Continuing the theme of clearing stuff from my inbox…here is one that has been there since late January. It is simply a list that correlates a few mass storage drivers to a few computer models. This is obviously not comprehensive…just what I had in that email. Thanks to Chris Muster for sending me this list.
A few months ago I finally discovered the PowerShell Module that Michael Niehaus wrote. I love the flexibility it offers…not to mention the speed of performing repetitive tasks. Some of the syntax was a bit confusing to me on some of the commands…in particular the ones that require the “NALpath”. I was using the “new-sccmpackagedp” command which requires the NALpath as a parameter. Once I figured it out, I emailed the command to myself…where it has been sitting since the middle of June. This post will clear that email out of my inbox!
Syntax for the New-SCCMPackageDP command in PowerShell:
From what I could see on Niehaus’s blog, he doesn’t have a direct link to the module that he wrote. The best I could find was that he included version 1.5 of the module in a zip file along with something else he wrote. Here is the blog post, and the direct link to the zip file that includes the module.
Big time thanks to Michael for writing and posting such an awesome resource!!!
A while back I was looking for a command line method of triggering inventory. Most of the posts that I found were vbscripts that could trigger the action via the control panel applet…but you ran into an issue with this method if you were triggering it on a 64bit OS…because the ConfigMgr applet is a 32bit applet….which can’t be triggered from the 64bit cscript. It can still be done by switching to the 32bit cscript, but it’s a bit cumbersome.
I was bouncing this issue off of Brian Mason, and he reminded me of a blog post by Kim Oppalfens re: triggering ConfigMgr stuff with WMIC. Kim’s post is specifically around adding right click actions to the ConfigMgr console, but they can be used from the command line also.
He lists a lot of them in his post (which I strongly encourage you to check out), but the two that I was needing for inventory are:
If copying and pasting, be careful to ensure that the quotes are normal straight quotes instead of “smart quotes”.
Side note: if you have access to view the sessions from MMS this year, be sure to download and watch Kim’s session. It was re-scheduled for the last day because he was unable to fly earlier in the week because of the volcano in Iceland. There were only approx 50 of us at his session…but it was one of the best of the event…definitely 400 level.
Today is my fifteenth wedding anniversary. It’s hard to believe that it has been fifteen fantastic years with Julie. Not that there haven’t been rough times…there have…but you hold on and grow through those times. If you fight FOR your marriage (instead of just fighting) you end up closer in the end. I am glad to have committed to spending the rest of my life with Julie…I’m looking forward to the next 50 years!
On our tenth anniversary I took a song by Steven Curtis Chapman, modified the lyrics and sang it to Julie as an anniversary present. The original song was titled “11-6-64” and was written by SCC for his wife’s birthday. That song was included on SCC’s “All About Love” album which was essentially 16 love songs…most of which he wrote for his wife. I am indebted to him for that album. Until now, only a few family members and friends have seen this song.
8-26-95
8-26-95 the sun shone a whole lot brighter
Than ever it had before, smiling down on me
Around 11 am both hands of time stopped turning
And you came waltzing in, to change my world for good
And you were all that I could see, and when you looked at me
Everything just faded
And I, I know I smiled and prayed
Harder on that day
Cause my whole world was changing on
8-26-95, we both said “I do”
And suddenly living life meant so much more
On the day that we were wed.
And I, I woke up with the dew; I was thinking of you
One of the guys who leads music at our church (Church of the Open Door) is Joel Hanson. Joel is probably best known for being one of the members of the Christian rock band PFR. He and the guys in our church band are very talented. The song that they played while the offering was taking place yesterday was “Mess of Me” by Switchfoot. They may have actually sounded better than Switchfoot. Listen to the video below (really loud if you can)…and picture it being played in church. :-)
[Edit: Okay...I just realized that the video is set to not allow embedding...so you will have to go directly to Youtube to view it.]
I had a fun little task this week…do the impossible with ConfigMgr…make a Task Sequence advertisement applicable to a user. Now…Task Sequences were originally designed for Operating System Deployment, and as such they can only be advertised to a computer account…not a user account. But…there are certain applications that we need to install via a Custom Task Sequence. (For example…SQL 2005 Client Tools or Visual Studio 2008. In both cases, the service pack can’t be slipstreamed into the install, so it must be installed separately.)
Now in most instances, I want the service desk to be able to deploy software, but I don’t want to give them access to the ConfigMgr console. One of the easiest ways to accomplish this is by allowing them to modify an AD group for SW deployment. That works well…except that for an app that is installed via a task sequence, they will have to remember to add a computer account (that they will have to hunt down) instead of the user account. I would much prefer that their process is the same for all software…just add the user account. So…here is my criteria:
App is installed via a Custom Task Sequence
A task sequence can only be advertised to a computer account
All software is advertised to collections based on AD user groups
Want to maintain the same process
How can I accomplish this? Well…let’s separate the two parts of the process and tackle it differently. The two parts are:
The service desk does (add a user to an AD group)
The software gets deployed to the computer that the user is logged into.
Let’s come back to #1 and look at #2 first. There isn’t a special setting/switch/etc to make it possible to advertise a task sequence to a user account. That advertisement still has to be targeted at a computer. Now…what are the ways that I can get a computer account into a ConfigMgr collection? There are several:
Direct membership – with ConfigMgr console access, I can simply add the computer account to the collection.
Query based – which can be based on any number of things. Common ways of doing this are:
Subselect query – a query to determine all systems that don’t have the software – then install it.
AD group/OU/etc membership.
HW/SW inventory – something in inventory that can be used to trigger the installation.
Now…of those options, we can rule out the direct membership option because I don’t want the service desk to have console access. I can also rule out the subselect, because this is not software that all users should have…it is more specific. I’m also ruling out the AD group membership, because I still want the service desk to only be concerned with adding USER accounts to the AD group. That leaves me with inventory…which gives me options for how to get around my limitation.
What are things that inventory is already grabbing for me…or that I can modify it to grab? I could modify the HW inventory to grab custom registry keys. Or…depending on how I have SW inventory set, I can use it to tell me if certain files exist. By default, all EXEs are inventoried. That is my opening…
What I CAN do is advertise a vbscript to a user or user group. That vbscript does nothing more than create a text file…with an EXE extension that will be picked up by SW inventory. Now…I don’t want to wait for the next inventory cycle, so I can have the vbscript also kick that off for me. So…the script simply writes a file and kicks off inventory.
My task sequence is targeted at a collection that targets computers that have a certain EXE file. This solves my issue. I can now have the service desk add a user to a group. This triggers an advertisement (mandatory and silent) that runs a vbscript that creates an EXE file and triggers the SW inventory. Because the EXE file will then be part of the inventory for the computer account, I can now create another collection/advertisement to target the installation of the software to computers that have the EXE created by the vbscript.
Is it elegant…no. Does it scale…that may be questionable. Does it work…it actually works quite well. Is it fast…not really…but depending on how frequently user and machine policy refresh, I can still get it to the user in a reasonable time frame.
Ran into an interesting SW Dist issue recently. Being that this is the second time in the last couple of months that I ran into this issue, I figured it was worth a blog post.
Scenario is this…I have an application packaged in ConfigMgr and parked on a BITS enabled Distribution Point. The app is advertised to a system. When the user kicks off the program (via Run Advertised Programs), the app starts to download, but appears to hang during the download. The download never completes, and as a result the program is never executed. After a bit of poking in the ConfigMgr logs on both the client (DataTransferService.log and ContentTranferManager.log) and the server, I came up empty…the logs show that it is still in process. I finally looked at the Windows Event logs and found the following (I think it was in the System log…but it might have been Application…can’t remember):
Event Type: Information
Event Source: BITS
Event ID: 16384
Description:
The administrator NT AUTHORITY\SYSTEM canceled job “CCMDTS Job” on behalf of Domain\User. The job ID was {longstringofnumbersanddashes}.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
CCMDTS = ConfigMgr Data Transfer Service. Now…why the heck is the System account cancelling the ConfigMgr BITS download? What is really problematic is that once ConfigMgr starts downloading the package, it turns over the download to BITS and waits for it to respond that the download is complete…which it never does…hence the appearance of the download just hanging.
In researching what was going on I remembered running across this type of issue once before and finding the answer in the IIS logs…remember BITS operates over IIS. In looking at the IIS logs on the Distribution Point, I found this line several times (all of the below is one line…ignore any line wrapping):
Towards the end of that line you will note the HTTP error code of “404 7”. Refer to this page for full info on all HTTP error codes, but in summary a 404.7 equates to “File extension denied”. By default an IIS7 installation will block the delivery of certain extensions and directory names…regardless of file permissions. These settings are stored in the applicationhost.config file. In this instance, the app being deployed had several required files that ended with the “.ldf” extension. To resolve it, I simply had to stop the IIS service, edit the applicationhost.config to remove the line with that restriction, then restart IIS.
I originally ran into this issue with a program that had a “bin” folder…which produced a 404.8 (hidden namespace). This thread on the ConfigMgr TechNet forums was very valuable in pointing me in the right direction.
I have been fighting with a ConfigMgr SW Distribution problem today. When attempting to add a new package to a Distribution Point, I kept getting the following messages in the SMS_DISTRIBUTION_MANAGER status messages:
SMS Distribution Manager is beginning to process package "App Name" (package ID = ABC000AB). SMS Distribution Manager is preparing to send the compressed image of package "ABC000AB" to child site "XYZ". SMS Distribution Manager failed to compress package "ABC000AB" from "\\Domain.com\dfsroot\AppSource\AppNameFolder" to "e:\_S Mq4zc.TMP". The file that failed the compression is "". SMS Distribution Manager failed to process package "App Name" (package ID = ABC000AB).
From the above you can tell that I am using a DFS root for the source of the package…something I’ve done often. I confirmed (multiple times) that permissions were correct. I could open a command prompt running as system and access the files on the share without a problem. I also confirmed length of the path was not too long. No matter what I did, it still failed. Changing it to a UNC path pointing back at the ConfigMgr server would work fine…but could not get it to work from the DFS root.
Here is other relevant data…the ConfigMgr server that I am distributing from is running Windows Server 2008 and ConfigMgr SP2 R2. The file server that holds the DFS root is running Windows Server 2008 R2.
After a long bit of searching I came across a TechNet thread where someone else who was having a similar issue. The last post in that thread has the answer…it’s a bug in Server 2008 when attempting to read a file from a share that isn’t running Server 2008. This doesn’t present itself via the GUI…it only happens when an application is using the BackupRead function to access the files. There is a downloadable fix available (http://support.microsoft.com/kb/973278) that resolved the issue in my case.
For several years now I have been an advocate of not using AD System Discovery in ConfigMgr…mainly because AD always has dead machines accounts. I don’t want those dead machines cluttering up ConfigMgr. I prefer to use a GPO startup script to both install the client and to make sure the client stays healthy. I have used variations of the DudeWorks/1E/Shaun Cassells script.
I have run into one issue with this script during OSD. During my automated deployment using ConfigMgr, I am automatically joining the computer to the domain…into the OU that I want the workstation to be in long term…which is the same OU that I have the health script GPO applied to. The problem is that the startup script checks to ensure that the ConfigMgr client service is running. During OSD…it is not. This causes the script to kick off actions that will mess up OSD. I recently added some code to the script to keep this from happening. It was actually pretty easy…just try to connect to the Task Sequence Environment. If it is able to successfully connect…exit the script. If not…keep going. Here is the code I added:
‘ Don’t run if a Task Sequence is running.
Dim env: Set env = CreateObject(“Microsoft.SMS.TSEnvironment”)
If Err = 0 Then WScript.quit
I would also like to completely update the script…will post it when/if I get the chance. Most of what I would do is standardize the variables (objShell, oShell, WSHShell are all used in the script if I remember correctly…and all are the same thing). I’d also like to set the tabs/indents to make it look cleaner and more organized. But first…I need to get time to do so which isn’t easy to do when I’m already working close to or above 50 hours a week.
This weekend I was setting up a new demo environment on my laptop. This is a VM that I use to demonstrate ConfigMgr and OpsMgr to clients. I also use it for troubleshooting issues. The VM is running Active Directory, DNS, DHCP, WDS, SQL 2008, ConfigMgr SP2 R2, MDT 2010, SCOM R2, along with various other components.
So I’m building a new demo environment because I wanted to be using Windows Server 2008 R2 and SCOM R2. When I went to install SQL 2008, I got an error message:
Invoke or BeginInvoke cannot be called on a control until the window handle has been created.
I did a quick Bing search on the error and found that I’m not the only one who has hit that error. At first, the most promising link appeared to be a KB article addressing that very issue. I also took a look at another link to blogs.msdn.com. That one describes the issue and states that if you restart the install it will probably work. In my case it didn’t work. In the comments section of that post, the very last comment was from someone who states that they simply created a c:\temp folder and it solved the issue.
I was skeptical, but it worked. SQL 2008 went through completely fine after creating that folder.
This announcement is a bit late this year because I wasn’t sure that I was going to be able to come to MMS. I got the clearance to go last week, so I’ll see you in Vegas!
For the third year running we will be having a morning Bible Study/Prayer time. Details are still being nailed down, but plan on meeting with a group of us to get the day started on the right note. This year I have asked a very good friend of mine (Tim Benjamin) to lead the sessions.
If you are interested in coming, please use my Contact Form to send me a note. I’ll email specific location and times to those who are interested (I won’t be posting the specific room number on my blog in order to protect the privacy of whoever is hosting it.)
Although I currently live in Minnesota, I am from the deep south…the great state of Mississippi. A friend from Orlando recently sent this video to my wife and I was amused by this well trained dog who “speaks Southern”.
I am currently on a project delivering a Microsoft Desktop Deployment Planning Service (DDPS) at a client. I am using an unattended script to build a proof of concept lab environment for the client. Part of the POC script is that it requires that the Product Key from the ConfigMgr install files be entered. That product key is embedded in the install files, so this seems a bit redundant, but I’m working with what I’ve been given.
Now…at this client, we are using the ConfigMgr w/ SP2 Evaluation Edition that can be downloaded from Microsoft. In order to get the product key from those install files, you have to start the installation and copy the key out. However…in order to start the ConfigMgr install, it requires that the system be a domain joined server. Because the script sets up the POC server as a new AD Domain Controller, the server is currently in a workgroup. In order to get the PID, I had to boot up my demo environment, revert to a snapshot that I had taken (pre-ConfigMgr install), start the installation and copy down the key.
In order to save myself (and hopefully others) time in the future, here is the product key for the ConfigMgr Evaluation Edition. There shouldn’t be any issues with me posting this key because #1 it is an eval edition that is freely downloadable and #2 the key is embedded in the install files…not like you can use it elsewhere without the eval edition install files. Granted, there may only be three people in the world other than myself that care about this post.
Between MMS and TechEd last year, I was able to snag several people in the Microsoft management and deployment community for interviews for my blog. I finally got around to processing the last of those interviews and prepping it for posting.
I caught Johan Arwidmark just before I walked out the door of TechEd to fly home. It was a fun and entertaining (albeit short) conversation.
Enjoy finding out a bit about the personal side of one of the most recognized names in the worldwide deployment community!
Earlier this week was the January meeting of the Minnesota System Center User Group. Our content this month was centered around writing queries and troubleshooting tips. During the discussion, I was demonstrating how to create a subselect query using the ConfigMgr GUI. This was something that I blogged about almost two years ago…mainly as a thank you to Rod Trent for a fantastic post that he had done way back in 2001. Rod’s post put the creation of subselect queries on the bottom shelf for those of us who aren’t strong in SQL. Note: a subselect query is a “not” query…i.e. return all systems that do not have xyz.
One of the really cool things about our user group is that we have two guys who are Microsoft MVPs for ConfigMgr…Brian Mason and John Nelson from Wells Fargo. If you know anything about John Nelson…it’s that he is a freak of nature when it comes to creating insane queries in ConfigMgr. And yes…in this instance the term “freak of nature” is a high compliment!
So…frequently as we would talk about a particular query or way of searching for something…after we had a workable query, we would ask for input from John on how to improve the query. He had lots of very useful input…including on subselect queries. After the meeting while talking with Brian and John, we discussed creating an updated post on subselect queries…so here goes…
This morning I went to get a plastic cup out of our dishwasher that had just finished running. When I pulled it out, the cup was still dirty…it felt slimy or greasy. It actually made me wonder if we had forgotten to put detergent in the dishwasher when we ran it. I checked and we had put detergent in from a newly opened box. The fact that it was a new box triggered my memory…
I had seen a few news articles last year about some areas passing laws limiting or banning the use of phosphates in dishwasher detergent. In the articles I had seen about states banning phosphates, people quickly found out that their dishes weren’t getting clean. Some residents in Washington state were headed across the border into Idaho to buy detergent.
I checked the box and found the proud proclamation in very tiny print on the back of the box: “Contains no phosphates!” We ran the dishwasher a second time. Same result. I then loaded up my son and headed to Target to see if any other dish detergent had phosphates. After grabbing a box of Cascade that does have phosphates we once again have clean dishes.
I’ve seen the “green” initiatives that are driving the phosphate free dish detergent bans. I support conservation. My family recycles (even with the convoluted restrictions on what can/cannot be recycled in our area). I am very conscious of gas mileage and how the way I drive affects that. I do my best to waste as little as possible. However…if I have to wash a load of dishes multiple times with the phosphate free detergent (and then again with detergent that actually gets the job done)…is that really “green”?
A Sierra Club page claims: “Safe, effective, phosphate-free detergents are already on the market and among the most effective, according to Consumer Reports.” They don’t link to anything by Consumer Reports. After my experience (and the experience of those traveling across state lines to buy detergent) I seriously question the term “effective” in that quote. Matter of fact I found a reference to a Consumer Reports article on dish detergents from August 2009 that stated “Detergents without phosphates … tended to perform worst overall.”
A while back I wrote that I became president of the Minnesota System Center User Group. Right after becoming president, the former president (Joey Gleason) told us about Microsoft’s User Group Support Services. UGSS helps technical community leaders with speakers, funding, publicity and SWAG for events.
Pretty soon after that, Tim Zabilla (the VP of the user group) signed up our group with UGSS. A couple of months later Tim and I got an email from UGSS giving us the opportunity to register for a “User Group Kit”. The email said the kit would be a $500 value of SWAG to give away at the user group. I jumped on it and immediately registered our group for one of the kits before they ran out.
It arrived today. WOW! So…inside were really two kits. First was the “Leadership Assistance Kit” pictured to the side (click it for a better view). It contained:
Ask my wife…I was excited. Then I read the letter that came with the kit and got surprised again. The exact quote was: “we are getting back on our regular schedule of shipping user group kits on a quarterly basis. Enclosed is your group’s kit for this quarter.” Seriously? In a few months we’re going to get another one of these!
That is AWESOME! I can hardly wait til the February meeting (Feb 18) to give a bunch of stuff away!
Recently I was working with a client who had the following business requirements:
Users are not administrators on their XP workstations
Traveling users need the ability to install “whatever software they wish” while on the road
That’s a tricky combination of requirements. At face value this isn’t possible. As I was thinking through the problem, I came up with an idea for how to get around this issue. I could create an HTA/VBscript wrapper that I would advertise with ConfigMgr…that the user could run via Run Advertised Programs. Through this HTA they would be able to browse to locate the EXE/MSI that they wanted to install. Because it is running via ConfigMgr, it will have permissions…running as Local System.
The script could also have other data gathering capabilities for inventory purposes. Obviously from an enterprise perspective, someone would need to periodically review this inventory to ensure that all software was properly licensed…and that the user wasn’t installing garbage software.
Now…from a “best practices” perspective, this is not something you want to do. Way too big of a whole for garbage to enter your environment. But…if this is a requirement for whatever reason…at least theoretically, this would work. I have not written the script yet. We are still talking with the client about whether this is a true requirement or not. That is yet to be determined.
After fleshing out the idea, I called Brian Mason to run the idea by him to see if I was in the ballpark of reality. He confirmed that this would work. I think his statement was something like, “Oh yeah, people have been doing that for years.” So…while it may have been a great idea…it’s not an original idea. :-)
Was recently working on upgrading SMS 2003 to ConfigMgr SP2 and ran into a problem upgrading the database. All pertinent prereqs passed, but when it started the actual installation, it errored out with the following popup:
When I checked the ConfigMgrSetup.log file, I saw the following messages:
Upgrade database… The database compatibility level for SMS_CC1 is 90 ***SqlError: [08S01][11][Microsoft][ODBC SQL Server Driver][Shared Memory]General network error. Check your network documentation. READ_COMMITTED_SNAPSHOT enabled. ***SqlError: [42000][5808][Microsoft][ODBC SQL Server Driver][SQL Server]Ad hoc update to system catalogs is not supported. SqlExecute <if NOT EXISTS(select * from sys.configurations where name=’clr enabled’ and value_in_use=1) begin exec sp_configure ‘clr enabled’, 1 RECONFIGURE end > FinalSqlOperations::Could not enable SQL CLR. Setup cannot upgrade the ConfigMgr database. Contact your SQL administrator.
So…I searched on everything in those log entries and came up blank. Ad-hoc updates are enabled. Setup was successfully enabling SQL CLR. Something was still failing.
I finally came across this forum thread where a user stated that the problem in their environment was the SQL authentication mode. Now…I’ve always seen that message during the prereq check, but since it is a warning instead of an error, I have always ignored it…and have never had a problem until now. After changing the SQL authentication mode to be only “Windows Authentication”, the setup went through without a problem.
