You are browsing the archive for 2011 July.

Windows 7 OSD deployment (SCCM or MDT ) and starting with a patched media = More secure & Saves time !

9:03 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, ConfigMgr V.next, configmgr2007, ConfigMgr2007 R3, Deployment, DISM, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, SCCM v.Next, sccm2007, WAIK, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

1. Download your patches to a folder

You could always download the patches from the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx and save them to a local folder or automate it by the following process :

  • First step will be to install a clean Windows 7 machine without any application . After that process we will run wuauclt /detectnow and install all available updates . You will need to reboot a few times and rerun the wuauclt /detectnow to allow all patches to be installed properly

  • Then run the procedure below for WSUS patch extraction :

Go to C:\windows and open windowsupdate.log in excel. Delimit the file by Tab and space

Run the auto-filter and filter on “Downloading” in column “G”

Select all rows in column “I” and copy the table. Go to new sheet and paste in this in column “B”

We select column “B” and select Data -> text to column en delimit by ‘/’. Now we remove column “B,C,D and E”

Go back to sheet where you imported the “Windowsupdate.log” and select all rows in column “K” and copy the column. Go to the new sheet and paste in column “D”

We select column “K” and select Data -> text to column en delimit by ‘\’. Now we remove column “D,E,F,G and H”

Paste the following formula in column “A” “="Copy H:\" & B2 & "\" & C2 & " c:\Patches\" & D2”

Drag the formula to below , select column A , select all and copy it

Open notepad , paste the text and save as “getpatch.cmd”

Map your drive H: to \\yourwsusserver\WsusContent and run “getpatch.cmd”

Copy your downloaded patches to the location you need them

 

2. Applying the offline patches to the windows 7 media

 

Open up a WINPE command prompt via the WAIK.

Run the following commands in the following sequence .

Dism /Mount-Wim /Wimfile:"F:\DISM\Windows 7 Enterprise SP1 Eng X64 Source\sources\install.wim" /index:1 /Mountdir:F:\DISM\temp

clip_image002

Dism /image:F:\DISM\temp /add-package /packagepath:F:\DISM\Patches (where the patches folder contains your downloaded CBS windows patches)

clip_image004

dism /commit-WIM /Mountdir:F:\DISM\temp

clip_image006

dism /unmount-WIM /commit /Mountdir:F:\DISM\temp

clip_image008

 

3. What if you get an error applying the offline patches?

 

It can happen that there are patches that cannot be applied offline. When that happens, you will get the following error as shown below in the screenshot. In this case KB2533552. Do not worry, the process does not need to run again.

However, please note all patches that couldn’t be applied, so you could keep track of them for later deployment .

clip_image010

To see what is really going on and to verify this is a patch that cannot be applied offline , you should open the DISM.log file and search for the specific update as shown below in the screenshot.

clip_image012

When you look closer at the screenshot, you will see the message “Cannot perform offline servicing with an online-only package “, meaning this patch is not a CBS update and needs to be applied online.

You could always check the update on the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx

 

4. Import the image in SCCM or MDT

 

After this process you need to import the source content in SCCM. When done start adding it to the distribution points and wait until it is replicated, preferably with a good naming convention.

After importing the image in SCCM, add it to the DP’s and check if the image is replicated correctly on all selected DP’s.

When it’s done, change the media in the task sequence to use the new patched media. This will allow you to minimize staging downtime.

 

Now you are running from the start with a patched offline media , meaning less deployment time and being more secure when deploying your machines !

 

Hope it Helps ,

 

Kenny Buntinx

Belgian Best of MMS 2011 session recordings online

6:37 pm in Best of MMS, ConfigMgr 2012, SCCM 2012 by Kenny Buntinx [MVP]

clip_image001

A couple of weeks ago we organized a Belgian Best of MMS 2011 event together with our local MVP’s and SCUG user group. All the sessions are published onto the Belux page on TechNet Edge

Microsoft has created a special page on TechNet Edge with all the videos of the event : Best of MMS Belgium 2011.

If you want to review our Configmgr  2012 session , please follow the link below

System Center Configuration Manager 2012
by Kim Oppalfens

Configuration Manager 2012 – Deployment and Infrastructure Technical Overview
by Kenny Buntinx (myself)

 

If you want to try the current Beta2 code , you could click here for :

– The bits and bytes : http://www.microsoft.com/systemcenter/en/us/configuration-manager/cm-vnext-beta.aspx

– The complete VHD : http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21054

 

Hope it Helps ,

Kenny Buntinx

Configmgr : Kerberos Ticket Size can stop you from connecting to vPro Systems and using IDER/SoL.

11:16 am in AMT, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, out of band management, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, Vpro by Kenny Buntinx [MVP]

vPro AMT can leverage Kerberos authentication to allow management from your management console to the AMT firmware. Depending on the management console of choice (e.g. SCCM, Altiris, SMS) you may be using Kerberos or digest authentication. If you are using a management console like SCCM that only uses Kerberos authentication, there are a few things you should be aware of in case you are having problems managing your vPro systems.

In AMT (version 2.x, 3.x, 4.x, and 5.x) there is a Kerberos ticket size limit that varies among versions of AMT (see graph 1 below on specifics for each firmware version). With respect to Kerberos authentication, AMT has different limits for HTTP connection and Serial-Over-LAN (SoL).

Read the complete post here : http://communities.intel.com/community/openportit/vproexpert/blog/2009/03/23/kerberos-ticket-size-can-stop-you-from-connecting-to-vpro-systems-and-using-idersol

 

Hope it Helps ,

 

Kenny Buntinx

SCCM 2007 : Intel AMT–VPRO KVM add-on for SCCM 2007

6:53 am in AMT, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, OOB, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Vpro by Kenny Buntinx [MVP]

Have you ever wanted to be able to launch a KVM Remote Control session from within SCCM from AMT version 6.0 or higher ? Have you ever wanted to make use of the Alarm Clock feature in AMT to wake up or turn on a computer at a specific time? Now you can with the Intel® Core™ vPro™ processor add-on for System Center Configuration Manager 2007 SP2  R2 –R3

This add-on for SCCM 2007 brings the same KVM Remote Control capability that was made available last year in our management pack for SCSM 2010.

In addition, we have also added in the ability to set the AMT Alarm Clock from within SCCM 2007.  This capability lets you set up a schedule in AMT to power on a system from a powered off or sleep state at a specified time; even if the system is not connected to the network.

Once installed, there will be a new sub-menu available when you right-click on systems in the SCCM console that will allow you to launch a KVM Remote Control session, or set the Alarm Clock for the selected system.

There are a few requirements for the KVM functionality however :

  1. You will need to have the intel onboard video adapter . It will not work if you use Matrox , ATI , Nvidea video boards
  2. Intel AMT 6.0 or Higher
  3. The machine must be in-band provisioned thru the SCCM client
  4. BUT – KVM remote control is NOT universal across all 2010 Intel vPro platforms. If shopping for a system, ensure it has Intel integrated graphics, vPro processor, and Intel AMT 6.0. Specifically – look for vPro systems that have the following processors
    • Desktop: i5-650, i5-660, i5-670

    • Laptop: i7-620M, i7-640LM, i7-620LM , i7-640UM, i7- 620UM, i5-540M, i5-520M, i5-520UM

 

Download the plugin here : http://software.intel.com/file/37855

 

Hope it Helps ,

 

Kenny Buntinx

SCCM 2007 : Report Query to List all collections a pc belongs to

7:09 pm in Uncategorized by Kenny Buntinx [MVP]

If you want to create a report to list all collections a pc belongs to :

SQL Statement

Prompt properties

Hope it helps ,

 

Kenny Buntinx

Errors When Using the FEP 2010 Definition Update Automation Tool from Update Rollup 1

7:07 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, FEP, FEP2010, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2 by Kenny Buntinx [MVP]

We’ve become aware of two issues when using the Definition Update Automation Tool.

 

Definition Update Automation Tool fails to add new definition updates to the deployment package :

Symptoms

The FEP 2010 Definition Update Automation Tool may fail to add new definition updates to your deployment package. Reviewing the %ProgramData%\SoftwareUpdateAutomation.log file shows the following exception:

SmsAdminUISnapIn Error: 1 : Unexpected exception: System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary2.Insert(TKey key, TValue value, Boolean add)
at System.Collections.Generic.Dictionary
2.Add(TKey key, TValue value)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SccmUtilities.CalculateCleanupDelta(ConnectionManagerBase connection, ICollection`1 freshUpdateFilesObjectList, IResultObject destinationPackageObject)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SoftwareUpdater.Update(SoftwareUpdateAutomationArguments arguments)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SoftwareUpdater.Main(String[] args)

Cause

More than one FEP 2010 definition update is being detected as active by the tool.

Resolution

This blog article presents workarounds for the issues. You can find the blog on http://blogs.technet.com/b/clientsecurity/archive/2011/07/18/errors-when-using-the-fep-2010-definition-update-automation-tool.aspx

 

Hope it Helps ,

Kenny Buntinx

Opalis 6.3 : Building a VMware/SCCM Opalis provisioning workflow

7:54 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Deployment, Installation, Opalis, Opalis 6.3, Operating System Deployment, powershell, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Virtual machine, Vmware by Kenny Buntinx [MVP]

Recently we did a customer private cloud project where we used all the system center tooling ( http://www.microsoft.com/systemcenter/en/us/default.aspx) , except for the hypervisor layer , which was VMware .

One of the scenarios that the customer had in mind , was to provision all there virtual servers with SCCM and we had to use Opalis to become the glue between VMware – BMC Remedy and System Center. In the first step of the project we didn’t use the Change request mechanism from BMC Remedy yet. Special thanks to my colleague Gunther Dewit for helping me out on this one .

**** Disclaimer **** – This is a very basic workflow – we will post improvements as we go along – it is for helping people moving forward **** Disclaimer ****

The workflow itself

image

Delivering input

image

The first step in creating a workflow is doing a custom start where we could input some necessary variables . The Custom Start Activity is used to create a generic starting point for Workflows. By adding parameters to the Custom Start Activity it can consume external data which can be passed to downstream Workflow Activities.

image

These are the parameters the workflow needs in further steps.  All the rest of the information that is residing in the data bus of Opalis  .

This input is required, without it, the workflow won’t start. A popup will be presented when starting the workflow.

Now that we have all the necessary input required, we can continue with the creation of the virtual machine. In order to create a virtual machine, we need to provide some parameters, some of them will come from the Custom start step, others will have to be adapted per workflow.

 

Creating the virtual machine

image

image

These are the required parameters.

  • Name: This is the name that will be given to the virtual machine, we will get it from the Custom Start  where we filled in a name.
  • Datastore: This is the datastore that will host the virtual machine disk, we will get it from the Custom Start  where we filled in the datastore.
  • DiskMB: Since it was decided to have a fixed disk with a size of 100GB, we filled it in directly instead of asking it in the first step.
  • DiskStorageFormat: This is the thick or thin format, thin was decided as the default format.
  • MemoryMB: This is the amount of memory that will be given to the virtual machine, we will get it from the Custom Start where we filled in an amount of memory.
  • NumCPU: This is the number of CPU’s that will be given to the virtual machine, we will get it from the Custom Start where we filled in the number of CPU’s we need.
  • CD: It was decided that all VM’s will have a cd drive so we set this to true.
  • VMSwapFilePolicy: This will set the swapfile policy the states where the swapfile will be saved, it was decided to do this in the VM itself.
  • VMHost: This is the physical host where the VM will be hosted, this integration pack cannot provision on cluster yet so you need to choose a physical host.
  • GuestID: This is the OS version that will be installed on the VM.
  • Folder: This is the foldername where the VM will be installed as shown in the ESX console.

You can add more details trough the “optional properties” button. If all goes well, the workflow has created the virtual machine now.

Now we need to change some things on the virtual machine.

 

Getting the network adapter settings from the created virtual machine

image

First we need to change the network settings. The VM name, we get from the Custom Start , since this is a read action, no further settings are needed.

Alternatively, you can specify some filters to narrow the data that you receive back.

Alternatively, you can specify some filters to narrow the data that you receive back.

image

Now we will delete all the network connection that VMware made by default because they are useless to us.

 

Removing the network adapters from the virtual machine

image

image

The Network Adapter name is data that we got back from the read action above and the VM name is still the name entered at the Custom Start .

This will remove all network adapters from the VM, alternatively, you can specify filters if you only want to delete a specific adapter.

 

Adding the production network adapter to the virtual machine

image

Now we need to add a network adapter to the VM. The VM name is still the name we entered at the Custom Start .

image

The NetworkName is the name of the network that you want your network adapter connecting to.

The StartConnected specifies if it will be connected to the network or only added without being connected.

The Type is e1000 as this is the only VMware adapter SCCM can work with.

Now we do another step to get the properties from the newly created adapter so we can use the information to input the computer into SCCM.

 

Getting the production network adapter settings from the virtual machine

image

image

Now that we collected the necessary information for SCCM, we can import the computer into SCCM.

This is done by a powershell script that needs to input parameters, the name and the MAC address.

 

Adding the computer to SCCM

image

Now that the computer is known is SCCM, we need to add it to the collection that has the OSD advertised to it.

image

The is done by the following step.

 

Adding the computer to an SCCM collection

image

In the collection field, you can enter 2 things, either the name of the collection or the ID of the collection. What you enter must match the collection value type. If you enter an ID as shown here, the value type must be ID as well. The same is true for the computer where we use the name from the Custom Start step so the value type is name in this case.

image

Now that the VM is created and provisioned in SCCM, we are ready to deploy the operating system on it.

So let’s power on the VM.

 

Powering on the virtual machine

image

The only thing you need to power on a VM is the name and we still get the from the first step.

image

Now that the VM is booting up, SCCM can start the task sequence to deploy an operating system on the VM.

Meanwhile, we will check the progress in Opalis.

 

Getting the virtual machine deployment status

image

The advertisement ID is the ID as it is known in SCCM and the computer name is still the name as we specified in the first step.

image

Looping the task

Now since the OSD deployment takes some time to complete, we will let the step loop until it gets a result back from SCCM.

image

image

It will recheck every 300 second and will do this 8 times or when it gets back from SCCM that the deployment was successful in order not keep the loop while the deployment was finished faster then in 8 loops.

 

Getting the deployment result

image

Now we need to output the result to any medium you want (logfile, mail, …), I do an output to a text file as an example.

Conditional progress

Now how does Opalis know when to write to which log file?

This can be regulated by double clicking on the arrows. This is the arrow toward the success file.

image

As you can see, it will only follow this arrow when SCCM outputs a succeeded message for the advertisement. If not, it will take the other path towards the failed log file.

 

So , It is not so easy to get it all together , but if I may give a great tip: ” Write down all steps of your manual flow  and then try to translate them into an opalis workflow “

 

Hope it Helps ,

Kenny Buntinx

Wow, VMWARE vsphere 5 way to hand microsoft a full house in their "VMware is too expensive" poker hand! vRAM licensing = FAILURE

1:29 pm in Uncategorized by Kenny Buntinx [MVP]

Wow, VMWARE way to hand microsoft a full house in their "VMware is too expensive" poker hand! With there new licensing schema about Vram on Vsphere 5 they are going to help Microsoft a big hand in winning deals for Hyper-V + System Center Virtual Machine Manager 2012 and all the rest of the system center suite !

I like it as a System center consultant  , the way VMware customers are going to suffer for something that has became a commodity such as the hypervisor. Why would you pay for it , I only would pay for decent management and therefore VMware is lacking tools and integration as System Center has today !! VMWARE is forcing customers to almost triple their license counts with the new vSphere 5 licensing scheme and not offering the same management features such as integration with third party tools (Opalis Integration as example).

