Yesterday Kevin Holman (TSP) posted a nice blog article about monitoring your ConfigMgr 2012 environment with OpsMgr. The Management Pack of ConfigMgr 2012 is completely rewritten from scratch. The ConfigMgr 2012 Management Pack has the following improvements:
- No Scripts inside the Monitoring MP
- Reduction of Code inside the MP
- Reduced number of Rules and a increase of Monitors
- Disabled work flows out of the box
- A guide and appendix as documentation is included
More detailed information can be found on Kevin Holman his blog: http://blogs.technet.com/b/kevinholman/archive/2012/12/11/monitoring-configmgr-2012-with-opsmgr.aspx
Today I investigated a issue related to Operating System Deployment in ConfigMgr 2012. During the Deployment of Windows 7 the computer didn’t receive the computer name from the SMS database. Every deployment was ending with a computer name which sounds like: ‘MININT-XXXXX’. We are using Task Sequence Media to receive the Task Sequence. After investigating the log files I could only found this related settings:
I have not tested this BUG in the Beta of SP1. I will update this topic as soon as the results are known.
UPDATE: This bug has been fixed after installing ConfigMgr 2012 CU2
Recently I moved from ISP. On the new router it’s not possible to change the DNS servers for DHCP clients. Therefore my router is the DNS server and cannot find my domain servers with the FQDN, NETBIOS isn’t a problem. I started a new Operating System deployment task and the client reported the following error, right after the start of WinPE and before getting the policies:
After investigating the SMSTS.LOG I found out that the MP cannot be contacted through the FQDN. The easiest solution is to enter a static IP, but the idea of entering a static IP for each new deployment is not that dynamic. My best workaround was to change the hosts file of the Boot Image and add the FQDN of the MP. See below the steps which needs to be taken to add the MP to the hosts file of the Boot Image
1. Mount the WinPE BootImage with DISM
2. Edit the Hosts file in .WindowsSystem32DriversEtc and add the entry of the MP
3.Unmount the WinPE BootImage with DISM and commit changes
4. Update the Distribution Points with this new Image.
Based on the existing script from Jörgen Nilsson (http://ccmexec.com/2012/04/unattended-installation-of-the-configmgr-2012-pre-reqs/) I have created my own ConfigMgr 2012 pre-requisites installation script. I have made the following adjustments:
– Used Powershell function ‘Add-WindowsFeature’ instead of deprecated ‘ServerManagerCMd -i’ command
– Automatically download of .Net 4.0 Framework redistributable
– Removed the installation of KB2552033. This update needs to be installed seperately
It’s a basic script, at the moment there is no error reporting available. The script can be downloaded here: Download Here
Besides the pre-reqs which will be installed through the script you need to solve the pre-reqs stated below:
– Grant Administrator rights on the SQL server if the database is hosted on a seperate server
– Prepare the Active Directory and grant rights on the System Management container
– Install WSUS if you plan to use the Software Updates functionality
– Install KB2552033 if needed
If you have any questions or suggestions for the script, please let me know!
Yesterday evening I had finally some time to install the Beta 2 of SCCM2012. I created my own VNEXT.LOCAL network and I was ready for the installation.
I followed the wizard and started the installation. After 0,5 hour waiting on the following status:
I canceled the installation and started my investigation in the ConfigMgr Setup Log file on the C:. The last 2 entries were:
Creating SQL Server machine certificate for Server [VNEXT-DB01]…
INFO: VNEXT-CM01.VNEXT.LOCAL’ is a valid FQDN.
So the installation was doing with my SQL server and that action had broken my SQL server. See the status below:
In the Event Viewer on the SQL server I found the following errors:
Unable to load user-specified certificate. The server will not accept a connection. You should verify that the certificate is correctly installed. See “Configuring Certificate for Use by SSL” in Books Online.
For more information, see Help and Support Center at http://support.microsoft.com.
TDSSNIClient initialization failed with error 0x80092004, status code 0x80.
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
For more information, see Help and Support Center at http://support.microsoft.com.
I removed the SSL Certificate from the SQL Server, after that I was able to start the SQL Server. So the problem was the certificate. I searched the Microsoft Connect site for a solution and found one. The solution was to grant the SQL Server service account read rights on the private key of the certificate. To do this follow the steps below:
1. Open a MMC.
2. Add the Certificates snap-in (Note: Select computer account and Local computer in the two pages on the wizard that appears.
3. Click Ok.
4. Expand Certificates (Local Computer) -> Personal -> Certificates and find the SSL certificate which SCCM created.
5. Right click on the imported certificate and click All Tasks -> Manage Private Keys.
6. Click the Add button and add the SQL service account name with Read permissions.
7. Click OK and start the SQL Server service.
When the SQL server is started the installation of SCCM will continue..
Tonight I viewed the recording of the CEP Program meeting about Role-Based Administration & Collections. The following information was shared through this session.
The session started with the following Session Takeaways:
After these takeaways the session continued with some slides on Role Based Administration (RBA). RBA let’s you map organizational roles of your admins to security roles. In ConfigMgr 2012 the following building blocks can be used:
- Security Role = What type of objects can I see and what can I do with them
- Security Scope = Which instances can I see and interact with
- Collection limiting = With which resources can I interact
- Admins can have one or more security roles and scopes
Other improvements on RBA are:
- Admins only see what they have access too
- ConfigMgr security management is simplified by defining once for the entire hierarchy. RBA data is global data!
After the slides of Role Based Administration the above information was presented through a demo. It looks very usable and flexible. A great improvement compared to the current security model of SCCM 2007. The second part of the meeting was about collections and the changes on this topic in SCCM 2012. The most important changes are:
- Two types of collections, can only contain one of the following resources, not both
- User Collections
- Device Collections
- No more sub collections
- SCCM 2007:Means to organize collections in a folder-like manner
- SCCM 2012 Answer = Organizational Folders
- SCCM 2007:Advertisement reuse and/or staggered deployments
- SCCM 2012 Answer= Composable Collections
- Two new member types
- Include another collection, can be used for staggered deployments
- Exclude another collection
- Collection Member Evaluation
- Every 10 minutes
- Delta evaluation instead of a Full evaluation
- Based on R3 implementation
A couple months ago on TechEd Europe, the SCCM team presented the new official product name for the upcoming version of SCCM. The name will be System Center Configuration Manager 2012. Last month we had the a CEP session, due to other meetings at the office I couldn’t be there on the live ‘meeting’. So today I saw the recording of this meeting and here are the new things about Hierarchy.
The session started with a introduction from Jeff Wettlaufer. He told us that the Beta 2 release is scheduled for the Spring of 2011. After the short introduction D.C. Trady started his presentation about Hierarchy Simplification. He started with some Infrastructure promises. The following topics about the infrastructure will be improved:
- Minimizing Infrastructure at remote offices
- Consolidating Infrastructure a primary sites
- Scalability and Data latency improvements ( Central site will be used for Administration, System generated data can be configured to flow to CAS directly and file processing occurs once at a Primary Site)
- Industry Standard SQL Replication will reduce operational costs and simplifies troubleshooting
The picture below shows the improvements/differences about Site-Server Characteristics:
After that he presented the reasons why you need the different site servers:
1. Central Administration Site
- With more than 1 primary sites you can link them together in 1 hierarchy
- For offloading the administration and reporting part
2. Primary Site
- To manage clients
- Add more Primary sites for the following reasons:
- Scale (more than 100.000 clients)
- Reduce impact of Primary site server failure
- Local point of connectivity for administration
- Political reasons
- Content source relating to regulation
3. Secondary Site
- No Local Administrator
- If you need to manage upward-flowing WAN traffic
- If you need tiered content routing for deep network topologies
When you are not concerned about the following topics you can also use a Distribution point instead of a Secondary Site Server:
- Not concerned with upward-flowing WAN traffic
- Not concerned about clients pulling data to their primary site location
- When you need scheduling and throttling for your WAN traffic
Some other improvements about Hierarchy Simplification:
- Improved Data Replication Model
- Collections are now globally evaluated at all sites. Clients from any site which meets the requirements will me member of that collection.
- Improvements on Role Based Administration
- RBA enables mapping the organizational roles of administration directly to built-in security roles
- Admins only see what they have access to
- Management of security is further simplified by enabling administrative security for the entire hierarchy
- Client Agent settings can be changed based on Collections
This week we had the second CEP meeting on the Application Management Topic. In this post I will describe the most important improvements which were presented in this session.
In Part 1 of the application Management topic we have spoke about setting requirement rules as replacement of collection based rules for application deployment. Requirement rules are used to evaluate if a application can be installed. Beside the requirement rules Global Conditions are also introduced in vNext.
Global Definitions are a foundation of requirement rules. Global Definitions can be properties of a User or Device object. In the presentation the following examples are given:
- Default Global Condition: Memory is greather then 512MB
- Default Global Condition: Windows Operaing System equals Windows 7
- Custom Global Condition: Machine is Corporate Device maps to a register key attribute
In ConfigMgr vNext it’s possible to group global definitions in logical group. In these groups you can use expressions. An example of a Group Definitions group can be:
Corporate Primary Device:
- Memory = 1GB
- AND Free DiskSpace = 500MB
- AND Operating System = Windows 7
- AND Primary Device = TRUE
Grouping Global Definitions is a very powerful way of defining global requirements for applications.
In beta 2 version of ConfigMgr vNext two other great new features are introduced: Application Uninstall and Application Supersedence. With these new functionality Beta 2 has a complete Application Lifecycle.
The goals for Application Uninstall functionality are:
- Provide Uninstall feature as part of the Application Model
- Consistent, reliable and predicable experience across all deployment types
- Ensure that state-based application deployment includes removal of software in addition to installation.
In one of my next blogs, when Beta2 is public available, I hope to post a video tutorial about application uninstall functionality. The last thing what was introduced during this session was the supersedence functionality. Supersedence is the ability for an admin to create a relationship and declare one application new then another precious application. The overall goal is to halt installations of older application versions and migrate users to the newer version. The following key scenarios where given during this session:
- Ability to create a new application and make sure we do not get a ‘Race Condition’ between conflicting detection methods
- Ability to automatically upgrade or replace an application with a new superseding application
- Ability to offer users only the latest release of an app in the sofwate catalog or software center.
The supersedence functionality is also introduced in Beta 2. So we have to wait for this version. Yesterday we had a presentation on the ExpertsLive event and heared that Beta 2 of ConfigMgr vNext will be released around MMS 2011
Last week we had the first part of the Application Management meetings from the CEP program. The primary takeaways from these session were:
- Mainstream software distribution is made better, easier and faster
- vNext Software Distribution enables: User Centric Client Management is introduced, Ability to deploy software to devices and new advanced application technologies and screnarios
In this meeting the team focused on the Empower Part of User Centric Client Management in vNext.
The following topics are covered in this ‘Empower Part’:
- Enables IT to provide a flexible environment.
- Users must have the ability to connect from anywhere on any device the choose
- Automatically detects network conditions and device configuration to determine the most appropriate services.
Configuration Manager vNext does have the following new features for Software Distribution:
- Improvements on the application Model
- Incorporates all supported software types such as MSI, Scripted Install Software, App-V Applications and mobile applications
- Better dependency handling
- It’s now possible to add installation requirement rules for software
- User device Affinity. This is the ability to say on software installs on certain computers and don’t install on other computers.
- The monitoring part of deploying software is improved. The in-console monitoring is improved.
- New End user features as Software Catalog (Webportal where users can search for software and install it) and a Software Center
- Beter Content Management on distribution points
- State Based Distribution Groups; the ability to group Distribution points and deploy software through these distribution groups
- Improved placing of software on the distribution points, such as single instance content store
See below the comparison diagram of the changing names and functionalities:
In the 2007 version of Configuration Manager the App-V integration is not the most optimal integration. In vNext there are some imporovement which are needed:
- Integration requires the App-V 4.6 Client
- Also new improved User Centric features
- Enable support for application dependencies
- Improved Update behaviors
- Selective publishing of components
- Dynamic Suite Support
- Integration with Remote Desktop Services
- Content Impovements
- Streaming improvements
- Reduce virtual App Footprint when using Download and execute
So thankfully there are some improvements on the App-V integration. In the next weeks I will test the new integration and will come back on this topic
As said earlier one of the new things is the Software Catalog. The Software catalog is there for end-users to:
- Browse and search for software
- Fully localized for site and applications
- Search via category or name
- Install Software
- Direct self-installation from software catalog
- Automatic installation after approval
- Request Application
- Request approval for software
- View request history