SCCM by Davis

1 abr 2013

SCCM by Davis: “Flexera Software wrote a new post, All Major Vendors Decide to Eliminate Software Licensing!” plus 19 more

SCCM by Davis: “Flexera Software wrote a new post, All Major Vendors Decide to Eliminate Software Licensing!” plus 19 more

Link to SCCM by Davis

Flexera Software wrote a new post, All Major Vendors Decide to Eliminate Software Licensing!

Posted: 01 Apr 2013 02:00 AM PDT

By John Emmitt
Rumors have been swirling for weeks and now the news is out—all of the major software vendors have decided to eliminate software licensing. This will allow their customers to just buy the software […]

Comments: 0

chaba_ok became a registered member

Posted: 31 Mar 2013 07:38 PM PDT

Comments: 0

Bill Hussey became a registered member

Posted: 31 Mar 2013 11:04 AM PDT

Comments: 0

Huawei Network Security Becomes Issue in Sprint Softbank Merger

Posted: 31 Mar 2013 08:25 AM PDT

NEWS ANALYSIS: An agreement between U.S. law enforcement and wireless companies to drop Huawei from list of acceptable telecom vendors may look like paranoia, until you look a little deeper.

Pause a build task sequence using PowerShell in SCCM 2012 SP1

Posted: 23 Feb 2013 08:35 AM PST

From time to time, I have a need to troubleshoot my build process. One of the troubleshooting steps that I like to perform is a build pause. By pausing the build at specific times in the task sequence, I can check a number of items from the gather and configure steps to software updates and language packs. In the past, I used a VBScript from Johan Arwidmark that performed a sleep until a file was present. With the release of SP1, I decided to take advantage of the built-in PowerShell support and move the script to PowerShell. Below is an example of using the PowerShell script as a  pause step to see if the unattend.xml was updated correctly during the configure step.

Note – My environment consists of SCCM 2012 SP1 with MDT 2012 Update 1 integration. The step I used is available when MDT is integrated.

Steps

  1.  Added PowerShell script (Pause.ps1) to the Scripts folder in the MDT toolkit package.
  2. Added a Run PowerShell Script step before the Setup Windows and ConfigMgr.
  3. Build automatically stopped at the new Pause step.
  4. With build paused, I opened a command prompt and used Net Use to map a network drive to the location I wanted to copy the unattend.xml file to.
  5. Examined the unattend.xml for any issues.
  6. In the command prompt, I typed start > x:\start.txt.
  7. Closed the command prompt.
  8. PowerShell script detected the file and the build continued.

 

Script

#Variable for location of start file
$Location = 'c:\temp\start.txt'
#Loops with a sleep every two seconds until it finds the start file
Do {start-sleep -seconds 2}
Until ((Test-Path -Path $Location) -eq $True)
#Deletes file
Remove-Item -Path $Location

This slideshow requires JavaScript.

 

Rory Canavan posted an update: Tracking Joiners, Movers and Leavers - it might be quicker […]

Posted: 30 Mar 2013 12:58 PM PDT

Tracking Joiners, Movers and Leavers - it might be quicker to try and track staff than IT assets...

Joiners, Movers and Leavers | SAM Charter
Many IT frameworks consider the value (and rightfully so) of tracking and monitoring the movement of IT assets within an organisation.  The fundamental requirement to understand where a device is located, or hardware deltas that could skew a licence position that was thought to be settled, could lead to a dizzying amount of tail-chasing particularly if your IT estate numbers in the 10's of thousands.  IMAC (Install, Move, Add, Change) should act as a mantra to an IT Manager/Administrator in determining what steps to take and when, IT equipment floats from one department/cost center/country to another without so much as a nod or wink in the direction of the IT department.

Comments: 0

ConfigMgr Provider reported an error, when accesing item in SCCM console

Posted: 22 Feb 2013 12:22 PM PST

This error here is quite tricky to solve, but I finally succeded with help from MicroSoft.

The error occur when you e.g. try to access the sender in the SCCM console from Central site at a primary child site.

