A while back, I posted a few articles on this blog that contained ‘no frills’ steps on how to get ConfigMgr installed, up, and running. Of all the System Center products, ConfigMgr seems to have more moving parts and therefore perceived to be the most complex in installation and configuration. So – I have once again posted an update to my steps to keep in line with the latest versions and such. The attached are the updated steps that can help you get ConfigMgr up and running the fastest way that I know how using ConfigMgr 2007 SP1 R2, Windows Server 2008 R2, and SQL Server 2008. As a bonus, I have also recorded two screencasts over on EDGE where I walk through these steps and explain things along the way. Hope someone finds these useful!
Here are the links to the screencasts:
Part I is here: http://edge.technet.com/Media/How-to-Install-ConfigMgr-for-Testing-Part-I/
Part II is here: http://edge.technet.com/Media/How-to-Install-ConfigMgr-for-Testing-Part-II/
And again, attached to this blog are the updated ‘no frills’ steps…
This is a pretty significant acquisition. Opalis offers some great IT automation processes that snaps right into key pieces of System Center today (OpsMgr and ConfigMgr) as well as maintains several Integration Packs for some of the most popular ticketing systems and other management systems.
In EDU, I have not had many opportunities to engage with folks using Opalis’ solutions and I believe it may have been because the cost of acquisitioning the Opalis solution may have been out of reach for many. Well, that is now all about to change!!!
Check out this site for more details: http://www.microsoft.com/pathways/opalis/
My teammate Michael Greene created this link - http://bit.ly/edtech-virt – to reference when looking for MSFT Case Studies that reference EDU customers (K-12 and HED) when they involve out virtualization stack (Hyper-V, App-V, etc.) and/or System Center technology.
So if you want to see some webcasts that I have done recently on the topic of System Center and the like for EDU environments, check out www.educationwebcasts.com. There you will find several webcasts I have conducted on various aspects of management and a few yet to come in the next few months. There are also dozens of other webcasts on other topics conducted by several of my teammates.
…Really – please don’t! As you can tell, I have taken a LONG hiatus from blogging these past several months. No excuse other than just slammed busy and running around the country supporting the US EDU folks to help spread the good word that is System Center, App-V, Hyper-V, etc. I have a few topics that I have been working on so will be looking to post more regularly starting…. now!
So a few weeks ago, Mr. Joseph Corey at Carnegie Mellon University presented on how they use ConfigMgr to keep their servers in their data centers updated and patched. As one would imagine, they need to be able to tightly control the window of time in which these servers can be patched and rebooted in order for those updates to take effect during prescribed offhour times and therefore rely very heavily on ConfigMgr’s Maintenance Window functionality. One issue that he ran into is that sometimes new servers may get installed into the environment but for various reasons, are not added to the proper Collections that have the maintenance windows set. The result? Those servers will install mandatory updates immediately at any time leading to reboots at any time as there is no Maintenance Window to enforce. ConfigMgr does not have a concept of a default Maintenance Window.
The fix? Create a few cleverly crafted Collections which as a result, will assign a default Maintenance Window if one has not already been assigned to that system. The following are the details and explanation Mr. Corey gave me on how they do just that:
__________________________________________________________________________________________________________
First, you would create a collection that specifies all machines with a maintenance window set (“All Servers with a Specified Maintenance Window”). The items in red are the collection IDs of all collections with a specified maintenance window. I started to create an SCCM query that actually used the SCCM database to list all machines that were in a collection that have a maintenance windows set dynamically, but the logic is much more difficult since the collection contains the maintenance windows data, not the individual resource. I know it’s possible – I just haven’t sat down and hashed out the SQL for this.
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Client = 1 and ClientType = 1 and ResourceId in (select ResourceID from SMS_CM_RES_COLL_PGH00015) or ResourceId in (select ResourceID from SMS_CM_RES_COLL_PGH00016) or ResourceId in (select ResourceID from SMS_CM_RES_COLL_PGH00017) or ResourceId in (select ResourceID from SMS_CM_RES_COLL_PGH00018) or ResourceId in (select ResourceID from SMS_CM_RES_COLL_PGH00019) or ResourceId in (select ResourceID from SMS_CM_RES_COLL_PGH0001A) or ResourceId in (select ResourceID from SMS_CM_RES_COLL_PGH0001F)
Next, you would create the collection below where colID is the collection ID of the above collection (“6 A.M. Maintenance Window”). This will give you a collection that contains machines without explicitly set maintenance windows.
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Client = 1 and ClientType = 1 and ResourceId not in (select ResourceID from SMS_CM_RES_COLL_collD**)
__________________________________________________________________________________________________________
LABMAN 2009 is slated for June 8-10 and will be held at the University of Notre Dame. I have presented/attended at this annual event the past two years and find it to be a very nice (and economical) venue catering specifically to those folks tasked with the management of campus lab environments. If you are interested in attending or would like to nominate yourself to conduct a session, they are currently accepting both!
Although not 100% guaranteed, but yours truly plans to be at this event and may also conduct a session or two as I have done in year’s past!
