Configuration Manager Assessment

Things to consider when doing a Configuration Manager assessment:

Network environment:

What does your network topology look like?

What are the  WAN link speeds, network latency and bandwidth?

What network infrastructure and security devices are in place?

What ports and protocols are allowed through these devices?

What are the usage patterns for network resources, network utilization?

At which locations will you provide services?

What client systems are at each location?

How many devices are to be managed in total?

What users are at each location?

How do external/remote users connect to the corporate network?

Is support for 802.1X authentication required?

Is there a PKI implementation?

Is a POC environment available?

How are change requests handled?

Active Directory environment:

Do you have multiple AD forests?

What are the trust relationship if so?

Will you support computers in workgroups?

SCCM Operators

Who will use the system?

What tasks will they be required to do?

Server and Data Center infrastructure:

Is server infrastructure centralized in a few large data centers or is it distributed?

Are some data centers better connected than are others?

What are the hardware standards?

Is virtualization preferred?

Installed client base and hardware refresh cycle:

What is the hardware and operating system (OS) mix for the installed PC base?

How are new systems imaged?

Is PXE booting  to install images required?

What mobile devices are in use?

Is there a need to support embedded systems?

How often are systems replaced?

Are users allowed to bring their own systems?

Is there a planned OS upgrade?

Who are you deploying Windows to or for?

What OS are you deploying?

What applications do you want to deploy with the OS?

Will this be different for different user or system roles?

To which hardware models are you deploying the OS?

Will you support mobile device client such as smartphones, or Internet-only clients?

Will App-V be enabled for deploying virtualised applications?

How are clients being updated with Windows patches?

Are third party update patches required?

Existing SQL Server deployment:

Will you be using existing SQL servers?

Do these systems meet ConfigMgr requirements?

Are SQL servers clustered?

Are SQL reporting services deployed?

Storage and backup infrastructure:

What storage technologies are in use?

How is data replicated between storage systems?

Details of the design such as optimum server placement, hardware configuration,

and client installation methods depend on the IT infrastructure and services you

have in place.

Advertisements

Client Push requirements

Client Push is a feature that is responsible for fixing defective SCCM clients that are on the domain, but not reporting directly to its assigned site. Additionally, machines that have never received the SCCM client will have it installed.

There are several prerequisites to meet before you can successfully push a client to a remote computer:

One of the specified client push installation accounts must be a member of the local administrators group on the destination computer. Alternatively, you can grant the machine account of the SCCM server to as a local admin

The computer must have the ADMIN$ share enabled.
The computer must be found by the site server and vice versa, using DNS name resolution.
Client Push Installation Firewall Exceptions –
In order to successfully use client push to install client, you must add the following as exceptions to the Windows Firewall or any other firewall between the site server and the client machine:

 File and Printer Sharing
 Windows Management Instrumentation (WMI)

Ports:
UDP TCP
Server Message Block (SMB) between the site server and client computer. — 445

RPC endpoint mapper between the site server and the client computer. 135 135

RPC dynamic ports between the site server and the client computer. — DYNAMIC

Hypertext Transfer Protocol (HTTP) from the client computer to a mixed mode management point. — 80 (See note 1, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a native mode management point. — 443 (See note 1, Alternate Port Available)

In the client push installation method, the server makes an initial connection to the admin$ share on the prospective client computer using Windows file-sharing protocols. Administrative access to the client is required to connect to the admin$ share.

The site server uses these connections to copy the required setup files to the client and then installs and starts the ccmsetup service.

ConfigMgr 2012: Offline Servicing fails with “Failed to find properties of file”

Symptoms
Offline Servicing fails with following error [SQl logging is enabled]:

Mounting image at index 1. Image file=’C:\ConfigMgr_OfflineImageServicing\TCM0012B\Win7SP1_Office10_NET40_x64_10_02_2012.wim’, MountDirectory=’C:\ConfigMgr_OfflineImageServicing\TCM0012B\ImageMountDir’, ImageFileType=’WIM’, Mode=’ReadWrite’SMS_OFFLINE_SERVICING_MANAGER 29/11/2013 10:44:20 AM 18772 (0x4954)Image OS information : MajorVersionMS = 6, MinorVersionMS = 1, MajorVersionLS = 7601, MinorVersionLS = 18015 SMS_OFFLINE_SERVICING_MANAGER 29/11/2013 10:47:23 AM 18772 (0x4954)SQL>>>set quoted_identifier on;set ansi_warnings on;set ansi_padding on;set ansi_nulls on;set concat_null_yields_null on;set arithabort on;set numeric_roundabort off;set DATEFORMAT mdy; SMS_OFFLINE_SERVICING_MANAGER 29/11/2013 10:47:23 AM 18772 (0x4954)SQL>>>>> Done. SMS_OFFLINE_SERVICING_MANAGER 29/11/2013 10:47:23 AM 18772 (0x4954)SQL>>>select distinct cpkg.Content_ID, ContentSubFolder, FileName from vCIAllContents cont join CI_ContentFiles cf on cf.Content_ID=cont.Content_ID join CI_ContentPackages cpkg on cpkg.Content_ID=cont.Content_ID join SMSPackages pkg on pkg.PkgID=cpkg.PkgID where CI_ID=16791696 SMS_OFFLINE_SERVICING_MANAGER 29/11/2013 10:47:23 AM 18772 (0x4954)SQL>>>>> Done. SMS_OFFLINE_SERVICING_MANAGER 29/11/2013 10:47:23 AM 18772 (0x4954)

Failed to find properties of file 2 SMS_OFFLINE_SERVICING_MANAGER 29/11/2013 10:47:23 AM 18772 (0x4954)

Cause
A NO_SMS_ON_DRIVE.SMS file was present on the drive where content was located.
Resolution
Interesting thing was that the number “2” kept changing everything we tried to run the wizard again for offline servicing. On running the SQL query in SQl Management Studio we got:

select distinct cpkg.Content_ID, ContentSubFolder, FileName from vCIAllContents cont join CI_ContentFiles cf on cf.Content_ID=cont.Content_ID join CI_ContentPackages cpkg on cpkg.Content_ID=cont.Content_ID join SMSPackages pkg on pkg.PkgID=cpkg.PkgID where CI_ID=16791696

Content ID ContentSubFolder Filename
16791021 2921051e-5897-4120-b749-0f38f3ea6ac9 windows6.1-kb982666-x64.cab
It turned out that the number “2” was the first character for the string “2921051e-5897-4120-b749-0f38f3ea6ac9”. This would change on subsequent attempts and the number “2” would be replaced by the first alphabet/digit of the value under ‘ContentSubFolder’.

This Number ‘2921051e-5897-4120-b749-0f38f3ea6ac9’ was actually the name of the folder in the ‘DataLib’ directory in ‘SMSContentLib’.

I:\SCCMContentLib\DataLib\2921051e-5897-4120-b749-0f38f3ea6ac9

Opening the INI file we got following value inside it:

[File]
Attributes=00000020
Size=63945
TimeModified=129385629639903558
Hash=0DCA7A2935011E00ACE4B5C1E3A3AF51095B2FDC91449504265C3667934119DB
The FileLib Directory was split across multiple drives. We found that the actual content for this Update was stored on E:\:

E:\SCCMContentLib\FileLibDCA

For more information on how to navigate inside SCCMContentLib please refer to:

http://blogs.technet.com/b/configmgrdogs/archive/2012/04/16/configmgr-2012-content-library-overview.aspx

Thus we knew that the content was very much present, but, was not reachable from OfflineServicing thread. At this point I decided to you procmon for the entire process. I found out that the E:\ Directory was not even being scanned in this process:

Looking at the registry value ‘HKLM\Software\Microsoft\SMS\DP\ContentLibUsableDrives’ ‘E:\’ was not added over there.

On further investigation we found out that ‘NO_SMS_ON_DRIVE.SMS’ was present on ‘E:\’.This would make the smsexec process skip the drive when looking for content. We remove the ‘NO_SMS_ON_DRIVE.SMS’ from ‘E:\’ and restart ‘smsexec’ service. After this we got ‘E:\’ listed as a usable drive in registry:

We ran the wizard for Offline servicing again and this time it completed successfully.