384 installation, the source bits for the client hotfix package will be copied into the client\i386\hotfix\KB977384Beta folder. Look if the bits exists in that folder.

• After successful installation of hotfix KB977384 pre-requisites, execute R3 beta (refresh) installation from the installation source location using SPLASH.HTA. Follow the screenshots below to complete the installation.

Click “Next” to continue.

Accept the license agreement and Click “Next” to continue.

Click “Next” to continue.

Click “Next” to continue.

Click “Finish” to exit.

 

4. Post Configuration Manager 2007 R3 Beta (refresh) Server tasks

• Open SCCM Console & navigate to Site Database – Site Management - <Site Code> - <Site Name> and view properties to confirm that R3 Installed is “Yes” as shown below

• Verify that the SMS_Def.mof has been appended with R3 specific WMI classes, without any changes to the pre-existing class definitions.

• Go to the ConfigMgr Console, navigate to [Site Database] – [Site Management] - [Your site code] - [Your site name] - [Site Settings] – [Client Agents].You will see a new item called “Power Management Client Agent”. Go to the “Power Management Client Agent” properties and check the box “Enable Power Management on Clients”.

• Install SCCM Reporting Services Point. Power Management in SCCM 2007 R3 contains a number of reports to help you to analyze power consumption and computer power settings in your organization. These Reports require SQL Reporting Services which was introduced in SCCM 2007 R2.If you never worked or used SRS reporting , get used to it , because it will be the only reporting functionality left in Configmgr V.next.

Note : I am not going to explain how to set-up SRS reporting . You can find guidance on Technet or the online help .

 

Copy SCCM Reports to Reporting Services. Power Management in SCCM 2007 R3 gives you 17 new reports.

Click “Next” to Continue.

Fill in your credentials and Click “Next” to Continue.

Select “Import Report Definition Language Files From Microsoft Signed Cabinet File”.

Browse to the "%SCCM installation folder%\Reports\Power Management" folder and select the MicrosoftReportPack.cab file. Click "Open” to Continue.

Look if all reports are selected and Click “Next” to Continue.

Click “Next” to Continue.

Look at the status and see that all reports are imported successfully. Click “Next” to Continue.

Look in the SCCM console if the reports exists.You can run all Reports from the SCCM Console now.

 

5. Deploy the MSP file contained into the SCCM Package created by installing the hotfix onto you SCCM 2007 SP2 Clients

After the R3 installation is completed on the site server, the next step is to deploy R3 hotfix to all SP2 clients to use all R3 features.Look for the Client hotfix package & program that where created during installation and must be available under ‘Software Distribution’ and then look for the Packages Node.

• Validate your Package & Program Properties

• Deploy your package to all your Distribution points, before deploying the package to all clients.

• Create your deployment collection(s).Deployments should be done in multiple phases.Start with a Test/Pilot group and the second wave should be per site/region.You could use “Link to Collection” for avoiding creating to much collections.

• Creation your Advertisements.There are no special requirements in creating advertisements for this deployment.

Hope it Helps ,

Kenny Buntinx

Video TechDays 2010: WMI for the SCCM Admin

Format: wmv
Duration: 80:12

The Citrix Connector for System Center Configuration Manager

As they demonstrated a few weeks ago at #MMS2010, the System Center team is working in partnership with Citrix to integrate the management of XenApp with Configuration Manager.

The connector enhances Configuration Manager, enabling administrators to orchestrate the tasks required to deliver applications to XenApp Servers and publish XenApp hosted applications seamlessly and with minimal impact to the user.

They’ve put together a white paper that outlines how the new capabilities can be used to improve enterprise application management.

I think this is a huge step forward as today’s issues where not distributing the app on a Citrix/Xenapp box , but to publish the app thru the Xenapp Console .

I will try this connector in the upcoming weeks at my customers and let you know what my experiences are. So stay tuned .

Hope it Helps,

Kenny Buntinx

Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2 Part 3

In my previous post I have talked about  the 3rd Party Remote Configuration Certificate that is needed on each OOB Service Point to Provision Intel vPro technology based systems in SCCM at http://scug.be/blogs/sccm/archive/2009/11/30/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-2.aspx

Now we will talk about importing the 3rd Party Remote Configuration Certificate on the OOB Service Point (In this example we will use a certificate from GoDaddy ).

In part 3 we will explain how to import the Vpro certificate and to export the certificate again for the use of the OOB role in System Center Configuration manager.

1. When you receive your certificate from your vendor ( in this case Godaddy ) , you will probably get 2 certificates :

• Your AMT server point certificate ( containing the FQDN of your server )
• Some intermediate chained certificate from Godaddy. (You should look at this as the PKI chain certificates so that the chain could be verified)

You could check your certificate that it is a good certificate for AMT provisioning by just looking at the properties ( Select cert  - Right Click – Select open)

Make sure that the certificate has been intended for the following purposes :

1. Ensures identtity of a remote computer
2. Proves your identety to a remote computer
3. 2.16.840.1.114413.1.7.23.2

and that it has been issued for the server that will serve as the AMT provisioning point.

2. You will need to import both certificates by right clicking the certificate and select “Install Certificate” on your AMT “out of band service point” as shown below.

3. Preparing the AMT Provisioning Certificate for the Out of Band Management role on the SCCM server.

1. When done correctly they should be seen in your certificate store at Certificates (Local Computer) running on the member server, right-click the provisioning certificate, click All Tasks, and then click Export.

2. In the Certificate Export Wizard, click Next.

3. On the Export Private Key page, select Yes, export the private key, and then click Next.

4. On the Export File Format page, ensure that Personal Information Exchange - PKCS #12 (.PFX) is selected, and then select Include all certificates in the certificate path if possible.

5. On the Password page, specify a strong password to protect the exported certificate with its private key, and then click Next.

6. Click Next, and on the File to Export page, specify the path and name of the file that you want to export, and then click Next.

7. Click Finish in the Completing the Certificate Export Wizard page, and then click OK in the Certificate Export Wizard dialog box.

8. Store the file securely, and ensure that you can access it from the Configuration Manager console.

4. The AMT provisioning certificate is now ready to be configured for the out of band management component.In part 4 we will explain how to set-up the other certificates needed and the internal  PKI infrastucture that is needed for the OOB role in System Center Configuration manager.

Hope it Helps ,

Kenny Buntinx

ConfigMgr 2007 Toolkit version 2 is now available

I’m proud to announce that our SCCM Product team has released System Center Configuration Manager 2007 Toolkit V2 live on the Microsoft Download Center today.  This release is a follow up to our original release back in 2007.  With this V2 release we re-introduced the Delete Group Class, MP Troubleshooter, Preload Package and Send Schedule Tools from the SMS 2003 Toolkit.   All four tools where frequently requested from customers & MVP’s and we are happy to enable them for use with ConfigMgr 2007 with some added features. 

The release also includes an updated Security Configuration Wizard Template for ConfigMgr 2007 SP2 and Windows Server 2008 R2.  Furthermore this release includes all the original 2007 Toolkit tools along with the new ones in one easy to install MSI.

The following list provides specific information about each tool in the toolkit.

· Client Spy - A tool that helps you troubleshoot issues related to software distribution, inventory, and software metering on Configuration Manager 2007 clients.

· Delete Group Class Tool - A tool used to remove inventory group definitions along with history data, tables, views and stored procedures for the group.

o New in 2007: In addition to removing the entries in the GroupMap and AtttributeMap tables, Delete Group Class Tool also removes the inventory stored procedures, schema views and tables.

· Desired Configuration Management Migration Tool - A tool used to migrate from the DCM Solution for SMS 2003 to DCM in ConfigMgr 2007.

· Desired Configuration Management Model Verification Tool - A tool used by desired configuration management content administrators for the validation and testing of configuration items and baselines authored externally from the Configuration Manager console.

· Desired Configuration Management Substitution Variable Tool - A tool used by desired configuration management content administrators for authoring desired configuration management configuration items that use chained setting and object discovery.

· Management Point Troubleshooter Tool - A tool that checks a computer system before and after a management point installation to ensure that the installation meets the requirements for management points.

o New in 2007: MP Troublshooter Tool can detect WebDAV rules and will provide simple automatic fix, which will help admin to correct issues like WebDAV authoring rules.  Also supports Native Mode.

· Policy Spy - A policy viewer that helps you review and troubleshoot the policy system on Configuration Manager 2007 clients.

· Preload Package Tool - A tool used to manually install compressed copies of package source files on Configuration Manager 2007 sites.

o New in 2007: Preload Package Tool now supports compressing packages before transferring them across the network.  Supported Packages: Software Distribution Package, Virtual Application Package, Boot Image, Operating System Image, Operating System Install Package and Driver Package.

· Security Configuration Wizard Template for Configuration Manager 2007 - The Security Configuration Wizard (SCW) is an attack-surface reduction tool for the Microsoft Windows Server 2008 R2 operating system. Security Configuration Wizard determines the minimum functionality required for a server's role or roles, and disables functionality that is not required. The Configuration Manager 2007 Service Pack 2 Security Configuration Wizard template supports new site system definitions and enables the required services and ports.

· Send Schedule Tool - A tool used to trigger a schedule on a Client or trigger the evaluation of a specified DCM Baseline. You can trigger a schedule either locally or remotely.

o New in 2007: Send Schedule Tool can now trigger DCM Baseline evaluation.

· Trace32 - A log viewer that provides a way to easily view and monitor log files created and updated by Configuration Manager 2007 clients and servers. The best tool for troubleshooting log files :-)

Hope it Helps ,

Kenny Buntinx

SCCM : Software Updates are hanging.

Issue :

A XP client keeps failing on 2 updates that are marked as missing , but no errors could be found in the SCCM client logs , neither in the Windows Update Agent.log. You only get this line in the log file :

Update (Site_308CBE75-86C9-4D9D-AC4E-410079CCF8A2/SUM_5bf6aa01-2591-4966-95a6-afa7b5b6ac68) Progress: Status = ciStateError, PercentComplete = 0, DownloadSize = 0, Result = 0x80040656

Solution :

The solution is explained in KB artible : http://support.microsoft.com/kb/956702

Method for Windows 2000, Windows XP, or Windows Server 2003

To resolve this issue, register the Softpub.dll, Wintrust.dll, Initpki.dll, and Mssip32.dll files. To register these files, follow these steps:

1. Click Start, click Run, type cmd, and then click OK.

2. At the command prompt, type regsvr32 Softpub.dll /s, and then press ENTER.

3. At the command prompt, type regsvr32 Wintrust.dll /s, and then press ENTER.

4. At the command prompt, type regsvr32 Initpki.dll /s, and then press ENTER.

5. At the command prompt, type regsvr32 Mssip32.dll /s, and then press ENTER.

After you re-register the above dll’s , you perform a software update scan.From than the updates will install normally.

Hope it helps ,

Kenny Buntinx

MMS 2010 - an event to remember

Hi All,

I think most people have followed the early bits of my attempt to make it to MMS 2010 for my session on WMI for the System Center Configuration Administrator. But here is the full story.

As most of you know the airspace in Brussels closed down on Thursday, and the re-opening of the airspace got delayed a couple of hours at the time. As Kenny already blogged quite a few of the SCUG members decided to drive to Madrid and take a flight from there. Unfortunately by the time I figured airspace was not going to be re-opened on Sunday morning there were no tickets available in Madrid so I could join Kenny and the other SCUG members. That was the start of a pretty frustrating week, I went to the airport day-after-day to get my flight rescheduled to a waiting list the next day each time around.

On Thursday when the first transatlantic flights from Brussels started leaving again I got drafted for a seat on the flight to Chicago. So things brightened up slightly as my session had been reschedules to Friday morning. The flight to Chicago however got delayed for 1,5 hours, add a 2 hour border control line to that, and you can figure out that I didn’t make my connection to Las Vegas. The airline transferred me on to the next flight out to Las Vegas, but apparently this was my “lucky week” and the airplane on my rescheduled flight needed servicing, which meant they had to fly in another airplane from Philadelphia causing an additional delay of 1 hour 45 minutes. Eventually landed in Las Vegas 9:40 PM only to find out that my luggage didn’t make it. The airline service desk told me it would arrive on the next flight from Chicago, so I waited for awhile for that to arrive, but eventually gave up on that and had the airline ship my luggage to the hotel. Long story short, I arrived at the Palazo hotel at 10:30 PM. I promised event organizers Martin Dey and Lyndy Hailey that I would do everything within my power to make it there, and well a promise is a promise.

And now for the good news, had a good night of sleep at the Palazo, got up bright & early, and was totally “in the zone” to deliver my session. That Friday morning nothing could have stopped me, I was going to deliver a killer-session no matter what. And so I did, I went on stage and delivered my session, wide awake adrenaline pumping like mad. I didn’t just deliver my session, I don’t usually brag about my performances but this time around I rocked! I delivered the best-scoring session of the systems management track although Greg Ramsey (Powershell and SCCM: Better toghether) Sherry Kissinger (Hardware Inventory of custom DCM to ensure compliant systems) and all the program managers in The ConfigMgr product team (ConfigMgr vNext Ask the panel of experts ) made me work my magic mojo pretty hard to achieve that.

It didn’t stop there though, on top of scoring the best systems management session, I managed to score a top 10 overall session and finished 8th in the overall sessions at MMS 2010. Needless to say, it has been one hell of a trip, but it has been worth it. I only got beaten by some true rock stars like (Mark Minasi, Michael Niehaus, Travis Wright and Johan).

Yes that’s Johan Arwidmark, but within our industry he entered the group of people that you know by just mentioning their first names like Bono and Cher.

I delivered 2 great demo’s got to announce the release and promote sccmautodoc (more on that later or mail sccmautodoc@oscc.be for ordering info), and have been living on a cloud ever since. (Never new “The Cloud” experience was this intense).

Here are some of the comments I liked best on the eval sheets:

glad you could make it to the conference. This session was very beneficial!!!!! thank you for sharing your knowledge!!!!

Kim did a great job of showing how we can use WMI more efectively, as SCCm admins

The MYIT speakers/presenters are very good, presenting the real world and not just MS propaganda

And this one is what I did it for:

Thanks for flying in. You are amazing. We are not worthy!

In the end the trip was hell, and I didn’t get to see much of the event, but to me it was worth it.

ConfigMgr 2007 R3 : Officially Beta has been released for download on connect !

Configuration Manager 2007 R3 Beta has been released today during Brad Anderson’s Keynote !

If you are a member of the Configuration Manager 2007 R3 Open Beta program you can download at this Connection via the downloads tab. (http:\\connect.microsoft.com)

Feedback can be provided using the Feedback tool and also available is discussions via the Newsgroups where you can post comments and ask questions.

Hope it Helps ,

Kenny Buntinx

SCCM : State of the union @ MMS-2010

Let me start by saying that it has been a great State of the union , and for those of you that didn't make it this year, that they are working in the Systems Center Configuration Manager Space. Make sure you are here next year, because you are missing out on a lot of great stuff with Josh Pointer & Bill Anderson.

I was really surprised when they showed this slide . They even called me on stage ! I was really touched …( read the real story at http://scug.be/blogs/sccm/archive/2010/04/19/mms-2010-the-road-trip-continued-we-have-made-it-but.aspx )

But now , lets continue with the serious stuff . I will try to give you a good overview of what has been said during the “State of the Union” below. There was a lot of valuable info today.

What the ConfigMgr team did the previous 12 months for people who really didn’t know yet :

• They released ConfigMgr 2007 SP2 ,
• They released the ConfigMgr dashboards
• They released the new Application Compatibillity Toolkit 5.5
• They released a 64 bit management pack for SCOM
• They released SCAP
• The documentation team created some :
  • Configmgr Super flows (http://technet.microsoft.com/en-us/library/ff385001.aspx)
  • Web based help models

What the ConfigMgr team additionally learned :

• 1/3 of the total ConfigMgr traffic on the Asset Intelligence service had an uptake in the last 3 months
• With recent uptake on AI, the ConfigMgr team learned that there are new gaps in title and categorization that they need to invest into.

What the ConfigMgr team will do in the next 12 months :

For ConfigMgr 2007 :

• The documentation team will :

• Create some more superflows (http://technet.microsoft.com/en-us/library/ff385001.aspx)
• They will create a cloud based help add-on
• They will launch a Bing MSDN Visual search

• Targeted for 2010 there will be releases for adobe patch management thru SCUP ( system center update publisher ).There is an agreed principle that Adobe will be ready at least before the end of this year for Adobe Reader and Acrobat products:

• Supporting Microsoft System Center Configuration Manager (SCCM)
• Leveraging Microsoft System Center Updates Publisher (SCUP)
• Hosted as catalogs at Adobe for automatic download by SCUP
• Products: Adobe Reader and Acrobat (Versions still being determined)
• All updates – Quarterly and Out-of-Cycle Updates (New major versions under consideration)
• Simultaneous with the rest of Adobe Reader and Acrobat deliverables

• Shavlik has released a new plugin for SCUP called SCUPdates ( multivendor ) . (see www.shavlik.com) . Shavlik Data Team maintains updates for multiple vendor products such as Adobe, Apple, Citrix - in a single catalog file.
• Config Mgr R3 : Yes , it still isn’t off the radar.

For ConfigMgr V.next :

Let me start by saying that SCCM v.Next is still minimum 1 year away, so I will start with the stuff that is more or less targeted for release dates (however it can always change). They said during the “State of the union” that the development cycles are longer then the ones for SMS 2.0

• Beta 1 – May 2010
• Beta 2 – Q1 CY 2011
• RTM – H2 CY 2011

Here are some readiness tips for V.next :

• System Requirements :
  • Site servers and site roles require 64-bit OS (distribution points are an exception)
  • Distribution points are an exception (32 bit is supported for standard DP’s)
  • SQL 2008 SP1 with CU6 (64 bit) needed
  • SQL reporting is the only reporting left (web based reporting is gone)
• Hierarchy :
  • Flatten the Configmgr 2007 hierarchy
  • Start implementing branch cache
  • Start learning about SQL replication
  • Best practices - AD Sites for site boundaries, UNC paths for source content, Break up collections that contain both users and devices
• The new ConfigMgr V.next App Model Helpers :
  • State based applications needs certain detection methods. Tip: Use App CI’s today for your applications to learn about this. SCUP is also a good tool for this
  • Rules vs Queries . Tip: Use DCM today to learn how to author settings and rules as experience will be the same.

What about the partnership with Citrix ?

Configmgr/Xenapp Relationship :

• Long term collaboration on user centric architecture and experiences
• Integration that drives core product designs of both ConfigMgr and XenApp
• Logical next step in 20+ year MS/Citrix relationship

Xenapp Connector for Configmgr :

• Offer a single, integrated view and management of all enterprise applications
• Extend ConfigMgr applications to a broader set of users, devices and access scenarios
• Advanced automation with ConfigMgr delivers applications and updates to XenApp servers without impacting users
• Citrix Dazzle enables self service access to XenApp delivered applications from any device
• Available in June 2010 ( could still change )

Configmgr V.next & Xenapp V.next :

• Citrix XenApp & ConfigMgr V.next will align on user centric computing vision
• Citrix will build upon ConfigMgr V.Next as a best practice for enterprise application management
• Citrix will continue to integrate XenApp application delivery into future versions of ConfigMgr v.next

We will talk soon about it when we have our “Best of MMS” session in Belgium, Make sure that you register on the following link ; http://technet.microsoft.com/nl-be/ff628215.aspx

Hope it helped ,

Kenny Buntinx

MMS-2010 : The Road trip continued … We have made it , but ….

As explained in other posts as well , almost all European airports where closed . Well that wasn’t good enough for us as explained in the previous posts :

http://scug.be/blogs/mike/archive/2010/04/17/mms-2010-the-roadtrip.aspx

http://scug.be/blogs/sccm/archive/2010/04/17/mms-2010-the-road-trip-continued.aspx

Well , two founding members and one member of the Scug.be community ( Alex Verkinderen (SCOM MVP) , Kurt Vanhoucke (SCSM expert) and Dieter wijckmans ) left already on friday evening to Madrid airport to grab the last two seats on Saturday ….

Ourselfs , also a founding member and two other members of the Scug.be community ( Kenny Buntinx (SCCM MVP) , Mike Resseler (SCE , SCDPM expert) and Arne Peeleman ) left on saturday noon to Madrid airport to grab the last tree seats on Sunday ….

But there is also some sad news :

We lost the following Scug.be members as well due to various reasons :

• Kim Oppalfens (SCCM MVP & SCUG founding member)
• Gino D’hooker (SCUG Member)
• Yves Janssene (SCUG Founding Member)

We still hope that some guy’s can still make it !!

If there are any spelling mistakes , sorry , but I am exhausted

Kenny Buntinx

I Sooo fricking hate volcano’s

Hi All,

UPDATE:

My flight unfortunately IS canceled now, I am on a waiting list to fly out Tuesday morning. We are investigating alternative ways of delivering the presentation such as livemeeting.

If you think we should than post a comment here.

I was/am scheduled to leave for the Microsoft Management Summit to present 2 sessions on WMI for the System Center Configuration Manager administrator.

My flight should leave tomorrow morning at 11:25am local time in Belgium, the Volcano ash is keeping the airport closed till 8:00 AM for now.

If my flight does get canceled I’ll try and see whether I can still make it over there to present the session topics as I have some pretty funky things to demo.

If everyone keeps his fingers crossed than I honestly belief I will still make it somehow.

Kind regards,

and hoping to still make it.

Enjoy.

MMS-2010 : The Road trip continued

Hi ,

As our fellow Scug crew member Mike Resseler already has written on the following link “http://scug.be/blogs/mike/archive/2010/04/17/mms-2010-the-roadtrip.aspx” about our planned road Trip.

I will be traveling with them and we will try to twitter as much as possible at my twitteraccount “KennyBuntinx” .

You ask yourself probably why are these guys that crazy ? To write it in one word  : Dedication !

I really need to be there on Monday for some Instructor Led Labs on ConfigMgr V.next.

So lets hope for all the best that the road trip to Madrid will not be for nothing , because then I take a week vacation over there in Madrid to relieve my stress .

Twitter you later  ,

Kenny Buntinx

EDIT: Typo corrected by Kim

Best of MMS 2010 event in BELGIUM

Best of MMS 2010 will provide the opportunity to learn more about IT Management solutions from Microsoft and how you can adopt them in your datacenter.

In a year packed with new management product releases, MMS 2010 will provide the latest technical updates on Desktop, Datacenter, Device and Cloud management features and solutions from Microsoft.

This year 5 of our Belgian Experts from the System Center User Group will attend the MMS event in Las Vegas and bring back all the valuable information and present them to the Belgian IT Professionals.
You have the choice to either attend this event in person or follow it by using live meeting.

The Agenda of the day:.

• Overview of announcements made at MMS in Las Vegas
• System Center Configuration Manager vNext
• The top 20 “Must Have “ customizations in Operations Manager
• Introduction into Opalis
• What’s new and what changed in Data Protection Manager 2010
• What to Expect from Service Manager
• Technical Overview of System Center Essentials 2010

Don’t miss this unique opportunity and register now for this free event on the following link : http://technet.microsoft.com/nl-be/ff628215.aspx ! Seats are limited for the offline event , but you can always join us on the livestream!!

Hope it Helps ,

Kenny Buntinx

SCCM Report : Count of all instances of software registered with Add or Remove Programs that you want to list

Did you ever want to list your software counts for your licenses. Did management ever requested a report like that. Well below you will find the query code to do that . I am pretty sure there are still better ways to do it , but hey I am a novice in SQL reporting …When I have figured out a better way , because it is really static right now , I’ll post it anyhow .

*************The query *************

select
    DisplayName0,
    Version0,
    Count (Distinct arp.ResourceID)
From
    dbo.v_Add_Remove_Programs ARP
Where
    DisplayName0 in ( 'Microsoft Office Professional Edition 2003','Microsoft Office Standard Edition 2003','Microsoft Office Enterprise 2007','Microsoft Office Standard 2007','Microsoft Office Professional Plus 2007','Microsoft Office Project Professional 2003','Microsoft Office Project Standard 2003','Microsoft Office Visio Professional 2003','Microsoft Office Visio Professional 2007','Microsoft Office Visio Standard 2003','Microsoft Office Visio Standard 2007','Microsoft Visual Studio 2005','Microsoft Visual Studio 2008','Microsoft Visual Studio 2005 Professional Edition - ENU','Microsoft Visual Studio 2005 Team Suite - ENU','Microsoft Visual Studio 2008 Professional Edition - ENU',' Microsoft Visual Studio 6.0 Enterprise Edition','Microsoft SQL Server 2005','Microsoft SQL Server 2000','Microsoft Project 2000 SR-1','Microsoft Project 2000','Microsoft Office 2000 SR-1 Professional','Microsoft Office 2000 SR-1 Standard','Microsoft Exchange')

Group by
    DisplayName0,
    Version0
Order by
    DisplayName0,
    Version0

*************The query *************

The outcome of the report ;

Hope it Helps ,

Kenny Buntinx

MMS-2010 : Getting closer! Call to action for Belgian IT-Pro’s attending MMS !

Microsoft Management Summit 2010 is just around the corner! But the question will be : how many Belgian IT Pro’s are attending this event ?

If you are an Belgian IT Pro , please let me know . It would be great to know and maybe meet up in Las Vegas.

The complete SCUG team from Belgium will be there!

Myself (MVP SCCM), Kim Oppalfens (MVP SCCM) , Kurt Vanhoecke (SCSM), Alexandre Verkinderen (MVP SCOM) , Yves Janssens ( SCSM & SCOM ) & Mike Resseler ( SCDPM & SCE ) will attend MMS in Vegas.

See you all over there !

Hope it Helps ,

Kenny Buntinx

#mms2010 BREAKING NEWS: General attendee registration for MMS 2010 is now sold out!

Hi Guys ,

MMS is SOLD out – too  bad if you still want to register and be there ! Read the full story here : MMS 2010 BREAKING NEWS- General attendee registration for MMS 2010 is now sold out!

Hope it helps ,

Kenny Buntinx

SCCM OSD Deployment : The IIS Admin service is not starting anymore on a deployed sysprepped Windows Embedded 2009 with IIS 6.0 installed

Lately I have been busy with testing & deploying for a big project some Windows Embedded 2009 devices , called the Advantech ARK –1388 .One requirement from the customer was to have IIS 6.0 installed.We decided to include the IIS 6.0 component into the WES 2009 image with Target builder  ( witch is a tool for building the WES image ), but every time we deployed an image after it had been sysprepped with SCCM, the IIS Admin service would fail to start .

Because this needed to be deployed onto three thousand (3000) WES devices , we contacted Microsoft PSS support for some help. Below you will find our findings and workaround for the issue .

Our problem :

We installed a Windows Embedded 2009 image with IIS 6.0 on a Advantech ARK-1388 and it is running fine.The OS is prepared for system cloning using the sysprep.exe tool ( supported since WES 2009 ).

When we reapplied the master image  with SCCM R2 SP2 and mini-setup was completed, the OS seems to run fine, however the "IIS Admin" service does not start and returns the following error:
"Windows could not start the IIS Admin on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -2146893818."

There are no related errors in the Event Logs. IIS cannot be repair-installed using the Add/Remove Programs component of the Control panel.( this was done to see if we could automate a self –repair )

We would like to deploy the WES image using the OSD feature of SCCM 2007 R2 ,but the problem also occurs when customer calls sysprep.exe manually without the usage of SCCM. ( that’s what we thought , SCCM always works great !! :-) )

Our environment :

We have a Windows Embedded 2009 image with IIS 6.0
We have a SCCM 2007 R2 SP2 environment

The summary of our troubleshooting :

1. Microsoft CSS discussed with the WES and SCCM teams if WES2009 is supported on SCCM 2007 R2. After a discussion they have modified there statement on the web , see http://blogs.technet.com/configmgrteam/archive/2010/01/25/things-you-need-to-know-when-using-windows-embedded-standard-2009.aspx

2. the proposed workarounds from Microsoft (re-installing MSDTC and IIS) from the " WES Resource Kit" didn't solve the problem.

3. We checked the FBWF status on the sysprepped image. It was still disabled as it should .

4. Microsoft spoke with the IIS team about the issue. Discussion results:
  a) It's a known problem that IIS doesn't work after sysprepping the image because of the changes made by sysprep.
  b) Using sysprep on XP Pro is not supported, see KB326779 "Supported IIS configurations for use with Sysprep"
  c) The only supported solution is to install IIS after the sysprep phase. On XP Pro PCs you can run an unattended IIS installation
     using the Sysocmgr command (which can add or remove Windows Components). E.g. as described in
     KB309506 "How To Perform an Unattended Installation of IIS 6.0"
     Here is the catch !! : Unfortunately Sysocmgr.exe is not shipped with the XPe database ===> meaning that it is impossible to install IIS 6.0 after we have deployed our WES 2009 client !

5. As discussed with Microsoft and the IIS team I tried to "repair" the IIS Admin service after the final sysprep boot by using SysOCmgr.We have copied the missing sysocmgr.exe from an XP Pro SP3 PC and I've had to insert an XP Pro SP3 CD into the CD drive for the missing files.We don't believe this workaround can be used by my customer (legal and technical issues).

6. For a test we have used fbreseal instead of sysprep. The IIS Admin service was running after fbreseal.But as I know deployment via SCCM 2007 OSD requires the usage of sysprep and fbreseal cannot be used in this scenario.

Our Solution :

Together with the WES product team & Microsoft PSS support we found an easy workaround to get the "IIS Admin" service running again on the sysprepped WES 2009 image.
The workaround switched off the IIS components in the registry and called the FBAOC.exe tool to re-install IIS.It solved the problem on our test devices.

Here're the details about this workaround:

1. It doesn't need the XP Pro SP3 CD.
2. It doesn't need any file from an XP Pro SP3 PC (like sysocmgr.exe).
3. It doesn't need to collect any IIS files into a special installation location.

The workaround is just:

1. Uses your original SLX file and WES 2009 image which uses the FBOCMgr phase 5550 for the IIS components.
   It means you can run the workaround on your original sysprep-ed images.
2. Changes some IIS registry settings used by the OS to install IIS.
3. Uses a WES-specific command (FBAOC.exe) which is part of your original SLX file and image.
4. Step 2-3 can be executed by the attached files:

  a) MyIIS-Off.reg      for changing the registry

*********************************CODE BEGIN**********************************

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents]
"iis_common"=dword:00000000
"iis_inetmgr"=dword:00000000
"iis_www"=dword:00000000
"iis_www_vdir_scripts"=dword:00000000
"iis_www_vdir_printers"=dword:00000000
"iis_doc"=dword:00000000
"iis_ftp"=dword:00000000

*********************************CODE ENDS**********************************

  b) MyIISinstall.bat   runs the workaround (by using MyIIS-Off.reg)

*********************************CODE BEGIN**********************************

@echo off

echo Changing registry settings...
regedt32 /s \MyIIS-Off.reg

echo Enabling IIS features...
\windows\FBA\FBAoc.exe

echo Done.

*********************************CODE ENDS**********************************

Pls. put the files in the C:\ root folder on your sysprep-ed WES 2009 image and call the MyIISinstall.bat file from a command line.

When running properly the batch file will run for 1-2 minutes and it'll display 3 output lines:
        Changing registry settings...
        Enabling IIS features...
        Done.

Afterwards the "IIS Admin" service should be running.

So this scenario is not supported on XP Pro. But this workaround is supported.
This is a known problem/limitation on XP Pro. The same problem occurs on WES installations because WES uses exact the same XP Pro binaries.

Hope it Helps ,

Kenny Buntinx

WMI for the SCCM Admin (Techdays Belgium 2010) – MMS 2010 Birds of a feather session

Hi All,

I just proposed a birds of a feather session on WMI for the SCCM Admin.

This is the session I’ll be delivering at the end of this month at the Belgian Techdays. Quite a few people have asked me whether the session will be recorded, to which I have no answer right now. However, if you can’t come to Belgium (shame on you, as we have great beer and chocolate), yet you will attend MMS and would like to hear more about this, here is your chance.

If you want to see this session go through than vote for this session by performing the following procedure:

· Log into CommNet (http://www.mms-2010.com)

· Click on “BOF Survey” in the left Nav

· In the “Commonly Requested Topics” dropdown select “WMI for the ConfigMgr Admin”

· Press “Submit”

Some of the fancy things I’ll demonstrate:

· Have suppress notification enabled when creating virtual applications

· Have the program of an advertisement disabled at advertisement creation if it is targetting a collection with more than X number of members to prevent Mass-deployments (Unless the program is in the mass deployment category or the advertisement has no mandatory schedule)

Some of the fancy things I’ll explain how to do

· Have any created program limited to predefined target platforms

· Eliminate the need for a Big Red Stop Button (BRSB) (copyright Shaun Cassells) http://myitforum.com/cs2/blogs/scassells/archive/2008/05/14/how-to-stop-an-errant-advertisement-in-sms-2003-sccm-2007.aspx

And that’s just the plain easy stuff J. If this has you intrigued, than be sure to vote, and yours truly will come to the party (I have some way more fancy tricks up my sleeve, and believe me by the end of this session you’ll think the M in WMI stands for Magic).

--

Enjoy.

"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx

http://www.linkedin.com/in/kimoppalfens

Application Virtualization Dashboard – Now in Beta Release!

The Application Virtualization (App-V) Dashboard helps customers monitor virtualized software applications with a graphical display that makes it easy to stay on top of application usage, health, and compliance. Using the Dashboard’s built-in charts, gauges, and tables, customers can track any APP-V dataset in near-real time.  

The Dashboard is now in beta release. Want to give your customers an advance look at the Dashboard, and a chance to provide feedback so it best meets their needs? Invite them to join the beta program! 

The Application Virtualization (App-V) Dashboard in a few words :

• Actionable information out of the box. The Dashboard comes with a wide range of valuable built-in reports, such as Top 5 Applications Used, Top 5 Users, Applications Never Used, Application Usage for a Specific User, System Utilization, and many more.
• Near-real-time access to key information. The graphical Dashboard lets customers view any App-V dataset in near-real time.
• Easy to build and configure. The Dashboard’s wizard-based tools let customers easily create new dashboards in minutes.
• Easy to customize. The Dashboard can easily be customized to meet the needs of different departments and other groups. Any data set in the Microsoft Application Virtualization database can be presented on the Dashboard in chart, gauge, and table formats. 
• Flexible & interactive. Users can easily filter data and create ad hoc custom views. Filters allow users to quickly drill down from a high-level perspective to more specific data.

Hope it Helps ,

Kenny Buntinx

Preparing for the MVP summit 2010

Hi All,

Just getting myself ready for the MVP summit in Seattle next week, as our other 2 SCUG MVP’s ( Kim Oppalfens & Alexandre Verkinderen ) .

For me it is going to be an exciting event for me , as it is my first MVP summit I’ll be attending since my nomination in July 2009.

For those of you that don't know what the MVP summit is, It is a week full of working, talking and discussing together with our MVP pears , but also with the (In my case) SCCM product group.

I’m really looking forward to meet with members of the Microsoft product groups and directly learn from those people who are responsible for the individual product features and I see this as a real honor.

So if the blogging level is a bit low on SCUG.be next week , you will know why this is ….

Hope it Helps ,

Kenny Buntinx

HP ProLiant Hardware Inventory Tool for Configuration Manager 2007 (howto)

Yesterday , I ran into a customer who wanted me to extend there Hardware inventory with there Compaq and HP Server equipment such as ILO Serial number , physical Memory slots  , etc. Instead of making me sweating , I found the HP ProLiant Hardware Inventory Tool for Configuration Manager 2007 on the HP website : http://www.hp.com/support

The HP ProLiant Hardware Inventory Tool for Configuration Manager 2007 uses the HP Insight Management Agents to obtain HP-specific hardware information from System Center Configuration Manager 2007 client servers and adds this information to the database of the site server. The inventory tool runs on each specified client, creating a series of intermediate .MIF text files, which contains the information about specific client servers. The Configuration Manager Hardware Inventory Agent processes these files and sends them to the site server to update the appropriate database.

1. Go to the downloaded files and run the “HPProLiantHwInvToolForConfigMgr01_0.exe”

This will implement certain default collections , packages and advertisments. You could modify those or start from scratch like I did .

2. Do not forget to activate your HW inventory and to select : “Collect _NOIDMIF Files” .

The Inventory Tool generates the .MIF files on each node. The .MIF files are not automatically populated to the site server database.To ensure that the .MIF files are collected, you must enable the NOIDMIF files option in the Hardware Inventory Client Agent Properties as shown in the picture below :

3. Create your package or modify the default created one . Look at the default created program and modify according the screenshots below :

On the General Tab :

On the Environment Tab : “When ether or not a user is logged in”

On the Advanced Tab : “Suppress program notifications”

4. Create your collection where you going to target your program to.

Create a dynamic membership based on the following criteria :

Computer System Model lowercase is like %proliant%

5. Create your advertisment and on the shedule tab , rerun on weekly basis on your previous created target collection .

The inventory tool obtains the information and then displays it in the Configuration Manager Resource Explorer for the client server. In the example below you will see that there are field added , such like HP …

In this example , the HP Prolaint Software and Firmware :

In this example , the HP smart array Physical Drive :

Hope it Helps ,

Kenny Buntinx

App-V : Sequencing the SCCM 2007 Console ( howto )

More and more customers are demanding a swift and easy install of the SCCM console , especially when it comes to upgrade your consoles when a new service pack comes along.

As my customers also have App-V in the house , witch is part of MDOP 2009 by the way , I was also interested to make the console virtualised.

After a few rounds of trying , I did not succeed in creating a virtualized SCCM console as an App-V package

Therefore , I want to explain to you all how to do it . But I couldn’t have done it without the help of Richard Ruiz from MSFT and a blog post on the technet forums.

Prerequisites : To make it yourself easy , please prepare a blank machine ( base XP SP3 with latest software updates ) into a virtualized world where you can use snapshots and revert to the original state as much as you want . I will save you an enormous amount of time.

Procedure :

1. Install all prerequisites (e.g. MMC 3.0, etc.) and your SCCM 2007 SP2 Console natively on your clean WinXP SP3 workstation, to the exact location you will be sequencing to. In this example we used D:\SCCMSP2 (stick to the 8.3 format)
2. Export the following keys and save them to a central location:

• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{6de537a5-7a1c-4fa4-ac3a-1b6fc1036560}]
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{a77b774c-ce32-4ab0-982a-6bb3c078e5c1}]
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ConfigMgr\AdminUI\QueryProcessors\WQL]

3. Turn Off your virtualized machine and delete all changes made (VHD) or if you use a physical machine , reimage your sequencer to a clean state. 
4. Install your App-V Sequencer and create your folder D:\SCCMSP2 (used in our example)
5. Install all your prerequisites for your SCCM 2007 SP2 Console (e.g. MMC 3.0, etc.) natively 
6. Start your sequencer and when you reach the “begin monitoring” and the sequencer flips to the background , start installing your SCCM 2007 SP2 Console in the previous defined path (in this case D:\SCCMSP2).

7. You could if you want install additions such as the famous “SCCM Right click tools” from Rick Houchins at http://myitforum.com/cs2/blogs/rhouchins/archive/2008/04/09/sccm-right-click-tools.aspx

8. If you have R2 , install R2 to the same folder , ae D:\SCCMSP2

9. After your installation is complete  and before you stop monitoring, import the 3 previously exported registry keys. 
10. Launch the Console and test functionality, then complete the installation.If you have installed the right click tools , you also need to test all functionallity ! 
11. During the Application Wizard, ensure the shortcut exe path is set to the Q: or adapt the VFS path as necessary and launch the MMC to test functionality at this phase.
12. Finish the sequence and save it. 
13. Modify the OSD to include the following dependency:

-----------------------code snippet------------------------------------------
<DEPENDENCY>
<SCRIPT TIMING="POST" EVENT="STREAM" PROTECT="TRUE" WAIT="TRUE" TIMEOUT="0">
<SCRIPTBODY LANGUAGE="Batch">
echo off \n
copy /y %SFT_MNT%\<Replace with Asset Dir>\VFS\CSIDL_WINDOWS\WinSxS\Manifests %windir%\WinSxS\Manifests \n
xcopy /S /y %SFT_MNT%\<Replace with Asset Dir>\VFS\CSIDL_WINDOWS\WinSxS\Policies %windir%\WinSxS\Policies \n
</SCRIPTBODY>
</SCRIPT>
</DEPENDENCY>

-----------------------code snippet------------------------------------------

14. Publish your APP-V sequenced SCCM console  and test the functionality on your App-V Client.

Hope it Helps ,

Kenny Buntinx

SCCM Hotfix available: KB977203 - User state migration fails on a SCCM 2007 SP1 or SP2 client after you install security update 974571

The actually workaround before this hotfix came out, was is to uninstall the 974571 hotfix on computers before running USMT task sequence. This workaround works fine but was not sufficient for many customers (The opposite would have been funny ).

Consider the following scenario:

• You install the System Center Configuration Manager 2007 Service Pack 1 (SP1) client or the System Center Configuration Manager 2007 Service Pack 2 (SP2) client.
• You install security update 974571 on this computer.
• A SCCM task sequence runs on this client. This task sequence includes the Capture User State task sequence step and the Restore User State task sequence step.

Failed to import the client certificate store (0x80092024) OSDSMPClient

For all the details including a download link to the hotfix see the following new Knowledge Base article:

KB977203 - User state migration fails on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client after you install security update 974571

Hope it Helps ,

Kenny Buntinx

SCCM : Deploying Windows 7 on a VMware ESX environment ( howto )

Hi ,

Did you ever wanted to build a reference image of your physical workstations onto your VMware ESX environment ( yes , some customers have a firm grip on vmware …) so that people could play around ?

In my previous post , I explained already on how to perform this for Vmware workstation and the process isn’t that much different. see

http://scug.be/blogs/sccm/archive/2009/04/20/sccm2007-osd-customising-your-task-sequence-for-building-a-client-os-on-your-vmware-workstation-6-0-or-later.aspx

Well , I have a lot of customers demanding for this scenario as well and here is how you get started :

Prerequisite: Make sure that you have at least ESX 3.5 update 5 !

Step 1 : Download the drivers of the “Intel PRO Network adapter” from the Intel site ( www.intel.com)

Step 2 : Copy the drivers to a folder from the extracted VMware tools on your SCCM Primary server & import those drivers into the driver database . Make sure to assign a category to it .It could be perfectly VMware like in the example below.

Step 3 : When done , alter your Windows 7 deployment task sequence and add a “auto apply driver step”

Step 4 : Limit the driver scope to the Vmware category earlier defined as shown below.When done , click OK.

Step 5 : Make sure that your settings in your VMware are representing the following settings.

For Windows 7 32 bit :

For Windows 7 64 bit :

Step 6 : Once done , you boot your machine in PXE and start staging . That's it . However do not forget to add your VMWARE Tools into your tasksequence .

Hope it Helps ,

Kenny Buntinx

SCCM : Windows 7 deployments & unattended.xml

How can I customize my Windows 7 deployment , such as the regional settings, Firewall , internet explorer , keyboard settings? Even if you are using SCCM & task sequences you still want to customize your windows 7 image thru a unattend.xml file .

As I had trouble to find some examples to start with , I will post mine for Windows 7 x86 and x64 .

Now you can add or customise many more changes to your Unattend.xml file and use them to apply changes to Windows 7 during your task sequence installation. Of course SCCM will modify the Unattend.xml file to add the values you have specified during the task sequence such as your product key , user & company name , local admin pasword , etc .

Here you will see my custom Unattend.xml file for x86 :

-*-*-*-*-*-*-CODE SNIPPET-*-*-*-*-*-*-

<?xml version="1.0" encoding="utf-8"?>
<!--
    Unattended installation file for Windows 7 x86. Place in the root directory of a USB drive.
    Important! Before using, change the Product Key and Administrator's password.
    Make sure the partition number and physical disk number are correct for your system.
-->
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="specialize">
        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <EnableLUA>false</EnableLUA>
           </component>
           <component name="Networking-MPSSVC-Svc" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall>
            <PrivateProfile_EnableFirewall>false</PrivateProfile_EnableFirewall>
            <PublicProfile_EnableFirewall>false</PublicProfile_EnableFirewall>
           </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OEMInformation>
                <HelpCustomized>false</HelpCustomized>
            </OEMInformation>
            <RegisteredOwner></RegisteredOwner>
        </component>
        <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <fDenyTSConnections>false</fDenyTSConnections>
        </component>
        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DisableAccelerators>true</DisableAccelerators>
            <DisableOOBAccelerators>true</DisableOOBAccelerators>
            <SuggestedSitesEnabled>false</SuggestedSitesEnabled>
            <Home_Page>about:home</Home_Page>
            <QuickLinkList>
                <QuickLinkItem wcm:action="add">
                    <QuickLinkName>Bing</QuickLinkName>
                    <QuickLinkUrl>http://www.bing.com</QuickLinkUrl>
                    <QLID>1</QLID>
                </QuickLinkItem>
                </QuickLinkList>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>2</ProtectYourPC>
                <HideEULAPage>true</HideEULAPage>
                <SkipMachineOOBE>true</SkipMachineOOBE>
                   <SkipUserOOBE>true</SkipUserOOBE>
            </OOBE>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>%OSDInputLocale%</InputLocale>
            <SystemLocale>%OSDSystemLocale%</SystemLocale>
            <UILanguage>%OSDUILanguage%</UILanguage>
            <UserLocale>%OSDUserLocale%</UserLocale>
    </component>
    </settings>
</unattend>

-*-*-*-*-*-*-CODE SNIPPET-*-*-*-*-*-*-

Here you will see my custom Unattend.xml file for x64 :

-*-*-*-*-*-*-CODE SNIPPET-*-*-*-*-*-*-

<?xml version="1.0" encoding="utf-8"?>
<!--
    Unattended installation file for Windows 7 x64. Place in the root directory of a USB drive.
    Important! Before using, change the Product Key and Administrator's password.
    Make sure the partition number and physical disk number are correct for your system.
-->
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="specialize">
        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <EnableLUA>false</EnableLUA>
           </component>
           <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall>
            <PrivateProfile_EnableFirewall>false</PrivateProfile_EnableFirewall>
            <PublicProfile_EnableFirewall>false</PublicProfile_EnableFirewall>
           </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OEMInformation>
                <HelpCustomized>false</HelpCustomized>
            </OEMInformation>
            <RegisteredOwner></RegisteredOwner>
        </component>
        <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <fDenyTSConnections>false</fDenyTSConnections>
        </component>
        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DisableAccelerators>true</DisableAccelerators>
            <DisableOOBAccelerators>true</DisableOOBAccelerators>
            <SuggestedSitesEnabled>false</SuggestedSitesEnabled>
            <Home_Page>about:home</Home_Page>
            <QuickLinkList>
                <QuickLinkItem wcm:action="add">
                    <QuickLinkName>Bing</QuickLinkName>
                    <QuickLinkUrl>http://www.bing.com</QuickLinkUrl>
                    <QLID>1</QLID>
                </QuickLinkItem>
                </QuickLinkList>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>2</ProtectYourPC>
                <HideEULAPage>true</HideEULAPage>
                <SkipMachineOOBE>true</SkipMachineOOBE>
                   <SkipUserOOBE>true</SkipUserOOBE>
            </OOBE>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>%OSDInputLocale%</InputLocale>
            <SystemLocale>%OSDSystemLocale%</SystemLocale>
            <UILanguage>%OSDUILanguage%</UILanguage>
            <UserLocale>%OSDUserLocale%</UserLocale>
    </component>
    </settings>
</unattend>

-*-*-*-*-*-*-CODE SNIPPET-*-*-*-*-*-*-

You can add your unattended.xml files now into a package and use them in your SCCM task sequence as shown below .

In order to use the unattended.xml that where containing the variables for the regional , keyboard , etc settings as shown below we need to assign some variables to our collection first.

On your collection , you add collection variables as shown in the picture below. This gives you the flexibility to create multiple collections with different keyboard layouts , if you for example are a international company.

Hope it Helps ,

Kenny Buntinx

Application Compatibility Toolkit Connector Update for Windows 7 deployments

To help you accelerate their testing and deployment of applications on Windows 7 , Microsoft has the Application Compatibility Toolkit Connector (ACT Connector) that assists administrators with collecting the necessary computer and application compatibility information to help plan for a Windows deployment.

The ACT Connector provides the following functionality within the Admin console:

• Inventories installed software applications and creates reports that will assist with determining which applications are Windows compatible.
• Retrieves device driver compatibility for installed devices and creates reports that will assist with determining which device drivers will need to be upgraded to support the Windows operating system.

Read the complete blog post from the product team on http://blogs.technet.com/systemcenter/archive/2010/01/29/application-compatibility-toolkit-connector-update.aspx

Hope it helps ,

Kenny Buntinx

SCCM OSD : HP Quicklaunch application installation integrated in a task sequence

My issue today was again a fight to integrate the HP Quick Launch Drivers into my OSD task sequence.

I am installing it as part of  my Windows XP SP3 build ( I know it should be Windows 7 , but at my customer I have to provide still support :-) , and have added the full install for 6.40 into the task sequence. The application fails every time. I am simply using setup –s as stated into the documentation !

I have tried extracting the keyboard filter and button drivers from the installation on a good machine, and added these to the driver repository with a driver package. But they do not install, and the logs just show that the install failed.

After some research , I have read that there were issues with the keyboard filter drivers in earlier versions of the Quick Launch tool where it failed , but it was fixed in release 6.30.

After a lot of searching , here is the real deal :

You should use the following command : SETUP.EXE -s /f2c:\setup.log ( the setup needs to be able to write to a log file on the C:\ drive when you try to install it .

Hope it Helps ,

Kenny Buntinx

Windows Embedded Standard 2009 support statement for SCCM 2007 updated

Hi All,

If any of you happen to be playing around with WES 2009 and System Center Configuration Manager 2007, you might want to have a look at the new blogpost at the ConfigMgr’s product team blog:

http://blogs.technet.com/configmgrteam/archive/2010/01/25/things-you-need-to-know-when-using-windows-embedded-standard-2009.aspx

The updated support statement is mentioned there, as are the 2 most important things impacted by this new statement:

• Write filters are now supported
• Sysprepped operating systems are now supported, which in turn means that OS deployment for WES 2009 is supported (not for any of the other supported embedded os’s).

The article does mention some requirements for all of the above to work though.

Some registry keys need to be excluded from the write filter, and some additional components are needed for OSD and some other SCCM features.

More details in the post mentioned above.

--

Enjoy.

"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx

http://www.linkedin.com/in/kimoppalfens

Packaging tools to Create MSI’s

Hi All,

Since my sccmautodoc program is getting close to completion I set out to try and see whether I could create an install for it.

Most of the bug reports I received back was from people that didn’t have all the requirements installed. SccmAutoDoc needs the .net framework 3.5, word 2007,and the .Net program interop assemblies for word 2007.

I started of by trying to do this in Visual studio as it contains a setup builder, yet for this poor little techy, having it detect all these dependencies was a bit challenging. Using some blogpost I figured out how to have it test for the .net framework 3.5 and the office 2007 pia’s, but testing for word 2007 was beyond me.

As a result I started my search for a packaging tool, and started of by looking at the 2 market leaders flexera and wise, to quickly find out that even their most basic editions are relatively expensive. Flexera offers a free ConfigMgr edition, but that version installs all tools from the enterprise edition with most of them disabled and giving you a nagging windows box when you try to use them.

Subsequently from this post at windowsnetworking.com I found two other contenders, namely, Advanced Installer and Scriptlogic MSI studio. I went to both their websites, and both seemed to offer what I wanted. I eventually went and downloaded advanced installer, as it was hassle free to download and evaluation version of even their enterprise edition. Just click the link and download, no registration required, simple hassle-free, no risk of having a representative contact me to see whether I liked it 2 hours after I downloaded. In short, evaluation software just like the good old days.

Download & install were a breeze, now I needed to make my hands dirty and hammer out my install program. And in contrast to what I expected, my most challenging task in Visual studio (checking whether word 2007 is installed) was as simple as enabling a checkbox in advanced installer. And having the .net framework tested and potentially downloaded when needed didn’t take me more than 5 minutes neither. Integrating the .Net Program interop assemblies took a bit longer, as the download from the internet wouldn’t work. The office 2007 pia download appears to be a self-extracting exe that downloads an msi, that needs to be manually launched after that. On the advanced installer forums I found a post that suggested integrating the msi into your installer, and with that knowledge, it again only took me a couple of minutes to finish off my installer.

I am pretty happy with the result, it detects everything you need at install time, and even installs most components for you if you need them (word 2007 excluded obviously).

So if you are looking for an inexpensive packaging solution because you only require a packaging program every so often, have a look at advanced installer, it certainly did what I needed it to do in a pretty intuitive way.

Alternatively have a look at scriptlogic MSI Studio, I haven’t actually used it, as advanced installer was easier to get my hands on, but I have heard good things about it too.

--

Enjoy.

"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx

http://www.linkedin.com/in/kimoppalfens

SCCM SP2 Hotfix KB978021 :The Distribution Manager that is in System Center Configuration Manager 2007 SP2 does not honor the "Number of retries" and "Delay before retrying (minutes)" retry settings

The distribution manager (distmgr, the component that is there for distributing the packages to a distribution point) seems not working as we would expect with SP2.

Consider the following scenario:

• The distribution point role is installed on a Microsoft System Center Configuration Manager 2007 Service Pack 2 (SP2) site server.
• You customize the retry settings on the Distribution Point tab for the distribution point. Or, you use the default value for the retry settings.
• A retry is required after a package distribution fails.

You could find the hotfix and KB article on : http://support.microsoft.com/kb/978021/.

Hope it Helps ,

Kenny Buntinx

App-V : Updated OS VALUE XML Tag References and Supported Client Versions

I was trying to test applications that were sequenced for windows XP on Windows 7 . The problem was that I needed to update the OS VALUE XML in the config file .

I came across an article from Steve Thomas , Senior Support Escalation Engineer at Microsoft with a great list of OS VALUE XML tags linked to the operating systems witch I have used below. You can see the full post at : http://blogs.technet.com/softgrid/archive/2009/10/29/updated-os-value-xml-tag-reference-and-supported-client-versions.aspx

The following table lists the supported OS VALUE element options and the minimum supported client versions for Microsoft SoftGrid and Microsoft Application Virtualization.  This element defines the required operating system. If there are more than one OS element in a particular IMPLEMENTATION tag, it is implied that the software package works with each. If none are present then it is assumed to run on all operating systems:

Hope it helps ,

Kenny Buntinx

SCCM Vnext : TAP Nominations are open !

Finally , the bullet is thru the church… TAP nominations to the SCCM Vnext are open and a lot of people expect great features and improvement made to the product .

Certainly now SCCM Vnext is going to focus more on the “User , device  & connection centric” part .

For myself as MVP this is going to be a very exiting year : learning new technology and helping the product team out with testing the beta products.

To find out more check out the following post on Nexus SC: The System Center Team Blog:

http://blogs.technet.com/systemcenter/archive/2010/01/08/the-next-wave-of-client-management-begins-now.aspx

Link to Nomination Survey is here.
More information about the Microsoft TAP program can be found here.
System Center product information can be found here.

For myself as MVP this is going to be a very exiting year : learning new technology and helping the product team out with testing the beta products.

Hope it Helps ,

Kenny Buntinx

Techdays 2010 Here we (The Scug team) come

Hi All,

Just received confirmation that I will have a speaker slot again, for the 4th year in a row at the Belgian Techdays.

So me, and the rest of the Belgian SCUG team will be present to talk to you about System center configuration manager, system center operations manager and even system center service manager by then, as Kurt Vanhoecke our local service manager expert that even got referenced at the service manager product team blog, will most likely be there as well.

My session will be a pretty non-typical SCCM session this year. From my personal experiences, i.o.w. by authoring SccmAutoDoc, I believe I learned a few extra things on ConfigMgr and WMI. Even in the past I have considered knowledge of WMI an incredible asset for any SMS/SCCM admin, but deepdiving into it for SccmAutoDoc has only enhanced that belief.

So without further ado, here comes the session abstract:

Since its first debut System Center Configuration manager and its predecessors have been relying heavily on the Windows Management Instrumentation (WMI) architecture. WMI is omni-present is System Center Configuration Manager, from queries over dynamic collections, through hardware inventory and storing client and Management Point settings and policies, under the hood you will find WMI just about anywhere. Given this omni-presence it should come as no surprise that the stability of WMI at your Site Systems and clients is crucial to a stable System Center Configuration Manager implementation. Knowing WMI, by consequence, is a great asset to any System Center Configuration Administrator. In this session you will learn the ins-and-outs of the WMI architecture in general and how it applies to System Center Configuration Manager. You’ll learn about the available namespaces and classes and the extended WMI Query language (WQL) that is specific to System Center Configuration Manager. This session will cover the tools available to have a peak at WMI yourself as well as to the WMI-related tool called policy spy that comes with the System Center Configuration Manager toolkit. By the end of this session you’ll know what the WMI architecture looks like, how System Center Configuration Manager uses it, and how you can use that knowledge to your advantage, be it to be able to better troubleshoot System Center Configuration Manager issues, better understand the product, or to automate tasks through scripting or programming. In the end this session will make you a better System Center Configuration Manager administrator.

I sincerely hope to see you all there, and before I forget, best wishes to everyone reading this.

Kim Oppalfens

System Center Configuration Manager MVP

SCCM : How to create a collection to list Windows Embedded Devices

Hi ,

For a customer , I had the requirement for creating a collection that was filled with Windows Embedded Devices using the WMI property as selection criterion.

This can be done by creating a new collection and create a dynamic membership rule that is a targeting the single criterion of the “OSProductSuite” property.

If the value detected is 64, these systems are running XPe, Windows Embedded Standard or Embedded NT.

Other possible values for OSProductSuite are shown in the table below:

1 - Small Business Server

2 - Enterprise Server

4 - Back Office Server

8 - Communication Server

16 - Terminal Server

32 - Small Business Server (restricted)

64 - Embedded NT

128 - Data Center

With the help of this collection an administrator is able to see all Windows Embedded devices or any other group of devices connected to his company’s network.

The information above is coming from Alexander Wechsler (www.wechsler-consulting.de) and his blog. I thought this could be interesting to other SCCM guys as well and therefore I would like to thank Alexander for this information.

Hope it Helps ,

Kenny Buntinx

How to find Windows Embedded devices in SCCM.

I am implementing at one of my customers a situation where 3000 Windows embedded devices will be installed. In this environments I want to be sure that any Windows Embedded devices connected to the network gets discovered as an embedded system. SCCM needs to be configured to include an additional WMI property’s to distinguish Windows XP systems from Windows Embedded operating systems.

To do this , you need to open up the “SMS_def.mof” file on the SCCM Primary site server. It is located in the \inboxes\clifiles.src\hinv folder.

In the SMS_Def.mof file search for the string ”OSProductSuite” and change the related SMS Report setting from “False” to “Thru” :

[SMS_Report (False) ]

uint32 OSProductSuite;

[SMS_Report (TRUE) ]

uint32 OSProductSuite;

Save your change and close the file. The SMS_EXECUTIVE service needs to be re-started to apply the change.After the service restart, the SCCM clients will report about the “OSProductSuite” WMI property . After this action you could build your own collections to list or collect all windows embedded devices .

Hope it Helps ,

Kenny Buntinx

SCCM : Upgrading secondary sites to SP2 via Software Distribution on Windows 2008 could generate some issues

Scenario : Your Primary site server has been upgrade from SCCM 2007 SP1 R2 towards SCCM 2007 SP2.You want to upgrade all your secondary site server with are running on Windows Server 2008 to Service pack 2 on an automated way with Software distribution. The Secondary site server have the Proxy MP , State migration point and PXE service point role installed.

You will create a package with the source files and create a program that runs unattended with the following parameters: setup.exe /upgrade <path to SP2 prereqs>

Issue :

After the Client receives the advertisement , the secondary site will search for a distribution point . He will find it locally (same server) and will start the BITS transfer.

At that point in time , he will give a HTTP 404.8 error.He will also give you the same error when browsing manually in IE to the URL where the source files are stored.When looking this error 404.8 up , you will see that it will say :”hidden namespace of hidden segment error”.Into the request filtering module from IIS 7 , there are some directories excluded by default where no files could be transfered from. One of those excluded folders is the “bin” folder.

Within the source of SCCM Service Pack 2 , there are folders with the name “bin” , with will lead that the tranfer of the source files will be blocked.Only after removal of the exclude on the “bin”folder within IIS7 request filtering module, the files and folders with the name “bin” are available.

Solution :

Only after removal of the exclude on the “bin”folder within IIS7 request filtering module, the files and folders with the name “bin” are available for download.

