Overview of System Center Advisor #sysctr

In this blog I’d like to introduce you to System Center Advisor. What is it, what are the benefits and what’s in for me? In this post I’ll start with some background and go through the installation and configuration of System Center Advisor.

What is System Center Advisor?

System Center Advisor is an online service that analyzes installations of Microsoft SQL Server 2008 (and later versions) and Windows Server 2008 (and later versions). The System Requirements can be reviewed here. Advisor collects data from your installations, analyzes it, and generates alerts that identify potential issues (such as missing security patches) or deviations from identified best practices with regard to configuration and usage. Advisor also provides both current and historical views of the configuration of servers in your environment.

Advisor is developed by the Microsoft System Center Advisor product group in partnership with Microsoft Support engineers to ensure that the issues customers report to Microsoft are detected before they affect your environment. Advisor is regularly updated to reflect the most recent experiences of these engineers, who support customers around the world.

What does Advisor analyze?

With System Center Advisor, the following workloads are analyzed:

Forefront Endpoint Protection 2010 Update Rollup 1 #sysctr

Update Rollup 1 for Microsoft Forefront Endpoint Protection 2010 introduces new features and updates. These new features and updates are summarized below.

The following list is a summary of the updates in FEP Update Rollup 1 for server functionality.

  • A tool that facilitates the use of the Configuration Manager software updates functionality to download FEP definition updates and make them available to client computers running the FEP client software.In order to use the software updates feature for definition updates, you must perform the following high-level steps:
    • Download and install the Update Rollup 1 package.
    • Configure software updates to download definitions for FEP.
    • Configure the package by which the definition updates will be distributed, and configure the distribution settings for it.
    • Install and configure the FEP Software Update Automation tool.

    Addition of support for the FEP client software for Windows Embedded 7 and Windows Server 2008 Server Core. For more information on the added client support, see Prerequisites for Deploying Forefront Endpoint Protection on a Client

Continue reading “Forefront Endpoint Protection 2010 Update Rollup 1 #sysctr”

First day impression of Microsoft Management Summit 2011

Today MMS2011 officially launched. After registering at the registration desk and help build the booth OpsLogix we are ready for an exciting week.

First session was Instructor-led Lab session of Advanced Software Distribution in Configuration Manager 2012, given by Wally Mead. As usual, we left the lab manuals for what it is and we were a bird in flight taken to the new features of SCCM 2012.

What struck me is that the ribbon is introduced as we know from Office 2010, using sophisticated software deployment is made ??of (global) conditions (expressions/clauses) requirement rule, so it enables refined user centric dispensing. As software distribution relationships and conditions can be complex they are visualized in a mapview. Today we also had a scoop! The Exchange Connector in SCCM 2012. Jeff Wetlaufer demonstrated us the Exchange connector which enables Windows and non-windows (Nokia, iPhone, Symbion) Mobile Devices can be easily discovered and managed. Really awesome! Continue reading “First day impression of Microsoft Management Summit 2011”

MDOP 2011 released! App-V 4.6 SP1 and Med-V 2.0 Resources #sysctr

9th of March the MDOP team announced new releases of App-V and MED-V, the two Desktop Virtualization products in MDOP which are general available right now! You can access App-V 4.6 Service Pack1 and MED-V 2.0 as part of MDOP 2011 through the Microsoft Volume Licensing website, MSDN or TechNet.

Just getting started? Check out the App-V 4.6 SP1 Trial Guide or the MED-V 2.0 Trial Guide. Need more information about App-V sequencing? Download the App-V 4.6 SP1 Sequencing Guide. You’ll also want to check out the new App-V videos that walk you through some of the new features, and the new MED-V 2.0 video series. For information about all of Microsoft’s Desktop Virtualization solutions, visit the Springboard Desktop Virtualization Zone.

Continue reading “MDOP 2011 released! App-V 4.6 SP1 and Med-V 2.0 Resources #sysctr”

Configuration Manager clients Auto-Site Assignment with DirectAccess IPv6 #sysctr

Currently I’am implementing DirectAccess (DA) infrastructure for a Dutch customer. First I must say I am very satisfied with its operation of DA. Part of DA is remote management (Eventlog, RDP, SCCM, DPM) of Internet DA clients from Intranet, which is pretty nice working as well!

I was wondering how SCCM client auto-site assignment works through DA. Is it a supported scenario and how does I have to define site boundaries as auto site-assignment is based on? Does I have to define my DA server IPv6 or corporate IPv6 prefix as SCCM IPv6 site boundary? Yes, yes, yes!!! Auto-site assignment is supported by DA and works pretty straight foward as it does for your intranet clients :-)

But first some background of IPv6 prefix.

If you have an IPv4 address on the internal facing interface of UAG DirectAccess server, DirectAccess assumes that you don’t have IPv6 deployed in your organization. An IPv6 address is 128 bit – the first 64 bits are the IPv6 “prefix” (which is similar to the IPv4 network ID) and the last 64 bits represent the IPv6 Host ID (similar to the IPv4 host ID). The UAG DirectAccess wizard configures the network prefix information using a 6to4 prefix based on the public IP address bound to the UAG DirectAccess server. Continue reading “Configuration Manager clients Auto-Site Assignment with DirectAccess IPv6 #sysctr”

Using Collection Variables on collections and sub-collections #sysctr #sccm

Using Configuration Manager collection variables be aware these variables set on parent collections aren’t inherented by sub-collections.

Based on a scenario of multiple Divisions and underlaying Departmental collections structure workstations are deployed by Configuration Manager OS-Deployment. Two variables will be used to automatic determine the OU path. Workstations will be joined to Active Directory (AD) and dynamicaly placed in the correct Organizational Unit (OU).

LDAP://OU=WORKSTATION,OU=%DEP%,OU=%DIV%,DC=CONTOSO,DC=COM

Collection variables can be configured two ways: 

  1. Both Division and Department variables are configured on a single collection where the clients are member off.
  2. Division variable to parent collection and Department variable on sub-collection. Clients should be member of both collections.

Both Division and Department variables are configured on a single collection where the clients are member off.  Division variable to parent collection and Department variable on sub-collection. Clients should be member of both collections.

Use the Collection Variables tab of the Configuration Manager 2007 Collection Name Settings dialog box to define custom task sequence variables and their associated values to be used by the resources in this collection. For more information about task sequence variables use the following link: About Task Sequence Variables

Tip for SCCM 2012 Product Team feature request enabling collection variable equals advertisement applies to sub collections!

AD System Discovery causes crashdumps

Last week I was confronted with the fact that smsexec services was collapsed at one of the ConfigMgr servers. My first thought was to analyze the server logs. What struck me was the presence of the crash dumps folder. This corresponds to the new crash dump sub-directories wich contains smsexec as part of the description.
crash.log

The crash.log pointed me to Active Directory System Discovery as the culprit. When checking the AD System Discovery properties, I discovered a typo of a custom attribute pwdLastSt.

AD System Discovery attribute properties

After corrected typo (pwdLastSet) and run an AD System Discovery cycle…no crashdumps anymore :-) Problem solved!

System Center Service Manager Exchange Connector

The System Center Service Manager – Exchange Connector connects Service Manager to Exchange for processing incoming emails related to incidents and change requests. The emails can update the incident action log or change the status of an incident to resolved or closed. Incoming emails with special keywords allow a change request reviewer to approve or reject a review activity and activity implementers can mark activities assigned to them as completed. The SendEmail solution allows analysts to send messages to users via email from the console.

Feature Summary
This release is compatible with Service Manager 2010 SP1. It contains the final set of features for this version, including

  • Create incident from email
  • Update incident action log from email
  • Resolve or close incidents from email
  • Approve/reject change requests from email
  • Update change request “action log” from email
  • Mark manual activities completed from email
  • Add email file attachment to work items as attachments
  • Send notifications to users from the console

Exchange Connector is a welcome addition to the standard available Service Manager connectors. Besides the Exchange Connector, there are default connectors available for Active Directory, Operations Manager and Configuration Manager. The connector is operates with Microsoft Exchange 2007 SP3 or Exchange 2010 SP1 versions.

The Service Manager Exchange Connector can be downloaded here.

In control with preloading packages

There are several good blogs which describes the proces of preloading packages, explains the tool used and how to troubleshoot.

Preloading packages is proces which can be used to deploy packages to distribution points which couldn’t deployed throughout the hiearchy over slow WAN/LAN connections or to avoid overloading links. The Preload Package Tool (PreloadPkgOnSite.exe) can be used to preinstall packages on distribution points in those scenarios.

This post will explains in a few steps the proces of preloading packages works and how this progress can be monitored.

The “how” you get the files there is really not the most important thing to worry about. Once they’re there and moved to the appropriate location, preloadpkgonsite.exe is required to install the compressed source files. Once done, a status message goes back to the parent server which should stop the upstream server from copying the package source files over the wan to the child site.

Anyway, if it’s a relatively small amount of packages, you can run the execution like so:

preloadpkgonsite.exe <pkgid>

Of course, if it was a small amount of packages, we wouldn’t be having this conversation right now. so what do you do when you have an enormous directory with 75gb worth of packages? On the site server, navigate to <installdir>\bin\i386. this is where the preloadpkgonsite.exe should have been dropped. If not download the preload package tool here. Well, it would look a little something like this…

for /f “delims=.” %a in (‘dir /b \\<siteserver>\sms_<sitecode>\inboxes\pkginfo.box\*.pkg’) do preloadpkgonsite.exe %a

That will effectively run preloadpkgonsite.exe against every known package on that child site server. Now there are caveats to making this work – one being that the .pkg has to exist on the child site server. Verify \\<siteserver>\sms_<sitecode>\inboxes\pkginfo.box if all package information is replicated to your distribution point.

Ensure the compressed packages are locally available at the distribution point and the read-only attribute is set (if archive attribute is set, the procedure will fail)

****** Preload Package On Site ******
Forward package status for pkg <package-id> to site <sitecode>
****** Successfully set the Compressed Package Path on this site ******
****** Successfully forwarded the information up the hierarchy ******

When all packages processed succesfully a status messages goes back to the parent server . Use the query below to determine whether the compressed packages status is ‘Received ‘.

USE <sccm database>
SELECT distinct
PS.ID as ‘PackageID’,
PS.SiteCode as ‘SiteCode’,
PCK.Name as ‘Package Name’,
‘Location’= Case PS.TYPE
when ‘1’ then ‘Compressed Package’
when ‘2’ then ‘Distribution Point’ End,

‘Status’= Case PS.Status
when 0 then ‘NONE’
when 1 then ‘SENT’
when 2 then ‘RECEIVED’
when 3 then ‘INSTALLED’
when 4 then ‘RETRY’
when 5 then ‘FAILED’
when 6 then ‘REMOVED’
when 7 then ‘PENDING_REMOVE’ END

FROM dbo.PkgStatus PS
INNER JOIN dbo.SMSPackages PCK on PS.ID = PCK.PKGID
WHERE PS.SiteCode = ‘<sitecode>’

Run above query to determine if all status messages succesfully forwarded. If all compressed packages indicates status ‘Received’ the status messages sent succesfully to the database. The siteserver is aware of the packages are locally available at the distribution point(s). If not registered packages nevertheless still be copied though the WAN/LAN connection. Continue with the next step adding package(s) to the distribution point(s). Do this using the Copy Package Wizard.

Status messages of preloaded packages received.

When finished adding package(s) to the distribution point(s) packages open the distribution manager log (distmgr.log) @ the distribution point site. Packages are extracted from SMSPKG folder instead of rather copied over WAN/LAN connection. Bear in mind the proces of extracting packages can take a while depending the number and size of packages. The default value for the simultaneous extraction of packages is 3. You can temporarily increase up to 7 simultaneous operation to speed up the proces.

Increase the number of maximum operations.

Run again the above SQL query when all packages extracted and updated to the distribution point(s).  Each package has a status message ‘Received’ and ‘Installed’.

Packages are succesfully extracted.

This, the packages successfully registered on the distribution point(s) without copying them over the WAN/LAN

Have fun!

System Center Configuration Manager Post Service Pack 2 hotfixes

Last week I accompanied a Microsoft Premier Field Engineer performing a Configuration Manager health check (CM RAP) . While we were pointed to a number of missing post SP2 hotfixes. Hereby a complete overview of all the post Configuration Manager SP2 hotfixes which might be handy.

 Article ID Title Priority URL Component
978022 Memory leak in System Center Configuration Manager 2007 SP2 if the distribution point role is enabled High http://support.microsoft.com/kb/978022 Site Server, Distribution Point
981640 The “Backup ConfigMgr Site Server” task fails on a ConfigMgr 2007 site server High http://support.microsoft.com/kb/981640 Site Server
977056 The memory allocation for the Wmiprvse.exe process keeps increasing when you update the membership rules of a collection frequently on a computer that is running System Center Configuration Manager 2007 SP1 or SP2 High http://support.microsoft.com/kb/977056 SMS Provider (Site Server)
982399 A System Center Configuration Manager 2007 SP2 site server randomly stops processing status messages High http://support.microsoft.com/kb/982399 Site Server
978914 The enroll.exe utility for Windows CE 5.0 mobile devices does not read the user name and password you entered in the enroll.cfg file that is used for authentication Low http://support.microsoft.com/kb/978914 Device Client
978588 System Center Configuration Manager 2007 SP2 does not support mobile devices that are running Windows CE 6.0 Low http://support.microsoft.com/kb/978588 Device Client
981796 Japanese characters are displayed incorrectly in the Configuration Manager console after you use ConfigMgr Site Repair Wizard in ConfigMgr 2007 SP2 Low http://support.microsoft.com/kb/981796 Site Server
978759 The Compliance Evaluation report is not localized correctly on the Japanese version of the System Center Configuration Manager 2007 SP2 client Low http://support.microsoft.com/kb/978759 Client
978021 The Distribution Manager that is in System Center Configuration Manager 2007 SP2 does not honor the “Number of retries” and “Delay before retrying (minutes)” retry settings Medium http://support.microsoft.com/kb/978021 Site Server
978754 You cannot import a driver into an OSD image if the driver is signed for only the Windows 7 operating system in SCCM 2007 SP2 Medium http://support.microsoft.com/kb/978754 Client
977203 User state migration fails on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client after you install security update 974571 Medium http://support.microsoft.com/kb/977203 Client
979199 Files are collected incorrectly by Software Inventory or by File collection if the “Automatically adjust clock for daylight saving changes” option is changed Medium http://support.microsoft.com/kb/979199 Client
976073 The Windows Deployment Service stops responding when you use a PXE service point on a computer that is running a System Center Configuration Manager 2007 SP1 or SP2 site server Medium http://support.microsoft.com/kb/976073 PXE Service Point
980488 Asset Intelligence does not collect the “SMS_InstalledSoftwareMS” reporting class on an SCCM 2007 client in a Windows 2000 operation system Medium http://support.microsoft.com/kb/980488 Client
980270 The computer associations are not created by the import computer information wizard in SCCM 2007 Service pack 2 Medium http://support.microsoft.com/kb/980270 Admin UI
978757 The second Search paths may not discovered when you enable the Active Directory System Discovery method or the Active Directory User Discovery method that runs on a System Center Configuration Manager 2007 SP2 site server Medium http://support.microsoft.com/kb/978757 Site Server
978756 Error message when you try to change a deployment template in System Center Configuration Manager 2007 SP1 or in System Center Configuration Manager 2007 SP2: “You do not have security rights to perform this operation” Medium http://support.microsoft.com/kb/978756 Admin UI, Database
982203 The SMS Agent Host service crashes on a System Center Configuration Manager 2007 SP2 client computer if you connect the client to a network that has the NAP feature enabled Medium http://support.microsoft.com/kb/982203 Client