Tuesday, October 1, 2013

What’s Next for MMS

Excerpts from Brad Anderson's comments on the future of MMS:

http://blogs.technet.com/b/in_the_cloud/archive/2013/10/01/what-s-next-for-mms.aspx


Starting this year we are merging MMS with TechEd.

objective is simple: Provide attendees a better opportunity for knowledge gathering and technical growth. By drawing together a larger community to this combined event, every attendee will have a dramatically wider range of experts and luminaries (both from the industry and within Microsoft) to learn from and engage.

TechEd 2014 will be your single best source for the latest news, trends, resources and deep technical education. Also, the System Center team is already preparing to teach the deep 300- and 400-level content you’ve come to expect at MMS. There will also be expanded Early Bird pricing options, dedicated Management Meet & Geek opportunities, dedicated Management Instructor-Led Labs and Hands-on Labs, structured and unstructured networking opportunities tuned to the Management community and broader communities, and other unique MMS experiences.

The next step is to mark your calendars for May 12-15, 2014 for TechEd 2014 in Houston, Texas. Registration opens on November 5, 2013, and if you register by December 31, 2013, you’ll get the aforementioned early bird pricing.
If you haven’t already, take a minute to sign up for the TechEd Insiders newsletter to get the latest TechEd information.
I’m looking forward to seeing everyone in Houston.

Friday, September 27, 2013

Local cached package 'C:\WINDOWS\Installer\xxxxxx.msi' is missing.

Evern seen the error the in the client.msi.log file that a local package is missing when trying to install the client.  This could be because a dependence has been removed or badly corrupted, but what file is missing?

Looking in the client.msi.log you might see this line:

MSI (s) (D0:F4) [17:45:28:546]: Warning: Local cached package 'C:\WINDOWS\Installer\6363739.msi' is missing.

Ccmsetup.log:

An MP does not exist on this machine.
Failed with error code 0x8007064c.
Installing version 4.00.6487.2700 of the client with product code {CAE5379F-5C3D-4D0D-AA57-DC1134125BA5}
MSI PROPERTIES are  .....................
IsFileMicrosoftTrusted Verified file 'C:\Windows\ccmsetup\{18173E5E-0E79-4447-A4DC-2CEEAA239871}\client.msi' is MS signed.
Installation failed with error code 1612

Client.msi.log

MSI (s) (84:78) [14:53:58:896]: ******* RunEngine:
           ******* Product: C:\Windows\ccmsetup\{18173E5E-0E79-4447-A4DC-2CEEAA239871}\client.msi
           ******* Action:
           ******* CommandLine: **********

MSI (s) (84:78) [14:53:58:927]: Warning: Local cached package 'C:\Windows\Installer\723298.msi' is missing.
MSI (s) (84:78) [14:53:58:927]: SOURCEMGMT: Looking for sourcelist for product {CAE5379F-5C3D-4D0D-AA57-DC1134125BA5}
MSI (s) (84:78) [14:53:58:942]: SOURCEMGMT: Source is invalid due to missing/inaccessible package.
MSI (s) (84:78) [14:53:58:942]: SOURCEMGMT: Failed to resolve source



Solution:
these all point to a possible missing file.  Indeed if you look in the installer folder you will be missing a file.  The problem is that these files are random and you can't just look up the file on another machine. 

So how do you find what you need?

for ConfigMgr 2007 you can look here
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F9735EACD3C5D0D4AA75CD114321B55A

But the best thing is to stop at the Products node

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\

and search the entire node to look up the XXXx.msi you are missing to see which product is missing.  From there you can then go to another machine and copy the XXXX.msi to the broken machine.

You must look at the InstalledProperties\LocalPackage to see the file name
C:\Windows\Installer\129227f.msi

From here you can either rename the msi file or modify the key to match the file name.

Next restart your install, is this a supported method.  No but it should work.  With all unsupported process, please use at your own risk and test in a lab enviroment first.





Wednesday, August 7, 2013

Native 2007 client fails to start. "Failed to load CryptInfo."

Scenerio:  Secondary client will not start it appears to be damagaed.  check the CCMExec.log and you see the following.


CCMExec.Log

Entering Certificate Maintenance
Client SSL is enabled. The current state is 0x31.
IsCertficateExportable(0x7ee388) skipping check on an MP.
Failed to load CryptInfo.
CCMValidateEncryptionCert failed. (0x80070002)
Creating Encryption Certificate...
Successfully created certifcate

Updating MP mirror key
Phase 0 initialization failed (0x80070002).
Service initialization failed (0x80070002).
Shutting down CCMEXEC...
UninitCommandExec failed (0x800401fb).
Waiting up to 2 seconds for active tasks to complete...
Finished shutting down CCMEXEC.


If you compare this to a working native machine you will see the security data is missing.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CCM\Security

Here you can then export the SingingCertificate and other security information such as "AllowRootCAHashcode".

Export fom a working client and import it to the new client, making sure they are the same. 
Win 7 to Win7 or Secondary to Secondary.

Restart the Service.  It should all now work...

Wednesday, July 17, 2013

SQL errors after installing 2840628, (MS13-052)

There have been several reports of failures in the ConfigMgr environment shortly after installing this update. 

Scenario:
Server 2008  / 2008 R2
SQL 2012  / SQL 2012 SP1
ConfigMgr 2012 installed.
 KB 2840628, (MS13-052) .NET 4 update installed.



This update replaces (http://support.microsoft.com/kb/2656405/ )    MS12-034:


From Microsoft:


 
Issue 1: Configuration Manager 2012

Database replication between sites (CAS/Primary/Secondary) with SQL 2012 will fail.

The rcmctrl.log file on the failing site(s) will contain entries similar the following:

//

Launching 2 sprocs on queue ConfigMgrDRSQueue and 0 sprocs on queue ConfigMgrDRSSiteQueue. SMS_REPLICATION_CONFIGURATION_MONITOR

The asynchronous command finished with return message: [A .NET Framework error occurred during execution of user-defined routine or aggregate "spDRSActivation": ~~System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnection' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnectionFactory' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlPerformanceCounters' threw an exception. ---> System.MethodAccessException: Attempt by method 'System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type, System.Type)' to access method 'System.Diagnostics.SwitchElementsCollection..ctor()' failed. ---> System.Security.SecurityException: Request failed… [truncated for readability]

//

Temporary workarounds

While investigation continues into the best long term solution, the following short term changes can be made to unblock customers in this state:

In SQL Management Studio on the affected server, change the Permission set to Unrestricted for the MessageHandlerService Assembly. This is done in the Assembly properties via:

SQL Server -> Databases -> (Site Database) -> Programmability -> Assemblies -> MessageHandlerService

Once the change is made, replication between sites should automatically recover within 5-10 minutes.


Issue 2: Configuration Manager 2012

Software Update Point synchronization may fail at the end of the sync process. The WSyncMgr.log will have entries similar to the following:

//

error 14: SQL Error Message Failed to generate documents:A .NET Framework error occurred during execution of user-defined routine or aggregate "fnGenerateLanternDocumentsTable": ~~System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnection' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnectionFactory' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlPerformanceCounters' threw an exception. ---> System.MethodAccessException: Attempt by method 'System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type, System.Type)' to access method 'System.Diagnostics.SwitchElementsCollection..ctor()' failed. ---> System.Security.SecurityException: Request failed… [truncated for readability]

//

Temporary Workarounds

Similar to Issue 1, the SMSSQLCLR assembly Permission Set can be changed to Unrestricted. From SQL Management Studio:

SQL Server -> Databases -> (Site Database) -> Programmability -> Assemblies -> SMSSQLCLR


Issue 3: Configuration Manager 2007 <Unconfirmed>

Client location requests for content do not return any Distribution Points. The MP_Location.log on the Management Point will have entries similar to the following:

//

CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E14

CHandleLocationRequest::CreateReply failed with error (80040e14).

//

Temporary Workarounds

We are still working to reproduce this internally. In the meantime, the same procedure noted in Issue 2 above should work around the issue.


Patch Uninstall


Uninstalling KB2840628 has been reported to resolve all issues.

However, removal of a security patch should not be a blanket recommendation; instead anyone that wishes to uninstall until a permanent solution is found should assess the risk of exposure in their own environment. Details on the security vulnerability can be found here:

Wednesday, July 3, 2013

Unable to Add Secondary servers after installing Cu2 for SCCM sp1

Have you installed Cu2 for ConifgMgr 2012 Sp1?  If so you might see a error when installing a Secondary Site.  This problem has been document in the forrum

Microsoft has released a blog detailing the work around for the post CU2 for ConfigMgr 20 12 SP1 problem while adding a Secondary site.  Microsoft is investigating but as a workaround here is what you can do to get around the issue.

 One way is to use a network location of the secondary install files.  The second method was created by one of the MVP and details changing out XML files from the initial Sp1 installation media.
 

 
Once I have more information I will email everyone, I will also try to update my blog with the information as well.

More information on what Cu2 fixes is detailed here: http://support.microsoft.com/kb/2854009

 ---
update.


Microsoft has released a hotfix to fix the issue:
http://support.microsoft.com/kb/2867422

FIX: Errors when you try to install or recover a secondary site in System Center 2012 Configuration Manager

Friday, June 21, 2013

Description of Cumulative Update 2 for System Center 2012 Configuration Manager Service Pack 1

http://support.microsoft.com/kb/2854009

Microsoft has publicly announced the availably of CU2 for ConfigMgr 2012 Sp1.

I will let you read the information for yourself but it fixes several issues for us.

CU1: Alternate port download for Windows update
CU2: Imaging over Alternate ports and BGB issue when using Custom Websites.

Like Cu1 you will need to have an update to the client pushed as well as an update to the Task Sequence for the client.

One thing I will need to test with this release is the need to repush the Boot.wim.  This would be necessary for the companies running over alternate ports.  It is also a good practice to create new boot media for your machines.

I hope to have this fully tested soon but none of what I have suggested is destructive to your enviroment. 
 

Tuesday, June 18, 2013

Console Extension Commands

In previous posts I have detailed different ways to create console extensions.  We have seen in 2003, 2007 and now in 2012, how to pass the parameters.  Here I have listed the commands per the different panels.  While some can be used in others, I have decided to break it down to make it easier to understand where each came from.  In a future post I will tell you how use can use the GUID Extension finder (first made famous by Greg Ramsey) as a way to export the data for each GUID you see here.

AssetManagementNode
##SUB:Name##
##SUB:ResourceType##
##SUB:ResourceID##
##SUB:ThreatName##
##SUB:IsBuiltIn##
##SUB:CollectionID##
##SUB:FeatureType##
##SUB:CategoryName##
##SUB:Description##
##SUB:CommonName##
##SUB:Product##
##SUB:ProductName##
##SUB:LocalizedDescription##
##SUB:IsBroken##
##SUB:IsEnabled##
##SUB:SoftwareName##
##SUB:CollectionName##
##SUB:CI_ID##
##SUB:SettingsID##
##SUB:LocalizedDisplayName##

ConnectedConsole
##SUB:ADSiteName##
##SUB:ForestID##
##SUB:ADSubnetName##
##SUB:CategoryName##
##SUB:Description##
##SUB:CommonName##
##SUB:Name##
##SUB:PackageID##
##SUB:NALType##
##SUB:NALPath##
##SUB:NVD:ConnectedSiteCode##
##SUB:RoleName##
##SUB:FeatureType##
##SUB:AssignmentID##
##SUB:PolicyModelID##
##SUB:StatusType##
##SUB:DTCI##
##SUB:EnforcementState##
##SUB:AppStatusType##
##SUB:ErrorCode##
##SUB:DTResultID##
##SUB:RuleID##
##SUB:RequirementName##
##SUB:CollectionID##
##SUB:Category##
##SUB:Value##
##SUB:GroupID##
##SUB:BoundaryID##
##SUB:USR:ChClientsCondition##
##SUB:ResourceType##
##SUB:ResourceID##
##SUB:DeploymentID##
##SUB:MessageID##
##SUB:IsBuiltIn##
##SUB:SoftwareName##
##SUB:MessageCategory##
##SUB:SummaryType##
##SUB:AssetID##
##SUB:AssetType##
##SUB:ObjectID##
##SUB:ObjectType##
##SUB:CI_ID##
##SUB:ErrorType##
##SUB:Rule_ID##
##SUB:RuleSubState##
##SUB:SiteCode##
##SUB:Type##
##SUB:ComponentName##
##SUB:LocalizedDisplayName##
##SUB:LocalizedDescription##
##SUB:HasContent##
##SUB:IsExpired##
##SUB:ModelName##
##SUB:Technology##
##SUB:CollectionName##
##SUB:ProgramName##
##SUB:ServerName##
##SUB:Drive##
##SUB:Bucket##
##SUB:USR:ClassNameVar##
##SUB:USR:CollectionIDVar##
##SUB:USR:ConditionVar##
##SUB:ThreatName##
##SUB:ID##
##SUB:TypeInstanceID##
##SUB:MemberClassName##
##SUB:IsDirect##
##SUB:CI_UniqueID##
##SUB:IsBroken##
##SUB:IsEnabled##
##SUB:EulaExists##
##SUB:AssignmentName##
##SUB:AssignmentDescription##
##SUB:NV:MonitoringCollectionName##
##SUB:USR:MonitoringStickyQuery##
##SUB:NV:ConnectedSiteCode##
##SUB:USR:NodeName##
##SUB:USR:NodeDesc##
##SUB:NV:AlertSeverityName##
##SUB:USR:Severity##
##SUB:SMSID##
##SUB:Expression##
##SUB:__CLASS##
##SUB:_RoleDescription##
##SUB:USR:SiteCodesCondition##
##SUB:StatusEnforcementState##
##SUB:StatusErrorCode##
##SUB:DeviceID##
##SUB:ThreatID##
##SUB:NVD:ShowSearchTab/False##

ManagementClassDescriptions
##SUB:SiteCode##
##SUB:SiteName##

MonitoringNode
##SUB:Name##
##SUB:ID##
##SUB:Comments##
##SUB:Description##
##SUB:Role##
##SUB:NV:ConnectedSiteCode##
##SUB:ComponentName##
##SUB:NVD:ComponentStatusTallyInterval/0001128000100008##
##SUB:SoftwareName##
##SUB:CollectionName##
##SUB:FeatureType##
##SUB:PrimaryActionType##
##SUB:State##
##SUB:SiteType1##
##SUB:SiteType2##
##SUB:site1##
##SUB:site2##
##SUB:NALPath##
##SUB:WSUSServerName##
##SUB:ThreatName##
##SUB:CollectionID##
##SUB:ThreatID##

SiteConfigurationNode
##SUB:Name##
##SUB:Description##
##SUB:NVD:ConnectedSiteCode##
##SUB:ComponentName##
##SUB:Value##
##SUB:SiteType1##
##SUB:SiteType2##
##SUB:SiteName##
##SUB:NV:ConnectedSiteCode##
##SUB:AddressType##
##SUB:ForestFQDN##
##SUB:ForestID##
##SUB:ServiceCName##
##SUB:Type##
##SUB:NALType##
##SUB:RoleName##
##SUB:_RoleDescription##
##SUB:NALPath##
##SUB:SettingsID##
##SUB:LogonName##
##SUB:IsCovered##
##SUB:IsBuiltIn##
##SUB:CategoryName##
##SUB:UserName##
##SUB:_ItemDescription##
##SUB:IssuedTo##
##SUB:Drive##
##SUB:SourceSiteFQDN##
##SUB:SourceSiteCode##
##SUB:JobName##
##SUB:JobID##

SoftwareLibraryNode
##SUB:LocalizedDisplayName##
##SUB:LocalizedDescription##
##SUB:HasContent##
##SUB:IsExpired##
##SUB:CI_UniqueID##
##SUB:Technology##
##SUB:ModelName##
##SUB:Name##
##SUB:Description##
##SUB:ProgramName##
##SUB:PackageId##
##SUB:FeatureType##
##SUB:Application##
##SUB:Comments##
##SUB:IsReadOnly##
##SUB:InUse##
##SUB:EulaExists##
##SUB:AssignmentName##
##SUB:AssignmentDescription##
##SUB:CI_ID##
##SUB:Version##

Saturday, June 15, 2013

VHD creation for ConfigMgr 2012 R2

Recently Microsoft has been unveiling the enhancements that will be seen in System Center 2012 Configuration Manger.

http://www.microsoft.com/en-us/server-cloud/system-center/system-center-2012-r2-configuration-manager.aspx

The goal of the VHD creation for R2 is to help you with VMM, having a unified approach to image creation.  Now you can update your VHD by simply changing a task sequence.  That's nice but what about the undocumented benifit.

Windows 8 has a hyper-V functionality.  So what?  Well generally you create your Corporate Image and then start pushing to hardware, some might even push it to a hyper-V server to load and allow people to look at.  Well now you can cut testing time by creating a VHD, shoot it over to the VM farm for testing or maybe even just allow Win8 users to pull down the VHD, install it on their machine and run all the testing on their own virtual environment.  While this is happening the Imaging team can also then work on the Hardware drivers and other items necessary for deployment.  Then the real Hardware testing can be done while other are still testing the data portion in a VHD.  Then you have a real world deployment and testing. 

This could, in affect, quicken the testing and deployment of an image utilizing the Win8 and R2 system.  Test Win 8.1 in this manor before sending it out.  This way you don't even need to install it to your machine, you have the corporate image VHD created and apply 8.1 and test your applications.

Thank you Microsoft for allowing the IT professionals an easier way to test and deploy IT standards!!!!

Later we will show this in a Task Sequence.

Friday, May 17, 2013

Locating a broken Software Update package


Scenario:

Onsite complains that the machine hangs when installing patches during imaging (or all machines for a given patch).  It could also be that the user has the dialog box for Software Update but it continually says "failed"
 

Solution:

1. Location the machine name
2. Open Status Messages for the given machine.  Locate the patch that failed, assuming the status message was sent back. 
    In 2007: System Status -> Status Message Queires - > all Status Message from a specific Machine
    in 2012: Monitoring Pane -> All Status Messages from a Specific System
3. Type in the machine name, time range and select OK.  A faster way is a right click tool I created a while back (http://www.sccm-tools.com/tools/rightclick/Rightclick-statusmessages.html) I don't have this in 2012 yet.  I need to also update my tools site to support 2012, look for the changes.
 

 
 
Locate this line:

Bundle update "93fa39c7-1f23-4549-b3ba-71021177bcc4" failed to get content for update "2cefe0ef-f4e1-4c3d-97f9-10a608c46c52". Please check the enforcement status of update "2cefe0ef-f4e1-4c3d-97f9-10a608c46c52" to get further details. The operating system reported error 2147500036: Operation aborted
 
If we pull the updateid "2cefe0ef-f4e1-4c3d-97f9-10a608c46c52" you can hunt for the specific update.  In this case you need to open your Content Location folder and search your Microsoft Updates for the folder..
 
 
Here we can see this is from the Q2 updates for the 2013 patches from the year of 2013. 
 
From here there are several things you can do:
1. remove the update frrom the DP and then repush
2. Refresh the package on the DP.
3. Delete the update and redownload (Provision) it from Microsoft and repush.
 
The end result should be the same.  Hopefully you can back track the bad update and fix it.
 
Note:  This assume you have already determined there are problems with the source and not the machine.  This can be determined by uninstalling the update from a machine and attempting to reinstall it or seeing all machines pulling from the given DP with errors.
 

Thursday, May 2, 2013

Reporting Services ConfigMgr 2012 Secure Socket errors

I was setting up a single primary site for testing and kept hitting a wall with Reporting Services.

Web page would have this error:
The underlying connection was closed: An unexpected error occurred on a send.

Looking at the logs I would see this when trying to launch the Report URL:

D:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\LogFiles

ui!ReportManager_0-2!d10!05/02/2013-13:00:41:: e ERROR: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

library!ReportServer_0-1!25c!05/02/2013-13:04:42:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.SecureConnectionRequiredException: , Microsoft.ReportingServices.Diagnostics.Utilities.SecureConnectionRequiredException: The
operation you are attempting requires a secure connection (HTTPS).;

Exempt I wasn't running in SSL mode.

The web page would simply show "Connection not established" or several other errors as I poked around.


So after poking around, checking configuration settings of Reporting Services didn't reveal anything.
I looking up the error and found this post for 2008, since I had nothing to lose I tried it out.

http://support.microsoft.com/kb/2011889
Update the RSReportServer.config file using the following steps:
  1. In Windows Explorer, locate the ReportServer directory. The following path is the default path of this directory: C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer
  2. Right-click RSReportServer.config, click Open With, click Notepad and then click OK.
  3. Locate the following Add Key entry: <Add Key="SecureConnectionLevel" Value="2"/>
  4. Change the Value setting from 2 to 0.
I did stop and restart the SQL Reporting Services Service and checked my URL.  It worked.

Thursday, April 25, 2013

Utilizing Fall back for Software Updates in 2012 Sp1

"Starting in Configuration Manager SP1, you can configure a client on the intranet to download software updates from Microsoft Update if a distribution point is not available. " http://technet.microsoft.com/en-us/library/gg712304.aspx

Now that we have a way to make clients download updates from the Internet when an update is not found on a distribution point.   This is a unique feature but it does require updates be download and on at least 1 DP.

Now how can we utilize this new feature to cheat the clients.  This is how:

Scenario: Company of 15,000 machines has 300 machines left on Vista and 400 on Windows XP.  Network bandwith to the DP is limited and there are no more than 10 machines at each site.  This company is special because they have a proxy link to the Internet so all non-business traffic is sent directly to the internet.  But they must still patch all these computers.

Solution: Pick a single DP to hold the Vista and XP patches.  Create your Software Update Groups as usual but only deploy them to a single DP.  Why?  The XP/Vista clients will look at the local and remote DPs for software updates.  You must check both Boxes to "Download and install".  They will not find the updates so it will fail over to the Internet. Because the number of machines is small the company will not feel the internet traffic download and the admins don't need to distribute Vista or XP patches all over the world. 

This was not meant for the way I am pushing it but it does work. 

What it solves:
1. No network traffic to random DPS for Vista and XP patches
2. DP queue is open for other distributions.
3. Clients patch and compliance number will continue to rise
4. OS patches only need to be on 1 DP


Note: CU1 is required is you are running over alternate ports.  This corrects and issue of the client trying to use the alternate ports to contact Microsoft Updates

Wednesday, April 24, 2013

Clear out the Unprovisioned Collection in 2007

Do you have issues with unprovisioned machines that stick around.  Here is some code to help you get rid of the unprovisioned machines.  This can be run at differnet intervals during the day or week depending on when you see it.  This is old that is in Vbscript.  Hopefully I can get going in powershell and get with the program.  :)


============================
Dim Args 
Dim swbemLocator, SWbemServices, objCollection, oProviderLocation, oLocation  
Dim strComputerName, arrComputers, objComputer, sCollectionIDs
Dim objDirectRule
Dim strmessage, objshell

'CollectionIDs from which to remove the computer
sCollectionIDs = "ABC0019D"
'------------------------------------------------------------

'------------------------------------------------------------
'Main script
set objShell = CreateObject("WScript.Shell")
    Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
    swbemLocator.Security_.AuthenticationLevel = 6 'Packet Privacy.
    Set swbemServices = swbemLocator.ConnectServer(".", "root\SMS")
    Set oProviderLocation = swbemServices.InstancesOf("SMS_ProviderLocation")
    For Each oLocation In oProviderLocation
        If oLocation.ProviderForLocalSite = True Then
            Set swbemServices = swbemLocator.ConnectServer(oLocation.Machine, "root\sms\site_" + oLocation.SiteCode)
        End If       
    Next
Set arrComputers = SWbemServices.ExecQuery("select * from SMS_R_System WHERE Unknown=1")
For Each objComputer In arrComputers
   'DElete special..this will delete the machine from the system
   objComputer.Delete_
Next
Set SWbemServices = Nothing
Set SWbemLocator = Nothing

Wscript.Quit

Clear out OSD collections in 2007

Do you have OSD collections in 2007 that you drop machines into for imaging.  What happens when  a machine fails to image completely or send the completion code and remove from the collection.  Well they say in an users see that "Operating System Deployment is ready..."  so here is some code to help you remove computers from a collection, create a task on the primary site to run at a given time:


    set objShell = CreateObject("WScript.Shell")
    Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
    swbemLocator.Security_.AuthenticationLevel = 6 'Packet Privacy.
    Set swbemServices = swbemLocator.ConnectServer("US1153SCCMC03", "root\sms\site_C03")
    sCollectionIDs = "ABC00052:ABC00054:ABC00053:ABC00055"
    mCollectionID = Split (sCollectionIDs, ":")

for i = Lbound(mCollectionID) to UBound(mCollectionID)
    query= "SELECT ResourceID FROM SMS_CM_Res_Coll_" & mCollectionID(i)   
    Set arrComputers = SWbemServices.ExecQuery(query)
    For Each objComputer In arrComputers
       RemoveCollectionMembership objComputer.ResourceID,mCollectionID(i)
    Next
Next
Set objCollection = Nothing
Set SWbemServices = Nothing
Set SWbemLocator = Nothing
'-*-------------------------------------------------------------------
Sub RemoveCollectionMembership(intresourceid,CollectionID)
 on error resume next
 set objCollection = SWbemServices.Get("SMS_Collection='" & CollectionID & "'")
 set ObjDirectRule = SWbemServices.Get("SMS_CollectionRuleDirect").SpawnInstance_
 ObjDirectRule.ResourceID = intresourceid
 ObjCollection.DeleteMembershipRule objDirectRule
End Sub

Tuesday, April 16, 2013

Microsoft System Center Virtual Machine Manager 2012 Cookbook

Get moving on a new cookbook from PACKT Publishing!

VMM quickly becoming a prime job profile.  Read this cookbook to get you on right track. 

http://www.packtpub.com/microsoft-system-center-virtual-machine-manager-2012-cookbook/book?utm_source=mention.com&utm_medium=link&utm_content=forum&utm_campaign=mdb_010198

I hope to have my copy soon and give it a good once over....

Saturday, April 6, 2013

2012 Console Extensions for 2012 SP1 Cu1

So I have been a bit busy lately with my 2012 Migration.  You have seen last year that I produced all the xml folders and files for the 2012 RTM extensions.  Well here is the updated version all the way up to CU1.  I haven't looked to see any of the Guids changed in CU1 but I wanted to make the note incase something did change.  If you try this on your Sp1 system and you are missing some guids, please drop me a line and I will see if I can spin up a 2012 SP1 site and export the guids. 

Realize that not all Guids are accessible, even if I have them listed.  What I am simply doing is pulling out all GUIDS the Microsoft references.  Nodes that are created on the fly when you click Show members don't have a guid and can't be accessed because they are dynamic nodes and are destroyed when you navigate away.

Please see this post to add images: http://sms-hints-tricks.blogspot.com/2012/04/console-extensions-2012-xml-insites.html

Also reference in the SDK are console extensions and how to add images and further manipulate the console.  http://msdn.microsoft.com/en-us/library/hh949463.aspx

Console files should be added here :
%ProgramFiles%\Microsoft Configuration Manager\AdminConsole\XmlStorage\Extensions\Actions\<GUID> folder, where <GUID> is the GUID identifier for the node that the action applies to.

Be aware that the console doesn't abide by file extensions so you can call the file .XXX and the console will still attempt to load it.  If you don't want it loaded then you should create a sub folder and then The console will ignore it. 

Please DO NOT install this on a production box.  The 620 console extensions here can cause the console to be slow or have problems.  I have broken down the folders into the different workspaces referenced.  Not all GUIDS will work, I simply export what Microsoft has.  If you find a problem with the same GUIDS you will need find the offending folder and delete it. 

The zip file can be downloaded here : 2012SP1CU1 Actions

Play responsibly :)

Tuesday, January 15, 2013

ConfigMgr 2012 VHD

Much like you had in the days of 2007, Microsoft has released a VHD of the SP1 of 2012.
http://www.microsoft.com/en-us/download/details.aspx?id=36428

This means that you don't need to be a SQL or AD expert to create your own lab to do basic tests.  You can use this VHD for testing or even show other people how SP1 works on a very small scale.

Friday, January 4, 2013

Linux/Mac Clients now available for ConfigMgr 2012

Microsoft System Center 2012 Service Pack 1 Configuration Manager - Clients for Additional Operating Systems
http://www.microsoft.com/en-us/download/details.aspx?id=36212

What is supported:

Mac
RedHat Linux
SUSE Linux Enterprise Server
Solaris

Feature Bullet Summary:
Mac Client:

The following Mac versions are supported in this release:
  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)

The following scenarios are supported through the Mac client in Microsoft System Center 2012 Configuration Manager SP1:
  • Discovery – Discovers Mac OS X system in Active Directory and through network discovery
  • Hardware Inventory – Provides hardware inventory and auditing of computers running Mac OS X, including a list of installed software similar to add/remove programs for Windows systems.
  • Settings Management – Ensures computers running Mac OS X comply with company policies using scripts and preference list management.
  • Application Deployment – Distributes required software via app model.
  • Software Updates Management – Distributes patches utilizing Software Distribution and Settings management features.

UNIX/Linux Client:
The following UNIX and Linux versions are supported in this release.
  • RHEL Version 6 (x86 & x64)
  • RHEL Version 5 (x86 & x64)
  • RHEL Version 4 (x86 & x64)
  • Solaris Version 10 (x86 & SPARC)
  • Solaris Version 9 (SPARC)
  • SLES Version 11 (x86 & x64)
  • SLES Version 10 SP1 (x86 & x64)
  • SLES Version 9 (x86)
For more information see the link provided at the top of this blog for the full offical post from Microsoft.

System Center 2012 Service Pack 1 – Configuration Manager Component Add-ons and Extensions

http://www.microsoft.com/en-us/download/details.aspx?id=36213

Micrososft has released a new toolkit for SC 2012 CM  SP1

The following tools are available:

  • Client Spy - A tool that helps you troubleshoot issues related to software distribution, inventory, and software metering on System Center 2012 SP1 Configuration Manager clients.
  • Policy Spy - A policy viewer that helps you review and troubleshoot the policy system on System Center 2012 SP1 Configuration Manager clients.
  • Security Configuration Wizard Template for Microsoft System Center 2012 SP1 Configuration Manager - The Security Configuration Wizard (SCW) is an attack-surface reduction tool for the Microsoft Windows Server 2008 R2 operating system. Security Configuration Wizard determines the minimum functionality required for a server's role or roles, and disables functionality that is not required.
  • Send Schedule Tool - A tool used to trigger a schedule on a client or trigger the evaluation of a specified DCM Baseline. You can trigger a schedule either locally or remotely.
  • Power Viewer Tool – A tool to view the status of power management feature on System Center 2012 SP1 Configuration Manager clients.
  • Deployment Monitoring Tool - The Deployment Monitoring Tool is a graphical user interface designed help troubleshoot Applications, Updates, and Baseline deployments on System Center 2012 SP1 Configuration Manager clients. This tool requires System Center 2012 SP1 Configuration Manager or later.
  • Run Metering Summarization Tool - The purpose of this tool is to run the metering summarization task to analyze raw metering data.
  • Role-based Administration Modeling and Auditing Tool – This tool helps administrators to model and audit RBA configurations.
  • Wakeup Spy – This tool shows network traffic and basic information about ConfigMgr wake up client state. This tool requires System Center 2012 SP1 Configuration Manager or later.
  • Content Library Transfer – This tool moves the content library from one drive to another drive.
  • Content Ownership Transfer – This tool re-assigns orphaned packages to an active ConfigMgr site.