CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

As I wrote in the previous blog post the AdminConsole on the Primary site server and CAS if that is used, is not updated automatically during the installation of CU1 for SP1. It is also noted in the CU1 KB: http://support.microsoft.com/kb/2817245

The PowerShell changes that are referenced in this article are contained in the Administrator Console update (Adminconsole.msi). The Administrator Console update is not automatically installed on a site server when the cumulative update setup wrapper (Updatesetup.exe) runs. The wrapper creates an additional installation package and program that must be run to update the Administrator Console.”

Before the upgrade of the Admin Console the version number is: 5.0.07804.1000, this can be found under About in the upper left corner in the Admin Console.

sccm2012sp1cu1_1

During the installation of the CU1 update on the Primary site server, packages and programs are created to upgrade the different components,Clients, Admin Console and server updates, as shown below.

sccm2012sp1cu3

If you have the Configuration Manager 2012 client installed on the Configuration Manager 2012 Primary site server, then simply create a collection and deploy the “SP1 Cumulative update 1 – console update -xxx” package/program to the Pirmary Site Server and all clients with the Admin Console installed.

If you don’t manage your Primary Site server with Configuration Manager you can use the command line from the program to install the Admin Console Update.
“Msiexec.exe  /p configmgr2012adminui-sp1-kb2817245-i386.msp /L*v %temp%\configmgr2012adminui-sp1-kb2817245-i386.msp.log /q REINSTALL=ALL REINSTALLMODE=mous”

The update can be found in the \\siteservername\SMS_xxx\hotfix\kb2817245\adminconsole\i386

After the upgrade the version number in the Admin Console has been updated to: 5.0.7804.1202 as shown below.

sccm2012sp1cu1_2

Cumulative Update 1 for System Center 2012 Configuration Manager Service Pack 1 is now available for download!!
http://support.microsoft.com/kb/2817245

Don’t forget to the Admin Console even on the SCCM Primary site server as well after installation as well. Amongst the really interesting updates are many new Powershell cmdlets, they are included in the adminconsole.msi file:

  • Add-CMDistributionPoint
  • Import-CMAntiMalwarePolicy
  • Import-CMDriver
  • New-CMAppVVirtualEnvironment
  • New-CMMigrationJob
  • New-CMPackage
  • New-CMSoftwareUpdateAutoDeploymentRule
  • New-CMTaskSequence
  • New-CMTaskSequenceInstallUpdateAction
  • New-CMTaskSequenceMedia
  • New-CMUserDataAndProfileConfigurationItem
  • Remove-CMTaskSequenceInstallUpdateAction
  • Set-CMTaskSequenceGroup
  • New-CMTaskSequenceGroup
  • Remove-CMTaskSequenceGroup
  • Set-CMApplicationCatalogWebsitePoint
  • Set-CMAppVVirtualEnvironment
  • Set-CMClientPushInstallation
  • Set-CMClientSetting
  • Set-CMDistributionPoint
  • Set-CMDriver
  • Set-CMEndpointProtectionPoint
  • Set-CMEnrollmentPoint
  • Set-CMEnrollmentProxyPoint
  • Set-CMHierarchySetting
  • Set-CMManagementPointComponent
  • Set-CMOperatingSystemImageUpdateSchedule
  • Set-CMOutOfBandManagementComponent
  • Set-CMReportingServicePoint
  • Set-CMSite
  • Set-CMSoftwareUpdateAutoDeploymentRule
  • Set-CMSoftwareUpdatePointComponent
  • Set-CMStateMigrationPoint
  • Set-CMStatusSummarizer
  • Set-CMSystemHealthValidatorPointComponent
  • Set-CMTaskSequence
  • Set-CMTaskSequenceInstallUpdateAction
  • Set-CMUserDataAndProfileConfigurationItem
  • Start-CMDistributionPointUpgrade

The complete list of updates can be found in the download link above.

When Configuring the Automatic Client Upgrade in one site the option to Configure Automatic Client Upgrade was grayed out and not available.
Automatic_Upgrade The User account that was part of the Full Administrator security role but had the following security scope permissions applied.

Automatic_Upgrade1Changing it to “All instances of the objects that are related to the assigned security role” highlighted above solved the issue and the Automatic client upgrade tab was visible again.

In Configuration Manager 2012 SP1 there are so many nice new features included that will make our lives a little easier. To make it even easier to use Configuration Manager 2012 SP1 for patch management there are now two built-in Software Update Automatic Deployment Rules(ADR) templates built-in.
One template for Endpoint Definition Updates and one for Patch Tuesday.

These templates includes the common settings for deploying these updates, which makes it even easier to get started with both Patch Tuesday patching and to deploy Endpoint protection definitions using ADR.
In Configuration Manager 2012 sp1 it is now supported to deploy the Endpoint Definitions more than once a day, so we can deploy them every 8 hours which is recommended based on the frequency of the definition updates for Endpoint Protection.

The templates can be selected directly when you select to create a new ADR. Great feature!

ADR_Rules

There are so many new cool features in Configuration Manager 2012 Service Pack 1. I have had the intention of doing a blog post series on news in Configuration Manager Service Pack 1 for many months now, but now I will finally start with it. I will not write about the big new features like MAC Support, Linux Support, Cloud DP, Pull DP, I will try to focus on the smaller but very useful new features.
There was a question asked on the forum on how to add a “true” restart in the end of a task sequence, which normally would have broken the task sequence, in ConfigMgr 2012 SP1 there is a new Task Sequence variable called SMSTSPostaction.
If you put a command in that variable it will be executed after the Task Sequence completes.
Think of the possibilities here, you could add your own custom script waiting for the Configuration Manager Client to be fully operational then trigger a script to install all applications available to the computer and display a message to the user that the computer is still not ready.
I will keep this simple and use the Shutdown.exe command in the example to force a “true” restart after the Task Sequence is complete. It can of course be used in custom task sequences as well.

It is so simple, create a  Task Sequence variable name it SMSTSPostaction and enter the command to execute, in this case “Shutdown /r ” which will restart the computer after 30 seconds.

postaction

Truly a small but great new feature.

This spring Technet Sweden invites to a online seminars every Thursday starting at the 28 of February.

I have the great honor of delivering two sessions, one on all the news i System Center 2012 Configuration Manager SP1 and one session about managing devices IOS, Windows RT, Windows Phone8 using ConfigMgr 2012 sp1 + Intune.
There are many more interesting sessions on the news in the other System Center 2012 SP1 products.

It will be great fun! Be sure to check it out!

Sp1varen

The complete list of seminars and registration details can be found here (in Swedish):

https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032541281&culture=sv-SE#

I have written different scripts before to install all the prereqs needed for Configuration Manager in different versions. There are great hydration kits out there which can be used to install a Configuration Manager 2012 environment, but if you only want to install all pre-reqs needed by System Center 2012 Configuration Manager SP1  on Windows Server 2012 then you can use this Powershell script.

Note that you need to supply a path to the binaries for .NET Framework 3.5 which is located in the Server 2012 installation media under \sources\sxs\

Change the path in red below to reflect your path to the binaries for .NET Framework 3.5.

install-windowsfeature web-server
install-windowsfeature as-web-support
install-windowsfeature application-server
install-windowsfeature web-wmi
install-windowsfeature WDS
install-Windowsfeature RDC
install-Windowsfeature BITS
install-windowsfeature web-net-ext -source d:\sources\sxs\
install-windowsfeature NET-HTTP-Activation
install-windowsfeature NET-NON-HTTP-Activ
install-windowsfeature web-asp
Install-WindowsFeature -Name UpdateServices, UpdateServices-Ui
& 'C:\Program Files\Update Services\Tools\WsusUtil.exe' postinstall contentdir=C:\WSUS
New-NetFirewallRule -DisplayName "SQL Ports" -Description "SQL ports used by ConfigMgr" -LocalPort 1433,4022 -Protocol TCP -Profile any -Enabled True
New-NetFirewallRule -DisplayName "SQL Ports" -Description "SQL ports used by ConfigMgr" -LocalPort 4022 -Protocol TCP -Profile any -Direction Outbound -Enabled True

install-windowsfeature web-server

install-windowsfeature as-web-support

install-windowsfeature application-server

install-windowsfeature web-wmi

install-windowsfeature WDS

install-Windowsfeature RDC

install-Windowsfeature BITS

install-windowsfeature web-net-ext -source d:\sources\sxs\

install-windowsfeature NET-HTTP-Activation

install-windowsfeature NET-NON-HTTP-Activ

install-windowsfeature web-asp

Install-WindowsFeature -Name UpdateServices, UpdateServices-Ui

& 'C:\Program Files\Update Services\Tools\WsusUtil.exe' postinstall contentdir=C:\WSUS

New-NetFirewallRule -DisplayName "SQL Ports" -Description "SQL ports used by ConfigMgr" -LocalPort 1433,4022 -Protocol TCP -Profile any -Enabled True

New-NetFirewallRule -DisplayName "SQL Ports" -Description "SQL ports used by ConfigMgr" -LocalPort 4022 -Protocol TCP -Profile any -Direction Outbound -Enabled True

There are some interesting reading in the supported configurations for WSUS in Server 2012 which is useful to know when you design your Configuration Manager 2012 environment with a Software Update role. I normally use the same SQL for WSUS as I use for Configuration Manager 2012 in many designs at customers. However there are some interesting reading on Technet about supported databases.

Updated 2013-03-05!!

Right now Microsoft SQL Server 2012 is not supported so keep that in mind when upgrading your SQL or designing your Configuration Manager 2012 SP1 environment.

SQL Server 2012 is now supported by WSUS in Server 2012

  • Windows Internal Database (WID)
  • Microsoft SQL Server 2008 R2 SP1 Standard Edition
  • Microsoft SQL Server 2008 R2 SP1 Enterprise Edition
  • Microsoft SQL Server 2008 R2 SP1 Express Edition
  • Microsoft SQL Server 20012 Standard Edition
  • Microsoft SQL Server 20012 Enterprise Edition
  • Microsoft SQL Server 20012 Express Edition

More information can be found here: http://technet.microsoft.com/en-us/library/hh852344.aspx

Another tip: the same article contains the recommended ant-virus exclusions for WSUS, which is highly recommended from a performance perspective. Note that the content directory is not heavily used when using WSUS with Configuration Manager.

  • \WSUS\WSUSContent where \WSUS\ is the location of the WSUS content folder
  • %windir%\wid\data
  • \SoftwareDistribution\Datastore (for client only)
  • \SoftwareDistribution\Download