Friday, March 28, 2014

Cumulative Update 1 for ConfigMgr 2012 R2 released

Today Cumulative Update (CU) 1 for ConfigMgr 2012 R2 is released. It contains 22 updates and 7 hotfixes included. Great that the following issues are solved, because both of them I experienced last weeks:

-With App-V 5.0 SP2, App-V packages that are being used cannot be uninstalled (ever). > true!
-External drives, such as some USB thumb drives, are displayed as fixed disks instead of removable media. Attempts to start and install an OS image result in error messages. > true!


Here's a list of issues that are fixed, there are quite a lot of them:
-Administrator Console (3 updates)
-Mobile Device Management (1 update)
-Reporting (1 update)
-Application Virtualization (2 updates)
-Internet-based clients (1 update)
-Software Center (3 updates)
-Operating system deployment (6 updates and 4 hotfixes)
-Endpoint Protection (1 update)
-Application management (2 updates and 1 hotfix)
-Supported operating systems (1 hotfix)
-Site systems (1 update)
-Windows PowerShell (1 hotfix)
-Wake-up proxy (1 update)

Just install it in your environment when experiencing problems described in this article. When not affected by these problems, Microsoft recommends to wait for the next service pack that contains this update. Great that CU1 is available now!


For more information or download the update have a look here:
Microsoft Support

Thursday, March 27, 2014

Most popular scripts, tools and queries for ConfigMgr usage

During ConfigMgr installation I'm using a lot of scripts, tools and queries. These are most used during or after OS deployment to get the job done. In this blogpost I mention a few of most popular scripts, tools and queries used. Have fun using them!
 
Adding Computer to AD groups during deployment
Application E-Mail Approval Tool
Automate Computer Name during OSD
ConfigMgr Console Extensions
Enabling and Disabling Microsoft Update in Windows 7
Group Policy WMI filters
Move computer object to another OU
Powershell Right Click Tools
Powershell script collection for ConfigMgr 2012
Remove from collection and clear PXE flag
Re-run Task Sequence Tool 1.0
RIGHT CLICK TOOLS FOR SCCM 2012 CONSOLE
SCCM 2012 Management Scripts
SCCM Client Actions Tool PowerShell Edition
Showing the Collection Membership of a Resource
System Center 2012 R2 Configuration Manager Toolkit

Update1:
Deploy Wifi profiles with SCCM
Endpoint Protection Definition Script
Remove Client from Collection after OSD 1.1
Show Collection Details right-click action
Show Maintenance Windows information for a device
 
Update 2:
Dell Command | Integration Suite for System Center
HP Client Integration Kit for ConfigMgr 2012 R2
Now Micro Right Click Tools (free)
Remove Expired & Superseded Updates in SUGs
Set of Operational SCCM Collections

Update 3:
Add computer to security group during OSD
System Center Endpoint Protection Policy Templates
ConfigMgr Prerequisites Tool 1.4.1

Even more scripts, tools and queries can be found here: "System Center - resources for IT professionals".

How to rename a volume during OS deployment (or afterwards)

Last time it was needed to change a volume label because of difference volume labels on systems. Searching on the web I found a script which does the job easily. Let's change the volume label for drive C to "System" (for example).

==============================

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colDrives = objWMIService.ExecQuery _
    ("Select * from Win32_LogicalDisk where DeviceID = 'C:'")

For Each objDrive in colDrives
    objDrive.VolumeName = "System"
    objDrive.Put_
Next 


==============================

The VBS script can be found here: Script Center
That's all needed!

Tuesday, March 25, 2014

How to update an existing KMS Host (based on Windows Server 2008)

Last week it was needed to update an existing KMS host. This because new Operating Systems based on Windows 8.1 and Windows Server 2012 R2 (both Windows 6.3) must be activated. Because an error message is displayed on Windows Server 2008, an hotfix must be installed first before importing the key. Let's have a look.

KMS (Key Management Service) activates computers on a local network, eliminating the need for individual computers to connect to Microsoft. To do this, KMS uses a client–server topology. Commands for setting up a KMS host can be found here: Key Management Services (KMS) explained. When using Windows Server 2008, an update is needed to activate Windows 6.3 systems.

This update extends KMS for Windows Vista, for Windows Server 2008, for Windows 7, and for Windows Server 2008 R2 to enable the enterprise licensing of Windows 8 / 8.1 and of Windows Server 2012 / R2. The update can be found here: Microsoft Support. After installing the update it's possible to update the KMS host finally.

Other blogposts about KMS available:
Using KMS Client Setup Keys during deployment  

Usage of Microsoft Office 2010 KMS Host License Pack
Usage of Microsoft Office 2013 KMS Host License Pack

Monday, March 24, 2014

How to configure default Time Zone by Group Policy

Today I did a try to configure the default Time zone by Group Policy. This on a Domain joined Thin client with default user logon. Because the Time zone was set wrong, communication in ConfigMgr to the client wasn't that good. Let's have a look at the possibilities.
 
On first try I did this one: Time Zone registry key?
Using an export of HKLM\ SYSTEM\ CurrentControlSet\ Control\ TimeZoneInformation
No luck with that one! (using the regkey didn't help me)

Second try: Group Policy to set the time zone
Again no luck.. (last picture in post, using Preferences)
Did it work for you [Roel Janssens] or not?

Third try: Time Zone Configuration Group Policy adm Template
This is a Custom group policy for the domain controller where the administrator can define the Time zone of each PC using this policy.
Using the script didn't helped me either (many errors which must be resolved before usable)

Fourth try: Set time zone using GPO in windows 2008 r2
On first try it didn't work, but after using "Set a Windows Server's time zone using Group Policy" it did work after all. Just use the command (TZUTIL) from a remote share and you will be fine.

In my case: tzutil /s "W. Europe Standard Time"

Hope it helps!

Thursday, March 20, 2014

Windows Intune Roadmap - Partner Session Feb 2014

Last month I get an invite for the Windows Intune Roadmap. This remote session was for partners only, to show the User and Device Management Roadmap. No big update once or twice a year, but small monthly updates to bring Intune on-speed sooner. Let's have a look at new features which are coming in next months.

Above features are implemented already. With Richer cloud-only MDM capabilities, Microsoft wants same functionality in Windows Intune standalone as hybrid configuration (for example: Android support, email profile configuration and selective wipe). No need to integrate with ConfigMgr 2012 R2 that way for these features.

Even more features will be available in the next coming months. Windows Intune will be more advanced and mature that way. At the moment it feels sometimes if functionality is missing. That will be improved when above roadmap is functional. Hope that Intune will be competitive with other MDM solutions soon.

No System Center and Intune fusion [yet] for it seems! :)

Tuesday, March 18, 2014

OS deployment monitoring in ConfigMgr 2012 R2

When doing OS deployment in ConfigMgr 2012 R2, which is one of main features, it seems nice to start monitoring on that. Especially when on a remote location and using Zero Touch installation (ZTI) to do the job. In older versions of ConfigMgr I used reporting for that. Within 2012 R2 it's possible to have a recent view in deployment monitoring. Let's have a look at functionality first.

When in the ConfigMgr console, go to the Monitoring tab. There you find Deployments. Within deployments you will find all packages, task sequences and update jobs which has an deployment on them. When looking at OS deployment monitoring, select the task sequence job running, and "View status". Have a look at "Summarization time", and click "Run summarization" when not recent. Click "Asset details" and "More details" to open a new window.

 
Within the new window, select status to see an overview of OS deployment steps. Unfortunately it's needed to sort them on Execution time and maximize the window every time when opening. Also the monitoring window is not dynamic so you need to "Run summarization" multiple times, and open the window again. Every time the window opens you need to sort on Execution time and maximize the window. At last it's not possible to start anything else in the Console as long as the monitoring window is active.

Let's recap. I really think OS deployment monitoring is great. Maybe Microsoft can create an dynamic monitoring window which saves the configuration? Customers are asking for this type of window also. For a first version it looks great but not complete yet. Hope this can be arranged in a new ConfigMgr update. Thanks!

Friday, March 14, 2014

Win a trip around the world with Veeam

Sponsor post

Today I want to share some big news from Veeam!

 
Veeam is about to get its 100,000th customer and is launching an interactive contest for a chance to win a trip around the world and other prizes (Google Glass, iPad and Microsoft Surface).

To participate, you need to register and predict the location of Veeam’s 100,000th customer on the interactive map. The closer you are to the right spot, the better chance you have to win the trip around the world and other prizes.

We currently have a live pre-registration page. The main contest will start next week. Join in on the fun!

Guess the location here: http://world.veeam.com/
For more information: http://world.veeam.com/veeam_tc_2014.pdf
I registered already. You too?

Update: Please follow the link below to get access to the contest page: http://world.veeam.com/map/
1. Click the link to login
2. See where Veeam customers are and what other players choose
3. Place your marker!

Thursday, March 13, 2014

HP Client Integration Kit for ConfigMgr 2012 R2

Today I installed the HP Client Integration Kit for ConfigMgr 2012 R2. The HP Client Integration Kit (HP CIK) is a plug-in for ConfigMgr that improves the customer experience in deploying Windows XP and Windows 7 images to HP-managed clients. The same is seen in Dell Client Integration Pack.

This is achieved through the following custom features:

-Importing WinPE and HP platform driver packs
-Integration of the BIOS Configuration utility, which allows the customer to configure BIOS settings during deployment
-Basic OS task sequences highlighting HP’s custom steps


The HP CIK is installed on the same server as ConfigMgr, and can be accessed through the System Center console on the server. Read the Release Notes and download the HP CIK.


Just great that HP offers same functionality as Dell now!

Wednesday, March 12, 2014

Status Viewer was unable to retreive the stored queries list from the database

Last month when installing a high available ConfigMgr infrastructure I received an error message. This message came when adding a second SMS Provider. Just have a look at this blogpost first: "How to install a multiple SMS Provider in ConfigMgr 2012". After installing the second SMS Provider everything seems fine, but after rebooting the server there was the error message. "The Status Viewer was unable to retreive the stored queries list from the data base".

Lucky me I found the following blogpost: "Unable to retrieve Configuration Manager 2012 Status Messages".
It mentions: You need to modify the startup type of the SMS Executive and Component Manager Services. Set the startup type to Delayed Start and then reboot the system after the change.

In this particular case the ConfigMgr Site server and SQL server were installed on different systems and the SMS Provider was installed on another remote system (second ConfigMgr Site server). By implementing the delayed start of these services on the Primary Site server everything seems fine again.

Hope it helps!

Where to find Service Manager in ConfigMgr 2012 (R2)

Sometimes it's needed to stop or start a ConfigMgr component because of malfunction. Within ConfigMgr 2007 this can be done in the ConfigMgr console. Just navigate to System Center Configuration Manager / Site Database / Tools / ConfigMgr Service Manager. Rightclick ConfigMgr Service Manager, point to All Tasks, and then click Start ConfigMgr Service Manager.


Within ConfigMgr 2012 it may be harder to find. Service Manager can be found here in Monitoring / Overview / System Status / Component Status and mark Component Status. Go to Home (found in the ribbon) and click Start Configuration Manager Service Manager.

That way it's possible to stop or start a ConfigMgr component.
Hope it helps!

Usage of Microsoft Office 2013 KMS Host License Pack

Another blogpost about KMS again. Before this 3 other blogposts where available, just have a look at that one also:
Key Management Services (KMS) explained
Using KMS Client Setup Keys during deployment  

Usage of Microsoft Office 2010 KMS Host License Pack

The Microsoft Office 2013 KMS Host License Pack must be installed before importing the KMS key. It can be downloaded at this location: Download Center. During installation the Office 2013 KMS key can be imported successfully.

Volume license editions of Office 2013 client products require activation. This download enables IT administrators to set up a Key Management Service (KMS) or configure a domain for Active Directory-Based activation. Either of these volume activation methods can locally activate all Office 2013 clients connected to an organization’s network.

Just make sure your KMS host is running on Windows 7, Windows 8, Windows Server 2008 R2 or Windows Server 2012.

Thursday, March 6, 2014

PXE Boot files in RemoteInstall folder explained (UEFI)

2 years ago I published a blogpost about PXE Boot Files. Today this is the most read blogpost on Henk's blog. This time I want to update this blogpost for UEFI. The Unified Extensible Firmware Interface (UEFI) is meant to replace the Basic Input/Output System (BIOS) firmware interface. When using PXE boot or want to deploy an image some special configuration is needed. Let's have a look.

Recently I did a deployment on a new Lenovo Helix device with UEFI firmware. By default when using PXE boot in combination with DHCP Options this isn't working. This because some special configuration is needed in DHCP. When using IP-helpers, BIOS and UEFI can be used both together. No special configuration needed for that. But with DHCP Options PXE boot doesn't seems to work at all!

As described before (PXE Boot files in RemoteInstall folder explained) there are multiple files in the RemoteInstall folder. These days there is however a new file added for UEFI support called wdsmgfw.efi. This file is a special NBP developed for use by Windows Deployment Services (WDS) UEFI usage.

When using DHCP Options for PXE Boot, Option 66 and 67 are needed. Option 66 must be the IP-address of your WDS or SCCM server, Option 67 must be SMSBoot\x86\wdsnbp.com (which is the first file needed during the PXE Boot process). This is working only on systems with a BIOS firmware, not a UEFI firmware. When using UEFI, Option 67 must be set to wdsmgfw.efi (No BIOS support)!

 
When changing SMSBoot\x86\wdsnbp.com to SMSBoot\x86\wdsmgfw.efi an error message is displayed. This because my SCCM server (which is Windows 2008 R2) doesn't support an x86 UEFI boot file. Therefore x64 must be used instead. When using Windows 2012 (R2) both x86 and x64 are supported. After using x64 the device gets the wdsmgfw.efi file and tries to contact the WDS Server, but after some time I get error 0x102.

Therefore another fix is needed. This time DHCP Option 60 must be added. DHCP Option 60 is used normally when DHCP and WDS are on the same box. In my situation this isn't the case, but still this fix is needed! Try to configure this one to PXEClient to get the job done. All seems fine now, but still an error message will be displayed. This time the error \Windows\System32\boot\winload.efi and 0xc0000359 is showed. Therefore a different boot image must be used.

When deploying Windows images I normally use an x86 boot image. For UEFI support (on Windows Server 2008 R2 only?) it's needed however to select an x64 boot image. When that's done OS deployment is working finally. Let's do a recap on all configuration needed when using Windows Server 2008 R2 for WDS in combination with UEFI firmware on endpoints.

1) DHCP Option 67: smsboot\x64\wdsmgfw.efi
2) DHCP Option 60: PXEClient
3) Task Sequence: Select x64 boot image

Multiple sources were used to get the job done:
PXE Boot with UEFI. WDS not sending WinPE wim
Black screen or trap error when booting EFI PXE client to Windows Server 2008 R2 WDS Server
SCCM OSD to UEFI laptop with PXE boot crashes - winload.efi

Tuesday, March 4, 2014

How to add devices to different OU’s during deployment

In ConfigMgr it's possible to use a WMI query for Hardware vendor, type or model or part of computername (for example). In my situation I want to use a single task sequence for both desktop and laptop/ notebook deployments. This because to select different OU's during deployment. Let's have a look how to do that.
 
Within MDT you can use a variable like IsLaptop equals “True” or IsDesktop equals “True”. Within ConfigMgr I never used these before (while they are supported as well). There is another method however, besides of using part of computername. In this case you can run a WMI query to detect the hardware type.

My preferred method is as follows:
SELECT * FROM Win32_ComputerSystem WHERE PCSystemType = 1
SELECT * FROM Win32_ComputerSystem WHERE PCSystemType = 2
Example: 1 is for desktops and 2 is for laptops/notebooks.

If you want to combine multiple types, then use an "If statement" to the task sequence step, and specify multiple WMI queries. When using a single task sequence for both desktops and laptops/notebooks, use "Apply Network Settings" twice, with both a different WMI query.

When looking for more hardware types, use the following table:
  • 0 (0×0) Unspecified
  • 1 (0×1) Desktop
  • 2 (0×2) Mobile (Laptop/Notebook)
  • 3 (0×3) Workstation
  • 4 (0×4) Enterprise Server
  • 5 (0×5) Small Office / Home Office Server
  • 6 (0×6) Appliance PC
  • 7 (0×7) Performance Server
  • 8 (0×8) Maximum
 
Hope it helps!

More blogposts on this topic:
Chassis Types and query-based Collections (part 2)

Monday, March 3, 2014

How to force an IP-HTTPS connection on a DirectAccess client

Today Direct Access wasn't working because of IP-HTTPS malfunction. Normally I'm using the following commands when Direct Access isn't working, this because off multiple Proxy changes a week.
  • Restart "Network Location Awareness" service
  • Restart "IP Helper" service
  • "netsh dnsclient show state" (inside/outside office)
  • "netsh interface httpstunnel show interfaces" (connected/not connected)

But this time nothing seems to help. The error message (this time) were: Interface Status: IPHTTPS interface deactivated.
 
Lucky me I found the following blogpost: Hidden Microsoft
It mentions:  You should try using netsh to disable Teredo.

For example, if you execute the following command: "netsh interface teredo set state disable". You will in fact disable Teredo. Provided that your IP-HTTPS solution is working, the Direct Access client will then switch over to IP-HTTPS. You can verify this using the following command: "netsh interface httpstunnel show interfaces". Now, to re-enable Teredo you would use the following command: "netsh interface teredo set state default".

After that everything went fine again. Strange thing however we don't use Teredo at all, but still this can be the solution! ;)