Tag Archives: SCCM 1511

Using the SCCM CB Service Connection Point in Offline Mode

Here is a basic description and some notes made during the upgrade of SCCM CB from version 1511 to 1602 using the Service Connection Point (SCP) site system role in Offline Mode.

Assumption

The SCP role has been installed and configured in Offline Mode.

Before Starting

  • The procedures below use the serviceconnectiontool.exe tool.
  • This tool can be found in a folder on the SCCM Site Server here: ..\Microsoft Configuration Manager\cd.latest\SMSSETUP\TOOLS\ServiceConnectionTool.
  • All commands documented should be run from an admin command prompt at the folder where the serviceconnectiontool.exe resides, in this case C:\Temp\ServiceConnectionTool.
  • If the SCP is installed on a remote server, all the contents of the ..\Microsoft Configuration Manager\cd.latest\SMSSETUP\TOOLS\ServiceConnectionTool folder need to be copied to a folder on the SCP server, e.g. C:\Temp\ServiceConnectionTool.
  • In this case the SCP is on a remote server, with Internet access.  Once the contents of the ServiceConnectionTool folder are copied to the remote server, two subfolders called Data and Packages were created.

The Data folder is for the output files that are to be uploaded.

The Packages folder is for the data downloaded – this folder must be empty for the download to even start.

Main Procdure

Microsoft describe this as a three-step process.

Prepare – run this command to prepare the usage data
  • serviceconnectiontool.exe -prepare -usagedatadest C:\Temp\ServiceConnectionTool\Data\DataUsageData.cab.
Connect – run this command to upload the usage data and download the updates
  • serviceconnectiontool.exe -connect -usagedatasrc C:\Temp\ServiceConnectionTool\Data\DataUsageData.cab -updatepackdest C:\Temp\ServiceConnectionTool\Packages.
Import – run this command to import the updates into SCCM

serviceconnectiontool.exe -import -updatepacksrc C:\Temp\ServiceConnectionTool\Packages.

Installing the Updates
  • Once the updates have been imported they can be seen in the SCCM admin console by navigating to \Administration\Cloud Services\Updates and Servicing.
  • The menu options offer the choices to run the Prerequisite check and Install Update Pack.
  • The Show Status link navigates to \Monitoring\Overview\Site Servicing Status where the Show Status menu option provides progress information.

Notes

  • The output of the DataUsageData.cab output file can be viewed by running this command:

serviceconnectiontool.exe -export -dest C:\Temp\ServiceConnectionTool\Data\UsageDataExport.csv.

  • Once the update has been successfully installed a prompt to upgrade the admin console appears if the Show Status option is selected in the \Monitoring\Overview\Site Servicing Status pane.
  • Clients can be upgraded using Client Push or the automatically if the Upgrade all clients in the hierarch using production client check box is selected under \Administration\Overview\Site Configuration\Sites and selecting the Hierarchy Settings menu option, then the Client Upgrade tab.

References

https://technet.microsoft.com/en-us/library/mt691532.aspx.

As always thanks to Niall Brady for this much more detailed description and screenshots https://www.niallbrady.com/2016/01/08/how-can-i-use-updates-and-servicing-in-offline-mode-in-system-center-configuration-manager-current-branch.

 

SCCM 1511 Computer Automatic Approval Not Working

Scenario

  • Clean SCCM 1511 install.

Problem

  • Noticed in the SCCM Admin Console that all the domain-connected clients were ‘waiting approval’ even though he Hierarchy Settings were correctly configured to automatically approve computers in trusted domains (right-click the Sites node under Site Configuration in the Administration workspace).

Root Cause

  • IIS on the Management Point did not have Windows Authentication enabled.

Solution

  • Enable Windows Authentication in IIS and restart all affected client agents.

Note:  Check all SCCM virtual directories have Windows Authentication enabled once enabled at server level.

SCCM 1511 Only User and Machine Policy Evaluation Actions Shown in Control Panel

Scenario

  • Clean SCCM 1511 install.

Problem

  • Only User and Machine Policy Evaluation actions shown in Control Panel on all clients.

Root Cause

  • IIS on the Management Point did not have Windows Authentication enabled.

Solution

  • Enable Windows Authentication in IIS and restart all affected client agents.

Note:  Check all SCCM virtual directories have Windows Authentication enabled once enabled at server level.

 

SCCM 2012 Endpoint Protection Policy Templates

SCCM 2012 and newer versions include some Endpoint Protection templates containing predefined settings for different types of systems such as SQL Server and Exchange.

The templates are storage in the ..\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates.

Additional templates can be found here: https://gallery.technet.microsoft.com/System-Center-Endpoint-65917b04/view/Discussions.

The templates are imported using the SCCM Admin Console as follows:

  • In the admin console, navigate to \Assets and Compliance\Overview\Endpoint Protection\Antimalware Policies.
  • Right-click Antimalware Policies and select Import.
  • Browser to the folder stated above and choose the appropriate template.

 

 

 

SCCM 1511 Installation Notes

Done a couple of upgrades from SCCM 2012 R2 SP1 to SCCM 1511 and they were straight forward as the prerequisites were in place already.  The notes below were taken doing a new install of SCCM 1511,  albeit into a Active Directory domain that already had the schema extended and appropriate user accounts in place.  In general the preparation required is very similar to doing a SCCM 2012 install.

Environment
  • All servers running Windows Server 2012 R2 RTM.
  • 1 x Standalone Primary Site Server
  • 1 x SQL Server 2014 Database Server (used for SCCM and WSUS databases)
  • 1 x Software Update Point Server
Preparation – all servers

As the servers were not to be exposed to the existing SCCM 2012 environment, including the 2012 SUP,  the following updates were applied to the servers in the stated order:

  • KB2919442  – this is a prerequisite for Windows Server 2012 R2 Update and should be installed before attempting to install the following updates
  • KB2919355
  • clearcompressionflag.exe
  • KB2919355
  • KB2932046
  • KB2959977
  • KB2937592
  • KB2938439
  • KB2934018

https://www.microsoft.com/en-gb/download/details.aspx?id=42334

Site Server
  • Server Features – .Net 3.5, .Net 4.5, Remote Differential Compression, BITS and WSUS 4.0 Remote Server Admin tool (Software Update Point going on a remote server so need Admin Tools on the Site Server).
  • IIS Settings
    • Common HTTP Features – Default Document, Static Content.
      Application Development – ASP.NET 3.5, .NET Extensibility 3.5, ASP.NET 4.5, .NET Extensibility 4.5, ISAPI extensions.
    • Security – Windows Authentication.
      IIS 6 Management Compatibility – IIS Management Console, IIS 6 Metabase Compatibility, IIS 6 WMI Compatibility, IIS
    • Management Scripts and Tools.
  • AD Schema already extended – add permissions against the Systems Management container for the new SCCM 1511 Site Server account (remember to allow for descendant objects).
    Obtain the SCCM 1511 source files.
  • Download the SCCM 1511 Install prerequisite files (manually by running ..\SMSSETUP\BIN\X64\setupdl.exe SaveLocation from the SCCM 1511 source files)
  • Obtain and install WADK 10 (not the 1511 version as there is a widely reporting issue with this version). Features required:
    • Deployment Tools, Windows Preinstallation Environment, Imaging and Configuration Designer and User State Migration Tool.
  • Obtain license key.
  • Add the Site Server account to the Database Server and SUP Server local admins groups.
SQL Server
  • Collation – SQL_Latin1_General_CP1_CI_AS
  • SQL Services – run as Local System, not defaults offered.
  • SQL Features – Database Engine and Management Tools (Reporting Service will be on remote server at a later time)
  • Allow the required SQL Server ports in Windows Firewall (1433 and port 4022)
Software Update Point Server
  • Server Role – Windows Server Update Services
    During install point to remote database and not Windows Internal Database.
  • After initial install, reboot and run Role Configuration from Server Manager (this bit creates the database etc.)
  • Do not configure WSUS itself – just do the automated Role Configuration.
  • Reboot and install KB3095113 – https://support.microsoft.com/en-us/kb/3095113.
Install Notes
  • Ignore SQL Server-related warnings – only 4GB RAM allocated to my DB server in my lab.
  • No to new Service Connect Role (want to do this later)
  • Point to existing install prerequisites.
  • Don’t use a Site Code that has been used before in the test lab domain!
  • Ensure the account used to run the install has the appropriate permissions on the Site Server, DB Server and within SQL Server.

Acknowledgements and thanks for continued contributions to the SCCM community.
http://prajwaldesai.com/sccm-1511-quick-installation-guide/

https://www.windows-noob.com/forums/topic/13368-how-can-i-install-system-center-configuration-manager-current-branch/

Installing the WSUS 4.0 Admin Console Manually on Windows Server 2012 R2 for SCCM 1511 Software Update Point

SCCM 1511 Site Server requires WSUS Admin Tools to be installed if the SCCM 1511 Software Update Server (SUP) is running on a remote server.

User PowerShell:

  • Install-WindowsFeature -Name UpdateServices-Ui

Or from the GUI.

  • Server Manager
  • Manage menu # Add Roles and Features
  • Expand Remote Server Admin Tools
  • Expand Role Admin Tools
  • Select Windows Sever Update Services Tools