The SmsAdminUI.log reports following error:

Description = "Unable to load site control file. ";
ErrorCode = 2160198400;
File = "c:\\qfe\\nts_sms_fre\\sms\\siteserver\\sdk_provider\\smsprov\\sspsitecontrolextractor.cpp";
Line = 109;
ObjectInfo = "xxx";
Operation = "ExecQuery";
ParameterInfo = "SELECT * FROM SMS_SCI_Component WHERE SiteCode='xxx' AND FileType=2 AND ComponentName='SMS_X25_RAS_SENDER'";
ProviderName = "WinMgmt";
StatusCode = 2147749889;

What to do, to solve this.

When I first discovered the error and began troubleshooting. I startet with a preinst.exe /synchchild from Central site and  a preinst.exe /synchparrent from the primary child site to update the site control file – this did not help.

Next was to resinstall the sms provider – no luck still the same error.

Then I did a site reset after advise from Microsoft, still the same error.

The solution was to detach the Primary site from the hierarchy.

1. Delete the primary child site address from the central site

2. Delete the Central site address from the primary child site

3. Change the configuration at primary child to be "Central site" so it no longer report to the original central site.

4. WAIT till the "locks" are gone from the primary child site

5. Normally this will give the result that the primary child site is removed from the site hierarchy. BUT this was not the case for me.

6. So Next step was to dive into the database and run the "Delete FROM …" you see below (replace nnn with you sitecode og the primary child site)

This made the trouble site to dissapear from the Console..

Time to attach the sites again.

7. Recreate the addresses at both central and primary child site

8. Change primary child site to report to central site again

9. Make a new secure key exchange between the 2 sites. (preinst.exe /keyforchild and /keyforparent)

10. The primary child site turns up again at the console at central site and the problem with ""Unable to load site control file" is gone.

11. After a short while the objects at the primary child site are getting "locked" again.

12. Monitor Replmgr.log, Sender.log and despooler.log to see how central site are busy getting things back in order a

*****

The DELETE FROM statements below is delivered by MS as a part of the trobleshooting, uses it at you own risk!

My advise is to open a support case at MS before you decide to alter the database!

DELETE FROM SysResList WHERE SiteCode='nnn'

DELETE FROM SiteBoundaryADSite WHERE SiteCode='nnn'

DELETE FROM SiteBoundaryIPSubnet WHERE SiteCode='nnn'

DELETE FROM SiteControl WHERE SiteCode='nnn'

DELETE FROM SiteControlNotification WHERE SiteCode='nnn'

DELETE FROM Sites WHERE SiteCode='nnn'

DELETE FROM Sites_DATA WHERESiteCode='nnn'

DELETE FROM SiteWork WHERE SiteCode='nnn'

DELETE  FROM PkgServers WHERE sitecode='nnn'

DELETE  FROM PkgStatus WHERE sitecode='nnn'

64-bit script execution and SCCM

Posted: 22 Feb 2013 08:02 AM PST

Pushing out scripts with SCCM can, depending on your environment, be a bit of a hassle. Even if the

Updated MP: System Center Monitoring Pack for System Center 2012 - Configuration Manager

Posted: 20 Feb 2013 01:12 PM PST

The new version brings support for SCCM 2012 SP1. In the guide there is no specific information on what other has changed. Download the MP from here.

Duplicate MAC Addresses in vCenter and SCCM

Posted: 19 Feb 2013 11:59 AM PST

I ran into an issue the other day and thought I would share my experiences. A VM (server2) is created in vCenter and OS deployed via SCCM. Server2 assumes the name of an already existing node (server1) on the network and knocks it out of Active Directory. The issue: duplicate MAC addresses in vCenter and SCCM. So let's look at how vCenter generates MAC addresses. The MAC is made up of 6 octet's total. The first part is VMware's OUI, 00:50:56, this will never change. The second part is one octet based on the vCenter server's unique ID which is automatically generated at install time. Each VM within this vCenter instance will have a MAC address starting with 00:50:56:xx. The remaining 2 octets are generated from a hash based on the name of the entity the MAC is being generated for. The final MAC will be in the form of 00:50:56:xx:yy:yy. In a single vCenter instance environment, there isn't an issue with duplicate addresses. However, if you're running in a multiple vCenter server environment and migrating hosts and VM's from one instance to the other, you're likely to see this issue.

Example:
• Server1 created on vCenter instance1 and then migrated to instance2 several months later
• Server2 created on instance1 has a duplicate MAC of Server1 now on instance2.

Instance1 no longer see's that MAC as unavailable since it's been migrated to instance2 and assigns it out again. To continue on with the process, the VM is added to an SCCM collection for OS deployment. It requests its build information via MAC address. SCCM returns the record of Server1 which has been on the network for months now. Server2 is now built with the same UUID's, MACs, OS Name, etc as Node1.

Solution: Change vCenter instance1 ID and restart vCenter services and stop migrating between instances while still deploying to instance1. See VMware's KB article on duplicate MAC addresses here for more information.

Nick Moseley wrote a new post, Ping Transport Failed with Error 1231

Posted: 30 Mar 2013 05:03 AM PDT

ThumbnailRecently I was helping a friend with her laptop which suddenly stopped connecting to the Internet, despite that the wireless networking could see and successfully connect to wireless hotspots. In further […]

Comments: 0

Ansarul Haque became a registered member

Posted: 30 Mar 2013 01:32 AM PDT

Comments: 0

Anoop’s Configuration Manager 2012 Starter Kit

Posted: 18 Feb 2013 03:40 PM PST

If you have not already discovered his blog, Anoop Nair is someone you should check out. I have found his blog to be immensely useful. His SCCM 2012 Starter Kit http://anoopcnair.com/2011/08/10/configmgr-sccm-2012-starter-kit-very-useful-links/ is a page full of links to other cool and sometimes hard to find stuff – all CM 2012 related. Spend some time browsing through his blog, it's well worth your time.

Managing production breaking updates in SCCM 2012

Posted: 18 Feb 2013 12:55 PM PST

If you're managing updates through SCCM 2012 with the help of Automatic Deployment Rules (ADR)

Enable TPM in a Task Sequence (DELL)

Posted: 18 Feb 2013 07:17 AM PST

It took a while but I found a way to enable the TPM in the BIOS, then activate.

At first glance it should have been easy. Using the CCTK from Dell, set the TPM to enable from a command line and then a reboot and finally activate and a further reboot. But it would always only enable and never activate.

This is because the TPM would create an ownership on the chip itself and while the chip is 'owned' it cannot be activated. At least not by the CCTK.

In the end, after a lot of trial and error, I found a way to guarantee the chip is enabled and activated and ready for BitLocker, so here are the steps:

1. Set BIOS password with CCTK: Create a package from the Dell CCTK in ConfigMgr. Use this Package witha Command Line Step in the Task Sequence to set a setup password "cctk –setuppwd=password"

2. Enable TPM with CCTK: Using the Package again, run CCTK to enable TPM "cctk –tpm=on –valsetuppwd=password"

3. Restart Computer – if you perform these actions in the BIOS itself then you don't need to restart. But here in a Task Sequence the WMI Classes need to be reloaded in order that we can see the Win32_TPM class.

4. Clean the chip ownership: I use a powershell script here but you can use vbscript. If you use powershell then you need to first set the Execution Policy with a command line step: "powershell.exe -noprofile -command "&{set-executionpolicy unrestricted -force}" then call the following script:

$oTPM = gwmi -Class Win32_TPM -Namespace root\CIMV2\Security\MicrosoftTpm

$oTPM.SetPhysicalPresenceRequest(10)

If(!(($oTPM.IsEndorsementKeyPairPresent()).IsEndorsementKeyPairPresent)){

$oTPM.CreateEndorsementKeyPair()

}

If(($oTPM.IsEndorsementKeyPairPresent()).IsEndorsementKeyPairPresent){

$OwnerAuth=$oTPM.ConvertToOwnerAuth("customrandompassword")

$oTPM.Clear($OwnerAuth.OwnerAuth)

$oTPM.TakeOwnership($OwnerAuth.OwnerAuth)

}

5. Restart again, this time you will get a prompt at the BIOS to press F10 to accept the chip changes

6. Activate the TPM with CCTK: "cctk –tpmactivation=activate –valsetuppwd=password"

7. Restart again.

That's it.

Working with the restart behavior of Applications in ConfigMgr 2012

Posted: 17 Feb 2013 07:17 AM PST

This week I will do a small post about working with the restart behavior of installations in combination with the Application Model in ConfigMgr 2012. In previous versions there was sometimes a need to use a batch file to catch some weird installation return codes. The nice thing about ConfigMgr 2012 is that it gives us a possibility to specify those return codes and to react on it. In the rest of this post I will show in three steps how to configure ConfigMgr 2012 to work with return (restart) codes.

Step 1: Return codes

RetuCodeRestThe first thing I always do is running the installation of an application a few times and see which return codes it gives me. Based on those experiences I create, if needed, some extra entries in the Return Codes –tab of the Properties of the Deployment Type. By default the following return codes are pre-defined:

  • 0 – Success (no reboot)
  • 1707 – Success (no reboot)
  • 3010 – Soft Reboot
  • 1641 – Hard Reboot
  • 1618 – Fast Retry

Step 2: Enforce specific behavior

UserExpeBehaThe second thing I do is determining how I think the client should react on the return codes. This can be configured, on the User Experience –tab of the Properties of the Deployment Type, by selecting one of values under Should Configuration Manager enforce specific behavior regardless of the application's intended behavior?. The following options are available (including small explanation):

  • Determine behavior based on return codes – (Default) The client will perform any action needed based on the return code of the application.
    • Note: In this case a good configuration in the first step is very important.
  • No specific action – The client won't perform any action.
    • Note: In this case it is possible to completely suppress a restart.
  • The software install program might force a device restart – The client is told that the installation will force a restart.
  • Configuration Manager client will force a mandatory device restart – The client will always perform a restart.

Step 3: Restart behavior

ClieRestSettThe third, and last, thing I do is more a general client setting. From the moment we decide to restart the device we should think about the configuration of the Computer Restart –settings in the Client Settings. The following Device Settings can be configured:

  • Display a temporary notification to the user that indicates the interval before the user is logged of or the computer restarts (minutes) – Default is 90 minutes.
  • Display a dialog box that the user cannot close, which displays the countdown interval before the user is logged of or the computer restarts (minutes) – Default is 15 minutes.

Conclusion

The combination of these three steps gives us a lot of options to work with the restart behavior of installations. In most cases the default configuration is perfect, but in some case some tuning is needed. For example, the installation of an application is not allowed at any time. This can be achieved by either configuring a custom return code in the first step, or by specifying No specific action in the second step.

Note: There are also Maintenance Windows and/ or Business Hours, that can influence the restart behavior. I didn't mention them here, because, yes they can exist, but there should always be a moment that we "touch" a users' device and this is about that moment.

Installation Failed. Error Code: 316 - Software Update Point fails to install in SCCM 2012 SP1

Posted: 15 Feb 2013 02:05 PM PST

Recently, I set a Software Update Point up on a remote WSUS server in my SCCM 2012 SP1 environment. Using the SCCM admin console, I ran through the wizard to add the new site system server with the Software Update Point role. After 10 minutes, I noticed that the Software Update Point was not set up. I examined SUPsetup.log in the SMS\Logs folder on the remote WSUS server. It was then that I saw my mistake: The WSUS server did not meet the minimum requirements. It was missing two necessary updates (KB2720211 and KB2734608). Once I installed them, the Software Update Point installed correctly.

Error Message

SUP1

 

 

 

 

 

Updates Installed

SUP2

A quick look at BitLocker installation requirements

Posted: 29 Mar 2013 07:28 AM PDT

A basic BitLocker installation doesn't require any unusual steps, but deploying it on Windows Server 2012 comes with a few caveats.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Rod Trent posted an update in the group System Center Operations Manager: System Center Management Pack for Windows Server DNS […]

Posted: 29 Mar 2013 02:27 PM PDT

Rod Trent wrote a new post, System Center Management Pack for Windows Server DNS released with Windows Server 2012 support

Posted: 29 Mar 2013 02:25 PM PDT

ThumbnailA couple notes about this new MP.  This MP replaces the previous DNS Management Pack completely and is NOT backwards compatible.

And, despite the release date on the page suggesting there are actually 39 days […]

Comments: 0
by to

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)

SCCM by Davis

Cargando...