User Group meeting yesterday at Cardinal Place, Microsoft’s London Office.

Wally Mead gives us the skinny on R3 for Configuration Manager 2007, now released. Not much has changed here from the presentations we saw this time last year, but good to see this product finally out the door. Also, this is the final release for the 2007 version, no SP3 is planned.

Silect are here to demo their CP Studio product. Orinoko-er Andy Sallabank dramatically wins a copy of the product after consuming his own body weight in beans in under 12 minutes, destroying Cliff Hobbs’ attempts to take the prize with his rendition of “Mammy” on the nose flute.

CP Studio looks pretty neat, but I’m not sure any of the projects we’ve delivered recently that used DCM would warrant it. DCM is a growing field, but I reckon it’ll be vNext before we start to do anything very large-scale. So for now (freebie copy aside) we’re probably stuck with Visual Studio!

Wally gives us the ConfigMgr VNext overview. The top-line features are pretty well known in the community now, but the new stuff is still pretty exciting:

· Hierarchy reduction…

· Role Based Security

· SQL Replication for metadata

· Deployment Types

· Gold Key remote control

· DP Groups – state based distribution (essentially this balances packages across all DPs in a group)

· Client Health auto remediation (hurray) auto-fix of WMI, auto reinstallation of the ConfigMgr agent, etc. etc. Looks cool. XML based checking engine, can be modified to include custom tasks…

· Mobile Device Manager integration

· OSD gets offline image servicing and boot media is now site-wide (this is very handy as your clients can join the wrong site at the moment if you don’t control the media distribution)…

Wally embraces his imaginary friend, Binker. Tragically Binker was later crushed during the User Device Affinity demo.

Inventory Classes editor replaces notepad for editing SMS_DEF.MOF. Import of MOF file supported, and browsing of WMI classes from the editor to enable custom inventory.

Custom client settings being set on a per-collection level is shaping up. The ability to set separate remote control config per-collection, and to modify inventory schedules for workstations vs servers, etc.

Client remediation no longer pings machines to see if they are alive. Now integrated with AD, checks the last time the machine logged into AD.

All-in, a good day, thanks to Cliff et al for organising it once more.

We’re part way through a nice little Windows 7 project, and have the New Computer scenario cooking just fine, driver management for some of the AMT stuff has been a real challenge, but once you have all the right driver versions for the right laptop models it all goes in fine. Irritatingly, some of the drivers for the AMT SOL packages are model specific, but just generate an error that your machine doesn’t meet the minimum requirements. Anyway, I digress, we’ve started on Zero Touch, and I came across an error I’ve not seen before:

The task sequence execution engine failed executing the action (Capture User State) in the group (State Capture) with the error code 2147942402
Action output: 0, HRESULT=80070002

If you are seeing this, it’s possibly because you have (again!) forgotten to update your Configuration Manager Client package when you installed SP2. At SP2 the agent should have a ConfigMgr Client Version of 4.00.6487.2000. SP1 is 1000.

Right click your agent package and update distribution points, ConfigMgr will automagically pick up the new client source.

Obviously you’ll also need to upgrade the live client…

Using ConfigMgr we can leverage the inventory data gathered by the client agent to report on our license compliance against the MVLS report provided by Microsoft from the MVLS site.

To get your license report do the following:

1. Log into the MVLS Site, Hover over Microsoft License Statement
2. Select view Microsoft License Statement
3. Click the + to bring down the Add Agreements Option and add your agreement and enrolment numbers in the field
4. Click calculate new statement
5. Right click on table under License Summary Tab and select Export to Microsoft Excel

Now open this file in Excel. You need to muck about with it a little bit…

Column A will be blank, delete it.

Format the License Version column (C) as TEXT.

Now Save As Excel 2003 XML format.

Copy this into a folder, shared and accessible to the SMS Provider and the user you’re logged in as.

Right click the Asset Intelligence node and select Import Software Licenses

Note, the Example text is incorrect, you need to provide the name of the xml file too.

Complete the wizard and with a fair wind you will be rewarded with a little tick:

In my opinion (having spent all morning getting an import failure) this should also play a little fanfare sound, but it doesn’t.

Looks like we need a few more Project licenses!

…sometimes it tests me…

We have to install SP2 for ConfigMgr before we can start our Windows 7 imaging. The customer we’re working on has SP1 deployed, the site was originally upgraded from SMS 2003. Suffice to say that the SQL database is in a bit of a mess.

Problem 1.

The installation bombs out with an error in the C:\ConfigMgrSetup.log:

The login already has an account under a different user name.

This turns out to be an issue where we have a SQL account with the NetBIOS name of the server but a login id of the full domain machine account. E.g. The SQL User Name is “SERVER” but the login ID is DOMAIN\SERVER$.

ConfigMgr attempts to add its computer account account to SQL (which is also DOMAIN\Server$) and gets the above error. Deleting the existing NetBIOS name account isn’t possible as it owns the “SMS Admins” SQL schema.

The solution is to grant another account (NETWORKSERVICE seems to work) the ownership of the SMS Admins schema, remove ownership for the NetBIOS named account, then you can delete it and once the account is re-added as DOMAIN\SERVER$ you can transfer the ownership of the SMS Admins schema back to this account.

This was, however, just the start of the problems.

Problem 2.

Error in Setup log:

Cannot create a row of size 8065 which is greater than the allowable maximum of 8060.

I still haven’t got to the bottom of this one except that compressing the database seems to make it go away… At the same time as we were having these problems, our DB was also growing by around 200MB per hour, there’s some discussion here that this may be related to a post SP2 hotfix, but I have not been able to confirm this.

Problem 3

Our database is corrupt. And unfortunately it’s in quite an important table…

Error in the setup log:

The Database ID 58, Page (1:140044), slot 20 for LOB data type node does not exist. This is usually caused by transactions that can read uncommitted data on a data page. Run DBCC CHECKTABLE.

Running DBCC Checktable tells us that the data is unrecoverable and that only running DBCC CheckDB with REPAIR_ALLOW_DATA_LOSS is going to fix it. After scrabbling around for a while without joy we ran this and it scrapped around 100 rows from the database. Unfortunately the data is in the CI_ConfigurationItems table. There’s a lot of other tables which depend on this, referential integrity issues await!

Problem 3.

Having “repaired” the database we now essentially have a bunch of orphaned items scattered around the Configuration Manager SQL database. This is a real problem as the SP2 setup routine is going to recreate all of the SQL Foreign Key links and if there’s incompatible data in the linked tables the setup routine will bomb out:

The ALTER TABLE statement conflicted with the FOREIGN KEY constraint "Update_ComplianceStatus_CI_UpdateCIs_FK". The conflict occurred in database "SMS_XXX", table "dbo.CI_UpdateCIs", column ‘CI_ID’.

The table will vary, but essentially what this is telling us is that there are records in the Update_ComplianceStatus table that do not have a corresponding record in the CI_ConfigurationItems table, because they were corrupt and have now been removed.

To identify the offending records I executed the following SQL Query

Select distinct CI_ID
From Update_ComplianceStatus
Where CI_ID not in (select CI_ID from CI_ConfigurationItems)

This results in a few records being returned which represent tens of thousands of status messages, inventory records, whatever… They need to be removed:

Delete from Update_ComplianceStatus where CI_ID = ’9420′
Delete from Update_ComplianceStatus where CI_ID = ’9644′
Delete from Update_ComplianceStatus where CI_ID = ’11666′
Delete from Update_ComplianceStatus where CI_ID = ’25041′
Delete from Update_ComplianceStatus where CI_ID = ’26261′
Delete from Update_ComplianceStatus where CI_ID = ’29627′
Delete from Update_ComplianceStatus where CI_ID = ’31677′
Delete from Update_ComplianceStatus where CI_ID = ’33272′

I created the above statements in Excel using Concatenate to add the text to the ID, I recognise that you can do the whole thing programmatically, but this way you can run them one at a time in the SQL interface:

I like this, as these kind of things make me a little nervous…

Once these tasks are complete I rerun setup and wait for the next failure in the log, then repeat the above. A lot.

It took EIGHT HOURS!!!!! but:

Now I need a pint!

