You are browsing the archive for SCCM 2007.

Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2 Part 4

1:05 pm in AMT, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, Installation, Intel, OOB, out of band management, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Vpro by Kenny Buntinx [MVP]

This is my last post about the step by step series about Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2.

In my previous post I have talked about importing the 3rd Party Remote Configuration Certificate on the OOB Service Point (In this example we will use a certificate from GoDaddy ) to provision Intel vPro technology based systems in SCCM at http://scug.be/blogs/sccm/archive/2010/05/06/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-3.aspx

In my previous posts I talked about what is OOB, OOB requirements and little bit about the necessary certificates. In this post I will talk about internal PKI infrastructure and how to configure OOB management point within SCCM. ConfigMgr 2007 SP2 uses four types of certificates for Out Of Band Management. These four different certificates are:

  • AMT Self Signed certificate – IntelAMT will generate a self-signed certificate during the PKI provisioning process to secure the connection with the ConfigMgr 2007 Server.
  • AMT provisioning certificate – This certificate is used by ConfigMgr 2007 to provision Intel AMT devices. The most simple and automated method for provisioning is the process of purchasing this certificate from a third-party provider (VeriSign, GoDaddy, Comodo, or Starfield). This certificate will need to be installed on each OOB Service Point in the environment.
  • Web server certificate -This certificate is generated by an internal Enterprise Certificate Authority during the provisioning process and installed on each AMT device within the firmware. This will allow for a TLS management session between the ConfigMgr 2007 OOB Management console and the AMT firmware.
  • 802.1x RADIUS Certificate – Optional certificate that allows the Intel AMT client to securely authenticate to an 802.1x network without the operating system being present.

 

In our case , you will need an internal certificate Authority and create two certificates :

AMT provisioning certificate – In this case the Godaddy cert and Request, install and prepare the AMT remote configuration certificate ( Already done in the previous blog post)

Web server certificate – this certificate is requested by the primary site server on behalf of AMT-based computers and then installed in the AMT firmware in the computers

 

To Prepare Web server certificate – see the steps below :

 

1. Open your Certificate Authority issuing PKI Server –> Click Start> All Programs > Administrator Tools > Certification Authority

2. Right Click on Certificate Templates > Manage

3. In the Certificate Templates Console Window, right click on Web Server and select Duplicate Template

4. In the Duplicate Template Window, select the radio button for Windows 2003 Server, Enterprise Edition and Click OK

DDT.d96awjjfrximbk2m2qsliu5ye

DDT.a3k4l9_t2azme_c6ef0l46s

 

5. In the Properties of New Template Window and enter ConfigMgr AMT Web Server Certificate

6. Check the Box to Publish certificate in Active Directory

7. Proceed to next step to set the security rights on this template.

DDT.1267ggmdv9kybtbns5en0x9kb

DDT.prcs5_hsztigngwakhvneme6f

8. Select the Security Tab and click Add

9. Select the ConfigMgr site server 2007 primary site server computer group and Click OK

10. With the ConfigMgr Primary Site Servers group highlighted, check Read and Enroll , Click OK

11. Close the Certificate Templates Console

DDT.ys6tg1xa66xrq0bybc63m1l2f

DDT.xifb6o_8tyh4zjfsw3k2achah

 

12. In the Certification Authority Window, right-click on Certificate Templates > New > Certificate Template to Issue

13. In the Enable Certificate Templates Window, select ConfigMgr AMT Web Server Certificate (this template was created in the previous step)

14. Click OK

DDT.sfg1r_sf0gnzq2opcslrkw5y

DDT.ardw0uy_44ezggibpo1dmc4lb

 

15. In the Certification Authority Window, you will now see ConfigMgr AMT Web Server Certificate listed in the right hand Window and ready for use by the Out of Band Service Point

Note: This Web Server Template will be used by ConfigMgr 2007 SP2 to generate a unique certificate for each Intel AMT system during the provisioning process,and used for TLS session during management of the Intel AMT client .

 

How to Configure OOB service in SCCM

 

After you have your exported *.pfx certificate we will import this into the SCCM out of band management properties box. Now you have configured all certificates, permissions and have a certificate private key we are going to configure the OOB management point.

1. Open SCCM console -> Site Settings -> Component Configuration -> Out Of Band Service Point

 

 

2. Create extra OU in Active Directory where SCCM creates AMT computer objects. Make sure the Configmgr Primary Site Server has permissions on that container to create those objects!

2. Configure MEBx password that SCCM uses to connect AMT-based computers. By default this password is admin but you can change this later on.

3. You could select “Allow out of band provisioning” and “Register ProvisionServer as an alias in DNS” but it wouldn’t be necessary if you only are going to in-band provision ( Thru the SCCM Client)

4. Configure Provisioning certificate. From here you now have to import that *.PFX file and enter your previous  configured password.

5. Configure your web certificate template. From here you have to select your internal PKI CA and select your ConfigMgr AMT Web Server Certificate.

You can configure all the other tabs at your own flavor .

You will find a good document from Intel with all the steps at www.intel.com/en_US/Assets/PDF/…/cg_MicrosoftConfigMgr_vPro.pdf

Hope it Helps ,

 

Kenny Buntinx

Windows 7 OSD deployment (SCCM or MDT ) and starting with a patched media = More secure & Saves time !

9:03 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, ConfigMgr V.next, configmgr2007, ConfigMgr2007 R3, Deployment, DISM, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, SCCM v.Next, sccm2007, WAIK, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

1. Download your patches to a folder

You could always download the patches from the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx and save them to a local folder or automate it by the following process :

  • First step will be to install a clean Windows 7 machine without any application . After that process we will run wuauclt /detectnow and install all available updates . You will need to reboot a few times and rerun the wuauclt /detectnow to allow all patches to be installed properly

  • Then run the procedure below for WSUS patch extraction :

Go to C:\windows and open windowsupdate.log in excel. Delimit the file by Tab and space

Run the auto-filter and filter on “Downloading” in column “G”

Select all rows in column “I” and copy the table. Go to new sheet and paste in this in column “B”

We select column “B” and select Data -> text to column en delimit by ‘/’. Now we remove column “B,C,D and E”

Go back to sheet where you imported the “Windowsupdate.log” and select all rows in column “K” and copy the column. Go to the new sheet and paste in column “D”

We select column “K” and select Data -> text to column en delimit by ‘\’. Now we remove column “D,E,F,G and H”

Paste the following formula in column “A” “="Copy H:\" & B2 & "\" & C2 & " c:\Patches\" & D2”

Drag the formula to below , select column A , select all and copy it

Open notepad , paste the text and save as “getpatch.cmd”

Map your drive H: to \\yourwsusserver\WsusContent and run “getpatch.cmd”

Copy your downloaded patches to the location you need them

 

2. Applying the offline patches to the windows 7 media

 

Open up a WINPE command prompt via the WAIK.

Run the following commands in the following sequence .

Dism /Mount-Wim /Wimfile:"F:\DISM\Windows 7 Enterprise SP1 Eng X64 Source\sources\install.wim" /index:1 /Mountdir:F:\DISM\temp

clip_image002

Dism /image:F:\DISM\temp /add-package /packagepath:F:\DISM\Patches (where the patches folder contains your downloaded CBS windows patches)

clip_image004

dism /commit-WIM /Mountdir:F:\DISM\temp

clip_image006

dism /unmount-WIM /commit /Mountdir:F:\DISM\temp

clip_image008

 

3. What if you get an error applying the offline patches?

 

It can happen that there are patches that cannot be applied offline. When that happens, you will get the following error as shown below in the screenshot. In this case KB2533552. Do not worry, the process does not need to run again.

However, please note all patches that couldn’t be applied, so you could keep track of them for later deployment .

clip_image010

To see what is really going on and to verify this is a patch that cannot be applied offline , you should open the DISM.log file and search for the specific update as shown below in the screenshot.

clip_image012

When you look closer at the screenshot, you will see the message “Cannot perform offline servicing with an online-only package “, meaning this patch is not a CBS update and needs to be applied online.

You could always check the update on the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx

 

4. Import the image in SCCM or MDT

 

After this process you need to import the source content in SCCM. When done start adding it to the distribution points and wait until it is replicated, preferably with a good naming convention.

