System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2 released!
According to the announcement on the Configuration Manager Team blog these service packs deliver full compatibility with existing features for Windows 10 deployment, upgrade, and management. Additionally there are some changes and improvements in the following areas:
- Infrastructure: sites and hierarchies
- Application Management
- Content Management
- Hybrid setups with Configuration Manager and Microsoft Intune
Full details on what’s new can be found here.
Both service packs are available for download on the Technet Evaluation Center website.
Until next time!
Beginning of August Microsoft has announced their new cumulative update servicing model for System Center 2012 Configuration Manager. A few days ago the first Cumulative Update 1 (CU1) for System Center 2012 Configuration Manager was released; What issues this CU1 effectively handles is documented in the related KB article with ID 2717295. This is also where you can request and obtain the binaries. This post describes my experiences implementing the CU in a lab environment.
Before we begin lets outline the order in which the different components are updated:
1. Site server (The site server is always updated first, once this is done the additional components can be updated as well)
2. Administrative Consoles
Site Server & Site Database
Unpack the downloaded CU and run the executable ConfigMgr2012-RTM-CU1-KB2717295-X64-ENU.exe to launch the wizard.
On the welcome page click Next
Accept the license terms and click Next.
Ensure all prerequisite checks are passed and click Next.
I decided to let the wizard also update the site database. Alternatively you can do the database upgrade manually using the update.sql script. At implementation time the CU extracts update.sql to the following location on the site server: \\<Server Name>\SMS_<Site Code>\hotfix\<KB Number>\. Note that the update is not functional until both the site server and the site database have been updated!
Next are the Deployment Assistance Options – this is a really nice feature to assist in the further deployment of the CU.
By enabling the checkboxes the wizard automatically creates packages in the software library to support updating the remaining components in your environment.
If you enabled the 3 checkboxes the next 3 pages of the wizard allow you to specify the program and the package details for each item. I kept the default options.
Click Install on the summary page
The installation progress and results are shown. Click Next when all actions are completed.
Click Finish when the installation is completed.
If you want to see what is happening under the hood have a look at the configmgr2012-rtm-cu1-kb2717295-x64-enu.log located in the %windir%\temp folder.
In the Control Panel the CU is listed in the installed updates:
A closer look at the site properties shows that the version number remains unchanged:
In the Software Library the packages to support the CU deployment have been created:
Tip: Do not forget to distribute the content to your DP’s.
Once the site server is done, updating the other components automatically can either be done using the Software Deployment feature or by using software updates. In my lab environment I chose to use Software Deployment. Using the previously created packages this is really straightforward. As I only had one remote console in my lab environment I used a simple collection with direct membership.
Once the CU got distributed I checked the installed updates in Control Panel and the following entry is listed:
Oddly enough the version number here remains unchanged and no minor version .0200 is to be found. The –test suffix seems to be a small mistake in naming.
Note that afterwards I also ran the update on the site server to update the locally installed console.
As a final step I had to update my existing clients and I also wanted to ensure that any new clients would also get the CU1 installed. Again using the pre-created packages this is a fairly easy job. To easily group my clients I had created query based collections to distinguish between RTM and CU1 clients and also per processor architecture (x86 or x64). This is an example query I used for the ConfigMgr Clients x86 CU1 collection:
SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_R_System.ClientVersion = "5.00.7711.0200" and SMS_G_System_SYSTEM.SystemType = "X86-based PC"
The highlighted values can easily be replaced to create the collections for the RTM (5.00.7711.0000) and x64 (X64-based PC) client collections.
After the deployment was in place, I could see the CU being installed on my lab clients. This is a screenshot from the Software Center:
Once installed the client version number is changed. Except for the Task Sequence Components, the components versions remain unchanged.
All done! The lab environment is fully updated to CU1.
Until next time!
Note: this post was also published on my SCUG.be blog.
ConfigMgr 2012 Prereq Checker warning: Verify site server permissions to publish to Active Directory
During installation of Configuration Manager 2012 RC2 the prerequisite checker lists a warning for the prerequisite: Verify site server permissions to publish to Active Directory although the required permissions are in place.
As the environment might expand and more site servers could be implemented it was opted to grant the permissions using a domain local security group which has the site server computer account added as a member.
First check was to verify if the required permissions on the System Management container are implemented for the group. Additionally it was confirmed the site server computer object was added as a member. When running the prerequisite checker it still shows the warning even though permissions are in place.
In a second scenario permissions were implemented on the System Management container using the computer object instead of using groups. When re-running the prerequisite checker it did no longer show the warning and passed the check.
According to feedback received this is behaviour as expected.
This was logged earlier as a bug for the RC1 release of Configuration Manager 2012. The bug report mentioned this would be fixed as of build 7688. Apparently at that point the fix was to reword the explanation offered by the prerequisite checker as opposed to implementing a fix that would have to create a dummy object in AD to test actual permissions.
Bottom line: the warning message can safely be ignored as long as the permissions for the group containing the site server(s) are correctly implemented.
Today during a Private Cloud webcast Microsoft has announced their new strategy on System Center. No longer are the System Center products considered as separate entities: System Center 2012 is now a single product. It is a fullblown suite which includes a complete set of System Center products.
An overview of what the suite will include:
- Configuration Manager
- Service Manager
- Virtual Machine Manager
- Operations Manager
- Data Protection Manager
- App Controller
- Endpoint Protection
This does not mean all of the above will have to be installed in one shot. Customers will still have the ability to implement and integrate solutions one by one.
The new System Center 2012 product comes in 2 editions:
- The Datacenter edition is licensed per two physical processors and provides use rights for management of an unlimited number of VMs per license.
- The Standard edition is also licensed per two physical processors, and each license gives you management rights of two virtualized servers.
For details on System Center 2012 licensing have a look here.
Also check out the Private Cloud Assessment Tool.
Evaluation software is available for download here.
Now I am off to the (virtual) lab for some quality time!
After being absent for a few of the previous CEP sessions I was happy to be able to attend the PCM and P2V Toolkit session yesterday. Below are some key takeaways from this session. This was the last session for this year, next one is scheduled for January 11th 2012.
Package Conversion Manager (PCM)
PCM is a feature pack for Configuration Manager 2012 which will allow you to prepare and move your packages towards the new app model.
A best practice approach to convert packages would be:
- Migrate Objects
- Create apps in a lab environment
- Test apps in a lab environment
- Export and import
The package migration options from 2007 to 2012 are:
- Do nothing and leave the package and program
- Convert Manually
- Convert using PCM
Selecting conversion candidates:
- Good : App-v, MSI and Executable files (user facing applications)
- Bad: System maintenance tools (defrag, etc …) and end of life applications
Understanding PCM manual vs automatic conversion rules:
- Package contains only 1 MSI
- No unconverted dependencies exist
- Content is accessible
- Must have content
- Is a software distribution package
- Contains at least one program
- Using the conversion dashboard
- Advanced troubleshooting: using the pcmtrace log in the %temp% folder
PCM is scheduled to be released at the same time as Configuration Manager 2012.
Configuration Manager P2V Migration Toolkit
A utility to help migration to Configuration Manager 2012 in specific scenarios, for example a remote site server migration where the goal is to re-use existing server hardware.
How can the P2V toolkit help:
- Eliminates the need of parallel physical servers at remote sites
- Repurpose existing site server into a virtual instance
- Hosting ConfigMgr 2007 AND ConfigMgr 2012 on the same physical machine using virtualization
- Simplifies and automates creation of a virtualization task sequence
- Simple and intuitive interface to create and deploy the task sequence
- All virtualization tasks sequence steps are built-in
- Limited input needed by remote site administrators
- Task Sequence with stand alone media (fully automates the end-to-end process)
- Bootable media only
Offcourse the hardware should meet the necessary prerequisites for virtualization and Hyper-V.
The P2V toolkit will ship at the same time of Configuration Manager 2012 RTM as a separate tool.
The release candicate is already available via Connect.
Some key takeaways from the CMCep session held on the 10th of August. Topic for this session was the ConfigMgr 2012 SDK, presented by Heena Macwan and Martin Dey.
- After MMS: SDK Beta program started. On invite only.
- ConfigMgr 2012 Beta 2 RTM time: SDK Beta available on Connect). Initial draft SDK, including:
- Coverage for the new AppModel classes and members
- Draft porting guide
- ConfigMgr 2012 RTM time: SDK Update, including:
- Details of all modified classes and members to help port existing solutions
- ConfigMgr 2012 RTM + 6 Months: SDK RTM
- Details on all new members and classes
- Samples and how-to’s
SDK Extension Areas
- Admin console
- Add right-click options, forms, wizards, nodes and views
- Insert tabs into existing forms
- SMS Provider
- Enabling automation of any UI activity
- Actions achieved through WMI classes, properties and methods
- MP interface
- Allows unsupported clients to be managed through proxy (MP Proxy)
- Provide extra support for windows clients
- Client interfaces
- Exposes interfaces to control panel applet
- Ability to enact custom policies at the client
- Note: client inventory customization no longer required
Porting from 2007 to 2012
- Some areas will require changes to port to 2012
- Guidelines will be made available.
New Extensibility Areas in 2012
- Application model
- Settings Management (formerly DCM)
- Data Warehouse
- Mobile Device Management
- Alerts and Monitoring
- Software Update Management
- Client Health
- Phase 1 available at ConfigMgr 2012 RTM : Drive Namespace context and support for get-item access by Object Type
- Phase 2 at 2 2012 : cmdlets covering key CM WMI namespace objects
In March round 2 of the Configuration Manager 2012 Community Evaluation Program was kicked off. It was announced that during this round the topics of the earlier round would be recycled but based on the Beta 2 release of ConfigMgr 2012. I intend to also participate in this round and share key takeaways for each of the CEP sessions.
Two days ago the session on ConfigMgr Hierarchy was scheduled. Presenter for this session was D.C. Tardy, senior Program Manager. Below you can find some key takeways:
- Modernized Architecture
- Minimizing infrastructure requirements for remote locations
- Consolidating infrastructure for primary sites
- Improvements related to scalability and data latency
- Being Trustworthy
- Interactions with SQL DBA are consistent with ConfigMgr 2007
- ConfigMgr Admin can monitor and troubleshoot replication approach independently
- Clients are managed through primary sites, not the CAS
- CAS is needed when:
- There is more then one primary site in a hierarchy
- There is a requirement to offload reporting and administration from the primary site
- Add primary sites for:
- Scaling (100.000+ clients)
- Reduce impact of site failure
- Local point of connectivity for administration
- Political reasons
- Content Regulation
- Use secondary sites for:
- Managing upward going WAN traffic
- Tiered content rooting for deep topologies
- Location without local administrators
- Add local DP’s for:
- Situations where BITS is not sufficient for controlling WAN traffic
- OSD Multicasting
- App-V Streaming
- New for DP’s:
- One DP type
- Can be hosted on client and server OS’s
- Throttling and scheduling features
- PXE / Multicast capabilities
- Drive specification for content storage
- Requires IIS feature
- New functionality in ConfigMgr 2012
- One feature that can preload on site server or DP
- Supports all package types
- Content library and package share
- Registers package availability with the site server
- Conflict detection to ensure latest package versions are used
Forest Discovery & Boundaries
- Forest Discovery
- Discovery at the site server forest level and any trusted forests
- Ability to manually add forests that are not trusted (eg DMZ scenarios)
- Returns the domains, sites and IP Subnets
- Supports the creation of boundaries (can be automated)
- Same types are in ConfigMgr 2007
- Simplified management
- Automatic creation as part of forest discovery
- Split between client assignment and content lookuo
- Boundary groups for organizing boundaries in logical containers
- Boundary groups are the primary object for client assignment and content lookup – not the boundaries!
- Auto-create boundary groups when migrating from ConfigMgr 2007
- One site per SQL instance
- All database communication is encrypted
- TCP/IP port for service broker
- Approach change
- Essential to stop use primary sites for different client settings
- Default client settings for the entiry hierarchy and custom settings assigned to collections
- Custom settings overrule default settings. Priority based.
Role Based Administration
- Remove clutter: goal is to only display what is relevant to the current user
- Security roles determine what objects a user can see and what he can do with them
- Security scope: what instances can I see and interact with
- Collections: which resource can I interact with
- Assigning a collection to an administrator automatically assigns all limited collections
- Product ships with only 2 read only root collections
- Every collection is limited by another
- All Systems
- All Users & User Groups