Andrzej's "IT Thoughts" Weblog

Loose thoughts about IT management&operations

SCCM 2007 - couple of deployment tips

SCCM 2007 - couple of deployment tips

  • Comments 1
  • Likes

When you get to deploying SCCM, there is a couple of issues you may see. Below I summarize some of my experiences - hope this helps:)

1. For all SCCM RTM sites installed after Dec 1, 2007 you will not see any status messages

This is due to a bug in date calculation. A fix is available and must be installed on all sites experiencing this issue. If you install new child sites after applying this fix to parent site AND specify to transfer files over network you will not need to apply this fix. However if you install from RTM media - you will still need to apply the fix:

http://support.microsoft.com/kb/945898/en-us

 

2. Manually exchanging the site key between sites when AD schema is not extended

The SCCM RTM documentation and the website: http://technet.microsoft.com/en-us/library/bb693690.aspx have a procedure for manual key exchange between sites. However for my simple parent (primary) - child (secondary) setup I found the procedure to be a bit misleading.

It reads:

To manually transfer the child site public key to the parent site

1. While logged on to the child site, open a command prompt and navigate to the location of Preinst.exe.

2. Run the following command to export the child site’s public key: Preinst /keyforparent

3. The Preinst /keyforparent command places the public key of the child site in the <site code>.CT4 file located at the root of the system drive.

4. Move the <site code>.CT4 file to the parent site's <install directory>\inboxes\hman.box directory.

To manually transfer the parent site public key to the child site

1. While logged on to the parent site, open a command prompt and navigate to the location of Preinst.exe.

2. Run the following command to export the parent site’s public key: Preinst /keyforchild.

3. The Preinst /keyforchild command places the public key of the parent site in the <site code>.CT5 file located at the root of the system drive.

4. Move the <site code>.CT5 file to the <install directory>\inboxes\hman.box directory on the child site.

However I found this procedure to work in my setup (see inverted child<->parent wording in point 4):

To manually transfer the child site public key to the parent site

  1. While logged on to the child site, open a command prompt and navigate to the location of Preinst.exe.
  2. Run the following command to export the child site’s public key: Preinst /keyforparent
  3. The Preinst /keyforparent command places the public key of the child site in the <site code>.CT4 file located at the root of the system drive.
  4. Move the <site code>.CT4 file to this child site's <install directory>\inboxes\hman.box directory.

To manually transfer the parent site public key to the child site

  1. While logged on to the parent site, open a command prompt and navigate to the location of Preinst.exe.
  2. Run the following command to export the parent site’s public key: Preinst /keyforchild.
  3. The Preinst /keyforchild command places the public key of the parent site in the <site code>.CT5 file located at the root of the system drive.
  4. Move the <site code>.CT5 file to this parent site’s <install directory>\inboxes\hman.box directory.

Excerpt from hman.log on my parent site

Attempt to copy the CT4 file as per original documentation fails:

Processing C:\Program Files\SCCM2007\inboxes\hman.box\S01.CT4 file, containing 1 keys.                SMS_HIERARCHY_MANAGER     1/11/2008 10:56:18 AM  4940 (0x134C)

CPublicKeyLookup::UpdateCurrentKey("S01", "0602000000A40000525341310004000001000100ED4AF40FA571B65BCB729D62A33D7B75B9B5613F224A0C39FE0B31B992924D3D36DB35626A297183B9FAFAE4CE02FF95DE3AC580995AFD07D1E746762767465FB4EF5C38168273AF9EF6F38F1F63F505062BA98618F02F99D01DDF097013E13C932DF500AEE38E415F68171ACD7F466F897DB96A5E243DBF1DC6750184FB1CB6")         SMS_HIERARCHY_MANAGER     1/11/2008 10:56:18 AM  4940 (0x134C)

CPublicKeyLookup::UpdateCurrentKey() Checking C:\Program Files\SCCM2007\inboxes\hman.box\pubkey\S01.pkc for Key0      SMS_HIERARCHY_MANAGER     1/11/2008 10:56:18 AM  4940 (0x134C)

CPublicKeyLookup::UpdateCurrentKey() Checking C:\Program Files\SCCM2007\inboxes\hman.box\pubkey\S01.pkc for Key1      SMS_HIERARCHY_MANAGER     1/11/2008 10:56:18 AM  4940 (0x134C)

CPublicKeyLookup::UpdateCurrentKey() Aging Key0       SMS_HIERARCHY_MANAGER     1/11/2008 10:56:18 AM  4940 (0x134C)

CPublicKeyLookup::UpdateCurrentKey() Updating Key0               SMS_HIERARCHY_MANAGER     1/11/2008 10:56:18 AM  4940 (0x134C)

No parent site to forward CT4 file C:\Program Files\SCCM2007\inboxes\hman.box\S01.CT4 to.  Deleting.                SMS_HIERARCHY_MANAGER     1/11/2008 10:56:18 AM  4940 (0x134C)

Using P01.CT5 file succeeds:

Processing C:\Program Files\SCCM2007\inboxes\hman.box\P01.CT5 file, containing 1 keys.    SMS_HIERARCHY_MANAGER    1/11/2008 11:23:01 AM    4940 (0x134C)
CPublicKeyLookup::UpdateCurrentKey("P01", "0602000000A400005253413100040000010001000BEA74D6492BA114831648F56EBD42EF4542FFE358FDD4CEC6FA9473089641A5628DAB9395F767C9F1418A5BFCC8FF94E4B63B004FE65AC5BA3FEDA606363B3BFE539C2D2B2AD41A2B6C3681D96425F07B396E358DB3C89BA898F0B7A1194005D20C00E2B2D414658E78AA36C3C972276C4D885F3C366FF571FFB3E2142BF7CD")    SMS_HIERARCHY_MANAGER    1/11/2008 11:23:01 AM    4940 (0x134C)
CPublicKeyLookup::UpdateCurrentKey() Checking C:\Program Files\SCCM2007\inboxes\hman.box\pubkey\P01.pkp for Key0    SMS_HIERARCHY_MANAGER    1/11/2008 11:23:01 AM    4940 (0x134C)
CPublicKeyLookup::UpdateCurrentKey() Matching Key found in iteration 0.  Updating Date.    SMS_HIERARCHY_MANAGER    1/11/2008 11:23:01 AM    4940 (0x134C)
Successfully forwarded CT5 file to child site S01.    SMS_HIERARCHY_MANAGER    1/11/2008 11:23:01 AM    4940 (0x134C)

Manual exchange of public keys is needed only if you don't exchange the AD schema. I would really encourage to extend AD schema, large deployment without this, if you don't have a solid WINS(who uses that these days?!)+DNS infrastructure, will give you big administrative overhead. Read more at: Decide If You Should Extend the Active Directory Schema.

 

3. Software distribution mandatory assignment does not seem to work (if you are in a +GMT zone).

You may find that you created a package, program and a mandatory "as soon as possible" advertisement, but your clients are not receiving this package. This is because default setting on the advertisement is to use UTC time and not client time. Change to client time and it should go much quicker:

clip_image002

 

4. Wake On Lan does not seem to work (if you are not using Daylight Savings Time on the server)

See hotfix http://support.microsoft.com/kb/944542 for resolution.

 

5. Extending the SCCM console with basic tools

Remember back in the SMS 2003 days we had nice tools that enabled right-click on computers/collections to ping/force policy refresh etc. You will find that now extending the SCCM console is easier. It all comes down to an XML file placed in a proper folder. We can soon expect many extensions (also those from SMS) to be ported to SCCM console. As an example a ping extension for computers from SCCM console.

Create a file called e.g. PingWorkstation.xml:

<ActionDescription Class="Group" DisplayName="SMS Tools" MnemonicDisplayName="SMS Tools" Description="SMS tools for agent" SqmDataPoint="53">
  <ActionGroups>
      <ActionDescription Class="Executable" DisplayName="Ping Workstation" MnemonicDisplayName="Ping Workstation" Description="Will ping a workstation">
        <Executable>
          <FilePath>cmd.exe</FilePath>
          <Parameters> /k Ping ##SUB:NetBIOSName##</Parameters>
        </Executable>
      </ActionDescription>
  </ActionGroups>
</ActionDescription>

Place the file in c:\Program Files\SCCM2007\AdminUI\XmlStorage\Extensions\Actions\7ba8bf44-2344-4035-bdb4-16630291dcf6\ and restart the console. The GUID is reference to the resource object in collections. A collection would have these GUIDs:

dbb315c3-1d8b-4e6a-a7b1-db8246890f59 - top level collection
fa922e1a-6add-477f-b70e-9a164f3b11a2 - subcollections

The GUID referring to the SCCM resource object. Additional extensions can be made with the use of SDK documentation in a similar fashion. SDK is now in December CTP available on https://connect.microsoft.com/availableconnections.aspx site (look for SCCM SDK beta - you need to sign in with a live account). RTM should appear somewhere this quater.

If you have any other first deployment tips I encourage to share.

 

6. You cannot edit a task sequence, getting an error from SCCM UI (only if your registered organization or username of computer where SCCM console is installed is null or " ")

When a computer on which the admin console is running has null or “ “ (space) in the registered for user or organization field (specified during computer setup) sequence tasks generated from the UI cannot be edited. To resolve export the task to XML and modify the registeredUserTo (or company) field to assign it some value (for the editor it cannot be null). To assure problem does not happen on workstation again change the registered field in registry: http://gettoknowyourpc.blogspot.com/2006/07/change-registered-windows-info.html

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment