Archive

Posts Tagged ‘SCCM’

Configuration Manager 2007 Antivirus Scan and Exclusion Recommendations

06/12/2010 1 comment

The Configuration Manager support team released a new post about antivirus scan and exclusions. this post cover a lot of fixes and known issues that good configurations of antivirus software solve.

The article cover SCCM side, SQL side, SCCM roles etc.

If you have Microsoft System Center Configuration Manager 2007 (ConfigMgr 2007) installed and are running into the specific issues defined in the Knowledge Base articles below, you should consider excluding the folders/files defined in each…

http://blogs.technet.com/b/configurationmgr/archive/2010/11/30/configmgr-2007-antivirus-scan-and-exclusion-recommendations.aspx

Categories: SCCM Tags:

Moving SCCM server to new hardware – Part 2

21/10/2010 2 comments

My last post deals with the procedure taken to move Windows 2003 SCCM SP2 R2 server to a new Windows 2008 R2 hardware. as i wrote, the procedure finished successfully and all components seems to work fine. is it possible ?

Several hours after the hardware migration we started to see some error massages in statview console. the problems divided to clients side and servers side.

Clients Side:The main problem with clients was an SMS Public Key issue. the new server have a new key and the some clients can not retrieve it from the site server. (70% of site server clients!!!). i can not explain way those clients did not refresh the key. i couldn’t find any explanation for that.

Solution: Open statview.exe and filter to message id 10822 “The trusted key, mp certificate and the mp machine have changed on server. The client cannot validate the authentication information.”.
i used this script to delete the TrustedRootKey from client store, the script gets the computer name as variable.

‘on error resume next
Dim ObjWMIService,TrustedRootKey,RootKey,ObjComp,ObjWMI

if wscript.arguments.count < 1 then
wscript.quit
else
objcomp = wscript.arguments(0)
wscript.echo “strarting on computer:” & objcomp
end if

objWMI = “winmgmts:{impersonationlevel=impersonate}!\\” & ObjComp & “\root\ccm\locationservices”

Set ObjWMISErvice = GetObject(objWMI)
Set TrustedRootKeys = ObjWMISErvice.ExecQuery(“select * from TRustedRootKey”)

For Each RootKey in TrustedRootKeys
if Rootkey.TrustedRootKey <> “Insert The New key from site server” Then
wscript.echo “TRusted root key did not match key – delete it”
bFOundERrors=TRUE
RootKey.Delete_
Else
wscript.echo “Root Key match”
End If
Next

wscript.echo “done for computer: ” & objcomp

to get the key do the following:

1. In a text editor, edit the file C:\program files\bin\x86\mobileclient.tcf.

2. Locate the entry SMSPublicRootKey= and write down the key or copy it to the Clipboard.

3. When you install the client, using any client installation method, use the Client.msi property SMSPublicRootKey=<key>, where key is the string you copied from mobileclient.tcf.

more information on TechNet.

 

Server Side: here i needed to deal with more then one problem (and i hope that i can remember them all for future use)

x32 to x64 migration – the old SCCM server installed to “c:\program files”, and when we move to new hardware we must keep the same installation folder. when SCCM start to reinstall components after site repair some new data stored in “c:\program files(x86)”.

R2 – R2 installation failed. the process could not find any SCCM installation on server (!?!?!?)  and that because it looks at “c:\program files(x86)”!!!! I’m still trying to find a solution for that.

Share Permission issue – in windows 2003 the share permissions was “everyone” – Full Control. the site server DP could not create new distribution folder under SMSPKGC$, after we set the permissions the DP start to publish new packages.

Registry Permissions – this problem occurs on all DP’s servers. i found this error massage in smsexec.log. ”Could not connect to the “REGISTRY” inbox source on computer PRIMARY SERVER NAME.  Sleeping for 60 seconds.  The operating system reported error 997: Overlapped I/O operation is in progress.”. to solve this problem i found that all machine accounts do not have access to site server registry. the problematic key is “HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\SMS\inbox source”. the missing permission are for SMS_SiteToSiteServerConnection_<SiteCode> local group. the permissions should look like:

image

Summery: I think that if SCCM installation folder is  “c:\program files” , you should think about other ways to migrate (new site server with new site code).

Categories: SCCM Tags: ,

SCCM and Operating System Deployment – Task Sequence process

15/07/2010 1 comment

Operating System Deployment allows us to create operating system images and deploy those images to computers. Operating System Deployment also provides task sequences which help smooth the progress of the the deployment.

I recently needed to perform a shutdown at the end of the a task sequence. the process started but never ends and the shutdown process didn’t occur.
i try to check it thru the smsts.log and found that the command executed (“shutdown /t 0 /s”) but OSD has suppressed the shutdown.

after some research i found that Task Sequence prevent any “outside” operations like reboot or shutdown unless we use the built in task.

if you wish to override this you can use the following http://blogs.technet.com/b/deploymentguys/archive/2008/05/23/osd-forcing-a-reboot.aspx

Categories: SCCM Tags: ,

SCCM Reports against a large collection

21/02/2010 4 comments

Couple of days ago one of my customers asked me to help him with a report problem. the report return an error when he targets the report against a collection with high numbers of computers. when he ran the report against a small collection everything is fine.

“An error occurred on the server when processing the URL.  Please contact the system administrator.
If you are the system administrator please click here to find out more about this error.”

The first thing i suggested was to change the row limit in SCCM report.

http://technet.microsoft.com/en-us/library/bb680885.aspx

Report Viewer in Configuration Manager 2007 limits the result set returned by a report query to 10,000 rows. The maximum number of rows that are returned when running a report query can be modified by creating a registry key and setting a value on site system computers that have the reporting point role.

Navigate to HKEY_LOCAL_MACHINESoftwareMicrosoftSMSReporting and create a DWORD value named Rowcount, and then set its value to the number of rows that you want returned in the report query. If you want to return all rows, set the value to 0xffffffff, which is the hexadecimal equivalent of –1.

But it seems it wasn’t just that, the reporting point (windows Server 2008) need some adjusting in the IIS role.

  1. How to Configure Connection and Command Timeout Settings.
  2. How to Configure the ASP Script Timeout Setting.
  3. and finally we needed to set the ASPBufferingLimit.
  4. In IIS 6.0, settings are set to aggressive and secure defaults to minimize attacks due to time-outs and limits that were previously too generous. IIS enforces the following time-outs at the connection level: Limits on Response Buffering: The default value for the ASPBufferingLimit metabase property is 4 MB. If ASP scripts buffer more than this, they error-out. There was no limit to buffering prior to IIS 6.0.
    we changed the ASPBufferingLimit to 50Mb.

Categories: SCCM Tags: ,

ConfigMgr 2007 Console options for Non English Characters

20/01/2010 1 comment

The SMS Provider is a WMI provider that allows access (read and write) to the Configuration Manager 2007 site database.
The SMS Provider is used by the Configuration Manager console, Resource Explorer, tools, and custom scripts used by Configuration Manager 2007 administrators to access site information stored in the site database.

In multi-language Configuration Manager 2007 site hierarchies, the SMS Provider determines the installed operating system language of the requesting computerand formats data returned from the site database to the requesting computer in a matching language format. The provider is not capable of translating information from one language to another, but it is capable of providing data stored in different languages in the site database to requesting computers.

In my Test Environment the site database is installed on a computer with a English language operating system , and the stored information in the site database is formatted in the same language codepage. all consoles installed on OS with Hebrew Locale, in this case the SMS Provider would return information formatted for the English language code page instead of Hebrew, the resulting information returned would not be readable.

clip_image001

To resolve this issue, change the Locale of the SCCM site server and Provider to the same locale as your Console clients and then use the Command Line Options for Running the Configuration Manager Consoleto open it with your language support.

Example: “C:\Program Files\Microsoft Configuration Manager\AdminUI\binadminconsole.msc  /SMS:providerlocale=040d

the locale code page ID’s can be found here: http://msdn.microsoft.com/en-us/goglobal/bb895996.aspx

Categories: SCCM Tags: ,