1 / 48

Microsoft System Center Configuration Manager : Hints, Allegations and Other Things Left Unsaid

SIM407. Microsoft System Center Configuration Manager : Hints, Allegations and Other Things Left Unsaid. Jason Sandys Managing Consultant Catapult Systems b-jasa@microsoft.com. “ConfigMgr”. Topics. Boundaries. Boundaries. AD Site. IP Range. IP Subnet.

sumitra
Download Presentation

Microsoft System Center Configuration Manager : Hints, Allegations and Other Things Left Unsaid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SIM407 Microsoft System Center Configuration Manager: Hints, Allegations and Other Things Left Unsaid Jason Sandys Managing Consultant Catapult Systems b-jasa@microsoft.com

  2. “ConfigMgr”

  3. Topics

  4. Boundaries

  5. Boundaries AD Site IP Range IP Subnet

  6. The problems with boundaries IP Subnet AD Site “Converted” to IP Subnet IDs 192.168.14.0/23 = 192.168.14.0 Cannot use “Super-nets” Workgroup clients aren’t part of an AD Site • Cannot use “Super-nets” • Based on Subnet/Network ID • Are subjective • Subnet IDs are based on IP Address + Subnet Mask

  7. Why Subnet IDs are Evil Classful Classless Internet Domain Routing (CIDR) IP Address:10.0.151.17 Subnet ID: ? Subnet Mask: ? Subnet ID: 192.168.18.0 Subnet Mask: ? Valid IPs: 192.168.18.1 – ? • IP Address:10.0.151.17 • Subnet ID: 10.0.0.0 • Subnet Mask: 255.0.0.0 • Subnet ID: 192.168.18.0 • Subnet Mask: 255.255.255.0 • Valid IPs: 192.168.18.1 – 192.168.18.254

  8. Super-net example IP Subnet: 10.0.0.0 AD Site Subnet: 10.0.0.0/8 Subnet ID: 10.0.0.0 Subnet ID: 10.0.0.0 IP Address: 10.0.1.27/24 Subnet ID: 10.0.1.0

  9. Discovery example Discovered IP Address: 192.168.15.27 AD Site Subnet: 192.168.14.0/23 Subnet ID: 192.168.14.0 Discovered Subnet ID: 192.168.14.0 IP Address: 192.168.15.27/24 Subnet ID: 192.168.15.0

  10. Boundaries • IP Address Ranges FTW • Do not rely on AD Sites • “Super-netting” is fine • No ambiguity • What you see is what you get • Very granular and exact • No subnet calculator needed

  11. High Availability and Site Resiliency

  12. Kim High availability and site resiliency Site Functionality Client Functionality Inventory Previously scheduled actions Remote Control Key Roles Distribution Point PXE Service Point Software Update Point State Migration Point • Policies • Packages • Site Settings • Key Roles • Database • Management Point • SMS Provider • Reporting Point (Classic and SSRS)

  13. Role Failure Impacts

  14. Three Options for HA

  15. HA and SR Out of the Box

  16. The Easy Button Solution • Out of box solution != Site Resiliency • Hyper-V and Quick/Live Migration • Provides both high availability and site resiliency • Site Resiliency will require some network “magic”

  17. Software Updates and Task Sequences

  18. Jason Software Updates and Task Sequences • Yes, they (mostly) work • Target the same Collection as your OSD Advertisement • Client Agent Install Public Properties • SMSMP and SMSSLP • Install the latest Windows Update Agent • 7.4.7600.229 • http://support.microsoft.com/kb/949104 • Increase the WSUS maximum XML size per request • Use IP Address Range boundaries • Wait for the Hotfix

  19. Software Updates and Task Sequences demo

  20. WMI Health

  21. Kim WMI Health • ConfigMgr is a WMI aggregator and automator

  22. Kim No Magic Bullet • Install the XP Hotfix • KB 933062 • Don’t automatically flush the Repository • Fixes the symptom, not the problem • Don’t ever flush the repository on a site server

