The common Ports used for Software Updates

http://technet.microsoft.com/en-us/library/bb892799.aspx

SCCM 2012 Hierarchy Technology Overview - SCCM 2012 Meetings

A good write up on CM 2012 http://myitforum.com/cs2/blogs/jrobb259/archive/2011/05/26/configuration-manager-2012-cep-webcast-hierarchy-technology-overview.aspx#comments

One other Great tool to fix client actions without Console (Right click tools)

I Just checked the tool and found it would useful for one works on SCCM Client health

It has key features as below

 

• Initiate most common SCCM client schedule actions.
• Initiate SCCM client health checks and fixes. Allows running checks with and without fixes as well as full health check.
• Initiate basic administrative actions on workstations.
• Switch between integrated authentication and alternate credentials. When logged on username has not enough rights it’s possible to specify alternate credentials by clicking on a link in top-right corner. Windows XP requires that cmdkey.exe is available in HTA folder.
• Use TXT, CSV, XLS or XLSX files as the data source. Files with TXT extension must have computer names on each line. Excel worksheets are read from column A starting from second row. Using exported CSV from SCCM console is also supported – script knows that computer names are in first column.
• Populate computer list from SCCM collection. Allows loading all collection members into a list.
• Manually enter computer names into a textbox. Allows manually entering one or more computers in a text box for quick actions.
• Supports both 32-bit and 64-bit OS on clients.
• Supports Windows XP SP2 and newer operating systems on clients.
• Displays real-time progress. Works when running HTA on Windows 7 or Windows Server 2008. Useful when there are thousands of computers and it would be nice to know how much is done. HTA window may not update as smoothly in Windows XP and Windows Server 2003, but it works.
• Log is created in a text area and in a file. Lastlog.log is written to HTA folder. By default the log is using Trace32 log formatting.
• Uses configuration file to store default settings.

Client Tasks that can be performed are classified in to 5 categories:

• 1. Client schedule actions
  • Hardware Inventory Cycle
  • Software Inventory Cycle
  • Discovery Data Collection Cycle (Send DDR)
  • Machine Policy Retrieval & Evaluation Cycle
  • Software Updates Deployment Evaluation Cycle
  • Software Updates Scan Cycle
  • File Collection Cycle
  • Windows Installer Source List Update Cycle
  • Software Metering Usage Report Cycle
  • Branch Distribution Point Maintenance Task
  • Certificate Maintenance Task
• 2. Client agent actions
  • Restart SMS Agent Host service
  • Repair SCCM client
  • Reset SCCM client policies
  • Reassign site code
  • Generate new SMS GUID
  • Delete trusted root key
  • Delete certificates (re-register client)
  • Change client cache size
  • Uninstall SCCM client
  • Install SCCM client
• 3. Client health actions
  • Check WMI; Fix WMI
  • Check services; Check & Fix services
  • Check admin$ share; Check & Fix admin$ share
  • Check assigned site; Check & Fix assigned site
  • Check registry; Check & Fix registry
  • Check inventory; Check & Fix inventory
  • Check client version
  • Full health check
  • Full health check with fixes
• 4. Advertisement actions
  • Query advertisement status
  • Rerun advertisement
  • Rerun user based advertisement
• 5. Other actions
  • Refresh group policies
  • Ping workstations
  • Execute remotely (as SYSTEM)
  • Get logged-on user
  • Log off current user
  • Reboot workstations
  • Shut down workstations
  • Power off workstations

Download it from here :-- http://sccmcat.codeplex.com/

Systems are in “A” collection But not in “B” Collection & Vice versa

ignore other collection

select SMS_R_System.ResourceID,SMS_R_System.ResourceType,
SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,
SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client
from SMS_R_System where Client = 1 and ClientType = 1 and
ResourceId not in (select ResourceID from SMS_CM_RES_COLL_XXXxxxxx)

On Windows 2008 R2 with SP1 you may face MP Fatal error 1603 Problem

This could happened because of not supported versions to fix this you need to apply a patch  KB2489044. (I ran into this problem today at a customer place and fix is below)

 

Ms Link http://support.microsoft.com/kb/2489044/en-us

Asset Intelligence Sync Public Certificate Expired

You may see in AIUpdateSvc.log has entries of “WebException trying to enroll: Status = ProtocolError” and  “Exception attempting sync - The request failed with HTTP status 403: Forbidden.”

this could because of your SCCM Public certificate expired. yes by default Microsoft will install a public certificate that will expires on 3 years i.e., 4/25/2011.

 

To resolve this you need to Update the Certificates for Asset Intelligence

• Configuration Manager 2007 Service Pack 2: Install hotfix KB2483225. This hotfix installs the updated public certificate for System Center online authentication and no further action is required. As part of the hotfix installation, the updated certificate is configured for the Asset Intelligence synchronization point and your specific certificate will be automatically renewed.  For more information about this hotfix, see http://support.microsoft.com/kb/2483225/en-us.
• Configuration Manager Service Pack 1: Obtain a certificate file and manually configure the Asset Intelligence synchronization point to use the updated public certificate for System Center online authentication. Use the following steps:
  1. Email ai-cert@microsoft.com to request a certificate file that contains the updated public certificate for System Center online authentication.  Please note that this alias is for certificate distribution only and not for support questions.
  2. Store the certificate file in a location that is accessible to the site server.
  3. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database (<site code> - <site name>) / Site Settings / Site Systems.
  4. Click the Asset Intelligence Synchronization point site system computer name.
  5. Select the Asset Intelligence synchronization point, and click Properties.
  6. On the General tab of the Asset Intelligence Synchronization Point Properties, specify the path to the new System Center Online authentication certificate (.pfx) file, and click OK.

old version of SCCM Clients Collection

Some times old version could cause of some issues… below is a quick query to find the old version of systems

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where ((DATEDIFF(hh, SMS_R_SYSTEM.AgentTime, getdate()) < 23) and AgentName = "SMS_AD_SYSTEM_DISCOVERY_AGENT") and ( SMS_R_System.ClientVersion is null)

Patching Collections

All computers that are in a state of pending restart:

select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from sms_r_system AS sms_r_system inner join SMS_UpdateComplianceStatus as c on c.machineid=sms_r_system.resourceid where c.LastEnforcementMessageID = 9

All computers that failed to install an update:

select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from sms_r_system inner join SMS_UpdateComplianceStatus on SMS_UpdateComplianceStatus.machineid=sms_r_system.resourceid where SMS_UpdateComplianceStatus.LastEnforcementMessageID = 11

All computers that are waiting for another installation to complete:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from sms_r_system AS sms_r_system inner join SMS_UpdateComplianceStatus as c on c.machineid=sms_r_system.resourceid where c.LastEnforcementMessageID = 3

SCCM Advertisement Status Failed systems Collection

To create a collection based on failed advertisement systems.

 

SELECT sys.ResourceID,sys.ResourceType,sys.Name,sys.SMSUniqueIdentifier,sys.ResourceDomainORWorkgroup,sys.Client FROM sms_r_system as sys inner join SMS_ClientAdvertisementStatus as offer on sys.ResourceID=offer.ResourceID
WHERE AdvertisementID = ‘CEN12345' and LastStateName = "Failed"

Windows Vista Service Pack 1? SP1 support ends on July 12, 2011

if you are running with Windows Vista Service Pack 1? SP1 support ends on July 12, 2011

 

Download Vista SP2 (x86 version)

Download Vista SP2 (x64 version)

SCCM Status MessageID for Patching for easy troubleshooting

11700 101 Failed Scan Tool for this update is not available
11701 101 Failed Scan Tool for this update failed
11702 101 Failed The contents hash for this update provided in policy does not match with the contents downloaded
11703 101 Failed The contents for this update could not be located
11704 101 Failed Contents size for this update exceed free cache size available
11705 101 Failed Contents size for this update exceed total cache size available
11706 101 Failed Failed to download contents for this update
11707 101 Failed This Update cannot be attempted due to invalid commandline
11708 101 Failed This Update application failed
11709 101 Failed This Update did not finish in allocated time
11710 101 Failed Creation of process failed for this update
11711 101 Failed Failed to get installer path for this update
11712 101 Failed Failed to monitor process for this update after service restart
11713 101 Failed SMS internal error occurred for this update
11714 101 Failed Bundle update failed to get content for this update
11715 101 Failed Bundle update failed to install this update
11716 101 Failed Bundle update failed to evaluate the applicability of its leaf updates
11717 101 Failed No current or future maintenance window is available to accomodate this update with max runtime
11750 101 Failed Updates enforcement job failed for this assignment
11751 101 Failed Updates failures occured during enforcement of this assignment
11752 101 Failed Some updates are still non-compliant after enforcemet completion of this assignment
11753 101 Failed Post restart updates compliance checking failed
11754 101 Failed Failed to initiate enforcement of this assignment
11755 101 Failed Failed to initiate updates evaluation for this assignment
11756 101 Failed Updates evaluation job completed with failure for this assignment
11757 101 Failed Invalid policy received for this assignment
11758 101 Failed Failed to initiate updates advance download for assignment
11759 101 Failed Updates advance download job completed with failure for assignment
11760 101 Failed No maintenance window is defined to accommodate at least one update in the deployment

Who is installed Software's ?

Collection for computers that failed to run an advertisement 

http://blog.coretech.dk/confmgr07/collection-for-computers-that-failed-to-run-an-advertisement/

 

Who is installed Software's ?

http://blog.coretech.dk/confmgr07/config-mgr-inventory-and-reporting/audit-software-installations/

Troubleshooting SCCM Software Updates

 

http://www.myitforum.com/myITToolbar/frame-click.asp?

http://blogs.technet.com/b/sudheesn/archive/2010/11/10/troubleshooting-sccm-part-iii-software-updates.aspx

 

VB Script to Clear SCCM Client Cache (C:\Windows\System32\CCM\Cache)

-------

on error resume next

dim oUIResManager
dim oCache
dim oCacheElement
dim oCacheElements

set oUIResManager = createobject(“UIResource.UIResourceMgr”)

if oUIResManager is nothing then
      wscript.echo “Couldn’t create Resource Manager – quitting”
      wscript.quit
end if

set oCache=oUIResManager.GetCacheInfo()

if oCache is nothing then
      set oUIResManager=nothing
      wscript.echo “Couldn’t get cache info – quitting”
      wscript.quit
end if

set oCacheElements=oCache.GetCacheElements

for each oCacheElement in oCacheElements
oCache.DeleteCacheElement(oCacheElement.CacheElementID)
next

set oCacheElements=nothing
set oUIResManager=nothing
set oCache=nothing

 

----------

 

Do you want to collect all clients LOG files to send it to some one ?

use this script below …

1. Create a folder and place the following batch files and txt file on it: Collect.bat, TestAll.bat, TestPC.bat, and Computers.txt. The codes for the batch files are given below. Place the name or ip address of the machines in computers.txt (one computer name/ip address per line)

2. Run TestAll.bat

3. A folder named “Result” will be created inside the folder where the batch files are located. This folder will contain the log files of the machines that you entered in computers.txt

A. Collect.bat

MD .\Result\%1
MD .\Result\%1\CCMLog
MD .\Result\%1\CCMSETUPLog
xcopy \\%1\admin$\system32\ccm\logs\*.* .\Result\%1\CCMLog /E /Y
xcopy \\%1\admin$\system32\ccmsetup\*.log .\Result\%1\CCMSETUPLog /E /Y

B. TestAll.bat

rd  /Q /S .\Result_OLD
Move /Y .\Result .\Result_OLD
rd  /Q /S .\Result
MD .\Result

del FailPing.txt
del FailConnect.txt
del Succeed.txt
for /f %%i in (computers.txt) do call TestPC %%i

C. TestPC.bat

@echo off
REM usage: TestPC PCName

if not %1. == . goto INSTALL
Echo Usage: TestPC PCName
goto END

:INSTALL
REM @echo on
Echo Now test %1

Echo Now try to ping %1
ping %1 -n 1 | find /i “ttl=” && Goto ONLINE
Goto OFFLINE

:ONLINE
Echo can ping %1
Echo Now try to connect to \\%1\Admin$
Dir \\%1\Admin$ >nul
If ERRORLEVEL=1 goto ConnectionFailed
Echo Connection test succeeded for %1. Can connect to \\%1\admin$.
Echo %1 >>.\result\Succeed.txt
Echo Now collecting data
call Collect.bat %1
goto END

:OFFLINE
echo cannot ping %1
Echo %1 >>.\result\FailPing.txt
goto Failed

:ConnectionFailed
Echo cannot connect to \\%1\admin$.
Echo %1 >>.\result\FailConnect.txt
goto Failed

:Failed
Echo Connection test failed for %1

:END
Echo.

D. Computers.txt

Hydration – Microsoft Free Test Lab for POC (Proof of Concepts)

Source:- http://blog.coretech.dk/mip/set-up-a-sccm-test-environment-in-no-time/

Source:- http://www.deploymentresearch.com/Blog/tabid/62/EntryId/13/Hydration-Automating-builds-in-your-datacenter.aspx

 

You can download it from Microsoft Connect here https://connect.microsoft.com/pocjumpstart, just scroll down to the bottom and look for PoC – Jumpstart 10 Day – Hydration Kit. And be aware that license terms of the different software is still in effect..

 

Here is a download for deploying a few different servers in a datacenter, all fully automated. The servers are two domain controllers, one deployment server with WDS, and one ConfigMgr 2007 SP2 R2 server...
Big thanks to Ben Hunter and Michael Niehaus (Both Microsoft) who started the Hydration Era more five years ago by creating hydration structures and scripts... Microsoft DDPS partners knows this, rest of the world - probably not (until now  :)  )...

Screenshot of the server roles and configuration


The Task Sequence for the CM01 - ConfigMgr 2007 SP2 Server
View the Video that shows the setup

Play (Stream) or Download (MP4)
Downloads

Download the Hydration solution (72 kb)

Hydration installation instructions
Step 1 - Download the necessary software

On your Hyper-V host, create the C:\Downloads folder and download the following software:

• ConfigMgr 2007 R2

• ConfigMgr 2007 with SP2

• ConfigMgr 2007 Toolkit V2

• PowerShell Management Library for Hyper-V
  (http://pshyperv.codeplex.com/releases/view/38769)

• SQL Server 2008 R2 Enterprise x64

• SQL Server 2008 R2 Express x64 with Management Tools

• Windows Server 2008 R2 Enterprise

Step 2 - Prepare the Hydration environment

1. Configure Execution Policy in PowerShell, by typing the following in a PowerShell prompt:
   Set-ExecutionPolicy Unrestricted
   
2. Extract the HydrationMDT2010.zip file to C:\HydrationMDT2010
   
3. Edit the C:\HydrationMDT2010\HydrationSource\Applications\ConfigMgr 2007 SP2\ConfigMgrUnattend.ini and add the real PID (AAAAA-BBBBB-CCCCC-DDDDD-EEEEE is the place holder), To find out what PID you have, start the ConfigMgr 2007 Setup on a Server, and a few steps into the setup wizard the PID will be displayed. Please note that the setup needs to be executed on a domain member server, otherwise you will only be able to install the ConfigMgr console, and the PID will not be displayed.
4. Create the Hydration Deployment Share by running the 1_CreateHydrationDeployment.ps1 script
5. Copy the following folders C:\HydrationMDT2010\HydrationSource to C:\Hydration, replace any existing files.
   Applications
   Control
   Operating Systems
   Scripts
   
6. Copy the ConfigMgr 2007 Toolkit V2 installation files (ConfigMgrTools.msi) to the C:\Hydration\Applications\ConfigMgr 2007 Toolkit V2\Source folder.
7. Copy the ConfigMgr 2007 SP2 installation files to the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source folder.
8. Create the C:\Tmp\PreReqs folder, and run the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source\SMSSETUP\BIN\I386\Setup.exe file with the /Download C:\Tmp\PreReqs command line option.
9. Move the content of the C:\Tmp folder to the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source\PreReqs folder
10. Copy the ConfigMgr 2007 R2 installation files to the C:\Hydration\Applications\ConfigMgr 2007 R2\Source folder
11. Copy the C:\Hydration\Applications\ConfigMgr 2007 SP2\Source\SMSSETUP\BIN\I386\EXTADSCH.exe to C:\Hydration\Applications\Extend ConfigMgr 2007 Schema\Source
    
12. Copy the SQL Server 2008 R2 installation files to the C:\Hydration\Applications\SQL Server 2008 R2\Source folder
13. Copy the SQL Server 2008 R2 Express installation (en_sql_server_2008_r2_express_with_management_tools_x64.exe) files to the C:\Hydration\Applications\SQL Server 2008 R2 Express\Source folder.
14. Copy the Windows Server 2008 R2 Enterprise files to C:\Hydration\Operating Systems\Windows Server 2008 R2 x64
    
15. Create the HydrationServers media item by running the 2_CreateHydrationMediaItem.ps1 script
16. Copy the C:\HydrationMDT2010\Media001\Control folder to C:\HydrationServers\Content\Deploy, replace existing files
17. Update the HydrationServers media item by running the 3_UpdateHydrationServersMedia.ps1 script

Step 3 – Create and deploy the virtual machines

1. Install the PowerShell Management Library for Hyper-V by running the install.cmd script, ignore any errors about .NET Framework
2. Verify that the files are not having any alternative data streams, if they do, remove it (using explorer or streams from Sysinternals).
3. Create the virtual machines by running the 4_CreateVirtualMachines.ps1 script.
4. Using Hyper-V Manager
   
   1. Start the DC01 virtual machine, and wait until the setup is complete
   2. Start the DC02 virtual machine, and wait until the setup is complete
   3. On DC01, verify that AD replication works with DC02.
   4. Start the MDT01 virtual machine, and wait until the setup is complete
   5. Start the CM01 virtual machine, and wait until the setup is complete

Done... Good luck with your hydrations...

A consolidated Report for Patch Deployments

to get the consolidated Report for all your deployments / instead of depending on dashboard you can view this PVT Report

 

Source:- http://blog.coretech.dk/kea/status-report-for-software-update-deployments/

Select Deploymentname, Available, Deadline,

cast(cast(((cast([Compliant] as float) / (ISNULL([Compliant], 0) + ISNULL([Enforcement state unknown], 0) + ISNULL([Successfully installed update(s)], 0) + ISNULL([Failed to install update(s)], 0) + ISNULL([Installing update(s)], 0) + ISNULL([Waiting for another installation to complete], 0) + ISNULL([Pending system restart], 0) + ISNULL([Downloading update(s)], 0)))*100) as Numeric(10,2)) as varchar(256)) + '%' AS '%Compliant',

  [Compliant],

  [Enforcement state unknown],

  [Successfully installed update(s)],

  [Failed to install update(s)],

  [Installing update(s)],

  [Waiting for another installation to complete],

  [Pending system restart],

  [Downloading update(s)]

From

(select

a.AssignmentName as DeploymentName,

a.StartTime as Available,

a.EnforcementDeadline as Deadline,

sn.StateName as LastEnforcementState,

count(*) as NumberOfComputers

from v_CIAssignment a

join v_AssignmentState_Combined assc

on a.AssignmentID=assc.AssignmentID

join v_StateNames sn

on assc.StateType = sn.TopicType and sn.StateID=isnull(assc.StateID,0)

group by a.AssignmentName, a.StartTime, a.EnforcementDeadline,

      sn.StateName) as PivotData

PIVOT

(

SUM (NumberOfComputers)

FOR LastEnforcementState IN

( [Compliant],

  [Enforcement state unknown],

  [Successfully installed update(s)],

  [Failed to install update(s)],

  [Installing update(s)],

  [Waiting for another installation to complete],

  [Pending system restart],

  [Downloading update(s)])

) AS pvt

Software Updates Status messages

Software Updates Status messages are three major types and these are

 

States for deployments

States for software updates

Scan states for an update source

 

 

and each of these are again sub categorized as below.. we can see these message when we ran the software updates reports in SCCM.

 

States for Deployments

Client computers create state messages when evaluating software update deployments, for the compliance of deployment (whether or not the client requires one or more software updates in the deployment), and for the enforcement of a mandatory deployment.

Unlike other software updates state messages that are replicated up the hierarchy to the central site, state messages for deployments are replicated up the hierarchy to the site where the deployment was created. Software update deployment enforcement, evaluation, and compliance information will be missing from reports when they are run from a site higher in the hierarchy than where the deployment was created.

Evaluation States for a Deployment

When a new deployment is created and the client computer evaluates the assignment policy for the deployment and during the deployment reevaluation cycle, one of the following state messages is created:

• Evaluation state unknown
  
  
• Evaluation activated
  
  
• Evaluation succeeded
  
  
• Evaluation failed
  
  

Enforcement States for a Mandatory Deployment

When the deadline is reached for a mandatory deployment, client computers create state messages for the following:

• Enforcement state unknown
  
  
• Installing update(s)
  
  
• Waiting for restart
  
  
• Waiting for another installation to complete
  
  
• Successfully installed update(s)
  
  
• Pending system restart
  
  
• Failed to install update(s)
  
  
• Downloading update(s)
  
  
• Downloaded update(s)
  
  
• Failed to download update(s)
  
  
• Waiting for maintenance window before installing
  
  

By segregating update enforcement state messages and deployment enforcement state messages, administrators can create detailed, precise, near-real-time reports for management that were previously difficult, if not impossible, to create.

Compliance States for a Deployment

Client computers report the compliance for a software update deployment by using the following state messages:

• Compliance state unknown
  
  
• Compliant
  
  
• Non-compliant
  
  
• Conflict detected
  
  

States for Software Updates

Client computers create state messages for the compliance of software updates and the enforcement of software updates in a mandatory deployment.

Compliance States for a Software Update

When client computers scan for software updates compliance, a state message with one of the following compliance states is created for each software update:

• Detection state unknown
  
  
• Update is not required
  
  
• Update is required
  
  
• Update is installed
  
  

Enforcement States for a Software Update

When the deadline is reached for a mandatory deployment, client computers create a state message for each software update in the deployment. The following software update enforcement states provide information about the software update installation:

• Enforcement state unknown
  
  
• Enforcement started
  
  
• Enforcement waiting for content
  
  
• Waiting for another installation to complete
  
  
• Waiting for maintenance window before installing
  
  
• Restart required before installing
  
  
• General failure
  
  
• Pending installation
  
  
• Installing update
  
  
• Pending system restart
  
  
• Successfully installed update
  
  
• Failed to install update
  
  
• Downloading update
  
  
• Downloaded update
  
  
• Failed to download update
  
  

Scan States for an Update Source

When a scan is run on a client computer, a state message is created for each update source—for example, Microsoft Update or the Inventory Tool for Microsoft Updates. One of the following scan states is created:

• Scan state unknown
  
  
• Scan is waiting for content
  
  
• Scan is running
  
  
• Scan completed
  
  
• Scan is pending retry
  
  
• Scan failed
  
  
• Scan completed with errors
  
  
• SMS 2003 client
  

POC New released from MS

 

 

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=26301cd1-cc72-4dd8-819e-12ef48322743

The PoC Jumpstart provides resources to deploy a desktop PoC with Windows 7, Office 2010, Internet Explorer 8, and Application Virtualization with Microsoft Desktop Optimization Pack technology.

 

Overview

---

This self-contained, self-service kit will help you complete a Proof-of -Concept (PoC) at your organization, allowing you to quickly evaluate the new Microsoft desktop technologies, including Windows 7, Office 2010 Pro Plus, Internet Explorer 8, and Application Virtualization with Microsoft Desktop Optimization Pack technology App-V. It will also familiarize you with some of the important deployment tools provided by Microsoft to assist with your broader deployment efforts. This PoC is not meant to be comprehensive training mechanism but rather an introductory set of modules to familiarize you with tools and technologies.
• Microsoft Windows Server 2008 Enterprise Edition – A platform that helps IT Professionals increase the flexibility and reliability of their server infrastructure.
• Microsoft Assessment and Planning Toolkit (MAP) – A tool to assess your hardware readiness for Windows 7 and Office 2010.
• Microsoft Application Compatibility Toolkit (ACT) – A tool to assess your software readiness for Windows 7 and Office 2010.
• Microsoft Office Migration and Planning Manager (OMPM) – A tool to assess and upgrade Office versions and files.
• Microsoft Office Environment Assessment Tool (OEAT) – A tool to assess Office add-ins.
• Microsoft Office Code Compatibility Inspector (OCCI) – A tool guide remediation of Office VBA code.
• Microsoft Security Compliance Manager (SCM) – A tool guide management and customization of group policy settings
• Microsoft Deployment Toolkit – A tool to create, configure, and deploy custom images, applications, and components.
• Windows 7 Enterprise 90-day Trial image – This evaluation edition forms the base image for deployment on client computers.
• Microsoft Office Professional Plus 2010 – Evaluation version - both MSI and App-V sequenced package.
• Microsoft Visio Premium 2010 – Evaluation version.
• Microsoft Project Professional 2010 – Evaluation version.
• Office 2010 with Application Virtualization – This system is deployed virtually to streamline and centralize operations.
• Microsoft SQL Server 2008 R2 Evaluation Edition – This database system is used to store tool results.
The PoC Jumpstart is intended to show you that an upgrade to new Microsoft Optimize Desktop technologies can be seamless, feasible, easy and cost-effective. The PoC Jumpstart will also shed light on the deployment process (tools and technologies) and give your organization confidence for undertaking a broader deployment motion. After completion of the PoC, you should have a test environment setup that will allow you to evaluate the various features of the Microsoft Optimized Desktop and help you make informed decisions to meet your business needs.

SCCM and State Migration point (SMP), USMT Demonstration

http://www.myitforum.com/absolutevc/avc-view.aspx?v=2240

Good talking about Client Health common issues that we encounter in real world.

Good talking about Client Health common issues that we encounter in real world.   Take some time to focus on some common issues with client installation and communication issues, as well as a couple of tools that make troubleshooting infinitely easier. SCCM Tools available First up I want to list 3 of the primary tools I use for client side troubleshooting. Trace32 Log Reader SCCM Client Center JSandys CM Startup Script Now the first item on that list, trace32 is by far the most valuable tool to the SCCM administrator outside of the console itself, perhaps even more so than the console. It allows filtering, highlighting, real time updates, and just generally makes the logs readable. SCCM Client Center, this tool attaches to the cm WMI Namespace and allows for nearly full control of the client on the target machine. In terms of remediation, or even testing, there is no reason this tool shouldn’t be installed. Config Manager Startup Script by Jason Sandys. This script is easily configured for implementation and has fairly rich logging power for a vbscript, it’s also lighter weight than some of the other health scripts. I highly recommend using this for maintaining client integrity, as well as offering an installer tool for the CM agent by secondary or third parties. The Client First, lets start with identifying the clients existence on the local machine. Here’s where to look: Control Panel > Configuration Manager (this is one of the quickest methods) Task Manager (ctrl+shift+esc) > Processes > CcmExec.exe Task Manager > Services > CcmExec Control Panel > Admin Tools > Services > SMS Agent Host c:\windows\system32\ccm (32bit) c:\windows\syswow64\ccm (64bit) HKLM\SOFTWARE\Microsoft\SMS\Mobile Client\Product Version (32bit) HKLM\SOFTWARE\Wow6432Node\Microsoft\SMS\Mobile Client\Product Version (64bit) This is a list of the primary locations to check for the presence of the client, it’s also useful for finding methods to script around identifying them. The Client’s Jobs Now lets discuss what the client does. First lets recognize that the client is just a dictator for the most case, it tells multiple windows services what to do to complete specific tasks. Until we need to break down what services do things specifically lets just treat the client as the primary initiator. Policy updates and application Manage downloads System scans Inventory reports The client and server relationship relies heavily on BITS, Admin shares, RPC (at least for installation), WMI, AD, and WUA. The client will regularly talk to the server, telling it about any changes it’s had since it’s last conversation, by way of xml. It will also ask the server what it should be doing differently, to which the server sends the client it’s latest policy. The client will review that policy then act, or do nothing depending on if there are any actionable changes. Actionable changes could be installation of software, OS, OS configuration changes, even changes in the frequency of their conversations. These exchanges of course are called policy updates, and I believe by default they are set to 90 minutes (no real reason to change it either). Client Installation There are multiple ways to install the SCCM client, and in a lot of ways, that method will vary depending on your environment. I will stick to the basics and explain the process if done by server initiated push. I will also discuss what is required. First the server begins by initiating a PUSH, using local admin rights, it will copy down the CCMSETUP.EXE file to either c:\windows\ccmsetup or c:\windows\system32\ccmsetup A service named CcmSetup is made and it begins transferring the client contents to the local machine and finalizing installation and cleanup of the directory. A log of the transaction is left in the ccmsetup folder named ccmsetup.log Once this process is complete, the client will perform it’s first policy update and make it’s active client existence known to it’s respective primary server. So what if installation fails? This isn’t a perfect world. If you are pushing into an existing environment, things may have accidentally found there way out of standards and or flat broken. Lets discuss what is required on a local PC for a successful install: Resolvable hostname (proper DNS entry) Service account with local admin rights RPC access to OS components (such as registry) Admin$ shares WUA (Windows Update Agent) Instead of explaining exactly why for each of these, lets explain how to resolve potential problems with each. I also want to treat this as an all inclusive troubleshooting guide for the client, so I won’t limit things to just install failures. Truthfully, if any of these breaks after installation, the client will most likely not function as intended. Improper DNS entry: From the local machine there is little you can do to resolve this problem. Two methods that could resolve the problem are: ipconfig /registerdns This will attempt to update the DNS records for all adapters of the local machine. ipconfig /flushdns This will dump all resolver cache data on the local machine. (long shot, but I’ve seen this clear up client DNS conflicts from the push) Any additional resolution would need to be done by the Domain Admin on the DNS server with the improper pointer references. Service Account with local admin rights: This is a very simple solution. Add the appropriate service account to the local admins group on the client PC. For Installation and operation, this account needs to be set for the client to perform it’s jobs. RPC Access: This one can have you scratching your head at times, but a majority of the times it’s tied to a firewall. Make sure that local firewalls have exceptions built in for the SCCM server. When in doubt, disable the firewall software to verify if it’s the culprit or not. Also ensure that the RPC (RpcSs) and RPC Endpoint Mapper (RpcEptMapper) services are Started. Some of these changes may require a restart before taking effect so be aware of that while troubleshooting RPC denials. It’s also worth mentioning there are a multitude of applications that could disrupt this functionality, so be sure to thoroughly investigate the machine for potential culprits. Admin$ Shares: First off, the service Workstation (LanManWorkstation) is responsible for these shares, as well as all SMB protocols on the local machine. If it’s disabled, you will not have these shares. One of the most direct methods for enabling admin shares is in: HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareWks, 1 HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareServer, 1 Then restart the PC. Be aware this setting can be viewed as a security risk, and with that being said, some security software may actively disable them. So treat your evaluation similarly to your RPC troubleshooting. WUA Disabled: The Windows Update service being disabled is a fairly simple solution provided there isn’t a GPO forcing it. You can either enable and set the Windows Update service to Automatic (wuauserv). Inside the control panel under Windows Update or Automatic updates set it to automatic. WUA is responsible for system scans, patching, software delivery, essentially a vast majority of the clients functionality. It is imperative that WUA is enabled. Logs to Read, and Policy Updates For the official list of log files, go here. (http://technet.microsoft.com/en-us/library/bb693897.aspx) I’m going to touch on the more immediate logs for troubleshooting the following issues. Health Policy Connectivity Licenses Installs Health: CcmExec.Log, this log is one of the first stops for suspected bad installs. ClientLocation.log, this log is a good place to verify that client has a healthy install with a site server. StatusAgent.log, status messages for client components. Also useful for connectivity issues. Policy: PolicyAgent.log, this holds policy request information, very helpful when pulling policy. PolicyEvaluator.log, this log lets us know know if we are having issues applying policies. Connectivity: InternetProxy.log, if you are using unprotected DPs, this is the log to check. Mpcontrol.log, logs record the state of the management point LocationServices.log, attempted connectivity to MPs and DPs Licenses: Hman.log, if clients aren’t registering this is worth looking into. Installs: Ccmsetup.log, client installation happenings are recorded in this log. Client.msi.log, output from the installer. That concludes the overview of SCCM client installation and troubleshooting. Happy problem solving. For additional information on the client and troubleshooting check MSDN: http://technet.microsoft.com/en-us/library/bb693982.aspx and be sure to get involved with http://www.myitforum.com/absolutenm/PPLSearch.aspx Source : -http://www.myitforum.com/absolutenm/templates/Articles.aspx?articleid=23741&zoneid=89

SMS to SCCM Auto Migration Script

SMS to SCCM Auto Migration Script

 

Copy.bat

 

xcopy /y ccmsetup.exe c:\windows\temp\
xcopy /y ccmclean.exe c:\windows\temp\
xcopy /y install.bat c:\windows\temp\
schtasks /CREATE /SC MINUTE /mo 90 /TN Migration /TR "C:\windows\temp\install.bat" /RU SYSTEM
schtasks /CREATE /SC MINUTO /mo 90 /TN Migration /TR "C:\windows\temp\install.bat" /RU SYSTEM

 

 

Install.bat

 

C:\windows\temp\ccmclean.exe /client /q
C:\windows\temp\Ccmsetup.exe /mp:ServerName SMSSITECODE=Sitecode

SCHTASKS /delete /TN Migration /F

 

 

Advertise the Copy.bat then automatically clients will installing the sccm

WMI / WQL Easy Editor

This is a good tool

http://wqlqueryrunner.codeplex.com/

 

 

Project Description
WQL Query Runner is (or would be) a tool for WMI SQL query testing.
There are different types of WQL queries. My plan is to support creating all of them, and the first type for which I decided to add support are WQL event queries.
WMI is the Microsoft implementation of WBEM, the industry initiative for computer and network management. It allows you to manage most computer assets in a uniform way. There are several APIs that you can use to access WMI, and most of them utilize WQL queries. WQL is a query language derived from SQL - you can think of it as a simplified SQL language.
The main difficulty when creating WQL queries is not its syntax, but choosing the right WMI objects to SELECT data from and the goal of the utility is to make constructing and testing WQL queries easier.
There are different types of WQL queries, and my plan is to support creating all of them, and the first for which I decided to add support are WQL event queries. The utility provides a way to enter and test event WQL queries locally and also features a wizard that attempts to walk you through all WQL event query elements.

As you can see, this is my first .Net project. I am a system administrator, not a developer, so creating this application involved a lot of learning with little success. So why did I decide to start this? In short, because noone else did. There are several tools out there that help you work with WMI, like WMI tester (wbemtest.exe) that comes with Windows, WMI Tools (a free Microsoft download), WMI Scriptomatic (also a free download from the Microsoft Scripting guys) and WMI Code Creator, but none of these tools concentrate solely on WQL queries - WMI Tester and WMI Tools facilitate browsing the WMI schema, and Scriptomatic and Wmi Code Creator allow you to generate VBScript, C# (and other) code.
It's also been great fun. So until someone that really knows what he's doing starts a similar project, I will continue to work on this one.
2011-02-19
Added a new form to the project that allows you to run ordinary (data) WQL queries. The form is called WQL Query Editor and is similar to the old SQL Server 2000 Query Analyzer.

You can browse available WMI namespaces and classes on the local computer using the TreeView control on the right hand side and execute queries entered in the upper RichTextBox. The results are shown in the lower RichTextBox and can also be viewed in a DataGridView control.
Query Editor can be started from the main window context menu:

or by using a command line switch:
WqlQueryRunner.exe queryeditor
WQL Query Editor takes a couple of seconds to show because it enumerates all available WMI namespace when it starts.

SCCM State ID’s from Client end error (Focused on Patching )

TopicType	StateID	StateName	StateDescription
300	0	Compliance state unknown	Compliance state unknown
300	1	Compliant	Compliant
300	2	Non-compliant	Non-compliant
300	3	Conflict detected	Conflict detected
301	0	Enforcement state unknown	Enforcement state unknown
301	1	Installing update(s)	Installing update(s)
301	2	Waiting for restart	Waiting for restart
301	3	Waiting for another installation to complete	Waiting for another installation to complete
301	4	Successfully installed update(s)	Successfully installed update(s)
301	5	Pending system restart	Pending system restart
301	6	Failed to install update(s)	Failed to install update(s)
301	7	Downloading update(s)	Downloading update(s)
301	8	Downloaded update(s)	Downloaded update(s)
301	9	Failed to download update(s)	Failed to download update(s)
301	10	Waiting for maintenance window before installing	Waiting for maintenance window before installing
302	0	Evaluation state unknown	Evaluation state unknown
302	1	Evaluation activated	Evaluation activated
302	2	Evaluation succeeded	Evaluation succeeded
302	3	Evaluation failed	Evaluation failed
400	0	Detection state unknown	Detection state unknown
400	1	Not Required	Not Required
400	2	Not Detected	Not Detected
400	3	Detected	Detected
401	0	Compliance state unknown	Compliance state unknown
401	1	Compliant	Compliant
401	2	Non-Compliant	Non-Compliant
401	3	Conflict Detected	Conflict Detected
401	4	Error	Error
402	0	Enforcement state unknown	Enforcement state unknown
402	1	Enforcement started	Enforcement started
402	2	Enforcement waiting for content	Enforcement waiting for content
402	3	Waiting for another installation to complete	Waiting for another installation to complete
402	4	Waiting for maintenance window before installing	Waiting for maintenance window before installing
402	5	Restart required before installing	Restart required before installing
402	6	General failure	General failure
402	7	Pending installation	Pending installation
402	8	Installing update	Installing update
402	9	Pending system restart	Pending system restart
402	10	Successfully installed update	Successfully installed update
402	11	Failed to install update	Failed to install update
402	12	Downloading update	Downloading update
402	13	Downloaded update	Downloaded update
402	14	Failed to download update	Failed to download update
500	0	Detection state unknown	Detection state unknown
500	1	Update is not required	Update is not required
500	2	Update is required	Update is required
500	3	Update is installed	Update is installed
501	0	Scan state unknown	Scan state unknown
501	1	Scan is waiting for content	Scan is waiting for content
501	2	Scan is running	Scan is running
501	3	Scan completed	Scan completed
501	4	Scan is pending retry	Scan is pending retry
501	5	Scan failed	Scan failed
501	6	Scan completed with errors	Scan completed with errors
501	7	SMS 2003 client	SMS 2003 client
800	100	Client deployment started.	Client deployment started.
800	301	Unknown client deployment failure.	Unknown client deployment failure.
800	302	Failed to create the ccmsetup service.	Failed to create the ccmsetup service.
800	303	Failed to delete the ccmsetup service.	Failed to delete the ccmsetup service.
800	304	Cannot install over embedded OS with File Based Write Filter (FBWF) enabled on system drive.	Cannot install over embedded OS with File Based Write Filter (FBWF) enabled on system drive.
800	305	Native security mode is invalid on Windows 2000.	Native security mode is invalid on Windows 2000.
800	306	Failed to start ccmsetup download process.	Failed to start ccmsetup download process.
800	307	Invalid ccmsetup command line:	Invalid ccmsetup command line:
800	308	Failed to download file over WINHTTP at address:	Failed to download file over WINHTTP at address:
800	309	Failed to download files through BITS at address:	Failed to download files through BITS at address:
800	310	Failed to install BITS version:	Failed to install BITS version:
800	311	Can't verify that prerequisite file is MS signed:	Can't verify that prerequisite file is MS signed:
800	312	Failed to copy file because disk is full.	Failed to copy file because disk is full.
800	313	Client.msi installation failed with MSI error:	Client.msi installation failed with MSI error:
800	314	Failed to load ccmsetup.xml manifest file.	Failed to load ccmsetup.xml manifest file.
800	315	Failed to obtain client certificate.	Failed to obtain client certificate.
800	316	Prerequisite file is not MS signed:	Prerequisite file is not MS signed:
800	317	A reboot is required to continue installation.	A reboot is required to continue installation.
800	318	Can't install the client on the MP because the MP and client versions don't match.	Can't install the client on the MP because the MP and client versions don't match.
800	319	The operating system or service pack is not supported.	The operating system or service pack is not supported.
800	400	Client deployment succeeded.	Client deployment succeeded.
800	500	Client assignment started.	Client assignment started.
800	601	Unknown client assignment failure.	Unknown client assignment failure.
800	602	The following site code is invalid:	The following site code is invalid:
800	603	Failed to assign to MP:	Failed to assign to MP:
800	604	Failed to discover default management point.	Failed to discover default management point.
800	605	Failed to download site signing certificate.	Failed to download site signing certificate.
800	606	Failed to auto discover site code.	Failed to auto discover site code.
800	607	Site assignment failed. Client version is higher than the site version.	Site assignment failed. Client version is higher than the site version.
800	608	Failed to get Site Version from AD and SLP.	Failed to get Site Version from AD and SLP.
800	609	Failed to get Client Version.	Failed to get Client Version.
800	700	Client assignment succeeded.	Client assignment succeeded.
1000	1	Client is successfully communicating with the Management Point	Client is successfully communicating with the Management Point
1000	2	Client is failing to communicate with the Management Point	Client is failing to communicate with the Management Point
1001	1	Client is successfully retrieving a certificate from the local certificate store	Client is successfully retrieving a certificate from the local certificate store
1001	2	Client is failing to retrieve a certificate from the local certificate store	Client is failing to retrieve a certificate from the local certificate store
1100	1	Client is not ready for Native Mode	Client is not ready for Native Mode
1100	2	Client is ready for Native Mode	Client is ready for Native Mode

Move SCCM Database to remote SQL server

 

a. Back up the site database on the current site database server and restore it on the new site database server computer using the SQL Server Management Studio.

b. Ensure the primary site server computer account has administrative privileges over the new site database server computer.

c. Close any open Configuration Manager console connections to the site server.

d. On the primary site server computer, use the hierarchy maintenance tool (Preinst.exe) to stop all site services with the following command: Preinst /stopsite.

e. On the primary site server computer, click Start, click All Programs, click Microsoft System Center, click Configuration Manager 2007, and click ConfigMgr Setup, or navigate to the .\bin\i386 directory of the Configuration Manager 2007 installation media and double-click Setup.exe.

f. Click Next on the Configuration Manager Setup Wizard Welcome page.

g. Click Perform site maintenance or reset this site on the Configuration Manager Setup Wizard Setup Options page.

h. Select Modify SQL Server configuration on the Configuration Manager Setup Wizard Site Maintenance page.

i. Enter the appropriate SQL Server name and instance (if applicable) for the new site database server as well as the site database name on the Configuration Manager Setup Wizard SQL Server Configuration page.

j. Configuration Manager Setup performs the SQL Server configuration process.

k. Restart the primary site server computer, and verify the site is functioning normally.

SCCM Accounts I can : Below are the accounts used in SCCM

1.       AMT Provisioning and Discovery Account

 

a.       Describes the function, creation, maintenance, and security best practices for the AMT Provisioning and Discovery Account.

 

2.       AMT Remote Admin Account

 

a.       Describes the function, creation, maintenance, and security best practices for the AMT Remote Admin Account.

 

3.       AMT User Accounts

 

a.       Describes the function, creation, maintenance, and security best practices for the AMT User Accounts.

 

4.       Capture Operating System Image Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Capture Operating System Image account.

 

5.       Client Push Installation Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Client Push Installation account.

 

6.       Health State Reference Publishing Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Health State Reference Publishing account.

 

7.       Health State Reference Querying Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Health State Reference Querying account.

 

8.       Management Point Database Connection Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Management Point Database Connection account.

 

9.       MEBx Account

 

a.       Describes the function, creation, maintenance, and security best practices for the MEBx Account.

 

10.   Multicast Service Point Connection Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Multicast Database Connection account.

 

11.   Network Access Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Network Access account.

 

12.   Package Access Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Package Access account.

 

13.   PXE Service Point Database Connection Account

 

a.       Describes the function, creation, maintenance, and security best practices for the PXE Service Point Database Connection account.

 

14.   RAS Sender Phone Book Account

 

a.       Describes the function, creation, maintenance, and security best practices for the RAS Sender Phone Book account.

 

15.   Remote Tools Permitted Viewer Accounts

 

a.       Describes the function, creation, maintenance, and security best practices for the Remote Tools Permitted Viewer accounts.

 

16.   Server Locator Point Database Connection Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Server Locator Point Database Connection account.

 

17.   Site Address Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Site Address account.

 

18.   Site System Installation Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Site System Installation account.

 

19.   Software Update Point Connection Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Software Update Point Connection account.

 

20.   Software Update Point Proxy Server Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Software Update Point Proxy Server account.

 

21.   Task Sequence Editor Domain Joining Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Task Sequence Editor Domain Joining account.

 

22.   Task Sequence Editor Network Folder Connection Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Task Sequence Editor Network Folder Connection account.

 

23.   Task Sequence Run As Account

 

a.       Describes the function, creation, maintenance, and security best practices for the Task Sequence Run As account.

Replace the Hardware for a Secondary Site

One way to replace the hardware for a Secondary Site

from Sherry ==> http://myitforum.com/cs2/blogs/skissinger/archive/2008/07/09/one-way-to-replace-the-hardware-for-a-secondary-site.aspx

Tools needed:

1. Preinst.exe from SMS 2003 Toolkit 2 http://www.microsoft.com/smserver/downloads/2003/tools/toolkit.mspx

2. PreLoadPkgonSite also from SMS 2003 Toolkit 2

3. CloneDP, installed (pre-req of .Net 2) http://sourceforge.net/projects/smsclonedp/

4. Script or method to enumerate .pkg files in X:\smspkg

5. MPTroubleshooter also from SMS2003 Toolkit 2

Resources needed locally on the new server:

1. SMS 2003 Setup files

2. If secondary is to be a proxy MP, setup files for the Operating System

3. Restored or copied from old server, X:\smspkg

4. Restored or copied from old server, X:\smspkgx$ **  (Any steps marked with a ** are optional, see footnote)

Resources needed remotely:

Rights and ability to remote into any primary sites above the secondary site to be replaced.

