Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

Nunzi0's Achievements


Newbie (1/14)



  1. I just tried this and it seems to work OK, but if anyone has a better idea please let me know: Create collection based on operating system -like "%Windows Server%" Exclude Collections: Server Updates 2nd Tuesday, Server Updates 2nd Wednesday, etc.
  2. Hi All, I am trying to build a catch-all collection where any new server that someone might forget to add to an AD patching group shows up in. We currently have collections built to look for specific AD security groups that patch servers on specific days. However i am trying to find a way to build a collection that looks for any servers NOT in one of these groups. Ex: ADGroup: 'Server Updates 2nd Tuesday', 'Server Updates 2nd Wednesday', etc. I built a collection that somewhat performs this by using 'System Resource.System Group Name is NULL'. However this will only show devices that are not in ANY group and not just the groups i specify. If i use 'SystemGroupName not like "Server Updates%"' it does not quite work correctly. Using the list view only shows the AD groups that currently have members in them. Therefore the results are skewed and do not show devices that are not a member of ANY of the groups.\ Does anyone have a quick way to find devices that are NOT a member of specific groups?
  3. So i cannot have an FSP designated for one site, and another FSP designated for a different site? Yes i will be using HTTPS wherever possible. As for the reporting on primary servers, this is for a site by site basis. I only want some select users to have access to reporting for all locations, and other users to have reporting capabilities for single locations. I suppose i could accomplish this with RBAC and site permissions on the CAS as well. For SQL, with our current licensing model we would need to run SQL servers that are solely for the purposes of System Center and nothing else in order to be included in the agreement. So, i want to run 2 SQL servers at one datacenter, and 2 at another datacenter in a Windows cluster. That cluster will hold the CM instance, and if possible the CAS instance. I do not manage the databases so you'll have to forgive my lack of knowledge there. This was the design given to me by the DBA's. I'll be using CM16 Secondary sites are for the more remote locations scattered across the globe. I guess i could just deploy a site server and MP/DP at those sites instead, that may be the better option since it will want a local copy of SQL.
  4. I was not aware of the CAS being down causing issues with SU. Thank you for that. If i install software update points at other primary sites, would i still be able to deploy them? To give you a better picture here's what i was thinking as far as layout: Datacenter A (Headquarters). with CAS and primary site. Roles on primary: System health validator, MP, DP, Reporting, State migration, Software Update, FSP, Asset Intelligence, Software catalog/web Datacenter B. (HQ DR) with Primary Site. Roles: System health validator, MP, DP, Reporting, State migration, Software Update, FSP, Asset Intelligence, Software catalog/web Datacenter C. Primary site. Roles: System health validator, MP, DP, Reporting, State migration, Software Update, FSP, Asset Intelligence, Software catalog/web Datacenters D-K Child Sites. Same roles. SQL will be Windows Clustered servers in multiple datacenters running only the system center instances. All servers are virtual, and will be using SCCM/SCOM 2016 and SQL 2016. I dont expect any of the datacenters to be down for any extended period of time, but i would like to be able to say that if one goes completely dark from either power or connectivity that we can still deploy to other sites.
  5. In our current DR strategy, we will typically shut down entire datacenters at a time for maintenance, patching, upgrades, etc. This is why i would need more than one primary site to be active in order to keep things up and running. If you still think that i could get by without a CAS for a scenario like this, i would definitely look into it.
  6. It's not about the sheer number of machines we have, as we probably only have around 20k. It's more for a central reporting/asset source of truth for all locations. We're going to have 3 primary sites, and several child sites, and would like to have one point where several groups can administer the entire environment as a whole for consistency at every location.
  7. I'm in the process of designing an entirely new System Center environment for my company and just have a couple of questions regarding the SQL setup for it. I know that i need a CAS hierarchy in this new setup, as it will be global. Unfortunately i have not built a CAS environment before and I'm a bit unfamiliar with the database that it runs on. My plan is to install the database instances on a clustered SQL environment, however i am just unsure if the CAS database needs to run locally on the CAS itself or not. Also, what type of data is on the CAS database itself? Is it the client data for the entire environment, or just used as a vehicle to replicate primary site data between sites? Just trying to size out the storage requirements for the databases. Any insight is appreciated. Thanks
  8. I've been tasked with building out a new instance of Configuration Manager in a brand new forest that things will eventually collapse into. I currently have one location available that i can start building in, however this is not the end goal for the primary site location. Can i build a primary site now, and then demote this to a child primary site once the final location is ready to be configured? For example, i'll be building a primary site in BOS now, and this will eventually become a child primary site for the final primary site location in TX, with additional child primary sites in LA.
  9. I've recently created a report to find Anti-Virus software that is missing from computers on the network. The workflow is as follows: Main Report: (Attached Image 1) Lists 3 collections and their member count - All Devices, Devices WITH anti-virus installed, Devices missing anti-virus Sub-Reports: All Devices with anti-virus installed - which includes net bios name, installed product name, and product version Devices missing anti-virus - Shows the host name of the devices in the collection (Attached Image 2) I was able to link the Collection Name results from the main report to the 'devices missing a/v' report. However, all 3 results from the main report are linked to that one report. Is there a way for me to specify each result to a different report? I would like the devices WITH a/v to go to the other sub report that shows all devices with a/v, and the devices without a/v to go to the devices without a/v report.
  10. My problem ended up being that i was using a .wim file that i got from the build and capture process. I started using the install.wim from the Windows 7 CD and it worked fine afterwards. I suspect something went awry during the capture
  11. I've been building the OSD procedures for our company here and have had decent success getting it to work. I've gotten the ConfigMgr Client to install on several device models, but I've run into a problem with a particular one. I'm not sure why the same client install package, and the same installation account used on multiple machines would not work on this device. Has anyone seen this before? I couldn't find much on the net. Here is the ccmsetup.log errors i am seeing. MSI: Action 11:10:38: CreateFolders. Creating folders ccmsetup 3/25/2016 11:10:38 AM 2332 (0x091C) MSI: Action 11:10:38: CcmDetectFilesInUseRollback. Rolls back files moved by CcmDetectFilesInUse. ccmsetup 3/25/2016 11:10:38 AM 2332 (0x091C) MSI: Action 11:10:38: CcmDetectFilesInUseCommit. Commits action of CcmDetectFileInUse. After this we cannot rollback. ccmsetup 3/25/2016 11:10:38 AM 2332 (0x091C) MSI: Action 11:10:38: InstallFiles. Copying new files ccmsetup 3/25/2016 11:10:38 AM 2332 (0x091C) MSI: Action 11:10:40: RegisterExtensionInfo. Registering extension servers ccmsetup 3/25/2016 11:10:40 AM 2332 (0x091C) MSI: Action 11:10:40: WriteRegistryValues. Writing system registry values ccmsetup 3/25/2016 11:10:40 AM 2332 (0x091C) MSI: Could not write value LastMsgSerialNum to key \SOFTWARE\Microsoft\CCM\StateSystem. Verify that you have sufficient access to that key, or contact your support personnel. ccmsetup 3/25/2016 11:10:40 AM 2332 (0x091C) MSI: Action 11:10:40: Rollback. Rolling back action: ccmsetup 3/25/2016 11:10:40 AM 2332 (0x091C) File C:\WINDOWS\ccmsetup\{181D79D7-1115-4D96-8E9B-5833DF92FBB4}\client.msi installation failed. Error text: ExitCode: 1603 Action: WriteRegistryValues. ErrorMessages: Could not write value LastMsgSerialNum to key \SOFTWARE\Microsoft\CCM\StateSystem. Verify that you have sufficient access to that key, or contact your support personnel. ccmsetup 3/25/2016 11:10:43 AM 2332 (0x091C) Client installation has failed too many times. Ccmsetup will now abort. ccmsetup 3/25/2016 11:10:43 AM 2332 (0x091C) A Fallback Status Point has not been specified. Message with STATEID='313' will not be sent. ccmsetup 3/25/2016 11:10:43 AM 2332 (0x091C) InstallFromManifest failed 0x80070643 ccmsetup 3/25/2016 11:10:43 AM 2332 (0x091C) Deleted file C:\WINDOWS\ccmsetup\ccmsetup.cab.download ccmsetup 3/25/2016 11:10:43 AM 2332 (0x091C) Deleted file C:\WINDOWS\ccmsetup\ccmsetup.xml ccmsetup 3/25/2016 11:10:43 AM 2332 (0x091C) CcmSetup failed with error code 0x80070643 ccmsetup 3/25/2016 11:10:43 AM 2332 (0x091C)
  12. My company is going through an exercise to retire all of the SHA-1 certificates in the environment due to its upcoming EOL date by MSFT. One of the larger pools of devices using a SHA-1 cert are the end user devices, which use a self-signed SHA-1 certificate when using RDP. Most of the info i've found online so far only discuss how to force this cert to use SHA-1 with registry edits, but nothing about SHA-2. Has anyone gone through this exercise yet? If not you may need to soon. Looking for some technical pointers on how to accomplish this. Also, we currently use the self-signed cert that each device generates when connecting. If i force a new certificate from a domain CA, wouldn't I lose the ability to RDP from non-domain computers?
  13. I currently have all classifications selected to sync. What confuses me about the updates being possibly superceeded is that the new updates that replaced them should fix the issue/patch the vulnerability. However, i cannot find any of the updates that replaced the original either. Very strange
  14. I am trying to figure out why my ConfigMgr is not syncing certain microsoft updates when in reality, they should be. My setup is a standalone primary site with all roles installed on a single server. I've checked WSUS on the server and verified that at least one of the updates i am looking for is in fact downloaded. However, when i check in the SCCM console, it never shows up. I've tried the manual import process using the Microsoft Update Catalog, but am never able to publish to the console. I checked to see if the update required manual input. From what i read on another post regarding a similar issue, updates would download into WSUS but not sync with ConfigMgr if that particular update required user input. This is not the case here. I've also checked for the updates that replaced this one, and found none of them. I made sure i am downloading all of the Office updates i may need in my environment. In this case, this update is for Excel 2010. And here it is in WSUS Not sure where to go from here. How do i get this update into ConfigMgr?
  15. This Service Pack tool is exactly what the doctor ordered. Worked perfectly to do what i needed. Thanks!
  • Create New...