[Today's post is provided by Rob Stack]
The Configuration Manager Information Experience (iX) team has just published an update to the Configuration Manager 2007 Quiz Application. The quizzes are a fun way to learn about some of the features in the product. Each quiz contains 10 questions that can be answered Yes or No. Regardless of your answer, the quiz will display the correct solution and provide links to the Configuration Manager online documentation.
This new version of the application includes three new quizzes:
The quizzes are compatible with any computer running Windows XP, Windows Vista or Windows 7 and will download the correct version of Silverlight if it is not installed.
You can now install the quiz application locally or run the new web-based quizzes.
To install a local version of the quiz application, see http://www.microsoft.com/downloads/details.aspx?FamilyID=b9fb478a-ec98-47f2-b31e-57443a8ae88f&DisplayLang=en
To run the quizzes directly from the web, visit http://quizapp.cloudapp.net/configmgr2007.aspx
We hope you enjoy these new quizzes and would love to hear your feedback about them and any of our other content. Contact us by emailing smsdocs@microsoft.com.
-- Rob Stack
This posting is provided "AS IS" with no warranties and confers no rights.
[Today's post comes from Harini Muralidharan]
We are announcing support changes for the following releases. Please look for these changes to be reflected in the Supported Configuration pages within a few months.
Microsoft Application Virtualization 4.6 SP1 is now supported on Configuration Manager 2007 R3 with Configuration Manager 2007 SP2
System Center Configuration Manager 2007 R3 with System Center Configuration Manager SP2 now supports Microsoft Application Virtualization (App-V) 4.6 SP1 Desktop Client and Application Virtualization Client for Remote Desktop Services. This client release enables support for Windows 7 SP1 and Windows Server 2008 R2 SP1.
The following are the limitations and workaround to import App-V packages using Configuration Manager.
Configuration Manager fails to import App-V packages when there is more than one XML in the package folder. App-V Sequencer 4.6 SP1 creates the file Report.xml when creating an App-V package. Configuration Manager expects to find only one xml file in the package folder and will fail when it identifies more than one XML file in the folder. To work around this problem delete the file report.xml manually from the package folder before you import the App-V package.
No software updates are required.
--Harini Muralidharan
This posting is provided "AS IS" with no warranties, and confers no rights.
[Today's post is from the Configuration Manager Writing Team]
The Configuration Manager 2007 documentation library and the Configuration Manager 2012 documentation library have been updated on the web and the latest content has Updated: May 1, 2011 at the top of the topic.
This month’s updates incorporate customer feedback for Configuration Manager 2007, and some new information (and updates) for the prerelease version of Configuration Manager 2012.
We will continue to add more information for Configuration Manager 2012 as we get that information from the product group and in response to customer feedback. At the moment, some topics are published without any content to let you know that they are planned. We also monitor page hits and search results to help us plan when to publish the information. To help you find the right information, use the Configuration Manager 2012 search portal.
Note that we are writing for the released product, rather than for any pre-release version, such as Beta 2. As such, there might be some discrepancies with the pre-release version that you are testing and the documentation.
We value customer feedback and try to incorporate it when possible. Although we can’t promise to make the docs perfect for everybody, we are committed to continual improvement. So, keep that feedback coming, and feel free to contact us about anything related to the documentation by using our usual address of SMSDocs@Microsoft.com.
What's New in the Configuration Manager 2007 Documentation Library for May 2011
The following information lists the topics that contain significant changes since the April 2011 update.
How to Configure the WSUS Web Site to Use SSL
- Updated to clarify that the site must be configured to ignore client certificates.
How to Set Address Schedules
- Updated to clarify that the schedule applies to the site that is sending data and not the destination site. This information is also added to the Sender Address Properties: Schedule Tab.
Computer Client Agent: BITS Tab
- Updated to clarify that when you configure the throttling window start and end time to be the same, BITS throttling is always on.
How to Create a Fallback Status Point in Configuration Manager
- Updated to correct the log file locations.
What's New in the Configuration Manager 2012 Documentation Library for May 2011
The following information lists the topics that contain significant changes since the initial March 2011 publication.
Configuring Software Updates in Configuration Manager 2012
- Updated with more information and restructured to accommodate different hierarchy scenarios.
Configure Sites and the Hierarchy for Configuration Manager 2012
- Now contains procedures for configuring role-based administration. Before you use these procedures, read the corresponding planning topic: Planning for Security in Configuration Manager 2012
How to Create Windows Configuration Items for Compliance Settings in Configuration Manager 2012
- New topic with procedures to create configuration items for Windows clients.
How to Create Configuration Baselines for Compliance Settings in Configuration Manager 2012
- Now contains information about how to create a configuration baseline and configure the new purpose option and use the new change revision option.
How to Enroll Mobile Device Clients in Configuration Manager 2012
- Now contains the steps to enroll mobile devices by using the two new site system roles and PKI certificates.
How to Configure Client Settings in Configuration Manager 2012
- Updated with clarifications for configuring custom client settings for when you want different settings for some computers or users.
About Client Settings in Configuration Manager 2012
- Updated for several settings, such as the Computer Agent settings Application Catalog, Install permissions, Suspend Bitlocker PIN, and Agent extensions manage the deployment of applications and software updates.
Frequently Asked Questions for Configuration Manager 2012
- Updated to include the following questions:
How to Provision and Configure AMT-Based Computers in Configuration Manager 2012
- Now contains the steps to provision and configure AMT-based computers, including preparing Active Directory Domain Services, the PKI certificates, the two site system roles, and the out of band management component.
Example Scenario for Implementing Out of Band Management in Configuration Manager 2012
- Now contains suggested step-by-step instructions for how you might deploy Out of Band Management for AMT-based computers, by using a three-phased approach.
How to Manage AMT-based Computers Out of Band in Configuration Manager 2012
- Now contains procedures for managing AMT-based computers out of band by running the Out of Band Management console, powering off computers, powering on and restarting computers, configuring BIOS settings, and running commands, repair utilities, and diagnostic applications to troubleshoot computers.
How to Monitor Out of Band Management in Configuration Manager 2012
- Now contains procedures for monitoring Out of Band Management activities.
About the AMT Status and Out of Band Management in Configuration Manager 2012
- Now contains information about the AMT status values that you can monitor in the console and in reports, including information about the new value, “Externally Provisioned”.
-- The Configuration Manager Writing Team
[Yvette O’Meally has provided today’s post]
When the Configuration Manager 2007 Asset Intelligence synchronization point first connects to System Center Online, it presents the System Center online authentication certificate to enroll in the service. This is a public certificate that is used by all Configuration Manager 2007 installations. As part of the enrollment process, the service returns a certificate that is specific to that Asset Intelligence synchronization point. This specific certificate is then used for subsequent activity when Asset Intelligence synchronizes with System Center online, for example, when it uploads and downloads software titles.
The public certificate for System Center online authentication was distributed by Microsoft for Configuration Manager 2007 Service Pack 1 and it was automatically installed and configured with Configuration Manager 2007 Service Pack 2. In both cases, this certificate has a validity period of 3 years and an expiration date of 4/25/2011. The expiry date of the specific certificate is based on when it was issued. It has a validity period of 1 year. The validity dates can be viewed in the certificate properties using Certificates MMC Snap-in.
Because the public certificate for System Center online authentication has now expired, it will be rejected by System Center online. The specific per-installation certificates for customers will expire based on when the Asset Intelligence synchronization point first connected to System Center online. Because you cannot automatically renew the specific per-installation certificate when the public certificate for System Center online authentication has expired, you must take manual steps to renew your certificate before it expires. If you do not renew your certificate and it expires, you will no longer be able to synchronize with System Center online.
If both the public certificate and specific certificate have expired you will see the following entries in the AIUpdateSvc.log when the Asset Intelligence synchronization point attempts to renew the specific per-installation certificate.
Asset Intelligence Catalog Sync Service Warning: 0 : Tue, 26 Apr 2011 04:51:58 GMT:WebException trying to enroll: Status = ProtocolErrorAsset Intelligence Catalog Sync Service Error: 0 : Tue, 26 Apr 2011 04:51:58 GMT:Exception attempting sync - The request failed with HTTP status 403: Forbidden.
You may also see a 'Connection Failed - bad certificate' error on the Asset Intelligence home page in the Configuration Manager console as shown below.
To renew your certificates for Asset Intelligence, you must first obtain an updated public certificate for System Center online authentication. When this updated certificate is installed, your specific certificate will automatically renew.
How to Update the Certificates for Asset Intelligence
For additional information about the Asset Intelligence synchronization point, see the following topic in the Configuration Manager 2007 Documentation Library: About the Asset Intelligence Synchronization Point.
-- Yvette O'Meally
[Today’s post is provided by Abraham Wang]
It’s often the case that many customer-reported issues with a Configuration Manager feature are because the Configuration Manager client itself is not working, rather than a problem with the specific feature. However, it’s not always easy for administrators to know that this is the root cause and be able to answer the following questions:
These questions are very important for Configuration Manager administrators. However, in Configuration Manager 2007 and previous versions, it’s not easy to find the answers to these questions. Configuration Manager 2012 addresses this problem with the improved Client Health feature.
Client Health Overview
The Configuration Manager 2012 client runs a scheduled task to evaluate its client health status (by default at mid night) and sends evaluation result to the site server by using state message if there is any change in the evaluation result. If state messages fail to send, FSP (Fallback status point) will be used to deliver the evaluation results. So it is a good idea to deploy FSP in the hierarchy. Otherwise some evaluation results may not be received by site server. The site server summarizes the client health evaluation results and the client activities, and displays these in the Configuration Manager console.
Client Health Data in the Configuration Manager Console
You’ll see the client status data (client health and client activity) in the Monitoring workspace when you click the Client Status node, as shown in the following picture.
Note: This is prerelease UI and is subject to change.
When you click the Client Status node, the results pane displays some statistics and the Recent Alerts section. The statistics have a graphical display of how many clients are healthy, unhealthy or unknown; active or inactive. The Recent Alerts show the alerts that have been generated as a result of meeting defined thresholds for client health and client activity.
If you click different areas of the pie charts, this creates temporary collections for selected areas and the console automatically changes to the Assets and Compliance workspace. For example, if you click the red area in the Client Health pie chart (clients that failed the Client Health checks), this creates a temporary collection for these unhealthy clients that is automatically selected, as shown in the following picture.
In the results pane, when you select a computer, you will see three tabs available in the details pane: Summary, Client Activity Detail and Client Health Detail. The next picture shows example data for the Client Health Detail tab where the computer failed the client health evaluation rule “Verify/Remediate client and client prerequisites installation.” You can use this information as a starting point for more detailed trouble-shooting on the client. In our example, this might involve checking the ccmsetup.log file for errors to help identify the root cause of the problem.
In addition to this information in the Configuration Manager Console, you can also use the Client Health reports. After you have installed and configured a reporting services point role, the Client Health reports are located in the “Client Health” path, as shown in the following picture.
How to Configure Client Health: Client Status Settings
In the Configuration Manager console, in the Monitoring workspace, click the Client Status node. On the ribbon, in the Home tab, you’ll see three buttons for Client Health, as shown in the following picture.
When you click Client Status Settings, you see the Client Status Settings Properties dialog box, as shown in the next picture.
The General tab contains the thresholds settings, such as “Client policy requests” and “Heartbeat discovery”. These thresholds determine if the client is active. For example, when the hardware inventory threshold is set to 7 days and the site server has not received hardware inventory data from a client for more than 7 days, the threshold is reached and the client is considered inactive for hardware inventory. When a client is inactive for all the listed activities, it is considered an inactive client.
The Inactive Clients tab allows you to enable the option for the site server to retrieve the LastLogonTimeStamp data from Active Directory Domain Services. This information indicates whether the computer is still active in Active Directory Domain Services.
How to Configure Client Health: Refresh Client Status and Schedule Client Status Update
Each primary site server runs a SQL stored procedure (CH_UpdateAll) to summarize the client health and client activity information. By default, this runs once a day. The charts in the Client Status node use this summarized information, which means that the charts are not real-time and by default, they have up to a day’s delay.
To see the latest information, click the Refresh Client Status button, which runs the stored procedure. When this finishes, the charts are refreshed with the latest summarized data. You can also configure how often the stored procedure runs by clicking the Schedule Client Status Update button. However, we recommend that you use the default setting for the schedule because the site server performance decreases when the procedure runs too frequently.
How to Configure Client Health: Create Alerts
The Client Health feature is integrated with the alerts that you see in the Configuration Manager console. To configure alerts for Client Health, follow these steps:
1. In the Assets and Compliance workspace, click Device Collections. Right-click the collection for which you want to create alerts, and then click Properties.
2. Click the Alerts tab. Select and configure the options for the client health and activity alerts, and then click OK. An example configuration is shown in the following picture.
After you have configured the alerts for a collection, the alerts that are generated display in the Alerts node in the Monitoring workspace. You will also see the alerts in the Client Status node if the alerts are triggered, as shown in the following picture.
Note that the alerts are based on data from the hierarchy and not just the site. So when an alert is active, it means that the threshold is reached for hierarchy. It’s possible that the threshold is not reached for the primary site that you are currently connected to.
Client Health: Client Component
The Client Health evaluation engine is an executable file named ccmeval.exe, which is installed with the Configuration Manager client and runs on computers. It does not run on mobile devices. When the Configuration Manager client is installed, the install process creates a scheduled task named “Configuration Manager Health Evaluation”. This task runs ccmeval.exe at a time between 12:00 AM and 1:00 AM.
When ccmeval.exe runs, it loads a configuration file named ccmeval.xml. This file contains the Client Health evaluation rules. You can open the file to read the rules but it’s not supported to change this file. If you do so, the evaluation might fail or the site server might reject the evaluation results.
If the computer is powered off or in sleep mode when the scheduled Configuration manager Health Evaluator task is due to run, it automatically runs as soon as it can – for example, when the operating system is loaded or brought out of sleep mode.
Conclusion
The Client Health feature in Configuration Manager 2012 offers some exciting improvements over previous versions, which can help to keep your Configuration Manager hierarchy running smoothly. You can quickly see the Client Health data in the Configuration Manager console by using the pie charts, temporary collections, and alerts. You can also use the reports for more detailed information.
To configure Client Health, configure the Client Status Settings to define the thresholds for client health and client activity. Then configure alerts for the collections. There is nothing to configure on the client; this is done automatically by Configuration Manager when the client is installed.
--Abraham Wang