Wednesday, August 3, 2016

1E - Nomad, creating Pre-cache command file

While working on a project, I needed to cache a set of files but I didn't want to run the standard pre-cache process on multiple packages for a single or multiple machines and wait the standard time.


Step in PowerShell and the SMSNomad command.  SMSNomad is used to call for the package download and can be executed manually.  The command can be run on outside of SCCM and this was important when you have machines in different forests and you want them to have the same cache files before the forests merge. 


Syntax:
SMSNomad.exe
s   : Run in standalone mode (we don't rely on SCCM to do anything)
p: Package Path
ver: package version as seen in the console


Since I use custom ports my example will include that.  For the default ports of 80 or 443, leave it blank


Here is an example of the command we need to run:


"C:\Program Files\1E\NomadBranch\SMSNomad.exe" --s --pp="http://Server.Foo.com:132/SMS_DP_SMSPKG$/AB100002"  --prestage --ver=16


[Download the Configuration Manager package from site AB1, source version 16]


Let's get to the heart of what I was doing ;)


There are two parts, the first part pulls all the packages from a Task Sequence, the next pull all the Packages with a given name in the title and then pull Applications.


*******************************CACHE.PS1*****************************************
## SMSNomad.exe --s --pp="http://server.foo.COM/SMS_DP_SMSPKG$/ABC0007A" --prestage --ver=27
## note, if an Application doesn't have a deployment then no LSZ file will exist, theforer it will faild to download.
#--> Nomad Branch event Evt_Error : 0x0000205d Remote path not found for CONTENT_XXXXXXXXXXXXXXXXX(1)
#This code doesn't check to see if a deployment is present
#Pulling Application ContentID is terribly slow, recode!!
Import-Module 'C:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'
cd ABC:
$ServerPUll="http://Server.foo.com:1234"  #omit :1234 if you don't have custom ports running for IIS
$CacheCMD = "C:\Precache.bat"
$SCCMServer = "PrimaryServerName" #Server, Primary or CAS where the script can read the data from
$SCCMSiteCode = "XXX"  #Site Server code
############################################################################################
 "REM create cache for Task Sequence (both Packages and Applications)"| Out-File -encoding Ascii -filepath $CacheCMD
#XXXXXX Should be replaced with the TAsk Sequence ID
$Ts= Get-CMTaskSequence -TaskSequencePackageId 'XXXXXXX'
$Ts.references  |  Foreach {
  if ( $_.type -ne 1)
  {
     $PackageID  = get-cmpackage -ID $_.Package
     If ( $PackageID.PackageID.length -gt 0)
     {   
        "REM {0}" -f $PackageId.Name  | Out-File -encoding Ascii -APPEND -filepath $CacheCMD
       """C:\Program Files\1E\NomadBranch\SMSNomad.exe"" --s --pp=""{0}/SMS_DP_SMSPKG$/{1}""  --prestage --ver={2}" -f $Serverpull,$PackageID.PackageID, $PackageID.SourceVersion  | Out-File -encoding Ascii -APPEND -filepath $CacheCMD
     }
     else #not Package ID, this must be a WIM or boot media or not package
     {    
      
       $SpecialPackage= Get-WMIObject -ComputerName $SCCMServer -Namespace Root\SMS\Site_$SCCMSiteCode -Class “SMS_Packagebaseclass” | where-object packageid -eq $_.Package 
       "REM {0}" -f  $SpecialPackage.Name  | Out-File -encoding Ascii -APPEND -filepath $CacheCMD
       """C:\Program Files\1E\NomadBranch\SMSNomad.exe"" --s --pp=""{0}/SMS_DP_SMSPKG$/{1}""  --prestage --ver={2}" -f $Serverpull,$_.Package, $SpecialPackage.SourceVersion  | Out-File -encoding Ascii -APPEND -filepath $CacheCMD
    
     }
   }

if ( $_.type -eq 1)  #Application
  {
 
  #WMI is faster, so they say...
   $Application= Get-WMIObject -ComputerName $SCCMServer -Namespace Root\SMS\Site_$SCCMSiteCode -Class “SMS_Application” | where-object Modelname -eq $_.Package  | Sort-Object ContentID -Descending | select LocalizedDisplayName -first 1
    "REM {0}" -f $Application.LocalizedDisplayName  | Out-File -encoding Ascii -APPEND -filepath $CacheCMD
  $Content= Get-WMIObject -ComputerName $SCCMServer -Namespace Root\SMS\Site_$SCCMSiteCode -Class “SMS_CIToContent” | where-object SecuredModelname -eq $_.Package | Sort-Object ContentID -Descending |Select ContentUniqueID -first 1  
    """C:\Program Files\1E\NomadBranch\SMSNomad.exe"" --s --pp=""{0}/SMS_DP_SMSPKG$/{1}""  --prestage --ver=1" -f $Serverpull,$Content.ContentUniqueID    | Out-File -encoding Ascii -APPEND -filepath $CacheCMD
 
