Tuesday, April 28, 2015

My findings after a large ConfigMgr deployment with Site servers worldwide

Last month I did a large ConfigMgr deployment. Last years I did dozens of implementations, but this one was special. This because beside The Primary Site server installation, ten (10) remote Site servers must be installed as well. I did this before also, but only twice on global scale. This time remote Site servers were placed in almost all continents, which is very cool if you ask me :-)

When having locations worldwide (with around 3.000 systems to manage), you must think about low bandwidth and/or high latency issues. Therefore your design must fit, so synchronization works, and OS deployment can be done in almost all continents worldwide. After a few weeks implementation all went fine. In this blogpost I will mention my findings so far. Hope they will be useful.

 
Special tasks provided during implementation:
-Application Catalog (doesn't work out-of-the-box always)
-Asset Intelligence - Licensing (easy to configure, nice to have)
-Asset Intelligence - Software (empty by default, but useful when configured)
-Compliance Settings - Configuration Items and Baselines (empty by default, but useful when configured)
-Monitoring Content transfer (different locations)
-Pull Distribution points (very useful if you ask me)
-Software Metering (doesn't work out-of-the-box always)

Special collections created for overview:
-Departments (all departments)
-Locations (all locations)
-Operating Systems (all operating systems)
-System Type (all system types)
Queries on Computer name, Model and System Type are used.
With all queries available and nested collections, you can create anything you want! :-)

Special tasks provided during OS deployment:
-BIOS Configuration Utility (HP)
-Define Active Directory OU Location
-Define and set Default Timezone
-Keep data & Format disk task sequence
-Set BIOS Password when not available (HP)
-Set Default Management Point (Affinity)

Very cool to see both Pull Distribution points and Management Point Affinity working. Furthermore Rate Limits on Remote Site servers are great to configure bandwidth usage. You can do so much in ConfigMgr, that almost everything is possible :-)

Have a look at "Most wanted features in ConfigMgr requested by customers" for functionality (still) missing in ConfigMgr.

Websites used during implementation:
-SCCM 2012 – Inventoried Software is empty?
-Monitor Virus guard definition level from SCCM 2012 compliance management
-Enable TPM for BitLocker usage during OS deployment on endpoints (part 2)
-How to add devices to different OU’s during deployment
-Chassis Types and query-based Collections (part 2)

Tuesday, April 21, 2015

My scheduled sessions and product focus on Microsoft Ignite

Within 2 weeks Microsoft Ignite is there! As for March 31st, the Microsoft Ignite general attendee registration is SOLD OUT! With around 20,000 attendees in attendance, it will be a great event full off Microsoft announcements and new technology. More about that can be found HERE. In this blogpost I mention my focus on products and sessions scheduled (for the moment).

When we look on products first, the following have my attention:
- Microsoft Azure (Update)
- Microsoft Deployment Toolkit (Update)
- Microsoft Intune (Enterprise Mobility)
- System Center 'vnext' (ConfigMgr and OpsMgr)
- Windows 10 (Technical Preview)

Well, that's not a lot you may think :-)
Most of sessions scheduled will be about Windows 10, which has my attention definitely:
- Azure AD and Windows 10 together
- Creating Kiosk Devices with Windows 10
- Deploy Windows 10 with ConfigMgr and MDT
- Manage Windows 10 with Intune and ConfigMgr
- Provisioning Windows 10 with New Tools
- Troubleshooting Windows 10
- Upgrading to Windows 10: In Depth
- What's New in Windows 10
- Windows 10 for Education
- Windows 10 for Enterprises
- Windows 10 for Mobile Devices

And so on..

Using the next version of Configuration Manager (ConfigMgr), Microsoft Intune or Deployment Toolkit, it will be even more great! It's not about Windows 10 only, it's about the new way of managing the operating system. With Azure AD, ConfigMgr 'vnext' and Intune there will be a lot of new possibilities for that. Sounds great isn't it?!

Expect a lot of tweets and blogposts around Microsoft Ignite from me, and lot's of other people love sharing knowledge.

Follow me on Twitter: @henkhoogendoorn

More blogposts on Microsoft Ignite:
Microsoft Ignite general attendee registration is SOLD OUT!

Monday, April 20, 2015

Current and upcoming features you’ll love in monitoring with Microsoft

Sponsor post

Join our exclusive webinar with MVPs Cameron Fuller and Bob Cornelissen (Jalasoft)

Operations Manager is continuously evolving! This includes management packs, new ways of looking at monitoring and gaining insight into monitored business services, cloud services, and more.

This webinar explores new developments in the Microsoft monitoring sphere, as well as developments in SCOM and Azure Operational Insights and how to benefit from these options: 
 
  • Hear about changes in the current product to monitor your environment more effectively.
  • Learn tips and tricks to be more effective as an Operations Manager administrator.
  • See possibilities of Operational Insights and how the solutions from the Cloud can augment your monitoring.
  • Explore the futures of SCOM and monitoring solutions from Microsoft.

Join us this Thursday, April 23rd, 2015 at 12:00 EDT / 11:00 CDT / 18:00 CEST.

Wednesday, April 15, 2015

The task sequence cannot be run because the program files cannot be located

After installing ConfigMgr with multiple remote Site servers (distribution points), we decided to configure half off them with a Fast connection, and half of them with a Slow connection. This can be configured on the boundary group, which contains one or multiple boundaries and is connected to all site servers. That way you are sure that content is downloaded from the local server and no or less WAN traffic takes place. But than it happens..
 
When starting deployment on Site servers deployment fails with the following error: Failed to run Task sequence. The task sequence cannot be run because the program files for ******** cannot be located on a distribution point. For more Information, contact your System Administrator or Helpdesk Operator.
In this case the package is the ConfigMgr client package.

We did the following to troubleshoot the issue:
-Check if boundary groups are connected to site servers and boundaries are set
-Redistribute and Validate the ConfigMgr client package on multiple site servers (multiple times)
-Check if VLAN communication is working on security, firewall and access control list


The following errors are seen in SMSTS.log
-Content location request for PR100003:3 failed. (Code 0x80040102)
-Failed to resolve PackageID=<?>
-Failed to resolve selected task sequence dependencies. Code(0x80040102)
-ThreadToResolveandExecuteTaskSequence failed. Code(0x80040102)


When looking on Microsoft TechNet forums, the error code has a relation with boundaries, boundary groups and/or the network access account. This was in our situation not the case. After deploying systems on site servers with a Fast connection, everything seems to be okay? When deploying systems on site servers with a Slow connection however not. When changing connection speed on boundary groups back from Slow to Fast the issue is gone. Above issue is because you have configured a boundary group on a Slow connection, not specific because the boundaries, boundary groups and/or network access account is configured wrong. https://social.technet.microsoft.com/Forums/en-US/949574ac-c947-4ff4-a817-263014246ee2/osd-failed-package-cannot-be-located-on-distribution-point
 
When looking on Microsoft TechNet Library, the following is mentioned: You can configure the network connection speed of each distribution point in a boundary group. Clients use this value when they connect to the distribution point. By default, the network connection speed is configured as Fast, but it can also be configured as Slow. The network connection speed and the deployment configuration determine whether a client can download content from a distribution point when the client is in an associated boundary group. https://technet.microsoft.com/en-us/library/gg712679.aspx
 
Strange thing is, that nothing is found on this specific configuration. I rest my case and leave it on Fast connection for now. For it seems you cannot start OS deployment on systems which are using a site server with Slow connection boundary group? That makes no sense however, because on software packages you can decide what to do on Slow or Fast connections. On a task sequence deployment this cannot be configured. Hope that someone can explain this behaviour, because otherwise Slow connection is kind of useless if you ask me.
https://social.technet.microsoft.com/Forums/en-US/2fbd2270-88e4-4fff-add1-5839b6b9b712/prevent-osd-over-wireless-and-vpn-networks

Another one bites the dust!

Monday, April 13, 2015

Enable TPM for BitLocker usage during OS deployment on endpoints (part 2)

Last year I did deployment with BitLocker usage on Dell systems. You can find more information about that here: Enable TPM for BitLocker usage during OS deployment on endpoints. This time I will do the same, but then on HP systems. As mentioned last time I didn't used it before. Let's have a look at possibilities on HP boxes. With this configuration there's no need for manually actions.

HP is offering a few websites for more information:
Client Management Solutions
HP BIOS Configuration Utility

When installing HP BIOS Configuration Utility (BCU) 4 files will be found. These are:
-BCUErr.cfg
-BIOS Configuration Utility User's Guide
-BIOSConfigUtility.exe (for x86 boot image)
-BIOSConfigUtility64.exe (for x64 boot image)
 
The HP BCU settings file is created with BiosConfigUtility.exe and /getconfig:<file> parameter. This file is used during deployment with /setconfig:<file> parameter. Have a look at BIOS Configuration Utility User Guide for more information on this.BCU also has the ability to establish, modify, and remove the BIOS setup password. Use the HP Password Encryption Utility (HPQPswd.exe) to create the password file needed to specify new or current password.

Use the following sample command to create a setup password on a system with no existing password:
BIOSConfigUtility.exe /nspwdfile:"new password.bin"
Use the following sample command to modify the BIOS setup password use:
BIOSConfigUtility.exe /nspwdfile:"new password.bin" /cspwdfile:"current password.bin"
Use the following sample command to remove the BIOS setup password use:
BIOSConfigUtility.exe /nspwdfile:"" /cspwdfile:"current password.bin"

NOTE: A password change command can be combined with BIOS configuration, in which case the password is modified before the configuration is applied.
BIOSConfigUtility.exe /set:"configuration.txt" /nspwdfile:"new password.bin"


The HPQPSDW utility is started with a GUI and an encrypted BIN file is created. With this file the system administrator password is set or changed. Download: HP System Software Manager

With this information both password can be set and BIOS settings can be changed. Just great if you ask me!

Other posts on BitLocker:
How to Enable BitLocker, Automatically save Keys to Active Directory
Enable TPM for BitLocker usage during OS deployment on endpoints
BitLocker fails in task sequence because of false condition

Tuesday, April 7, 2015

New Microsoft System Center and Windows versions coming!

This is a great year again because of new Microsoft System Center and Windows versions coming soon. Let's have a look at some big announcements so far! It's really a hugh list this time.

ConfigMgr 2012 R2 SP2 is first in line, which contains Cumulative Update (CU) 1-4 and even more hopefully. It will be released probably around Microsoft Ignite which is held in Chicago in May. There will be an update also to support Windows 10 deployment, upgrade and management with existing ConfigMgr features.
Source: WindowsITPro.com

Windows 10 is expected in September this year. A new Preview version is expected probably around Microsoft Build which is held in San Francisco in April/May. Windows 10 may be the best OS since Windows 7 finally! Windows 10: One product family, One platform, One store. Love it! Update: Windows 10 Launching This Summer in 190 Countries and 111 Languages already.
Source: Blogging Windows

Windows 10 ADK, which is needed to deploy Windows OS to new computers, will be released around Windows 10. A Preview version can be downloaded already: Download Center
Note: Before you even try, this version is NOT compatible with MDT 2013 (6.2.5019.0) or ConfigMgr 2012 R2.
Source: Deployment Research

Windows Server 'vnext' (2016) is expected in H1 next year. Because of strong focus on Cloud (Azure), expect more integration on that part. The Windows Server Technical Preview can be downloaded here: Windows Server Evaluations
At this technical preview milestone, many of the features and scenarios of Windows 10 and Windows Server are still in development and are not intended for broad production roll out.

The System Center Technical Preview delivers unified management across on-premises, service provider, and Microsoft Azure environments, thereby enabling the Microsoft Cloud OS. You need to be running Windows Server Technical Preview and Microsoft SQL Server 2014. Expect a final release somewhere in 2015.
Download: TechNet Evaluation Center
Source: The System Center Team Blog

The next version of ConfigMgr will deliver full support for client deployment, upgrade, and management of Windows 10 and associated updates. The next version of ConfigMgr, will ship in a timeframe that aligns with Windows. Microsoft has decided not to ship a ConfigMgr preview at this time, and will do so in H1 CY15.
Source: System Center Configuration Manager Team Blog
Source: Server & Cloud Blog

Office 365: Since last week built-in mobile device management (MDM) is available for Office 365 commercial plans. With MDM for Office 365, you can manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices, without the need for Microsoft Intune.
Source: Feature Comparison with MDM for Office 365

Microsoft Intune: In addition, as Windows 10 delivers advanced mobile device management (MDM) to support evolving enterprise requirements, Intune will provide the leading mobile-first, cloud-first management capabilities for Windows 10.
Source: System Center Configuration Manager Team Blog

Office 2016 for Windows and Mac has been in private preview for several months, though anyone could request access if they were so inclined. Microsoft has expanded the program in March to it's commercial Office 365 customers, interested in testing the upcoming release. The reason today’s Skype technical preview is tied to Office 2016 is simple: Skype for Business will be part of the suite! Office 2016 will be launching in the second half of this year.
Download: Microsoft Connect
Source: Office Blogs & VentureBeat

Can't wait to install the bits later this year! Life is good :-)

More blogposts on this topic:
My personal experience with Windows 10 Technical Preview
Feature Comparison with MDM for Office 365

Wednesday, April 1, 2015

Microsoft Ignite general attendee registration is SOLD OUT!

As for March 31st, the Microsoft Ignite general attendee registration is SOLD OUT! With around 20,000 attendees in attendance, it will be a great event full off Microsoft announcements and new technology. Love it! When you're as lucky as me to have a Full Conference Pass, just visit the following websites for more information: 
http://ignite.microsoft.com/
ttp://www.choosechicago.com/microsoftignite/
http://channel9.msdn.com/Shows/Microsoft-Ignite-Countdown/Countdown-To-Microsoft-Ignite-CD9
https://johnacook.wordpress.com/2015/01/05/things-to-do-in-chicago-when-at-microsoft-ignite/
https://twitter.com/Begley_D/lists/Chicago
https://channel9.msdn.com/Forums/MicrosoftIgnite
https://myignite.microsoft.com/

Today with MyIgnite you can:
-Access Schedule Builder to search for session and labs that interest you and build your personalized conference schedule
-Join the Yammer Network and start discussions with speakers and your peers
-Edit your profile
-View sponsors and exhibitors


Busy now filling my schedule with lots of great sessions :-)
Just awesome to be part of this, and expect way more in the next coming months!

Update: when more links available I will update this blogpost.

More blogposts on Microsoft Ignite:
My scheduled sessions and product focus on Microsoft Ignite