After importing the image in SCCM, add it to the DP’s and check if the image is replicated correctly on all selected DP’s.

When it’s done, change the media in the task sequence to use the new patched media. This will allow you to minimize staging downtime.

 

Now you are running from the start with a patched offline media , meaning less deployment time and being more secure when deploying your machines !

 

Hope it Helps ,

 

Kenny Buntinx

Configmgr : Kerberos Ticket Size can stop you from connecting to vPro Systems and using IDER/SoL.

11:16 am in AMT, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, out of band management, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, Vpro by Kenny Buntinx [MVP]

vPro AMT can leverage Kerberos authentication to allow management from your management console to the AMT firmware. Depending on the management console of choice (e.g. SCCM, Altiris, SMS) you may be using Kerberos or digest authentication. If you are using a management console like SCCM that only uses Kerberos authentication, there are a few things you should be aware of in case you are having problems managing your vPro systems.

In AMT (version 2.x, 3.x, 4.x, and 5.x) there is a Kerberos ticket size limit that varies among versions of AMT (see graph 1 below on specifics for each firmware version). With respect to Kerberos authentication, AMT has different limits for HTTP connection and Serial-Over-LAN (SoL).

Read the complete post here : http://communities.intel.com/community/openportit/vproexpert/blog/2009/03/23/kerberos-ticket-size-can-stop-you-from-connecting-to-vpro-systems-and-using-idersol

 

Hope it Helps ,

 

Kenny Buntinx

SCCM 2007 : Intel AMT–VPRO KVM add-on for SCCM 2007

6:53 am in AMT, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, OOB, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Vpro by Kenny Buntinx [MVP]

Have you ever wanted to be able to launch a KVM Remote Control session from within SCCM from AMT version 6.0 or higher ? Have you ever wanted to make use of the Alarm Clock feature in AMT to wake up or turn on a computer at a specific time? Now you can with the Intel® Core™ vPro™ processor add-on for System Center Configuration Manager 2007 SP2  R2 –R3

This add-on for SCCM 2007 brings the same KVM Remote Control capability that was made available last year in our management pack for SCSM 2010.

In addition, we have also added in the ability to set the AMT Alarm Clock from within SCCM 2007.  This capability lets you set up a schedule in AMT to power on a system from a powered off or sleep state at a specified time; even if the system is not connected to the network.

Once installed, there will be a new sub-menu available when you right-click on systems in the SCCM console that will allow you to launch a KVM Remote Control session, or set the Alarm Clock for the selected system.

There are a few requirements for the KVM functionality however :

  1. You will need to have the intel onboard video adapter . It will not work if you use Matrox , ATI , Nvidea video boards
  2. Intel AMT 6.0 or Higher
  3. The machine must be in-band provisioned thru the SCCM client
  4. BUT – KVM remote control is NOT universal across all 2010 Intel vPro platforms. If shopping for a system, ensure it has Intel integrated graphics, vPro processor, and Intel AMT 6.0. Specifically – look for vPro systems that have the following processors
    • Desktop: i5-650, i5-660, i5-670

    • Laptop: i7-620M, i7-640LM, i7-620LM , i7-640UM, i7- 620UM, i5-540M, i5-520M, i5-520UM

 

Download the plugin here : http://software.intel.com/file/37855

 

Hope it Helps ,

 

Kenny Buntinx

Errors When Using the FEP 2010 Definition Update Automation Tool from Update Rollup 1

7:07 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, FEP, FEP2010, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2 by Kenny Buntinx [MVP]

We’ve become aware of two issues when using the Definition Update Automation Tool.

 

Definition Update Automation Tool fails to add new definition updates to the deployment package :

Symptoms

The FEP 2010 Definition Update Automation Tool may fail to add new definition updates to your deployment package. Reviewing the %ProgramData%\SoftwareUpdateAutomation.log file shows the following exception:

SmsAdminUISnapIn Error: 1 : Unexpected exception: System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary2.Insert(TKey key, TValue value, Boolean add)
at System.Collections.Generic.Dictionary
2.Add(TKey key, TValue value)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SccmUtilities.CalculateCleanupDelta(ConnectionManagerBase connection, ICollection`1 freshUpdateFilesObjectList, IResultObject destinationPackageObject)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SoftwareUpdater.Update(SoftwareUpdateAutomationArguments arguments)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SoftwareUpdater.Main(String[] args)

Cause

More than one FEP 2010 definition update is being detected as active by the tool.

