WSUS 3.0 SP2 was released last week and it can be downloaded here.
WSUS 3.0 SP2 includes the following improvements:
New Windows Server and client version support - Integration with Windows Server 2008 R2
- Support for the BranchCache feature on Windows Server 2008 R2
- Support for Windows 7 clients
WSUS feature improvements - Auto-Approval Rules: Auto-approval rules now include the ability to specify the approval deadline date and time for all computers or specific computer groups.
- Update Files and Languages: Improved handling of language selection for downstream servers includes a new warning dialog that appears when you decide to download updates only for specified languages.
- Easy Upgrade: WSUS 3.0 SP2 can be installed as an in-place upgrade from earlier versions of WSUS and preserves all settings and approvals. The user interface is compatible between WSUS 3.0 SP1 and SP2 on the client and the server.
- Reports: New Update and Computer Status reports let you filter on updates that are approved for installation. You can run these reports from the WSUS console or use the API to incorporate this functionality into your own reports.
Software updates - Stability and reliability fixes are included for the WSUS server, such as support for IPV6 addresses that are longer than 40 characters.
- The approval dialog now sorts computer groups alphabetically by group name.
- Computer status report sorting icons are now functional in x64 environments.
- A new release of Windows Update Agent is included with WSUS 3.0 SP2 that provides improvements and fixes, such as support for APIs called by nonlocal system callers in a non-interactive session.
For more information check KB972455.
Pre-order Windows 7 today at the Microsoft Store. You'll get it for at least half off and be one of the first to get it. Hurry, quantities are limited.*
It's pretty simple
Windows 7 is coming on October 22, 2009. Here's an easy way to get it fast and save a bundle: Pre-order a Windows 7 Home Premium Upgrade for $49 or a Windows 7 Professional Upgrade for $99 at Microsoft Store. That's about half off the estimated retail prices.
Want more info?
Go to the Windows team blog and find out all the details.
* The offer begins on June 26, 2009 and will continue while supplies last, or until July 11, 2009, whichever comes first.
SQL Server 2008 Service Pack 1 is now supported on Configuration Manager 2007 (SP1 and/or R2)
System Center Configuration Manager 2007 SP1 and/or R2 now supports the use of SQL Server 2008 SP1.
No hofixes are required.
Windows Vista and Windows Server 2008 Service Pack 2 are now supported on Systems Management Server 2003 SP3
Systems Management Server 2003 SP3 now supports Windows Vista and Windows Server 2008 SP2 as clients. Administrator consoles or site server roles will not be supported on these platforms.
No hotfixes are required.
Windows Vista and Windows Server 2008 Service Pack 2 are now supported on Configuration Manager 2007 RTM
System Center Configuration 2007 SP1 now supports Windows Vista and Windows Server 2008 SP2 as clients. Administrator consoles or site server roles will not be supported on these platforms.
The following hotfixes are required:
· KB969991- When you use System Center Configuration Manager 2007 RTM to capture an image of Windows Vista SP2 or of Windows Server 2008 SP2, the image capture process fails during the "Prepare Windows for Capture" stage
Windows Vista and Windows Server 2003 Service Pack 2 are now supported on Configuration Manager 2007 SP1
System Center Configuration 2007 SP1 now supports Windows Vista and Windows Server 2008 SP2 as clients, for administrator console installations, and Windows Server 2008 SP2 for site-server roles.
The following hotfixes are required:
· KB970093- When you use System Center Configuration Manager 2007 Service Pack 1 to capture an image of Windows Vista SP2 or of Windows Server 2008 SP2, the image capture process fails during the "Prepare Windows for Capture" stage
This is for the benefit of those that missed MMS this year:
Stuff you might have missed since the R2 release:
- SCUP 4.5 released
- Synchronization command line tool (SCUPSync.exe) which enables you to import and publish updates without using the Updates Publisher console interface.
- Ability to publish updates as “metadata only”
- Ability to configure proxy server credentials in the Updates Publisher console
- Energy Star DCM Pack
- Enter system standby/hibernate after 30 to 60 minutes inactive
- Monitors enter sleep mode after 5 to 20 minutes inactive
- Create a warning notification if screen savers are not disabled,
or if the wait timeout period is more than the monitor sleep setting
- Asset Intelligence sync certificate is now available to everyone
- The certificate used to be available only to Software Assurance customers. That is no longer the case. If you need the certificate, just ask. The certificate will also be included in Configuration Manager SP2.
Documents released in the past 12 months:
- Released the “Help Updater” – Easy to use MSI-based wizard that allows you to either replace the existing local help content with the updated version, or install the help independently of the Admin Console; expected as a quarterly release
- Monthly continuous publishing – Allows us to respond to feedback and content update requests more quickly so that online content can be kept current; expected as a monthly update
- Merged our blog with the new System Center Configuration Manager Team Blog
- Released Configuration Manager Feature Quiz update in SilverLight – combines all previous quizzes, plus new quizzes to support features added in SP1 and R2 in a single downloadable application
- Launched our Community Content feature on the Configuration Manager TechCenter Library (seeit) – Gives our customers the ability to comment directly on and annotate our library topics online
Documents releasing in the next 12 months:
- We’ll be strategizing on a web-based help model in line with System Center architecture (with a non-connected solution as well)
- We’ll be publishing a series of Superflows on Configuration Manager processes including:
- Client Deployment Troubleshooting
- OSD: PXE Deployment
- Software Updates Configuration
- Software Update Deployment
- Software Updates Synchronization
- SRS Report Models
- Backup and Recovery
- Send us your feedback and suggestions! smsdocs@microsoft.com
System Center and Mobile Devices
The device management functionality of Mobile Device Manager and Configuration Manager are merging into the next release of Configuration Manager.![clip_image004[6]](http://blogs.technet.com/blogfiles/carlossantiago/WindowsLiveWriter/MMS2009Highlights_7193/clip_image004%5B6%5D_thumb.gif "clip_image004[6]")
Configuration Manager 2007 SP2
- Schedule – beta in June, RTM 90 days post Win7
- New stuff
- Windows 7 Support
- Windows 7, Windows Server 2k8 R2 supported as clients
- All SCCM server roles fully supported on Server 2k8 R2
- P2P support for Win7 (BranchCache)
- Out of band BITS release post Win7 brings P2P to Vista, Server 2k8
- USMT 4.0 support for OSD
- Intel Active Management Technology (iAMT)
- Smaller, but still important stuff
- Update to Management Pack for 64-bit OS’s – SP2 will ship 64-bit perf counters
- Remote control added in for (x64 XP and Sever 2003)
- Multi-select and delete driver catalog drivers from the console
- Better feedback on AD extension success / failure
- Hotfix data
iAMT
- Supports Intel vPro chipset and iAMT firmware versions 4 & 5
- Feature Parity with SP1 and iAMT firmware versions 3.2.1, 4 & 5
- New Features
- Wireless profiles
- Wireless profiles associated with all Intel® vPro™ clients in the site
- Set the wireless information on a per-collection basis during provisioning.
- 802.1x support - configuration of 802.1x settings on a per-collection basis during provisioning.
- Audit Logs - Retrieve, store and clear the security audit log on a
periodic basis - Power Package - Enable configuration of the power package settings with
the core provisioning settings for the site. - 3rd party data storage - Enable SCCM to store specific information into the NVM data area for inventory or t-shooting.
Configuration Manager.Next
The next major release of Configuration Manager will be a 64-bit application. It will require Windows Server 2008 and SQL Server 2008, both 64-bit editions.
- Minimum System Requirements:
- 64-bit Windows for all site servers and site roles except:
- Branch DPs will run on SCCM.next client OS supported platforms
- Win 2003 32-bit will be supported on file share only Standard DPs.
- SQL 2008 – only 64-bit editions
- Win 2008 64-bit (some may require 2k8 R2)
- SQL Reporting Services is the ONLY reporting platform, Web Reports go away.
- We’re heavily investing in SQL replication to move objects
- Some other features
- State-based DP Groups
- Remote Control WITH CTRL-ALT-DEL
- Sender functionality (for bandwidth management) at Distribution Points
System Center Roadmap
![clip_image006[6]](http://blogs.technet.com/blogfiles/carlossantiago/WindowsLiveWriter/MMS2009Highlights_7193/clip_image006%5B6%5D_thumb.gif "clip_image006[6]")
To check if a Management Point is up and running we have the mplist and mpcert http URLs that we can open in Internet Explorer. We don’t have such URLs to test if a Distribution Point (DP) is up. Management Point and Distribution Point servers are very different roles. The Management Point is a conduit for the clients to get information from the SQL database i.e. their cert, their machine policy, etc. That is why there is a way to use an http link to get that information from SQL through the MP. A DP is nothing but a server share. To use BITS for downloads, we expose that share through a virtual IIS directory.
There is no http link with a cert on a DP that we can query on, but you can create a package just to test the DP health. Here is how:
1. Create a text file and write in it whatever you want to see when you use the http URL to test the DP.
2. Rename that file and change the txt extension to html.
3. Create a package that only contains that file and add your distribution points to the package.
4. Get the package ID and then go to the IIS Manager console and find the name of the DP virtual directory and make sure there is a folder for your DP health package.
5. Use IE and type the URL for the server, the virtual IIS directory, the package ID folder, and then your html file. In my case it looks like this:
http://sccm/sms_dp_smspkge$/zzz0002e/dphealth.html
6. You should get back the content of the text file you created on step one:
If you get the content of your html file back, your BITS enabled DP is up.
One of my customers is in the TAP program for Windows Vista Service Service Pack 2. They wanted to use SCCM/WSUS to deploy updates to the Vista SP2 Beta clients that they have in production. This is how we got the Vista SP2 updates in WSUS and SCCM:
1. Open the WSUS server console and right click on Updates.
2. Select Import Updates.
3. IE will open the Microsoft Update Catalog at http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.1.6001.65.
4. Search on Vista Beta
5. You should get something like:
6. Only the last two apply to Vista SP2 Beta.
7. Click on Add on each on them and then click on:
8. Click on Import.
9. Wait for the updates to get imported to WSUS.
10. Go to the SCCM Admin Console and force a WSUS sycn. You should see something like this in the wsyncmgr.log:
11. The imported updates will now show up in SCCM and you will be able to deploy them.
To troubleshoot SCCM Task Sequences we use the smsts.log located on the SCCM client. Unlike other SCCM components, the size of the smsts.lg is not configurable in the registry.
Keep in mind that Task Sequences can run even before we get the SCCM client on a computer, so the above registry key might not exist. The SMS Task Sequencer log file is by default 1 MB in size. Sometimes that is not enough to troubleshoot task sequences. To increase the size of the smsts.log we need to create a smsts.ini file and put it in the Windows directory. The smsts.ini file should loook something like:
[Logging]
LogMaxSize=5000000
LogMaxHistory=1
The above example makes the smsts.log 5 MB in size and we will keep one 5 MB history file. If you are booting up from media or PXE, you need to edit you boot image such that the smsts.ini file is in the Windows directory.
The current global economy is prompting corporations to do everything possible to save money. Employees are being asked to turn off their computers and monitors when they leave the office, but we know that for one reason or another not everyone complies with this request. As an SCCM administrator you have a unique opportunity to make a big impact in this area. Windows Vista comes with a command line utility called shutdown.exe. Shutdown.exe allows you to shutdown or reboot computers, but it also allows you to hibernate Windows Vista. Most IT departments won't shutdown user computers at night because of the possibility of losing data on some work in progress that was left open and not saved. With hibernation, we do not have that problem. With hibernation the computer state is saved to the hard drive and the computer is then "shutdown". When the computer is powered on, it is returned to the same state it was before hibernating so no work in progress gets lost. It will be very easy to use SCCM to schedule "shutdown.exe /h" (/h switch for hibernation) every night. First we need to identify the Windows Vista Workstations using a query based collection. The following query could be used for the collection:
select * from sms_r_system where OperatingSystemNameAndVersion like 'Microsoft Windows NT%Workstation 6.0 %'
The next thing we will need is a package. Our package won't even need source files since shutdown.exe is already on every Vista client. You can create a program for the package with the following command line:
%windir%\system32\shutdown.exe /h
Finally, all we need to do is advertise our package to the Windows Vista collection. You could create a schedule for the advertisement that will run the hibernation package for example every day at 7:00 P.M. You have full control of when is the best time to do this in your environment. You could also get creative and use SCCM's Wake-On-Lan and awake the computers in the Windows Vista Workstations collection early every morning. That way the end users won't even know their computers were hibernating and saving energy all night. I would be interested if any of you implement something like this in your environment. If you do so, please leave a comment here.
The System Center Configuration Manager team would like to announce that the following has been Released To Manufacturing (RTM).
Download an evaluation version of ConfigMgr07 R2 from Microsoft Download Center.
Your contributions have been instrumental in this release and we encourage you to continue your participation in the Configuration Manager TechCenter Community Page (http://technet.microsoft.com/en-us/configmgr/bb625749.aspx) where you can continue to find technical information, links for downloads, and to participate in online discussion forums.
On the Microsoft Connect site, you can also participate by submitting Bugs and Design Change Requests through the feedback links. As always your feedback is important for all System Center Configuration Manager products.
NOTE: The R2 Evaluation version requires the SCCM site to be running the SCCM SP1 evaluation version. R2 will not install on a full SP1 site and you may receive an error:
“You can only install on an SCCM SP1 evaluation installation"
The SCCM admin console does not support configuring the Software Update Point WSUS servers to use basic proxy authentication. One could run the WSUS administration console and enable basic proxy authentication, but SCCM will overwrite those settings. The following workaround is untested and not supported in any way by Microsoft, but will allow for basic proxy authentication on a SUP server:
1. Stop Site Component Manager and SMS Executive on the SCCM server.
2. Go to WSUS and enable basic proxy authentication.
3. Go to <SCCM Install Dir>\inboxes\sitectrl.box and make a backup of the sitectrl.ct0 file.
4. Edit with Notepad sitectrl.ct0 and look for a section similar to this one:
BEGIN_SYSTEM_RESOURCE_USE
RESOURCE<Windows NT Server><["Display=\\Server\"]MSWNET:["SMS_SITE=PS1"]\\Server\>
ROLE<SMS Software Update Point>
PROPERTY <UseProxy><><><1>
PROPERTY <ProxyName><><proxyname><0>
PROPERTY <ProxyServerPort><><><80>
PROPERTY <AnonymousProxyAccess><><><0>
PROPERTY <AllowProxyCredentialsOverNonSsl><><><1>
PROPERTY <UserName><><SCMATRIX\SUMWSUSAdmin><0>
BEGIN_PROPERTY_LIST
<Objects Polled By Site Status>
<["Display=\\Server\C$\Program Files\Microsoft Configuration Manager\"]MSWNET:["SMS_SITE=PS1"]\\Server\C$\ Program Files\Microsoft Configuration Manager\>
END_PROPERTY_LIST
END_SYSTEM_RESOURCE_USE
5. Add the AllowProxyCredentislOverNonSsl line and save the file.
6. Restart Site Component Manager.
There is also a sample script here to perform these changes.
The Preload Package Tool (PreloadPkgOnSite.exe) is used to manually install compressed copies of software distribution package source files on Configuration Manager 2007 sites. After package source files are installed, a status message is sent up the site hierarchy indicating the presence of the new package source files. This avoids sites higher in the hierarchy from copying package source files over the network when distribution points at child site are selected to host software distribution package content that has already been preloaded on them.
