Creating VHD from Configuration Manager

Another fancy feature from within Configuraiton Manager is the ability to create VHDs direcly from the console by using a task sequence. Think of the possibilities of creating golden images by bulding a VHD file and then importing this direcly into SCVMM.

In order to do this process there are a couple of requirements.
* You need a physical computer which runs Hyper-V (Window 8 or 2012 +) (NOTE: Had some trouble running the R2 Configmgr on Hyper-v 2012 R2 so I used 2012 for this guide.
* you need the Configuration Manager console installed on the physical computer
* Should not be the site server

Now first thing we do after installing the R2 console is to go into Software Library –> Operating Systems –> Task Sequences.
Then right-click and choose “Create a new task sequence” –> “Install an existing image package to a virtual hard disk”

Next we follow the procedures here and enter the information.
Now after we are done with creating the task sequence we can continue on with creating the VHD. We go into Software Library –> Operating Systems –> Virtual Hard disks, right-click and choose “Create Virtual harddisk”

Now we have to define which task sequence should be assosiated with the VHD file

Now after this is done and you have choosen the correct Distribution point that image building will process

Now first of it builds an ISO file with the task sequence and creates a VM in hyper-v.

You can see a random VM name appears.
Note: you can view the smsts.log for any errors that might occure during the running of the task sequence inside the VM (Before formatting this is placed on the X: drive)
To troubleshoot the hyper-v server you can view CreateTSMedia.log and DeployToVHD.log which are located under %ProgramFiles(x86)%\Microsoft Configuration Manager\AdminConsole

Remeber that this process creates a local VM instance on that hyper-v server that is spins up and runs the particular task sequence (when it is done it shuts down the VM and removes it from Hyper-V) and you get left with the VHD.

#configmgr, #configmgr-2012, #sysctr, #system-center

Pull-based distribution point and rate limiting

One of the awesome features in Configuration Manager SP1 is the ability to define a distribution point as pull based. In essence what it does is that instead of pushing content from a site server to all the distribution points within a site, you define a pull DP and a source DP.

Regular content distribution.

Then when you distribute content from a site server to a group of source DPs and the pull-based will get the content from the source DPs, this way you will reduce the load of the site server itself, and you might as well this way more effeciently distribute data. Think of it what if the site server has a low bandwidth connection to DP2 in the branch office but DP1 has a high-bandwidth connection to DP2 ?
This way it allows for more effecient data distribution.

Pull-based distribution

You can define a DP as pull-based under the properties of the DP (here we can define which source DPs the DP should use. As you can see you can define multiple source DPs.

and please note:
You can’t use a site server DP as pull-based
You can’t use a cloud-based DP as pull-based or as a source
A distribution point set with rate limiting which is then configured as pull-based distribution point will ignore any rate limiting configuration set.

Another nice feature on the DP which im going to cover in another post is cloud-based distribution point and of course rate limiting.

This allows you to define a schedule and bandwidth in % when sending content from a site server to a DP. (Remeber that these settings are only visible for DPs that are not on the site server. When you define rate limiting you have three options.

1: Unlimited
Uses all the available bandwidth (no restrictions)

2: Pulse Mode
Allows you do define that the content is to be split up in chucks in terms of KBs and how often they should be transmitted (with a delay between blocks)

3: Limited to specified maximum transfer rates by hour
Important to note that this options does not register how much bandwidth is available to Configuration Manager. For instance if you set this to 50% for 0 to 1 hours ConfigMgr will send data the first 30 mins then stop sending data the next 30 mins.

#configmgr, #configmgr-2012, #configuration-manager, #sysctr

Configuration Manager Documentaion update August 2013

The Configuration Manager team at Microsoft released a huge number of updates today regarding the System Center 2012 R2 release –>
http://blogs.technet.com/b/configmgrteam/archive/2013/08/29/announcement-configuration-manager-documentation-library-update-for-august-2013.aspx

And something I was waiting for, finally showed up! how to create a VHD from a task sequence –> http://technet.microsoft.com/en-us/library/dn448591.aspx

#configmgr-2012, #configuration-manager

Load balancing Application Catalog for Configuration Manager

A customer asked me recently can I configure load balancing for my Application Catalog service on Configuration Manager, since It runs on Silverlight im unsure how it will work…

Sure you can!
The Application Catalog in Configuration Manager consist of two components, the Application Catalog Web Service Point and the website point.

Now when you install these you have the option to configure what ports they should run on. In my case I choose port 80 (Since I want my load balancer to handle the SSL traffic)

First I make sure that the catalog is working
Open a web browser to http://applicationcatalogserver/CMApplicationCatalog 
From here I have to enter my username and password (Since im using Chrome)

The Application catalog server is the one that has the Silverlight XAP module that runs on the web server, the Silverlight module again contacts the Web Service point in order to generate the software that the user has access to.

The silverlight module is located in “ClientBin”
Content folder contains images and css files and JS and can be targeted for caching (If you have that option on your load-balancer)

Now in my case I have a Netscaler VPX that Im going to use.
So a quick runtrough there.

1: Add Servers (Which have the applicationcatalog role intalled)

2: Add the service you want to setup (And add a monitor, HTTP in this case)

3: Create a Virtual Server and choose SSL and add a certificate (Note if you choose SSL and don’t add a certificate the service will go down)

4: Add persistency (For my case I choose client-ip) and choose LB method

After this is done check the virtual server and open the same url with https:

And it worked.
One last thing is to change the default URL in the Client Agent settings.
Here you have to specify a URL and enter the whole path for the Application Catalog.

After that is done you have to update the policy on a client and check for yourself.
You can open Software Center to see that the policy is active.
NOTE: It is important that the Value for the HTTP is
https://servername:port/CMApplicationCatalog/ or else the url won’t redirect.

Or you can do a redirect at the load balancer

#configmgr-2012, #netscaler

One system to manage them all

Microsoft has seen that all environments aren’t all black and white. Some have Linux/Unix based systems, some have Mac’s and some are just sitting on a terminal such as Wyse or Igel.
And then there are some that just use a tablet (iPad or Android based) Some are lucky enough to have a Windows 8 RT based tablet such as Microsoft Surface or Samsung ATIV.
What problems arise with all these devices and consumerization of IT ?

Management

With all the different components in the mix, IT is having a hard time managing all this different devices. They usually have different systems to manage different devices.
Since they usually have one system that is good on Unix but doesn’t have features that work on Android or IPhones. With the surge of next generation workers people wish to bring their own device within the business.
(This Dilbert comic shows the frustration that IT-people have in many occasions)

Now Microsoft has been good at managing what they do best, Windows. They have done so since the first release of ConfigMgr in 1994 (Good old SMS) The biggest chance in ConfigMgr 2012 is that the system is now more User-Centric.
Meaning that the system is “aware” of users within the environment, previously it was aimed at just the device.
And with the upcoming release of Service Pack 1 there are multiple news that make the IT-admin work easier.

* Support for Linux/Unix based Systems
* Support for Mac OSX
* Support for Windows Embedded
* Support for Android and IPhones (5 & 6) (Using Windows Intune Connector)
* Support for Windows 8 Phones and Windows RT (Using Windows Intune Connector)

Now if you are missing some devices here, ConfigMgr also has support for devices that support Exchange ActiveSync, so therefore ConfigMgr can be the center of your IT-management infrastructure. It still remains to see what functionality comes with Intune connector to mobile devices. (And if it can compare with other MDM systems on the market.) the main problem with MDM is that people are concerned about their private data on their devices since IT in some forms can manage their devices.
You can read more about it here –> http://www.informationweek.in/mobile/12-12-05/3_factors_to_consider_for_framing_byod_policy.aspx?utm_medium=twitter&utm_source=twitterfeed
 

You can look at this video interview with Wally Mead which is head of development of ConfigMgr if you wish to know more about Intune and SP1
http://blogs.technet.com/b/keithmayer/archive/2012/12/03/managing-mobile-devices-with-system-center-2012-configuration-manager-sp1-and-windows-intune.aspx#.UL0f3oNQUqx

Since a lot are competition on this front, ConfigMgr might gain the edge because of it’s wast support for devices, low cost and integration with other system center products.

Integration possibilities:
* System Center
* XenApp XenDesktop
* App-V
* Secunia
* RES
* AppSense
* + Much moresyst

With all these possibilities ConfigMgr can become a central point for managing all of your devices. 

#configmgr-2012, #system-center-2012

Automating Configuration Manager 2012 SP1 with PowerShell

First part of this series, I showed how you could run and install all the necessary prerequisites silent and automated, this time I will write a bit more instead of just adding the commands.
In Service Pack 1, Configuration Manager will finally include cmdlets for PowerShell this allows for a scripted and automated setup process. Therefore I took the liberty of creating this post which will show you how-to.

Now with this you can actually create a script for a new customer (If you already have knowledge of the customers infrastructure) with contains all the necessary you need to setup a fully site. Then where you are at the customer, run the script and take the rest of the day of.

Now what do we need in order to setup a fully Configuration Manager site?

We need a boundary group (Which contains a boundary, refer my earlier post –> ) Which again contains a distribution group and is assigned a site.
And we need to activate discovery objects to fetch information such as Users, Group, Computer objects.
We also need to setup AD publish (In case we did a manual ConfigMgr site agent install we wouldn’t have to setup this but for the administration ease we are going to do so)
Next we are going to Create Computer Collection which is going to include our test servers. We are also going to Create User Collection b
After that we are going to Create an application which we are going to deploy to our computer collection

All using PowerShell.
Now in order to start PowerShell against Configuration Manager, just click the file button inside the Console and press the Connect using PowerShell.

You can use the get-command –module ConfigurationManager to show all the commands available for Configuration Manager
You can also use the get-help cmdlets if you are unsure of the parameters that you need to use.
Also you can use the get-help cmdlets –examples if you want to show some examples.

NOTE: Will trying to get this fully automated, I find its hard with the current release of the PowerShell cmdlets but still I’ve gotten far.  So this post will be updated periodically.

Create a new Boundary: New-Cmboundary -type ADsite -value «Default-First-Site-Name»

Create a new BoundaryGroup: New-CmboundaryGroup -name Test -DefaultSiteCode TST

Add boundary to group: Add-CMBoundaryToGroup -Boudaryid 16777218 -GroupName «Test»

I got this BoundaryID using Get-CMboundary since the command didn’t parse the value ID properly.

You can use the Get-Cmboundary and Get-CmBoundaryGroup to view the values. And you need to add the site code to the command so it assigns
that as the default site for the boundary group.

Get info from Active Directory Forest: New-CMactiveDirectoryForest -ForestFqdn demo.local -EnableDiscovery $true

Install Configuraiton Manager Agent: Install-CMClient -DeviceName ConfigMgr -includeDomainController $false -AlwaysInstallclient $false -SiteCode TST

Create a new device collection: New-CMdevicecollection -name «My Servers» -LimitingCollectionName «All Systems» -RefreshType Manual

Still more to come

#configmgr-2012, #configuration-manager-2012, #powershell, #system-center-2012

Configuration Manager 2012 silent install

To run the Setup Downloader from command promt

setupdl \\MyServer\MyShare\ConfigMgrUpdates

• /VERIFY: Use this option to verify the files in the download folder, which include language files. Review the ConfigMgrSetup.log file in the root of the C drive for a list of files that are outdated. No files are downloaded when you use this option.
• /VERIFYLANG: Use this option to verify the language files in the download folder. Review the ConfigMgrSetup.log file in the root of the C drive for a list of language files that are outdated.
• /LANG: Use this option to download only the language files to the download folder.
• /NOUI: Use this option to start Setup Downloader without displaying the user interface. When you use this option, you must specify the download path as part of the command-line.

Setup Downloader starts, verifies the files in the \\MyServer\MyShare\ConfigMgrUpdates folder, and downloads only the files that are missing or newer than the existing files.

To run the prerequisites downloader from command prompt 

1. Open a command prompt and browse to <ConfigMgrInstallationMedia>\SMSSETUP\BIN\X64 or <ConfigMgrInstallationPath>\SMSSETUP\BIN\X64.

2. Type prereqchk.exe /LOCAL to open Prerequisite Checker and run all prerequisite checks on the server.

 

To install the ConfigMgr 2012 console unattended from command prompt.

consolesetup.exe /q TargetDir=»D:\Program Files\ConfigMgr» EnableSQM=0 DefaultSiteServerName=MyServer.Contoso.com

To install a ConfigMgr 2012 Primary Site

First of you need to create a setup.ini file where you need to define a lot of variables. For a Primary site these are the ones you need.
After you have created this file you need to start the setup with the following command. setup.exe /script scriptpathandname

Content of the setup.ini file

[Identification]
Action=InstallPrimarySite

[Options]

ProductID=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
SiteCode=<Site Code>
SiteName=<Site Name>
SMSInstallDir=<ConfigMgr install folder path>
SDKServer=<FQDN for SDKServer>
RoleCommunicationProtocol=HTTPorHTTPS
ClientsUsePKICertificate=0
PrerequisiteComp=0
PrerequisitePath=<Prereqs folder path>
MobileDeviceLanguage=0
ManagementPoint=<FQDN MP server>
ManagementPointProtocol=HTTP
DistributionPoint=<FQDN DP server>
DistributionPointProtocol=HTTP
DistributionPointInstallIIS=0
AdminConsole=1 (0 is you don’t want to install the console)

[SQLConfigOptions]
SQLServerName=<FQDN SQL server machine>
DatabaseName=<SQLServerName\InstanceName> (leave blank for the default instance)
SQLSSBPort=4022

 

Now last but not least, unattended install of SQL server 2012.

setup.exe /ACTION=install /QS /INSTANCENAME=»SCCM» /IACCEPTSQLSERVERLICENSETERMS=1
/FEATURES=SQLENGINE,SSMS /SQLSYSADMINACCOUNTS=»test\administrator» /SQLCOLLATION=»SQL_Latin1_General_CP1_CS_AS»
/SQLSVCACCOUNT=»<DomainName\UserName>» /SQLSVCPASSWORD=»xxxxxxxxxxx»

So next time I will start with PowerShell automation with ConfigMgr

NOTE:
Updated with ADK install since you need this for SP1

Install Windows ADK silent

 Feature     Identifier
Application Compatibility Toolkit (ACT)     OptionId.ApplicationCompatibilityToolkit
Deployment Tools                                               OptionId.DeploymentTools
Windows (Windows PE)                                    optionId.WindowsPreinstallationEnvironment
User State Migration Tool                                 OptionId.UserStateMigrationTool

adksetup /quiet /installpath <path> /features <featureID1><featureID2>

adksetup /quick/ installpath C:\programfiles\adk /features OptionId.ApplicationCompatibilityToolkit OptionId.DeploymentTools optionId.WindowsPreinstallationEnvironment OptionId.UserStateMigrationTool

#configmgr-2012, #sccm, #system-center

Boundaries and Boundary Groups

I see a lot of searches towards the blog regarding boundaries and boundary groups so therefore I thought that I should post a bit more about how these settings work and how they affect your site.

A boundary is a network location in your infrastructure that contains one or more devices that you want to manage. A boundary can either be an IP subnet, Active Directory site, IPv6 or an IP address range and the hierarchy in ConfigMgr 2012 can include any combinations of these boundary types, and remember that to use a boundary you need to put  it into a boundary group. By using boundary groups, clients on the intranet can find an assigned site and locate content when they have to install software, such as applications, software updates, and operating system images.

When clients are connecting from the internet, they do not use boundary group information They either download from any distribution point of their site (when the distribution point is configured to allow clients connections from internet)

And when you have created a boundary group,  you must configure the boundary group to specify an assigned site for clients to use during automatic site assignment.

And you can associate one or more distribution point with each boundary group. You can also add a single distribution point to multiple boundary groups. The default behavior is to choose the closest server from which to transfer the content from. And remember that ConfigMgr 2012 supports that a client is a member of multiple boundary groups for content location, but not for automatic site assignment.

#configmgr, #configmgr-2012, #mercatom, #sccm

SCCM 2012 and High Availability

Short post!
What is important when planning your SCCM deployment ? Plan for High Availability! (among other things)
SCCM can span from a simple to a very complex solution And it can also be in a complex hierarchy as well. So it is important to know “where do I need to deploy multiple servers in order to have HA” in SCCM?

* ConfigMgr clients can use any of the available servers. If you have multiple Management Points the clients will try to contact one of them, if the one they try to contact is offline they will try the other one. If both servers are offline, the client will cache the data until a MP server is back up. Same goes for distribution points (If the content the client is looking for is located on that DP.
If a client fails to submit data, the site can generate an alert in the console.

* ConfigMgr Database use an SQL cluster for the primary site or at the CAS (IF you have one) Secondary sites does not support SQL clusters, to recover that you would need to reinstall the secondary site. You also do need to remember that you can setup a maintance task to take a backup of the ConfigMgr Site.

* ConfigMgr Sites you can use CAS(Central Administration site) with Primary child sites  (This can provide you with fault tolerance if you have an deployment that requires a CAS) But DO not deploy a CAS server if you aren’t sure that you need it.

* ConfMgr Roles you can install multiple instances of roles such as (management points and distribution points) to provide redundancy for the clients.  Remember that if you deploy multiple distribution points that if you want a client to failover to the other distribution points that the are within the boundary group.

* Active Directory if you are using AD publishing(and most are), remember that the client will query AD to find its MP and site, so remember that you will need multiple domain controllers (not only to load balance the queries but to provide HA) This goes for DNS as well, unless you are running another DNS server like bind.

* PKI ConfigMgr is very much reliant on certificates for securing traffic, remember that you should have 2 subordinate CA’s that can issue certificates.

Just some last notes, if you are using ConfigMgr you should have OpsMgr as well, use it to monitor your ConfigMgr, AD and ADCS solution!
There is a management pack available to monitor ConfigMgr within OpsMgr you can find it here –>
http://systemcenter.pinpoint.microsoft.com/en-US/applications/monitoring-pack-for-system-center-2012-configuration-manager-12884938509

NOTE: There are some roles that aren’t meant for HA, this includes:
Endpoint Protection Point
Site Server
Asset Intelligence synchronization point
Enrollment point & Enrollment point proxy
Fallback status point
Out of band service point

#configmgr-2012, #sccm

ConfigMgr 2012 Service Pack 1 Beta

Microsoft just released the beta of service pack 1 for System Center 2012.
And for ConfigMgr that includes:

• Deployment and management of Windows 8 and Windows Server 2012
• Distribution point for Windows Azure to help reduce infrastructure costs
• Automation of administrative tasks through PowerShell support
• Management of Mac OS X clients and Linux and UNIX servers
• Real-time administrative actions for Endpoint Protection related tasks

Now you can download each update from Microsoft web site –>
http://www.microsoft.com/en-us/download/details.aspx?id=34607

Now remember before you install this that you need the Windows 8 ADK installed before you can upgrade.
You can read more about the ADK in my previous post –> https://msandbu.wordpress.com/2012/06/15/sccm-2012-ctp1-sp1/

Now like other ConfigMgr installs you need download the prerequisites before you continue with the installation.
And start the setup from the download and choose upgrade –>

Now after the installation is complete you can open the console.
What else is new here?

We can now integrate with Intune and we can host an Distribution Point in the Cloud via Azure

We also have something new for Windows RT
Windows RT Sideloading Keys which allows you to install windows 8 appx (outside of the store) which can be run on Windows RT.I belive this is much like the command.
Add-AppxPackage C:\ContosoApp\ExpenseApp.appx

For deployment types we have a whole bunch of new types.
So I’m waiting to see how we can deploy these apps to mobile phones.

We can also now make subscriptions for all the alerts!

We also have new client policy settings.
For Cloud and Metered Internet Connections.

This is useful if we wish for specific clients to connect to a DP in the cloud to fetch data,
and if we wish that clients try to connect over metered connections.

Windows Intune connection:

NOTE: I tried to establish an connection but for some reason It timeout.
But I believe that there was something wrong with the URL I tries to connect to
And I’m serious!

NOTE: I didn’t see any Linux/Unix agent on the media(the .install script), there was however an Mac OSX client.

For running PowerShell cmdlets on your ConfigMgr server you need to have Windows Management Framework 3 installed,
After installing the administrator console, you can connect to PowerShell by dropping down the arrow in the blue tab in the upper left corner.  Click «Connect via Windows PowerShell».

Now note that Each of your sites will be a drive.  So, if you have site CAS and PRI, you can issue the CD command to change context between them:  CD CAS: or CD PRI.
And we now have a bunch of PowerShell cmdlets.

For instance I can create a new device collection straight from PowerShell by running the command new-CMdevicecollection.

And we can also configure Folder Redirection policies under Compliance Settings.

Now by doing this, it will make it easier and more flexible to create different settings for each user.

This gives a glimpse of what we can expect from ConfigMgr later on, with the possibility to deploy applications to all types of devices (Mac OSX, Ipad/Ipod, Android, Linux/Unix, Windows 8, Windows RT) And you can connect it to XenApp, App-V for advanced deployment types. And you can also integrate it with the cloud for extended management.

#configmgr, #configmgr-2012, #sp1-beta-configmgr-2012