Archive

Posts Tagged ‘sccm recovery’

Moving SCCM server to new hardware – Part 2

21/10/2010 2 comments

My last post deals with the procedure taken to move Windows 2003 SCCM SP2 R2 server to a new Windows 2008 R2 hardware. as i wrote, the procedure finished successfully and all components seems to work fine. is it possible ?

Several hours after the hardware migration we started to see some error massages in statview console. the problems divided to clients side and servers side.

Clients Side:The main problem with clients was an SMS Public Key issue. the new server have a new key and the some clients can not retrieve it from the site server. (70% of site server clients!!!). i can not explain way those clients did not refresh the key. i couldn’t find any explanation for that.

Solution: Open statview.exe and filter to message id 10822 “The trusted key, mp certificate and the mp machine have changed on server. The client cannot validate the authentication information.”.
i used this script to delete the TrustedRootKey from client store, the script gets the computer name as variable.

‘on error resume next
Dim ObjWMIService,TrustedRootKey,RootKey,ObjComp,ObjWMI

if wscript.arguments.count < 1 then
wscript.quit
else
objcomp = wscript.arguments(0)
wscript.echo “strarting on computer:” & objcomp
end if

objWMI = “winmgmts:{impersonationlevel=impersonate}!\\” & ObjComp & “\root\ccm\locationservices”

Set ObjWMISErvice = GetObject(objWMI)
Set TrustedRootKeys = ObjWMISErvice.ExecQuery(“select * from TRustedRootKey”)

For Each RootKey in TrustedRootKeys
if Rootkey.TrustedRootKey <> “Insert The New key from site server” Then
wscript.echo “TRusted root key did not match key – delete it”
bFOundERrors=TRUE
RootKey.Delete_
Else
wscript.echo “Root Key match”
End If
Next

wscript.echo “done for computer: ” & objcomp

to get the key do the following:

1. In a text editor, edit the file C:\program files\bin\x86\mobileclient.tcf.

2. Locate the entry SMSPublicRootKey= and write down the key or copy it to the Clipboard.

3. When you install the client, using any client installation method, use the Client.msi property SMSPublicRootKey=<key>, where key is the string you copied from mobileclient.tcf.

more information on TechNet.

 

Server Side: here i needed to deal with more then one problem (and i hope that i can remember them all for future use)

x32 to x64 migration – the old SCCM server installed to “c:\program files”, and when we move to new hardware we must keep the same installation folder. when SCCM start to reinstall components after site repair some new data stored in “c:\program files(x86)”.

R2 – R2 installation failed. the process could not find any SCCM installation on server (!?!?!?)  and that because it looks at “c:\program files(x86)”!!!! I’m still trying to find a solution for that.

Share Permission issue – in windows 2003 the share permissions was “everyone” – Full Control. the site server DP could not create new distribution folder under SMSPKGC$, after we set the permissions the DP start to publish new packages.

Registry Permissions – this problem occurs on all DP’s servers. i found this error massage in smsexec.log. ”Could not connect to the “REGISTRY” inbox source on computer PRIMARY SERVER NAME.  Sleeping for 60 seconds.  The operating system reported error 997: Overlapped I/O operation is in progress.”. to solve this problem i found that all machine accounts do not have access to site server registry. the problematic key is “HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\SMS\inbox source”. the missing permission are for SMS_SiteToSiteServerConnection_<SiteCode> local group. the permissions should look like:

image

Summery: I think that if SCCM installation folder is  “c:\program files” , you should think about other ways to migrate (new site server with new site code).

Advertisements
Categories: SCCM Tags: ,

Moving SCCM server to new hardware

10/10/2010 2 comments

I needed to move a primary site server to a new hardware include a new OS version.

The old central site – Win2003 SP2 with SCCM2007 R2 SP2 (x86) with no SQL, with the SCCM provider.

The New central site – Win2008R2 with SCCM2007 R2 SP2 (x64)

The Site Database is installed on another server.

While the Site Repair Wizard supports restoring a 32-bit Operating System backup onto a site server running a 64-bit Operating System; it does not support restoring a 64-bit Operating System backup onto a site system running a 32-bit Operating System.

Microsoft has a recovery information posted in their online support docs (http://technet.microsoft.com/en-us/library/bb680474.aspx), but site recovery is still a confusing and frustrating task.

I’ve taken some notes for an operation to move a central site server to a new hardware. (This was done using several site recoveries discussed in SCCM forum, TechNet and Microsoft Backup and Recovery SuperFlow for SCCM2007).

Note! We need a functioning site server with the same setup parameters like the old server before we can start the recovery process. Somehow this isn’t mentioned in any TechNet articles (at least not that I can found).

So before starting the process we need to review the original site server setup (ensure that the hardware configuration is identical – drives, names, paths, etc. http://social.technet.microsoft.com/Forums/en-US/configmgrbackup/thread/40220f24-1fcb-4139-a307-2b0a183e4736)

Steps Taken

1. Take notes for the OLD Server name, Site Code, Drive layout, the SCCM Install Location, site server roles (SU, DP’s etc), SCCM Provider,WSUS configurations if exists, SCCM hotfixes.

2. Perform Backup of SCCM2007 using maintenance wizard. http://technet.microsoft.com/en-us/library/bb633003.aspx
Note: Only site backup created using Backup ConfigMgr site server maintenance task is supported for recovering sites by the site repair wizard.
If you do this on a Central Site you must backup manually the site control file.
to start the backup manually we must start the service from command line with “NET START SMS_SITE_BACKUP”, we cannot start it from services console. The service writes all actions to smsbkup.log.
clip_image002

3. To ensure that the backup was successfully, we can check the status messages of the component SMS_SITE_BACKUP
clip_image004

4. Copy the Backup folder to a network drive. (You can ignore this step if you set the backup folder in the previous step to a UNC path.)

5. Stop all SCCM services on the OLD computer, shutdown the server and disconnect from network.

6. Delete the machine account for the OLD computer in AD.

7. Give the NEW OS the old server name and join the computer to the domain.

8. Add permissions in AD for the new site server.

a. Open AD users and Computers -> System

b. Right click the “System Management” and choose properties.

c. On the security tab give site server full control on Systems Management container.

d. Open advance properties and change permissions so that they apply to “This object and all descendant objects”

9. Give the machine account admin rights on the SQL server.

10. On the SQL server add the new site server machine to local administrators and remove the old site server (if applicable).

11. Add the primary site server account to the local administrators group of all secondary sites.

12. Backup the SMS_XXX DB from the management studio (just in case…)

13. Now it’s time to install the new server with the same configuration as the old one.

14. Install WSUS 3.0 (if needed.)

a. Do not use the default website.

b. During the install point it to the remote SQL server (if you use a remote SQL server to host WSUS metadata).

c. Do not overwrite the contents of the database.

d. Do not use the configuration wizard to setup WSUS.

15. Copy the backup files (steps 3-4) to the new server.

16. Install the same version of SCCM with the same SCCM hotfixes as the old server.

a. Make sure to use the same install path. (even when you move from x32 to x64, this step is crucial for the success of the recovery procedure)

b. If the new system do not pass prerequisite check. Double click on each item to see how to resolve the issue.

c. Create new DB with the same site code on the SQL server, you will get an error:
clip_image006
The answer should be YES
(we have a backup and this is the only way to continue)

17. Add system to the SMS_SITESYSTEMTOSITESERVER_<SITECODE> local group, this group should contain any parent or child site that needs to write to the site’s DB.

18. Add users or groups to “SMS REPORTING USERS”, this group should contain any domain accounts that have reporting rights.

19. Add users or groups to “SMS ADMINS” this group should contain all users that have access to SMS provider.

20. After the setup has completed successfully run the site recovery wizard.

a. Close any opened consoles.

b. Click Start ->All Programs ->Microsoft System Center ->ConfigMgr 2007 -> ConfigMgr Site Repair Wizard.

c. Check the package verification option.

clip_image008

When the recovery procedure finished, the site start a reinstallation steps automatically for all components, this is done in the background. We can check the status of all steps in the application log or wait to the end of the bootstrap service.

OK, now it’s time to wait until all background process will end, at last a coffee break…..clip_image010

But not for long the site status is getting red with a lot of warnings and errors. It seems that the MP is not functioning, a little check verify this.

http://<MP name>/sms_mp/.sms_aut?mplist

I checked the NTFS permissions on all SMS folder and it seems that something is messy here! I’ve installed all components to the old location (c:\program files) and now several components are located in c:\program files (x86)? SCCM is 32 bit so the reinstall process write all new data to “c:\program files (x86)”. But this is not the reason why the MP reinstallation is failed. Looking closer at the MPMSI.log & MPSetup.log verify that the MP fails because a SCCM client installation on the site server, this is very odd, I didn’t installed any client on this computer! The client push install is off and there is no GPO for client installation!?!?!?

Now it’s time to look at the notes I’ve taken before I started the procedure, I realized that I didn’t notice that the old server have a SMS Client installed. So the recovery procedure is responsible for the client installation.

OK,

I will try to remove the client and then to remove the MP, reboot the server and then install the MP again.

The SMS client cannot be uninstalled, I used the ccmsetup.exe \uninstall.

The MP is not removed. The MPMSI.log & MPSetup.log do not show any progress!?!?!?

Did I mention that this process is frustrating?

A site reset didn’t helped either.

Now I’m stuck! What is my next step? I decided to perform the recovery process again.

After the recovery finished, the MP worked perfectly. I’ve successfully installed a new client, and all the basic advertisements started on the client.

SMS site status is O.K all site components are functioning.

clip_image012

Categories: SCCM Tags: