[Today's post is from the Configuration Manager Writing Team]
The Configuration Manager 2012 documentation library has been updated on the web and the latest content has Updated: August 1, 2011 at the top of the topic.
There are no significant updates for the Configuration Manager 2007 documentation library this month.
We will continue to add more information for Configuration Manager 2012 as we get that information from the product group and in response to customer feedback. At the moment, some topics are published without any content to let you know that it’s planned. We also monitor page hits and search results to help us plan when to publish the information. To help you find the right information, use the Configuration Manager 2012 search portal.
Note that we are writing for the released product, rather than for any pre-release version, such as Beta 2. As such, there might be some discrepancies with the pre-release version that you are testing and the documentation.
We value customer feedback and try to incorporate it when possible. Although we can’t promise to make the docs perfect for everybody, we are committed to continual improvement. So, keep that feedback coming, and feel free to contact us about anything related to the documentation by using our usual address of SMSDocs@Microsoft.com.
What's New in the Configuration Manager 2012 Documentation Library for August 2011
The following information lists the topics that contain significant changes since the July 2011 update.
What’s New in Configuration Manager
- Updated for various sections, including the information that the functionality of the server locator point is moved to the management point, changes to certificates and cryptographic controls, and information about support for mobile devices that were supported with Configuration Manager 2007 (now referred to as mobile device legacy clients).
PKI Certificate Requirements for Configuration Manager
- Updated for information about the server-to-server certificates and the information that many certificates now support SHA-2.
Planning for Site Systems in Configuration Manager
- Updated for database servers and custom websites.
Planning for Security in Configuration Manager
- Updated for planning information about certificates, and for signing and encryption.
Planning for Communications in Configuration Manager
- Updated for the Planning for Client Communication in Configuration Manager 2012 section, to include information about approval and waking up clients. Added a new section: Planning for Internet-Based Client Management.
Configuring Security for Configuration Manager
- New topic for how to configure certificate-related options, and signing and encryption.
Configuring Site Components in Configuration Manager
- New topic that contains configuration details for the component properties.
Technical Reference for Cryptographic Controls Used in Configuration Manager
- New topic that explains the security-related implementations in Configuration Manager 2012.
How to Manage Mobile Devices by Using the Exchange Server Connector in Configuration Manager
- Updated for information about how to manage mobile devices without installing the Configuration Manager client on them.
How to Manage Clients in Configuration Manager
- Updated for information about the various methods for managing clients after they are installed.
How to Manage AMT Provisioning Information in Configuration Manager
- Updated the procedure How to Remove AMT Information, with additional information about when to use the AMT Provisioning Removal Account.
AMT Provisioning Process for Out of Band Management in Configuration Manager
- Updated the technical reference topic with the flow of events that occur when Configuration Manager provisions a client for Intel AMT, so that the computer can be managed out of band.
Security and Privacy for Out of Band Management in Configuration Manager
- Updated for security best practices, security issues, and privacy information.
How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager
- Updated for information about how to configure settings for the mobile devices that you enroll by using Configuration Manager 2012.
Asset Intelligence in Configuration Manager
- This section is updated for the following topics:
-- The Configuration Manager Writing Team
This posting is provided "AS IS" with no warranties and confers no rights.
[Brian Huneycutt has contributed today’s article]
Configuration Manager 2007 can operate successfully in a wide variety of network environments. However, there are still some factors to consider in regards to planning the location of site systems. This is of particular importance for those that Site Component Manager watches, such as a management point or state migration point.
Understanding Configuration Manager Sites is a core document that contains a section on site system connectivity.
“Sites are typically configured so that the clients and site systems have fast connectivity with each other, usually local area network (LAN) speed.”
In the same document is a section on intra-site communications that covers the following.
“When Configuration Manager 2007 components that are within the site boundaries communicate with each other, they use either server message block (SMB), HTTP, or HTTPS, depending on various site configuration choices you make. Because all of these communications are unmanaged—that is, they happen at any time with no consideration for bandwidth consumption—it is beneficial to make sure these site elements have fast communication channels.”
One thing that we do not specifically mention is network latency. Our guidance operates under the assumption that part of a fast communication channel is not only high speed, but low latency as well. We recently had a customer report some issues in a high latency environment so we wanted to share how the symptoms can appear.
Attempts to install, alter, or even uninstall managed site systems (management points and PXE service points for example) in a high latency environment may fail. The key to diagnosing issues related to latency lies in reviewing the time stamps in the log files. If polling operations take several seconds to complete and later timeout then latency is likely too high. Here is an example taken from the sitecomp.log file of a site server where there was an attempt to uninstall a state migration point:
//Starting bootstrap operations... 3/27/2011 12:25:50 PMInstalled service SMS_SERVER_BOOTSTRAP_SITESERVER. 3/27/2011 12:26:18 PMStarting service SMS_SERVER_BOOTSTRAP_SITESERVER with command-line arguments "CP3 D:\SMS /deletefile \\REMOTESERVER\D$\SMS\bin\i386\_@1815.tmp"... 3/27/2011 12:26:29 PMCould not start service SMS_SERVER_BOOTSTRAP_SITESERVER. The operating system reported error 997: Overlapped I/O operation is in progress. 3/27/2011 12:59:21 PM //
Notice the delays between operations. All of these are typically a second or two apart. Instead, we have 28 seconds, 11 seconds, and an eventual timeout a little over 30 minutes later. A network trace taken at the same time should illustrate lengthy delays between calls to check the status of the service. Ultimately, this is too much latency for successful management of a remote site system.
If improving network conditions is not possible in these scenarios, the next recourse is to put a new dedicated site on the same end of the high latency connection. This way intra-site communications can happen properly; the local segment should be low latency, and the remote connection uses the LAN Sender component between sites, which is much more tolerant of latency.
--Brian Huneycutt
This posting is provided "AS IS" with no warranties, and confers no rights.