  }
 
 }
 ############################################################################################
 "REM create cache for  Packages"| Out-File -encoding Ascii -APPEND -filepath $CacheCMD
### (ABC) Pull Packags that have a (ABC) in the Name
  ###pull all data for a package based on its name
Get-CMPackage -Name "*(ABC)*" | Foreach {
 If ( $_.PackageID.length -gt 0)
   {
     "REM {0}" -f $_.Name  | Out-File -encoding Ascii -APPEND -filepath $CacheCMD
     """C:\Program Files\1E\NomadBranch\SMSNomad.exe"" --s --pp=""{0}/SMS_DP_SMSPKG$/{1}""  --prestage --ver={2}" -f $Serverpull,$_.PackageID, $_.SourceVersion | Out-File -encoding Ascii  -APPEND -filepath $CacheCMD
   }
  
  }
 
  ############################################################################################
###pull all the Applications for a App name
###  Pull Applications that have a (ABC) in the Name

 "REM create cache for  Applications"| Out-File -encoding Ascii -APPEND -filepath $CacheCMD
Get-CMApplication -Name "*(ABC)*" | Foreach {
  #WMI is faster here
   ## 26 SECONDS
    "REM {0}" -f $_.LocalizedDisplayName  |  Out-File -encoding Ascii -APPEND -filepath $CacheCMD
  $Content= Get-WMIObject -ComputerName $SCCMServer -Namespace Root\SMS\Site_$SCCMSiteCode -Class “SMS_CIToContent” | where-object SecuredModelname -eq $_.ModelName | Sort-Object ContentID -Descending |Select ContentUniqueID -first 1  
  
    """C:\Program Files\1E\NomadBranch\SMSNomad.exe"" --s --pp=""{0}/SMS_DP_SMSPKG$/{1}""  --prestage --ver=1" -f $Serverpull,$Content.ContentUniqueID   | Out-File -encoding Ascii -APPEND -filepath $CacheCMD
 
  }






########################
Output will look like this:






"C:\Program Files\1E\NomadBranch\SMSNomad.exe" --s --pp="http://SERVER.FOO.COM.DIR.SLB.COM:132/SMS_DP_SMSPKG$/AB100002"  --prestage --ver=16
"C:\Program Files\1E\NomadBranch\SMSNomad.exe" --s --pp="http://SERVER.FOO.COM.DIR.SLB.COM:132/SMS_DP_SMSPKG$/AB1000AD"  --prestage --ver=7
"C:\Program Files\1E\NomadBranch\SMSNomad.exe" --s --pp="http://SERVER.FOO.COM.DIR.SLB.COM:132/SMS_DP_SMSPKG$/AB1004CD"  --prestage --ver=2
REM Application NAME 123456
"C:\Program Files\1E\NomadBranch\SMSNomad.exe" --s --pp="http://Server.foo.com:1234/SMS_DP_SMSPKG$/Content_2eb63a6d-1be5-41bc-9ef7-814e079de693"  --prestage --ver=1
REM Application NAME 456789
"C:\Program Files\1E\NomadBranch\SMSNomad.exe" --s --pp="http://Server.foo.com:1234/SMS_DP_SMSPKG$/Content_bab5aaad-4ce7-4c34-a3d4-a21e9fb89436"  --prestage --ver=1
REM Application NAME ABC
"C:\Program Files\1E\NomadBranch\SMSNomad.exe" --s --pp="http://Server.foo.com:1234/SMS_DP_SMSPKG$/Content_65d72259-9477-4501-b1ed-ab2582bddfed"  --prestage --ver=1
REM Application NAME DEF
"C:\Program Files\1E\NomadBranch\SMSNomad.exe" --s --pp="http://Server.foo.com:1234/SMS_DP_SMSPKG$/Content_a6ad7f31-b31e-46ea-9de5-343f0b2a1675"  --prestage --ver=1
REM Application NAME GHI
"C:\Program Files\1E\NomadBranch\SMSNomad.exe" --s --pp="http://Server.foo.com:1234/SMS_DP_SMSPKG$/Content_e5112d47-e477-4878-abc0-fa4830318f7f"  --prestage --ver=1





Thursday, June 2, 2016

When to use Prestage content to force a package status



You look in the Monitoring node and notice your package is still pending on the DP


Monitoring Package Status node in The SCCM console


In Progress:


The content for package XXXXXXXXX have not yet arrived from the source site XYZ Distribution Manager will try again later to distribute the content.








Distmgr.log on the Secondary server shows this


No action specified for the package XXXXXXXXX , however there may be package server changes for this package.
All DP threads have completed for package XXXXXXXXX processing thread.
Exiting package processing thread for package XXXXXXXXX .


Looking in the Content Library tool you see the content is still Pending.




********************************************************************
What might make you upset is that you can redistribution, remove add, cancel and yet the lower server will not complete the process.  You might be ready to reset the flag in the database but here is another solution to try first: Use the Prestage tool.


There are many blogs about how to use it so I will point here that will step you through how to create the Prestaged Content File.


Steps:
  1. Create your content file
  2. Copy the file to your lower server
  3. Run the extract command: D:\Program Files\Microsoft Configuration Manager\bin\X64>extractcontent /p:C:\Users\admin\Desktop\Myfile.pkgx /f
Log file - "C:\Temp\2\PrestageContent.log"
Prestaging content to content library D:\SCCMContentLib
        uncompress      25 %
        uncompress      50 %
        uncompress      75 %
        uncompress      100 %
        extract         25 %
        extract         50 %
        extract         75 %
        extract         100 %
Content of package XXXXXXXX.3 is prestaged and registered.


the package and version number should match the SCCM Console


Note: Do not use the /s command, this will ignore the content and that is exactly what you don't want to do. 


You will this in your c:\temp\2\PrestageContent.log
Since content 'XXXXXXXX.3' was skipped, success state message is not sent to server for package 'XXXXXXXX.3'


You will be back at the same problem you had before.


    /F - Force prestaging of content even when it already exists on the site


With this command you will see the 'Extracting' comments in the log.  It should also send a successful command back to the Primary/CAS.  Then you can wait and refresh and see the package marked as Success.


You don't need to change the package or DP to a Prestaged machine.  Simply export the content move and load it.  It is that simple. 


I don't know why it sometimes fails to move the package, yet, you can see all the files and folders correctly in the Content Library.  But this solution does work.

Wednesday, May 11, 2016

Why manage Mobile Devices?


There are many blogs and news articles about which solution is better but very few talk about the Why?  Let’s not start into the debate of the BYOD (Bring Your Own Device) question.  Let’s look more fundamentally at the “why” part.

Companies are anxious about viruses, lost laptops and data breaches but this landscape was never thought of until well after ARPANET started to connect machines in 1969.  It was believed that everyone would work together and security was not well thought of at the time.  Later they started to inflict rules and policies like, don’t send personal data or personal emails over the network.  It was when Morris created what would be later known as the first worm in 1988 and released it to gauge the depth of the Internet and wreaked havoc on the machines that everyone took a serious view of why we need to protected the landscape and write better code.  We have now seen the ability to crash an IPHONE with a special Text message.  What is next?

Why do we want mobile device management?

Control over:

  • Upgrades of Operating System
  • Software install/upgrade of applications
  • Access, Policy and settings
  • Geo-fencing of data or applications
  • What about what we haven’t thought of?

This is just a small view of what companies want to control.  If there is a vulnerability in the OS of the device, grant them control of what do to: Upgrade the device, lock it down, etc.  Everyone wants to protect the company.  I am not going to move into the “user rights vs company protection”. 

You can see many of the desktop management slowly moving to the mobile devices such as policy restrictions, software installs or upgrades.

Let’s think further down the road why it is important to manage not just the mobile devices we carry in our pocket but the IoT (Internet of Things) that run our lives!

Just as you now have A/C, washer, sprinkler service areas, you will soon have more of an IT service personnel at your house making sure they all talk to each other and the “central office”.  No longer will you just have the IT repair person come fix your computer nor will you take your machine to the store to be fixed.  You will have them come in and perform an inspection, yearly or monthly maintenance on devices that control your life.  Each one of your devices might require software, firmware, or possibly even a chip/board upgrade to keep your house secure and compliant.  You don’t want someone hacking your thermostat to gain access to your electronic safe or worse, turn off the security system, open the garage door and walk in.

It is important that all companies and even individuals look in to management of Internet based devices.  Soon the consumer might need to manage their other devices much like they do their car, A/C unit and other “maintenance required” equipment, only this time it is an electronic device interacting with other devices and possibly the Internet.

Embrace device management, no matter if you’re an individual, big or small company.  I look forward to the protection and management of all devices.

This is why Microsoft increased the cadence of Software releases and is slowly adding features to Intune. 

Check out the April 2016 feature list: