System Center Blog

    by Mikael Perhult (SCCMx)

    Browsing Posts in SCCM

    Issue:
    When installing .Net Framework via Task Sequence the installation does not complete and the advertisment logs shows only “waiting for job status notification”

    Hotfix:
    WindowsServer2003-KB938397-x86-ENU.

    Apply to:
    Add to Build Image, Slipstream to Unattend folder or Run in Task Sequence+Restart before Software Installation in Task Sequence.

    There is an easy way to gather Last Logon information from Active Directory System Discovery and the attribute flag for Last logon.

    When enabling this attribute the Last Logon timestamp is collected in the inventory.
    By then creating some SQL querys and reports can this be viewed.

    In this example it joins to Server objects and Missing Agents.

    All objects:
    SELECT     Name0 AS ‘Computer’, CONVERT(varchar(10), DATEADD(ms, lastLogon0 / CAST(10000 AS bigint) % 86400000, DATEADD(day,                       lastLogon0 / CAST(864000000000 AS bigint) – 109207, 0)), 111) AS ‘Last AD Logon’, Client0 as Client, Operating_System_Name_and0 as OS FROM         v_R_System WHERE     (lastLogon0 IS NOT NULL) AND (Client0 IS NULL) AND Operating_System_Name_and0 like ‘%Server%’ AND  lastLogon0 > 0 ORDER BY ‘OS’
    Objects not logged on for 90 days:
    SELECT * FROM (  SELECT  Name0 AS ‘Computer’,  lastLogon0,  CONVERT(varchar(10), DATEADD(ms, lastLogon0 / CAST(10000 AS bigint) % 86400000, DATEADD(day,   lastLogon0 / CAST(864000000000 AS bigint) – 109207, 0)), 111) AS [Last AD Logon],    Client0 as Client,  Operating_System_Name_and0 as OS  FROM         v_R_System  WHERE     (lastLogon0 IS NOT NULL) AND (Client0 IS NULL) AND Operating_System_Name_and0 like ‘%Server%’  AND lastLogon0 > 0 ) sub WHERE DATEDIFF(day, [Last AD Logon], GETDATE()) < 90 ORDER BY ‘OS’

    Attribute setting:

    This post is based on blogs that covers “How to Use Definition Update Automation Tool with Status Filter Rule”.
    From technet:
    http://blogs.technet.com/b/clientsecurity/archive/2011/11/03/how-to-use-the-definition-update-automation-tool-for-forefront-endpoint-protection-2010-update-rollup-1.aspx
    There has been updates made to the KB being used for Software Update Automation in SCCM/FEP 2010 that I have seen.

    In this scenarios are both KB’s active in the system and needed to be deployed to agents (required).

    The solution is to create an extra cmd file and schedule this to be run after the first one is being run.
    Create a new Deplyment and Package that is named FepDefinitionUpdates2.
    Create a new cmd file named FEPSoftwareUpdateAutomation2.cmd and place it in any local folder on the Site Server:

    “<DRIVE:>\program files (x86)\Microsoft Configuration Manager\AdminUI\bin\SoftwareUpdateAutomation.exe” /UpdateFilter “articleid=’2461484′ AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0 AND IsDeployed=0” /AssignmentName FepDefinitionUpdates2 /PackageName FepDefinitionUpdates2

    When adding IsDeployed=0 as a parameter can this command file be run after the normal Wsus sync and status message rule.

    Create a task schedule that runs the command file (use svc account for enabled run when logged on or not+highest priv.).

     

    When using a SQL Server specific port and not being able to open SQL browser UDP port 1434 through firewall the Linked Server can fail between SQL Servers in SCCM 2012. For example between a Secondary Site and a Primary Site.

    Cause:

    This is due to the Linked Server object in SQL is not being setup using the custom portnumber.
    This can be seen by opening SQL Mgmt Studio, go to Server Objects, Linked Servers, Providers. Right click the Linked Server object and select “Test Connection”, it shows [Failed] with an error description.

    Symptom:

    In the logfile rcmctrl.log is this shown.

    ERROR: Exception message: [SQL Server Network Interfaces: Error Locating Server/Instance Specified [xFFFFFFFF]. ~~OLE DB provider “SQLNCLI10” for linked server “SCCMSQL.lab.local\SCCM_PSS” returned message “Login timeout expired”.~~OLE DB provider “SQLNCLI10” for linked server “SCCMSQL.lab.local\SCCM_PSS” returned message “A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.”.~~OLE DB provider “SQLNCLI10” for linked server “SCCMSQL.lab.local\SCCM_PSS” returned message “Invalid connection string attribute”.]

    Solution:
    Re-create Linked Server object adding the custom sql port.

    # Right click and select Script Linked Server as DROP and CREATE to – New Query Editor Window.

    # Change and add the custom port:
    EXEC master.dbo.sp_addlinkedserver @server = N’SCCMSQL.lab.local\SCCM_PSS’, @srvproduct=N’Any’, @provider=N’SQLNCLI10′, @datasrc=N’SCCMSQL.lab.local,13334\SCCM_PSS’, @provstr=N’Data Source=SCCMSQL.lab.local,13334\SCCM_PSS;Integrated Security=SSPI;Persist Security Info=false;Encrypt=Yes;TrustServerCertificate=No;’

    # Verify and Run the script.

    # Right click the Linked Server object and select “Test Connection” – It now shows [OK].

    # Restart SMS Executive and SMS Component.

    Verify the changed settings will take effect in rcmctrl.log.
    Launching 2 sprocs on queue ConfigMgrDRSQueue and 0 sprocs on queue ConfigMgrDRSSiteQueue…
    There are 2 Drs Activations sprocs running…
    Running configuration ConfigureLinkedServers..
    Found 1 servers that needs to be linked…
    Processing Replication success…

     

    When migrating clients to SCCM 2012 there can be an issue with agents trying to update the source list via Source Update Manager. This creates a fairly heavy load on the MP/SQL since it will retry this operation every hour, 3600 seconds, as a default. This schedule cannot be configured in the Client Agent settings.

    This is a feature under the hood that automatically published unc source list paths to agents based on MSI’s that is imported to SCCM using the Program – Windows Installer feature.

    The heavy load can be seen in the MP log and SQL profiler where the Stored Procedure can be listed.

    MP Log:
    MP_Location.log
    (Example from log: MP_GetContentDPInfoUnprotected (PSS00355,*,PSS,SMSPackage….)

    SP:
    MP_GetContentDPInfoUnprotected

    Solution:
    Remove the Windows Installer product code feature or wait for the load the even out.

    Example of Windows Installer Product Code Soure List:

    There has been released a patch that adds support for Windows Server 2012 to the Schedule Updates of offline image servicing. The patch also stabilizes the overall feature of Schedule Updates.

    FIX: The Schedule Updates Wizard does not list content for Windows Server 2012 in System Center 2012 Configuration Manager Service Pack 1.

    http://support.microsoft.com/kb/2793237/en-us

     

    When migrating to SCCM 2012 there can be a good way to keep track of the actual agent status over time using dynamic collections. This since the agent upgrade has an automatic roll-back if the upgrade failes.

    These collections can be used for both workstations or servers by using Limit to Collection in the query for the following:
    All Windows Workstation or Professional Systems
    All Windows Server Systems

    (The settings for date and time must be based on how the current setting is made oh HW inv client agent)

    List Active Computers:

    select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_OPERATING_SYSTEM.Name like “Microsoft%” and SMS_G_System_COMPUTER_SYSTEM.Name not in (select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_WORKSTATION_STATUS.LastHardwareScan <= DateAdd(dd,-1,GetDate()))

    List Non-Active Computers:

    select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_OPERATING_SYSTEM.Name like “Microsoft%” and SMS_G_System_COMPUTER_SYSTEM.Name not in (select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_WORKSTATION_STATUS.LastHardwareScan >= DateAdd(dd,-10,GetDate()))

    Here is a query that lists all AD groups the computer is member of together with deployments assigned to the computer.
    Software Update deployments are excluded.

    SELECT     v_R_System.Name0, v_RA_System_System_Group_Name.System_Group_Name0, v_CIAssignment.AssignmentName, v_CIAssignment.Description
    FROM         v_R_System INNER JOIN
                          v_RA_System_System_Group_Name ON v_R_System.ResourceID = v_RA_System_System_Group_Name.ResourceID RIGHT OUTER JOIN
                          v_CIAssignmentTargetedMachines ON v_R_System.ResourceID = v_CIAssignmentTargetedMachines.ResourceID RIGHT OUTER JOIN
                          v_CIAssignment ON v_CIAssignmentTargetedMachines.AssignmentID = v_CIAssignment.AssignmentID
    WHERE     (v_R_System.Name0 LIKE 'PC001') and (AssignmentName not like '%Software Update%' and AssignmentName not like '%Endpoint Protection%')

    This query lists all failed deployments for package/programs on Servers.

    declare @__timezoneoffset int select @__timezoneoffset = DateDiff(ss,getutcdate(),getdate());
    select sys.Netbios_Name0, sys.User_Domain0, sys.User_Name0,site.SMS_Installed_Sites0, Client_Type0, ainfo.AdvertisementName, 
    LastStatusMessageID, LastStatusMessageIDName, 
    DATEADD(ss,@__timezoneoffset,LastStatusTime) as LastStatusTime, 
    stat.AdvertisementID, LastExecutionResult, LastExecutionContext, sys.Operating_System_Name_and0
    from v_ClientAdvertisementStatus stat
    join v_AdvertisementInfo ainfo on stat.AdvertisementID=ainfo.AdvertisementID
    join v_R_System sys on stat.ResourceID=sys.ResourceID
    left join v_RA_System_SMSInstalledSites site on stat.ResourceID=site.ResourceID
    where stat.LastState='11' /* 11 = failed */
    and sys.Operating_System_Name_and0 like '%server%'
    order by sys.Netbios_Name0

     

     

     

    With SCCM 2012 SP1 there is a problem with the certificate for the MicrosoftPolicyPlatformSetup.msi file.

    In the case of OSD and task sequence there is a solution.

    Since the KB that is avalible for fixing this is availible via WU and then possibkle to use in SU the patch can be downloaded and added as an offline patching efter the image and before the SCCM agent setup.

    http://support.microsoft.com/kb/2749655