Friday, March 11, 2016

Now Available: Update 1602 for System Center Configuration Manager

For those waiting in anticipation for 1602, here if the official release

The major enhancements to this release is the Servicing of Windows 10 and the health Attestation. 

Windows 10  health is a vital part of this upgrade because you need to be aware of client health.  You also want to be aware of which version of Windows 10 is running on the devices.  This the first of many advances we will see with Current Branch for both Windows 10 and Configuration Manager.

  • Client Online Status: You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline.
  • Support for SQL Server AlwaysOn Availability Groups: Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database.
  • Windows 10 Device Health Attestation Reporting: You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software.
  • Office 365 Update Management: You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update.
  • New Antimalware Policy Settings: New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan

Thursday, February 25, 2016

Not Ready to move to CM 1511, Update to Cu3 for R2Sp1 and for Sp2

Microsoft has provided another CU for ConfigMgr 2012 R2Sp1

To see the complete list revier the KB3135680

Here is the ConfigMgr Team blog article

and some highlights:

Administrator Console

  • The Administrator Console may take longer than expected to expand different nodes, such as the All Users or All Devices nodes. This occurs when the console is installed on a touch-screen enabled computer.
  • The Create Task Sequence Wizard generates an Unhandled exception when the Configuration Manager Console is installed on a computer that is running Windows 10 version 1511.
  • The Configuration Manager console exits unexpectedly when the Task Sequence Editor is used to change a Microsoft Recovery (Windows RE) partition. Additionally, you receive an exception that resembles the following:
    System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
  • The Configuration Manager console exits unexpectedly when you try to add a custom icon for an application that's available in the Application Catalog. This only occurs if the FIPS local/group security policy, 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing', is enabled on the computer that is running the console.

Operating system deployment

  • A task sequence may continue for an application installation failure, even if the Continue on error option is not selected in the task sequence properties. This applies to task sequences installing applications that use a dynamic variable list.
  • A task sequence will try to reinstall applications already installed by using a dynamic variable list if one of the applications is configured to restart the computer. For example, if the third in a list of 3 applications requires a restart, the first and second applications in the list will try to install again after the restart.
  • Use of the pre-provision BitLocker task sequence step during an operating system deployment results in the Trusted Platform Module (TPM) having a status of Ready for use, with reduced functionality.

Microsoft Intune and mobile device management

  • In a Configuration Manager environment in which the Microsoft Exchange Server connector is configured for use with Microsoft Exchange Server 2013, mobile devices aren't listed as expected in the All Mobile Devices node of the administrator console. Additionally, errors that resemble the following are recorded in the EasDisc.log file on the Configuration Manager site server:
    ERROR: [MANAGED] Invoking cmdlet Get-Recipient failed. Exception: System.Management.Automation.RemoteException: Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "The value "$true" could not be converted to type System.Boolean….
    ERROR: [MANAGED] Exception: Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "The value "$true" could not be converted to type System.Boolean."
    ERROR: Failed to check status of discovery thread of managed COM. error = Unknown error 0x80131501

    Note This log entry is truncated for readability.
  • The certificate required to connect to the Intune service cannot be renewed if the Microsoft Intune connector is installed to a server other than the site server, and proxy authentication is required for Internet access.
  • Blocking Exchange ActiveSync access for an enrolled device fails. Errors that resemble the following are recorded in the EasDisc.log file on the site server after the blocking action fails:
    *** [42000][102][Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near 'IsUIBlocked'.ERROR: UpdateDeviceAccessState: Execute() failed.

Site Systems

  • The SMS Executive service may exit unexpectedly when it processes a NOIDMIF file that contains a Unicode character invalid for the codepage of the site server.
  • The "Reassign Distribution Point" migration task may stop responding when it tries to reassign a distribution point from a Configuration Manager 2007 secondary site. This occurs if the database record for the 2007 distribution point is removed and replicated to the primary site before the new record is added.
  • The WMI Provider Host (WmiPrvSE.exe) hosting the Configuration Manager Provider (SMSProv) may exceed its memory quota on a site that processes lots of status messages from a custom application. This can result in a loss of connectivity through the Configuration Manager console until the server hosting the provider is restarted.
  • Queries, and query-based collections that use the Windows Update Agent Version as criteria return unexpected results for Windows 10-based computers. This is because the Windows Update Agent Version in hardware inventory data is reported incorrectly in the 6.x range, such as 6.0.10240.16397 instead of the 10.x range, such as 10.0.10240.16397.

Software distribution and content management

  • 3120338 Content can’t be downloaded from Cloud-Based Distribution Points System Center 2012 Configuration Manager Service Pack 2 when BranchCache is enabled
  • Applications deployed to a device that uses the Primary Device global condition will fail if the primary user has an apostrophe in their name.
  • Distribution Points configured for HTTPS communications will be reset to use HTTP communications after other site properties are changed. For example, installing a new Software Update Point can trigger the Distribution Point to revert to HTTP communications. Other Distribution Point settings may also change.
  • 3123884 Application installation fails from the Company Portal in System Center 2012.

Monday, January 4, 2016

1E Nomad / Active Efficiency, Groups Subnets for Single Site Download

If you are using Nomad 5.x / 6.x and Active Efficiently then hopefully you are utilizing the Single Site Download (SSD) feature.  This allows all machines in a given site to share content more efficiently, thus improving the experience.

Machine (computer1) is in an AD boundary call BOSTON.  This machine is in Subnet A
Machine (computer2) is in an AD boundary call BOSTON.  This machine is in Subnet B
Without SSD one machine from each subnet would pull from the local DP/Secondary.  With SSD enabled a machine would have the ability to jump from Subnet A to Subnet B for files instead of reaching over to the DP. 

The default script create the groups via AD Sites and Services
What if you have several AD sites that should be grouped. 
Suppose you have an AD Site called "Boston-1st-Floor" and Boston-2nd-Floor" they are separate AD sites but they are still talking to the same DP.  Here is how you can force the group to create as the PowerShell script is running.

Note that I am ignoring the IPRange boundary types.  This is because for us the IPRanges are use via the VPN solution so we ignore them.

The IPSubnet display name for us is normally like 'XXXXXX - ( ' So for us we simply read the name in SCCM and pull the IP address

##place this just after the wipe command to remove the current boundaries from AE.

$Boundaries = Get-WmiObject -Namespace "root\sms\site_AB1" -ComputerName "PrimaryServerName" -Query "SELECT * FROM SMS_Boundary WHERE BoundaryType ='0'"

foreach ($Boundary in $Boundaries)
  $SiteID = $Boundary.DisplayName.Substring(0,6)
  ###Make special Requests here  #####  
if ($SiteID -like 'Boston-1st-Floor' -or $SiteID -like 'Boston-2nd-Floor' )
    $SiteID = "Full-Boston-Building"
$IPSubnet = $Boundary.DisplayName.Substring( $Boundary.DisplayName.indexof("(")+1, $Boundary.DisplayName.indexof(")") - $Boundary.DisplayName.indexof("(")-1 )

#$IPSubnet =

   AddLocation $SiteID $IPSubnet