Thursday, June 2, 2016

When to use Prestage content to force a package status

You look in the Monitoring node and notice your package is still pending on the DP

Monitoring Package Status node in The SCCM console

In Progress:

The content for package XXXXXXXXX have not yet arrived from the source site XYZ Distribution Manager will try again later to distribute the content.

Distmgr.log on the Secondary server shows this

No action specified for the package XXXXXXXXX , however there may be package server changes for this package.
All DP threads have completed for package XXXXXXXXX processing thread.
Exiting package processing thread for package XXXXXXXXX .

Looking in the Content Library tool you see the content is still Pending.

What might make you upset is that you can redistribution, remove add, cancel and yet the lower server will not complete the process.  You might be ready to reset the flag in the database but here is another solution to try first: Use the Prestage tool.

There are many blogs about how to use it so I will point here that will step you through how to create the Prestaged Content File.

  1. Create your content file
  2. Copy the file to your lower server
  3. Run the extract command: D:\Program Files\Microsoft Configuration Manager\bin\X64>extractcontent /p:C:\Users\admin\Desktop\Myfile.pkgx /f
Log file - "C:\Temp\2\PrestageContent.log"
Prestaging content to content library D:\SCCMContentLib
        uncompress      25 %
        uncompress      50 %
        uncompress      75 %
        uncompress      100 %
        extract         25 %
        extract         50 %
        extract         75 %
        extract         100 %
Content of package XXXXXXXX.3 is prestaged and registered.

the package and version number should match the SCCM Console

Note: Do not use the /s command, this will ignore the content and that is exactly what you don't want to do. 

You will this in your c:\temp\2\PrestageContent.log
Since content 'XXXXXXXX.3' was skipped, success state message is not sent to server for package 'XXXXXXXX.3'

You will be back at the same problem you had before.

    /F - Force prestaging of content even when it already exists on the site

With this command you will see the 'Extracting' comments in the log.  It should also send a successful command back to the Primary/CAS.  Then you can wait and refresh and see the package marked as Success.

You don't need to change the package or DP to a Prestaged machine.  Simply export the content move and load it.  It is that simple. 

I don't know why it sometimes fails to move the package, yet, you can see all the files and folders correctly in the Content Library.  But this solution does work.

Wednesday, May 11, 2016

Why manage Mobile Devices?

There are many blogs and news articles about which solution is better but very few talk about the Why?  Let’s not start into the debate of the BYOD (Bring Your Own Device) question.  Let’s look more fundamentally at the “why” part.

Companies are anxious about viruses, lost laptops and data breaches but this landscape was never thought of until well after ARPANET started to connect machines in 1969.  It was believed that everyone would work together and security was not well thought of at the time.  Later they started to inflict rules and policies like, don’t send personal data or personal emails over the network.  It was when Morris created what would be later known as the first worm in 1988 and released it to gauge the depth of the Internet and wreaked havoc on the machines that everyone took a serious view of why we need to protected the landscape and write better code.  We have now seen the ability to crash an IPHONE with a special Text message.  What is next?

Why do we want mobile device management?

Control over:

  • Upgrades of Operating System
  • Software install/upgrade of applications
  • Access, Policy and settings
  • Geo-fencing of data or applications
  • What about what we haven’t thought of?

This is just a small view of what companies want to control.  If there is a vulnerability in the OS of the device, grant them control of what do to: Upgrade the device, lock it down, etc.  Everyone wants to protect the company.  I am not going to move into the “user rights vs company protection”. 

You can see many of the desktop management slowly moving to the mobile devices such as policy restrictions, software installs or upgrades.

Let’s think further down the road why it is important to manage not just the mobile devices we carry in our pocket but the IoT (Internet of Things) that run our lives!

Just as you now have A/C, washer, sprinkler service areas, you will soon have more of an IT service personnel at your house making sure they all talk to each other and the “central office”.  No longer will you just have the IT repair person come fix your computer nor will you take your machine to the store to be fixed.  You will have them come in and perform an inspection, yearly or monthly maintenance on devices that control your life.  Each one of your devices might require software, firmware, or possibly even a chip/board upgrade to keep your house secure and compliant.  You don’t want someone hacking your thermostat to gain access to your electronic safe or worse, turn off the security system, open the garage door and walk in.

It is important that all companies and even individuals look in to management of Internet based devices.  Soon the consumer might need to manage their other devices much like they do their car, A/C unit and other “maintenance required” equipment, only this time it is an electronic device interacting with other devices and possibly the Internet.

Embrace device management, no matter if you’re an individual, big or small company.  I look forward to the protection and management of all devices.

This is why Microsoft increased the cadence of Software releases and is slowly adding features to Intune. 

Check out the April 2016 feature list:

Friday, March 11, 2016

Now Available: Update 1602 for System Center Configuration Manager

For those waiting in anticipation for 1602, here if the official release

The major enhancements to this release is the Servicing of Windows 10 and the health Attestation. 

Windows 10  health is a vital part of this upgrade because you need to be aware of client health.  You also want to be aware of which version of Windows 10 is running on the devices.  This the first of many advances we will see with Current Branch for both Windows 10 and Configuration Manager.

  • Client Online Status: You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline.
  • Support for SQL Server AlwaysOn Availability Groups: Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database.
  • Windows 10 Device Health Attestation Reporting: You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software.
  • Office 365 Update Management: You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update.
  • New Antimalware Policy Settings: New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan