Jump to content


anyweb

How can I configure client settings and install the ConfigMgr client agent in System Center Configuration Manager Current Branch

Recommended Posts

Introduction

At the start of this series of step by step guides you installed System Center Configuration Manager (Current Branch), then you configured discovery methods. Next you configured boundaries to get an understanding of how automatic site assignment and content location works. After that you learned how to update ConfigMgr with new features and fixes using a new ability called Updates and Servicing and you learned how to configure ConfigMgr to use Updates and Servicing in one of these two modes:

To prepare your environment for Windows 10 servicing (coming in a later guide) you learned how to setup Software Updates using an automated method (via a PowerShell script) or manually using the ConfigMgr console. In this post you'll use a PowerShell script to prepare some device collections, then you'll configure client settings for your enterprise and finally you'll deploy the ConfigMgr client agent using the software updates method which is the least intensive method of deploying the Configuration Manager client agent.

 

Step 1. Create collections using PowerShell

Note: Perform this step using an account with full administrative permissions on the ConfigMgr server.

 

Collections are used to group together users or devices into one place in ConfigMgr. Collections can either be a user based or device based but not both. After installing a brand new ConfigMgr infrastructure by default there are a few device collections as shown below.

 

device collections.png

 

Those collections are useful but it's a good idea to create collections that separate servers from workstations and to create collections used for Operating System Deployment (OSD) and Software Update Management (SUM). This script will create a simple structure for you that is easy to implement.

 

Note: This script does not add any membership queries for the Software Update Management (SUM) collections, you can decide yourself how to populate them. For example you could create Active Directory Security Groups in AD and query for them, and later add computers to those security groups in order to populate the collections. Any ADSG that you create will in turn need to be discovered by your discovery methods in order for ConfigMgr to discover resources.

 

To create some device collections using PowerShell, download the CreateDeviceCollections.ps1 contained in a zip file in the Downloads section at the bottom of this guide and extract it to C:\Temp. On CM01, start Windows PowerShell ISE as Administrator and open the CreateDeviceCollections.ps1 script. Edit any variables in the script to match your environment before proceeding (for example if you want to rename the collections or define what drive ConfigMgr is on). The variables are found lines 74-83 as shown below.

 

define variables used in this script.png

 

Save any changes, then run the script by pressing F5 or clicking on the Green arrow. Below you can see the script has completed.

 

script has run.png

 

and the new device collections are present in the ConfigMgr console (in Assets and Compliance, Device Collections).

 

New collections listed in ConfigMgr.png

 

Step 2. Add site roles required for user based apps

 

System Center Configuration Manager (Current Branch) comes with a lot of new features including a new Software Center which is capable of showing user as well as device targeted applications. However in order to show user apps in the new software center you need the back-end infrastructure to be in place and that means you need to install the following site roles:

  • Application catalog web service point
  • Application catalog website point

To install the roles do as follows. In the ConfigMgr console expand Administration and click on Servers and Site System Roles and right click on the Primary Site Server (P01), choose Add Site System Roles. When the add site system roles wizard appears click next and select both the above roles and click next.

 

app catalog roles.png

 

In the specify settings for the application catalog web service point, stay with the defaults (these are what will be displayed in IIS Manager)

 

specify settings for the application catalog web service point.png

 

and next specify settings for configuring IIS for this application catalog website point, these are the settings that control the URL your users will see, so you might want to configure it to something useful or just leave it as default as I have here:

 

specify settings to configure IIS for this application catalog website point.png

 

You can customize the Application Catalog somewhat (although there's a bug open on Microsoft connect currently about the theme color) to a certain degree, enter your Organization name and choose a corresponding Website theme.

 

windows noob blue theme.png

 

and continue through that wizard until it is completed

 

add site system roles wizard complete.png

 

To confirm that the web service point role installed successfully review the awebsvcMSI.log file stored in <Configuration Manager Installation Path>\Logs\ and look for the following line - Product: Application Web Service -- Installation operation completed successfully.

 

awebsvcmsi log.png

 

Step 3. Configure custom client device settings

Note: Perform this step using an account with full administrative permissions on the ConfigMgr server.

 

The default client settings apply to all devices in your enterprise. To target a smaller sub-set you can use custom client device settings to target devices within a collection. These settings will apply to all systems within the collection that they are deployed to on that site. You can configure multiple custom client device settings and target them to different collections to control how devices behave in your hierarchy. For a detailed explanation of what each setting does see the following page on Technet: https://technet.microsoft.com/en-us/library/gg682067.aspx

Note: Custom client settings always take priority over default client settings. For information about Planning for client settings please see this link on Technet. If you want to configure settings that apply to all sites in your hierarchy create custom client agent settings on the CAS server.

In the Administration workspace, right-click on Client Settings in Site Configuration and choose Create Custom Client Device Settings.

 

create custom client device settings.png

 

Give the custom device settings a descriptive name which reveals what they are and the intended target, such as Client Device settings for All Workstations

 

custom client device settings for workstations.png

 

select the following custom settings from the list (you can add/configure more later)

  • Client Policy
  • Computer Agent
  • Software Updates

In the left pane, click on the first of the three selected above, Client Policy. This controls how often your ConfigMgr clients poll the management point looking for policy. Policy can be thought of as a list of instructions telling a client what to do (such as install an application or check for Windows update availability). The default of 60 minutes is fine for most production environments so let's leave it alone.

 

Note: Lowering the client policy polling interval (minutes) value to something like 5, will mean you can test things much faster in a lab. That setting however, would not be suitable in a production environment due to the increased network traffic and server load.

 

Client Policy.png

 

Next, select Computer Agent in the left pane and configure the default application catalog website by clicking on Set Website. Using the drop down menu select the URL you want to use.

 

select application catalog website point.png

 

Next, add your organization name to the organization name displayed in Software Center field and then configure how the Software Center appears to your end users. You have two choices, the old default software center or the new one. Select Yes which will give you the ability to target User and Device applications using one UI, the Software Center.

 

use new software center.png

 

Note: Previously you had to use the application catalog for applications deployed to the user and the software center to show applications targeted to the device. The new software center can now show user based applications however it cannot do application approvals or allow the user to set their primary device.

 

And finally set the Disable deadline randomization value to no.

 

disable deadline randomization.png

 

Note: This setting determines whether the client uses an activation delay of up to two hours to install required software updates when the deadline is reached. By default, the activation delay is disabled. Setting this value to no will mean that updates are not installed at the same time thus saving a distribution point from undesired behavior (slowing to a crawl).

 

For Software Updates set "When any software update deadline is reached, install all other software update deployments with deadline coming within a specified period of time" to Yes to speed up software update installation, reduce system restarts and increase security. For more info see this page on Technet.

 

when any software update is.png

 

Now that you've configured the client settings, you need to deploy them to a collection containing computers you want to target with these settings. To deploy the client settings, right click and choose Deploy.

 

Deploy client settings.png

 

when prompted to select a collection, choose the previously created All Workstations collection.

 

All Workstations.png

 

Click OK when done.

 

Step 4. Configure client installation properties

Note: Perform this step using an account with full administrative permissions on the ConfigMgr server.

 

You can configure client.msi installation properties to specify certain preferences as these properties are published to Active Directory Domain Services and used during the client installation process.

 

Note: When you extend the Active Directory schema for System Center 2012 Configuration Manager and the site is published to Active Directory Domain Services, many client installation properties are published to Active Directory Domain Services. If a computer can locate these client installation properties, it can use them during Configuration Manager client deployment. [source: Technet]

 

To configure client.msi installation properties, in the ConfigMgr console select Administration and choose Site Configuration, Sites then right click on the primary server and choose Client Installation Settings, then Client Push Installation and finally click on the Client Installation Properties tab. Enter some installation properties such as those added below to increase the cache size to 20gb and the log file size to 10mb.

SMSCACHESIZE=20480 CCMLOGMAXHISTORY=3 CCMLOGMAXSIZE=10485760

client msi installation settings.png

 

Step 5. Configure a GPO

Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

 

To distribute the Configuration Manager client agent as a software update requires a GPO in place. Start the Group Policy Management tool (GPMC.MSC) and create a new GPO.

 

create a gpo.png

 

Note: In the preceding screenshot I link the GPO to the domain GPO however you should consider creating an OU specifically for computers you want to target and apply this GPO only to that OU.

 

Give the GPO a name such as Install the Configuration Manager client agent.

 

gpo name.png

 

When done, right click on the GPO and choose Edit. Select and expand Computer Configuration, select Policies then expand Administrative Templates, expand Windows Components, and then scroll down to Windows Update. Next select Specify intranet Microsoft update service location, and set it to Enabled, and enter the fully qualified domain name (FQDN) and port of your ConfigMgr primary server Software Update Point as per the screenshot below:

 

specify intranet Microsoft update service location.png

 

Click Apply and click OK.

 

Step 6. Enable Software Update based client installation

Note: Perform this step using an account with full administrative permissions on the ConfigMgr server.

 

In order for on-premise devices to be managed by ConfigMgr they need the ConfigMgr client agent installed. There are several ways to install the client as listed below, each method has its' advantages and disadvantages, take a look at this post on Technet for a summary.

  • Client push installation
  • Software update point-based installation
  • Group Policy installation
  • Logon script installation
  • Manual Installation

In this step you will use the Software update point based installation method which is listed as a Best Practise method of deploying the client. Navigate to the Administration workspace, select Site Configuration, Sites, and select the P01 site, right click and choose Client Installation Settings and then Software Update based client installation

 

Software Update based client installation.png

 

and now comes the really hard part, place a check mark in the Enable software update based client installation box. Done.

 

enable software update based client installation.png

 

Click Apply and then OK.

 

Step 7. Monitor client installation

On a computer that is joined to the domain check windowsupdate.log to see what is happening, if that computer happens to run Windows 10 then you'll need to use the following PowerShell cmdlet to generate a readable windowsupdate.log file.

Get-WindowsUpdateLog

If prompted to accept Microsoft Internet Symbol Store answer Yes

 

windows 10 get-windowsupdatelog.png

 

and after a while it's done processing the ETL files and creates your logfile on the Desktop (if you have administrative permssions on that computer, otherwise it's copied to the Administrators desktop).

 

Using CMTrace, open the WindowsUpdate.log file and review it, below you can see the ConfigMgr client is referenced in the WindowsUpdate.log

 

configuration manager client.png

 

Once the update becomes available it will install

 

configmgr client update available.png

 

Once the client is installed and has retrieved it's policy you can review the new Software Center, cool huh !

 

new software center.png

 

and check out the ConfigMgr client cache size which we set in Step 4 above

 

client cache size.png

 

and the MSI properties are revealed in the CCMSetup.log file

 

ccmsetup switches.png

 

Job done !

 

Summary

In this guide you created device collections using PowerShell and learned about configuring custom device client settings and deploying them to a collection called All Workstations. You then deployed the ConfigMgr client agent using Software Updates.

 

Related Reading

Downloads

You can download a Microsoft Word copy of this guide here dated 2016/1/26 how to configure client settings and the client agent.zip

 

You can download the PowerShell script used above here CreateDeviceCollections.zip

Share this post


Link to post
Share on other sites

Hi anyweb,

 

I get the following error if I run the script. I did edit the script. Any Idea?

 

Starting script...
Import-Module : The specified module 'C:Program Files (x86)\Microsoft Configuration
Manager\AdminConsole\bin\ConfigurationManager.psd1' was not loaded because no valid module file was found in any
module directory.
At C:\Temp\CreateDeviceCollections.ps1:89 char:1
+ Import-Module $CMDrive'Program Files (x86)\Microsoft Configuration Manager\Admin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (C:Program Files...ionManager.psd1:String) [import-Module], FileNot
FoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand

Get-PSDrive : Cannot find a provider with the name 'CMSite'.
At C:\Temp\CreateDeviceCollections.ps1:90 char:11
+ $SiteCode=Get-PSDrive -PSProvider CMSite
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (System.String[]:String[]) [Get-PSDrive], ProviderNotFoundException
+ FullyQualifiedErrorId : GetLocationNoMatchingDrive,Microsoft.PowerShell.Commands.GetPSDriveCommand

Connecting to cd : Cannot find path 'C:\Temp\:' because it does not exist.
At C:\Temp\CreateDeviceCollections.ps1:93 char:1
+ cd "$($SiteCode):"
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Temp\::String) [set-Location], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetLocationCommand

Share this post


Link to post
Share on other sites

The specified module 'C:Program Files (x86)\Microsoft Configuration

Manager\AdminConsole\bin\ConfigurationManager.psd1' was not loaded because no valid module file was found in any

module directory.

 

well that's your error it can't find the powershell plugin (ConfigurationManager.psd1), so where is ConfigMgr installed on this computer ?

Share this post


Link to post
Share on other sites

This might help (hardly any of my clients have SCCM installed in a common location)...

function Get-CmAdminConsolePath {
    $result = Get-ItemProperty "HKLM:SOFTWARE\Microsoft\SMS\Setup" | 
        Select-Object -ExpandProperty "UI Installation Directory"
    $cpath = "$result\bin\ConfigurationManager.psd1"
    if (Test-Path $cpath) {
        $cpath
    }
}
  • Like 1

Share this post


Link to post
Share on other sites

First of all thanks for these great guides

 

 

I'm hoping you might be able to point me in the right direction

we have 2 locations I have setup our largest location following your guide and have setup our second location as a second site

I have setup 2 boundary groups one for each location based on the IP address range 10.10.8.0/23 for the primary site and 10.10.11.0/24 for the secondary location

 

now I'm having issues with installing the SCCM Client on the second site (the primary site installs fine) its throwing out the following errors

 

==========[ ccmsetup started in process 1564 ]========== ccmsetup 03/10/2016 10:08:39 4928 (0x1340)
Updated security on object C:\Windows\ccmsetup\cache\. ccmsetup 03/10/2016 10:08:39 4928 (0x1340)
Launch from folder C:\Windows\SoftwareDistribution\Download\Install\ ccmsetup 03/10/2016 10:08:39 4928 (0x1340)
CcmSetup version: 5.0.8412.1004 ccmsetup 03/10/2016 10:08:39 4928 (0x1340)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 03/10/2016 10:08:39 4928 (0x1340)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 03/10/2016 10:08:39 4928 (0x1340)
[ComputerName] Running on 'Microsoft Windows 10 Pro' (10.0.10586). Service Pack (0.0). SuiteMask = 272. Product Type = 18 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Ccmsetup command line: "C:\Windows\SoftwareDistribution\Download\Install\ccmsetup.exe" ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Local Machine is joined to an AD domain ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Current AD forest name is mec.local, domain name is mec.local ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Domain joined client is in Intranet ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
DhcpGetOriginalSubnetMask entry point is supported. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Begin checking Alternate Network Configuration ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Finished checking Alternate Network Configuration ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Adapter {67BC8539-9567-42CA-BE90-4D95106E3D50} is DHCP enabled. Checking quarantine status. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Adapter {5444EDDF-2E2D-4229-BA34-6DEA768F50AE} is DHCP enabled. Checking quarantine status. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Current AD site of machine is MM ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Attempting to query AD for assigned site code ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Performing AD query: '(&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=168430395)(MSSMSRangedIPHigh>=168430395))))' ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Performing AD query: '(&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.10.11.0)(mSSMSRoamingBoundaries=MM)))' ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Failed to get assigned site from AD. Error 0x80004005 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
GetADInstallParams failed with 0x80004005 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
SslState value: 224 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Ccmsetup was run without any user parameters specified. Running without registering ccmsetup as a service. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
No sitecode is specified or detected. Assume AUTO sitecode. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
CCMHTTPPORT: 80 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
CCMHTTPSPORT: 443 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
CCMHTTPSSTATE: 224 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
CCMHTTPSCERTNAME: ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
FSP: ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
CCMFIRSTCERT: 1 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
No MP or source location has been explicitly specified. Trying to discover a valid content location... ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Looking for MPs from AD... ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Current AD forest name is mec.local, domain name is mec.local ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Domain joined client is in Intranet ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
DHCP entry points already initialized. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Begin checking Alternate Network Configuration ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Finished checking Alternate Network Configuration ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Adapter {67BC8539-9567-42CA-BE90-4D95106E3D50} is DHCP enabled. Checking quarantine status. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Adapter {5444EDDF-2E2D-4229-BA34-6DEA768F50AE} is DHCP enabled. Checking quarantine status. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Current AD forest name is mec.local, domain name is mec.local ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Domain joined client is in Intranet ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Current AD site of machine is MM ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Attempting to query AD for assigned site code ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Performing AD query: '(&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=168430395)(MSSMSRangedIPHigh>=168430395))))' ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Performing AD query: '(&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.10.11.0)(mSSMSRoamingBoundaries=MM)))' ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Failed to get assigned site from AD. Error 0x80004005 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
GetADInstallParams failed with 0x80004005 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Couldn't find an MP source through AD. Error 0x80004005 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Current directory 'C:\Windows\SoftwareDistribution\Download\Install' is not a valid source location. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
No valid source or MP locations ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Failed to get client version for sending state messages. Error 0x8004100e ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Params to send '5.0.8412.1004 Deployment "C:\Windows\SoftwareDistribution\Download\Install\ccmsetup.exe" ' ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
A Fallback Status Point has not been specified and no client was installed. Message with STATEID='322' will not be sent. ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Failed to send status 322. Error (87D00215) ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Failed to connect to policy namespace. Error 0x8004100e ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Failed to revoke client upgrade local policy. Error 0x8004100e ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
CcmSetup failed with error code 0x80004005 ccmsetup 03/10/2016 10:08:40 4928 (0x1340)
Googling, points me to a site boundary issue but I don't see any issues with my site boundaries
maybe you can point me in the right direction
Thanks in advance
Edited by Taftse

Share this post


Link to post
Share on other sites

well that's your error it can't find the powershell plugin (ConfigurationManager.psd1), so where is ConfigMgr installed on this computer ?

 

I installed SCCM 1511 in the default folder "c:\Program Files", update to 1606 and 1606 UR 1.

 

The AdminConsole was installed in "c:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\".

 

So, the file CreateDeviceCollections.ps1 you attached should be changed the line 89 to following.

 

Import-Module $CMDrive'\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'

 

I attached the fixed file.

 

Hope it could help someone.

CreateDeviceCollections.zip

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.