You are browsing the archive for script.

System Center 2012 Configuration Manager : Troubleshooting and Resolving Content Mismatch Warnings on a Distribution Point with Powershell

8:09 pm in CM12, CM12 R2, CM12 SP1, powershell, R2, SCCM 2012, sccm 2012 R2, SCCM 2012 SP1, script by Kenny Buntinx [MVP]

 

You might see content mismatch warnings in System Center 2012 Configuration Manager when content validation runs and determines that there is a discrepancy between the expected list of packages in WMI on the distribution point and the packages in the content library as shown in the screenshot below.

You can see an example of this scenario in the following screenshot where a distribution point has a Warning state and there is a status message in the Details tab in the Details pane that shows there was a failure to retrieve the package list.

image

How to detect it and how to fix it manually is described here in the following article : http://blogs.technet.com/b/configmgrteam/archive/2012/05/07/troubleshooting-content-mismatch-warnings-on-a-distribution-point-in-system-center-2012-configuration-manager.aspx

BUT , that is all manual work , and we hate that , don’t we Smile with tongue out . Doing this on around 35 Distribution points by hand isn’t an easy solution. Luckily we have an excellent PowerShell scripter in our team and all credits for creating this script goes to  Bart Serneels. He has written a PowerShell script to do all the work . He was happy to share this with you guys on the Technet Gallery.

As the package is not on the site and you must remove the package from WMI on the distribution point. The namespace to connect to is root\sccmdp. The class that contains the list of packages expected is SMS_PackagesInContLib.

Bart Serneels made a script to automate the removal of the invalid instances (those of which the package does not exist in the console anymore) in WMI on all distribution points. You can download it from gallery.technet.microsoft.com/Powershell-script-to-fix-81dc4e69

image

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management

Configmgr 2007 OSD : Using Lenovo Update Retriever to install all your drivers without importing them in the ConfigMgr driver catalog

11:00 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Deployment, Drivers, Installation, Operating System Deployment, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, script, Task Sequence, Windows 7 by Kenny Buntinx [MVP]

Did you also think that driver management  in OSD could be more simplified ? For example when you have Lenovo devices , you need to also install a lot of “bad” drivers en also in a very specific way or features such as “hotkeys”does not work .Let’s look at the process right now:

1. Search drivers from the internet manually

2. Unpack them in a correct folder structure

3. Import drivers and categorize

4. Handle duplicate drivers

Problems often seen :

1. Not all drivers work with the import ( there are drivers that simply do not work with the export method , they need to run thru setup.exe ) HP is a king in that area with the sound card & Quick launch buttons. This means that the admin need to create packages , programs and multiple steps in the TS to let it work.

2. For getting some drivers you need to install the vendor msi on your test laptop , go to the install folder and find the extracted drivers there.After that you could import.

3. HP & Lenovo needs certain additional software such as HP quick launch , HP power manager , Lenovo Hotkeys , Lenovo think vantage , etc . A lot of those packages needs to be installed in a very specific order or it just don’t work .

4. You test your deployment and damn it seems you forgot 2 drivers . Find out by HWguid , download and import again …

 

Lenovo Update Retriever – Thinstaller solution :

If you don’t want to spent hours on searching, downloading and importing drivers for you LENOVO computer when going to build a Win7 image , read on . I have found a better way to accomplish this with thanks to Karel Serroels.

It normally takes so much time for an admin , while with the HP / IBM solution it is a 5 minutes job per HW model :

 

1. Install and run the Lenovo update retriever, select your model and software /drivers you want to install , download the drivers into a pre-defined file share . Nice , quick and easy .

2. Create a package with the Lenovo Thinstaller source files , copy the Lenovo Thinstaller files to the local disk & run it thru your TS

 

The advantage here is that I as an admin does not need to worry about the right install sequence , prerequisites , number of needed drivers or even OS type .The Thinstaller tool will do it for you .

Prerequisites :

Get the following software’s online from the Lenovo site as you will need it

  1. Link thininstaller: http://www-307.ibm.com/pc/support/site.wss/TVAN-ADMIN.html#ti
  2. Link update retriever: http://www-307.ibm.com/pc/support/site.wss/TVAN-ADMIN.html#ur

 

Step 1 : Install Lenovo Update Retriever on your server and follow instructions to create a share for the repository , etc .

image

Step 2 : Launch the Lenovo Update Retriever and select your Model an Operating System. Download all files to the repository.

image

Step 3 : Modify your Task Sequence and add Run Thinstaller Trustzone. It needs to work with Dot.net 2.0 .

If you run Lenovo Thinstaller via Configuration Manager task sequence , you cannot run the installation program, because it is a .NET executable and the default policy is to disallow running it from a network share or distribution point. You must therefore change the  following ipadress and sharename with the one from your environment!

image

Step 4 : Create the Lenovo thinstaller package in Configuration Manager.

image

Step 5 : Copy the Lenovo Thinstaller directory to C:\Windows\Thinstaller

image

Step 6 : Run Thinstalle with the following commend line . You must therefore change the  following ipadress and sharename with the one from your environment!

image

Step 7 : Remove the Thinstaller source files . Do a nice cleanup .

image

 

There you go .. The only disadvantage from using this , is the fact that your sourcefiles need to be always to one spot . You can solve this by using Sysvol , DFS or other technologies . However , Most companies have a team that will build the initial image on site and than replicate the images across the company .

Hope it helps ,

Kenny Buntinx.

Softgrid 4.1 migration towards ConfigMgr with App-V 4.6 Integration : The story of automation , Part 3.

10:41 am in App-V, AppV, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Deployment, migration, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, script, Softgrid by Kenny Buntinx [MVP]

Today , I will continue explaining my little migration project to migrate away from a standalone Softgrid 4.1 infrastrucure towards a fully integrated SCCM2007 SP R2 App-V 4.6 infrastructure . You can read my previous posts right here :

 

Below I will discuss the migration scenario once more in a few bullet points to migrate away from the Softgrid 4.1 standalone environment :

1. Deploy the new app-V 4.6 clients on all workstations and check for inconsistencies (luckily all packages where sequenced with 4.2) DONE in Part 1

2. Pull all existing Softgrid 4.2 sequenced packages thru the new App-V 4.6 Sequencer to avoid any complications. DONE in Part 1

3. Import all packages into ConfigMgr 2007 SP2 R2 DONE in Part 1

4. Create all necessary collections and create a dynamic membership query with a AD group name. Partially explained in Part 2 , continued in this section.

5. Create all the necessary advertisements.

6. Switch over from Softgrid standalone to Configmgr 2007 R2 SP2. (Think about network impact !)

 

So that will leave us to creating all the necessary collections (remember 400 Pieces) and their lovely 400 AD Group Memberships as this was how the Softgrid environment worked (User Group Based) before.

As explained in Part 2, I tried to figure out a way to translate those GUID values into human readable format. It must be possible to read out the AD values with ADSIedit , but as I am not the biggest expert in scripting , it would cost me too much time and so I did it manually (monkey work).

To accomplish Part 3, you will need to pull out of SQL a *.csv file with all your Security group names and resource id’s as shown below .

clip_image001

Figure 1: This is how SCCM stores their security group information in the SQL db ( ResourceID/SecurityGroup)

Then merge the security group information from Softgrid into the excel. When done you should get something like shown below:

 

clip_image003

Figure 2: CSV file with all the necessary information as APP-V package Name , ResourceID & Collection Name

Now we start working on the script to create those collections based on the Csv file , as we need the ResourceID to and CollectionName tables to make it work .

Below I will post the VBS code to read out the csv file and create all collections with all the Security Groups as direct member :

 


 

Stay tuned for Part 4 very soon ….

 

Hope it Helps ,

Kenny Buntinx

Softgrid 4.1 migration towards ConfigMgr with App-V 4.6 Integration : The story of automation , Part 2.

11:13 am in App-V, AppV, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, migration, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, script, Softgrid, WMI by Kenny Buntinx [MVP]

Yesterday , I have started explaining my little migration project to migrate away from a standalone Softgrid 4.1 infrastrucure towards a fully integrated SCCM2007 SP R2 App-V 4.6 infrastructure . You can read my previous post right here : http://scug.be/blogs/sccm/archive/2010/10/18/softgrid-4-1-migration-towards-configmgr-with-app-v-4-6-integration-the-story-of-automation-part-1.aspx

Below I will discuss the migration scenario once more in a few bullet points to migrate away from the Softgrid 4.1 standalone environment :

  1. Deploy the new app-V 4.6 clients on all workstations and check for inconsistencies (luckily all packages where sequenced with 4.2)  DONE in Part 1
  2. Pull all existing Softgrid 4.2 sequenced packages thru the new App-V 4.6 Sequencer to avoid any complications. DONE in Part 1
  3. Import all packages into ConfigMgr 2007 SP2 R2 DONE in Part 1
  4. Create all necessary collections and create a dynamic membership query with a AD group name.
  5. Create all the necessary advertisements.
  6. Switch over from Softgrid standalone to Configmgr 2007 R2 SP2. (Think about network impact !)

 

So that will leave us to creating all the necessary collections ( remember 400 Pieces ) and their lovely 400 AD Group Memberships as this was how the Softgrid environment worked (User Group Based) before.

You could accomplish this in basically 2 ways , with a Direct or Dynamic collection membership. Both will have different pro’s  & cons and I will try to explain the difference below :

1. Creating a Dynamic collection membership based on the User Group Resource that will point to an AD Security Groups that contains users in AD for Collection Population.

Assuming there is a best case ( not best practice ! ) scenario where  it can take at least a maximum possible latency (In the case below) of = 3hrs 15 minutes

  • AD Replication to happen – 15 minutes.
  • AD Security Group Discovery – 60 minutes (this is a very short setting – default is a day). ( R3 could save you another 55 minutes here with Delta Discovery enabled )

          image

  • As this is a dynamic membership collection , it is bound to a Collection evaluation cycle – 60 minutes (this is a very short setting – default is a day).
  • Configuration Manager Client Policy Refresh – 60 minutes (Default).

2. Creating a Direct collection Membership based on the User Group Resource that will point to an AD Security Groups that contains users in AD for Collection Population.

Assuming there is a worst case scenario where  it can take at least a maximum possible latency (in the case below) of = 60 minutes

  • Configuration Manager Client Policy Refresh – 60 minutes (Default).
  • User may needs to log off and log-on again.

Option nr 1 is not an approach that I’m  in favor off  as it introduces a much higher latency then option nr 2. I can live with the fact that users may need to do a logon/Logoff to receive there applications. As we have decided to go for option nr2 , it is now time to create a script and to do the following :

  1. Create a collection based on the “Virtual app” name that is been extracted out of the manifest.xml found in the folder of the \\<Servername>\VirtualPackageSource\<Package Name> under a allready existing SUB – Collection
  2. When creating the collection , create a direct collection membership with the Application AD Security group Name . (based on the resourceID)

To accomplish step 2 , you will need as prerequisite to turn on AD Security group discovery in your site settings. When done, you could pull out of SQL a *.csv file with all your Security group names and resource id’s as shown below . Please save the file as you will need it in a later phase .

image

Figure 1: This is how SCCM stores their security group information in the SQL db ( ResourceID/SecurityGroup)

Now we start working on the script , as we need the ResourceID to make it work

Below I will post the VBS code to only create 1 collection and link 1 Security Group :


 

Now I need to figure out how to link the ResourceID’s & groups with my softgrid AppID’s & Security Groups ( as shown below )  . However this will not be an easy task as I need to convert a LDAP GUID to a readable security groupname , make the correlation between the previous exported ResourceID/Security group name  and the converted GUID SecurityGroupName/AppID .

image

Figure 2: This is how Softgrid stores their security group information in the SQL db ( AppID/SecurityGroup (GUID))

Stay tuned for Part 3 very soon ….

 

Hope it Helps ,

 

Kenny Buntinx

Softgrid 4.1 migration towards ConfigMgr with App-V 4.6 Integration : The story of automation , Part 1.

8:05 pm in App-V, AppV, ConfigMgr, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Installation, migration, R3, sccm, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, script, SDK, Softgrid, Toolkit by Kenny Buntinx [MVP]

Today we have reached the second phase of migrating the existing Softgrid 4.1 stand-alone infrastructure towards the already upgraded and optimized System Center Configuration Manager 2007 SP2 R2 that we did in fase 1.

We all know that integrating a standalone Softgrid/App-V infrastructure towards a integrated Configmgr 2007 SP2 R2 – App-V implementation could only be done with a big bang. It is either On or Off. We also know that Softgrid sequenced app’s lower then version 4.5 can cause issues and more important , they are lacking the manifest.xml file that is necessary to create virtual packages in ConfigMgr 2007 SP2 R2.

 

image

 

Below I will discuss the migration scenario in a few bullet points to migrate away from the Softgrid 4.1 standalone environment “

  1. Deploy the new app-V 4.6 clients on all workstations and check for inconsistencies (luckily all packages where sequenced with 4.2)
  2. Pull all existing Softgrid 4.2 sequenced packages thru the new App-V 4.6 Sequencer to avoid any complications.
  3. Import all packages into ConfigMgr 2007 SP2 R2
  4. Create all necessary collections and create a dynamic membership query with a AD group name.
  5. Create all the necessary advertisements.
  6. Switch over from Softgrid standalone to Configmgr 2007 R2 SP2. (Think about network impact !)

 

Step 1 :

As the old Softgrid 4.1 stand-alone infrastructure has around 400 virtual packages , and they need to pass thru the app-V 4.6 sequencer to avoid any inconsistencies or complications , the last thing you want to do is play the monkey and open up all packages in the sequencer and save them manually … For this part I had very good teamplayers that are very skilled VBscript writers , again a big thank you to Ewald Lieuwes ( http://www.wchulseiee.net/) & Wouter Schrijvens …

Below I will post the VBS code written for :

 

  1. Going thru the list of virtual packages stored at E:\Softgrid\<Package Name>….
  2. Open them one by one in the App-V 4.6 sequencer and save then to a new location called F:\App-V\<Package Name> to have a backup!
  3. As you see in this script ,we use E:\, F:\ and U:\. The U:\ is the virtual drive partition (default this is Q:\)
  4. Make sure the virtual drive partition is big enough for all of your packages. In this case, this was limited to 2 GB ( standard as Softgrid 4.1 has this limitation of 2 GB in the size of sequenced apps ). We had to resize this to 50 GB.

 

 The code :


 

Step 2 :

As we need to import all 400 upgraded App-V 4.6 virtual packages into ConfigMgr , the last thing you want to do is play the monkey and create all packages in ConfigMgr 2007 R2 SP2 by hand … For this part I had a very good teamplayers that are very skilled VBscript writers , again a big thank you to Ewald Lieuwes ( http://www.wchulseiee.net/) & Wouter Schrijvens …

 

You could do it by using the ConfigMgr SDK , located at http://www.microsoft.com/downloads/en/details.aspx?familyid=064a995f-ef13-4200-81ad-e3af6218edcc&displaylang=en or you could use a standard base script that is located under <Drive>\<PathWhereYouInstalledSCCM>\Tools\VirtualApp\ManageVappPackage.vbs and wrap another VB script around it to build in some other checks or functionalities.

I used the default script located  under <Drive>\<PathWhereYouInstalledSCCM>\Tools\VirtualApp\ManageVappPackage.vbs and wrap another VB script around it .

Below I will post the VBS code written for :

 

  1. Going thru the list of upgraded 4.6 virtual packages stored at a DFS share \start\sccmsrc\[VIRTUALPACKAGESRC]\">\start\sccmsrc\[VIRTUALPACKAGESRC]\">\start\sccmsrc\[VIRTUALPACKAGESRC]\">\\<YourDomainName>\start\sccmsrc\[VIRTUALPACKAGESRC]\<Package Name>….
  2. Create a Source directory App-V package Folder for SCCM , In this case \\<ServerName\VIRTUALPKG$\<Package Name>… , if not exists.
  3. Import the App-V Package in ConfigMgr and add it to the distribution points , called \\CMSRV and \\CMDPMP
  4. Run this script on your SCCM box where your SCCM provider is installed !!

 

The code :


 

In Part 2 , I will continue to blog , if I technically manage to succeed in the following days to do the following :

  • Create all necessary collections and create a dynamic membership query with a AD group name on a automated fashion.
  • Create all the necessary advertisements on an automated fashion.

     

    Come back and check soon.

     

    Hope it Helps ,

     

    Kenny Buntinx

  • Configmgr2007 : Change your packages source path after SCCM site migration with a script

    6:39 am in AdminUi, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Installation, migration, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, script, SMS, Sms 2003 by Kenny Buntinx [MVP]

    A few days ago , I explained in this blogpost “http://scug.be/blogs/sccm/archive/2010/08/10/configmgr-connecting-primary-child-sites-to-central-primary-parent-site-in-and-out-of-same-domain.aspx“ on how I was busy migrating one SCCM 2007 Primary site to another , because we wanted to start with a complete new environment (w2k8 x64) .As there is no supported direct upgrade path, I built an entire new SCCM server with SP2 -R2.I made it a child site of the existing SCCM primary site and let all the packages replicate.

    After I solved a problem with locked padlocks on my packages in this blogpost :”http://scug.be/blogs/sccm/archive/2010/08/11/configmgr-locked-packages-after-sccm-site-migration-and-how-to-solve-it.aspx”, I needed to make sure that I would change all my old packages source paths ( a.e \\SCCM01\G$\src\<package folder> into my new package source paths (a.e \\Fileserver1\SCCMSRC\<package folder> that was residing on a DFS share .

    To do that I needed a script , as doing +- 100 packages was a little to much work for a lazy admin :-)

    I thought I had a great script from the site of Brian S. Tucker , as I used it already multiple times. It turned out that it was useless in this project as I needed to change not only the server name , but the complete path.

    Script 1 : If you only need to change the server name in the package source path. Otherwise use my script “script 2” in the section under “script 1” below .

    Copy code below this line—————————————————

    Dim oWbemServices
    If UCase(Right(Wscript.FullName, 11)) = "WSCRIPT.EXE" Then
        Wscript.Echo "This script must be run under CScript."
        Wscript.Quit
    End If
    If WScript.Arguments.Count <> 1 Then
        WScript.Echo "Wrong number of arguments were passed."
        WScript.Quit
    End If
    CONNSCCM()

    For Each oPackage In oWbemServices.execquery("select * from sms_package")
      sOldPathString = oPackage.pkgsourcepath
      If InStr(sOldPathString,"\\") Then
                    iStart = InStr(3,sOldPathString,"\")
                    sNewPathString = Right(sOldPathString,(LEN(sOldPathString)-iStart))
                    sNewPathString = "\\" & WScript.Arguments(0) & "\" & sNewPathString
                    WScript.Echo "Setting Package Path for " & oPackage.Name & " from " & sOldPathString & " to " &  sNewPathString
                    oPackage.pkgsourcepath = sNewPathString
                    oPackage.put_
      End If
    Next

    WScript.Echo "Done"

    Sub CONNSCCM()
      Set oWbemLocator = CreateObject("WbemScripting.SWbemLocator")
      Set oWbemServices = oWbemLocator.ConnectServer(".", "root\sms")
      Set oSCCMProvLoc = oWbemServices.InstancesOf("SMS_ProviderLocation")

      For Each oLoc In oSCCMProvLoc
            If oLoc.ProviderForLocalSite = True Then
                Set oWbemServices = oWbemLocator.ConnectServer(oLoc.Machine, "root\sms\site_" + oLoc.SiteCode)
            End If
      Next
    End Sub

    Copy code above this line—————————————————

    Thanks to my fellow Belgium MVP ”Kim Oppalfens” , I was able to alter the above script to my needs and change the complete source path , except for the package source folder .

    Script 2 : If you need to change the complete package source path , except the package folder name.

    Copy code below this line—————————————————

    on error resume next
    Dim oWbemServices
    Set fs = CreateObject ("Scripting.FileSystemObject")
    Set logFile = fs.CreateTextFile ("pkg_log.csv")
    CONNSCCM()

    For Each oPackage In oWbemServices.execquery("select * from sms_package")
      sOldPathString = oPackage.pkgsourcepath
      If InStr(sOldPathString,"\\") Then 
      arrsrcPath = Split( soldPathString, "\")
      snewpathString = "\\Fileserver1\sccmsrc\" & arrsrcPath(Ubound(ArrSrcPath)-0)

                    logFile.Write "Setting Package Path for " & oPackage.Name & " from " & sOldPathString & " to " &  sNewPathString
                    logFile.WriteLine ""
                    oPackage.pkgsourcepath = sNewPathString
                    oPackage.put_
      End If
    Next

    WScript.Echo "Done"

    Sub CONNSCCM()
      Set oWbemLocator = CreateObject("WbemScripting.SWbemLocator")
      Set oWbemServices = oWbemLocator.ConnectServer(".", "root\sms")
      Set oSCCMProvLoc = oWbemServices.InstancesOf("SMS_ProviderLocation")

      For Each oLoc In oSCCMProvLoc
            If oLoc.ProviderForLocalSite = True Then
                Set oWbemServices = oWbemLocator.ConnectServer(oLoc.Machine, "root\sms\site_" + oLoc.SiteCode)
            End If
      Next
    End Sub

     

    Copy code above this line—————————————————

     

    Hope it helps ,

     

    Kenny Buntinx

    Configmgr : Connecting Primary Child Sites To Central Primary parent site in and out of same domain

    1:45 pm in Asset intelligence, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Installation, migration, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, script by Kenny Buntinx [MVP]

    Today I was at a customer doing a migration from a Configmgr 2007 with site code APL to a new Configmgr 2007 site with site code ICT. I couldn’t get my new Configmgr site with Site code ICT attached to the central primary. The button for “ set parent site “ was grayed out. I hereby give you my checklist I followed to discover the error . I was stuck for an hour before I realized what was going on .

     

    So here are my tips for troubleshooting it :

     

    1. Install your new SCCM 2007 SP(X) as a new primary server to match what you currently have as a SMS 2007 SP(X) Central Primary. Service Pack levels are important and must be thesame !! Releases however could be different ( one could have R2 and the other can be without R2 ).
    2. Add the Server$ account name to the local admin group on each server and give the new server permission as required on the System container in AD.
    3. Make sure that your AD schema is extended.
    4. Check the following settings are enabled (from Advanced tab in site properties) :
    5. · Publish this site in Active Directory Domain Services

      · Require secure key exchange between sites

    6. If these sites are NOT configured with these options ,then you should manually exchange the public keys :
    7. To manually transfer the child site public key to the parent site

      1. While logged on to the child site, open a command prompt and navigate to the location of Preinst.exe.

      2. Run the following command to export the child site’s public key: Preinst /keyforparent

      3. The Preinst /keyforparent command places the public key of the child site in the <site code>.CT4 file located at the root of the system drive.

      4. Move the <site code>.CT4 file to the parent site’s <install directory>\inboxes\hman.box directory.

      To manually transfer the parent site public key to the child site

      1. While logged on to the parent site, open a command prompt and navigate to the location of Preinst.exe.

      2. Run the following command to export the parent site’s public key: Preinst /keyforchild.

      3. The Preinst /keyforchild command places the public key of the parent site in the <site code>.CT5 file located at the root of the system drive.

      4. Move the <site code>.CT5 file to the <install directory>\inboxes\hman.box directory on the child site

    8. On the primary site server, Add the central site server computer account to the local Site to Site connection group Ex. SMS_SiteToSiteConnection_ICT. Then on the central site server, Add the primary site server computer account to the local Site to Site connection group Ex. SMS_SiteToSiteConnection_APL.
    9. And last but not least : If that button “ set parent site “ ïs grayed out , Make sure that there isn’t any Asset intelligence synch point installed on you Primary Child site installed . I was way to quick and was reading over it , as I was thinking that something else was wrong . Dumb Dumb .

     

    After removing the AIS point in my hierarchy , the button finally came available .

     

    Hope it Helps ,

     

    Kenny Buntinx

    SCCM OSD Deployment : The IIS Admin service is not starting anymore on a deployed sysprepped Windows Embedded 2009 with IIS 6.0 installed

    12:44 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, IIS, Installation, Known Issue, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 SP2, sccm2007, script, WES, WES 2009, WES2009, XPe by Kenny Buntinx [MVP]

    Lately I have been busy with testing & deploying for a big project some Windows Embedded 2009 devices , called the Advantech ARK –1388 .One requirement from the customer was to have IIS 6.0 installed.We decided to include the IIS 6.0 component into the WES 2009 image with Target builder  ( witch is a tool for building the WES image ), but every time we deployed an image after it had been sysprepped with SCCM, the IIS Admin service would fail to start .

    Because this needed to be deployed onto three thousand (3000) WES devices , we contacted Microsoft PSS support for some help. Below you will find our findings and workaround for the issue .

    Our problem :

    We installed a Windows Embedded 2009 image with IIS 6.0 on a Advantech ARK-1388 and it is running fine.The OS is prepared for system cloning using the sysprep.exe tool ( supported since WES 2009 ).

    When we reapplied the master image  with SCCM R2 SP2 and mini-setup was completed, the OS seems to run fine, however the "IIS Admin" service does not start and returns the following error:
    "Windows could not start the IIS Admin on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -2146893818."

    There are no related errors in the Event Logs. IIS cannot be repair-installed using the Add/Remove Programs component of the Control panel.( this was done to see if we could automate a self –repair )

    We would like to deploy the WES image using the OSD feature of SCCM 2007 R2 ,but the problem also occurs when customer calls sysprep.exe manually without the usage of SCCM. ( that’s what we thought , SCCM always works great !! :-) )

     

    Our environment :

    We have a Windows Embedded 2009 image with IIS 6.0
    We have a SCCM 2007 R2 SP2 environment

     

    The summary of our troubleshooting :

    1. Microsoft CSS discussed with the WES and SCCM teams if WES2009 is supported on SCCM 2007 R2. After a discussion they have modified there statement on the web , see http://blogs.technet.com/configmgrteam/archive/2010/01/25/things-you-need-to-know-when-using-windows-embedded-standard-2009.aspx

    2. the proposed workarounds from Microsoft (re-installing MSDTC and IIS) from the " WES Resource Kit" didn’t solve the problem.

    3. We checked the FBWF status on the sysprepped image. It was still disabled as it should .

    4. Microsoft spoke with the IIS team about the issue. Discussion results:
      a) It’s a known problem that IIS doesn’t work after sysprepping the image because of the changes made by sysprep.
      b) Using sysprep on XP Pro is not supported, see KB326779 "Supported IIS configurations for use with Sysprep"
      c) The only supported solution is to install IIS after the sysprep phase. On XP Pro PCs you can run an unattended IIS installation
         using the Sysocmgr command (which can add or remove Windows Components). E.g. as described in
         KB309506 "How To Perform an Unattended Installation of IIS 6.0"
         Here is the catch !! : Unfortunately Sysocmgr.exe is not shipped with the XPe database ===> meaning that it is impossible to install IIS 6.0 after we have deployed our WES 2009 client !

    5. As discussed with Microsoft and the IIS team I tried to "repair" the IIS Admin service after the final sysprep boot by using SysOCmgr.We have copied the missing sysocmgr.exe from an XP Pro SP3 PC and I’ve had to insert an XP Pro SP3 CD into the CD drive for the missing files.We don’t believe this workaround can be used by my customer (legal and technical issues).

    6. For a test we have used fbreseal instead of sysprep. The IIS Admin service was running after fbreseal.But as I know deployment via SCCM 2007 OSD requires the usage of sysprep and fbreseal cannot be used in this scenario.

     

    Our Solution :

    Together with the WES product team & Microsoft PSS support we found an easy workaround to get the "IIS Admin" service running again on the sysprepped WES 2009 image.
    The workaround switched off the IIS components in the registry and called the FBAOC.exe tool to re-install IIS.It solved the problem on our test devices.

    Here’re the details about this workaround:

    1. It doesn’t need the XP Pro SP3 CD.
    2. It doesn’t need any file from an XP Pro SP3 PC (like sysocmgr.exe).
    3. It doesn’t need to collect any IIS files into a special installation location.

    The workaround is just:

    1. Uses your original SLX file and WES 2009 image which uses the FBOCMgr phase 5550 for the IIS components.
       It means you can run the workaround on your original sysprep-ed images.
    2. Changes some IIS registry settings used by the OS to install IIS.
    3. Uses a WES-specific command (FBAOC.exe) which is part of your original SLX file and image.
    4. Step 2-3 can be executed by the attached files:

      a) MyIIS-Off.reg      for changing the registry

    *********************************CODE BEGIN**********************************

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents]
    "iis_common"=dword:00000000
    "iis_inetmgr"=dword:00000000
    "iis_www"=dword:00000000
    "iis_www_vdir_scripts"=dword:00000000
    "iis_www_vdir_printers"=dword:00000000
    "iis_doc"=dword:00000000
    "iis_ftp"=dword:00000000

    *********************************CODE ENDS**********************************


      b) MyIISinstall.bat   runs the workaround (by using MyIIS-Off.reg)

    *********************************CODE BEGIN**********************************

    @echo off

    echo Changing registry settings…
    regedt32 /s \MyIIS-Off.reg

    echo Enabling IIS features…
    \windows\FBA\FBAoc.exe

    echo Done.

    *********************************CODE ENDS**********************************

    Pls. put the files in the C:\ root folder on your sysprep-ed WES 2009 image and call the MyIISinstall.bat file from a command line.

    When running properly the batch file will run for 1-2 minutes and it’ll display 3 output lines:
            Changing registry settings…
            Enabling IIS features…
            Done.

    Afterwards the "IIS Admin" service should be running.

    So this scenario is not supported on XP Pro. But this workaround is supported.
    This is a known problem/limitation on XP Pro. The same problem occurs on WES installations because WES uses exact the same XP Pro binaries.

     

    Hope it Helps ,

     

    Kenny Buntinx

    SCCM : Deploying Windows 7 on a VMware ESX environment ( howto )

    3:13 pm in ConfigMgr, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, Drivers, Installation, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 SP2, sccm2007, script, Vmware, Windows 7 by Kenny Buntinx [MVP]

    Hi ,

    Did you ever wanted to build a reference image of your physical workstations onto your VMware ESX environment ( yes , some customers have a firm grip on vmware …) so that people could play around ?

    In my previous post , I explained already on how to perform this for Vmware workstation and the process isn’t that much different. see

    http://scug.be/blogs/sccm/archive/2009/04/20/sccm2007-osd-customising-your-task-sequence-for-building-a-client-os-on-your-vmware-workstation-6-0-or-later.aspx

    Well , I have a lot of customers demanding for this scenario as well and here is how you get started :

    Prerequisite: Make sure that you have at least ESX 3.5 update 5 !

    Step 1 : Download the drivers of the “Intel PRO Network adapter” from the Intel site ( www.intel.com)

    Step 2 : Copy the drivers to a folder from the extracted VMware tools on your SCCM Primary server & import those drivers into the driver database . Make sure to assign a category to it .It could be perfectly VMware like in the example below.

     image

    Step 3 : When done , alter your Windows 7 deployment task sequence and add a “auto apply driver step”

    Step 4 : Limit the driver scope to the Vmware category earlier defined as shown below.When done , click OK.

    image

    Step 5 : Make sure that your settings in your VMware are representing the following settings.

    For Windows 7 32 bit :

    TRUVO-0020

    For Windows 7 64 bit :

    TRUVO-0021

    Step 6 : Once done , you boot your machine in PXE and start staging . That’s it . However do not forget to add your VMWARE Tools into your tasksequence .

    TRUVO-0019

    Hope it Helps ,

    Kenny Buntinx

    SCE 2007 SP1 : Client performance issues and pure frustration !

    9:24 pm in AdminUi, essentials, SCE, script by Kenny Buntinx [MVP]

    I did a clean install SCE 2007 with SP1 and deployed the agent to all our clients @ our customer.After a while 90% of our  client infrastructure were reporting very slow performance (read icons disappearing from the desktop and no change to hit task manager). People getting mad all over the place ( 150 clients) . After doing some searching I removed all the Information Worker management packs.

    No change at all after doing this!

    I investigated even more and was thinking that it could be the Mcafee virus scan 8.0/8.5 that had scriptscan enabled.

    No change at all after doing this!

    I put in an exclusion for the path “C:\Program Files\System Center Operations Manager 2007″ in McAfee VirusScan 8.0/8.5.

    No change at all after doing this!

    There were a lot of client errors “Performance Monitor Could not find a performance counter” . So I followed the instructions in the thread below to disable the rule as a work around. http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3001200&SiteID=17 until they have a long term fix

    No change at all after doing this expect for no alerts of that kind in the console.

    I tried to investigate some more on the client side now and I discovered this :

    SCE 2007 uses ‘cscripts.exe’ to collect data and send back to SCE Management server. For each rule defined in ‘Authoring’ we have a cscript running on the clients to collect that data. Each rule has its own collection interval, but if we use the defaults most of these collection intervals would be the same.Since these collection intervals are same, it means that around 10-12 cscripts for the OS without considering any other custom rules

    Each cscript would take a few milliseconds to collect data, and even if you were watching the process console, you wouldnt be able to see them all together but the truth is different . They all fire simultaneously, inadvertently they get ‘stuck’. This is because not enough CPU resource is not available for their execution to complete.Lets say an average of 75 MB of memory for 10 cscripts, that becomes 75 x 10 = 750 MB of RAM just for a Monitoring collection agent that you need for inventory purposes !

    Why are each of these cscripts consuming around 50 -140 MB each ! A common XP client has 1 gig of ram and that should be enough !

    And why could they not write a mechanism that controls the CSCRIPT launch , instead of launching them all at once !

    When is Microsoft likely to sort these bugs out? I thought SP1 was supposed to solve all the issues but it seems they have introduced many new ones.

    Why isn’t Microsoft being able to write an agent that does the monitoring for servers ( witch they already have and is ok for a server ) , and write a small agent based on the SCCM client for the PC client management ( e.a software inventory / dustribution/ patching ) .That would make life much easier , for both of us ( product team & consultants )

    At the end , we ended up to uninstalling the agent on all the clients ! The funny part is , that when we did the proof of concept , these problems did not arise !

    I am pretty frustrated with this product right now , because my ass is on the line at the customer to defend his choice .

    Thanks for reading this because it had to come of my chest ….

    Hope it helps ,

    Kenny Buntinx