Jeff Gilbert's Web blog at myITforum.com

This posting is provided "AS IS" with no warranties, and confers no rights :-)

October 2007 - Posts

Common Asset Intelligence Questions and Answers

Here are some common questions and answers from the Asset Intelligence TechNet Forum:

 

What's new in SCCM 2007 wrt Asset Intelligence  

Coming Soon: Asset Intelligence 1.5  

Exchange 2007 not shown in license ledger report  

New post SP3 hotfix roll-up package has several AI 1.0 fixes   

Updates to the Asset Intelligence catalog (SMS 2003 SP3 and SCCM ...  

Sizing, performance when enabling Asset Intelligence  

Which version of SQL is installed  

If you haven't started using the Configuration Manager TechNet forums, they're definately one of the easiest ways to get a direct line to the product team. The above links are to the Asset Intelligence forum, but there are a lot of these type of forums dedicated to System Center Configuration Manager 2007 (including the documentation) at: http://forums.microsoft.com/TechNet/default.aspx?ForumGroupID=488&SiteID=17

Hope this helps!

~Jeff

Posted Wednesday, October 17, 2007 9:08 PM by jgilbert | 2 comment(s)

Filed under: ,

Configuring SPN's for SQL Server Named Instances Used to Host the Configuration Manager Site Database

In Configuration Manager 2007, it is supported to install the site database on a SQL Server named instance and not just the default instance as it was in SMS 2003. Regardless of whether or not you use the default or a named instance of SQL Server to host the site database, a Service Principal Name (SPN) must be registered for the SQL Server service account in Active Directory to enable Kerberos authentication.

When the SQL Server service account is configured to use the local system account, the server will automatically publish the SPN for you. However, a SQL Server best practice is to change the startup account from local system to a domain user account to better secure the SQL Server instance. If you're using a domain user account to run the SQL Server service, you have to manually create the SPN for the account in Active Directory. Once created, you can view the SPNs registered using an ADSIEdit console.

Note: To use the SetSPN utility, or to open an ADSIEdit MMC console, you must first install the Microsoft Windows Server support tools. These tools are included in the support tools folder on both Windows 2000 Server and Windows Server 2003 CDs. To install the Windows Server support tools, navigate to \SUPPORT\TOOLS\ on the server's installation CD and run suptools.msi.

To register the SPN for the domain user account in Active Directory for the default instance of SQL Server (assuming you haven't changed the port it is listening on) you can use the following syntax:

Setspn -A MSSQLSvc/<SQL Server name>:1433 <domain>\<user>

The trick here is that you have to do this twice. You need to register the SPN for both the SQL Server computer's NetBIOS name and FQDN to allow Setup to succeed and for the site to operate properly after it is installed.

When using a SQL Server named instance to host the site database, and using a domain user account as its start up account, you must register the SPN for the named instance in Active Directory. When registering the SPN for a SQL Server named instance, the syntax is the same as creating one for the default instance--the named instance is detected by the port number it responds to and is not specified as part of the SQL Server name (just like IIS and the default Web site, you can't use the same port that the default instance uses for a named instance of SQL Server).

So, the command to register the SPN for the domain user account running a named instance using port 1400 (1400 is just a random port I picked out of my head, not a recommendation) would be:

Setspn -A MSSQLSvc/<SQL Server name>:1400 <domain>\<user>

Once again, you have to do this twice, once for the SQL Server's NetBIOS name and once for the SQL Server's FQDN.

Troubleshooting Tips
There is a known issue when running the stand-alone prerequisite checker on named instances in case you see an error when running that that says you must specify a valid NetBIOS host name. To test the named instance before beginning the install, you can use the Setup command line:

Setup /Prereq /Pri /SQL <SQL Server Name\Instance Name>

Also, when running Setup to install the site database on a remote SQL Server named instance, the SQL Server browser service must be running when Setup goes looking to validate it or else Setup will fail.

 

Posted Thursday, October 11, 2007 7:43 PM by jgilbert | 2 comment(s)

Filed under:

Using ITMU in Configuration Manager Sites

I'm not really very deep technically on software updates, but a question about using ITMU with Configurarion Manager came up and so I went to the source of all software updates knowledge: Doug Eby, the software updates writer for Configuration Manager, and he has enlightened me/us about this subject:

ITMU is only for SMS 2003 clients in the hierarchy.  You have to upgrade to the Configuration Manager version of the ITMU on the central site in order to create software update deployments for SMS 2003 clients assigned to Configuration Manager sites (or SMS 2003 clients assigned to SMS 2003 child sites of the Configuration Manager site).  When all SMS 2003 clients have been upgraded to the ConfigMgr client, you can remove ITMU from the environment.

In other words, if you're using ITMU in a Configuration Manager site to support assigned SMS 2003 clients, you'll need to install, configure, and synchronize the active software update point before upgrading clients--the ConfigMgr software updates client agent ignores the results it if the scan source is ITMU. After the software updates client agent is installed on upgraded clients it will scan for software updates compliance and then you can deploy software updates to them using the ConfigMgr software updates methods.

During the upgrade, ITMU should automatically be upgraded if it is detected AND if there are no other installations of ITMU higher in the hierarchy. Once the upgrade completes, synchronization will automatically occur, and then the client will be updated with the new scan package. So, unless the upgrade fails, you shouldn't have to do anything to upgrade the ITMU components.

So, to me it looks like if you're using ITMU to patch clients in an SMS 2003 site, and you're going to upgrade the site to Configuration Manager, then you need to leave ITMU installed during the upgrade and allow the previous ITMU installation/client scan tools to be upgraded to the ConfigMgr ITMU version. Next, install and configure WSUS/active software update point before beginning the client upgrade process to maintain software update compliance.

Hope this helps!

Posted Thursday, October 11, 2007 7:42 PM by jgilbert | with no comments

Filed under: