Monday, November 30, 2015

iOS 9 Extensions missing in ConfigMgr with Intune (Hybrid scenario)

Last month Microsoft released the iOS 9 Intune extension for ConfigMgr. At a customer with Hybrid scenario (ConfigMgr with Intune) however the iOS 9 extensions was missing. Whenever starting the ConfigMgr console, no new message are displayed.

We logged a call with Intune Support and the following did the trick:
Start SQL Management Studio and run the following queries against the SMS database.

Select * from CFDMetadata where FeatureID = 'FFFF4E99-5BD9-4A82-BC9F-7864FCAEA519'

update CFDMetadata set MinCMVersion = '5.00.8239.1000', MaxCMVersion = '5.00.8239.9999', MoreInfoLink = 'https://go.microsoft.com/fwlink/?LinkId=330435', ReleasedDate = '2015-09-11 09:09:00.000' where FeatureID = 'FFFF4E99-5BD9-4A82-BC9F-7864FCAEA519' and FeatureVersion = 300001214

After starting both queries, the iOS Intune extension became available. Hope it helps!

Friday, November 27, 2015

Jalasoft Releases Brand New Xian SNMP Device Simulator v5.5

Sponsor post

Today (November 25th) Jalasoft announced the release of The Xian SNMP Device Simulator 5.5. This new version comprises several new features along with several performance enhancements.


The two most important additions are the built in OID editor and an SNMP Dump Manager. The OID Editor gives people the option to customize the behavior of certain OIDs within the simulation file. For example, users will be able to change the simulated interface status with only a few clicks. Additionally, we’ve implemented the new SNMP Dump Manager. This feature has been introduced to help the user handle the simulation files that the Xian SNMP Device Simulator is using in a much simpler manner

The SNMP Simulator comes in two versions; The free version can simulate up to 5 devices in a normal way while the paid version has the option of dynamic simulation OID editing and device recording. Prices start at 99 USD (for 50 devices). A free 30 day evaluation is available for download at the Jalasoft website.

Read more:
Fun things to do with the new Jalasoft Xian SNMP Device Simulator

Monday, November 23, 2015

Path for Upgrading ConfigMgr 2007 to ConfigMgr 2016 (as a service)

Since the ConfigMgr 2012 release (April 2012), I'm doing both implementations and 2007 migrations a lot. ConfigMgr 2012 is still the best choice for on-premises and remote device management.

With Microsoft Intune integration (part of Enterprise Mobility Suite) for mobile device and application management, you have best of both worlds. Microsoft mentions that 'No one else offers this functionality!'. Therefore ConfigMgr and EMS is the best solution for deploying and managing Windows 10 on PC's, tablets and mobile devices.

Additionally, ConfigMgr 2016 (ConfigMgr as a service, which is called just 'ConfigMgr' from now on) will support MDM-based management for Windows devices, fully on-premises, with no ConfigMgr agent required. In that case you can choose between full (with ConfigMgr agent) and MDM-based (no ConfigMgr agent) management.

But what to do if organizations are still on ConfigMgr 2007 these days?

On Microsoft TechNet there was a question about this several months ago. I did a post on Twitter today as well. The answer sounds promising: ConfigMgr 2016 does support migrating from ConfigMgr 2007 R2 SP2 and R3 SP2, which is really great news! So no need to migrate to ConfigMgr 2012 first before going to 2016. Thanks to Peter Daalmans (@pdaalmans) on this one.

ConfigMgr 2016 will be generally available in Q4 CY2015 (which is really soon!). Technical Preview 4 is released last week, which is the last technical preview before the general availability (GA) of the current branch of ConfigMgr.

Thursday, November 19, 2015

OpsMgr warning: Power Shell script was dropped (solved)

Recently I did some OpsMgr troubleshooting. This in an environment with lot of agents and management packs installed. On multiple Hyper-V hosts there is a recurring OpsMgr warning seen: Power Shell script was dropped. I did a lot to try solve the issue, but despite the activities, it didn't do the job. Hope to found a solution on this, so therefore this blogpost.
 
Let's have a look at Product Knowledge first:
 
Summary
The System Center Management Health Service could not run a PowerShell script as part of a rule or monitor due to over utilization.

This may affect some monitoring or discovery.
 
Causes
This can be caused by:
-Too many PowerShell scripts being run by the System Center Management Health Service.
-PowerShell scripts are taking too long to execute.
-PowerShell scripts are running too frequently.
-The computer does not have enough resources (for example; memory) to run the PowerShell script.

 
Resolutions
The alert description and context has information indicating which rule or monitor failed. However, there may be other rules or monitors failing as well. The following link will display all events indicating a failure to run the executable:

After reviewing the error in the context, consider reducing the frequency of the PowerShell script.
Ensure that the computer is not over utilized.
-Check Task Manager to see if there is enough free memory.
-Check Task Manager to see if there are any processes consuming all the CPU.

This can also be caused when too many PowerShell scripts are being scheduled. This could be the result of an event storm or a misconfigured timer. In both cases the rule configuration will have to be examined to determine why the PowerShell script is running too often and usually will need to be backed down somehow (increasing the interval).

 
 
Let's have a look at Event Viewer now:
 
Workflow names (there are more):
Microsoft.SystemCenter.VirtualMachineManager.Network.2012.Vport.BytesReceivedPerSec
Microsoft.SystemCenter.VirtualMachineManager.Network.2012.Vport.BytesSentPerSec

Microsoft.Windows.Server.2012.MaxConcurrentAPI.Monitor
Microsoft.Windows.HyperV.2012.R2.DiskPartitionSpaceProvider.FreeSpaceCollectionRule
Microsoft.Windows.HyperV.2012.R2.DiskPartitionSpaceProvider.UsedSpacePercCollectionRule
Veeam.Virt.Extensions.HyperV.VM.Monitor.Heartbeat

Veeam.Virt.Extensions.HyperV.VM.ClusterResourceGroupStatus.Monitor
Veeam.Virt.Extensions.HyperV.VMRule.DISK.usedStorage.ByInstance
Veeam.Virt.Extensions.HyperV.VMRule.DISK.usedStorage

 
Script names (there are more):
CheckMaxConcurrentAPI.ps1, ClusterVMState.ps1
GetDiskPartitionSpaceV2.ps1, GetVPortPerfData (a lot)

SummaryInfo.ps1, UsedStorageV3.ps1
 
All errors seen here has Event ID 22411 and Source Health Service Modules. They will be generated every 30 minutes again.

Easy solution could be to stop rule alerts, so that no warnings on Dropped Power Shell script would be displayed anymore. But that doesn't take away the thousand of errors on any Hyper-V host seen. I did look at the following websites for more information too. Hope anyone can point me in the right direction on this. Thanks!
 
Websites visited:
ReSearch This KB – Power Shell script was dropped
What does powershell script 'GetVPortPerfData' do in SCOM?
Powershell Script to "Disable/Enable" Subscriptions
OpsMgr 2012 Self Maintenance Management Pack Update
SCOM: powershell run space failed to start

Update: Based on the website from Reidar Johansen I followed the steps to disable both Virtual Port errors. After that no new events were logged on Hyper-V anymore and no new warnings were created in OpsMgr. Start the command: Get-SCOMRule -Name Microsoft.SystemCenter.VirtualMachineManager.Network.2012.Vport.* and disable the rules DisplayName: [Virtual port received bytes per second] and [Virtual port sent Bytes per second] and you will be fine. Hope it helps!

Wednesday, November 18, 2015

The management pack cannot be downloaded and the temporary file has been deleted

When using Operations Manager (OpsMgr/SCOM) and want to see if there are updates on management packs, just check Download management packs > Add > Updates available for installed management packs. On a few management packs however the following error message was displayed:
<MP> did not pass the security verification. The management pack cannot be downloaded and the temporary file has been deleted. A few management packs I get this error are Hyper-V, Lync/Exchange and SQL server, but I guess there may be more.

The following must be done when having this error: Apparently Microsoft released a newer version, which can be downloaded straight from Microsoft, but not from within OpsMgr. After downloading and importing it no error message is displayed anymore. Too bad a few management packs cannot be downloaded right away at this moment, by probably Microsoft will fix it in future.

Source: https://social.technet.microsoft.com/forums/systemcenter/en-US/e97ba10e-563f-4d8c-bccd-799c0ceb4227/system-center-core-monitoring-reports-mp-verification-failed (old post from 2010 but still active)

Hope it helps!

Monday, November 16, 2015

Savision Live Maps Unity for System Center Operations Manager

SCOM alerts
Let's have a look at a common situation you find many times at customer sites: when using Microsoft System Center Operations Manager (SCOM), you know that alerts can be overwhelming. When multiple management packs are imported for more functionality and many agents are enrolled on servers with different applications and roles installed on them, you must configure Operations Manager to benefit from it! Otherwise there can be so many SCOM alerts and e-mail messages a day, that monitoring isn't effective anymore. I did see black television screens (monitoring screens turned off) and IT admins deleting all alerts each day (doing monitoring from that point), often. You can find an in-depth article about SCOM alert storms here.

On the other hand, no graphical Service dashboard is available for a perfect monitoring overview by design. The default built-in SCOM dashboards are using a column or grid layout, with performance, state, alert, and details widgets. They’re good for a basic overview, but nothing more than that. Dashboards can be created in Microsoft Visio, as well as you may know. By using SharePoint Extensions for System Center 2012, they can be connected with the Operations Manager environment. The problem is you need to create those dashboards yourself and have SharePoint Enterprise edition installed. It’s not so easy and user-friendly to create dashboards that way.

Let's introduce Savision Live Maps Unity here. With 700 organizations worldwide using Live Maps Unity, it's the business service management solution you want!


Savision’s SCOM dashboards
With Live Maps Unity, which is used for both monitoring service health and performance, this perfect monitoring overview (as mentioned before) is available! It can be used for a graphical Service dashboard instead, but it's much more than that. Savision's Live Maps Unity speaks the language of the business by focusing on service delivery. It includes unlimited HTML5-based SCOM dashboards for monitoring both service health and performance. With Savision’s SCOM dashboards (based on HTML5-code, which is fast and lightweight), there is no need to look at alerts all day. Just focus on the information Live Maps Unity sends to you.

There won't be many e-mail messages anymore as well. This because Live Maps Unity notifies only when necessary, giving IT admins the time needed to research and solve issues instead of wasting time on notifications. With the Service dashboard in-place, IT admins can use Operations Manager proactive again instead of reactively. The Service dashboard gives you all information needed on a single screen. It’s generated automatically, based on applications found in your environment and gives a total overview of business-critical services, like Exchange, SharePoint, Active Directory and more.

No need to design all those dashboards yourself. Live Maps Unity has the capability to examine your entire IT infrastructure. Additional dashboards can be created with a few clicks by using the built-in drag-and-drop interface. This is really different than using Microsoft Visio, mentioned before. This data is connected with real components and applications by default. These dashboards can be shown from anywhere on any device! This can be done on a mobile device (tablet or smartphone) or desktop if you prefer. This isn’t possible with the default SCOM solution; you have to use another solution for this.

Business Service Management Solution
With Live Maps Unity, you have that solution. The product can be used to monitor entire IT infrastructures, with features like: performance monitoring, .NET application discovery, easy-to-build dashboards, and a Services dashboard. It offers a lightweight web console with support for all major browsers; so no need to have a physical console installed. It offers interactive geographical maps and native System Center integration. It allows quick visualizations of the IT environment through SCOM dashboards. It has everything inside for monitoring service health and performance. It’s the Business Service Management Solution that makes SCOM the perfect monitoring solution!

As a result: With SCOM and Savision’s Live Maps Unity, you have best of both worlds and true power in SCOM finally. No need to focus on alerts anymore, because it helps to deal with the root cause of notifications. Just focus on alerts which really need your time and attention to manage the healthiest environment possible.

Included are some web links to find more information on the product and even more functionality as well. There are some videos and datasheets available too.

Happy monitoringJ!
(Sponsor post)

Thursday, November 12, 2015

Install Cumulative Update 2 for ConfigMgr 2012 R2 SP1 and 2012 SP2

Today Microsoft called me with the news that Cumulative Update 2 (CU2) for ConfigMgr 2012 R2 SP1 and 2012 SP2 is released. This because I had some issues at customer location with Intune extensions not working in a hybrid ConfigMgr environment. With CU2 those issues must be gone now! KB3100144 (CU2) solves a lot of issues and is therefore highly recommended. It contains 34 (!) fixes and improvements and some additional changes too.

More about that can be found in another blogpost. No need to install KB3074857 (CU1) anymore after installation. This because it's integrated in CU2 now.

During installation (which is default as always) update packages will be created for site servers, ConfigMgr consoles and clients. When having Intune integrated in ConfigMgr (hybrid configuration), extensions will be updated as well. Great that CU2 is available now, and hope that ConfigMgr vNext will released soon too.

