July 2008 - Posts

• Sccm, Scom, Remote SQL 2005 & the Windows server 2008 firewall

  Hi All, Let's start by saying that this blog post is probably more OpsMgr related, but all topics are valid for a remote SQL Install for Sms, SCCM or any of the other System center products, so I guess it's still ok to post it here. Look, I am not all that good with popular quotes, never seem to be able to remember them just right. But this is one of them that I have never had trouble remembering. "It is all fun and games until someone throws a firewall into the mix".   Not sure who the quote is from, but I am pretty sure he was refering to my lab environment. Yesterday, I redeployed my Opsmgr 2007 environment, to test the installation on windows server 2008. I figured, install a new sql server on 2008 on one machine, then install opsmgr 2007 on another, shouldn't take more than a single evening. I'll start rolling out agents and importing management packs the day after. Seemed like a plan at the time.   So I installed Asp.net, powershell, IIS, the II6 compatability tools in short all the requirements to install SQL 2005 reporting services on a Windows Server 2008 as listed here: http://support.microsoft.com/kb/934164 Then I installed SQL 2005, the database engine and a default install of SQL reporting services, followed by applying SP2. Next, I installed the Scom database, no problem at all, I am on a role here.   Then I started the management server and console install on the remote box. Err. The root management server complained that it couldn't find the database. I splapped myself on the forehead, sure you silly you still need to enable The Tcp/ip protocol in the SQL Server configuration. I checked, and found that Tcp/ip was already enabled as a listening protocol. Hum, strange, opened a dos box, and ran netstat -a -n -p tcp to see whether my sql box was listening on port 1433. Lo and behold, it wasn't. You see, I know it was something like that. Still took me a while to figure out that my SQL Server, which was running in a specific named instance was listening on dynamic ports. (If anyone knows how that could have happened just let me know). Now, I wasn't going to let something silly as that stand between me and my plan, so I configured the SQL tcp/ip protocol for this instance to listen on port 1433, and restarted the SQL Server service as listed here: http://msdn.microsoft.com/en-us/library/ms177440(SQL.100).aspx I subsequently ran netstat -a -n -p tcp again and tada, the server was listening fine on port 1433.   Back to the original task at hand install the OpsMgr management server. Err. Database still not found, ok, I am getting fed up with this, I download microsoft's portqry tool, and verified whether I could access port 1433 from the remote machine. The portqry -n sqlserver01-e 1433 came back with a response of Filtered. Another slap on the forehead, you nitwit, you have the Windows Server 2008 firewall running. So I went to the Sql box, and decided NOT to disable the firewall but to configure it to open port 1433, as described here: http://msdn.microsoft.com/en-us/library/ms175043(SQL.100).aspx Once done, I ran my portqry again, and it showed up as listening, great, we're back on track.   I launched the Opsmgr management server installation again, and the darn thing failed on me again. Luckily for me the log file came around telling me that a custom action in the msi had close the handle to soon, and that it should be configured not to do that. _SetRootHealthService_Wizard unexpectedly closed the hInstall handle was the error message at hand. So after telling the setRootHealthService_Wizard that it wasn't allowed to close the handle so soon, or that I would put it in the naughty corner, I retried the installation.   Apparently my authority, that still works on my 3-Year old soon, didn't impress the setroothealthservice_wizard. In a illuminated attempt to still get this to work I went back to the Sql server box and configured the firewall to log dropped packets. Retried the installation again, which obviously failed, and went back to analyze the windows server 2008 firewall log on the sql box. This revealed dropped packets on udp port 1434. Oh, now that's easy enough to fix, let's just open that port and we're set. Erm wait a minute, I thought all sql database engine communication went over tcp port 1433, what's up with this 1434 udp port all of a sudden.   Great after having this miracle idea of deploying sql on a box with the firewall still running, I'll have curiousity kick in, this is going to set back my planning on this a couple of hours, or at least that's what I thought, but Live search and Sql Magazine to the rescue the udp port 1434 reportedly is needed to access a named instance: http://www.sqlmag.com/Article/ArticleID/39447/sql_server_39447.html   Now, that I had settled my curiousity, I was free to open udp port 1434 in the SQL Server firewall, and retry the opsmgr root management server installation, and kadadzing the install completed with success.   -- Enjoy. "Everyone is an expert at something" Kim Oppalfens - Sms Expert for lack of any other expertise Windows Server System MVP - SMS http://www.scug.be/blogs/sccm/default.aspx http://www.linkedin.com/in/kimoppalfens Posted Jul 29 2008, 03:49 PM by SCUG.be Filed under: smsv4, Operations Manager 2007, SCCM 2007, sms v4, configmgr2007, sccm2007, Configmgr 2007, SMS, Opsmgr 2007, SCOM 2007, MOM, Sms 2003

• Windows 2008 Management Packs released

  The Management Packs for Windows 2008 has finally been released!   Windows Server Operating System Management Pack The Windows Server Operating System Management Pack consists of the following five management packs: Microsoft Windows Server Library, Microsoft Windows Server 2008 Discovery, Microsoft Windows Server 2008 Monitoring, Microsoft Windows Server 2003, and Microsoft Windows 2000 Server. The Microsoft Windows Server management packs monitor the performance, health, and availability of Windows Server 2008, Windows Server 2003, and Windows 2000 Server. Terminal Services Management Pack for Operations Manager 2007 The following additional role services are used in conjunction with Windows Server 2008: TS Web Access: With Terminal Services Web Access (TS Web Access), users can access RemoteApp programs and a Remote Desktop connection to the terminal server through a Web site. TS Web Access also includes Remote Desktop Web Connection, with which users can remotely connect to any computer where they have Remote Desktop access. TS Gateway: With Terminal Services Gateway (TS Gateway), authorized remote users can connect to resources on an internal corporate network from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. TS Session Broker: Terminal Services Session Broker (TS Session Broker) supports session load balancing between terminal servers in a farm and reconnection to an existing session in a load-balanced terminal server farm. Note: In Windows Server 2008, the name of the Terminal Services Session Directory feature was changed to Terminal Services Session Broker (TS Session Broker). When there is problem with the availability or performance of one of these components, Microsoft System Center Operations Manager 2007 uses the Terminal Services Management Pack to detect the issue and alert you so that you can diagnose the problem and fix it. Windows Server 2008 Application Server Management Pack for System Center OpsMgr 2007 The Windows Server 2008 Application Server Management Pack includes monitors, rules, views, tasks, knowledge, and reports for the monitoring of Application Server included in the Windows Server 2008 operating system. It provides a knowledge base of useful information to help administrators resolve an issue when the Application Server role becomes unhealthy. With this management pack, Information Technology (IT) administrators can collect the events that the components of the Application Server role place in the Windows Server 2008 event logs. This management pack highlights events that might indicate possible service outages or configuration problems so that you can quickly take corrective or preventive actions, simplifying administrative tasks and reducing IT costs. Microsoft Windows Key Management Service MP for SC OpsMgr 2007 The Key Management Service is used to activate computers running Windows Vista and Windows Server 2008. Each activation request is logged on the KMS host. The KMS Management Pack collects data from the event logs of defined KMS hosts, and monitors those hosts for availability. This monitoring provides visibility into the activation traffic and the license status of volume activation clients on the network.   Greetz, ALkin Posted Jul 28 2008, 08:56 AM by SCUG.be Filed under: Operations Manager 2007, scom, opsmgr, Management Pack

• File System Management Pack

  Another winner of the System Center Contest is Jaime Correia who submitted the file system Management Pack. With this Management pack you can monitor File count file count by extension file extension modified file modified in X time file size Folder Size   The MP also includes a very detailled mp guide!   Thx Jaime! Posted Jul 26 2008, 04:40 AM by SCUG.be Filed under: Operations Manager 2007, scom, opsmgr, Management Pack

• SCOM Remote Maintenance Mode Scheduler v1.7

  Tim McFadden has written a great GUI based tool so you can easily schedule maintenance mode for a server or group of servers!   http://www.scom2k7.com/downloads/SCOMRemoteScheduler1.7.zip   This tool is so easy to use that now even my grandmother can put servers in maintenance mode! :-) This tool is the Third category winner of the system center solutions contenst.   Thx Tim! Greetz, Alkin Posted Jul 26 2008, 04:33 AM by SCUG.be Filed under: Operations Manager 2007, scom, opsmgr

• Customize the Sccm 2007 console with additional actions

  One of the customization steps no Configmgr administrator should be without, is a set of additional right-click actions. My personal favorite set, is the set from Rick Houchins, which you can find here: http://myitforum.com/cs2/blogs/rhouchins/archive/2008/04/09/sccm-right-click-tools.aspx After you launch the install you need to choose between a server or workstation install If you install the tools on the server, than the rest is simple next, next finish-follow the wizard stuff. If you install the tools on a workstation than you still need to fill out the Site code, Site server and management point.   Once installed you will see the configmgr console tools installed in the Add/remove programs control panel snap-in O On the configmgr console you will see a couple of new actions availabe: You can find these additional actions in the following spots: On Each collection in the tree & details pane On each collection member in the details pane On advertisement instances in the details pane On the Software updates nade in the tree & details pane   These tools can make the life of any sms admin a whole lot easier.   This concludes yet another step in customizing the sccm admin console. Stay tuned, for the next post when we start doing the customization deep dive. -- Enjoy. "Everyone is an expert at something" Kim Oppalfens - Sms Expert for lack of any other expertise Windows Server System MVP - SMS http://www.scug.be/blogs/sccm/default.aspx http://www.linkedin.com/in/kimoppalfens Posted Jul 23 2008, 05:39 PM by SCUG.be Filed under: smsv4, SCCM 2007, sms v4, configmgr2007, AdminUi, sccm2007, Configmgr 2007

• Upgrading the Windows AIK before upgrading to Configuration Manager 2007 SP1

  Before beginning the upgrade process to Configuration Manager 2007 SP1, the Windows AIK 1.0 should be uninstalled from the SMS Provider computer for the site to allow SP1 Setup to install Windows AIK 1.1 to support SP1 OSD WIM images. If the Windows AIK 1.0 is not uninstalled prior to beginning SP1 Setup, and a PXE service point is installed in the site running the Windows Deployment Services (WDS) Server service, the upgrade might fail and result in an unexpected restart and post-upgrade SMS Executive service crashes. The following information has been added to the documentation libary for Configuration Manager 2007, but we won't be able to publish it to the Web until we refresh the documentation libary when Configuration Manager 2007 R2 is released. In the meantime, I'm making this post to give you the information that you need to successfully upgrade Configuration Manager 2007 sites to SP1 and troubleshoot an issue that you might encounter.(continue at source) Posted Jul 23 2008, 07:35 AM by SCUG.be Filed under: smsv4, SCCM 2007, sms v4, configmgr2007, sccm2007, Configmgr 2007, migration

• How to find match the GUID to an agent

  Start SQL management Studio, connect to the OperationsManager Database and run the following query Select * from BaseManagedEntity where BaseManagedEntityID = 'first guid in the alert' In our case the query is  Select * from BaseManagedEntity where BaseManagedEntityID = 'D7463D6E-F334-40C3-3A86-C68A77D36BF8 ' Thx to Yann Gainche. Greetz, Alkin Posted Jul 17 2008, 11:23 AM by SCUG.be Filed under: Operations Manager 2007

• Building a custom Configmgr 2007 admin console

  The work that needs to be done in the Configuration manager 2007 admin console is often spread out amongst different team members. Not all of these team members require access to the full admin console. Most environments do configure the permission set in a somewhat restrictive member so that team members only have the permission they need, but what is often forgotten is building a custom minimal admin console with just access to the features people need. This shouldn't be done from a security point of view, the additional security this brings is neglectable, but more from a usability point of view. It makes the admin console easier to use, and avoids access denied errors, or empty detail panes because someone clicks on a heading in the admin console for which he doesn't have permission.   Now how do you build such a custom Configmgr 2007 admin console you might ask. Step 1) You launch mmc.exe Step 2) In the File menu, you select Add/remove snap-in Step 3) Add the system center configuration manager snap-in, and select the "Select console tree items to be loaded (custom)" radio button.   Step 4) Select the console tree items you want Step 5) Click Next, Finish and Ok, below is a screenshot of the tree pane of the custom console I created Step 6) Select "System Center Configuration manager" in the tree pane, right-click it and select "New Window from here" Step 7) In the File menu select options Step 8) Name your console "Custom Configmgr admin console" Step 9) In the console mode select "User mode - Limited access, single window" Step 10) Clear the checkbox for "Allow the user to customize view" Step 11) Tick the checkbox for "Do not save changes to this console" Step 12) In the file menu save your snap-in Step 13) In the prompt about multiple windows being open click "Yes" Step 14) Launch your customized mmc console and verify whether everything looks according to plans. PS: a similar option was already available in sms.     -- Enjoy.   "Everyone is an expert at something" Kim Oppalfens - Sms Expert for lack of any other expertise Windows Server System MVP - SMS http://www.scug.be/blogs/sccm Posted Jul 16 2008, 05:15 PM by SCUG.be Filed under: smsv4, SCCM 2007, sms v4, configmgr2007, sccm2007, Configmgr 2007, SMS, Sms 2003

• Capturing logs during failed Task Sequence Execution

  Steve Rachui: Every OSD administrator knows the feeling of configuring a complex (or even simple) OSD Deployment, testing and releasing - only to have the deployment fail. At failure, OSD will begin a countdown to reboot and, on restart, the logs are often lost and we administrators are left wondering what went wrong. To find out we have to start the deployment again and spend time waiting for the failure. Wouldn't it be cool if we had a way to automate forcing OSD to collect logs when it fails before exiting? Good news! :) I have spent some time recently working on just how to do that and we have two examples - both use the same approach but one is for generic task sequences (those sent through advertisements,etc) and the other is for OSD deployments. Lets start with the generic one, explain the needed steps and the show how we incorporate that into OSD.(continue at source) Posted Jul 16 2008, 02:25 PM by SCUG.be Filed under: smsv4, SCCM 2007, Configmgr 2007, migration

• SCCM : Vista SP1 Installations Deployed Using Operating System Deployment Cannot Hibernate !

  Issue When the Configuration Manager 2007 operating system deployment feature is used to deploy a Vista SP1 image, a new boot configuration data (BCD) store is created using the BCD template.  Configuration Manager 2007 explicitly creates the Boot Manger and Operating System objects from the BCD template, but allows the Resume object to be created implicitly by Windows Vista when it goes through mini-setup.  Vista SP1 correctly generates the Resume object during mini-setup but the associated Resume settings objects are not generated. Because there are no Resume settings objects, hibernate functionality does not work. Solution To resolve this issue, run the following script on Vista SP1 computers deployed using Configuration Manager 2007 operating system deployment to create the missing Resume settings objects. To run the script type the following at a command prompt cscript.exe /nologo scriptname.vbs This script can be deployed in two scenarios: · Run as part of the Vista SP1 deployment: Incorporate the script into the operating system deployment task sequence as a Run Command Line step once the new operating system is installed.   · Run after Vista SP installation: Incorporate the script into a software distribution package/program and then advertise it to existing computers previously deployed with Vista SP1 using Configuration Manager 2007 SP1.  Code Snippet: ' Connect to WMI set oLocator = CreateObject( "WbemScripting.SWbemLocator" ) set oRootWMI = oLocator.ConnectServer( ".", "root\wmi" ) oRootWMI.Security_.ImpersonationLevel = 3 ' Connect to BCD set oBCD = GetObject( "winmgmts:{impersonationlevel=Impersonate,(Backup,Restore)}!root/wmi:BcdStore") if Err.number <> 0 then     WScript.Echo "ERROR: Failed to connect to BCD"     WScript.Quit(1) end if ' Open the system store if not oBCD.OpenStore( "", oBcdStore ) then     WScript.Echo "ERROR: Failed to open the system BCD store"     WScript.Quit(1) end if set oBCD = nothing const ResumeLoaderSettingsBcdObject = "{1afa9c49-16ab-4a5c-901b-212802da9460}" const GlobalSettingsBcdObject = "{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}" ' Check to see if the {resumeloadersettings} object already exists if oBcdStore.OpenObject( ResumeLoaderSettingsBcdObject, objWBM ) then     WScript.Echo "Resume Loader Settings object already exists in BCD"     WScript.Echo "No changes have been made to the system"     WScript.Quit(1) end if WScript.Echo "Creating new {resumeloadersettings} object..." if not oBcdStore.CreateObject( ResumeLoaderSettingsBcdObject, &h20200004, oResumeSettings) then     WScript.Echo "ERROR: Failed to create the BCD object" end if if not oResumeSettings.SetObjectListElement(&h14000006, Array(GlobalSettingsBcdObject )) then     WScript.Echo "ERROR: Failed to set the Inherit element" end if WScript.Echo "Finished updating BCD" ======== You can read the original post here.  Enjoy! Posted Jul 14 2008, 03:21 PM by SCUG.be Filed under: smsv4, SCCM 2007, Configmgr 2007, migration

• Using Task Sequence Variables to customize deployments by Ronni Pedersen

  Hey Guys , Got this from Ronni Pedersen blog  and look very handy for people dealing with different keyboard/regional settings in a country like belgium. **************************************************************************************************************************************************************************** Living in a non-english speaking country like Denmark, I often have to deal with deploying English versions of Windows XP and/or Windows Vista, with other Regional Settings, Keyboard Settings, Time Zones etc. In the past I've created a VBScript to modify the sysprep.inf or the unattend.xml, after laying down the image on the client. The values were configured with Collection Variables or Computer Variables. The script collected the value during deployment, and replaced the value in the sysprep.inf or unattend.xml file before restarting into mini setup. This year at TechEd in Orlando, I attened a great session on Windows Deployment with Configuration Manager (Part 1 of 4) with Michael Kelly. In this session he showed a demo, where he created a custom variable ("XRes" and "YRes"), and typed the variable direct in sysprep.inf like this: sysprep.inf: [Display] XResolution=%XRes% YResolution=%YRes% This was a simple example, but it gave me a lot of ideas to work with. And as a result of this, I no longer need my "fancy" script to take care of my deployments anymore. This is how I do it now (example): For my Windows XP deployments I've created a sysprep.inf that looks like this: (This can also be done with Windows Vista deployments, but you’ll need to use the unattend.xml and the format should be in XML). sysprep.inf: [GuiUnattend] TimeZone=%LAB_OSDTimeZone% [ResionalSettings] SystemLocale=%LAB_OSDSystemLocale% SystemInput=%LAB_OSDSystemInput% [Display] XResolution=%LAB_OSDXResolution% YResolution=%LAB_OSDYResolution% The sysprep.inf file should be place in a package in order to use it from the task sequence. Click to read the rest  Kenny Buntinx Posted Jul 10 2008, 03:53 PM by SCUG.be Filed under: smsv4, SCCM 2007, sms v4, configmgr2007, sccm2007, Configmgr 2007

• TempDB Free Space % Issue

  I just installed Opsmgr @ one of my clients. Using a default setup. One opsmgr server and one SQL 2005 server. We put the TempDB on a different disk and configured the database as follow: We set a initial fixed size with autogrowth none. Problem now is that opsmgr is complaining about the free space of our tempDB: The value is 0! That was not possible because we just give the TempDB 9gig. So we ran the following query to check ou TempDB size: SELECT SUM(unallocated_extent_page_count) AS [free pages], (SUM(unallocated_extent_page_count)*1.0/128) AS [free space in MB] FROM sys.dm_db_file_space_usage; As you can see we still have 8.9 Gig Free Space for our TempDB!!   So, we figured out that  if you put the TempDB on autogrowth non. The script that checks for DB free space is not working well! The strange thing is that that issue only occure with the TempDB! Opsmgr is not going to complain about the free space of other DB's when you put them on autogrowth yes!   Finally, we put our TempDB on autogrowth: And after a while everything was OK:   Greetz, Alkin   ps: THX Jeroen for assisting me!  Posted Jul 10 2008, 12:14 PM by SCUG.be Filed under: Operations Manager 2007, Issue

• Configuration Manager 2007 R2 hits RC

  The Release Candidate of ConfigMgr 2007 R2 has been posted to the Microsoft Connect site today. SCCM 2007 R2 requires a ConfigMgr 2007 SP1. What does R2 add to ConfigMgr 2007 as an extra : Application Virtualization management support Forefront Client Security Integration SQL Reporting Services Reporting - Allows you to report on Configuration Manager activity using SQL Reporting Services Client Status Reporting Unknown computer support : In Configuration Manager 2007 R2, you can deploy operating systems to computers using a PXE service point without first adding the computer to the Configuration Manager database. Multicast deployment :Previously, all operating system deployments used unicast. Multicast can make more efficient use of network bandwidth when deploying large images to several computers at the same time. Running command lines in task sequences with credentials other than the local system account. Rgds ,  Kenny Buntinx Posted Jul 09 2008, 01:44 PM by SCUG.be Filed under: smsv4, SCCM 2007, Configmgr 2007

• Updating your Virtual Machines and SCVMM to support Hyper-V RTM

  Today I finally found the time to update my demo environment which was still based on Hyper-V RC0 and SCVMM 2008 Beta. I want to share all the steps needed to perform the upgrade and updates. My demo environment consists out of 3 physical servers, one dc and two Hyper-V machines all in the same domain. My SCVMM 2008 Beta is running as a virtual machine on Hyper-V. First of all I’ve deleted all my snapshots and then updated my Hyper-V machines to RTM by installing the KB950050 which is now available...(read more) Posted Jul 09 2008, 12:40 PM by SCUG.be Filed under: SCVMM, Windows Server 2008, Virtualization, Hyper-V, SCVMM 2008

• Making ISA server working with Internet Managed Based Client

  Just to let you know that the ISA Server documentation team has just published How to Configure ISA SSL Bridging for System Center Configuration Manager Internet-Based Client Management.  This article has step-by-step instructions for publishing an Internet-based site system server behind ISA, and using SSL to SSL bridging (also known as symmetric bridging). It lists the requirements for the instructions to be successful, and then takes you through the processes of creating a security group for ISA to use, deploying a client certificate for the Internet-based clients, deploying the certificates for ISA, and configuring ISA for Web publishing on ISA Server 2006.  The appendixes have additional information for how to create a certificate template, the equivalent configuration steps for ISA Server 2004, and how to configure server publishing (SSL tunneling) as an alternative solution to SSL bridging.  Kenny Buntinx Posted Jul 06 2008, 02:46 PM by SCUG.be Filed under: smsv4, SCCM 2007, sms v4, configmgr2007, sccm2007, Configmgr 2007