SMS Provider reported an error: CSspInventoryReport::GetRealInstance: Failed to get item from database

July 29, 2016 at 2:21 pm in ConfigMgr, SQL, WMI by Ken Goossens

A friend recently had some issues while trying to extend the hardware inventory.  Actually he wasn’t able to Set Classes from the Default Client Setting neither from a Custom Client Settings. When clicking on Set Classes to import a custom MOF file, we received the error message below:

image

After reading the error message carefully and clicking on OK, we got an empty Hardware Inventory Classes Window. This happened time after time.

image

We started to look in the smsprov.log and compared that log file with the same log file from a test environment where everything is working properly.

image

As you can see in the pictures above, there is 1 big difference between the working site and the site having the problem on the right.

Working Site – Query:

select Description,DefaultTimeout,ReportTimeout from InventoryAction where ActionID=N'{00000000-0000-0000-0000-000000000001}’

Malfunction Site – Query:

select Description,DefaultTimeout,ReportTimeout from InventoryAction where ActionID=N’00000000-0000-0000-0000-000000000001′

Can you see the difference in the queries? Right, the braces. We are missing the braces in the Malfunction Query. Then the next question, were does configuration manager look for this value.

Our first idea and probably the idea of many ConfigMgr admins is WMI. So again we compared our working environment with the malfunction environment. Now guess what, we found the value in WMI

SELECT * FROM SMS_SCI_ClientComp WHERE FileType=2 AND ItemName=’Hardware Inventory Agent’ AND ItemType=’Client Component’ AND SiteCode=’PS1′

Below you can see that Value2 doesn’t have any bracers. Which is the problem.

image

Below the correct value with bracers.

image

We have tried to change that value to include the bracers, but everything we’ve tried failed. Then we thought that the value might have been somewhere in the registry because of the REG_SZ in Value1. Unfortunately nothing useful in the registry.

So there is only 1 option left, the site control file.

I want you to know, that Microsoft doesn’t support this. So if you make changes to the site control file, you really need to make sure that you know what you’re doing.

Again we compared the site control file from a working environment with our problem environment. Below the InventoryReportID from the problem site.

image

Below the same part from our working environment.

image

As you see, the bracers are missing here as well.

Now that we have found the location to change the value, it’s only a matter of running the correct query in SQL to update the Site Control File. Make sure before you start, that you have a correct backup. Because you never know, I would even suggest you to first run the query in your test environment to make 100% sure that you are changing the correct value, again, this is not supported by Microsoft.

image

Update SC_ClientComponent_Property set value2 = ‘{00000000-0000-0000-0000-000000000001}’ where name = ‘InventoryReportID’

Let’s have a look to see if we can set a class in the hardware inventory.

image

Yes we can :-)

To make sure that all the changes are applied in WMI, it’s recommended to reboot or restart the SMS Services.

Hope it helps!!

Ken

Tweet about this on TwitterShare on LinkedInShare on Facebook

Step by step – Installing ConfigMgr 1511 in https – Part 5: Installing ConfigMgr 1511

February 14, 2016 at 8:06 pm in Uncategorized by Ken Goossens

Now that we have everything in place, it’s time to start with the installation of our so beloved Configuration Manager. Let’s do a small recap of the previous posts.

  • Active Directory
    • Extend Active Directory Schema
    • Create Security Groups
    • Create Service Accounts for SQL
    • Create System Management Container
  • Installing Windows Server Roles & Features
    • Using PowerShell command lets.
    • Using the ConfigMgr Prerequisites Tool 1.4.2
    • Configure Windows Firewall Rules
  • Installing Microsoft Deployment Toolkit 2013 Update 2
  • Installing Windows 10 Assessment and Deployment Toolkit
  • Installing System Center 2012 R2 Configuration Manager Toolkit
  • Installing and Configuring SQL Server 2014 SP1
  • Requesting and Configuring Certificates

First step at this point, add the group that we created in the first post GL-ConfigMgr1511-Servers to the administrators group on your ConfigMgr Server. This should be done on all the servers that you add in your hierarchy.

image

Click Apply and Close Computer Management.

Now that this is done, mount the ConfigMgr 1511 Sources and start the installation.

image

Click Install to start the installation.

image

Click Next to continue.

We are not using a Central Administration Server, so leave the default setting and click Next to continue.

image

Enter the product key and click Next to continue.

image

Accept the license terms and click Next to continue.

image

Select all the prerequisites and click Next to continue.

image

If you have not yet downloaded the prerequisites for the setup, you need to select the first option Download required files. In this case, I have already downloaded the prerequisites files, because it’s faster. So Select the second option Use previously downloaded files, Browse to the location of the files and click Next to continue. You will notice that the Setup is checking the prerequisites.

image

Server language selection, I keep the default on English. If you need some other languages later, you can run this setup again and you need to select the Site Maintenance option. Click Next to continue.

image

Client Language Selection, I keep the default on English. If you need some other languages later, you can run this setup again and you need to select the Site Maintenance option. Click Next to continue.

image

Enter the SiteCode, Site Name and the location where you want to have ConfigMgr Installed. Click Next to continue.

image

This will be a stand-alone site, so Select the Install the primary site as a stand-alone site and click Next.

image

A message will pop to inform you that you still can expand the site with a CAS if needed later. click Yes to continue.

image

Since we have used the SQL Default instance, we keep the instance name blank. Click Next to continue.

image

Click Browse to create 2 folders UserDB & UserDBLogs

image

Click OK to go back to the wizard.

image

Browse to the newly created folders and select UserDB for the Path to the SQL Server data file and UserDBLogs for the Path to the SQL Server log file.

image

Leave the SMS Provider as default, so that it will be installed on our Primary Site Server. Click Next to continue.

image

We are installing our ConfigMgr Hierarchy in https. Select All site system roles accept only https communication from clients and click Next.

image

A message pops up to inform you that all the certificates need to be configured.

image

By default we will install our Management Point and a Distribution Point. Make sure that files like NO_SMS_ON_DRIVE.SMS and NOSMSDB.BAT are in place. This is because the setup will choose the drive with most free disk space to install your Distribution Point. If you want to avoid that a drive is used for ConfigMgr. Create both files on the drive. Click Next to continue.

image

Read the Usage Data and click Next.

image

Service Connection Point, is something new in ConfigMgr 1511. This will allow u to use features like Conditional Access, Windows Sytore for Business or on-premises MDM. Click Next to continue.

image

Review the Summary and click Next to continue.

image

Now the prerequisites checker will run. As you can see we have 2 warnings.

  • Verify site server permissions to publish to AD.
    • The reason why we have this, is because we are using a security group instead of the Site Server Computer Account that is having full control of the System Management container in AD ( created in the first part of this series)
  • SQL Server process memory Allocation
    • We see this because it’s recommended to use 8GB or more for SQL Server. (This is not a problem to continue with our lab setup)

image

Click Begin Install to start the installation of ConfigMgr.

image

Once the core setup is completed, click Close.

Configure Distribution Point Certificate

Open the Configuration Manager Console and got to Administration – Overview – Site Configuration – Servers and Site System Roles

image

Right click Distribution Point and click on Properties

image

Select Import Certificate, Browse to the location where we stored the DP Certificate in Part 4. Select the Certificate and enter the password.

image

Click Apply and close the Distribution Point Properties.

We have now succesfully installed and configured Configuration Manager in HTTPS.

Stay Tuned for More!!

Tweet about this on TwitterShare on LinkedInShare on Facebook

Step by step – Installing ConfigMgr 1511 in https – Part 4: Requesting and Configuring Certificates.

February 14, 2016 at 5:24 pm in Uncategorized by Ken Goossens

Requesting required certificates

If you would like to know more about certificates and how to create your templates for ConfigMgr please continue reading here.

First of all, it’s important that our Server is part of the group that we created in Part 1 of this blog post series.

So go to Active Directory and add your server to the group GL-ConfigMgr1511-Servers.

image

This should also be the group that has the enroll rights for your certificates. That means that every server in your ConfigMgr Hierarchy should be part of this group. This makes it very easy to request the certificates if you add an extra Distribution Point to your hierarchy for example.

Run GPUPDATE /Force and reboot the Server.

Web Server Certificate

Open a PowerShell prompt as administrator and type certlm.

image

This will open the local machine certificate snap-in. Browse to the Personal – Certificates Folder.

image

Right click on the Certificate folder in the left hand side panel and go to All Tasks – Request New Certificate

image

Select Active Directory Enrollment Policy and click Next.

image

Click on the blue text under the template ConfigMgr_ServerAuthentication

image

In the Certificate Properties, we need to specify the settings below:

    • Subject Name: Type – Common name
      • FQDN of the Primary Site Server
    • Alternative Name: Type DNS
      • FQDN of the Primary Site Server

image

Click OK and check the checkbox next to the certificate template.

image

Click on Enroll to enroll the certificate.

image

Click Finish to go back to the Certificate Store.

Distribution Point Certificate.

Back in the Certificate Store, right click on the Certificate folder again and go to All Tasks – Request New Certificate.

image

Select Active Directory Enrollment Policy and click Next.

image

Select the ConfigMgr_DPAuthentication Certificate and click on Enroll.

image

Click Finish to close the Enrollment Wizard.

Now that we have enrolled the certificate, we need to export the certificate, so that we can use it later during the installation of ConfigMgr.

Right click the certificate and go to All Tasks – Export

image

Click Next and choose to export the private key.

image

Click Next and Select the format. We need to have it in .PFX format and need to include all certificates in the certification path if possible. Click Next to continue.

image

We need to specify a password, this password is to protect the private key and will be used when we import the Certificate in ConfigMgr. Click Next to continue.

image

Browse to a location where you want to save the exported certificate. I always create a folder SCCM_CERTS on the drive used to install ConfigMgr. It’s easy and very clean. Enter a File Name and click Save.

image

In the Certificate Export Wizard, click Next.

image

Click Finish to close the Export Wizard.

image

 

Configure IIS for HTTPS

Now that we have the certificates, we will need to configure IIS to use our Web Server Certificate.

Open the IIS Manager.

image

In the IIS Manager, Select the Default Web Site and click on Bindings in the right hand side panel.

image

In the Site Bindings click on Add…

image

We will need to add the https binding, so configure the settings below:

    • Type: https
    • Port: 443
    • SSL Certifcate: The Enrolled Certificate will be in the drop down list.

image

Click OK and close IIS.

To make sure that everything is well configured, I always do an IISRESET to restart the services.

At this point, we are ready to start the installation of ConfigMgr. Read more in the next post.

Tweet about this on TwitterShare on LinkedInShare on Facebook

Step by step – Installing ConfigMgr 1511 in https – Part 3: Installing & Configuring SQL Server 2014 SP1

February 14, 2016 at 4:55 pm in Uncategorized by Ken Goossens

Installing SQL Server 2014 SP1

In this setup, we will use SQL Server 2014 SP1. If you would like to read more about Supported Versions of SQL go here.

Browse to the location of your SQL Installation sources and click on setup.exe.

clip_image001_thumb2

In the wizard on the left side click on Installation.

clip_image002_thumb5

On the right side click New SQL Server Stand-alone installation or add features to an existing installation.

clip_image003_thumb2

Enter your product key or specify if you want to use a free edition of SQL Server and click Next to continue.

clip_image004_thumb2

Accept the License Terms and click Next to continue.

clip_image005_thumb2

The setup will check some Global Rules to identify problems that might occur during the installation. if everything Passed the check, click Next to continue.

clip_image006_thumb2

Now you have the choice to use Microsoft Update to check for updates or you can just leave this blank and click Next to continue.

clip_image007_thumb3

If an update is found, the setup will install them accordingly. click Next to continue.

clip_image008_thumb1

Setup will identify potential issues, if you have any issues make sure that it is fixed before you continue. Click Next to go on.

clip_image009_thumb2

Time to select the features that we would like to use. You can choose to have all the features installed with the default values. But we don’t need all the features,  so we will select SQL Server Feature installation and click Next.

clip_image010_thumb2

For ConfigMgr, we need the features below:

  • Database Engine Services
  • Reporting Services – Native
  • Management Tools

If you are using a dedicated disk for your SQL installation, it’s here that you will need to specify your Drive & Location. In my lab, the S:\ Drive is dedicated for SQL Server installations. Click Next to continue.

clip_image011_thumb2

The wizard will check for possible issues that might block the installation process, in case of any issue, resolve and click Next to continue.

clip_image012_thumb3

I’m using the default instance here. Click Next to continue

image

Right now it’s important that you remember the Service Accounts that we created in Part 1.  As you can see in the print screen, I have configured my Service Accounts with the password. I also changed the Startup Type of SQL Server Agent to Automatic.

clip_image014_thumb2

On the second tab, we need to set the Collation properly. The collation that we will use is SQL_Latin1_General_CP1_CI_AS. Click OK and Next to continue.

clip_image015_thumb2

Time to configure some security, we will need Windows Authentication Mode. Add the Security Group that contains your SQL Admins by clicking on Add and if the account that you’re using to install SQL is not part of that group, click on Add Current User. click Next to continue.

clip_image016_thumb3

For the reporting point, select Install only and click Next.

clip_image017_thumb3

Another check will run for possible issues that might block the installation process. When everything is Passed, click Next to continue.

clip_image018_thumb2

An overview will be displayed with your current configuration of the SQL Server installation. I can give you the advice to copy the ConfigurationFile.ini to a known location for later use. This will allow you to make the installation of SQL unattended. Click Next to start the installation.

clip_image019_thumb4

You can monitor the installation of your SQL Server.

clip_image020_thumb3

When done, close the wizard and continue with the next step.

Configuring SQL Server 2014 SP1

Now that we have installed our SQL Server it’s important to configure some settings. Let’s start with the memory configuration. It’s important to have the Minimum and Maximum server memory configured.

Open the SQL Server Management Studio, connect to your instance, and right click on the Instance.

image_thumb97

Limit the amount of RAM SQL can use to 50% for the minimum and 80% for the maximum.

image

Click OK and close the SQL Management Studio for now.

That’s it for Part 3, in the next post we will go prepare our Server for HTTPS.

Stay Tuned!!

Tweet about this on TwitterShare on LinkedInShare on Facebook

Step by step – Installing ConfigMgr 1511 in https – Part 2: Installing MDT Update 2, W10 ADK & ConfigMgr Toolkit

February 14, 2016 at 4:38 pm in ConfigMgr by Ken Goossens

Welcome Back for Part 2 of our Step by Step Guide to ConfigMgr 1511 in https. In the previous post we have covered the preparation of Active Directory and the installation of Windows Server Features & Roles.

What will be covered in this post:

  • Installing Microsoft Deployment Toolkit 2013 Update 2
  • Installing Windows 10 Assessment and Deployment Toolkit
  • Installing System Center 2012 R2 Configuration Manager Toolkit

Let’s start with the installation of MDT.

Installing Microsoft Deployment Toolkit 2013 Update 2

You can download the latest version of here. According to Microsoft Update 2 is primarily a quality release, there are no new major features but some significant changes:

  • Security- and cryptographic-related improvements:
    • Relaxed permissions on newly created deployment shares (still secure by default, but now also functional by default)
    • Creating deployment shares via Windows PowerShell adds same default permissions
    • Updated hash algorithm usage from SHA1 to SHA256
  • Includes the latest Configuration Manager task sequence binaries
  • Enhanced user experience for Windows 10 in-place upgrade task sequence
  • Enhanced split WIM functionality
  • Fixed OSDJoinAccount account usage in UDI scenario
  • Fixed issues with installation of Windows 10 language packs
  • Various accessibility improvements
  • Monitoring correctly displays progress for all scenarios including upgrade
  • Improvements to smsts.log verbosity
  • Fixed Orchestrator runbook functionality

If you would like to read more about this and stay up to date with latest release information, I can recommend you to start following the blog of the Microsoft Deployment Toolkit Team here.

Browse to the location of your installation file. The file that you need to run is MicrosoftDeploymentToolkit2013_x64.msi. If you want to be sure that you have the correct version of MDT, check the properties of the MSI. In the details tab, you will see in the Subject attribute that you have the correct version.

image_thumb53

Close the properties and run the MSI.

image_thumb58

Click Next and Accept the License Agreement.

image_thumb63

Click Next to continue. In this part, you can specify the location where you want to install the MDT. I usually have a dedicated disk where I install all the tools. Click Browse and locate your install folder, leave the defaults if you want it installed in the default location.

image_thumb72

When you have defined your location, click Next. In the CEIP screen, you can select whether or not your want to participate in the program.

image_thumb65

Click Next to continue. Now click Install to start the installation.

image_thumb67

When the installation is Completed, you click Finish to close the MDT installation wizard.

image_thumb70

Installing Windows 10 Assessment and Deployment Toolkit

Microsoft released in November a new version of the Windows 10 ADK. although, they do not recommend that ConfigMgr customers use the 1511 version of the ADK. Therefor I recommend to download the old version of the Windows 10 ADK here.

If you would like to read more about the issues with the Windows 10 ADK 1511, continue reading here. I will keep following the progress and keep you informed as soon as MS release there new version.

Now let’s continue with the real work. run the ADK Setup that you have downloaded earlier. In my case, I have already downloaded the installation files, which will make the installation a little faster.

image_thumb77

Specify the location where you want to have the ADK installed. Same thing as with the MDT installation, I prefer to have it installed in D:\APPS\WADK10. If you have multiple sites, I would recommend you to Download the WADK files to a location so that you don’t need to download the sources again.

image_thumb89

Click Next and select whether or not you would like to join the CEIP.

image_thumb83

Click Next and Accept the License Agreement.

image_thumb85

Now we need to select the features that we would like to have installed. To have all functionality related to OSD we need to select the 4 Features below:

  • Deployment Tools
  • Windows Preinstallation  Environment (Windows PE)
  • Imaging And Configuration Designer (ICD) – This one is optional and not required for OSD
  • User State Migration Tool (USMT)

image_thumb87

Click on Install and you will see that the wizard start to Install your selected features.

image_thumb91

When everything is installed, you can close the wizard.

Installing System Center 2012 R2 Configuration Manager Toolkit

The Microsoft System Center 2012 R2 Configuration Manager Toolkit contains fifteen downloadable tools to help you manage and troubleshoot Microsoft System Center 2012 R2 Configuration Manager.  I really like this set of tools, they have been a real asset while troubleshooting Configuration Manager. The following list provides specific information about each tool in the toolkit.

Note: Items with an * are new in the R2 Toolkit and require Microsoft System Center 2012 R2 Configuration Manager for full functionality.

Server Based Tools

    • * DP Job Manager – A tool that helps troubleshoot and manage ongoing content distribution jobs to Configuration Manager distribution points.
    • * Collection Evaluation Viewer – A tool that assists in troubleshooting collection evaluation related issues by viewing collection evaluation details.
    • * Content Library Explorer – A tool that assists in troubleshooting issues with and viewing the contents of the content library.
    • Security Configuration Wizard Template for Microsoft System Center 2012 R2 Configuration Manager – The Security Configuration Wizard (SCW) is an attack-surface reduction tool for the Microsoft Windows Server 2008 R2 operating system. Security Configuration Wizard determines the minimum functionality required for a server’s role or roles, and disables functionality that is not required.
    • Content Library Transfer – A tool that transfers content from one disk drive to another.
    • Content Ownership Tool – A tool that changes ownership of orphaned packages (packages without an owner site server).
    • Role-based Administration Modeling and Auditing Tool – This tool helps administrators to model and audit RBA configurations.
    • Run Metering Summarization Tool – The purpose of this tool is to run the metering summarization task to analyze raw metering data.

Client Based Tools

    • Client Spy – A tool that helps you troubleshoot issues related to software distribution, inventory, and software metering on System Center 2012 Configuration Manager clients.
    • Configuration Manager Trace Log Viewer – A tool used to view log files created by Configuration Manager components and agents.
    • Deployment Monitoring Tool – The Deployment Monitoring Tool is a graphical user interface designed help troubleshoot Applications, Updates, and Baseline deployments on System Center 2012 Configuration Manager clients.
    • Policy Spy – A policy viewer that helps you review and troubleshoot the policy system on System Center 2012 Configuration Manager clients.
    • Power Viewer Tool – A tool to view the status of power management feature on System Center 2012 Configuration Manager clients.
    • Send Schedule Tool – A tool used to trigger a schedule on a client or trigger the evaluation of a specified DCM Baseline. You can trigger a schedule either locally or remotely.
    • Wakeup Spy – A tool that provides a view of the power state of Configuration Manager client computers and which operate as managers or manages.

Now let’s install the toolkit. Browse to the location of the ConfigMgrTools.msi and double click it to start the installation.

image

In the wizard, click Next.

image

In the Software License Terms wizard, Accept the license agreement and click Next.

image

Specify the location where you want to install the toolkit.

image

When you click Next and the installation will start.

image

After a few seconds, you will see that the Toolkit is installed. Click Finish to close the wizard.

In the next post we will install and configure SQL Server 2012 SP3

Tweet about this on TwitterShare on LinkedInShare on Facebook

Step by Step – Installing ConfigMgr 1511 in https – Part 1 Preparing Active Directory and Primary Site Server.

February 14, 2016 at 10:18 am in Uncategorized by Ken Goossens

Hi and welcome back, finally after a few months I found some time to start writing blog posts again. As you already know, we are running ConfigMgr 1511 these days to have all the features available to support Windows 10.  If you would like to read more detailed information about the product itself,  you will be able to find it on TechNet.

December 8, 2015 Microsoft released information on TechNet to get ready for System Center Configuration Manager. If you would like to read more about it, you can go directly to the article by clicking here.

December 15, 2015 Microsoft released extra information on TechNet related to ConfigMgr functionalities. If you’re new to ConfigMgr or just want to know more about the product, continue reading here.

After having some requests about the installation of Configuration Manager with https, I decided to write this step by step. This step-by-step will contain a few Parts because it will be a pretty big post.

What will be covered in this post:

  • Active Directory
    • Extend Active Directory Schema
    • Create Security Groups
    • Create Service Accounts for SQL
    • Create System Management Container
  • Installing Windows Server Roles & Features
    • Using PowerShell command lets.
    • Using the ConfigMgr Prerequisites Tool 1.4.2
    • Configure Windows Firewall Rules

Active Directory

Extending Active Directory Schema’s

Mount the Configuration Manager installation media on your Domain Controller. if you have multiple domain controllers, make sure that you are connected to the Domain Controller that is holding the Schema Master Role. The user that is extending the schema need to be member of the Schema Admins group.

Browse the ConfigMgr installation media G:\SMSSETUP\BIN\X64

image

Now right click the extadsch.exe and run as Administrator. This process is usually very fast and create a log file ExtADSch.log on the root of the C:\ Drive.

image

Create Security Groups

For the sake of control and easy management I like to create some security groups that we will use later in this series.

  • ConfigMgr1511-Servers
  • ConfigMgr1511-Admins
  • SQL-Server-Admins

if you are planning to enroll Mobile Devices and Macintosh Computers in your environment, it might be good as well to have some specific security groups created to enroll certificates. Same counts for AMT Provisioning.

  • ConfigMgr-MacEnrollers
  • ConfigMgr-MobileEnrollers
  • ConfigMgr-AMTProvisioning
Create Service Accounts for SQL

During the installation of SQL Server, you will need to provide service accounts for the different SQL Services

  • SQL Server Agent – cmsqlasa
  • SQL Server Database Engine – cmsqlsa
  • SQL Server Reporting Services – cmsqlrsa
Create System Management Container

This is the last step that need to be performed on our Domain Controller. Open ADSI Edit and create a new object under the System OU.

image

Select the container class for your object and click next.

image

Enter the name of the container “System Management” in the Value textbox and click next.

image

Complete the wizard, close it and open Active Directory Users & Computers to configure a delegation on the folder. In AD Users & Computers, you will need to make the Advanced Features visible, so in the menu on the top, click on view and select Advanced Features.

Now you will be able to see the System OU, browse to the System Management container.

image

Right click it and open the delegation control wizard.

image

Add the security group “ConfigMgr1511-Servers” and click Next.

image

Select Create a custom task to delegate and click Next

image

Select This folder, existing objects in this folder, and creation of new objects in this folder and click Next.

image

Under Permissions: select Full Control and click Next.

image

Review the delegation and click Finish.

image

Installing Windows Server Roles & Features

The installation of the prerequisites is actually a pretty straight forward thing to do. There are many ways that you can install the Roles & Features. For example, if you are not familiar with PowerShell it’s very easy to install the Roles & Features via the Server Manager. Although, there are some amazing solutions that has been provided by & for the Community. I will not discuss the manual way of installing the Roles & Features but will show you 2 possible ways.

Using PowerShell command lets.
  • Install-WindowsFeature Web-Windows-Auth
  • Install-WindowsFeature Web-ISAPI-Ext
  • Install-WindowsFeature Web-Metabase
  • Install-WindowsFeature Web-WMI
  • Install-WindowsFeature BITS
  • Install-WindowsFeature RDC
  • Install-WindowsFeature Web-Asp-Net
  • Install-WindowsFeature Web-Asp-Net45
  • Install-WindowsFeature NET-HTTP-Activation
  • Install-WindowsFeature NET-Non-HTTP-Activ
  • Install-WindowsFeature NET-Framework-Features -source Drive:\sources\sxs
Using the ConfigMgr Prerequisites Tool 1.4.2

Nickolaj Andersen developed a very nice tool which he frequently updates and it’s very reliable. You can download the tool here.

Start PowerShell as an administrator and execute the script.

image

The script will do 4 validation checks. It will check if the current user is a member of the local Administrators group, see if there’s any pending restart, check the Operating System if it’s supported and also check the PowerShell version if that’s supported. When every check is green, switch to the Primary Site tab and click Install on the right side bottom.

image

This will start and monitor the installation of the required Roles & Features. When this is done, close the Tool and continue with the next step.

image

Configure Windows Firewall Rules

In a later post we will install SQL Server, therefor we need some firewall ports configured.

Open PowerShell as an administrator and type the lines below, This will create the firewall rules that are required for SQL Server Communication.


IIn the next post we will continue with the installation of MDT & W10 ADK.
Tweet about this on TwitterShare on LinkedInShare on Facebook

ConfigMgr Update 1601 Technical Preview now available

January 28, 2016 at 4:05 pm in Uncategorized by Ken Goossens

Hey Guys,

On the 26th of January, Microsoft released Update 1601 in Technical Preview for Configuration Manager. The prove that they actually do something with the feedback and proposals that they receive through the User Voice Site. For those that still doesn’t know what user voice is, I would recommend you to have a look. It’s a place that is intensive monitored by the Microsoft Engineering Teams. https://configurationmanager.uservoice.com

Some of the new features that are available in this update include:

    • Conditional Access for PCs managed by ConfigMgr– Use conditional access capabilities in Configuration Manager to help secure access to Office 365 (Exchange Online and SharePoint online) on PCs that are managed by ConfigMgr. Conditions which can be used to control access are – Azure AD Workplace Join, BitLocker, Antimalware, Firewall, and Software Updates.

    • Online status of devices – Identify at a glance whether a client is online or offline in near real-time in the Configuration Manager console. With updated icons and columns in the console device listings, you can assess the status of clients in your environment to quickly identify problem areas that require attention.

    • New antimalware policy settings – Configure new antimalware settings including protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan.

This release also includes new features for customers using System Center Configuration Manager integrated with Microsoft Intune to manage mobile devices. Some of the features that you can expect to see are:

    • The ability to set iOS managed app configuration.

    • The ability to include Windows 10 health attestation data as part of overall device compliance check. You can learn more about Windows 10 health attestation, in this TechNet article.

    • Manage and deploy apps purchased through the Apple Volume Purchase Program (VPP) for Business portal.

In order to enable update 1601 for this Technical Preview, go to the “Updates and Servicing” node in your System Center Configuration Manager Technical Preview 4 environment. To find more information about new features and scenarios, go to the “What’s New” area in the admin console. For more technical details on these improvements, check out our TechNet page.

We’re eager to hear what you think about this latest update! To provide feedback or report any issues with the functionality included in this Technical Preview, please use Connect.  If there’s a new feature or enhancement you want us to consider including in future updates, please use the Configuration Manager UserVoice site.

Repost from http://blogs.technet.com/b/configmgrteam/archive/2016/01/26/update-1601-now-available-in-sc-configmgr-technical-preview.aspx

Stay Tuned  for more,

Ken

Tweet about this on TwitterShare on LinkedInShare on Facebook

Changing Program Run Type with PowerShell – WMI Program Flags Explained

January 27, 2016 at 4:13 pm in ConfigMgr by Ken Goossens

Hi there and welcome back on my blog, today I will talk about WMI Program Flags, more particular about how to change the Program Run Type with PowerShell and WMI. If you are not familiar with WMI and Program Flags, read this blog post carefully and try to understand what I do. It might look complicated, but once you understand the mechanics it’s not that hard. I would like to say thanks to Kim for explaining this to me in the first place Knipogende emoticon

If you take a look to the properties of a program, on the Environment tab, you notice that we have 3 different Run Types.

image

    • Only when a user is logged on
    • Whether or not a user is logged on
    • Only when no user is logged on

First of all it’s important to know that you won’t be able to change the value from, for example Only when a user is logged on to Whether or not a user is logged on by turning 1 bit on and 1 bit off.

Now let’s start with the creation of a standard package. and create a standard program that we will use as an example. Below the configuration of the package and the standard program.

image

The Package is created, so lets have a look to the properties of the program. We see that the program is configured to run only when a user is logged on. By default the program will also run with user rights.

image

The next step is to gather the Program Flag in WMI. There are a few ways to do this, for example with wbemtest. If you use wbemtest, you will need to do some calculations to obtain the binary value of the Flag. For that reason I prefer using PowerShell.

Open PowerShell and get the Program Flag value by running the script below. Don’t forget to change the PackageID and the WMI NameSpace SiteCode

The script will query for the program in WMI based on the PackageID and will directly convert the ProgramFlag to a binary value.

$PackageID = "CSQ00203"
$PackageQuery = Get-WmiObject -Namespace "Root\sms\Site_CSQ" -Class SMS_Program -ComputerName localhost -Filter "PackageID='$PackageID'"
$ProgramFlagBin = [Convert]::ToString($($PackageQuery.ProgramFlags), 2)
$ProgramFlagBin

In the result you will see the ProgramFlag displayed in binary,  now let’s have a deeper look in the binary switches.

image

Every single bit correspond with a different setting. Below I translated the bits so that we can see what is actually enabled in our Program.

The binary value for our Standard Program is 1000 1000 0001 0000 0100 0100 0000 0000

In the list below, I created a 3rd column where I have put the Binary Values of the Standard Program, to let you see what Flags are enabled. As you probably already noticed and most probably should know is that we start from right to left     <——–

Hex (Bit) Description bit
0x00000001 (0) AUTHORIZED_DYNAMIC_INSTALL. The program is authorized for dynamic install. 0
0x00000002 (1) USECUSTOMPROGRESSMSG. The task sequence shows a custom progress user interface message. 0
No Function / 0
No Function / 0
0x00000010 (4) DEFAULT_PROGRAM. This is a default program 0
0x00000020 (5) DISABLEMOMALERTONRUNNING. Disables MOM alerts while the program runs. 0
0x00000040 (6) MOMALERTONFAIL. Generates MOM alert if the program fails. 0
0x00000080 (7) RUN_DEPENDANT_ALWAYS. If set, this program’s immediate dependent should always be run. 0
0x00000100 (8) WINDOWS_CE. Indicates a device program. If set, the program is not offered to desktop clients. 0
0x00000200 (9) This value is not used. 0
0x00000400 (10) COUNTDOWN. The countdown dialog is not displayed. 1
0x00000800 (11) FORCERERUN. This value is not used. 0
0x00001000 (12) DISABLED. The program is disabled. 0
0x00002000 (13) UNATTENDED. The program requires no user interaction. 0
0x00004000 (14) USERCONTEXT. The program can run only when a user is logged on. 1
0x00008000 (15) ADMINRIGHTS. The program must be run as the local Administrator account. 0
0x00010000 (16) EVERYUSER. The program must be run by every user for whom it is valid. Valid only for mandatory jobs. 0
0x00020000 (17) NOUSERLOGGEDIN. The program is run only when no user is logged on. 0
0x00040000 (18) OKTOQUIT. The program will restart the computer. 0
0x00080000 (19) OKTOREBOOT. Configuration Manager restarts the computer when the program has finished running successfully. 0
0x00100000 (20) USEUNCPATH. Use a UNC path (no drive letter) to access the distribution point. 1
0x00200000 (21) PERSISTCONNECTION. Persists the connection to the drive specified in the Drive Letter property. The USEUNCPATH bit flag must not be set. 0
0x00400000 (22) RUNMINIMIZED. Run the program as a minimized window. 0
0x00800000 (23) RUNMAXIMIZED. Run the program as a maximized window. 0
0x01000000 (24) HIDEWINDOW. Hide the program window. 0
0x02000000 (25) OKTOLOGOFF. Logoff user when program completes successfully. 0
0x04000000 (26) RUNACCOUNT. This value is not used. 0
0x08000000 (27) ANY_PLATFORM. Override check for platform support. 1
0x10000000 (28) STILL_RUNNING. This value is not used. 0
0x20000000 (29) SUPPORT_UNINSTALL. Run uninstall from the registry key when the advertisement expires. 0
0x40000000 (30) The platform is not supported. 0
0x80000000 (31) SHOW_IN_ARP. This value is not used. 1

