Jump to content


Photo

using SCCM 2012 RC in a LAB - Part 4. Configuring Client Settings and adding roles


  • Please log in to reply
62 replies to this topic

#1 anyweb

anyweb

    Administrator

  • Root Admin
  • PipPipPip
  • 5,417 posts
  • Gender:Male
  • Location:Sweden
  • Interests:Deploying Operating systems and more with System Center Configuration Manager

Posted 29 October 2011 - 07:45 PM

Update: This post has been superseded since the release of the RTM version of Configuration Manager 2012. To see the new post please click here.

In Part 1 of this series we got our AD and SCCM servers ready, and then we installed System Center 2012 Configuration Manager as a standalone Primary site. In Part 2 we configured the SCCM server further by adding some Windows Server roles necessary for the following Configuration Manager 2012 functionality, Software Update Point (SUP) and Operating System Deployment. In Part 3 we configured the server further by Enabling some Discovery methods and creating Boundary's and Boundary Groups. Now we are ready to configure Client Settings, Add roles and Distribute the Configmgr Client to our Computers.

Step 1. Add the Application Catalog Web Site Roles

Perform the following on the Configuration Manager server as SMSadmin

In Administration, click on Servers and Site System Roles and right click on our Site Server, choose Add Site System Roles.

Note: If you are using a multi-site hierarchy setup (CAS + Primaries), you need to perform the following on your Primary site(s) as the roles listed below won't be available for CAS. For a Standalone setup perform the following on your standalone primary.

add site system roles.png

click next at the wizard general screen

general.png

Select both of the Application Catalog roles

application catalog roles.png

confirm your Application Catalog Web service point selections

application catalog web service point.png

and the Application Catalog Website Point settings

application catalog website point.png

enter your Organisation name and pick a Color scheme for the Application Catalog ! (New since Beta 2) !

application catalog customizations.png

click next through the summary and progress screens, verify everything at the completion screen.

summary screen.png


Step 2. Configure Client Agent Settings

Perform the following on the SCCM server as SMSadmin

Note: You can configure custom client settings applicable for each site in your hierarchy by creating custom client settings on that Primary site, or if you want settings applied to all your computers in your hierarchy you can edit the Default Client Settings (on your CAS site).

In the Administration section click on Client Settings in the left pane, and select the Default Client Settings listed, right click choose Properties

client settings properties.png

Click on Client Policy and we'll set this to every 15 minutes as it's a LAB (the Default setting is 60 minutes), this means that once every 15 minutes the Client will contact it's Management Point for any new policy.

client policy.png

now choose Computer Agent and configure it as follows:-

Click on Set Website for Default Application Catalog Website and set it to select the FQDN one that is listed

fqdn.png

Set Add default Application Catalog website to Internet Explorer trusted zone to True

Set the Organization Name Displayed in Software Center to My Organization (change that to suit your organization)

so your Computer Agent settings should look like this

computer agent settigns.png

Set the Software updates schedule from 7 days to 1 day, this will be because we want to synchronize Endpoint Protection definition updates on a daily basis.

1 day.png

Select User and Device Affinity and change Allow users to define their primary device to True.

define uda.png

click Ok to save the Client Agent Settings.


Step 3. Deploying the Client Agent

Perform the following on the SCCM server as SMSadmin

Note: In a Multi-site Hierarchy (CAS+Primaries) you will need to configure client installation settings on the primaries as CAS does not manage clients and the options will therefore be greyed out on the CAS.

Now that we have made changes to the Default Client settings, we want to deploy the ConfigMgr Client to our computers in the LAB. Before doing so we need to decide what method is appropriate for installing the client on our computers.

The following methods are available

Client Installation Method Description
  • Client push installation - Automatically installs the client to assigned resources and manually installs the client to resources that are not assigned.
  • Software update point installation - Installs the client by using the Configuration Manager 2012 software updates feature.
  • Group Policy installation - Installs the client by using Windows Group Policy.
  • Logon script installation - Installs the client by using a logon script.
  • Manual installation - Manually installs the client software.
  • Upgrade installation - Upgrades clients to a newer version by using Configuration Manager 2012 application management. You can also use Configuration Manager 2007 software distribution to upgrade clients to Configuration Manager 2012.
  • Client Imaging - Prestages the client installation in an operating system image.
Please refer to Technet to Determine the Client Installation Method to Use in Configuration Manager 2012.


For the purposes of this LAB we will select Client Push Installation. Make sure to review the Client deployment Prerequisites on Technet, in particular pay attention to the Firewall Ports used during client push installation.

firewall ports.png


Note: we will use the ClientInstall account to install the configmgr client on our computers, make sure that this account is a local administrator on your target computers.

In Administration, click on Site Configuration, Sites, select our site, in the ribbon above click on Settings, it will open a new menu, from that menu select Client Installation Settings and from there select Client Push Installation.

client push installation.png

On the general screen, place a checkmark in Enable Automatic site-wide client push installation

general tab client push.png

Click on the Accounts tab, and select the yellow star, choose New Account

accounts.png

type in (or browse to select the AD user) the Client Push account, use our ClientInstall account which we created in Active Directory in Part 1.

verify.png

Note the Verify button, this is new since Beta 2 and allows you to verify that the credentials can connect to your network resources, if you get your password wrong it will tell you !

Click on Verify and type in a Unc path to check.

successfully verified.png

Click Ok.

Click on Assets and Compliance and expand Devices, All Systems, you should see that our SCCM server has a client installed but our Domain Controller does not.

Note: If the site server cannot contact the client computer or start the setup process, it automatically repeats the installation attempt every hour for up to 7 days until it succeeds.

You can wait until Client push installs the client or manually install it right now by Right clicking on the Domain Controller and choose Install Client.

install client.png

set the Installation Options

installation options.png

click next through the wizard, close. Meanwhile, on the DC (AD1-Domain Controller) check task manager, and you'll see ccmsetup starting...success

ccmsetup.png

after some minutes the client is installed and you can refresh the view, you'll notice is says Client=Yes on both our systems in the Lab and there are new tabs to look at since beta 2 on the bottom of the screen. We'll get to them in a later post.

ad has client.png

On your AD computer you can start Software Center

software center.png

click on Find applications from the application catalog

fine.png

and your Application Catalog will pop up in Green !

application catalog green.png
Microsoft MVP > Enterprise Client Management
My linkedin profile at > linkedin.com
Follow me on Twitter > ncbrady
Follow windowsnoob.com on Twitter > windowsnoob
My blog

#2 LubeJob1970

LubeJob1970

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 30 October 2011 - 10:25 PM

When I click on the find applications from the app catalog I get a prompt to enter a username and password? Why is that?

#3 jmmj69

jmmj69

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 31 October 2011 - 02:04 PM

I have a problem my Application Catalog IE says Error 404 File or directory not found ! ! can you help me thanks ! !

#4 wee_ads

wee_ads

    Newbie

  • Members
  • Pip
  • 8 posts
  • Gender:Male
  • Location:Christchurch, NZ

Posted 01 November 2011 - 06:14 AM

When I click on the find applications from the app catalog I get a prompt to enter a username and password? Why is that?


Hey mate, I encountered the same issue and after a little research this is a 'by design' result of the browser. Using IE, add the server FQDN of the Application Catalog service to the local intranet zone.

Following the above guide, you would add "sccm.server2008r2.lab.local" to the local intranet zone in IE.

#5 LubeJob1970

LubeJob1970

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 01 November 2011 - 07:25 PM

Isnt that the job of the add internet site of Application Catalog to trusted zones drop down to true value is supposed to do?

#6 wee_ads

wee_ads

    Newbie

  • Members
  • Pip
  • 8 posts
  • Gender:Male
  • Location:Christchurch, NZ

Posted 01 November 2011 - 10:41 PM

I would assume that that is what the trusted zones drop down is supposed to make work - but as shown to date the prompt for credentials pops up - even when the trused zones is populated with the sccm server. Being RC software might mean that this may be resolved in the RTM release.

As mentioned previously, by adding to the Local Intranet site alleviates the problem. This setting could easily be added into a group policy which populates this zone for all domain members (or a subset of depending on how your environment is configured).

#7 jamest2305

jamest2305

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 11 November 2011 - 10:20 AM

just to add a quick note for anyone having issues pushing the clients out, I had to install .net 4 for it to work.

#8 RazorMan

RazorMan

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 11 November 2011 - 09:26 PM

I have a problem my Application Catalog IE says Error 404 File or directory not found ! ! can you help me thanks ! !


I hade the same issue, but got it sorted out after reading the logs. You probably installed the .NET 4 before IIS was configured so there is the problem. to fix it;

1. Remove both of the Application Catalog roles
2. Run :%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe –iru
3. Install both of the Application Catalog roles again

Then the page will show up as it should.

#9 LubeJob1970

LubeJob1970

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 14 November 2011 - 11:45 PM

2 problems!

1) Clients arent getting pushed. Not even the site server says the client is installed.
2) Cannot connect to the Application Server error when trying to browse software.

HELP!!!!

#10 plugstar

plugstar

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 20 November 2011 - 12:14 PM

2 problems!

1) Clients arent getting pushed. Not even the site server says the client is installed.
2) Cannot connect to the Application Server error when trying to browse software.

HELP!!!!


1) - make sure the user account clientinstall (or whatever account you're using) has permissions to install software on the target machine otherwise it won't work.

2) - Ensure that the WCF Activation feature is installed and HTTP Activation is enabled. You can set this up on the SCCM Server via Server Manager, Features, Add Features, Extend .net framework and ensure WCF Activation is selected.



#11 anyweb

anyweb

    Administrator

  • Root Admin
  • PipPipPip
  • 5,417 posts
  • Gender:Male
  • Location:Sweden
  • Interests:Deploying Operating systems and more with System Center Configuration Manager

Posted 20 November 2011 - 05:01 PM

and make sure you've got your site assigned in the boundary group, check Heirarchy Configuration, Boundary Groups, and click on the references tab, is your site assigned ?
Microsoft MVP > Enterprise Client Management
My linkedin profile at > linkedin.com
Follow me on Twitter > ncbrady
Follow windowsnoob.com on Twitter > windowsnoob
My blog

#12 JGortney

JGortney

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 28 November 2011 - 09:12 PM

Here is my problem.

I can push the client out to a PC but SCCM doesn't report the client installed. When I go to the CCMSetup Log on the PC it shows return code 0 which means successful install.

What gives? What did I do wrong here?

#13 jimtully

jimtully

    Member

  • Members
  • PipPip
  • 11 posts

Posted 05 December 2011 - 09:46 PM

I am having the same issue. It appears that the client is installed. However in the Config Manager it still says Client = No. When i try to open the Software Center on the client machine i get the popup: "Software Center can not be loaded. There is a problem loading the required components for Software Center. You can try launching Software Center at a later time. If the problem continues, you can contact your helpdesk.

#14 jimtully

jimtully

    Member

  • Members
  • PipPip
  • 11 posts

Posted 05 December 2011 - 09:51 PM

Nevermind. Reboot fixed my issues.

#15 gordonf

gordonf

    Advanced Member

  • Members
  • PipPipPip
  • 30 posts
  • Gender:Male

Posted 06 December 2011 - 08:48 PM

When I click on the find applications from the app catalog I get a prompt to enter a username and password? Why is that?

I had better luck by setting the intranet zone instead of the trusted sites zone on a "hardened" IE setup.

Windows Server since 2003 has this hardened mode for Internet Explorer that disables the majority of scripting and add-ons if you're foolhardy enough to go web surfing on your production server. IE8 and IE9 have stricter controls on "Trusted Sites" than previous versions; they're closer to the "Internet Zone" settings from IE6.

To make Application Center work I instead added my AD domain (*.example.com) to my Intranet Zone using Group Policy, rather than use the "Add site to Trusted Sites" switch. This works for any other local web servers, even non-Microsoft ones, that require scripting, pop-ups and so on to work.

#16 fatos.h

fatos.h

    Newbie

  • Banned
  • Pip
  • 4 posts

Posted 12 December 2011 - 10:01 AM

<![LOG[==========[ ccmsetup started in process 20032 ]==========]LOG]!><time="09:01:09.106-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:8727">
<![LOG[Version: 5.0.7678.0000]LOG]!><time="09:01:09.128-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:533">
<![LOG[Running on OS (6.1.7601). Service Pack (1.0). SuiteMask = 256. Product Type = 1]LOG]!><time="09:01:09.128-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:666">
<![LOG[Command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf]LOG]!><time="09:01:09.128-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:2984">
<![LOG[CCMHTTPPORT: 80]LOG]!><time="09:01:09.139-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:7953">
<![LOG[CCMHTTPSPORT: 443]LOG]!><time="09:01:09.139-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:7968">
<![LOG[CCMHTTPSSTATE: 224]LOG]!><time="09:01:09.139-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:7986">
<![LOG[CCMHTTPSCERTNAME: ]LOG]!><time="09:01:09.139-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:8004">
<![LOG[FSP: ]LOG]!><time="09:01:09.139-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:8056">
<![LOG[CCMFIRSTCERT: 1]LOG]!><time="09:01:09.139-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:8114">
<![LOG[Unable to open Registry key Software\Microsoft\CCM. Return Code [80070002]. Client HTTPS state is Unknown.]LOG]!><time="09:01:09.140-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmutillib.cpp:326">
<![LOG[CCMCERTID: SMS;4E6AD9063B80D6DB70BCFD643BB7DD3E2200C23B]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="0" thread="19368" file="ccmsetup.cpp:8135">
<![LOG[Config file: C:\Windows\ccmsetup\MobileClientUnicode.tcf]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:3634">
<![LOG[Retry time: 10 minute(s)]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:3635">
<![LOG[MSI log file: ]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:3636">
<![LOG[MSI properties: INSTALL="ALL" SMSSITECODE="PCB" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="224" CCMFIRSTCERT="1" CCMCERTID="SMS;4E6AD9063B80D6DB70BCFD643BB7DD3E2200C23B"]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:3637">
<![LOG[Source List:]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:3645">
<![LOG[ <a href="file://\servernameSMSClient]LOG]!><time="09:01:09.145-60">\\servername\SMSClient]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:3652">
<![LOG[ <a href="file://\servernameSMSClient]LOG]!><time="09:01:09.145-60">\\servername\SMSClient]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:3661">
<![LOG[MPs:]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:3664">
<![LOG[ servername]LOG]!><time="09:01:09.145-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:3679">
<![LOG[Detected client version 2.50.4253.3000 from WMI.]LOG]!><time="09:01:09.198-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:752">
<![LOG[Upgrade from the existing client version '2.50.4253.3000' is not supported. The minimum version required to upgrade the client is '4.0.5931.0'.]LOG]!><time="09:01:09.198-60" date="12-12-2011" component="ccmsetup" context="" type="3" thread="19368" file="ccmsetup.cpp:763">
<![LOG[A Fallback Status Point has not been specified. Message with STATEID='100' will not be sent.]LOG]!><time="09:01:09.198-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:9055">
<![LOG[A Fallback Status Point has not been specified. Message with STATEID='320' will not be sent.]LOG]!><time="09:01:09.198-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:9055">
<![LOG[CcmSetup is exiting with return code 0]LOG]!><time="09:01:09.198-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:10040">

#17 fatos.h

fatos.h

    Newbie

  • Banned
  • Pip
  • 4 posts

Posted 12 December 2011 - 10:02 AM

sorry this message above is the log file on a computer that is failing to install the client through client push. I'm having this problem on all my computers. Could someone hel me.

Thanks

#18 anyweb

anyweb

    Administrator

  • Root Admin
  • PipPipPip
  • 5,417 posts
  • Gender:Male
  • Location:Sweden
  • Interests:Deploying Operating systems and more with System Center Configuration Manager

Posted 12 December 2011 - 10:11 AM

interesting look at this

<![LOG[Detected client version 2.50.4253.3000 from WMI.]LOG]!><time="09:01:09.198-60" date="12-12-2011" component="ccmsetup" context="" type="1" thread="19368" file="ccmsetup.cpp:752">
<![LOG[Upgrade from the existing client version '2.50.4253.3000' is not supported. The minimum version required to upgrade the client is '4.0.5931.0'.]LOG]!><time="09:01:09.198-60" date="12-12-2011" component="ccmsetup" context="" type="3" thread="19368" file="ccmsetup.cpp:763">



that's an SMS 2003 SP3 client ! not supported,

are you using SCCM 2012 RC to upgrade old clients or what ?

uninstall it and try again

cheers
niall
Microsoft MVP > Enterprise Client Management
My linkedin profile at > linkedin.com
Follow me on Twitter > ncbrady
Follow windowsnoob.com on Twitter > windowsnoob
My blog

#19 fatos.h

fatos.h

    Newbie

  • Banned
  • Pip
  • 4 posts

Posted 12 December 2011 - 10:43 AM

Yes, sorry for not writing, I have done every step in this manual just like you described. As I see in the log it is trying to update the old one. So I should manually uninstall the old one? Is there anyway sccm 2012 could do that for me?

#20 anyweb

anyweb

    Administrator

  • Root Admin
  • PipPipPip
  • 5,417 posts
  • Gender:Male
  • Location:Sweden
  • Interests:Deploying Operating systems and more with System Center Configuration Manager

Posted 12 December 2011 - 01:42 PM

are you trying to install the client on production computers ? this is a Release Candidate software, not for production,
you can uninstall the old sms client using ccmsetup.exe /uninstall

then try again
Microsoft MVP > Enterprise Client Management
My linkedin profile at > linkedin.com
Follow me on Twitter > ncbrady
Follow windowsnoob.com on Twitter > windowsnoob
My blog




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Locations of visitors to this page