Jeff Gilbert's Web blog at myITforum.com

This posting is provided "AS IS" with no warranties, and confers no rights :-)

March 2008 - Posts

Testing management points the Configuration Manager 2007 way

 

Testing management point connectivity is just one of those things that SMS/ConfigMgr admins need to do on a regular basis. You can always peruse the mpcontrol.log to check management point health, but to make it easier, the product team has provided some handy test urls that can be used instead of reviewing the mpcontrol.log all the time.

Using the management point test urls is a pretty old tip. It's documented in a ton of places including the SMS 2003 FAQ, the Configuration Manager 2007 documentation, and a myriad of other Web locations. However, there is a catch when using these test urls in Configuration Manager sites that may not seem obvious at first and is a change from SMS 2003 behavior. I noticed this while working on something in my lab so I figured it would be a good tip to pass along.

When testing management point connectivity in SMS 2003 sites, you just open up a Web browser instance and go to: http://<ManagementPointName>/sms_mp/.sms_aut?mplist. If all is well with the management point you will see:

 

 

 

 

(Yes, I know there's nothing there...that's a good thing for SMS 2003 sites and what you should see if the management point is responding to http requests Big Smile)

In Configuration Manager sites, you actually do see something when you browse to the test urls and Don Hite has done a nice job documenting some of that behavior in his blog already.

So, in SMS 2003 sites, seeing nothing is good and something (IIS errors) is bad. In Configuration Manager sites, seeing something is good and nothing (IIS errors) is bad...that sounded a lot clearer in my head.

Anyway, moving on. If you browse to that mplist url while checking management point communication in a Configuration Manager 2007 site, you will see something like:

Two management points!

Notice anything odd there? You entered the url to test one management point and Viola! all the management points in the site appeared. So, you may think to yourself, "Wow! Now I only need to check one test url to verify all the management points are working and all must be good with all of the management points displayed" so now you can stop checking right? WRONG!!!

When using the mplist test url, you much change it each time to verify that the management point defined by <ManagementPointName> is online and functioning properly. This is because, when the management point test url is queried, it connects to the site database and retrieves a list of management points and displays them. It does not connect to each management point listed in the query results displayed. Don't believe me? Check this out (and no I won't tell you what database table I'm altering here!):

Extra mp?!

So now you know that you need to test each management point individually right? Now, lets talk about what generally happens when you don't see what you're supposed to see displayed when using the test url.

DB is off!

Oops. IIS 500 error. In general, IIS 500 errors are telling you that something has gone wonky with the site database or access permissions to it for the management point computer.

IIS is off!

Uh-oh. IIS 404 error. IIS is taking a nap or has become completely catawompus for some other reason.

Those are just a couple of quick examples of failed management point communication and are generally the most frequently seen so I added them to this post. The main reason for my posting this blog entry is not to fully discuss management point failure conditions, but rather just to let you know that even though you see multiple management point computers returned by the mplist test url, you definitely still need to check each management point individually.

 

Hope this helps,

~Jeff

 

 

Posted Sunday, March 16, 2008 9:48 PM by jgilbert | 2 comment(s)

Filed under:

The Configuration Manager 2007 SDK has shipped!!!

 

At long last, the Configuration Manager 2007 SDK has shipped! This is really a great release and the product of a lot of hard work by only a few SDK writers.

 

Some stats that compare this release to the SMS 2003 SDK release that may surprise you:

 

  Configuration Manager SMS 2003
Words 1,136,512 396,803
Topics
Conceptual/non-managed 1,840
Managed 2,362
Total 4,202
Conceptual/non managed 670
Managed 1,902
Total 2,572
Code Snippets 470 200
 

Considering that there were 8+ years of work in the SMS 2003 SDK and the Configuration Manager 2007 SDK is the result of only the last 1.5 years, I think these guys did an amazing job Big Smile

 

Oh yeah, in case you're wondering how to get it, here you go: http://go.microsoft.com/fwlink/?LinkId=113689 .

 

Happy coding,

 

~Jeff

 

 

Posted Sunday, March 16, 2008 9:09 PM by jgilbert | 2 comment(s)

Filed under: , ,

How Asset Intelligence installed software inventory information is collected

For those interested in figuring out how Asset Intelligence inventories information about the installed software found on clients...here you go:

How and where is AI data collected on the client 
 

~Jeff

Posted Sunday, March 16, 2008 9:04 PM by jgilbert | with no comments

Asset Intelligence role-based management capabilities in Configuration Manager 2007 SP1
Changes to the Asset Intelligence feature in Configuration Manager 2007 SP1 (Asset Intelligence 1.5) have enhanced the inventory and management capabilities of previous releases to better identify and manage hardware, software, and software licenses in use by Configuration Manager clients throughout the enterprise.

The enhancements made enable administrators to more easily, and more accurately, inventory and manage hardware assets and the software in use by Configuration Manager 2007 clients as well as import, view, and manage purchased software license information (both Microsoft and non-Microsoft). The Asset Intelligence catalog has been expanded to contain categorization and identification information for over approximately 300,000 (probably more) software titles and versions and the hardware requirements information for many software titles found in today's IT environments. The ability to customize the Asset Intelligence catalog with additional software categorization and hardware requirement information has also been added. By providing access to this essential information, Asset Intelligence 1.5 makes it easier for administrators and asset managers to more effectively plan for upgrades, migrations, and software license compliance reporting.

So, the question is how do administrators make this information available to asset managers without allowing them too much control over the actual configuration of the site and site settings?
The answer: role-based access security for Asset Intelligence information stored in the site database Smile

In Asset Intelligence 1.5, there are now two user role types that can be used to manage access and security permissions for Asset Intelligence catalog information: Administrator and Asset Manager.

  • Members of the Asset Intelligence Administrator security role have full control permissions over catalog data and the Asset Intelligence feature set as a whole.
  • Members of the Asset Intelligence Asset Manager security role have permissions to run reports, change or create software categories and families as well as access to the Asset Intelligence Configuration Manager console home page information. Members of the asset manager role can view catalog data and categorize it to a certain extent, but otherwise have no control over the configuration or management of the Asset Intelligence feature.

For more information about these roles check out this forum post:
Security access based on role in AI 1.5

Additional information about these roles, and how to configure them, will be in the next documentation release as well.

~Jeff

Posted Sunday, March 16, 2008 8:33 PM by jgilbert | with no comments

Filed under: ,