Now that we filled in the value’s in the table above, we can see that bit 14: USERCONTEXT. The program can run only when a user is logged on is enabled. In order to understand what happens with the bits, let us manually change the Program Run Type to Whether or not a user is logged on and compare the 2 binary value’s. Notice in the print screen below, that also the Run Mode is changed to Run with administrative rights (bit 15)

image

To get the binary value of the Program Flag, we can run the same script again that we used before. Again, make sure that you change the PackageID and the WMI NameSpace SiteCode

$PackageID = "CSQ00203"
$PackageQuery = Get-WmiObject -Namespace "Root\sms\Site_CSQ" -Class SMS_Program -ComputerName localhost -Filter "PackageID='$PackageID'"
$ProgramFlagBin = [Convert]::ToString($($PackageQuery.ProgramFlags), 2)
$ProgramFlagBin

Let’s compare the 2 different settings. The blue rows are untouched and the red rows have changed.

Bit Only Run when a user is logged on Whether or not a user is logged on
 0 0 0
1 0 0
2 0 0
3 0 0
4 0 0
5 0 0
6 0 0
7 0 0
8 0 0
9 0 0
10 1 1
11 0 0
12 0 0
13 0 1
14 1 0
15 0 1
16 0 0
17 0 0
18 0 0
19 0 0
20 1 1
21 0 0
22 0 0
23 0 0
24 0 0
25 0 0
26 0 0
27 1 1
28 0 0
29 0 0
30 0 0
31 1 1

If you look in the table we see that 3 values actually have been changed in order to swap the Program Run type from only when a user is logged on to whether or not a user is logged on.

    • Bit 13: From 0 to 1
    • Bit 14: From 1 to 0
    • Bit 15: From 0 to 1

At this stage, we know that 3 bits have changed. Now how do we need to do that with PowerShell, because it’s a pretty boring task to do that manually for 1000+ Programs.

The script below will change the ProgramRunType from all the programs under a specific package. To change the bits, we use bitwise operators.

Bitwise operators act on the binary format of a value. For example, the bit structure for the number 10 is 00001010 (based on 1 byte), and the bit structure for the number 3 is 00000011. When you use a bitwise operator to compare 10 to 3, the individual bits in each byte are compared.

In a bitwise AND operation, the resulting bit is set to 1 only when both input bits are 1.

1010   (10)

0011   (  3)

—————— band

0010    (  2)

In a bitwise OR (inclusive) operation, the resulting bit is set to 1 when either or both input bits are 1. The resulting bit is set to 0 only when both input bits are set to 0.

1010   (10)

0011   (  3)

—————— bor (inclusive)

0010    (11)

In a bitwise OR (exclusive) operation, the resulting bit is set to 1 only when one input bit is 1.

1010   (10)

0011   (  3)

—————— bxor (exclusive)

0010    (  9)

Let us recap the above in human language:

    • to check if a certain flag is enabled in WMI we will use –band
    • to change 1 bit from 0 to 1 we will use –bor
    • to change 1 bit from 1 to 0 we will use –bxor

This being said, let’s have a look to the actual script to change the ProgramRunType from Only when a user is loggod on to Whether or not a user is logged on. The script is using a input file PackageID.txt (containing only PackageIDs) that needs to be placed in the same folder as the script. The Script will create in the same folder a logfile that is readable with CMTrace.

# ===============================================================================================
#
# NAME: Change Program Run Type
#
# AUTHOR: Ken Goossens
# DATE : 28/01/2016
#
# COMMENT: The Script will change The Program Run Type for all Install and Remove Programs
# - Changing from Only when a user is logged on to Whether or not a user is logged on
#
# ===============================================================================================

# ============================================ FUNCTIONS ========================================

# Global Variables
$Logfile = "$PSScriptRoot\CL_ChangeProgramRunType.log"

Function Write-Log {

 PARAM(
 [String]$Message,
 [String]$Path = $Logfile,
 [int]$severity,
 [string]$component
 )

 $TimeZoneBias = Get-WmiObject -Query "Select Bias from Win32_TimeZone"
 $Date= Get-Date -Format "HH:mm:ss.fff"
 $Date2= Get-Date -Format "MM-dd-yyyy"
 $type=1

 "<![LOG[$Message]LOG]!><time=$([char]34)$date+$($TimeZoneBias.bias)$([char]34) date=$([char]34)$date2$([char]34) component=$([char]34)$component$([char]34) context=$([char]34)$([char]34) type=$([char]34)$severity$([char]34) thread=$([char]34)$([char]34) file=$([char]34)$([char]34)>" | Out-File -FilePath $Path -Append -NoClobber -Encoding default
}

Function CreateLogFile {
 If (Test-Path $Logfile){
 Write-Log -severity 1 -component "-------------------------------------" -Message "------------------------------------------------------------------------------"
 Write-Log -severity 1 -component "Checking LogFile" -Message "-- LogFile Exists"
 }

 Else{
 New-Item $Logfile -type file
 Write-Log -severity 1 -component "Checking LogFile" -Message "-- LogFile Created"
 }
}

Function GetSMSSiteCode {
 $SMS_ProviderLocation = Get-WMIObject -query "Select * From SMS_ProviderLocation Where ProviderForLocalSite = true" -Namespace "root\sms" -ComputerName "." -ErrorAction Stop
 $SMS_SiteCode = $SMS_ProviderLocation.SiteCode
 Return $SMS_SiteCode
}

# ========================================= END OF FUNCTIONS =====================================

# Check LogFile
$CheckLogFile = CreateLogFile

# Set Variables
$SMS_SiteCode = GetSMSSiteCode

# Reading a list of PackageIDs
$PackageIDs = Get-Content $PSScriptRoot\PackageID.txt

# Loop through all the Packages in the input list.
Foreach($PackageID in $PackageIDs){

 Write-Log -severity 2 -component "Start Processing Package" -Message "---- Start to process package with PackageID: $PackageID."

