Unified physical and virtual IT management for midsized businesses
During Essentials installation, Setup creates a number of log files in the %localAppData%\SCE\Logs folder:
To help identify installation issues, the Essentials Resource Kit includes a log parsing tool, SetupLogParser.exe. SetupLogParser can parse both the managed bootstrapper log file (SCESetupWizard.log) and the Essentials Windows Installer log file (SCEMSI.log).
Start the log parser tool by double-clicking SetupLogParser.exe in the Resource Kit installation folder. On the File menu, click Open to load a log file, as shown:
In the Open dialog box, select a log file:
Click Open to load the selected log file. SetupLogParser will check the contents of the log file to verify that the contents are in the correct format for either the managed bootstrapper file or the Essentials Windows Installer log. If SetupLogParser cannot validate that the file contains data in a recognized log file format it will show error message:
If the content of the file is in one of the supported log file formats, the program will show a progress window:
After the parsing and conversion is completed, SetupLogParser reads the log file and creates a report, as shown:
Possible issues Essentials Setup encountered during installation will be shown in red:
SetupLogParser does not offer an explanation of possible reasons for failure, but in many cases the log message itself is self-explanatory.
For example, Setup will fail if a pending reboot request is detected:
In the case of the Essentials Windows Installer log, the failure of a custom action does not always cause Setup as a whole to fail. In this case, the log contains a record in green informing you that Windows Installer converted an error result to a success result:
For large Essentials Windows Installer log files, the time that it takes to generate a report can be a few minutes or more. To avoid the time required to generate the report again from the same log files at a later time, you can save the generated report. To save the report, on the File menu, click Save As:
In the Save As dialog box, select XAML files (.xaml) in the Save as type: list, and then click Save:
To open previously saved report, on the File menu, click Open. In the Files of type: list, select XAML files (.xaml) and click Open:
SetupLogParser converts text log file to XML format before generating a report. If you want to use the log file information in some other application, you might want to save the XML version of the log file. However, the SetupLogParser tool does not support loading XML log files.
To save the log file in XML format, on the File menu, click Save As, select XML files (.xml) in the Files of type: list, and then click Open:
Here is a sample tour through one of the log files generated during Essentials Setup testing. The report contains a header for the main Setup log file:
Next, you will see the various report sections, examples of which are included here.
Here is an example that shows the date and time when installation started and command line that was used to start the installation.
This reports that User CHOCOLATE\testAdmin started the installation of OEM English version of System Center Essentials on computer SCETEST015D. Local system is 64-bit Windows NT 6.1.7600.0.
This reports that Windows Update is not installed on local computer, and that neither Essentials 2007 nor 2010 are installed in the local domain.
You will see an entry like this when Setup successfully ran Windows Update prerequisites check.
Here is an example of an error: The database check failed. The local ESSENTIALS instance of SQL Server already has a System Center Essentials database.
This prerequisite check generated a warning message. Warning messages will not block Setup.
This lists successfully passed prerequisite checks.
In this example, the user cancelled the installation.
Here is a possible reason why the user cancelled Setup.
Sometimes, failed prerequisite is not really a problem, just an indication that one of the required prerequisites is not installed. In this case, “Failed prerequisites” section will follow with “Prerequisites passed with choices” and “Prerequisites selected for installation”:
In this example, Setup could not find any instance of SQL Server.
In this example, Setup has offered to install SQL Server 2008 SP1 Express Edition on the local computer.
In this example, the user opted to install SQL Server 2008 SP1 Express Edition on the local computer.
Setup successfully installed SQL Server 2008 SP1 Express on the local system.
In this example, Setup successfully installed System Center Essentials.
This entry indicates that Setup successfully installed Windows Update.
In this example, the System Center Essentials Setup program failed. The Setup logs include Windows Installer process log entries.
Here is one of the log files generated during Essentials Setup testing:
This is a header for Essentials Windows Installer log report. The log entries begin with the date and time when installation started and command line used to start the installation.
In this example, an error has been reported. The entry Action: INSTALL starts the initial phase of the Windows Installer process. During the initial phase, the installer collects information about the local computer and prepares the installer for the deferred phase. No changes to the local computer are made during the initial phase. The result shown is the overall installation result. Actions in the initial installation phase start with word “Action”. All properties set or modified by the custom action are shown. For example, the WindowsFolder.F0DF3458_A845_11D3_8D0A_0050046416B9 custom action set the property WindowsFolder.F0DF3458_A845_11D3_8D0A_0050046416B9 to a string value “E:\WINNT\”.
The entry Action: InstallFinalize represents the start of the deferred phase of the Windows installer process. During deferred phase Windows Installer is making changes to the local computer, such as copying or deleting files, creating or removing registry keys and values, and so on.
The result for the InstallFinalize action shows the overall result of the deferred phase.
Here is an error example: the _CreateDatabase custom action failed to create the database.
Here is an example of a failed installation: The installation failed with an error code of 1603. The description for error code 1603 is “Fatal error during installation,” which is a common error when Setup fails because of one of the custom actions failed.
For a complete list of Windows Installer error codes, see the following Knowledge Base article: http://support.microsoft.com/kb/229683.
Essentials 2010 uses a certificate for signing locally published content. The released version of System Center Essentials 2010 is designed to use an updated type of certificate. Use the UpdatePublisherCert.exe tool to replace the existing certificate with a new certificate.
The UpdatePublisherCert.exe tool performs the following tasks:
1. Save the current policy configuration
2. Uninstall the current policy
3. Delete certificates from the certificate store
4. Delete certificates from the system
5. Reconfigure the policy and generate new certificates
6. Resign all locally published software and update packages.
Essentials will automatically push out the new certificates to all the managed computers if Essentials is configured to use domain policy. If you have one or more workgroup joined computers managed by Essentials 2007 or Essentials 2010 it will be necessary to manually update the certificate on workgroup joined computers using the instructions in the Deployment Guide. http://technet.microsoft.com/en-us/library/cc339469.aspx
Who should use this tool:
Use the UpdatePublisher.exe tool if one of the following conditions apply:
· You are currently using System Center Essentials 2007
· You are upgrading from Essentials 2007 to Essentials 2010
· You are installing Essentials 2010 RTM, after installing and uninstalling Essentials 2010 Beta or RC (uninstalling Essentials 2010 Beta or RC does not remove the certificate)
Using UpdatePublisherCert.exe
UpdatePublisherCert.exe is a command-line tool that replaces the certificate used for signing locally published content and resigns all locally published content with the new certificate.
1. Open a Command Prompt window with Administrator rights.
2. Run UpdatePublisherCert.exe (there are no command-line-parameters).
Figure 1. Running UpdatePublisherCert.exe from a command line.
With the release of System Center Essentials 2010 and the general excitement around some of the new features like virtualization, some customers are asking about our upgrade/migration story from the previous version.
SCENARIO
You read about the 2010 release and are excited about the virtualization features in the new version. You purchase the 2010 version of SCE and run back to your office to do the install. When you launch the install, you see the support for upgrading your existing Essentials 2007 sp1 install. You starting the upgrade process and before long, you have deployed the new version of Essentials.
You go to add the virtualization component and get a message telling you that your x86 system does not support this component. Luckily you have another server that does meet the system requirements for the Essentials 2010 virtualization component… but you don’t want to lose all the data you have on your existing Essentials server… you just need better hardware and a newer OS.
We have anticipated this scenario and have provided a solution in the resource kit that can be leveraged to solve this issue. In the resource kit, there is a tool called MigrationAdvisor.exe. The migration advisor is a wizard which will allow you to migrate your existing Essentials 2010 data from one server to another server with the same FQDN. Here is how it works.
Things You will need
First you install the resource kit on your existing server. The steps for that are:
Now that you have the migration advisor up and running, you will see the following screen:
Choose the “Migrate Essentials 2010 to another server” radio button. On the next screen, you will need to provide a location for the backup files and a password used to secure your rmsbackup and certs.
Make sure the location has plenty of free space as all your Sce data will be stored there. I would suggest using a Network location as you will not have access to the old Sce server during the migration restore phase (hit the browse button to change the location). Make sure you have write access to the location you select.
Now your ready to start the backup. Hit the begin button and wait for successful completion of the backup as seen below. (This will take a few min. depending on the amount of data on your server.)
Congrats, your halfway through the process…
The Tricky Part
The next thing you need to do is decommission your existing server. Since the migration of essentials is ONLY supported onto another server with EXACTLY the same FQDN, you have a couple of choices.
You could:
A. Uninstall Essentials from your existing server and then change that servers FQDN to another name so that it will not conflict with the new Essentials server.
Or
B. Shut the Essentials server down and then format the disk and use the hardware to create a different machine on your network later.
Once the old Essentials server has been removed from the domain, you will need to add a new server to your domain with EXACTLY the same name as your original Essentials server. This is the server with the hardware and OS that can support the Virtualization component of Essentials 2010.
Important Note
Having EXACTLY the same FQDN is important… if the FQDN is not the same as the previous machine, you will not be able to successfully migrate your previous Essentials data to this machine using the MigrationAdvisor.exe.
The next step is to install Essentials 2010, using the same settings components and account information as your previous install
Selecting the same components it very important as the MigrationAdvisor will not allow you to migrate your data to the new machine if the component settings do not match. For example, if you do not have Virtualization on the box you are migrating from, don’t install it on the new box (you will add it using the ARP after the migration is complete).
Once the install is complete you will need to close the installation wizard. Do not run the configuration wizard as your settings will be configured by the migrationadvisor as it restores your existing data.
Now you need to install the resource kit tools on this server and launch the migrationadvisor. This can be done following the same steps you did to install the resource kit tools on your previous Essentials server (see the top of this document).
Now you need to choose the “Restore Essentials 2010 from a complete Essentials backup” option then hit next.
Then you need to provide the storage location you used during the migration step and the password you used during the backup, and hit begin.
The Migration Advisor will begin processing….
A few minutes later (on my server which had very little data, the restore took about 10 minutes to finish), the wizard will finish.
Now you should have a working Sce server with your original data.
AEM settings are not preserved so if you were using AEM, you will need to go into the console and enable it again.
At this point, if you want the virtualization component, you will be able to install it by running the setup wizard again and choosing to add the Virtualization component. Then you can begin deploying and managing your virtual machines. Enjoy.
So, you got your copy of System Center Essentials 2010 installed, you’ve run through your initial configuration, and now want to try out this virtualization thing.
This post will guide you through creating and configuring your first virtual machine, and is designed for someone not at all familiar with virtualization. Upcoming entries will target customers more experienced with the technologies, and will demonstrate the value SCE2010 provides for those customers.
But first…
So what is this virtualization thing, anyway, and why should I care?
At its simplest, virtualization is running a software-based computer inside a hardware-based one. The software emulates the hardware. That’s it, really. A virtual machine (VM) allows you to split your hardware into self-contained silos, and easily manage the number and performance characteristics of these silos. The net result is higher resource utilization of your hardware, as well as ancillary benefits like ease of backup, snapshotting, etc.
There’s a lot of literature on the benefits of virtualization on the net, for example http://www.itworld.com/nls_windowsserver050411. But this post is not about explaining why virtualize. It’s meant to be address the how, utilizing SCE2010.
Ok, I’m convinced. Let’s get a VM going!
The first thing you want to do to get a VM running is to provision a host. A host is the hardware box that’s going to be running your software VM, and provisioning means installing the virtualization software on that box.
Note that although you can certainly provision the SCE Server itself as a host, it’s not recommended. Typically in order to provide predictable performance a VM host should be a dedicated, and a fairly beefy, machine. (The machine must run one of the Windows Server OSes – Win2k3 or Win2k8. Naturally you will have access to more features, e.g. live migration, on a Win2k8 box) For the purpose of this paper we’ll assume that you have one available.
So, the first thing you want to do is get SCE to manage that beefy machine. To do this you want to add it to SCE’s list of managed machines, through the “Add New Computers And Devices wizard.” (Tasks->Computer Groups->Add New Computers And Devices in the Computers area of the SCE console.)
A few minutes after you add the machine you should see the following view. (in this example “eugenepo-smx3 is the SCE server, and eugenepo-smx1 is our host-to-be.)
Don’t worry too much about the Status fields – those take a little longer to populate correctly. Notice though that the machine must appear in the “All Windows Servers” group before you can go on to the next step. (and this might take 10-15 minutes.)
Great, we’ve got our machine added. Now we have to designate it as a host. To do this run the Tasks->Computer Group->Designate a Host wizard. Most of the wizard should be fairly straightforward… until you get to Virtual Networks.
There are three reasons why you may encounter the “Configure Virtual Network” screen:
1. Your new host is connected to the network through a static IP address, and does not have a network location set.
2. Your new host has more than one NIC card.
3. Your new host is part of a cluster. (advanced topic)
For this entry we will focus on the first and second scenario.
This screen lists the NIC cards found on the designated host (and yes, at this point the machine is already designated as a host… if you were to cancel out of the wizard at this point you’d have a host with no virtual networks configured), and asks you to provide a network location for each NIC.
Simply put, what you want is to enter the networks that your physical machine is connected to. The entries you make here will later be shown when you choose what network to connect your virtual machine to. So let’s say that my second NIC is also connected to contoso.com, but through a static IP. In this case I would simply enter “contoso.com”, or pick it from the dropdown.
Note also the “Do not configure” option in the dropdown. This option would keep that NIC card from ever being used by a virtual machine. You may want to do this if you want to keep a clear communications channel to your host machine. (Clear as in not congested with VM-based traffic.)
This option also has meaning for advanced users. Say you have been using this machine as a host already, through Hyper-V, and have configured a virtual network for this NIC. Selecting “Do Not Configure” would leave that virtual network intact. Note, however, that if that virtual network is bound to a NIC using a static IP address, and thus had no intrinsic network location set, this network would not be available in SCE during VM creation. If you were, however, to type in a location, all that would happen is SCE would update the VN’s location property (not a Hyper-V property, by the way – this property is only exposed through VMM), allowing this network to be used inside SCE.
Note that the wizard will not let you proceed until you fill out network location names or hit “Do not configure” for all NICs on this screen.
Wohoo, now we’ve got us a host. All that’s left now is to create a Virtual Machine to run on it!
Go ahead and launch the “New Virtual Machine” wizard at Tasks->Computer Group->New Virtual Machine.
Here’s where the beauty of virtualization really shows through. On this screen you are meant to assign what resources your new machine will be using – how many processors, how much RAM, etc. To that end SCE provides you with three common-scenario templates (accessible via the Templates combo box), or you can edit these values manually by hitting the “Change Properties” dialog.
Note the network locations dropdown. This is populated, as I mentioned above, directly based on choices made during the “Designate Host” wizard’s “Network Configuration” dialog. (Or, if you had just one NIC card that used a dynamic IP, SCE got the virtual network name for you automatically there.)
Note that SCE uses dynamically expanding virtual hard disks, and the disk size you specify here is the maximum size these disks can grow to. So the .vhd files that represent these virtual hard disks will only take up as much space as there’s actual data on the virtual hard disk.
Ok, so back to the New VM wizard. Assuming you’ve made your selections in the Properties dialog, the next screen allows you to choose how you’re going to get an OS on this new virtual machine. Remember, when a VM is first created it’s just like a brand new box – empty disk drives. SCE presents three options of getting an OS installed: a PXE boot (booting from network), a DVD boot (by inserting an OS DVD into your host machine), or ISO image boot, which starts out grayed out because in your brand new SCE installation you do not yet have any ISOs.
This might be a good time to briefly discuss the SCE VMM library. When SCE is installed it creates a folder <install drive>:\SCE\Virtual Machine Library that contains all of the common .iso files, and .vhd template files in your SCE installation. So if you had a, say, Win2k8 ISO sitting around, all you have to do is drop that puppy into this folder and click on the “Refresh Library” button to have it be available during VM creation.
Short of VHD templates (which we will cover in subsequent posts), and assuming your network doesn’t have a PXE boot server, ISO boot is the easiest way of getting an OS onto your VM – you don’t need to sneaker-net the OS DVD onto the host box.
But for the sake of this walkthrough, let’s say you actually do pop that DVD into the host, and select “Install from DVD”. The next screen shows us the host we’ve designated, along with its compatibility rating.
But what’s this? “Not Compatible”?? Let’s look below for an explanation. Aha, the machine I’ve chosen for this walkthrough is actually not all that beefy (or is being utilized for other tasks), and the amount of RAM I’ve chosen for my new VM exceeds the amount of RAM available on the host. In general, when you see “Not Compatible” on a host, the text box below will give you enough information to take the action necessary to bring the host into compatibility. In this case I will simply go back to VM Properties dialog on the first screen, and adjust the VM RAM to 1GB.
And after that’s done, voila:
The next screen asks for a name for this new VM, and a description of what it’s for. This information is meant to be useful for you later on, when you have a couple dozen of these and need to remember what workloads they’re carrying. We recommend having the same VM name as the computer name you’re planning to use for that VM – that’ll make it easier to identify the VM.
The next screen is simply a summary and once I hit the Create button my new virtual machine is now created!
At this point a dialog pops up prompting us with steps required to get this machine up and running, and managed by SCE:
Note the Operating System Source – I had selected “network boot” instead of “DVD boot” by mistake… but that’s ok, we can still do a DVD boot – let me show you how.
First let’s go ahead and close this dialog. That’s ok, we can get it back later.
Let’s switch over to the “All Virtual Machines” node in the left-hand treeview. Your new virtual machine should be listed there, along with a red bang.
Notice the yellow band in the details pane. Clicking on that will bring up the Manage VM dialog. You can also get back to it through Tasks-><VM Name>->Configure Virtual Machine.
But for now, we want to set this VM to boot from DVD. Let’s go ahead and double-click on the VM in the grid. This should bring up a Properties dialog:
This dialog allows you to control the properties of the VM you specified during VM creation.
Let’s navigate over to the CD/DVD drives tab, and set the VM to use the host’s CD/DVD drive:
After clicking OK our VM is now ready to boot from DVD. Let’s bring up that Configure Virtual Machine dialog once again, and run through the steps.
Install Operating System should be taken care of, but you want to wait until the OS is finished installing, and you’ve logged into the machine, before trying the second and third steps. If you click on the “Install Operating System” link SCE will pop up a console connection to the virtual machine. This is certainly useful for doing any manually installation steps needed to get the OS installed. You can also get to this window from Tasks-><VM Name>->Connect to Virtual Machine.
Virtual Guest Services, the second step, installs a small client inside your virtual machine that allows it to better make use of host server hardware resources, effectively greatly speeding up the VM. It is also required for the VM to be managed by SCE.
The third step, “Add new virtual machine to management” simply launches the “Add New Computers And Devices” wizard we’ve already seen in the beginning of this walkthrough. You can then specify the VM computer name, and add it just as you did the physical host box earlier. Now that the VM is added to SCE, it can be managed right alongside your physical computers in the All Windows Computers view.
And that concludes our beginner walkthrough. At this point you have your first Virtual Machine. More advanced topics, such as snapshotting, migration, Pause/Save, etc, will be covered in later posts.
Update Management Maintenance is a new feature in System Center Essentials 2010. Together with Automatic Selection of the product categories, Update Management Maintenance feature provides IT generalists with a seamless low cost update management solution
(See below for the details on how it works better with Automatic Selection feature)
What is Update Management Maintenance?
With Update Management Maintenance in Essentials 2010 you can configure maintenance tasks to remove updates that are no longer needed from the Essentials management server. You can also schedule those maintenance tasks to run at a specific time.
Figure 1 - Update Management Maintenance Settings
The following maintenance tasks are available:
1. Scheduled maintenance—maintenance can be configured to run weekly, every 2 weeks, monthly, or every 3 months. The task can also be set to run at a specific time of day.
2. Database maintenance—re-indexing and defragmenting the updates database improves database performance.
Updates maintenance
3. Update cancelled or renewed subscriptions
a. Decline unneeded updates. This task does the following cleanups:
i. Delete expired updates that have not been approved for 30 days or more, and delete older update revisions that have not been approved for 30 days or more.
ii. Delete update files that are not needed by other updates.
iii. Decline updates that are not approved and have been expired by Microsoft.
iv. Decline updates that have not been approved for 30 days or more, are not currently needed by any clients, and are superseded by an approved update.
4. Update cancelled or renewed subscriptions
This task declines updates for inactive subscriptions. This is powerful if it is used together with Automatic Selection feature. See below for the details on how it works better with Automatic Selection feature
How do I open Update Management Maintenance Settings?
1. To open Update Management Maintenance settings from the Updates workspace, click the Updates button on the lower left corner of the Essentials 2010 console, and then click Configure Windows Server Update Services Maintenance in the Tasks list.
2. To open Update Management Maintenance settings from the Administration space, click the Administration button on the lower left corner of the Essentials 2010 console. Click Settings and then under Update Management, double-click Maintenance.
Figure 2 - Update Management Settings, Administration Pane
How can I take advantage of these features?
The maintenance tasks can be scheduled to run automatically or to run on demand.
To schedule tasks:
1. In the Update Management Settings - Maintenance window, select the Schedule maintenance check box.
2. In the Every box, select the maintenance frequency, and in the Start box, select a time for the maintenance tasks to start. 3:00 a.m. is selected by default.
3. To save your changes, click Apply or OK.
To run the tasks on demand:
Click the Re-index Now button to re-index the database immediately. Click the Decline Now button to immediately decline unneeded updates, and click the Update Now button to immediately update cancelled or renewed subscriptions. These buttons are not enabled if the Schedule maintenance check box is not selected.
How is Update Management Maintenance "better” together with automatically selected product updates?
Auto-Select is a new feature in Essentials 2010. For more information about Auto-Select, please read this article. (http://blogs.technet.com/systemcenteressentials/archive/2010/03/18/automatic-selection-of-product-categories-in-system-center-essentials-2010.aspx) Update Management Maintenance is designed to work closely with Auto-Select to provide you with a seamless Update Management experience.
For example, Chris, the IT administrator of an environment which currently consists of Windows XP and Windows Vista machines, has configured Essentials 2010 to receive updates for just these two operating systems.
Chris has just ordered new machines, which come with Windows 7 operating systems installed. After the machines have been discovered by Essentials, and assuming that Auto-Select is enabled, the Windows 7 product category is automatically selected and the Essentials server receives Windows 7 updates.
Three months later, Chris starts to retire all the old Windows XP machines. He removes the machines from the managed computer group. Auto-Select kicks in and determines that there are no longer any Windows XP machines in his environment and automatically clears the Windows XP category from the product selection
If the Update cancelled or renewed subscription maintenance task is scheduled, Essentials 2010 will go through all the updates that currently exist on the Essentials management server and decline all the updates that are marked as Windows XP-related. The physical files of the declined updates will be deleted by the Decline unneeded updates maintenance task.