Monday, September 29, 2014

My personal experience with Jalasoft Xian Wings (part 1)

Sponsor post

A few weeks ago I did an online session with Jalasoft, to see more about Xian Wings. Let's see what's my personal experience so far. When installing OpsMgr at customer locations, I setup a management server with web functionality most of time. This way you can open weblinks in notification messages when inside the office or have a remote connection. You can click the weblink or have a look at the alert message available. Nothing special about that.

With Xian Wings it's getting even better. Jalasoft has this product created to view dashboards and health statistics on iOS (iPhone, iPad), Android and Windows Phone! You can create customized dashboards, monitor the object state of devices and see alerts and performance data. Just visit your local App store and give it a try! In my case (Windows Phone 8.1) it's shows the following message:
What do you do when you receive an email notification from OpsMgr 2007 or 2012 on your smartphone? Do you head back to your office? Or do you use the Operations Manager web console? Now we have made all of this easier for you! With Xian Wings for Microsoft Operations Manager (OpsMgr) 2007 and 2012, you have a real client application for your smartphone, which gives you easy access to states, alerts, performance graphs, tasks and more.

Within Wings you can find default dashboards, remote tasks and remote PowerShell (!). All tasks started are running on the OpsMgr server locally. Alerts can be shown on the icon (iOS) or in the notification center (Android). Because it's real-time, there's no delay in notifications. Licensing is done per device connected to the server. Besides of servers, you can use it for network devices too. Dashboards can be changed to custom-made, but you can start with the default ones. Just download the server and mobile client software and get started! Information for all platforms is included in the software.

Free trial: Jalasoft

In a next blogpost I will show some custom-made dashboards. Stay tuned for more!

More blogposts on this topic:
My personal experience with Jalasoft Xian Wings (part 2)
Taking my OpsMgr with me… with Xian Wings

Friday, September 26, 2014

Cumulative Update 3 for ConfigMgr 2012 R2 released

Last week (on September 22, 2014) Cumulative Update (CU) 3 for ConfigMgr 2012 R2 is released. It contains 18 updates and 23 PowerShell fixes included. No need to install CU2 anymore when using this one.

Here's a list of issues that are fixed, there are quite a lot of them:
- Software distribution and application management (4 fixes)
- Wake on LAN (1 fix)
- Migration (1 fix)
- Company portal (1 fix)
- Administrator Console (1 fix)
- Mobile devices (5 fixes)
- Operating System Deployment (1 fix)
- Client (1 fix)
- Site servers and site systems (3 fixes)
- Windows PowerShell (23 fixes)

Additional changes that are included in this update:
- Management Point communications (Management Point Affinity Added in ConfigMgr 2012 R2 CU3)
- Additional OS support (Debian 7 (x86), Debian 7 (x64), Red Hat Enterprise Linux 7 (x64), CentOS 7 (x64), Oracle 7 (x64))
- Software Updates (Eliminates partial WSUS synchronization problems through a registry change on the server)

Just install it in your environment when experiencing problems described in this article. When not affected by these problems, Microsoft recommends to wait for the next service pack that contains this update.

This update replaces Cumulative Update 2 for System Center 2012 Configuration Manager R2

For more information or download the update have a look here: Microsoft Support

Wednesday, September 24, 2014

Internet Explorer 11 prerequisites needed during deployment

Today I had a really bad day! I was doing a deployment on Internet Explorer (IE) 11 in a server environment without internet access. When deploying IE 10 or 11 multiple hotfixes are needed. When you look at Microsoft TechNet, the following hotfixes are needed: 
IE10: KB2729094, KB2731771, KB2533623, KB2670838, KB2786081
For IE11 there are needed even more hotfixes needed: 
IE11: KB2834140, KB2670838, KB2639308, KB2533623, KB2731771, KB2729094, KB2786081, KB2888049, KB2882822 
In my case there was something wrong about the updates. I used all 9 updates above and still IE11 was saying an update was needed. Let's have a look at the error message: 
Trick is, when you choose "Get Update" you go to the "Prerequisite updates for Internet Explorer 11" website, not mentioning the update needed! That really sucks if you ask me! ;)
When looking further I found "IE11_main.log" in C:\Windows folder. The following information was displayed here: 
  • Version Check for (KB2834140) of C:\WINDOWS\System32\d3d11.dll: 6.1.7601.17514 >= 6.2.9200.16570 (False)
  • Version Check for (KB2882822) of C:\WINDOWS\System32\tdh.dll: 6.1.7600.16385 >= 6.1.7601.18247 (False)
  • PauseOrResumeAUThread: Successfully resumed Automatic Updates.
  • Link clicked, opening URL in new window.
  • Setup exit code: 0x00009C47 (40007) - Required updates failed to download.
  • Cleaning up temporary files.
For it seems the updates used were from an older date. Strange enough you cannot see a version number in the update files at all? In this case 2 updates with a 6.1 release were used instead of a newer 6.2 release. IE 11 knows this and therefore a newer one must be downloaded. But how to do that when no internet connection is available during deployment? Very bad Microsoft! How's it possible that updates get a newer release, without change a name or seeing a version number on the update file?
It would be way easier when mandatory hotfixes needed were enclosed in the installation file. When extracting the existing one multiple files are included already, like: Spelling, Hypenation and SETUPDOWNLOADLIST.txt
After downloading the same hotfixes with a newer version number everything seems to work. Let's have a look at the logfile again: 
  • Version Check for (KB2834140) of C:\WINDOWS\System32\d3d11.dll: 6.1.7601.17514 >= 6.2.9200.16570 (False)
  • Version Check for (KB2882822) of C:\WINDOWS\System32\tdh.dll: 6.1.7600.16385 >= 6.1.7601.18247 (False)
  • Download for KB2834140 initiated.
  • Download for KB2882822 initiated.
  • Download for nl-NL IE11_amd64 pack initiated.
  • Download for nl Spelling pack initiated.
  • Download for nl Hyphenation pack initiated.
  • Waiting for 2 prerequisite downloads.
  • Prerequisite download processes have completed. Starting Installation of 2 prerequisites.
Lessons learned today: Don't use already existing updates or updates that were downloaded before! Microsoft likes to change version numbers on there updates, and IE is checking on that information. Futhermore it would be easier to have internet connection during deployment, so additional updates can be downloaded. Hope that IE 12 will be easier to deploy in the future!
Additional source: How to package Internet Explorer 11 x64 for Windows 7 x64

Update (next day): Seems that above is still not working, because the URL's mentioned on Microsoft TechNet are not up-to-date either. Just use the URL's mentioned in the logfile (IE11_main.log) for the most up-to-date ones! > These are KB2834140 and KB2882822. Thank you Microsoft for making it so easy for us ;)
  • Prerequisite download processes have completed. Starting Installation of 2 prerequisites.
  • Launched package installation: C:\WINDOWS\SysNative\dism.exe /online /add-package /packagepath:C:\WINDOWS\TEMP\IE1CB66.tmp\KB2834140\ /quiet /norestart
  • Process 'C:\WINDOWS\SysNative\dism.exe /online /add-package /packagepath:C:\WINDOWS\TEMP\IE1CB66.tmp\KB2834140\ /quiet /norestart' exited with exit code 0x800F081F (-2146498529)
  • Error installing prerequisite file (C:\WINDOWS\TEMP\IE1CB66.tmp\KB2834140_amd64.MSU): 0x800f081f (2148468767)
  • PauseOrResumeAUThread: Successfully resumed Automatic Updates.
  • Setup exit code: 0x00009C57 (40023) - Prerequisites failed to install.
  • Cleaning up temporary files in: C:\WINDOWS\TEMP\IE1CB66.tmp
I have every sympathy with several hundred other people who are having the same problem, especially those who, like me, have spent days trying to deploy a browser (a browser!).

Friday, September 19, 2014

Implementing ConfigMgr in a XenDesktop VDI environment

When building a master image for a XenDesktop VDI environment, you have the choice to start a ConfigMgr prep. Within ConfigMgr 2007 this was needed all the time, within ConfigMgr 2012 this is not for sure. When looking at a recent Microsoft TechNet post however, it seems this is still needed. Let's have a look at a part of this blogpost:

Once install completes you will need to make the following changes to the master image prior to snapshot.

1. Stop the SMS Host Service – to do this run the command net stop ccmexec as an administrator
2. Delete the SMSCFG.ini file from the Windows folder – to do this run the command del %WINDIR%\smscfg.ini
3. Delete the SMS certificates – to do this run the following line in PowerShell – Remove-Item -Path HKLM:\Software\Microsoft\SystemCertificates\SMS\Certificates\* -Force or from DOS using powershell -command "HKLM:\Software\Microsoft\SystemCertificates\SMS\Certificates\* -Force"
4. Remove the Inventory Action ID 1 in WMI – to do this run the command wmic /namespace:\\root\ccm\invagt path inventoryActionStatus where InventoryActionID=”{00000000-0000-0000-0000-000000000001}” DELETE /NOINTERACTIVE

Do not follow the advice from the Citrix Team Blog which is to install the client and forget about it. This approach will generate bad mifs in your environment. See my post on the subject here.

Just have a look at my other blogpost about "Prepare ConfigMgr client for Sysprep or Master Image" for more information on this.

I'm still convinced to prepare the ConfigMgr client for sure!

Wednesday, September 17, 2014

How to boot a Hyper-V Virtual Machine from a PXE server

At customer location we're using multiple Hyper-V hosts, managed by a System Center Virtual Machine Manager (SCVMM) server. On multiple Virtual Machines (VM's) we like to deploy a server operating system with ConfigMgr. Trick is, when booting Hyper-V VM's from a PXE server, nothing seems to happen. Within Hyper-V Manager > BIOS config, the "Legacy Network adapter" is on top. Just have a look at the comment: "Use a legacy network adapter to perform a network-based installation of the guest operating system."

Because "Legacy Network adapter" is displayed here, we're thinking that the right network adapter is installed in the VM. Unfortunately this is not the case. Within VM properties in SCVMM there's a choice to use a network adapter or legacy network adapter. By default the network adapter is installed. With this network adapter no PXE boot can be done. Just delete this network adapter or choose "not connected" and add a new legacy network adapter.

After that PXE boot is working immediately. Just remember the following: Hyper-V supports booting a VM from the network using the F12 option. Trick is that you must use the legacy network adapter. The regular network adapter is synthetic and therefore not available at boot time. You have to remove the existing network adapter and add a new legacy network adapter. With that you're done!

Monday, September 15, 2014

Software Update synchronization from an existing WSUS server

When using ConfigMgr as a update source for WSUS updates, I prefer downloading updates from the internet. In some cases however it's better to use an existing WSUS server as an update source. This because the internet line speed is to slow, or updates are already downloaded on another server. You can use that one for downloading the first batch off software updates. Very handy if you ask me! Just select to "Download software updates from a location on my network" and updates will be downloaded within a few minutes.

This can be done on the following location:
-ConfigMgr console > Software Library > Software Updates > All Software Updates > Download (selection) > Download software updates from a location on my network (Browse)

Just use it to your advantage! No need to download updates again, if they are available already on an existing WSUS server.

Thursday, September 11, 2014

ConfigMgr Offline Servicing on Volume License media

When using Offline Servicing in ConfigMgr to integrate software updates, it's easy to inject around hunderd updates in a Windows 7 SP1 image (for example). This week I started to inject around 100 updates in a Windows Server 2008 R2 SP1 image. This is however a Volume License media with 8 catalog files available. When selecting from a task sequence you have the following choices: 
Trick is however that when using Offline Servicing for this image, it will start the DISM process 8 times also! No way you can choose to inject them on 1 catalog file only. In my case this results in 8 times injecting 110 updates, which will takes lots of time. I rest my case on this one and install updates during Build and Capture, and not using Offline Servicing which I prefer. Too bad there's no option too choose the right Windows edition here, or didn't I find it yet? 

When the DISM process is started already, you can choose to run Configuration Manager Service Manager (ConfigMgr console > Monitoring > Component Status > Start) to stop the responding proces, because of too much time. Hope it helps!

Tuesday, September 9, 2014

Differences between Managing Domain joined and Workgroup systems

Within ConfigMgr both Domain joined and Workgroup systems can be managed. Most prefered way is Domain joined probably, where systems are trusted automatically and updated after every deployment. Still Workgroup systems are used at customers also, where you must think about local permissions and non-trusted systems. Let's have a look at my experiences so far..

When deploying Domain joined systems, the existing object in ConfigMgr is updated everytime. When looking in Resource explorer you will see History of hardware and software specifications. Domain joined systems will be trusted automatically by default. No need to think about local permissions, because ConfigMgr can install the ConfigMgr client remotely or replicate domain account(s) to the Remote Control Users group. Active Directory is used to locate management points which is very handy.

When deploying Workgroup systems, a new object in ConfigMgr will be created everytime by default. The old object will get obsolete and History of hardware and software specifications will be lost. Workgroup systems are not trusted by default, or you must choose to change that in Site Hierarchy settings. You need local permissions for sure because there's no way to install the ConfigMgr client remotely or replicate domain account(s) to the Remote Control Users group. Management points cannot be located by Active Directory.

You need a Network Access account on Workgroup systems:
-This account is used by client computers when they cannot use their local computer account to access content on distribution points. This account might also be used during OS deployment when the computer installing the OS does not have a computer account on the domain.
-For ConfigMgr 2012 R2 only: You can now specify multiple network access accounts for a site. When clients try to access content and cannot use their local computer account, they will first use the last network access account that successfully connected. ConfigMgr supports adding up to ten network access accounts.

Source: Microsoft TechNet

Let's have a look at limitations for Workgroup systems:
-Workgroup clients cannot locate management points from Active Directory Domain Services, and instead must use DNS, WINS, or another management point.
-Global roaming is not supported, because clients cannot query Active Directory Domain Services for site information.
-Active Directory discovery methods cannot discover computers in workgroups.
-You cannot deploy software to users of workgroup computers.
-You cannot use the client push installation method to install the client on workgroup computers.
-Workgroup clients cannot use Kerberos for authentication and so might require manual approval.
-A workgroup client cannot be configured as a distribution point. ConfigMgr 2012 requires that distribution point computers be members of a domain.

Source: Microsoft TechNet

In my opinion it's way better to handle Domain joined systems when management must be done after deployment. More stable and easier for quick communication. There are a few tricks however to get things automated. Just have a look at them for more information:
-Remote Control on Workgroup systems
-Client Push Installation on Workgroup systems
-Support on Workgroup systems

Friday, September 5, 2014

Xian's 10th Year anniversary celebration

Sponsor post

Jump on the party wagon!
We are celebrating a decade of bringing solutions to the Network Administrator.

Get our latest SNMP Device Simulator on October 15th for FREE and place your order before October 31st to get a 30% Discount on all our solutions!

The Xian Suite has been evolving each year to fulfill your network monitoring needs and bring you a robust software that helps you save time and resources so that you can focus on your most relevant tasks.

Soon we will be releasing a new version of Xian Wings HD that can support almost any Android tablet. Running PowerShell and prompting commands directly from your tablet against the Operations Manager server or any other computer will be just under your finger tips.

More information:
Download Xian Wings free trial
SNMP Device Simulator and Hands On Lab request
Download Xian Network Manager

Monday, September 1, 2014

Veeam Task Manager for Hyper-V

Sponsor post

New: Veeam Task Manager for Hyper-V
Free tool for real-time Hyper-V performance monitoring

Improve troubleshooting in your Hyper-V environment by seeing what Windows Task Manager doesn’t show you. Veeam Task Manager for Hyper-V displays a real-time view of CPU and memory at the individual VM level so you can identify which VMs are using the host resources.

This lightweight tool is portable so you can run it from any USB device for emergency troubleshooting. No installation or integration needed!

Get the critical visibility you need.
Download the FREE Veeam Task Manager today