February 2009 - Posts
Wow, I would never have dreamed that this little blog would be viewed by 50,000 people let alone be seen in 145 countries. Below is a chart of the Visits. It is about to be archived and a new clean map will appear on the left of this blog in the coming days.
So to those of you who read my blog Thank You.
And a Special thanks to MyITForum and Rod Trent for hosting it.
| Current Country Totals From 3 Mar 2008 to 6 Feb 2009 | |
| Country | Count |
| United States (US) | 28,578 |
| United Kingdom (GB) | 2,397 |
| Canada (CA) | 1,703 |
| Australia (AU) | 1,349 |
| Germany (DE) | 989 |
| Netherlands (NL) | 956 |
| India (IN) | 928 |
| Sweden (SE) | 719 |
| France (FR) | 700 |
| Belgium (BE) | 557 |
| Denmark (DK) | 470 |
| Italy (IT) | 409 |
| Europe (EU) | 352 |
| Switzerland (CH) | 347 |
| Norway (NO) | 311 |
| South Africa (ZA) | 289 |
| Spain (ES) | 287 |
| Finland (FI) | 278 |
| Brazil (BR) | 255 |
| Russian Federation (RU) | 251 |
| New Zealand (NZ) | 201 |
| Israel (IL) | 159 |
| Poland (PL) | 153 |
| Turkey (TR) | 149 |
| China (CN) | 144 |
| Portugal (PT) | 144 |
| Malaysia (MY) | 143 |
| Singapore (SG) | 134 |
| Mexico (MX) | 131 |
| Austria (AT) | 129 |
| Ireland (IE) | 120 |
| Japan (JP) | 118 |
| Czech Republic (CZ) | 115 |
| Argentina (AR) | 112 |
| Hungary (HU) | 111 |
| Asia/Pacific Region (AP) | 111 |
| Hong Kong (HK) | 110 |
| Thailand (TH) | 96 |
| Romania (RO) | 93 |
| Taiwan (TW) | 83 |
| Ukraine (UA) | 83 |
| Croatia (HR) | 81 |
| Saudi Arabia (SA) | 77 |
| United Arab Emirates (AE) | 74 |
| Greece (GR) | 74 |
| Slovenia (SI) | 62 |
| Egypt (EG) | 62 |
| Korea, Republic of (KR) | 59 |
| Philippines (PH) | 55 |
| Sri Lanka (LK) | 54 |
| Indonesia (ID) | 50 |
| Luxembourg (LU) | 48 |
| Bulgaria (BG) | 46 |
| Serbia (RS) | 45 |
| Slovakia (SK) | 45 |
| Lithuania (LT) | 40 |
| Chile (CL) | 36 |
| Puerto Rico (PR) | 34 |
| Latvia (LV) | 30 |
| Peru (PE) | 30 |
| Vietnam (VN) | 30 |
| Pakistan (PK) | 30 |
| Ecuador (EC) | 23 |
| Colombia (CO) | 23 |
| Kuwait (KW) | 22 |
| Lebanon (LB) | 21 |
| Iran, Islamic Republic of (IR) | 18 |
| Estonia (EE) | 18 |
| Trinidad and Tobago (TT) | 17 |
| Venezuela (VE) | 15 |
| Qatar (QA) | 15 |
| Oman (OM) | 13 |
| Panama (PA) | 13 |
| Jordan (JO) | 13 |
| Jamaica (JM) | 12 |
| Costa Rica (CR) | 12 |
| Bosnia and Herzegovina (BA) | 12 |
| Algeria (DZ) | 11 |
| Morocco (MA) | 11 |
| Kazakstan (KZ) | 11 |
| Macedonia (MK) | 11 |
| Belarus (BY) | 11 |
| Nigeria (NG) | 10 |
| Iceland (IS) | 9 |
| Malta (MT) | 9 |
| Uruguay (UY) | 9 |
| Guatemala (GT) | 9 |
| Bahrain (BH) | 9 |
| Dominican Republic (DO) | 8 |
| Cyprus (CY) | 8 |
| Ghana (GH) | 7 |
| Tunisia (TN) | 7 |
| Bolivia (BO) | 7 |
| Bermuda (BM) | 7 |
| Azerbaijan (AZ) | 7 |
| Faroe Islands (FO) | 6 |
| Kenya (KE) | 5 |
| Macau (MO) | 5 |
| Georgia (GE) | 5 |
| El Salvador (SV) | 4 |
| Moldova, Republic of (MD) | 4 |
| Albania (AL) | 4 |
| Uganda (UG) | 4 |
| Namibia (NA) | 4 |
| Botswana (BW) | 4 |
| Mauritius (MU) | 4 |
| Liechtenstein (LI) | 3 |
| Bangladesh (BD) | 3 |
| Virgin Islands, U.S. (VI) | 3 |
| Honduras (HN) | 3 |
| Nicaragua (NI) | 3 |
| Nepal (NP) | 3 |
| Syrian Arab Republic (SY) | 3 |
| Cambodia (KH) | 3 |
| Yemen (YE) | 2 |
| Sudan (SD) | 2 |
| Barbados (BB) | 2 |
| Netherlands Antilles (AN) | 2 |
| Myanmar (MM) | 2 |
| Bahamas (BS) | 2 |
| Cuba (CU) | 2 |
| Libyan Arab Jamahiriya (LY) | 2 |
| Iraq (IQ) | 2 |
| New Caledonia (NC) | 1 |
| Greenland (GL) | 1 |
| Rwanda (RW) | 1 |
| Papua New Guinea (PG) | 1 |
| Tanzania, United Republic of (TZ) | 1 |
| Malawi (MW) | 1 |
| Ethiopia (ET) | 1 |
| Reunion (RE) | 1 |
| Zambia (ZM) | 1 |
| Angola (AO) | 1 |
| Madagascar (MG) | 1 |
| Senegal (SN) | 1 |
| Mauritania (MR) | 1 |
| Cayman Islands (KY) | 1 |
| Falkland Islands (Malvinas) (FK) | 1 |
| Palestinian Territory (PS) | 1 |
| Guadeloupe (GP) | 1 |
| Northern Mariana Islands (MP) | 1 |
| Martinique (MQ) | 1 |
| Afghanistan (AF) | 1 |
| Mongolia (MN) | 1 |
| Aruba (AW) | 1 |
So I started down the journey of upgrading to R2. I have no clue what we are going to use in R2 yet but since we own it I figured I might as well install it now before I get fully deployed this way I can just install everything at new sites that I bring online.
*************************************************************************************************
Configuration Manager Feature Release 2 Summary
Application Virtualization Management
Configuration Manager 2007 supports running sequenced applications created using the Microsoft Application Virtualization Platform. Virtual application packages run on Configuration Manager 2007 client computers without having to install the software application on the local computer. Target computers must be running Windows XP or above to run virtual application packages.
After you create a sequenced application using the Microsoft Application Virtualization Sequencer, you must import the package into Configuration Manager 2007 and deploy the virtual application package to Configuration Manager 2007 clients.
New Operating System Deployment capability
The following enhancements are included in Configuration Manager 2007 R2:
- Unknown computer support—In Configuration Manager 2007 R2, you can deploy operating systems to computers using a PXE service point without first adding the computer to the Configuration Manager database.
- Multicast deployment—Previously, all operating system deployments used unicast. Multicast can make more efficient use of network bandwidth when deploying large images to several computers at the same time.
- Running command lines in task sequences with credentials other than the local system account.
Client Status Reporting
Provides a set of tools and Configuration Manager 2007 reports to assess the status of client computers, sometimes referred to as "client health." Clients that show a change in activity patterns might need administrative intervention.
SQL Server Reporting Services Integration
Allows you to report on Configuration Manager activity using SQL Reporting Services.
Forefront Client security integration
Microsoft Forefront™ Client Security provides unified virus and spyware protection for business desktops, laptops, and server operating systems. Administrators can use desired configuration management to monitor the Client Security agent on clients managed by Microsoft System Center Configuration Manager 2007 R2 sites.
*************************************************************************************************
Anyway at this point you usually get a tutorial from me on how to go about getting this done. But in all honesty I am just to busy at the moment to put together my normal docs for this. I posted to the MYITFORUM SMS/SCCM list and asked for assistance, specifically with the Reporting Services since for now that seems like the tool I am going to be using.
Here is what I was given:
Before installing R2 you will need to have the following installed:
- SCCM 2007 SP1
- SQL 2005 (recommend SP3)
- SQL 2005 Reporting services
- Note you can use SQL 2008
The R2 install is your typical MS install so just follow the onscreen prompts to install it.
The blog by Michael Wiles is very similar to how I would have put things together so I'm just going to point you to his blog to setup Reporting Services .(link below)
SRS in SCCM 2007 R2 setup
http://blogs.technet.com/mwiles/archive/2009/02/19/east-setup-of-srs-with-config-manager-r2.aspx
and this TechNet article
How to Configure Microsoft SQL Server for SQL Reporting Services
http://technet.microsoft.com/en-us/library/cc512033.aspx
Good Luck,
Chris Stauffer <><
Problem
We where seeing a 1909 error on 2 of our sites. In the Sender.log we were getting the following error:
Site XXX added to list of busy sites.
No (more) send requests found to process.
Waiting for new/rescheduled send requests, Maximum Sleep Time = 60 minutes
There is no existing connection, Win32 error = 1909
There is no existing connection, Win32 error = 1909
Error during connection to \\SCCMServername\SMS_Site (1909).
Operation is retryable.
Cannot connect to server SCCMServername at remote site XXX, won't try send requests going to site EN1 for an hour or until there are no active send requests.
There is no existing connection, Win32 error = 1909
There is no existing connection, Win32 error = 1909
Error during connection to \\SCCMServername\SMS_Site (1909).
Operation is retryable. SMS_LAN_SENDER
Sleeping for 1 minutes before retrying
Error code 1909 means:
The referenced account is currently locked out and may not be logged on to.
Source: Windows
The problem was that we where not seeing any account lockout.
This error was caused because the Enterprise Client – Member Server Baseline template was applied to the child sites but it was not applied to the Central site.
One of the setting that is changed by the template cause this error.
The setting Network security: Lan Manager authentication level default is version 1 “Send NTLM response only”. The template changes it to “Send NTLMv2 response only”.
Version 2 does not accept authentication from version 1 so after a few tries to connect, the system was locking out the account. Then the policy was unlocking the account and then the next time SCCM tried to connect again it would lock out again (endless lock and unlock loop). If you were not watching the accounts you would never even see that the lockout was occurring so it looked like we were receiving a false 1909 error.
Solution
Set all of the servers to the same setting. Either reset all servers to default or change all the servers to Send NTLMv2 response only.
More Info on Setting
More info on the setting can be found here http://support.microsoft.com/kb/823659
This startup script is almost identical to the Health Check script that I released last year. The main difference is that I removed the advertisement check because that was for the Client Health check task.
I also added a section that will check for the device type and install a different account if the system is a server or a desktop.
Let me know how it works for you. we have been using it here in production since October without issue.
Chris Stauffer <><
PS: as previously noted credit is given to the original scripter's.
'===================================================================
'
' NAME: SCCM_Client_Health_Check
'
' AUTHOR: Chris Stauffer, Commonwealth Of Pennsylvania
' DATE : 2/9/2009
'
' COMMENT: Version 1.3
'
' 1.0 - all features enabled
' 1.1 - additional Credit Given
' - Minor error in one of the email functions was fixed.
' 1.2 - Script was modified to run as a Startup script
' - Email Function was disabled
' - If SCCM Reg key is missing it will now trigger a client install
' - Client install source points to the SCCM Site Share SMS_(Sitecode)\Client\CCMSetup.exe
' 1.3 - Removed Advertisement check that was used in original healthcheck advertisement script.
'
' Features To be added:
' - Do we actually need arguments For client install since they should be In AD If site Is constructed properly
' - WMI Solution
'
'*********************************************************************************************
'*********************************************************************************************
' Special Thanks to:
' 1E And Richard Threlkeld For the original Health Check tool
' David Turner For cache expander Function
' DudeWorks For script functions from their original Health Check scripts
' Sherry Kissinger For Error checking And Function editing
' Authors of SMS 2003 Recipes (a must have book For any SMS admin)
' My beta testers. I've been asked by some to not mention there names so I will not.
' The rest know who they are and I will gladly give them recognition if they want it.
' The guys And gals On the MyITForum MSSMS list For chiming in when needed
' And anybody Else that added their 2 cents :-)
'
'====================================================================
SCCM Client Install in a DMZ
I was asked to install the SCCM client in a DMZ scenario. I had notes that someone on the MyITForum SMS list put together for SMS 2003 (sorry I don’t know who wrote them or I would give credit). The problem is that SMS only needs the ccmsetup.exe file to install the client. In SCCM there are a lot more files involved. So I was getting error code (5) access denied on the install in the ccmsetup.log file after the CCMSetup.exe downloaded and it went back for BITS.
Successfully started the ccmsetup service
Deleted file C:\WINDOWS\system32\ccmsetup\ccmsetup.exe.download
All other instances of ccmsetup have completed.
Downloading file i386\BITS25\WindowsServer2003-KB923845-x86-ENU.exe
Determining source location...
Source \\spqdhq1m02.psp.lcl\sccm_client is inaccessible (5)
Failed to find accessible source. Waiting for retry.
Next retry in 10 minute(s)...
After talking with Rick Jones I came to the conclusion that it would be easier to copy all of the files needed to a location on the local machine then use the source switch to execute the install.
So what I did was create an SMS installer that will create the needed LMHOSTS and HOSTS file changes that are needed (see below notes) so the client can find the server and then copy all of the files needed to install the client.
I attached a copy of the IPF to this post so it should contain everything that you will need to get the client installed in your DMZ.
Make sure that you edit the variables for your environment then compile the IPF.
You can execute the file on the needed machine and you are all set.
Additional notes:
In order for the client to find the server without a wins or DNS or AD structure the following changes will need to be made to the LMHOSTS file and the Hosts file
Client Configuration
LMHOSTS file:
Add the SMS information to an LMHOSTS file, which you can copy to each client. Use the following as a guide (WS03DC01 is the SMS server name):
192.168.1.61 ws03dc01 #PRE
192.168.1.61 "SMS_SLP \0x1A" #PRE
192.168.1.61 "SMS_MP \0x1A" #PRE
192.168.1.61 "SMS_NLB \0x1A" #PRE
# "12345678901234567890"
(note that there are 20 characters between the quote marks on each line, and the last line is just to help with spacing – it is not needed)
HOSTS file:
Add the SMS information to an HOSTS file, which you can copy to each client. Use the following as a guide (WS03DC01 is the SMS server name):
192.168.1.61 ws03dc01.domain.lcl ws03dc01