Installing Software Updates via a Task Sequence in ConfigMgr 2007

I noticed that when your Site is running in Native Mode you can run into problems with installing Software Updates via a Task Sequence. The first time that your are installing your computer with your Task Sequence there are no problems, but every time after that the Task Sequence will finish successful but doesn’t install any Software Updates. It looks like that it will use existing scan results of the client from the previous scan. So when there are already scan results of your client it will not rescan during your Task Sequence. To work around this I use the following scripts (that I run before the step Install Software Updates in the Task Sequence): Initiate Software Updates Scan: http://msdn.microsoft.com/en-us/library/cc144313.aspx actionNameToRun = “Software Updates Assignments …

Read more

How to install the App-V Client with ConfigMgr 2007

In some of my previous posts I mentioned that you still need the App-V Client to run the Virtual Applications. In this post I will tell the easiest way to install the App-V Client with ConfigMgr 2007. A prerequisite for this is that ConfigMgr 2007 SP1 R2 is installed and that the source files of the App-V Client (version 4.5 (CU1)) are available on a network share. For installing the App-V Client with ConfigMgr there is a Package Definition file added by the R2 installation. I would recommend to use this file for installing the App-V Client with ConfigMgr. To do this follow the next steps: Open the Configuration Manager Console and browse to System Center Configuration Manager > Site Database > Computer Management > …

Read more

How to make a Virtual Application stream from a Distribution Point in ConfigMgr 2007

As a follow up on my previous post I will put another short version of a new "guide" that I created for Windowsnoob. This time it is about the settings that are needed to make a Virtual Application stream from a Distribution Point.  A prerequisite for being able to make these settings is that ConfigMgr 2007 SP1 R2 is installed. Keep in mind that even when you are streaming a Virtual Application with ConfigMgr you will still need the App-V Client to run the applications. To stream a Virtual Application from a Distribution Point with ConfigMgr follow the next steps: Open the Configuration Manager Console and browse to System Center Configuration Manager > Site Database > Computer Management > Software Distribution > Advertisements Select an …

Read more

How to make ConfigMgr 2007 ready to advertise and stream Virtual Applications

In this post I will put a short version of the “guide” that I made for Windows-Noob about the settings that are needed to be able to advertise and stream Virtual Applications. A prerequisite for being able to make these settings is that ConfigMgr 2007 SP1 R2 is installed. Keep in mind that even when you have ConfigMgr configured for Virtual Applications you will still need the App-V Client to run the applications. To be able advertise Virtual Applications the Advertised Programs Client Agent has to be enabled for running virtual application packages. To do this, follow the next steps: Open the Configuration Manager console and navigate to System Center Configuration Manager > Site Database > Site Management > <your_sitename> > Site Settings > Client Agents.  …

Read more

ConfigMgr 2007, USMT 4.0 and moving collected files to :\Data

This weekend I’ve been playing with USMT 4.0 in combination with ConfigMgr R2 SP2 Beta. I have to say that it is a very powerful combination and I feel a bit stupid that I didn’t do much with it before. I always install it, with every installation that I do, but I never really did something with it. When I was diving in to it I found a special part of MigUser.xml. <!– Uncomment the following if you want all the files collected from the above rules to move to <systemDrive>:\data –><!–                <locationModify script=”MigXmlHelper.Move(‘%SYSTEMDRIVE%\Data’)”>                    <objectSet>                    <objectSet>                        <script>MigXmlHelper.GenerateDrivePatterns (“* [*.qdf]”, “Fixed”)</script>                        <script>MigXmlHelper.GenerateDrivePatterns (“* [*.qsd]”, “Fixed”)</script>                        […]                        <script>MigXmlHelper.GenerateDrivePatterns (“* [*.mdb]”, “Fixed”)</script>                        <script>MigXmlHelper.GenerateDrivePatterns (“* [*.pub]”, “Fixed”)</script>                    </objectSet>                </locationModify>–> This part is about moving the collected files to <systemDrive>:\Data when you uncomment it. Of course I had …

Read more

Prepare ConfigMgr Client for Capture doesn’t remove the AllowedRootCAHashCode value

In the most situations it doesn’t matter that the AllowedRootCAHashCode value doesn’t get removed during a Capture of the client, but there is one situation where it does matter. This one situation is when there has to be one image for multiple domains and every domain has its own issuing CA’s. This situation is a problem because the client stores a copy of the Root Certificate in the AllowedRootCAHashCode key. Because it contains the wrong value for the Root Certificate the client isn’t able to get a new Site Signing Certificate (which is also stored in the registry), so the client isn’t able to check the policies. As workaround for this I created a Task Sequence step (in the install Task Sequence) to delete the …

Read more

Active Directory Site Boundaries are “static”

Active Directory sites are the easiest way of defining ConfigMgr site boundaries, because they are based on physical segments. BUT besides that, you have to keep in mind that they are also static in two different ways: All the different subnets have to be manually included and configured in the Active Directory sites. Once an Active Directory Site Name is selected as an ConfigMgr Site Boundary, ConfigMgr will check on the selected Site Name. Even when you rename the Active Directory site! For more information about site boundaries: http://technet.microsoft.com/en-us/library/bb633084.aspx

How a client chooses a Distribution Point

Lately I get and see a lot of situations like this… Question: I created an extra Distribution Point (DP) on a remote location, but the clients on the remote location are still connecting to the standard DP. Why are these clients not connecting to their local DP? Answer: When there are more DP’s in the same site and/or boundary, by default, the client will first connect to the DP with BITS enabled and not the closest one. If you want the clients to connect to their local DP, you have to make the DP protected. …So I thought it might be handy to write in a few short steps how this process works. Step From Action 1 Client Sends a content location request to its …

Read more

Certificates needed for Native Mode

The biggest problem, for me, with Native Mode were all the certificates that were needed. That’s why I created an table for myself with the basic certificates that are needed for Native Mode and where to add them. The “Where to add” column is based on Windows Server 2008. ConfigMgr Component Use Where to add Primary Site Server Document Signing ConfigMgr > Site Management > Site Database > Properties Primary Site > Tab Site Mode Management Point, Proxy Management Point, Distribution Point, Software Update Point en (State Migration Point) Server Authentication (Web Server Template) IIS > -Right-click- Sites > Edit Bindings > HTTPS -Edit- Client computers Client Authentication (Computer Template) GPO > Policies > Computer Configuration > Windows Settings > Security Settings > Public Key …

Read more

Rename your ConfigMgr Primary Site

Once you have installed your ConfigMgr Primary Site it is not possible to change the name of your Primary Site. At least not through the console… But what if you made a mistake or your company changes it’s naming conventions?? Well there is one way to change it. First off all stop the SMS_EXECUTIVE Service. After that open the site control file (<Installation directory>\Microsoft Configuration Manager\inboxes\sitectrl.box\Sitectrl.ct0) and search for BEGIN_SITE_DEFINITION. Close to that you will find your Primary Site name and you can change it (do not change anything else!!). After this save the file and start the SMS_EXECUTIVE Service again. Then after a few site refreshes your Primary Site name wil be changed. In some cases it could be possible that you also have …

Read more