Friday, 21 December 2012

Recommended WMI Hotfixes

Just a reminder post for myself more than anything...

TechNet Wiki page containing a list of Pre and Post SP1 Windows 7 and Windows 2008 R2 recommended WMI Hotfixes.

http://social.technet.microsoft.com/wiki/contents/articles/1398.list-of-wmi-related-hotfixes-for-windows-7-and-windows-server-2008-r2.aspx

Thursday, 20 December 2012

System Center 2012 Service Pack 1 RTM & Download

There's been bits of information floating around the internet over the last few days that System Center 2012 SP1 had gone RTM.

Like everything, people were sceptical as there was no official announcement, only a blog post on the DPM forums.

However, it had gone RTM internally and today saw it released to those with TechNet and MSDN subscriptions.

 

For those without TechNet or MSDN, chances are you will still have to wait another week or so until about the 3rd of January (rumoured)

Time to go update the lab!

Friday, 14 December 2012

Installing the SCVMM (Non SP1) console on Windows 8

If you find yourself running the new swanky Windows 8 OS on your desktop that you use for administration, you might run into a problem with trying to install the System Center 2012 Virtual Machine Manager console for remote admin purposes.

When Service Pack 1 is released (very soon) this isn't too much of an issue, except when you may want to administer a non-SP1 SCVMM setup.

So, there's a "hack" to install the SCVMM console, without SP1, on a Windows 8 machine.

** Firstly - disclaimer - This is in no way shape or form supported and you are to run this at your own risk, it's not my responsibility if it kills your infrastructure!!! **


Steps:
  1. Grab the SP1 Beta install folder for SCVMM and copy it locally to a folder called VMMSP1
  2. Copy the Non-SP1 install files locally to a folder too called VMMNONSP1
  3. Rename the setup folder in either i386 or amd64 depending on your OS in the SP1 media to setupOrig.  In the screen shot below I've done this for the i386 folder.


  4. Copy the setup folder for the relevant os (x86/x64) from the non-sp1 folder to the SP1 folder


  5. Edit the PrerequisiteInputFile1033.xml in the setup folder copied across to the SP1 folder and look for the Win7 section below:

    <LogicDelegate LogicType="or" DelegateId="OSVersion-win7-Fail"
     DelegateNameSpace="Microsoft.VirtualManager.SetupFramework.BuiltInDelegates,SetupFramework"
    DelegateName="RequiredOperatingSystem">
    6.1.7600.0,6.1.9999.9999,Win32NT,WinNT,2
    </LogicDelegate>
  6. Add this new section underneath the Win7 section:

    <LogicDelegate LogicType="or" DelegateId="OSVersion-win8-Fail"
     DelegateNameSpace="Microsoft.VirtualManager.SetupFramework.BuiltInDelegates,SetupFramework"
    DelegateName="RequiredOperatingSystem">
    6.2.9200.0,6.2.9999.9999,Win32NT,WinNT,2
    </LogicDelegate>


  7. Go back to the root level for the OS "bitness" you're doing this for and run SetupVMM.exe


  8. Don't worry when you see the splash screen as this will still say SP1, just click "Install"

  9. This will then launch the Non-SP1 install and allow you to step through the options as normal to install the admin console.


As I said before, use this at your own risk and test fully in a lab environment first.  I will not be held responsible for what may go wrong, there's probably a reason Microsoft blocks the install, but I've always hated to be told no so had to try this.

Thanks to Dirk Flakowski for getting me side-tracked on this one today!
http://social.technet.microsoft.com/Forums/en-US/virtualmachinemanager/thread/07576dd4-bce2-442a-8af8-40213228406c

System Center 2012 Endpoint Protection Cookbook Review

The publisher of the Service Manager Cookbook that I was a co-author on have a variety of different cookbooks also on the topic of System Center 2012. 
One of these is the cookbook for Endpoint Protection which is a component of the System Center 2012 suite and delivered and managed by System Center 2012 Configuration Manager.

I've never been the fastest of readers and I mentioned a while back I'd post a review on this.

If you’ve had experience in the past with either Forefront Endpoint Protection, Microsoft Security Essentials or the new built in Windows Defender in Windows 8 then you may recognise the interface for SCEP, but instead of it being a standalone product like previous versions, this release is heavily integrated into ConfigMgr.  This provides you a single pane of glass approach to both settings and compliance management and AV/Malware security.

 
 
 


The Book
Author: Andrew Plue
Reviewers: Nicolai Henriksen (SCCM MVP), Matthew Hudson (SCCM MVP) and Stephan Wibier



The book is broken down into the following chapters:
  • Chapter 1 - Getting Started with Client-Side Endpoint Protection Tasks
    Provides a number of recipes for performing tasks at the local client level, such as forcing a definition update or modifying the SCEP client policy.
  • Chapter 2 - Planning and Rolling Installation
    This will walk you through some of the considerations you will need to make before deploying SCEP, as well as showing you how to enable the SCEP role on your SCCM server.
  • Chapter 3 - SCEP Configuration
    This will show you recipes for performing essential tasks, such as configuring SCEP policies and alerts, as well as walking you through the process of setting up SCEP's reporting features.
  • Chapter 4 - Client Deployment Preparation and Deployment
    This includes a number of recipes to assist you with every step of client deployment from preparation to actually deploying the clients.
  • Chapter 5 - Common Tasks
    This covers a number of day-to-day tasks that every SCEP administrator will need to know how to do it correctly in order to keep SCEP healthy and your Endpoints protected from malware.
  • Chapter 6 - Management Tasks
    This covers important high level tasks, such as using policy templates, merging polices, and responding to SCEP alerts.
  • Chapter 7 - Reporting
    This takes a deep dive into the reporting capabilities offered with SCEP. You will be shown how to execute reports, as well as provide access to reports. You will also be shown how to create your own custom reports.
  • Chapter 8 - Troubleshooting
    This provides you with some tools to assist you with the time-consuming effort of troubleshooting an anti-malware product. The recipes in this chapter will help you deal with Definition Update issues, as well as how to approach false positives.
  • Chapter 9 - Building an SCCM 2012 Lab
    This is a great chapter for anyone who has not yet taken the plunge on SCCM 2012. There is just a single recipe in the chapter that will show you the quickest down-and-dirty method for standing up an SCCM 2012 server in a lab environment. This is vital to anyone considering deploying SCEP, because with the total integration of SCEP with SCCM 2012, you can't experience SCEP without an SCCM environment.
Also the Appendix includes some really good info around integrating SCEP with Operations Manager (SCOM) for monitoring, some information around the version of Endpoint Protection used with Intune (Microsoft’s cloud based device management solution) and some deployment checklists which are useful.

Overall
While I’ve been using Configuration Manager for years, SCEP has always been something that I’ve only lightly touched on as it’s been something that I would do the initial planning and setup for and then had over to the customers security teams to manage longer term.

Being able to have a complete reference guide to hand that not only validates and refreshes my installation approach but then expands on the longer term configuration and management is great.

For those attempting to put this in from scratch it’s ideal as it can accelerate your deployment and hopefully avoid you making some common mistakes that could be costly in the long run.

Little nuggets throughout such as the MpCmdRun.exe usage for remote/local admin tasks are so cool and open up avenues such as creating ConfigMgr packages to restore files from quarantine quickly in case of mistakenly captured files.


As always, you can order the book in 'dead tree' format from Amazon here or in Kindle format from here.

There’s also the option of purchasing from Packt directly and I’d recommend signing up for their library (free signup) where you can mange/download your purchases in various formats and while you’re there, why not purchase the Service Manager Cookbook too!
http://www.packtpub.com/microsoft-system-center-2012-endpoint-protection-cookbook/book

Monday, 10 December 2012

Print Server Management Pack - Finally Updated!

Microsoft released the other day an update for the Print Server management pack, finally!

I've moaned about Microsoft's attitude towards this management pack for some time.
http://systemscentre.blogspot.co.uk/2010/10/server-2008-r2-print-services.html

http://social.technet.microsoft.com/Forums/en/operationsmanagermgmtpacks/thread/634c02e8-30a8-4f6e-a26a-c2bfacd526cb

The quick fix MP for 2008 R2 that Myself and Rob Ryan (He did most of the work...) is no longer available as his blog is currently down.  However, Kevin Holman created a better one that was more preferable to use anyway. http://blogs.technet.com/b/kevinholman/archive/2010/11/10/how-to-monitor-print-services-on-server-2008-r2.aspx


But back to the here and now... MS have an updated MP available for Microsoft Print Servers.

From the MP Documentation it appears that not only is Server 2012 now supported, but finally 2008 R2 is as well.


Going through the Import MP Wizard and searching the catalogue will at present not get you access to the new Print MP as it doesn't yet seem to be updated.

 
That's not always a bad thing however as I would always recommend downloading the MP manually otherwise you may miss the associated MP Guide document.  As always with SCOM MP's, RTFM first before import!!
 
*Update 11/12/12 - Apparently the catalogue has now been updated, thanks for the heads up Daniel Savage*

*Update #2 11/12/12 - Confirmed, the catalogue has now been updated*



The MP can also be downloaded from here:
http://www.microsoft.com/en-us/download/details.aspx?id=3290

Surprisingly, this MP is only listed as an Operations Manager 2007 R2 MP.


This is slightly strange with them adding Print Server monitoring on Server 2012 since monitoring Server 2012 with SCOM 2007 R2 isn't supported natively, well not without running 2012 Agents reporting back to your 2007 R2 Management Servers.
http://thoughtsonopsmgr.blogspot.co.uk/2012/10/scom-r2-windows-server-2012-support.html


I've downloaded it anyway to test with SCOM 2012 and on first try of importing, I'm presented with an error that a dependant MP for the Print Server 2003 MP is missing.


This is fine though, it's only because I've not got any of the Windows 2003 MP's in my environment, after all who still uses Server 2003?  (I am joking before anyone comments!)


Import works fine on SCOM 2012.

 

After import there's plenty of Discoveries, Monitors and Rules...




Notice there's no reference to 2008 R2?

Well in the 2008 Print Server MP the discovery ran this WMI query:

SELECT Name FROM Win32_ServerFeature WHERE Name = "Print Services"

Kevin Holman's addendum MP changed this to this following query which then discovered 2008 R2 print services roles:

SELECT Name FROM Win32_ServerFeature WHERE Name = "Print Services" OR Name = "Print and Document Services"

Well the discovery for 2008 R2 is contained within the 2008 MP and now looks like this:

SELECT Name FROM Win32_ServerFeature WHERE ID = 7

Easy little change and simpler than listing specific names as it covers both 2008 & 2008 R2 regardless of the specific name.

This link shows all Win32_ServerFeature ID's: http://msdn.microsoft.com/en-gb/library/windows/desktop/cc280268(v=vs.85).aspx

The same WMI query is also used in the 2012 MP which should mean if any name changes are made in an R2 release of 2012 the MP should carry on working.

I was going to run a difference compare against the old and the new MP, but I seem to have misplaced my old copy of the MP.  As soon as I can get my hands on one I'll run one and update the post.

*Update 11/12/12*
I'll also retract my previous comment (below) as it was rather harsh and actually untrue.  Now that I've done more that skim the MP guide, it does contain numerous references to 2008 R2 /facepalm.
So much for taking my own RTFM advice...

As mentioned by Daniel Savage in the comments, the MP Guide includes all rules etc stored within the MP for reference.

In short, it appears at first glance to run ok on SCOM 2012, but requires more testing.  I think it's probably just laziness on Microsoft's part that they couldn't be bothered to re-write the MP guide completely and just chose to add references to Server 2012 only rather than go back and add 2008 R2, which to be honest wouldn't add much value as it's 99.9% the same monitoring as plain 2008.

Friday, 30 November 2012

Configuration Manager and 1E

This is an old post (July 2012) that I never got round to finishing and posting as I was typing it up during the session.  It's readable (just about) and would be a shame just to bin so I thought I'd just post it RAW anyway...




I'm in Reading today for a ConfigMgr day with Wally Mead which is sponsored by 1E.

So 1E kick off the event with a session on who they are and beating records on deploying Win 7.
A quick poll of the room shows lots of people migrating to Windows 7 but few are finding it quick or easy job.
Application packaging and compatibility seems to be the biggest problem for people and then the scope/number of devices to upgrade.

1E tend to see some of these challenges:
  • Data Transfer - Terabytes daily - Business app impact?
  • Many locations - Many servers/site visits
  • Many Applications - Rationalisation exercise?
  • Migration Schedules - End user disruption
  • Complex Project - People, time, resources and associated costs.

Where 1E can add value are:
  • User driven processes - increase satisfaction
  • Remove legacy software
  • Minimise infrastructure requirements
  • Tame complex projects and scenarios

1E feel that Windows 7 migration projects shouldn't be treated as "special projects" but should be considered as a business as usual project which is perfectly inline with how myself and Trustmarque approach Desktop Migration projects.
This is with the view of keeping skills in house, building processes and skill sets so that next time round for example Windows 8 can be smoothly rolled out with the infrastructure, methods and skills already in-place.

1E used Verizon as an example where they helped migrate around 90,000 devices.

1E Solution Set:
Shopping + AppClarity + Nomad

Example Nomad implementation - reduced 76 Sites, 1 Cent, 12 Primary, 63 Sec, 98 Dist

Nomad Features were demoed:
  • USMT utilising peer to peer for storage
  • PXE anywhere - No server requirement, use local client peers to auto elect one and use that as a PXE deployment point.  Keep OSD imaging within the local subnet and reduce network traffic.
1E can help with record breaking deployments:
Speed - Terabytes of data with zero business impact
Flexibility -

Bypass Corporate WSUS for update check

I've had an issue a couple of times now when testing/running Windows 8 in an environment where group policy enforces WSUS settings causing a problem as the WSUS server hasn't been updated to support Windows 8 clients or hasn't had the required updates published.

Sometimes this can easily be got around by simply clicking the "Check online for updates from Windows Update" link, however this was removed by GPO in these cases.

In these cases I've had to fall back to using this simple batch file script:

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v UseWUServer /t REG_DWORD /d 0 /f
net stop "Windows Update"
net start "Windows Update"
control /name Microsoft.WindowsUpdate

After running this batch file, you can run Windows Update as normal and it will go directly to Windows Updates to check.

This is obviously not something a normal "user" should use, but then they shouldn't have the access rights to run this anyway!  Neither is it a permanent workaround, just a quick fix while the WSUS server is updated to provide Windows 8 updates.

Previous blog post on preparing WSUS for Windows 8/Server 2012:
http://systemscentre.blogspot.co.uk/2012/09/preparing-wsus-for-windows-8-and-server.html

Error when creating MDT Packages for ConfigMgr 2012

Recently I ran into an error while creating the MDT 2012 packages for use with ConfigMgr, unfortunately the error message was not the most useful one to be seen...


Ok, so access to the path is denied... but what's the path that it's trying to access???


This occurs when stepping though creating a new MDT task sequence and selecting to create new packages for the first time and unfortunately you have to re-step though all of the wizard options from scratch each time while trying to troubleshoot.

Anyway, long story short, running Process Monitor while trying to create the packages showed it failing while trying to create an autorun.inf as part of the MDT Package.

 
While the screen shot above shows a successfully built package, the folder we were seeing contained a temp file only.
 
A bit more digging narrowed it down to McAfee Anti-Virus running on the server that was blocking the creation of Autorun.inf files.  Strangely enough though it didn't block the MDT installer or the creating of the deployment share.
 
After messing with disabling the AV and stopping services to prevent the ePO restarting the AV we ran through the MDT Task Sequence wizard again and it installed successfully.
 
 

I suppose I should have paid more attention to the note by Michael Niehaus on this old blog post for MDT 2010 Update 1


Thursday, 15 November 2012

Extended Virtual Machine Discovery Management Pack

Infront released a new management pack, a while ago, for FREE, to the community via System Center Central.

http://www.systemcentercentral.com/tabid/143/indexid/94055/default.aspx?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+systemcentercentral%2Fblogs+%28Blogs+at+System+Center+Central%29

This management pack will give you a deeper insight into your virtual machines including recognising which platform (Hyper-V, VMware & Citrix), which hosts they're located on, if VM Tools are installed and the version.

(footnote. I actually wrote this post the day they released it, but forgot to post it /facepalm)

Wednesday, 14 November 2012

AWOL

Posts have been very light on the ground of recent I'm afraid due to just how busy I've been both at work and personally.

I'm on the road and in hotels for the next week or so and hopefully that will give me the some time to catch back up.

Some of the posts I'm hoping to get done soon will be around:

  • SCOM noise and advice
  • System Center installation PowerShell scripts
  • Orchestrator Runbooks
  • Windows 8 deployment customisation
  • SCSM customisation and extension
  • System Center console deployments via ConfigMgr
  • Other random bits...
So hang fire, I'm still around, just stupidly busy...

Thursday, 25 October 2012

Windows 8 Skype App to the Rescue!

Sweet... That about sums up my thoughts for the new Skype App.
Not that I've used it in anger or that I'm a long time Skype user, no.

In fact, before today, I've never used Skype.  Of course I had heard of it and was aware what it did, just that I've never had a need for it.

Until today.  Just hours after it being released I found myself on a conference call where the only available audio option was via dialling the states.
Say what?!?!?  Hang on, I'm on a mobile here in the UK, this is going to get expensive really quickly.

So knowing that Skype had just hit the store I quickly installed it (I love one click installs!) it used my Microsoft ID to single sign on (SSO) straight in, allowed me to dial a US Toll Free number as if I was in the states and then docked nicely to the side while I watched the presentation.


 
Skype App to the rescue!!  Now I'm hoping that it works nicely on my Surface RT (fingers crossed it does come tomorrow and not 2nd Nov...)

Friday, 19 October 2012

System Center 2012 - Service Manager Cookbook

Well, it's a wrap!!

The System Center 2012 Service Manager Cookbook went into the production phase today and should be available shortly to purchase in it's final version opposed to the RaW version that was available previously.

I really do hope that people find this a useful resource when working with Service Manager and it's been a pleasure working with the top guys from Europe as a team on this project, those guys seriously think on a whole new level around Service Manager and in fact System Center in general!

For now, enjoy the eye candy that is the final cover of the book with a spectacular view from the top of Europe.

System Center 2012 - EndPoint Protection Cookbook

While I'm waiting for the PackT publishers to spit and polish the Service Manager Cookbook I thought I would download another of their offerings.

So after digging through their library I settled on the System Center 2012 EndPoint Protection Cookbook by Andrew Plue.

Once I've read it or most of it I'll pop a little review online.

 

Friday, 12 October 2012

VMM 2012 SP1 (Beta) with Server 2012 Hyper-V Issue

After migrating my 2008 R2 cluster across to Server 2012 I was having problems adding in the cluster/hosts to SC2012 Virtual Machine Manager SP1.

The cluster could be discovered and imported fine, but a few minutes later would report back that it could no longer be managed.

It turns out that because on the rebuild I didn't make the hosts DC's (it's a testlab before someone comments on best practise!!) so the computer accounts got placed into an OU along with the normal servers that had a Group Policy applying some WinRM settings.
Unfortunately doing a winrm /qc or allowing VMM to check that WinRM is enabled doesn't set/check all the required settings are actually in place.

Having a look around I found the following TechNet forum post from Wes Kroesbergen who listed a registry key that's advisable to have set, plus the winrm commands to set all of the required settings.

http://social.technet.microsoft.com/Forums/en-US/virtualmachingmgrhyperv/thread/4bd9be4b-0ff9-46f3-bf32-1b7c1245c494


Wrap the below into a batch file (you can't use these commands via PowerShell before you try), run it on your Hyper-V hosts and you're good to go!

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

winrm set winrm/config/service/auth @{CredSSP='True'}
winrm set winrm/config/winrs @{AllowRemoteShellAccess='True'}
winrm set winrm/config/winrs @{MaxMemoryPerShellMB='2048'}
winrm set winrm/config/client @{TrustedHosts='*'}
winrm set winrm/config/client/auth @{CredSSP='True'}

SCVMM 2012 SP1 - Missing properties and unable to refresh VM

Giddy as a kid in a sweet shop I migrated my testlab cluster to Server 2012, migrated my VM's across and installed System Center 2012 Virtual Machine Manager SP1 to manage it.

Straight away I ran into some slightly strange issues.

  1. Majority of the Auto Discovered VM's refused to see hardware configuration properties such as:
    Virtual Hard Disks and Controllers
    Virtual Network Cards
  2. Majority of the Auto Discovered VM's left hardware configuration properties at defaults, such as:
    Processor Count and Memory Amount
    High Availability Status
  3. Every time I tried to refresh a VM I would get the error:
    Error (2923)

    A malformed response was received while trying to contact the VMM agent on hyperv01.domain.local.
    Unspecified error (0x80004005)

    Recommended Action
    1) Ensure the VMM agent is installed and that the SCVMMAgent service is running.
    2) If the SCVMMAgent service is running, restart the service, and then verify that WS-Management is installed correctly and that the WinRM service is running.
    3) Check the manufacturers' Web sites to ensure that you have the latest drivers for your network adapters and other devices.
Looking on the Microsoft Connect site I found that someone called egilsk was having the same issues.

Thankfully, last Friday (05/10/12) Mark at Microsoft posted the following suggestion to try:

On the Hyper-V hosts run the following PowerShell commands

Import-Module Hyper-V

Get-WmiObject –Namespace “root\virtualization\v2” Msvm_PlannedComputerSystem | foreach{Get-VM –Id $_.Name} | Remove-VM –Force

Once this has been run on your hosts, refreshing the VM's should work successfully and all of the missing/default hardware config should be updated and displayed.

It looks like this is to do with the hosts having the VM stuck in a temporary state, even if brought across as a planned import or migration.

The problem is now at least known about and should be fixed/handled in the next release of the Service Pack.

Tuesday, 25 September 2012

Technical Documentation for System Center 2012 SP1 (Beta)

Very quick blog just to list the links for my reference to the technical documentation downloads for System Center 2012 that have been updated for the Beta release of SP1.

Technical Documentation Downloads for:

Windows Embedded Devices and Configuration Manager 2012 SP1

Managing Windows Embedded Devices has always been possible with Configuration Manager, either with a lot of manual effort and scripting or more preferably using Windows Embedded Device Manager (WEDM) 2011 on top of ConfigMgr 2007.

When System Center 2012 was released back in April we were promised an updated WEDM 2012 version would be coming along shortly.

With the release of Service Pack 1 (Beta) for System Center the decision has been made to combine the features that would have been in WEDM directly into ConfigMgr.

This is brilliant news as it now means that out of the box with ConfigMgr SP1 we will now be able to manage and deploy to Embedded Devices without having to install any extra clients or infrastructure.

Here are a couple of bits of information around some of the new embedded features.

Within the different deployment wizards you'll now start to see various options related to Embedded Devices which will help control the disabling and enabling of write filters.



Along with utilising ConfigMgr features such as Maintenance Windows, WED client management is optimised in areas such as content download/reducing reboots.

EndPoint Protection gets some specific Embedded device settings...



OSD for Embedded Devices will now allow images to be deployed purely from the distribution point (due to the low storage on thin clients) as well as allowing for a last step to be run after deployment, such as a script to enable auto-logon or enable write filters.

Non-admins will be blocked from logging onto devices during servicing.

Software Center will block self service installations when write filters are enabled to stop users getting into Ground Hog Day scenarios.

Best Practises:
  • Maintenance Windows will become more important/heavily advised to simplify management of embedded devices
  • Plan for your persistence strategy
  • Make deployments Required rather than available for embedded devices
  • Look to use file write filters moving forward to make life simpler

Supported Operating Systems:
  • Windows XP Embedded,
  • Windows Embedded 2009 Standard
  • Windows Embedded Standard 7
  • POS 2009
  • POS 7
  • Windows Thin PC
In short.. WEDM 2012 is no more!!  Long live ConfigMgr 2012 SP1!!

Friday, 21 September 2012

Cloudy Day for ConfigMgr 2012

While more and more news on the new features in Service Pack 1 for System Center 2012 keep coming, I happened to miss the mention about this one.

With ConfigMgr SP1 we will get a new feature, Azure Cloud-Based Distribution Points.

More information can be found in the TechNet Documentation library here:
http://technet.microsoft.com/en-us/library/gg712321.aspx#BKMK_PlanCloudDPs

With the upcoming Intune connection as well, it's starting to look like a very cloudy day in the ConfigMgr world (Sorry, I couldn't resist that one!)


Monday, 10 September 2012

Intune and System Center 2012 Configuration Manager

Today an announcement was made around Service Pack 1 Beta availability for System Center 2012.  While this will steal a fair amount of attention, it's worth paying attention to another VERY important bit of information that went alongside it with relation to some Intune changes.

