Friday, January 14, 2011

Configure dynamic collections in ConfigMgr

After the success of my first blog "Creating dynamic collections in ConfigMgr" (most pageviews on this blog), I will write a follow-up on this item. It seems that many people are searching on this specific item, because there are no dymanic collections based on AD discovery data when installing ConfigMgr 2007. In this blog I will describe exactly what to do for having dynamic configuration. It must work this way!

First create new collections for all places there are systems in Active Directory OU's. When you have different OU's for desktops, laptops & specials for meaning, create collections for that systems also. It is also possible to bound user groups to it, which are useful for application deployment. I will write a new blog for App-V packages in ConfigMgr 2007 later on. On all of the collections you have the choice to configure systems or users/user groups.

  
I have created an "Virtual Machines" OU first. Now start a "Active Directory System Group Discovery". This can be found at Site Management > Site Server > Site Settings > Discovery Methods. This System Group Discovery must have the following settings: "Enable Active Directory System Group Discovery".


Choose the yellow star, and add the domain you are working with. In my case this is SystemCenter.com. First choose for the default AD settings: Local domain and Recursive will be default selected. It is also possible for selecting an specific OU, instead of complete discovery (see options below).

  • Local domain: Browse for AD containers in the domain where the computer running the Configuration Manager 2007 console resides.
  • Custom LDAP: Indicates that you want to browse for Active Directory containers. This option activates Browse.
  • Recursive: Default. When selected, indicates that AD discovery searches child containers. Otherwise, child containers are not searched.
  • Include groups: Not default. When selected, Active Directory discovery discovers objects within groups.

When choosing for Local domain (default option), the above screenshot will be displayed. Choose the Domainname for searching in all containers. The OU's with systems in it will be automatically recognized. (It is also possible for selecting an specific OU, instead of complete discovery).


On the tab "Polling Schedule" you can change the schedule option from 1 day to 1 hour or lower (best practice when using ConfigMgr 2007 R2). This because otherwise new Active Directory OU's will be synchronized once a day. With ConfigMgr 2007 R3 this is not needed anymore, so it doesn't have to be changed.

New in ConfigMgr 2007 R3 is "Enable delta discovery" which is default set on 5 minutes. This setting doesn't have to be changed, because this performs an intermediate discovery cycle adding only new resources to the ConfigMgr database. Choose also "Run full discovery as soon as possible" for recognizing Active Directory OU's immediately.


On the tab "Membership Rules" you can change the schedule option from 1 day to 1 hour or lower (best practice when using ConfigMgr 2007 R2). This because otherwise new systems will be synchronized to collections once a day. With ConfigMgr 2007 R3 this is not needed anymore, so it doesn't have to be changed.

New in ConfigMgr 2007 R3 is "Dynamically add new resources" which is default off. Choose to turn it on, because this allows you to more rapidly evaluate a collection membership by adding only newly discovered resources. Now open collection properties (in my case Virtual Machines), and click on the yellow (database) icon.


Give the query a name (in my case Virtual Machines) and choose for "Edit Query Statement". Let the option "Collection limiting" at default (Not collection limited), because when choosing "Limit to collection" not all the systems can be found.

When select OK a new windows will be opened. On the tab "Criteria" select the yellow star, and choose Select again (beneath "Simple value"). Choose here for the following options:


Fill in "System Resource" and "System OU Name" and select OK. In the next field choose Value (beneath "is equal to"). This will open a new window, with OU's recognized before (Active Directory System Group Discovery).


As you can see only 2 options are available. This because these are the only containers which contains systems. I choose "Virtual Machines" here, and select OK again. My Criterion properties has the following information now:


Choose OK multiple times now, and the configurating will be done. Now there is a new collection created, which is synchonizing from a Active Directory OU. When I choose Refresh, the systems in Active Directory will be automatically displayed in the "Virtual Machines" collection.


I hope you have enough information now for setting up a dynamic collection. When there are questions or other input, please add a comment to this blog, or contact me by e-mail.

Tuesday, January 4, 2011

Task Sequence fails after R3 Client Hotfix

When installing Configuration Manager 2007 with the Release 3 (R3) update, there must be a Client Hotfix installed first. This hotfix (KB977384) will create a package and program for you, which is handy for updating existing clients. Download location: http://support.microsoft.com/kb/977384


When advertising this client hotfix to systems only it will works fine, but when adding this client hotfix to a Task Sequence for deploying multiple applications it goes wrong. The Task Sequence will simply fails after installing the client hotfix, and installation will stop working.

In the SMSTS.log there will be the following errors seen:
- The sms client service is not running
- Install Software failed, hr=0x80040215
- Failed to run the action: Install <software package>
- Unknown error (Error: 80040215; Source: Unknown)

This because of the following issue:
When installing the client hotfix, it will shutdown the existing ConfigMgr client and WMI. After installation of the new client hotfix, it doesn't look like the ConfigMgr client or WMI service are restarting. Without these essential parts, installation will not working again. This is the reason why the Task Sequence will fail.

Update: Best practice from Microsoft is to not use the hotfix as single step in the task sequence. Just put it in the default "Setup windows and ConfigMgr" step. In the Installation properties box, type the following: PATCH="%_SMSTSMDataPath%\OSD\<var><Package_ID></var>\i386\hotfix\KB977384\SCCM2007AC-SP2-KB977384-x86-enu.msp"
Then installation will continue working.