Resolution

This blog article presents workarounds for the issues. You can find the blog on http://blogs.technet.com/b/clientsecurity/archive/2011/07/18/errors-when-using-the-fep-2010-definition-update-automation-tool.aspx

 

Hope it Helps ,

Kenny Buntinx

Opalis 6.3 : Building a VMware/SCCM Opalis provisioning workflow

7:54 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Deployment, Installation, Opalis, Opalis 6.3, Operating System Deployment, powershell, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Virtual machine, Vmware by Kenny Buntinx [MVP]

Recently we did a customer private cloud project where we used all the system center tooling ( http://www.microsoft.com/systemcenter/en/us/default.aspx) , except for the hypervisor layer , which was VMware .

One of the scenarios that the customer had in mind , was to provision all there virtual servers with SCCM and we had to use Opalis to become the glue between VMware – BMC Remedy and System Center. In the first step of the project we didn’t use the Change request mechanism from BMC Remedy yet. Special thanks to my colleague Gunther Dewit for helping me out on this one .

**** Disclaimer **** – This is a very basic workflow – we will post improvements as we go along – it is for helping people moving forward **** Disclaimer ****

The workflow itself

image

Delivering input

image

The first step in creating a workflow is doing a custom start where we could input some necessary variables . The Custom Start Activity is used to create a generic starting point for Workflows. By adding parameters to the Custom Start Activity it can consume external data which can be passed to downstream Workflow Activities.

image

These are the parameters the workflow needs in further steps.  All the rest of the information that is residing in the data bus of Opalis  .

This input is required, without it, the workflow won’t start. A popup will be presented when starting the workflow.

Now that we have all the necessary input required, we can continue with the creation of the virtual machine. In order to create a virtual machine, we need to provide some parameters, some of them will come from the Custom start step, others will have to be adapted per workflow.

 

Creating the virtual machine

image

image

These are the required parameters.

  • Name: This is the name that will be given to the virtual machine, we will get it from the Custom Start  where we filled in a name.
  • Datastore: This is the datastore that will host the virtual machine disk, we will get it from the Custom Start  where we filled in the datastore.
  • DiskMB: Since it was decided to have a fixed disk with a size of 100GB, we filled it in directly instead of asking it in the first step.
  • DiskStorageFormat: This is the thick or thin format, thin was decided as the default format.
  • MemoryMB: This is the amount of memory that will be given to the virtual machine, we will get it from the Custom Start where we filled in an amount of memory.
  • NumCPU: This is the number of CPU’s that will be given to the virtual machine, we will get it from the Custom Start where we filled in the number of CPU’s we need.
  • CD: It was decided that all VM’s will have a cd drive so we set this to true.
  • VMSwapFilePolicy: This will set the swapfile policy the states where the swapfile will be saved, it was decided to do this in the VM itself.
  • VMHost: This is the physical host where the VM will be hosted, this integration pack cannot provision on cluster yet so you need to choose a physical host.
  • GuestID: This is the OS version that will be installed on the VM.
  • Folder: This is the foldername where the VM will be installed as shown in the ESX console.

You can add more details trough the “optional properties” button. If all goes well, the workflow has created the virtual machine now.

Now we need to change some things on the virtual machine.

 

Getting the network adapter settings from the created virtual machine

image

First we need to change the network settings. The VM name, we get from the Custom Start , since this is a read action, no further settings are needed.

Alternatively, you can specify some filters to narrow the data that you receive back.

Alternatively, you can specify some filters to narrow the data that you receive back.

image

Now we will delete all the network connection that VMware made by default because they are useless to us.

 

Removing the network adapters from the virtual machine

image

image

The Network Adapter name is data that we got back from the read action above and the VM name is still the name entered at the Custom Start .

This will remove all network adapters from the VM, alternatively, you can specify filters if you only want to delete a specific adapter.

 

Adding the production network adapter to the virtual machine

image

Now we need to add a network adapter to the VM. The VM name is still the name we entered at the Custom Start .

image

The NetworkName is the name of the network that you want your network adapter connecting to.

The StartConnected specifies if it will be connected to the network or only added without being connected.

The Type is e1000 as this is the only VMware adapter SCCM can work with.

Now we do another step to get the properties from the newly created adapter so we can use the information to input the computer into SCCM.

 

Getting the production network adapter settings from the virtual machine

image

image

Now that we collected the necessary information for SCCM, we can import the computer into SCCM.

This is done by a powershell script that needs to input parameters, the name and the MAC address.

 

Adding the computer to SCCM

image

Now that the computer is known is SCCM, we need to add it to the collection that has the OSD advertised to it.

image

The is done by the following step.

 

Adding the computer to an SCCM collection

image

In the collection field, you can enter 2 things, either the name of the collection or the ID of the collection. What you enter must match the collection value type. If you enter an ID as shown here, the value type must be ID as well. The same is true for the computer where we use the name from the Custom Start step so the value type is name in this case.

image

Now that the VM is created and provisioned in SCCM, we are ready to deploy the operating system on it.

So let’s power on the VM.

 

Powering on the virtual machine

image

The only thing you need to power on a VM is the name and we still get the from the first step.

image

Now that the VM is booting up, SCCM can start the task sequence to deploy an operating system on the VM.

Meanwhile, we will check the progress in Opalis.

 

Getting the virtual machine deployment status

image

The advertisement ID is the ID as it is known in SCCM and the computer name is still the name as we specified in the first step.

image

Looping the task

Now since the OSD deployment takes some time to complete, we will let the step loop until it gets a result back from SCCM.

image

image

It will recheck every 300 second and will do this 8 times or when it gets back from SCCM that the deployment was successful in order not keep the loop while the deployment was finished faster then in 8 loops.

 

Getting the deployment result

image

Now we need to output the result to any medium you want (logfile, mail, …), I do an output to a text file as an example.

Conditional progress

Now how does Opalis know when to write to which log file?

This can be regulated by double clicking on the arrows. This is the arrow toward the success file.

image

As you can see, it will only follow this arrow when SCCM outputs a succeeded message for the advertisement. If not, it will take the other path towards the failed log file.

 

So , It is not so easy to get it all together , but if I may give a great tip: ” Write down all steps of your manual flow  and then try to translate them into an opalis workflow “

 

Hope it Helps ,

Kenny Buntinx

Forefront Endpoint Protection 2010 : Update Rollup 1 available for download

7:29 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, embedded, FEP, FEP2010, Installation, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, WES2009 by Kenny Buntinx [MVP]

Update Rollup 1 for Microsoft Forefront Endpoint Protection 2010 introduces new features and updates. These new features and updates are summarized below.

The following list is a summary of the updates in FEP Update Rollup 1 for server functionality.

Finally the Forefront team came up with a solution that since the release of the product they really missed .The following Microsoft website explains how to auto deploy forefront client security definition in a step-by-step guide. aka http://technet.microsoft.com/en-us/library/dd185652.aspx

In this step-by-step guide, they essentially go into the WSUS Console to create an Auto-Acceptance rule. First of all this should make any ConfigMgr admin shiver, as it should have been drilled into your head that you are supposed to do software updates management from the ConfigMgr administrator console. Now, I and many other SCCM admins have never understood why they didn’t solve that in a more elegant manner. The solution works, however has a couple of major drawbacks.

Additionally in a multi distribution point environment, the actual definition updates will always come from the Software update point, whereas normal software updates come from the distribution points. In other words, this impacts scale quite a bit, and forefront definitions come out at a very frequent pace meaning they are hitting you software update point harder than anything else.

The main problem, is that in SCCM 2007 we have no "easy" way to create an Auto-Approval rule. This will be solved in CM12 , until then , for the CM07 they will fix that mistake by update rollup 1. Soon I will launch a blog post to see if this is a real workable solution. So now you will have with Update Rollup 1 a tool that facilitates the use of the Configuration Manager software updates functionality to download FEP definition updates and make them available to client computers running the FEP client software.

In order to use the software updates feature for definition updates, you must perform the following high-level steps:

    • Download and install the Update Rollup 1 package.
    • Configure software updates to download definitions for FEP.
    • Configure the package by which the definition updates will be distributed, and configure the distribution settings for it.
    • Install and configure the FEP Software Update Automation tool.

 

  1. Addition of support for the FEP client software for Windows Embedded 7 and Windows Server 2008 Server Core. For more information on the added client support, see Prerequisites for Deploying Forefront Endpoint Protection on a Client
  2. The following list is a summary of the updates to FEP policies included with Update Rollup 1.
  • Update Rollup 1 for FEP 2010 adds a new FEP policy option to configure definition updates for FEP client computers. After installing Update Rollup 1 for FEP, you can configure FEP policies to update definitions from a Configuration Manager software update point.

    To configure FEP policies to update definitions from a Configuration Manager software update point

    • When you create a new FEP policy or edit an existing FEP policy, the new definition update options appears as follows:

      • When creating a new FEP policy, in the New Policy Wizard, on the Updates page, select the check box for Enable updates from Configuration Manager.
      • When editing an existing FEP policy in a Configuration Manager console that on which you installed the Update Rollup 1 for FEP, in the properties for a FEP policy, on the Updates tab, select the check box for Use Configuration Manager as primary source for definition updates.
  • Addition of two new preconfigured policy templates for the following server workloads:

    • Microsoft Forefront Threat Management Gateway
    • Microsoft Lync 2010

 

You will find the Forefront Endpoint Protection 2010  Update Rollup 1to download at the following location : http://www.microsoft.com/download/en/details.aspx?id=26583

 

Hope it Helps ,

 

Kenny Buntinx

Got SCCM 2007? Take a look at this XenApp Connector Tech Preview!

2:35 pm in citrix, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, Xenapp by Kenny Buntinx [MVP]

You’ve probably seen XenApp Connector for SCCM in XenApp 6. Now we’re taking it one step further – Along with the Citrix XenApp Tech Preview release, we’re pleased to announce the availability of the next version of the XenApp Connector for Microsoft SCCM 2007, as a Tech Preview release. This XenApp Connector Tech Preview represents another milestone in the ongoing partnership with Microsoft to bring you a powerful joint solution that lets you manage your entire XenApp environment using the SCCM management console. XenApp Connector extends the reach of ConfigMgr 2007 to virtual environments like Citrix without any downtime for users.

For those not familiar with XenApp Connector for SCCM, you can read more about it here and watch the video here.

This release of the XenApp Connector contains the following features:

1. Support for SCCM 2007 R2 and R3.
2. Support for WSUS – Windows Server Update Services. So now you can deliver not just applications, but also keep your entire XenApp infrasructure up-to-date with the latest Windows Updates without any user downtime.
3. Quality improvements including several bug fixes (such as seamless FTA for App-V packages)
4. Scalability improvements
5. Setup & Configuration Simplification – wizard detects connectivity and setup problems early on and automatically suggests solutions.
6. Firewall friendly changes – Communication between the Connector and the hosts (XenApp, PCM and SCCM) now make use of PowerShell V2 remoting over HTTP/HTTPS.
7. Improved Security – The option to enable SSL encryption in the Configuration Wizard and Digital signing of the Connector PowerShell script files.
8. Full Section 508 compliance
9. Logging and diagnostic improvements (rolling log file support, SMS Trace format compatibility)

 

This release can be found on the ISO image of the XenApp Tech Preview release under the ‘Connector for ConfigMgr’ folder.

 

Hope it Helps

Kenny Buntinx

Scug Rocks! at MMS 2011

3:25 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, MMS-2011, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3 by Kenny Buntinx [MVP]

Hello All,

 

Got back from MMS 2011 and finally rested enough to get going again, but man what a great event this was once more. I am especially glad with how well the different SCUG members at the convention did, not just me, but also Kenny and Mike did an outstanding job, some more details below, singing the praises of SCUG.

First of all, we had 3 people from SCUG Belgium presenting, me, Kenny and Mike all had sessions to deliver.

Mike presented a breakout session on Data Protection Manager, Kenny presented an R3 powermanagement Birds of a Feather, and joined me in the Ask the experts panel for Configuration Manager, while I delivered 2 breakouts a joined presentation with my esteemed MVP colleague Jason Sandys and a WMI birds of a feather.

For those of you unaware of what Birds of a feather sessions are, here is how the MMS team describes them: “These informal sessions allow small (<75) groups of attendees to meet and discuss a topic of common interest peer-to-peer or with Microsoft or Industry experts. Bring your questions, your experiences and your curiosity to these gatherings moderated by Microsoft staff, Industry experts or your peers.”

And the verdict is out!

First and foremost, the best session of the event, based on Evaluations was Kenny’s PowerManagement in R3 session that he delivered together with our Finnish ConfigMgr MVP Panu. Kenny apparently had a good informal session with about a dozen configmgr admins around that, job well done. Unfortunately I couldn’t attend because of other obligations in my schedule. My WMI BOF session came in second session of the event, so SCUG on top, woohoo. (Caveat, The best evaluated session of the event was about Clould, but with 9 evals it hasn’t received the necessary 10 evals to be taken into account for the officical ranking, but still 2nd and 3rd are pretty well regardless).

If we look at the breakout scores only, since BOF’s are a bit more intimate and have a tendency to score higher evals most likely because of this. Just looking at the breakouts, Kenny and I scored an 8th place for the entire event together with some of our esteemed ConfigMgr MVP colleagues with the ConfigMgr ask the expert panel. And I scored a 9th place with my session on ConfigMgr eventing, so I am pretty happy with that. If we look at just ConfigMgr sessions the results are even more impressive.

Top 3 in the ConfigMgr sessions

  1. Take Configuration Manager Onto the Eventing Track.
  2. Configuration Manager 2012 – Ask the Panel of Experts
  3. Configuration Manager: Hints, Allegations and Things Left Unsaid

My session about developping ConfigMgr powershell commandlets, didn’t go over that well though and scored well below average. So I guess powershell isn’t for me, and I have to stick to what I know and what I do best, which looks to become WMI and eventing more and more.

Last but not Least!

Mike Resseler our Data Protection Manager MVP delivered what has got to be an outstanding presentation on DPM together with 3 co-presentors. I unfortunately could not attend since I was presenting at the same point in time my Powershell session. But Mike scored an evaluation score well above the average of the Operations Management track. For a first presentation for an audience this large, that is a huge accomplishment that didn’t go unnoticed. Mike received a last minute invite to go to Teched US and not deliver one but 2 presentations on Data Protection Manager at Microsoft’s largest technology event of the year.

Mike has just recently become an MVP, the poor fellow hasn’t even had time to organize his MVP Celebration dinner with his fellow MVP’s, but has scored an MMS presentation, 2 Teched US presentations and a Teched Israël presentation in his first year as an MVP. As we like to say in Belgium “Good Busy”. I know for a fact that I hadn’t achieved anything close to that in my first year as an MVP.

 

Enjoy.

"Everyone is an expert at something"

Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://www.scug.be/blogs/sccm/default.aspx

http://www.linkedin.com/in/kimoppalfens

ConfigMgr: Application Virtualization 4.6 SP1 is now supported on Configuration Manager 2007 R2/R3 with Configuration Manager 2007 SP2

5:51 am in App-V, AppV, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

System Center Configuration Manager 2007 R2 with System Center Configuration Manager SP2 now supports Microsoft Application Virtualization (App-V) 4.6 SP1 Desktop Client and Client for Remote Desktop Services.

This client release enables support for Windows 7 SP1 and Windows Server 2008 R2 SP1.

The following are the limitations and workaround to import App-V packages using Configuration Manager :

Configuration Manager fails to import App-V packages when there is more than one XML in the package folder. App-V Sequencer 4.6 SP1 creates the file Report.xml when creating an App-V package. Configuration Manager expects to find only one xml file in the package folder and will fail when it identifies more than one XML file in the folder. To work around this problem delete the file report.xml manually from the package folder before you import the App-V package.

No software updates are required.

 

Hope it Helps ,

Kenny Buntinx