The D-Spot (The Deployment Spot)

During the analysis phase of a windows 7 x64 migration I have been using the MAP, ACT and OMPM tools.

After handing over all the lists on the application and current client side infrastructure, the first question that came is: “ok I see a lot of applications listed that are only installed on one machine, can you give us the machinenames?”.

ehm well, it should be possible…

in the ACT GUI you can find the computername if you click on the application, but I had to find a way to automate this

So I installed the SQL management studio express and dived into the ACT database.

Here is the SQL query to give you all applications installed on only 1 machine:

SELECT DISTINCT
Application_Computer_Count.computerCount,
Application_Computers_Query.machineName,
Application_Report_Complete_vw.AppName,
Application_Report_Complete_vw.AppID

FROM         Application_Computer_Count INNER JOIN
Application_Report_Complete_vw ON Application_Computer_Count.appID = Application_Report_Complete_vw.AppID INNER JOIN
Application_Computers_Query ON Application_Report_Complete_vw.AppID =Application_Computers_Query.appID

WHERE     (Application_Computer_Count.computerCount= 1)

ORDER BY
Application_Report_Complete_vw.AppName

What is more interesting is the following query, which will give you all applications installed on 1 pc marked with 1 or more issues:

SELECT DISTINCT

App_Issue_Counts.appID,
App_Issue_Counts.activeIssuesCount, Application_Computer_Count.computerCount,
Application_Computers_Query.machineName,Application_Report_Complete_vw.AppName

FROM         App_Issue_Counts INNER JOIN

Application_Computer_Count ON App_Issue_Counts.appID =Application_Computer_Count.appID INNER JOIN

Application_Computers_Query ON App_Issue_Counts.appID =Application_Computers_Query.appID INNER JOIN

Application_Report_Complete_vw ON App_Issue_Counts.appID =Application_Report_Complete_vw.AppID

WHERE     (App_Issue_Counts.activeIssuesCount >=’1′) AND (Application_Computer_Count.computerCount = 1)

ORDER BY
Application_Report_Complete_vw.AppName

another thing with ACT 5.6, was that it did not seem clear to me why none of the 16 bit applications were listed in the collected data

Luckily there is a way to find them with another SQL query, checkout (and credits to): http://www.theexperienceblog.com/2011/04/14/how-to-find-16-bit-applications-in-your-act-inventory

The last thing for now on ACT is that the collector is not capable yet to work with windows 7 sp1.

you need to import a sql script to make this possible

Here is the content of this script (the import can be done via osql.exe -E -i<thenameofthesqlscript> -S”<sqlserver\instance>” -d<dbname> :

INSERT INTO.[dbo].[OS]
([osID]
,[osName]
,[majorVersion]
,[minorVersion]
,[buildNumber]
,[servicePackName]
,[servicePackMajor]
,[servicePackMinor]
,[csdVersion]
,[productType]
,[suite]
,[publishedDate])
VALUES
(N’6.1.1′
,N’Windows 7 SP1′
,6
,1
,0
,N’Service Pack 1′
,1
,0
,N’Service Pack 1′
,0
,0
,’2011-02-22′)
GO

Also remember, the infliction point to test applications during a migration is:

COST of failure X PROBABILITY of failure > COST of testing

As you might already know, communication between SCCM clients and server(s) is heavily dependent on WMI functionality.  In many cases on windows XP clients we had to perform a WMI repair in the past (this is done easily with the client center tool).

However I still had some weird scenarios, even with server OS, eg: After successfully patching a server a few days earlier, the compliance status would still report those patches as missing (although they had been installed successfully…)

This is where I made the link with the so-called WMI stability hotfixes (credits to Kim Oppalfens!  and also http://ccmexec.com/2011/08/suggested-hotfixes-for-wmi-related-issue-on-windows-platforms ).

To try and avoid these kind of problems I have a two-phase approach:

- in the Task Sequence I will install the WMI stability hotfix directly

- I created a separate Task Sequence with all stability hotfixes and have spread that on the rest of our clients.

Note : this is the list of available WMI fixes per OS

2003+XPx64: kb933061
2003 32b: kb933061
XP 32b (SP2): kb933062
Vista/server 2008: which one is it?
Server 2008 R2/W7: 981314 + 977357 + 2465990 (SP1 only)

some more info about this WMI stability hotfix TS:

* first I created a package with 5 different command lines (and 5 programs) pointing to 5 different subfolders

* then I created a TS with 5 separate run command line entries (linked to the 5 programs in the package)

Every Step then has a condition linked to the appropriate OS.

Recently I was looking for a way to apply a specific task sequence step only to desktop machines. As it seems the wmi query for the chassistypes was not working in the task sequence, so I thought why not use the ZTIgather.wsf script from MDT?

as we have no direct need to integrate MDT, I just needed the functionality of the MDT scripts in SCCM.

Start by copying the MDT scripts and put them into a package.  you do not have to create a program for this package. put it on at least one DP.

Edit the TS:

- create a ‘run command line’ step: cscript.exe ZTIgather.wsf /localonly. browse and select your MDTscripts package.

(the localonly parameter is needed or this step will fail with return code 8000)

-in another existing step I have used the variable ‘IsDesktop’ to determine when to apply the step:

See, you do not have to reinvent the wheel again !

I was asked to prepare an SCCM  image for a new batch of machines that will be installed by the vendor.

Afterwards the machines will recieve their name and join the domain after being shipped onsite.

the vendor will be providing us with a list of all mac-addresses, so we can use that to import the computer information and create the link between collection and advertisement.

I will try to go through all steps I did to achieve this result.

1° Create a capture of the current TS

as all new machines will be based on the same model, we use this procedure to save some time later on. (the capture will also have the default applications embedded)

2° Create the Prestage media via a TS

Note: this can be done via one of 2 ways, check the full explanation here:

http://blogs.technet.com/b/configurationmgr/archive/2011/01/11/how-to-stage-task-sequence-prestaged-media-on-a-hard-drive-in-configuration-manager-2007.aspx

Right Click on the Task Sequence and select Create Task Sequence Media

Select the option to create Prestaged Media (R3 required !)
Specify publisher information

Specify name and destination of the output file (this will be a WIMfile)

Select boot and OS image to be used.

This TS has been exported as standalone media on an USB stick that will be handed out to our vendor.

Tip: by default when the Autorun is launched, you have to click on the NEXT button before continuing. If you want to avoid this, edit the tsmbootstrap.ini (located in SMS\data) and change the value of unattend=false into TRUE

3° Add the Prestaged OS image in the SCCM console

The next step is to create an OS image under OSD

Right click on OS images and select ADD operating system image

Input the UNC path of the captured wimfile from step 2

Distribute this new os image to a DP

4° Create a TS to prestage the OS image

Select a custom tasksequence

Step 1 : Format and partition disk

Define the necessary partitions

Step 2 : Apply data image

Select the image package we created in step 2

Make sure to select the correct location, if you have worked with a variable in the partition disk step, you have to reuse that variable again or things will fail.

Step 3 : add a new command line with : wpeutil.exe shutdown

as you can see, the difficulty in this process lies not in this part…

Advertise this TS non-mandatory.

5° Create a TS to finalize the prestaging

This is the part that will be executed onsite

Start with a duplicate of your regular tasksequence, you can remove the step restart in WindowsPE (machines that have the data image, will start from the local bootimage anyway)

You will have to edit the step partition disk and insert a new task sequence variable _SMSTSMediaType set to: not equals OEMMedia

Verify the step Apply OS to make sure that the correct partition will be targeted (again
if you have worked with a variable, this will not function any more as the TS
will now have skipped the partition disk step.), instead choose the correct destination in
‘Specific disk and partition’

Since we used a captured image, we do not need to install any drivers or software any
more (saves us much time)

You will have to cleanup some leftovers of the OEMMedia on the local disk, like the file
autorun.inf and folders oemmedia, sms, smslogs and sources (for now I used separate steps, I know this can be improved…)

After all this it is safe to restart the computer it will now be ready.

Advertise this TS non-mandatory.

So, as end-result how does this process look like?

Part 1 (offsite)

During part 1 (offsite) the prestaged TS will extract the WIM to the local harddisk and then
shutdown the machine.

The machine is now ready for shipping

Part 2 (onsite)

In part 2 (onsite) make sure the machine is not booting to PXE

The machine will boot by default from the bootimage off the hard disk and will then lookup
the advertised Task Sequence by contacting the SCCM server.

(this is done by the autorun.inf which will launch tsmbautorun.exe)

The TS will skip the partition disk step and continue rather quickly with the rest of the TS.

As a good habit this morning I quickly checked my eventviewer on my primary sccm server and noticed a lot of events 107 in the application log “Report server cannot connect to the report server db”.

The ReportServer service was running, restarted it but didn’t solve the problem.

Then I opened the SQL mgmt studio and performed a simple query against the Reportserver db, no problem there either.

Then I started the Reporting Services Configuration Manager and noticed the instance was’t there, clicking on Find resulted in the message “invalid class”

wait a minute, last week a SQL guy changed the service accounts, could this be related?

to solve the issue:

browse to <driveletter>:program files\microsoft sql server\msrs10.mssqlserver\reporting Services\Reportserver and open the bin folder.

copy the reportingservices.mof file

(re)register it with: mofcomp <driveletter>:program files\microsoft sql server\msrs10.mssqlserver\reporting Services\Reportserver\bin\reportingservices.mof.

at first impression everything is working fine, but after about 15 minutes I saw event 120 passing by “the report server cannot decrypt the symmetric key most likely the service account or password has changed”.  So I went back to the Reporting Services Configuration Manager tool > Encryption Keys > click on the delete button.

and now everything is running smoothly again

In Configmgr 07 the SP1 was only imported in english (just as the rest of our updates). The Office 2010 package source is originally in English with (in our case) added languages French and Dutch.

 From one of the troubled clients I found this in the logs;

CAS.LOG:

Location update from CTM for content 1ba18f9a-1d45-44fa-958f-5374f3b9ea5e.1 and request {CDBF2855-B0A1-42AB-80F0-D7B2F939CFD8}               ContentAccess 23/08/2011 04:58:24       828 (0x033C)

Download request only, ignoring location update           ContentAccess 23/08/2011 04:58:24       828 (0x033C)

Setting download timeout options for content request {CDBF2855-B0A1-42AB-80F0-D7B2F939CFD8}: LocationTimeout = 604800, DownloadTimeout = 864000, PerDPInactivityTimeout = 0, TotalInactivityTimeout = 0   ContentAccess 23/08/2011 09:25:33               624 (0×0270)

No need to change timeout settings     ContentAccess 23/08/2011 09:25:33       624 (0×0270)

Setting download timeout options for content request {CDBF2855-B0A1-42AB-80F0-D7B2F939CFD8}: LocationTimeout = 604800, DownloadTimeout = 864000, PerDPInactivityTimeout = 0, TotalInactivityTimeout = 0   ContentAccess 25/08/2011 09:15:17               3232 (0x0CA0)

No need to change timeout settings     ContentAccess 25/08/2011 09:15:17       3232 (0x0CA0)

Setting download timeout options for content request {CDBF2855-B0A1-42AB-80F0-D7B2F939CFD8}: LocationTimeout = 604800, DownloadTimeout = 864000, PerDPInactivityTimeout = 0, TotalInactivityTimeout = 0   ContentAccess 25/08/2011 10:28:44               2144 (0×0860)

No need to change timeout settings     ContentAccess 25/08/2011 10:28:44       2144 (0×0860)

Download failed for content 1ba18f9a-1d45-44fa-958f-5374f3b9ea5e.1 under context System, error 0x800705b4                ContentAccess 26/08/2011 22:25:19       4280 (0x10B8)

Download failed for download request {CDBF2855-B0A1-42AB-80F0-D7B2F939CFD8}   ContentAccess 26/08/2011 22:25:19                4280 (0x10B8)

Raising event:

[SMS_CodePage(437), SMS_LocaleID(1033)]

instance of SoftDistDownloadFailedEvent

{

                ClientID = “GUID:9E699560-328B-42A4-9EB4-2DB4E16AC74F”;

                DateTime = “20110826202519.093000+000″;

                MachineName = “xxxxxxxx“;

                PackageId = “1ba18f9a-1d45-44fa-958f-5374f3b9ea5e”;

                PackageName = “1ba18f9a-1d45-44fa-958f-5374f3b9ea5e”;

                PackageVersion = “1″;

                ProcessID = 3360;

                SiteCode = “399″;

                ThreadID = 4280;

};

                ContentAccess 26/08/2011 22:25:19       4280 (0x10B8)

Successfully raised Download Failed event.       ContentAccess 26/08/2011 22:25:19       4280 (0x10B8)

UPDATESHANDLER.LOG:

Starting download on action (INSTALL) for Update (1ba18f9a-1d45-44fa-958f-5374f3b9ea5e)   UpdatesHandler                29/08/2011 20:59:20       4152 (0×1038)

well, Now we know for sure that the culprit is the missing update ID: 1ba18f9a-1d45-44fa-958f-5374f3b9ea5e.  furthermore it is supposed to be part of the bundled update for SP1 office 2010 (kb 2510690).

Originally I thought I had to simply add the dutch and French languages for this SP1 update, but then it became clear that by default also the Spanish proofing tools are installed.. (check this with the office OCT if you are not sure)

SOLUTION:

So I went to my console > software updates > update repository > service packs > microsoft > office 2010 > select the appropriate version (32bit or 64 bit) of the office 2010 sp1,  Right-click > download updates. Select your existing deployment package, select “download from the internet”, in language selection, I had to select French, dutch and Spanish.

Once the supplemental updates had been downloaded, make sure to update your deployment package as well!.

Then I identified which machines where stuck downloading this update with software updates report States 4 and restarted the SMS Agent Host service, after which the download went further.

Note 1: if you have a bundled update like this, you can check in the content information tab what language you have already downloaded.

Note 2: see also this article on the technet blog: http://blogs.technet.com/b/configurationmgr/archive/2011/08/23/troubleshooting-a-configuration-manager-2007-installation-of-office-2010.aspx

I had this one particular case where FEP did not download the definition updates automatically even though I had already created an auto-approve rule in WSUS for that.

If you would manually initiate the definition updates, they would come from the MS update, not the SCCM server.

In the clients’ eventviewer I could see a lot of events 2001 with either error 0x80072f78: The server returned an invalid or unrecognized response or error 0x800b0003 : The form specified for the subject is not one supported or known by the specified trust provider.  these same errors can also be found in the windowsupdate.log file

Then I went over to the SCCM server and found these interesting errors logged:

event 364:

and

In the WSUS console I noticed that effectively the definition updates had not been downloaded (here is my explanation why I could not get them automatically … )

rightclicking on the definition updates and pushing on ‘Retry Download’, resulted in again an error in the eventviewer.

Then I came to this article http://support.microsoft.com/kb/922330 where I used the WSUS 3 equivalent command of method 1.  After that restart the WSUS service.

After a while I could succesfully download the definition updates from the WSUS console and a few minutes later I noticed that some clients began to pick them up also.

mission achieved!

Today I have been searching to get the SUP role running in SCCM ’07 R3.  doublechecking ports and proxy settings did not advance me much.

the thing is the initial synchronization kept on giving error 6703: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to .
 Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS.
  The operating system reported error 2147500037: Unspecified error

windowsupdate.log: cached cookie has expired

making sure the SCCM server was not applying the GPO with the ‘regular’ WSUS settings enabled.

when I tried to check for updates on the server I kept recieving the message : error 80072f8f or better 80072efd

solution: went to http://support.microsoft.com/kb/931125/en-us and downloaded/installed the rootsupd.exe on my sccm server. after that I was able to check for updates on the server itself and the sync finally started

can’t remember completely how I got to that point..

Problem solved!

Earlier this month the R3 release for SCCM 2007 came out.  Untill then most of us thought this was all about new Power Management features.

Wrong!  there are many other improvements that make R3 worth looking at

Besides Power Management, the following points illustrate all improvements you get after installing R3:

• enhanced performance
• improved console (weren’t we all waiting for that)
• resource management improvements
• Scale increase (up to 300.000 clients)
• OSD OEM pre-stage media

Before you can start with the installation of the R3 setup (about 25 MB), you must have the pre-R3 KB977384 hotfix installed.  Note: the setup of this hotfix will also create a package and program for you.  Create an advertisement and assign it to a proper collection, because this patch must be pushed to all existing clients (they must be rebooted afterwards).

The installation of the R3 itself is very straightforward.

I will describe briefly all improvements besides Power management that will be covered later on.

1) Improvements on the Collection side

After the installation of R3 collections will have a new checkbox called “Dynamically add new resources”.  you can enable this where needed on the existing collections.

The result is that machines that have been newly discovered, will show up in the collections much faster.  Unless you really created a new collection that still needs a full evaluation like before.

Thanks to this Delta Discovery, it will now take a minimum of 5 minutes before a newly discovered user or device in AD appears in Config Manager (before this would take a minimum of 24 hours).

Rightclicking on any collection will show you a new menu entry called “Add Resources”.  this will bring up a dialog where you can search resources and create direct membership rules.

2) Improvements on the Administrative Console side

Rightclicking on a resource will present you a new menu entry called “Manage Collection Membership” with three Items:

• New Collection: add the selected resource to a new collection
• Add to Collection: add the selected resource to an existing collection
• Remove from Collection: remove the resource from the current collection

No longer we have to install third party addons to provide us with these rather simple functionalities.  The Product Team will further enhance and revamp the console in the future, thanks for that!

3) OSD – Prestaged Media

This feature is especially usefull when your pc distributor does the computer stagings on his premises with your customized wim file.

You can still use existing packages from Config Manager, and this also integrates with existing task sequences (you will now see a fourth option in the task sequence media wizard).

The Prestage Media will in fact have a hybrid image, containing the boot media and the OS wim file.

  

I hope the title didn’t scare you too hard…

anyway, I wanted to remind you that in the coming weeks Microsoft will cease to support some client OS.

- on July 13 the support for XP SP2 will stop ( Note: this is not valid if you are running XP SP2 64 bit edition that will be supported until April 2014 )

- also on July 13 extended support for both Windows 2000 client and Server SP4 will stop

- on the first of June, the RC of Windows 7 will stop working.

- Support for Vista RTM has already stopped on April 13

Be Prepared!