The configuration file where the excludes are written down %windir%\system32\inetsrv\config\applicationhost.config (Also to be modified with appcmd).
The log files to be checked : DataTransferServices.log of the SCCM client, and the u_exdate.log in c:\inetpub\logs\logfiles\w3svc1 folder.
An example of the folder that was blocked : /smssetup/adminui/bin/">/smssetup/adminui/bin/">/smssetup/adminui/bin/">http://server/sms_dp_smspkgd$/<packageID>/smssetup/adminui/bin/

************* Update **************

Microsoft has foreseen a nice section to specifically address our concern, as they document how to configure Windows Server 2008 (and above) for site systems here:

http://technet.microsoft.com/en-us/library/cc431377.aspx

While they don’t explicitly call out this specific scenario (They can’t possibly anticipate everything), this general “problem” is covered by the following text…

To modify the requestFiltering section on BITS-enabled distribution point computers

If package source files distributed to BITS-enabled distribution points contain file extensions that are blocked by default in IIS 7.0, the requestFiltering section of the applicationHost.config file must be modified to allow required extensions.

Important

Enabling WebDAV and modifying the requestFiltering section of the applicationHost.config file for the Web site increases the attack surface of the computer. Enable WebDAV only when required for management points and BITS-enabled distribution points. If you enable WebDAV on the default Web site, it is enabled for all applications using the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. For more information, see Best Practices for Securing Site Systems.

************* Update **************

Thanks to my colleague Merlijn for helping me figuring this out.

Hope it helps ,

Kenny Buntinx

Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2 Part 2

In my previous post I have talked about  the summary of Prerequisites required for OOB Management in SCCM at http://scug.be/blogs/sccm/archive/2009/11/27/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-1.aspx .

Now we will talk about the 3rd Party Remote Configuration Certificate that is needed on each OOB Service Point to Provision Intel vPro technology based systems (e.g. VeriSign, GoDaddy, Comodo, and Starfield).

Optionally you can generate your own certificate Provisioning Certificate from your Enterprise CA but that will require you to enter the certificate hash on each machine that you have in you’re environment. We do not want this , so we will selected in our case our third party vendor , nl Godaddy.com

You normally only need one OOB Service point in your organisation per forest , unless you go for a multidomain certificate. Those are way more expensive than a single domain certificate.

To acquire a certificate from Godaddy.com you will need to perform the following steps :

1. You must purchase ‘Deluxe SSL’ or ‘Premium SSL’ from GoDaddy. ‘Standard SSL’ will not work !
2. Key items that are detailed in the steps below that were required to get my certificate:

○ Certificate type must be a Deluxe Assurance SSL certificate

○ Certificate request is for an Organization

○ OU = Intel(R) Client Setup Certificate

○ CN = ServerName.domain.com (this must be the FQDN of the Provisioning Server for Remote Configuration generating the CSR)

○ Organization = The legal name of your organization that can approve your certificate request

○ Required Documentation to be submitted (Your Passport, Bank Statement, and Approval Letter on Company Letterhead)

3. To generate the CSR you need to perdorm the following steps :

• In Windows 2008 with IIS 7 :
• Go to Internet Information Manager as shown below and select “Server Certificates”

• In the “Server Certificates”window  , select “Create certificate request”

• In the “Request Certificate”window  , Fill in all the necessary fields

• Select a minimum of 2046 bits encryption

• Save the request to a file you specify . You will need this file when your perform your request by the third party  certificate provider.

• When finished , it should look like this :

How to purchase a godaddy intel Vpro certificate is explained here : http://communities.intel.com/community/openportit/vproexpert/blog/2008/03/03/steps-to-purchase-a-godaddy-certificate-for-the-purpose-of-vpro-remote-configuration

In part 3 we will explain how to import the Vpro certificate and to export the certificate again for the use of the OOB role in system Center config manager.

Hope it Helps ,

Kenny Buntinx

Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2 Part 1

Today I finally finalized my Intel VPro configuration on a SCCM 2007 SP2 box.In this blog post I try to explain all the details on how to provision clients with Vpro and what infrastructure steps are needed to make it work.

My fellow MVP Kim Oppalfens has already presented a great session on this topic at one of our SCUG events …You could find his session online here : http://www.microsoft.com/belux/technet/nl/chopsticks/default.aspx?id=998

Assumptions :

1. Everything has been executed on a SCCM 2007 Primary site server with Service Pack 2 installed on a Windows 2003 x86 SP2 box.
2. We will work with one of the five trusted certificate vendors.
3. You have a Intel Vpro capable machine

First the important stuff  : Summary of Prerequisites required for OOB Management !

The list below describes the necessary client, server, and infrastructure elements required in order to
manage your Intel vPro technology based systems Out-of-Band using Microsoft Configuration Manager
2007.

You will need :

• An Enterprise Certificate Authority to issue Web Server certificates to each Intel vPro technology based system for encrypted communications with ConfigMgr 2007 SP1 Management Console (Standalone CA is insufficient).
• Active Directory OU to store Intel AMT objects for each Intel vPro technology based system that will be managed by OOB.
• ConfigMgr 2007 SP2 Out of Band Service point installed and configured to support Intel vPro technology based systems.
• OOB Service Point installed on Windows 2003 Server requires Windows 2003 SP2 with hotfix 942841.
• Windows Remote Management (WinRM) installed on each ConfigMgr 2007 server that the OOB Service Point installed with hotfix: http://support.microsoft.com/kb/KB936059
• 3rd Party Remote Configuration Certificate on each OOB Service Point to Provision Intel vPro technology based systems (e.g. VeriSign, GoDaddy, Comodo, and Starfield) – Optionally you can generate your own certificate Provisioning Certificate from your Enterprise CA but that will require you to enter the certificate hash on each machine that you have in you’re environment. We do not want this , so we will use a third party vendor from Godaddy.com

• Enable OOB network discovery of Intel vPro technology based systems
• Intel vPro technology and firmware of 3.2.1 or higher are required for native support from ConfigMgr 2007 SP2
• Intel HECI Driver installed on the OS (see OEM for latest driver)
• Configuration Manager Client agent installed on each Intel vPro system to initiate the provisioning process (there are alternative methods available in the help file but this is the most effective and easiest method)
• Intel vPro technology based systems joined to the same domain as the OOB Service point provisioning and managing these devices
• Open Intel vPro technology related network ports on routers and firewalls: 9971 – Provisioning Port; and 16992 through 16995 - OOB Management Ports

Lets keep the rest for Part 2 …

Hope it Helps ,

Kenny Buntinx

SCCM : ESX VMWare Vsphere 4 Tools Silent Install/Upgrade in an Windows 2008 R2 OSD Task Sequence ANSWER !

We struggled with this for a long time, but we finally found a way to make it work. We could deploy the tools manually with no issue, but trying to automate it was a complete nightmare.

Basically, the problem turned out to be that trying to use setup.exe from VMware to do an automated Install is effectively impossible.

The supported solution from Wmware  that we initially found was to use setup.exe. The command was: setup.exe /s /v"/qn"

The only caveat to be aware of is that if you're scripting the process in a task sequence for example , that the command will execute, spawn the install/upgrade process, and then immediately terminate. Hence, your task sequence or whatever will think that the command has finished even though the upgrade has just started to run in the background. We normally suppress all reboots in our packages and then decide when to boot via the Task sequence, but in this case that was not possible. Even with the reboot=Suppress option to the install the VMware tools would finish executing with instantly rebooting and failing your Task Sequence.

When we're installing the tools, we use msiexec because it doesn't have the "terminates instantly" problem that you get with setup.exe and is therefore easier to deal with in your task sequence.

That command is : msiexec.exe /i VMwareToolsx64.msi /QN ADDLOCAL=ALL REBOOT=ReallySuppress ( make sure to rename your msi file and remove the space in between !)

Using that method, we successfully Installed the VMware tools in out  Windows 2008 R2 x64 task sequence .

Hope it helps

Kenny Buntinx.

SCCM : Microsoft Updates suddenly stops at 50% of downloading.

Hi.

Last week at a customer of us had problem to get some patches been delivered to the end users computer. This months updates worked fine too, no problem distributing them as usual with CM , BUT,  we have now gotten several cases where all the updates except one has been downloaded to the client.

The last update will not pass 50% of downloading no matter how long we wait.

So, what we see in the Software Updates Installation progress window is now several updates with status "Preparing for installation" and one with status "Downloading 50%".

I have of course done some checking to solve the problem like checking logs, connectivity, errorreports etc .. ..
Usually when there is some kind of errors i find the answers in the logs but this time they are clean as far as i can see.

The strange thing was that all updates except one were downloaded smoothly as always and that on approx 3000 clients. The update that won´t be downloaded is Kb968389.

SOLUTION : Well the answer to this issue is to download the latest Windows Update Agent 7.4.2600.xx and get this installed on all clients .

Hope it helps ,

Kenny Buntinx