Thursday, October 28, 2010

Troubleshooting Task Sequences

In my last blog I explained some Troubleshooting issues in ConfigMgr 2007, especially foccussed on Windows Deployment Services (WDS). But what to do when the Task Sequence is running, and you get an error during deployment? This blog will help you troubleshooting on that part!

During the time your Task Sequence is running; where to find the logfiles when it goes wrong? First of all enable "command prompt support" on both boot images. This enables pressing F8 during deployment in the WinPE stage. This will become very useful when troubleshooting deployment issues. This because you can open the various logfiles, access network shares or try to ping/access your Distribution point(s).

During installation the smsts.log file is located at different places. Everytime the device is booted again while the Task Sequence is still running, the smsts.log will be copied to a smsts--.log file, and a new smsts.log file will be created.

1. System booted in WinPE and the local harddisk is not modified (smsts.log in the "x:\windows\temp\smstslog" folder)
2. System booted in WinPE and the local harddisk is partitioned and formatted (smsts.log in the "x:\smstslog" folder and after that in the "c:\_SMSTaskSequence\Logs\Smstslog" folder
3. System booted in Windows before the ConfigMgr client is installed (smsts.log in the "c:\_SMSTaskSequence\Logs\Smstslog" folder)
4. System booted in Windows after ConfigMgr client is installed (smsts.log in the "c:\windows\system32\ccm\logs\Smstslog" folder)
(When using a x64 device, you can find it in the "c:\windows\SysWOW64\ccm\logs\Smstslog" folder)

From this point you can examine the smsts.log in order to find out what went wrong. The messages displayed give you mostly a good idea on where to start looking.

When watching these logfiles; Trace32 is the recommended way. This because Notepad will not dynamicly update the information you see, and Trace32 will do that for you. Also any warnings are displayed in yellow, and any errors are displayed in red. In that way you have a quick view what's wrong during deployment. Remember that trace32 only works in a x86 environment, so for the x64 boot image it will not work. Then you must copy the logfiles to a fileshare, and open it from another x86 machine with Trace32 installed on it.

For error solving there is an additional option to look for error codes. This can be found in Trace32 - Tools - Error lookup. Now you are ready for true troubleshooting in Task Sequences! Trace32 is part of the "System Center Configuration Manager 2007 Toolkit V2" and can be found here:

The following list provides specific information about each tool in the toolkit.
  • Client Spy - A tool that helps you troubleshoot issues related to software distribution, inventory, and software metering on Configuration Manager 2007 clients.
  • Delete Group Class Tool - A tool used to remove inventory group definitions along with history data, tables, views and stored procedures for the group.
  • Desired Configuration Management Migration Tool - A tool used to migrate from the DCM Solution for SMS 2003 to DCM in ConfigMgr 2007.
  • Desired Configuration Management Model Verification Tool - A tool used by desired configuration management content administrators for the validation and testing of configuration items and baselines authored externally from the Configuration Manager console.
  • Desired Configuration Management Substitution Variable Tool - A tool used by desired configuration management content administrators for authoring desired configuration management configuration items that use chained setting and object discovery.
  • Management Point Troubleshooter Tool - A tool that checks a computer system before and after a management point installation to ensure that the installation meets the requirements for management points.
  • Policy Spy - A policy viewer that helps you review and troubleshoot the policy system on Configuration Manager 2007 clients.
  • Preload Package Tool - A tool used to manually install compressed copies of package source files on Configuration Manager 2007 sites.
  • Security Configuration Wizard Template for Configuration Manager 2007 - The Security Configuration Wizard (SCW) is an attack-surface reduction tool for the Microsoft Windows Server 2008 R2 operating system. Security Configuration Wizard determines the minimum functionality required for a server's role or roles, and disables functionality that is not required. The Configuration Manager 2007 Service Pack 2 Security Configuration Wizard template supports new site system definitions and enables the required services and ports.
  • Send Schedule Tool - A tool used to trigger a schedule on a Client or trigger the evaluation of a specified DCM Baseline. You can trigger a schedule either locally or remotely.
  • Trace32 - A log viewer that provides a way to easily view and monitor log files created and updated by Configuration Manager 2007 clients and servers.

Tuesday, October 26, 2010

ConfigMgr 2007 Troubleshooting issues

Everybody knows there are some challenges when installing, configuring and managing ConfigMgr 2007. With SMS 2003 that was the same, a great product when it works, but a lot of frustration when it doesn't. I personally think ConfigMgr 2007 does work a lot better then SMS 2003, but still there are some challenges. In this blog I will define some of that challenges, and how I resolve them. Also I will put some handy URL's for troubleshooting, so your ConfigMgr environment will function a lot better! In my other blogs I declare what to do with driver management and migrating collections. Now I go further and treat the rest.. These are all real live situations, so take it to your advantage!

First of all you must put your network drivers in the boot images, because otherwise deployment will not work at all. This must be the newest drivers with support for WinPE OS. Best practice is using the x64 boot image for Capturing images, and the x86 boot image for Deploying images. Also Trace32 is a nice utility (available since SMS 2003) for putting in the boot images. When reading logfiles you can do it better in Trace32 and not in Notepad. Have a look for yourself, and you know what i mean. There is no Trace64 utility at the moment, so you must do it with the older one. Trace32 will become very handy! Remember that it's only functional in a x86 environment. For x64 troubleshooting you must put in on a share, and open the logfile on a x86 device, with trace32 installed. More about logfiles in my next blog!

Also check if the packages (listed in the Task Sequence) are available on the Distribution point. Otherwise deployment will fail also. When using Multicast, ConfigMgr 2007 R2 and specific configuration is needed. Because Multicast works only in WinPE mode, you have the choice to put your applications in the default WIM image. Not installing them, but only put the source in it. Then you are still flexible, and make use of full Multicast functionality! Otherwise a part of the installation will be in Multicast, and the other part (applications) will not. I will write a blog about Multicast later, so stay tuned for that one!

Now some other Troubleshooting issues! When deploying an image on the same device many times (for testing possibilities) deployment will fail with This because Windows Deployment Services (WDS) cannot handle that, and must have a reset. The best thing you can do is resetting the WDS service on the ConfigMgr server. When this is not the solution you must stop the WDS service, deleting the PXEBootFiles folder and all other PXE folders and files in C:\Windows\Temp and start the service again. When it's still not working, then your object is obsoleted in the collection. For solving that add an "Membership rule" on the specific collection (blue computer icon), and choose the following:

(Where Value is your computername) On the next setup page "Collection Limiting" choose No collections and go further. On the next setup page "Select Resources" choose all devices you see (mostly two i think). When back in the collection delete the object that is obsolete. Then deployment will work finally again! When advertising a Task Sequence (or something else) you can choose between mandatory deployment or not. For testing possibilities it's better for choosing No mandatory deployment. Otherwise you must remove the PXE Advertisement (screenshot) after each try. The above steps are needed because WDS cannot handle re-imaging of devices within one hour. There is a way for shorten the delay, but default it will be one hour.

The way for that is installing a Microsoft hotfix and modyfing a registry key. The hotfix can be found at:
(Operating system deployment fails in a System Center Configuration Manager 2007 SP1 environment if you deploy a different operating system to a client within one hour of a previous deployment).

This hotfix is not needed anymore when you installed ConfigMgr SP2 in your environment.

The registry key which must be changed can be found at: [HKLM\Software\Microsoft\SMS\PXE\CacheExpire] or when using a x64 device it can be found at: [HKLM\Software\Wow6432Node\Microsoft\SMS\PXE\CacheExpire].
Change the value from 0 tot 180 decimal (0x000000b4); this changes the default 60 minutes to 3 minutes (another value is also possible).
Microsoft explanation:

For questions or improvements please put some comments on this blog!

Tuesday, October 19, 2010

New functionality in ConfigMgr 2012 (vNext)

Now ConfigMgr R3 is released we must wait for ConfigMgr v.Next to get new functionality. Here is a (small) list of changes between ConfigMgr 2007 and v.Next:
  • While ConfigMgr 2007 is 32-bit, v.Next is 64-bit Native only! (some may require W2k8 R2)
  • Mobile Device Manager is built-in (so the product itself doesn't exist anymore)
  • SQL Server 2008 64-bit is required for the ConfigMgr database!
  • SQL Reporting Services is the only reporting platform, instead of standard reporting
  • Distribution groups are added for administrative purpose
  • The default "All" collections is minimized to All Systems only!
  • Advertisements are renamed into Deployments (and positioned better, because they were beneath Software Distribution in 2007)
  • Improvements to OS Deployment and Remote Control (now possible with the usage of CTRL-ALT-DEL)
  • There are some new System roles in it: Software Catalog Web Service Point, Software Catalog Web Site Point, Mobile device enrollment proxy point, Mobile device enrollment point (because of Mobile Device Manager functionality)
  • A migration from ConfigMgr 2007 will be a clean install, not an in-place installation!
  • Desired Configuration Management and Asset Intelligence roles are integrated into a “Assets and Compliance” tab
  • Software Updates auto-deployment (including Forefront definitions)!
  • The product is more user-based instead of computer-based! (e.g. software distribution to users)
  • And last but not least: v.Next looks like a real System Center product, and not like SMS 2003 ;o)

The product itself will be available end of 2011, so that takes another year! In the meanwhile we can play with the Beta version, so more information is on it's way!

Monday, October 18, 2010

Creating dynamic collections in ConfigMgr

When designing a new ConfigMgr environment, there is not only a total design needed but also a plan for the collections. I let my decision mostly be based on what functionality is needed, and if Active Directory is leading or not. This because you can create collections on many different ways, and advertisements can only be set on collections. So when you advertise an operating system, application or software update it will be bound to a collection. For OS deployment you can create additional colllections, but what to do with the other ones? The most used way is bound the collections to Active Directory OU's. In that way Active Directory is leading, and it will synchronize objects to ConfigMgr collections. I will explain here what to do, and how to bind them to Active Directory.

After installation of ConfigMgr there are a lot of default collections, but they are not always handy and useful. You can move this default collections to a new one, so there not in sight all the time. Now it's better to create your own collections, so you can decide which devices to put in your collections. There is a query needed for bounding collections to OU's, but first you must create these collections. You can do this manually, or there is also a way for importing them from Active Directory. The tool needed for that is named "SCCM OU Collection creator". This tool can be download here:

With this tool you can create many collections at once, and the good news is it will be automatically bound to Active Directory OU's. Because you want to move these collections afterwards to another location, there is another tool needed, The tool needed for that is named "CollTree for SCCM". This tool can be download here:

This tool is even compatible with SMS2003 collections, and it will become very handy. Okay, now the collections are imported, moved, and there is an query on it. But how to set a manually query on the collections? The command for that is not that difficult. First create a new collection, and open the properties of it. On the tab “Membership rules” create a new SQL query, and choose System Resource & Edit Query Statement, then select the Criteria tab. Choose New Query and fill in the following properties: 

Choose OK after that. Now you must decide how fast collections will be synchronized. Default the collection will be synchronized within 1 day. Because it can be to slow to have the objects in Active Directory synchronized with the collections, you can shorten the schedule to 1 hours, or even 15 minutes. Better is it to choose for the new R3 update, because collections will synchronized must faster then before. I will post that new functionality later. This is all you have to do for having dynamic collections in ConfigMgr.

Friday, October 15, 2010

ConfigMgr 2007 R3 is here!

Sooner then expected, but even a long wait: ConfigMgr 2007 R3 is here! This will be probably the last release for ConfigMgr 2007, because the next release is now available in beta. Which improvements will R3 bring to us, and is it worth it for installing the update? The answer is Yes, because there are some cool things in this release. Below is a quick summary of what’s new with R3:

Centralized Power Management
Configuration Manager R3 lets IT organizations centrally manage the power settings of Windows 7, Vista and XP computers, helping reduce energy consumption and costs. You can plan and apply a power management policy for high and low PC usage periods, monitor user activity to avoid any productivity interruptions and correct non-compliance. Detailed reports of trends and settings help you make smart power management choices, and also validate Green IT projects with summaries of power, money and CO2 savings.

Mobile Device Management
Configuration Manager R3 includes licenses for the popular System Center Mobile Device Manager, so you can run comprehensive asset inventories, deploy software, manage settings and enforce password policies for Windows phones.

Enhanced Scalability and Performance
Configuration Manager R3 is more scalable than ever, increasing the number of supported clients to 300,000 per site. R3 is also more efficient in the way it communicates with Active Directory, helping you discover user or machine changes more quickly and allowing custom queries to define user, system or group attributes.

Finally, it is worth noting that, just like Configuration Manager R2, R3 will be the foundation for the upcoming Forefront Endpoint Protection 2010. By bringing endpoint security into overall endpoint management, you can reduce costs and inefficiencies, and also improve security and compliance.

Especially the Power Management integration, and communication with Active Directory (which will be must faster), are useful functionality. Also the right-click tools are not necessary anymore for putting clients in a collection. This because R3 has this functionality build-in now. Right-click on a collection you want to manage and there is a new option available, "Add Resource". It is also possible to right-click a resource like a computer and use “Manage Collection Membership” to add it to a collection. Really useful!

Thursday, October 14, 2010

Driver management in ConfigMgr 2007

One of the difficult things in deployment is getting all drivers to work. Best practice here is to remove the "auto-apply drivers" in the Task sequence, and put "add driver package" instead. Most of the time when i'm import drivers, i give them a tag-name for the model. In that way you can easely update or remove a model later. There is also an option for creating folders in it. Bad thing is you can't import a driver multiple times, so that's not a good idea after all. Also the search folder will be a good idea actually.. In that way the folders are query based, so you can seperate the drivers in different folders.

For getting the right driver package on a system, you must put a condition on the driver packages. The most implemented way is by model name of the systems. The command for getting that is by CMD.exe - WMIC /Node - CSProduct Get Name. The result for that command must be placed in the condition of the driver package. The rule for that is "SELECT * FROM Win32_ComputerSystem WHERE Model LIKE "%<MODEL>%" where %<MODEL>% must be replaced with the actual model name. Now you are ready for deploying many types of systems with different driver packages.

But what to do with drivers that are not installed after deployment? There are drivers that won't be installed on the system, whatever you do. For solving that look at the option for creating a software package. If there is a setup-file in that specific driver folder, you can do an unattended install, and put it in your Task sequence. Now you will see that every single driver will be installed. For boot images it's the best to work with the newest NIC drivers for getting it to work. Now you can truly enjoy the "one image" functionality!

Wednesday, October 13, 2010

Welcome on the Configuration Manager Library!

I am Henk Hoogendoorn, 40 years and working as a Consultant & Microsoft Certified Trainer (MCT) at PQR in De Meern. My speciality is focussed is on Device Management and User Environment (the management of applications, desktops & clients, and keep it simple and effective). On that way i am often involved in designing and installing deployment solutions, and creating (ConfigMgr) environments.

This is of course possible with many products, but ConfigMgr is one of my favorites. This website has a lot of information about this product, and will be regular updated. Take it to your advantage, and come back often for new information. At present there is much information about vNext, this new release is planned for late 2011! Also R3 is on it's way, and is planned for later this year.

Come back later for more!