  23. Fixes • Re-register • Built-in Repair • XP SP2+ • rundll32 wbemupgd, UpgradeRepository • Vista/7 • winmgmt /salvagerepository • Delete CCM namespace (Client only) FOR /f %s in ('dir /b /s *.dll') do regsvr32 /s %s Net stop /y winmgmt FOR /f %s in ('dir /b *.mof *.mfl') do mofcomp %s Net start winmgmt

  24. Fixes • Re-register • Built-in Repair • XP SP2+ • rundll32 wbemupgd, UpgradeRepository • Vista/7 • winmgmt /salvagerepository • Delete CCM namespace (Client only) FOR /f %s in ('dir /b /s *.dll') do regsvr32 /s %s Net stop /y winmgmt FOR /f %s in ('dir /b *.mof *.mfl') do mofcomp %s Net start winmgmt

  25. WMI Repair demo

  26. Permissions

  27. Program Execution • Local SYSTEM account • Current user • Run Command-line task in a Task Sequence allows alternate credentials

  28. Network Access Account • Generally a fallback account • Used to access content • Not used to run programs • Required for Operating System Deployment

  29. Jason The SYSTEM Account • Local Actions -> SYSTEM account • Network Actions -> Active Directory computer account • Includes UNCs on local system • All AD computer accounts are automatically members of Domain Computers group

  30. Drivers • Uses system account of server hosting SMS Provider SMS Provider Site Server Driver Package Source DP Driver Source

  31. Software Updates • Uses user account of user running the console • Uses system account of server hosting SMS Provider SMS Provider Current User Update Package Source Microsoft

  32. Backup • SMS_SITE_BACKUP Service runs as local SYSTEM • SMS_SITE_SQL_BACKUP Service runs as local SYSTEM AD Computer SYSTEM AD Computer SYSTEM Local UNC

  33. Client Status

  34. Kim Client Status in the Console

  35. Client • Indicative of client agent installation status • Not real-time • Can be cleared by the “Clear Install” maintenance task

  36. Approved • Is a black-box and is not documented in detail • Meant to mimic PKI certificate revocation • N/A only affects OOB Management

  37. Inactive • When a client is flagged as obsolete it is also marked as inactive • Client Status Reporting (R2 & R3) • Deleted resources in child domains • Used in conjunction with Delete Inactive Client Discovery Data task

  38. Obsolete • Resources are marked as obsolete when they are superseded by newer resources • Used in conjunction with Delete Obsolete Client Discovery Data task

  39. Maintenance Tasks and Client Status Reporting demo

  40. Summary • ConfigMgr has a lot of moving parts • Always use IP Address Range Boundaries • There are HA and DR options available • Software Updates in OSD are achievable • WMI Health is more than nuking the repository

  41. Resource Links • My Blog:http://myITForum.com/cs2/blogs/jsandys • ConfigMgr "Install Software Updates" task failing when building a reference machine: http://coreworx.blogspot.com/2010/08/configmgr-install-software-updates-task.html • Known Issue: Install Software Updates Action Hangs on Windows 7: http://blogs.technet.com/b/configmgrteam/archive/2011/01/28/known-issue-install-software-updates-action-hangs-on-windows-7.aspx • How It Works: Automatic Client Approval in Configuration Manager 2007: http://blogs.technet.com/b/configurationmgr/archive/2010/01/20/how-it-works-automatic-client-approval-in-configuration-manager-2007.aspx • WMI Troubleshooting Tips: http://blogs.technet.com/b/configmgrteam/archive/2009/05/08/wmi-troubleshooting-tips.aspx

  42. Related Content • Breakout Sessions (session codes and titles) • Interactive Sessions (session codes and titles) • Hands-on Labs (session codes and titles) • Product Demo Stations (demo station title and location) • Related Certification Exam • Find Me Later At…

  43. Track Resources • Resource 1 • Resource 2 • Resource 3 • Resource 4

  44. Resources • Connect. Share. Discuss. http://northamerica.msteched.com Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet • http://microsoft.com/msdn

  45. Complete an evaluation on CommNet and enter to win!

  46. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related