The Realm of the Verbal Processor

Jarvis's Ramblings

OS for SCCM Install – revisited

Last October I gathered a lot of info about whether it was better to install SCCM on a 32 bit or 64 bit OS. My post at that time concluded that installing on 64 bit was possibly the better choice, and that was the direction that I went.

Over the last weekend while I was in Bristol with Tim, we got to discussing this issue. He had just uploaded a post to his blog reversing his original opinion that x64 was the best route. His post had some pretty good reasoning in it…in particular the fact that when monitoring SCCM using SCOM, the “SCOM agent will not be able to correctly monitor the 32 bit SCCM processes running on the x64 system.”

Wonderful. At this point, we don’t have SCOM set up in our environment, but I know it is coming. I will probably be looking into transitioning my SCCM install off of the x64 OS as a result. I’m currently downloading the ISO for Windows Server 2008 (32 bit) from our MVLS site. Not a major rush because of monitoring, but I would rather go ahead and make this transition before I move the rest of our clients (approximately 900 workstations) from our SMS 2003 system over to SCCM.

This will also allow me to do a real world test of my disaster recovery plan for my SCCM environment.


March 20, 2008 Posted by | ConfigMgr | , , , | 2 Comments

SCCM Reference Sites

I’ve spent a ton of time learning SCCM from various resources. I just discovered another one today, and figured there are probably others out there who are also looking for information related to SCCM. Here are the sites that I have found to be the most useful.

This is a great place to get help from the user community. Response times are typically pretty good, and there are some folks on there that are really brilliant. I try to help when someone asks a question that I know about, but I am by no means one of the experts on the forum. My username on the forum is jdavis375.

Technet Forums

The best thing about this forum is that members of the SCCM product team are answering the questions (at least they are right now). I have gotten very timely definitive answers on the posts that I have left here.

OSD Technet Blog

Just found this one today. Pretty good resource for certain aspects of Operating System Deployment in SCCM.

SCCM Documentation Library

Need to read the manual? Here it is. Personally I have been frustrated with this. The documentation isn’t live updated…updates come in chunks. Also…I’ve had trouble finding the information that I am looking for in the documentation. Most of the time, the info is there…I just can’t locate it. Even searching is of limited use. Maybe I’m missing something, but I haven’t been able to find a way to limit the search to just the SCCM section…it returns results from all of Technet. Still a good resource…I just have issues with it.

Tim’s Blog’s just one post, but it’s a really good post. Tim has lots of knowledge…just not lots of time to put that knowledge on his blog. However, if you have dealt with SPN issues related to using a remote database in an SCCM install, you need to look at this post.

Rod Trent’s Blog

A few of Rod’s articles have helped me. In particular, the one on subselect queries…I no longer fear them.

Sherry Kissinger’s Blog

Sherry is one of the “really brilliant” people that I referred to above. She has responded to a couple of my questions…always with good information. She is a Microsoft MVP for SMS.

If anyone reading this knows of other good resources, leave a comment to let the rest of us know about them.

March 6, 2008 Posted by | ConfigMgr | , , , , | Leave a comment

Build and Capture Task Sequence Failure

I have fought with this before and didn’t figure it out. Been fighting with it again and finally made an educated guess that has since been backed up by finding a thread to support my findings.

I created a Task Sequence in SCCM to “Build and capture a reference operating system image”. I am using the Vista SP1 DVD that I imported into Operating System Install Packages. It gets part of the way through the install, and then fails. By opening a command prompt on the machine running the Task Sequence (F8), I was able to look at the log files. In looking at the x:windowstempsmstslogsmsts.log log file, I saw an entry that stated “Windows Setup Failed, code 31”. That was followed by “Exiting with code 80004005“. Not a lot of help. Then I found the x:\windows\temp\smstslog\windowssetuplogs\setuperr.log log file. That contained the following lines:

Callback_Productkey_Validate: EditionID for product key was NULL.
Callback_Productkey_Validate: An error occurred writing the product key data to the blackboard.
Callback_Productkey_Validate_Unattend:Invalid product key; halting Setup.[gle=0x00000490]
Callback_Productkey_Validate_Unattend: An error occurred preventing setup from being able to validate the product key; hr = 0x80300006[gle=0x00000490]

Now…I know that my volume license product key is good. I’ve been using it for a long time. Just for grins I popped the Vista DVD in a spare computer and confirmed it. Why is it telling me the license key is invalid?

So here comes the educated guess. I modified the Task Sequence to not use a Product Key…just left that field blank. Hmmm…the install works perfectly fine. That led me to search on something different and find this thread. Basic gist is that if you are using a Task Sequence to install an OS using an Operating System Install Package, you should NOT specify a product key. Perhaps that is documented somewhere, but I haven’t seen it. It is however doggone frustrating to have wasted as much time as I have on this problem.

February 27, 2008 Posted by | ConfigMgr | , , , | 16 Comments

Subselect Query in SCCM

Update (1/30/2010):  We recently discussed subselect queries at the Minnesota System Center User Group. That discussion prompted me to write an updated post on subselect queries.

Please refer to the following post for better information on how to create subselect queries that are faster and more efficient.

Original Post:

One of the things that I have fought with in SMS/SCCM is a “NOT” query. Example is needing a query that shows me all computers that do not have Office 2007 installed. If you create your query to look in Add/Remove Programs and find a “Display Name” that is not “Microsoft Office Professional Plus 2007”, you will not get what you might expect. The reason is that it finds a computer that has something like Adobe Acrobat installed. Well…that is a display name in Add/Remove Programs that isn’t Office 2007…so that computer gets returned by the query.

To get the expected results you have to run one query that selects all computers that DO have Office 2007 (or whatever other program you are interested in…for that matter it doesn’t have to be a program…could be anything you want to query on), then you run another query that gives you all of the computers that are NOT in the first query. This is called a subselect query. This query ends up looking like the following:

select SMS_G_System_SYSTEM.Name from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SYSTEM.Name not in (select SMS_G_System_SYSTEM.Name from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft Office Professional Plus 2007”)

I am not a database guy. I am not a really proficient query writer. Subselect queries confuse the heck out of me. I have fought trying to write subselect queries for a couple of years now. I have really struggled with them.

Today while setting up something in SCCM, I needed a subselect query. I need to find computers that are a member of a particular AD OU, and if they don’t already have certain programs, I want the programs to automatically install. That requires a subselect query. They confuse me. I went to to find an example that I could then modify.

In my searching, I came across this thread. In that thread, someone linked to an article written by Rod Trent about how to create subselect queries. WOW is that a good article! What makes me feel really stupid though is that there has been a way since SMS 2003 to create a subselect query by pointing and clicking…I had no idea and wish I had known before today. It made me really happy to find it and see it work. I actually got out of my chair and started dancing in the office. The people around me looked at me funny, but honestly I was happy enough that I didn’t care!

And for those of you who know me…go ahead and try to get that image of me doing the happy dance out of your head! Good Luck! :-)

February 26, 2008 Posted by | ConfigMgr | , , , | 11 Comments

SCCM SQL Cluster Problem

Earlier this week I had an issue with backing up SCCM that was because Kerberos was not enabled on the cluster. Got that fixed, but I was noticing other things on my SCCM server that just didn’t seem right. (Instructions for how to enable Kerberos are in the link above.) In particular I noticed that my Site System Status was red. In looking into this I saw where SCCM was referencing the SQL cluster nodes directly…not the SQL cluster. That’s not good. So I took a look at the Site Systems (under Site Settings), and here is what I saw:

Bad SQL 

What you see here is that the SQL cluster does NOT hold the site database role. That role is held directly by the SQL nodes. What happened was that although Kerberos must be enabled on the cluster for normal SCCM operation, the pre-req checker apparently does not check for this. As a result it allowed the install to go through and ended up installing directly to the nodes instead of to the SQL cluster…because it could not see the cluster since Kerberos was not enabled on it. Anyway…all of that said…it’s a major problem. Site Status is red. Who knows what would happen in the event of a SQL node failover.

So I got to thinking. I’m pretty sure the problem is a result of the database being created on the SQL server before Kerberos was enabled. In theory, I should be able to move the DB elsewhere, then move it back (now that Kerberos is enabled) and everything would be lovely again. Nice theory. But will it work? Enough thinking…let’s find out.

I moved the DB to a SQL named instance on the same server using the instructions found here. [Note…at the time of this writing there is a mistake in the instructions. Between steps 2 and 3 should be a step about actually going into SQL server and detaching and attaching the site DB. I reported it, and Microsoft acknowledged that it is missing and it will be fixed in the next update of the documentation.] After bringing up SCCM on the named instance, I shut it back down and used the same process to move it back to the default instance. Here is what it looks like now:

Good SQL 

Note that the site database role is on the SQL cluster now. The two nodes are still in the list, but they have no roles associated with them. Right clicking them does not give an option to delete. According to Wally Mead and Stan White, those two should age out of the system after 30 days. The very nice thing is that my Site Status is now a lovely shade of green.

I reported this issue as a bug in SCCM. Got a great response from Wally Mead. He assigned it to the SCCM SP1 team for possible inclusion in SP1. Very cool!

February 1, 2008 Posted by | ConfigMgr | , , , | 6 Comments

SCCM Backup Issues

For the last week I have been attempting to back up my SCCM server before it goes into production. The backup has been failing, so I have been in major “trouble shoot” mode. Basic scenario is this… SCCM is installed on a VMWare virtual machine. The SQL database is offloaded to a clustered SQL server. When the backup ran, it would fail after about five seconds and leave the following four lines in the smsbkup.log.

Info: Sending message to start the SQL Backup…
Couldn’t connect to \\SQLcluster registry
STATMSG: ID=5049 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_SITE_BACKUP” SYS=SCCMserver SITE=LHT PID=3400 TID=924 GMTDATE=Wed Jan 23 19:21:16.539 2008 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0
Error: Failed to send start message to the SqlBackup.

I re-confirmed that the SCCM server’s machine account was in the admin group on the SQL server. I also knew that I had already taken care of the SPN registration issue, so I posted on the Technet SCCM forum. In hindsight, Stan White (a moderator on the forum) nailed the answer on his first reply…I just misunderstood what he was saying. After much other troubleshooting, I realized that if I started a cmd prompt as local system, I was able to map a drive to the administrative shares on the SQL server nodes as local system, but I was NOT able to map a drive to the cluster. (i.e. SQLcluster is made up of SQLserver1 and SQLserver2. I was able to map to \\SQLserver1\c$, but was not able to map to \\SQLcluster\c$.) This led me to search Google and found this thread (and Ragnar’s post in particular) which put me in the right direction…the direction that Stan specifically pointed to.

The root problem is that Kerberos authentication was not enabled on the cluster. When Kerberos is enabled on the cluster, it publishes the cluster name to Active Directory. Until that is done, the server name “SQLcluster” does not exist in AD…so it can’t be communicated with via Kerberos. I found a few articles that talk in more detail about how to enable Kerberos on the cluster here, here, and here.

After our DBA enabled Kerberos on the cluster last night, I was able to get a successful backup. Now I can move on to other things.

I’d like to acknowledge that my friend Tim is the one who asked a couple of key questions about authentication that caused me to find Ragnar’s post above.

January 30, 2008 Posted by | ConfigMgr | , , , , , | 2 Comments