Five issues, commonly addressed on the forums and mailing lists Boundaries Client identity Business...
Transcript of Five issues, commonly addressed on the forums and mailing lists Boundaries Client identity Business...
Configuration Manager: State of the Union
Configuration Manager... ActuallyJason Sandys Kim OppalfensPrincipal ConsultantCatapult Systems Inovativ
UD-B408
Overview
Five issues, commonly addressed on the forums and mailing lists
Boundaries
Client identity
Business hours and maintenance windows
Deployment type evaluation
Upgrade to SP1
Boundaries
Boundaries: common questionsWhat type of boundary should I being using?Why are my resources not being assigned to my site?Should I use a site assignment boundary group for my secondary site?Why won’t my content download?
Boundary usage
Are
used for
•Content location by clients•Auto-site assignment by clients•Secondary site MP location
Are not used for
•Primary site MP or SUP selection by clients•Internet clients•Any server side processes•Client site re-assignment
Boundary types
Pro Con
IP Subnet
• Fast processing time • Requires knowledge of all client subnet masks
• No aggregation• Requires no aggregation of IP
subnets in AD for site assignment to function correctly
AD Site
• Fast processing time• Easy to setup
• Requires AD sites to be properly defined
• Requires AD sites to be granular• Software Updates during OSD has
issues
IP Range• Easy to implement• No dependencies on AD• Granular
• Slow processing time
Boundary groups
Boundaries must be contained within a boundary group to be used
Site assignment• One per primary site• One per secondary site• Published to AD
Content location• One per DP/SMP
orOne per location
• Not published to AD
Boundary general recommendations
AD Sites•AD subnets are well defined or Auto-site assignment is not needed•A lot of boundaries are needed•Cannot be used by workgroup clients
IP Range•Client subnet masks are unknown•AD subnets are not well defined•Granularity is needed or aggregation is possible•Performance is not an issue
IP Subnets•AD subnets are well defined or Auto-site assignment is not needed•Client subnet masks are known•A lot of boundaries are needed
Mix and match as needed Performance threshold: 100 clients / boundary
DEMO
Boundary and boundary group creation
Scenario 2:System within SS1 content location boundary
groupSystem within SS1 site assignment boundary
group
Secondary sites and site assignmentSite assignment during discovery determines which site initiates client agent installation for auto client push
PrimaryPR1
Secondary(SS1)
SS1DP
Site = PR1
Client Push
Client DL
Scenario 1:System within SS1 content location boundary
groupSystem within PR1 site assignment boundary
group
Client = No
Client Push
Client = YesResource
Site = <empty>Site = SS1
Boundary references• Secondary Sites and Boundary Groups• Known Issue: Supernets
in Active Directory Sites Used as Site Boundaries • Clarification on issues resulting from the use of
supernets in ConfigMgr 2007• When not to use IP Address Ranges as Boundaries in
Configuration Manager
• IP Subnet Boundaries are EVIL
Client Identity
Common questionsWhy am I getting duplicate GUIDs?Why is having duplicate GUIDs bad?When and how can a client’s identity be preserved? Is the Windows SID used to define the ConfigMgr client identity (aka GUID)?
ID overload
Security Identifier (SID)• Used by Windows• Known to AD and local
system but never used by anything except local client*
• Uniquely generated for each Windows system
• Not used by ConfigMgr to generate GUID
Globally Unique Identifier (GUID)• Used by ConfigMgr• Uniquely generated
by the ConfigMgr client agent
• Known to ConfigMgr site and client
• “Secret” generation process
Hardware Identifier (HWID)• Generated by
ConfigMgr client agent to uniquely identify hardware
• Known to ConfigMgr site and client
• Helps identity systems that have been “reimaged”
Resource ID• Sequential ID
known only to the site
• Used for nearly all client centric activity
Client certificate• Used to
generate new client GUID
• The Machine SID Duplication Myth (and Why Sysprep Matters)
• New for SMS 2003 SP1: Client Obsoletion and the Hardware ID
References
Business hours and maintenance windows
Common questionsHow do I set the business hours on all of my systems?Which takes precedence?When do I use one and not the other?Do they work together?
Key factsDeadlines define when a deployment is enforcedThe ConfigMgr client agent enforces deploymentsThe ConfigMgr client agent will not enforce a deployment outside of a maintenance window (if one exists)User initiation of a deployment is not subject to maintenance windows
Comparison
Maintena
nce windows
•Evaluated by the client•Administrator centric•Control when deployments with deadlines can (and can’t) be enforced
Business
hours
•Evaluated by the client•User centric•Can initiate deployments before deadlines
A scenario
Computer is idle at deadline 9:30 PM
Client business hours: 5 AM – 8 PMMaintenance window: 9 PM – 4 AMInstallation deadline: 9:30 PMDeployment start time: 6 PM
User working at 9:30 PM 9:30 PM
Computer off at deadline until the next morning
9:00 PM next evening
User enables installation during non-business hours 8:00 PM
DEMO
Using business hours
• Business Hours vs. Maintenance Windows with System Center 2012 Configuration Manager
• Software Center – Business Hours auslesen / setzen (auf Deutsch)
Business hours references
Deployment type evaluation
Evaluation flow
Requirements met?
New Policy App Install Schedule
Dependencies installed?
Yes
Install dependencies enabled?No
No
Yes
Install Application
Is installed?
No
Yes
Dependencies installed
Next Deployment type Next Deployment
type
No
Common questionsWhen do I use applications/packages & programs?How does the client determine which deployment type to run within an application?Can I use AD security groups as global conditions?Should I use AD security groups as global conditions?
Global conditions vs Collection exclusionsUse collections and collection rules to targetUse global conditions for locally “verifyable” dataUse global conditions to handle exceptions and application requirements
ReferencesSteve Rachui – Application model internals Part 1Steve Rachui – Application model internals Part 2Sample script based requirement rule
Upgrade to SP1
Common questionsShould I upgrade to SP1?What should I do to prepare for SP1?Are there any “gotchas” when upgrading to SP1?Do my clients automatically upgrade also?
Preparations
Pre-downloa
d all requirem
ents
Run the pre-
requisite checker
on all site servers
Check your SQL Server
version and
upgrade to the latest
SP
Backup your DBs, reports,
and source
files
Install KB2734608 for WSUS, upgrade Windows Update Agents
Uninstall WAIK, install ADK
Post upgrade
Update the ConfigMgr client
package
Upgrade your clients to SP1
Recreate and redeploy boot
images
Learn about and explore new features and
functions
Gotchas
Anti-virus• Turn it off for the
upgrade• Exclusions in
place• Offline
servicing/boot image updates
WinPE 4.0• vSphere 4 not
compatible• Requires NX bit
Microsoft Policy Provider signing• Re-download
mediaor
• Use hotfix from KB2801987
• How to upgrade System Center 2012 Configuration Manager to SP1
• Planning to Upgrade System Center 2012 Configuration Manager
• ConfigMgr 2012 SP1 Upgrade Guide• Configuration Manager 2012 RTM to SP1 Upgrade
Overview• DISM.exe generates an Error: 5 or Access Denied whe
n VSE 8.8 Access Protection is enabled
References
SummaryConfigMgr is a many layered, deep and wide productDon’t be a ghost, use BingUse the forums and lists (just don’t be a ghost, search first)TechNet System Center 2012 Configuration Manager forumsTechNet System Center Configuration Manager 2007 forumsmyITForum System Center 2012 Configuration Manager forummyITForum System Center Configuration Manager 2007 forumSystem Center Central System Center Configuration Manager forumWindows-Noob System Center 2012 Configuration Manager forumWindows-Noob System Center Configuration Manager 2007 forum
Evaluation
Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.
We want to hear from you!
Resources
http://channel9.msdn.com/Events
Access MMS Online to view session recordings after the event.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.