CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

A new Configuration Manager 2012 book is available, written by fellow MVP Raphael Perez.

CapaNova-558x336

Be sure to check it out! You find it here: http://www.rflsystems.co.uk/products/product-category/understanding-system-center-configuration-manager-2012-sp1/

To follow up on my last post on building images with Configuration Manager 2012 I thought I would cover the scenario where you need to pull the updates from either WSUS or Windows Update instead of using Configuration Manager for installing the updates.

Chris Nackers wrote a great post on how to run ZTIWindowsUpdate.wsf from MDT standalone in Configuration Manager to install updates from a WSUS server. http://myitforum.com/cs2/blogs/cnackers/archive/2011/04/28/using-ztiwindowsupdate-wsf-to-install-updates-in-a-system-center-configuration-manager-task-sequence.aspx

The same script can be used to install updates from Windows Update following the guide above, when doing that here are some good tips.

1. Exclude updates
When excluding updates when the script is used in MDT, the excluded updates are configured in Customsettings.ini file, when using the script in Configuration Manager 2012 you can set them as variables in the Task Sequence instead.
Each exclusion needs a new variable and the value can be either the ArticleID or the KB number. Below is an example on how to block the browser choice, which is a big pain in the European Union, note that the KB should be written with the KB number only.

ExcludeWUMU

Other useful updates that can be interesting to block:

Bing Bar version 7.2 : KB2673774
Browser Choice: KB976002
Internet Explorer 10: KB2718695

2. Use a Proxy server
In some scenarios you need to use a proxy to be able to use Windows Update during the task sequence, when the script is run when using MDT this script can be used: http://blogs.technet.com/b/deploymentguys/archive/2010/11/30/using-the-mdt-windows-update-tasks-in-image-engineering.aspx however when you use Configuration Manager there is no logged on user we need to use Netsh Winhttp Set Proxy

Before running the ZTIWindowsUpdate.wsf step it would look like below.

WindowsUpdate1And after running the ZTIWindowsUpdate.swf step we remove the Proxy settings.

WindowsUpdate2

3. Windows 7 sp1 Hotfixes: Don’t forget to include the Windows 7 sp1 Enterprise Hotfix Rollup in your image:http://support.microsoft.com/kb/2775511 and the Management Framework 3.0 which includes support for Powershell 3.0 http://support.microsoft.com/kb/2506143 in your image. I normally install more hotfixes as well.

4. Copy CMtrace to all computers: I always copy Cmtrace to C:\windows during the build of my images as I always end up missing it otherwise.

Happy image building!

I build my master images either in ConfigMgr or MDT depending on customer demands and resources available. When building them in Configuration Manager 2012 there are some things that are good to know, which basically is the same as when you manage Workgroup Computers as they aren’t members of the domain at that stage.

1. As the client is not member of the AD and therefore cannot query the AD for an MP you must point to the MP during the “Setup Windows and Configuration Manager” step using the SMSMP=SCCM02.Contoso.com point to the Management Point for the site.

Setup Windows and configMgr2. I normally import the virtual computer I am using to build the image from. If the build fails (which tends to happen now and then, when changes are made) You get an error that no Task sequences are assigned to this computer:
No Task SequenceI have seen many times on the forums questions about if the computer must be deleted and imported again to be able to run a second time. This is not the case, as I wrote above the client in this scenario is a Workgroup Client and therefor not automatically approved which is visible in the console if you add the Column “Approved”

Approve Client

So simply approving it will solve the problem and the client will be able to run the Task Sequence again.
ApproveYou could also change the Hierarchy Setting and change the approval behavior but that would seem a little unnecessary if you don’t manage Workgroup Computers.

Automatic Approval1
3. The third can actually be solved in two ways, either make sure that the DNS Domain Name (15) in DHCP is used and contains the correct DNS Domain name or make sure to use FQDN in the server name in the “Capture Reference Computer” step. It is really irritating when the Image build fails on the last step :-(

Capture3I hope this will save someone out there a little time!

Great news right after the vacation is finished!

SCUG.SE (System Center user group Sweden) are planning two new System Center days at the Microsoft office in Akalla on September 23/24!
We call it System Center 2012 R2 days! It will be the same as last, one day that focuses on Client Management and one day focusing on Datacenter Management.

