Task sequences best practices Configuration Manager 2012

Microsoft has recently released a document series which contain best practices for task sequences with Configuration Manager 2012 R2. This series goes trough a step-by-step in all the different steps in a task sequence.

For all IT-pros working with task sequences I suggest taking a look at the document series here –> http://www.microsoft.com/en-us/download/details.aspx?id=43412

In other related news, my fellow MVP Kent Agerlund has released a new book (updated) for Configuration Manager 2012 R2 master the fundamentals, which you also should take a look at if you want to learn more –> http://www.amazon.co.uk/System-Center-2012-Configuration-Manager/dp/9187445085/ref=sr_1_1?ie=UTF8&qid=1404503771&sr=8-1&keywords=kent+agerlund

XenApp & XenDesktop 7.5 released!

Today as promised, Citrix released XenApp & XenDesktop 7.5!
Which can be downloaded from mycitrix here – – –> http://bit.ly/1gXdots

This new release contains alot of new interesting features such as integration with SCCM for WoL and integration with Amazon for cloud provisioning (Azure will come later)

It also contains a new release of Storefront 2.5 which allows for SSO to web (Finally!)

You can take a closer look at the admin guide to read more about the new changes here –> http://citrix.edocspdf.com/media/output/en.xenapp-xendesktop.cds-xenapp-xendesktop-75-landing.pdf

Status update: Book and NIC2014

So been a few hetical weeks! (Or should I say months)

My book has been released to most of the major online book resellers, its called

Microsoft System Center Configuration Manager High-Availability and Performance tuning

You can see it from Amazon here –> http://amzn.to/19Uid4q

I am also in the process of writing another book regarding Citrix Netscaler which will most likely be finished in Q2 2014 so really exited about that since I see few Netscaler book out there and hopefully with the latest changes in Netscaler my book has a place in that major gap.

Also im speaking in January at NIC (Nordic Infrastructure Conference) which is one of the largest IT-conference in the nordics. It mostly focuses on Microsoft technology (System Center, Hyper-V, Collabaration etc)

I have a session on thursday regarding Cross-platform monitoring using System Center, which will mostly focus on how to monitor different platforms such as Citrix, Vmware, Azure, Amazon and what other possibilities we have with Operations Manager. So for those that are attending NIC please drop by! Smilefjes

My little System Center book project!

For sometime now I have been occupied with my little book project, it has taken a lot of time from my blogging since it has been completely new territory for my part. But! it has been a unique learning experience and I think that I’ve never been this good a using Word… Ever!

A while back a publisher contacted me and asked if I was interested in writing a book for them, at first I thought nah… don’t have the time and capasity to finish this in time.. But after thinking about it a couple of days I thought when am I going to get this opportunity again ? Therefore I said yes! and fast forward a couple of months ahead and here I am with the finished product.

So allow me to introduce my little book

Configuration Manager 2012 High-availability and Performance Tuning

Microsoft SCCM High Availability and Performance Tuning


FThis is the first time I’ve ever written anything that was over 10 pages (Yes including school as well) and it has been a unique experience and I wish to thanks the publisher Packt www.packtpub.com who has given me this opportunity.

I also wish to thank my reviewers
Marius Skovli and Dragos Madarasan for good feedback in the review process.

Excalibur and Configuration Manager

Now Citrix released a beta build of Excalibur a couple of months ago, which shows the next generation of XenDesktop and XenApp architecture. (Well actually just XenDestkop, since the XenApp architecture is disappearing)
In addition, with this release we have some fancy choices for how to manage the machines within XenDesktop.

Excalibur will add additional WMI classes to all its desktop.
Which are listed here à


This allows you to create collections based upon if it’s VDI or Session host based, and even if it is assigned to a user or not.
Now in order to make these attributes available in Configuration Manager we have to add some WMI classes.

Go into Client Settings -> and alter the clients policy -> Go into hardware inventory and choose add classes. And from the list choose Add Hardware inventory class. From there you can browse to a remote computer that is installed as a VDA and in the namespace you can type \root\citrix\desktopinformation

And choose «Citrix_VirtualDesktopInfo»
Then Press OK

This will give you some more attributes on that WMI class

Which you can again use to create collections based on the variables.

Since Excalibur does not have any direct integration with for instance App-V you can now create user-based assignments to delivery groups.
So the user has multiple options of application deliveries.

Either via Software Portal and Configuration or Storefront with Citrix.

Configuration Manager and hierarchy planning

With 2012 release of System Center Configuration Manager, planning and designing a hierarchy became a bit more difficult.
Not because of the limitations, but because of the huge mix of different possibilities you have.
For instance with the introduction of CAS role (Which sits on the top of the hierarchy and is used for management purposes of many primary sites) you have even more options of how to manage your infrastructure.

In addition, with SP1 you have even more options, for instance you can now have more than one SUP for a primary site. (Which you could not have before SP1) and that the CAS SUP now doesn’t need to sync directly with Windows Update as well) so this post is what factors you need to think of in terms of planning and how to manage the devices. In addition, for many which have multiple domains, trusted and untrusted, and in different forests and depending on how you want the flow of traffic to go it takes a lot of planning!