After installation you will see Console version 5.0.8239.1301 now, which is the latest release. Just install it in your environment when experiencing problems described in this article. When not affected by these problems, Microsoft recommends to wait for the next service pack that contains this update.

Update: There was a minor bug in the first CU2 release. The product group has released a new build now. If you are installing using the new build, the console version will be 5.0.8239.1302

Wednesday, November 11, 2015

Cumulative Update 2 for ConfigMgr 2012 R2 SP1 and 2012 SP2 released

Yesterday (November 10th) Cumulative Update (CU) 2 for ConfigMgr 2012 R2 SP1 and 2012 SP2 is released. This update contains 34 (!) fixes for various issues including an update version of the SCEP client, and contains all of the changes from prior cumulative updates.

Here's a list of issues that are fixed, there are quite a lot of them:
-Administrator Console (3 fixes)
-Configuration Manager client (3 fixes)
-Site systems (6 fixes)
-Operating system deployment (8 fixes)
-Software distribution and content management (7 fixes)
-Microsoft Intune and mobile device management (5 fixes)
-Software update management (2 fixes)


Additional changes that are included in this update:
-Endpoint Protection - Revised February 2015 anti-malware platform update for Endpoint Protection clients
-Software distribution and content management - Distribution Manager can now process pull-distribution point packages more efficiently in large environments.
-Microsoft Intune and mobile device management - This update contains general performance improvements to the device enrollment process in Intune hybrid environments.
-Microsoft Intune and mobile device management - Update to implement oneClick quarantine of email messages in System Center 2012 Configuration Manager SP2


Just install it in your environment when experiencing problems described in this article. When not affected by these problems, Microsoft recommends to wait for the next service pack that contains this update. Great that CU2 is available now!

This update replaces Cumulative Update 1 for System Center 2012 Configuration Manager R2 SP1 and 2012 SP2

For more information or download the update have a look here:
Microsoft Support

Tuesday, November 10, 2015

Deploy a customized Windows 10 start menu during deployment

Did you know that when deploying Windows 10, it's possible to copy a default start menu too? When using a Windows 10 image from media, the start menu is filled with apps you never use :) Therefore remove (almost) all apps, and fill it with apps you want to use!

The command used to export the start menu is: Powershell export-startlayout –path "<path>\LayoutModification.xml"

An example looks like this:
<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
  <DefaultLayoutOverride>
    <StartLayoutCollection>
      <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
        <start:Group Name="Office 2013" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
          <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationID="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Microsoft Office\Office15\WINWORD.EXE" />
          <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationID="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Microsoft Office\Office15\EXCEL.EXE" />
          <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationID="Microsoft.Office.OUTLOOK.EXE.15" />
          <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationID="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Microsoft Office\Office15\POWERPNT.EXE" />
        </start:Group>
        <start:Group Name="Applications" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
          <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationID="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\FastStone Capture\FSCapture.exe" />
          <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
          <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationID="Microsoft.InternetExplorer.Default" />
          <start:DesktopApplicationTile Size="2x2" Column="2" Row="0"
DesktopApplicationID="{6D809377-6AF0-444B-8957-A3773F02200E}\CCleaner\CCleaner64.exe" />
        </start:Group>
      </defaultlayout:StartLayout>
    </StartLayoutCollection>
  </DefaultLayoutOverride>
</LayoutModificationTemplate>


During deployment copy the LayoutModification.xml with the following command to make it available for all users:
copy /y LayoutModification.xml "C:\Users\Default\AppData\Local\Microsoft\Windows\Shell"


With that the start menu is active when logon after deployment. Very nice if you ask me! :) Only thing so far is Internet Explorer is missing from the start menu. Is there a way to place that in the xml file too? Hope to find a solution for that as well, because all other apps are added as expected!

Update: On Microsoft Community and ccmexec.com the answer is found. Just create a "Internet Explorer.lnk" and copy the file:
copy /y "Internet Explorer.lnk" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"
A PowerShell script is available there too, which do the same thing! Just remember the script looks for StartMenu.xml

Within LayoutModification.xml change DesktopApplicationID="Microsoft.InternetExplorer.Default" to DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk"
After that Internet Explorer will shown up in the start menu!


Keep up the good work :)

Thursday, November 5, 2015

Configuration Manager (ConfigMgr) as a service won't get updated

In my LAB environment, ConfigMgr technical preview Build 1509 is installed. Problem is, it won't get updated to Build 1510. Because this functionality is the way to update ConfigMgr now and in future (ConfigMgr as a service), I did some troubleshooting. In this blogpost I give some tips and tricks to look at.

When looking in the ConfigMgr install folder have a look at these folders:
-CMUStaging & EasySetupPayload


When looking in the Logs folder have a look at these logfiles too:
-CMUpdate.log & dmpdownloader.log & hman.log


In the CMUpdate.log the following errors are found:
Set inbox to \\<CM server>\<CM site>\inboxes\cmupdate.box
*** [08001][2][Microsoft][ODBC Driver 11 for SQL Server]Named Pipes Provider: Could not open a connection to SQL Server [2].
*** [28000][18456][Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'.
*** [42000][4060][Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Cannot open database "<CM db>" requested by the login. The login failed.
*** [08001][2][Microsoft][ODBC Driver 11 for SQL Server]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.
*** Failed to connect to the SQL Server, connection type: SMS ACCESS.
Waiting for changes to the "
\\<CM server>\<CM site>\inboxes\cmupdate.box" directories, updates will be polled in 600 seconds...

In my case the only folder seeing in EasySetupPayload folder is dcd17922-2c96-4bd7-b72d-e9159582cdf2, which is Build 1509. In manifest.log (CMUStaging folder), it's looking for db316362-77fc-46c9-9984-1baeb20615f4, which is Build 1510. So the download couldn't take place, and installation failed. I did a lot to force the download, but nothing seems to do the job.

When update tasks are not available in the ConfigMgr console (Administration > Cloud Services > Updates and Servicing) you can force it by using a SQL query:
EXEC spCMUSetUpdatePackageState N’dcd17922-2c96-4bd7-b72d-e9159582cdf2', 262146, N” (Build 1509)
EXEC spCMUSetUpdatePackageState N’db316362-77fc-46c9-9984-1baeb20615f4', 262146, N” (Build 1510)

Remember: This isn't supported, so use it at your own risk!

That didn't do the job in my LAB environment. I can choose to install Build 1510, but it won't get start downloading again.

Did the restart many times, but no files were downloaded for the new build. Another troubleshooting possible, based on the errors seen:
-Change DateTime format set to MM-DD-YYYY
-Enable Named Pipes in SQL Server Configuration Manager
-Change SQL authentication to SQL and Windows authentication
-Restart Configuration Manager Update service

Hope that anyone has a good solution to put me in the right direction! To be continued..

Update 26-7-2016: Check Microsoft TechNet for more information!

Tuesday, November 3, 2015

Doing a Windows 10 upgrade with ConfigMgr 2012 R2 SP1

Recently I did a Windows 10 upgrade with ConfigMgr 2012 R2. I used the new Windows 10 upgrade task sequence in ConfigMgr Technical Preview 3 before, but this one was new for me. Looking at Microsoft Technet there is a task sequence and multiple scripts available to do the job. With these components you can start an in-place Windows 10 upgrade right away, without the need to wait several weeks (or months) before ConfigMgr vNext is released.

On Microsoft TechNet the following posts are found:
How to upgrade to Windows 10 using the task sequence in System Center 2012 R2 Configuration Manager
and
Revised content for the Windows 10 in-place upgrade via task sequence for Configuration Manager
Within these posts the upgrade path can be found with the files (task sequence and scripts) needed.

Just create a deployment on the task sequence, and choose Install. In this case I choose an available deployment, so users can start the deployment when needed.

Before Windows 10 installation a Presetup takes place. This runs a corresponding Windows PowerShell script (PreSetup.ps1) to perform a variety of necessary actions prior to running Windows Setup.

This is where setup is actually run from the media package to automatically upgrade Windows. Both Windows media and scripts will be downloaded in the _SMSTaskSequence folder.

Windows restarts into a low-level mode to perform the upgrade and there are two possible outcomes: Upgrade completes successfully or Upgrade encounters a problem and rolls back the system to the down-level operating system.

In my case the Upgrade completes successfully. It was done in around 50 minutes. Additional steps can be added to this group as needed, such as Install Applications or Run PowerShell Script. The Install Software Updates step is provided as an example. The Cleanup step just removes the local staging directory.

Just great to have this functionality in ConfigMgr 2012 R2 too!