Using conditions within task sequences

Although I use MDT integrated with OSD to target software and settings to machines that use a specific default gateway, it is slightly limited if, for example, I want a rule based on location and model or some other custom WMI query.

Instead, I can do this in a task sequence by simply creating a condition, on either a group or a step, ensuring the “if” statement is set correctly to either “All conditions” or “Any conditions”. See below for a selection of conditions I have used:

  1. To query for machines on a specific AD site, create a Query WMI condition and use this query: SELECT ClientSiteName FROM Win32_NTDomain WHERE Description = ‘DomainHere’ AND ClientSiteName = ‘AdSiteNameHere’
  2. 

  3. To query for machines that are specific a computer model, create a Query WMI condition and use this query: SELECT Model from Win32_ComputerSystem WHERE model = ‘Precision M2400’
  4. To query for machines that maybe multiple computer manufacturers, create multiple Query WMI conditions as below:
  5. To stop anyone running a TS when not in WinPE (useful if you want to advertise a TS to all machines but only want them to be used once PXE booted), create a condition based on a TS variable as below:

I can now very quickly and easily target machines based on any WMI query I want.

If I think of any other conditions I use, I’ll add to this post.

Advertisements

Package Refresh vs Package Update

I’ve had a few people ask me what the difference is between package refresh and package update in ConfigMgr and to explain you first need to understand how package distribution works.

Put very simply, when you create a package and send it to DP’s, a number of things happen:

  1. The package source files are compressed and sent to the DP in a PCK file
  2. Another file called a PKG file, containing information about the package and how the PCK files should be uncompressed, is also sent to the DP
  3. Once the DP has both files, it should be able to uncompress the package to the SMSPKGX$ folder

Package Update
This should be used if you make any changes to the source files themselves. When you update a package, it will create a brand new, fully complete, compressed file (thats the PCK file located in the SMSPKG folder) and also create a delta compressed package file, which only has the changes made between the old and new compressed files. The delta files are then sent to all the DP’s and the new PCK file is then used for any new DP’s that are added to the package from then on. This also updates the source version of the package in SQL.

Package Refresh
I normally use the refresh if either, I get any hash errors on clients trying to use the files to install software (the package has uncompressed but is corrupt) or in conjunction with the preloadpkgonsite.exe tool. No new PCK files are sent, it simply sends another PKG file, which then uses the current PCK file on the server and uncompresses the files again, overwriting the old package files.

Hope that helps

Collections taking a long time to refresh

For quite a while now we have had issues where if we manually update a collection, it takes a very long time for it to refresh.

We spent a considerable amount of time troubleshooting this, seeing if it was a setting or our configuration, bringing down the regularity they auto update and even whether the hardware wasn’t a high enough spec. In the end we settled on the issue simply being due to the number of collections and the frequency at which they update. In the colleval.log we could see it was constantly refreshing collections and thought that maybe the collections we manually update/refresh were just queued up.

We were about to go through the lengthy and tiresome task of removing collections that were no longer used (making sure the collections weren’t being used for adverts or as limiters) as well as looking into any SQL heavy queries which were maybe to blame when Microsoft released the below update in the nick of time!

http://support.microsoft.com/default.aspx?scid=kb;en-us;982400&sd=rss&spid=12769

The issue turned out to be exactly what we thought it was and since we have installed the hotfix, our collections are updating in under 10 seconds.

Find ConfigMgr Client by SMSBIOS GUID

Just had a strange problem where I was trying to PXE boot a machine, which by name wasn’t in ConfigMgr and so should have booted as an Unknown Machine. Instead though, it failed to PXE boot stating that the device had been found in the database but nothing was being advertised.

I double checked in ConfigMgr by both computer name and MAC address and it definitely wasn’t there. I then noticed the SMSBIOS GUID was also being displayed next to the MAC address in the SMSPXE.log.

I jumped onto SQL and started looking around for the best view to use for a query to see if any other machines had the same SMSBIOS GUID. Finally I used the following:

SELECT * FROM dbo.v_R_System WHERE (SMBIOS_GUID0 LIKE ‘GUIDHERE%’)

After running this query it brought up a completely different machine name! Once I had this, I deleted it from ConfigMgr and it successfully PXE booted!

Windows Updates via ConfigMgr not showing because a proxy is set

We’ve had some instances where a small number of our servers weren’t receiving the Windows updates icon in the taskbar. After checking the logs we had all the below errors:
Windows Update.log (located at %windir%)
2010-02-01 09:42:02:687 908 880 Agent * Access type: Named proxy
2010-02-01 09:42:02:687 908 880 Agent * Default proxy:
2010-02-01 09:42:02:687 908 880 Agent * Default proxy bypass: 192.168.178.15;;ldckvssrv;ldckvssrv.global.XXX.com;ldckvs1;ldckvs1.global.XXX.com;ldckvs2;ldckvs2.global.XXX.com;eurkvs1;eurkvs1.global.XXX.com;eurev01;eurev01.global.XXX.com;eurev02;eurev02.global.XXX.com;eurev03;eurev03.global.XXX.com

2010-02-05 19:35:31:065 8312 19a4 COMAPI ————-
2010-02-05 19:35:31:065 8312 19a4 COMAPI — START — COMAPI: Search [ClientId = CcmExec]
2010-02-05 19:35:31:065 8312 19a4 COMAPI ———
2010-02-05 19:35:31:080 8312 19a4 COMAPI <<– SUBMITTED — COMAPI: Search [ClientId = CcmExec] 2010-02-05 19:35:31:080 908 a80 Agent ************* 2010-02-05 19:35:31:080 908 a80 Agent ** START ** Agent: Finding updates [CallerId = CcmExec] 2010-02-05 19:35:31:080 908 a80 Agent ********* 2010-02-05 19:35:31:080 908 a80 Agent * Include potentially superseded updates 2010-02-05 19:35:31:080 908 a80 Agent * Online = Yes; Ignore download priority = Yes 2010-02-05 19:35:31:080 908 a80 Agent * Criteria = “(DeploymentAction=* AND Type=’Software’) OR (DeploymentAction=* AND Type=’Driver’)” 2010-02-05 19:35:31:080 908 a80 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} 2010-02-05 19:35:31:080 908 a80 Agent * Search Scope = {Machine} 2010-02-05 19:35:32:002 908 a80 PT +++++++++++ PT: Synchronizing server updates +++++++++++ 2010-02-05 19:35:32:002 908 a80 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://GLOSCCM03.global.XXX.com:8530/ClientWebService/client.asmx 2010-02-05 19:35:36:565 908 a80 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <> Bypass List used : <192.168.178.15;;ldckvssrv;ldckvssrv.global.XXX.com;ldckvs1;ldckvs1.global.XXX.com;ldckvs2;ldckvs2.global.XXX.com;eurkvs1;eurkvs1.global.XXX.com;eurev01;eurev01.global.XXX.com;eurev02;eurev02.global.XXX.com;eurev03;eurev03.global.XXX.com> Auth Schemes used : <>
2010-02-05 19:35:36:565 908 a80 PT + Last proxy send request failed with hr = 0x80072EE7, HTTP status code = 0
2010-02-05 19:35:36:565 908 a80 PT + Caller provided proxy = No
2010-02-05 19:35:36:565 908 a80 PT + Proxy list used =
2010-02-05 19:35:36:565 908 a80 PT + Bypass list used = 192.168.178.15;;ldckvssrv;ldckvssrv.global.XXX.com;ldckvs1;ldckvs1.global.XXX.com;ldckvs2;ldckvs2.global.XXX.com;eurkvs1;eurkvs1.global.XXX.com;eurev01;eurev01.global.XXX.com;eurev02;eurev02.global.XXX.com;eurev03;eurev03.global.XXX.com
2010-02-05 19:35:36:565 908 a80 PT + Caller provided credentials = No
2010-02-05 19:35:36:565 908 a80 PT + Impersonate flags = 0
2010-02-05 19:35:36:565 908 a80 PT + Possible authorization schemes used =
2010-02-05 19:35:36:565 908 a80 PT WARNING: GetConfig failure, error = 0x8024402C, soap client error = 5, soap error code = 0, HTTP status code = 200
2010-02-05 19:35:36:565 908 a80 PT WARNING: PTError: 0x8024402c
2010-02-05 19:35:36:565 908 a80 PT WARNING: GetConfig_WithRecovery failed: 0x8024402c
2010-02-05 19:35:36:565 908 a80 PT WARNING: RefreshConfig failed: 0x8024402c
2010-02-05 19:35:36:565 908 a80 PT WARNING: RefreshPTState failed: 0x8024402c
2010-02-05 19:35:36:565 908 a80 PT WARNING: Sync of Updates: 0x8024402c
2010-02-05 19:35:36:565 908 a80 PT WARNING: SyncServerUpdatesInternal failed: 0x8024402c
2010-02-05 19:35:36:565 908 a80 Agent * WARNING: Failed to synchronize, error = 0x8024402C
2010-02-05 19:35:36:580 908 a80 Agent * WARNING: Exit code = 0x8024402C
2010-02-05 19:35:36:580 908 a80 Agent *********
2010-02-05 19:35:36:580 908 a80 Agent ** END ** Agent: Finding updates [CallerId = CcmExec]
2010-02-05 19:35:36:580 908 a80 Agent *************
2010-02-05 19:35:36:580 908 a80 Agent WARNING: WU client failed Searching for update with error 0x8024402c
2010-02-05 19:35:36:596 8312 19a4 COMAPI >>– RESUMED — COMAPI: Search [ClientId = CcmExec]
2010-02-05 19:35:36:596 8312 19a4 COMAPI – Updates found = 0
2010-02-05 19:35:36:596 8312 19a4 COMAPI – WARNING: Exit code = 0x00000000, Result code = 0x8024402C
2010-02-05 19:35:36:596 8312 19a4 COMAPI ———
2010-02-05 19:35:36:596 8312 19a4 COMAPI — END — COMAPI: Search [ClientId = CcmExec]
2010-02-05 19:35:36:596 8312 19a4 COMAPI ————-
2010-02-05 19:35:36:596 8312 19a4 COMAPI WARNING: Operation failed due to earlier error, hr=8024402C
2010-02-05 19:35:36:596 8312 19a4 COMAPI FATAL: Unable to complete asynchronous search. (hr=8024402C)

