Friday, January 24, 2014

Windows RT, Windows RT 8.1, and Windows 8.1 Enrollment

For Windows RT, users start enrollment from the Windows RT device. The users must complete the following tasks:

1. On the Windows RT device, users select Start, and type “System Configuration”, and click the dialog box to open the Company Apps.
2. The users enter their company credentials and are authenticated. This establishes a relationship between the user, the Windows RT device, and the Windows Intune service.
3. Windows Intune collects inventory and applies management settings. Users now have access to line-of-business apps and direct links to the app store through the company portal.

Company Portal on Windows RT 8.1

For Windows 8.1 and Windows RT 8.1, the user enrolls through the device.

1. On the Windows 8.1 device, the user selects Settings, clicks PC Settings, then clicks Network, and finally, clicks Workplace.
2. The user enters their user ID in the (ID) field.
3. The user clicks Turn on and provides their password.
4. The user agrees to the Allow apps and services from IT admin dialog box, and clicks Turn on.

Surface 2 RT 8.1 in ConfigMgr 2012 R2
After that the Company Portal can be started and device will be visible within a few minutes in the ConfigMgr console! It will take a few hours however before the client activity will be turned to active.

Source: How to Manage Mobile Devices by Using Configuration Manager and Windows Intune

Wednesday, January 22, 2014

Second disk offline during deployment

Yesterday I did an deployment on a virtual server with 2 disks. During WinPE phase I checked diskpart (in a command window) and both disks were online. However after the "Setup Windows and ConfigMgr" step and reboot to Windows, the second disk went offline. Because of multiple tasks on the second drive, the task sequence was failing. Let's use diskpart to change the second disk to online mode again.

WinPE Phase (boot image)

Windows Phase before diskpart
Open Notepad an paste the following lines:
select disk <?>
online disk
attribute disk clear readonly

Replace <?> with the disk number of the disk (without the brackets <>). Save the Notepad file with the name diskpart.txt (for example). In the ConfigMgr console create a new package (without a program) with the txt file in it.

During the task sequence, immediately after the "Setup Windows and ConfigMgr" step, add a "Run Command Line" step with the command: "diskpart /s diskpart.txt" and use the package created before.

Windows Phase after diskpart

After that the disk will be online again. Hope it helps!

Source: Microsoft TechNet

Friday, January 17, 2014

Workplace Join discovery failed on Windows RT 8.1

For Windows 8.1 and Windows RT 8.1, users start enrollment from the Windows RT device. The users must complete the following tasks:

1. On the Windows 8.1 device, the user selects Settings, clicks PC Settings, then clicks Network, and finally, clicks Workplace.
2. The user enters their user ID in the (ID) field.
3. The user clicks Turn on and provides their password.
4. The user agrees to the Allow apps and services from IT admin dialog box, and clicks Turn on.

During step 3, I received the following error: "Confirm you are using the correct sign-in info, and that your workplace uses this feature. Also the connection to your workplace might not be working right now. Please wait and try again."

To troubleshoot the issue, I had a look at the Events for Workplace Join in Event Viewer on the Client : Event Viewer > Application and Service Logs > Microsoft > Windows > Workplace Join > Admin. Here I saw Error Event 102: Workplace Join discovery failed. Exit code 0x80072EE7 with Error Message: The server name or address could not be resolved.

At last I found the workaround for this issue: To fix this I had to disable CRL Check in Internet Explorer Advanced Settings: Unchecked the option "Check for server certificate revocation" (not recommended in production environments).
Source: Workplace Join discovery failed. Exit code 0x80072F19

After that everything went fine finally. Happy that Windows RT enrollment can go further now :-)

Note: The names of the devices that users enroll should appear in the Windows Intune administrator console within a few hours of enrollment.

Thursday, January 16, 2014

Support for Windows Intune Trial Management of Windows RT

Last year I wrote a blogpost about Windows Intune Trial Management of Windows Phone 8. When using Windows Intune for demo usage and want to test Windows Phone 8 a certificate is needed. This can be resolved by using "Support Tool for Windows Intune Trial Management of Window Phone 8".

This time there's a workaround for Windows RT sideloading keys also.

Developer license successfully renewed

Use the PowerShell cmdlet "Show-WindowsDeveloperLicenseRegistration" to activate sideloading on Windows. This will enable Windows Intune to install apps without a sideloading key being set up. The limitations are that it requires a manual process on the client to activate sideloading, the license is only for 30 days (but can be renewed by running the cmdlet again), and the Windows team reserve the right to act if they feel the developer license registration is being abused.

Wednesday, January 15, 2014

WES8 deployment with ConfigMgr 2012 SP1 or R2

Last month I did a few thin client deployments with ConfigMgr 2012 SP1. When starting you have the choice to download a clean WES8 image at the HP website. That way a FLASH.IBR (4GB) is downloaded, which can be renamed to FLASH.WIM and imported in ConfigMgr. Another way to create an image is using ConfigMgr Capture media. This can be started in Windows Embedded (WES) to sysprep and upload the image. Third option is to download a clean image from the Microsoft website, using Image Builder Wizard (IBW), with the risk that HP drivers are missing after deployment. I prefer using the download option, with the image customized for HP thin clients. Let's have a look at deployment progress. 
Deployment is done with the option "Download content locally when needed by running task sequence" by default. That way 4GB is downloaded on Flash RAM on the thin client and extracted after that. This seems not the fastest option, because Flash RAM isn't designed to do heavy Read/Write actions at same time. In my case downloading the image took 30 minutes and extracting the image took another 60 minutes. Why Flash RAM is that slow is a question for me also. Way to slow to do multiple deployments a day I think. When using an USB-stick for doing the deployment (without ConfigMgr usage) installation is done in 120 minutes also, so not that good also.
Let's have a look at the different Write Filters also. ConfigMgr supports managing the following types of write filters:
-File-Based Write Filter (FBWF) on WES 7E, 7P and 2009 devices (ConfigMgr 2012 SP1 or R2 only)
-Enhanced Write Filter (EWF) RAM on WES 7E, 7P and 2009 devices (ConfigMgr 2012 SP1 or R2 only)
-Unified Write Filter (UWF) on WES8 devices (ConfigMgr 2012 R2 only)

Note: ConfigMgr does not support write filter operations when the Windows Embedded device is in EWF RAM Reg mode.
To create Write Filter settings use Embedded Lockdown Manager (ELM). ELM is a snap-in to the Microsoft Management Console (MMC). You can use ELM directly on a Standard 8 device, or you can use ELM on a development computer and then remotely connect to a Standard 8 device. ELM automatically detects which lockdown features are installed on the device, and displays configuration options for only those features. ELM uses Windows Management Instrumentation (WMI) to detect and change configuration settings.
In a typical installation, ELM can be found at the following location:
Just use "Connect to Device" from a remote system and "Export to PowerShell" to save WES settings in a ps1 file. This package must be used within ConfigMgr during deployment. (for example: ELM Write Filter settings package with TC-settings.ps1 file)
In the task sequence (used for TC deployment) there must be a few steps added:
-Browse to the newly created deployment task sequence. Right-click it and select Edit to open the Task Sequence Editor. Select Partition Disk 0. Double-click on (Primary) Volume to edit its properties. The Partition Properties window opens. Under Use a percentage of remaining free space, enter 95. (The deployment will fail if this value is left at 100, because Windows will not be able to create the write filter partition.) 
Two more settings need to be changed for thin clients that do not have enough disk space to store both the downloaded WIM and the extracted contents locally.
-Select Apply Operating System in the Task Sequence Editor and open the Options tab. Check "Access content directly from the distribution point".
-Right-click the reference image package in Operating System Images and open the Properties dialog. Configure the Package share settings on the Data Access tab. Check "Copy the content in this package to a package share on distribution points".
When deploy the task sequence (used for TC deployment) choose the following option:
-On the Distribution Points screen, set the deployment option to "Download content locally when needed by running task sequence" and check the option "When no local distribution point is available, use a remote distribution point".

The write filter status is disabled by default after the task sequence finishes successfully. Use the following settings in the deployment task sequence to configure and enable the write filter (Source: Nothing but ConfigMgr):
-Task Sequence Variable: SMSTSPostAction > Value: cmd /c shutdown /r /t 60 /f
-Command line: bcdedit /set {current} bootstatuspolicy ignoreallfailures

-Run PowerShell Script: Package: ELM Write Filter settings & Script name: TC-settings.ps1 & PowerShell execution policy: Bypass

Download links:
Download Windows Embedded 8 Standard
Drivers, Software & Firmware for HP t610 Flexible Thin Client
Managing HP Thin Clients with SCCM 2012 SP1 (PDF)
Deploying the ConfigMgr Client to WES Devices
ELM Technical Reference (WES8)

Monday, January 13, 2014

No MS TechEd next year anymore?

Last year Microsoft cancelled MMS (Microsoft Management Summit) with the words: We are excited to announce that in 2014, we are bringing together the best of TechEd and MMS at TechEd North America in Houston. Beside of MMS the future of MS TechEd seems to be uncertain also. This because there's a date for TechEd North America already, but still not for Europe. Because it's 2014 already, it's kinda late to announce a date? Maybe it will be an October/November event; but likely it's not happening..

Looking for more information the following is found:
TechEd North America 2014, May 12-15
If the rumors are right, this year's TechEd may be the last. The content at TechEd North America this year also is expected to include some management-specific tracks, as the Microsoft Management Summit (MMS) is now being folded into this show.
TechEd Europe 2014, October (dates and location not yet public)
There had been some speculation Microsoft might drop TechEd Europe this year. But thanks to info unearthed by one of my contacts, it sounds like the show will go on (at least this year).
Source: What's on Microsoft's conference calendar for 2014

Let's hope there will be more information in a few weeks!

Microsoft Management Summit (MMS) is officially no more
Starting this year we are merging MMS with TechEd
Are the Days of the Microsoft IT Pro Numbered?
TechEd Europe 2014 Forums (Channel 9)
Join the TechEd Europe Mailing List

Friday, January 3, 2014

Happy New Year !!

From today I'm back in business again. Doing Microsoft System Center will be great again in 2014. This because of the System Center 2012 R2 and Windows Intune v5 release last year. Also Windows Intune integration in ConfigMgr offers more possibilities than ever before. This year expect more news on Thin Client and Mobile Device Management to come. You've already guessed it:
2014 will be a great System Center year again!

From this place I want everybody wish a healthy, happy and successful 2014.

May this new year all your dreams turn into reality and all your efforts into great achievements.

Happy New Year !!