I've heard rumblings about a possible gateway solution to allow for interaction between the two products for a while and today that information was lent some official credence.

From the Server & Cloud Blog:

Microsoft offers two separate endpoint management solutions – System Center 2012 Configuration Manager for on-premises management, and Windows Intune for management through the cloud.  With System Center 2012 Configuration Manager Service Pack 1 and the next version of Windows Intune, Microsoft is taking the first step in delivering interoperability between these products through Configuration Manager’s administration console.  This will enable customers to add mobile devices managed through the cloud with Windows Intune into their System Center 2012 Configuration Manager Service Pack 1 console and manage all the devices through one tool.


Hopefully (I'll find out some more info ASAP) this will allow for inventory information to be pulled down from Intune regarding the clients it manages and absorbed it into the ConfigMgr database allowing for seamless inventory reporting across both client bases.  We may even see more seamless management features!

 
There are also to be some license changes that mean customers that already own ConfigMgr client ML licenses will get even more discount towards Intune licenses and those with Intune licenses already can use these to manage devices through ConfigMgr.
Also the licensing model will shift away from per-device to a per-user model with rights for up to 5 devices per user!

All in all, some interesting news and I'll post back soon with more details when I've hunted them down.

System Center 2012 Service Pack 1 Beta Available

Updated documentation has been popping up on TechNet the last couple of days and now the downloads for SP1 Beta for System Center 2012 has turned up.

Before you go running off to install, remember this is Beta software and is not supported for production use unless working with Microsoft on the TAP program.

The main SP1 download can be found here:
http://www.microsoft.com/en-us/download/details.aspx?id=34607

This contains the updates for:
SC2012 ConfigMgr & EndPoint Protection - 377.3 MB
SC2012 App Controller - 15.1 MB
SC2012 Data Protection Manager Part 1 - 818.6 MB
SC2012 Data Protection Manager Part 2 - 1.5 GB
SC2012 Orchestrator - 68.6 MB
SC2012 Operations Manager - 905.9 MB
SC2012 Service Manager - 400.2 MB
SC2012 Virtual Machine Manager - 756.4 MB

N.B. Both parts for DPM are required, download and extract to the same folder before running setup

There are also additional ConfigMgr clients for more Operating Systems to be found here:
http://www.microsoft.com/en-us/download/details.aspx?id=34609

  • AIX Version 7.1 (Power)
  • AIX Version 6.1 (Power)
  • AIX Version 5.3 (Power)
  • HP-UX Version 11iv3 (IA64 & PA-RISC)
  • HP-UX Version 11iv2 (IA64 & PA-RISC)
  • RHEL Version 6 (x86 & x64)
  • RHEL Version 5 (x86 & x64)
  • RHEL Version 4 (x86 & x64)
  • Solaris Version 10 (x86 & SPARC)
  • Solaris Version 9 (SPARC)
  • SLES Version 11 (x86 & x64)
  • SLES Version 10 SP1 (x86 & x64)
  • SLES Version 9 (x86)
 There are also some more SP1 Beta Integration Packs for Orchestrator:


Brief summary of Service Pack 1 features from the download page:

  • Virtual Machine Manager
    • Improved Support for Network Virtualization
    • Extend the VMM console with Add-ins
    • Support for Windows Standards-Based Storage Management Service, thin provisioning of logical units and discovery of SAS storage
    • Ability to convert VHD to VHDX, use VHDX as base Operating System image

  • Configuration Manager
    • Deployment and management of Windows 8 and Windows Server 2012
    • Distribution point for Windows Azure to help reduce infrastructure costs
    • Automation of administrative tasks through PowerShell support
    • Management of Mac OS X clients and Linux and UNIX servers
    • Real-time administrative actions for Endpoint Protection related tasks

  • Data Protection Manager
    • Improved backup performance of Hyper-V over CSV 2.0
    • Protection for Hyper-V over remote SMB share
    • Protection for Windows Server 2012 de-duplicated volumes
    • Uninterrupted protection for VM live migration

  • App Controller
    • Service Provider Foundation API to create and operate Virtual Machines
    • Support for Azure VM; migrate VHDs from VMM to Windows Azure, manage from on-premise System Center

  • Operations Manager
    • Support for IIS 8
    • Monitoring of WCF, MVC and .NET NT services
    • Azure SDK support

  • Orchestrator
    • Support for Integration Packs, including 3rd party
    • Manage VMM self-service User Roles
    • Manage multiple VMM ‘stamps’ (scale units), aggregate results from multiple stamps
    • Integration with App Controller to consume Hosted clouds

  • Service Manager
    • Apply price sheets to VMM clouds
    • Create chargeback reports
    • Pivot by cost center, VMM clouds, Pricesheets

  • Server App-V
    • Support for applications that create scheduled tasks during packaging
    • Create virtual application packages from applications installed remotely on native server
  • Friday, 7 September 2012

    Recommended WMI Hotfixes

    Microsoft today released an updated KB Article detailing the recommended WMI hotfixes that should be deployed to your Windows clients.

    This is especially relevant in environments using System Center components as these make heavy usage of WMI.

    http://support.microsoft.com/kb/2591403

    It doesn't mention it within the KB Article, but I think it's safe to say these hotfixes are assuming that you're also running the latest service pack for the relevant OS but even if that isn't the case, I would certainly recommend it.

    N.B. Thanks to Marnix Wolf for the tweet that highlighted the updated KB to me!

    SCOM Data Access Service Fails to Start

    I was speaking to an old colleague the other day who is in the middle of migrating his production Operations Manager 2007 R2 environment to a nice new shiny 2012 setup.

    Things were initially going well but he explained that he ran into a rather strange issue just after migrating the first batch of agents across to just talk to his live 2012 infrastructure, what made it stranger was these had been talking to his test infrastructure (dual homed) fine for quite a while.

    When he moved them across, shortly after, the System Center Data Access service stopped and refused to start.

    No matter what he tried it wouldn't work and he had to fall back to restoring a backup.

    This left him a little hesitant about the stability of his live environment and whether something wasn't quite right underneath it all somewhere, but it seemed to be fine after the restore so he thought he'd see how it went.

    Well the same problem reared it's ugly head again the other day so he did some more digging.

    Eventually he stumbled across this post from Travis Wright explaining an issue seen in Service Manager.
    http://blogs.technet.com/b/servicemanager/archive/2011/10/04/system-center-data-access-service-start-up-failure-due-to-sql-configuration-change.aspx

    Since Service Manager and Operations Manager share the same code base and the problem described is essentially a SQL problem anyway he took a look to see if it was indeed the same issue affecting him, turns out it was!

    It finally turned out to be something one of the developers were doing with custom reports and scheduling that was adding a local SQL account to the security roles as DBOwner (Dev to be taken outside and shot...)

    So in summary, if you're using SCOM and your System Center Data Access Service refuses to start and you're seeing event log errors such as:
    • 26325 Authorization store exception
    • 26339 Exception thrown while initializing the service container
    • 26380 Unhandled Exception
    then take a look at the Service Manager blog link above and check your SQL security logins to see if something/someone is flipping the Authentication mode to Mixed-Mode.

    Good find Rob, now get your blog back online and start sharing things like this again ;)

    Wednesday, 5 September 2012

    Preparing WSUS for Windows 8 and Server 2012

    Now that Windows 8 and Server 2012 are RTM and available to download from the usual places (VLSC, TechNet, MSDN, Intune etc) various other Microsoft solutions are getting updates to prepare them to support the Operating Systems.

    Yesterday it was Windows Server Update Services (WSUS) turn and a hotfix to add support for Win8 and Server 2012 was released in the form of KB2734608.

    You can read the knowledgebase article here:
    http://support.microsoft.com/kb/2734608

    This also appears to be a bit of a rollup update with it also including/replacing the following updates:
    • 2530678 System Center Update Publisher does not publish customized updates to a computer if WSUS 3.0 SP2 and the .NET Framework 4 are installed
    • 2530709 "Metadata only" updates cannot be expired or revised in WSUS 3.0 SP2
    • 2720211 An update for Windows Server Update Services 3.0 Service Pack 2 is available

     One thing to take note of is this section in the known issues about existing clients:

    If you have Windows 8 or Windows Server 2012 clients that synchronised with WSUS 3.0 SP2 before you applied this update, wait for the update to be applied to the WSUS servers, and then follow these steps:

    On the affected client, open cmd.exe in elevated mode Type the following commands.

    Net stop wuauserv
    rd /s %windir%\softwaredistribution\
    Net start wuauserv

    Chances are that you haven't got too many Windows 8 or Server 2012 clients deployed yet in production, but if you have then this seems like something to get scripted, packaged and deployed via Configuration Manager... oh wait, you'd need System Center SP1 for that to be supported in production... time to break out PowerShell 3 instead ;)

    Thursday, 2 August 2012

    Windows Server 2012 - Licensing and Key Features Webinar

    I thought I'd throw this one out there...

    For anyone involved in Server or Datacenter administration, design, support or management my employers Trustmarque will be hosting an online webinar to discuss and show the new licensing changes that come with Windows Server 2012 along with an overview of some of the new key features of which I'll be co-presenting.

    Signup for the webinar here:
    Windows Server 2012 was Released To Manufacturing (RTM) yesterday (01/08/2012) and Microsoft have announced September 4th as the general release date for Windows Server 2012, bringing with it a much simpler model and many enhanced features. To help you learn more about these changes Trustmarque are running a webinar on Tuesday 7th August at 10.30am and 3pm giving you both a licensing and technical insight.
    • Overview of Licensing Changes for 2012 and impact on Software Assurance – Dominic McHugh, Software Procurement Consultancy, Trustmarque
    • Features and toolsets improvements and changes – Steve Beaumont and Wayne Robinson, Technical Architects, Microsoft Integrated Solutions, Trustmarque

    The webinar will highlight some of the following new or improved features:
    • Deployment & automation
    • Active Directory Improvements
    • Dynamics Access Control – Claims based authentication
    • Server Virtualisation – Hyper-V 3.0
    • Virtual / Remote Desktop delivery
    • Cluster enhancements
    • File Server enhancements
    • Data De-duplication

    Wednesday, 1 August 2012

    Windows 8 & Server 2012 RTM

    Well Microsoft said the first week of August for the RTM version of Windows 8 and Server 2012 and it's arrived!

    Well kind of...

    The Release To Manufacturing (RTM) was announced today and see's the final code wrapped up, finalised and is now starting to get shipped to Microsoft hardware partners (HP, Dell, Lenovo etc) who will finish their final testing ready to deliver devices with Windows pre-installed as from October 26th (September for servers with Server 2012).

    What this means for us mere mortals and IT-Pros is that we still have to wait some more.

    From the Windows Team blog the schedule looks like this:

    • August 15th: Developers will be able to download the final version of Windows 8 via your MSDN subscriptions.
    • August 15th: IT professionals testing Windows 8 in organizations will be able to access the final version of Windows 8 through your TechNet subscriptions.
    • August 16th: Customers with existing Microsoft Software Assurance for Windows will be able to download Windows 8 Enterprise edition through the Volume License Service Center (VLSC), allowing you to test, pilot and begin adopting Windows 8 Enterprise within your organization.
    • August 16th: Microsoft Partner Network members will have access to Windows 8.
    • August 20th: Microsoft Action Pack Providers (MAPS) receive access to Windows 8.
    • September 1st: Volume License customers without Software Assurance will be able to purchase Windows 8 through Microsoft Volume License Resellers.
    I was all prepped to rebuild our Customer Experience Center this week or next with RTM but now it looks like it will have to wait until I come back from holiday, which happens to be the week when the downloads become available (How inconsiderate Microsoft!)

    Wednesday, 25 July 2012

    Update Rollup 2 for Service Manager 2012

    With Update Rollup 2 for System Center 2012 having just been released I was flicking through the KB2706783 article to see what needed doing but noticed the Service Manager installation instructions were missing.

    Also the download link given within the KB article doesn't presently work while writing this.

    However, I did find the update available for download from the normal Microsoft Download center here:
    http://www.microsoft.com/en-us/download/details.aspx?id=30410

    The installation instructions on that site are very basic:
    1. Close any consoles, self-service portals or authoring tools
    2. Install the update
    Erm, thanks for that detailed instructions MS?!?!?

    Anyway, I've tested it within my lab and here's a couple of notes.

