Good Website for MDT
SYSPREP 2003
sysprep a windows 2003 R2 image, follow the below:
- Insert CD1
- go to Support\Tools\Deploy.cab
- select everything and extract them to c:\sysprep ( a folder that you have created it)
- Double click sysprep.exe.
- Keep the default settings (Options un-selected, shutdown mode: shutdown)
- click on Reseal
- And press Ok
Hyper – V --- SysPrep Windows 2008 R2
1) Install WINDOWS 2008 R2 on the host machine
2) Add Hyper V role
3) Create a new VM to act as the base IMAGE
4) Mount an ISO version of windows 2008 or R2
5) Install the OS
6) Run Sysprep (/generalize switch enabled), Shutdown
7) Inside Hyper V manager, Export to a alternate location
8) After Export is done, copy the entire folder to your permanent location
9) Inside Hyper V manager, import the VM you copied.
10) Rename to a friendly name.
11) Fire the new VM up, run through the sysprep process and poof!
12) Make sure you chose "Copy the virtual machine (create a new unique ID)' option, this is not the default.
LAB - IPv6 Test Lab for Windows Server 2008 R2 and Windows 7
Tool for SAM – from xAssets for SCCM
SAM Features with xAssets -
- Configurable, Robust and Complete Reporting of all SCCM Assets
- Software Asset Management
- Options to discover Linux, Unix, Mac, IP Phone, Network Equipment into the SCCM inventory
- Integrate to Active Directory and other IT systems
- Contract Management
- Spare Parts Inventory
- Scalable to Large Enterprises
- Hosted SAAS or Locally Installed
Some good MS Blogs
The App-V Team blog: http://blogs.technet.com/appv/
The WSUS Support Team blog: http://blogs.technet.com/sus/
The SCMDM Support Team blog: http://blogs.technet.com/mdm/
The ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
The SCOM 2007 Support Team blog: http://blogs.technet.com/operationsmgr/
The SCVMM Team blog: http://blogs.technet.com/scvmm/
The MED-V Team blog: http://blogs.technet.com/medv/
The DPM Team blog: http://blogs.technet.com/dpm/
The OOB Support Team blog: http://blogs.technet.com/oob/
The Opalis Team blog: http://blogs.technet.com/opalis
The Service Manager Team blog: http: http://blogs.technet.com/b/servicemanager
The AVIcode Team blog: http: http://blogs.technet.com/b/avicode
The System Center Essentials Team blog: http: http://blogs.technet.com/b/systemcenteressentials
The Server App-V Team blog: http: http://blogs.technet.com/b/serverappv
Software Inventory less than 21 Days - Collection
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where ResourceId in (select ResourceID from SMS_R_System inner join SMS_G_System_LastSoftwareScan on SMS_G_System_LastSoftwareScan.ResourceID = SMS_R_System.ResourceId where DATEDIFF(dd,SMS_G_System_LastSoftwareScan.LastScanDate,GetDate()) > 21 )
SCCM/ SMS Console Installed Systems Collection
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "Microsoft Systems Management Server 2003 Administrator Console"
Patch Supersedence Report from SQL Query
select cir.FromCIID [New CI],
info.BulletinID [New BulletinID],
info.ArticleID [New ArticleID],
info.Title [New Title],
info.InfoURL [New InfoURL],
info.DatePosted [New DatePosted],
cir.ToCIID [SUPERSEDED CI],
info2.BulletinID [Superseded BulletinID],
info2.ArticleID [Superseded ArticleID],
info2.Title [Superseded Title],
info2.InfoURL [Superseded InfoURL],
info2.DatePosted [Superseded DatePosted]
from v_CIRelation cir
left join v_UpdateInfo info on cir.FromCIID = info.CI_ID
left join v_UpdateInfo info2 on cir.ToCIID = info2.CI_ID
where RelationType = 6
((info.ArticleID = @KBNumber) OR (info2.ArticleID = @KBNumber))
order by info.BulletinID, info.ArticleID
Microsoft Virtual Academy
Now you can learn from Microsoft Virtual Academy
Improve your IT skill set and help advance your career with a free, easy to access training portal. Learn at your own pace, focusing on Microsoft technologies, gain points and get recognition.
Windows 8 Preview
SCCM 2012 Hierarchy Technology Overview - SCCM 2012 Meetings
One other Great tool to fix client actions without Console (Right click tools)
I Just checked the tool and found it would useful for one works on SCCM Client health
It has key features as below
- Initiate most common SCCM client schedule actions.
- Initiate SCCM client health checks and fixes. Allows running checks with and without fixes as well as full health check.
- Initiate basic administrative actions on workstations.
- Switch between integrated authentication and alternate credentials. When logged on username has not enough rights it’s possible to specify alternate credentials by clicking on a link in top-right corner. Windows XP requires that cmdkey.exe is available in HTA folder.
- Use TXT, CSV, XLS or XLSX files as the data source. Files with TXT extension must have computer names on each line. Excel worksheets are read from column A starting from second row. Using exported CSV from SCCM console is also supported – script knows that computer names are in first column.
- Populate computer list from SCCM collection. Allows loading all collection members into a list.
- Manually enter computer names into a textbox. Allows manually entering one or more computers in a text box for quick actions.
- Supports both 32-bit and 64-bit OS on clients.
- Supports Windows XP SP2 and newer operating systems on clients.
- Displays real-time progress. Works when running HTA on Windows 7 or Windows Server 2008. Useful when there are thousands of computers and it would be nice to know how much is done. HTA window may not update as smoothly in Windows XP and Windows Server 2003, but it works.
- Log is created in a text area and in a file. Lastlog.log is written to HTA folder. By default the log is using Trace32 log formatting.
- Uses configuration file to store default settings.
