Thursday, December 27, 2012

Report Building Part 4: The SQL Query soo far

So now that we've gone through the absolute basics on building a SQL Query (I left a lot out on purpose, I don't have the patience to write THAT much about creating SQL Queries), lets circle around and get the Query in order.

Original Query from the Interwebs:

SELECT Manufacturer0, Model0, Count(Model0) AS 'Count'
GROUP BY Manufacturer0,Model0

So first thing we will need to do is figure out how to limit this by collection.  As mentioned at the beginning of this series, you will need to familiarize yourself with the SCCM 2007 Database Schema/Diagram, linked in the first article.  In this case, we need to figure out how to get from v_GS_COMPUTER_SYSTEM too v_Collection.  In the diagram the two do not share any common tables, however v_FullCollectionMembership DOES have tables in common with both: ResourceID and CollectionID.  Knowing this, we can create some INNER JOINs to link them all together.  The Query now looks like this:

SELECT Manufacturer0, Model0, COUNT(Model0) AS 'Count'
INNER JOIN v_FullCollectionMembership ON v_GS_COMPUTER_SYSTEM.ResourceID = v_FullCollectionMembership.ResourceID
INNER JOIN v_Collection ON v_FullCollectionMembership.CollectionID = v_Collection.CollectionID
GROUP BY Manufacturer, Model0

This only gets us part of the way there, however, as we haven't told SQL what collections we need to query from.  Nor do we have a mechanism to select Collections at will.  This is going to take one more feature of creating SQL Queries: Parameters!

Sunday, December 2, 2012

Report Building Part 3: Lets all JOIN hands

This next segment is dedicated to JOINs and how they are basically the backbone of querying the SCCM 2012 Database.  If you haven't already done so please download and review the SCCM 2007 Schema located here.

As mentioned before, the SCCM database is pretty big.  When I first started out with SCCM 2007 I didn't have a full appreciation for how much information is actually stored in this database.  Consider that it collects information on all the installed applications, hardware, collection memberships, deployment packages, Application Packages, OS Deployment, PXE, etc ... that is a lot of data to store.

So, lets get right to it.


A JOIN allows you to combine information from two or more related tables.  A JOIN can be one-to-one, one-to-many, or many-to-many.  As you add JOINs to your query you increase the amount of information that the query will return.  There are four main types of JOINs: INNER, OUTER, LEFT, and RIGHT.  You can also do a self-join but that is out of the scope of this series.  In the book Microsoft SQL Server 2008 Reporting Services (ISBN-13:978-0071548083) , the Author describes JOINs best by suggesting that you consider two overlapping circles, each representing a database table.  The part in the center where they overlap (data that is the same in both tables) is an INNER JOIN.  The data outside the center portion on the left is an LEFT OUTER JOIN and the data outside the center portion on the right is a RIGHT OUTER JOIN. 


An INNER JOIN is probably the most common type of JOIN that you will use with basic SQL Queries.  Basically an INNER JOIN compares the selected fields from two tables and merges the results into your Report.  NULL values (blank fields) will not be included in an INNER JOIN unless you specify a join condition like IS NULL or IS NOT NULL.  With basic SCCM Queries you will not have to worry about NULL values I think.  Here are a few different ways you can do INNER JOINs:

1: Explicit JOIN notation
FROM dbo.employee
INNER JOIN dbo.department ON dbo.employee.DepartmentID = dbo.department.DepartmentID;

2: Implicit JOIN notation
FROM dbo.employee, dbo.department
WHERE dbo.employee.DepartmentID = dbo.department.DepartmentID;


For more advanced SQL Queries you will see mostly LEFT OUTER or RIGHT OUTER joins.  The LEFT and RIGHT refer to which side of the = sign takes preference.  In a LEFT OUTER join for instance, all the records from the left side of the = sign will be in the report even if there is NULL values on the right.  For Example:

FROM dbo.employee
LEFT OUTER JOIN dbo.department ON dbo.employee.DepartmentID = dbo.department.DepartmentID;

This will list all employees regardless of if they have been assigned to a department.  The reverse of that, a RIGHT OUTER JOIN, would list all departments regardless of what employees are assigned.

Hopefully this will give you more of an understanding on JOINs and how they affect your SQL Query.  Next we will dive into Parameters, the difference between Dataset and Report Parameters and when to use them ... just as soon as I learn how to use them!

Stay Tuned!

Table of Contents

Introduction to Series
Part 1: The Goal
Part 2: SQL Query Basics
Part 3: Lets all JOIN hands

Saturday, December 1, 2012

Report Building Part 2: The Basics of a SQL Query

Since I'm bored in my hotel room I thought that I would get this blog series off the ground by covering the basics of a SQL query.  To keep the information relevant I will use the query that I included in the last post as a template:

SELECT Manufacturer0, Model0, Count(Model0) AS 'Count'
GROUP BY Manufacturer0,Model0


A SQL query always starts with SELECT, commonly referred too as a SELECT Statement.  There are many commands that you can use in SQL, but SELECT is what you need to start with when you want to retrieve data from your Database.  The other commands allow you to add and remove content to your DB so is not part of the scope of this series.

After SELECT you provide the details of which tables you wish to obtain information from.  You can use a * wildcard here if you wish to select all tables but its best to specify tables so you can keep the query results manageable.  In the example above, I'm selecting the tables called Manufacturer0, and Model0.

Another part of the SELECT statement is the Count function.  Basically, this function will count the number of entries in a column and provide a total.  To explain that based on the Query: Count the number of Models in the Model0 column and place the total in a column called Count.


The next part of a SQL query is choosing where the tables are located.  In this case the tables are located in dbo.v_GS_COMPUTER_SYSTEM.  This is where you need to know the layout, or schema, of the database you are trying to query.  Microsoft released the schema for SCCM 2007 some time ago, I've linked to it on the previous post.  I haven't seen a database schema for SCCM 2012 yet so I'm assuming that it is the same.


This instructs SQL to display the query results in like-groups rather than individual rows.  As specified above, it will first group via Manufacturer, then by Model. Additional entries for each Manufacturer will be created as Models are discovered, and vice versa.


This tells SQL how to order the data in the report, otherwise there will be no order to the data output.  Depending on the complexity of the query, this could make the results unusable.

To give you an idea of what the output from this query looks like, here is what my results look like:

For all you hard core SQL designers and report builders, you will notice that I have left out A LOT in this first post.  Missing are some very important syntax items such as JOIN, INNER JOIN, OUTER JOIN, and many others.  I hope to cover these in future posts as we add to this query to include the additional data required as well as how to incorporate Parameters into the query so we can add the ability to choose Collections to limit our results.

Please let me know in the comments if I made any errors, if I'm not clear in my description, or to provide any other feed back!

Table of Contents

Introduction to Series
Part 1: The Goal
Part 2: SQL Query Basics
Part 3: Lets all JOIN hands

Report Building Part 1: The Goal

Its always important to have a goal in mind when learning a new product or feature.  Sure there is the over arching goal of learning how to use a new tool but the important question and driver is WHY are you learning it?  At least this is the way that I learn anyway, I realize that everyone is different.

I find it easier to learn when I have to learn something in order to complete a specific task.  Here is what I've been given:

My company is getting ready to purchase a large number of desktops and laptops in order to finally move away from Windows XP SP3.  Internally we have developed a standard for what system models we want to maintain in the company and what we want to replace.  We also need to know what systems we can upgrade to Windows 7 vs. what we have to replace.  The reports that are built in to SCCM 2012 get us part of the way there but it doesn't give us a very specific piece of information:  How many of each system model are located in each office ?

I located a post on the TechNet Forums to help get me started with a basic SQL Query which I have to modify to be able to target specific collections.  Here is the base SQL Query that I'm going to start with:

SELECT     Manufacturer0, Model0, Count(Model0) AS 'Count'
GROUP BY Manufacturer0,Model0

This query works great for discovering how many of each system model that we have in the entire company but it doesn't break it down by office.  In my case, Each office has its own Device Collection and User Collection.  Hopefully I can modify this to work for what I need to do while at the same time learning a new tool!  Please don't just post the answer to this if you know it, my goal is not just to figure this out but how to learn how to build SQL Queries with Report Builder.

This series assumes that you have already installed and configured SQL Server Reporting Services and installed the Reporting Services point role on your Primary/Central Site Server.  If you haven't, I've posted a link to an excellent thread on the windows-noob forum that walks you through how to set it up!


TechNet Discussion Thread:

Report Builder 3.0 Download:

SCCM 2012 - Adding the Reporting Services Point Role:

Table of Contents

Introduction to Series
Part 1: The Goal
Part 2: SQL Query Basics
Part 3: Lets all JOIN hands

Introduction to Report Building with Report Builder 3.0 for SCCM 2012

Now that my 2012 environment is running smoothly; the kinks have been ironed out, the old 2007 environment decommissioned and old servers removed (enjoyed a glass of scotch to celebrate that moment), and IT staff are comfortable in the new console ... its time for me to change gears and dive into building reports in SCCM 2012 by using Report Builder 3.0.

This will spawn a new series while I literally teach myself how to build reports in SQL.  As someone who has almost no experience with SQL, other than basic installation and maintenance tasks, I hope this series of posts will be useful to anyone who needs to learn how to build reports in SCCM but don't have the slightest clue on how to do it.

Let me start by re-capping what my environment looks like so my posts will make sense:

SCCM Primary Site Server
Server OS: Windows 2008 R2
SQL: SQL Server 2008 R2 Standard w/ CU6, SSRS Installed and configured on same box
Report Builder 3.0 Installed

First post to come in a few days time I hope.  I'm spending the next 11 days in freezing cold Alberta rolling out an MS Lync-based phone systems in two offices so my hands are pretty full at the moment.

Table of Contents

Introduction to Series
Part 1: The Goal
Part 2: SQL Query Basics
Part 3: Lets all JOIN hands

Tuesday, November 6, 2012

Windows RT - How to use it in your Enterprise

It is no secret that I love Microsoft Surface.  I spent my last blog post lamenting a bit on some of the many features I enjoy and I hope to not do that again, after all this is a technical blog.  Lets do something useful instead:

How to make Microsoft Surface/Windows RT "Work"

As you know, Windows RT is a cut down version of Windows 8 that does not allow you to install applications outside of the curated Windows Store.  The version of Internet Explorer 10 that comes with RT does not allow for any 3rd party plug ins except Adobe Flash which is built-in to the browser and updated by Microsoft.  You would think that would limit your ability to use this tablet for work, and you would be wrong.  Here are a couple of ways that you can make Windows RT into even more of a productivity device rather than just another toy:

1) Remote Desktop via Remote Desktop Gateway

The Remote Desktop app that is available via the Windows Store can be configured to use your Remote Desktop (formerly Terminal Services) Gateway to connect to your computer in the office while you are on the road.  I've personally used this a number of times to remote into servers when I'm not near my apartment but need to respond to a high priority issue.  Once you get over the screen scaling (after all, it IS a tablet) then you can work on it quite comfortably.  Don't use Remote Desktop Gateway?  TeamViewer is another remote desktop app that is available in the Windows Store.

The drawback to the Remote Desktop client in the Windows Store is that when you configure your gateway settings, it will try to use that gateway for ALL your Remote Desktop connections.  All is not lost though, Windows RT can open .RDP files using the legacy mstsc.exe file so you can use your existing pre-configured RD/TS Gateway .RDP files!

2) Embrace the Cloud with RemoteApp !!

Similar to a Terminal Services/Remote Desktop Session, you can also connect to applications directly via RemoteApp.  This essentially allows you to bypass the "no x86 software allowed" issue with Windows RT by running an application from a RD session.  These programs can be hosted either on your own Terminal Server or using Microsoft Azure, so you are not limited to on-premises hosting.  There are a few caveats to this method though:

- You must be connected to the Internet for the entire time you need to use the application
- Since everything is streaming, performance varies bases on the quality of the Internet connection being used
- For best results, the files you are trying to access should reside in your network (this is arguably a good thing since you can ensure that data is properly backed up)
- Most applications are not yet optimized for touch so you will need to use your Touch/Type Cover or an external mouse for best results.
- Terminal Services Licensing required

While you cannot deploy RemoteApps via MSI, the .RDP method works just fine.  Windows RT also has built-in support for company apps by going into System Properties and selecting Company Apps.

3) Don't Forget about Office 2013!

Finally, don't forget that Windows RT tablets come bundled with Microsoft Office 2013 Home & Student Edition.  Out of the box it is not licensed for commercial use, it is pretty simple to be allowed to use it for work.  This ZDNet Article gives a great explanation of what you need to do.

Well that's all for now.  Enjoy!

Monday, October 29, 2012

Microsoft Surface - Why i love this Tablet!

