When System Center Configuration Manager is used for patching and System Center Operations Manager is used for monitoring you may have some difficulties with alerts during a patch window. The standard option ‘Disable Operations Manager Alerts while software updates run’ in SCCM does not solve all your alerting problems. This option is improved from 2007 to 2012, but you will receive alerts from the reboots after installing the updates. Continue reading
SCCM 2007
System Center Update Publisher 2011 Installation en Configuration
StandardOn the 24th of May the System Center Team released System Center Updates Publisher 2011. See the following link to the detailed announcment: http://blogs.technet.com/b/systemcenter/archive/2011/05/24/system-center-updates-publisher-2011.aspx. Yesterday I installed en configured SCUP in my own lab environment.
See below the steps I did to install and configure. At the end of the page you will find some errors and solutions.
Installation of SCUP 2011
- Download the source from here
- Start the SCUP installer with administrative rights.
- On the welcome screen click Next
- Install the Microsoft .Net Framework 4.0
- Install the Microsoft WSUS 3.0 SP2 hotfix as suggested on all your WSUS servers in your SCCM environment and the SCUP 2011 server.
- Accept the License Agreement and click Next
- Select the Installation Location and click Next
- Click on Next to start the installation
- Click on Finish to end the installation
After the installation some configuration steps needs to be done before you can publish updates to your WSUS/SCCM environment. Follow te steps below to configure SCUP and your clients:
- Start the SCUP console from the Start Menu
- Click on the blue settings button and click Options
- Enable the option “Enable publishing to an update server” and select the correct WSUS Server configuration. Click on “Test Connection” to test the connectivity to your WSUS server
- Now we need to select or create a singning certificate. Click on the Create button to create a self-signed certificate
- Now we need to export the self-signed certificate from the Certificates store. This can be done through the certificates MMC snapin. The certificate can be found in the Computer account >> WSUS >> Certificates
- Right-Click on the WSUS self-signed certificate and select All Tasks >> Export. Follow the wizard an save the certificate with the standard options.
- Now import this certificate on your Update Servers and your SCUP server in the following Stores:
– Trusted Publishers
– Trusted Root Certification Authorities - After adding the certificate to the servers you also need to place the certificate on the clients. The certificate needs to be placed in the same certificate folders. Beside importing the certificate you also need to enable the group policy option “Allow signed content from intranet Microsoft update service location”. I used a Group Policy to deploy the certificate and to enable te setting. See the Policy below
After adding the above settings SCUP is ready to deploy the updates to your WSUS/SCCM environment. During the above process I got the following error/problems:
Problem: Access Denied errors during the deployment of the updates to the WSUS environment
Solution: Run the SCUP console with administrative permissions
Problem: Unable to install updates on the clients
Solution: I didn’t enabled the “Allow signed content from intranet Microsoft update service location”
SCCM 2007 SP2: Install Updates freezes during OSD Task Sequence
StandardToday I run into a annoying problem. During my Windows 7 OSD deployment the task sequence freezes when the installation of the Software Updates starts. I searched for errors in the log files but none of them was showing errors. I searched the Microsoft forums and found the following KB Article.
The problem:
During my Windows 7 OSD Deployment the task sequence freezes on the installation of the Software Updates. The task sequence freezes on the following screen:
My SMSTS.LOG file gives every minute the following status: “Waiting for job status notification …”. No other log file is giving a error.
Solution:
Install the hotfix from the following KB Article: http://support.microsoft.com/kb/2509007/en-us
SCCM 2007 R2 SP2: PXE Error (PXE-T04: Access violation)
StandardToday I had a very strange PXE error at a customer site. Recently I installed I fresh SCCM 2007 environment and we are now in the process of configuring this environment. Today we started with configuring PXE. At the Customer site they use a Linux DHCP server serving the clients. At the DHCP server we made the following exclusion:
filename "/SMSBoot/x86/wdsnbp.com";
next-server;
After we started the client we run into the following error:
PXE-T04: Access violation.
PXE-E36: Error received from TFTP server
After getting this error we connected from a other client station to the SCCM Server via TFTP and tried to download wdsnbp.com file. At this client we got also the same error. When we replaced the “/” with “” it works from the client site. But when booting from PXE the error still comes. I searched on the Internet and was pointed in the right direction. I changed the following Register Key/Value on the SCCM Server:
Original:
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWDSServerProvidersWDSTFTP]
ReadFilter=
boot*
tmp*
SMSBoot*
SMSTemp*
SMSImages*
Changed to:
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWDSServerProvidersWDSTFTP]
ReadFilter=
boot*
tmp*
SMSBoot*
SMSTemp*
SMSImages*
/boot/*
/tmp/*
/SMSBoot/*
/SMSTemp/*
/SMSImages/*
As final step I restarted the WDS Server service and the problem was Solved. So the problem was the way Linux is slashing file paths. I hope that this information helps people to solve this kind of problems. The article which pointed me in the right direction can be found here.
SCCM 2007 SP2: MP Install Error due to WebDAV
StandardToday I run in a very strange issue at a customer site. During the installation of a new Primary Site the Management Point could not be installed due to a incomplete WebDAV configuration.
I was installing the Primary Site on a fresh Windows 2008 Standard Server. I installed all the prerequisites and followed the following technet article to install and configure WebDAV. I started the Configuration Manager installation and when the installation was finished I saw a blue question mark for the installation of the Management Point. I checked the MPSetup.log file in the Logs Directory of the installation and found the following error :Failed to get WebDAV settings on the machine (0x80070002).
I checked the WebDAV configuration for the second time and found out that I was forgotten to Enable WebDAV on my Default IIS Website. So I enabled WebDAV and tried to reinstall the Management Point. The installation still fails with the following log entries in the MPSetup.log:
checking WebDAV configurations WebDAV settings is not setup appropriately [Allow property queries with infinite depth] should be true (false) [Allow Custom Properties] should be false (true) [Allow anonymous property queries] should be true (false) Allow [All users read access to All content] authoring rule should exist (exist)
This was very strange because the settings were correct. After some testing I found the solution to this problem. The solution was very simple. I changed the settings back to how they were in the original state. After applying those settings I did the configuration based on the technet article again. After applying again I installed the MP and the installation ended successfully. Very strange but in the end it worked for me.
SCCM 2007 R3 Released Today
StandardToday Microsoft released Configuration Manager R3. With this new version Microsoft has released some great functions to Configuration Manager 2007. The most important improvment which comes with R3 is power management. With Power Management you can made a next step to a Green IT landcape. Other interesting functions are improved Active Directory discovery and dynamic collection membership. I already tried the Beta versions of R3 and it’s working great. So give it a try and install the R3 version of Configuration Manager
SCCM 2007 R2 SP2: Reporting Services Error
StandardOn my SCCM environment I had an error when I want to install and access the reporting services. The reporting services were installed on a dedicated SQL 2008 SP1 Server.
On the SCCM Console I get the following error:
The RPC server is unavailable (Exception from HRESULT:0x800706BA
On the SQL Server where the Reporting Services Site Server were installed I got the following error:
On 13-9-2010 00:00:00, component SMS_SRS_REPORTING_POINT on computer SERVER reported: SRS root folder “Reports” is not present or not properly configured SRS Reporting point server “SERVER”.
The solution for this problem was:
Enable the firewall rule “Windows Management Instrumentation (WMI-In)” and allow the connection on the SQL Reporting Services Server
SCCM 2007 R2 SP2: Computers/Laptops Collections
StandardToday I was looking for a way to group my laptops and computers based on Operating System in SCCM. This can be done through query based collections. After some searches I came to the following final query’s which did the job for me:
Computers – Windows XP
select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like “%Workstation 5.1%” and SMS_R_System.SystemOUName like “%DOMAIN/OU’s%” and SMS_G_System_SYSTEM_ENCLOSURE.ChassisTypes not in (“8″,”9″,”10″,”14”)
Computers – Windows 7
select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like “%Workstation 6.1%” and SMS_R_System.SystemOUName like “%DOMAIN/OU’s%” and SMS_G_System_SYSTEM_ENCLOSURE.ChassisTypes not in (“8″,”9″,”10″,”14”)
Laptops – Windows XP
select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like “%Workstation 5.1%” and SMS_R_System.SystemOUName like “%DOMAIN/OU’s%” and SMS_G_System_SYSTEM_ENCLOSURE.ChassisTypes in (“8″,”9″,”10″,”14”)
Laptops – Windows 7
select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like “%Workstation 6.1%” and SMS_R_System.SystemOUName like “%DOMAIN/OU’s%” and SMS_G_System_SYSTEM_ENCLOSURE.ChassisTypes in (“8″,”9″,”10″,”14”)