The following feature enhancements have been made to the tool since it was released in the SMS 2003 Toolkit:
- SQL Server named instance support
- Administrator specified StoredPkgVersion value support
On my previous post I suggested the use of a collection and TranGUID.exe to clean up from the SMS database clients with duplicate GUIDs. Unfortunately tranguid.exe from the SMS 2003 Toolkit, does not generate a new GUID on SCCM clients running in Native mode. The tool does work on SCCM clients running in Mixed mode. At the time of this writing, there is no tool for SCCM that will force a Native mode client to get a new GUID. The best workaround to generate a new GUID on a Native mode client is to:
1. Delete the ...\%windir%\smscfg.ini file from the client.
2. Delete the client from SCCM.
3. Delete the SCCM certificate from the client.
4. Re-start the SMS Agent Host service on the client.
The above steps will force the generation of a new GUID on SCCM clients running in Native mode.
The short answer is no. There are two kinds of possible duplicate computer records in SCCM. The first one is machines with the same hardware ID. The hardware ID is unique to each computer and it is based on its hardware properties. CPU type, MAC address, memory, etc. are some of the properties used to determine the machine hardware ID. We could get conflicting records in SCCM when the OS is reinstalled on a computer. The client will get a new GUID from SCCM, but its hardware ID will remain the same. In this scenario we end up with two records in the database for the same computer. SCCM 2007 can detect and correct conflicting records automatically, or the administrator can choose to do it manually.
The second type of duplication is duplicate GUIDs. These are machines with different hardware IDs that share the same SMS Identifier or GUID. A common scenario that causes duplicate GUIDs is hard disk duplication or cloning. The auto correct conflicting records feature in SCCM will not detect or fix duplicate GUIDs. The best way to identify and fix duplicate GUIDs is by using the Managing Duplicate Globally Unique Identifiers in Systems Management Server 2003 white paper. Using the three queries documented in the white paper to create a collection and then target the collection with TranGUID, is a very easy procedure to fix clients with duplicate GUIDs. SCCM administrators should avoid duplicate GUIDs since among other things, they could affect the server performance when processing discovery and inventory data.
To summarize we could have:
1. Conflicting records – Records with the same machine ID
2. Duplicate GUIDs – Records with the same SMS Identifier or GUID
What is the purpose of this alert?
This alert is to notify you that Microsoft has revised security advisory 954474 – System Center Configuration Manager 2007 Blocked from Deploying Security Updates - on 17 June 2008.
Summary:
Microsoft has completed the investigation into public reports of a non-security issue that affects environments with all supported versions of System Center Configuration Manager 2007 that deploy updates to Systems Management Services (SMS) 2003 clients. Regarding this issue, Microsoft first published security advisory 954474 on Friday, June 13th 2008.
The revision to security advisory 954474 discusses the release of an update to correct this issue under Microsoft Knowledge Base Article 954474. Microsoft encourages customers affected by this issue to review and install this update.
Recommendations:
Please review Microsoft security advisory 954474 for an overview of the issue, details on affected components, suggested actions, frequently asked questions (FAQ) and links to additional resources. Review Microsoft Knowledge Base Article 954474 for more information on the update to fix the issue.
Additional Resources:
· Microsoft Security Advisory 954474 – System Center Configuration Manager 2007 Blocked from Deploying Security Updates - http://www.microsoft.com/technet/security/advisory/954474.mspx
· Microsoft Knowledge Base Article 954474 - System Center Configuration Manager 2007 Blocked from Deploying Security Updates - http://support.microsoft.com/kb/954474
· The Manageability Team Blog: http://blogs.technet.com/smsandmom/
· MSRC Blog: http://blogs.technet.com/msrc
Regarding Information Consistency:
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Security Advisories posted to the web are occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in the web-based Security Advisory, the information in the web-based Security Advisory is authoritative.
If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.
Thank you,
Microsoft CSS Security Team
The Configuration Manager 2007 SP1 fix list KB article has been published.
You can find it at KB953649.
