Unified physical and virtual IT management for midsized businesses
[Correction: The Vista SP1 package will be availabe via the Microsoft Update Catalog - I'll provide a link to the KB article detailing how to import Vista SP1 into Essentials once the article is live!]
Windows Vista SP1 will be released as an update on Microsoft Update (MU) Catalog. The patch is very large and there is a bug in Windows Server 2003 in the WinVerifyTrust API that will cause signing validation to fail.
What this means is that once you approve this update on a System Center Essentials 2007 server on a Windows Server 2003 server, every time the server sync’s from MU it will redownload the package, fail the cert validation, and so the download will fail. The problem will continue until you install the WinVerifyTrust patch on the System Center Essentials server. This patch is a hotfix (not a public GDR), so is not intended to be widely distributed. We recommend it only be installed on the System Center Essentials server itself.
You can obtain this hotfix here:
Windows Server Update Services cannot download large Windows update files in Windows Server 2003http://support.microsoft.com/kb/888303/en-us
This announcement is to alert you that the next version of System Center Essentials Technology Adoption Program (TAP) is now accepting nominations.Do you want to be part of making the next generation of the System Center Essentials product great? If you are a responsible for managing the IT assets and services for a midsized business and have a passion for providing feedback, you could be a great candidate for our Technology Adoption Program (TAP). We view our TAP program as one of the most important investments we make as a product team. We are very selective in which customers we invite to participate and we intend is to partner very closely with you. Our goal is to develop a mutually beneficial and long term relationship with you to enable building the next version of the System Center Essentials product that is designed to meet your needs to the best of our abilities.
For more information and to nominate yourself for the TAP please click this link.Thank you! The System Center Essentials Team.
System Center Essentials 2007 SP1 supports WSUS 3.0 SP1 being upgraded to WSUS 3.0 SP2. Customers who are currently running Essentials 2007 SP1 can upgrade to WSUS 3.0 SP2. For how to download WSUS 3.0 SP2 and the improvements in WSUS 3.0 SP2, please see http://support.microsoft.com/kb/972455.
Q) I currently have Essentials 2007 SP1 installed on Windows Server 2003. Can I upgrade WSUS 3.0 SP1 to WSUS 3.0 SP2?
A) Yes. You can upgrade to WSUS 3.0 SP2, if you have installed Essentials 2007 SP1 on Windows Server 2003 (either 32-bit or 64-bit).
Q) I currently have Essentials 2007 SP1 installed on Windows Server 2008. Can I upgrade WSUS 3.0 SP1 to WSUS 3.0 SP2?
A) Yes. You can upgrade to WSUS 3.0 SP2, if you have installed Essentials 2007 SP1 on Windows Server 2008 (either 32-bit or 64-bit).
Q) I currently have Essentials 2007 SP1 installed on Windows Server 2003 with SQL Server 2005 Express Edition. Can I upgrade WSUS 3.0 SP1 to WSUS 3.0 SP2?
A) Yes. Essentials 2007 SP1 supports upgrading WSUS 3.0 SP1 to WSUS 3.0 SP2 with SQL Server 2005 Express Edition or SQL Server 2005 Standard Edition. This is supported regardless of whether the database is installed on the Essentials management server or installed on a remote computer.
Q) Can I install Essentials 2007 SP1 on a system on which WSUS 3.0 SP2 is already installed?
A) The Essentials product team is investigating this and will be updating this issue in an upcoming blog post
Q: Is Essentials 2007 SP1 supported with SQL Server 2008.
A) No, Essentials 2007 SP1 is not supported with SQL Server 2008. Essentials 2010 will support SQL Server 2008.
We've heard it from you! You've been using WSUS for years and you have been using different Windows Update settings for your clients and servers. Maybe you want your clients to automatically download and install approved updates, but your servers should only download and notify the administrator. Now you can with System Center Essentials 2010 using the same approach you used with WSUS! Check out this excerpt from the Essentials 2010 Operations Guide.
How to Create Custom Update Settings for Client and Server Computers in Essentials
System Center Essentials 2010 uses Group Policy to configure the Windows Update agent to receive updates from the Essentials management server. These settings apply to all computers managed by Essentials unless you create a new Group Policy object (GPO) to customize the update settings. This section provides information about the default Windows Update agent settings and instructions on creating a GPO to apply to a specific group of computers, such as clients or servers, with customized Windows Update settings.
Default Windows Update Agent Settings in Essentials 2010
The default Windows Update settings used by Essentials are shown in the following table.
Windows Update Setting
Configure automatic updates
Configure automatic updating
4 (auto-download and schedule the install)
Scheduled install day
0 (every day)
Scheduled install time
Specify intranet Microsoft Update Service location
Intranet update server
Intranet statistics server
Allow signed content from intranet Microsoft Update service locations
No auto-restart for scheduled Automatic Updates installations
These settings are included in the SCE Managed Computers <management groupname> group policy object.
To customize Windows Update settings using a Group Policy Object
1. Create an Active Directory Group Policy object (GPO) in the same domain as the computers to which you want to apply customized settings. For more information, see “Create a Group Policy Object” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161344).
2. Change the security filtering of the GPO from Authenticated Users to the SCE Managed Computers <management group name> security group. For more information, see “Assign Security Group Filters to the GPO” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161346).
3. Link the Group Policy object to the organization units (OU) containing the computers to which you want to apply the customized Windows Update Agent settings. For more information, see “Link the GPO to the Domain” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161347).
4. Edit the Windows Update Agent settings in the GPO.
5. After the group policy refresh interval has elapsed (every 90 minutes by default, with a random offset of 0 to 30 minutes) the computers with customized Windows Update Agent settings will be configured.
6. If you want to revert back to the original Windows Update settings configured by Essentials 2010, you can delete the customized GPO you created in step 1.
7. If you uninstall Essentials 2010, be sure to delete any customized GPOs you have created.
Supported Customizations to Windows Update Agent Settings in Essentials 2010
The supported customizations to Windows Update settings used by Essentials 2010 are shown in the following table. For more information, see “Configure Automatic Updates by Using Group Policy” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161349).
Supported Customizable Value
Configure Automatic Updates
Configure Automatic Updating
Scheduled Install Day
Scheduled Install Time
Intranet Update Server
Intranet Statistics Server
Enable client-side targeting
Reschedule Automatic Update scheduled installation
Automatic Update detection frequency
Must be less than 24 hours
Allow Automatic Update Immediate Installation
Delay Restart for Scheduled Installations
Re-prompt for Restart with Scheduled Installations
Allow non-Administrators to Receive Update Notifications
Remove Links and Access to Windows Update
Tell us what you think! Please give us feedback in our managed forums on configuring different update settings for managed computer.
With the release of System Center Essentials 2010 and the general excitement around some of the new features like virtualization, some customers are asking about our upgrade/migration story from the previous version.
You read about the 2010 release and are excited about the virtualization features in the new version. You purchase the 2010 version of SCE and run back to your office to do the install. When you launch the install, you see the support for upgrading your existing Essentials 2007 sp1 install. You starting the upgrade process and before long, you have deployed the new version of Essentials.
You go to add the virtualization component and get a message telling you that your x86 system does not support this component. Luckily you have another server that does meet the system requirements for the Essentials 2010 virtualization component… but you don’t want to lose all the data you have on your existing Essentials server… you just need better hardware and a newer OS.
We have anticipated this scenario and have provided a solution in the resource kit that can be leveraged to solve this issue. In the resource kit, there is a tool called MigrationAdvisor.exe. The migration advisor is a wizard which will allow you to migrate your existing Essentials 2010 data from one server to another server with the same FQDN. Here is how it works.
Things You will need
First you install the resource kit on your existing server. The steps for that are:
Now that you have the migration advisor up and running, you will see the following screen:
Choose the “Migrate Essentials 2010 to another server” radio button. On the next screen, you will need to provide a location for the backup files and a password used to secure your rmsbackup and certs.
Make sure the location has plenty of free space as all your Sce data will be stored there. I would suggest using a Network location as you will not have access to the old Sce server during the migration restore phase (hit the browse button to change the location). Make sure you have write access to the location you select.
Now your ready to start the backup. Hit the begin button and wait for successful completion of the backup as seen below. (This will take a few min. depending on the amount of data on your server.)
Congrats, your halfway through the process…
The Tricky Part
The next thing you need to do is decommission your existing server. Since the migration of essentials is ONLY supported onto another server with EXACTLY the same FQDN, you have a couple of choices.
A. Uninstall Essentials from your existing server and then change that servers FQDN to another name so that it will not conflict with the new Essentials server.
B. Shut the Essentials server down and then format the disk and use the hardware to create a different machine on your network later.
Once the old Essentials server has been removed from the domain, you will need to add a new server to your domain with EXACTLY the same name as your original Essentials server. This is the server with the hardware and OS that can support the Virtualization component of Essentials 2010.
Having EXACTLY the same FQDN is important… if the FQDN is not the same as the previous machine, you will not be able to successfully migrate your previous Essentials data to this machine using the MigrationAdvisor.exe.
The next step is to install Essentials 2010, using the same settings components and account information as your previous install
Selecting the same components it very important as the MigrationAdvisor will not allow you to migrate your data to the new machine if the component settings do not match. For example, if you do not have Virtualization on the box you are migrating from, don’t install it on the new box (you will add it using the ARP after the migration is complete).
Once the install is complete you will need to close the installation wizard. Do not run the configuration wizard as your settings will be configured by the migrationadvisor as it restores your existing data.
Now you need to install the resource kit tools on this server and launch the migrationadvisor. This can be done following the same steps you did to install the resource kit tools on your previous Essentials server (see the top of this document).
Now you need to choose the “Restore Essentials 2010 from a complete Essentials backup” option then hit next.
Then you need to provide the storage location you used during the migration step and the password you used during the backup, and hit begin.
The Migration Advisor will begin processing….
A few minutes later (on my server which had very little data, the restore took about 10 minutes to finish), the wizard will finish.
Now you should have a working Sce server with your original data.
AEM settings are not preserved so if you were using AEM, you will need to go into the console and enable it again.
At this point, if you want the virtualization component, you will be able to install it by running the setup wizard again and choosing to add the Virtualization component. Then you can begin deploying and managing your virtual machines. Enjoy.