[Randy Xu provides our first Config Manager 2012 beta 2 post]

Background

In many large organizations, network configuration and Active Directory Domain Services are managed separately from Configuration Manager. Changes to the network topology or AD  structure must be communicated between these teams to ensure Configuration Manager boundary settings are accurate.  Up to date boundary information results in efficient application and software update deployments to all managed client computers.  This is especially critical for roaming scenarios, which require boundary information to always be available and up to date.  Now in Configuration Manager 2012 Beta 2, Active Directory Forest Discovery and publishing improvements enable organizations to centrally manage distribution of key site system roles across forests without the requirements to deploy additional sites.

Forest Discovery and Publishing Overview

To improve manageability of an ever-changing network environment, Active Directory Forest Discovery is added in Configuration Manager 2012 Beta 2. With it, Configuration Manager can discover Active Directory forests, their domains, AD Sites and IP subnets. Because domain users (or domain computer accounts) have permission to query forest relationships, Active Directory Forest Discovery can return information about other forests and their trust direction. The system can programmatically connect to all the forests and build a complete mapping of the corporate environment. It can also cross forest boundaries using specific credentials for each forest regardless of the trust type. The information obtained through Active Directory Forest Discovery can be directly exported as boundaries or boundary groups. Changes to discovered data are updated dynamically and aged out from the database if no longer present in Active Directory Domain Services. The discovered data is also used when clients request a management point or distribution point to ensure they receive the best possible site system. 

Credentials specified for each Active Directory forest are used for both discovery and publishing and enable Configuration Manager 2012 sites to publish Configuration Manager site information in remote trusted or untrusted forests. Publishing stores information such as site system locations and capabilities, boundaries, and security information required by client computers to establish trusted connections with site systems and information such as the client's trust relationship with the forest, and the management point's communication mode (HTTPS/HTTP) and the network information (boundaries) that are used to locate the most appropriate management point or distribution point to communicate with. This enables client computers to more readily locate servers in a trusted forest to ensure user targeted applications.

How to use AD Forest Discovery 

1.  Enable Forest Discovery

   Active Directory Forest Discovery is a new discovery method located in the Administration workspace of the Configuration Manager console.  It can be enabled on the central administration site and primary sites.  It is not supported on secondary sites.

    

   To enable Active Directory Forest Discovery, open the Active Directory Forest Discovery method properties dialog, and enable the method by checking "Enable Active Directory Forest Discovery".  Active Directory Forest Discovery discovers AD Sites and IP Subnets from the forests, so there are two more flexible options asking whether you want to create the AD Site or IP Subnet boundaries automatically based on the discovery results. Discovery can be scheduled by hour/day/week. Discovery will automatically create the boundaries, but it will still be necessary for you to add the boundaries to a boundary group and to associate them with a site system to ensure content is available to your clients or the boundaries are used for site assignment. 

    

   Active Directory Forest Discovery can be run on demand by selecting the "Run full discovery now" action from the ribbon or a right-click menu.

    

2. Monitor Forest Discovery Running Status

   Active Directory Forest Discovery progress can be monitored by viewing forest discovery log located in (SMS Installation Directory)\Logs\ADForestDisc.log or by viewing Active Directory Forest Discovery component status messages.  In the Configuration Manager console, click Monitoring, expand System Status, click Component Status, select SMS_AD_Forest_Discovery_Manager, and click Show Messages to see status messages for this component.

   

3. Check Forest Discovery Results and Leverage Them to Create Boundary Groups

   After Active Directory Forest Discovery completes, discovered information can be viewed in the Administration workspace by selecting Active Directory Forests.  Each discovered forest's information and status is listed.  The details pane shows the same information and status.  By default, the Domains tab lists all discovered domains in this forest. If you right-click on one of the available column headers, you can select Functional Level to add this information to the display. The Active Directory Sites tab lists all discovered AD Sites in this forest. The IP Subnets tab lists all discovered IP Subnets.  IP Subnets are associated with each AD Site and retained in the database. Discovery Status includes discovery status and publishing status.  

   From the Active Directory Sites tab, you can select one or more AD Sites and IP Subnets from the detail pane list.  Right-click or use the ribbon actions to add these items to a new or existing boundary group. 

    

4. Discover Additional Forest Resources

   Forests with a trust relationship to the forest containing the site used to perform Active Directory Forest Discovery will be discovered automatically by using the default settings. To use Active Directory Forest Discovery for forests that do not have any trust relationship to the forest containing the site used to perform Active Directory Forest Discovery, add a new Active Directory forest and specify an account that has Read permissions in the forest. 

     

5. Publish Site Information to the Forest

   Forest publishing saves site and site system role information in Active Directory Domain Services.  Forest publishing requires that the target forest AD Schema is extended with Configuration Manager schema extensions and the Active Directory Forest Account has Full Control permissions to the System Container in the Active Directory for that forest.  You can enable forest publishing from the Properties of the forest in Active Directory Forests, by using the "Publish sites to the Active Directory forest" option.  

   The Publishing Status shown in the Active Directory Forests list view is a status summary of all sites in the hierarchy.  The status will show 'Failed' if any sites in the hierarchy failed to publish to the forest.  To view published site information, open Active Directory Users and Computers, connect to a domain controller in the forest, and go to View-> Advanced Features. Site and management point information is published under the System-> System Management node.

Troubleshooting Guide

To troubleshoot problems with forest publishing, check the component status messages for SMS_Hierarchy_Manager and  SMS_Site_Component_Manager on the site performing the publishing.  Each site will publish its information into any forests enabled for publishing.  The hman.log file and sitecomp.log file for each site may also indicate why publishing failed.  Here are the typical reasons for publishing failures.

1. The forest's AD Schema is not extended. To remedy this, run extadsch.exe from the Configuration Manager 2012 source media to extend the schema while you are logged in with an account that has Schema Administrator permissions to the forest.
2. The site server's computer account has insufficient permissions to write into the System Container of the target forest AD. To remedy this, give the site server's computer account Full Control to System Container and all child objects.
3. The specific account used for publishing has insufficient permissions to write into the System Container of the target forest AD. To remedy this, give the specific account Full Control to the System Container and all child objects.
4. Publishing using alternate credentials (a specific account as the Active Directory Forest Account) will only work for a single site. In Beta 2, there is a functional limitation that prevents the account set in one site from being used by another site. To remedy this, connect the Configuration Manager console to the site that cannot publish its information and select the Administration workspace. In the Active Directory Forests node, modify the properties of the Active Directory forest and set the account again. In the Discovery Methods node, run Active Directory Forest Discovery to trigger publishing from that site.
5. Publishing status is a summary of all sites in hierarchy. When publishing status indicates "Failed", verify that each site, including the central administration site, primary sites, and secondary sites, have completed publishing by viewing the sites status messages or log files.

For more information about System Center Configuration Manager 2012, see the Configuration Manager 2012 Documentation Library on TechNet.

 --Randy Xu

This posting is provided "AS IS" with no warranties, and confers no rights.

[Today's post is provided by Chaohao Xu.]

The Windows Automated Installation Kit (AIK) for Windows 7 SP1 is released and can be downloaded from the following location:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0aee2b4b-494b-4adc-b174-33bc62f02c5d

You don't have to upgrade to Windows PE 3.1 to deploy Windows 7 SP1 and Windows Server 2008 R2 SP1. But if you want to upgrade to Windows PE 3.1, this post provides information about how you can do this with your existing Configuration Manager 2007 SP2 site. We also list some known issues that you might encounter when you use Configuration Manager operating system deployment with Windows PE 3.1.

Upgrade Steps:

1. Use the following instructions to upgrade to Windows PE 3.1: from http://go.microsoft.com/fwlink/?LinkId=139690.
2. Add a boot image based on Windows PE 3.1:
   1. In the Configuration Manager console, navigate to Computer Management -> Operating System Deployment -> Boot Images -> Add Boot Images.
   2. Specify the UNC path for the Windows PE 3.1 .wim file and select the image from the WIM file.
   3. Use the wizard to create the x86 and x64 boot images.
3. Update the source of the default boot image to Windows PE 3.1 by running the ExportDefaultBootImage() WMI method:
   1. WMI Namespace is root\sms\site_<site_code>
   2. WMI Object is SMS_BootImagePackage
   3. WMI Method is ExportDefaultBootImage
   4. Parameters:
      • Architecture (x86 or x64)
      • ExportImagePath (\\<site _server>\sms_<site_code>\OSD\boot\i386\boot.wim or \\site_server>\sms_<site_code>\OSD\boot\x64\boot.wim)
      • ImageIndex (1)
        
4. Update the distribution points for the default boot images.

Known Issues:

1. Configuration Manager does not support using Windows PE 3.0 as a boot image after Windows PE 3.1 is upgraded. This means any boot images, including the default boot images, that are based on Windows PE 3.0 cannot be updated in Admin UI anymore. In this scenario, you will see the following error because the Windows PE 3.0 images are not compatible with the optional component (OC) and language packs from Windows PE 3.1:
    
   

   To resolve this problem, update all the boot images to use Windows PE 3.1.

2. Task sequence fails when trying to apply drivers. You might see the following errors logged if task sequence fails to apply drivers.
   
   Failed to find the certificate context.. Cannot find object or property. (Error: 80092004; Source: Windows)
   Failed to initialize the online driver catlog.  Code 0x80092004
   Failed to auto provision drivers.  Code 0x80092004
   Failed to run the action: Apply Device Drivers. Cannot find object or property. (Error: 80092004; Source: Windows)

   This problem is caused by the Configuration Manager 2007 client generating an embedded NULL character into the friendly name for the certificate that is related to the driver apply. To resolve this issue, see KB977203 and run CCMCertFix.exe either before you run the task sequence or add it as a step in the task sequence.

--Chaohao Xu

This posting is provided "AS IS" with no warranties, and confers no rights.

[Today's post comes from Harini Muralidharan]

We are announcing support changes for the following releases.  Please look for these changes to be reflected in the Supported Configuration pages within a few months.

Configuration Manager 2007 SP2, R2 and R3 supports Windows 7 SP1 and Windows Server 2008 R2 SP1:

System Center Configuration Manager 2007 SP2, R2 and R3 now supports the Windows 7 SP1 and Windows Server 2008 R2 SP1 operating systems for client installation.  The Configuration Manager console and branch distribution point are supported on these platforms. Windows Server 2008 R2 SP1 is supported for all core and feature-specific site system roles.

The following software update is required to add Windows 7 SP1 and Windows Server 2008 R2 SP1 to the Supported Platforms list:

• KB 2489044 - Update for System Center Configuration Manager 2007 SP2 to add Windows Server 2008 R2 SP1 and Windows 7 SP1 clients as supported platforms
• KB 977203 - User state migration is unsuccessful on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client

Microsoft Application Virtualization 4.6 SP1 is now supported on Configuration Manager 2007 R2 with Configuration Manager 2007 SP2

System Center Configuration Manager 2007 R2 with System Center Configuration Manager SP2 now supports Microsoft Application Virtualization (App-V) 4.6 SP1 Desktop Client and Client for Remote Desktop Services. This client release enables support for Windows 7 SP1 and Windows Server 2008 R2 SP1.

The following are the limitations and workaround to import App-V packages using Configuration Manager.

Configuration Manager fails to import App-V packages when there is more than one XML in the package folder. App-V Sequencer 4.6 SP1 creates the file Report.xml when creating an App-V package. Configuration Manager expects to find only one xml file in the package folder and will fail when it identifies more than one XML file in the folder. To work around this problem delete the file report.xml manually from the package folder before you import the App-V package.

No software updates are required.

Configuration Manager 2007  SP2, R2 and R3 supports WinPE 3.1

System Center Configuration Manager SP2, R2 and R3 now supports WinPE 3.1 as the boot image used with operating system deployment. WinPE 3.1 is shipped with Windows 7 SP1 as a Windows Automated Installation Kit (WAIK) supplement.

Steps to upgrade to WinPE 3.1 within the existing Configuration Manager Environment and known limitations with Win PE 3.1 can be found here http://blogs.technet.com/b/configmgrteam/archive/2011/03/24/configuration-manager-2007-sp2-and-windows-pe-3-1.aspx 

No software updates are required.

--Harini Muralidharan

This posting is provided "AS IS" with no warranties, and confers no rights.

[Today's post is from Ken Pan]

I am very pleased to inform you that Brad Anderson (Corporate Vice President, Management & Security Division) has just announced the public availability of System Center Configuration Manager 2012 Beta 2 at the day 2 keynote for the Microsoft Management Summit 2011.  This is a huge milestone for the Configuration Manager team.  We started our journey toward Configuration Manager 2012 three years ago with a Billg Thinkweek paper around what "User-Centric Management" really meant, and how we needed to completely rethink the age old problem of, "users X need application Y" as a start.   

Now, we're announcing the feature complete System Center Configuration Manager 2012 Beta 2 that customers can download and evaluate in their labs today and for our TAP customers, start their production deployments. Read the official announcement here.  Below is a list of top-level features that were completed since the release of Beta 1 in May 2010: 

• Application model - uninstall, supersedence, enhanced detection methods
• Compliance settings - create settings from browse experience, user targeting of configuration baselines, in-console monitoring, conflict reporting
• Software updates - in-console monitoring completed, superseded software update support, automatic deployment of software updates on a schedule
• Power management - exclude virtual machines, allow end-user to "opt out"
• Exchange Server connector for mobile devices
• Collections - new include/exclude rules, organizational folders, incremental evaluation
• Console - the ribbon is here!
• Role-based administration - collections as a means to limit an administrative user
• Boundary groups
• More migrated objects (App-V packages, boundaries, metering, Asset Intelligence, inventory MOF files)
• New UI for MOF editing
• Hierarchy - replication monitoring

From a technology perspective, this will be the most significant release of Configuration Manager in its 16 year history.  We've rewritten our core software distribution around a set of user-centric design principles, redesigned our hierarchy model to meet today's and tomorrow's needs, and redesigned both our administrative and end-user experiences.  The most exciting things about building Configuration Manager 2012 have been the customer learnings.  Since our Beta 1 release last May, we've been on the road helping our TAP customers deploy and evaluate Beta 1, we've taken lots of feedback about both quality and functionality, and we have incorporated a lot of those learnings into the Beta 2 release. 

 I would like to thank all our Beta 1 participants and invite all our customers to download and evaluate Beta 2.

You can access more information and download the beta by registering for the Configuration Manager 2012 Open Beta Program on Connect https://connect.microsoft.com/ConfigurationManagervnext/program4346 .

The beta can also be downloaded from the Microsoft Download Center http://www.microsoft.com/downloads/en/details.aspx?FamilyID=4da60258-5e61-4d16-8fae-d3c9fccf56dc&utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center%29#tm. 

You will find the documentation for Configuration Manager 2012 at http://technet.microsoft.com/en-us/library/gg682041.aspx.

 Thanks
--Ken Pan
Product Unit Manager
Configuration Manager Product Group

This posting is provided "AS IS" with no warranties, and confers no rights.

[Today's post is provided by Harini Muralidharan]

We are announcing support changes for the following releases.  Please look for these changes to be reflected in the Supported Configuration pages within a few months.

Configuration Manager 2007 R3 supports Microsoft SQL Server 2008 R2, Microsoft SQL Server 2008 SP2 and Microsoft SQL Server 2005 SP4

System Center Configuration Manager 2007 R3 now supports Microsoft SQL Server 2008 R2, Microsoft SQL Server 2008 SP2 and Microsoft SQL Server 2005 SP4 as a Configuration Manager 2007 site database. System Center Configuration Manager 2007 R3 also supports Microsoft SQL Server 2008 R2, Microsoft SQL Server 2008 SP2 and Microsoft SQL Server 2005 SP4 Reporting Services.

No software updates are required.

Configuration Manager 2007 SP2 supports Microsoft SQL Server 2005 SP4

System Center Configuration Manager 2007 SP2 now supports Microsoft SQL Server 2005 SP4 as a Configuration Manager 2007 site database. System Center Configuration Manager 2007 SP2 also supports Microsoft SQL Server 2005 SP4 Reporting Services.

No software updates are required.

--Harini Muralidharan

This posting is provided "AS IS" with no warranties, and confers no rights.

[We are posting information for virtualization training that may be interesting to our blog audience]

Just one week after Microsoft Management Summit 2011 (MMS), Microsoft Learning will be hosting an exclusive three-day Jump Start class specially tailored for VMware and Microsoft virtualization technology pros.  Registration for "Microsoft Virtualization for VMware Professionals" is open now and will be delivered as a FREE online class on March 29-31, 2010 from 10:00am-4:00pm PDT.

What's the high-level overview?

• This cutting edge course will featureexpert instruction and real-world demonstrations of Hyper-V and brand newreleases from System Center Virtual Machine Manager 2012 Beta (many of which will be announced just one week earlier at MMS). Register Now!
• Day 1 will focus on "Platform" (Hyper-V, virtualization architecture, high availability & clustering)
  • 10:00am - 10:30pm PDT: Virtualization 360 Overview
  • 10:30am - 12:00pm: Microsoft Hyper-V Deployment Options & Architecture
  • 1:00pm - 2:00pm: Differentiating Microsoft and VMware (terminology, etc.)
  • 2:00pm - 4:00pm: High Availability & Clustering
• Day 2 will focus on "Management" (System Center Suite, SCVMM 2012 Beta, Opalis, Private Cloud solutions)
  • 10:00am - 11:00pm PDT: System Center Suite Overview w/ focus on DPM
  • 11:00am - 12:00pm: Virtual Machine Manager 2012 | Part 1
  • 1:00pm - 1:30pm: Virtual Machine Manager 2012 | Part 2
  • 1:30pm - 2:30pm: Automation with System Center Opalis & PowerShell
  • 2:30pm - 4:00pm: Private Cloud Solutions, Architecture & VMM SSP 2.0
• Day 3 will focus on "VDI" (VDI Infrastructure/architecture, v-Alliance, application delivery via VDI)
  • 10:00am - 11:00pm PDT: Virtual Desktop Infrastructure (VDI) Architecture | Part 1
  • 11:00am - 12:00pm: Virtual Desktop Infrastructure (VDI) Architecture | Part 2
  • 1:00pm - 2:30pm: v-Alliance Solution Overview
  • 2:30pm - 4:00pm: Application Delivery for VDI
• Every section will be team-taught by two of the most respected authorities on virtualization technologies: Microsoft Technical Evangelist Symon Perriman and leading Hyper-V, VMware, and XEN infrastructure consultant, Corey Hynes

Who is the target audience for this training?

Suggested prerequisite skills include real-world experience with Windows Server 2008 R2, virtualization and datacenter management. The course is tailored to these types of roles:

• IT Professional
• IT Decision Maker
• Network Administrators & Architects
• Storage/Infrastructure Administrators & Architects

 How do I to register and learn more about this great training opportunity?

• Register: Visit the Registration Page and sign up for all three sessions
• Blog: Learn more from the Microsoft Learning Blog
• Twitter: Here are a few posts you can retweet:
  • Mar. 29-31 "Microsoft #Virtualization for VMware Pros" @SymonPerriman Corey Hynes http://bit.ly/JS-Hyper-V @MSLearning #Hyper-V
  • @SysCtrOpalis Mar. 29-31 "Microsoft #Virtualization for VMware Pros" @SymonPerriman Corey Hynes http://bit.ly/JS-Hyper-V #Hyper-V
  • Learn all the cool new features in Hyper-V & System Center 2012! SCVMM, Self-Service Portal 2.0, http://bit.ly/JS-Hyper-V #Hyper-V #Opalis

What is a "Jump Start" course?
A "Jump Start" course is "team-taught" by two expert instructors in an engaging radio talk show style format.  The idea is to deliver readiness training on strategic and emerging technologies that drive awareness at scale before Microsoft Learning develops mainstream Microsoft Official Courses (MOC) that map to certifications.  All sessions are professionally recorded and distributed through MS Showcase, Channel 9, Zune Marketplace and iTunes for broader reach.

Please join us for this fantastic event!

 -- Symon Perriman
Technical Evangelist
Microsoft System Center

This posting is provided "AS IS" with no warranties, and confers no rights.