RSS

Monthly Archives: January 2013

Installing ConfigMgr 2012 SP1 using an SQL 2012 cluster: time to find out something…

Recently a customer asked me if it was possible to install a ConfigMgr 2012 SP1 Site database on an SQL 2012 cluster. My answer was: yes it is and the following TechNet location confirms this:

http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSQLDBconfig

However, even though it is supported, I wanted to find out myself. If you’re doing a lot of ConfigMgr 2012 implementations, then you probably won’t be confronted so much with clustering, except for SQL. At most projects, many organizations don’t really use physical servers anymore for ConfigMgr 2012 since it works quite nicely on a virtual platform. Most of these hypervisor platforms use clustering technologies which allows failover of virtual machines. Personally, if such failover mechanisms are available I won’t really bother to use an SQL cluster to host my site databases. I’d use a single server deployment instead.

The customer’s question allowed me to do some testing and I thought: let’s find out how to do this so I might learn something too 😉

Someone informed me that building clusters using Windows Server 2012 has been simplified dramatically so I felt comfortable trying it out.

In my lab environment (my domain is named domain1.local) I did the following:

  • I built a Windows Server 2012 machine to host an iSCSI target with 2 iSCSI disks, one disk for the SQL database and one quorum disk
  • I built two Windows Server 2012 machines which were configured as cluster nodes
  • I installed SQL 2012 on the cluster nodes which meets the requirements for ConfigMgr 2012 SP1. The cluster’s FQDN was named SQLCLU.domain1.local
  • I set the required permissions to successfully create an SQL 2012 database during ConfigMgr 2012 SP1 setup
  • I installed a stand-alone Primary Site to test if this works.

During the setup I filled in the name of the SQL cluster which looks like this:

 

012313_2313_InstallingC1.png

When setup was finished, I noticed the following in the ConfigMgr 2012 SP1 Console (don’t bother the hostname and the Site type I chose):

I see both cluster nodes AND the SQL cluster displayed as Site Systems, sweet…

I fooled around a bit by shutting down one of the nodes to verify if failover works as expected and if the ConfigMgr 2012 SP1 Console showed any glitches. Everything worked like a charm J

So yes, it works and using Windows Server 2012 makes it painfully easy to build and configure…

I didn’t try the following:

  • Building a cluster using a Scale-out File Server share as cluster storage, this is something I need find out some other time
  • I didn’t try SQL mirroring since ConFigMgr 2012 SP1 doesn’t support this

As usual, try it out yourself in a test environment before using it in a production environment…

 

Replacing Sophos Endpoint Protection with System Center Endpoint Protection 2012: a nasty challenge…

Organizations who introduce ConfigMgr 2012 also reconsider which antimalware technology they want to use. In many cases, cost reduction is one of the main goals to have ConfigMgr 2012 introduced, along with other products of the System Center 2012 Suite. The integration of System Center Endpoint Protection 2012 induces many organizations to rethink their antimalware strategy and the technology used as well. Unfortunately for other vendors, I’ve seen many antimalware products become obsolete and replaced by System Center Endpoint Protection 2012.

The System Center Endpoint Protection 2012 client is able to automatically uninstall many antimalware clients. Sophos Endpoint Protection, however, is not on that list.

Clients who need to have System Center Endpoint Protection 2012 installed, need an uninstall action first to make sure Sophos Endpoint Protection is gone before System Center Endpoint Protection 2012 is installed.

First you need to make sure that an Endpoint Protection Point exists and that clients are managed by ConfigMgr 2012 but do not receive an automatic installation of System Center Endpoint Protection 2012.

For both antimalware products, two applications are created with all the required information being available. For Sophos Endpoint Protection, the correct uninstall procedure needs to be followed which is available at the following location:

http://www.sophos.com/en-us/support/knowledgebase/12360.aspx

The procedure needs to be converted in a way so ConfigMgr 2012 will be able to have it correctly executed.

We’re going to use the Application Supersedence feature of ConfigMgr 2012 to automatically supersede Sophos Endpoint Protection by System Center Endpoint Protection 2012.

It looks like this:

012013_1513_ReplacingSo1.png

You may need to restart the computer when deployment of System Center Endpoint Protection 2012 is finished to make sure all Sophos related items are completely uninstalled…

Looking at the uninstall procedure Sophos uses, I have to admit that it’s a rather nasty way on correctly uninstalling a software product.

 

ConfigMgr 2012: an example how to configure application requesting…

ConfigMgr 2012 has some great improvements for managing applications. A great feature is the Application Catalog where user targeted applications are available for installation. These deployments must be set as ‘Available’ instead of ‘Required’ or they will not be displayed in the Application Catalog.

A great additional feature is letting users request for approval to get an application deployed. This provides us tons of opportunities for introducing ‘on-demand’ scenarios which might lower administration because you are no longer really depending on Active Directory Security Groups. If you do use these Security Groups, then you might use this method to detect how many users actually need an application. This allows you to manage licensing for an application.

In this blog I demonstrate what happens when a user receives an application for which he needs to request approval. The application in this example is Adobe Reader XI. The standard .msi is used, no fancy configurations or modifications.

I created a deployment for this application which is targeted to ‘All Users’.

012013_1315_ConfigMgr201.png

The Deployment Settings are configured as the screenshot above displays.

A user named ‘Marc’ logs on to his workstation and visits the Application Catalog.

012013_1315_ConfigMgr202.png

He sees Adobe Reader XI available for him be he needs to request approval, which he does by clicking the ‘Request’ button…

012013_1315_ConfigMgr203.png

He writes down his reason and submits…

012013_1315_ConfigMgr204.png

Now he must wait until his request is approved.

The administrator will see this request in the ConfigMgr 2012 Console.

Under ‘Approval Requests’, the administrator sees a request pending.

By clicking ‘Approve’, the administrator gets an approval windows which allows him to approve the request.

By pressing OK, the request is approved.

Yeeeeh, Marc receives his approval.

Back in the Catalog, Marc can install his application.

Get on with it J

Installation complete…

Marc is happy to use Adobe Reader XI…

 

ConfigMgr 2012: Collection exclusion, an example…

In my previous post I demonstrated collection inclusion which allows you to create a collection that has other collections included. Using this method, you can create ‘merger’ collections which allows you target something to a big group of objects instead of creating a separate deployment for each collection included.

You can also exclude collections which had objects in other collections that are included. This method can be used if you want to create exceptions.

This blog demonstrates a simple example of this feature.

In my lab environment, I created three collections (CL01, CL02 and CL03) which have only one member each. Each collection has a query rule with the following criteria:

System.Resource.Name is equal to CLXX

where ‘XX’ can be 01, 02 or 03.

Next, I create a collection called ‘All Clients except CL03’. My lab environment has only three clients and no other machines have a ConfigMgr 2012 client installed. This allows me to include the ‘All Desktop and Server Clients’ collection and exclude my CL02 collection.

In this example, it looks like this:

012013_1227_ConfigMgr201.png

After refreshing my collection this is the result:

CL03 is not there…

As usual: familiarize yourself with creating these collections and verify that you get the objects you expect before targeting something to these collections.I don’t believe it’s a recommended practice to use the ‘All Desktop and Server Clients’ collection in production environments for this purpose…

 

ConfigMgr 2012: Collection inclusion, an example…

One of the biggest challenges in ConfigMgr 2012 is targeting something to the right bunch of computers or users. The real challenge is finding the right approach that works best for you. You may be aware that finding the right approach is more a organizational and/or political than a technical one.

In the previous version of ConfigMgr, 2007, administrators were able to create a complete tree structure of collections and ‘child’ collections. While this approach may work for a lot of administrators, I opposed this strategy. The main reason is: dependencies. Personally I like to keep things as flat as possible to eliminate the dependency structure that gets created during time.

Fortunately (in my opinion), it is not possible anymore to create a tree structure of collections in ConfigMgr 2012.

ConfigMgr 2012 allows you to create collections and include other collections as membership rules. This allows you to ‘merge’ collections into a big collection.

This blog demonstrates a simple example of this feature.

In my lab environment, I created three collections (CL01, CL02 and CL03) which have only one member each. Each collection has a query rule with the following criteria:

System.Resource.Name is equal to CLXX

where ‘XX’ can be 01, 02 or 03.

Next, I create a collection called ‘All Clients’ and I will include the thee collections mentioned earlier.

The membership rules look like this:

012013_1207_ConfigMgr201.png

After refreshing the collection my clients are in my ‘All Clients’ collection:

The benefit of using this method might result in less query rules which will have a possible effect on the performance of you ConfigMgr 2012 Site Database.

As usual: familiarize yourself with creating these collections and verify that you get the objects you expect before targeting something to these collections…

 
 
Steve Thompson [MVP]

The automation specialist

Boudewijn Plomp

Cloud and related stuff...

Anything about IT

by Alex Verboon

MDTGuy.WordPress.com

Deployment Made Simple

Modern Workplace

Azure, Hybrid Identity & Enterprise Mobility + Security

Daan Weda

This WordPress.com site is all about System Center and PowerShell

IT And Management by Abheek

Microsoft certified Trainer -Abheek

Heading To The Clouds

by Marthijn van Rheenen