Jump to content


Jimm

Established Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by Jimm

  1. Good day, I'm preparing a security audit against our numerous SCCM servers. I am currently using a export from within the console to obtain all of the class security rights for each server. I have the SCCM SDK but am not that strong into vbs to be able to determine how I can go about getting the class security from my servers. If someone could get me started, I can take it from there. Jimm
  2. After looking intot his more, it appears that I have a problem still. My CO1 device has PXE shown form both the central and site levels. I can add and remove it from either as well. The AA1 site is not showing PXE from the central level but will allow me to install it from the site level. If I do this, my distribution point is nto shows ion the central server but rather locally only. Any ideas on what would make these two sites fall out of sync with each other? Like I mentioned earlier, I have a series of sites that will all be built the asme way. if you can provide me with a process to this, I can save a little time and headaches while I get this going. Thanks much for your input, Jimm
  3. So far everything looks good. One issue I have is that I want to install PXE on the new parent servers in my remote locations. I can do this from the remote site if I RDP into the server and open the SCCM console. From the Central Server console, PXE is not available as an option. Why is this? I guess that because this binds with the local DHCP server the action has to occur from the device on the local subnet. It would be nice to have this specified so that I do nto make an error. Earlier I asked about the database settings. Should I leave them as local or use the replicated settings? What is the difference? Jimm
  4. I'm not certain I understand 100%.... This is the console of the RO1 device and site. I have a boundary set for Chicago and it specifies site CO1. I previously also had a boundary where the site for Chicago was set to RO1. Are you saying to remove this Chicago boundary even though it is listed as being on the other site? Jimm
  5. LATEST UPDATE: After adding the COSCCM1 to AD so it can create the System Management objects, everything is workign correctly with one exception. I'll get to that later. All the collections can across and show up as locked in CO1 as they should. I was able to make a new DP on CO1 for a package and it was created correctly. I waited for the system status to settle down and went back into the eents. I see the following as the nly item of concern. Severity Type Site code Date / Time System Component Message ID Description Error Milestone CO1 7/16/2010 12:39:46 PM COSCCM1 SMS_AMT_OPERATION_MANAGER 7204 WinRM out of band service is not enabled. Solutions: Install WinRM out of band service manager and start it in out of band service point site role machine. http://www.windows-noob.com/forums/index.php?/topic/474-how-to-update-sccm-2007-to-sccm-2007-sp1/ The upadte is now on CO1 and I'm waiting to see what happens. Jimm
  6. Additional Updates: What a great tool Google is! I was able to use preinst to manually send the keys and the CO1 site is now in the RO1 console. Things are looking up. Additional Questions: I have each subnet specified as an AD site. My sites are: RO1 - Royal Oak CO1 - Chicago AA1 - Ann Arbor PE1 - Peoria LV1 - Las Vegas KZ1 - Kalamazoo For each sites boundaries, is it correct that I will set CO1 to only discover within the Chicago AD Site? My thought is that this will then propogate up to RO1 as the central site. The other AD sites would be configured in the same manner. While looking in the RO1 boundaries, I see that CO1 is added twice. I added Chicago originally to the RO1 site because this was the only server available. Now that CO1 is online there is a boundary as well for Chicago on the CO1 site. If the plan is to have CO1 manage the Chacago AD site, can I remove the Chacago boundary listed for RO1? On the CO1 side of things, there are boundaries set for Chicago and also for RO. Does the CO1 site need a boundary for RO? I am not certain if this is necessary for communication purposes. Jimm
  7. Update: Whiile looking in the system status alerts, I see one from SMS_DESPOOLER. SMS Despooler received an instruction and package file from site CO1 that contains either software distribution data or inter-site replication data, however the despooler does not have the public key to verify the signature of the package. The instruction cannot be processed and will be retried. Solution: Extend the Active Directory schema to allow sites to publish their public keys into AD, or use the preinst.exe tool to manually replicate the public keys. When SCCM was originally installed on RO1, I did extend AD so this is not the issue. I Googled the topic and performed the manual steps to replicate the keys but this has also not produced a positive outcome. I'm going to try and research this further as I believe this is why the CO1 site is not showing in the RO1 console. Jimm
  8. Let me begin by saying thanks for the assistance. I am looking at the HQ device. In this case I'm calling it the central only to ensure I am describing this correctly. I don't want to mix up the terminology. On the RO site, I had created a standard sender with CO1 as the site and the server name entered. This shows an unknown in the console. Also note that nothing for CO1 is visible in the RO1 console. I seem to be missing something that ties the two together. One thing to mention is that I also had previously set the site database to be replicated. I assumed this was how things would be replicated to the child sites. I'm changing this back to the local site database since it isn't working this way. I verified that I have the SMS_SiteToSiteConnection_CO1 set with the computer object ROSCM1 (Central server device name) and COSCCM1 (Child server name). The same are set on the SMS_SiteToSiteConnection_RO1 side.
  9. Good day, I have SCCM 2007 SP2 R2 running within a VM at our HQ location. The system is on Server 2003 and works fairly well for what I am doing so far. Currently, I deploy applications based off of AD Groups and some are assigned to specific users. I have plans to tie WSUS in there and also have working OSD’s for bare metal builds and also deployment of WIMs. I plan to upgrade to Server 2008 soon to make use of multi-casting technology as 2003 does not support this feature. Our company has 5 external sites that are all connected via lease lines (all have at least 3mb WAN) and are laid out in a typical hub and spoke design. I do not want to deploy OSDs and large applications over the WAN even though BITS does a pretty good job for us. For my “site servers” I want to be able to do everything locally that I can do from the HQ location. I believe I need parent servers and need to attach them to the “central” server as children. I build a device with server 2003, SQL 2005 MSDE and have WAIK, MDT and all the rest installed. I believe everything is working correctly. I went into the server properties and specified that the site server was child to my central. In this case, I’ll call the HQ location RO and the external site CO. CO is a child to RO. After doing this, nothing seems to be happening that tells me it was successful. I’m sure that theres more work needed but I am not having much luck finding tutorials on how to do this. In my plans, I would like to be able to add DP, MP, PXE, OSD, WSUS and so on from one console. How do I attach one site server to another and how do I integrate them into one console? As an experiment, I was in the RO SCCM interface and had it add a secondary site. Eventually, this was installed on the CO device. I wasn’t able to do much with it as I had no idea what was really supposed to be doable. The ultimate goal is that I should be able to see collections from the entire domain and specify that a package be sent to each DP for local delivery to the local clients. I should mention that currently all clients report to the RO server. I am preparing for a hardware refresh and can handle if the clients need to be repaired or redeployed. My timeline is getting tight. I believe we will start deploying new devices within the next two weeks. Any help you can offer is greatly appreciated. Jimm
  10. I had previously read the first article http://blogs.technet...er-2008-r2.aspx and didn't see the answer in there. The second article explains exactly why this happens and the correct solution. Thanks for the assistance. Jimm
  11. I'm in the same boat. I can mofidy the defautl user profile and capture it with capture media. When i deploy the WIM back to the hardware, the custom profile is replaced with the windows default. I used copyprofile=true n unattend.xml during the capture by placing the file in the sysprep folder. Does anyone now how to do this?
  12. Moving on... so I am now trying to B&C a Windows 7 device. The same troube exists with IASTOR.SYS except this time I am puzzled as to what exactly is happening and why. I am using a Dell Vostro 3400 and 3500 as my build devices. The MS Windows 7 Pro media has a good IASTOR.SYS file in it. I assume so at least because I can load the OS and everything is working without having to install additional drivers from Intel or Dell. I send the OS to the laptop and used my driver packages which include the new version of IASTOR. The TS can create and format the drive partitions and install the factory OS. When the devices tries to restart and configure windows before the capture, I get the error that IASTOR is missing or corrupt. I verified the right file is loaded and it is the same version that I got from Dell. I tried working around this and took my MS media and manually installed 7. I updated all the drivers and placed my basic apps in there as well. I wanted to capture a basic OS / primary app load and then deploy it as a way of getting around the B&C TS. I was able to capture the WIM and deploy it. When the device starts, I still get the IASTOR error. I tried updating BIOS to V2 and also tried turning the SATA to IDE mode and also the off mode in hopes to resolve this. Everything has failed. Does anyone have insight as to how this happens and what can be done to correct this? My thought is that if the 7 DVD has the drivers to build a bare metal laptop and works, why is the SCCM TS not working when using the same drivers or updated drivers that also work when installed manually? Very frustrating... Jimm
  13. As luck would have it, I have an application that was being installed via a startup script in GPO. This script reset the registry to allow a logon of the local admin and then used a nested runas to a different account to perform an install. This second account was basically an AD based admin account. So.... I have the basics of the script figured out and can install this application with a published app in SCCM. This only works when someone is logged on as the SCCM account is being used in place of the two admin accounts mentioned previously. I need to add this to a TS so that new builds will have this app also. How can I install this during a build capture? In essence, I need to logon to the device during the build and then install, logoff then capture. Jimm
  14. Good day, I've tried deploying Office 07 Enterprise a few times now and I keep getting the same result. The program begins to install but the initial dialog appears asking which product I wish to install. I used OCT to create my MSP package and it is placed in the Updates folder. I still see this dialog. I tried using the config.xml file as well to cache the install then a TS to execute the install from the local media. This also produced the same dialog. Any ideas as to what I am doign wrong? If I simply select Enterprise from this first dialog, the install continues and works fine. Jimm
  15. Jimm

    Deploy Windows 7

    Good day, The guide really simplified everything required to get SCCM up and running and able to capture & deploy Win 7. I had a few issues with SATA controller drivers but got that all ironed out. One issue that I have no clue what to do with is this. In my TS, I have the line where I specify the license key info. I have a volume key from MS. If I enter this into the TS, it fails every time. Also, I noticed that the only way for me to get past this is to leave the key blank and specify do not activate. I have an ISA device and PIX in place here. I am assuming that since this device is not on the domain, it cannot get logged into the ISA device and thus cannot get to the activation services on the net. I have a build / capture image saved from when I left the license key out of the TS. Can I somehow inject the key back into the image in a new TS? Also, I now have this device on the domain and it is activated. Can I instead capture this image as is and use this as my base for new metal builds? I'm certain all are possible, I guess I am erally asking which way is the best practice? Jimm
  16. In case anyone else goes through this. Seems like Intel have updated the iaAHCI.inf and iaStor.inf files for both the x86 and x64 drivers. Downloaded Intel Matrix Storage Manager (version 8.9.0.1023) http://downloadcenter.intel.com/Product_Filter.aspx?ProductID=2101 Extracted the file IATA89ENU.exe to a temp folder IATA89ENU.exe -a -p c:\temp x86 drivers end up in C:\temp\winall\Driver x64 drivers end up in C:\temp\winall\Driver64 I removed the previous Intel storage drivers I had. I then imported drivers using the path C:\temp\winall64 and checked "Import drivers even if they are duplicates of and existing driver". This gave me 2 iaAHCI and 2 iaStor drivers. Both correctly detected as x86 and x64. I can now PXE load my pre-OS for capturing in SCCM Jimm
  17. I have a Dell OptiPlex 755 as my test device. When I try to use the PXE boot image, I get an error that iastor.sys is not correct or missing. I now this to be a Dell issue. When I try to add the driver tot he image, I get an error that states to refer to the logs. What log do I need and where do I find it OR how can I force this driver into the PXE image? Jimm
  18. Still having the same problems. I keep gettings these errors despite remove / re-add the services, restart etc. Any ideas how to actually verify the ISAPI user settings as mentioned int he article?
  19. In my case, I see both objects and was able to delete the obsolete objects. Is there a way that this can be done through some sort of scheduled purge within the container? I am also having a similar issue with discovery. My AD discovery gets the device names from a ghost image that is still is use. The PCs join the domain as computer1234. After we place the PC, we rename to the userlast and a dept code. The objects in AD get renamed but the discovery shows errors as it can no longer conenct to device... Jimm
  20. Please explain why you mention only needing the SysPrep.inf file. Within deploy.cab there is not a sample INF for use as a template but still; my main question is the reference to the INF if it does not exist. What happens if in my package, I do not have an INF?
  21. I thought a few screen shots would better illustrate what I am seeing as I am trying to deploy Office 2007 to an XP SP3 test device. This test device is in it's own collection through a filter that feeds from the All Systems. In the console, I see two critical states. One for Management Point and another for State Migration Point. Sometimes, there is a third but as of right now this is all that is showing. As you can see, the components show a critical error. Both errors basically state the same cause: RO1 10/22/2009 3:00:19 PM ROSCM1 SMS_MP_CONTROL_MANAGER 5436 MP Control Manager detected management point is not responding to HTTP requests. The HTTP status code and text is 403, Forbidden. Possible cause: Management point encountered an error when connecting to SQL Server. Solution: Verify that the SQL server is properly configured to allow Management Point access. Verify that management point computer account or the Management Point Database Connection Account is a member of SMS Management Point Role (msdbrole_MP) in the SQL Server database. I opened the SQL Mgmt and see my device ROSCM1 listed with this role when I look at the SMS_RO1\Security\Users\Roles. Possible cause: The SQL Server Service Principal Names (SPNs) are not registered correctly in Active Directory Solution: Ensure SQL server SPNs are correctly registered. Review Q829868. I'm thinking if SPNs were missing, I would not have been able to deploy anything. Not applicable to my situation as I have done OS build, capture and software deploys. Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which SMS is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which SMS is configured to use. Not sure how this applies. I only have SCCM unless there are SMS components included in the installation. My site uses 80 and 443 as my WSUS is using 8530 and 8531. Not thinking this is the issue. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. Looked while I verified the ports. Not the problem. Possible cause: The SMS ISAPI Application Identity does not have the requisite logon privileges. Solution: Verify that the account that the SMS ISAPI is configured to run under has not been denied batch logon rights through group policy. Verify the who have what? I looked in AD for anything that began SMS and there is only one called SMSMSE Viewers. Maybe this is it, but I haven't a clue what this is or does. For more information, refer to Microsoft Knowledge Base article 838891.
  22. SMP Control Manager detected SMP is not responding to HTTP requests. The http status code and text is 403, Forbidden. I keep getting these entries in the logs but most things I have done seem to work. Let me reword that statement. Most things are working that I am trying as I review the topics on this site. When things begin to fail, I look in Component Status for Site Component Manager / MP Control manager / State Migration Point and keep seeing the same components with the same errors. I tried setting up WebDAV accoring to the article but there is an issue. I am on Server 03 and do not have Server Manager available. I used IIS Manager and saw WebDAV and there is really nothing to configure that I can tell. I will be able to deploy a software package, maybe some update etc, then suddenly, nothing will deploy any longer. After I clear the errors by restarting the server, things go back to normal. How can I correct this permenantly? Jimm
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.