RSS

Monthly Archives: July 2012

Patch Management in SCCM 2012: use Automatic Deployment Rules to keep downloaded updates to a minimum

The Automatic Deployment Rules is a very nice feature which allows administrators to distribute updates automatically according to their policies.

Most of the time two rules are created:

  • A rule that runs daily for System Center Endpoint Protection 2012 definition updates
  • A rule that runs once a month after Patch Tuesday

On a regular basis I notice that many companies download all available updates.

Many of those are not required by any machines, SCCM 2012 is able to check how many machines require a specific update.

Basically this is a waste of time, bandwidth consumption and disk space.

 

Fortunately, it is possible not to include any update that is not required.

During the creation of the Automatic Deployment Rule, it is possible to choose the property filter ‘Required’.

In the screenshot below the criteria has been set that the update should be downloaded and deployment if at least 1 machine requires it.

 

The other search criteria are pretty common, notice that the date released has not been set. In the rare circumstance that a very old update is required it will still be downloaded and deployed.

The effects on this are very minimal, this rule is scheduled to run once per month (in this example every second Friday of the month).

 

This rule is very simple and straightforward. Depending on your organization the criteria might change but the Required option only downloads the needed updates.

 

NOTE: Offline Servicing of updates will also run much shorter since this feature only attempts to insert updates which have been downloaded

 

Advertisements
 

Installing SCCM 2012 using SQL 2012 Enterprise: not supported, but it works

Microsoft provides a clear overview of supported configurations of SQL for SCCM 2012.

The overview is available at http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSQLSrvReq

Only SQL 2008 and SQL 2008 R2 with the required Service Packs and Cumulative Update Packs are supported.

 

To check if SQL 2012 would work with SCCM 2012, a lab environment has been setup to see if SCCM 2012 can be installed using an SQL 2012 database.

After providing the SQL 2012 information during SCCM 2012 setup, the installation continues after providing the correct information.

The lab environment consists of a separate SQL server with a default instance, this may not be the recommended environment but it’s just a lab.

SCCM 2012 is successfully installed using an SQL 2012 database so it works.

 

I don’t recommend using SQL 2012 for SCCM 2012 in a production environment until Microsoft considers it a supported configuration.

I expect similar behavior with other products of the System Center 2012 Suite.

 

SMSPXE.log analysis with SCCM 2012: CacheExpire duration not available

SCCM 2012 integrates PXE in a distribution point, this major change compared to SCCM 2007 is also a major improvement.

A common issue is SCCM 2007 is described in http://support.microsoft.com/kb/2019640

The article also describes how to fix the issue.

At my current project I noticed that when a deployment had failed or terminated by myself, it was possible to quickly run it again.

In case of an unknown computer, removing the ‘Unknown’ object with the matching MAC address does the trick.

Once the object is deleted from the site database, a PXE initiated Task Sequence can quickly be run again.

To see what’s happening, analysis of the SMSPXE.log provides the following information (use CMtrace tool to simplify the reading process):

  • The first part of the log is the following: Client boot action reply: <ClientIDReply><Identification Unknown=”0″ ItemKey=”2046820353″ ServerName=”” ServerRemoteName=””><Machine><ClientID>7abf2aff-75c6-4ff8-9ccb-31e79114ed0b</ClientID><NetbiosName/></Machine></Identification><PXEBootAction LastPXEAdvertisementID=”” LastPXEAdvertisementTime=”” OfferID=”P0120006″ OfferIDTime=”7/5/2012 2:35:00 PM” PkgID=”P0100026″ PackageVersion=”” PackagePath=”http://SCCM01.domain1.local/SMS_DP_SMSPKG$/P0100001&#8243; BootImageID=”P0100001″ Mandatory=”0″/></ClientIDReply>
  • The next step is identifying the client: Client Identity: c4299f51-8709-47e0-a092-7f96c3d84100
  • PXE is trying to locate the boot image (in this example the x86 version of boot.wim): PXE::CBootImageManager::FindMatchingArchitectureBootImage followed by PXE::CBootImageManager::FindBootImage: P0100001
  • Once found, the image is transported to the client machine: Looking for bootImage P0100001, then PXE::CBootImageCache::FindImage and PXE::CBootImageInfo::UpdateAccessTime and Set media certificate in transport and Set authenticator in transport (logged twice)

The steps displayed here clearly show there’s no mention anymore of any CacheExpire setting.

I suspect the behavior of Windows Deployment Services (WDS) is heavily altered by SCCM 2012. Either the cache duration is really small (like the 120 seconds mentioned in the KB article) or not used at all.

 

Test Blog

This blog is just a test to check if a blog post using Word 2010 is possible.

If this test proves to be successful, then it makes sense to check and revisit my blogs…

 
Leave a comment

Posted by on 11/07/2012 in Uncategorized

 

Using Package Conversion Manager for SCCM 2012: a very nice feature

Hi everyone,

SCCM 2012 has been out for a while now, which also means that more documentation and books are being released. I consider the book ‘Mastering System Center 2012 Configuration Manager’ a must read (ok there are a few spelling errors, let’s not be too fussy about it though).

The book describes the tool Package Conversion Manager (PCM) which caught my attention (the biggest part of the book contains things I already know so I skip those). PCM is a very convenient tool when migrating from SCCM 2007 to SCCM 2012.

More information is available at Technet: http://technet.microsoft.com/en-us/library/hh531519.aspx

At my current project I walked an ‘as-is’ path from SCCM 2007 to SCCM 2012. So I have packages instead of applications. This allowed me to give this tool a shot since the migration itself went smoothly.

Using applications rather than packages for distributing software provides greater flexibility, especially if you use MSI packages created by a packaging professional. It also allows me to make my Task Sequences shorter using the ‘Install Application’ task.

Too bad only 10 applications can be selected in one task…

Nevertheless, I think I’m going to recommend using the PCM as a best practice when designing and building SCCM 2012 environments…

 

 

 

Issue creating an MDT 2012 Task Sequence in SCCM 2012

Just a quick one…

Currently I’m building a new SCCM 2012 environment and at the customer’s request MDT 2012 is integrated in SCCM 2012.

Generating a new MDT Task Sequence resulted in similar behavior mentioned at Niall Brady’s website windows-noob.com (a must visit for everyone who works with SCCM since Niall writes great guides):

http://www.windows-noob.com/forums/index.php?/topic/5399-mdt-2012-and-sccm-2012-integration-error/

In my scenario, McAfee antivirus caused the problem.

McAfee’s default AV policy blocks access to any autorun.inf file, this is something I learned from the administrator of my customer…

The easiest solution is to delete the autorun.inf file mentioned in the forum topic, this worked for me as well. I had to do the same trying to import drivers which contain this file as well…

 

 

 

 
 
Steve Thompson [MVP]

The automation specialist

Boudewijn Plomp

Cloud and related stuff...

Anything about IT

by Alex Verboon

MDTGuy.WordPress.com

Deployment Made Simple

Modern Workplace

Azure, Hybrid Identity & Enterprise Mobility + Security

Daan Weda

This WordPress.com site is all about System Center and PowerShell

IT And Management by Abheek

Microsoft certified Trainer -Abheek

Heading To The Clouds

by Marthijn van Rheenen