SCCM 2012: How does Automatic Client Upgrade work?

Some of the questions that often comes up on the Microsoft TechNet forum, are from people that don’t understand why the Automatic Client Upgrade feature don’t behave as they expect. In this blog post I’ll try to explain how this feature was designed, and in what scenarios you can use this feature.

Cumulative Updates

One of the most common misconceptions is the checkbox that says “Upgrade client automatically when new client updates are available”, and I don’t blame them. It is confusing.

The reason for this confusion are the two words “Upgrade” and “Update”, so let’s have a closer look to the meaning of these two little words.

When a client needs to be “Upgraded” it means that we’re installing a new build number of the product. That only happens in the following scenarios:

  • Upgrading from ConfigMgr 2012 RTM (7711) to ConfigMgr 2012 SP1 (7804).
  • Upgrading from ConfigMgr 2012 SP1 (7804) to ConfigMgr 2012 R2 (7958).

Note: This feature does not work at all in the RTM version, but after SP1 it actually does work.

Cumulative updates are however not considered an “Upgrade”. They are much smaller, and is therefore just an “Update”.

More information on build and version numbers can be found here: http://www.ronnipedersen.com/2014/07/configmgr-2012-versionbuild-numbers/

 

So what does this mean?

It means that automatic client “Upgrade” will NOT automatically apply cumulative “Updates” to your clients! You must use the packages created by the CU installation process to update your clients.

Here is a quick start guide that will help you install a CU update on the Primary Site Server and afterwards “Update” your clients: http://www.ronnipedersen.com/2013/06/installing-sccm-2012-sp1-cu2-quick-start-guide/

OK. But how does the client upgrade feature work then?

The process of enabling this feature is pretty simple. To enable the Automatic Client Upgrade process,  you need to navigate to \Administration\Overview\Site Configuration\Sites\, and click Hiersrchy Settings in the ribbon. Select the Automatic Client Upgrade tab.

When you enable this feature, you also have the option to configure another important option that allows you to specify the timeframe which the client should be upgraded.

SCCM 2012: How does Automatic Client Upgrade work?

Pretty simple. But we still need to know exactly how it’s working to fully understand and troubleshoot this feature, when something isn’t working as expected.

So how does this work?

After this feature has been enabled, and the numbers of days are specified (in this example I’ve configured it for the default 7 days), a new policy for each client with a lower build number are created. When that policy is retrieved by the ConfigMgr Client, the Upgrade task are created.

The upgrade task are created a simple windows scheduled task, with a random runtime. In this scenario it will be somewhere between 1 and 7 days. This is designed so the upgrade process won’t happen on all clients at the same time.

When the scheduled task kicks off, the upgrade process are started (by running ccmsetup.exe), and the scheduled task will be deleted automatically.

That’s it…

/Enjoy.

+Ronni Pedersen

SCCM 2012 R2: Where is the SMSTS.log located?

Allmost every time I get a call from a customer, or want to answer a question in the TechNet Forums about OS Deployment, I always start by asking for logfiles.

There are MANY log files when it comes to ConfigMgr 2012 R2, and most of them are normally located in the same folder every time you need them. But when you are troubleshooting OS Deployment using, one of the most common log files you almost always want to check, is the SMSTS.log. And this log file is moving around depending on the phase of the deployment process.

There are plenty of blogs out there about the location of the SMSTS.log, but most of them are not up-to-date (The log files are on longer placed under System32 or SysWOW for 64-bit clients), so here you go:

Phase Location
Windows PE
(Before the hard disk are formatted)
x:\windows\temp\smstslog\smsts.log
Windows PE
(After the hard disk are formatted)
x:\smstslog\smsts.log and copied to c:\_SMSTaskSequence\Logs\Smstslog\smsts.log
Windows Operating System
(Before the SCCM client is installed)
c:\_SMSTaskSequence\Logs\Smstslog\smsts.log
Windows Operating System
(After the SCCM client is installed)
c:\windows\ccm\logs\Smstslog\smsts.log
Windows Operating System
(When the Task Sequence is complete)
c:\windows\ccm\logs\smsts.log

/Enjoy.

+Ronni Pedersen


SCCM 2012: Failed to Get Client Identity (80004005)

This morning, one of my customers called me and told me that they bought some new Lenovo laptops (Lenovo ThinkPad S540), but they was unable start OS Deployment using SCCM/PXE.

Normally when I see this behaivor, it’s caused by a missing driver in the boot image, so I told them to verify that the driver was loaded correct.

Here is a guide to verify the network driver in a SCCM Boot Image:
http://www.ronnipedersen.com/2009/04/importing-network-drivers-into-the-windows-pe-boot-image/

But the driver was loaded correct, so I requested the SMSTS.log and found another common issue.

The SMSTS.log file can be found here:
http://www.ronnipedersen.com/2014/08/sccm-2012-r2-smsts-log-located/

In the SMSTS.log we got the following message:
Failed to get client identity (80004005)” and “Failed to request for client

SCCM 2012: Failed to Get Client Identity (80004005)

Resolution

Normaly this problem is caused by the incorrect time on the client, and in this case the BIOS time on the client was 1 hour ahead of the SCCM Site server.