    The install is pretty much an accept the license agreement, click install, wait and then click close routine.





    Don't panic if it gets stuck for a while on computing space requirements, mine did for a while but then continued.

    I ran the update on 3 separate servers.  1 holding my Management Server, 1 holding my Data Warehouse and 1 holding by Self Service Portal roles and it ran successfully on each and looking through the log files it does appear to have updated them so it looks like this update needs to be run on every server holding a Service Manager role.

    I also ran the update on my workstation which has the console installed and the update runs and the log files appear to show it's done something...

    However this is all subjective and really needs clarifying by Microsoft.  I'll update this post when I can get some more clarification.

     

    System Center 2012 Update Rollup 2

    Microsoft have just released Update Rollup 2 for System Center 2012.
    The Update Rollup this time includes updates for:
    • App Controller
    • Virtual Machine Manager
    • Data Protection Manager
    • Operations Manager
    • Service Manager
    • Orchestrator
    With a combined 36 fixes including some performance fixes for VMM in large environments it's definitely worth raising the change control and start assessing deployment.

    Description of the update can be found in this KB2706783 article:
    http://support.microsoft.com/kb/2706783

    The update packages for App Controller, Orchestrator, Service Manager, and Virtual Machine Manager are available from Microsoft Update but can also be downloaded manually (See KB2706783 for download links)
    DPM & SCOM aren't available from WSUS.

    DPM update is available from here:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=694601d5-e856-41b5-8a2e-0511dee30afa

    OpsMgr update is available from here:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=4f88d9c0-8f24-42b8-a046-424f67d77ffe

    OpsMgr Unix/Linux Management Pack updates are available here:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=9f947878-6bf6-48a1-adb1-3cc4c2e5d4af


    At the time of writing this, for some reason the Service Manager update is not available.

    Although it does list the others...

    It's also interesting to note that there are installation instructions for all the System Center 2012 components EXCEPT for Service Manager.

    **Update** You can download the SCSM update from here:
    http://www.microsoft.com/en-us/download/details.aspx?id=30410

    Installation instructions are very basic:
    1. Close any open consoles, portals or authoring tools.
    2. Install


    As always RTFM.  Make sure you read the installation notes in KB2706783 as there will be numerous little things that will need doing, such as installing update rollup 1 (or later) for VMM on the App Controller server first, copying language files if installed, closing consoles, running elevated and editing web.config files.

    Also note that Update Rollup 2 when applied to Operations Manager also includes updates for remote consoles and agents which will also need deploying.  DPM also requires agent updates.
    VMM only requires agent updates if you haven't previously installed Update Rollup 1.

    Last thing to note, if you're running OpsMgr in a Non-English language then this update isn't yet applicable to you.  Non-English versions of Update Rollup 2 will be released later in 2012.

    Thursday, 19 July 2012

    System Center 2012 Service Manager Cookbook

    I'd like to have been the first to announce this, but Steve Buchanan already beat me to the punch :)

    http://myitforum.com/myitforumwp/2012/07/17/system-center-service-manager-2012-book/

    I am greatly honoured to have been able to work on this with some amazing people and I'm eagerly awaiting seeing the finished product.

    From the Packt publishers site:
    • Practical cookbook with recipes that will help you get the most out of Microsoft System Center Service Manager 2012
    • Learn the various methods and best practices administrating and using Microsoft System Center Service Manager 2012
    • Save money and time on your projects  by learning how to correctly solve specific problems and scenarios that arise while using System Center Service Manager
    What you'll learn in the book:
    • ITSM Framework and Processes
    • How to Personalize SCSM 2012 Administration
    • Configuration of Service Level Agreements
    • How to build the Configuration Management Database
    • Change and Release Management Design
    • Advanced Personalization of SCSM
    • Automation of Service Manager 2012
    • Implementation of Security Roles
    It's expected to be published around December time!

    However if you can't wait then this is available now to purchase as a RAW (Read As we Write) version.
    **Be warned though, it is raw and chapters will still change and develop**




    http://www.packtpub.com/microsoft-system-center-service-manager-2012-cookbook/book


    So a big shout out to the SCSM Ninja Guru's who made this possible:

    Samuel Erskine
    http://www.nn4consultants.com

    Anders Asp
    http://www.scsm.se

    Dieter Gasser
    http://blog.dietergasser.com 

    Andreas Baumgarten
    http://startblog.hud.de

    Monday, 2 July 2012

    Configuration Manager 2012 - Wally Mead's TechEd in a day (UK)

    Just after finishing his sessions at TechEd Europe and on his way home Cliff Hobs and 1E hijacked Wally Mead and persuaded him to present a compressed version of his TechEd content to a small UK audience.
     
    I was lucky enough to attend and here's my notes from the day.

     
    Session Agenda:
    • Infrastructure Simplification and Hierarchy Design Considerations
    • Forest Discovery and Boundary Groups
    • SQL Replication
    • Client Agent Settings
    • Role-Based Administration
    • What's Coming in SP1
    System Center 2012 ConfigMgr is all about:
    1. Empowering the user - User centric management/deployment
    2. Unify Infrastructure - Reduce costs by simplifying
    3. Simplify Administration - Better console, Role based security, client health etc.
    Infrastructure Promises
    • Modernise the Infrastructure - Minimise Remote Office requirements
    • Consolidate - Role Based Access, language neutral, collection based agent settings
    • Scalability - SQL Replication
    Most of this session is actually covered in my previous "A Day with Wally Mead" post here:
    http://systemscentre.blogspot.co.uk/2011/11/configuration-manager-2012-day-with.html

     
    The rest of this post will cover some of the upcoming SP1 features that were covered first at TechEd and then again today with a little more clarification

     
    SQL Replication Compression:
    • This can be enabled per link, initial tests show a big decrease in traffic, with slight increase on CPU usage for decompression.
    • Also the ability to set number of retention days for replicated data before a full sync is required, useful for occasionally disconnected site servers (think cruise liner ship) .

     
    SQL Distributed views:
    • Allows a view of data from one site to another using a query that retrieves data on-demand, replication is turned off
    • When enabled, no site data (hinv, sinv, and metering data) is replicated or stored at the CAS
    • Saves on data storage and link traffic
    • Requires a good, reliable connection between SQL Servers for sites where distributed views are enabled

     
    Hierarchy Expansion:
    • Ability to add a CAS after installation of Primary to help with expansions scenarios but only for one primary.  A second primary would need a new primary to be built and joined then a migration from the old primary to the new primary.
    • Some roles such as Software Update and Asset Intelligence that can only live on a CAS in a hierarchy will need remediating before expansion and you will be prompted about these when attempting an expansion.  It's also possible that other things may require some post expansion work.
    Site to Site Migration:
    • To help with expansion scenarios, migrating from one 2012 site to a new 2012 site has been made easier.
     User Profile and Data Management:
    • Group Policy settings for folder redirection, caching etc now a configurable option within ConfigMgr under Settings Management and is for Windows 8 clients only that now expose this setting/information within WMI

    Big Green Button (not an official feature name!):
    • Ability to force clients to go download EndPoint definitions "NOW". Basically creates a TCP connection to force clients to poll for definitions within a couple of minutes rather than waiting for normal policy schedule. Useful for malware outbreaks.
    • This may be extended for other client policy features later, but time scale currently undetermined.
    App-V feature changes:
    • New Deployment Type for App-V 5 - required due to new appx file type.
    • No present ability to use App-V 5 Shared Cache feature
    • App-V 4.6 SP2 (for Windows 8 support)
    • Connection Groups to allow different App-V packages to interact without having to force repackaging - requires App-V 5.
    OSD feature changes:
    • Bitlocker changes - TPM and PIN & Used Space Bitlocker
    • UEFI Support and new tasks within OSD task sequences
    • New "Only media and PXE (hidden)" option for task sequence deployment.  Great for making a task sequence available for all devices for re-imaging without having to add clients to a re-image collection and without accidentally re-imaging all devices!
    • Boot Images - ability to add additional components like hta apps without having to manually mount the image, console GUI interface.
     
    Other SP1 Features with self explanatory information but with more updated information than previously available.
     
    • Windows 8/Server 2012 Deployment Support
    • Connected Standby and Data connection (3G/metered connections) aware - i.e. don't download 8Gb over 3G connection or don't do inventory when in connected standby.
    • Ability to deploy Windows 8 To Go
    • Around 23 flavours of Linux Support - Inventory and Software Distribution
    • Unix Support - Inventory and Software Distribution
    • Mac OSX 10.6 & 10.7 Support including Inventory, Software Distribution and EndPoint Protection Support but not Remote Control
    • New  "required" Deployment Type OSX Software - dng, mpg, pig & .app
    • Deep links for Metro apps via the online Microsoft store
    • Deploy Windows 8 Metro apps directly from ConfigMgr to devices/users
    • Further e-mail notification support/options - subscriptions for ANY alert rather than just EndPoint currently
    • Multiple select within software centre to install multiple applications
    • Software Update changes, including the ability to fall back to Windows Update for content even for "intranet" based clients and multiple syncs per day for EndPoint Protection Definition Updates.
    • Powershell cmdlets 400 - "Boatloads" (That's a Wally quote!). Aim is to provide all console admin types
    • Client Side merge of Anti Malware policies
       

    Friday, 29 June 2012

    Operations Manager - New Authoring Tools

    Back at MMS2012 Microsoft announced they would be releasing two new authoring tools for Operations Manager (SCOM).

    Well after a little delay, they've now been released.

    The Visio Management Pack Designer can be found here:
    http://www.microsoft.com/en-us/download/details.aspx?id=30170

    The Visual Studio Authoring Extensions can be found here:
    http://www.microsoft.com/en-us/download/details.aspx?id=30169

    They're a little self explanatory, but basically the Visio MP Designer allows you to graphically design a management pack within Visio, using built in best practice methods to fairly quickly generate a management pack.



    Likewise the Visual Studio extensions add class types and discovery rules etc into Visual Studio.
    I'm certainly not a developer and it will be a while before I get chance to test this, but Michel Kamp has written an excellent blog post showing  prelease version here:
    http://michelkamp.wordpress.com/2012/02/19/scom-author-meets-the-real-vs-authoring-extensions/





    Technet Wiki's:
    VS Extensions: http://social.technet.microsoft.com/wiki/contents/articles/5236.visual-studio-authoring-extensions-for-system-center-2012-operations-manager-en-us.aspx

    Visio MP Designer: http://social.technet.microsoft.com/wiki/contents/articles/5235.visio-management-pack-designer-for-system-center-2012-operations-manager-en-us.aspx


    *Images linked from the Microsoft TechNet Wiki's*

    Friday, 22 June 2012

    Deploying the System Center 2012 Service Manager Console as an App-V package

    While at MMS2012 I had a conversation about packaging the System Center 2012 Service Manager Console as an App-V package and whether it had been tried or not.

    At the time I couldn't think of any information I'd come across saying that it could or couldn't be done, but knowing that I had previously packaged the 2010 version successfully, I couldn't see why the 2012 version wouldn't be ok.

    Well I've finally managed to squeeze some time in to try it and it seems to package and run fine.

    After I had tried it, I thought it might be an idea to blog about it for others, but since there are so many steps, writing it up was a bit of a mammoth task.

    So I recorded it and stuck it on YouTube!



    Not only does this video show you the packaging of the console, which to be honest is a bit boring with nothing really special to see, but I also walk through some of the steps to then create an application in Configuration Manager and deploy it as an App-V package.

    The steps I show also include deploying the dependencies for the Service Manager Console and targeting it at an Active Directory group of users rather than a collection of devices.

    It also shows installing the application from the ConfigMgr self service portal.

    Couple of bits of information shown in the video:
    1. When sequencing the application, the Service Manager shortcut isn't captured and needs manually adding.
    2. The silent install command I used is:
      setup.exe /Silent /Install:Console /AcceptEula:YES /CustomerExperienceImprovementProgram:NO /EnableErrorReporting:NO /RegisteredOwner:"Registered User"
    3. Dependancies Specified in ConfigMgr:
      App-V Client
      SQL Analysis Objects
      Report Viewer 2010
    Each of those dependencies have their own requirements and dependencies ensuring the right components get installed depending on the OS and usage.

    The App-V sequencing can definately be improved, but it works at the end of the day.

    Finally...
    This is a DEMO.  I have not tested this to great lengths so ensure you do your own testing before putting this into your live production environment.  There's no warranties from me and no official statement from Microsoft about this being supported either.