Adding an Azure subscription to App Controller - Service Unavailable

I noticed today that I hadn't re-added my Windows Azure subscription to my App Controller deployment in my testlab and so clicked the link on the overview page to add it back.
After entering the relevant details such as Subscription ID, Certificate pfx file and password, I was greeted by a not too helpful error message of "Service Unavailable" with no further details.

 

After scratching my head and trying several things such as deleting the certificate and re-adding it to Azure, checking firewalls etc I remembered this server had just had a restart.

 

I checked the services to make sure everything had started up ok and noticed that the App Controller Windows Azure Provider service wasn't started.

 

 

I started the service, tried adding the subscription again and voilà! It works.

 

I hope this helps someone else if they get this generic undetailed message.

System Center 2012 R2 Preview - Download and Extract Script

Well, System Center 2012 R2 Preview is here a day earlier than I expected.

Eskor Koneti posted a list of the direct download links to the preview bits here:
http://eskonr.com/2013/06/configmgr-sccm-2012-r2-preview-is-available-for-download/

So I thought I'd wrap them quickly into a PowerShell script that downloads and then extracts all the components ready for install.

I've commented out the DPM download and install as for me it wasn't downloading correctly (either manually or via the script) but feel free to try it.

The script has no error checking and I know could be much smoother, but hey, it's not even 8am here in the UK so what do you expect!

$dwnld = "E:\System_Center_2012_R2"
 if (!(Test-Path -path $dwnld))
  {
  New-Item $dwnld -type directory
  }
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCCM_SCEP.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCCM_SCEP.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCOM.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCOM.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCVMM.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCVMM.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCSM.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCSM.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCO.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCO.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCAC.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCAC.EXE")
#$object = New-Object Net.WebClient
# $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCDPM.exe'
# $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCDPM.EXE")
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCAC.EXE" -Wait -ArgumentList /DIR="$dwnld\SCAC", /VERYSILENT
#Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCDPM.EXE" -Wait -ArgumentList /DIR="$dwnld\SCDPM", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCO.EXE" -Wait -ArgumentList /DIR="$dwnld\SCO", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCOM.EXE" -Wait -ArgumentList /DIR="$dwnld\SCOM", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCSM.EXE" -Wait -ArgumentList /DIR="$dwnld\SCSM", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCVMM.EXE" -Wait -ArgumentList /DIR="$dwnld\SCVMM", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCCM_SCEP.EXE" -Wait -ArgumentList /Auto, "$dwnld\SCCM"

Microsoft's "Blue" or R2 Wave

In 9 days we're due to get the Beta versions of Microsoft's next wave of releases (Formerly known as Blue) for Windows 8.1, Windows Server 2012 R2 and System Center 2012 R2.

I'm going to leave Windows (Client and Server) to one side for now as there's enough coverage of those features, but what's publically known in terms of new features and changes for System Center?

So far for System Center 2012, it's been mainly SCVMM features announced, along with some ConfigMgr and Intune details.

Virtual Machine Manager (SCVMM)

• Management of physical network switches via OMI
• OOB Service Templates to provision other System Center 2012 R2 components
• OOB Service Template for Network Virtualisation Gateway with Windows Server 2012 R2
• Use ODX deployment capability from Libraries sharing the same SAN
• First node in a tier can run different scripts - helps deploying guest clusters
• Better Windows Server 2012 IPAM integration
• Shared VHDX support for guest clustering
• Dynamic VHDX resizing
• Linux Dynamic memory support

Configuration Manager (ConfigMgr)

• Deploy and manage Windows 8.1 and Windows Server 2012 R2
• Provision certificates, Wi-Fi and VPN profiles
• Deploy links to web applications
• RBAC Reporting control
• Create and modify offline VHD Images
• Publish VHD to SCVMM for use with templates

Intune

• Auto VPN configuration
• VPN and Wi-Fi profile configuration
• Single pane of glass for both Mobile and Devices via Intune into ConfigMgr
• More MDM policy configuration options
• Selective wipe rather than just full device wipe
• The new Server 2012 R2 Work Folders feature configuration

I suppose we're just going to have to wait until next week to get our grubby mits on more information and the ability to have a play.

Intune common logon without ADFS (Aka Password "sync")

Recently Microsoft released a new version of it's DirSync tool that enables organisations to synchronise it's Active Directory (AD) User accounts across into the Azure Directory Services used by Intune, Office 365, CRM etc.

This has previously only enabled organisations to reduce the administrative burden of having to recreate all of their accounts for those users they wanted to access online services, but they then had to either issue separate passwords or implement Active Directory Federation Services (ADFS) to offer a truly seamless single sign-on experience for the users.

With this latest release from Microsoft, they have now introduced the ability to also push passwords up into the Azure DS.  Notice the push aspect, not synchronised as the password cannot be changed in the cloud and replicate back into your AD.

While I wouldn't class this as true Single Sign-on (SSO) as your still effectively authenticating against a different directory service, it's still a great option for Microsoft to have added, giving great flexibility for those organisations that want to take the first steps or who can't/don't know how to deploy ADFS.

Nothing has majorly changed during the install (New Azure logo and Install Directory), so rather than re-inventing the wheel, check out the post link below that I did for installing DirSync. I've then run through the differences in the new version below the other post link.

http://systemscentre.blogspot.co.uk/2013/01/system-center-2012-configuration_12.html

The first thing to note is that you cannot "upgrade" the client as you will be presented with a dialog blocking you from continuing if an older version is installed, so remove the old version first.

The main installation/configuration screen change is this one, which provides the option to push your passwords up along with your users.

Tick the option box to Enable Password Sync and that's it done!

The user account sync element still runs on a 3 hour schedule, but passwords are set to sync within minutes of a change in your local AD.

Intune users can find the new version of DirSync at this link (Requires sign on with an Intune Admin Account):
https://account.manage.microsoft.com/DirSync/DirectorySynchronization.aspx

The TechNet Library article on Implementing Password Sync can be found here:
http://technet.microsoft.com/en-us/library/dn246918.aspx

Testing Windows Phone 8 with System Center 2012 Configuration Manager and Windows Intune

On 30/05/2013 Microsoft release a package that allows administrators to test Windows Phone 8 management via System Center 2012 Configuration Manager (ConfigMgr) and Windows Intune.

Previously the only way to test this feature was to purchase a Windows Phone Dev certificate which involved signing up as a developer at $99 and then purchasing a Symantec certificate at a further $299.

Now you can download this package from Microsoft which includes a pre-signed Company Portal, a script to set the relevant settings in ConfigMgr with a temporary token and also a couple of sample applications.

You can download the package here: http://www.microsoft.com/en-us/download/details.aspx?id=39079

After downloading the MSI, run through the install which basically just extracts the files to a folder.  By default this is - C:\Program Files (x86)\Microsoft\Support Tool for Windows Intune Trial management of Windows Phone 8.

Create an Intune subscription in the System Center 2012 Configuration Manager SP1 console and leave WP8 disabled

Copy the SSP.XAP from the package extraction directory to a UNC available path.

 

Create an Application within the Configuration Manager console and deploy this application to cloud DP (manage.microsoft.com) targeting cloud managed users

 

 

Watch out for the default name of the application and ensure you rename it to something a bit more friendly. 

Run through the deploy wizard and select manage.microsoft.com as the distribution point

 

To enable management of WP8 devices open a command prompt and run the script ConfigureWP8Settings_Field.vbs (found in the package extraction directory) in query mode to get Company Portal name

cscript ConfigureWP8Settings_Field.vbs <server> QuerySSPModelName

 

Replace <server> with the server name for top level site (standalone site or CAS)

The result looks something like this "ScopeId_3C63FB50-0302-48CE-B076-5F93020AC548/Application_42291d36-6ffc-4d18-be78-9efdace3eef5".

 

 

This output will be used in the next step.

Run the script ConfigureWP8Settings_Field.vbs in save mode this time with the SSP name result.
This will populate the necessary certificate information to enable Windows Phone 8 device management

cscript ConfigureWP8Settings_Field.vbs <server> SaveSettings <Company Portal name>
where <Company Portal name> is the output from the earlier step.

After completion of the steps above, verify that WP8 device management is enabled by checking the ConfigMgr console by going to the Intune subscription properties, WP8 tab.
WP8 should be enabled, certificate should be present, and company portal app should be populated with the name you gave the Company Portal app when you set it up.

Assuming you have users sync'd up to the Intune/Azure directory and the UPN's match the accounts known by ConfigMgr, you should now be able to enrol users on their Windows Phone 8 devices.

Also included in this new package is some sample apps so that you can import something straight away for testing!

Migrate Knowledge Base Articles from Service Manager 2010 to 2012

To help ease the migration between Service Manager 2010 and 2012 (or even just one management group to another!) I've created a script that will export all of the Knowledge Articles, including the Rich Text used for the Analyst and End User content.

You can find the script here on the TechNet Gallery:
http://gallery.technet.microsoft.com/Migrate-Knowledge-Base-15b81ab6

Download and extract the zip file and put the SCSMExportKB.ps1 file in a directory you have access to.

The script also relies on the SMLets from CodePlex found here which also makes this independent of which version of Service Manager you're running.

After you've installed the SMLets, launch a PowerShell session (Elevated as Admin) and ensure that the execution of scripts is allowed by typing:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Next navigate to the folder with the script and run it with the paramerter of where to export the KB Articles to.  If you do not specify a path it will default to exporting the KB Articles to the users temp folder.

For example I would run this to export to my downloads folder:

.\SCSMExportKB.ps1 C:\Users\SBAdmin\Downloads

The script will then start running and you will see the progress of it exporting to RTF files any Analyst or End User content and then the rest of the KB Article details.

 



Copy these exported files to the same location on the target server (or modify the csv to point to a new location) and then use the KBImport.xml provided in the zip file along with the Knowledge.csv created by the PowerShell script to import them into the target Service Manager system using the CSV Import Wizard.

N.B. Before you do the import, be sure to remove the first line of the CSV which has the headers in it!

 

And that should be that, one set of exported and imported Knowledge Articles.

 

There is one limitation however...

In this current version only the Out-Of-Box lists are supported.  I'm working on the script to handle custom list values and will update the solution when it's automated.  Until then you will need to find the enumeration ID's from your target site and replace the source ID's in the CSV file with the corresponding ones.

 

I'd also like to thank Anton Gritsenko (aka FreemanRU) for pointing me in the right direction for this script.

Service Manager - Exporting the Knowledge Base Analyst and End User Comments

How can I export my knowledge base articles from Service Manager?

I've heard this question asked a few times now, especially when it comes to doing a migration rather than an upgrade from 2010 to 2012.

While it's fairly straight forward to output things like the Article ID, Title, Category etc using PowerShell, getting the Analyst and EndUser comments out is slightly more tricky due to them being stored as binary data within the database (They're RTF files basically).

While I may update this post to give a script that will export every last detail I'm pushed for time at the moment so I'll just post the most complicated part.

You can use the following PowerShell script to export the comments to individual rtf files for both Internal and Analyst comments.

$OutDir = "C:\KnowledgeFolder"
Get-SCSMClass -DisplayName "Knowledge Article" | Get-SCSMClassInstance | ForEach-Object {
$KBName=$_.ArticleId
If($_.EndUserContent -ne $null)
{
$br = new-object io.binaryreader $_.EndUserContent
$al = new-object collections.generic.list[byte]
while (($i = $br.Read()) -ne -1)
{
    $al.Add($i)
}
Set-Content ("$OutDir\$KBName"+"EndUserContent.rtf") $al.ToArray() -enc byte
}
If($_.AnalystContent -ne $null)
{
$br = new-object io.binaryreader $_.AnalystContent
$al = new-object collections.generic.list[byte]
while (($i = $br.Read()) -ne -1)
{
    $al.Add($I)
}
Set-Content ("$OutDir\$KBName"+"AnalystContent.rtf") $al.ToArray() -enc byte
}
}

I've only had a quick test of this within a 2012 environment which has the native Get-SCSMClass and Get-SCSMClassInstance cmdlets whereas 2010 doesn't. 

However with the SCSM Cmdlets from CodePlex this script should be easily adaptable for the 2010 environment.

You could then use either PowerShell to import them back into a new environment, or use Anders CSV import method shown on his post here

Travis also has a useful post with the Enum GUID's that you would need when importing via CSV here

Some useful details for working with Knowledge Articles in PowerShell:

Class Details:
DisplayName - Knowledge Article
Name - System.Knowledge.Article
ManagementPackName - System.Knowledge.Library

Some of the array contents:
Abstract
AnalystContent
ArticleId
ArticleOwner
ArticleTemplate
ArticleType
AssetStatus
Category
Comments
CreatedBy
CreatedDate
DisplayName
EndUserContent
ExternalURL
ExternalURLSource
Keywords
Notes
ObjectStatus
PrimaryLocaleID
Status
Tag
Title
VendorArticleID
#Id
#Name
#Path
#FullName
#LastModified
#TimeAdded
#LastModifiedBy
EnterpriseManagementObject
RelationshipAliases

Print Server Management Pack - Finally Updated!

Microsoft released the other day an update for the Print Server management pack, finally!

I've moaned about Microsoft's attitude towards this management pack for some time.
http://systemscentre.blogspot.co.uk/2010/10/server-2008-r2-print-services.html

http://social.technet.microsoft.com/Forums/en/operationsmanagermgmtpacks/thread/634c02e8-30a8-4f6e-a26a-c2bfacd526cb

The quick fix MP for 2008 R2 that Myself and Rob Ryan (He did most of the work...) is no longer available as his blog is currently down.  However, Kevin Holman created a better one that was more preferable to use anyway. http://blogs.technet.com/b/kevinholman/archive/2010/11/10/how-to-monitor-print-services-on-server-2008-r2.aspx


But back to the here and now... MS have an updated MP available for Microsoft Print Servers.

From the MP Documentation it appears that not only is Server 2012 now supported, but finally 2008 R2 is as well.

Going through the Import MP Wizard and searching the catalogue will at present not get you access to the new Print MP as it doesn't yet seem to be updated.

 

That's not always a bad thing however as I would always recommend downloading the MP manually otherwise you may miss the associated MP Guide document.  As always with SCOM MP's, RTFM first before import!!

 

*Update 11/12/12 - Apparently the catalogue has now been updated, thanks for the heads up Daniel Savage*

*Update #2 11/12/12 - Confirmed, the catalogue has now been updated*

The MP can also be downloaded from here:
http://www.microsoft.com/en-us/download/details.aspx?id=3290

Surprisingly, this MP is only listed as an Operations Manager 2007 R2 MP.

This is slightly strange with them adding Print Server monitoring on Server 2012 since monitoring Server 2012 with SCOM 2007 R2 isn't supported natively, well not without running 2012 Agents reporting back to your 2007 R2 Management Servers.
http://thoughtsonopsmgr.blogspot.co.uk/2012/10/scom-r2-windows-server-2012-support.html


I've downloaded it anyway to test with SCOM 2012 and on first try of importing, I'm presented with an error that a dependant MP for the Print Server 2003 MP is missing.

This is fine though, it's only because I've not got any of the Windows 2003 MP's in my environment, after all who still uses Server 2003?  (I am joking before anyone comments!)

Import works fine on SCOM 2012.

 

After import there's plenty of Discoveries, Monitors and Rules...

Notice there's no reference to 2008 R2?

Well in the 2008 Print Server MP the discovery ran this WMI query:

SELECT Name FROM Win32_ServerFeature WHERE Name = "Print Services"

Kevin Holman's addendum MP changed this to this following query which then discovered 2008 R2 print services roles:

SELECT Name FROM Win32_ServerFeature WHERE Name = "Print Services" OR Name = "Print and Document Services"

Well the discovery for 2008 R2 is contained within the 2008 MP and now looks like this:

SELECT Name FROM Win32_ServerFeature WHERE ID = 7

Easy little change and simpler than listing specific names as it covers both 2008 & 2008 R2 regardless of the specific name.

This link shows all Win32_ServerFeature ID's: http://msdn.microsoft.com/en-gb/library/windows/desktop/cc280268(v=vs.85).aspx

The same WMI query is also used in the 2012 MP which should mean if any name changes are made in an R2 release of 2012 the MP should carry on working.

I was going to run a difference compare against the old and the new MP, but I seem to have misplaced my old copy of the MP.  As soon as I can get my hands on one I'll run one and update the post.

*Update 11/12/12*
I'll also retract my previous comment (below) as it was rather harsh and actually untrue.  Now that I've done more that skim the MP guide, it does contain numerous references to 2008 R2 /facepalm.
So much for taking my own RTFM advice...

As mentioned by Daniel Savage in the comments, the MP Guide includes all rules etc stored within the MP for reference.

In short, it appears at first glance to run ok on SCOM 2012, but requires more testing.  I think it's probably just laziness on Microsoft's part that they couldn't be bothered to re-write the MP guide completely and just chose to add references to Server 2012 only rather than go back and add 2008 R2, which to be honest wouldn't add much value as it's 99.9% the same monitoring as plain 2008.

Error when creating MDT Packages for ConfigMgr 2012

Recently I ran into an error while creating the MDT 2012 packages for use with ConfigMgr, unfortunately the error message was not the most useful one to be seen...

Ok, so access to the path is denied... but what's the path that it's trying to access???


This occurs when stepping though creating a new MDT task sequence and selecting to create new packages for the first time and unfortunately you have to re-step though all of the wizard options from scratch each time while trying to troubleshoot.

Anyway, long story short, running Process Monitor while trying to create the packages showed it failing while trying to create an autorun.inf as part of the MDT Package.

 

While the screen shot above shows a successfully built package, the folder we were seeing contained a temp file only.

 

A bit more digging narrowed it down to McAfee Anti-Virus running on the server that was blocking the creation of Autorun.inf files.  Strangely enough though it didn't block the MDT installer or the creating of the deployment share.

 

After messing with disabling the AV and stopping services to prevent the ePO restarting the AV we ran through the MDT Task Sequence wizard again and it installed successfully.

 

 



I suppose I should have paid more attention to the note by Michael Niehaus on this old blog post for MDT 2010 Update 1

System Center 2012 - Service Manager Cookbook

Well, it's a wrap!!

The System Center 2012 Service Manager Cookbook went into the production phase today and should be available shortly to purchase in it's final version opposed to the RaW version that was available previously.

I really do hope that people find this a useful resource when working with Service Manager and it's been a pleasure working with the top guys from Europe as a team on this project, those guys seriously think on a whole new level around Service Manager and in fact System Center in general!

For now, enjoy the eye candy that is the final cover of the book with a spectacular view from the top of Europe.

SCVMM 2012 SP1 - Missing properties and unable to refresh VM

Giddy as a kid in a sweet shop I migrated my testlab cluster to Server 2012, migrated my VM's across and installed System Center 2012 Virtual Machine Manager SP1 to manage it.

Straight away I ran into some slightly strange issues.

1. Majority of the Auto Discovered VM's refused to see hardware configuration properties such as:
   Virtual Hard Disks and Controllers
   Virtual Network Cards
2. Majority of the Auto Discovered VM's left hardware configuration properties at defaults, such as:
   Processor Count and Memory Amount
   High Availability Status
3. Every time I tried to refresh a VM I would get the error:
   Error (2923)
   
   A malformed response was received while trying to contact the VMM agent on hyperv01.domain.local.
   Unspecified error (0x80004005)
   
   Recommended Action
   1) Ensure the VMM agent is installed and that the SCVMMAgent service is running.
   2) If the SCVMMAgent service is running, restart the service, and then verify that WS-Management is installed correctly and that the WinRM service is running.
   3) Check the manufacturers' Web sites to ensure that you have the latest drivers for your network adapters and other devices.

Looking on the Microsoft Connect site I found that someone called egilsk was having the same issues.

Thankfully, last Friday (05/10/12) Mark at Microsoft posted the following suggestion to try:

On the Hyper-V hosts run the following PowerShell commands

Import-Module Hyper-V

Get-WmiObject –Namespace “root\virtualization\v2” Msvm_PlannedComputerSystem | foreach{Get-VM –Id $_.Name} | Remove-VM –Force

Once this has been run on your hosts, refreshing the VM's should work successfully and all of the missing/default hardware config should be updated and displayed.

It looks like this is to do with the hosts having the VM stuck in a temporary state, even if brought across as a planned import or migration.

The problem is now at least known about and should be fixed/handled in the next release of the Service Pack.

Windows Embedded Devices and Configuration Manager 2012 SP1

Managing Windows Embedded Devices has always been possible with Configuration Manager, either with a lot of manual effort and scripting or more preferably using Windows Embedded Device Manager (WEDM) 2011 on top of ConfigMgr 2007.

When System Center 2012 was released back in April we were promised an updated WEDM 2012 version would be coming along shortly.

With the release of Service Pack 1 (Beta) for System Center the decision has been made to combine the features that would have been in WEDM directly into ConfigMgr.

This is brilliant news as it now means that out of the box with ConfigMgr SP1 we will now be able to manage and deploy to Embedded Devices without having to install any extra clients or infrastructure.

Here are a couple of bits of information around some of the new embedded features.

Within the different deployment wizards you'll now start to see various options related to Embedded Devices which will help control the disabling and enabling of write filters.

Along with utilising ConfigMgr features such as Maintenance Windows, WED client management is optimised in areas such as content download/reducing reboots.

EndPoint Protection gets some specific Embedded device settings...

OSD for Embedded Devices will now allow images to be deployed purely from the distribution point (due to the low storage on thin clients) as well as allowing for a last step to be run after deployment, such as a script to enable auto-logon or enable write filters.

Non-admins will be blocked from logging onto devices during servicing.

Software Center will block self service installations when write filters are enabled to stop users getting into Ground Hog Day scenarios.

Best Practises:

• Maintenance Windows will become more important/heavily advised to simplify management of embedded devices
• Plan for your persistence strategy
• Make deployments Required rather than available for embedded devices
• Look to use file write filters moving forward to make life simpler

Supported Operating Systems:

• Windows XP Embedded,
• Windows Embedded 2009 Standard
• Windows Embedded Standard 7
• POS 2009
• POS 7
• Windows Thin PC

In short.. WEDM 2012 is no more!!  Long live ConfigMgr 2012 SP1!!

Cloudy Day for ConfigMgr 2012

While more and more news on the new features in Service Pack 1 for System Center 2012 keep coming, I happened to miss the mention about this one.

With ConfigMgr SP1 we will get a new feature, Azure Cloud-Based Distribution Points.

More information can be found in the TechNet Documentation library here:
http://technet.microsoft.com/en-us/library/gg712321.aspx#BKMK_PlanCloudDPs

With the upcoming Intune connection as well, it's starting to look like a very cloudy day in the ConfigMgr world (Sorry, I couldn't resist that one!)

System Center 2012 Service Manager Cookbook

I'd like to have been the first to announce this, but Steve Buchanan already beat me to the punch :)

http://myitforum.com/myitforumwp/2012/07/17/system-center-service-manager-2012-book/

I am greatly honoured to have been able to work on this with some amazing people and I'm eagerly awaiting seeing the finished product.

From the Packt publishers site:

• Practical cookbook with recipes that will help you get the most out of Microsoft System Center Service Manager 2012
• Learn the various methods and best practices administrating and using Microsoft System Center Service Manager 2012
• Save money and time on your projects  by learning how to correctly solve specific problems and scenarios that arise while using System Center Service Manager

What you'll learn in the book:

• ITSM Framework and Processes
• How to Personalize SCSM 2012 Administration
• Configuration of Service Level Agreements
• How to build the Configuration Management Database
• Change and Release Management Design
• Advanced Personalization of SCSM
• Automation of Service Manager 2012
• Implementation of Security Roles

It's expected to be published around December time!

However if you can't wait then this is available now to purchase as a RAW (Read As we Write) version.
**Be warned though, it is raw and chapters will still change and develop**

http://www.packtpub.com/microsoft-system-center-service-manager-2012-cookbook/book


So a big shout out to the SCSM Ninja Guru's who made this possible:

Samuel Erskine
http://www.nn4consultants.com

Anders Asp
http://www.scsm.se

Dieter Gasser
http://blog.dietergasser.com 

Andreas Baumgarten
http://startblog.hud.de

Operations Manager - New Authoring Tools

Back at MMS2012 Microsoft announced they would be releasing two new authoring tools for Operations Manager (SCOM).

Well after a little delay, they've now been released.

The Visio Management Pack Designer can be found here:
http://www.microsoft.com/en-us/download/details.aspx?id=30170

The Visual Studio Authoring Extensions can be found here:
http://www.microsoft.com/en-us/download/details.aspx?id=30169

They're a little self explanatory, but basically the Visio MP Designer allows you to graphically design a management pack within Visio, using built in best practice methods to fairly quickly generate a management pack.

Likewise the Visual Studio extensions add class types and discovery rules etc into Visual Studio.
I'm certainly not a developer and it will be a while before I get chance to test this, but Michel Kamp has written an excellent blog post showing  prelease version here:
http://michelkamp.wordpress.com/2012/02/19/scom-author-meets-the-real-vs-authoring-extensions/

Technet Wiki's:
VS Extensions: http://social.technet.microsoft.com/wiki/contents/articles/5236.visual-studio-authoring-extensions-for-system-center-2012-operations-manager-en-us.aspx

Visio MP Designer: http://social.technet.microsoft.com/wiki/contents/articles/5235.visio-management-pack-designer-for-system-center-2012-operations-manager-en-us.aspx


*Images linked from the Microsoft TechNet Wiki's*

Deploying the System Center 2012 Service Manager Console as an App-V package

While at MMS2012 I had a conversation about packaging the System Center 2012 Service Manager Console as an App-V package and whether it had been tried or not.

At the time I couldn't think of any information I'd come across saying that it could or couldn't be done, but knowing that I had previously packaged the 2010 version successfully, I couldn't see why the 2012 version wouldn't be ok.

Well I've finally managed to squeeze some time in to try it and it seems to package and run fine.

After I had tried it, I thought it might be an idea to blog about it for others, but since there are so many steps, writing it up was a bit of a mammoth task.

So I recorded it and stuck it on YouTube!

Not only does this video show you the packaging of the console, which to be honest is a bit boring with nothing really special to see, but I also walk through some of the steps to then create an application in Configuration Manager and deploy it as an App-V package.

The steps I show also include deploying the dependencies for the Service Manager Console and targeting it at an Active Directory group of users rather than a collection of devices.

It also shows installing the application from the ConfigMgr self service portal.

Couple of bits of information shown in the video:

1. When sequencing the application, the Service Manager shortcut isn't captured and needs manually adding.
2. The silent install command I used is:
   setup.exe /Silent /Install:Console /AcceptEula:YES /CustomerExperienceImprovementProgram:NO /EnableErrorReporting:NO /RegisteredOwner:"Registered User"
3. Dependancies Specified in ConfigMgr:
   App-V Client
   SQL Analysis Objects
   Report Viewer 2010

Each of those dependencies have their own requirements and dependencies ensuring the right components get installed depending on the OS and usage.

The App-V sequencing can definately be improved, but it works at the end of the day.

Finally...
This is a DEMO.  I have not tested this to great lengths so ensure you do your own testing before putting this into your live production environment.  There's no warranties from me and no official statement from Microsoft about this being supported either.

MBAM 2.0 plus other MDOP updates

The Redmond machine really is in high gear at the moment as lots of other products and solutions start to recieve tweaks and new features, mainly in preperation for Windows 8 and Server 2012.

One set of tools getting some love is the Microsoft Desktop Optimisation Pack (MDOP).

Microsoft had already previously announced that MDOP was seeing a new component being added called UE-V which along with App-V makes MDOP a desirable solution to have in any environment looking to have a fantastic dynamic desktop, but today MS announced MBAM will also be getting some new features.

The Microsoft Bitlocker Administration and Monitoring (MBAM) will be updated to include new options such as:

• Used Space Only Encryption where only the part of the drive containing data will be encrypted instead of the full disk to save time
• Integration with hardware encrypted hard disks
• Complex PIN enforcement
• Self Service Key Recovery (I would prefer to see some SCSM integration here)
• Management of fully FIPS compliant configurations/designs
• Some SC 2012 Configuration Manager integration for reporting

Microsoft have also promised another update to UE-V very soon but so far during my tests I've seen no issues other than some poor documentation around its setup/configuration (hint... watch out for Offline Files or rather the lack of...)

App-V 5 is in Beta with new features such as shared cache which is amazing for VDI infrastructure.

Advanced Group Policy Management (AGPM) 4.0 SP1 beta is also available with mainly bug fixes and Windows 8/Server 2012 support rather than new features.

DaRT is also getting an update, again mainly to support Windows 8.

System Center 2012 Service Pack 1 CTP Update

I wish I was across at TechEd North America right now as there is some nice information starting to come out around some of the new features that Service Pack 1 for System Center 2012 will be bringing.

From the information I'm seeing on other blogs and the twitter feeds it looks like we'll be seeing an updated CTP (Community Technical Preview) of SP1 arriving within the week with some of the following new features and changes for Configuration Manager:

• Windows 8/Server 2012 Deployment Support
• Ability to deploy Windows 8 To Go
• Linux Support
• Unix Support
• Mac OSX Support including EndPoint Protection Support
• The ability to add a CAS to an existing Primary Site
• New Deployment Types for Metro Apps and OSX Software
• The ability to migrate from one 2012 site to another
• Further e-mail notification support/options
• Software Update changes, including the ability to fall back to Windows Update for content
• Powershell cmdlets!!!

There has also been talk about some new User Profile and Data Management features such as Roaming User Profiles and Folder Redirection support, but I don't have enough information about what this means to explain any further but it could be interesting.

So I can't wait for SP1 now!  Linux/Mac OSX support is huge and a long awaited feature but the announcement of being able to add a CAS at a later date is also greatly welcomed as it makes my life so much more simplified when designing ConfigMgr implementations for customers.


There's also going to be an Update 1 for MDT 2012 soon which will bring the expected Windows 8 support, but it's also been announced it will have Orchestrator integration allowing running of runbooks during an OSD deployment.  How cool will that be!!

Building the TESG Private Cloud Customer Experience Centre - Part 1

Every year my employer holds an event for customers (and potential new customers) to show case what we do and give customers a chance to meet our partner vendors.

This year, nicely coinciding with just after the System Center 2012 release, I landed the brilliant job of setting up something to demonstrate our System Center and Desktop expertise.

And so the concept of the Private Cloud and Optimised Desktop Customer Experience Centre was born.

The goal?

1. To showcase the full System Center 2012 suite
2. To showcase the interactions of each component and how they drive efficiencies
3. To showcase an elastic and easily scalable datacentre that can flex into the Public Cloud
4. To showcase the dynamic desktop with OS, Data, User and Application layers abstracted
5. To showcase BYOD and specifically desktop/application access on tablet devices

Over a couple of blog posts I'll aim to share some of the planning, thoughts and tips & tricks that went into building it.
What I'll not be doing is guides on how to install the different components as there are plenty of them out there, but I will post links to some relevant good guides.

My original test lab was made up of a couple of HP Proliant DL380 G7's with some shared space pinched off the corporate SAN, but as this was going to need to host a lot more and it would need to be "slightly" portable for attending events like the T360 it was time to purchase some upgrades.

1. More memory.  Upgrade from 64Gb per host to 128Gb
2. Dedicated Storage.  iSCSI SAN that would also allow me to show some of the VMM storage management features (N.B. More details on this later, plus some pitfalls to watch out for!)
3. Dedicated Switches.  To show SCOM network management & keep the environment self contained.
4. More NIC's.  The original environment only had 4 onboard NICs, not good enough.
5. Flight case to rack it all in to make it portable (kind of!)

Now that might sound slightly overkill for a test/demo environment.  However, I have a laptop which is quite capable of showing 2-3 of the System Center products at the same time, but this Customer Experience Center had to host the following:

• Active Directory
• Virtual Machine Manager
• Operations Manager
• Service Manager
• Configuration Manager
• Data Protection Manager
• Orchestrator
• App Controller
• SQL 2008 R2 Server
• SharePoint Enterprise Server
• Exchange
• Lync
• ForeFront UAG
• ForeFront TMG
• File Servers
• XenDesktop Mgt Server
• XenDesktop VDI Desktops
• XenApp Mgt Server
• XenApp App Servers
• Remote Desktop Session Hosts
• Remote Desktop Broker/Gateway/Licensing
• RDS/Hyper-V VDI Desktops
• Dedicated Win 7 Admin Workstations
• Citrix NetScaler VM Appliance
• App-V Sequencer Workstations

When you consider that all of this needs to be up and running at the same time, my laptop just wasn't going to cope!

So far this has spread out across 34 VM's and there's still more to come...

This is a quick example diagram that I drew up to show the Hyper-V layout

Once all the hardware components were installed and racked then Hyper-V was the first thing to tackle and all I can say is thank god for Aidan Finn and his blog: http://www.aidanfinn.com/

Lots of useful posts, for example: http://www.aidanfinn.com/?p=10311

I'm going to leave the rest for the next post, but I just want to mention something that came to light when I installed the first System Center component, Virtual Machine Manager.

This is a logical first place to start if you've got the chance to build a private cloud from scratch like I have as you can implement Service Templates for deploying your VM's to help structure the environment and provide servicing and scale out options.

However, I hit a problem almost straight away, I struggled to get it to see my storage provider.

Originally I was ordering a Dell Equalogic iSCSI SAN for the environment, but due to certain disks not being available and increased costs for alternatives I was suggested to look at a DotHill AssuredSAN 2332.

The first thing I did was ask/check it supported SMI-S protocol, which it did as this is what VMM requires for the new features.
However when trying to set it up in VMM, it soon came to light that it only supported SMI-S 1.3 whereas VMM requires version 1.5.

So lesson learnt, make sure that when checking specifications, especially SAN's that you check in detail, right down to the version number!

There is a useful table (I found this afterwards!) that details the supported arrays:
http://technet.microsoft.com/en-us/library/gg610600.aspx

Part 1 - Building the TESG Private Cloud Customer Experience Centre

Part 2 - Service Accounts & Permissions

Part 3 - Installation Guide Links
Part 4 - Partner Solutions & Extensions

Updated Update Rollup 1 for System Center 2012

No sooner do I finish pushing out my SCOM agents do I then see that Microsoft have released Update Rollup 1 for Operations Manager.

Normally I'd be quite happy and plod along with getting the update installed, but hang on a second, this update looks very familiar.

The article that I saw referenced in the update announcement is KB2686249, the same one that I blogged about here a couple of weeks ago.

In fact, it is the very same update, just with Operations Manager 2012 added, along with the updated Virtual Machine Manager Management Packs.

Now I'm not one to moan (yeah, I'm not going to get away with that statement!) but updating an update without increasing the rollup/update number isn't exactly the best way to go about it in my opinion.  Does this mean when the ConfigMgr update is ready we'll see yet another addition to the Update Rollup 1 package but with no name change?

The only reason this probably half bothers me is that I'm in the middle of setting up my new testlab/customer experience center for work and having just updated VMM and App controller by using Windows Update for a change rather than pulling the file down manually and I'm now a bit perplexed as Windows Update is unable to find the SCOM update for the console that is installed on my VMM server (not that it finds it for the SCOM management server either via WU).

And then to make matters worse, there's a "known issue" with the update:

No updates items appeared in Control Panel ARP after installing Update Rollup 1 (UR1). After installing UR1 on server and all roles (except Agent and Gateway), no update item appears in Control Panel ARP list.

The version number of the console does not change after installing Update Rollup 1 in the UI. After installing Update Rollup 1 ,the version number of the console is still 7.0.8560.0 in the UI

Why is this a problem?  Well if you were planning to distribute the console update via ConfigMgr then you're going to have to fall back to file version checking for targeting and it makes it just that tad harder for verification checking when you can't just simply ask a user to check their console version by check "help about"

I'm not going to blog about the whole installation order/methodology as Kevin Green has already written this up nicely here:
http://kevingreeneitblog.blogspot.co.uk/2012/05/scom-2012-deploying-cumulative-update.html

One thing he doesn't mention though is that after installing the Web Console fix, the following line requires adding to the web.config file.

From the KB Article:

Web console fixes will work after adding the following line to the %windir%\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config file:

<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

The line should be added under <system.web>, as described in the following article in the Microsoft Knowledge Base:

911722 (http://support.microsoft.com/kb/911722/ ) You may receive an error message when you access ASP.NET Web pages that have ViewState enabled after you upgrade from ASP.NET 1.1 to ASP.NET 2.0

 

All in all, there are 17 core updates to SCOM, 3 for Unix/Linux Monitoring and a lovely new feature - Oracle Solaris 11 (x86 & SPARC) support included in this updated update so it's definitely one to go and install.

The VMM & App Controller update parts are available either through Windows Update or from here:
http://www.microsoft.com/en-us/download/details.aspx?id=29679

The Operations Manager update packages can be downloaded from here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=c593536c-94f3-4c71-b963-5ab3b7fc05e1