After changing the BIOS time on the client, it could be deployed successfully.

Update!

Normally this is a rare situation, but if you experience this on many client in your environment, you might want to automate this completely. A fellow MVP Niall Brady has a great blog post that explains how this can be done by adding a prestart command to your boot image :

http://www.windows-noob.com/forums/index.php?%2Ftopic%2F11016-how-can-i-sync-the-bios-date-in-winpe-to-avoid-pxe-boot-failure-with-system-center-2012-r2-configuration-manager%2F

 

/Enjoy.

+Ronni Pedersen


SCCM 2012 R2: No Source Pull Distribution Point available

A few weeks ago I was working with a customer on a global SCCM Project where the use of Pull Distribution Points would be a huge benefit to reduce WAN traffic between some of the major sites.

So we ordered a few new (virtual) servers and installed the Distribution Point Role. Everything looked ok, so we moved on and enabled the Pull Distribution Point option, but we couldn’t specify any source for the Pull Distribution Point.

 SCCM 2012 R2: No Source Pull Distribution Point available

I went back to my lab, where I tried to reproduce this behaivor, but in my lab everything worked just fine.

But my lab was running in HTTP mode and my production was running in HTTPS mode.

After some searching I found this in the docs:

“Although a pull-distribution point supports communications over HTTP and HTTPS, when you use the Configuration Manager console, you can only specify source distribution points that are configured for HTTP. You can use the Configuration Manager SDK to specify a source distribution point that is configured for HTTPS.”

Source: http://technet.microsoft.com/en-us/library/gg712321.aspx#BKMK_DistributionPointConfigurations

 

Then I started to search for a solution that could help me automate this process for me, and then I found this great script created by an unknown Microsoft PFE, but all credits for the script goes to him SCCM 2012 R2: No Source Pull Distribution Point available

Source: http://social.technet.microsoft.com/Forums/en-US/72847bfc-c529-449c-a6b3-d7ce6bfcc8bb/how-to-set-an-https-distribution-point-as-a-source-dp-for-pull-dps?forum=configmanagergeneral

PULLDPSOURCE.VBS

/Enjoy.

+Ronni Pedersen

ConfigMgr 2012 version/build numbers

From time to time, I get questions about what version of ConfigMgr is equal what release of ConfigMgr.

Here is a complete list of all avaliable CU updates for System Center Configuration Manager (July 2014). I’ll try to keep this page updated when new updates are avaliable for download.

Release Version Build Download
ConfigMgr 2012 RTM 5.00.7711.0000 7711
ConfigMgr 2012 SP1 5.00.7804.1000 7804
ConfigMgr 2012 SP1 CU1 5.00.7804.1202 7804 KB2817245
ConfigMgr 2012 SP1 CU2 5.00.7804.1300 7804 KB2854009
ConfigMgr 2012 SP1 CU3 5.00.7804.1400 7804 KB2882125
ConfigMgr 2012 SP1 CU4 5.00.7804.1500 7804 KB2922875
ConfigMgr 2012 SP1 CU5 5.00.7804.1600 7804 KB2978017
ConfigMgr 2012 R2 5.00.7958.1000 7958
ConfigMgr 2012 R2 CU1 5.00.7958.1203 7958 KB2938441
ConfigMgr 2012 R2 CU2 5.00.7958.1303 7958 KB2970177

/Enjoy.

+Ronni Pedersen

ConfigMgr 2012 SP1 CU5 is now available

Cumulative Update 5 for System Center 2012 SP1 Configuration Manager has been released and are now avaliable for download.

Note: If you’re running ConfigMgr 2012 R2 you don’t need this update. This update is for ConfigMgr 2012 SP1 only!

The update can be downloaded here: http://support.microsoft.com/kb/2978017

ConfigMgr 2012 SP1 CU5 fixes the following issues:

Task sequences
  • The Continue on error check box is not selected under Task Sequences when an Install Software step and a Virtual Application package are defined as the source. This affects only task sequences that are migrated from Configuration Manager 2007 to System Center 2012 Configuration Manager.
  • The Task Sequence Agent (TSAgent) does not use the logging-related values that are set in the following registry subkey on a client computer:

    HKEY_LOCAL_MACHINE\Software\Microsoft\CCM\Logging

  • 2961924 A command-line action that has a linked package doesn’t start in System Center 2012 Configuration Manager
Site systems
  • 2923078 Reporting Services installation fails on System Center 2012 Configuration Manager Service Pack 1 that has SQL Server 2014 installed
  • 2931044 Discovery Data Manager slows when it rebuilds .ncf files on startup in System Center 2012 Configuration Manager Service Pack 1
Application management
  • Applications cannot be changed or copied after they are migrated from one System Center 2012 Configuration Manager site to another site. Messages that resemble the following are logged in the Distmgr.log file after you try to make changes:

    Package <PkgID> is in Pending state and will not be processed

  • 2952686 You cannot install an application by using stand-alone media in System Center 2012 Configuration Manager Service Pack 1
Configuration Manager client
  • The SMS Agent Host service may stop unexpectedly in an environment that uses multiple overlapping boundary groups that are configured for automatic site assignment. The ScanAgent.log file contains an entry that resembles the following:

    [FATAL ERROR] Invalid params exception was raised.

Administrator Console
  • When you view the Primary Device that is associated with a user, you may see other devices that have the same name, even if they are associated with a different user.
Additional changes that are included in this update
Cloud-based distribution points
  • Newly created cloud-based distribution points use a “Family 2″ (Windows Server 2008 R2) Guest operating system. Existing cloud-based distribution points can be upgraded to Family 2 by using the Microsoft Azure portal.
    Additionally, a possible race condition that affects distribution point status is resolved. To learn about this issue, see the following System Center Configuration Manager Team Blog article:

    Azure Guest OS Family 1 retirement impacts cloud-based distribution points

    (http://blogs.technet.com/b/configmgrteam/archive/2014/06/04/azure-guest-os-family-1-retirement-impacts-cloud-based-distribution-points.aspx)

Non-Windows clients
  • This update adds Ubuntu version 14.04 to the list of supported platforms for software distribution.
    The non-Windows client update that provides the corresponding Ubuntu support is available from the Microsoft Download Center. Learn about this non-Windows Client update

    (http://support.microsoft.com/kb/2976481/ )

    for System Center 2012 Configuration Manager.

  • Mac OS X 10.9 is added to list of supported platforms for software distribution and configuration items.
Endpoint Protection

/Enjoy

Awarded Microsoft Most Valuable Professional (MVP) 2014

Awarded Microsoft Most Valuable Professional (MVP) 2014

Today I received an e-mail from Microsoft and I am delighted to share that I have been awarded Microsoft Most Valuable Professional (MVP) 2014 for the seventh consecutive year.

I am honored to receive this award again and I appreciate everyone that reads my blog, watch me speaking, attend my training and keeps up with me on twitter (@ronnipedersen). I will strive to keep contributing to the community and hope that my contributions helps you out in some way.

I would like to thank everyone of you who have supported me in any form especially my family, friends, colleagues, all members of the Danish System Center User Group and other community partners. But also my MVP Lead, fellow MVPs and the Product Group at Microsoft in Redmond. A team of people I really admire and respect for their dedication and knowledge.

From the e-mail I received:

Dear Ronni Pedersen,

Congratulations! We are pleased to present you with the 2014 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Enterprise Client Management technical communities during the past year.

Microsoft MVPs are not Microsoft employees, rather independent technology enthusiasts who are active in communities on and offline.  We are experts and professionals across diverse subjects that all share a common use of Microsoft technologies to solve everyday real-world problems.

More about the MVP program here: http://mvp.support.microsoft.com/en-us/overview.aspx

Simple Windows Hack to prove why BitLocker is important

Today I was presenting at Microsoft IT Camp, and an question about why BitLocker should always be implemented came up. So I showed this simple demo on how Windows (and other operating systems) can be hacked, if the disk is left unencrypted.

The demo was showed on the latest version of Windows 8.1 Update with all updates installed.

Some of the students asked for en guide, so they could show the demo where they work, so here it is…

  1. Login using a standard user account
  2. Show that the Local Administrator Account is disabled
  3. Restart the computer, and boot from a standard Windows DVD
  4. 4. When prompted for language settings, press Shift + F10 to launch the Command Prompt.
  5. 5. Type D:
  6. 6. Navigate to D:\windows\system32
  7. 7. Type copy cmd.exe sethc.exe, and press Y to accept.
  8. 8. Restart the computer (boot from harddisk)
  9. 9. When the logon windows appers, pres shift 5 times, and the command prompt will open.
  10. 10. Type whoami to see that you know have system rigths
  11. 11. Type net user administrator /active:yes, to activate the local administrator account
  12. 12. Type net user administrator *, to provide a new password to the local administrator.
  13. 13. Restart the computer and logon using .\administrator

Enjoy.

+Ronni Pedersen

Houston here we come…

Thursday morning I’m leaving for the Microsoft TechEd event in Houston. On my way to Houston I’ll spend a few days in one of the cities on this planet I truly love… New York. It’ll be lots of shopping, sightseeing, great food and relaxing… Nothing else Houston here we come…

TechEd is one of the biggest events in world for IT Pro’s. This year my main focus will be on System Center 2012 R2 Configuration Manager, Windows Intune, Windows 8.1 Update and hopefully more information about the next release of Windows (that was announced during the build keynote a few weeks ago).

In the past (last year), I always attended the Microsoft Management Summit (MMS), but this year, Microsoft decided to join TechEd and MMS to a single event. It’s not a big secret to pepole who know me well, that I would have prefeered to have MMS as a separate event… But time has changed, and we need to look forward…

One of the great things about TechEd/MMS is opportunity to meet with colleagues, customers, partners, fellow MVP’s and friends. If you want to have a chat, coffee or a beer during the event just give me a call +45 2085 9452 and I’ll arrange something.

So expect either blog silence or multiple blog posts about my week in Houston. Either way I will enjoy the week. Houston here we come…

Houston here we come…