Unless you've been hiding under a rock for the past few months you would know that Microsoft has officially launched Windows 8 on Oct 26th along with Microsoft Surface.  Microsoft decided to enter into the tablet market with a hardware offering of its own rather than rely solely on their hardware partners.  While the jury seems to be out on if it was a good move by Microsoft ... I was one of the lucky few who received their pre-ordered tablet on time!

I've spent the weekend using the tablet on and off and I must say I think they did an excellent job.  Yes its true that the App Store is currently lacking in the number of apps available but most of the apps that ARE there are useful!

What I like about the Surface

1) Touch/Type Cover and Kickstand!

This has to be one of the best ideas for a tablet that has come out since the form factor started to gain popularity with the iPad.  I realize that tablets with keyboards have been around for a long time now but this method of providing a keyboard seems to resonate well.  Rather than having a dockable keyboard like the Asus Transformer, the Surface has two different keyboard/cover styles available.  The Touch Cover provides you with a keyboard with no tactile keys, just a touch membrane that is laid out like a keyboard.  There is also the Type Cover for those who want tactile keys.  Combine that with a kickstand and you almost have a complete laptop replacement!  BTW, both covers come with a trackpad!

2) Windows RT

MS took a huge risk with the new design of Windows 8, and by extension Windows RT.  While its true you cannot install your own apps on Windows RT, I don't see that as a major issue in the tablet space, especially considering that there are options available to work around that limitation (remote desktop, XenDesktop, RemoteApp, etc).  When the Surface Pro launches in a few months, that will bring the full Windows 8 experience to the tablet form factor.  There are many other reasons why Windows RT is a good thing, but i'll save that for another post

3) Ports Ports Ports!!!!

It looks like Microsoft was paying attention to user feedback with this one!  Surface comes with a full sized USB 2 port, a Micro-HDMI, and a microSD slot that can support up to 64GB.  The OS seems to recognize memory sticks and other standard peripherals in the USB port without issue.  I only had a small number of devices to test with but all performed well with almost no input required from me

4) Comes bundled with Office 2013 !!!!!!

This alone is worth its weight in gold.  While I realize its the Home and Student edition, this does say a lot about the direction that MS wants to go with tablets.  Its not just a toy.  I'm sorry to say this (sorry RIM) but I personally think that the Surface is the first true business tablet on the market!

There is more that I like that I won't post here.  I don't usually do articles on my blog, generally trying to keep it to technical posts, but I had to make an exception in this case.  It should be obvious to anyone reading this that article writing isn't really my forte.


Wednesday, September 12, 2012

System Center Configuration Manager 2012 - Application Will not Download

With SCCM 2012 there is a new method to deploy applications which utilizes a Single-Instance Store model to reduce file duplication.  While this is a great thing for dealing with storage limits on your Distribution Points, it does have an interesting weakness with some apps, in my case with Autodesk products.  When you try to use the new Application/Deployment Type method to install some Autodesk products, you'll see this in the DataTransferService.log file:

DTSJob {7F2AA6B2-4507-4401-BD6E-99CCB06515B5} in state 'DownloadingData'.
CDTSJob::JobError: DTS Job ID='{7F2AA6B2-4507-4401-BD6E-99CCB06515B5}' BITS Job ID='{2034F6CC-309B-4404-B58E-8CAEBDBDC6F3}' ErrorCode=0x80190194
CDTSJob::JobError: DTS Job ID='{7F2AA6B2-4507-4401-BD6E-99CCB06515B5}' URL='http://ServerFQDN:80/SMS_DP_SMSPKG$/Content_dac6f09e-2561-4ce9-b66c-ba803bd0d8a9.1' ProtType=1
DTS job {7F2AA6B2-4507-4401-BD6E-99CCB06515B5} BITS job {2034F6CC-309B-4404-B58E-8CAEBDBDC6F3} failed to download source file http://ServerFQDN:80/SMS_DP_SMSPKG$/Content_dac6f09e-2561-4ce9-b66c-ba803bd0d8a9.1/sccm?/AdminImage/3rdParty/x86/VSTA/Program%20Files/Microsoft%20Visual%20Studio%209.0/VC#/Snippets/1033/Visual%20C#/iterator.snippet to destination C:\windows\ccmcache\d\AdminImage/3rdParty/x86/VSTA/Program Files/Microsoft Visual Studio 9.0/VC#/Snippets/1033/Visual C#/iterator.snippet with error 0x80190194
After re-creating the Application multiple times and replacing the files that it was struggling with, I noticed that each time the error happened it was mentioning a different filename, so something else had to be going on.
According to this TechNet post this is a known issue with SCCM 2012 and is going to be addressed with SP1.  The problem has to do with folder names that have # in them.  The post mentions that you can try renaming the folders or waiting for SP1, however there is a workaround:
You can use the legacy Packages method to build these deployments for the time being until SP1 is RTM'd.  While you don't get to take advantage of Single-Instance storage or advanced detection/uninstall methods you will at least have a functioning application deployment.

Thursday, September 6, 2012

System Center Configuration Manager 2012 - Beware CU1

Microsoft recently released CU1 for SCCM 2012 following its new cumulative update model.  I should have clued in that it was considered a hotfix but I applied it anyway under the interest of wanting my live environment to be up to date for launch.  Boy was that a mistake.

After applying CU1 my Management Point completely shut down, though I wasn't aware at the time that CU1 caused its demise.  After a full weekend of uninstalling and reinstalling the MP, IIS, DP, WSUS, EP, and the Application Catalog website, I remembered that I had installed CU1 so decided to go about removing it.

Went to uninstall the patch using the usual channel (via Programs and Features) however I was unable to uninstall from there.  To uninstall I had to extract the .msi from the CU1 package, right-click the MSI and select Uninstall.  Once CU1 was removed, the Management Point lit right up!

Saturday, September 1, 2012

Deploying System Center 2012 - Management Point Issue

While deploying SCCM 2012 to my live environment, I came across a rather annoying issue.  For some reason, clients were not able to connect to the Management Point on the Primary Site.  They would all connect to one of the Secondary Sites, sometimes across the country from their AD Site.

To verify this, I removed all the Management Points from my environment except for the one located on my Primary Site Server.  This resulted in all my SCCM clients showing no Management Point in the Client Properties, a rather annoying out-come.

I noticed that, while the Management Point role installed successfully, it wasn't very active.  In fact, it wasn't doing anything at all.  Interestingly enough, there were only 4 "MP_*.log files on the server, when there are normally a lot more. While trolling through the Management Point settings, I decided to try changing the method that MP accesses the database from the built-in computer account to an account that has access to the SQL server.

After changing this setting, my Management Point woke right up and started talking to clients!

Friday, July 27, 2012

Happy SysAdmin Day !!!!

Just a short post to wish all my fellow Network Admins, Sysadmins, Help Desk people and all others in IT-related positions a very happy SysAdmin Day !!!!

You Guys and Gals are AWESOME !!! ... no REALLY AWESOME !! :D

Monday, July 23, 2012

Planning an SCCM 2012 Migration - Build Day Approaches!

I love being in a career that challenges me to learn just a little more every day.  The constant quest for writing the perfect installation script, figuring out a complex technical problem, or being called away to another city to resolve a major outage ... these are just three of the MANY reasons why I love doing what I do.

Today is no different.

Today I get to finally start the production build of my SCCM 2012 environment.  This is happening a little faster than was anticipated due to another deployment happening at the same time which relies on a functioning SCCM 2012 hierarchy; System Center Service Manager 2012.

I will continue to post on deployment planning as well as details on my experience with migrating from 2007 to 2012.

Monday, July 9, 2012

Planning an SCCM 2012 Migration - To CAS or not to CAS

For the last week I've been flip-flopping over the need for a CAS (Central Administration Site) in my environment.  While my network isn't very large from a client standpoint (1200 Workstations and Servers in the US and Canada) we are trying to improve redundancy wherever possible in support of a growing company.

My original mentality behind running a CAS + 2 Primary Sites are as followed:

1) Split management traffic between our eastern and western datacenters and provide deployment points for our two DirectAccess Gateways to service external clients

2) Allow for an SMS Agent and a full copy of the DB in the west to make it a bit easier for me to manage (the eastern datacenter is our primary)

3) Allow for scalability if/when we expand overseas

4) In the RTM version, you cannot add a CAS to a Stand-Alone Primary Site

While doing some troubleshooting and research into multiple SQL Instances on a single box for both a CAS and Primary Site DB (for my lab environment as well as production), I came across a couple of blog posts that really changed my tune.

The first one has to do with the storage requirement for CAS.  I found out that even though the CAS does not service clients, it still maintains a copy of every package in its own DataLib and FileLib.  As I have some storage constraints to deal with, this alone was a deal breaker for me.  You can read more about it here.

The second one is something that I should have known during the discovery period as part of my pre-planning.  Since new info comes out all the time, I won't be too hard on myself.  SCCM 2012 SP1 is currently in beta and allows the ability to change the SCCM hierarchy; basically I can add a CAS to the mix later on once SP1 has been released.  You can read more about it here.

What this does to my design, is basically simplify it to the same level that I have with SCCM 2007 currently.  A Stand-Alone Primary Site will be used along with Secondary Sites for the western datacenter and all our regional offices.  Stand-alone DP's will be used for any field offices that need basic software/OS deployment.

Here is another post with views on CAS implementation in SCCM 2012.  He brings up a lot of great points about including a CAS in your SCCM Hierarchy, including some that I brought up!

Friday, June 22, 2012

Planning an SCCM 2012 Migration - Distribution Points Explained

In my first post on this subject I made a vague reference to the changes made with the Distribution Point role in SCCM 2012 but didn't put a lot of effort into explaining the differences between it and a Secondary Site Server.  With this post I hope to clear up the distinction a bit and provide some more useful information rather than my own 'brain droppings' on the subject.

Distribution Point - Then

In SCCM 2007 the Distribution Point role was very basic, it only provided the mechanism for distributing applications from an existing Primary Site, Secondary Site, or Branch server with minimal other features.  It allowed for the use of BITS to allow resumption of interrupted downloads, but was not used to throttle traffic between the Site Server and The DP.  In 2007, the DP was seen as more a companion to a server role but not on its own.  Now I know what you are thinking; Isn't the Branch Server Role basically a stand-alone Distribution Point?  The answer to that is No for the most part, as the Distribution Point was only one component (granted, a major one) to the Branch Server Role.

Distribution Point - Now

Before I get to the new Distribution Point Role, a little background explanation is required here.  With SCCM 2012, Microsoft has the right idea with trying to flatten the hierarchy so that less servers are required.  This is a rather interesting shift for Microsoft since they usually want a server for everything, a proper deployment of Exchange 2010 is a good example of server scaling gone crazy.  From what I can gather, Microsoft's goal with 2012 is too:

1) Reduce the number of physical/virtual servers required to maintain the environment while providing for a maximum number of supported objects

2) Remove the requirement for child sites for administrative or client configuration purposes by the use of Role-Based Administration and allow for collection-based client configurations

3) The ability to install the management products in Public Cloud configurations with no impact in performance due to bandwidth/latency issues

Point #3 is, I think, the main reason why Microsoft is trying to deter people away from installing servers in the local office, instead providing only the roles required to work without needing a full server, or even a server OS!  Lets take a look at the new Distribution Point features, keeping in mind that this can be installed as a stand-alone role on a Server or Desktop OS:

- Application Distribution
- Virtual Application Streaming
- Operating System Deployment (including PXE/SingleCast/MultiCast)
- Content Library and Validation
- Scheduling and Throttling
- State-based Distribution Groups
- Content Prestaging
- BranchCache support

With the Distribution Point Role they have moved beyond BITS to control network traffic and introduced Scheduling and Throttling which before was only available from a Primary Site or Secondary Site server.

As you can see, the Distribution Point role has been extended considerably in SCCM 2012, but its not perfect.  There are some key roles missing from the Distribution Point Role which can only be served by a Primary Site or Secondary Site:

- Software Update Point
- Management Point
- State Migration Point
- Control of data flow to and from the site server

All of these roles can generate a lot of traffic on your WAN (if you have a distributed environment) so may not be practical to centralize them in your data centers unless you have a very robust network.  Yes, BITS can help with the bandwidth impact, but if you have 1000 systems or more, that could easily take up a lot of traffic.

In my environment I do plan on utilizing the stand-alone Distribution Point role, though granted it will be limited to very small locations, site offices, where we have a very small headcount.

Happy Planning!

Friday, June 15, 2012

Planning an SCCM 2012 Migration - Untrusted Domains

Probably one of the biggest shifts in the SCCM 2012 Heiarchy is the requirement for two-way trusts when supporting other domains and/or forests.  This can have major implications for those companies who employ a DMZ domain which is not trusted by the internal domain for security reasons.

I came across this blog post about a way to get around this.  Please note that this is NOT supported by Microsoft!  As I have yet to test this myself, I cannot vouch for its accuracy so your mileage may vary.  Let me know in the comments below if you are able to get this working in your environment.

Friday, June 8, 2012

Planning an SCCM 2012 Migration - Pre-requsites

Here are a few of the things you should take care of on your network / things you should know before you begin to Deploy or Migrate to ConfigMgr 2012:

1) Extending the AD Schema.

If this is a new deployment for you, or if you are migrating from SMS 2003, then you will want to seriously consider extending the AD Schema for ConfigMgr 2012.  If you already have ConfigMgr 2007 deployed in your environment then you do not need to extend the schema again as the extensions are the same.  Extending the Schema allows ConfigMgr to publish parts of its configuration to AD for the benefit of the SCCM Client.  You MUST extend the schema if you plan on using Network Access Protection.

Here is a link to the TechNet documentation:

2) App-V Client

If you use App-V in your environment, you MUST use version 4.6 SP1 otherwise the ConfigMgr Client will not install.

3) Clean up your Collections / Software Packages

If you are using ConfigMgr 2007 then this information will apply to you.  The migration process has a couple of limitations when it comes to Collections and Software Packages.  On the collection side of things, if you have collections that have both users and comptuers as members they will not migrate.  Also, if you have a collection query that is limited to searching inside a specific collection, the query will not come over.  All your Software Packages must use a UNC path for its source directory.

4) SQL Here? Here? ... how about over Here ?

Placement of your SQL Database really depends on the size of your environment.  If you manage a large number of devices, over 50'000, then you will be better served to use a stand-alone SQL server or SQL Cluster.  If your environment is smaller than that, you can install it on the same server as ConfigMgr.  Also consider that Secondary Sites will use SQL as well, though they can get by with having SQL Express installed on the local machine.

5) Site Codes

You cannot re-use side codes from your ConfigMgr 2007 environment, so plan for new Site Codes for your CAS, Primary, and Secondary Sites

More to come!

Planning an SCCM 2012 Migration - Secondary Sites Vs. Distribution Points

As I've been reading up on how to migrate from ConfigMgr 2007 to 2012 (hint: there is no upgrade option), one common theme that keeps coming up is wether you need to use a Secondary Site to regional offices or just to use a Distribution Point.  With ConfigMgr 2012, MS is trying to simplify the hierchy by requiring less site systems to do the same amount of work.  A couple things to keep in mind when trying to decide between the two:

1) The Distribution Point role has been expanded on in ConfigMgr 2012 to do a lot more than in 2007, but it doesn't do everything!
2) Since Distribution Points does not include the Management Point role, you must take into account the extra bandwidth used by client systems when they connect with an MP in an associated Primary Site (or Secondary Site)
3) Same thing with the Software Update Point role, its checks will go up to the assigned Primary Site (or Secondary Site) to check for approved Updates
4) State Migration is not a part of the Distribution Point Role!  If you plan on using USMT directly within ConfigMgr, this is something that you will have to consider

In the case of my envornment, I don't think the heiarchy is going to change very much, except for the introduction of a Central Administration Point and a 2nd Primary Site (right now I run a single Primary Site and 14 Secondary sites under ConfigMgr 2007).

Wednesday, May 16, 2012

Preparing for System Center 2012

I love playing with new tech, especially when it deals with system management.  Recently Microsoft RTM'd the entire System Center 2012 suite and I couldn't be happier.  Whats more, my manager has asked me to take on the upgrade process myself, without support from our external MS Partner!

This will likely spawn a slew of blog posts over the next while about how to prepare the SCCM 2007 environment, Migrate it over to SCCM 2012, then decomission the 2007 environment properly.

This'll be fun!

Troubleshooting Client Install Issues - SCCM 2007

There have been a number of client-side patches released for SCCM over the last few years and I've never truely had successful deployments of them via Client Push.  This is a rather annoying issue because it means that I have multiple client versions which each have their own quirks about them.  The patch would fail with an MSI code 1635 which would also cause the client to install/update as well.

I found this blog post on technet that pointed me in the right direction:

Basically, i added Domain Computers to the share permissions of the SMSCLIENT share on my primary site server.  After that, I was able to deploy the client with the patches and have them install properly!