Client Day Sessions:

08:30 – 09:00 Registrering

09:00 – 09:10 – Välkommna Dag 2 Stefan Schörling

09:10 – 10:30  - System Center Configuration Manager 2012 R2 – TBA

10:45 – 12:00 – Managing and configuring UE-V, MBAM and DaRT in CM2012 R2 – Andreas Stenhall

12:00-12:45 – Lunch

12:45 – 14:00 – How to Build your IT Infrastructure to support BYOD – Jörgen Nilsson / Anders Olsson

14:15-15:30 – Managing your devices using Windows Intune –  Björn Axel

15:45-17:00 – TBA

Datacenter Day Sessions:

08:30 – 09:00 Registrering

09:00 – 09:10 – Välkommna Stefan Schörling

09:10 -10:15 – Using the R2 releases to build your Private Cloud – Mikael Nyström

10:45 – 12:00 – Levereing the Cloud in your own datacenter – Joachim Nässlander

12:00-12:45 – Lunch

12:45 – 14:00 – Massive Data warehouse reporting that will rock the boat with System Center– Patrik Sundqvist

14:15-15:30 – Cooking up gourmet automation solutions with System Center – Anders Bengtsson

15:45-17:00 – Vision Service Delivery System Center R2 better together– Robert Hedblom

Registration is free and now open! register now on:

Client Day: http://scugclientday.eventbrite.com/

Datacenter Day:  http://scugdcday.eventbrite.com/

740810_10151223710004296_1783026840_o

I have always been using the Windows 7 USB/DVD Tool http://www.microsoftstore.com/store/msusa/html/pbPage.Help_Win7_usbdvd_dwnTool to create a bootable USB drives and it has worked fine.

By incident I ran into another tool called Rufus which is so much easier to use when creating a bootable USB drive, it has support for UEFI built-in as well which is great!

It makes life a little easier.

http://rufus.akeo.ie/

rufus

I did an installation of Bitlocker Administration and Monitoring tool today in an Configuration Manager 2012 Sp1 environment with multiple Reporting Services points. When running the installation of MBAM 2 on the Configuration Manager 2012 server I ran into this issue:
“Setup was unable to verify prerequisites on the computer”
Error: Sequence contains more than one element.

MBAM multiple SSRS
The only useful thing in the log file was that the last thing it checked was the last thing it checked was:

Checking that the CM server is considered a primary site CM system.

Checking that the CM server has the Desired Configuration Management (DCM) agent enabled.
Checking that the CM server has the Hardware Inventory agent enabled.
Checking that CM has SQL Server Reporting Services (SSRS) integration
Checking SSRS user permissions.

Checking that the CM server is considered a primary site CM system.

Checking that the CM server has the Desired Configuration Management (DCM) agent enabled.

Checking that the CM server has the Hardware Inventory agent enabled.

Checking that CM has SQL Server Reporting Services (SSRS) integration

Checking SSRS user permissions.

Removing one of the Reporting Services Points solved the issue and the installation was successful.

Time for an old one… NO_SMS_ON_DRIVE.SMS. It is still valid and should be used on disks that shouldn’t be used by Configuration Manager, it goes for all versions. It is an empty text file mentioned above, which tells Configuration Manager not to use that disk. I still see this not being used at many customers and in the forums, therefor time for this little reminder.

NO_SMS_On_DRIVE.SMS

A great example would be when you use a remote SQL Server, a cluster perhaps, the SMS Executive files will be installed on the largest volume and not on the local C: drive bur perhaps a clustered disk which will cause errors when the cluster fails over. Another example would be a file server used as a DP as well, the largest disk will be used if the selected one is filled up.

It is also documented here: http://technet.microsoft.com/en-us/library/bb632890.aspx

So don’t forget to create the NO_SMS_ON_DRIVE.SMS file.

The summer is here and so is Microsoft Sommarkollo 2013! :D Sommarkollo is a free event which offers a lot of half day sessions around many new Microsoft technologies in Helsingborg, Stockholm and Göteborg.

I will be presenting in Helsingborg and Göteborg: (in Swedish)

Nästa generations klienthantering med System Center 2012 SP1 / R2 och Windows Intune

Med nya enheter som behöver hanteras och Bring Your Own Device trenden som sveper fram, släpper Microsoft nu System Center 2012 Configuration Manager R2 samt en ny version av Windows Intune. Under denna session går vi igenom nyheterna i R2/Intune samt vad man kan göra med Configuration Manager 2012 SP1 och Windows Intune redan idag när det gäller hantering av andra enheter än Windows samt hur man kan hantera BYOD.

Anmäl dig till sessionen i Helsingborg den 25/6 här >

Anmäl dig till sessionen i Göteborg den 27/6 här >

I hope to see many of you there!