This is your personal invitation to one of the two major technical
conferences we will be holding on June 7th 2012: The Best of
Microsoft Management Summit and Experience Windows Server 2012.
During The Best of Microsoft Management Summit (MMS 2012), we
will provide you with the best possible opportunity to learn
about what's new in System Center 2012. Led by experts who
attended MMS 2012 in Las Vegas, you can expect in-depth sessions
on infrastructure management, service delivery & automation,
application management, desktop & device management.
Discover the full program http://www.microsoft.com/belux/nl/enterprise/experiencedays/demo-mms.html
At Experience Windows Server 2012 day you will discover how
Windows Server is going beyond virtualization by scaling and
securing workload, how it will enable the modern work style by
giving people access to information and data regardless of the
infrastructure, network, device or application they use to
access it.
And you will discover the power of many servers with the
simplicity of one by efficiently managing infrastructure while
maximizing uptime and minimizing failures and downtime.
Join us and learn more about:
- New Hyper-V Virtualization Platform
- What's new in Active Directory
- Storage and Management Improvements
- Clustering Improvements
- Plus much more...
Discover the full program
http://www.microsoft.com/belux/nl/enterprise/experiencedays/demo-windows-server.html
Places are limited, so register now for:
- The Best of Microsoft Management Summit
http://www.microsoft.com/belux/nl/enterprise/experiencedays/demo-mms.html
- Experience Windows Server 2012
http://www.microsoft.com/belux/nl/enterprise/experiencedays/demo-windows-server.html
Add to your Outlook calendar:
- The Best of Microsoft Management Summit
http://www.microsoft.com/belux/nl/enterprise/experiencedays/agenda-mms.ics
- Experience Windows Server 2012
http://www.microsoft.com/belux/nl/enterprise/experiencedays/agenda-experience-windows-server.ics
These events are part of the Microsoft Experience Days
that take place on 6 and 7 June 2012.
Hope it Helps ,
Kenny Buntinx
Awesome! I’ve been selected to participate in Tech·Ed Europe 2012 as a Microsoft Product Expert in the Technical Learning Center (TLC).
This is is my 1th TechEd where I get the chance to staff as a Microsoft Product Expert (Ask the Experts) in the System Center 2012 Configuration Manager – System Center Endpoint Protection booth together with other MVP’s like Ronni Pedersen.
I’m really exited to get the chance to talk to customers and partners, and show them all the great features in System Center 2012 Configuration Manager / System Center Endpoint Protection.
So if you get the time, please drop by and talk to us.
See you in Amsterdam!
Hope it Helps,
Kenny Buntinx
Hi there ,
You have implemented SCEP in Configmgr 2012 and you have enabled a Automatic Deployment Rule for you SCEP updates. You see them failing and you don’t know why ?
Go and do a deep dive in the log file called “Ruleengine.log” located in the “logs” Folder.In this log file you will see all information about why a Automatic Deployment Rule fails.
In my case I have noticed that I got a “ Failed to download the update from the internet. Error = 5” as shown below
“Error Code = 5” normally means “Access Denied” and I was right … My permissions on my “SU$” share where not appropriate . After setting the right permissions on the share , my problem was solved .
Hope it Helps ,
Kenny Buntinx
Hello All,
Got back from MMS 2012 and finally rested enough to get going again, but man what a great event this was once more. I am especially pleased with how well the different SCUG members at the convention did either with sessions or with the level of networking.
First of all, we had 2 people from SCUG Belgium presenting, Kim and Mike all had sessions to deliver.
Mike presented a breakout session on Data Protection Manager together with Orin Thomas, while Kim delivered 2 breakouts with a fellow MVP colleague Jason Sandys and Jeopardy Quiz with a fellow MVP colleague Kent Agerlund ( and the golden jackets where awsome)
The Jeopardy Quiz was Awesome ! There where four teams involved : Product Team Group (Wally Mead & Brett Flagg) , MVP Team (Garth Jones & Panu Saukko) , Community team (Brian Mason & Ron Crumbaker) and PSS/CSS (Steve Rachui & Don Brown)
I never had so much fun during a session at MMS. It has to come back next year so please feel fill in those eval forms !
Last but not Least!
I was in the Keynote of Brad Anderson explaining how System Center Configuration Manager 2012 became such a good product. How cool is that and what are the odds to get into it !
See it online at http://www.mms-2012.com/digitalmms
Now I am fighting jetlag and I will start working on Best of MMS 2012 for Belgium very soon . So stay tuned !
Hope it Helps ,
Kenny Buntinx
Hi there ,
Today a customer requested an interesting scenario about selecting a preferred deployment when deploying multiple TS to a single collection:
Scenario:
You have made a few task sequences available thru PXE boot and enabled unknown computer support . You set all your deployments to available , not required.
When you start your OSD deployment , you will see the few task sequences sitting there and waiting . This is a correct behavior.
The customer likes to see the following behavior:
- one of the task sequences made available will be started automatically after 30 seconds if none of the other TS are selected.
This will help them to avoid the import computer information part as they stage thousands of machines over one weekend and there process is that the computer name is generated from their CMDB tool after the mac address and serial number is scanned. Then we extract that information and push it into TS variables.
Solution:
You can define a deployment in a prestart command that overrides existing deployments to the destination computer. Use the SMSTSPreferredAdvertID task sequence variable to configure the task sequence to use the specific Offer ID that defines the conditions for the deployment.
More interesting info on John Vintzels blog at http://blogs.technet.com/b/inside_osd/archive/2010/06/07/v-next-beta-1-feature-select-preferred-deployment-from-pre-execution-hook.aspx
Hope it Helps ,
Kenny Buntinx
When using App-V Applications in Configmgr 2012 , make sure you have App-V client 4.6 SP1 CU5 deployed as this is the minimum supported version in CM12 .
Just a reminder when you are in a migration phase … First upgrade your App-V client software to version 4.6 SP1 CU5
This will also be a requirement is you want to add the App-V client as a dependency of your Application’s deployment type (app-V)
Hope it Helps ,
Kenny buntinx
Yes, MMS 2012 is in front of the door and it will be an exciting week. The complete SCUG team from Belgium will be there!
Myself (MVP SCCM), Kim Oppalfens (MVP SCCM) , Kurt Vanhoecke (SCSM), Alexandre Verkinderen (MVP Cloud and Datacenter) , Mike Resseler (MVP Cloud and Datacenter) , Arne Peleman (SCOM, SCSM) , Nico Sienaert (SCCM), Dieter Wijckmans “IT Rambo”(SCOM , SCSM) and Tim Dekeukelaere (SCCM,SCOM) will attend MMS in Vegas.
My schedule is made and I will have a more or less complete System Center Configuration Manager 2012 week.
I will also do some additional side work at MMS 2012 this year. Here is a little overview:
I will assist Wally Mead in the following proctoring labs :
- Ballroom C Mon 4:30PM - 5:45PM Lab Proctor ILL: Basic Software Distribution in Configuration Manager 2012
- Ballroom B Thu 11:45AM - 1:00PM Lab Proctor ILL: Implementing Endpoint Protection 2012 in Configuration Manager 2012 –> This is my favorite !
If you are an Belgian IT Pro , please let me know . It would be great to know and maybe meet up in Las Vegas.
See you all over there !
Kenny Buntinx
If you are testing and evaluating the latest System Center 2012 components, you might be interested in this.
A new MP is available to Monitor ConfigMgr 2012 RC2 with OpsMgr 2007 R2, or OpsMgr 2012 RC:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=29034
Hope it Helps ,
Kenny Buntinx
You are probably deploying your CAS if you are a larger organization with specific needs. One of those needs is if you need more than 1 primary site because of geological/political issues. The version ( standard or enterprise ) of SQL that you might want to use on the CAS becomes very important if you are a larger organization.
If you use SQL Server Standard for the CAS, you can support up to 50,000 clients. But, if you use SQL Server Enterprise on the CAS, you can support up to 400,000 clients.
However you need to very well look at your growth plan because if you install SQL Server Standard on the CAS and then your company grows to 70,000 clients , you will have an issue.
You would say : “Why do I have an issue?“ , I just upgrade the SQL version on your CAS to SQL Enterprise to support those extra clients. However it will not work.
When the CAS is installed , it will be configured based on which target version of SQL is installed (Std or Ent). Once installed on SQL Standard, the table is a single partition, and will not be switched to multiple partitions when upgrading to SQL enterprise.
A CAS wipe and re-install is required to support more than > 50K clients and that will not be so easy or at least it will generate some additional problems.
Now you are might stuck about the question: “What about the SQL version on the primary sites ?” . Primary sites support up to 100K clients , but do NOT require SQL enterprise . SQL enterprise is only needed for the CAS if you need to support up to more than 50 K clients .
Little recap:
*CAS*
- Less than 50K clients –> SQL server standard is sufficient as long as you are not going over the 50K limit (Upgrade to SQL enterprise is NOT working when crossing the 50K limit)
- More than 50K clients –> SQL server Enterprise is needed.
*Primary Site*
- SQL server standard is always sufficient !
Hope it helps ,
Kenny Buntinx
Hi All,
Just getting myself ready for the MVP summit in Seattle next week, as our other SCUG MVP’s (Kim Oppalfens & Alexandre Verkinderen & Mike Resseler) .
For me it is going to be an exciting event for me , as it is my third MVP summit I’ll be attending since my nomination in July 2009.
For those of you that don't know what the MVP summit is, It is a week full of working, talking and discussing together with our MVP pears , but also with the (In my case) ConfigMgr product group.
We will be fully busy with ConfigMgr 2012 at the Enterprise Engineering Center at Building 25 .
I’m really looking forward to meet with members of the Microsoft product groups and directly learn from those people who are responsible for the individual product features and I see this as a real honor.
So if the blogging level is a bit low on SCUG.be next week , you will know why this is ….
Hope it Helps ,
Kenny Buntinx
Hi guys ,
Working for a customer on managing WES 2009 Clients with Configmgr 2012 . On of the requirements by the customer was not to install Silverlight 5.0 or .net 4.0 onto the WES2009 Device as they already has .net 3.5 in their core image.
The client prerequisites documentation can be found here on technet http://technet.microsoft.com/en-us/library/gg682042.aspx .
Silverlight is not required, Software Center and Software Catalog are the only things that need it. You can specify a commandline switch on ccmsetup to not install Silverlight. Example: CCMSetup.exe /skipprereq: silverlight.exe
For the .net 4.0 question : They require at least .Net 3.0+. If it is non of the following .net is installed then .Net 4 will be installed ;
- Microsoft .NET Framework version 3.0.
- Microsoft .NET Framework version 3.5.
- Microsoft .NET Framework version 4.0.
Hope it Helps ,
Kenny Buntinx
Hi All,
I am preparing for my very first teach in an open class of ConfigMgr 2012. The material we’ll be using is the manual me and Kent Agerlund (Danish ConfigMgr MVP) wrote. We started writing at beta2 and have updated the material over the months up until RC1.
I am Busy updating it to RC2 as I am typing this, the course is nearly sold out, but still has a couple of seats (literally) left.
The course will take place at the JCAcademy in Louvain, if you want you can still register here: http://www.jcacademy.be/jca/be-en/course-details.page?Short=MOC213&r=freesearch&q=sccm&i=1
the course will cover Site installation, as well as migration. Followed by all the novelties of ConfigMgr 2012.
The course is open to new and seasoned ConfigMgr admins alike, but you’ll probably benefit the most from it if you already havea ConfigMg 2007 background.
Best regards,
Kim Oppalfens
ConfigMgr MVP
I had assigned a task to install 5 SQL 2008 R2 cluster instances and on one of them had Analysis Services installed on a two node SQL Server 2008 R2 cluster (along with db engine).
Now I discovered that Analysis Services was not needed on one of the instances.
I thought : “No Problem , let’s remove” .
How do I remove this service from the cluster?
I tried the add/remove programs and command line option and both end up with the message: "The selected instance is clustered and cannot be removed as specified. To remove the selected instance, select "Remove Node" on the Installation Center or specify /Action=RemoveNode from the command line."
I tried removing one node hoping I could then uninstall from the only remaining node but still could not remove Analysis Services.
I've searched Google Bing and discovered this article that explained that “You cannot add or remove features to a SQL Server 2008 or SQL Server 2008 R2 failover cluster”: Http://support.microsoft.com/kb/2547273
So I learned it the hard way. Think before you install a feature on a SQL Cluster , because once it is installed , there is no way back !!
Hope it Helps ,
Kenny Buntinx
Maybe this is a very small blog post , but I think it could help some people out 
When you want to add your physical ESX 4.1 hosts with the root account and it does not succeed ( getting an access denied ) , it means that your hosts are in lockdown mode !
Switching off “Lockdown mode” gives you back the possibility to add your hosts with your root account.
Hope it Helps ,
Kenny Buntinx
Yesterday I faced an issue at one of my customers when installing CM12 in a lab environment. I wanted to install the Application Catalog Website Point Role .
Scenario :
- My CM12 site is installed and running
- I am adding the necessary roles such as Fallback status point , Application Catalog website point and the Application Web Service Point.
To do that I added in IIS the ASP.net component as stated in the prerequisites here :
http://technet.microsoft.com/en-us/library/gg682077.aspx
Then I added the necessary roles and after looking in the appropriate log file , I discovered an error : “ Error: IIS Asp.net is NOT registered . Setup failed - Error 126. “
To solve this , you will need to navigate to "%systemroot%\Microsoft.NET\Framework\v.4.0\” and run “aspnet_regiis.exe –i “
Make sure that you register the latest version of Dot.net framework . In this case it is would be version 4 of dot net framework.
After restarting the CM12 services , the role reinstalled correctly without any issues .
Hope it Helps ,
Kenny Buntinx
I promised you that I will start blogging again more often. Here is a first series of blog posts.
At my current customer we will use hypervisors from VMware , Hyper-V and Xenserver used in parallel because of various reasons. As we are in Private Cloud TAP and moving away from VMware the challenge will be the management (i.e. operational procedures and support). The management will be done by Microsoft’s System Center Virtual Machine Manager 2012.
SCVMM 2012 will be able to manage hypervisors all these different hypervisors from VMware , Hyper-V and Xenserver.
For that customer we are rolling out more or less 20 Citrix XenServers and therefore one of the platforms that will be managed by SCVMM2012.
The intention of this blog, is that you will be able to install and configure a Xenserver and hook it up to your SCVMM 2012 console .
1. Requirements
To allow Microsoft System Center Virtual Machine Manager 2012 managing a XenServer 6.0 or XenServer 6.0 Resource Pool, it is necessary to install the “SCVMM Integration Suite Supplemental Pack” within the XenServer(s).
SCVMM 2012 RC will support the following versions of XenServer by my knowledge:
2. Installation
The easiest way of installing the supplemental pack was during the initial XenServer setup. During the installation procedure the wizards asks if further supplemental packs should be installed. All you need to do is to insert the Supplemental Pack CD (or ISO) and follow the on-screen instructions.
Remark / Tip : ** Do not try to install the pack afterwards as you get a lot of issues **
3. Adding Citrix XenServers into SCVMM 2012
After install you can do the following checks from the SCVMM 2012 Machine to make sure it works before trying and connecting.
- Make sure that you can ping the host by the computer name or IP address. If you specified a computer name, make sure that the computer name is resolvable by DNS.
- Verify that the supplemental pack is installed correctly on the XenServer host. To do this, open a command prompt with Administrator privileges on the VMM management server, type the following command, where <HOSTNAME> is the name of the host, <ROOT USER> is the root user on the XenServer host, and <PASSWORD> is the password of the root user, and then press ENTER:
winrm enum http://schemas.citrix.com/wbem/wscim/1/cim-schema/2/Xen_HostComputerSystem -r:https://<HOSTNAME>:5989 -encoding:utf-8 -a:basic -u:<ROOT USER> -p:<PASSWORD> -skipcacheck –skipcncheck
- If it is successful, the command returns information about the host computer. If the command is unsuccessful, the supplemental pack is either not installed or is not functioning correctly.
After the installation completed successfully we need to switch to the SCVMM Admin Console.The first part is to create a “Run As Account” within the “Create Run As Account Wizard”, as shown on the screenshot below.
The next step is to actually add and integrate the XenServer(s) with SCVMM 2012 using the following wizard: “Fabric Workspace ⇒ Servers ⇒ Add Resources (Ribbon) ⇒ Citrix XenServer Hosts and Clusters”, as shown on the screenshot below:
The XenServer(s) should now be listed as a available resource(s) within the “Fabric Workspace”, as shown below:
The only pity is that we cannot select an icon when it it’s a VMware or Xenserver ! Now there is no differentiation …
Hope it Helps ,
Kenny Buntinx
I haven't blogged over here on System Center Configuration Manager in a long time, mostly because life has been so super busy with my 3 months old son and more recently because I am running like a mad guy at work .
Stay tuned because we were selected with one of my Belgian customers in building a “Private Cloud 2012” and the SCCM 2012 C.E.P in Production Program .
I will start blogging again very soon on all the system Center 2012 products and lessons learned due to putting things in production 
Stay tuned and
Hope it Helps ,
Kenny Buntinx
If you need to install the latest release of the Intel HD Graphics Driver via a SD package or OSD task sequence with SCCM 2007 SP2.
I downloaded the driver from the Intel website and built a package for a silent install (just adding -s to setup.exe) .
If I run it manually, it works fine. If I have it run by a SCCM SD program or OSD task Sequence , it runs fine, but the SCCM program log reports error 14.
The IntelGFX log shows no error, the drivers installs fine... why does SCCM say it didn't ? SCCM reports that error code (14) is related to the product.
Workaround :
Make a .cmd that installs it, and add echo finish at the end so that the .cmd file is sending return code 0(Zero) to SCCM.
Hope it Helps ,
Kenny Buntnx
Did you ever wanted to build and test out a “Private Cloud” ? The core is the System Center suite.
In order to build and test out a “Private Cloud” with the System Center and Hyper-V stack , you can find the following evaluation versions of the software below :
Datacenter or Enterprise editions to look at Hyper-V
Free Server just Hyper-V No Windows Server (Free)
VMware , Hyper-V or Xen can both be managed by this current product
The 2012 version of SCVMM . A better way to manage any virtualization and can work with different fabric.
Known as SCOM helps you monitor what’s going on real time with your operations
Known as SCCM, The product that helps you roll out clients or servers and properly configure them and baseline them.
The next version of SCCM which is really a brand new product.
Hope it Helps ,
Kenny Buntinx
·
In my previous blog posts “SCCM out of band management troubleshooting Part 1” I explained already that the Kerberos Tokensize with Intel vPro KVM stuff for System Center Configuration Manager is very important. You can read the article here at “http://scug.be/blogs/sccm/archive/2011/08/10/sccm-out-of-band-management-troubleshooting-part1.aspx”
In this blog post I will talk about the following issue , which is not an easy part to explain , called certificates.
Topic 2. Telnet Client
You will get this error in Configmgr when ussing the oob console and try to connect to clients via SOL interface : “There is no active serial-over-lan connection, make sure installing telnet client"
You will find the OOBConsole.log under C:\Program Files\Microsoft Configuration Manger\AdminUI\AdminUILog directory and in order to get more information, I would recommend you change the "Error" to "Verbose" mode into C:\Program Files\Microsoft Configuration Manager\AdminUI\bin\oobconsole.exe.config file (i.e. you can use the notepad to do it).
When opening up the log :
[18/07/2011 2:51:39 PM] :Error occured when Launch terminal, make sure installing telnet client
[18/07/2011 2:51:39 PM] :Closing SOL terminal...
[18/07/2011 2:51:39 PM] :SOL terminal closed
Based on the problem description, looks that your system do not have the telnet client installed. For Windows 2008/7 you must do it manually in "Turn Windows Features On/Off" and install the Telnet client feature.
Topic 3. Internal PKI Certificates troubles
You still aren’t able to connect to the BIOS with a SOL / IDE connection , but you can open the OOBconsole and make a initial connection. Check the OOBConsole.log at <ConfigMgrInstallationPath>\AdminUI\AdminUILog .
You will see success to at least connect to the AMT/vPro device :
[9/08/2011 9:39:43] :GetAMTPowerState success with 2.
[9/08/2011 9:39:53] :GetAMTPowerState success with 2.
[9/08/2011 9:39:58] :Open SOL connection...
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :status message Type:Audit, ID:0x00000000C000766A, User:VVM\sccmamt, Machine: xxxx, Target: xxxxx add to queue, waiting for report.
[9/08/2011 9:40:01] :Closing SOL terminal...
[9/08/2011 9:40:01] :SOL terminal closed
[9/08/2011 9:40:02] :GetAMTPowerState success with 2.
[9/08/2011 9:40:12] :GetAMTPowerState success with 2.
[9/08/2011 9:40:21] :GetAMTPowerState success with 2.
[9/08/2011 9:40:31] :GetAMTPowerState success with 2.
[9/08/2011 9:40:40] :GetAMTPowerState success with 2.
[9/08/2011 9:40:50] :GetAMTPowerState success with 2.
[9/08/2011 9:40:59] :GetAMTPowerState success with 2.
[9/08/2011 9:41:08] :GetAMTPowerState success with 2.
You will see that you will connect to the AMT/Vpro chipset , but you still aren’t able to connect to the BIOS with a SOL / IDE connection with the following message “IMR_SOLOpenTCPSession fail with result:0x00000020”.
Potential Root cause(s):
- Issue 1 : Your AMT Web Certificates are being issued from a Subordinate Certificate Authority and the Full certificate chain is not being pass correctly during a SOL/IDER session within SCCM. Place a copy of the Subordinate Certificate Authority certificate in the Local Computer - "Trusted Root Certificate Authorities" of the server or workstation that the Out Of Band Management Console is run from.
- Issue 2: There is an issue with having multiple Root Certificates in the "Trusted Root Certificate Authorities" and the OOB is getting confused . I will explain this a little more into detail later .
If you look at the KVM plugin , you will see clearly the error if your certificate chain is not correct ! :
To solve issue 1:
1. On to the client where the OOB console has run , please open a internet explorer and go to your root or subordinate certificate authority .
2. Select “Download a CA certificate Chain or CRL”
3. Select “Install this CA Certificate Chain”
4. Select “Yes” to continue
5. Select “Yes” to continue
6. You will see that it was successful.
![Devil]( "clip_image002<img src=")
" border="0" alt="clip_image002
" src="http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/sccm/clip_5F00_image0026_5F00_thumb_5F00_3213D746.jpg" width="347" height="337" />
7. Go to internet explorer > Internet options and go to certifications. See under “Trusted root certification authorities” if your root and subordinate certificate is installed .
To solve issue 2:
There is an issue when having multiple Root Certificates (I don’t know how this happened yet) in the "Trusted Root Certificate Authorities" , then the OOB console or KVM plugin is getting confused for some reason .
In the screenshot below you will clearly see 3 “ROOTCERT” certificates . If this is the case , please delete them ALL and follow the above solution from Issue 1 .
Solution :
After solving either issue 1 or 2 , you will see that it can connect flawless . See screenshot below .
![clip_image002[9]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/sccm/clip_5F00_image0029_5F00_thumb_5F00_5146584C.jpg "clip_image002[9]")
See more in the upcoming SCCM Out of Band Management Troubleshooting (Part3) , that is under construction.
Hope it Helps ,
Kenny Buntinx
It’s no secret for most people that KVM Remote Control is one of my favorite vPro features within System Center Configuration Manager (System Center Configuration Manager 2007 R3 / System Center Configuration Manager 2012 Beta 2) or System Center Service Manager (System Center Service Manager 2010).
Why go to an end user to fix his PC when you can use KVM Remote Control to do it from your own desk? With a feature this awesome, it’s challenging to make improvements. With the next generation Intel Core vPro Processors, KVM Remote Control now supports resolutions up to 1920x1200 at 16 bits per pixel color depth.
In my previous blog posts I explained already where to download the Intel vPro KVM stuff for System Center Configuration Manager . You can read the article here at “SCCM 2007 : Intel AMT–VPRO KVM add-on for SCCM 2007”
If you want to go and download the tools directly from the Intel site , please go to the following links :
However to use any of the above plugins , your systems should be made ready to use Vpro. There are a lot of requirements to make it happen , that I am not going to explain here in detail . Here are all my System Center Configuration Manager 2007: Out Of Band Management blog posts. I am just going to list them up :
After you have performed the installation by the book , it will probably not work directly out of the box and this could have multiple reasons. I will explain below the necessary steps to debug your potential issues in different blog posts:
1. Kerberos Ticket Size issue !
If you have problem that the Out Of Band Management console won´t connect to client computer, then it might be that Kerberos Ticket size is too big. It means that your user account belongs to too many groups.
You can find more information here:
If you have problems to connecting client computer with OOB console then check OOBConsole.log at <ConfigMgrInstallationPath>\AdminUI\AdminUILog .
I found this error message when I tried to connect with OOB console with user account which has too big Kerberos Ticket size after I modified the OOBConsole.exe.config file and set error logging value in the file to verbose.
[22.07.2011 13:54:32] :System.Management.ManagementException\r\nInvalid parameter \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
[22.07.2011 13:56:25] :RefreshAmtThirdPartyStorage fail with result:0x80338126
[22.07.2011 14:00:26] :GetAMTPowerState fail with result:0x800703E3
or
[22.07.2011 14:54:32] :System.Management.ManagementException\r\nInvalid parameter \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
[22.07.2011 14:56:25] :RefreshAmtThirdPartyStorage fail with result:0x80070005
[22.07.2011 15:00:26] :GetAMTPowerState fail with result:0x80070005
To see the value of the tokensize , you need the following background information . Each AMT version has a different maximum tokensize as shown below in the table :
Below I have 2 accounts :
- My account
- SCCMAMT – An account especially created to be only in the AMT SCCM group and the rights to execute AMT stuff within SCCM
In the screenshot below , you will clearly see that my accounts tokenize is way to big (9418) :
While the SCCMAMT accounts Token Size is (2577) :
After Logging in with the SCCMAMT account , check OOBConsole.log at <ConfigMgrInstallationPath>\AdminUI\AdminUILog . You will see success to at least connect to the AMT/vPro device :
[9/08/2011 9:39:43] :GetAMTPowerState success with 2.
[9/08/2011 9:39:53] :GetAMTPowerState success with 2.
[9/08/2011 9:39:58] :Open SOL connection...
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :status message Type:Audit, ID:0x00000000C000766A, User:VVM\sccmamt, Machine: xxxx, Target: xxxxx add to queue, waiting for report.
[9/08/2011 9:40:01] :Closing SOL terminal...
[9/08/2011 9:40:01] :SOL terminal closed
[9/08/2011 9:40:02] :GetAMTPowerState success with 2.
[9/08/2011 9:40:12] :GetAMTPowerState success with 2.
[9/08/2011 9:40:21] :GetAMTPowerState success with 2.
[9/08/2011 9:40:31] :GetAMTPowerState success with 2.
[9/08/2011 9:40:40] :GetAMTPowerState success with 2.
[9/08/2011 9:40:50] :GetAMTPowerState success with 2.
[9/08/2011 9:40:59] :GetAMTPowerState success with 2.
[9/08/2011 9:41:08] :GetAMTPowerState success with 2.
You will see that you will connect to the AMT/Vpro chipset , but you still aren’t able to connect to the BIOS with a SOL / IDE connection with the following message “IMR_SOLOpenTCPSession fail with result:0x00000020”.
I will explain the fix for this error in SCCM Out of Band Management Troubleshooting (Part2) , that is under construction.
Hope it Helps ,
Kenny Buntinx
This is my last post about the step by step series about Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2.
In my previous post I have talked about importing the 3rd Party Remote Configuration Certificate on the OOB Service Point (In this example we will use a certificate from GoDaddy ) to provision Intel vPro technology based systems in SCCM at http://scug.be/blogs/sccm/archive/2010/05/06/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-3.aspx
In my previous posts I talked about what is OOB, OOB requirements and little bit about the necessary certificates. In this post I will talk about internal PKI infrastructure and how to configure OOB management point within SCCM. ConfigMgr 2007 SP2 uses four types of certificates for Out Of Band Management. These four different certificates are:
- AMT Self Signed certificate – IntelAMT will generate a self-signed certificate during the PKI provisioning process to secure the connection with the ConfigMgr 2007 Server.
- AMT provisioning certificate – This certificate is used by ConfigMgr 2007 to provision Intel AMT devices. The most simple and automated method for provisioning is the process of purchasing this certificate from a third-party provider (VeriSign, GoDaddy, Comodo, or Starfield). This certificate will need to be installed on each OOB Service Point in the environment.
- Web server certificate -This certificate is generated by an internal Enterprise Certificate Authority during the provisioning process and installed on each AMT device within the firmware. This will allow for a TLS management session between the ConfigMgr 2007 OOB Management console and the AMT firmware.
- 802.1x RADIUS Certificate – Optional certificate that allows the Intel AMT client to securely authenticate to an 802.1x network without the operating system being present.
In our case , you will need an internal certificate Authority and create two certificates :
• AMT provisioning certificate – In this case the Godaddy cert and Request, install and prepare the AMT remote configuration certificate ( Already done in the previous blog post)
• Web server certificate – this certificate is requested by the primary site server on behalf of AMT-based computers and then installed in the AMT firmware in the computers
To Prepare Web server certificate – see the steps below :
1. Open your Certificate Authority issuing PKI Server –> Click Start> All Programs > Administrator Tools > Certification Authority
2. Right Click on Certificate Templates > Manage
3. In the Certificate Templates Console Window, right click on Web Server and select Duplicate Template
4. In the Duplicate Template Window, select the radio button for Windows 2003 Server, Enterprise Edition and Click OK
5. In the Properties of New Template Window and enter ConfigMgr AMT Web Server Certificate
6. Check the Box to Publish certificate in Active Directory
7. Proceed to next step to set the security rights on this template.
8. Select the Security Tab and click Add
9. Select the ConfigMgr site server 2007 primary site server computer group and Click OK
10. With the ConfigMgr Primary Site Servers group highlighted, check Read and Enroll , Click OK
11. Close the Certificate Templates Console
12. In the Certification Authority Window, right-click on Certificate Templates > New > Certificate Template to Issue
13. In the Enable Certificate Templates Window, select ConfigMgr AMT Web Server Certificate (this template was created in the previous step)
14. Click OK
15. In the Certification Authority Window, you will now see ConfigMgr AMT Web Server Certificate listed in the right hand Window and ready for use by the Out of Band Service Point
Note: This Web Server Template will be used by ConfigMgr 2007 SP2 to generate a unique certificate for each Intel AMT system during the provisioning process,and used for TLS session during management of the Intel AMT client .
How to Configure OOB service in SCCM
After you have your exported *.pfx certificate we will import this into the SCCM out of band management properties box. Now you have configured all certificates, permissions and have a certificate private key we are going to configure the OOB management point.
1. Open SCCM console -> Site Settings -> Component Configuration -> Out Of Band Service Point
2. Create extra OU in Active Directory where SCCM creates AMT computer objects. Make sure the Configmgr Primary Site Server has permissions on that container to create those objects!
2. Configure MEBx password that SCCM uses to connect AMT-based computers. By default this password is admin but you can change this later on.
3. You could select “Allow out of band provisioning” and “Register ProvisionServer as an alias in DNS” but it wouldn't be necessary if you only are going to in-band provision ( Thru the SCCM Client)
4. Configure Provisioning certificate. From here you now have to import that *.PFX file and enter your previous configured password.
5. Configure your web certificate template. From here you have to select your internal PKI CA and select your ConfigMgr AMT Web Server Certificate.
You can configure all the other tabs at your own flavor .
You will find a good document from Intel with all the steps at www.intel.com/en_US/Assets/PDF/.../cg_MicrosoftConfigMgr_vPro.pdf
Hope it Helps ,
Kenny Buntinx
In my previous blog post “SCCM 2007 : Intel AMT–VPRO KVM add-on for SCCM 2007” , I have written that Intel had release a KVM (version 6 or higher) plugin for Configmgr 2007 .
I was experiencing issues with the Intel Vpro KVM Configmgr plugin. It seems that the extensions are not installed correctly by Intel. After installing the plugin , I opened up the console and it didn’t show me any Intel Vpro options as shown in the picture below .
If you launch the KVM tool manually , it works perfectly. However in the console I don’t see any right click action as shown in the above screenshot.
When I looked a little closer , I saw that the default SCCM admin console is installed in the following default path “C:\Program files\Microsoft Configuration Manager Console\” while Intel’s setup seems to create the following path “C:\Program files\Microsoft Configuration Manager\”(missing the console part) that contains the extensions XML file called “IntelVproExt.XML”.
Also if you didn’t stick to the default install paths , you will have the same issues .
Solution:
Copy the folder structure from “C:\Program files\Microsoft Configuration Manager\” to “C:\Program files\Microsoft Configuration Manager Console\” . Now you will have the option in the console .
Hope it helps
Kenny Buntinx
1. Download your patches to a folder
You could always download the patches from the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx and save them to a local folder or automate it by the following process :
Go to C:\windows and open windowsupdate.log in excel. Delimit the file by Tab and space
Run the auto-filter and filter on “Downloading” in column “G”
Select all rows in column “I” and copy the table. Go to new sheet and paste in this in column “B”
We select column “B” and select Data -> text to column en delimit by ‘/’. Now we remove column “B,C,D and E”
Go back to sheet where you imported the “Windowsupdate.log” and select all rows in column “K” and copy the column. Go to the new sheet and paste in column “D”
We select column “K” and select Data -> text to column en delimit by ‘\’. Now we remove column “D,E,F,G and H”
Paste the following formula in column “A” “="Copy H:\" & B2 & "\" & C2 & " c:\Patches\" & D2”
Drag the formula to below , select column A , select all and copy it
Open notepad , paste the text and save as “getpatch.cmd”
Map your drive H: to \\yourwsusserver\WsusContent and run “getpatch.cmd”
Copy your downloaded patches to the location you need them
2. Applying the offline patches to the windows 7 media
Open up a WINPE command prompt via the WAIK.
Run the following commands in the following sequence .
Dism /Mount-Wim /Wimfile:"F:\DISM\Windows 7 Enterprise SP1 Eng X64 Source\sources\install.wim" /index:1 /Mountdir:F:\DISM\temp
Dism /image:F:\DISM\temp /add-package /packagepath:F:\DISM\Patches (where the patches folder contains your downloaded CBS windows patches)
dism /commit-WIM /Mountdir:F:\DISM\temp
dism /unmount-WIM /commit /Mountdir:F:\DISM\temp
3. What if you get an error applying the offline patches?
It can happen that there are patches that cannot be applied offline. When that happens, you will get the following error as shown below in the screenshot. In this case KB2533552. Do not worry, the process does not need to run again.
However, please note all patches that couldn’t be applied, so you could keep track of them for later deployment .
To see what is really going on and to verify this is a patch that cannot be applied offline , you should open the DISM.log file and search for the specific update as shown below in the screenshot.
When you look closer at the screenshot, you will see the message “Cannot perform offline servicing with an online-only package “, meaning this patch is not a CBS update and needs to be applied online.
You could always check the update on the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx
4. Import the image in SCCM or MDT
After this process you need to import the source content in SCCM. When done start adding it to the distribution points and wait until it is replicated, preferably with a good naming convention.
After importing the image in SCCM, add it to the DP’s and check if the image is replicated correctly on all selected DP’s.
When it’s done, change the media in the task sequence to use the new patched media. This will allow you to minimize staging downtime.
Now you are running from the start with a patched offline media , meaning less deployment time and being more secure when deploying your machines !
Hope it Helps ,
Kenny Buntinx
A couple of weeks ago we organized a Belgian Best of MMS 2011 event together with our local MVP’s and SCUG user group. All the sessions are published onto the Belux page on TechNet Edge
Microsoft has created a special page on TechNet Edge with all the videos of the event : Best of MMS Belgium 2011.
If you want to review our Configmgr 2012 session , please follow the link below
- System Center Configuration Manager 2012
by Kim Oppalfens
- Configuration Manager 2012 – Deployment and Infrastructure Technical Overview
by Kenny Buntinx (myself)
If you want to try the current Beta2 code , you could click here for :
- The bits and bytes : http://www.microsoft.com/systemcenter/en/us/configuration-manager/cm-vnext-beta.aspx
- The complete VHD : http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21054
Hope it Helps ,
Kenny Buntinx
vPro AMT can leverage Kerberos authentication to allow management from your management console to the AMT firmware. Depending on the management console of choice (e.g. SCCM, Altiris, SMS) you may be using Kerberos or digest authentication. If you are using a management console like SCCM that only uses Kerberos authentication, there are a few things you should be aware of in case you are having problems managing your vPro systems.
In AMT (version 2.x, 3.x, 4.x, and 5.x) there is a Kerberos ticket size limit that varies among versions of AMT (see graph 1 below on specifics for each firmware version). With respect to Kerberos authentication, AMT has different limits for HTTP connection and Serial-Over-LAN (SoL).
Read the complete post here : http://communities.intel.com/community/openportit/vproexpert/blog/2009/03/23/kerberos-ticket-size-can-stop-you-from-connecting-to-vpro-systems-and-using-idersol
Hope it Helps ,
Kenny Buntinx
Have you ever wanted to be able to launch a KVM Remote Control session from within SCCM from AMT version 6.0 or higher ? Have you ever wanted to make use of the Alarm Clock feature in AMT to wake up or turn on a computer at a specific time? Now you can with the Intel® Core™ vPro™ processor add-on for System Center Configuration Manager 2007 SP2 R2 –R3
This add-on for SCCM 2007 brings the same KVM Remote Control capability that was made available last year in our management pack for SCSM 2010.
In addition, we have also added in the ability to set the AMT Alarm Clock from within SCCM 2007. This capability lets you set up a schedule in AMT to power on a system from a powered off or sleep state at a specified time; even if the system is not connected to the network.
Once installed, there will be a new sub-menu available when you right-click on systems in the SCCM console that will allow you to launch a KVM Remote Control session, or set the Alarm Clock for the selected system.
There are a few requirements for the KVM functionality however :
- You will need to have the intel onboard video adapter . It will not work if you use Matrox , ATI , Nvidea video boards
- Intel AMT 6.0 or Higher
- The machine must be in-band provisioned thru the SCCM client
- BUT - KVM remote control is NOT universal across all 2010 Intel vPro platforms. If shopping for a system, ensure it has Intel integrated graphics, vPro processor, and Intel AMT 6.0. Specifically - look for vPro systems that have the following processors
-
Desktop: i5-650, i5-660, i5-670
-
Laptop: i7-620M, i7-640LM, i7-620LM , i7-640UM, i7- 620UM, i5-540M, i5-520M, i5-520UM
Download the plugin here : http://software.intel.com/file/37855
Hope it Helps ,
Kenny Buntinx
If you want to create a report to list all collections a pc belongs to :
SQL Statement
select
FCM.CollectionId,
C.Name
from
dbo.v_R_System r
join dbo.v_FullCollectionMembership FCM on R.ResourceID = FCM.ResourceID
join dbo.v_Collection C on C.CollectionID = FCM.CollectionID
Where
R.Name0 =@ComputerName
Prompt properties
Name: “ComputerName”
Prompt text: “Computer Name”
SQL statement
begin
if (@__filterwildcard = '')
SELECT DISTINCT SYS.Netbios_Name0 from v_R_System SYS WHERE
SYS.Client0=1 ORDER By SYS.Netbios_Name0
else
SELECT DISTINCT SYS.Netbios_Name0 from v_R_System SYS WHERE
SYS.Client0=1
and SYS.Netbios_Name0 like @__filterwildcard
ORDER By SYS.Netbios_Name0
end
Hope it helps ,
Kenny Buntinx
We’ve become aware of two issues when using the Definition Update Automation Tool.
Definition Update Automation Tool fails to add new definition updates to the deployment package :
Symptoms
The FEP 2010 Definition Update Automation Tool may fail to add new definition updates to your deployment package. Reviewing the %ProgramData%\SoftwareUpdateAutomation.log file shows the following exception:
SmsAdminUISnapIn Error: 1 : Unexpected exception: System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at System.Collections.Generic.Dictionary`2.Add(TKey key, TValue value)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SccmUtilities.CalculateCleanupDelta(ConnectionManagerBase connection, ICollection`1 freshUpdateFilesObjectList, IResultObject destinationPackageObject)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SoftwareUpdater.Update(SoftwareUpdateAutomationArguments arguments)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SoftwareUpdater.Main(String[] args)
Cause
More than one FEP 2010 definition update is being detected as active by the tool.
Resolution
This blog article presents workarounds for the issues. You can find the blog on http://blogs.technet.com/b/clientsecurity/archive/2011/07/18/errors-when-using-the-fep-2010-definition-update-automation-tool.aspx
Hope it Helps ,
Kenny Buntinx
Recently we did a customer private cloud project where we used all the system center tooling ( http://www.microsoft.com/systemcenter/en/us/default.aspx) , except for the hypervisor layer , which was VMware .
One of the scenarios that the customer had in mind , was to provision all there virtual servers with SCCM and we had to use Opalis to become the glue between VMware – BMC Remedy and System Center. In the first step of the project we didn’t use the Change request mechanism from BMC Remedy yet. Special thanks to my colleague Gunther Dewit for helping me out on this one .
**** Disclaimer **** – This is a very basic workflow – we will post improvements as we go along – it is for helping people moving forward **** Disclaimer ****
The workflow itself
The first step in creating a workflow is doing a custom start where we could input some necessary variables . The Custom Start Activity is used to create a generic starting point for Workflows. By adding parameters to the Custom Start Activity it can consume external data which can be passed to downstream Workflow Activities.
These are the parameters the workflow needs in further steps. All the rest of the information that is residing in the data bus of Opalis .
This input is required, without it, the workflow won’t start. A popup will be presented when starting the workflow.
Now that we have all the necessary input required, we can continue with the creation of the virtual machine. In order to create a virtual machine, we need to provide some parameters, some of them will come from the Custom start step, others will have to be adapted per workflow.
Creating the virtual machine
These are the required parameters.
- Name: This is the name that will be given to the virtual machine, we will get it from the Custom Start where we filled in a name.
- Datastore: This is the datastore that will host the virtual machine disk, we will get it from the Custom Start where we filled in the datastore.
- DiskMB: Since it was decided to have a fixed disk with a size of 100GB, we filled it in directly instead of asking it in the first step.
- DiskStorageFormat: This is the thick or thin format, thin was decided as the default format.
- MemoryMB: This is the amount of memory that will be given to the virtual machine, we will get it from the Custom Start where we filled in an amount of memory.
- NumCPU: This is the number of CPU’s that will be given to the virtual machine, we will get it from the Custom Start where we filled in the number of CPU’s we need.
- CD: It was decided that all VM’s will have a cd drive so we set this to true.
- VMSwapFilePolicy: This will set the swapfile policy the states where the swapfile will be saved, it was decided to do this in the VM itself.
- VMHost: This is the physical host where the VM will be hosted, this integration pack cannot provision on cluster yet so you need to choose a physical host.
- GuestID: This is the OS version that will be installed on the VM.
- Folder: This is the foldername where the VM will be installed as shown in the ESX console.
You can add more details trough the “optional properties” button. If all goes well, the workflow has created the virtual machine now.
Now we need to change some things on the virtual machine.
First we need to change the network settings. The VM name, we get from the Custom Start , since this is a read action, no further settings are needed.
Alternatively, you can specify some filters to narrow the data that you receive back.
Alternatively, you can specify some filters to narrow the data that you receive back.
Now we will delete all the network connection that VMware made by default because they are useless to us.
The Network Adapter name is data that we got back from the read action above and the VM name is still the name entered at the Custom Start .
This will remove all network adapters from the VM, alternatively, you can specify filters if you only want to delete a specific adapter.
Now we need to add a network adapter to the VM. The VM name is still the name we entered at the Custom Start .
The NetworkName is the name of the network that you want your network adapter connecting to.
The StartConnected specifies if it will be connected to the network or only added without being connected.
The Type is e1000 as this is the only VMware adapter SCCM can work with.
Now we do another step to get the properties from the newly created adapter so we can use the information to input the computer into SCCM.
Now that we collected the necessary information for SCCM, we can import the computer into SCCM.
This is done by a powershell script that needs to input parameters, the name and the MAC address.
Now that the computer is known is SCCM, we need to add it to the collection that has the OSD advertised to it.
The is done by the following step.
In the collection field, you can enter 2 things, either the name of the collection or the ID of the collection. What you enter must match the collection value type. If you enter an ID as shown here, the value type must be ID as well. The same is true for the computer where we use the name from the Custom Start step so the value type is name in this case.
Now that the VM is created and provisioned in SCCM, we are ready to deploy the operating system on it.
So let’s power on the VM.
The only thing you need to power on a VM is the name and we still get the from the first step.
Now that the VM is booting up, SCCM can start the task sequence to deploy an operating system on the VM.
Meanwhile, we will check the progress in Opalis.
The advertisement ID is the ID as it is known in SCCM and the computer name is still the name as we specified in the first step.
Looping the task
Now since the OSD deployment takes some time to complete, we will let the step loop until it gets a result back from SCCM.
It will recheck every 300 second and will do this 8 times or when it gets back from SCCM that the deployment was successful in order not keep the loop while the deployment was finished faster then in 8 loops.
Now we need to output the result to any medium you want (logfile, mail, …), I do an output to a text file as an example.
Now how does Opalis know when to write to which log file?
This can be regulated by double clicking on the arrows. This is the arrow toward the success file.
As you can see, it will only follow this arrow when SCCM outputs a succeeded message for the advertisement. If not, it will take the other path towards the failed log file.
So , It is not so easy to get it all together , but if I may give a great tip: ” Write down all steps of your manual flow and then try to translate them into an opalis workflow “
Hope it Helps ,
Kenny Buntinx
Wow, VMWARE way to hand microsoft a full house in their "VMware is too expensive" poker hand! With there new licensing schema about Vram on Vsphere 5 they are going to help Microsoft a big hand in winning deals for Hyper-V + System Center Virtual Machine Manager 2012 and all the rest of the system center suite !
I like it as a System center consultant , the way VMware customers are going to suffer for something that has became a commodity such as the hypervisor. Why would you pay for it , I only would pay for decent management and therefore VMware is lacking tools and integration as System Center has today !! VMWARE is forcing customers to almost triple their license counts with the new vSphere 5 licensing scheme and not offering the same management features such as integration with third party tools (Opalis Integration as example).
They are just going to kill themselves this way .
Read the full thread and get involved here:
http://communities.vmware.com/thread/320877?start=0&tstart=0
Read about the licenses changes your self in the (PDF) Guide to the vSphere 5.0 changes (including FAQ)
Even VMware believers and defenders ( even customers) are forced to really consider and look at Microsoft's Hyper-V solution , based on cost and features , as it is not defendable anymore to pay for a commodity as a hypervisor as such .
( because in 90% of the cases , Hyper-V could cover all features compared with VMware )
Hope it Helps ,
Kenny Buntinx
At one of my customers we had an issue with discovering VM guests thru there VEEAM nworks management pack and it seems that a lot of people on the forums have the same issue . If you look in the SCOM console you will see the following :
The SCOM Agent version that is running on the VEEAM collector is SCOM 2007 R2 CU4 on x64 win2k8 r2 server.
The script runs perfectly without errors and discovers all our ESX hosts and clusters , but no VM Guests or Datastores . In any case – the event we copied below is VEEAMS nworks ‘first stage’ discovery (Discovery = ALL). It only inserts the basic topology – Clusters, Hosts (no sub-components of host).
VMwareTopologyDiscovery.js : v5.6.0.786
Discovery 'ALL' Complete!
1 API
connection(s) discovered;
6 Host(s) discovered;
0 Datastore(s)
discovered.
Script completed in 1.953s
You should see on the next cycle see this event (id 1010 in Operations Manager log), one event for each Host .That will insert host sub-components like CPU cores, VMHBAs, VMNICs etc.
VMwareTopologyDiscovery.js : v5.6.0.786
TargetComputer = AKCOL1.nworks.local
InstallPath = C:\Program Files\nworks\VIC\Collector\
Host = esx-main1.amust.local
LoggingEnabled = true
Discovery = HOST
EnableSensorData = true
CreateAGRel = false
VMFolder = false
Script completed in 1.468s
Then on the next cycle, you should see this - the “SV102” event, logged in Operations Manager as event 1011 -
VMwareTopologyDiscovery.js : v5.6.0.786
TargetComputer = AKCOL1.nworks.local
InstallPath = C:\Program Files\nworks\VIC\Collector\
Host = esx-main1.amust.local
LoggingEnabled = true
Discovery = GUESTS
EnableSensorData = true
CreateAGRel = true
VMFolder = false
ContainerId = VMHOST:esx-main1.amust.local:GUESTCONTAINER3
3 Guest(s) discovered.
Script completed in 0.547s
Note that the above event could have multiple events for each Host, depending on how many VMs there are. Vms are processed in groups of 5 by default.
At first we thought we needed to enable this discovery in the VEEAM mgmt pack. We have looked in the Operational guide and there are 3 discovery scripts with VEAAM :
All objects (ESX hosts, VMs, nworks Enterprise Manager servers, etc.) are discovered automatically by default. However, your monitoring requirements may need certain objects to be included or excluded from monitoring. For example, to discover and monitor ESX hosts. but not the virtual machines , you should disable (with an override) the ‘SV102 third stage discovery’ rule (for VMs). This rule can be enabled/disabled on a per-Host basis.
We explicitly enabled the Guest discovery in the SV102 discovery , however we didn’t manage to see any VM’s in SCOM . After a lot of searching , we finally found the solution . This is not documented clearly in the VEAAM documentation.
Open your Vsphere console and define your rights but :
Make sure this account has at least Read-Only privileges on the vCenter level, not only the cluster level as shown below in the screenshot . It seems that the VMware API reports all his VM guest info to the vCenter level and not to the cluster level .
Hope it Helps ,
Kenny Buntinx
I’m very proud to inform you that my MVP award got renewed for the year 07/2011 – 07/2012 on System Center Configuration Manager. This is certainly a great honor for me.
Thank you Microsoft, blog readers and all the community members that helped me out!
Thanks for the recognition. I am delighted.
Last , but not least , I’m also very proud as a Co-Founder to say that we have four MVP’s in Belgium who are specialized in the system Center area . I will list them once more :
- Mike Resseler – System Center Data Protection Manager MVP
- Alexandre Verkinderen – System Center Operations Manager MVP
- Kim Oppalfens – System Center Configuration Manager MVP
- Myself - System Center Configuration Manager MVP
Hope it helps ,
Kenny Buntinx
Update Rollup 1 for Microsoft Forefront Endpoint Protection 2010 introduces new features and updates. These new features and updates are summarized below.
The following list is a summary of the updates in FEP Update Rollup 1 for server functionality.
Finally the Forefront team came up with a solution that since the release of the product they really missed .The following Microsoft website explains how to auto deploy forefront client security definition in a step-by-step guide. aka http://technet.microsoft.com/en-us/library/dd185652.aspx
In this step-by-step guide, they essentially go into the WSUS Console to create an Auto-Acceptance rule. First of all this should make any ConfigMgr admin shiver, as it should have been drilled into your head that you are supposed to do software updates management from the ConfigMgr administrator console. Now, I and many other SCCM admins have never understood why they didn't solve that in a more elegant manner. The solution works, however has a couple of major drawbacks.
Additionally in a multi distribution point environment, the actual definition updates will always come from the Software update point, whereas normal software updates come from the distribution points. In other words, this impacts scale quite a bit, and forefront definitions come out at a very frequent pace meaning they are hitting you software update point harder than anything else.
The main problem, is that in SCCM 2007 we have no "easy" way to create an Auto-Approval rule. This will be solved in CM12 , until then , for the CM07 they will fix that mistake by update rollup 1. Soon I will launch a blog post to see if this is a real workable solution. So now you will have with Update Rollup 1 a tool that facilitates the use of the Configuration Manager software updates functionality to download FEP definition updates and make them available to client computers running the FEP client software.
In order to use the software updates feature for definition updates, you must perform the following high-level steps:
- Download and install the Update Rollup 1 package.
- Configure software updates to download definitions for FEP.
- Configure the package by which the definition updates will be distributed, and configure the distribution settings for it.
- Install and configure the FEP Software Update Automation tool.
- Addition of support for the FEP client software for Windows Embedded 7 and Windows Server 2008 Server Core. For more information on the added client support, see Prerequisites for Deploying Forefront Endpoint Protection on a Client
- The following list is a summary of the updates to FEP policies included with Update Rollup 1.
-
Update Rollup 1 for FEP 2010 adds a new FEP policy option to configure definition updates for FEP client computers. After installing Update Rollup 1 for FEP, you can configure FEP policies to update definitions from a Configuration Manager software update point.
To configure FEP policies to update definitions from a Configuration Manager software update point
-
Addition of two new preconfigured policy templates for the following server workloads:
- Microsoft Forefront Threat Management Gateway
- Microsoft Lync 2010
You will find the Forefront Endpoint Protection 2010 Update Rollup 1to download at the following location : http://www.microsoft.com/download/en/details.aspx?id=26583
Hope it Helps ,
Kenny Buntinx
You’ve probably seen XenApp Connector for SCCM in XenApp 6. Now we’re taking it one step further – Along with the Citrix XenApp Tech Preview release, we’re pleased to announce the availability of the next version of the XenApp Connector for Microsoft SCCM 2007, as a Tech Preview release. This XenApp Connector Tech Preview represents another milestone in the ongoing partnership with Microsoft to bring you a powerful joint solution that lets you manage your entire XenApp environment using the SCCM management console. XenApp Connector extends the reach of ConfigMgr 2007 to virtual environments like Citrix without any downtime for users.
For those not familiar with XenApp Connector for SCCM, you can read more about it here and watch the video here.
This release of the XenApp Connector contains the following features:
1. Support for SCCM 2007 R2 and R3.
2. Support for WSUS – Windows Server Update Services. So now you can deliver not just applications, but also keep your entire XenApp infrasructure up-to-date with the latest Windows Updates without any user downtime.
3. Quality improvements including several bug fixes (such as seamless FTA for App-V packages)
4. Scalability improvements
5. Setup & Configuration Simplification – wizard detects connectivity and setup problems early on and automatically suggests solutions.
6. Firewall friendly changes – Communication between the Connector and the hosts (XenApp, PCM and SCCM) now make use of PowerShell V2 remoting over HTTP/HTTPS.
7. Improved Security – The option to enable SSL encryption in the Configuration Wizard and Digital signing of the Connector PowerShell script files.
8. Full Section 508 compliance
9. Logging and diagnostic improvements (rolling log file support, SMS Trace format compatibility)
This release can be found on the ISO image of the XenApp Tech Preview release under the ‘Connector for ConfigMgr’ folder.
Hope it Helps
Kenny Buntinx
At my customer , we had a weird issue when running our workflow. We had a workflow with a custom start that fired off , but failed at the moment we hit to “add resource to SCCM”.
It failed with a error message “Failed to CoCreate IOpalisServerExtension" as shown in the screenshot below.
![clip_image002[4]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/sccm/clip_5F00_image0024_5F00_thumb_5F00_66485EEA.gif "clip_image002[4]")
It seems that sometimes the deploy action server wizard does not function fully. The action server will work for most things but you could get error message that the server could not create extension and so on. Probably the wizard fails in registering some components and you get error messages like this. In our case, it was only when using items from the SCCM integration pack.
Below you will find the log file on the “RunbookServers” :
2011-06-20 09:37:38 [284] 1 Exception caught in void __thiscall MultiThreadedWorkflowThreadFactory::doTraversal(const class std::basic_string<unsigned short,struct std::char_traits<unsigned short>,class std::allocator<unsigned short> >,const class WorkflowGraph &,__w64 unsigned int,class boost::optional<unsigned int>,class IWorkflowInstance &,class ExecutionDataTree)
C:\AutomatedBuild\IS5.Platform\Branches\6.2_Sanitized\Platform\PolicyModule2\MultiThreadedWorkflowThreadFactory.cpp(157):
<Exception>
<Type>Opalis::Exception</Type>
<Location>
struct std::pair<class boost::shared_ptr<class ExecutionDataBatch>,class ObjectInstanceStatus> __thiscall OpalisServerExtObjectRunner::run(const class Opalis::Uid &,class PropertyHelper::PropertyContainer &,const class LoopSpecificExecutionData &)
C:\AutomatedBuild\IS5.Platform\Branches\6.2_Sanitized\Platform\PolicyModule2\OpalisServerExtObjectRunner.cpp(244)
</Location>
<MsgCode>Error while running an object</MsgCode>
<Params>
<Param>{4A4EE7D4-B9DF-45C3-9275-9BB31733EB31}</Param>
<Param>{ECA10078-C614-4345-A156-CEB1F9060EE8}</Param>
</Params>
<Prev><Exception>
<Type>Opalis::Exception</Type>
<Location>
class ATL::CComPtr<struct IOpalisServerExtension> __thiscall NativeObjectRunner::createExtension(long)
C:\AutomatedBuild\IS5.Platform\Branches\6.2_Sanitized\Platform\PolicyModule2\NativeObjectRunner.cpp(57)
</Location>
<MsgCode>Failed to CoCreate IOpalisServerExtension</MsgCode>
</Exception></Prev>
</Exception>
2011-06-20 09:37:38 [284] 1 Process terminated: exception caught.
But you can overcome this by doing a manual install First of the “runbook” server en then overwrite doing an install trough the deployment console.
Start the installer.
This is the welcome screen, follow the instructions of the next screenshots.
Now we still need to install the same management server through the Deployment console as you normally would. Start up the deployment manager with the “run as administrator” option.
After this procedure, all IP’s will work correctly.
Hope it Helps ,
Kenny Buntinx
Today at my customer , we had a weird issue thru our operator console in Opalis 6.3. We had a workflow with a custom start that fired off , but failed with a error message “Failed to CoCreate IOpalisServerExtension". This issue had nothing to do with the fact that those workflows kept running in the Opalis Operator Console for eternity as shown in the screenshot below. We had no possibility even when we had the right to delete or stop those running policies. When you tried to stop those running policies , they said there where “No policies found that could be stopped”.
First thought was that it had something to do with Java cache as I am so in love with Java 
. Answer after clearing cache was the same …
The answer to this is that there is a “known” issue ( I don’t know if its is a “known” issue as I found it after a long search on the internet ) where the log will retain "ghost" entries for running workflows.
So basically it will look like a workflow is running (in the designer and Operator Console) but no workflow is running. This is an operational issue that doesn't effect runtime, meaning that although it LOOKS like these are running workflows... even though they aren't... they don't take up a request queue or impact runtime in any way.
If you call PSS they can give you a procedure to clean up these "ghost" entries or you can simply go into the OPALIS designer, right-click on the bogus instances, and delete them manually as shown in the screenshot below :
After you have cleaned out your "ghost" entries , you will see that there are no ghost entries left any more :
Hope it Helps ,
Kenny Buntinx
Best of MMS 2011 will provide the best possible opportunity to learn about the latest IT Management products, solutions and technologies from Microsoft and how to apply them in your organisation.
With a number of significant management product releases and announcements planned from Microsoft in the coming year, including some early Beta releases, this is an opportunity you won't want to miss!
This 1-day event will provide you with an understanding of the latest technical updates on Desktop, Datacenter and Cloud management features and solutions from Microsoft.
Join the Belgian Experts (MVP) from the System Center User Group who attended and presented at MMS 2011 in Las Vegas. They will bring you the best content from MMS 2011.
You have the choice to either attend this event in person or follow it by using live-meeting at http://technet.microsoft.com/nl-be/ff628215
Hope it Helps ,
Kenny Buntinx
Forefront Endpoint Protection 2010 would not work or install on a Configmgr 2012 beta 2 environment . Therefore you will need Forefront Endpoint Protection 2012 Public Beta .
It seems that the Client Agent Version is still FEP 2010 as the client version number is still the same as from FEP 2010
It is available as from today at http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b64c2029-0f56-4606-ba0c-ea92e03541f5&displaylang=en and gibe it a test drive .
Hope it Helps ,
Kenny Buntinx
In System Center Service Manager 2010, you can use the deployment guide procedure to deploy the Service Manager Self-Service Portal. The Self-Service Portal provides two Web sites, a self-service portal used by end users and an analyst portal used to manage change requests and to administer the Self-Service Portal.
To completely deploy the Self-Service Portal, you have to install the Self-Service Portal, install a Secure Sockets Layer (SSL) certificate in Internet Information Services (IIS), and then enable Windows Authentication in IIS. You must deploy the Service Manager management server before you deploy the Self-Service Portal.
To provide security, Secure Sockets Layer (SSL) must be used with the Self-Service Portal. By default SCSM self service portal proposes you to use a self-signed certificate , which will result in an annoying popup “This site is not trusted, are you sure to continue” before getting to the enduser portal . To resolve this , we will use Domain Joined certificates from our PKI server , see the info below :
1. Go to IIS and select your server , then go to Server Certificates.
2. Once there , please select create domain Certificate , follow the wizard and at the end you will see that the certificate has been requested and created .
3. We are not yet there . Now we have to tell the website , what certificate to use . Select the SCSM portal and select bindings
4. Once the bindings window opens , select the correct certificate and click ok
5. Reboot your IIS and your done .
Hope it Helps ,
Kenny Buntinx
During this years TechDays you will notice that we have a Ask The Experts (ATE) booth.
During the three day conference you will find our SCUG.be experts at the ATE booths and will answer your questions. This is your opportunity to talk & learn from experts.
Below you find a list of System Center infrastructure experts that will be your hosts at ATE booth. Each break you will find some of the SCUG.be experts working at the booth.
| Expert | MVP | Expertise |
| | | |
| Alexandre Verkinderen | SCOM
| System Center Operations Manager |
| Kim Oppalfens | SCCM | System Center Configuration Manager |
| Kenny Buntinx | SCCM | System Center Configuration Manager |
| Mike Resseler | SCDPM | System Center Data Protection Manager |
| Kurt Vanhoecke | | System Center Service Manager |
| Kurt Roggen | Windows | Hyper-V
System Center Virtual Machine Manager |
Please have a look at the other infrastructure MVP’s at Arlindo Alves blog if you have other questions at : http://blogs.technet.com/b/aralves/archive/2011/04/06/meet-our-experts-at-the-techdays.aspx
See you all at the Techdays !!
Hope it Helps ,
Kenny Buntinx
The Configuration Manager team is pleased to release a Community Technology Preview (CTP) of the Physical to Virtual Migration Toolkit. This tool is designed to assist organizations in their migrations from Configuration Manager 2007, to Configuration Manager 2012. Below are some details and links for more information and access to the download.
What is the Physical to Virtual Migration Toolkit?
The Configuration Manager Physical to Virtual Migration Toolkit is designed to assist organizations in migrating their environments from Configuration Manager 2007 to Configuration Manager 2012. This primary scenario this tool assists is situations where remote Configuration Manager 2007 SP2 site servers need to be retained during the side-by-side migration process to Configuration Manager 2012. There may be other applications of the tool.
How does this Tool help organizations?
The product enables customers to convert Configuration Manager 2007 site servers to Virtual Machines (VHD) files and restage the server as a Hyper-V host with the created VHD. By converting the existing site servers into Virtual Machines at remote locations, customers can re-use the same hardware (given sufficient resources) to stand-up a Configuration Manager 2012 site server and perform the side-by-side migration.
Where can I download?
All pre-release versions are made available through the Connect website which enables feedback directly to the P2V migration toolkit development team during the Community Technology Preview phase:
https://connect.microsoft.com/ConfigurationManagervnext/program6835
Hope it Helps ,
Kenny Buntinx
Hello All,
Got back from MMS 2011 and finally rested enough to get going again, but man what a great event this was once more. I am especially glad with how well the different SCUG members at the convention did, not just me, but also Kenny and Mike did an outstanding job, some more details below, singing the praises of SCUG.
First of all, we had 3 people from SCUG Belgium presenting, me, Kenny and Mike all had sessions to deliver.
Mike presented a breakout session on Data Protection Manager, Kenny presented an R3 powermanagement Birds of a Feather, and joined me in the Ask the experts panel for Configuration Manager, while I delivered 2 breakouts a joined presentation with my esteemed MVP colleague Jason Sandys and a WMI birds of a feather.
For those of you unaware of what Birds of a feather sessions are, here is how the MMS team describes them: “These informal sessions allow small (<75) groups of attendees to meet and discuss a topic of common interest peer-to-peer or with Microsoft or Industry experts. Bring your questions, your experiences and your curiosity to these gatherings moderated by Microsoft staff, Industry experts or your peers.”
And the verdict is out!
First and foremost, the best session of the event, based on Evaluations was Kenny’s PowerManagement in R3 session that he delivered together with our Finnish ConfigMgr MVP Panu. Kenny apparently had a good informal session with about a dozen configmgr admins around that, job well done. Unfortunately I couldn’t attend because of other obligations in my schedule. My WMI BOF session came in second session of the event, so SCUG on top, woohoo. (Caveat, The best evaluated session of the event was about Clould, but with 9 evals it hasn’t received the necessary 10 evals to be taken into account for the officical ranking, but still 2nd and 3rd are pretty well regardless).
If we look at the breakout scores only, since BOF’s are a bit more intimate and have a tendency to score higher evals most likely because of this. Just looking at the breakouts, Kenny and I scored an 8th place for the entire event together with some of our esteemed ConfigMgr MVP colleagues with the ConfigMgr ask the expert panel. And I scored a 9th place with my session on ConfigMgr eventing, so I am pretty happy with that. If we look at just ConfigMgr sessions the results are even more impressive.
Top 3 in the ConfigMgr sessions
- Take Configuration Manager Onto the Eventing Track.
| Configuration Manager 2012 - Ask the Panel of Experts |
| Configuration Manager: Hints, Allegations and Things Left Unsaid My session about developping ConfigMgr powershell commandlets, didn’t go over that well though and scored well below average. So I guess powershell isn’t for me, and I have to stick to what I know and what I do best, which looks to become WMI and eventing more and more. Last but not Least! Mike Resseler our Data Protection Manager MVP delivered what has got to be an outstanding presentation on DPM together with 3 co-presentors. I unfortunately could not attend since I was presenting at the same point in time my Powershell session. But Mike scored an evaluation score well above the average of the Operations Management track. For a first presentation for an audience this large, that is a huge accomplishment that didn’t go unnoticed. Mike received a last minute invite to go to Teched US and not deliver one but 2 presentations on Data Protection Manager at Microsoft’s largest technology event of the year. Mike has just recently become an MVP, the poor fellow hasn’t even had time to organize his MVP Celebration dinner with his fellow MVP’s, but has scored an MMS presentation, 2 Teched US presentations and a Teched Israël presentation in his first year as an MVP. As we like to say in Belgium “Good Busy”. I know for a fact that I hadn’t achieved anything close to that in my first year as an MVP. -- Enjoy. "Everyone is an expert at something" Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx http://www.linkedin.com/in/kimoppalfens
System Center Configuration Manager 2007 R2 with System Center Configuration Manager SP2 now supports Microsoft Application Virtualization (App-V) 4.6 SP1 Desktop Client and Client for Remote Desktop Services. This client release enables support for Windows 7 SP1 and Windows Server 2008 R2 SP1. The following are the limitations and workaround to import App-V packages using Configuration Manager : Configuration Manager fails to import App-V packages when there is more than one XML in the package folder. App-V Sequencer 4.6 SP1 creates the file Report.xml when creating an App-V package. Configuration Manager expects to find only one xml file in the package folder and will fail when it identifies more than one XML file in the folder. To work around this problem delete the file report.xml manually from the package folder before you import the App-V package. No software updates are required. Hope it Helps , Kenny Buntinx
Configuration Manager 2007 SP2, R2 and R3 supports Windows 7 SP1 and Windows Server 2008 R2 SP1: System Center Configuration Manager 2007 SP2, R2 and R3 now supports the Windows 7 SP1 and Windows Server 2008 R2 SP1 operating systems for client installation. The Configuration Manager console and branch distribution point are supported on these platforms. Windows Server 2008 R2 SP1 is supported for all core and feature-specific site system roles. The following software update is required to add Windows 7 SP1 and Windows Server 2008 R2 SP1 to the Supported Platforms list: - KB 2489044 - Update rollup for System Center Configuration Manager 2007 SP2 to add support for Windows Server 2008 R2 SP1 and Windows 7 SP1 clients
- KB 977203 - User state migration is unsuccessful on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client
Hope it Helps , Kenny Buntinx
Let me start by saying that it has been a great State of the union , and for those of you that didn't make it this year, they are working in the Systems Center Configuration Manager Space. Make sure you are here next year, because you are missing out on a lot of great stuff with Josh Pointer & Bill Anderson on everything that is ConfigMgr related. But now , lets continue with the serious stuff . I will try to give you a good overview of what has been said during the “State of the Union” below. There was a lot of valuable info today.
