Serge Chegorian's System Center Blog

Serge Chegorian's System Center Blog

Issue with editing SCOM 2012 Subscription criteria via GUI

August 7th, 2015

When editing SCOM 2012 Subscription criteria via GUI you may have the following error message:

“The criteria associated with this notification subscription are of a form not supported by the Operations Manager Console. You may continue through this wizard, and the criteria will remain unchanged.”

That typically means that your criteria are referencing to the non-existing rule or monitor. This is how to fix it:

Go to SCOM PowerShell. Get your criteria using the following command:

Get-SCOMNotificationSubscription | Where-Object {$_.DisplayName -eq “<Your faulty subscription name>”} | Format-List DisplayName,@{Label=”Criteria”,Expression={$_.Configuration.criteria}}

This will produce XML file with the following format:

<Expression>
<SimpleExpression>
 <ValueExpression>
  <Property>ProblemID</Property>
 </ValueExpression>
 <Operator>Equal</Operator>
 <ValueExpression>
  <Value>aaa0000-0000-0000-0000-000000000000</Value>
 </ValueExpression>
 </SimpleExpression>
</Expression>

Every value represents a rule or monitor ID. Extract all these values. For each ID run the following command:

Get-SCOMMonitor -id aaa0000-0000-0000-0000-000000000000 | Select-Object Name

This will give you the rule or monitor name. The ones returning no result are your non-existing ones. Record names for the existing rules or monitors.

Delete the faulty subscription and recreate it from scratch. Now you have all your criteria.

SCCM2012: IP Subnet vs. IP Range Boundary

June 1st, 2015

I was unable to find any reference on Microsoft network but eventually this is confirmed after a number of tests. No matter what you put as a subnet mask whent creating a new IP subnet site boundary, but SCCM is always using 255.255.255.0 (/24) mask.

So if you want to have a wider range of addresses (in my case it was /20) use IP Range boundary instead of IP Subnet boundary.

How to prestage a large number of applications in SCCM 2012

May 29th, 2015

In some circumstances specifically if you are dealing with a slow network package distribution over WAN may be unreliable and it would worth to prestage the content and then copy it to the remote Distribution Point using an alternative method, for example media sent with a courier. So the question is how to script out prestaging process for a large number of applications.

In SCCM 2012 SP1 onwards there is a new cmdlet Publish-CMPrestageContent. The syntax of this command is:

 

Publish-CMPrestageContent -<ApplicationId|PackageID|DriverPackageID|OperatingSystemImageID> <String[]>  -DistributionPointName <String[]> -FileName <String[]>

Where:

DistributionPointName is FQDN of the Distribution Point which already has a copy of the package. You cannot prestage a package until it is successfully distributed to at least one DP.

FileName is a prestage file name

For example:

Publish-CMPrestageContent -PackageID “XYZ000C0″ -DistributionPointName “XYZSERVER.LOCAL” -FileName “C:\Temp\XYZ000C0.pkgx”

The tricky bit here is that ApplicationID is a new, SCCM 2012 specific package ID which is different to the “classic” site code plus 5 digits package ID format. Fortunately every application has both new and classic ID’s. But keep in mind that if you decide to use SMS_Application WMI class in order to identify ApplicationID by PackageID it would fail because PackageID property of SMS_Application class is so called “lazy” property and is not populated.

You have to use SMS_CIContentPackage class or v_CIContentPackage view if you prefer SQL in order to establish relation between PackageID and ApplicationID.

In order to perform a bulk import of the prestaged content on the remote Distribution Point put all PKGX files in the same folder and then run this one line command:

for /r c:\temp %s in (*.pkgx) do extractcontent /P:%s /S

A couple of important notes at the end:

  1. By default SCCM Powershell execution policy is set to AllSigned and cannot be reset to Unrestricted using Set-ExecutionPolicy. If you run a script set it to RemoteSigned.
  2. SCCM Powershell does not execute scripts outside SCCM environment. If you change SCCM Powershell to any local drive your script would not execute.

How to export SCCM 2012 ADR

May 11th, 2015

How to export SCCM 2012 Automatic Deployment Rule?

1. Start SCCM 2012 PowerShell core by clicking on the down arrow in the left upper corner of SCCM 2012 Management Console – Connect via Windows PowerShell.

2. Use Get-CMSoftareUpdateAutoDeploymentRule to display all rules or Get-CMSoftareUpdateAutoDeploymentRule -Name “<rule name>” to display a specific rule.

3. Format output and/or redirect it to a file

Co-hosting SCCM PXE point, DHCP and WDS services

January 22nd, 2015

SCCM PXE point or SCCM PXE enabled distribution point can be co-hosted with DHCP services. This configuration though is not recommended but is fully supported by Microsoft.

In order to configure DHCP and Windows Deployment Services on the same host you must do the following:

1. Install DHCP and WDS

2. For DHCP configure option 60 with with the value PXEClient. Do not enable and configure options 66 and 67.

3. Go to WDS properties, tick an option ‘Do not listen on port 67

Now you can start using WDS or configure SCCM PXE option on the top of WDS

SCCM 2012 Software Updates do not install

August 25th, 2014

In SCCM 2012 you may come across the situation when you crate a Software Update package but it does not install. You may check DP, policy, client and you see it is detected but is still not deployed.

Have a look at your package size specifically the number of updates. Exactly like for application each Software Update has it’s maximum runtime which is unmanageable in SCCM 2007 and can be changed in SCCM 2012 R2 (10 minutes by default). The total runtime for the package is a sum of maximum runtimes for every individual Software Update. If this sum exceeds 24 hours your package will never run because SCCM believes there is no window to run it.

Split up your package in several smaller packages and it will work.

SCCM 2007 R3 Reporting Point Error 500

August 1st, 2014

Sometimes when you access SCCM 2007 reports running on Reporting Point you may see HTTP Error 500 – Internal server error. If it affects some of your reports where you would anticipate a large number of records in the output it could be caused by insufficient buffer size. This is a well known issue and the work around it can be found here.

But what if all your reports are affected? Try several reports again and go to IIS logs. You will see something like this:

GET /SMSReporting_XXX/Report.asp ReportId=200|372|ASP_0177_:_8007007e|Server.CreateObject_Failed 80

This means that one of Reporting Point ActiveX is missing.

Check <webroot>\SMSComponent folder. If consistent it must contain the following files:

    FormatMessageCtl.dll
    smscomponent.dll
    SMSRPH.exe

Most likely FormatMessageCtl.dll will be missing

Go to SCCM 2007 SP2 set up DVD, SMSSETUP\BIN\I386

Run reportinginstall.exe /x

Select the file FormatMessageCtl.dll (you will see 3 instances but they are all the same) and extract it to <webroot>\SMSComponent folder.

That’s it, you don’t need to register this DLL or restart IIS and SCCM. Just run report again.


Why did it happen?

Go to <wwwroot>\SMSReporting_<site code> folder and check for install.log file. Check the file time-stamp and dates in the file. Most likely your Reporting Point was recently reinstalled.

SCCM Component Manager service “pings” all installed components every 3600 seconds. If it does not have a response for several consequent attempts it reinstalls the component. This is the feature of SCCM 2007 and according to Microsoft Premium Support it cannot be configured or adjusted. So apparently something has happened to your Reporting Point which has triggered component reinstallation.

Nokia 1020 – a good gadget but mediocre as a phone

April 25th, 2014

This is a sort of disappointment about Nokia Lumia 1020. So much of PDA and so few of a mobile phone which it supposes to be.

I will be a bit more specific.

1) Ringer and music controls are not independent. Yes, that’s right, they are not. Even iPhone have them independent but for whatever reason not a new Nokia.

2) Ringer profiles have gone and vibration is turned off and on independently. Forget about ‘Silent’, ‘Meeting’ and ‘Outdoor’ settings. Now you have to go to several places and switch several controls to have your desired setting.

3) Alarm does not work when the phone is switched off! That’s a shame.

Overall experience – it’s a great gadget but it does not have a mobile phone functionalities therefore it is a mediocre phone.

No response from Windows Deployment Services server

March 26th, 2014

When attempting to PXE boot from SCCM 2007 or 2012 PXE boot point you may have the following symptom:

  • Windows Deployment Services service is stopped and cannot be started.

The most likely cause of it is the corrupted boot image (WinPE WIM) file.

Workaround:

Remove all boot images from the affected PXE Boot/DP. Start WDS service. Then start adding images one by one. Restart WDS once you can see every new package under :\RemoteInstall\SMSIMAGES\SMSPKG. If WDS crashes again, this is the corrupted one. You will need fix or regenerate this WinPE image.

Sometimes you may have this error message:

Downloaded WDSNBP...

Architecture: x64
WDSNBP started using DHCP Referral.
Contacting Server: 10.1.242.33 (Gateway: 10.1.204.1)...
No response from Windows Deployment Services server.
Launching pxeboot.com...
Press F12 for network service boot
If I press F12, I receive a Windows Boot Manager error message (which I would expect if there's no response from the server):
Windows failed to start (etc.)
File: \Boot\BCD
Status: 0xc000000f
Info: An error occurred while attempting to read the boot configuration data.

The root cause of this issue is that you are building x64 system but your PXE boot/DP has no x86 WinPE WIM. Even on x64 systems x64 WinPE requires a boot loader from x86 version. Once you publish it the problem should disappear.

How to add packages to the distribution point using PowerShell

March 26th, 2014

This script should be executed on the primary site server

$sitecode = “XYZ”
$nameSpace = “root\sms\site_XYZ”
$sitename = “XYZ GmbH”
$newBDPName=”servername”

$ListOfPackages = @{“XYZ000001″,”XYZ00002″}

if ($ListOfPackages -ne $null) {
foreach ($packageID in $ListOfPackages) {
$NewDistPointForPackage = @{
PackageID = $packageID;
ServerNALPath = “[`"Display=\\$newBDPName\`"]MSWNET:[`"SMS_SITE=$sitecode`"]\\$newBDPName\”;
SiteCode = $sitecode;
SiteName=$sitename;
SourceSite = $sitecode;
ResourceType = “Windows NT Server”
}
Set-WmiInstance -class SMS_DistributionPoint -arguments $NewDistPointForPackage -namespace $nameSpace
}
}

Hyper-V replication and High Availability cheat sheet

November 5th, 2013

What’s required and what’s not for Hyper-V replication and high availability.

 

Prerequisites

Technology

Active   Directory

Shared   Storage

VMM

VM Replication

No

No

No

VM HA (cluster)

Yes

Yes

No1

VM Live Migration

Yes

No2

No1

 

1 – VMM would help building it and significantly improve manageability but it’s not a prerequisite though

2 – Windows Server 2012 and later.

Regular patching of VM templates using WSUS

October 22nd, 2013

This article explains how to facilitate regular VM template patching using WSUS.

1. Set up WSUS on your template library. Identify all Operating Systems you want to get serviced. Set up WSUS auto approval rule which will automatically approve all updates. Let’s say your library server has 2 drives, C: and D:, WSUS updates folder is set as C:\WSUS and VM templates are stored in D:\Templates. Create C:\WSUS\AllUpdates folder, this is where we will extract all updates to.

2. Create a test file templates.to.update.txt and put all template file names including full path into this file.

3. This script will do the rest:

@echo off
rem
rem This script updates all templates listed in templates.to.update.txt file
rem
rem Created by Serge Chegorian
rem This script is provided as-is, and makes no claim to the validity and accuracy of the content.
rem Use this code at your own risk. I am not responsible for any harm done as a result of using the content
rem or code provided on this Web site.
rem

rem Extracting all available updates and put them to C:\WSUS\AllUpdates
for /r c:\wsus\wsuscontent %f in (*.cab) do copy %f C:\WSUS\AllUpdates /y

rem Pick up template name one by one
for /f %%i in (templates.to.update.txt) do call :update_template %%i
goto :EOF

rem Patching subroutine
:update_template
echo select vdisk file=%1 > diskpart-attach.txt
echo attach vdisk >> diskpart-attach.txt
echo list volume >> diskpart-attach.txt

rem The volume number is a number of existing volumes on the server plus one.
echo select volume 3 >> diskpart-attach.txt
echo assign letter=v >> diskpart-attach.txt
diskpart /s diskpart-attach.txt
dism /image:v:\ /Add-Package /Packagepath:C:\WSUS\AllUpdates
echo select vdisk file=%1 > diskpart-detach.txt
echo detach vdisk >> diskpart-detach.txt
diskpart /s diskpart-detach.txt
exit /B
:EOF

4. Schedule this script to run once or twice per month. This is it.

Dependency consideration

Some updates might be dependent on other updates. Microsoft recommends to identify this dependency and install updates in correct order using DISM answer file. Another option is when you start with unpatched template patch it 2 or 3 times, identify when it becomes fully patched by brining it online and then just patch it on monthly basis.

Training and Exams

August 25th, 2013

After completion of all my outstanding courses in MVA I have earned precisely 1024 (1K) points. Funny that.

Also passed 70-246 last week. Keep in mind that 60% of the exam are based on 3 different case studies, 7 questions each. Read each CS carefully because each question is related to a part of the CS, not entire case study. Have a good hands-on experience and good luck.

How to create a new SCCM system role with a script

August 8th, 2013

Both SCCM 2007 and 2012 keep system role information in the site control file. So the two main operation at the begining and at the end of the script will be getting the file handle, refreshing the file, commit changes and release the handle.

$ComputerName = "MySiteServer"
$MyNewRoleServer = "MyNewRoleServer"
$sitecode = "ABC"
$nameSpacePath = "\\$ComputerName\root\sms\site_$sitecode"
$domainname=".mydomain.local"

# Get a session handle for the site control file
$scf = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name GetSessionHandle -computername $ComputerName

# Refresh the WMI copy of the site control file
$refresh = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name RefreshSCF -ArgumentList $sitecode -computername $ComputerName
<#
your main script will be here
#>
# Commit site control file from WMI to the actual file
$commit = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name CommitSCF $sitecode -computername $ComputerName

# Release session handle
$scf = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name ReleaseSessionHandle -ArgumentList $scf.SessionHandle -computername $ComputerName

SCCM Distribution Point Groups Audit

July 29th, 2013

In a complex SCCM environment when you’re dealing with a large number of Distribution Point Groups it is always good to run a periodic audit. There is no out of box report so here are some reports I use.

1. List of all DP groups and group members:

select distinct sGroupName, SUBSTRING(NALPath,
CHARINDEX(‘\\’, NALPath) + 2,
CHARINDEX(‘”]’, NALPath) – CHARINDEX(‘\\’, NALPath) – 3 ) as [DP Name] from v_DistributionPointGroup where NALPath not like ”* order by sGroupName asc, “DP Name” asc

*) – the first record is always a blank ‘placeholder’

2. The list of Members of Specific DP Group – Secondary

select SUBSTRING(NALPath,
CHARINDEX(‘\\’, NALPath) + 2,
CHARINDEX(‘”]’, NALPath) – CHARINDEX(‘\\’, NALPath) – 3 ) as [DP Name] from v_DistributionPointGroup where sGroupName=@DPGroupName* and NALPath not like ” order by “DP Name” asc

*) Prompted value

3. List of all DP groups DP belongs to – Secondary

select sGroupName as [DP Group Name] from v_DistributionPointGroup where NALPath like ‘%’+@DPName+’%’ and NALPath not like ” order by “DP Group Name” asc

*) Prompted value

How to populate SCCM collection with the members of subcollection

July 18th, 2013

In some situations you may want to populate your collection with the members of all its subcollections. For example you want to assign the same maintenance window to several dynamically populated collections and to minimize the administrative overhead. If your child collection ID’s are for example ABC000A1 and ABC000A2, your parent collection query will be:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,
SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,
SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId in (select ResourceID from SMS_CM_RES_COLL_ABC000A1) or SMS_R_System.ResourceId in (select ResourceID from SMS_CM_RES_COLL_ABC000A2)

Controlled bulk SCCM agent deployment

July 16th, 2013

In some situation, for example, when you roll out SCCM in the existing environment, you might need to take a staged approach deploying a large nuber of clients at the same time but not to entire fleet at once. Push method is not good because when you enable it it is attempting to deploy client to every discovered system at once.

The method we will use manually creates Client Configuration Record (CCR) file for each system we want to deploy the agent to. CCR file is a simple text file with the following content:

[NT Client Configuration Request]
  Client Type=1
  Forced CCR=TRUE
  Machine Name=COMPUTERNAME

All you need to do is to replace COMPUTERNAME with your discovered system name, name this file as YOURSSYTEM.CCR (this file name could be random, only the file content is important) and copy it to inboxes\ccr.box folder on SCCM site server. Few seconds later SMS Spool service will pick it up and initiate client push to YOURSSYTEM.

Now you can schedule a task which will create as many CCR files as you want in inboxes\ccr.box folder. You may also place a delay between cycles in order to minimize an impact to your network.

The blog is back

July 13th, 2013

Now after several weeks of silence my blog is back online, unfortunately with a new host name. My old an well-known domain name chegorian.com, which I registered 15 years ago has been hijacked and stolen. It is currently “owned” by the company called Aplus.Net. I have raised several complaints with ICANN but I do not really believe I will ever reclaim this domain name again. However I will keep my old logo on the top of the page.

Anyway I had to start this site from scratch. So be it…

Serge Chegorian's System Center Blog

Serge Chegorian's System Center Blog