 # Query all the programs under the specific packageID
 $PackageQuery = Get-WmiObject -Namespace "Root\sms\Site_$SMS_SiteCode" -Class SMS_Program -ComputerName localhost -Filter "PackageID='$PackageID'"

 # Change for each Program the ProgramRunType to Whether or not a user is logged on
 foreach($item in $PackageQuery){

 Write-Log -severity 1 -component "Query Package" -Message "------ Package $($item.PackageName) has been queried."
 Write-Log -severity 1 -component "Processing Programs" -Message "-------- Program $($item.ProgramName) is ready to be changed."

 If(($item.ProgramName -like '*-Install') -or ($item.ProgramName -like '*-Remove')){

 # If Only when a user is logged on is enabled
 If($item.ProgramFlags -band ([math]::pow(2,14))){

 # Changing Bit 0 to 1
 $item.ProgramFlags = $item.ProgramFlags -bor ([math]::pow(2,13))
 $item.put()
 Write-Log -severity 1 -component "Changing Bit" -Message "--------- Bit Value Changed from 0 to 1 for: UNATTENDED. The program requires no user interaction."

 # Changing Bit 1 to 0
 $item.ProgramFlags = $item.ProgramFlags -bxor ([math]::pow(2,14))
 $item.put()
 Write-Log -severity 1 -component "Changing Bit" -Message "--------- Bit Value Changed from 1 to 0 for: USERCONTEXT. The program can run only when a user is logged on."

 # Changing Bit 0 to 1
 $item.ProgramFlags = $item.ProgramFlags -bor ([math]::pow(2,15))
 $item.put()
 Write-Log -severity 1 -component "Changing Bit" -Message "--------- Bit Value Changed from 0 to 1 for: ADMINRIGHTS. The program must be run as the local Administrator account."

 }
 Else{

 Write-Log -severity 3 -component "Information" -Message "-------- Program $($item.ProgramName) is already configured to Whether or not a user is logged on."

 }
 }
 Else{

 Write-Log -severity 3 -component "Information" -Message "-------- Program $($item.ProgramName) does not meet the requirements."

 }
 }

 Write-Log -severity 2 -component "End Processing Package" -Message "---- Finished to process package with PackageID: $PackageID."
}

I hope it helps and stay tuned.

Ken

Tweet about this on TwitterShare on LinkedInShare on Facebook

Winter 2016 Update for the System Center Configuration Manager Cmdlet Library

January 26, 2016 at 11:12 am in ConfigMgr by Ken Goossens

The Configuration Manager Sustained Engineering team is pleased to release the winter 2016 update to the System Center Configuration Manager Cmdlet Library. This update adds support for the current branch of System Center Configuration Manager (version 1511 and technical preview 1512) and includes:

  • New cmdlets that simplify working with application deployment types.
  • New cmdlets that consolidate the “User” and “Device” variants of the collection cmdlets.
  • Changes to cmdlets:
    • Improved performance for cmdlets that utilize configuration items and applications.
    • Configuration item cmdlets (such as Set-CMConfigurationItem) now ensure that they are always using the latest revision of a configuration item.
    • Network Access Protection and out of band management (AMT) cmdlets are deprecated on Configuration Manager (version 1511) and higher.
    • The Query Result Maximum has been disabled by default.
  • Bug fixes and enhancements to specific cmdlets.

You will find more details on the Microsoft Download Center here.

For additional information about the Cmdlet Library, refer to the following TechNet documentation:

Configuration Manager Cmdlet Library Documentation

Configuration Manager Cmdlet Help Reference

You can provide product feedback for the Cmdlet Library on the UserVoice site for Configuration Manager:https://configurationmanager.uservoice.com/.

You may report issues with the Cmdlet Library on the Connect site for Configuration Manager:https://connect.microsoft.com/ConfigurationManagervnext.

This information comes from  http://blogs.technet.com/b/configmgrteam/archive/2016/01/25/winter-2016-update-for-the-sc-configmgr-cmdlet-library.aspx

Take care and stay stuned!!

Ken

Tweet about this on TwitterShare on LinkedInShare on Facebook

Hydration Kit for ConfigMgr 2012 R2 SP1 with SQL Server 2014 SP1 available

June 2, 2015 at 8:29 am in Uncategorized by Ken Goossens

 

Johan Arwidmark released a new Hydration Kit for Configuration Manager 2012 R2 SP1 with SQL Server 2014 SP1.

image

The Hydration Kit is a very easy way to setup a test lab and start testing all your scenario’s.

Please go to http://deploymentresearch.com/Research/Post/485/Hydration-Kit-for-ConfigMgr-2012-R2-SP1-with-SQL-Server-2014-SP1 for more info.

Enjoy playing with it and until next time.

Ken

Tweet about this on TwitterShare on LinkedInShare on Facebook
Visit Us On TwitterVisit Us On FacebookVisit Us On Linkedin