What the ConfigMgr team did the previous 12 months for people who really didn’t know yet : - They released ConfigMgr 2007 R3 ,
- They released the FEP 2010 integration
- They released the Security compliance manager version 1.0
- They released SC ConfigMgr integration pack for Opalis
- They released the Xenapp 6.0 connector
- The finally end sms 2.0 extended support on april 12 2011
What the ConfigMgr team will do in the next 12 months : For ConfigMgr 2007 : - Security compliance manager version 2.0 that will RTM may 2011
- Nothing much after all
 For ConfigMgr 2012 : - Update ! : Beta2 is NOW available !
- The #1 task they are focusing for releasing beta2 is “Bug fix , Bug fix , Bug fix”
- They need to do a Massive search/replace project in UI and Docs ( that’s an inside joke )
- SC Opalis will become orchestrator at Fall 2011 .It will has support for configMgr 2012
- There will be a “Package conversion manager” to translate your “old” packages into the “new” appmodel . Expected release date for beta is the second quarter of CY 2011
- They will release a P2V tool for migration your current CM07 infra from physical to virtual.
The SUPER SECRET Announcement : - CM12 will support UNIX and Linux servers , but not in the initial RTM release of the CM12
Here are some readiness tips for ConfigMgr 2012: The product group will release “How to” videos on connect . - TAP customer information
- Tap customers for Beta 2 : 22 customers
- Tap countries : 8 country's
- System Requirements :
- Site servers and site roles require 64-bit OS (distribution points are an exception)
- SQL 2008 (64 bit) is needed
- SQL reporting is the only reporting left (web based reporting is gone)
- Hierarchy :
- Flatten the Configmgr 2007 hierarchy
- Start implementing branch cache
- Start learning about SQL replication
- Best practices - AD Sites for site boundaries, UNC paths for source content, Break up collections that contain both users and devices
- Start converting to UNC paths if you don’t do it already
- FEP2010 – wait for compatible version to arrive
Hope it Helps , Kenny Buntinx
Yes, MMS 2011 is in front of the door and it will be an exciting week. The complete SCUG team from Belgium will be there! Myself (MVP SCCM), Kim Oppalfens (MVP SCCM) , Kurt Vanhoecke (SCSM), Alexandre Verkinderen (MVP SCOM) , Yves Janssens ( SCSM & SCOM ) & Mike Resseler ( MVP SCDPM ) will attend MMS in Vegas. My schedule is made and I will have a more or less complete System Center Configuration Manager 2012 week. I will also do some additional side work at MMS 2011 this year. Here is a little overview: I will assist Wally Mead in the following proctoring labs : - Ballroom A Wed 2:15PM - 3:30PM Lab Proctor IA05 ILL: Migrating from Configuration Manager 2007 to Configuration Manager 2012
- Ballroom A Thu 8:30AM - 9:45AM Lab Proctor IA05 ILL: Migrating from Configuration Manager 2007 to Configuration Manager 2012
I will delivering the following “Birth of a feather”session together with Panu Saukko : The ConfigMgr R3 release covers some very cool new features including power management for your clients. This will reduce your energy consumption which saves you costs and you build a Greener IT environment. But talking about the feature is something different than implementing it. In this Birds-of-a-feather session we will talk about best practices for implementing the R3 power management features, build on the experience that we had with our customers during the R3 TAP program. I will also be available in the “Ask the experts” panel to answer your in-depth questions about ConfigMgr . This session continues to be one of the most popular at MMS each year, where we bring together a panel of community experts to answer your burning management questions. As in previous years, any and all questions are acceptable, as you try to stump the carefully crafted community expert panel. Get help with your biggest technical issues back home or find out more about the latest product releases. Rod Trent, owner of myITforum.com, the largest internet systems management community, will moderate the session. If you are an Belgian IT Pro , please let me know . It would be great to know and maybe meet up in Las Vegas. See you all over there ! Kenny Buntinx
Hi All, Just getting myself ready for the MVP summit in Seattle next week, as our other 3 SCUG MVP’s ( Kim Oppalfens & Alexandre Verkinderen & Mike Resseler ) . For me it is going to be an exciting event for me , as it is my second MVP summit I’ll be attending since my nomination in July 2009. For those of you that don't know what the MVP summit is, It is a week full of working, talking and discussing together with our MVP pears , but also with the (In my case) ConfigMgr product group. We will be fully busy with getting our hands on ConfigMgr 2012 at the Enterprise Engineering Center at Building 25 in a real test datacenter.
I’m really looking forward to meet with members of the Microsoft product groups and directly learn from those people who are responsible for the individual product features and I see this as a real honor. So if the blogging level is a bit low on SCUG.be next week , you will know why this is …. Hope it Helps , Kenny Buntinx
One of my customers is using a GHOST principle on their laptops, to restore an original image from a restore partition. This partition is right now visible for the end user. Now that we are migrating towards SCCM we want to do the same thing thru Configmgr. To accomplish this, we only focus on the integrated windows 7 backup tools as they have a native build in wizard to restore as well .
Scenario to accomplish : - We want to do a full backup at the end of the deployment task sequence , including the standard applications and save it locally. This one allows you to restore the machine as it was at the end of the task sequence.
- We want to let any user restore that image on an easy way with helpdesk support . Mainly this scenario is for end users that are sitting somewhere in the “bush bush” and no direct connection to a nearby office .
- We want to schedule for those kind of users a backup when he is working on his machine , based on VSS technology . ( impossible with ghost ).
Steps to accomplish the scenario : First of all I want to thank Kim Oppalfens and George Simons ( both MVP ConfigMgr ) for helping me accomplish this scenario. We had some offline discussions to accomplish this scenario and it is not yet perfect . The initial process we have in mind during the Operating system deployment phase when we stage an image to a machine for a user: 1. Creating the necessary partitions :
- System partition (+/- 500 mb) that will hold the bootloader (think of Bitlocker ) and the WINRE environment. ( hidden )
- C:\ OS partition
- D:\ Data partition
- E:\ IMAGE system image backup partition (drive letter will be removed in the process)
2. Create local admin user f.e. RECOVERY and added the local admins group. We have tested this with a power user or backup operator , however you need local admin rights to restore the image. For security purposes we investigate later to have a daily/weekly/monthly password changer based upon an algorithm. 3. Run the windows 7 built-in WBADMIN tool, with the following parameters : “wbadmin START BACKUP –BackupTarget:E: -include:c: -AllCritical –Quiet” 4. Remove drive letter of the “Image”Partition , in this case E:\ We don’t care about hiding the volume. Standard users have no permissions to reassign a drive letter, and hence won’t be able to see or use the partition. That is more than enough for us. Hiding the partition just complicates matters for us from an admin perspective. The additional process we could have in mind is to send down a task sequence to back up his system when a user requests it. This could be performed with or without any user interaction. Task Sequence example : </group>
<group name="Backup" description="">
<step type="SMS_TaskSequence_RunCommandLineAction" name="Create Admin Recovery User" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
<action>smsswd.exe /run: net user recovery Helpdesk123 /add</action>
<defaultVarList>
<variable name="CommandLine" property="CommandLine" hidden="true">net user recovery Helpdesk123 /add</variable>
<variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
<variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
<variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
</defaultVarList>
</step>
<step type="SMS_TaskSequence_RunCommandLineAction" name="Add Recovery User to Local Admin" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
<action>smsswd.exe /run: net localgroup "Administrators" recovery /add</action>
<defaultVarList>
<variable name="CommandLine" property="CommandLine" hidden="true">net localgroup "Administrators" recovery /add</variable>
<variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
<variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
<variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
</defaultVarList>
</step>
<step type="SMS_TaskSequence_RunCommandLineAction" name="Create Backup" description="" timeout="1200" runIn="WinPEandFullOS" successCodeList="0 3010">
<action>smsswd.exe /run: wbadmin START BACKUP -BackupTarget:e: -include:c: -AllCritical -Quiet</action>
<defaultVarList>
<variable name="CommandLine" property="CommandLine" hidden="true">wbadmin START BACKUP -BackupTarget:e: -include:c: -AllCritical -Quiet</variable>
<variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
<variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
<variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
</defaultVarList>
</step>
<step type="SMS_TaskSequence_RunCommandLineAction" name="Hide Drive Letter" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
<action>smsswd.exe /run: Mountvol e: /D</action>
<defaultVarList>
<variable name="CommandLine" property="CommandLine" hidden="true">Mountvol e: /D</variable>
<variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
<variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
<variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
</defaultVarList>
</step>
</group> End user experience : 1.When your Windows 7 machine gets broken it will automatically jump to the window shown below , otherwise Press F8 during boot : 
2. When you start “Repair your computer” , WinRe will start up . 
3. Once “WinRe”is loaded it will ask for your keyboard layout : 
4. Fill in your credentials 
5. Select “System Image Recovery” 
6. Select the image that you want to restore and wait until the process has been completed . 
Remarks / Improvements to make : - The complete process works only once with a hidden drive letter…….until you do the restore. After the restore the drive letter is back and then a user could mess around and delete stuff. I have tried to remove the driveletter before running wbadmin , but I have no success to use the GUID as my drive is MBR and not GPT. Anyway the basic principle works .
- User security : We need a algorithm to change the custom local admin restore user on a daily/weekly/monthly basis as a default password just isn’t secure enough .
- Now I am testing to get a function key on a Lenovo to do his magic ( Press F5 and it launches auto magically the recovery environment ) . More on that in a later blog post .
Hope it Helps , Kenny Buntinx
Hi Guys , News is traveling fast about the availability of Service Pack 1 (SP1) for Windows 7 and Windows 2008 R2, as it is already available on TechNet , MSDN and MVLS site . However it is NOT certified and therefore NOT SUPPORTED for Configuration Manager 2007 SP2 R2 or R3 yet by the Product Group. If you already use it in production , don’t expect Premier Support to help you . Certification and support statements will take official 90 days after Release To Web ! However , if it is sooner , I will let you know . Now my personal experiences : In our Lab environment everything works OK along with FEP 2010 client, even in our Acceptance Production environment where 500 clients are sitting , but we aren’t moving unless we have an official support statement ! Hope it Helps Kenny Buntinx
More Posts Next page »
|