Friday, 12 September 2008

Capturing OSD/Task Sequence logs

I've often banged my head on the desk as for the 5th time in a row a task sequence has failed when I've got back to check on it without really letting me know why.

I surfed straight into this little beauty of a post the other day so I thought I'd stick it up on here for reference.

Thanks to Steve Rachui for taking the time to blog this on his site:
http://blogs.msdn.com/steverac/archive/2008/07/15/capturing-logs-during-failed-task-sequence-execution.aspx

SCCM Right-Click-Tools

I find these right click addons invaluable and also an easy staring point if you want to add your own by dissecting the XML it creates for them.

Computers not seen in 60 Days

I found this post by Matthew Hudson over on his blog but it didn't seem to like the SMS_R_System.ResourceType bit of the SQL so I'm posting the SQL snippet I use.

It's a handy little bit to have for identifying those potential AWOL systems.

select SMS_R_System.ResourceId, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_WORKSTATION_STATUS.LastHardwareScan >= DateAdd(dd,-60,GetDate())

SCOM & SCCM Intergration

Got talking to Rob the other day about SCOM & SCCM integration and I must say that I am fairly disappointed that Microsoft didn't put more effort into making these two products work more closely together.

In saying that, I put the idea to Rob to create a SCOM task that would spawn a browser and bring up the SCCM client details web report of the selected item in SCOM.

After a slight issue with spaces it's now in and working really well.

You can find it on Rob's blog post here.

Asset Logging

Since we have a revenue stream based on the number of assets out there I set about thinking how we could utilise SCCM to collect data to make the charging/asset logging process more efficient and accurate.

Since our charging is split amongst the different directorates and departments I couldn't just do a count of numbers or I wouldn't be blogging it here ;)

We needed a way to assign a device to a directorate/department and report against that detail.

After popping upstairs to see our resident developers for 5 minutes I returned to my desk with a nice shiny .Net application that needed pushing out to the masses ASAP.

What the dev guy came up with (Thanks Paul!) was a rather nice .Net app that simply popped up on screen and gave the end user two controlled selection lists based off our structure for Directorate and Department with a free form text field for them to populate the section as these tend to differ wildly.

Once this information had been gathered the app simply dumped it out into a registry key... somewhere I knew SCCM could scavenge it from :)

A quick sms_def.mof edit later:

//----------------------------------------------------
// ICT Asset Logger
//----------------------------------------------------
[

SMS_Report (TRUE),
SMS_Group_Name ("ICTAudit"),
SMS_Class_ID ("NELCICT-Asset-Audit1.0") ]
Class ICTAudit : SMS_Class_Template

{
[SMS_Report (TRUE), key]
string KeyName;
[SMS_Report (TRUE)]
string Department;
[SMS_Report (TRUE)]
string Directorate;
[SMS_Report (TRUE)]
string Section;
[SMS_Report (TRUE)]
string LastUpdate;
[SMS_Report (TRUE)]
string LoggedBy;
};

And then a configuration.mof edit:

#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("ICTAudit", NOFAIL)
[DYNPROPS]

class ICTAudit

{
[key]
string KeyName;
string Department;
string Directorate;
string Section;
string LastUpdate;
string LoggedBy;
};

[DYNPROPS] instance of ICTAudit

{
KeyName="ICTAuditLogger";
[PropertyContext("localHKEY_LOCAL_MACHINE\\Software\\NELC\\ICTAuditLoggerDepartment"),Dynamic,Provider("RegPropProv")] Department;
[PropertyContext("localHKEY_LOCAL_MACHINE\\Software\\NELC\\ICTAuditLoggerDirectorate"),Dynamic,Provider("RegPropProv")] Directorate;
[PropertyContext("localHKEY_LOCAL_MACHINE\\Software\\NELC\\ICTAuditLoggerSection"),Dynamic,Provider("RegPropProv")] Section;
[PropertyContext("localHKEY_LOCAL_MACHINE\\Software\\NELC\\ICTAuditLoggerLastUpdate"),Dynamic,Provider("RegPropProv")] LastUpdate;
[PropertyContext("localHKEY_LOCAL_MACHINE\\Software\\NELC\\ICTAuditLoggerLoggedBy"),Dynamic,Provider("RegPropProv")] LoggedBy;
};

This now allows us to run a modified Summary of Computers report with these additional fields added so that we can report to finance the exact number of devices per directorate and sit back while watching the money roll in!

Forcibly remove a site

I got into a situation a while back where our primary site became corrupted and we didn't have a backup for some reason.

We tried uninstalling the site and re-installing and while it fixed the primary site problems it badly messed up the syncing with the central site.

In the end we followed the process below:
  1. Revert the primary site to a central site
  2. On the Central Site run:
    Preinst /delsite SiteCode ParentSite
    Preinst /deljob SiteCode
  3. On the old Primary site run:
    Preinst /deljob SiteCode
  4. Convert the old Primary site back to a primary site with the Central as it's parent
  5. Run Preinst /keyforchild on the central site and copy to \inboxes\hman.box
  6. Run Preinst /keyforparent on the primary site and copy to \inboxes\hman.box
  7. Run Preinst /Syncchild:SiteCode on the Central Site
  8. Run Preinst /syncparent on the primary site

This thankfully brought our sites back to life.

SCCM across UNTRUSTED Forests

Before I type anything more I must warn you that the following article is against Microsoft's published best practices as it breaches administrative boundaries which should end with a within a forest.

But that's not to say it can't be done ;)

We had a case here where we wanted to deliver managed public Internet in various locations (both existing corporate buildings and new purpose built locations).

When designing the solution it was decided to create an entirely new domain to help keep things separate and secure from the corporate side of the business.

The problem came about when I came along and decided that ICT needed to have the same amount of remote administration benefits over it as SCCM had given us on the corporate side.

I'm sure that it would have been much simpler had we been in native mode, but since we aren't I had to tackle it from a Mixed Mode perspective.

First step was to install a new Primary site within the domain/forest that needed managing which is the same as installing SCCM for the first time and the DB was split off to a separate shared SQL box again.

Once the new site is installed and running I needed to give both sites some way to trust each other as each forests AD schema has been extended but because their is no trust they don't know about each others presence or have a security trust.

For this I used the Preinst command to export the site keys.

To manually transfer the Public Forest Primary site public key to the Corporate Central site
  1. While logged on to the Primary site, open a command prompt and navigate to the location of Preinst.exe. (Microsoft Configuration Manager\bin\i386\00000409)
  2. Run the following command to export the Primary site’s public key: Preinst /keyforparent
  3. The Preinst /keyforparent command places the public key of the Primary site in the .CT4 file located at the root of the system drive.
  4. Move the .CT4 file to the Central site's \inboxes\hman.box directory.

To manually transfer the Corporate Central site public key to the Public Forest Primary site

  1. While logged on to the Central site, open a command prompt and navigate to the location of Preinst.exe. (Microsoft Configuration Manager\bin\i386\00000409)
  2. Run the following command to export the Central site’s public key: Preinst /keyforchild.
  3. The Preinst /keyforchild command places the public key of the Central site in the .CT5 file located at the root of the system drive.
  4. Move the .CT5 file to Primary site’s \inboxes\hman.box directory.

Once that was done accounts were created on both domains/forests for the sender accounts that are required and then addresses created and pointed at each site.

  • Central site contains sender address pointing down at Primary site using account created on public domain/forest
  • Primary site contains sender address pointing up at Central site using account created on corporate domain/forest

Final thing to do was on the Public forest SCCM server through the console and expand Site Management. Right click on the site and choose properties. Click set parent site, choose the Central Corporate site... and you're done!

Thursday, 11 September 2008

What does SCOM think when you remove a drive?

We ran out of space on one of our old (And I do stress the old part) data servers the other day so we took the chance to add a LUN on the SAN and migrate the data across. To make things simple for us we just stopped the server service and juggled the old and new drive letters around and then removed the old partition.

SCOM didn't seem to like this however as the open alert then demonstrated:


Logical Disk Free Space is low
Alert Description
Source:
\\?\Volume{8c740691-15ff-11d8-9b0b-505054503030}
The disk \\?\Volume{8c740691-15ff-11d8-9b0b-505054503030} on computer xxx.xx.xx is running out of disk space. The values that exceeded the threshold are 0% free space and 73 free Mbytes.
Path:
xxx.xx.xx\\\?\Volume{8c740691-15ff-11d8-9b0b-505054503030}
Alert Monitor:
Logical Disk Free Space
Created:
09/09/2008 11:45:38


I'm sure that alert used to say F:\ :)

SMSMap - Helping to conquer boring documentation

I've always been one of them people that go out of their way to spend time to find tools that help automate documentation as it's the least glamorous part of implementing systems.

One of the best tools I've found for helping document SCCM deployments is a tool by Jeff Tondt.

It allows for easy visio documentation of sites like this:



You can find the application here: http://www.tondtware.com

Many thanks to Jeff Tondt for giving me permission to post his site link in my blog.