You are browsing the archive for 2011 February.

Preparing for the MVP summit 2011

1:21 pm in MVP, summit by Kenny Buntinx [MVP]

Hi All,

Just getting myself ready for the MVP summit in Seattle next week, as our other 3 SCUG MVP’s ( Kim Oppalfens & Alexandre Verkinderen & Mike Resseler ) .

For me it is going to be an exciting event for me , as it is my second MVP summit I’ll be attending since my nomination in July 2009.

For those of you that don’t know what the MVP summit is, It is a week full of working, talking and discussing together with our MVP pears , but also with the (In my case) ConfigMgr product group.

We will be fully busy with getting our hands on ConfigMgr 2012 at the Enterprise Engineering Center at Building 25 in a real test datacenter.

image

I’m really looking forward to meet with members of the Microsoft product groups and directly learn from those people who are responsible for the individual product features and I see this as a real honor.

So if the blogging level is a bit low on SCUG.be next week , you will know why this is ….

 

Hope it Helps ,

Kenny Buntinx

Configmgr 2007 and how to automate Windows 7 Backup Activation thru a task sequence

11:43 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, Deployment, Installation, Operating System Deployment, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Task Sequence, Windows 7, Windows 7 SP1 by Kenny Buntinx [MVP]

One of my customers is using a GHOST principle on their laptops, to restore an original image from a restore partition. This partition is right now visible for the end user. Now that we are migrating towards SCCM we want to do the same thing thru Configmgr.

To accomplish this, we only focus on the integrated windows 7 backup tools as they have a native build in wizard to restore as well .

Scenario to accomplish :

  1. We want to do a full backup at the end of the deployment task sequence , including the standard applications and save it locally. This one allows you to restore the machine as it was at the end of the task sequence.
  2. We want to let any user restore that image on an easy way with helpdesk support . Mainly this scenario is for end users that are sitting somewhere in the “bush bush” and no direct connection to a nearby office .
  3. We want to schedule for those kind of users a backup when he is working on his machine , based on VSS technology . ( impossible with ghost ).

Steps to accomplish the scenario :

First of all I want to thank Kim Oppalfens and George Simons ( both MVP ConfigMgr ) for helping me accomplish this scenario. We had some offline discussions to accomplish this scenario and it is not yet perfect .

The initial process we have in mind during the Operating system deployment phase when we stage an image to a machine for a user:

1. Creating the necessary partitions :

  • System partition (+/- 500 mb) that will hold the bootloader (think of Bitlocker ) and the WINRE environment. ( hidden )
  • C:\ OS partition
  • D:\ Data partition
  • E:\ IMAGE system image backup partition (drive letter will be removed in the process)

2. Create local admin user f.e. RECOVERY and added the local admins group. We have tested this with a power user or backup operator , however you need local admin rights to restore the image. For security purposes we investigate later to have a daily/weekly/monthly password changer based upon an algorithm.

3. Run the windows 7 built-in WBADMIN tool, with the following parameters : “wbadmin START BACKUP –BackupTarget:E: -include:c: -AllCritical –Quiet”

4. Remove drive letter of the “Image”Partition , in this case E:\ 

 

We don’t care about hiding the volume. Standard users have no permissions to reassign a drive letter, and hence won’t be able to see or use the partition. That is more than enough for us. Hiding the partition just complicates matters for us from an admin perspective.

The additional process we could have in mind is to send down a task sequence to back up his system when a user requests it. This could be performed with or without  any user interaction.

Task Sequence example :

</group>
      <group name="Backup" description="">
        <step type="SMS_TaskSequence_RunCommandLineAction" name="Create Admin Recovery User" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
          <action>smsswd.exe /run: net user recovery Helpdesk123 /add</action>
          <defaultVarList>
            <variable name="CommandLine" property="CommandLine" hidden="true">net user recovery Helpdesk123 /add</variable>
            <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
            <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
            <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
          </defaultVarList>
        </step>
        <step type="SMS_TaskSequence_RunCommandLineAction" name="Add Recovery User to Local Admin" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
          <action>smsswd.exe /run: net localgroup "Administrators" recovery /add</action>
          <defaultVarList>
            <variable name="CommandLine" property="CommandLine" hidden="true">net localgroup "Administrators" recovery /add</variable>
            <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
            <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
            <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
          </defaultVarList>
        </step>
        <step type="SMS_TaskSequence_RunCommandLineAction" name="Create Backup" description="" timeout="1200" runIn="WinPEandFullOS" successCodeList="0 3010">
          <action>smsswd.exe /run: wbadmin START BACKUP -BackupTarget:e: -include:c: -AllCritical -Quiet</action>
          <defaultVarList>
            <variable name="CommandLine" property="CommandLine" hidden="true">wbadmin START BACKUP -BackupTarget:e: -include:c: -AllCritical -Quiet</variable>
            <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
            <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
            <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
          </defaultVarList>
        </step>
        <step type="SMS_TaskSequence_RunCommandLineAction" name="Hide Drive Letter" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
          <action>smsswd.exe /run: Mountvol e: /D</action>
          <defaultVarList>
            <variable name="CommandLine" property="CommandLine" hidden="true">Mountvol e: /D</variable>
            <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
            <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
            <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
          </defaultVarList>
        </step>
      </group>

End user experience :

1.When your Windows 7 machine gets broken it will automatically jump to the window shown below , otherwise Press F8 during boot :

image

2. When you start “Repair your computer” , WinRe will start up .

image

3. Once “WinRe”is loaded it will ask for your keyboard layout :

image

4. Fill in your credentials

image

5. Select “System Image Recovery”

image

6. Select the image that you want to restore and wait until the process has been completed .

image

 

Remarks / Improvements to make :

  1. The complete process works only once with a hidden drive letter…….until you do the restore. After the restore the drive letter is back and then a user could mess around and delete stuff. I have tried to remove the driveletter before running wbadmin , but I have no success to use the GUID as my drive is MBR and not GPT. Anyway the basic principle works .
  2. User security : We need a algorithm to change the custom local admin restore user  on a daily/weekly/monthly basis as a default password just isn’t secure enough .
  3. Now I am testing to get a function key on a Lenovo to do his magic ( Press F5 and it launches auto magically the recovery environment ) . More on that in a later blog post .

 

Hope it Helps ,

Kenny Buntinx

Configmgr 2007 : Windows 7 and Windows 2008 R2 Service Pack 1 (SP1) supportability

9:22 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, FEP2010, Operating System Deployment, OSD, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Windows 7 SP1 by Kenny Buntinx [MVP]

Hi Guys ,

 

News is traveling fast about the availability of Service Pack 1 (SP1) for Windows 7 and Windows 2008 R2, as it is already available on TechNet ,  MSDN and MVLS site .

 

However it is NOT certified and therefore NOT SUPPORTED for Configuration Manager 2007 SP2 R2 or R3 yet by the Product Group. If you already use it in production , don’t expect Premier Support to help you .

Certification and support statements will take official 90 days after Release To Web ! However , if it is sooner , I will let you know .

 

Now my personal experiences :

 

In our Lab environment everything works OK along with FEP 2010 client, even in our Acceptance Production environment where 500 clients are sitting , but we aren’t moving unless we have an official support statement !

 

Hope it Helps

 

Kenny Buntinx

MMS 2011 is only 5 weeks away and Birds of a Feather session on ConfigMgr R3 Power management : Lessons learned from the field

8:50 pm in BOF, configmgr2007, ConfigMgr2007 R3, mms, MMS-2011, Power Management, R3, SCCM 2007, SCCM 2007 R3 by Kenny Buntinx [MVP]

Hi All,

I have recently deployed Configuration Manager 2007 R3 RTM in production at my TAP customer. Those who attended my presentation at the Belgian System Center Day “http://scug.be/blogs/sccm/archive/2010/09/30/announcement-system-center-day-in-belgium.aspx” have seen already the best practices & lessons learned on implementing R3 Power Management .

I just proposed a birds of a feather session on ConfigMgr R3 Power management : Lessons learned from the field together with our Finish Configmgr MVP Panu Saukko (who also did a large R3 TAP implementation).

We are hoping to get enough votes to put on an ultra-slick, seriously hardcore ConfigMgr 2007 R3 Power management : Lessons learned from the field BOF session at MMS 2011.

I am still trying to get enough votes to raise this up so that it can take place.

 

A short clip from his blog posting to wet your appetite:

  • R3 Power Management Overview
  • R3 Installation flow
  • R3 In-Depth Power Management Implementation notes
  • R3 Power Management Caveats
  • R3 Power management Tips & Tricks
  • R3 Power management Advanced Reporting

 

If you want to see this session go through then vote for this session thru the roof by performing the following procedure:

· Log into CommNet (http://www.mms-2011.com)

· Click on “BOF Survey” in the left Nav

· In the “Commonly Requested Topics” dropdown select “ConfigMgr R3 Power management : Lessons learned from the field”

· Press “Submit”

 

Hope it Helps ,

Kenny Buntinx and Panu Saukko

Mpsetup.log: Setup was unable to create ccm_incoming on a Windows 2008 (non R2) Box after installing a patch

6:40 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, MP, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007 by Kenny Buntinx [MVP]

Issue : During a necessary patch installation it denied installing the Configmgr client hotfix package on the site server because it told us another install was already occurring . After rebooting the server , the server had issues with reinstalling the component called the Management point . It always failed with error 1603 ( Install Failed , unknown error ).

The following error was found in the eventlog or MPMSI.log  :

Error 25006. Setup was unable to create the Internet virtual directory CCM_Incoming.The error code is 800CC801
CustomAction CcmCreateIISVirtualDirectories returned actual error code 1603

 

Note that the failures are observed on Standard, Enterprise, x86, and x64 versions. The failures are observed in the following circumstances:

  • After performing a site repair of a site server running on Windows 2008 with a local MP already installed
  • Initial install of an MP on a machine running Windows 2008
  • After removing and attempting to reinstall an MP on a machine running Windows 2008

 

Steps to we tried to resolve the issue :

· Looked at the error and it seemed related to a bits error and task scheduler service .We looked at the permissions and if the task scheduler service was started. Everything was green so , no luck .

· I uninstalled the SCCM client as we have seen other customers suffering reinstalling Management points on their servers when sitting on the same box . No Luck either .

· My last resort was a BITS corruption , de-installed BITS and the reinstalled it . Solved the issue !.

 

At the same time I de-installed BITS , I found a quick fix article describing the exact issue : http://support.microsoft.com/default.aspx?scid=kb;en-us;2419559&sd=rss&spid=12769

This is problem described is only valid for Windows 2008 environments , not for Windows 2008 R2 . Took us a half a day figuring out what was going on .

 

Solution :

As of right now, the easiest way to resolve this issue is to remove and reinstall the BITS component. If the ConfigMgr 2007 Management Point role was already installed then it will also be necessary to remove and reinstall that role once you’ve done the same with BITS.

You could find the same answer on http://support.microsoft.com/default.aspx?scid=kb;en-us;2419559&sd=rss&spid=12769

 

Hope it Helps ,

Kenny Buntinx

ConfigMgr on xendesktop with the usage of provisioning server : Unique GUID issue and the smscfg.ini

8:25 am in citrix, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, ConfigMgr V.next, configmgr2007, ConfigMgr2007 R3, Deployment, PVS, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, SCCM v.Next, sccm2007, Xenapp, Xendestop by Kenny Buntinx [MVP]

Have you ever tried to manage your XENDesktop or PVS target devices using Configuration Manager in combination with an App-V integrated scenario ? I have a few customers that started to use Citrix Provisioning services and where faced with some issues when they wanted to pre-cache there App-V packages with Configmgr 2007 SP2 R3 . In some ways, managing the devices using SCCM is irrelevant due to the nature of how PVS works, but I’ve run into a few companies that insist on using SCCM for inventory management  ,  License reporting and virtual application targeting. The ConfigMgr client, is not designed to work well in a streamed OS environment. 

Citrix Provisioning Services allows for multiple servers to stream their boot disk from the same master image (vDisk). During the boot process, PVS will make sure each server has a unique SID and dynamically apply the computername together with some other tasks to make those systems unique.

If you tried installing the SCCM client on a PVS image, you will notice that SCCM shows new machines with the same name every time a PVS target device reboots in standard mode. This is because the SCCM client changes the GUID when an image is pushed to new hardware. ConfigMgr  uses the GUID to keep track inside his database.

ConfigMgr uses an ID that is generated on the Client to identify a machine inside the ConfigMgr hierarchy. This ID, also known as SMS GUID is generated during ConfigMgr Client installation.
An Algorithm, which combines the Timestamp (Time of ConfigMgr Client Installation) and the Universally Unique Identifier (UUID) is used to generate a unique Identifier.
A Client generates a new SMS GUID if the following things change

  • the SMBIOS serial number
  • the Machine SID
  • the Hardware ID (see appendix)

Appendix
Criteria for Hardware ID monitoring:

  • FirstDriveSerial
  • MACAddress
  • CDROMDevice
  • DisplayAdapter
  • HwidVersion
  • ProcessorSerial
  • DiskDevice
  • SCSIAdapter
  • DiskAdapter
  • ProcessorType
  • RAMSizeMb
  • Dockable

 

This GUID is stored in the c:\windows\SMSCFG.ini file. You can read this value out by a vbscript

The problem we see is in a Citrix Provisioned desktop, this file comes up with a duplicate GUID each time. This causes the SCCM client t re-generate the GUID and create a new file on every boot.
You can find this information here http://support.microsoft.com/kb/837374

The Fix ( I got this content and script from Rick Rohne – citrix guru )

In order to persist the computers GUID, you must be using “cache to targets hard drive” when you place your systems in standard mode. We will use the hard drive to save the SCCMCFG.ini file after each reboot.
This also means that "cache to RAM" or "cache to Server" will not be sufficient because the cache will be purged on every reboot.

Step 1 :

To resolve this, first, you have to run a script when switching from private mode to standard mode. This is done by the XENDesktop Admin after he modifies the default image…

This script stops the SCCM service and deletes the c:\windows\SCCMCFG.ini file.

‘————————— SCCM Cleanup.vbs————————————–
‘Stop SCCM client strServiceName = "CCMExec"
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name =’" & strServiceName & "’")
For Each objService in colListOfServices objService.StopService() Next ‘ Cleanup SCCM Set fso = CreateObject("Scripting.FileSystemObject") Set aFile = fso.GetFile("c:\windows\SMSCFG.ini") aFile.Delete
—————————————————————————————-

Step 2 :

Now, you have to run a shutdown script and startup script that basically places the ‘c:\windows\SCCMCFG.ini’ file on the Cache drive on shut down. When the computer boots up, it will check to see if the file exists on the cache drive.

If it does not, the SCCM client will register itself to the SCCM server and create a new c:\windows\SCCMCFG.ini file. Upon shutdown, the c:\windows\SCCMCFG.ini file is copied to the cache drive.

This is a simple batch file script that can be loaded into active directory as a computer startup script for the OU where XENDesktop computers reside.

Startup Script

IF EXIST G:\SMSCFG.ini COPY G:\SMSCFG.ini C:\Windows\SMSCFG.ini /y > c:\smserror.txt

Shutdown Script

COPY c:\windows\SMSCFG.ini G:\SMSCFG.ini /y > g:\smserror.txt

Conclusion :

PVS images that are managed by SCCM will show up as unique entries in the SCCM database. This will at least make sure that systems will keep their own SCCM computer record and not generate a new one on every boot, but still it requires management overhead as there is no way to tell that those systems will get the same SCCM configuration / advertisements if something will go wrong in the middle of this process !

Therefore I expect since Citrix and Microsoft SCCM are allianced together in the V-Alliance , we would also like to see that the integration between ConfigMgr 2010 and Citrix Provisioning services  and that there will be "PVS-Awareness" in Configmgr 2012.

 

Hope it Helps ,

Kenny Buntinx