They are just going to kill themselves this way .

 

Unhappy vmware customer

Read the full thread and get involved here:

http://communities.vmware.com/thread/320877?start=0&tstart=0

Read about the licenses changes your self in the (PDF) Guide to the vSphere 5.0 changes (including FAQ)

Even VMware believers and defenders ( even customers)  are forced to really consider and look at Microsoft’s Hyper-V solution , based on cost and features , as it is not defendable anymore to pay for a commodity as a hypervisor as such .

( because in 90% of the cases , Hyper-V could cover all features compared with VMware )

 

Hope it Helps ,

 

Kenny Buntinx

SCOM and VEEAM nworks management pack for VMware : Guest VM’s are not visible

6:37 am in Operations Manager 2007, Opsmgr 2007, SCOM 2007, SCOM 2007 R2, VEEAM by Kenny Buntinx [MVP]

At one of my customers we had an issue with discovering VM guests thru there VEEAM nworks management pack and it seems that a lot of people on the forums have the same issue . If you look in the SCOM console you will see the following :

image

The SCOM Agent version that is running on the VEEAM collector is SCOM 2007 R2 CU4 on x64 win2k8 r2 server.
The script runs perfectly without errors and discovers all our ESX hosts and clusters  , but no VM Guests or Datastores . In any case – the event we copied below is VEEAMS nworks ‘first stage’ discovery (Discovery = ALL). It only inserts the basic topology – Clusters, Hosts (no sub-components of host).

 

You should see on the next cycle see this event (id 1010 in Operations Manager log), one event for each Host .That will insert host sub-components like CPU cores, VMHBAs, VMNICs etc.

 

Then on the next cycle, you should see this -  the “SV102” event, logged in Operations Manager as event 1011 –

 

Note that the above event could have multiple events for each Host, depending on how many VMs there are. Vms are processed in groups of 5 by default.

At first we thought we needed to enable this discovery in the VEEAM mgmt pack. We have looked in the Operational guide and there are 3 discovery scripts with VEAAM :

  • SV100
  • SV101
  • SV102

All objects (ESX hosts, VMs, nworks Enterprise Manager servers, etc.) are discovered automatically by default. However, your monitoring requirements may need certain objects to be included or excluded from monitoring. For example, to discover and monitor ESX hosts. but not the virtual machines , you should disable (with an override) the ‘SV102 third stage discovery’ rule (for VMs). This rule can be enabled/disabled on a per-Host basis.

We explicitly enabled the Guest discovery in the SV102 discovery , however we didn’t manage to see any VM’s in SCOM . After a lot of searching , we finally found the solution . This is not documented clearly in the VEAAM documentation.

Open your Vsphere console and define your rights but :

Make sure this account has at least Read-Only privileges on the vCenter level, not only the cluster level as shown below in the screenshot . It seems that the VMware API reports all his VM guest info to the vCenter level and not to the cluster level .

image  image

 

Hope it Helps ,

 

Kenny Buntinx

MVP Award Renewal for 2011-2012: System Center Configuration Manager

1:55 pm in MVP by Kenny Buntinx [MVP]

I’m very proud to inform you that my MVP award got renewed for the year 07/2011 – 07/2012 on System Center Configuration Manager. This is certainly a great honor for me.

Thank you Microsoft, blog readers and all the community members that helped me out!

Thanks for the recognition. I am delighted.

 

Last , but not least , I’m also very proud as a Co-Founder to say that we have four MVP’s in Belgium who are specialized in the system Center area . I will list them once more :

  • Mike Resseler – System Center Data Protection Manager MVP
  • Alexandre Verkinderen – System Center Operations Manager MVP
  • Kim Oppalfens – System Center Configuration Manager MVP
  • Myself – System Center Configuration Manager MVP

 

Hope it helps ,

Kenny Buntinx