This blog is owned and operated by the ANZ ConfigMgr Premier Field Engineer team.
Contributors
Ian BartlettMatt ShadboltGeorge Smpyrakis
Blog Links
With the new version of Configuration Manager, comes a bunch of new juicy logs. I’ll separate the posts into Client and Server. In this first instalment, I’ll cover off on the new logs found on your clients.
The first thing you need to know, is the log location has changed slightly.
Client logs can now be found at C:\Windows\CCM\Logs – rather than in the System32 or SysWoW64 directory
With the new ConfigMgr 2012 App Model, we now scan each machine at a regular period (default is every 7 days) and make sure that applications that should be installed on a machine are indeed installed. The AppDiscovery.log will show you the discovery engine (based on DCM) checking to make sure the app is installed.
Performing detection of app deployment type MS_Silverlight(ScopeId_73F3BB5E-5EDC-4928-87BD-4E75EB4BBC34/DeploymentType_246b2460-f182-4916-959c-0a2c41c55ca0, revision 2) for system. AppDiscovery 3/05/2012 9:27:30 AM 7988 (0x1F34)
+++ Application not discovered. [AppDT Id: ScopeId_73F3BB5E-5EDC-4928-87BD-4E75EB4BBC34/DeploymentType_246b2460-f182-4916-959c-0a2c41c55ca0, Revision: 2] AppDiscovery 3/05/2012 9:27:31 AM 7988 (0x1F34)
Here we can see the WMI query for the Microsoft Silverlight application and it not being found. The AppDiscovery.log will then flag Silverlight for installation
ActionType - Install will use Content Id: Content_b0e86929-a5f2-4154-b876-ed83965ce25d + Content Version: 1 for AppDT "MS_Silverlight" [ScopeId_73F3BB5E-5EDC-4928-87BD-4E75EB4BBC34/DeploymentType_246b2460-f182-4916-959c-0a2c41c55ca0], Revision - 2 AppDiscovery 3/05/2012 9:27:34 AM 12156 (0x2F7C)
If an application should be installed, and the AppDiscovery doesn’t find it, the AppEnforce log should kick in with the installation routine +++ Starting Install enforcement for App DT "MS_Silverlight" ApplicationDeliveryType - ScopeId_73F3BB5E-5EDC-4928-87BD-4E75EB4BBC34/DeploymentType_246b2460-f182-4916-959c-0a2c41c55ca0, Revision - 2, ContentPath - C:\Windows\ccmcache\1a, Execution Context - SystemAppEnforce 3/05/2012 9:28:29 AM 7988 (0x1F34)
A user is logged on to the system. AppEnforce 3/05/2012 9:28:29 AM 7988 (0x1F34)
Performing detection of app deployment type MS_Silverlight(ScopeId_73F3BB5E-5EDC-4928-87BD-4E75EB4BBC34/DeploymentType_246b2460-f182-4916-959c-0a2c41c55ca0, revision 2) for system. AppEnforce 3/05/2012 9:28:29 AM 7988 (0x1F34)
+++ Application not discovered. [AppDT Id: ScopeId_73F3BB5E-5EDC-4928-87BD-4E75EB4BBC34/DeploymentType_246b2460-f182-4916-959c-0a2c41c55ca0, Revision: 2] AppEnforce 3/05/2012 9:28:29 AM 7988 (0x1F34)
App enforcement environment:
Context: Machine
Command line: "Silverlight.exe" /q
Allow user interaction: No
UI mode: 1
User token: null
Session Id: 4294967295
Content path: C:\Windows\ccmcache\1a
Working directory: AppEnforce 3/05/2012 9:28:29 AM 7988 (0x1F34)
Prepared working directory: C:\Windows\ccmcache\1a AppEnforce 3/05/2012 9:28:29 AM 7988 (0x1F34)
Prepared command line: "C:\Windows\ccmcache\1a\Silverlight.exe" /q AppEnforce 3/05/2012 9:28:33 AM 7988 (0x1F34)
Executing Command line: "C:\Windows\ccmcache\1a\Silverlight.exe" /q with system context AppEnforce 3/05/2012 9:28:33 AM 7988 (0x1F34)
Once the application has installed, it will rerun the application detection and this time succeed.
+++ Discovered application [AppDT Id: ScopeId_73F3BB5E-5EDC-4928-87BD-4E75EB4BBC34/DeploymentType_246b2460-f182-4916-959c-0a2c41c55ca0, Revision: 2] AppEnforce 3/05/2012 9:29:41 AM 7988 (0x1F34)
The AppInterval.log works with the two previous logs, and should tell you which applications are required. You should see something like
ScopeId_73F3BB5E-5EDC-4928-87BD-4E75EB4BBC34/DeploymentType_246b2460-f182-4916-959c-0a2c41c55ca0/2 :- Current State = Installed, Applicability = Applicable, ResolvedState = Installed, Title = MS_Silverlight
The CCMVDIProvider.log will show you if the machine is a virtual or a physical machine
The EndpointProtectionAgent.log will only show you that the SCEP agent is/isn’t installed. It will not show you any information about definition updates. For SCEP definition updates and SCEP functionality, you’ll find a bunch of logs in C:\ProgramData\Microsoft\Microsoft Antimalware\Support
ExpressionSolver.log is a log that records MSI discovery. This log is only available when verbose logging is enabled
The ExternalEventAgent shows all of the state messages sent from SCEP, into the CCM client. The CCM client will then process this state message as it would any internal state message.
This log file records all Software Inventory file system scans. You can see in the log file below, that we’re looking for qmgr.dll, scrnsave.exe, scrnsave.scr and msiexec in the System32 directory.
Query = SELECT __class, __path, __relpath, name, path, lastwritedate, size, companyname, productname, productversion, productlanguage, fileversion, filedescription FROM FileSystemFile WHERE name = 'qmgr.dll|scrnsave.exe|scrnsave.scr|msiexec.exe' and path = '%windir%\\system32\\*' and iscompressed = false and isencrypted = false; Timeout = 14400 secs; ScanInterval = 2 msecs; SkipFile = skpswi.dat
You’ll see a bunch of SCNotify logs in your logs directory. This log describes the user notification for new applications. In the log you’ll see a bunch of WMI calls, and whether or not applications should notify the user of their availability
This software should not display a user notification balloon, removing it from the available notification list.
The SoftwareCatalogUpdateEndpoint log will show any changes to the Software Catalog URL and will show the URL being added to the Trusted Sites list in Internet Explorer
CSoftwareCatalogUpdateHandler::StartUpdateTrustedSitesProcess: Started UpdateTrustedSites process CSoftwareCatalogUpdateHandler::SetCatalogSecurity: Updating the registry for Software Catalog.
This log will show you the Software Center notifications and whether or not the Software Center is installed and healthy.
The UpdateTrustedSites logs the actual updates after the SoftwareCatalogUpdateEndpoint reports that the URL needs to be added to the Trusted Sites
CSoftwareCatalogUpdateHandler::AddDefaultPortalToTrustedSites: Catalog Url should be added to the trusted sites zone. UpdateTrustedSites 18/05/2012 1:13:32 PM 14172 (0x375C)
AddDefaultPortalToTrustedSites: url = http://applicationcatalog.yourdomain.com:80, zone = 258 UpdateTrustedSites 18/05/2012 1:13:32 PM 14172 (0x375C)
With the new 2012 App Model, we need to determine which users are primary users of a device. The UserAffinity log will show which users have been added as primary users, and the method for determining the primary user
Auto affinity threshold settings Days = '21', User Minutes = '2880', AutoApproveAffinity = '1'. UserAffinity 18/05/2012 1:12:33 PM 14332 (0x37FC)
No WMI instance. Setting an affinity. UserAffinity 18/05/2012 1:12:45 PM 14332 (0x37FC)
Setting auto affinity for user 'yourdomain\mattshadbolt'. UserAffinity 18/05/2012 1:12:45 PM 14332 (0x37FC)
Successfully sent user affinity state message for user ‘yourdomain\mattshadbolt'. UserAffinity 18/05/2012 1:12:45 PM 14332 (0x37FC)
Successfully saved user affinity data for user ‘yourdomain\mattshadbolt' into WMI. UserAffinity 18/05/2012 1:12:45 PM 14332 (0x37FC)
We can see that AutoApproveAffinity is enabled for any users that have used the machine for anyone using the machine within 21 days, and for 2880 minutes or more.
So that's it! If you find any other logs that weren’t around in 2007, please let me know and I’ll do my best to cover them!
Matt Shadbolt
A list of Knowledge Base Articles and Hotfix information for Configuration Manager 2012 has been published on the Technet Wiki.
This is a living document and will be updated regularly:
http://social.technet.microsoft.com/wiki/contents/articles/9539.list-of-public-microsoft-support-knowledge-base-kb-articles-for-system-center-2012-configuration-manager-configmgr-2012.aspx
I suggest subscribing to the RSS feed and checking it regularly. That way you’ll always have the most up-to-date information:
http://social.technet.microsoft.com/wiki/contents/articles/9539.list-of-public-microsoft-support-knowledge-base-kb-articles-for-system-center-2012-configuration-manager-configmgr-2012/rss.aspx
Note that these are only the publicly published KB articles and Hotfixes. If you’re having specific issues, please contact Premier Support and they can check if there is a private KB article or Hotfix available.
In CM12 we have a number of changes in Software Updates. One of the most anticipated one’s is Auto Deployment Rules.
Yes finally I hear you say….
Well Lets run through creating an Auto Deployment and one little gotcha to keep your eye on.
Software Library > Software Updates > Automatic Deployment Rules
Choose Create Automatic Deployment Rule from the Ribbon or Right click on the mouse.
In the first screen we can choose a Template
(Templates are no longer a node in the console they are now created when creating an Auto Deployment Rule or manually Deploying Updates and are saved at the Summary screen.Ill point this out later in the post)
You can Select to Add to an Existing Software Update Group or Create a new Software Update Group.
If you select Add to an Existing Software Update Group a brand new group will be created the first time the Auto Deployment Rule is run and every time the rule runs after that the new updates are added to that group.
(NOTE You cannot create a software Update group manually and then create an Auto Deployment rule to add new updates to that group. Even if you give it the same name and description the Auto Deployment Rule will still create a new group. See Figure below.The group created at 6:02 pm was done manually. I then ran the Auto Deployment rule at 6:07 pm and you can see that it creates a group with a duplicate name and description.)
If you select Create a new Software Update Group every time the rule is run a new Software Update Group is created.
You can also choose to Enable the deployment after the rule is run.
Here you can choose to use Wake on lan and also decide whether to automatically deploy all updates and approve any license agreements or deploy only updates that do not include license agreements.
This is where you select the requirements to select the updates to auto approve.
Here you can set a Schedule for the Rule to run. Potentially every Patch Tuesday or Daily for Forefront updates.
Or you can run the rule manually.
Similar to CM07 we can set the deployment schedule and whether the Deployment will be Mandatory.
Set the User Experience, deadline behaviour and reboot suppression.
We can now Generate Alerts if the compliance falls below a certain after a certain period of time. As before we can select to disable alerts for Operations Manager.
Set your Deployment options
Either select an existing package or create a new one for the new updates
Select a DP or DP Group
Where to download the updates from
Choose a language
On the Summary screen you can Choose to Save your settings as a Template for future use
We now see the new Rule in the console and we can choose to Run Now from the ribbon.
The log file for troubleshooting is Ruleengine.log
We can see the Auto Deployment Rule is kicked off
Evaluating and downloading updates
Here we see it looking for an existing update group and not finding one therefore creating a new Software Update Group then adding the updates to that Group.
Back to the console.If we select Software Update Groups we now see the newly created Windows 7 Automatic Deployment and the Deployment (Yet to be enabled) on the tab below.
When we select Show Members we can see the updates applied.
and there you have it.