Wednesday, 1 October 2014

SCCM Client installation Troubleshooting steps Check list

Seen Lot of questions/help in many forums on the SCCM client issues like client is not reported in SCCM console ,site code unsuccessful, Client is installed but Console shows NO and other problems.
Thought of preparing  basic check list that will help configmgr guys to start troubleshooting the issue and fix the problem.
Here is the check list which i have prepared to follow in brief when you do perform client installation using your method .
There are a various types of Client deployment methods that are available to you when installing the client. Each has its advantages and disadvantages along with the need to meet specific business requirements.
If you choose to go SCCM client push installation method, Ensure you have created Client push installation account which should have Admin rights on the target computer else it may fail .Client push installation Step by Step Guide is here http://technet.microsoft.com/en-us/library/bb632380.aspx and if you need how to configure it with screen shots ,step by step ,follow Windows-Noob
Once you initiated the Client push installation from SCCM console( right click on computer,select install client etc ), immediatly , you can start monitoring CCM.log from your <SCCM installation folder:>\Logs. For more info on , how SCCM client push installation works,please refer this article for process and troubleshooting .
The procedure is same what ever the installation method you choose.The CCMSETUP.EXE will be downloaded to the system (c:\windows\ccmsetup\logs) and is executed. The ccmsetup.exe reads the manifest file (and also mobileclient.tcf) and fetches the remaining files(prerequisites files listed below ) that are required for the installation.
Some of the components that are used in the client deployment process includes the following:
CCMSetup.exe: Used to Install, uninstall and upgrade the SCCM 2007 client using client push installation or manual installation. It is low bandwidth aware and is the single way to launch client deployment. You also do not need to use CCMClean to uninstall the client as the uninstall switch can be used instead.
BITS: BITS 2.0 is required for Windows 2000 clients. BITS 2.5 is used for most of the Windows operating systems with the exception of Windows Vista which uses BITS 3.0.
Note: When installing BITS 2.0 on Windows 2000 SP4 machines, a restart is required. This means that if you do not have BITS 2.0, then ccmsetup will stop the install and wait until the next process of reboot before it starts the next process.
Microsoft Windows Installer v3.1 v2 (KB 893803): Update to all operating systems except Windows Server 2003 SP1 and later
• Windows Update Agent (WUA) version 7.0.6000.363: Used on clients to support detection of applicable updates and deployment
MSXML6.msi - Windows installer script for installing the Core XML Services
MSRDC (Remote Differential Compression): Required for branch DP to support binary differential replication. For more information on binary differential replication, please visit http://technet.microsoft.com/en-us/library/bb693953.aspx .
Regarding windows 2000 clients, they don't support MSRDC, so Windows 2000 clients cannot be branch DP’s. Windows XP and later will install this utility and the associated windows server code will be used to install the bits.
Wimgapi.msi: Imaging API for custom tools for image management
CCMSetup.msi: Windows installer package for deploying of the SCCM 2007 client using AD GPO. You cannot run CCMSetup.msi to install clients manually.
You can monitor CCMSETUP.LOG ,CLIENTMSI.LOG from your ccmsetup\logs folder. It will take few min depends on your network to download and execute the files to complete the installation .Once you see, client installation succeeded with exit code 0 from ccmsetup.log,You may confirm that,installation is done but it doesn't mean,client is healthy and able to receive policies /send information to Management Point.We will soon check couple of logs to confirm the client is functioning as expected.
Below are the SMS Related services which should (applicability depends on the client perform actions let say BITS is not used when you run the Application from DP) be running on the Client to be healthy all the time.
  1. Automatic Updates
  2. Background intelligence Transfer service
  3. Remote Registry
  4. SMS agent Host
  5. Terminal Services
  6. Windows Installer
  7. Windows Management Instrumentation
To know if the client is healthy and able to send /receive policies /able to talk to Management point or not ,there are few Log files which you should look into:
CCMSETUP.LOG----->Logs the Client installation activities
ClientIDManagerStartup.log-->Records the creation and maintenance of client GUIDS and also the registration status of the client computer. you should look at this log if the client registration is completed or not before it reports to console.
ClientLocation.log----> Records site assignment tasks. Can help to troubleshoot scenarios where the client is not assigned to a Configuration Manager site.
LocationServices.log---> Records attempts to find management points and distribution points.Can help to troubleshoot scenarios where the client cannot find a management point or distribution point.
After reading above logs,you should see that,client is able to registered and able to talk to Management point.
You can now open the configuration manager Applet from control Panel and go to actions tab,check if you are able to if you are able to see more than 5 actions(total around 11)  displaying or not which means that client is healthy and is ready/sent its inventory information to SCCM site server. You should be able to see the Client with SCCM client Installed and assigned Yes
agents thumb SCCM Client installation Troubleshooting steps Check list
more information about SCCM client log files,please refer TechNet
Now its time to do the actual troubleshooting why client is not getting the above policy agents or not reported to SCCM console with Client YES and Installed YES


1.Check the Firewall Enabled or Disabled if enabled,allow the ports to talk to site server.Guide to add Ports to the firewall to allow the required files or policies to download.
2.Check Boundaries (could be (AD site or IP Range or IP Subnet) of the Agent are specified in the site server
3.Schema extension and ensure attributes published into AD system management container (you can see component status if there are any errors while updating the system Management container with attributes)
4.Check the if there no DNS issue in the client and that client is able to resolve the SCCM server NetBIOS as well as FQDN without any issues.
5. Check if the Client is able to talk to Management Point or not using the following Links.
http://<SCCM_SERVER/SMS_MP/.sms_aut?mplist ----should give you list of management points.
http://<SCCM_SERVER/SMS_MP/.sms_aut?mpcert------should give you some random numbers
6.Check if WMI is working or not ,if not try repairing the WMI by stopping WMI service and renaming repository folder (C:\Windows\System32\wbem) and start the service.
If the above test fails make sure that MP is working fine. You can check mpcontrol.log on the site server to find if MP is working or not .
The above check list what is given should help you to start troubleshooting the client.
If you have any questions /feedback on the check list ,you can always leave a reply via comments section.

SCCM Configmgr How to remove SCCM Client manually without ccmsetup.exe

The easiest possible way to remove the sccm client is to run the command line ccmsetup.exe /uninstall from windows\ccmsetup folder.
But what if ccmsetup.exe do not exists on some of the client machines and you would require to remove the client on them ? and if ccmsetup.exe does not work for you to remove the sccm client successfully ?
Mike Griswold did a post on this how to do manual executions to remove sccm client without using ccmsetup.exe on the way at his customer place.
So You can perform below steps to manually clean-up all the traces of the client.
1. SMS Agent Host Service

2. CCMSetup service (if present)

3. \windows\ccm directory

4. \windows\ccmsetup directory

5. \windows\ccmcache directory

6. \windows\smscfg.ini

7. \windows\sms*.mif (if present)

8. HKLM\software\Microsoft\ccm registry keys

9. HKLM\software\Microsoft\CCMSETUP registry keys

10. HKLM\software\Microsoft\SMS registry keys
Full Post http://blogs.technet.com/b/michaelgriswold/archive/2013/01/02/manual-removal-of-the-sccm-client.aspx

Tuesday, 23 September 2014

How to manually check MS-Security patches status on Clients machine


ConfigMgr is not collecting the list of Software Updates (patches) for Window 7/Vista/ 2008/ 2008 Core operating systems. Because, on these operating systems this information is stored in “Win32_QuickFixEngineering”  WMI class (it’s not anymore listed in Add Remove Programs) and the inventory of this class is NOT enabled in SMS_DEF.MOF (by default). Hence ConfigMgr. report won’t be able to provide these details unless and until you’ve enabled the appropriate WMI class in SMS_DEF.MOF.
Whereas, in Windows XP, Windows 2003 etc. operating systems, the list of Software Updates (patches) are stored in Add Remove Programs and the WMI class for Add Remove program is enabled by default in SMS_DEF.MOF. Hence you will get these details from ConfigMgr reports for Windows XP, Windows 2003 etc. systems.
It’s not recommended to enable “Win32_QuickFixEngineering” WMI class. Refer the warning given in the SMS_DEF.MOF file below.
“DO NOT: Enable the Win32_QuickFixEngineering class unless you have installed the QFE for Q279225.  Enabling this class without the QFE will result in inventory cycles taking a very long time to complete on the client and the WINMGMT service using 99% to 100% CPU time and leaking memory.”
The easiest way to get details from a single system is given below.
One liner command to list down the patch details of a machine (applicable only for Window 7/Vista/ 2008/ 2008 Core operating systems).
Wmic qfe list >c:\list.txt
This will provide you the list of Software Update (patches) applied on a system along with Caption, CSName (Hostname of the system – computer name), Description (category of the software update – Update, Hotfix, Security Update etc…), HotFixID, InstalledBy, InstalledOn (Date of Installation)

Install SCCM 2007 on Windows Server 2008 R2 - Step by Step

Problem

I had to work out how to do this for a client, and as is my modus operandi, I'll try and save you some of the pain I endured,
Products Used
System Center Configuration Manager 2007 SP2
Windows Server 2008 R2
SQL 2008 R2 (At time of writing neither officially supported or not supported on SCCM)
Note: I was originally going to use SQL 2005 - hence the reason the SQL servers name is SCCM-SQL2005, however I bit the bullet and used SQL 2008 R2 instead.

Solution

Step 1: SCCM Domain pre install work.

1. Create two groups in Active Directory.
a. sccm administrator group SCCM-ADMIN
b. sql administrator group SQL-ADMIN
2. Add both groups to the Domain Admin's group.
3. Create two new users: sccmadmin and sqladmin.
4. Add sccmadmin to SCCM-ADMIN group and add sqladmin to SQL-ADMIN group.

Step 2: SCCM Pre requisites

1. Add the IIS (Web Server Role).
2. Add the following IIS Role Services:
a. HTTP redirection.
b. ASP.Net
c. Windows Authentication.
d. IIS6 Metabase compatibility.
e. IIS6 WMI compatibility.
3. Add the following "server Features":
a. Background Intelligent Transfer Service.
b. Remote Differential Compression.
4. If you are NOT running Windows Server 2008 R2 Download and install WebDav (already included in Windows Server 2008 R2). If you are running R2 skip to the next step.

5. Server Manager > Roles > Web Server (IIS) > Add Role Services > WebDAV Publishing > Next > Close.
6. To enable WebDav > Start > Administrative Tools > Internet Information Services (IIS) Manager > Expand {server name} > Sites > Default Web Site > WebDav Authoring Rules.
7. Select Enable WebDav (On the right hand side).
8. Select add authoring Rule > All Content > All Users > Permissions > Read > OK.
9. Select the rule you have just created > WebDav Settings.
10. Change "Allow Anonymous Properties Queries" to True > Change "Allow Custom Properties" to False > Change "Allow Property Query with Infinite Depth" to True > Change "Allow hidden files to be listed" to True > Apply.
11. WSUS needs to installed on the SCCM server - Note Server 2008 R2 needs (WSUS Server Update Services 3.0 SP2). If you try and install SP 1 you will see this error.

12. From the WSUS installation choose "Full server installation" > DO NOT accept the default "Use the existing IIS Default Web site" > Use ""Create a Windows Server Update Services 3.0 SP2 Web site" (Note: this will use port TCP 8530 by default).

Step 3: SCCM Install SQL Server.

1. From the SQL install media run setup.exe > Installation > "New Installation or add features to an existing Installation" > OK.
2. Enter product Key if applicable > Next > "I accept..." > Next > Install > Next > Next.
3. Tick Database Engine Services > Tick Management Tools (Basic and Complete) > Next.
4. Next > Accept the defaults > Next > Next.
5. On the Server configuration Page > Select "Use the same account for all SQL Server services > Select the User you created originally (sqladmin) > Set the SQL Server Agent and SQL Server Database Engine Startup type to "Automatic" > Next.
6. Accept "Windows Authentication" > Add in your SCCM-ADMIN group and SQL-ADMIN group > Next > Next > Next > Install.
7. When it's completed click close.
Step 4: Prepare Active Directory for SCCM
1. Extend the schema > From the install media > SMSSETUP > BIN > 1386 > extadsch.exe
2. Check the above was successful by opening the c:\extADsch.txt file it should say ""successfully extended the Active Directory Schema".
3. We now need to create some active directory objects go to a domain controller > Start > Administrative tools > ADSI Edit > Action > connect to > leave everything on its defaults > OK.
4. Expand the Default naming context > Expand your domain name > Right click "system" > New > Object > Container > Next.
5. Call it "System Management" > Next > Finish > Close ADSI Edit.
6. Still on the domain controller > Start > dsa.msc {enter} > View > Advanced.
7. Expand "system" > Locate the container you created "System Management" > right click it and select properties > Security Tab > Add > Object Types > Tick Computers > OK.
8. Click Advanced > Find Now > Locate and add the SCCM-ADMIN group you created earlier > Also add the SCCM Server itself > OK.
9. Grant allow "Full Control" to both the SCCM admin group and the SCCMserver.
10. Now click advanced > Select the SCCM-ADMIN group > Edit.
11. Change the "Apply to" section from "This object only" to "This object and all descendant objects" > OK > Apply > OK.
12. Repeat the above for the SCCM-Server object.
Step 5: Install SCCM
1. Log on as the sccadmin user.

2. From within the SCCM setup media run splash.hta > Run the Pre requisite checker > Enter the SQL Server name > SCCM server name and the FQDN of the SCCM server > OK.
3. Note If you cannot talk to the SQL server then check that the Windows firewall is not blocking you (on the SQL server Start > run > firewall.cpl > Turn it off).
4. All being well it should say "All required pre requisite tests have completed successfully" > OK.
5. Re-run Splash.hta > This time choose > Install configuration Manager 2007 SP2 > Next > "Install Configuration Manager site Server > Next.
6. Tick "I accept these License terms > Next > Custom Install > Next > Primary Site > Next > Next > enter unlock code is applicable > Next > Accept/change the install directory > Next > Enter a Site code and friendly name > Next.
DO NOT ever try and change this code and don't forget it!!
7. Change the Site mode to "Configuration Manager Mixed Mode" (Native mode requires certificate services and considerably more work). > Next.
8. Accept the defaults (everything except NAP) > Next.
9. Enter your SQL server name > Next > Next > Next > Next > Next.
10. Select a location to install the updates to > Next.
11. Updates will download this may take some time > when finished it should say it was successful > OK > Next.
12. It will run the pre requisite check again > when finished click begin install.
13. When finished click Next > Finish.
Instal SCCM

14. Now you need to send out the clients and configure SCCM, I'll cover that in a later article.