Remember to install KB3159706 to enable Windows 10 updates for WSUS

Remeber to install KB3159706 on any WSUS server standalone or System Center Configuration Manager Software Update Point to enable Windows 10 upgrades (and feature updates) that are released after May 1, 2016.

https://support.microsoft.com/en-us/kb/3159706

Please not that this update is not available for Server 2008 R2 or older.

PowerShell – SCCM/SCORCH track software update installations

I recently created a simple PowerShell script to track the software update installation process initiated by SCCM. WMI queries below will check if all available updates is installed.

This kind of logic is useful, if you want to do advanced automation of server patching with Configuration Manager and Orchestrator. And for example replace the @Get Deployment Status activity.” in orchestrator.

#CCM_SoftwareUpdate http://msdn.microsoft.com/en-us/library/jj155451.aspx #Created by Haavard Molland
$Computer = "PPATCH01"
#Count available updates
$updates = @(get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate" -namespace "ROOT\ccm\ClientSDK" -computer $Computer) | measure
#check for updates beeing installed
$WaitWhileInstalling = @(get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate WHERE EvaluationState = 6 or EvaluationState = 7" -namespace "ROOT\ccm\ClientSDK" -computer $Computer)
write-host $WaitWhileInstalling

#Wait for SCCM client to complete installation 
If(!$WaitWhileInstalling)  
{   
  $InstalledUpdates = @(get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate WHERE EvaluationState = 8 or EvaluationState = 9 or EvaluationState = 12" -namespace "ROOT\ccm\ClientSDK" -computer $Computer) | measure
  #Make sure installed updates equals available updates.
  If($InstalledUpdates.Count -eq $updates.count) {$AllUpdatesInstalled = "Yes"}
  write-host $AllUpdatesInstalled 
}

Tools of the Trade – Windows USB Download Tool

If you need a simple way to create a bootable Windows XP/Vista/7/8 USB memory stick. Microsoft has created a simple tool. It was created for Windows 7, but still does the trick 🙂

USB Download Tool

The tool will format your USB pen, make it bootable, then copy files from a specified .iso to the drive.

Get it here: http://www.microsoftstore.com/store/msusa/html/pbPage.Help_Win7_usbdvd_dwnTool

 

schtasks.exe or get-scheduledtasksinfo last run results codes.

Both the command line utility schtasks.exe” and the PowerShell command Get-ScheduledTaskInfo will return a column named “Last result”. The return codes differ from the last run result format you typically find in the UI.

Here is some of the status codes from last result:

0 - The operation completed successfully.
1 - Incorrect function called or unknown function called. 2 File not found.
10 - The environment is incorrect. 
267008 - Task is ready to run at its next scheduled time. 
267009 - Task is currently running. 
267010 - The task will not run at the scheduled times because it has been disabled. 
267011 - Task has not yet run. 
267012 - There are no more runs scheduled for this task. 
267013 - One or more of the properties that are needed to run this task on a schedule have not been set. 
267014 - The last run of the task was terminated by the user. 
267015 - Either the task has no triggers or the existing triggers are disabled or not set. 
2147750671 - Credentials became corrupted. 
2147750687 - An instance of this task is already running. 
2147943645 - The service is not available (is "Run only when an user is logged on" checked?). 
3221225786 - The application terminated as a result of a CTRL+C. 
3228369022 - Unknown software exception.

SCOM: How to get Health state of a monitor with PowerShell.

Recently I got a request to generate a Critical Alert only when the state of a specific monitor on all servers in a Group was different than healthy. It’s possible to create PowerShell based monitors in SCOM (more on that topic later on..)

Anyway, here is my piece of code to get the monitor state:

Import-Module OperationsManager
#Specify SCOM Group
$Group = Get-SCOMGroup -DisplayName "TEST GROUP"
$Members = $Group.GetRelatedMonitoringObjects()
foreach ($member in $Members)
{
#get the server object.
$alertobject = Get-SCOMMonitoringobject -Name $member
#get the monitor, in this example DisplayName is used as parameter.
$alertmonitor = Get-SCOMMonitor -DisplayName "Run As Account Verification"
 #If the server is not healthy, available and the monitor is enabled then..
 If (($alertobject) -and ($alertobject.HealthState -ne "Success" -and $alertobject.IsAvailable -eq "True") -and ($alertmonitor.enabled -eq "True")) {
 #HealthState from OperationalStateCollection and only return the first line.   
 $alertmonitor.OperationalStateCollection | select HealthState -First 1
 }
}

Windows Server 2012 core: domain controller computer account reset

I recently had a domain controller where the computer account had expired. All external authentication failed and i got error messages such as: “The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server”

As this was a Domain Controller and FSMO role keeper a domain re-join was not possible.

Solution (from command line):

  • Stop the KDC service: “Net stop “kerberos Key Distribution Center”
  • Delete kerberos tickets: “klist purge”
  • Reset password: “netdom resetpwd /s:[workingdc] /ud:domain\user /pd:*”
  • restart server: “shutdown -r”

System Center 2012 Operations Manager Technical Documentation

Looking for technical documentation for System Center Operations Manager? It’s published by Microsoft here: http://www.microsoft.com/en-us/download/details.aspx?id=29256

OM12R2_Upgrade.docx 86 KB
OM12R2_Upgrade.pdf 427 KB
SC2012_OpsMgr_Authoring.docx 4.3 MB
SC2012_OpsMgr_Authoring.pdf 6.1 MB
SC2012_OpsMgr_CompleteDocumentation.docx 9.9 MB
SC2012_OpsMgr_CompleteDocumentation.pdf 17.8 MB
SC2012_OpsMgr_Deployment.docx 553 KB
SC2012_OpsMgr_Deployment.pdf 2.1 MB
SC2012_OpsMgr_GetStarted.docx 59 KB
SC2012_OpsMgr_GetStarted.pdf 248 KB
SC2012_OpsMgr_KeyConcepts.docx 182 KB
SC2012_OpsMgr_KeyConcepts.pdf 360 KB
SC2012_OpsMgr_Operations.docx 5.1 MB
SC2012_OpsMgr_Operations.pdf 8.8 MB
SC2012_OpsMgr_SuppConfig.docx 109 KB
SC2012_OpsMgr_SuppConfig.pdf 667 KB
SC2012_OpsMgr_WhatsNew.docx 170 KB
SC2012_OpsMgr_WhatsNew.pdf 405 KB

 

 

System Center Configuration Manager 2012 R2 SP1 CU1

System Center Configuration Manager 2012 R2 SP1 CU1 has been out for a couple of weeks. This update contains bug-fixes and new powershell cmdlets.

read more and download here: http://support.microsoft.com/kb/2817245/en-us

  • Add-CMDistributionPoint
  • Import-CMAntiMalwarePolicy
  • Import-CMDriver
  • New-CMAppVVirtualEnvironment
  • New-CMMigrationJob
  • New-CMPackage
  • New-CMSoftwareUpdateAutoDeploymentRule
  • New-CMTaskSequence
  • New-CMTaskSequenceMedia
  • New-CMUserDataAndProfileConfigurationItem
  • Set-CMApplicationCatalogWebsitePoint
  • Set-CMAppVVirtualEnvironment
  • Set-CMClientPushInstallation
  • Set-CMClientSetting
  • Set-CMDistributionPoint
  • Set-CMDriver
  • Set-CMEndpointProtectionPoint
  • Set-CMEnrollmentPoint
  • Set-CMEnrollmentProxyPoint
  • Set-CMHierarchySetting
  • Set-CMManagementPointComponent
  • Set-CMOperatingSystemImageUpdateSchedule
  • Set-CMOutOfBandManagementComponent
  • Set-CMReportingServicePoint
  • Set-CMSite
  • Set-CMSoftwareUpdateAutoDeploymentRule
  • Set-CMSoftwareUpdatePointComponent
  • Set-CMStateMigrationPoint
  • Set-CMStatusSummarizer
  • Set-CMSystemHealthValidatorPointComponent
  • Set-CMTaskSequence
  • Set-CMUserDataAndProfileConfigurationItem
  • Start-CMDistributionPointUpgrade

 

Deploying Windows RT 8.1 in Educational Environments

There are many benefits with Windows RT. In most cases, the user will manage the device without involving the IT-department. In educational scenario’s Windows RT enabled devices such as Microsoft Surface is getting popular, due to a low price point, stability, easy to reset and quick boot-up speed.

Even if this is a “personal” device (you own it, love it and take care of it) most IT departments this want to do some initial configuration. There is some capabilities with System Center Configuration Manager and Windows Intune where you can deploy Wi-Fi and VPN Profiles, but this requires that you have the SCCM/Intune solution configured.

If you ‘re about to roll out Windows RT devices, I recommend; “Deploying Windows RT 8.1 – A guide for Education”. This is a complete guide for enrolling Windows RT devices in educational environments. In addition there is a codeplex project providing a complete solution with scripts.

Index:

  • Choosing a student account
  • Deployment process overview
  • Creating the configuration store
  • Building a complete solution
  • Local group policy settings.

http://www.microsoft.com/en-us/download/confirmation.aspx?id=41643

System Center 2012 R2: Update Rollup 1

Update Rollup 1 for System Center 2012 R2 is available. Following components are fixed in this update:

  • App Controller
  • Orchestrator
  • Data Protection Manager
  • Operations Manager
  • Service Manager
  • Service Provider Foundation
  • Virtual Machine Manager

Get it here: http://support.microsoft.com/kb/2904734

SC 2012 R2 Configuration Manager (Hotfix): Windows 8.1 deployment to Windows XP based clients fail.

There is still a lot of XP Clients around. Many Companies are doing “last minute” migrations these days. In System Center 2012, R2 Configuration Manager there is a bug that prevents you from deploying Windows 8.1 to a Windows XP-based computer.

Symptom:

Deployment fails, SMSTS.LOG show: “TSManager datetime 3048 (0x0BE8)”.

Solution:

Microsoft has released a hotfix, get it here: http://support.microsoft.com/kb/2910552

 

NIC 2014: Slide Decks

The third edition of the Nordic Infrastructure Conference is history. Sadly, there were no recording this year.I have gathered slide decks and demo material from some of the sessions.

Download the slide decks here

NIC

Jakob Gottlieb Svendsen:

  • System Center Orchestrator 2012 Runbook Design 101
  • SCSM 2012 & Orchestrator 2012 Lessons learned from the real world

Jan Egil Ring:

  • Get Started with Windows PowerShell Desired State Configuration

Johan Arwidmark:

  • Building the perfect Windows 8.1 image
  • Deploying Windows 8.1 in the Enterprise
  • Troubleshooting ConfigMgr 2012 R2 OS Deployments

Kent Agerlund:

  • Become the hero in the Datacenter

Kristian Nese:

  • Hybrid Cloud with NVGRE (WSSC 2012 R2)
  • Under the hood of Windows Azure Pack

Kåre Rude Andersen:

  • Be a Hero – Optimize SCOM and present your Services
  • Create a ScomBot – Automate and monitor Azure

Olav Tvedt:

  • InTuneInAction
  • Going Totally Cloud

Ståle Hansen:

  • Understand how Lync integrates with Exchange
  • Understand Lync Video and Interop

SCOM: “Mass create” management packs with powershell

Need create multiple (mass create) management packs for System Center Operations Manager 2012 r2? PowerShell is your friend. Run this script in the Operations Manager Shell (no warranties given).

The archive consists of two files:

masscreateMP

  • CreateMP.PS1.txt – Actual script, rename to .PS1 and run in the Operations Manager Shell or edit the script to load the Operations Manager Powershell Module.
  • CreateMps.txt – List of management packs to be created.

See the code below, or download the script here

#usage .\CreateMP_.PS1
function CreateMP ($ManagementPackName)
{

function MPIDEncode ($MPID)
{
$s = $MPID
$s = $s.Replace(” “, “.”)
$s = $s.Replace(“-“, “.”)
$s = $s.Replace(“&”, “”)
$s = $s.Replace(“..”, “.”)
$s = $s.Replace(“…”, “.”)

return ,$s
}

$sManagementPackID = MPIDEncode -MPID $ManagementPackName
$MS = Get-SCOMManagementServer
$ManagementServer = $ms.DisplayName
$MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($ManagementServer)
$MPStore = New-Object Microsoft.EnterpriseManagement.Configuration.IO.ManagementPackFileStore
$MP = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPack($sManagementPackID, $ManagementPackName, (New-Object Version(1, 0, 0)), $MPStore)
Write-Host “Creating ManagementPack” + $ManagementPackName
$MG.ImportManagementPack($MP)
$MP = $MG.GetManagementPacks($sManagementPackID)[0]
$MP.DisplayName = $ManagementPackName
$MP.Description = “MP Created from Script”
$MP.Version = “1.0.0.0”
$MP.AcceptChanges()
write-host “Successfully created Management Pack”
}

ForEach ($mpname in Get-Content “CreateMPs.txt”)
{
CreateMP -ManagementPackName $mpname
}


					

SCCM: MP has rejected the request because CD(SMSID = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx) certificate has expired

This time I was working with a customer on a System Center Configuration Manager Update. The error message was: “MP has rejected the request because CD(SMSID = blablabla) certificate has expired. For a few minutes I had an idea that this could be a broken client (long day), this lead me into the SCCM database for troubleshooting.

ClientAuth.log showed error:

Client ‘cbc4f875-1194-401f-b979-890454806b5a’ is unknown or has an invalid key registered in the database.

Status Message Warning (SMS_MP_Control_Manager):

IMG1

The ”ClientKeyData” Table in the SCCM database contains information, about internal SCCM certificates like PXE but also self-signed client certificates.

I ran this SQL Query: “select SMSID,ValidUntil,AgentType from dbo.ClientKeyData” this returned the SMSID alerted in the Status Message. I also noticed that AgentType was set to 1, this seems to be 1 if it’s related to SCCM servers or roles.

IMG2

This lead me into the SCCM certificates, I found that one of the PXE certificates on a DP had expired. Easy fix but a backwards way to find out. Therefore, if you ever see this warning I recommend you to check the certificates node in the monitoring tab in SCCM first.

IMG3

Windows Server 2012 R2 – Learn what’s new

One of my main sources for TechUpdates is Microsoft’s Channel 9 (http://channel9.msdn.com). Here you will find sessions from all the great events like, TechEd, MMS, Build and many more.

Reading up on Server 2012 R2 I found this series, a very good and organized source http://channel9.msdn.com/Series/NewInWS2012R2 This covers everything you need to know before booting up your lab environment to try it all yourself.

Main topics for Server 2012 R2: 

What's new

Upgrading System Center 2012 Configuration Manager to R2

If you’re looking for a guide for upgrading your SCCM 2012 SP1 environment to R2. I recommend you to use Johan Arwidmarks: “A Geeks Guide for upgrading to ConfigMgr 2012 R2 and MDT 2013”. Great guide with useful Insights from the deployment master himself.

If you have a CAS, remember this: Start the process on the CAS and work your way down the hierarchy.

NB! (Recent experience)

After you have updated your CAS it needs to re-establish its site links. Expect some heavy replication.

You will get an error related to “Parent site replication status” on all primary sites. Wait until the site links are back up and running before you upgrade your primary sites (prereq check will stop you). In my experience, this can take 1-2 hours. Pay attention to CPU/Disk activity before proceeding with the upgrade.

Objreplmgr.log and replmgr.log is good logs to check out.

High Level steps:

  • Test the site database for upgrade
  • Uninstall ADK 8.0
  • Install ADK 8.1 (make sure to download the re-release, available on October 17, 2013)
  • Install ConfigMgr 2012 R2
  • Install MDT 2013
  • Post configuration (fix a few things like creating new boot images, new sequences, and possible fix network access account and PXE)

Read Johan’s blogpost here

NB! Additional resources.

This page can’t be displayed after App Controller R2 Upgrade

Upgrading my System Center App Controller installation from SP1 to R2 I found that I got “This page can’t be displayed” when trying to load the site. AppControllerR2_Upgrade1

  • To troubleshoot I started IIS Manager.

AppControllerR2_Upgrade2

  • Right click on the “App Controller” webpage, then selected “edit bindings”. In the site bindings pane I selected the default https binding and clicked on the edit button.

AppControllerR2_Upgrade3

  • I found that there was no SSL certificate related to that binding, so I selected the “System Center 2012 App Controller Self-Signed Certificate”

AppControllerR2_Upgrade4

  • Next, I was able to launch the App Controller portal.AppControllerR2_Upgrade5
  • If you are using a self-signed certificate like me, you may need to add the cert into your trusted root certificates store. If you have a certificate authority a option is to create a certificate that is trusted by your organization.

System Center 2012 R2 Investments

Reading through the System Center 2012 R2 release notes, I created a «new feature» comparison to illustrate where Microsoft has done the investments in this new release. There is a lot of work done on the client and server operating system. Virtual Machine Manager and Configuration Manager has a lot of new features to keep up the new feature set in Windows 8.1 and Server 2012 R2.

R2 Features

 

 

 

Upgrade Virtual Machine Manager to 2012 R2, High Level Steps.

VMM  does not support in-place upgrade. You have to uninstall VMM and retain the database. Before uninstalling VMM first uninstall any Update Rollup. After uninstalling VMM, ADK (Windows Assessment and Deployment Toolkit) 8.0 also have to be uninstalled. Before starting the VMM 2012 R2 installation you have to install ADK 8.1. Make sure you have a complete system state and database backup of the server.

  • First step is to uninstall VMM Management Server and VMM Console.

 VMM 2012 R2 Upgrade 1

  •  Next, Uninstall the ADK

VMM 2012 R2 Upgrade 5

VMM 2012 R2 Upgrade 9

  • Install System Center Virtual Machine Manager 2012 r2

VMM 2012 R2 Upgrade 11

VMM 2012 R2 Upgrade 12

VMM 2012 R2 Upgrade 13

VMM 2012 R2 Upgrade 14

VMM 2012 R2 Upgrade 15

  • Select your existing database (default name is VirtualManagerDB)

VMM 2012 R2 Upgrade 16

 Answer “Yes” when asked to upgrade the virtual machine manager database. 

VMM 2012 R2 Upgrade 17

VMM 2012 R2 Upgrade 18

VMM 2012 R2 Upgrade 19

VMM 2012 R2 Upgrade 20

VMM 2012 R2 Upgrade 22

VMM 2012 R2 Upgrade 23

VMM 2012 R2 Upgrade 24

 VMM 2012 R2 Upgrade 25

I’m speaking at a Microsoft Cloud OS launch Event! (Norwegian)

29’th of October Microsoft has an launch event addressing the new release of Windows Server 2012 R2, Windows Azure, and System Center 2012 R2.

I will do a session about “Monitoring the Cloud with System Center 2012 R2 Operations Manager”.

Get the full agenda and sign up: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032565446&Culture=en-NO

SCCM 2012: Downgrade or re-install SQL Server.

Recently I came across a scenario where I needed to downgrade a SCCM SQL Server from Enterprise to Standard edition, due to licensing. (Only Std. edition is included with SCCM). Usually I like to leave the SQL alone. This process involves a uninstall/reinstall and a site recovery.

If you ever need to do this, here is the high-level steps:

  • Run a full SCCM Backup, by starting the “SMS_SITE_BACKUP” service manually. 

More info on backup: http://technet.microsoft.com/en-us/library/gg712697.aspx

  • Document SQL Server Service Pack, CU Level and Collation.
  • Follow this article to backup SQL users and permissions. (Step 1-4)http://support.microsoft.com/kb/918992
  • STOP the Configuration Manager Site with PREINST.exe /STOPSITE

  • Uninstall the SQL Server and Reporting Services (Enterprise edition.).
  • Reboot
  • Install SQL Server (Standard edition) and Reporting Services, then service packs and cumulative updates.
  • Attach the Configuration Manager and MDT Database to the new instance in SQL Server Management Studio.
  • Follow this article to restore SQL users and permissions. (Step 5)http://support.microsoft.com/kb/918992
  • Run SCCM SETUP from the original media.

Page 1: Recover a site

Page 2: Use a site database that has been manually recovered.

Page 3: Next.

Page 4: Recover primary site.

Page 5: Install the licensed edition of this product.

Page 6: Accept license terms.

Page 7: Accept license terms (SQL and Silverlight)

Page 8: Download files..

Page 9: Verify detected site server settings (site server, sitecode etc.)

Page 10: Verify database server info.

Page 11: Customer experience program (do what you want)

Page 12: Verify all settings in the summary.

Page 13: Wait while setup completes.

Page 14: Install CU or Hotfix if required, else close the window and reboot the server.

  • Celebrate. You are done.

SCOM 2012: Remove obsolete objects from the database!

When you override and disable a discovery for a class in SCOM you may notice that objects may persist in the database. For example if you exclude a SQL database after initial SQL DB discovery it will probably still appear in the console.

To clean up the objects you can run the Remove-SCOMDisabledClassInstance Powershell cmdlet. Then all the relationships that involve objects related to a disabled discovery is deleted.

Depending on your environment, this process can take some time and put load on your SQL server.

http://technet.microsoft.com/en-us/library/hh920257.aspx

Update Rollup 3 for System Center 2012 Configuration Manager Service Pack 1 is Available!

Update for Configuration Manager 2012 Sp1 is available.

This update adds support for Windows 8.1-based client computers in Microsoft System Center 2012 Configuration Manager Service Pack 1. Windows 8.1 is added to the supported platform list.

Download: http://support.microsoft.com/kb/2882125/en-us

If you are looking for Update Rollup 3 for System Center 2012 Service Pack 1 see the link below. A lot if issues is fixed in this update.

Unable to create storage Tier in Windows Server 2012 R2

Storage tiers in Windows Server 2012 R2 enables the file server to automaticly move the most accessed files or storage blocks to SSD (fast) storage while rarely accessed data is stored on spindle disks (slow). This function let’s you create larger storage pools and virtual disks while maintaining good performance. In my case this gives me a performance boost in my Hyper-V environment.

My lab/demo setup looks like this:

  • Connected disk cabinet with 4 x 2TB SATA disks (Hardware Raid 10).
  • 2 x 240GB SSD Drives

After creating a storage pool with this disk configuration I found that “Create storage tiers on the virtual disk” was greyed out.

TIER1

After some investigation I found that the Operating System was unable to classify my “Slow” storage. Media type showed: Unknown.

TIER2

Solution:

  • Start Powershell.exe (to get cracking)
  • We need to list our disks: Get-PhysicalDisk | ft FriendlyName,CanPool,Size,MediaType 

TIER3

  • As you can see, Physical Disk 3 has “UnSpecified” set as Media Type.
  • Next, we need to set MediaType manually: Get-PhysicalDisk | Where FriendlyName -EQ PhysicalDisk3 | Set-PhysicalDisk -MediaType HDD

TIER4

  •  Run the following command again to verify: Get-PhysicalDisk | ft FriendlyName,CanPool,Size,MediaType 

TIER5

  • Problem solved, I am now able to select “Create storage tier on this virtual disk”

TIER6

Windows 8.1 and Server 2012 R2 available for Technet and MSDN subscribers!

Windows 8.1 and Server 2012 R2 are now available for IT-Pro’s and Developers!!.

Windows_8.1_1 Windows_8.1_2

Language Packs are available for following languages: English, Japanese, Korean, Arabic, Bulgarian, Czech, Danish, German, Greek, Spanish, Estonian, Finnish, French, Hebrew, Croatian, Hungarian, Italian, Lithuanian, Latvian, Dutch, Norwegian, Polish, Portuguese-Brazil, Romanian, Russian, Slovak, Slovenian, Serbian, Swedish, Thai, Turkish, Ukrainian, Chinese – Hong Kong SAR, Chinese – Simplified, Portuguese-Portugal.

Create Service Manager Incidents from Operations Manager on demand!

Brody Kilpatrick has written a great blogpost on how to create SCSM Incidents on demand from SCOM. As you may know there is a connector in Service Manager that will automatically create incidents from scom alerts. The challenge is that there is a 1-1 ratio, you can create filters but still in my expirience most customers want more control and a “human” link in between.

Credit to Brody for this one 🙂

http://operationsmanager2012.blogspot.no/2013/05/create-and-assign-service-manager.html

 

SCOM 2012: How to create a dynamic group based on a WMI query.

As you may have experienced the only way to create object discoveries in System Center Operations Manager is trough Visual Studio. But still, sometimes you may need a quick way to gather all computers with a specific application installed, configuration, process running or anything else. Then you need to look at “Attributes” within the Authoring > Management Pack Objects tab. In this example I needed to create a group gathering all servers running the System Center Configuration Manager agent.

1. Navigate to: Authoring > Management Pack Objects > Attributes

SCOM Dynamic Group 1

2. Right Click “Attributes” and select “Create New Attribute”.

SCOM Dynamic Group 2

3. Select:

  • “Discovery Type: WMI Query”
  • “Target: Windows Server (it will add _extended for you)”
  • Management Pack: Select and existing one or create a new.

SCOM Dynamic Group 3

4. Enter values below, then click “Finish”:

  • WMI Namespace: root\cimv2
  • Query: Select * from win32_process where name = “CcmExec.exe”
  • Property Name: Handle (Select any property related to the wmi class).
  • Query Interval: 300

SCOM Dynamic Group 4

5. Next we need to create a group. Navigate to: Authoring > Groups > (Right Click) “Create a new group”.

SCOM Dynamic Group 5

6. On the Dynamic Members page in the wizard, click “Create/Edit rules…”

Locate the Windows Server _Extended class, select the “Configuration Manager Agent Running” attribute.

SCOM Dynamic Group 7

7. Set Operator to: “Greater than or equal to” and Value to “1”

SCOM Dynamic Group 6

8. Click “OK”, then “Next”, “Next”, “Create”.

9. Your dynamic group is now created.

SCOM Dynamic Group 8

System Center 2012 R2, Upgrade Path

Soon, Microsoft will release System Center 2012 R2. I get a lot of questions regarding upgrade paths.

The upgrade path to any System Center 2012 R2 component (SCCM,SCOM,SCSM,SCORCH, SCVMM etc.) is:

System Center 2012 RTM > System Center 2012 SP1 > System Center 2012 R2.

SCOM 2012: Windows Azure Management Pack

The Windows Azure Monitoring Pack enables you to monitor the availability and performance of applications that are running on Windows Azure.

  • Discovers Windows Azure applications.
  • Provides status of each role instance.
  • Collects and monitors performance information.
  • Collects and monitors Windows events.
  • Collects and monitors the .NET Framework trace messages from each role instance.
  • Grooms performance, event, and the .NET Framework trace data from Windows Azure storage account.
  • Changes the number of role instances via a task.

http://www.microsoft.com/en-us/download/details.aspx?id=11324 (old one)

http://www.microsoft.com/en-us/download/details.aspx?id=38414 (Preview with New features for SCOM 2012 SP1 or later)

Vote for an affordable alternative to MSDN subscriptions comparable to TechNet!

As you may know Microsoft is retiring the Technet Subscription. IT pro’s need access to Microsoft products other than trials, to be able to maintain the neccesary knowledge and provide the best service possible to Microsoft’s customers. The only comparable subscription (MSDN) costs $6120

Technet_MSDN

Sign the petition here

 

Tools of the trade: How to encode VBScripts

Once in a while you may need to create a vbscript. If you for some reason need to hide the code from a end-user there is an easy way to do this. Actually vbscript has it’s own encoder object built-in. The only thing you need to know is how to use it. This is not a bullet-proof solution because the script could be decoded.

Shawn Stugart has submitted  a sample script that does the encoding by drag and drop. Please visit the Technet Script Center and get it here: http://gallery.technet.microsoft.com/scriptcenter/16439c02-3296-4ec8-9134-6eb6fb599880

VBEncode

 

Tools of the trade: How to create Self-Extracting Archives with Windows

It’s a well hidden deployment secret that you can create self-extracting archives with Windows. Although 3’rd party software may give you some benefits, the IExpress tool in Windows usually has what you need. You can extract files and run commands, you can do post install commands, user prompts, license agreements, select run behavior, completion message and handle or require reboots.

You can launch IExpress from the command line or “run” (win+r) I have noticed that the tool works best when you run it as administrator.

1. Let’s say I want to create a new archive “MyApp”, this app has a install.vbs script that needs to be executed as part of the installation. I start the IExpress Wizard.

IEx1

2. I select the package purpose, I want to extract files and run an installation command.

IEx2

3. I name my package “My Demo App”

IEx3

4. In this case I do not want to prompt the user in any way.

 

IEx4

5. Neither to I have a license agreement.

IEx5

6. I then add the files I want included in my package. In this case I only add Install.vbs but usually you would want to add multiple files and folders.

IEx6

7. I specify the command line to launch after the package is extracted. Wscript.exe install.vbs

 

IEx7

8. I select “default” behaviour on the show window tab.

IEx8

 

 

9. I do not want any “completion message”.

IEx9

10. I select where to create the self-extracting archive and name of the .exe file.

IEx10

11. The package should only require a restart if it’s needed by my install.vbs script.

IEx11

 

12. If I wanted to I could save the steps (“Package definition”) in a file, this is a good idea If you need to update the package later on.

IEx12

13. I click next to create the package.

IEx13

 

 

14. “Your Package has been created, click Finish when you are ready to quit”

IEx14

Windows Server 2012: Planning for Direct Access

I’ve been running Direct Access on Server 2012 for a while, beeing frustrated with complicated configuration and difficult requirements on Windows Server 2008 R2. I must say Microsoft has really improved the implementation in Server 2012. If you want to enable all features the old requirements are still there such as PKI and two Public IP-Adresses but in real life the IP-HTTPS tunnel does the trick for most of us. I get a lot of questions about requirements, scaling and implementation. With this post i’m sharing some useful resources to get this information.

Direct Access

1. Get an understanding of Remote Access with Direct Access in Server 2012: Sandeep Singhal did a good presentation at TechEd North America 2012.

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WSV302

2. Understand all the components and featureset of Direct Access.

Remote Access Overview: http://technet.microsoft.com/en-us/library/hh831416.aspx

3. Plan your implementation.

Technet Direct Access Planning Guide: http://technet.microsoft.com/en-us/library/jj574101.aspx

Direct Access Capacity Planning: http://technet.microsoft.com/en-us/library/jj735301.aspx

Windows Server 2012 Product Family Comparison

Microsoft has released a datasheet including information about locks and limits and supported server roles and features. As you will see, standard and datacenter edition now has the same features. For if you are planning to install one of those, you will only need to decide on the license model. But less known editions like Windows Server 2012 Essentials or Windows Multipoint Server has a limited feature set worth knowing about.

DataSheet

Download here: http://www.microsoft.com/en-us/download/details.aspx?id=38809&ocid=aff-n-we-loc–ITPRO40886&WT.mc_id=aff-n-we-loc–ITPRO40886

 

SCVMM: No Run As account is associated with the host

If you get this error then trying to add Resources to a host or cluter in SCVMM it’s probably because as the warning describes because no run as account is set for the host. Remeber this account cannot be the same as the scvmm service account.

RunAsProfile

1. Navigate to: Settings > Run As Accounts

RunAsProfile_Create

2. Associate the run as account with the host by using PowerShell:

$Cluster = Get-SCVMHostCluster -Name CLUSTER-NAME
$RunAsAccount = Get-SCRunAsAccount -Name "RUNASACCOUNT"
Set-SCVmHostCluster -VMHostCluster $Cluster -VMHostManagementCredential $RunAsAccount

 

 

Follow TechEd Europe Madrid Live!

If you are not one of the lucky ones attending TechEd…. Don’t worry, you can still follow the sessions online! Navigate to: http://channel9.msdn.com/Events/TechEd/Europe/2013#fbid=wipqIKVlFpz

SCCM 2012: Packages fail when using Stand-Alone media error: hr=0x87d01004

Recently I worked with a customer that has a SCCM 2012 setup configured with a Central Administration Site (CAS) and several primary sites connected.

When creating a “Stand-Alone” media on the CAS server, deployment of Packages failed with error: hr=0x87d01004. According to Microsoft this error occurs because the Software Distribution Agent is not enabled since the client has not yet received policy.

Read the official KB from Microsoft here: http://support.microsoft.com/kb/2716946

Greg Ramsey has written a blog post about this issue, explaining in details and presenting three solutions:

  • Create the stand-alone media at a Primary site instead of the Central Administration Site (CAS), or
  • Replace all “Install Software” TS Steps with “Run Command Line,”
  • Add a Run Command Line step to the task sequence after the Setup Windows       and Configuration with this WMI query:
WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName="Enable SWDist", Enabled="true", LockSettings="TRUE", PolicySource="local", PolicyVersion="1.0", SiteSettingsKey="1" /NOINTERACTIVE

Read Greg’s blog post here: http://gregramsey.net/tag/stand-alone-media-build/

Afraid of ADFS? here is a Quick Start Guide for Integrating a Single Forest AD with Azure AD

David Tesar has created a quick starte guide for integrating a single forest on-premises AD with Windows Azure AD. After completing this guide you will have federated your on-premises AD with Windows Azure AD. You will get single sign-on capatibillities to users of Windows Azure AD such as Office 365 and Windows Intune.

Get it here:  http://social.technet.microsoft.com/wiki/contents/articles/16226.quick-start-guide-for-integrating-a-single-forest-on-premises-active-directory-with-windows-azure-ad.aspx

Intune: The evolution

Spent some time today documenting the evolution of Intune. It really shows how Microsoft has developed a cloud based device management solution over time. Starting with nothing more than a glorified patch management tool (in my eyes). If we can learn something from the past, the next few years will be really exciting for Intune, from my point of view it already covers 90% of what most small to medium size companies use in SCCM today.

IntuneEvo