So I know I blog about once, oh, I don't know, every 2-3 months now! :)
Anyway, I aim to rectify this as I really should blog more and yes do have a lot of half-blog entries that I just never got around to finishing so stay tuned...
In any event, I wanted to let my 10's of fans to this blog know about a very cool conference coming up devoted exclusively to Windows IT folks within Universities and Colleges. This is a great opportunity to network with your peers as well as see some of the best MSFT presenters up close and personal such as MarkRuss and Steve Riley. The details can be found on Mr. Greene's OffCampus blog as he is the main organizer on the MSFT side.
Here are some links to some useful resources to help you further evaluate System Center and other associated Management solutions as discussed during my workshop session at HECC 2008:
So maybe I am the only one that has done this, but I have been dumb enough to now have done this twice so maybe there is someone else out there that is as 'smart' as I am! In my demo environment, I have an OpsMgr 2007 SP1 RMS on a W03 SP2 server with the Operations DB, Report DB, and ACS DB located on a remote W08 server with SQL 2005 SP2. SQL 2005 Report Services is also located on the W08 server as well. The problem? Well, I have found that if you suffer some type of corruption in your OperationsDW (I suffered a power outage in my environment which somehow put the OperationsDW in a Suspect state. And no, of course I did not have a backup of the DB!!!) DB and/or have a reason to re-install OpsMgr Reporting, the act of uninstalling OpsMgr Reporting renders the instance of SRS unusable - you will continually get errors if you try to re-configure/reset SRS back to a usable state and therefore are SOL if you wish to re-install OpsMgr Reporting on this instance. The following are some of the symptoms I have observed:
- After uninstalling OpsMgr Reporting, you will get errors when trying to navigate to http://server/reports or http://server/reportserver
- The Application Event Log on the SRS server may have entries with event id 18456 saying that "login failed for user...".
Basically, the fix for me was the following:
- Stop the SRS service
- Stop the IIS service
- Delete the OperationsDW, Reports, and other associated TEMP DB's
- Delete the Reports and ReportServer virtual directories via the IIS Manager
- Start SRS
- Start IIS
- Fire up the Reporting Services Configuration Tool
- Connect to the SRS Instance
- Click Web Service Identity Select 'Classic .NET AppPool' for both Reports and ReportServer (you will have to re-create these as you blew them away in the previous step).
- Create a new Report DB
- ***This is what screwed me up - seems that somehow the Rsreportserver.config file gets corrupted somehow. Go to \program files\Microsoft SQL Server\MSSSQL.X\Reporting Services\ReportServer and restore one of the previous versions of this file (should have a .0 or .1 appended to it).
- Proceed and follow all instructions in KB938245 in the section titled "How to configure the Report Web Service or Report Manager to use an application pool that runs under a domain account"
- ***For me, one of the registry keys that they tell you to modify did not exist - I simply created it and modified to use my domain account and this seemed to work
You should then be able to go to http://server/reports or http://reportserver without error now... Therefore, you should ten be able to re-install OpsMgr Reporting.
Oh yeah - I found out that technically we do not support running OpsMgr Reporting on W08 just yet - thus explains why I had to run through a lot of hoops above. However, it seems to work for me with the exception of having to reset SRS if you ever have to reinstall...
Our good partners, SecureVantage are going to be conducting free online seminars starting 7/10. To register for these free courses and to receive more information, go here:
http://www.securevantage.com/ACSTraining.aspx
SecureVantage also maintains a nice Spaces blog full of useful information regarding ACS and how their solutions can further extend its value - the blog can be found here: http://securevantage.spaces.live.com/
Coming off the LABMAN conference from a few weeks ago, I know many in the EDU community rely on disk protection and lock down tools such as Faronic's DeepFreeze and SteadyState. At the end of last week, we made SteadyState 2.5 available for free download - big deal here is now we can lock-down and disk protect Vista workstations. You can get this here. Here is a bullet list of the new features:
New features in SteadyState version 2.5 include the following:
• Full support for Windows Vista
• Full support for Internet Explorer 7 and tabbed browsing
• Overall improved performance
• Faster booting
• Faster system caching
• Remote management of Windows Disk Protection through scripting
• Improved importing & exporting of user information
Also, I thought I blogged about this in the past but apparently I have not (or at least I cannot find the post), but yes, with SteadyState, you do have the ability to control the state of 'Disk Protection' via command line by making calls to the machines WMI interface - KB938355 explains this. Also this old forum post gives some sample scripts to turn WDP on and off as well. For you folks familiar with DeepFreeze this would be going from 'frozen' to 'thaw'. Granted, not as fancy as DeepFreeze as we do not offer a GUI console for SteadyState, but our price is a bit better (free download) if you are comfortable with making changes via script (or better yet, using something like ConfigMgr to modify the protection states when changes are needed).
The ConfigMgr homepage may not be up to date yet but here is the direct download link to download SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=5AAE62E8-4B7F-4AF7-BE01-AEFAA4BF059A&displaylang=en
This release (among the usual bug fixes) brings forward these new features:
1. More complete support for management of Windows Vista SP1 (Vista SP1)and Windows Server 2008 (Server 2008).
2. Support for SCCM 2007 Server Site roles on Server 2008.
3. Out of band and in band management of Intel AMT devices.
4. Asset Intelligence 1.5 which is our first release with a connection back to System Center Online for regular updates to the Asset catalog
Enjoy!
So I normally do not regurgitate generic technical information that you can find on one of a thousand different blog sites and podcasts unless I feel that there is unique significance to the EDU community. If you attended MMS 2008 or paid attention to the announcements and press releases announced during the Summit, there were three major things and one 'quiet but intriguing thing' that I think will have a HUGE impact in EDU. The three major announcements (and one 'quieter' announcement) were:
- Beta Availability of Operations Manager 2007 Cross Platform Extensions: So an ugly and long title but to put it simply, we are planning to introduce OpsMgr client agents for non-Windows systems including RHEL, Sun Solaris, SLES, HP-UX, and AIX. This is definitely a first and not just for the Management division but for Microsoft as a whole as we will be including actual agents for non-Windows based systems AND these are based on the OpenPegasus initiative which means the agents will be open-sourced. Yes, you read that correctly (read again, if you need to - I know I had to!). Beta 1 of these agents are available now off of the Connect site. For more information on how to obtain these, go here:
http://blogs.technet.com/systemcenter/archive/2008/04/29/operations-manager-2007-goes-cross-platform.aspx
- Beta Availability of Operations Manager 2007 Connectors: This one may not be as shocking as the above as you may have seen this coming when we acquired Engyro a little over a year ago and have since made the Engyro Connectors available 'for free' to licensed OpsMgr customers to connect OpsMgr to their HP OVO, Tivoli management systems and the like. What is significant is that we are basing the connector on the same OpenPegasus stuff and will be open-sourced. Like the extensions above, the beta is publicly available at the same link above.
- Beta Availability of Virtual Machine Manager 2008: Not as big of a surprise as we have been talking about the v.Next version of VMM allowing for management of Hyper-V and VMWare hosts, but very nice to see we are right on track with the public beta availability of this next version. Access to and information on how to get at the bits can be found here: http://www.microsoft.com/systemcenter/scvmm/default.mspx
- Kidaro First Look: Although the acquisition at the time of this writing was not quite complete, there were a few breakout sessions and more detail around the technology that this acquisition will bring. Kidaro will become yet another technology provided to those customers that subscribe to the Desktop Optimization Pack (with no extra price increases planned, BTW) and will allow customers a way to deliver and control virtual OS's to clients via physical media (USB key, DVD, etc.) and/or streaming technologies with complete integration with the end client. Think of it as the best of virtual machines, terminal services, and virtual applications without any of the downsides these technologies have. IMHO, the Kidaro 'stuff' (we still have not picked a formal name for it yet) will solve MANY problems in EDU by allowing you to have a controlled set of OS images complete with your supported applications that can be seamlessly run and delivered to unmanaged machines - such as a student or faculty member's personal machine. Is this VDI? No - it is MUCH, MUCH, better... I am sure more information will be forthcoming once the acquisition is complete but here are some links to check out today:
http://www.kidaro.com
http://blogs.technet.com/james/archive/2008/03/25/mdop-to-get-bigger-more-value-included.aspx
http://blogs.technet.com/virtualization/archive/2008/03/12/Kidaro-to-be-added-to-Microsoft_2700_s-desktop-virtualization-products.aspx
http://blogs.technet.com/technology_trumpet/archive/2008/03/13/i-kidaro-you-not.aspx
So on a topic that is not by any means new, however one in which I have been getting a lot of recurring discussions around lately from my customers...
So there seems to be a lot of different viewpoints on when or whether to re-package software for the purposes of automatic distribution (using ConfigMgr of course!). For years, I have employed the following guidelines - in this order:
1. Does the software natively support MSI? If yes, no need to re-package, use the built-in characteristics of MSI to create a silent install command line (with or without transforms) to get the job done. If not, consider Step 2.
2. Does the software support any documented way to deploy the software silently? If yes, great, use what the vendor gives you to get the job done. If not, or it is not very clear, consider Step 3.
3. Conduct research on sites such as www.appdeploy.com (one of my favorites, btw) to see if someone in the community has posted steps/tips on your software that allows for silent and automated deployment. If so, employ these in the lab to confirm they work and then deploy. If not, consider Step 4.
4. Utilize your favorite MSI re-packager. ConfigMgr users can use Macrovision's AdminStudio: Configuration Manager Edition to get the job done. But if you have purchased the Wise Installer and like their interface better, go nuts!
As a rule, I always attempt to go down the past of least resistance yet maximizing supportability. I see Step 4 as the worse case and most expensive as it is the most time consuming and you run the risk of the vendor no supporting your deployment if they do not support the re-packaging of their application. IMHO, if the app is not native MSI but has a documented way of silently deploying, I say use it - supportability to speed far outweigh some of the ability built into an MSI wrapper...
Anyway, that's my $.02 - I will stop rambling now...