ScanAgent.log
*****WSUSLocationUpdate received for location request guid={AF6E1FF4-D889-415D-94C2-C664C7DBC52C} ScanAgent 05/02/2010 19:34:47 7724 (0x1E2C)
CScanTool::OnLocationUpdate- Ignoring the UpdateSource Location Update for UpdateSourceID={9CEB6DAB-6599-4149-9F23-531CF2D12C91}, Location=http://GLOSCCM03.global.XXX.com:8530 (Using Location=http://GLOSCCM03.global.XXX.com:8530), Version=0x000001c6 (Using Version=0x000001c6) ScanAgent 05/02/2010 19:34:47 7724 (0x1E2C)
CScanTool::OnScanRetry- Requesting scan for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91} ScanAgent 05/02/2010 19:35:30 2180 (0x0884)
Raising event:
[SMS_CodePage(437), SMS_LocaleID(1033)]
instance of SMS_SUMScanAgentError_ScanFailed
{
ClientID = “GUID:7092B310-415C-41F9-8CE3-256772E3BBE5”;
DateTime = “20100205193536.627000+000”;
ExitCode = 16428;
MachineName = “EURXMB05”;
ProcessID = 8312;
SiteCode = “0GL”;
ThreadID = 2180;
UpdateSourceUniqueID = “{9CEB6DAB-6599-4149-9F23-531CF2D12C91}”;
UpdateType = “Microsoft Update”;
};
ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
Successfully submitted event to the Status Agent. ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
– – – – – -Scan Failed for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91}, with Error=0x8024402c ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
CScanTool::ScheduleScanRetry- ScanRetry Timer task successfully scheduled. Will wake up in next 1794 seconds ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
– – – – – -Scan Retry successfully scheduled for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91} ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
CScanJobManager::ProcessScanToolComplete- Scan for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91} has failed, scan request will be pending for scan retry cycle. ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
CScanJobManager::ProcessScanToolComplete- Scan for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91} has failed, scan request will be pending for scan retry cycle. ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
CScanJobManager::ProcessScanToolComplete- Scan for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91} has failed, scan request will be pending for scan retry cycle. ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
CScanJobManager::ProcessScanToolComplete- Scan for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91} has failed, scan request will be pending for scan retry cycle. ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
CScanJobManager::ProcessScanToolComplete- Scan for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91} has failed, scan request will be pending for scan retry cycle. ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
CScanJobManager::ProcessScanToolComplete- Scan for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91} has failed, scan request will be pending for scan retry cycle. ScanAgent 05/02/2010 19:35:36 2180 (0x0884)
CScanJobManager::ProcessScanToolComplete- Scan for ToolUniqueID={9CEB6DAB-6599-4149-9F23-531CF2D12C91} has failed, scan request will be pending for scan retry cycle. ScanAgent 05/02/2010 19:35:36 2180 (0x0884)

WUAHandler.log
Its a WSUS Update Source type ({9CEB6DAB-6599-4149-9F23-531CF2D12C91}), adding it. WUAHandler 05/02/2010 19:35:30 6564 (0x19A4)
Existing WUA Managed server was already set (http://glosccm03.global.xxx.com:8530/), skipping Group Policy registration. WUAHandler 05/02/2010 19:35:31 6564 (0x19A4)
Added Update Source ({9CEB6DAB-6599-4149-9F23-531CF2D12C91}) of content type: 2 WUAHandler 05/02/2010 19:35:31 6564 (0x19A4)
Async searching of updates using WUAgent started. WUAHandler 05/02/2010 19:35:31 6564 (0x19A4)
Async searching completed. WUAHandler 05/02/2010 19:35:36 2892 (0x0B4C)
OnSearchComplete – Failed to end search job. Error = 0x8024402c. WUAHandler 05/02/2010 19:35:36 6564 (0x19A4)
Scan failed with error = 0x8024402c. WUAHandler 05/02/2010 19:35:36 6564 (0x19A4)

This issue is to do with Windows Update rather than ConfigMgr itself.

The WindowsUpdate.log are showing lots of errors to do with the proxy used and the bypass list for Automatic Updates:
Access type: Named proxy
WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <> Bypass List used : <192.168.178.15;;ldckvssrv;ldckvssrv.global.XXX.com;ldckvs1;ldckvs1.global.XXX.com;ldckvs2;ldckvs2.global.XXX.com;eurkvs1;eurkvs1.global.XXX.com;eurev01;eurev01.global.XXX.com;eurev02;eurev02.global.XXX.com;eurev03;eurev03.global.XXX.com> Auth Schemes used : <>

What you normally see in this log is:
Access type: No proxy

It turned out that someone had set these proxys using the proxycfg.exe command. I ran the command on the servers that had issues and it came back with the same list of servers as are in the log.

More info on proxycfg.exe can be found here – http://support.microsoft.com/kb/900935.

The fix is a fairly simple one, you just need to run proxycfg –D which will remove the proxy and bypass list.

Unable to mount image

Recently had an issue when creating custom boot images on our 64bit ConfigMgr SP2 server. The wizard would stop when it starts to generate the boot image and error with “Error while importing Microsoft Deployment Toolkit Task Sequence. Details: Unable to mount image”.

The issue turned out to be a problem with the PATH variable on the server as it included a 32bit (C:\Program Files (x86)\Windows Imaging\) and a 64bit path (C:\Program Files\Windows Imaging\) for Windows Imaging.

When I removed the 32bit path the wizard went through fine!

Installing ConfigMgr Clients on servers in a DMZ/Workgroup/another domain

Had to recently do this and have come up with a decent checklist to go through:

1. Logon to the server using an admin account

2. Ensure the management point, distribution point and server locator point (SLP’s are required when the client can’t connect to AD) are resolvable when pinging. Chances are the ping won’t be successful as ICMP may be getting blocked at the firewall but they do need to resolve. If, as is most likely, they don’t resolve then you need to add them all to the HOST and LMHOST files (or use WINS if possible).

3. Ensure the MP, DP and SLP can all resolve the DNS name of the server in the DMZ.

4. The MP, DP and SLP need to have access through the DMZ firewall with port 80 being opened

5. Copy the ConfigMgr client install files locally to the server

6. Uninstall any version of SMS or SCCM already installed

7. Normal client push won’t work so you need to manually install the client using the local files and the following command line:
ccmsetup.exe SMSSITECODE=SiteCodeHere FSP=FSPServerHere SMSSLP=SLPServerHere

8. Once the client shows up in the ConfigMgr console, you’ll need to approve it (this needs to be done from the clients parent site not from the central site)

9. Ensure there is a Network Access Account setup for the site (this is used to access the content on the DP)

10. Ensure all adverts sent to the servers are set to download and run (this is so it uses BITS (port 80) rather than SMB as this would mean adding more ports to the firewall)

11. Test some package deployment and software updates to ensure it works

Hope this helps

Cheers
Nik