Microsoft News Summary – 7 May 2014

Between a bank holiday and some travel, I’ve been unable to post, but I’ve saved up the headlines from those days:

Windows Server and System Center 2012 R2 Previews Are Available

It’s all over social media this morning; You can download WSSC 2012 R2 (That’s WS2012 R2 and SC/SysCtr 2012 R2) from TechNet and MSDN right now.  The previews for the following are available now:

  • Hyper-V Server 2012 R2
  • Windows Server 2012 R2 Essentials
  • Windows server 2012 R2 Datacenter
  • System Center 2012 R2 Virtual Machine Manager (x86 and x64)
  • System Center 2012 R2 Service Manager (x86 and x64)
  • System Center 2012 R2 Data Protection Manager (x86 and x64)
  • System Center 2012 R2 App Controller (x86 and x64)
  • System Center 2012 R2 Configuration Manager (x86 and x64)
  • System Center 2012 R2 Orchestrator (x86 and x64)
  • System Center 2012 R2 Operations Manager (x86 and x64)
  • Windows Server 2012 R2 Virtual Machine
  • Windows Server 2012 R2 Virtual Machine Core

SQL Server 2014 CTP1 is also up there for you to test.

image

Remember that these are preview releases – that’s like a beta (the product is not finished and has no support unless you are in a MSFT supervised TAP program) but without the feedback mechanism of a beta.  Do not use these preview releases in production!

I have the bits downloading now.  I’m on a customer site today so I don’t know if I’ll be deploying the bits or not until tomorrow.

Remember To Set Your Network Speed in ConfigMgr 2012 Multicast

I’m currently on a 2 week project on a customer site to install System Center 2012 Configuration Manager with a focus on OS deployment to bare metal and application installation.  It’s been fun dong my first production install of ConfigMgr 2012.  You can really only push it so far in a virtualised lab and quite a bit has changed since 2007 R3 – it’s kind of like moving from XP to Windows 8 Smile  The biggest challenge is finding where things have moved to.

Today we moved to physical machine testing, verifying the drivers were installed, and IDing/importing those that got missed out.  Interestingly, the recently released HP all-inclusive driver pack for PCs/laptops is missing quite a few drivers.  We’re finding them in the per-model archives with no issues, as we are for the Dell machines.

One of the nice finds today was that I’d forgot to turn on Multicast on the distribution point and set the network speed in Multicast.  By default it is 100 Mbps.  I switched that sucker up to 1 Gbps.  Two things happened:

  1. All deployments that were on-going broke as the DP was updated.  This wasn’t instant either, taking a couple of minutes.
  2. Damn, OS deployment became so much quicker afterwards, as one would expect.

One of the nasties was a 3G modem “driver” by Ericsson on one of the HP laptops.  I say “driver” because there isn’t the usual collection of files including a .sys and .inf.  Instead, it’s a setup.exe.  Extract that and you get more files and another setup.exe.  Crap!  Maybe it has a silent install.  Maybe if it does we can package it up, and distribute it to a collection based on the model name of the laptop in question.  I’m even wondering if we can make it a conditional step in the task sequence where the condition is based on a ZTIGather model discovery.   It’s the only 3G modem we’ve had like this in about 8 or so laptop models so it sucks that it stands out like a sore thumb.

Error 0x800705AA: Insufficient System Resources During SCCM OSD Task Sequence

I had an interesting week this past week, doing my first production installation of System Center 2012 Configuration Manager in a production environment, with the focus of the project being on operating system and software deployment.  On Friday I had an interesting issue start to flare up while testing on some VMs.  The task sequence was failing during the installation of the operating system image.

The key log to analyse during a task sequence execution is SMSTS.LOG which can be found in WindowsTempSMSTS on the X drive.  You can get access to this log by enabling the command prompt for diagnostics in your boot image (remember to redistribute to your distribution points) and pressing F8 while the boot image is running.  In here I found:

Error 0x800705AA: Insufficient system resources

Damn!  I had to think for a few moments about this one.  Then it hit me.  I develop my reference image using a VM (snapshot right before the sysprep so I can rollback [apply snapshot], tweak and recapture) and I test on VMs before moving onto driver testing on reference hardware.  How were the VMs configured?  Dynamic memory with 512 MB startup memory.  The boot image doesn’t appear to have integration components for DM so  the 512 MB never burst up to the potential maximum memory of 4096 MB.  The boot image requires a minimum of 512 MB.  I guess the boot image needed more RAM than the startup, couldn’t avail of the maximum amount, and failed the task sequence.

The quick fix: I bumped the startup memory to 1024 MB, tested, and everything’s sorted.

Microsoft Application Approval Workflow Available for Download

Just arrived in my inbox:

The Microsoft Solution Accelerators Team is pleased to announce that Microsoft Application Approval Workflow is now available for download

The Application Approval Workflow (AAW) takes an application request submitted through the System Center 2012 Configuration Manager Application Catalog and transforms it into a System Center 2012 – Service Manager service request, allowing flexible approval lists and activities.      

The AAW illustrates the integration of the components of System Center 2012, taking the basic functionality of the ConfigMgr 2012 Application Catalog and extending it into the Service Catalog of Service Manager.

Key feature list:

  • Sync Configuration Manager applications data into the Service Manager database.
  • Monitor and transport Configuration Manager Application Catalog requests requiring approval to Service Manager and open a service request.
  • Return the completed approval workflow status to Configuration Manager for handling.
  • Allow administrators to define and maintain application selection criteria for specific applications or application groups and specific users or user groups.
  • Track service application requests and view application catalog contents in Service Manager.

MMS 2012: Deep Dive Into ConfigMgr 2012 DRS and SEDO

Speaker: Saud Al-Mishari, MSFT PFE – think he’s based in the UK

The session is on the new replication model: RCM, DRS, and SEDO.

Key Concepts

  • SQL replication in ConfigMgr 2012 is nothing do do with SQL Server Transaction Replication
  • Data Replication Service (DRS)

Terminology

  • Stored procedure: sproc
  • SSB: SQL Service Broker
  • Change Tracking: SQL Server Change Tracking

More:

  • RCM: Replication Configuration Management/Monitoring
  • Replication Pattern: a set of rules on what will replicate
  • Replication group: a set of tables that are monitored and replicated together
  • Replication Link: a replication connection between two SQL servers for a particular RG
  • Backlog: Unable to write data t the SQL Server DB after being received in the SSB Queue (usually SQL Server write performance)

New Replication Model

  • Global data is anything an admin creates and is replicated everywhere, e.g. collection rules
  • Site data is stuff like status, collection membership results, replicated up to parent site.

Client generates XML file and copies to management point.  MP copies MIF to the site server.  Site server process it.  DRS replicates the changed data to the parent  CAS contains the discovery data.

SQL Server Change Tracking

  • Change tracking allows application to keep a record of rows in a table that have been changed: insert/update/deete
  • Does not track changed data – obtained directly each sync
  • Added in SQL Server 2008 … not to be confused with Change Data Capture
  • Is enabled at the DB level and at the table level.

DO NOT ALTER THIS SETTING ON A SITE DATABASE

SQL Service Broker

Messaging service:

  • Asynchronous queue based service
  • Guaranteed delivery (not infrastructural guarantee – developer guarantee)
  • Allows messages to be grouped into a conversation … messages processed in order, allows for multiple threads to process queue

Elasticity:

  • Allows scalability

Replication Patterns

  • Global data flows in both directions.  CAS and primaries all have the same data, e.g. collections and package meta data.
  • Site data flows up.
  • Global-proxy is admin and control data for secondary sites.  A primary and secondary sites all have the same data.  Subset of global data that secondary sites needs.  Leverages SQL 2008 R2 Express at the secondary site with 10 GB limit.

Select * from vReplicationData to find all RGs and their sync schedules

ID is the key field in here.

Provider Access

SMS_ReplicationGroup is a new WMI class that supports replication.  1 instance per RG.  Status propert allow you to determine the sttus of the RG.

What’s in an RG?

Select * from vArticleData where ReplicationID = XX  …. using ID from above query

How big is the RG?

EXEC spDiagGetSpaceUsed

If a site goes down for a week or two, how much data must you send across?  Use the above query to figure out how much data must be replicated by the RG.

Demo

In the SQL Management Studio.  Select * from vReplicationData. Can see all the patterns for global, site and global-proxy.  SyncInterval is the number of minutes between replications.  DRS runs every 5 minutes .. no control over that. 

Select * from vArticleData where ReplictionID = 7.  Looks like Endpoint Protection data being replicated here.

Runs spDiagGetSpaceUsed .. takes a while.  Returns the size of the tables.  Replication Pattern shows the amount of data to replicate if you lose a site for the 3 patterns (global, site, global_proxy).

DRS Architecture

  • RCM handles replication link setup, maintenance and monitoring – command and control.  It’s a thread of SMSEXEC.
  • SSB is the transmission engine of replication
  • The Sender still lives and is used for bulk copy for initialization and re-init.
  • 5 day limit on DRS for outages – Due to the need to retain changes.  It retains 5 days of data.  Try to expand this for a 30 day outage and ConfigMgr needs to maintain 30 days of data.  It’s 5 days to handle a long weekend apparently – site breaks at start of holiday, come back 4 days later and fix it. 

Initialisation:

  1. BCP: to extract table data
  2. Sender: SMS EXEC sender thread
  3. SMB/CIFS: copy data to the destination

On-going replication

  1. SQL Server Change Tracking
  2. DRS sprocs and SQLCLR
  3. SQL Server Service Broker
  4. XML

Demo – Break replication

SQL DBA has a bad day and disables dbo.ConfMgrDRSQueue.  CMTrace is started from DVD.  Opens rcmctrl log on site server.  See that the queue not running causes and error.  We can see that ConfigMgr actually reached out into SQL and re-enabled the queue. 

In CMconsole , we have send demo.  The link is degraded in one direction but not the other under Database Replication.  Looks like TCP 1433 connectivity issue.

Site Initialisation

  1. Setup start
  2. Setup asks CAS for site number.  If you have more than 50,000 clients, then you need SQL Enterprise Edition to chunk up data in the DB and partition it.
  3. Setup finished and waits for replication to initialise.
  4. The replication configuration data is requested.  This group tells RCM as the primary how replication should be setup
  5. CSA receives request and BCPS out the data and sends it via sender back to the primary
  6. Primary now request remaining Global Replication Groups.  CAS creates the BC packages and send them back to the primary.  Primary then applies the new data from the CAS.
  7. Primary site receives BCP fles and inserts all the data from the CAS>  The primary can now switch to normal replication.

DRS Message Replication

  • Provider executes query that modifies table
  • SQL Server writes entries into change tracking table
  • On DRS sync: changes are packages up and inserted into SQL Server message queue sing a stored proc.
  • Message Broker transmits the message to the receiving site.
  • RCM monitors the queue launching activation stored procs to process
  • And more on receiving side to insert modifications on receiving side

WARNING: When A CAS Goes Offline

When the CAS goes offline for more than 5 days, don’t make changes on the Primary as a substitute as the CAS.  The CAS will re-initialise the primaries after more than 5 days outage, thus wiping the Primary’s changes.

DRS Troubleshooting

  • The Replication Link Analyser RLS should be yur first stop.  It’s predictable and can do some fairly complex remediation
  • RCM Log should be the follow up.  But this is just a summary of what has happend.
  • For transmissions layer errors, the SSB queue is sometimes the most immediate source for error messages (of this type)

Views for Detailed Info

  • The main logging view: vLogs.  They log into the DB.  Select top 1000 * from vLogs order by LogTime desc.  Limit that number.  DO not select everything.  Will hammer prod environment and compund the issue.
  • SMS_Replication_Configuration_Monitor registry key to configure logging

DRS Troubleshooting

  • Ensure that TCP 1433 exception is there for SQL Service and 4022 for SQL Broker.
  • SSB keys transmitted through setup – monitoring with Hman.
  • spDiagDRS will give you an overview of the state of DRS replication at the site.  SiteStatus (coded), Replication Group Initialization Status, DRSQueueStates, QueueLenghts (ideally 0 and 0 or you have a backlog), Replication Group Status deltails the last time messages sent

Demo: View Queues

Click on the queues in SQL under service broker under CM database.

Procedural troubleshooting of DRS DEMO

Turns of SQL Broker. Makes a change to Client Policy.

  1. Run spDiagDRS: EXEC spDiagDRS in SQL MS.  We see messages jammed in the outbound queue.
  2. SSB transmission_queue: 
  3. Service broker queues: We see connection failed errors.  Telnet to the port and we see it fails.
  4. vLogs: select * from vLogs ORDER BY LogTime DESC (beware * in real world … too much data)
  5. RCM_ReplicationLinkStatus

The Database Replication link in CM console will flip to degraded and then flip to fail after about 25 minutes.  Can run Replication Link Analyzer (RLA).  In the demo it shows that there’s a network connectivity issue.

Invoke-WmiMethod –namespace rootrootsmssite_CAS –path SMS_ReplicatinGroup –Name InitializeData = arguementlist “20”, “CAS”, “PR1” to reinitialize a RG.  RLA should do this for you if required.

SEDO – Why do we need a way of controlling changes?

  • As global data is replicated everywhere, a user on a primary site culd change an object at the same time as a user on the CAS or another primary.
  • This is an unavoidable consequence of multi-master replicated data model – ask AD.
  • SEDO is the solution to this.

What is SEDO?

  • SEDO = Serialized Editing of Data/Distributed Objects
  • Provides a way to enforece a single user editing of an object at any one time.
  • A lock request round trip can take less than 200ms from Primary to CAS to Primary
  • Default Timeout is 5 minutes.
  • Only SEDO enabled objects require users to get a lock
  • Supports explicit and implicit lock handling.
  • This is all transparent to admins.  Important for devs building extensions to CM.

Microsoft Deployment Toolkit (MDT) 2012 Download

Microsoft has released the new 2012 download for the free task sequence based imaging solution for deploying Windows (and it integrates into System Center 2012 Configuration Manager).

Deploy Windows 7, Office 2010 and 365, and Windows Server 2008 R2 with the newly released Microsoft Deployment Toolkit 2012. MDT is the recommended process and toolset for automating desktop and server deployment. MDT provides you with the following benefits:

  • Unified tools and processes, including a set of guidance, for deploying desktops and servers in a common deployment console.
  • Reduced deployment time and standardized desktop and server images, along with improved security and ongoing configuration management.

Some of the key changes in MDT 2012 are:

  • Comprehensive tools and guidance to efficiently manage large-scale deployments of Windows 7 and Microsoft Office 365.
  • An enhanced user-Driven Installation (UDI) deployment method that utilizes System Center Configuration Manager 2012. UDI lets end users initiate and customize an OS deployment on their PCs—via an easy-to-use wizard.
  • Ease Lite Touch installation through integration with Microsoft Diagnostics and Recovery Toolkit (DaRT).
  • This release provides support for deploying Windows 8 Consumer Preview in a lab environment.

System Center 2012 Technical Documentation Downloads

Smell that?  We’re getting close to release!  Microsoft has released a bunch of technical documentation downloads for System Center 2012:

And there’s a lot of related downloads available too:

  • Microsoft Security Compliance Manager: Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.
  • System Center 2012 – Service Manager Component Add-ons and Extensions: Download and install add-ons and extensions for the System Center 2012 – Service Manager component.
  • System Center 2012 – Orchestrator Component Add-ons and Extensions: Download and install add-ons and extensions for the System Center 2012 – Orchestrator component.

And there are some new management packs too!  Check the catalog, read the documentation, prep, download, import, and configure as specified in that documentation you made sure to read first, rather than lazily importing the management packs via the import GUI and hoping for the best Smile

Configuration Manager 2012 Error, Past Due – Will Be Retired

I just had a bit of a head scratcher while building my ConfigMgr 2012 lab.  I had created an application to deploy Lync 2010 by policy to a collection of devices.  The “mandatory assignment” (this is old terminology for legacy packages/advertisements) was to install the Lync 2010 client as soon as possible.

I refreshed policy on my test machine and got this error in Software Center:

Past Due – Will Be Retired

Huh?!?!  I didn’t set an expiration on the deployment.  I could not figure this out.  The AppEnforce log in C:WindowsCCMLogs held the clue to this mysterious error:

Command Line: setup.exe /install /silent

The installer is called LyncSetup.exe, not Setup.exe.  I corrected the Deployment Type in my application for Lync 2010 and reran machine policy on the client machine.  The install now worked.  Then the real test: I manually uninstalled Lync, and ran the Application Deployment Evaluation Cycle on the client.  The reinstall (by policy) worked perfectly.

My Configuration Manager 2012 Demo Lab on Windows 8 (Client) Hyper-V

I am one of a number of guest presenters at the Microsoft Ireland System Center 2012 launch events in Dublin (this Thursday) and Belfast (next Tuesday).  Each of the 4 guests are presenting different aspects of System Center in the afternoon with 40-45 minute slots for each of us. 

I have a background in SMS/Configuration Manager (I was an MVP for 1 year before switching to Hyper-V) and the others tend to focus on VMM/OpsMgr/Service Manager/Orchestrator so I decided I’d go for the product that I happen to love most of the lot … the one that lets an IT megalomaniac have his/her way with a network.  OpsMgr might be the product that I would always put in 3rd in a new network (DCs first, Hyper-V second), but ConfigMgr would never be far behind because I can get so much information from it and use it to deploy and control the entire lifecycle of the PCs.  So that’s what I’ll be focusing on in my presentation.

The lab “looks” something like this:

image

The “beast” laptop is booting from Windows 8 (the client OS) Consumer Preview and Hyper-V is enabled.  I have my VMs stored on the SSD.  The laptop is connected to Wi-fi with DHCP enabled, making it mobile – perfect for demos.  I need to be able to demo OS deployment with my lab so I need DHCP that is insulated from the physical world.  Therefore my lab guests are running on an internal virtual switch rather than an external one.

I still need Internet access.  That’s why I have an external virtual switch.  It is configured to enable the parent (the Win 8 OS on the laptop) to share the Wi-fi connection.  I have set up a virtual proxy server to enable the isolated guests to have Internet access – the Configuration Manager Primary Site Server needs to download updates from Microsoft. 

I also need the parent partition to access the internal virtual switch (to copy files to machines and to RDP into VMs for the demo – RDP performs better than Virtual Connect) and to simultaneously access the Wi-Fi network.  DNS was an issue.  The solution?  I have configured the Internal local area connection on the parent partition with an IP config for the Internal network.  The browser is also configured to use the guest proxy.  Problem solved and I’ve accelerated browser performance.

I have to set the presentation in stone still.  I got the lab 95% to where I want it but the presentation will be demo-centric:

  1. Talk about ConfigMgr
  2. The new approach of ConfigMgr and new features, then switch to demo
  3. OS deployment
  4. Security (Endpoint Protection, patching and firewall policy)
  5. End user experience – solve a problem using the Application Catalog
  6. Admin experience – New console, s/w deployment, custom policy, auditing, reporting, dashboards, etc.

Considering the focus of Configuration Manager 2012 is controlled, secure, and audited empowerment of the end user then I want to show as much of that as possible.  That’s the goal anyway Smile