On site with a customer who currently have SMS 2003. We’re replacing SMS with ConfigMgr of course, so we deploy the ConfigMgr client with SMS feeding it a parameter for SMS_SLP=NEWSERVER which forces the clients to switch to our new infrastrutcure. So far so good.

Around 50% of the clients show up pretty much immediately, but around 1500 are missing. It eventually turns out that this is because these 1500 machines all had the SMS client duplicated on them in a Ghost image, and now we’ve maintained that ID through the ConfigMgr upgrade.

A bit of a nightmare.

In the past under SMS we would have just deleted the SMSCFG.INI from the Windows folder and restarted the SMS Agent Host service which would have regenerated the GUID, these days the ConfigMgr client certificates don’t much like this, so we have to be a little bit smarter about it. We have our own client installation wrapper, SMSSamurai which we use for the client deployment in the first instance. In a scenario where we know there is going to be difficulty with duplicate GUIDs, we have this wrapper generate a new GUID at install time, but in this instance the duplication was not anticipated.

The main problem now is that the machines need to be powered on to be repaired, so it’s a long slow process. I’ve messed around with trying to script this in Powershell, but there’s no WMI provider for regenerating the GUID, so I’ve fallen back on trusty old Tranguid.exe from the SMS 2003 resource kit and PSexec from Sysinternals.

I’ve created a batch file:

REM Cleaining Up Duplicate GUIDS

REM Firstly we kill off the SMS Agent Host (CCMEXEC) service on the remote machine
TASKKILL /S %1 /IM CCMEXEC.EXE

REM Next we generate a new GUID for the machine
PSEXEC \\%1 -c Tranguid.exe /R

REM Now we start the SMS Agent Service back up
SC \\%1 START CCMEXEC

I save this as DeDupe.bat , then executing dedupe.bat brokenclientmachinename will fix the duplicate GUID.

You can check the fix on the client by checking the ClientIDManagerstartup.log:

The batch file above restarts the SMS Agent Host service once the GUID has been renewed. This will result, a couple of minutes later, in a new heartbeat discovery (DDR) being generated. If you are feeling particularly impatient you can kick off a DDR as soon as the batch file completes.

The final piece of the jigsaw is to run the batch file against all clients. To do this we create a “Non Clients” collection (where Client=NULL)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,
SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Client is null

Now use View-  Export list to dump this collection to a NonClients.CSV file.

Finally, logged on as a user with admin rights on all PCs run the following:

for /f “skip=1 delims=,” %L in (NonClients.csv) do Dedupe.bat %L

It is possible to wrap this command in a ping task to check that the machine is powered on before attempting the remote commands which will speed the process up considerably.

Onsite here I’m finding that this is repairing around 200 clients per hour. That’s a little slow, so adding a ping test can improve things a bit.

for /f “skip=1 delims=,” %L in (NonClients.csv) do ping –n 1 %L && Dedupe.bat %L

The double & in this command line allows CMD.exe to process the Dedupe.bat file to execute if the ping command produces an errorcode of 0, which it does if the machine responds.

We’re using Kim Oppalfens’ rather wonderful approach for migrating to ConfigMgr from a large SMS 2003 implementation. We don’t want to take the SMS hardware, but we do want the investment we’ve made in the development in the console (hundreds of packages, collections and advertisements which would take us a long time to set up again).

Kim’s approach implements a new child Primary SMS 2003 server. The package, collection and advertisement content is replicated to the child. We copy the package source across to the new server, detach from the parent and the packages etc become ‘owned’ by the new SMS site. This site can then be upgraded to ConfigMgr. This is great, one slight fly in the ointment is that on the old server the packages are stored in G:\DIST_Source\Vendor\Appname and on the new server they’ll be in D:\packages\Vendor\Appname.

Once the child site has been detached, the package source must be modified. This can be done using Transact-SQL and the most efficient (in terms of code) way of doing this in SQL 2005 is using REPLACE command.

USE SMS_XXX

UPDATE SMSPackages

SET Source = REPLACE(CAST(Source AS NVARCHAR(MAX)),

‘G:\DIST_source’,

‘D:\Packages’)

Note it’s important to cast ‘Source’ as NAVCHAR as REPLACE won’t work on STRING types.