More and more customers are demanding a swift and easy install of the SCCM console , especially when it comes to upgrade your consoles when a new service pack comes along.
As my customers also have App-V in the house , witch is part of MDOP 2009 by the way , I was also interested to make the console virtualised.
After a few rounds of trying , I did not succeed in creating a virtualized SCCM console as an App-V package
Therefore , I want to explain to you all how to do it . But I couldn’t have done it without the help of Richard Ruiz from MSFT and a blog post on the technet forums.
Prerequisites : To make it yourself easy , please prepare a blank machine ( base XP SP3 with latest software updates ) into a virtualized world where you can use snapshots and revert to the original state as much as you want . I will save you an enormous amount of time.
Procedure :
1. Install all prerequisites (e.g. MMC 3.0, etc.) and your SCCM 2007 SP2 Console natively on your clean WinXP SP3 workstation, to the exact location you will be sequencing to. In this example we used D:\SCCMSP2 (stick to the 8.3 format)
2. Export the following keys and save them to a central location:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{6de537a5-7a1c-4fa4-ac3a-1b6fc1036560}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{a77b774c-ce32-4ab0-982a-6bb3c078e5c1}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ConfigMgr\AdminUI\QueryProcessors\WQL]
3. Turn Off your virtualized machine and delete all changes made (VHD) or if you use a physical machine , reimage your sequencer to a clean state.
4. Install your App-V Sequencer and create your folder D:\SCCMSP2 (used in our example)
5. Install all your prerequisites for your SCCM 2007 SP2 Console (e.g. MMC 3.0, etc.) natively
6. Start your sequencer and when you reach the “begin monitoring” and the sequencer flips to the background , start installing your SCCM 2007 SP2 Console in the previous defined path (in this case D:\SCCMSP2).
7. You could if you want install additions such as the famous “SCCM Right click tools” from Rick Houchins at http://myitforum.com/cs2/blogs/rhouchins/archive/2008/04/09/sccm-right-click-tools.aspx
8. If you have R2 , install R2 to the same folder , ae D:\SCCMSP2
9. After your installation is complete and before you stop monitoring, import the 3 previously exported registry keys.
10. Launch the Console and test functionality, then complete the installation.If you have installed the right click tools , you also need to test all functionallity !
11. During the Application Wizard, ensure the shortcut exe path is set to the Q: or adapt the VFS path as necessary and launch the MMC to test functionality at this phase.
12. Finish the sequence and save it.
13. Modify the OSD to include the following dependency:
-----------------------code snippet------------------------------------------
<DEPENDENCY>
<SCRIPT TIMING="POST" EVENT="STREAM" PROTECT="TRUE" WAIT="TRUE" TIMEOUT="0">
<SCRIPTBODY LANGUAGE="Batch">
echo off \n
copy /y %SFT_MNT%\<Replace with Asset Dir>\VFS\CSIDL_WINDOWS\WinSxS\Manifests %windir%\WinSxS\Manifests \n
xcopy /S /y %SFT_MNT%\<Replace with Asset Dir>\VFS\CSIDL_WINDOWS\WinSxS\Policies %windir%\WinSxS\Policies \n
</SCRIPTBODY>
</SCRIPT>
</DEPENDENCY>
-----------------------code snippet------------------------------------------
14. Publish your APP-V sequenced SCCM console and test the functionality on your App-V Client.
Hope it Helps ,
Kenny Buntinx
The actually workaround before this hotfix came out, was is to uninstall the 974571 hotfix on computers before running USMT task sequence. This workaround works fine but was not sufficient for many customers (The opposite would have been funny ).
Consider the following scenario:
- You install the System Center Configuration Manager 2007 Service Pack 1 (SP1) client or the System Center Configuration Manager 2007 Service Pack 2 (SP2) client.
- You install security update 974571 on this computer.
- A SCCM task sequence runs on this client. This task sequence includes the Capture User State task sequence step and the Restore User State task sequence step.
In this scenario, user state migration fails. At the same time, the following error message is logged in the Ccmexec.log file:
Failed to import the client certificate store (0x80092024) OSDSMPClient
For all the details including a download link to the hotfix see the following new Knowledge Base article:
KB977203 - User state migration fails on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client after you install security update 974571
Hope it Helps ,
Kenny Buntinx
Hi ,
Did you ever wanted to build a reference image of your physical workstations onto your VMware ESX environment ( yes , some customers have a firm grip on vmware …) so that people could play around ?
In my previous post , I explained already on how to perform this for Vmware workstation and the process isn’t that much different. see
http://scug.be/blogs/sccm/archive/2009/04/20/sccm2007-osd-customising-your-task-sequence-for-building-a-client-os-on-your-vmware-workstation-6-0-or-later.aspx
Well , I have a lot of customers demanding for this scenario as well and here is how you get started :
Prerequisite: Make sure that you have at least ESX 3.5 update 5 !
Step 1 : Download the drivers of the “Intel PRO Network adapter” from the Intel site ( www.intel.com)
Step 2 : Copy the drivers to a folder from the extracted VMware tools on your SCCM Primary server & import those drivers into the driver database . Make sure to assign a category to it .It could be perfectly VMware like in the example below.
Step 3 : When done , alter your Windows 7 deployment task sequence and add a “auto apply driver step”
Step 4 : Limit the driver scope to the Vmware category earlier defined as shown below.When done , click OK.
Step 5 : Make sure that your settings in your VMware are representing the following settings.
For Windows 7 32 bit :
For Windows 7 64 bit :
Step 6 : Once done , you boot your machine in PXE and start staging . That's it . However do not forget to add your VMWARE Tools into your tasksequence .
Hope it Helps ,
Kenny Buntinx
How can I customize my Windows 7 deployment , such as the regional settings, Firewall , internet explorer , keyboard settings? Even if you are using SCCM & task sequences you still want to customize your windows 7 image thru a unattend.xml file .
As I had trouble to find some examples to start with , I will post mine for Windows 7 x86 and x64 .
Now you can add or customise many more changes to your Unattend.xml file and use them to apply changes to Windows 7 during your task sequence installation. Of course SCCM will modify the Unattend.xml file to add the values you have specified during the task sequence such as your product key , user & company name , local admin pasword , etc .
Here you will see my custom Unattend.xml file for x86 :
-*-*-*-*-*-*-CODE SNIPPET-*-*-*-*-*-*-
<?xml version="1.0" encoding="utf-8"?>
<!--
Unattended installation file for Windows 7 x86. Place in the root directory of a USB drive.
Important! Before using, change the Product Key and Administrator's password.
Make sure the partition number and physical disk number are correct for your system.
-->
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
<component name="Networking-MPSSVC-Svc" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall>
<PrivateProfile_EnableFirewall>false</PrivateProfile_EnableFirewall>
<PublicProfile_EnableFirewall>false</PublicProfile_EnableFirewall>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<RegisteredOwner></RegisteredOwner>
</component>
<component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<fDenyTSConnections>false</fDenyTSConnections>
</component>
<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DisableAccelerators>true</DisableAccelerators>
<DisableOOBAccelerators>true</DisableOOBAccelerators>
<SuggestedSitesEnabled>false</SuggestedSitesEnabled>
<Home_Page>about:home</Home_Page>
<QuickLinkList>
<QuickLinkItem wcm:action="add">
<QuickLinkName>Bing</QuickLinkName>
<QuickLinkUrl>http://www.bing.com</QuickLinkUrl>
<QLID>1</QLID>
</QuickLinkItem>
</QuickLinkList>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>2</ProtectYourPC>
<HideEULAPage>true</HideEULAPage>
<SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
</OOBE>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>%OSDInputLocale%</InputLocale>
<SystemLocale>%OSDSystemLocale%</SystemLocale>
<UILanguage>%OSDUILanguage%</UILanguage>
<UserLocale>%OSDUserLocale%</UserLocale>
</component>
</settings>
</unattend>
-*-*-*-*-*-*-CODE SNIPPET-*-*-*-*-*-*-
Here you will see my custom Unattend.xml file for x64 :
-*-*-*-*-*-*-CODE SNIPPET-*-*-*-*-*-*-
<?xml version="1.0" encoding="utf-8"?>
<!--
Unattended installation file for Windows 7 x64. Place in the root directory of a USB drive.
Important! Before using, change the Product Key and Administrator's password.
Make sure the partition number and physical disk number are correct for your system.
-->
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
<component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall>
<PrivateProfile_EnableFirewall>false</PrivateProfile_EnableFirewall>
<PublicProfile_EnableFirewall>false</PublicProfile_EnableFirewall>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<RegisteredOwner></RegisteredOwner>
</component>
<component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<fDenyTSConnections>false</fDenyTSConnections>
</component>
<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DisableAccelerators>true</DisableAccelerators>
<DisableOOBAccelerators>true</DisableOOBAccelerators>
<SuggestedSitesEnabled>false</SuggestedSitesEnabled>
<Home_Page>about:home</Home_Page>
<QuickLinkList>
<QuickLinkItem wcm:action="add">
<QuickLinkName>Bing</QuickLinkName>
<QuickLinkUrl>http://www.bing.com</QuickLinkUrl>
<QLID>1</QLID>
</QuickLinkItem>
</QuickLinkList>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>2</ProtectYourPC>
<HideEULAPage>true</HideEULAPage>
<SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
</OOBE>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>%OSDInputLocale%</InputLocale>
<SystemLocale>%OSDSystemLocale%</SystemLocale>
<UILanguage>%OSDUILanguage%</UILanguage>
<UserLocale>%OSDUserLocale%</UserLocale>
</component>
</settings>
</unattend>
-*-*-*-*-*-*-CODE SNIPPET-*-*-*-*-*-*-
You can add your unattended.xml files now into a package and use them in your SCCM task sequence as shown below .
In order to use the unattended.xml that where containing the variables for the regional , keyboard , etc settings as shown below we need to assign some variables to our collection first.
On your collection , you add collection variables as shown in the picture below. This gives you the flexibility to create multiple collections with different keyboard layouts , if you for example are a international company.
Hope it Helps ,
Kenny Buntinx
To help you accelerate their testing and deployment of applications on Windows 7 , Microsoft has the Application Compatibility Toolkit Connector (ACT Connector) that assists administrators with collecting the necessary computer and application compatibility information to help plan for a Windows deployment.
The ACT Connector provides the following functionality within the Admin console:
- Inventories installed software applications and creates reports that will assist with determining which applications are Windows compatible.
- Retrieves device driver compatibility for installed devices and creates reports that will assist with determining which device drivers will need to be upgraded to support the Windows operating system.
Read the complete blog post from the product team on http://blogs.technet.com/systemcenter/archive/2010/01/29/application-compatibility-toolkit-connector-update.aspx
Hope it helps ,
Kenny Buntinx
My issue today was again a fight to integrate the HP Quick Launch Drivers into my OSD task sequence.
I am installing it as part of my Windows XP SP3 build ( I know it should be Windows 7 , but at my customer I have to provide still support :-) , and have added the full install for 6.40 into the task sequence. The application fails every time. I am simply using setup –s as stated into the documentation !
I have tried extracting the keyboard filter and button drivers from the installation on a good machine, and added these to the driver repository with a driver package. But they do not install, and the logs just show that the install failed.
After some research , I have read that there were issues with the keyboard filter drivers in earlier versions of the Quick Launch tool where it failed , but it was fixed in release 6.30.
After a lot of searching , here is the real deal :
You should use the following command : SETUP.EXE -s /f2c:\setup.log ( the setup needs to be able to write to a log file on the C:\ drive when you try to install it .
Hope it Helps ,
Kenny Buntinx
Hi All,
If any of you happen to be playing around with WES 2009 and System Center Configuration Manager 2007, you might want to have a look at the new blogpost at the ConfigMgr’s product team blog:
http://blogs.technet.com/configmgrteam/archive/2010/01/25/things-you-need-to-know-when-using-windows-embedded-standard-2009.aspx
The updated support statement is mentioned there, as are the 2 most important things impacted by this new statement:
- Write filters are now supported
- Sysprepped operating systems are now supported, which in turn means that OS deployment for WES 2009 is supported (not for any of the other supported embedded os’s).
The article does mention some requirements for all of the above to work though.
Some registry keys need to be excluded from the write filter, and some additional components are needed for OSD and some other SCCM features.
More details in the post mentioned above.
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx
http://www.linkedin.com/in/kimoppalfens
Hi All,
Since my sccmautodoc program is getting close to completion I set out to try and see whether I could create an install for it.
Most of the bug reports I received back was from people that didn’t have all the requirements installed. SccmAutoDoc needs the .net framework 3.5, word 2007,and the .Net program interop assemblies for word 2007.
I started of by trying to do this in Visual studio as it contains a setup builder, yet for this poor little techy, having it detect all these dependencies was a bit challenging. Using some blogpost I figured out how to have it test for the .net framework 3.5 and the office 2007 pia’s, but testing for word 2007 was beyond me.
As a result I started my search for a packaging tool, and started of by looking at the 2 market leaders flexera and wise, to quickly find out that even their most basic editions are relatively expensive. Flexera offers a free ConfigMgr edition, but that version installs all tools from the enterprise edition with most of them disabled and giving you a nagging windows box when you try to use them.
Subsequently from this post at windowsnetworking.com I found two other contenders, namely, Advanced Installer and Scriptlogic MSI studio. I went to both their websites, and both seemed to offer what I wanted. I eventually went and downloaded advanced installer, as it was hassle free to download and evaluation version of even their enterprise edition. Just click the link and download, no registration required, simple hassle-free, no risk of having a representative contact me to see whether I liked it 2 hours after I downloaded. In short, evaluation software just like the good old days.
Download & install were a breeze, now I needed to make my hands dirty and hammer out my install program. And in contrast to what I expected, my most challenging task in Visual studio (checking whether word 2007 is installed) was as simple as enabling a checkbox in advanced installer. And having the .net framework tested and potentially downloaded when needed didn’t take me more than 5 minutes neither. Integrating the .Net Program interop assemblies took a bit longer, as the download from the internet wouldn’t work. The office 2007 pia download appears to be a self-extracting exe that downloads an msi, that needs to be manually launched after that. On the advanced installer forums I found a post that suggested integrating the msi into your installer, and with that knowledge, it again only took me a couple of minutes to finish off my installer.
I am pretty happy with the result, it detects everything you need at install time, and even installs most components for you if you need them (word 2007 excluded obviously).
So if you are looking for an inexpensive packaging solution because you only require a packaging program every so often, have a look at advanced installer, it certainly did what I needed it to do in a pretty intuitive way.
Alternatively have a look at scriptlogic MSI Studio, I haven’t actually used it, as advanced installer was easier to get my hands on, but I have heard good things about it too.
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx
http://www.linkedin.com/in/kimoppalfens
The distribution manager (distmgr, the component that is there for distributing the packages to a distribution point) seems not working as we would expect with SP2.
Consider the following scenario:
- The distribution point role is installed on a Microsoft System Center Configuration Manager 2007 Service Pack 2 (SP2) site server.
- You customize the retry settings on the Distribution Point tab for the distribution point. Or, you use the default value for the retry settings.
- A retry is required after a package distribution fails.
In this scenario, the Distribution Manager does not honor the retry settings on the
Distribution Point tab when the Distribution Manager retries the distribution.
You could find the hotfix and KB article on : http://support.microsoft.com/kb/978021/.
Hope it Helps ,
Kenny Buntinx
I was trying to test applications that were sequenced for windows XP on Windows 7 . The problem was that I needed to update the OS VALUE XML in the config file .
I came across an article from Steve Thomas , Senior Support Escalation Engineer at Microsoft with a great list of OS VALUE XML tags linked to the operating systems witch I have used below. You can see the full post at : http://blogs.technet.com/softgrid/archive/2009/10/29/updated-os-value-xml-tag-reference-and-supported-client-versions.aspx
The following table lists the supported OS VALUE element options and the minimum supported client versions for Microsoft SoftGrid and Microsoft Application Virtualization. This element defines the required operating system. If there are more than one OS element in a particular IMPLEMENTATION tag, it is implied that the software package works with each. If none are present then it is assumed to run on all operating systems:
Hope it helps ,
Kenny Buntinx
Finally , the bullet is thru the church… TAP nominations to the SCCM Vnext are open and a lot of people expect great features and improvement made to the product .
Certainly now SCCM Vnext is going to focus more on the “User , device & connection centric” part .
For myself as MVP this is going to be a very exiting year : learning new technology and helping the product team out with testing the beta products.
To find out more check out the following post on Nexus SC: The System Center Team Blog:
http://blogs.technet.com/systemcenter/archive/2010/01/08/the-next-wave-of-client-management-begins-now.aspx
Link to Nomination Survey is here.
More information about the Microsoft TAP program can be found here.
System Center product information can be found here.
For myself as MVP this is going to be a very exiting year : learning new technology and helping the product team out with testing the beta products.
Hope it Helps ,
Kenny Buntinx
Hi All,
Just received confirmation that I will have a speaker slot again, for the 4th year in a row at the Belgian Techdays.
So me, and the rest of the Belgian SCUG team will be present to talk to you about System center configuration manager, system center operations manager and even system center service manager by then, as Kurt Vanhoecke our local service manager expert that even got referenced at the service manager product team blog, will most likely be there as well.
My session will be a pretty non-typical SCCM session this year. From my personal experiences, i.o.w. by authoring SccmAutoDoc, I believe I learned a few extra things on ConfigMgr and WMI. Even in the past I have considered knowledge of WMI an incredible asset for any SMS/SCCM admin, but deepdiving into it for SccmAutoDoc has only enhanced that belief.
So without further ado, here comes the session abstract:
Since its first debut System Center Configuration manager and its predecessors have been relying heavily on the Windows Management Instrumentation (WMI) architecture. WMI is omni-present is System Center Configuration Manager, from queries over dynamic collections, through hardware inventory and storing client and Management Point settings and policies, under the hood you will find WMI just about anywhere. Given this omni-presence it should come as no surprise that the stability of WMI at your Site Systems and clients is crucial to a stable System Center Configuration Manager implementation. Knowing WMI, by consequence, is a great asset to any System Center Configuration Administrator. In this session you will learn the ins-and-outs of the WMI architecture in general and how it applies to System Center Configuration Manager. You’ll learn about the available namespaces and classes and the extended WMI Query language (WQL) that is specific to System Center Configuration Manager. This session will cover the tools available to have a peak at WMI yourself as well as to the WMI-related tool called policy spy that comes with the System Center Configuration Manager toolkit. By the end of this session you’ll know what the WMI architecture looks like, how System Center Configuration Manager uses it, and how you can use that knowledge to your advantage, be it to be able to better troubleshoot System Center Configuration Manager issues, better understand the product, or to automate tasks through scripting or programming. In the end this session will make you a better System Center Configuration Manager administrator.
I sincerely hope to see you all there, and before I forget, best wishes to everyone reading this.
Kim Oppalfens
System Center Configuration Manager MVP
Hi ,
For a customer , I had the requirement for creating a collection that was filled with Windows Embedded Devices using the WMI property as selection criterion.
This can be done by creating a new collection and create a dynamic membership rule that is a targeting the single criterion of the “OSProductSuite” property.
If the value detected is 64, these systems are running XPe, Windows Embedded Standard or Embedded NT.
Other possible values for OSProductSuite are shown in the table below:
1 - Small Business Server
2 - Enterprise Server
4 - Back Office Server
8 - Communication Server
16 - Terminal Server
32 - Small Business Server (restricted)
64 - Embedded NT
128 - Data Center
With the help of this collection an administrator is able to see all Windows Embedded devices or any other group of devices connected to his company’s network.
The information above is coming from Alexander Wechsler (www.wechsler-consulting.de) and his blog. I thought this could be interesting to other SCCM guys as well and therefore I would like to thank Alexander for this information.
Hope it Helps ,
Kenny Buntinx
I am implementing at one of my customers a situation where 3000 Windows embedded devices will be installed. In this environments I want to be sure that any Windows Embedded devices connected to the network gets discovered as an embedded system. SCCM needs to be configured to include an additional WMI property’s to distinguish Windows XP systems from Windows Embedded operating systems.
To do this , you need to open up the “SMS_def.mof” file on the SCCM Primary site server. It is located in the \inboxes\clifiles.src\hinv folder.
In the SMS_Def.mof file search for the string ”OSProductSuite” and change the related SMS Report setting from “False” to “Thru” :
[SMS_Report (False) ]
uint32 OSProductSuite;
[SMS_Report (TRUE) ]
uint32 OSProductSuite;
Save your change and close the file. The SMS_EXECUTIVE service needs to be re-started to apply the change.After the service restart, the SCCM clients will report about the “OSProductSuite” WMI property . After this action you could build your own collections to list or collect all windows embedded devices .
Hope it Helps ,
Kenny Buntinx
Scenario : Your Primary site server has been upgrade from SCCM 2007 SP1 R2 towards SCCM 2007 SP2.You want to upgrade all your secondary site server with are running on Windows Server 2008 to Service pack 2 on an automated way with Software distribution. The Secondary site server have the Proxy MP , State migration point and PXE service point role installed.
You will create a package with the source files and create a program that runs unattended with the following parameters: setup.exe /upgrade <path to SP2 prereqs>
Issue :
After the Client receives the advertisement , the secondary site will search for a distribution point . He will find it locally (same server) and will start the BITS transfer.
At that point in time , he will give a HTTP 404.8 error.He will also give you the same error when browsing manually in IE to the URL where the source files are stored.When looking this error 404.8 up , you will see that it will say :”hidden namespace of hidden segment error”.Into the request filtering module from IIS 7 , there are some directories excluded by default where no files could be transfered from. One of those excluded folders is the “bin” folder.
Within the source of SCCM Service Pack 2 , there are folders with the name “bin” , with will lead that the tranfer of the source files will be blocked.Only after removal of the exclude on the “bin”folder within IIS7 request filtering module, the files and folders with the name “bin” are available.
Solution :
Only after removal of the exclude on the “bin”folder within IIS7 request filtering module, the files and folders with the name “bin” are available for download.
The configuration file where the excludes are written down %windir%\system32\inetsrv\config\applicationhost.config (Also to be modified with appcmd).
The log files to be checked : DataTransferServices.log of the SCCM client, and the u_exdate.log in c:\inetpub\logs\logfiles\w3svc1 folder.
An example of the folder that was blocked : /smssetup/adminui/bin/">/smssetup/adminui/bin/">/smssetup/adminui/bin/">http://server/sms_dp_smspkgd$/<packageID>/smssetup/adminui/bin/
************* Update **************
Microsoft has foreseen a nice section to specifically address our concern, as they document how to configure Windows Server 2008 (and above) for site systems here:
http://technet.microsoft.com/en-us/library/cc431377.aspx
While they don’t explicitly call out this specific scenario (They can’t possibly anticipate everything), this general “problem” is covered by the following text…
To modify the requestFiltering section on BITS-enabled distribution point computers
If package source files distributed to BITS-enabled distribution points contain file extensions that are blocked by default in IIS 7.0, the requestFiltering section of the applicationHost.config file must be modified to allow required extensions.
Important
Enabling WebDAV and modifying the requestFiltering section of the applicationHost.config file for the Web site increases the attack surface of the computer. Enable WebDAV only when required for management points and BITS-enabled distribution points. If you enable WebDAV on the default Web site, it is enabled for all applications using the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. For more information, see Best Practices for Securing Site Systems.
************* Update **************
Thanks to my colleague Merlijn for helping me figuring this out.
Hope it helps ,
Kenny Buntinx
In my previous post I have talked about the summary of Prerequisites required for OOB Management in SCCM at http://scug.be/blogs/sccm/archive/2009/11/27/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-1.aspx .
Now we will talk about the 3rd Party Remote Configuration Certificate that is needed on each OOB Service Point to Provision Intel vPro technology based systems (e.g. VeriSign, GoDaddy, Comodo, and Starfield).
Optionally you can generate your own certificate Provisioning Certificate from your Enterprise CA but that will require you to enter the certificate hash on each machine that you have in you’re environment. We do not want this , so we will selected in our case our third party vendor , nl Godaddy.com
You normally only need one OOB Service point in your organisation per forest , unless you go for a multidomain certificate. Those are way more expensive than a single domain certificate.
To acquire a certificate from Godaddy.com you will need to perform the following steps :
- You must purchase ‘Deluxe SSL’ or ‘Premium SSL’ from GoDaddy. ‘Standard SSL’ will not work !
- Key items that are detailed in the steps below that were required to get my certificate:
○ Certificate type must be a Deluxe Assurance SSL certificate
○ Certificate request is for an Organization
○ OU = Intel(R) Client Setup Certificate
○ CN = ServerName.domain.com (this must be the FQDN of the Provisioning Server for Remote Configuration generating the CSR)
○ Organization = The legal name of your organization that can approve your certificate request
○ Required Documentation to be submitted (Your Passport, Bank Statement, and Approval Letter on Company Letterhead)
- To generate the CSR you need to perdorm the following steps :
- In Windows 2008 with IIS 7 :
- Go to Internet Information Manager as shown below and select “Server Certificates”
- In the “Server Certificates”window , select “Create certificate request”
- In the “Request Certificate”window , Fill in all the necessary fields
- Select a minimum of 2046 bits encryption
- Save the request to a file you specify . You will need this file when your perform your request by the third party certificate provider.
- When finished , it should look like this :
How to purchase a godaddy intel Vpro certificate is explained here : http://communities.intel.com/community/openportit/vproexpert/blog/2008/03/03/steps-to-purchase-a-godaddy-certificate-for-the-purpose-of-vpro-remote-configuration
In part 3 we will explain how to import the Vpro certificate and to export the certificate again for the use of the OOB role in system Center config manager.
Hope it Helps ,
Kenny Buntinx
Today I finally finalized my Intel VPro configuration on a SCCM 2007 SP2 box.In this blog post I try to explain all the details on how to provision clients with Vpro and what infrastructure steps are needed to make it work.
My fellow MVP Kim Oppalfens has already presented a great session on this topic at one of our SCUG events …You could find his session online here : http://www.microsoft.com/belux/technet/nl/chopsticks/default.aspx?id=998
Assumptions :
- Everything has been executed on a SCCM 2007 Primary site server with Service Pack 2 installed on a Windows 2003 x86 SP2 box.
- We will work with one of the five trusted certificate vendors.
- You have a Intel Vpro capable machine
First the important stuff : Summary of Prerequisites required for OOB Management !
The list below describes the necessary client, server, and infrastructure elements required in order to
manage your Intel vPro technology based systems Out-of-Band using Microsoft Configuration Manager
2007.
You will need :
• An Enterprise Certificate Authority to issue Web Server certificates to each Intel vPro technology based system for encrypted communications with ConfigMgr 2007 SP1 Management Console (Standalone CA is insufficient).
• Active Directory OU to store Intel AMT objects for each Intel vPro technology based system that will be managed by OOB.
• ConfigMgr 2007 SP2 Out of Band Service point installed and configured to support Intel vPro technology based systems.
• OOB Service Point installed on Windows 2003 Server requires Windows 2003 SP2 with hotfix 942841.
• Windows Remote Management (WinRM) installed on each ConfigMgr 2007 server that the OOB Service Point installed with hotfix: http://support.microsoft.com/kb/KB936059
• 3rd Party Remote Configuration Certificate on each OOB Service Point to Provision Intel vPro technology based systems (e.g. VeriSign, GoDaddy, Comodo, and Starfield) – Optionally you can generate your own certificate Provisioning Certificate from your Enterprise CA but that will require you to enter the certificate hash on each machine that you have in you’re environment. We do not want this , so we will use a third party vendor from Godaddy.com
• Enable OOB network discovery of Intel vPro technology based systems
• Intel vPro technology and firmware of 3.2.1 or higher are required for native support from ConfigMgr 2007 SP2
• Intel HECI Driver installed on the OS (see OEM for latest driver)
• Configuration Manager Client agent installed on each Intel vPro system to initiate the provisioning process (there are alternative methods available in the help file but this is the most effective and easiest method)
• Intel vPro technology based systems joined to the same domain as the OOB Service point provisioning and managing these devices
• Open Intel vPro technology related network ports on routers and firewalls: 9971 – Provisioning Port; and 16992 through 16995 - OOB Management Ports
Lets keep the rest for Part 2 …
Hope it Helps ,
Kenny Buntinx
We struggled with this for a long time, but we finally found a way to make it work. We could deploy the tools manually with no issue, but trying to automate it was a complete nightmare.
Basically, the problem turned out to be that trying to use setup.exe from VMware to do an automated Install is effectively impossible.
The supported solution from Wmware that we initially found was to use setup.exe. The command was: setup.exe /s /v"/qn"
The only caveat to be aware of is that if you're scripting the process in a task sequence for example , that the command will execute, spawn the install/upgrade process, and then immediately terminate. Hence, your task sequence or whatever will think that the command has finished even though the upgrade has just started to run in the background. We normally suppress all reboots in our packages and then decide when to boot via the Task sequence, but in this case that was not possible. Even with the reboot=Suppress option to the install the VMware tools would finish executing with instantly rebooting and failing your Task Sequence.
When we're installing the tools, we use msiexec because it doesn't have the "terminates instantly" problem that you get with setup.exe and is therefore easier to deal with in your task sequence.
That command is : msiexec.exe /i VMwareToolsx64.msi /QN ADDLOCAL=ALL REBOOT=ReallySuppress ( make sure to rename your msi file and remove the space in between !)
Using that method, we successfully Installed the VMware tools in out Windows 2008 R2 x64 task sequence .
Hope it helps
Kenny Buntinx.
Hi.
Last week at a customer of us had problem to get some patches been delivered to the end users computer. This months updates worked fine too, no problem distributing them as usual with CM , BUT, we have now gotten several cases where all the updates except one has been downloaded to the client.
The last update will not pass 50% of downloading no matter how long we wait.
So, what we see in the Software Updates Installation progress window is now several updates with status "Preparing for installation" and one with status "Downloading 50%".
I have of course done some checking to solve the problem like checking logs, connectivity, errorreports etc .. ..
Usually when there is some kind of errors i find the answers in the logs but this time they are clean as far as i can see.
The strange thing was that all updates except one were downloaded smoothly as always and that on approx 3000 clients. The update that won´t be downloaded is Kb968389.
SOLUTION : Well the answer to this issue is to download the latest Windows Update Agent 7.4.2600.xx and get this installed on all clients .
Hope it helps ,
Kenny Buntinx
This session introduces tool enhancements new to Windows 7 and System Center Configuration manager for every stage of a Windows 7 desktop deployment project. During this talk you will learn more on how to test your application against possible compatibility issues and different technologies you can use to help you against these issues.
Furthermore we will discuss other deployment mechanisms based on the free Microsoft Deployment toolkit.
Hi All,
In this post I will introduce a couple of ways of getting your Applications redeployed in a side-by-side or refresh scenario. After all, USMT makes migrating your data and settings a breeze, so it is about time we look at getting those applications redelivered so that the impact of a migration on our beloved end-users is minimized. (To avoid them hassling us about their missing apps).
In short there are 4 ways of making sure apps get redeployed, each with their own unique pro’s & con’s.
- Advertise to End users. This is obviously one of the easiest ways. If you advertise to end users, once the user logs in, all advertisements targeted at the user will re-run and eventually the user will get all his applications back. Drawbacks of this method are rather obvious. For one, it can take quite a while for all these apps to get installed, and secondly if that user logs in to another machine to “quickly lookup something on the internet” than all those apps would end up on that machine as well. A nice way to alleviate much of this drawbacks is using Microsoft App-V and virtual applications.
- Use dynamic collections. By using dynamic collections, the machines will eventually (how long this takes depends on what your collection uses as criteria) end up back in the necessary collections, and will get his original applications redeployed. Drawbacks of this method is that “eventually” might take a pretty long time, depending on which criteria you use, and what schedules you have running on hardware inventory or the different active directory discovery methods.
- Use direct membership collections and migrate the SMSID. By migrating the SMSID from the old machine, so that the machine does remains its guid, and hence keeps it direct memberships, and by consequence receives all his original advertisements back. Kenny posted a way to have your id’s migrated using tranguid here: http://scug.be/blogs/sccm/archive/2008/10/27/sccm-in-place-upgrade-refresh-scenario-issues-solutions-with-tranguid-exe-part-1.aspx
- Use a script in your OSD tasksequence to analyze the original installed software from inventory in the database. By analyzing your inventory, you now, what applications were installed originally. If your script can tie that information to a package & programname pair, than you can set tasksequence variables and use the “install multiple applications” task sequence step to redeploy originally installed applications.
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx
http://www.linkedin.com/in/kimoppalfens
Attend this SCCM Event with Wally Mead and 3 Belgian System Center MVP's
More information can be found here http://scug.be/content/Events.aspx
Agenda
· 15u30 Registration
· 16u Opening Keynote by Kenny Buntinx & Alexandre Verkinderen
· 16u15 Wmi & SCCM autodoc by Kim Oppalfens
· 17u15 Break and Drink
· 17u30 Demonstrations of ConfigMgr 2007 R2 addons by Wally Mead
· 19u30 one hour lunch
· 20u30 Config Manager vNext overview by Wally Mead
· 21u30 Q&A and Drink
Configuration Manager 2007 Service Pack 2 Release to Web is available
The System Center Configuration Manager team has announced that the Configuration Manager 2007 Service Pack 2 RTW has been released on http://download.microsoft.com and available for download.
System Center Configuration Manager Service Pack 2 will add the following support :
- New Operating System Support
- Windows 7
- Windows Vista Sp2
- Windows Server 2008 R2
- Windows Server 2008 SP2
- New Features in Out of Band Management
In addition to providing feature parity with SP1 and AMT firmware versions 3.2.1, 4.0 and 5.0, the following new features are supported: - Wireless management with up to 8 wireless profiles
- End point access control: 802.1x support
- Audit logging
- Support for different power states
- Power control options at the collection level
- Data storage
- Scheduling configuration for in-band provisioning
- Asset Intelligence Certificate Requirement Removal
Configuration Manager Service Pack 1 introduced Asset Intelligence v1.5. This version allowed customers to configure an online synchronization to ensure that their catalog was up to date with the latest Microsoft inventory for both hardware and applications. This initial release required a certificate. With Service Pack 2, the requirement to have the certificate has been removed, so any customer can configure their Asset Intelligence capabilities to connect online and update their catalog. Software Assurance is not required for this functionality. - 64-bit Architecture Development
Service Pack 2 will also continue to deliver new support for x64 architectures, including the following: - X64 support for Operations Manager 2007 Client Agent
- Update to Management Packs for 64-bit operating systems - SP2 will ship 64-bit performance counters (the management pack is a separate release)
- Remote control support added for x64 XP and x64 Server 2003
- Improved Client Policy Evaluation
- Faster policy processing
- More efficient software distribution configured to run at user logon
- Branch Cache Support
Support for scenarios where Windows Server 2008 R2 and Windows 7 Client are present and Branch Cache is enabled
Hope it Helps ,
Kenny
What is SccmAutoDoc?
SccmAutoDoc is a command-line utility that documents a System Center Configuration Manager 2007 site in a human-readable format. Much effort has been put in making the document resemble closely to what you see in the Configuration Manager admin console. SccmAutodoc in other words documents your Site Configuration.
Additionally the goal is to document only relevant settings, and to not include items that are irrelevant. For example if the software inventory client agent is disabled, than it doesn't make much sense to document the software inventory agent schedule.
What are the software requirements to be able to use SccmAutoDoc?
SccmAutodoc requires a machine with Word 2007 installed and access to the ConfigMgr site server and ConfigMgr Sms Provider. Word 2007 does NOT need to be installed on the Site server/SQL server or Sms Provider computer. The program can perfectly work from a remote machine running windows xp, Vista or Windows 7.
Word 2007 does need to have the primary interop assemblies installed, but these are part of a default word 2007 install. If you don't have the primary interop assemblies for office 2007 installed, you can always download them here: <http://www.microsoft.com/downloads/details.aspx?familyid=59DAEBAA-BED4-4282-A28C-B864D8BFA513&displaylang=en>
What permissions do I need to run SccmAutoDoc?
SccmAutoDoc requires a user with Read permissions on the site object of the Configuration Manager site to be documented. The commandline allows you to optionally pass a user and password as arguments to perform the documentation. If you don't specify a username and password than the currently logged in credentials are used.
Where can I get SccmAutoDoc?
SccmAutoDoc beta1 can be downloaded from http://scug.be/media/g/sccmautodoc/default.aspx
How do I use SccmAutoDoc?
Just unzip the zipfile to a folder (the zip contains sccmautodoc.exe 2 dll's and an xml file).
Then execute SccmAutoDoc from a command prompt, which will display the Usage statement.
Sample commandlines:
Ex1: sccmautodoc -sitecode S01 -server sccm01
This command documents the site with sitecode S01 on server sccm01 with the user
account that launched SccmAutodoc
Ex2: sccmautodoc -sitecode S01
This command documents the site with sitecode S01 when running locally on the server.
Ex3: sccmautodoc -sitecode S01 -server sccm01
-username Contosso\sccmadmin -password P@ssw0rd
This command documents the site with sitecode S01 on server sccm01 with the user
account Contosso\SccmAdmin and password P@ssw0rd
Where can I send bug reports/feature request/suggestions?
All comment/bug reports/suggestsions/feature request are more than welcome at mailto:sccmautodoc@oscc.be .
Unless I am swamped with suggestions, I will do my utmost to respond to any inquires you might have.
If you send a bug report, please include the error you are receiving and a copy of the document created by the execution that errored out.
Is SccmAutoDoc freeware?
SccmAutodoc is not freeware, at present it is beta software, that eventually might end up as a reasonably priced documentation tool.
Preliminary plans around licensing are around creating a ConfigMgr Site, ConfigMgr hierarchy, Consultant/Consultancy firm license.
When does this beta Expire?
This beta version expires on the 15th december 2009. At which point a new version (Beta 1.5 of Beta 2) should be available.
What does SccmAutoDoc currently document?
SccmAutoDoc currently documents everything you see in the ConfigMgr Admin Console underneath the Site Settings node, with some small exceptions listed below:
- Address schedule and Bandwidth limiting configuration.
- Certificates node
- Status Filter Rules
For a sample on what SccmAutoDoc documents have a look at SccmAutoDoc-1.125-Sample at:
http://scug.be/media/g/sccmautodoc/default.aspx
SccmAutodoc currently has no plans to document "volatile" data. In other words, packages, programs, advertisements, ... Will Not be documented. It is determined that this data changes to often, which would require SccmAutoDoc to run several times a day. Additionally the documentation would then become quite large making it lose its purpose as a Site Configuraiton document.
What are some of the known issues so far with SccmAutoDoc?
SccmAutoDoc errors out if you open up a focus-capturing box in Word while the program tries to write data to the document.
How does SccmAutoDoc work?
SccmAutoDoc works by querying WMI and parsing the results to look like they appear in the ConfigMgr Admin console. The main engine behing SccmAutoDoc is the included XML file which lists the queries that are executed.
Hi All,
System center service manager beta 2 comes with a webportal to allow for:
- It to end-user announcements (Send out infrastructure status updates: Eg: Mail functionality temporarily unavailable)
- Self service end-user password (not implemented in this beta2, will require ilm v3)
- End-user request for help allows a user to log an incident
- End-user request software
Below are the steps to get the portal installed:
The portal is based on IIS, so you’ll first have to install IIS.
The webportal needs a default IIS setup, with the following 2 role services added.
- Asp.Net (and all additional dependant features)
- Windows authentication
- IIS 6.0 Metabase compatibility
Once you have installed these prerequisites you can start the webportal installation.
First extract the smcdimage_Architecture and subsequently launch setup.exe.
The window that opens allows you to start the webportal installation.
Step 1:
Step 2:
Step 3:
Step 4:
Step 5:
Step 6:
Step 7:
Step 8:
Step 9:
That’s it in regards to the installation of the portal, for end-users to be able to use the portal they need to have the ActiveX Webportal client installed.
You can find the ActiveX component in the setup folder of the Cd Image for the architecture of the client systems, the file is called portalclient.msi.
Once all this is done, the only additional step you need is to request a certificate for your System center service manager(SCSM) webportal, but that is food for a next blog post.
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx
http://www.linkedin.com/in/kimoppalfens
I ran into a situation that a customer did not want to pay for an expensive management pack to monitor their ESX server Hardware . They all ran on HP Proliant hardware. Here is a small tutorial on how to integrate & configuring the Insight Manager Agents for VMware ESX Servers and let them report into System center Operations Manager 2007 R2
- Go to the HP website and search for HP Insight Manager Agents for VMware ESX Server 8.2.0
- Download the Agents
- Open WinSCP and upload the .tar file you just downloaded to a folder
- Log into putty with your root account
- Issue the following command to unzip the contents: tar -zxvf hpmgmt-8.2.0-vmware.tgz.
- Stop the pegasus services : “Service pagasus stop”
- Run “hpmgmt820preinstall.sh –install”
- Reboot
- Stop the pegasus services : “Service pagasus stop”
- Run “hpmgmt820install.sh – install”
- Follow the wizard, when asked for the public string enter (if you use this string) public 2 times (it will not be visible), and be sure to have the HP SIM server's IP or FQDN. Always answer Y when asked to activate the port 2381 (HPMHP) & the Snmpd deamon.
- After the config you need to start the pegasus services : “Service pagasus start”
- To check if the configuration has succeeded, log in to the HP System Homepage https://<esx server>:2381/. You should see the servername on the right side.Log in with Root
- Check your snmpd.conf at /etc/snmp/snmpd.conf . It should look like this :
-----------------------------------------------------------------------------------
# Following entries were added by HP Insight Management Agents
dlmod cmaX /usr/lib/libcmaX.so
rwcommunity public 127.0.0.1
rocommunity public 127.0.0.1
rwcommunity public <The FQDN name of your RMS server>
rocommunity public <The FQDN name of your RMS server>
trapcommunity public
trapsink <The FQDN name of your RMS server> public
syscontact root@localhost (edit snmpd.conf)
syslocation DATACENTER
# ---------------------- END --------------------
# Sample snmpd.conf containing VMware MIB module entries.
# This is a simple snmpd.conf that may help you test SNMP.
# It is not recommended for production use. Consult the
# snmpd.conf(5) man pages to set up a secure installation.
# VMware MIB modules. To enable/disable VMware MIB items
# add/remove the following entries.
dlmod SNMPESX /usr/lib/vmware/snmp/libSNMPESX.so
-----------------------------------------------------------------------------------
You are done on the ESX Level ! Now we move on to the SCOM R2 Level .
It is relatively simple to monitor the hardware status of your ProLiant servers with Operations Manager. HP has a free management pack (HP ProLiant Management Pack for System Center Operations Manager 2007), that discovers and monitors them. However if your ProLiant servers happen to have a different OS than Windows installed, it will not not work without a hassle.
I was looking for a way to include the hardware status of our HP servers that ran VMware ESX 3.5 update 4 into OpsMgr. HP does provide a specifically adapted Management Agent for ESX (HP Management Agents for VMware ESX Server as described above ). That allows accessing hardware information about the server using SNMP queries.
On Raphael Burri’s blog you will find a custom written MP that will collaborate with the HP Management pack for Windows and let you monitor your HP hardware . Many thanks to him !!!!
- Download the custom made management pack from Raphael Burri on http://rburri.wordpress.com/2008/06/03/snmp-only-hp-proliant-hardware-management-pack/
- Download the official HP Management pack for HP Proliant Servers
- Install the SNMP stack on your RMS server
- Import the both Management packs in your RMS
- Configure the SNMP stack of the non-windows ProLiants to allow access from the OpsMgr server or gateway that is going to act as SNMP proxy.
- Discover the ProLiant servers as SNMP Network Devices
- You are done . Create your own views and rules as you want .
Hope it Helps ,
Kenny Buntinx
Report Viewer in Configuration Manager 2007 limits the number of rows returned to 1,000 rows when you click Values and the values list displays for a prompt. The maximum number of rows returned by the query for the prompt that populates the values list can be modified by creating a registry key and setting a value on site system computers that have the reporting point role.
IMPORTANT : Increasing the maximum number of rows for queries that return a large amount of data or for queries that are inefficiently written might cause performance issues when the values are displayed.
To do this and configure the number of rows returned in a values list
-
Open the Registry Editor on the reporting point computer.
-
On reporting points that run on a 32-bit operating system, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Reporting.
On reporting points that run on a 64-bit operating system, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SMS\Reporting.
-
Create a DWORD value named Values Rowcount, and then set its value to the number of rows that you want returned in the report query. If you want to return all rows, set the value to 0xffffffff, which is the hexadecimal equivalent of –1.
The configured number of rows is returned by any prompt query that is run from this reporting point.
Hope it helps ,
Kenny Buntinx
Abstract : What's new in System Center Configuration Manager 2007 SP2 Session Discription : This session will talk about some of the improvements and new features that will be made available in Systems Center Configuration Manager 2007 SP2.We will talk about the difference between SCCM 2007 SP1 and SP2 and why this service pack is so important as Windows 7 and Windows Server 2008 R2 is infront of our doorstep.
Download the presentation at http://scug.be/media/p/1260.aspx
Hope it Helps ,
Kenny Buntinx
Hi All,
In Post 1 of this topic we looked at the different WMI-command line actions you could trigger on a SCCM 2007 client.
In this post we’ll use that knowledge together with the knowledge of extending the admin console with custom actions series I did a couple of months ago to add these actions to our console.
Customize the sccm admin console – deep dive 1: http://scug.be/blogs/sccm/archive/2008/08/04/customize-the-sccm-2007-console-deep-dive-1.aspx
Customize the sccm admin console – deep dive 2: http://scug.be/blogs/sccm/archive/2008/08/04/customize-the-sccm-2007-console-deep-dive-2.aspx
Customize the sccm admin console – deep dive 3: http://scug.be/blogs/sccm/archive/2008/08/04/customize-the-sccm-2007-console-deep-dive-3.aspx
In the first post of the admin console deep dive session you learned how to create an xml to add custom actions. The example xml at that time looked like this.
Notepad Example Action XML
<ActionDescription Class="Executable" DisplayName="Make a Note" MnemonicDisplayName="Note" Description = "Make a note about software updates">
<Executable>
<FilePath>Notepad.exe</FilePath>
<Parameters>C:\MyConfigurationManagerNote.txt</Parameters>
</Executable>
</ActionDescription>
As you can see this example launched notepad as an executable. Given our new wmic commandlines we could replace that xml with the following to add a trigger hardware inventory action.
WMIC Action XML – Initial attempt
<ActionDescription Class="Executable" DisplayName="Trigger hardware inventory" MnemonicDisplayName="Trigger Hardware inventory" Description = "Trigger Hardware inventory">
<Executable>
<FilePath>WMIC</FilePath>
<Parameters>/node:computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000001}"</Parameters>
</Executable>
</ActionDescription>
Although this WMIC XML might look good at first glance, there is still a problem with passing the parameters, more specifically the section /node:Computername should have Computername replaced with the actual computername from the console where we intended to initiate this action. That' is were the ##SUB## parameters come into play.
When you execute any action in the console, some specific paramaters are passed on in the following syntax: ##SUB:Parametername##, which parameters are available depends on the location you execute the action from in the ConfigMgr Admin console. For our purposes the most important thing is that the Name parameter is passed on when you click a resource in the details pane of a collection. With that knowledge, our WMIC Action XML should actually become:
<ActionDescription Class="Executable" DisplayName="Trigger hardware inventory" MnemonicDisplayName="Trigger Hardware inventory" Description = "Trigger Hardware inventory">
<Executable>
<FilePath>WMIC</FilePath>
<Parameters>/node:##SUB:Name## /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000001}"</Parameters>
</Executable>
</ActionDescription>
Note that the Computername has been replaced by ##SUB:Name## which will dynamically be resolved to the name of the resource you right-clicked on to launch the action.
Final step – Add the action to the console
To actually make the action appear in the console, we need to copy the above xml into the folder with the right guid underneath:
Program Files\Microsoft Configuration Manager\AdminUI\XmlStorage\Extensions\Actions
For our specific purposes we want the action to appear when we right-click a computer system inside a collection, which corresponds to guid:
7ba8bf44-2344-4035-bdb4-16630291dcf6
So just create the folder Program Files\Microsoft Configuration Manager\AdminUI\XmlStorage\Extensions\Actions\7ba8bf44-2344-4035-bdb4-16630291dcf6 copy the WMIC xml inside the folder and restart the ConfigMgr Admin console.
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx
http://www.linkedin.com/in/kimoppalfens
Hi All,
I previously blogged about customizing the sccm admin console using the right-click actions and blogged about how you can customize the console yourself using the correct guid and a fairly easy to construct xml.
Most of these extensions use some form of vbscript to trigger these actions, but if you are not a great scripter, don’t despair you can achieve quite a lot of these tasks using a single command line. The following 2 links give you a decent overview of what is achievable using wmic:
Specifically for ConfigMgr the following command lines are interesting from my point of view:
- Trigger hardware inventory: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000001}”
- Trigger software inventory: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000002}”
- Trigger data discovery: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000003}”
- Trigger machine policy assignment request: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000021}”
- Trigger machine policy evaluation: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000022}”
- Trigger Refresh default management point: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000023}”
- Trigger Refresh location (Ad site, or subnet): WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000024}”
- Trigger Software metering usage reporting: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000031}”
- Trigger sourcelist update cycle: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000032}”
- Refresh proxy manamgement point: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000037}”
- Trigger cleanup policy: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000040}”
- Trigger validate assignments: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000042}”
- Trigger certificate maintenance: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000051}”
- Trigger branch dp scheduled maintenance: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000061}”
- Trigger branchdp provisioning status reporting: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000062}”
- Trigger software update deployment: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000108}”
- Trigger state message upload: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000111}”
- Trigger state message cache cleanup: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000112}”
- Trigger sofware update scan: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}”
- Trigger software update deployment re-eval: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000114}”
- Trigger OOBS discovery: WMIC /node:Computername /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000120}”
And some more general ones:
- reboot computer: wmic /node:computername os Where (name like '%windows%') call reboot
- shutdown computer: wmic /node:computername os Where (name like '%windows%') call shutdown
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx
http://www.linkedin.com/in/kimoppalfens
Have you ever wanted to learn more about how Active Management Technology (AMT) and System Center Configuration Manager 2007 work together? Steve Rachui posted some great flowcharts that should help explain how all the pieces fit together .
See on his blog for more information : http://blogs.msdn.com/steverac/archive/2009/09/02/sccm-amt-provisioning-flowcharts.aspx
Hope it Helps ,
Kenny Buntinx
Today, the System Center team is excited to share with you our plan to release System Center Configuration Manager 2007 R3. This new release of the ConfigMgr is packed with some extremely cool features, which over the coming months we plan to share with you in different ways.
There are a few areas of focus for ConfigMgr R3, with the main engineering effort concentrating on Power Management. Here are the goals for this feature:
Power Management
The goal of this capability is to enable Configuration Manager to further reduce the operational costs of IT by providing basic power management features native to the product. Our approach is based on 3 primary areas:
A. Help the organization plan a power strategy by monitoring current power state and consumptions and reporting on machine utilization trends, current power settings and current energy consumption
B. Enable the Administrator to easily create, deploy and enforce specific power settings using the existing ConfigMgr infrastructure
−Ability to set peak and non-peak schedules
−Ability to remediate settings if changed
−Ability to opt out machines from power policy
C. Provide the business meaningful report formats that are relevant to Power Management
An effective approach to power management needs to maximize power policy deployment while minimizing the impact to the end-user. System Center Configuration Manager helps customers further reduce their operational costs by adding new in box capability to their ConfigMgr infrastructure, and by seamlessly enabling power management client agent services to their existing Collection landscape.
Read the whole story on http://blogs.technet.com/systemcenter/archive/2009/09/08/announcing-system-center-configuration-manager-2007-r3.aspx
Hope it helps ,
Kenny Buntinx
Hi All,
During an SMS 2003 to System Center COnfiguration Manager 2007 upgrade recently I ran into the same issue described here:
http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/0d15a643-99e1-4b5f-9060-810fd89c68f4
After some investigation this seems to be “normal”. There seems to be an issue where the mplist procedure reports an error if the capabilities field for a site is empty in the database.
There are several things you can do to see whether this is the issue that is impacting you:
If you are seeing symptoms where the mplist url fails, whereas mplist1 and mpcert work fine, than this is a pretty strong indicator you are suffering from the above issue.
There are a several queries you can execute against the SMS database to confirm your suspicionn, if any of the below queries show an empty capabilities field for a ConfigMgr site than your suspicion is confirmed :
- exec mp_getmplistforsite 'sitecode'
- Select * from sites
- exec mp_getlistofmpsinsite 'sitecode','0'
Result of this issue is that the mpcontrol.log will start spewing out errors as the mp uses the mplist url for its health check. All other functions of the mp seem to be operations, so inventory, software distribution, etc… seem not to be impacted.
There seems to be one situation where this always occurs, namely during in-place upgrades of secondary child sites. From the minute you start the upgrade until the upgrade successfully finishes mplist for all mp’s attached to the same primary site will fail.
The reason I uncovered this error is that one of the secondary site upgrades failed because of lack of diskspace, and hence the period in which the mplist url was unavailable was severely increased. Once the secondary site upgrade issue was fixed, the mplist url returned back to full working order without any other intervention.
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx
http://www.linkedin.com/in/kimoppalfens
The System Center Configuration Manager team has announced that the Configuration Manager 2007 Service Pack 2 Release Candidate
has been released on https://connect.microsoft.com and available for download.
Regards,
Kenny
In the comming weeks Microsoft Belgium is hosting some very interesting Technet events.
Full details can be found on the links below :
Dutch Live Meetings :
French Live Meetings :
Have Fun,
Alexandre Verkinderen
This story happened at one of my customers , but lucky it happenend into an acceptance environment instead of production
After discovering that a reboot happened in our acceptance environment around the 19th of july 2009 , we saw that the management point did not communicate anymore with their clients.
After some investigation , we decided to uninstall the mgmt point and reinstall it. This should always go smooth and without issues.
Guess what , at my client it didn’t. Below you will find the detailed log files of the installation failing.
These errors didn’t worry me to much as the mgmt point was not existing anymore . Below you will find the rest of the log and that was really worrying me .
![Devil]( "clip_image002<img src=")
" border="0" alt="clip_image002
" src="http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/sccm/clip_5F00_image0026_5F00_thumb_5F00_4D28F5D0.jpg" width="429" height="202" />
As you can see it says : “Cannot create the internet virtual directory CCM_Incoming. The error code is 8007005” ==> This means somewhere access denied .
After checking the default permissions on the following accounts (IUSR,IWAM,IIS_WPG), I checked if the accounts did not give any Failure audits in the security log of the eventvwr to see if the account wasn’t locked out.
Guess what , it wasn’t the case.
So after that I started to dig any further to see if any patches where installed / deinstalled on the server ( remember the reboot ) . Well it seemed that the 18/07/09 the following hot fix KB923845 was uninstalled for whatever reason . Unlucky this was a BITS 2.5 hotfix …
![Music]( "clip_image002<img src=")
" border="0" alt="clip_image002
" src="http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/sccm/clip_5F00_image0028_5F00_thumb_5F00_38C33045.jpg" width="346" height="226" />
![clip_image002[10]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/sccm/clip_5F00_image00210_5F00_thumb_5F00_5B37BF00.jpg "clip_image002[10]")
I downloaded the hot fix and reinstalled it on the server . Same issue . It could just be a coincidence . After that I tried to see in IIS if Bits would still work and I tried to apply the bits into the default website and got the following error message : “Task scheduler could not be started . Cleanup cannot be scheduled now…” .
This triggerd me thinking it thru and I verified the service was running . The service was up and running . So the only one place to look further into ….GPO’s !
![clip_image002[12]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/sccm/clip_5F00_image00212_5F00_thumb_5F00_2EAE8F1A.jpg "clip_image002[12]")
I saw directly something strange . A GPO applied into the root of the forest doing the following as shown below :
![clip_image002[14]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/sccm/clip_5F00_image00214_5F00_thumb_5F00_3E01F129.jpg "clip_image002[14]")
Here is the problem ! They are killing the TASKS service by reducing security . Well , they killed BITS in one go as well as the MP and DP are using this feature !
So my next step was to create a separate OU , block inheritance of existing GPO’s and create and apply a UNDO_KB958644 to reset permission.
The server team at my customer implemented this for fighting the Conficker Virus , witch is recommended by Microsoft …but they didn’t do the last part in the article.
Well they (Customer server team) killed my Mgmt Point on my SCCM server ….
*******************************************************************************************************
If you are experiencing this kind of issues and it worked before , make sure to check your GPO’s for security add-ons !
(Thanks to Kim Oppalfens to put me on track for looking into GPO security add-ons)
*******************************************************************************************************
Hope it Helps ,
Kenny Buntinx
There is a new Knowledge Base articles published for System Center Configuration Manager 2007.The issue is when the time changes to or from Daylight Saving Time, the SMS_Inbox_Monitor or SMS_Outbox_Monitor components may not poll for new content in Microsoft System Center Configuration Manager 2007.
KB972400 - The SMS_Inbox_Monitor or SMS_Outbox_Monitor components may not poll for new content in System Center Configuration Manager 2007
Hope it helps ,
Kenny Buntinx
Just for those who didn’t believe our story about the filet Mignon at the sushi place being so BIG that Kurt just ordered 2 of them at 32 $ each !
Here’s the proof : ( look at the Blackbarry next to it )
Hope it Helps ,
Kenny
DISCLAIMER : This posting is provided AS IS with no warranties ! Test it first into a TEST environment unless like me you have no other option ! The first part may not even be supported !
At a customer I was struggling already for weeks with WSUS issues onto my SCCM environment.
A few weeks ago WSUS 3.1 for some reason disappeared from my SCCM Primary site box. Wsus 3.1 was installed on the SCCM primary site box , but with a offsite (separate) SQL 2005 SP2 box , so the DB of the WSUS and SCCM where offloaded to that SQL server.
Wsus was working fine for months and now i just logged on to the system to see that the System Status was there as critical, a quick check showed all three WSUS components critical and sync failing.I opened up IIS and WSUS wasn’t there any more, the c:\assembly folder is also now there... backup is configured to kick off every saturday and just after that it seemed to happen.
In the event viewer I see two warnings after the restart :
- Event ID 1004, source MSIinstaller
Detection of product '{77846B52-14C9-4FC4-BE63-FE06AF501442}', feature 'WSUSApiFeature', component '{067AEA00-5C0B-444C-8961-313ACF4C3C75}' failed. The resource '' does not exist. - Event ID 1001
Detection of product '{77846B52-14C9-4FC4-BE63-FE06AF501442}', feature 'WSUSApiFeature' failed during request for component '{8691403E-727C-4E5E-BA2D-0608341F1BBF}'
After that and searching on the technet forums, it seemed to be a kind of bug …. The only workaround that was known where this isn’t happening is the scenario to split of the WSUS from the SCCM site server !
I also noticed something that was very awkward , was that my IIS server went into trouble … After searching a lot into log files and error tracing , I found that the “network service” was REMOVED from the DCOM Components …?? After adding it back , My ISS server turned in healthy state again. The only thing I do not know is if this has anything to do with the uninstall from WSUS itself ….
After installing the WSUS server onto another box , and added the SUP role onto the new seperate SQL/WSUS box we got some funky messages into the console. Our new WSUS 3.1 is installed into a custom website with port 8530 and SSL on port 8531
The Sync failed: WSUS server not configured. Source: CWSyncMgr::DoSync
The SMS Wsus Configuration Manager failed to configure upstream server settings on wsus server “xxx” as shown in the status messages .
Further in my WCM.log , you see the following weird message that he is trying to connect on port SSL 8531 , witch he should not do ! He should connect to port 8530 !!
Well , if you look into the Software Update Point Component Properties you see that the “Enable SSL for This WSUS server” is greyed out .
Now I have to say that the Site was previously migrated to native mode , but due a mistake from the customer and that they have formatted the Subordinate certificate authority , we went back to mixed mode . It ran for a year without issue after the roll-back .So is this really an Security mode issue ? I don’t know for sure .
So how did we solve the issue ?
Well we modified the SiteControl file. BEFORE EDITING THIS FILE , STOP ALL SCCM SERVICES AND TAKE A BACKUP !!!!
DISCLAIMER : This posting is provided AS IS with no warranties ! Test it first into a TEST environment unless like me you have no other option ! This is not even supported !
BEGIN_COMPONENT
<SMS_WSUS_CONFIGURATION_MANAGER>
<6>
<SCHZ43075>
PROPERTY <DefaultWSUS><><SCHZ45067><0>
PROPERTY <DefaultWSUSType><><><1>
PROPERTY <DefaultPublicVIP><><><0>
PROPERTY <DefaultWSUSIISPort><><><8530>
PROPERTY <DefaultWSUSIISSSLPort><><><8531>
PROPERTY <DefaultWSUSAccessAccount><><><0>
PROPERTY <SSLDefaultWSUS><><><1> <------------------------------------------------------------------- change this value to Zero ! PROPERTY <SSLDefaultWSUS><><><0>
PROPERTY <DefaultUseParentWSUS><><><0>
PROPERTY <DefaultIsAlsoINF><><><1>
PROPERTY <INFWSUS><><><0>
PROPERTY <INFWSUSType><><><0>
PROPERTY <INFPublicVIP><><><0>
PROPERTY <INFWSUSIISPort><><><80>
PROPERTY <INFWSUSIISSSLPort><><><443>
PROPERTY <INFWSUSAccessAccount><><><0>
PROPERTY <SSLINFWSUS><><><1>
PROPERTY <INFUseParentWSUS><><><1>
PROPERTY <ParentWSUS><><><0>
PROPERTY <ParentWSUSPort><><><80>
PROPERTY <SSLToParentWSUS><><><0>
PROPERTY <Number of Retries><><><100>
PROPERTY <Retry Delay><><><60>
PROPERTY <SupportedTitleLanguages><><nl,en><0>
PROPERTY <SupportedUpdateLanguages><><nl,en><0>
PROPERTY <SMSClientDeployment><Enabled><><1>
PROPERTY <RequestedClientVersion><4.00.6221.1000><><0>
PROPERTY <MaxClientsPublished><><><2>
PROPERTY <HostBinariesOnMicrosoftUpdate><><><0>
PROPERTY <ClientReportingLevel><><><2>
PROPERTY <MaximumAllowedComputers><><><100000>
END_COMPONENT
DISCLAIMER : This posting is provided AS IS with no warranties ! Test it first into a TEST environment unless like me you have no other option ! This is not even supported !
After starting the services again , the option was still greyed out , but into the WCM.log , you see that everything runs fine and that SSL is Disabled !
Here is the WCM.Log file outcome :
Now you see he is connecting fine onto port 8530 and SSL is Disabled !
Hope it helps ,
Kenny Buntinx
I am happy to inform you that I have received the 2009 Microsoft Most Valuable Professional (MVP) Award for System Center Configuration Manager. This is certainly a great honor for me.
Thank you Microsoft, blog readers and all the community members that helped me out!
Thanks for the recognition. I am delighted.
Hope it helps ,
Kenny Buntinx
PXE booting in your VM-Environment will not work unless you disable the Trend micro common firewall driver on your physical host . This is a known issue for Trend Micro !
To do this , follow the steps below.
Go to your control panel and select your network card .
Select your network adapter and select properties. The following screen appears.
Deselect the Trend Micro Common firewall driver and select “OK”.It is been disabled now.
PXE booting on VMWare Workstation Machine should work from know on ! Once your machine has been build you can turn it back on !
Hope it Helps ,
Kenny Buntinx
Tomorrow I am delivering a session about “Thin , Thick or Hybrid Imaging – Notes from the field” at the Community day 2009.
After a hectic week , I finally got ready with my demo and my slide deck.
I had the luck of destroying my hard drive with all of my demo’s on Tuesday , just after finishing off my configuration. Guess what ! No backup …
Finally everything is falling into place , so relax , sit back and enjoy the show for tomorrow!
Hope it helps ,
Kenny
Recovery off a secondary site is not supported with SCCM , backing it up is ! Only a reinstall is supported for secondary site. This news I received yesterday from PSS support , after we ran into an issue with the VSS Backup writer at a customer.I did not know it wasn't supported , as the functionality is there to configure it. Why don't they block this possibility on secondary sites if recovery is not supported.
But , I do agree there is not much on a secondary site of value to back up. Since backup does not save packages, the only things lost in a failure that could be recovered would be transient client data that has not yet been sent to the primary site and some configuration details on the secondary. Since clients are assigned to the primary site we can use a replacement secondary right away. Worst case scenario would be to resync inventory on some of your clients depending on how much 'in flight' data lives on our secondary.
Just to let you know , hope it helps ,
Kenny Buntinx
Carol Bailey has written an article about values to set for the key sizes and validity periods for the certificates required for native mode and out of band management in Configuration Manager that I want to share with you.
Carol said : This has been a tough one for me to answer, because in the main, these values are external to Configuration Manager and they are PKI design questions with advantages and disadvantages for different values. The higher the key size, the more secure the certificate is from attackers, but will require more processing to use. The longer the validity period, the less certificate maintenance required (and potentially some service disruption), but the certificate is more vulnerable to being compromised.
Disclaimer: The PKI-related information in this post is external to Configuration Manager, so you will not find this information in the Configuration Manager product documentation. However, we realize that PKI is often new to Configuration Manager admins, and aim to share our knowledge and experience to help you be more successful with the product.
Until recently, the best advice I could offer customers without their own PKI consultants, was to follow the example of Microsoft default values on certificate templates that closely matched their own certificates. Then check any certificate requirements in our documentation (for example, some certificates have a maximum supported key size), and take into account any overheads associated with renewal.
However, at MMS in Vegas this year, Chris Adams and Ben Shy from Microsoft presented an excellent breakout session that shared their experience about how they implemented native mode and Internet-based client management in Microsoft. This session was called "Demystifying Native Mode Security to Deliver Internet-based Client Management" and one slide I was particularly keen that they shared with customers was their strategy for deciding the key size and validity period. Their numbers are based on RSA research and how long it would take an attacker to compromise a certificate. So the higher the key size, the more secure the certificate is (but remember that this comes at the cost of extra processing). Their simple matrix that they presented at MMS looked like this:
When you are deciding which values to use, we've already noted that you need to take into account any other restrictions - such as maximum supported key size by the application that uses the certificate. However, you also need to take into account what your CA hierarchy can support. A CA cannot issue a certificate with a longer validity period than its own certificate. This one is easy to remember, however, there's also a ticking time limit because a CA cannot issue certificates with a validity period that is longer than its own remaining validity period.
This means that ideally, you want to plan your validity periods very carefully when designing your PKI - taking into account factors such as the type of certificates that you want to use, the applications that will use them, your company's tolerance to security risks, and your renewal strategy. However, in practice, you might have to fit your validity periods around your existing PKI design.
Some examples:
- If you want to use a validity period of 10 years for your site server signing certificate, this will not be possible if your issuing CA has a certificate with a validity period of 5 years.
- If your issuing CA has a validity period of 5 years but has been up and running for 2 years, it will not be able to deploy certificates with a validity period of 4 years - until its own certificate is renewed.
Hope it Helps ,
Kenny Buntinx
SCUG.BE interviewed Jeremy Chapman (Senior Product Manager in the Windows client enterprise team) on windows 7 deployment:
Have Fun,
SCUG.BE crew
SCUG.BE interviewed the Jeff Wettlaufer (Sr. Technical Product Manager, System Center) at Techdays 2009 in Antwerp!
Have Fun,
The SCUG.BE Team
ConfigMgr 2007 R2
Hi All,
In 2 weeks I will be teaching a ConfigMgr 2007 class, this will be the first time I teach the class with modified content for ConfigMgr 2007 R2.
This class will run at jcacademy in Leuven. More details can be found here: http://www.jcacademy.be/courses/_nl/coursesheet.asp?language=NL&country=&course_id=738
But to summarize this is a 5 day class covering the skills upgrade for current sms 2003 admins to ConfigMgr 2007 R2.
Runs from the 8th till the 12th of June, and costs 2.085€. Keep in mind that the website still needs to be updated with the new course content sheet.
NOTE: I do not teach classes all that often anymore, so if you want to follow ConfigMgr 2007 R2 training this year, this might very well be one of your last chances to follow it with me this year. There is a slim chance I will have some time to do another at the very end of this year, but no guarantees there.
Course Content
Title: Migrating your SMS 2003 admin skills to SCCM 2007 R2
Introduction
The goal of this course is to upgrade the attendees' sms 2003 admin skills to Sccm 2007 R2. Attendees that successfully complete this course will be capable of managing day-to-day operations of a SCCM 2007 environment.
The course is a mix of in-depth instructor led training and hands-on labs to help drive home the concepts discussed and provide answers to commonly asked questions. The trainer that delivers this course is an accomplished consultant with plenty of real world experience to make the delivery interesting.
Target Audience
This course is targeted at people that currently manage a SMS 2003 environment, and are planning to migrate or have already migrated to SCCM 2007 (R2).
Prerequisite
This course requires that the students meet the following prerequisites:
- A decent working knowledge of Active Directory
- A decent working knowledge of sms 2003 is strongly advised to make the most out of this course.
Course outline
Day 1
What's new overview?
This section will provide you with a broad overview of all changes that have been made to sccm 2007, taking sms 2003 as the reference point. This overview includes the features added during SP1 and R2 and will offer a glance at what's coming in SP2 and ConfigMgr v.Next. After the initial overview you will get a more detailed view of these modifications during the rest of the course.
New admin UI tour
One of the big changes to SCCM is the new administrator console, knowing your way around this console is crucial to successfully manage your sccm environment. This section will introduce you to homepages, the search bar and some other smaller changes.
Client management (Discovery, assignment, Installation)
After the introduction we'll dive into discovering, installing and assigning clients. You'll learn about changes to the discovery and assignment phases that might influence your server infrastructure. Once you have learned all about discovery and client assignment we'll look at the two most popular client installation methods in detail. To finish of this day we will install and configure the new R2 feature called client status reporting to assist in keeping an overview of healthy and unhealthy clients.
Day2
Extending Hardware inventory
Day 2 will start with an explanation of what has changed in the hardware inventory data flow and architecture, followed by some guidelines on how-to extend hardware inventory, and details on the usage of asset intelligence to manage your licenses.
Desired Configuration Management
DCM is one of the new features in sccm 2007, we'll look at the back-end infrastructure, the dataflow, and the different components like configuration packs, configuration baselines and configuration items.
Software Distribution
Although software distribution has not changed very drastically, some of these changes are long awaited design change requests that could have an impact on your daily operations. We'll discuss maintenance windows, wake on lan and other important changes. Additionally this section will show you the basics of application virtualization and its integration in ConfigMgr 2007 R2.
Day 3
Software Updates
Software update management has significantly changed and is barely comparable to the sms 2003 itmu counterpart. In this section you'll learn how to build your software update architecture, find out how to deploy a software update, see how sccm software updates integrates into windows server 2008 nap and figure out how to take all this knowledge to implement a manageable software update procedure.
Mobile device management
Windows mobile device management is a feature that has been present for a while now in sms, yet, it is one of those highly underused features. More and more companies are starting to have some mobile devices in their asset list though. Starting to manage these devices becomes appealing to more organizations than in the past. In this module we will use the Microsoft device emulator to simulate a windows mobile 6 device being managed. You'll learn all about mobile device management in ConfigMgr 2007 R2 and how to play around with it yourself by setting up the standalone Microsoft device emulator.
Remote tools
Although the changes might not be obvious, remote tools did change quite a bit in ConfigMgr 2007. In this module we'll take a look at this revamped remote tools functionality and talk a bit about its limitations and known issues.
Day 4
Out of band service management
Out of band service management or the management of Intel vPro capable devices was added to ConfigMgr 2007 with service pack1. Providing exciting new power-management and other capabilities exposed by the out of band management controller. In this module you'll learn how to configure this new feature and learn some of the tips in implementing this functionality in a manageable way.
Software Metering
Asset intelligence reporting that was covered in the hardware inventory module helps you keep an accurate view of what software you have installed, and see what your license compliance status is. Software metering will tell you how many of those licenses are actually put to good use. This module, when added to the asset intelligence information will assist in learning you how to keep your license management under control and in tip-top shape
Querying & reporting
Significant changes have been made to reporting in ConfigMgr 2007 R2. Support for SQL reporting services was added, and the schema for the ConfigMgr database has been published online around the SP1 timeframe. So after being absent from the original 3 day course, querying and reporting is covered again in this 5 day course. This module will learn you how to write your own reports even if you are not a full-blown sql admin or guru.
Day 5
Operating system deployment
One of the areas that has received the most attention of the product team in sccm 2007 has to be OS deployment. Day 5 will be all about this thrilling new release of OS deployment. In this section you'll learn how to configure the osd architecture, followed by building your reference machine. Once you have our base image and created our own custom windows pe you'll be making your hands dirty in deploying your own captured image.
Topics that will NOT be covered in this course
The following items are not covered in this course, as they are not a part of day to day operations.
Instructor resume
Sms Related experience
Kim Oppalfens has been a Microsoft Certified Trainer for over 6 years. He started giving training ona SMS 2.0, and continued on by teaching the SMS 2003 Train-the-trainer class in Paris.
In his career he has been involved in a large number of SMS/SCCM implementations. His involvement in these projects has been pretty versatile, ranging from developing custom courseware, over making designs, Implementing from scratch or custom-develop migration strategies.
Speaking engagements
Kim has been a speaker at Microsoft's Belgium last 3 big events being the Dev & It pro days 2007 Techdays 2008, Techdays 2009 and several other community based events.
Awards
Kim has received the prestigious Microsoft most valuable professional for 5 years in a row, for his enthusiasm in supporting people with sms related questions in the microsoft newsgroups. Kim is pretty proud to be one of the april fool's day mvp's.
Publications
Kim publishes his sccm-related articles on a blog over at the system center user group of which he is a founding member. (http://www.scug.be/blogs/sccm/default.aspx ), he aims at writing unique articles without duplicating too much announcement or none SCCM related posts.
Contact details
You can find Kim's contact details on his linked-in profile (http://www.linkedin.com/in/kimoppalfens)
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx
http://www.linkedin.com/in/kimoppalfens
Hi All,
ConfigMgr 2007 R2 introduced a new feature for reporting. SQL reporting services based reporting instead of the original web based reports was added as a new feature. This makes sure that all system center products now use a consistent reporting product. Although both reporting methods can be used in conjunction with each other in the current release, as previously mentioned on this blog, this will not be the case in Sccm v.Next.
In this respect it makes sense to learn the ropes on this SRS technology now, one of the issues I have seen reporting, and which I ran into myself, is a greyed out admin ui interface if you try to start using the ConfigMGr 2007 R2 reporting services feature. After reporting the issue, the ConfigMgr team figured out what the issue was and they updated question 6 on their SRS faq:
http://blogs.technet.com/configmgrteam/archive/2009/05/14/faq-sql-reporting-services-integration-with-system-center-configuration-manager-2007-r2.aspx
For those of you who already have installed SRS, and want to use it in a named instance, you should be able to add another SRS default instance to the same box, and this should clear up the greyed out configuration options in the admin ui when you try to use the "copy reports to reporting services" wizard, or when you try to configure the properties of your ConfigMgr reporting services point in reports \ reporting services
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm/default.aspx
http://www.linkedin.com/in/kimoppalfens
As announced earlier, Community Day 2009 is coming! Mark Thursday 25th June in your calendar, as it’s the day you can get a full day of free training and sessions, all courtesy of the Belgian User Groups.
This third edition is a big step for us. For the first time, we are doing an entire day (whereas the 2 previous editions were half a day). We also moved to a new location, as the previous one became too small: we are now in Utopolis in Mechelen.
Since yesterday evening, The website www.communityday.be , it’s now live.
Registration is again free, including food and drinks, BUT seats are limited, so register in time if you want to be sure you can be there!
The System Center User Group Belgium is providing 2 sessions :
Setting up & Configuring SQL Server to support your SCCM & SCOM environment , given by Kim Oppalfens & Alexandre Verkinderen
Thin, thick or hybrid imaging in SCCM - Notes from the field , given by Kenny Buntinx
Hope to see you there !
Kenny Buntinx
Learn a little more about MMS 2009 behind the scenes!
Registration by the Numbers
- 16,400: Approximate number of miles roundtrip 9 attendees flew to be at MMS 2009
- 800: Approximate number of attendees who have previously attended an MMS
- 50: The number of US states represented
- 44: The number of countries represented
- 24: The number of US states with over 20 representatives
- 6: The number of countries with more than 50 attendees
- Top countries other than the US with the highest representation: Canada, Denmark, UK, Sweden, Norway
Session Content
- 159 breakouts, 16 BOF sessions, 85 ILL lab sessions and 75 different self-paced lab topics
- A total of 33,601 session bookings were received on CommNet.
- The backstage keynote demo lab for day 1 and day 2 combined included 5 server racks, 4 stand-alone servers, and 14 desktop computers.
- The Maximum ASP public cloud demo included fully-functioning private and public cloud networks, both assembled onsite in Las Vegas in 48 hours.
- The Wireless Wake-Up and Windows 7 Deployment demo featured 18 laptops in the audience connected to a live wireless network; over the course of twenty minutes, each laptop was upgraded from Windows XP to Windows 7 in real-time.
Expo & Meals Facts
- 55 companies were featured in the Expo Hall as Sponsor-Exhibitors or Exhibitors.
- Over 3,400 System Center-branded space racers, laptop skins, mints, yo-yo octopi, and Post-It Note cubes were given out in the Microsoft Pavilion in the Expo Hall.
- 1,000 feet of drape and 3400 sq yards of carpet were used to "dress" the Expo Hall.
- 2,400 lbs of eggs and 1,800 lbs of potatoes were served during the MMS week
- 5,472 sodas were consumed during the week's lunches and breaks
- MMS's signature cocktail, the ITProtini, proved to be a popular item – attendees enjoyed 1,221 of them during the Closing Party!
Hotel Facts
- Approximately 50,000 people visit The Venetian each day (more than 18 million each year).
- The Palazzo and the Venetian together have more than 7,000 suites, making the combined space the largest hotel in the world.
- At 85,000 sq feet, the Venetain Ballroom is one of the largest obstruction-free ballrooms in the world.
- Using a standard garden hose for 24 hours a day, it would take 65 days to fill the indoor Grand Canal.
- At 50 stories and 639.5 feet tall, the Palazzo is the 2nd tallest building in Nevada.
- There is no 4th, 13th, or 14th floor in the Palazzo.
- The Palazzo contains 230,000 cubic yards of concrete. That's enough concrete to build a six-foot wide sidewalk from the hotel all the way to the northeast corner of Yellowstone National Park.
More Posts
Next page »