In the referenced article (http://stealthpuppy.com/windows-10-management-intune/) Aron Parker summarize the difference between using the MDM-API and the Intune Agent for management.
Remeber to install KB3159706 on any WSUS server standalone or System Center Configuration Manager Software Update Point to enable Windows 10 upgrades (and feature updates) that are released after May 1, 2016.
https://support.microsoft.com/en-us/kb/3159706
Please not that this update is not available for Server 2008 R2 or older.
developed by Nickolaj Andersen
https://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd
I recently created a simple PowerShell script to track the software update installation process initiated by SCCM. WMI queries below will check if all available updates is installed.
This kind of logic is useful, if you want to do advanced automation of server patching with Configuration Manager and Orchestrator. And for example replace the @Get Deployment Status activity.” in orchestrator.
#CCM_SoftwareUpdate http://msdn.microsoft.com/en-us/library/jj155451.aspx #Created by Haavard Molland $Computer = "PPATCH01" #Count available updates $updates = @(get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate" -namespace "ROOT\ccm\ClientSDK" -computer $Computer) | measure #check for updates beeing installed $WaitWhileInstalling = @(get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate WHERE EvaluationState = 6 or EvaluationState = 7" -namespace "ROOT\ccm\ClientSDK" -computer $Computer) write-host $WaitWhileInstalling #Wait for SCCM client to complete installation If(!$WaitWhileInstalling) { $InstalledUpdates = @(get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate WHERE EvaluationState = 8 or EvaluationState = 9 or EvaluationState = 12" -namespace "ROOT\ccm\ClientSDK" -computer $Computer) | measure #Make sure installed updates equals available updates. If($InstalledUpdates.Count -eq $updates.count) {$AllUpdatesInstalled = "Yes"} write-host $AllUpdatesInstalled }
If you need a simple way to create a bootable Windows XP/Vista/7/8 USB memory stick. Microsoft has created a simple tool. It was created for Windows 7, but still does the trick 🙂
The tool will format your USB pen, make it bootable, then copy files from a specified .iso to the drive.
Get it here: http://www.microsoftstore.com/store/msusa/html/pbPage.Help_Win7_usbdvd_dwnTool
Both the command line utility schtasks.exe” and the PowerShell command Get-ScheduledTaskInfo will return a column named “Last result”. The return codes differ from the last run result format you typically find in the UI.
Here is some of the status codes from last result:
0 - The operation completed successfully. 1 - Incorrect function called or unknown function called. 2 File not found. 10 - The environment is incorrect. 267008 - Task is ready to run at its next scheduled time. 267009 - Task is currently running. 267010 - The task will not run at the scheduled times because it has been disabled. 267011 - Task has not yet run. 267012 - There are no more runs scheduled for this task. 267013 - One or more of the properties that are needed to run this task on a schedule have not been set. 267014 - The last run of the task was terminated by the user. 267015 - Either the task has no triggers or the existing triggers are disabled or not set. 2147750671 - Credentials became corrupted. 2147750687 - An instance of this task is already running. 2147943645 - The service is not available (is "Run only when an user is logged on" checked?). 3221225786 - The application terminated as a result of a CTRL+C. 3228369022 - Unknown software exception.
Recently I got a request to generate a Critical Alert only when the state of a specific monitor on all servers in a Group was different than healthy. It’s possible to create PowerShell based monitors in SCOM (more on that topic later on..)
Anyway, here is my piece of code to get the monitor state:
Import-Module OperationsManager #Specify SCOM Group $Group = Get-SCOMGroup -DisplayName "TEST GROUP" $Members = $Group.GetRelatedMonitoringObjects() foreach ($member in $Members) { #get the server object. $alertobject = Get-SCOMMonitoringobject -Name $member #get the monitor, in this example DisplayName is used as parameter. $alertmonitor = Get-SCOMMonitor -DisplayName "Run As Account Verification" #If the server is not healthy, available and the monitor is enabled then.. If (($alertobject) -and ($alertobject.HealthState -ne "Success" -and $alertobject.IsAvailable -eq "True") -and ($alertmonitor.enabled -eq "True")) { #HealthState from OperationalStateCollection and only return the first line. $alertmonitor.OperationalStateCollection | select HealthState -First 1 } }
I recently had a domain controller where the computer account had expired. All external authentication failed and i got error messages such as: “The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server”
As this was a Domain Controller and FSMO role keeper a domain re-join was not possible.
Solution (from command line):
Looking for technical documentation for System Center Operations Manager? It’s published by Microsoft here: http://www.microsoft.com/en-us/download/details.aspx?id=29256
| OM12R2_Upgrade.docx | 86 KB |
| OM12R2_Upgrade.pdf | 427 KB |
| SC2012_OpsMgr_Authoring.docx | 4.3 MB |
| SC2012_OpsMgr_Authoring.pdf | 6.1 MB |
| SC2012_OpsMgr_CompleteDocumentation.docx | 9.9 MB |
| SC2012_OpsMgr_CompleteDocumentation.pdf | 17.8 MB |
| SC2012_OpsMgr_Deployment.docx | 553 KB |
| SC2012_OpsMgr_Deployment.pdf | 2.1 MB |
| SC2012_OpsMgr_GetStarted.docx | 59 KB |
| SC2012_OpsMgr_GetStarted.pdf | 248 KB |
| SC2012_OpsMgr_KeyConcepts.docx | 182 KB |
| SC2012_OpsMgr_KeyConcepts.pdf | 360 KB |
| SC2012_OpsMgr_Operations.docx | 5.1 MB |
| SC2012_OpsMgr_Operations.pdf | 8.8 MB |
| SC2012_OpsMgr_SuppConfig.docx | 109 KB |
| SC2012_OpsMgr_SuppConfig.pdf | 667 KB |
| SC2012_OpsMgr_WhatsNew.docx | 170 KB |
| SC2012_OpsMgr_WhatsNew.pdf | 405 KB |
System Center Configuration Manager 2012 R2 SP1 CU1 has been out for a couple of weeks. This update contains bug-fixes and new powershell cmdlets.
read more and download here: http://support.microsoft.com/kb/2817245/en-us
There are many benefits with Windows RT. In most cases, the user will manage the device without involving the IT-department. In educational scenario’s Windows RT enabled devices such as Microsoft Surface is getting popular, due to a low price point, stability, easy to reset and quick boot-up speed.
Even if this is a “personal” device (you own it, love it and take care of it) most IT departments this want to do some initial configuration. There is some capabilities with System Center Configuration Manager and Windows Intune where you can deploy Wi-Fi and VPN Profiles, but this requires that you have the SCCM/Intune solution configured.
If you ‘re about to roll out Windows RT devices, I recommend; “Deploying Windows RT 8.1 – A guide for Education”. This is a complete guide for enrolling Windows RT devices in educational environments. In addition there is a codeplex project providing a complete solution with scripts.
Index:
http://www.microsoft.com/en-us/download/confirmation.aspx?id=41643
Update Rollup 1 for System Center 2012 R2 is available. Following components are fixed in this update:
Get it here: http://support.microsoft.com/kb/2904734
Check it out 🙂
“SCOM 2012 Maintenance Mode Scheduler is an all new web based maintenance mode scheduler built from the ground up for SCOM 2012, SP1, and R2. by Tim McFadden”
There is still a lot of XP Clients around. Many Companies are doing “last minute” migrations these days. In System Center 2012, R2 Configuration Manager there is a bug that prevents you from deploying Windows 8.1 to a Windows XP-based computer.
Symptom:
Deployment fails, SMSTS.LOG show: “TSManager datetime 3048 (0x0BE8)”.
Solution:
Microsoft has released a hotfix, get it here: http://support.microsoft.com/kb/2910552
The third edition of the Nordic Infrastructure Conference is history. Sadly, there were no recording this year.I have gathered slide decks and demo material from some of the sessions.
Download the slide decks here
Jakob Gottlieb Svendsen:
Jan Egil Ring:
Johan Arwidmark:
Kent Agerlund:
Kristian Nese:
Kåre Rude Andersen:
Olav Tvedt:
Ståle Hansen:
Need create multiple (mass create) management packs for System Center Operations Manager 2012 r2? PowerShell is your friend. Run this script in the Operations Manager Shell (no warranties given).
The archive consists of two files:
See the code below, or download the script here
#usage .\CreateMP_.PS1
function CreateMP ($ManagementPackName)
{
function MPIDEncode ($MPID)
{
$s = $MPID
$s = $s.Replace(” “, “.”)
$s = $s.Replace(“-“, “.”)
$s = $s.Replace(“&”, “”)
$s = $s.Replace(“..”, “.”)
$s = $s.Replace(“…”, “.”)
return ,$s
}
$sManagementPackID = MPIDEncode -MPID $ManagementPackName
$MS = Get-SCOMManagementServer
$ManagementServer = $ms.DisplayName
$MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($ManagementServer)
$MPStore = New-Object Microsoft.EnterpriseManagement.Configuration.IO.ManagementPackFileStore
$MP = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPack($sManagementPackID, $ManagementPackName, (New-Object Version(1, 0, 0)), $MPStore)
Write-Host “Creating ManagementPack” + $ManagementPackName
$MG.ImportManagementPack($MP)
$MP = $MG.GetManagementPacks($sManagementPackID)[0]
$MP.DisplayName = $ManagementPackName
$MP.Description = “MP Created from Script”
$MP.Version = “1.0.0.0”
$MP.AcceptChanges()
write-host “Successfully created Management Pack”
}
ForEach ($mpname in Get-Content “CreateMPs.txt”)
{
CreateMP -ManagementPackName $mpname
}
Microsoft has released a free e-book on Windows Server 2012 R2. This is a great starting point to update yourself on this new release.
Chapters included in this book: Cloud OS, Hyper-V, Storage, Failover Clustering, Networking, Active Directory, Group Policy, IIS, Remote Desktop Services, Windows PowerShell, Windows Server Essentials.
get it here 🙂
For those of you that have experienced PXE problems and slower download (15 minutes instead of 5 minutes compared with ConfigMgr 2012 SP1) during OSD, Microsoft has now released a hotfix.
http://support.microsoft.com/kb/2905002
This time I was working with a customer on a System Center Configuration Manager Update. The error message was: “MP has rejected the request because CD(SMSID = blablabla) certificate has expired. For a few minutes I had an idea that this could be a broken client (long day), this lead me into the SCCM database for troubleshooting.
ClientAuth.log showed error:
Client ‘cbc4f875-1194-401f-b979-890454806b5a’ is unknown or has an invalid key registered in the database.
Status Message Warning (SMS_MP_Control_Manager):
The ”ClientKeyData” Table in the SCCM database contains information, about internal SCCM certificates like PXE but also self-signed client certificates.
I ran this SQL Query: “select SMSID,ValidUntil,AgentType from dbo.ClientKeyData” this returned the SMSID alerted in the Status Message. I also noticed that AgentType was set to 1, this seems to be 1 if it’s related to SCCM servers or roles.
This lead me into the SCCM certificates, I found that one of the PXE certificates on a DP had expired. Easy fix but a backwards way to find out. Therefore, if you ever see this warning I recommend you to check the certificates node in the monitoring tab in SCCM first.
One of my main sources for TechUpdates is Microsoft’s Channel 9 (http://channel9.msdn.com). Here you will find sessions from all the great events like, TechEd, MMS, Build and many more.
Reading up on Server 2012 R2 I found this series, a very good and organized source http://channel9.msdn.com/Series/NewInWS2012R2 This covers everything you need to know before booting up your lab environment to try it all yourself.
Main topics for Server 2012 R2:
Hope you enjoyed my ”Monitoring the Cloud with Operations Manager 2012 R2” session. I have received several requests for my presentation. It’s now available here (Norwegian).
See you around 🙂
If you’re looking for a guide for upgrading your SCCM 2012 SP1 environment to R2. I recommend you to use Johan Arwidmarks: “A Geeks Guide for upgrading to ConfigMgr 2012 R2 and MDT 2013”. Great guide with useful Insights from the deployment master himself.
If you have a CAS, remember this: Start the process on the CAS and work your way down the hierarchy.
NB! (Recent experience)
After you have updated your CAS it needs to re-establish its site links. Expect some heavy replication.
You will get an error related to “Parent site replication status” on all primary sites. Wait until the site links are back up and running before you upgrade your primary sites (prereq check will stop you). In my experience, this can take 1-2 hours. Pay attention to CPU/Disk activity before proceeding with the upgrade.
Objreplmgr.log and replmgr.log is good logs to check out.
High Level steps:
Read Johan’s blogpost here
NB! Additional resources.
Upgrading my System Center App Controller installation from SP1 to R2 I found that I got “This page can’t be displayed” when trying to load the site. 
Reading through the System Center 2012 R2 release notes, I created a «new feature» comparison to illustrate where Microsoft has done the investments in this new release. There is a lot of work done on the client and server operating system. Virtual Machine Manager and Configuration Manager has a lot of new features to keep up the new feature set in Windows 8.1 and Server 2012 R2.
VMM does not support in-place upgrade. You have to uninstall VMM and retain the database. Before uninstalling VMM first uninstall any Update Rollup. After uninstalling VMM, ADK (Windows Assessment and Deployment Toolkit) 8.0 also have to be uninstalled. Before starting the VMM 2012 R2 installation you have to install ADK 8.1. Make sure you have a complete system state and database backup of the server.
Answer “Yes” when asked to upgrade the virtual machine manager database.
29’th of October Microsoft has an launch event addressing the new release of Windows Server 2012 R2, Windows Azure, and System Center 2012 R2.
I will do a session about “Monitoring the Cloud with System Center 2012 R2 Operations Manager”.
.png)
Get the full agenda and sign up: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032565446&Culture=en-NO
The future is now! Microsoft has released System Center 2012 R2, get started today! read up on what’s new here.
Recently I came across a scenario where I needed to downgrade a SCCM SQL Server from Enterprise to Standard edition, due to licensing. (Only Std. edition is included with SCCM). Usually I like to leave the SQL alone. This process involves a uninstall/reinstall and a site recovery.
If you ever need to do this, here is the high-level steps:
More info on backup: http://technet.microsoft.com/en-us/library/gg712697.aspx
Page 1: Recover a site
Page 2: Use a site database that has been manually recovered.
Page 3: Next.
Page 4: Recover primary site.
Page 5: Install the licensed edition of this product.
Page 6: Accept license terms.
Page 7: Accept license terms (SQL and Silverlight)
Page 8: Download files..
Page 9: Verify detected site server settings (site server, sitecode etc.)
Page 10: Verify database server info.
Page 11: Customer experience program (do what you want)
Page 12: Verify all settings in the summary.
Page 13: Wait while setup completes.
Page 14: Install CU or Hotfix if required, else close the window and reboot the server.
When you override and disable a discovery for a class in SCOM you may notice that objects may persist in the database. For example if you exclude a SQL database after initial SQL DB discovery it will probably still appear in the console.
To clean up the objects you can run the Remove-SCOMDisabledClassInstance Powershell cmdlet. Then all the relationships that involve objects related to a disabled discovery is deleted.
Depending on your environment, this process can take some time and put load on your SQL server.
Update for Configuration Manager 2012 Sp1 is available.
This update adds support for Windows 8.1-based client computers in Microsoft System Center 2012 Configuration Manager Service Pack 1. Windows 8.1 is added to the supported platform list.
Download: http://support.microsoft.com/kb/2882125/en-us
If you are looking for Update Rollup 3 for System Center 2012 Service Pack 1 see the link below. A lot if issues is fixed in this update.
Storage tiers in Windows Server 2012 R2 enables the file server to automaticly move the most accessed files or storage blocks to SSD (fast) storage while rarely accessed data is stored on spindle disks (slow). This function let’s you create larger storage pools and virtual disks while maintaining good performance. In my case this gives me a performance boost in my Hyper-V environment.
My lab/demo setup looks like this:
After creating a storage pool with this disk configuration I found that “Create storage tiers on the virtual disk” was greyed out.
After some investigation I found that the Operating System was unable to classify my “Slow” storage. Media type showed: Unknown.
Solution:
Windows 8.1 and Server 2012 R2 are now available for IT-Pro’s and Developers!!.
Language Packs are available for following languages: English, Japanese, Korean, Arabic, Bulgarian, Czech, Danish, German, Greek, Spanish, Estonian, Finnish, French, Hebrew, Croatian, Hungarian, Italian, Lithuanian, Latvian, Dutch, Norwegian, Polish, Portuguese-Brazil, Romanian, Russian, Slovak, Slovenian, Serbian, Swedish, Thai, Turkish, Ukrainian, Chinese – Hong Kong SAR, Chinese – Simplified, Portuguese-Portugal.
Brody Kilpatrick has written a great blogpost on how to create SCSM Incidents on demand from SCOM. As you may know there is a connector in Service Manager that will automatically create incidents from scom alerts. The challenge is that there is a 1-1 ratio, you can create filters but still in my expirience most customers want more control and a “human” link in between.
Credit to Brody for this one 🙂
http://operationsmanager2012.blogspot.no/2013/05/create-and-assign-service-manager.html
As you may have experienced the only way to create object discoveries in System Center Operations Manager is trough Visual Studio. But still, sometimes you may need a quick way to gather all computers with a specific application installed, configuration, process running or anything else. Then you need to look at “Attributes” within the Authoring > Management Pack Objects tab. In this example I needed to create a group gathering all servers running the System Center Configuration Manager agent.
1. Navigate to: Authoring > Management Pack Objects > Attributes
2. Right Click “Attributes” and select “Create New Attribute”.
3. Select:
4. Enter values below, then click “Finish”:
5. Next we need to create a group. Navigate to: Authoring > Groups > (Right Click) “Create a new group”.
6. On the Dynamic Members page in the wizard, click “Create/Edit rules…”
Locate the Windows Server _Extended class, select the “Configuration Manager Agent Running” attribute.
7. Set Operator to: “Greater than or equal to” and Value to “1”
8. Click “OK”, then “Next”, “Next”, “Create”.
9. Your dynamic group is now created.
Soon, Microsoft will release System Center 2012 R2. I get a lot of questions regarding upgrade paths.
The upgrade path to any System Center 2012 R2 component (SCCM,SCOM,SCSM,SCORCH, SCVMM etc.) is:
System Center 2012 RTM > System Center 2012 SP1 > System Center 2012 R2.
The Windows Azure Monitoring Pack enables you to monitor the availability and performance of applications that are running on Windows Azure.
http://www.microsoft.com/en-us/download/details.aspx?id=11324 (old one)
http://www.microsoft.com/en-us/download/details.aspx?id=38414 (Preview with New features for SCOM 2012 SP1 or later)
Service Manager job aids is a collection of tools, useful when you are implementing SCSM such as documentation of the Service Manager architecture and DataMart database, Service functions to Incident and Change management process, Visio templates and the Service Manager 2012 sizing tool!
download here: http://go.microsoft.com/fwlink/p/?LinkID=232378
Windows 8.1, Windows Server 2012 R2 and System Center 2012 R2 will be available for download October 18th and available for purchase november 1st.
Read more about what’s new in R2 here
Finally got around a busy schedule to take the exams. I am now a Microsoft Certified Solutions Expert Private Cloud.
As you may know Microsoft is retiring the Technet Subscription. IT pro’s need access to Microsoft products other than trials, to be able to maintain the neccesary knowledge and provide the best service possible to Microsoft’s customers. The only comparable subscription (MSDN) costs $6120
Sign the petition here
Once in a while you may need to create a vbscript. If you for some reason need to hide the code from a end-user there is an easy way to do this. Actually vbscript has it’s own encoder object built-in. The only thing you need to know is how to use it. This is not a bullet-proof solution because the script could be decoded.
Shawn Stugart has submitted a sample script that does the encoding by drag and drop. Please visit the Technet Script Center and get it here: http://gallery.technet.microsoft.com/scriptcenter/16439c02-3296-4ec8-9134-6eb6fb599880
It’s a well hidden deployment secret that you can create self-extracting archives with Windows. Although 3’rd party software may give you some benefits, the IExpress tool in Windows usually has what you need. You can extract files and run commands, you can do post install commands, user prompts, license agreements, select run behavior, completion message and handle or require reboots.
You can launch IExpress from the command line or “run” (win+r) I have noticed that the tool works best when you run it as administrator.
1. Let’s say I want to create a new archive “MyApp”, this app has a install.vbs script that needs to be executed as part of the installation. I start the IExpress Wizard.
2. I select the package purpose, I want to extract files and run an installation command.
3. I name my package “My Demo App”
4. In this case I do not want to prompt the user in any way.
5. Neither to I have a license agreement.
6. I then add the files I want included in my package. In this case I only add Install.vbs but usually you would want to add multiple files and folders.
7. I specify the command line to launch after the package is extracted. Wscript.exe install.vbs
8. I select “default” behaviour on the show window tab.
9. I do not want any “completion message”.
10. I select where to create the self-extracting archive and name of the .exe file.
11. The package should only require a restart if it’s needed by my install.vbs script.
12. If I wanted to I could save the steps (“Package definition”) in a file, this is a good idea If you need to update the package later on.
13. I click next to create the package.
14. “Your Package has been created, click Finish when you are ready to quit”
I’ve been running Direct Access on Server 2012 for a while, beeing frustrated with complicated configuration and difficult requirements on Windows Server 2008 R2. I must say Microsoft has really improved the implementation in Server 2012. If you want to enable all features the old requirements are still there such as PKI and two Public IP-Adresses but in real life the IP-HTTPS tunnel does the trick for most of us. I get a lot of questions about requirements, scaling and implementation. With this post i’m sharing some useful resources to get this information.
1. Get an understanding of Remote Access with Direct Access in Server 2012: Sandeep Singhal did a good presentation at TechEd North America 2012.
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WSV302
2. Understand all the components and featureset of Direct Access.
Remote Access Overview: http://technet.microsoft.com/en-us/library/hh831416.aspx
3. Plan your implementation.
Technet Direct Access Planning Guide: http://technet.microsoft.com/en-us/library/jj574101.aspx
Direct Access Capacity Planning: http://technet.microsoft.com/en-us/library/jj735301.aspx
Microsoft has released a datasheet including information about locks and limits and supported server roles and features. As you will see, standard and datacenter edition now has the same features. For if you are planning to install one of those, you will only need to decide on the license model. But less known editions like Windows Server 2012 Essentials or Windows Multipoint Server has a limited feature set worth knowing about.
Download here: http://www.microsoft.com/en-us/download/details.aspx?id=38809&ocid=aff-n-we-loc–ITPRO40886&WT.mc_id=aff-n-we-loc–ITPRO40886
If you get this error then trying to add Resources to a host or cluter in SCVMM it’s probably because as the warning describes because no run as account is set for the host. Remeber this account cannot be the same as the scvmm service account.
1. Navigate to: Settings > Run As Accounts
2. Associate the run as account with the host by using PowerShell:
$Cluster = Get-SCVMHostCluster -Name CLUSTER-NAME $RunAsAccount = Get-SCRunAsAccount -Name "RUNASACCOUNT" Set-SCVmHostCluster -VMHostCluster $Cluster -VMHostManagementCredential $RunAsAccount
Recently I worked with a customer that has a SCCM 2012 setup configured with a Central Administration Site (CAS) and several primary sites connected.
When creating a “Stand-Alone” media on the CAS server, deployment of Packages failed with error: hr=0x87d01004. According to Microsoft this error occurs because the Software Distribution Agent is not enabled since the client has not yet received policy.
Read the official KB from Microsoft here: http://support.microsoft.com/kb/2716946
Greg Ramsey has written a blog post about this issue, explaining in details and presenting three solutions:
WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName="Enable SWDist", Enabled="true", LockSettings="TRUE", PolicySource="local", PolicyVersion="1.0", SiteSettingsKey="1" /NOINTERACTIVE
Read Greg’s blog post here: http://gregramsey.net/tag/stand-alone-media-build/
David Tesar has created a quick starte guide for integrating a single forest on-premises AD with Windows Azure AD. After completing this guide you will have federated your on-premises AD with Windows Azure AD. You will get single sign-on capatibillities to users of Windows Azure AD such as Office 365 and Windows Intune.
