Schuff at myITforum.com

SCCM OSD - Install Packages Failing?

I just wanted to blog this down real quick since it was fresh in memory.

Troubleshooting a deployment issue from the SMS Email distribution list; we were attempting to solve why an SCCM/MDT deployment was not installing the packages as listed in the task Install Software in the task sequence, with the base variable of PACKAGES.

Well come to find out, the package's programs in SCCM were not configured to allow them to be used in the task sequence without the use of an advertisement. You can find and enable this feature within the programs properties as shown here:

If you do not enable this feature and attempt to install packages from SCCM via the Install Software task you may see something like this error in your SMSTS.LOG file

Thanks to Todd Hemsell for sharing the error code and Michael Niehaus for pointing out the potential problem based on this error code!

P.S See Michael's post here for a more in-depth look at this process and a script for changing all your existing programs to have this feature enabled:

http://blogs.technet.com/mniehaus/archive/2008/05/08/using-the-configmgr-2007-install-software-step-to-install-a-dynamic-list-of-packages.aspx

How to Configure Windows Server 2008 for Site System Roles

Here is a blurb I actually found on the Microsoft TechNet forums as I was searching for answers to my Windows 2008/SCCM SP1 RC Lab issues and I thought it was worth repeating again here for those in the same boat.

Here is the blurb from the help information that will be in the RTM release of SP1.

Topics referencing Configuration Manager 2007 SP1 and Configuration Manager 2007 R2 are pre-release documentation and are subject to change in future releases. Blank topics are included as placeholders.

Topic last updated—March 2008

Microsoft System Center Configuration Manager 2007 requires the WebDAV component to be installed and enabled on the management points and BITS-enabled distribution points. The WebDAV component is not included in Windows Server 2008 operating system.

Note

The information in this topic applies only to Configuration Manager 2007 SP1.

You must download, install, and configure WebDAV manually on management points and BITS-enabled distribution points running Windows Server 2008. On BITS-enabled distribution points, you might also have to edit the requestFiltering section of the applicationHost.config file if your packages contain extensions that are blocked.

Important

Enabling WebDAV and modifying the requestFiltering section for the Web site increases the attack surface of the computer. Enable WebDAV only when required for management points and BITS-enabled distribution points. If you enable WebDAV on the default Web site, it is enabled for all applications using the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. 

Site servers and branch distribution points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison. RDC is not installed by default on computers running Windows Server 2008.

Reporting points running Windows Server 2008 require ASP.NET with Windows Authentication to be enabled.

To install and configure WebDAV for BITS-enabled distribution points and management points

1. In Server Manager, on the Features node, start the Add Features Wizard.
   • On the Select Features page, select BITS Server Extensions.
   • When prompted, click Add Required Role Services to add the dependent components, including the Web Server (IIS) role.
   • On the Select Features page, select Remote Differential Compression, and then click Next.
   • On the Web Server (IIS) page, click Next.
   • On the Select Role Services page, under IIS 6 Management Compatibility, select IIS 6 WMI Compatibility.
   • Under Application Development, select ASP.NET and, when prompted, click Add Required Role Services to add the dependent components.
   • Under Security, select Windows Authentication, and then click Next.
   • On the Confirmation page, click Install, and then complete the rest of the wizard.
2. Download the x86 or x64 version of WebDAV at http://go.microsoft.com/fwlink/?LinkId=108052.
3. Run either webdav_x86_golive.msi or webdav_x64_golive.msi, depending on your processor.
4. Enable WebDAV and create an Authoring Rule, as follows:
   • Open Internet Information Services (IIS) Manager.
   • In the Connections pane, expand the Sites node in the tree, and then click SMSWEB if you are using a custom Web site or click Default Web Site if you are using the default Web site for the site system.
   • In the Features View, double-click WebDAV Authoring Rules.
   • When the WebDAV Authoring Rules page is displayed, in the Actions pane, click Enable WebDAV.
   • After WebDAV has been enabled, in the Actions pane, click Add Authoring Rule.
   • In the Add Authoring Rule dialog box, under Allow access to, click All content.
   • Under Allow access to this content to, click All users.
   • Under Permissions, click Read, and then click OK.
5. Change the property behavior as follows:
   • In the WebDAV Authoring Rules page, in the Actions pane, click WebDAV Settings.
   • In the WebDAV Settings page, under Property Behavior, set Allow anonymous property queries to True.
   • Set Allow Custom Properties to False.
   • Set Allow property queries with infinite depth to True.
   • If this is a BITS-enabled distribution point, under WebDAV Behavior, set Allow access to hidden files to True.

Important

Allow access to hidden files is not required for management points and should not be configured.

• In the Action pane, click Apply.
1. Close Internet Information Services (IIS) Manager.
2. Verify that there are no error messages for the distribution point or management point role, as follows:
   • In the Configuration Manager console, navigate to System Center Configuration Manager / System Status / Site Status / <site code> - <site server> / Site System Status.
   • Check the status of the management point and distribution point roles.
   • If you see any errors, right-click the role, click Show Messages, and then click All to see more detail.

To modify the requestFiltering section on BITS-enabled distribution points

1. On the BITS-enabled distribution points, open %windir%\System32\inetsrv\config\applicationHost.config.
2. Search for the <requestFiltering> section.
3. Determine the file extensions that you will have in the packages on that distribution point. For each file extension that you require, change allowed to true.
4. For example, if your package will contain a file with an .mdb extension, change the line <add fileExtension=".mdb" allowed="false" /> to <add fileExtension=".mdb" allowed="true" />.

Important

Allow only the file extensions required for your packages.

1. Save and close applicationHost.config.

To add Remote Differential Compression to site servers and branch distribution points

1. In Server Manager, on the Features node, start the Add Features Wizard.
2. On the Select Features page, select Remote Differential Compression, and then click Next.
3. Complete the rest of the wizard.

To enable ASP.NET and Windows Authentication on the reporting point

1. In Server Manager, on the Roles node, start the Add Roles Wizard.
2. On the Select Server Roles page, select Web Server (IIS).
3. When prompted, click Add Required Role Services to add the dependent components.
4. On the Select Server Roles page, click Next.
5. Under Application Development, select ASP.NET and, when prompted, click Add Required Role Services to add the dependent components.
6. Under Security, select Windows Authentication, and then click Next.
7. On the Confirmation page, click Install, and then complete the rest of the wizard.

SCCM PXE Service Point & WDS

I don't know if anyone else has ran into issues setting up the PSP on your SCCM box or WDS box but I can tell you it is very touchy to failure if not done right.  On our WDS server I already had went in through the WDS console to configure WDS.  Well most people may tell you that is a no no when it comes to setting up PSP on that server.  Needless to say I was getting all kinds of different event errors about WDS service not starting, PXE service not starting, pxemsi installer not seeming to finish according to the pxeMSI.log file.

After all said and done here are the steps I followed after encountering issues:

1. Remove PXE Service Point from WDS Server
2. Remove WDS Installation from Server (via Add/Remove Components)
3. Reboot
4. Install WDS Component (via Add/Remove Components)
5. Reboot
6. Do NOT attempt to open or configure WDS from the installed WDS Administrative Tool.
7. Add PXE Service Point as a role via the ConfigMgr console to the WDS Server.
8. Watch the logs and see success.

This seemed to have cleared things up for me and hopefully may help someone else out there that is having troubles playing with the PSP Role and WDS.

Using SCCM discovery to filter collections by AD Activity

Those of you that are using the Enhanced System Discovery Tool are already familiar with this procedure.  But what if you don't have ESD but do indeed have SCCM deployed? You can still pull this attribute into ConfigMgr and then use it throughout your queries and collections.

The first thing you will need to do is modify your AD System Discovery properties to include the whenChanged attribute.  This can be found under the Active Directory attribute.

Once you have added this attribute you will want to select the Polling Schedule tab and checkbox the Run discovery as soon as possible if you want the new data for the whenChanged attribute to start showing up right away.  Keep in mind this will increase system activity during this activity.

And to verify that it is indeed collecting it you can click on properties on a resource in the All Systems collection and browse through the data discovery data to see the new whenChanged property as well as its value as shown to the right.  The values may take awhile as your System Discovery runs and you may also discovery many Null values as well.

Now that you have your new whenChanged property being populated into ConfigMgr you will simply need to create a query to utilize this data for your own benefit. Here is an example of a query that displays all machines that have an AD Activity Greater than 28 Days (Using whenChanged property):

select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System   where (DateDiff(day, whenChanged, GetDate()) > 28)

Now simply add that query into one of your collections and you can use the collection as a targeting or clean collection or how ever you prefer to use it.

P.S.  Once you paste this query statement into the query language window you will not be able to go back to the Show Query Design window as the DateDiff function is not supported in that view.  It has no effect on the query or results though.