This post is meant as a guideline and might not always present the best options but just to show some possible examples of how you deploy Configuration Manager 2012 SP1.

Now first I am going to define how the hierarchy in Configuration Manager looks like.
In the first picture we have a stand-alone site (Primary Site) in the secondary picture we have a Primary site with two secondary sites.
In addition, in the last picture we have the CAS with three primary sites and with their secondary sites.

Source: http://i.technet.microsoft.com/dynimg/IC638818.gif

First I’m going to specify the limits of each hierarchy role:

CAS: (Does not process client data, and does not support clients assignments.
400.000 clients (If you use SQL Enterprise) 50,000 if you use standard.
25 Child Primary Sites
Asset Intelligence synchronization point (Can only be one in the hierarchy)
Endpoint Protection point (Can only be one in the hierarchy)
Reporting services point
Software update point
System Health Validator point
Windows Intune connector

Primary Site:
250 secondary sites
100,000 clients (50,000 clients if the SQL is installed on the same computer as the site server)
10,000 WES clients
50,000 Mac
Application Catalog web service point
Application Catalog website point
Asset Intelligence synchronization point (not if it’s a child primary site)
Distribution point
Fallback status point
Management point
Endpoint Protection point (not if it’s a child primary site)
Enrollment point
Enrollment proxy point
Out of band service point
Reporting services point
Software update point
State migration point
System Health Validator point
Windows Intune connector (not if it’s a child primary site)

Secondary Site: (Must be linked to a primary site, MP and DP are installed automatically, installs SQL Express if nothing else is available)
5,000 clients.
Distribution point
Management point
Software update point
State migration point

Software Update Point:
25,000 clients (That is installed on the same server as the site server 100,000 else)
After SP1 (Supports multiple SUP per Site)

Distribution Point:
4,000 clients
250 DP per Primary Site
250 DP per secondary site
10,000 packages and applications

Management Point:
25,000 clients
10,000 Mac computers
10 MP per primary site

Now there are some roles that cannot be deployed in a untrusted domain:
These are out of band service point and the Application Catalog web service point.

But always think simplicity, so if it is possible avoid the CAS role where it seems logical.

(1 domain) ( 1 location ) 1 Primary Site

Depending on how many clients you have in your infrastructure, but with one location and one domain this is only and easiest way to go ahead, for high-availability purposes you should have 2 of each system role and a clustered SQL server for the site server.

( 1 domain ) ( 2 locations) 1 Primary Site 1 Secondary Site (Slow link)
Lets for the purpose of this post say that you have 1 location where you have most of your infrastructure, you have one remote site with 200 clients which has a limited connection to the primary site, one secondary site on the remote location would be the best approach. Clients there would talk directly to the management point and the distribution point of the secondary site.

(1 domain) ( 2 locations) 1 Primary Site and 1 Distribution Point (Fast link for secondary site)
In this case we have also a remote location but we have a fast wan link so we don’t need a secondary site which has the agents and the applications and packages. Therefore, we have a distribution point at the remote location and clients communicate with a MP in the central location.

(1 domain) (2 locations) ( one small branch office )
I would recommend using branch cache on a distribution point and for the clients, when the first client requests content from the DP it will download it and cache it for other clients on the same subnet. This requires a DP installed with Branch cache.

NOTE: Remember that for a remote domain installation to work properly you would need to install the management point with an account that has access to the Configuration Manager database. You configure this during the installation of the Management Point.

( 2 domains untrusted forest ) ( 1 locations) 1 Primary Site in Primary (1 Management Point 1 Distribution Point)

Now we cannot install a primary or secondary site in a untrusted domain, we can only install user facing system roles in a untrusted domain. So therefore, we install a management point and a distribution point in the untrusted domain.
And we can also publish the site in AD for the untrusted domain as well.

( 2 domains trusted forest ) ( 1 location )

This depends on the number of clients but again a solution with a distribution point and a management point in the other domain could be a solution. In case there are too many clients, you would need to expand the hierarchy with a CAS and a primary site in each forest.

(Multiple domains untrusted) (Multiple domains)

Primary site or depending on how many clients. Use Primary Site in one domain (Pref the largest one) and deploy a distribution point and a management point in the other domains.

Here I will also link to some example hierarchy scenarios from Microsoft

Identify requirements to plan for a hierarchy

I would also recommend that you read Microsoft’s own hierarchy for their internal Configuration Manager solution

Trouble with Application Catalog

Had some trouble with a case today that the application catalog would not start. When we opened the catalog they could not connect to the catalog service and got this error message. According to the error message it could not connect to the application service.


If we checked the service with ConfigMgr console we can see that Application Catalog Web Point has status Critical


So when we checked the latest events for that components.


As we can see here WCF is not activated, so make sure that WCF is installed,


So after the component in installed try to reinstall the Application Portal Catalog point and it should work Smile