willisj318

I think if you initiate and application deployment eval cycle it will re run it as well. It seems to work this way in my lab at least. What I did was create an applicatoin and make it required, it installed OK. I then uninstalled it and ran that scan, it then installed again without me having to do anything else. You most likley want to schdule a re evaluation for software deployment. Default is 7 days. See the header Software Deployment. http://technet.microsoft.com/en-us/library/gg682067.aspx

Its for both. You can manage whatever you want really if you know how to do it. We only run it on select machines in specific OUs. Im a complete novice with it as well but I would imagine if you run it on clients and dont configure it correctly you would get never ending amounts of notices.

That seems kid of a round about way to get it done. I agree with Peter. Since you install the 32 bit on all machines, just deploy it. Use a requirement on 64 bit verison to install only on 64 bit machines. In your task sequence just add a condition to the java x64 step to only install on x64.

Yes thank you. Makes more sense to me now.

So check box one creates IP subnet boundaries?

Can you clarify your point above about discovering IP Subnets? You say in Production to only select the wnd option Auto create IP Address Range boundaries. But then link to an article about how they are evil? Am I reading this incorrectly? Wouldnt you want to only use the first check box? Auto Create AD Site boundaries?

Why you want that 100mb hidden partition? Does it give you any benefits?

Good to know, thanks!!!

You cant deploy an EXE via the Application model. You need to use the packages model. Even if you try to set it manually it wont let you.

I personally have not seen anything official, but every environment is different. Your fallback status point should be a seperate server from your main MP. I personally like to have SQL and the DP seperate sine they get hit a lot. In our 2007 we hav SQL on the primary box and its fine.

Hopefully this helps.

I have this information in my beta book. I will look through it and try to post it sometime today. With what you stated I think I would do one primary, and a dp at every location, you say that they want to use every feature. Putting a DP on a server OS at each of the 4 sites gives them the content locally as well as imaging capabilities. Even if they dont need imaging you can put a DP on a $200 win 7 box now. I dont think you need two MPs. I always like to spread out the roles if possible onto multiple servers as well.

Is it a problem setting up your boundaries in 2012 the same as in 2007 but just not auto deploying the client?

First take a look at Windowsupdate.log in c:\windows and see if you see anything in there about Definition updates. This will tell us if it is even detecting the updates. You will see it scan, tell you there is 1 update to install, it will look something like this. If it is not detecting the update, then something else is going on. If it is detecting it, then it is probably a downloading issue. 2012-06-12 05:00:01:058 2144 e34 COMAPI -- START -- COMAPI: Search [ClientId = CcmExec] . 2012-06-12 05:00:01:105 988 b38 Agent ** START ** Agent: Finding updates [CallerId = CcmExec] . 2012-06-12 05:00:09:404 988 b38 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://your server name.pcsupport.lab.com:80/ClientWebService/client.asmx . 2012-06-12 05:00:42:024 988 b38 Agent * Added update {4AE85C00-0EAA-4BE0-B81B-DBD7053D5FAE}.104 to search result <---- you should see a bunch of these .. 2012-06-12 05:01:09:901 988 a0c Agent * Updates to install = 1 2012-06-12 05:01:09:901 988 a0c Agent * Title = Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.127.1762.0) . 2012-06-12 05:01:30:648 2144 ea4 COMAPI - Install call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0) 2012-06-12 05:01:38:573 988 b38 Report REPORT EVENT: {04173AD4-F25B-41BE-A968-74B20858E4F8} 2012-06-12 05:01:30:243-0400 1 183 101 {51B0BB1A-AF0B-4F89-960D-39F20D0752A6} 100 0 CcmExec Success Content Install Installation Successful: Windows successfully installed the following update: Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.127.1762.0)

Yeah i was looking at our lab and the log is pretty bland. Can you tell if it is finding the update and not downloading it, or just not finding the update at all? Is the auto deployment rule downloading the patches correct and adding them to the update group, etc?

You are right. Are you sure the ones up to date are updating from SCCM and not going out to MS? I would take that part out of the policy first to make sure that is not happening. What if you tell the machine to download the definition updates via the console (Right click on the machine, endpoint, download)? I believe the log you are looking for is under the nomral CCM Logs folder and is named EndpointProtectionAgent.log

I have discussed this with a few colleagues but we dont use SCEP so I'm not sure if this is 100% accurate. But check your automatic Sync rule for updates, it needs to be on at least the same schedule as your auto deployment rules. For example. If you want to update scep every 8 hours, your updates need to sync every 8 hours, and preferrably they sync BEFORE your deployment rule runs. Now this was done in Beta, so that might have changed with the production release.

Your best option IMO is to look at the smsts.log file or the report to get a more detailed error message. http://sccmguy.com/2011/03/29/where-is-the-smsts-log-located/ - I believe these paths to the smsts.log file are still the same in 2012.

In my experience, you need to do two things. One is check the box in your screenshow about Copy the content ..... for every package in your task sequence. 2nd is that in your task sequence Deployment you need to change to run from the DP instead of download. Yes the error is stupid because it tells you package ID ### cannot be located, when it is in fact there, and is in fact not the problem package.

You can only install the reporting role on a server with SRS installed. In your instance you can A. Install RSR on the CCM Server or B. Install the reporting role on the SQL Server.

What is your setup ?is sql installed on the same box as sccm or a seperate server? Reporting services would be under the Configuration Tools folder.

Can you share your solution for this please?

Applications can more easily be assigned to groups, users or collections instead of collections. Applications are used with device affinity. You can use rules with applications. You can require approval if desired. You can use applications to alert for comliance. Packages is the old way, it is virtually the same as it was in 2007.

Yes, as far as I know. This way is obviously riskier since if you do enable the client even accidentally everyone is upgraded.

Pretty much yes but I'm not sure on the DB table names. Yes this is possible. Yes, you can have 2012 discover the items but dont auto install the client. Manually install it on the PCs you want it on. Or only discover and auto install onto certain critera like subnet or OU.