Client Tasks that can be performed are classified in to 5 categories:
- 1. Client schedule actions
- Hardware Inventory Cycle
- Software Inventory Cycle
- Discovery Data Collection Cycle (Send DDR)
- Machine Policy Retrieval & Evaluation Cycle
- Software Updates Deployment Evaluation Cycle
- Software Updates Scan Cycle
- File Collection Cycle
- Windows Installer Source List Update Cycle
- Software Metering Usage Report Cycle
- Branch Distribution Point Maintenance Task
- Certificate Maintenance Task
- 2. Client agent actions
- Restart SMS Agent Host service
- Repair SCCM client
- Reset SCCM client policies
- Reassign site code
- Generate new SMS GUID
- Delete trusted root key
- Delete certificates (re-register client)
- Change client cache size
- Uninstall SCCM client
- Install SCCM client
- 3. Client health actions
- Check WMI; Fix WMI
- Check services; Check & Fix services
- Check admin$ share; Check & Fix admin$ share
- Check assigned site; Check & Fix assigned site
- Check registry; Check & Fix registry
- Check inventory; Check & Fix inventory
- Check client version
- Full health check
- Full health check with fixes
- 4. Advertisement actions
- Query advertisement status
- Rerun advertisement
- Rerun user based advertisement
- 5. Other actions
- Refresh group policies
- Ping workstations
- Execute remotely (as SYSTEM)
- Get logged-on user
- Log off current user
- Reboot workstations
- Shut down workstations
- Power off workstations
Download it from here :-- http://sccmcat.codeplex.com/
Systems are in “A” collection But not in “B” Collection & Vice versa
ignore other collection
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,
SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,
SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client
from SMS_R_System where Client = 1 and ClientType = 1 and
ResourceId not in (select ResourceID from SMS_CM_RES_COLL_XXXxxxxx)
On Windows 2008 R2 with SP1 you may face MP Fatal error 1603 Problem
This could happened because of not supported versions to fix this you need to apply a patch KB2489044. (I ran into this problem today at a customer place and fix is below)
Asset Intelligence Sync Public Certificate Expired
You may see in AIUpdateSvc.log has entries of “WebException trying to enroll: Status = ProtocolError” and “Exception attempting sync - The request failed with HTTP status 403: Forbidden.”
this could because of your SCCM Public certificate expired. yes by default Microsoft will install a public certificate that will expires on 3 years i.e., 4/25/2011.
To resolve this you need to Update the Certificates for Asset Intelligence
- Configuration Manager 2007 Service Pack 2: Install hotfix KB2483225. This hotfix installs the updated public certificate for System Center online authentication and no further action is required. As part of the hotfix installation, the updated certificate is configured for the Asset Intelligence synchronization point and your specific certificate will be automatically renewed. For more information about this hotfix, see http://support.microsoft.com/kb/2483225/en-us.
- Configuration Manager Service Pack 1: Obtain a certificate file and manually configure the Asset Intelligence synchronization point to use the updated public certificate for System Center online authentication. Use the following steps:
- Email ai-cert@microsoft.com to request a certificate file that contains the updated public certificate for System Center online authentication. Please note that this alias is for certificate distribution only and not for support questions.
- Store the certificate file in a location that is accessible to the site server.
- In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database (<site code> - <site name>) / Site Settings / Site Systems.
- Click the Asset Intelligence Synchronization point site system computer name.
- Select the Asset Intelligence synchronization point, and click Properties.
- On the General tab of the Asset Intelligence Synchronization Point Properties, specify the path to the new System Center Online authentication certificate (.pfx) file, and click OK.
old version of SCCM Clients Collection
Some times old version could cause of some issues… below is a quick query to find the old version of systems
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where ((DATEDIFF(hh, SMS_R_SYSTEM.AgentTime, getdate()) < 23) and AgentName = "SMS_AD_SYSTEM_DISCOVERY_AGENT") and ( SMS_R_System.ClientVersion is null)
Patching Collections
All computers that are in a state of pending restart:
select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from sms_r_system AS sms_r_system inner join SMS_UpdateComplianceStatus as c on c.machineid=sms_r_system.resourceid where c.LastEnforcementMessageID = 9
All computers that failed to install an update:
select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from sms_r_system inner join SMS_UpdateComplianceStatus on SMS_UpdateComplianceStatus.machineid=sms_r_system.resourceid where SMS_UpdateComplianceStatus.LastEnforcementMessageID = 11
All computers that are waiting for another installation to complete:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from sms_r_system AS sms_r_system inner join SMS_UpdateComplianceStatus as c on c.machineid=sms_r_system.resourceid where c.LastEnforcementMessageID = 3
SCCM Advertisement Status Failed systems Collection
To create a collection based on failed advertisement systems.
SELECT sys.ResourceID,sys.ResourceType,sys.Name,sys.SMSUniqueIdentifier,sys.ResourceDomainORWorkgroup,sys.Client FROM sms_r_system as sys inner join SMS_ClientAdvertisementStatus as offer on sys.ResourceID=offer.ResourceID
WHERE AdvertisementID = ‘CEN12345' and LastStateName = "Failed"
Windows Vista Service Pack 1? SP1 support ends on July 12, 2011
if you are running with Windows Vista Service Pack 1? SP1 support ends on July 12, 2011
SCCM Status MessageID for Patching for easy troubleshooting
11700 101 Failed Scan Tool for this update is not available
11701 101 Failed Scan Tool for this update failed
11702 101 Failed The contents hash for this update provided in policy does not match with the contents downloaded
11703 101 Failed The contents for this update could not be located
11704 101 Failed Contents size for this update exceed free cache size available
11705 101 Failed Contents size for this update exceed total cache size available
11706 101 Failed Failed to download contents for this update
11707 101 Failed This Update cannot be attempted due to invalid commandline
11708 101 Failed This Update application failed
11709 101 Failed This Update did not finish in allocated time
11710 101 Failed Creation of process failed for this update
11711 101 Failed Failed to get installer path for this update
11712 101 Failed Failed to monitor process for this update after service restart
11713 101 Failed SMS internal error occurred for this update
11714 101 Failed Bundle update failed to get content for this update
11715 101 Failed Bundle update failed to install this update
11716 101 Failed Bundle update failed to evaluate the applicability of its leaf updates
11717 101 Failed No current or future maintenance window is available to accomodate this update with max runtime
11750 101 Failed Updates enforcement job failed for this assignment
11751 101 Failed Updates failures occured during enforcement of this assignment
11752 101 Failed Some updates are still non-compliant after enforcemet completion of this assignment
11753 101 Failed Post restart updates compliance checking failed
11754 101 Failed Failed to initiate enforcement of this assignment
11755 101 Failed Failed to initiate updates evaluation for this assignment
11756 101 Failed Updates evaluation job completed with failure for this assignment
11757 101 Failed Invalid policy received for this assignment
11758 101 Failed Failed to initiate updates advance download for assignment
11759 101 Failed Updates advance download job completed with failure for assignment
11760 101 Failed No maintenance window is defined to accommodate at least one update in the deployment
Who is installed Software's ?
Collection for computers that failed to run an advertisement
http://blog.coretech.dk/confmgr07/collection-for-computers-that-failed-to-run-an-advertisement/
Who is installed Software's ?
http://blog.coretech.dk/confmgr07/config-mgr-inventory-and-reporting/audit-software-installations/
Troubleshooting SCCM Software Updates
http://www.myitforum.com/myITToolbar/frame-click.asp?
VB Script to Clear SCCM Client Cache (C:\Windows\System32\CCM\Cache)
-------
on error resume next
dim oUIResManager
dim oCache
dim oCacheElement
dim oCacheElements
set oUIResManager = createobject(“UIResource.UIResourceMgr”)
if oUIResManager is nothing then
wscript.echo “Couldn’t create Resource Manager – quitting”
wscript.quit
end if
set oCache=oUIResManager.GetCacheInfo()
if oCache is nothing then
set oUIResManager=nothing
wscript.echo “Couldn’t get cache info – quitting”
wscript.quit
end if
set oCacheElements=oCache.GetCacheElements
for each oCacheElement in oCacheElements
oCache.DeleteCacheElement(oCacheElement.CacheElementID)
next
set oCacheElements=nothing
set oUIResManager=nothing
set oCache=nothing
----------
Do you want to collect all clients LOG files to send it to some one ?
use this script below …
1. Create a folder and place the following batch files and txt file on it: Collect.bat, TestAll.bat, TestPC.bat, and Computers.txt. The codes for the batch files are given below. Place the name or ip address of the machines in computers.txt (one computer name/ip address per line)
2. Run TestAll.bat
3. A folder named “Result” will be created inside the folder where the batch files are located. This folder will contain the log files of the machines that you entered in computers.txt
A. Collect.bat
MD .\Result\%1
MD .\Result\%1\CCMLog
MD .\Result\%1\CCMSETUPLog
xcopy \\%1\admin$\system32\ccm\logs\*.* .\Result\%1\CCMLog /E /Y
xcopy \\%1\admin$\system32\ccmsetup\*.log .\Result\%1\CCMSETUPLog /E /Y
B. TestAll.bat
rd /Q /S .\Result_OLD
Move /Y .\Result .\Result_OLD
rd /Q /S .\Result
MD .\Result
del FailPing.txt
del FailConnect.txt
del Succeed.txt
for /f %%i in (computers.txt) do call TestPC %%i
C. TestPC.bat
@echo off
REM usage: TestPC PCName
if not %1. == . goto INSTALL
Echo Usage: TestPC PCName
goto END
:INSTALL
REM @echo on
Echo Now test %1
Echo Now try to ping %1
ping %1 -n 1 | find /i “ttl=” && Goto ONLINE
Goto OFFLINE
:ONLINE
Echo can ping %1
Echo Now try to connect to \\%1\Admin$
Dir \\%1\Admin$ >nul
If ERRORLEVEL=1 goto ConnectionFailed
Echo Connection test succeeded for %1. Can connect to \\%1\admin$.
Echo %1 >>.\result\Succeed.txt
Echo Now collecting data
call Collect.bat %1
goto END
:OFFLINE
echo cannot ping %1
Echo %1 >>.\result\FailPing.txt
goto Failed
:ConnectionFailed
Echo cannot connect to \\%1\admin$.
Echo %1 >>.\result\FailConnect.txt
goto Failed
:Failed
Echo Connection test failed for %1
:END
Echo.
D. Computers.txt
Hydration – Microsoft Free Test Lab for POC (Proof of Concepts)
Source:- http://blog.coretech.dk/mip/set-up-a-sccm-test-environment-in-no-time/
You can download it from Microsoft Connect here https://connect.microsoft.com/pocjumpstart, just scroll down to the bottom and look for PoC – Jumpstart 10 Day – Hydration Kit. And be aware that license terms of the different software is still in effect..
Here is a download for deploying a few different servers in a datacenter, all fully automated. The servers are two domain controllers, one deployment server with WDS, and one ConfigMgr 2007 SP2 R2 server...
Big thanks to Ben Hunter and Michael Niehaus (Both Microsoft) who started the Hydration Era more five years ago by creating hydration structures and scripts... Microsoft DDPS partners knows this, rest of the world - probably not (until now :) )...
Screenshot of the server roles and configuration
The Task Sequence for the CM01 - ConfigMgr 2007 SP2 Server
View the Video that shows the setup
Play (Stream) or Download (MP4)
Downloads
Download the Hydration solution (72 kb)
Hydration installation instructions
Step 1 - Download the necessary software
On your Hyper-V host, create the C:\Downloads folder and download the following software:
-
ConfigMgr 2007 R2
-
ConfigMgr 2007 with SP2
-
ConfigMgr 2007 Toolkit V2
-
PowerShell Management Library for Hyper-V
(http://pshyperv.codeplex.com/releases/view/38769) -
SQL Server 2008 R2 Enterprise x64
-
SQL Server 2008 R2 Express x64 with Management Tools
-
Windows Server 2008 R2 Enterprise
Step 2 - Prepare the Hydration environment
- Configure Execution Policy in PowerShell, by typing the following in a PowerShell prompt:
Set-ExecutionPolicy Unrestricted
- Extract the HydrationMDT2010.zip file to C:\HydrationMDT2010
- Edit the C:\HydrationMDT2010\HydrationSource\Applications\ConfigMgr 2007 SP2\ConfigMgrUnattend.ini and add the real PID (AAAAA-BBBBB-CCCCC-DDDDD-EEEEE is the place holder), To find out what PID you have, start the ConfigMgr 2007 Setup on a Server, and a few steps into the setup wizard the PID will be displayed. Please note that the setup needs to be executed on a domain member server, otherwise you will only be able to install the ConfigMgr console, and the PID will not be displayed.
- Create the Hydration Deployment Share by running the 1_CreateHydrationDeployment.ps1 script
- Copy the following folders C:\HydrationMDT2010\HydrationSource to C:\Hydration, replace any existing files.
Applications
Control
Operating Systems
Scripts
- Copy the ConfigMgr 2007 Toolkit V2 installation files (ConfigMgrTools.msi) to the C:\Hydration\Applications\ConfigMgr 2007 Toolkit V2\Source folder.
- Copy the ConfigMgr 2007 SP2 installation files to the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source folder.
- Create the C:\Tmp\PreReqs folder, and run the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source\SMSSETUP\BIN\I386\Setup.exe file with the /Download C:\Tmp\PreReqs command line option.
- Move the content of the C:\Tmp folder to the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source\PreReqs folder
- Copy the ConfigMgr 2007 R2 installation files to the C:\Hydration\Applications\ConfigMgr 2007 R2\Source folder
- Copy the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source\SMSSETUP\BIN\I386\EXTADSCH.exe to C:\Hydration\Applications\Extend ConfigMgr 2007 Schema\Source
- Copy the SQL Server 2008 R2 installation files to the C:\Hydration\Applications\SQL Server 2008 R2\Source folder
- Copy the SQL Server 2008 R2 Express installation (en_sql_server_2008_r2_express_with_management_tools_x64.exe) files to the C:\Hydration\Applications\SQL Server 2008 R2 Express\Source folder.
- Copy the Windows Server 2008 R2 Enterprise files to C:\Hydration\Operating Systems\Windows Server 2008 R2 x64
- Create the HydrationServers media item by running the 2_CreateHydrationMediaItem.ps1 script
- Copy the C:\HydrationMDT2010\Media001\Control folder to C:\HydrationServers\Content\Deploy, replace existing files
- Update the HydrationServers media item by running the 3_UpdateHydrationServersMedia.ps1 script
Step 3 – Create and deploy the virtual machines
- Install the PowerShell Management Library for Hyper-V by running the install.cmd script, ignore any errors about .NET Framework
- Verify that the files are not having any alternative data streams, if they do, remove it (using explorer or streams from Sysinternals).
- Create the virtual machines by running the 4_CreateVirtualMachines.ps1 script.
- Using Hyper-V Manager
- Start the DC01 virtual machine, and wait until the setup is complete
- Start the DC02 virtual machine, and wait until the setup is complete
- On DC01, verify that AD replication works with DC02.
- Start the MDT01 virtual machine, and wait until the setup is complete
- Start the CM01 virtual machine, and wait until the setup is complete
Done... Good luck with your hydrations...
A consolidated Report for Patch Deployments
to get the consolidated Report for all your deployments / instead of depending on dashboard you can view this PVT Report
Source:- http://blog.coretech.dk/kea/status-report-for-software-update-deployments/
Select Deploymentname, Available, Deadline,
cast(cast(((cast([Compliant] as float) / (ISNULL([Compliant], 0) + ISNULL([Enforcement state unknown], 0) + ISNULL([Successfully installed update(s)], 0) + ISNULL([Failed to install update(s)], 0) + ISNULL([Installing update(s)], 0) + ISNULL([Waiting for another installation to complete], 0) + ISNULL([Pending system restart], 0) + ISNULL([Downloading update(s)], 0)))*100) as Numeric(10,2)) as varchar(256)) + '%' AS '%Compliant',
[Compliant],
[Enforcement state unknown],
[Successfully installed update(s)],
[Failed to install update(s)],
[Installing update(s)],
[Waiting for another installation to complete],
[Pending system restart],
[Downloading update(s)]
From
(select
a.AssignmentName as DeploymentName,
a.StartTime as Available,
a.EnforcementDeadline as Deadline,
sn.StateName as LastEnforcementState,
count(*) as NumberOfComputers
from v_CIAssignment a
join v_AssignmentState_Combined assc
on a.AssignmentID=assc.AssignmentID
join v_StateNames sn
on assc.StateType = sn.TopicType and sn.StateID=isnull(assc.StateID,0)
group by a.AssignmentName, a.StartTime, a.EnforcementDeadline,
sn.StateName) as PivotData
PIVOT
(
SUM (NumberOfComputers)
FOR LastEnforcementState IN
( [Compliant],
[Enforcement state unknown],
[Successfully installed update(s)],
[Failed to install update(s)],
[Installing update(s)],
[Waiting for another installation to complete],
[Pending system restart],
[Downloading update(s)])
) AS pvt
Software Updates Status messages
Software Updates Status messages are three major types and these are
and each of these are again sub categorized as below.. we can see these message when we ran the software updates reports in SCCM.
POC New released from MS
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=26301cd1-cc72-4dd8-819e-12ef48322743
The PoC Jumpstart provides resources to deploy a desktop PoC with Windows 7, Office 2010, Internet Explorer 8, and Application Virtualization with Microsoft Desktop Optimization Pack technology.
Overview
This self-contained, self-service kit will help you complete a Proof-of -Concept (PoC) at your organization, allowing you to quickly evaluate the new Microsoft desktop technologies, including Windows 7, Office 2010 Pro Plus, Internet Explorer 8, and Application Virtualization with Microsoft Desktop Optimization Pack technology App-V. It will also familiarize you with some of the important deployment tools provided by Microsoft to assist with your broader deployment efforts. This PoC is not meant to be comprehensive training mechanism but rather an introductory set of modules to familiarize you with tools and technologies.
