CU4 for ConfigMgr 2012 R2 has been released

An update (CU4) was released yesterday, Feb 2, 2015, for System Center Configuration Manager 2012 R2 that replaces Cumulative Update 3 (CU3).

This update addresses many distribution related issues, some minor OSD issues, a few critical site issues, some minor client bugs, some MDM fixes, and some SUP fixes.

Also, there have been some additions, like new PowerShell cmdlets (https://support.microsoft.com/kb/3031717) fixes as well as 34 new ones like:

  • Add-CMDeploymentTypeDependency which adds a deployment type as a dependency to a dependency group.
  • Add-CMDeploymentTypeSupersedence which sets one deployment type to supersede another.
  • Get-CMDeploymentTypeDependency which gets existing dependent deployment types from a dependency group.
  • Get-CMQuery which gets a query.

Some optimizations have been made to reduce latency and optimize the data replication in large hierarchies.

Lastly, the updated Endpoint Protection client has been updated to match the version distributed currently.

You can find more information here:
https://support.microsoft.com/kb/3026739/en-us

Jason Condo
Principle Consultant

Cumulative Update 2 (CU2) for System Center Configuration Manager (ConfigMgr) 2012 SP1 is available

 

For those of you running ConfigMgr 2012 SP1 and still having some minor issues (or major depending on the business criticality of the function), Microsoft has released a hotfix (CU2) to help address them.. I do not believe this requires you to have installed CU1 first.

This update just bundles a number of fixes discovered by MS in support of SP1. Some of the things addressed in this update are:

  • Administrator Console – issues adding site servers and screen reader software enhancement
  • APP-V – errors with 2007 migrations and cert errors
  • OSD – app installs in task sequences, custom ports issues, limited functionality with WinPE 3.1 images, multicast functionality
  • Asset Intelligence – fixed a report for more accurate data
  • MDM – fixed mobile 6.5 client issue
  • Software distribution – fixed the waiting for content forever issue, content status issues during upgrades, and status routing for DPs
  • Non-Windows support – added more OSs supported
  • Site Systems – fixed some status messages and filtering, site server installs, fixed AD discovery with deltas
  • ConfigMgr SDK – object error on 64 bit systems for CPapplet.CPAppletMgr Automation object
  • Client – fixed automatic client updates error
  • CU Setup wrapper – now can update all in one instead of separately, better logging

 

More information on the above items and the hotfix can be found here:
http://support.microsoft.com/kb/2854009

Jason Condo
Principle Consultant

Importing ConfigMgr 2007 task sequences XML to ConfigMgr 2012 ZIP

With the new 2012 import/export functionality, the new file format is “.zip” file. This compressed file contains not only the task sequence XML can also include any dependencies to the task sequence like a boot image. While this is awesome for migrating between a test and production ConfigMgr 2012 environment, it does not help if you are trying to import task sequences from a disconnected 2007 environment.

In my consulting practice, we do a lot of OSD implementations using a base set of task sequences that we already have pre-configured. Once at a customer, we customize our base templates for the specific project and then export the XML or ZIP to the project documentation. Well today I was at a client that we had previously done work for and they had already performed a 2012 upgrade and removed their old 2007 environment. However, they did not migrate any of the OSD and were looking for us to re-implement OSD in their new environment. Instead of importing our canned OSD for 2012 and then customizing for their needs, we wanted to use the customized 2007 task sequences we had implemented for their old environment. The first problem, however, was the only copy of those were from the archived XML from our project files we had left them. The second is that you can’t import that XML through the 2012 console. Not to worry though, we can still make it work.

The 2012 exports are just compressed files full of the resources, some configuration files, and then the task sequences XML. This 2012 task sequence XML is not the same as the old 2007, but we are able to insert the 2007 XML into the appropriate spot to make it useful. This enabled us to save a bunch of time from recreating the old TS logic. The following is a quick example of how this works.

Start with a 2012 exported task sequence. This is in .ZIP format.

Export a Configuration manager 2012 task sequence

task sequence exported to .zip

Once exported, open the zip file and navigate to the task sequence folder and copy out the object.xml

open the object.xml file

Open the object.xml file and you will see a lot of new xml, however, scrolling almost to the end of the file you will find a section with embedded task sequence XML.

look for the embedded task sequence xml

This XML is the same task sequence XML as you have in a normal exported task sequence from 2007, however you need to be sure only to grab the appropriate XML nodes and not the whole task sequence. To do so, in the old 2007 XML, copy the nodes and data from the sequence xml node:

<sequence version=”3.00″>
…..
</sequence>
copy the 2007 task sequence xml

and paste it into the object.xml in the CDATA section in the 2012 XML replacing the existing embedded sequence node:

<![CDATA[
….
]]
paste the xml into the 2012 task sequence

You don’t have to worry about the text/line formatting. Save the file and then copy it back into the .ZIP file. You can then import the ZIP file into your 2012 environment and adjust your referenced objects accordingly. This is great when you have a master task sequence of custom tasks and you just would like the ability to copy/paste them into your new 2012 task sequences. One thing to remember is that your old task sequences were built on the package/program model for software installs. If you are leveraging the new applications model (which you should be) you will have to recreate those specific tasks anyways.

Jason Condo
Principle Consultant

   

June 26th
Additional Notes:

It seems that some people are having problems importing. While I’m not sure as to what they are seeing specifically, I found that the best option that worked for me was to create a blank default task sequence (not a MDT task sequence) to use as the export template from 2012. I grabbed the sequence node from the old and inserted it into the new, replacing the embedded sequence xml node. I don’t see why you couldn’t grab below the sequence node as well (after <sequence version=”3.00″>). It think may address some of the users’ experiences of having 3.10 as a sequence version. Hope that helps and keep sharing your experiences.

Notes from the Microsoft Management Summit 2013

This was another great year at the Microsoft Management Summit (MMS) in Las Vegas. While there were not an major product launches, much focus was given on the enhancements with SP1 for System Center. This news isn’t new since SP1 has officially been out since January but while there has been a lot of discussion about the features, seeing how Microsoft sees them in action and their alignment with the cloud mindset was beneficial. In the ConfigMgr space, there were numerous enhancements that were made with SP1 but my favorite is the hierarchal changes and the expansion of non-windows and non-PC device support.

Down to one

One great feature of the SP1 enhancements for ConfigMgr were the changes made to the architecture permitting a much flatter hierarchy. A very compelling argument was made as to why a CAS is not needed and that a single Primary site is all you need (unless you have over 100K clients or a solid reason to have multiples). Again and again it was stated from MS product team as well as MVPs managing huge deployments that you don’t need the CAS in the design and that a single Primary site server should be good for almost all but the largest deployments. This is backed up by the fact that the design changes in SP1 enable you to add a CAS server at any time later (thank goodness) and that the total number of clients supported at a single primary is 100,000. This is a huge shift for many of us, who based on the RTM specs, had installed CAS servers in solutions just in case a customer would want to expand their hierarchy later.

What was also discussed was the impact of having a CAS that doesn’t do anything, as in the solutions we described above. This impact was defined as the “replication tax” and basically described that since all primary servers in a hierarchy are equal, any change made at one server has to replicate to all the other servers and then up the hierarchy. When all your clients are reporting to a single primary with a CAS, that means that to see changes made at a Primary, you have to wait for it to replicate to see it at the CAS, for no real benefit. Since Primaries can’t be used to separate rights or access, the argument to have multiple primaries and a CAS really become difficult to support.

To example this effect, the product team was performing some “bathtub” testing against a design managing 400,000 clients during a normal Patch Tuesday rollout. With the minimal 4 Primary Site Servers they found it took around 14 hours to process all the backlogs. You would think throwing more servers at the solution would speed things up, however increasing the number of Primaries to 10 increased the backlog to 26 hours! In both scenarios the CAS was running at 100% utilization trying to keep up with the replication needs. This is huge, so make sure you are understanding this when you are designing your solution. If you have multiple Primary Servers now and have under 100,000 clients, I would strongly suggest you review your design and adjust accordingly.

Intune and ConfigMgr – Better together

Another great feature in ConfigMgr SP1 is the expanded support for deploying applications across numerous platforms and devices. Native support for IOS 10.6+, Linux, and Android means that you can have an agent, manage devices, and deploy software all from the same console. The user experience across all devices are similar and can even deeplink into the platform’s store to a specific public software install (App Store, Microsoft Store, Google Play). You can even use SCEP 2012 on your Apple systems.

While using ConfigMgr natively is great to manage on-prem devices, Microsoft expects you to manage cloud devices (mobile devices, disconnected pc’s, windows RT) from the cloud. Sounds obvious, and why not, since that is the easiest way to ensure an internet connected device can be managed without the work of making your management solution public facing. Microsoft has been working hard on their unified device management initiative, and with the latest version of Intune, creates a connection between your ConfigMgr SP1 solution and your Intune subscription service. Now there are ways you can empower users to be able to enroll their own devices and allow you to inventory, manage, deploy applications, and wipe those devices. All while having a single toolset to manage and a consistent experience for the end-user for application delivery. Let’s face it, keeping things simple and having a happy user makes a productive user and a happy you. There is so much to tell about this that I just can’t write it all but if you want more details feel free to reach out to me and I can help you dig in deeper.

As always, the sessions were great, the food was plentiful, the vendor parties were fun, and the socializing with other IT folks that wrestle with the same things I do was priceless. If you didn’t get a chance to go or was able to but missed some sessions in lieu of other ones, Microsoft has the recorded sessions along with slide decks available for download at http://channel9.msdn.com/Events/MMS/2013.

Now the only question (beside the obvious one about upgrading to SP1) is whether I will see you at next year’s MMS. However, the decision as to whether Microsoft will have another is still up in the air. We can leave that for another post though 🙂

Jason Condo
Principal Consultant

System Center Configuration Manager RTM: A Lab Installation

Since System Center Configuration Manager has been released, I thought it might be helpful to provide a how-to guide on a lab install of System Center Configuration Manager.  For this lab environment we will install both a Central Administration Point, and a Primary Site.  The instructions assume are familiar with SCCM 2007 and its install.

So many of you may ask why I am installing a CAS for a lab environment.  For this lab I want to experience a full SCCM architecture.  This requires an additional machine (or VM) to host, and likely isn’t needed in all but extremely large environments, but will provide the ability to experience a large design implementation.

Lab Environment – Requirements

  1. A server (or virtual machine) running Server 2008 R2 SP1 for the Central Administration Site (CAS) install.  This will be named BACLEVSCCM12CAS.
  2. A server (or virtual machine) running Server 2008 R2 SP1 for the Primary Site install.  This will be named BACLEVSCCM12.
  3. SQL 2008 R2 Enterprise, SP1, and SP1 CU4.
  4. System Center Configuration Manager RTM media.

Setup – Active Directory

Your AD environment must give Full Control rights to the SCCM Servers to the System\Systems Management AD container.

Setup an AD account called SVC_SCCM which is a member of the Domain Admins Group.  All installs to the servers will use this account.  This is done as a best practice to ensure the SQL and SCCM install is not tied to an individual user.

Install the Central Administration Site on BACLEVSCCM12CAS

Setup – Install SQL on CAS

We will be using SQL Server 2008 R2 Enterprise, with SP1 and SP1 CU4 (not to be confused with the non-sp1 CU4) for our install.  The following options must be enabled in SQL during the install.

  1. Only the Database Engine Services feature is required for site server.
  2. Reporting Services (if you want to add this feature to SCCM, which you do)
  3. I am installing the Management tools so I can manage it locally however as well. Be sure to patch to SP1, and then apply the SP1 CU4 update.

Setup – Server 2008 R2 on CAS

I will be installing on a Server 2008 R2 SP1 system.  The following features (and roles that will be forced because of the features) must be enabled:

  1. .Net 3.5 SP1
  2. Background Intelligent Transfer Service (BITS) including Compact Server and IIS Server Extension
  3. Microsoft Remote Differential Compression
  4. IIS 6 WMI Management Compatibility – IIS 6 WMI compatibility

Setup – SCCM Assess Server Readiness on CAS

Login in as the SVC_SCCM account.

Launch Assess server readiness and ensure there are no errors.

image

As you can see we have some warnings, but can install.

image

Setup – SCCM Install CAS

  1. Launch Installimage
  2. Click Nextimage
  3. Choose to Install a Configuration Manager central administration siteimage
  4. Enter your key or run in evaluation mode.image
  5. If you accept the license terms, continue.image
  6. More license terms, if you accept continue.image
  7. Select a location to download the prerequisites and click next.  This will then download all the necessary files in multiple languages (just in case).  You will wait a while for this to finish.image
  8. Select your Language for the console and reports.image
  9. Select your client languages.image
  10. Setup your Site Code, Site Name, and Install Folder.  Ensure you install the console as well.image
  11. Setup the Database Information (The defaults are perfectly fine).image
  12. Verify the FQDN of the server.image
  13. Feel free to Join the Customer Experience Improvement Program.image
  14. Verify the Settings Summary and continue.image
  15. The prerequisite check will now run again (aren’t we glad we did this first to ensure we pass?)image
  16. The install will then run for a while.image
  17. Your Central Administration Site is now installed!

Install the Primary Site on BACLEVSCCM12

Setup – Install SQL on Primary

We will be using SQL Server 2008 R2 Enterprise, with SP1 and SP1 CU4 (not to be confused with the non-sp1 CU4) for our install.  The following options must be enabled in SQL during the install.

  1. Only the Database Engine Services feature is required for site server.
  2. Reporting Services (if you want to add this feature to SCCM, which you do)
  3. I am installing the Management tools so I can manage it locally however as well. Be sure to patch to SP1, and then apply the SP1 CU4 update.

Setup – Server 2008 R2 on Primary

I will be installing on a Server 2008 R2 SP1 system.  The following features (and roles that will be forced because of the features) must be enabled:

  1. .Net 3.5 SP1
  2. Background Intelligent Transfer Service (BITS) including Compact Server and IIS Server Extension
  3. Microsoft Remote Differential Compression
  4. IIS 6 WMI Management Compatibility – IIS 6 WMI compatibility

Setup – SCCM Assess Server Readiness on CAS

Login in as the SVC_SCCM account.

Launch Assess server readiness and ensure there are no errors.

image

As you can see we have some warnings, but can install.

image

Setup – SCCM Install CAS

  1. Launch Installimage
  2. Click Next image
  3. Choose to Install a Configuration Manager primary site (do not select Use typical installation options for a stand-alone primary site)image
  4. Enter your key or run in evaluation mode. image
  5. If you accept the license terms, continue. image
  6. More license terms, if you accept continue.image
  7. Select a location to download the prerequisites and click next (or point it at the files we downloaded on the previous install).  This will then download all the necessary files in multiple languages (just in case).  You will wait a while for this to finish.image
  8. Select your Language for the console and reports.image
  9. Select your client languages.image
  10. Setup your Site Code, Site Name, and Install Folder.  Ensure you install the console as well.image
  11. Enter the Central administration site server (FQDN).image
  12. Setup the Database Information (The defaults are perfectly fine).image
  13. Verify the FQDN of the server.image
  14. Choose Configure the communication method on each site system role and Clients will use HTTPS when they have a valid PKI certificate and HTTPS-enabled site roles are available.image
  15. Setup the management point and distribution point to use HTTP communicationimage
  16. Feel free to Join the Customer Experience Improvement Program.image
  17. Verify the Settings Summary and continue.image
  18. The prerequisite check will now run again (aren’t we glad we did this first to ensure we pass?)image
  19. The install will then run for a while.image
  20. Your Primary Site is now installed!

Future Activities

In future blog posts I will detail configuring the site for use, and migration from an existing SCCM 2007 environment.

David Norling-Christensen
Senior System Architect