1 / 35

ConfigMgr : Hints, Allegations, and Things Left Unsaid

ConfigMgr : Hints, Allegations, and Things Left Unsaid. Kim Oppalfens, MVP Principal Consultant Inovativ. ConfigMgr. Hints, Allegations, and Things Left Unsaid. Jason. Boundaries. AD Site. IP Range. IP Subnet. The Problems with Boundaries. IP Subnet. AD Site.

dyre
Download Presentation

ConfigMgr : Hints, Allegations, and Things Left Unsaid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ConfigMgr: Hints, Allegations, and Things Left Unsaid Kim Oppalfens, MVP Principal Consultant Inovativ

  2. ConfigMgr

  3. Hints, Allegations, and Things Left Unsaid

  4. Jason Boundaries AD Site IP Range IP Subnet

  5. The Problems with Boundaries IP Subnet AD Site “Converted” to IP Subnets 192.168.15.0/23 = 192.168.15.0 Cannot use “Super-nets” Workgroup clients aren’t part of an AD Site • Cannot use “Super-nets” • Based on Subnet/Network ID • Are subjective • Subnet IDs are based on IP Address + Subnet Mask

  6. Super-net Example IP Subnet: 10.0.0.0 AD Site Subnet: 10.0.0.0/8 Subnet ID: 10.0.0.0 Subnet ID: 10.0.0.0 IP Address: 10.0.1.27/24 Subnet ID: 10.0.1.0

  7. Discovery Example Discovered IP Address: 192.168.16.27 AD Site Subnet: 192.168.15.0/23 Subnet ID: 192.168.15.0 Discovered Subnet ID: 192.168.15.0 IP Address: 192.168.16.27/24 Subnet ID: 192.168.16.0

  8. Boundaries • IP Address Ranges FTW • Do not rely on AD Sites • “Super-netting” is fine • No ambiguity • What you see is what you get • Very granular and exact • No subnet calculator needed

  9. Kim High Availability and Site Resiliency Site Functionality Client Functionality Inventory Previously scheduled actions Remote Control Key Roles Distribution Point PXE Service Point Software Update Point State Migration Point • Policies • Packages • Site Settings • Key Roles • Database • Management Point • SMS Provider • Reporting Point (Classic and SSRS)

  10. Role Failure Impacts

  11. Three Options for HA

  12. HA and SR Out of the Box

  13. The Easy Button Solution • Out of box solution != Site Resiliency • Hyper-V and Quick/Live Migration • Provides both high availability and site resiliency • Site Resiliency will require some network “magic”

  14. Jason Software Updates and Task Sequences • Yes, they work • Target the same Collection as your OSD Advertisement • Client Agent Install Public Properties • SMSMP and SMSSLP • Install the latest Windows Update Agent • 7.4.7600.229 • http://support.microsoft.com/kb/949104 • Increase the WSUS maximum XML size per request • Use IP Address Range boundaries • Wait for the Hotfix

  15. Software Updates and Task Sequences demo

  16. Kim WMI Health • ConfigMgr is a WMI aggregator and automator

  17. Kim No Magic Bullet • Install the XP Hotfix • KB 933062 • Don’t automatically flush the Repository • Fixes the symptom, not the problem • Don’t ever flush the repository on a site server

  18. Fixes • Re-register • Built-in Repair • XP SP2+ • rundll32 wbemupgd, UpgradeRepository • Vista/7 • winmgmt /salvagerepository • Delete CCM namespace (Client only) FOR /f %s in ('dir /b /s *.dll') do regsvr32 /s %s Net stop /y winmgmt FOR /f %s in ('dir /b *.mof *.mfl') do mofcomp %s Net start winmgmt

  19. WMI Repair demo

  20. Program Execution • Local SYSTEM account • Current user • Run Command-line task in a Task Sequence allows alternate credentials

  21. Network Access Account • Generally a fallback account • Used to access content • Not used to run programs • Required for Operating System Deployment

  22. Jason The SYSTEM Account • Local Actions -> SYSTEM account • Network Actions -> Active Directory computer account • Includes UNCs on local system • All AD computer accounts are automatically members of Domain Computers group

  23. Drivers • Uses system account of server hosting SMS Provider SMS Provider Site Server Driver Package Source DP Driver Source

  24. Software Updates • Uses user account of user running the console • Uses system account of server hosting SMS Provider SMS Provider Current User Update Package Source Microsoft

  25. Backup • SMS_SITE_BACKUP Service runs as local SYSTEM • SMS_SITE_SQL_BACKUP Service runs as local SYSTEM AD Computer SYSTEM AD Computer SYSTEM Local UNC

  26. Kim Client Status in the Console

  27. Client • Indicative of client agent installation status • Not real-time • Can be cleared by the “Clear Install” maintenance task

  28. Approved • Is a black-box and is not documented in detail • Meant to mimic PKI certificate revocation • N/A only affects OOB Management

  29. Inactive • When a client is flagged as obsolete it is also marked as inactive • Client Status Reporting (R2 & R3) • Deleted resources in child domains • Used in conjunction with Delete Inactive Client Discovery Data task ?

  30. Obsolete • Resources are marked as obsolete when they are superseded by newer resources • Used in conjunction with Delete Obsolete Client Discovery Data task

  31. Maintenance Tasks and Client Status Reporting demo

  32. And Finally … Asset Intelligence

  33. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related