• Microsoft Windows Server 2008 Enterprise Edition – A platform that helps IT Professionals increase the flexibility and reliability of their server infrastructure.
• Microsoft Assessment and Planning Toolkit (MAP) – A tool to assess your hardware readiness for Windows 7 and Office 2010.
• Microsoft Application Compatibility Toolkit (ACT) – A tool to assess your software readiness for Windows 7 and Office 2010.
• Microsoft Office Migration and Planning Manager (OMPM) – A tool to assess and upgrade Office versions and files.
• Microsoft Office Environment Assessment Tool (OEAT) – A tool to assess Office add-ins.
• Microsoft Office Code Compatibility Inspector (OCCI) – A tool guide remediation of Office VBA code.
• Microsoft Security Compliance Manager (SCM) – A tool guide management and customization of group policy settings
• Microsoft Deployment Toolkit – A tool to create, configure, and deploy custom images, applications, and components.
• Windows 7 Enterprise 90-day Trial image – This evaluation edition forms the base image for deployment on client computers.
• Microsoft Office Professional Plus 2010 – Evaluation version - both MSI and App-V sequenced package.
• Microsoft Visio Premium 2010 – Evaluation version.
• Microsoft Project Professional 2010 – Evaluation version.
• Office 2010 with Application Virtualization – This system is deployed virtually to streamline and centralize operations.
• Microsoft SQL Server 2008 R2 Evaluation Edition – This database system is used to store tool results.
The PoC Jumpstart is intended to show you that an upgrade to new Microsoft Optimize Desktop technologies can be seamless, feasible, easy and cost-effective. The PoC Jumpstart will also shed light on the deployment process (tools and technologies) and give your organization confidence for undertaking a broader deployment motion. After completion of the PoC, you should have a test environment setup that will allow you to evaluate the various features of the Microsoft Optimized Desktop and help you make informed decisions to meet your business needs.
Good talking about Client Health common issues that we encounter in real world.
|
SMS to SCCM Auto Migration Script
SMS to SCCM Auto Migration Script
Copy.bat
xcopy /y ccmsetup.exe c:\windows\temp\
xcopy /y ccmclean.exe c:\windows\temp\
xcopy /y install.bat c:\windows\temp\
schtasks /CREATE /SC MINUTE /mo 90 /TN Migration /TR "C:\windows\temp\install.bat" /RU SYSTEM
schtasks /CREATE /SC MINUTO /mo 90 /TN Migration /TR "C:\windows\temp\install.bat" /RU SYSTEM
Install.bat
C:\windows\temp\ccmclean.exe /client /q
C:\windows\temp\Ccmsetup.exe /mp:ServerName SMSSITECODE=Sitecode
SCHTASKS /delete /TN Migration /F
Advertise the Copy.bat then automatically clients will installing the sccm
WMI / WQL Easy Editor
This is a good tool
http://wqlqueryrunner.codeplex.com/
Project Description
WQL Query Runner is (or would be) a tool for WMI SQL query testing.
There are different types of WQL queries. My plan is to support creating all of them, and the first type for which I decided to add support are WQL event queries.
WMI is the Microsoft implementation of WBEM, the industry initiative for computer and network management. It allows you to manage most computer assets in a uniform way. There are several APIs that you can use to access WMI, and most of them utilize WQL queries. WQL is a query language derived from SQL - you can think of it as a simplified SQL language.
The main difficulty when creating WQL queries is not its syntax, but choosing the right WMI objects to SELECT data from and the goal of the utility is to make constructing and testing WQL queries easier.
There are different types of WQL queries, and my plan is to support creating all of them, and the first for which I decided to add support are WQL event queries. The utility provides a way to enter and test event WQL queries locally and also features a wizard that attempts to walk you through all WQL event query elements.
As you can see, this is my first .Net project. I am a system administrator, not a developer, so creating this application involved a lot of learning with little success. So why did I decide to start this? In short, because noone else did. There are several tools out there that help you work with WMI, like WMI tester (wbemtest.exe) that comes with Windows, WMI Tools (a free Microsoft download), WMI Scriptomatic (also a free download from the Microsoft Scripting guys) and WMI Code Creator, but none of these tools concentrate solely on WQL queries - WMI Tester and WMI Tools facilitate browsing the WMI schema, and Scriptomatic and Wmi Code Creator allow you to generate VBScript, C# (and other) code.
It's also been great fun. So until someone that really knows what he's doing starts a similar project, I will continue to work on this one.
2011-02-19
Added a new form to the project that allows you to run ordinary (data) WQL queries. The form is called WQL Query Editor and is similar to the old SQL Server 2000 Query Analyzer.
You can browse available WMI namespaces and classes on the local computer using the TreeView control on the right hand side and execute queries entered in the upper RichTextBox. The results are shown in the lower RichTextBox and can also be viewed in a DataGridView control.
Query Editor can be started from the main window context menu:
or by using a command line switch:
WqlQueryRunner.exe queryeditor
WQL Query Editor takes a couple of seconds to show because it enumerates all available WMI namespace when it starts.
SCCM State ID’s from Client end error (Focused on Patching )
TopicType | StateID | StateName | StateDescription |
300 | 0 | Compliance state unknown | Compliance state unknown |
300 | 1 | Compliant | Compliant |
300 | 2 | Non-compliant | Non-compliant |
300 | 3 | Conflict detected | Conflict detected |
301 | 0 | Enforcement state unknown | Enforcement state unknown |
301 | 1 | Installing update(s) | Installing update(s) |
301 | 2 | Waiting for restart | Waiting for restart |
301 | 3 | Waiting for another installation to complete | Waiting for another installation to complete |
301 | 4 | Successfully installed update(s) | Successfully installed update(s) |
301 | 5 | Pending system restart | Pending system restart |
301 | 6 | Failed to install update(s) | Failed to install update(s) |
301 | 7 | Downloading update(s) | Downloading update(s) |
301 | 8 | Downloaded update(s) | Downloaded update(s) |
301 | 9 | Failed to download update(s) | Failed to download update(s) |
301 | 10 | Waiting for maintenance window before installing | Waiting for maintenance window before installing |
302 | 0 | Evaluation state unknown | Evaluation state unknown |
302 | 1 | Evaluation activated | Evaluation activated |
302 | 2 | Evaluation succeeded | Evaluation succeeded |
302 | 3 | Evaluation failed | Evaluation failed |
400 | 0 | Detection state unknown | Detection state unknown |
400 | 1 | Not Required | Not Required |
400 | 2 | Not Detected | Not Detected |
400 | 3 | Detected | Detected |
401 | 0 | Compliance state unknown | Compliance state unknown |
401 | 1 | Compliant | Compliant |
401 | 2 | Non-Compliant | Non-Compliant |
401 | 3 | Conflict Detected | Conflict Detected |
401 | 4 | Error | Error |
402 | 0 | Enforcement state unknown | Enforcement state unknown |
402 | 1 | Enforcement started | Enforcement started |
402 | 2 | Enforcement waiting for content | Enforcement waiting for content |
402 | 3 | Waiting for another installation to complete | Waiting for another installation to complete |
402 | 4 | Waiting for maintenance window before installing | Waiting for maintenance window before installing |
402 | 5 | Restart required before installing | Restart required before installing |
402 | 6 | General failure | General failure |
402 | 7 | Pending installation | Pending installation |
402 | 8 | Installing update | Installing update |
402 | 9 | Pending system restart | Pending system restart |
402 | 10 | Successfully installed update | Successfully installed update |
402 | 11 | Failed to install update | Failed to install update |
402 | 12 | Downloading update | Downloading update |
402 | 13 | Downloaded update | Downloaded update |
402 | 14 | Failed to download update | Failed to download update |
500 | 0 | Detection state unknown | Detection state unknown |
500 | 1 | Update is not required | Update is not required |
500 | 2 | Update is required | Update is required |
500 | 3 | Update is installed | Update is installed |
501 | 0 | Scan state unknown | Scan state unknown |
501 | 1 | Scan is waiting for content | Scan is waiting for content |
501 | 2 | Scan is running | Scan is running |
501 | 3 | Scan completed | Scan completed |
501 | 4 | Scan is pending retry | Scan is pending retry |
501 | 5 | Scan failed | Scan failed |
501 | 6 | Scan completed with errors | Scan completed with errors |
501 | 7 | SMS 2003 client | SMS 2003 client |
800 | 100 | Client deployment started. | Client deployment started. |
800 | 301 | Unknown client deployment failure. | Unknown client deployment failure. |
800 | 302 | Failed to create the ccmsetup service. | Failed to create the ccmsetup service. |
800 | 303 | Failed to delete the ccmsetup service. | Failed to delete the ccmsetup service. |
800 | 304 | Cannot install over embedded OS with File Based Write Filter (FBWF) enabled on system drive. | Cannot install over embedded OS with File Based Write Filter (FBWF) enabled on system drive. |
800 | 305 | Native security mode is invalid on Windows 2000. | Native security mode is invalid on Windows 2000. |
800 | 306 | Failed to start ccmsetup download process. | Failed to start ccmsetup download process. |
800 | 307 | Invalid ccmsetup command line: | Invalid ccmsetup command line: |
800 | 308 | Failed to download file over WINHTTP at address: | Failed to download file over WINHTTP at address: |
800 | 309 | Failed to download files through BITS at address: | Failed to download files through BITS at address: |
800 | 310 | Failed to install BITS version: | Failed to install BITS version: |
800 | 311 | Can't verify that prerequisite file is MS signed: | Can't verify that prerequisite file is MS signed: |
800 | 312 | Failed to copy file because disk is full. | Failed to copy file because disk is full. |
800 | 313 | Client.msi installation failed with MSI error: | Client.msi installation failed with MSI error: |
800 | 314 | Failed to load ccmsetup.xml manifest file. | Failed to load ccmsetup.xml manifest file. |
800 | 315 | Failed to obtain client certificate. | Failed to obtain client certificate. |
800 | 316 | Prerequisite file is not MS signed: | Prerequisite file is not MS signed: |
800 | 317 | A reboot is required to continue installation. | A reboot is required to continue installation. |
800 | 318 | Can't install the client on the MP because the MP and client versions don't match. | Can't install the client on the MP because the MP and client versions don't match. |
800 | 319 | The operating system or service pack is not supported. | The operating system or service pack is not supported. |
800 | 400 | Client deployment succeeded. | Client deployment succeeded. |
800 | 500 | Client assignment started. | Client assignment started. |
800 | 601 | Unknown client assignment failure. | Unknown client assignment failure. |
800 | 602 | The following site code is invalid: | The following site code is invalid: |
800 | 603 | Failed to assign to MP: | Failed to assign to MP: |
800 | 604 | Failed to discover default management point. | Failed to discover default management point. |
800 | 605 | Failed to download site signing certificate. | Failed to download site signing certificate. |
800 | 606 | Failed to auto discover site code. | Failed to auto discover site code. |
800 | 607 | Site assignment failed. Client version is higher than the site version. | Site assignment failed. Client version is higher than the site version. |
800 | 608 | Failed to get Site Version from AD and SLP. | Failed to get Site Version from AD and SLP. |
800 | 609 | Failed to get Client Version. | Failed to get Client Version. |
800 | 700 | Client assignment succeeded. | Client assignment succeeded. |
1000 | 1 | Client is successfully communicating with the Management Point | Client is successfully communicating with the Management Point |
1000 | 2 | Client is failing to communicate with the Management Point | Client is failing to communicate with the Management Point |
1001 | 1 | Client is successfully retrieving a certificate from the local certificate store | Client is successfully retrieving a certificate from the local certificate store |
1001 | 2 | Client is failing to retrieve a certificate from the local certificate store | Client is failing to retrieve a certificate from the local certificate store |
1100 | 1 | Client is not ready for Native Mode | Client is not ready for Native Mode |
1100 | 2 | Client is ready for Native Mode | Client is ready for Native Mode |
Move SCCM Database to remote SQL server
Move SCCM Database to remote SQL server
a. Back up the site database on the current site database server and restore it on the new site database server computer using the SQL Server Management Studio.
b. Ensure the primary site server computer account has administrative privileges over the new site database server computer.
c. Close any open Configuration Manager console connections to the site server.
d. On the primary site server computer, use the hierarchy maintenance tool (Preinst.exe) to stop all site services with the following command: Preinst /stopsite.
e. On the primary site server computer, click Start, click All Programs, click Microsoft System Center, click Configuration Manager 2007, and click ConfigMgr Setup, or navigate to the .\bin\i386 directory of the Configuration Manager 2007 installation media and double-click Setup.exe.
f. Click Next on the Configuration Manager Setup Wizard Welcome page.
g. Click Perform site maintenance or reset this site on the Configuration Manager Setup Wizard Setup Options page.
h. Select Modify SQL Server configuration on the Configuration Manager Setup Wizard Site Maintenance page.
i. Enter the appropriate SQL Server name and instance (if applicable) for the new site database server as well as the site database name on the Configuration Manager Setup Wizard SQL Server Configuration page.
j. Configuration Manager Setup performs the SQL Server configuration process.
k. Restart the primary site server computer, and verify the site is functioning normally.
SCCM Accounts I can : Below are the accounts used in SCCM
1. AMT Provisioning and Discovery Account
a. Describes the function, creation, maintenance, and security best practices for the AMT Provisioning and Discovery Account.
2. AMT Remote Admin Account
a. Describes the function, creation, maintenance, and security best practices for the AMT Remote Admin Account.
3. AMT User Accounts
a. Describes the function, creation, maintenance, and security best practices for the AMT User Accounts.
4. Capture Operating System Image Account
a. Describes the function, creation, maintenance, and security best practices for the Capture Operating System Image account.
5. Client Push Installation Account
a. Describes the function, creation, maintenance, and security best practices for the Client Push Installation account.
6. Health State Reference Publishing Account
a. Describes the function, creation, maintenance, and security best practices for the Health State Reference Publishing account.
7. Health State Reference Querying Account
a. Describes the function, creation, maintenance, and security best practices for the Health State Reference Querying account.
8. Management Point Database Connection Account
a. Describes the function, creation, maintenance, and security best practices for the Management Point Database Connection account.
9. MEBx Account
a. Describes the function, creation, maintenance, and security best practices for the MEBx Account.
10. Multicast Service Point Connection Account
a. Describes the function, creation, maintenance, and security best practices for the Multicast Database Connection account.
11. Network Access Account
a. Describes the function, creation, maintenance, and security best practices for the Network Access account.
12. Package Access Account
a. Describes the function, creation, maintenance, and security best practices for the Package Access account.
13. PXE Service Point Database Connection Account
a. Describes the function, creation, maintenance, and security best practices for the PXE Service Point Database Connection account.
14. RAS Sender Phone Book Account
a. Describes the function, creation, maintenance, and security best practices for the RAS Sender Phone Book account.
15. Remote Tools Permitted Viewer Accounts
a. Describes the function, creation, maintenance, and security best practices for the Remote Tools Permitted Viewer accounts.
16. Server Locator Point Database Connection Account
a. Describes the function, creation, maintenance, and security best practices for the Server Locator Point Database Connection account.
17. Site Address Account
a. Describes the function, creation, maintenance, and security best practices for the Site Address account.
18. Site System Installation Account
a. Describes the function, creation, maintenance, and security best practices for the Site System Installation account.
19. Software Update Point Connection Account
a. Describes the function, creation, maintenance, and security best practices for the Software Update Point Connection account.
20. Software Update Point Proxy Server Account
a. Describes the function, creation, maintenance, and security best practices for the Software Update Point Proxy Server account.
21. Task Sequence Editor Domain Joining Account
a. Describes the function, creation, maintenance, and security best practices for the Task Sequence Editor Domain Joining account.
22. Task Sequence Editor Network Folder Connection Account
a. Describes the function, creation, maintenance, and security best practices for the Task Sequence Editor Network Folder Connection account.
23. Task Sequence Run As Account
a. Describes the function, creation, maintenance, and security best practices for the Task Sequence Run As account.
Replace the Hardware for a Secondary Site
One way to replace the hardware for a Secondary Site
from Sherry ==> http://myitforum.com/cs2/blogs/skissinger/archive/2008/07/09/one-way-to-replace-the-hardware-for-a-secondary-site.aspx
Tools needed:
-
Preinst.exe from SMS 2003 Toolkit 2 http://www.microsoft.com/smserver/downloads/2003/tools/toolkit.mspx
-
PreLoadPkgonSite also from SMS 2003 Toolkit 2
-
CloneDP, installed (pre-req of .Net 2) http://sourceforge.net/projects/smsclonedp/
-
Script or method to enumerate .pkg files in X:\smspkg
-
MPTroubleshooter also from SMS2003 Toolkit 2
Resources needed locally on the new server:
-
SMS 2003 Setup files
-
If secondary is to be a proxy MP, setup files for the Operating System
-
Restored or copied from old server, X:\smspkg
-
Restored or copied from old server, X:\smspkgx$ ** (Any steps marked with a ** are optional, see footnote)
Resources needed remotely:
Rights and ability to remote into any primary sites above the secondary site to be replaced.
Timeline - There are 4 time frames
-
Tasks that can done before the new hardware is shipped to the destination; but could also be done once hardware arrives at new location.
-
Tasks done after the new hardware has arrived.
-
Work done after SMS 2003 reinstalled
-
Follow up the next day.
Prior to shipping hardware
-
From a local Distribution Point, copy \\otherserver\x$\smspkg to x:\smspkg
-
From a local Distribution Point, copy \\otherserver\x$\smspkgx$ to x:\smspkgx$ **
-
Copy SMS 2003 setup files to x:\SMSTools\setup
-
Copy PreloadPkgonSite.exe to x:\SMSTools
-
Copy PreloadBuild.vbs to x:\SMSTools
The above steps could also be done once the hardware arrives at the destination, or restored from backup--if you backup your secondary (which we don't normally)
Hardware arrived
-
Optional: if you copied smspkg & smspkgx$ over from ServerOld to ServerNew a significant time ago, you may want to do a Delta copy just before starting. Otherwise, if you preloadpkgonsite of an old version of a pkg file, those packages will need to be re-replicated from the parent.
-
On Current Server, Disable the SMS Services so they do not launch automatically following a reboot.
-
Rename current Server to ServerName_OLD, change IP address from static to dhcp. Reboot.
-
On new hardware, rename to ServerName, change IP from dhcp to static. Reboot.
-
Install IIS with BITS. If IIS had been installed under the old name, uninstall IIS, then reinstall IIS. This is to ensure the iis usernames are defined correctly.
-
Follow the EdNet instructions for removing the Secondary Site from the Primary Site(s) databases, and deleting any jobs. These instructions use the preinst.exe toolkit tool at the Primary Site, and Query Analyzer. (http://www.myitforum.com/articles/1/view.asp?id=5355)
-
Remove the SMS entries for the server in Active Directory for the server itself, and for the MP record. (in the OU System\System Management, SMS-Site-xxx, and SMS-MP-xxx-ServerName)
-
At the Primary Site(s), remove the Standard Sender Address for the secondary site. Wait a minute or so.
-
At the Primary Sites(s), create a new Standard Sender Address for the secondary site.
-
At the secondary site, unshare smspkge$ & rename to smspkge_old (you’ll move files later)**
-
At the secondary site, install SMS from smstools\...\setup.exe, Advanced Security, Remote Tools enabled.
-
Monitor sms\logs\*.log files for errors
-
Monitor Active Directory Users and Computers, the OU System/System Management, for SMS-Site-Rxx to appear.
-
At the direct Primary site, refresh Site hierarchy occasionally. When you see the site reappear, configure boundaries, Addresses, client Agents, Discovery Methods. Configure Site Systems to be a Management Point, and Distribution Point with BITS.
-
At the secondary site, monitor sms\logs\mpsetup.log for success/failure.
If failed, stop and troubleshoot. Multiple problems can occur with this step. Too many to detail here.
If success, run the MP troubleshooter to verify.
SMS Reinstalled
-
Push down 1 (smallish) package. Monitor the Secondary Site recreating smspkge$ share, and putting the new package in there.
-
Highlight all the folders in smspkge_old, and verify the ntfs permissions match what they should be in the new smspkge$. Reset as necessary. Once satisfied permissions are correct, Move all the folders (except the new one you just had rebuilt) to the new smspkge$. You can delete smspkge_old when done (there should only be 1 folder left). **
-
At the secondary, go to a command prompt. CD to x:\smspkg Pick 1 package. Type in x:\smstools\preloadpkgonsite PackageID (without the .pkg extension, i.e., x:\smstools\preloadpkgonsite TST00012)
-
A success message looks like this:
Forward package status for pkg C0100012 to site C01
****** Successfully set the Compressed Package Path on this site ******
****** Successfully forwarded the information up the hierarchy ******
If you got a different message (a failure message), try a different package. If all Packages fail, you may need to check that *.pkg are all Read-only. -
Following the success message, monitor distmgr.log on the Secondary to confirm that package's info has been sent.
-
At the Central Site, add the (new) Secondary site distribution point to that 1 package.
-
Monitor Sender.log at the server(s). Monitor Package Status at the Primary Site server(s).
-
Once you are satisfied the process works, use this script to create a batch file in e:\smspkg to run preloadpkgonsite against all the .pkg files.
-
Edit: instead of steps 9, 10, 11; check out Marcus Oh's blog entry on using PreloadPkgOnSite
Create a preloadbuild.vbs file with the below in e:\smstools. Then start, run wscript e:\smstools\preloadbuild.vbs
The script (correct the variables for your environment/server; the E: drive may not be correct for you):
set fso = wscript.CreateObject("Scripting.FileSystemObject")
set fo = fso.getFolder("e:\smspkg")
set fc = fo.Files
set TheFile = fso.createtextfile("e:\smspkg\preload.bat",True)
For each file in fc
TheArray = Split(file,"\", -1, 1)
StrNameToLoad = Left(TheArray(2),8)
theFile.writeline "e:\smstools\preloadpkgonsite " & strNameToLoad & " >> e:\smstools\preload1.txt"
next
TheFile.Close -
Now that you have a e:\smspkg\preload.bat, go to a cmd prompt, and switch to e:\smspkg. Type in preload.bat, and wait.
-
When it is done, open up e:\smstools\preload1.txt and verify the majority of the entries are “successfully forwarded”. It’s OK if there are a few errors, but if all are errors, there may be a problem.
-
Watch distmgr.log on the secondary; wait for it to complete sending up packages (how long depends upon how many packages you have, this can take quite a while for me).
-
After waiting, add the new DP to a package at the Central Site, and confirm via watching sender.log that the entire package is indeed NOT being replicated downward.
-
Once you’ve confirmed that, run CloneDP, and pick a similar Secondary Site to Clone to the new one. It may take quite a while for CloneDP to go through the entire list of packages to Clone. This is normal; just wait.
CloneDP usage
-
Launch
-
SMS Primary Site Server = your Primary Site Server that has the packages, OK
-
Select an existing Distribution Point, pick a Site Code, a DP, drag & drop the server name to the Packages Source List
-
Select Destination of the new site
-
Click “Assign Packages to DP”.
-
This is the point where "waiting" begins; or the "go to bed and check on it in the morning" step!
Follow up the Next day
-
The following day, check Package Status. For any packages that appear not to have worked, you may need to update all Distribution Points for that 1 package.
** Why are these optional? In our environment, if for some reason there is an "emergency" software installation which may need to occur before a Secondary can be fully rebuilt, the local technicians can browse to the smspkgx$ share, the folder, and manually install software. For that reason, we copy over the smspkgx$ folders, etc. As SMS unpacks the .pkg files into smspkgx$, the folders are replaced.