Tuesday, June 14, 2016

SCCM


Collections:- https://technet.microsoft.com/en-us/library/gg712295

-A single collection can contain users or devices, but not both.
-Do not use incremental updates for large number of collections [Incremental updates occur at 10 minute interval. Independently of a full collection evaluation]
-Schedule a full update on this collection :to schedule a regular full evaluation of the collection membership. The members will not appear in the collection until after the first scheduled update, or you manually select Update Membership for the collection.
-If a collection includes both include collection and exclude collection rules and there is a conflict, the exclude collection rule takes priority over the include collection rule.
-Incremental updates do not function if the collection contains include collection, or exclude collection rules for CM SP1 and 2012 R2 CM versions. It functions in CM SP2 and in 2012 R2 CM SP1

-Operating System Name and Version:-  Workstation 6.1 – Windows 7, Workstation 6.2 – Windows8,  Server 6.1 – Windows Server 2008 R2 ,Server 6.2 – Windows Server 2012 [SMS_R_System.OperatingSystemNameandVersion like "%Workstation 6.1%"]
-SMS_R_System.NetbiosName
-Device types are stored in the Configuration Manager database under the resource class sms_r_system and the attribute name AgentEdition. SMS_R_System.ClientEdition = 5 [mac comps]

-Direct Membership Rule Wizard *Resource class:Select from "System Resource" values to search for inventory data returned from client computers or "Unknown Computer" to select from values returned by unknown computers. *Exclude resources marked as obsolete *Exclude resources that do not have the Configuration Manager client installed

-Query Rule Properties *Import Query Statement *Resource class
-Create a query: https://technet.microsoft.com/en-us/library/gg712323

-User device affinity: https://technet.microsoft.com/en-us/library/gg699365.aspx

User device affinity allows you to associate a user with specified devices. This allows you to deploy software to a user rather than a device. For example, you could deploy an application so that it only installs on the primary device of the user. On devices that are not the primary device of the user, you could deploy a virtual application that is removed when the user logs out.

------------------------------------------------------------------------------------------------------------

-Bandwith throttling: https://en.wikipedia.org/wiki/Bandwidth_throttling

-Fallback:
https://blogs.technet.microsoft.com/cmpfekevin/2013/03/05/what-is-fallback-and-what-does-it-mean/

-CCMsetup.exe vs Client.msi
https://mikewasowsky.wordpress.com/2011/05/10/ccmsetup-exe-vs-client-msi/

-Client Push Installation
http://prajwaldesai.com/install-configuration-manager-clients-using-client-push/

-Microsoft download center (SDK)
https://www.microsoft.com/en-us/download/details.aspx?id=29559

-Client Settings:
https://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_ComputerAgentDeviceSettings

-Disable deadline randomization
For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only.
This setting determines whether the client uses an activation delay of up to two hours to install required software updates when the deadline is reached. By default, the activation delay is disabled.
For virtual desktop infrastructure (VDI) scenarios, this delay can help to distribute the CPU processing and data transfer for a computer that has multiple virtual machines that run the Configuration Manager client. Even if you do not use VDI, if many clients install the same updates at the same time, this can negatively increase CPU usage on the site server, slow down distribution points, and significantly reduce the available network bandwidth.
If required software updates must install without delay when the configured deadline is reached, select Yes for this setting.

------------------------------------------------------------------------------------------------------------

/*-Flowchart
https://technet.microsoft.com/en-us/library/bb932150.aspx*/
Distribution manager
package manager

-Package share: When package is configured to allow program to run from distribution point. will be run from package source folder smspkg$

-Planning for content management:
https://technet.microsoft.com/en-us/library/gg712321.aspx#BKMK_PlanForDistributionPoints

-In previous versions of Configuration Manager, the Distribution Manager manages the transfer of content to a remote distribution point. Distribution Manager also manages the transfer of content between sites. With System Center 2012 Configuration Manager, Distribution Manager continues to manage the transfer of content between two sites. However, the Package Transfer Manager allows Configuration Manager to offload from Distribution Manager the operations required to transfer content to large numbers of distribution points. Compared to previous product versions, this helps to increase the overall performance of content deployment both between sites and to distribution points within a site.

-Update Content or Update Distribution Point actions:
https://technet.microsoft.com/en-us/library/hh692393.aspx

-Content library:
http://blogs.technet.com/b/configmgrteam/archive/2013/10/29/understanding-the-configuration-manager-content-library.aspx

------------------------------------------------------------------------------------------------------------

#Operations and Maintenance for Software Updates in Configuration Manager:
https://technet.microsoft.com/en-us/library/jj134348.aspx

-WSUS is a program that runs on server which downloads updates from Microsoft Updates website .
Software update point[SUP] gets in sync with WSUS and takes the responsibility of passing the updates to configuration manager clients in its site.

The overall process for software updates in System Center 2012 Configuration Manager includes four main operational phases: synchronization, compliance assessment, deployment, and monitoring. The synchronization phase is the process of synchronizing the software update metadata from Microsoft Update [site] and inserting it into the site server database. The compliance assessment phase is the process that client computers perform to scan for compliance of software updates and report the compliance state for the software updates. The deployment phase is the process of manually or automatically deploying the software updates to clients. Finally, the monitoring phase is the process of follow-on monitoring for software update deployment compliance.

Unlike other deployment types, software updates are all downloaded to the client cache regardless of the maximum cache size setting on the client.

------------------------------------------------------------------------------------------------------------

#Configure the Client Cache for Configuration Manager Clients:
https://technet.microsoft.com/en-us/library/gg712288.aspx#BKMK_ClientCache

If the client attempts to download content for a program or application that is greater than the size of the cache, the deployment fails because of insufficient cache size and Configuration Manager generates status message ID 10050. If the cache size is increased later, the download retry behavior is different for a required program and a required application:
 For a required program: The client does not automatically retry to download the content. You must redeploy the package and program to the client.
 For a required application: Because an application deployment is state-based, the client automatically retries to download the content when it next downloads its    client policy.

If the client attempts to download a package that is less than the size of the cache but the cache is currently full, all required deployments keep retrying until the cache space is available, until the download times out, or until the retry limit is reached for the cache space failure. If the cache size is increased later, the Configuration Manager client attempts to download the package again during the next retry interval. The client tries to download the content every four hours until it has tried 18 times.

properties:

DISABLECACHEOPT:
SMSCACHEDIR:
SMSCACHEFLAGS:
SMSCACHESIZE:
---------------------------------------------------------------------------------------------
-Introduction to Operating System Deployment in Configuration Manager
https://technet.microsoft.com/en-us/library/gg682108.aspx

PXE initiated deployments: PXE-initiated deployments let client computers request a deployment over the network. In this method of deployment, the operating system image and a Windows PE boot image are sent to a distribution point that is configured to accept PXE boot requests.

https://technet.microsoft.com/en-us/library/hh397405.aspx

https://technet.microsoft.com/en-us/library/gg682187.aspx


Windows ADK (Windows Assessment and Deployment Kit)is a set of tools and documentation that support the configuration and deployment of Windows operating systems.
Features of the Windows ADK:
User State Migration Tool (USMT) 1
Windows Deployment Tools
Windows Preinstallation Environment (Windows PE)

Windows Deployment Services (WDS) must be installed on the same server as the distribution points that you configure to support PXE or multicast. Whether you must install WDS manually or if it is already installed on the server depends on the operating system of the server.

For PXE deployments, WDS is the service that performs the PXE boot. When the distribution point is installed and enabled for PXE, Configuration Manager installs a provider into WDS that uses the WDS PXE boot functions.

-Windows deployment services:
https://en.wikipedia.org/wiki/Windows_Deployment_Services

-Preboot execution environment:
https://en.wikipedia.org/wiki/Preboot_Execution_Environment


------------------------------------------
 Planning for BranchCache Support
 Planning for Preferred Distribution Points and Fallback
https://technet.microsoft.com/en-us/library/gg712321.aspx#BKMK_PreferredDistributionPoint
 Prestage Content
https://technet.microsoft.com/en-us/library/gg712694.aspx#BKMK_PrestageContent



0x87D00607 content not found, unable to download
=====================

============================================
Decommissioned

When a Configuration Manager 2007 client is removed from a child site, its record is not automatically deleted from the parent site. However, a new data discovery record (DDR) is sent to the parent site and the client becomes marked as decommissioned. You can then use Configuration Manager 2007 queries or collections to identify decommissioned client computers.

from SMS_R_System where SMS_R_System.Decommissioned = 1

Obsolete

Indicates whether this client record is obsolete.

A record that is marked obsolete typically was superseded by a newer record for the same client. The newer record becomes the client's current record, and the older record becomes obsolete.

Obsolete clients are those that have been replaced by new ones. This usually happens during refresh OS deployments where the hardware stays the same and thus the hardware id is the same but the SMS GUID changes because the OS has been reloaded or the GUID is regenerated for another reason but the hardware remains the same.

Reasons -
1. hard disk swapping
2. Renaming machines
3. Reimage OS
4. Reinstalling SMS/SCCM agent on the machines without proper uninstall.

FROM
SMS_R_System
WHERE
Obsolete IS NULL
OR Obsolete = 1

Client

When the Client value displays Yes, the site has processed a Heartbeat Discovery data record from the client. This can be used to help confirm that the client computer has a Configuration Manager 2007 client installed.

Inactive client s are those that have not been discovered recently by the heartbeat discovery. The definition of recently is defined in the delete task as a number of days. Please note that obsolete client s are also marked inactive.

 Reasons-
1. Offline machines
2. Machines having DNS issue/No name resolution
3. Machines are in inventory stock
inactive:
FROM
SMS_R_System
WHERE
Active IS NULL
OR Active = 0


https://technet.microsoft.com/en-in/library/dd334565.aspx

------------------------------------------------------------------------------------------------------

Patch task:








Configuration Manager Client Deployment Data Flow: CCMSetup Installation Process:
https://technet.microsoft.com/en-us/library/bb694034.aspx
---------------------------------------------------------------------------------------------------------

https://prajwaldesai.com/capture-windows-7-using-sccm-2012-r2/
Capture a reference OS:

create TS media -o/p .iso (places in share path)
  capture media
  select boot image ,distribute

Virtual machine with an OS
 mount .iso (access the share path where its placed)
 run image capture wizard -o/p .wim
 sysprep - captures os and gives .wim

Add Operating system image to console
 enter path of .wim where its created
 distribute

Operating system images are the .wim files that are used for the operating system capture and deployment process.
-----------------------------------------------

https://prajwaldesai.com/deploying-sccm-2012-part-14-build-and-capture-windows-7-64-bit/
Initial steps to build and capture OS:

PXE initiated deployments: PXE-initiated deployments let client computers request a deployment over the network. The operating system image and a Windows PE boot image are sent to a distribution point that is configured to accept PXE boot requests.

Enabling PXE
 go to DP and enable pxe support for clients

Add OS installer
An operating system installer is the installation file that contains all the necessary files that Configuration Manager needs to install on the operating system on any reference computer.
 Provide the folder path where you have copied the Operating system, in our case its \\sccm.prajwal.local\Deployment\OS\Windows7\
 distribute

Boot image
 enble cmd support
 distribute

Operating system boot images are .wim for file, which has files and folders that are essential to install and configure an operating system.

Create package from definition
 confg mgr client upgrade
 distribute

Create TS
 select Build and capture ref os image
 Select boot image
 Select OS image
 Specify confg mgr client pkg
 Specify where the captured image file should be saved - .wim

https://prajwaldesai.com/deploying-sccm-2012-part-15-build-and-capture-windows-7-x64/
Build and capture win7:

Create collection and add virtual machine w/o OS
deploy TS
 installs OS and captures OS

http://windowsitpro.com/system-center/q-what-difference-between-operating-system-images-and-operating-system-installers-syst
-----------------------------------------------------------------------------------------------------

Resultant client settings:
http://www.configmgr.no/2013/09/19/configmgr-2012-r2-and-resultant-client-settings/

--------------------------------------------------------------------------------------------------------
Diffrent types of cycles in sccm:
http://serverfault.com/questions/364555/what-do-each-of-the-actions-in-the-sccm-client-actually-do

-------------------------------------------------------------------------------------------------------
Resource explorer to view software inventory:
https://technet.microsoft.com/en-us/library/hh509029.aspx

Resource explorer to view hardware inventory:
https://technet.microsoft.com/en-in/library/gg712311.aspx

--------------------------------------------------------------------------------------------------------
installing wsus
https://prajwaldesai.com/installing-wsus-for-configuration-manager-2012-r2/

-----------------------------------------------------------------------------------------------------
Repair or rebuild windows wmi repository:
https://support.quest.com/vworkspace/kb/88861

----------------------------------------------------------------------------------------
endpoint protection:
https://albertneef.wordpress.com/2013/03/17/configure-endpoint-protection-2012-in-sccm-2012-sp1/

SMS WSUS SYNC MGR component
wsyncmgr.log - synchronising of updates

-----------------------------------------------------------------------------------------
Replication:
https://www.anoopcnair.com/sccm-configmgr-2012-site-to-site-replication-sql-data-replication-service-replication-configuration-management-sql-service-broker-replication-groups-and-manual-sync/

File-based communication between sites uses the Server Message Block (SMB) protocol by using TCP/IP port 445

-------------------------------------------------------------------------------------------



SCCM backup:




Microsoft System Center Powershell Essentials book safari:

SCCM health check activities.

Role based access control (RBAC):

Application Catalog website point vs Application Catalog web service point:
https://sccm2oo7.blogspot.in/2015/03/application-catalog-web-service-point.html

Patch scan errors;
error codes
https://technet.microsoft.com/en-us/library/cc720432(WS.10).aspx
http://inetexplorer.mvps.org/archive/windows_update_codes.htm
wua error codes:
https://social.technet.microsoft.com/wiki/contents/articles/15260.windows-update-agent-error-codes.aspx


Software update folders:
C:\Windows\system32\CatRoot2   folder is an impotant folder which helps to fetch regular Windows Updates.  The Catroot2 folder is automatically recreated by Windows once it is deleted. For the most of the windows Updates issues, once you delete or rename the catrrot2 folder wil fix the issue because once you have renamed or deleted the catrroot2 folder it will refresh the update history..Its A Folder Which Stores The Signatures Of Windows Update Package And Allows It To Be Installed. The File %windir%\System32\catroot2\edb.log will be updated by the cryptographic services. So Inorder To Delete The Folder The Cryptographic Services Has To Be Stopped First. All The Updates Are Stored Under The Folder %windir%\SoftwareDistribution And Its managed By The Automatic Updates Service.

SCUP process:
http://whp-aus2.cold.extweb.hp.com/pub/caps-softpaq/cmit/whitepapers/HP%20Client%20Updates%20Catalog%20for%20Microsoft%20System%20Center%20Products.pdf

Extend AD (Active Directory) schema:
https://docs.microsoft.com/en-us/sccm/core/plan-design/network/extend-the-active-directory-schema
http://blog.danovich.com.au/2013/06/22/the-system-management-container/