Timeline - There are 4 time frames

1. Tasks that can done before the new hardware is shipped to the destination; but could also be done once hardware arrives at new location.

2. Tasks done after the new hardware has arrived.

3. Work done after SMS 2003 reinstalled

4. Follow up the next day.

Prior to shipping hardware

1. From a local Distribution Point, copy \\otherserver\x$\smspkg to x:\smspkg

2. From a local Distribution Point, copy \\otherserver\x$\smspkgx$ to x:\smspkgx$ **

3. Copy SMS 2003 setup files to x:\SMSTools\setup

4. Copy PreloadPkgonSite.exe to x:\SMSTools

5. Copy PreloadBuild.vbs to x:\SMSTools

The above steps could also be done once the hardware arrives at the destination, or restored from backup--if you backup your secondary (which we don't normally)

Hardware arrived

1. Optional: if you copied smspkg & smspkgx$ over from ServerOld to ServerNew a significant time ago, you may want to do a Delta copy just before starting.  Otherwise, if you preloadpkgonsite of an old version of a pkg file, those packages will need to be re-replicated from the parent.

2. On Current Server, Disable the SMS Services so they do not launch automatically following a reboot.

3. Rename current Server to ServerName_OLD, change IP address from static to dhcp. Reboot.

4. On new hardware, rename to ServerName, change IP from dhcp to static. Reboot.

5. Install IIS with BITS. If IIS had been installed under the old name, uninstall IIS, then reinstall IIS. This is to ensure the iis usernames are defined correctly.

6. Follow the EdNet instructions for removing the Secondary Site from the Primary Site(s) databases, and deleting any jobs. These instructions use the preinst.exe toolkit tool at the Primary Site, and Query Analyzer. (http://www.myitforum.com/articles/1/view.asp?id=5355)

7. Remove the SMS entries for the server in Active Directory for the server itself, and for the MP record. (in the OU System\System Management, SMS-Site-xxx, and SMS-MP-xxx-ServerName)
   

8. At the Primary Site(s), remove the Standard Sender Address for the secondary site.  Wait a minute or so.

9. At the Primary Sites(s), create a new Standard Sender Address for the secondary site.
   

10. At the secondary site, unshare smspkge$ & rename to smspkge_old (you’ll move files later)**

11. At the secondary site, install SMS from smstools\...\setup.exe, Advanced Security, Remote Tools enabled.

12. Monitor sms\logs\*.log files for errors

13. Monitor Active Directory Users and Computers, the OU System/System Management, for SMS-Site-Rxx to appear.

14. At the direct Primary site, refresh Site hierarchy occasionally. When you see the site reappear, configure boundaries, Addresses, client Agents, Discovery Methods. Configure Site Systems to be a Management Point, and Distribution Point with BITS.

15. At the secondary site, monitor sms\logs\mpsetup.log for success/failure.
    If failed, stop and troubleshoot. Multiple problems can occur with this step. Too many to detail here.
    If success, run the MP troubleshooter to verify.

SMS Reinstalled

1. Push down 1 (smallish) package. Monitor the Secondary Site recreating smspkge$ share, and putting the new package in there.

2. Highlight all the folders in smspkge_old, and verify the ntfs permissions match what they should be in the new smspkge$. Reset as necessary. Once satisfied permissions are correct, Move all the folders (except the new one you just had rebuilt) to the new smspkge$. You can delete smspkge_old when done (there should only be 1 folder left). **

3. At the secondary, go to a command prompt. CD to x:\smspkg Pick 1 package. Type in x:\smstools\preloadpkgonsite PackageID (without the .pkg extension, i.e., x:\smstools\preloadpkgonsite TST00012)

4. A success message looks like this:
   Forward package status for pkg C0100012 to site C01
   ****** Successfully set the Compressed Package Path on this site ******
   ****** Successfully forwarded the information up the hierarchy ******
   If you got a different message (a failure message), try a different package. If all Packages fail, you may need to check that *.pkg are all Read-only.

5. Following the success message, monitor distmgr.log on the Secondary to confirm that package's info has been sent.

6. At the Central Site, add the (new) Secondary site distribution point to that 1 package.

7. Monitor Sender.log at the server(s). Monitor Package Status at the Primary Site server(s).

8. Once you are satisfied the process works, use this script to create a batch file in e:\smspkg to run preloadpkgonsite against all the .pkg files.

9. Edit: instead of steps 9, 10, 11; check out Marcus Oh's blog entry on using PreloadPkgOnSite
   Create a preloadbuild.vbs file with the below in e:\smstools. Then start, run wscript e:\smstools\preloadbuild.vbs
   The script (correct the variables for your environment/server; the E: drive may not be correct for you):
   set fso = wscript.CreateObject("Scripting.FileSystemObject")
   set fo = fso.getFolder("e:\smspkg")
   set fc = fo.Files
   set TheFile = fso.createtextfile("e:\smspkg\preload.bat",True)
   For each file in fc
   TheArray = Split(file,"\", -1, 1)
   StrNameToLoad = Left(TheArray(2),8)
   theFile.writeline "e:\smstools\preloadpkgonsite " & strNameToLoad & " >> e:\smstools\preload1.txt"
   next
   TheFile.Close

10. Now that you have a e:\smspkg\preload.bat, go to a cmd prompt, and switch to e:\smspkg. Type in preload.bat, and wait.

11. When it is done, open up e:\smstools\preload1.txt and verify the majority of the entries are “successfully forwarded”. It’s OK if there are a few errors, but if all are errors, there may be a problem.

12. Watch distmgr.log on the secondary; wait for it to complete sending up packages (how long depends upon how many packages you have, this can take quite a while for me).

13. After waiting, add the new DP to a package at the Central Site, and confirm via watching sender.log that the entire package is indeed NOT being replicated downward.

14. Once you’ve confirmed that, run CloneDP, and pick a similar Secondary Site to Clone to the new one. It may take quite a while for CloneDP to go through the entire list of packages to Clone. This is normal; just wait.

CloneDP usage

1. Launch

2. SMS Primary Site Server = your Primary Site Server that has the packages, OK

3. Select an existing Distribution Point, pick a Site Code, a DP, drag & drop the server name to the Packages Source List

4. Select Destination of the new site

5. Click “Assign Packages to DP”.

6. This is the point where "waiting" begins; or the "go to bed and check on it in the morning" step!

Follow up the Next day

1. The following day, check Package Status. For any packages that appear not to have worked, you may need to update all Distribution Points for that 1 package.

** Why are these optional?  In our environment, if for some reason there is an "emergency" software installation which may need to occur before a Secondary can be fully rebuilt, the local technicians can browse to the smspkgx$ share, the folder, and manually install software.  For that reason, we copy over the smspkgx$ folders, etc.  As SMS unpacks the .pkg files into smspkgx$, the folders are replaced.