Tag Archives: SCCM 2012

Configuration Manager 2012 – Software Updates That Require Multiple Reboots may Cause Task Sequence Failure

Posted on by
2

Oke so sometimes your OSD Task Sequence in ConfigMgr 2012 (or even 2007..) fails on you? Tried all the usual troubleshoot steps..

Well maybe not all, check your Windows Updates!

Yes, Microsoft has confirmed that there are updates out there that will break your Task Sequence.

This is the KB about that:

KB2894518 – Software Updates That Require Multiple Reboots may Cause Task Sequence Failure within Configuration Manager (http://support.microsoft.com/kb/2894518)

If a Configuration Manager (ConfigMgr 2007 or ConfigMgr 2012) Task Sequence that leverages the Install Software Updates step installs a software update that triggers multiple reboots, the task sequence may fail to complete successfully. This occurs because the first reboot initiated by the software update is properly controlled by the Task Sequence, however the second reboot request is initiated by a Windows component (typically Component-Based Servicing) and therefore not controlled by the Task Sequence.

In short the following updates are affecting your OSD Task Sequence:

  • 2862330 MS13-081: Description of the security update for 2862330: October 8, 2013
  • 2771431 A servicing stack update is available for Windows 8 and Windows Server 2012
  • 2871777 A servicing stack update is available for Windows RT, Windows 8, and Windows Server 2012: September 2013
  • 2821895 A servicing stack update is available for Windows RT and Windows 8: June 2013
  • 2545698 Text in some core fonts appears blurred in Internet Explorer 9 on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
  • 2529073 Binary files in some USB drivers are not updated after you install Windows 7 SP1 or Windows Server 2008 R2 SP1
  • 2871690 Microsoft security advisory: Update to revoke noncompliant UEFI boot loader modules

Especially the 2862330 has the statement in the description 😉

After you install security update 2862330 on a computer that is running Windows 7 or Windows Server 2008 R2, your computer may restart two times. The additional restart is required to make sure that the security update is completely installed. Installation of this update may leave the system in a partly updated and therefore vulnerable state. To address this issue, the update performs an additional step to update the computer. This additional step may require an additional restart of the computer.

Note Task sequence could fail in System Center Configuration Manager if the task sequence uses an “Install Software Updates” step to install a software updates that require multiple restarts.

The task sequence has failed with the error 0x80070570 – ConfigMgr 2012

Posted on by
2

I was in the process of deploying an OS with ConfigMgr 2012 R2 when I saw this error:

The task sequence has failed with the error 0x80070570

Hmm, well oké what is this then?

Task sequence starts, disk gets partitioned, image is downloaded and then this.

So after a little search I found

0570 = 1392 = “The file or directory is corrupted and unreadable.”

This could be issues or corrupt data on Distribution Points. This was not the error in my case. It also could be that the downloaded image was getting corrupt during the download. Also not the issue!

Then I tried to wipe the disk in WinPE with DiskPart:

 

Then I started the deployment again et voila! Everything started working again J

So with a 0x80070570 Error always check your disk partitioning.

System Center 2012 Configuration Manager Configuration Pack

Posted on by
5

Compliance Settings for ConfigMgr 2012. Microsoft has provided us with a Configuration Pack for ConfigMgr 2012. This Configuration Pack contains Configuration Items and a Configuration Baseline for our ConfigMgr 2012 environment.

This Configuration Pack monitors following:

  • Management Point(s);
  • Site Server(s);
  • Software Update Point(s).

You can download the Configuration Pack HERE.

From the Microsoft site:

Overview

Software installation errors and misconfigurations compromise security and stability, resulting in escalated support costs. The System Center 2012 Configuration Manager Configuration Pack can help prevent errors, increasing your organizational uptime and helping you build a more secure and reliable Configuration Manager 2012 infrastructure. This Configuration Pack contains Configuration Items intended to manage your Configuration Manager 2012 site system roles using the desired configuration management component in Configuration Manager 2012. This configuration pack monitors the following site system roles: management points, site server, and software update points. The Configuration Pack can also monitor Windows Server Update Services (WSUS) components on software update points or upstream WSUS servers. To manage your site system roles with this Configuration Pack, import and assign the Microsoft System Center 2012 Configuration Manager Server Roles configuration baseline to a collection which contains your Configuration Manager 2012 site systems. While there is one configuration baseline for all site systems, it evaluates compliance only for roles configured on the site system. For example, if a computer has only the management point role, it will not be evaluated for software update point configurations. To understand in detail what each configuration item will be evaluating, review the properties of that configuration item in the context of the Configuration Manager 2012 Server Role being addressed.

Installation.

After download (HERE) install the MSI package.

That was easy!

In the installation directory you will find several files. That notice that the ConfigMgr2012ConfigPackReview.doc contains all the info about the Configuration Pack. Nice info!

I will put the content of the doc at the end of this post (HERE).

Import the Configuration Pack

Now you have to import the Configuration Pack.

Go to: Assets and Compliance – Overview – Compliance Settings and right-click on ‘Configuration Baselines‘, choose ‘Import Configuration Data‘.

Add, browse to your installation directory and click: CM2012ServerRolesConfigpack.cab

2x Next

And there you are, you have 1 Configuration Baseline and 4 Configuration Items.

You can browse through the configuration items by selecting ‘Properties’. One thing you will notice that all the ‘Remediate‘ options are standard set to ‘No‘. This is actually a good thing, you don’t want anything automatically remediated on you ConfigMgr environment without you knowing about it. But it is possible J

 

Deploy the Configuration Baseline

Make a collection with your SCCM 2012 site server(s) and deploy the Configuration Baseline.

Pick a collection and select OK.

 

And now you have to wait until the Baseline has run on the SCCM 2012 server(s).

Here you can choose ‘View Report’. This is the report from my SQL server:

Not much to do here, but at least it is nice and Green 😉

And this is the one from my ConfigMgr site server.

Hm, Non-Compliant, let’s check this out.

And the details:

Under Non-Compliant rules we see that BGB firewall port for Management point should be open. As per the Script the warning is set to generated if BGB port is found closed on MP. The rest of the configuration items report that our server is Compliant.

Oké let’s check this script. It is found under Configuration Items – Microsoft System Center 2012 Configuration Manager Management Point, Properties, BGB firewall port.

Edit

Compliance Rules

Edit

So what this tells us is that the script is generating a Warning when it finds the port used for BGB is closed. But my firewall is disabled so it should not generate this error?

Check the underlying script:

Edit Script:

Option Explicit

Function GetBGBPort()

    Const HKEY_LOCAL_MACHINE = &H80000002

    Dim strComputer,strKeyPath,oReg,arrSubKeys,dwValue,strValueName,WshShell

    strComputer = “.”

    strKeyPath = “Software\Microsoft\SMS\NotificationServer”

    strValueName=”TCP Listener Port”

    Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” & strComputer & “\root\default:StdRegProv”)

    Set WshShell = WScript.CreateObject(“WScript.Shell”)

    If oReg.EnumKey(HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys) = 0 Then

        oReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, dwValue

    End If

    If not IsNull(dwValue) Then

        If not IsEmpty(dwValue) Then

            GetBGBPort = dwValue

        End If

    End If

End Function

Function FirewallPortIsOpen(iBGBPort)

    FirewallPortIsOpen = false

    Dim objFirewall, objPolicy, colPorts, objPort

    Set objFirewall = CreateObject(“HNetCfg.FwMgr”)

    Set objPolicy = objFirewall.LocalPolicy.CurrentProfile

    Set colPorts = objPolicy.GloballyOpenPorts

    For Each objPort in colPorts

        If objPort.Port = iBGBPort Then

            FirewallPortIsOpen = true

        End If

        Next

End Function

Dim iBGBPort

iBGBPort = GetBGBPort()

If FirewallPortIsOpen(iBGBPort) Then

    WScript.echo “Port Open”

Else

    WScript.echo “Port Closed”

End If

 

 

And here you have the culprit. Although my firewall is disabled the script enumerates the current firewall profile to see if the used port is open!

So I opened up the port (standard 10123 TCP) in the firewall policy (Inbound Rule) et voila all green!

 

 

System Center 2012 Configuration Manager Configuration Pack

Detailed Summary

Configuration Manager 2012 Configuration Pack

Configuration Baseline: Microsoft System Center 2012 Configuration Manager Server Roles

  • Included Configuration Items (If these optional application configuration items are detected, they must be properly configured)
    • Microsoft System Center 2012 Configuration Manager Site Server
    • Microsoft System Center 2012 Configuration Manager Management Point
    • Microsoft System Center 2012 Configuration Manager Software Update Point
    • Windows Server Update Services configuration for Microsoft System Center 2012 Configuration Manager Software Update Point

Configuration Item: Microsoft System Center 2012 Configuration Manager Site Server

Type – Application

Detection Method – ScriptDiscovery (VBScript)

Settings:

  • ConfigMgr Distribution Manager Startup Type
    • Title– ConfigMgr Distribution Manager Startup Type
    • Description – Verifies the Distribution Manager component startup type is configured correctly. This setting applies to all primary sites, secondary sites, and Central Administration Server.
    • Type of provider – Registry value.
  • ConfigMgr Offer Manager Startup Type
    • Title– ConfigMgr Offer Manager Startup Type
    • Description – Verifies the Offer Manager component startup type is configured correctly. This setting applies only to primary site servers.
    • Type of provider – Registry value.
  • SMS_EXECUTIVE
    • Title– SMS_EXECUTIVE
    • Description – SMS_EXECUTIVE registry key should be present on site server.
    • Type of provider – Registry key.
    • Sync Done
      • Title– Sync Done
      • Description – Script checks status message system for presence of sync done message.
      • Type of provider – Script.
    • Sync in Progress: WSUS Server
      • Title– Sync in Progress: WSUS Server
      • Description – Script checks status message system for presence of sync in progress: WSUS server message.
      • Type of provider – Script.
  • Sync Started
    • Title– Sync Started
    • Description – Script checks status message system for presence of sync started message.
    • Type of provider – Script.
  • WSUS Configuration Manager Startup Type
    • Title– WSUS Configuration Manager Startup Type
    • Description – Verifies the WSUS Configuration Manager Component startup type is configured correctly.
    • Type of provider – Registry value.
  • WSUS Sync Manager Startup Type
    • Title– WSUS Sync Manager Startup Type
    • Description – Verifies the WSUS Sync Manager Component startup type is configured correctly.
    • Type of provider – Registry value.

Configuration Item: Microsoft System Center 2012 Configuration Manager Management Point

Type – Application

Detection Method – ScriptDiscovery (VBScript)

Settings:

  • Background Intelligent Transfer Service (BITS) Server Extensions
    • Title– Background Intelligent Transfer Service (BITS) Server Extensions
    • Description – Verify that BITS is installed on this IIS server.
    • Type of provider – Script.
  • BGB firewall port is opened
    • Title– BGB firewall port is opened
    • Description – Verifies that the ‘Big Green Button’ (BGB) firewall port for this Management Point is open.
    • Type of provider – Script.
  • BITS Upload Enabled
    • Title– BITS Upload Enabled
    • Description
      Verify that BITS Upload is enabled in IIS.
    • Type of provider – WQL query.
  • IIS Admin Service Start Mode
    • Title– IIS Admin Service Start Mode
    • Description
      Verifies the IIS Admin Service is properly configured to auto start.
    • Type of provider – WQL query.
  • IIS Admin Service State
    • Title– IIS Admin Service State
    • Description
      Verifies the IIS Admin Service is running.
    • Type of provider – WQL query.
  • IIS Windows Authentication
    • Title– IIS Windows Authentication
    • Description
      Verifies that IIS has Windows Authentication enabled.
    • Type of provider – Script.
  • Microsoft Distributed Transaction Coordinator Service State
    • Title– Microsoft Distributed Transaction Coordinator Service State
    • Description
      Distributed Transaction Coordinator Service should be running on Management Point.
    • Type of provider – WQL query.
  • Microsoft Distributed Transaction Coordinator Start Mode
    • Title– Microsoft Distributed Transaction Coordinator Start Mode
    • Description
      Verifies the MSDTC service is properly configured to auto start.
    • Type of provider – WQL query.
  • Minimum Physical Memory Requirement
    • Title– Minimum Physical Memory Requirement
    • Description
      Management Point meets minimum physical memory (RAM) requirements.
    • Type of provider – WQL query.
  • Windows Task Scheduler Service State
    • Title– Windows Task Scheduler Service State
    • Description
      Task Scheduler Service should be running on Management Point.
    • Type of provider – WQL query.
  • Windows Task Scheduler Start Mode
    • Title– Windows Task Scheduler Start Mode
    • Description
      Verifies the Windows Task Scheduler is properly configured to auto start.
    • Type of provider – WQL query.
  • World Wide Web Publishing Service Start Mode
    • Title– World Wide Web Publishing Service Start Mode
    • Description
      Verifies the World Wide Web Publishing Service is properly configured to auto start.
    • Type of provider – WQL query.
  • World Wide Web Publishing Service State
    • Title– World Wide Web Publishing Service State
    • Description
      World Wide Web Publishing Service should be running on Management Point.
    • Type of provider – WQL query.

Configuration Item: Microsoft System Center 2012 Configuration Manager Software Update Point

Type – Application

Detection Method – ScriptDiscovery (VBScript)

Settings:

  • WSUS Control Manager Current State
    • Title– WSUS Control Manager Current State
    • Description
      Verifies the WSUS Control Manager Component is running.
    • Type of provider – Registry value.
  • WSUS Control Manager Startup Type
    • Title– WSUS Control Manager Startup Type
    • Description
      Verifies the WSUS Control Manager Component startup type is configured correctly.
    • Type of provider – Registry value.

Configuration Item: Windows Server Update Services configuration for Microsoft System Center 2012 Configuration Manager Software Update Point

Type – Application

Detection Method – ScriptDiscovery (VBScript)

Settings:

  • microsoft.updateservices.admindataaccessproxy.dll
    • Title– microsoft.updateservices.admindataaccessproxy.dll
    • Description – Verify all instances of microsoft.updateservices.admindataaccessproxy.dll.
    • Type of provider – File system.
  • microsoft.updateservices.administration.dll
    • Title– microsoft.updateservices.administration.dll
    • Description – Check for the existence of microsoft.updateservices.administration.dll.
    • Type of provider – File system.
  • microsoft.updateservices.baseapi.dll
    • Title– microsoft.updateservices.baseapi.dll
    • Description – Verify all instances of microsoft.updateservices.baseapi.dll.
    • Type of provider – File system.
  • Setup
    • Title– Setup
    • Description – Setup Registry key should be present.
    • Type of provider – Registry key.
  • SMS_EXECUTIVE
    • Title– SMS_EXECUTIVE
    • Description – SMS_EXECUTIVE Registry key should be present.
    • Type of provider – Registry key.
  • Windows Server Update Services Start Mode
    • Title– Windows Server Update Services Start Mode
    • Description – Verifies the WSUS Service start mode is configured correctly.
    • Type of provider – WQL query.
  • WSUS
    • Title– WSUS
    • Description – WSUS Registry key should be present.
    • Type of provider – Registry key.
  • WSUS Control Manager Startup Type
    • Title– WSUS Control Manager Startup Type
    • Description – Verifies the WSUS Control Manager Component startup type is configured correctly.
    • Type of provider – Registry value.

ConfigMgr 2012 Compliance Settings

Posted on by
Reply

 

Compliance Settings in SCCM 2012 SP1. This was called ‘Desired Configuration Management’ in SCCM 2007. Compliance Settings consist of ‘Configuration Items’ and ‘Configuration Baselines’. There is another node here: ‘User Data and Profiles’. This one is not a Compliance Setting but Folder Redirection from within the ConfigMgr Console…(hmm well that’s what GPO’s are for, aren’t they?)

The Compliance Settings help you to assess the compliance of Users and/or Devices for all kind of configurations in your organization. For instance: right OS version, updates, hotfixes, applications, application settings, prohibited applications etc.

The Configuration Items do all the magic. They can be of various kinds:

  • Windows;
  • Mobile Device;
  • Mac OS X.

And can query through various ways. Configuration Items can also remediate non-compliant settings if you like!

Compliance is evaluated by defining a configuration baseline that contains the configuration items that you want to evaluate and settings and rules that describe the level of compliance you must or like to have. You can import this configuration data from Microsoft System Center Configuration Manager Configuration Packs which can contain best practices that are defined by Microsoft and other vendors, into ConfigMgr. You can create new configuration items and configuration baselines yourself for your own applications.

After a configuration baseline is defined, you can deploy it to users and devices through collections and evaluate its settings for compliance on a schedule. Client devices can have multiple configuration baselines deployed to them.

Configuration items: A collection of settings, values, and criteria that defines what is compared, checked, or evaluated on a target system.

Configuration baselines: Contains one or multiple configuration items. Configuration items must be part of a configuration baseline to be assigned for evaluation on a collection of systems.

 

To use Compliance Settings in your environment there are a few steps you have to take:

  • Enable Compliance Settings on your clients;
  • Reporting Services must be installed as a site role.

 

Enable Compliance Settings on your clients.

Go to: Administration, Client Settings

Edit or Create ‘Client Device Settings

Select ‘Compliance Settings

And select ‘Enable compliance evaluation on clients‘ to Yes

Then deploy the Client Device Settings to a collection.

 

Reporting Services must be installed as a site role.


The Reporting services point is installed.

 

Now you can Add Configuration Items and Define Configuration Baselines!

That’s next time!

WSUS and ConfigMgr 2012 HTTPS communication

Posted on by
3

When you have your ConfigMgr 2012 site fully communicating over HTTPS you may also want your Software Updates delivered over a secure channel.

Well that´s possible!

More info: http://technet.microsoft.com/en-us/library/bb633246.aspx

When you have the WSUS component installed on the SCCM 2012 SP1 server, the same certificate that was used to secure the ´Default Web Site´ can be used to secure the WSUS Administration site from within IIS.

TIP

Not all the virtual directories within the WSUS Administration site need to be enabled for SSL.
Only enable SSL for:

  • APIRemoting30
  • ClientWebService
  • DSSAuthWebService
  • ServerSyncWebService
  • SimpleAuthWebService

Web Server Configuration

 

To configure WSUS for SSL communication:

  1. Open Internet Information Services (IIS) Manager.
  2. Expand Sites, and select the WSUS administration site (which is often the ‘Default Web Site’).
  3. Click the Bindings action.
  4. Click Add, select HTTPS, and click Edit.
  5. Choose the certificate from the list.
    (Click View to verify the correct certificate was selected, click OK, and then click Close).
  6. Select the APIRemoting30 virtual directory.
  7. Double-click the SSL Settings option.
  8. Enable the Require SSL option and click Apply.
  9. Repeat for the ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService virtual directories.

With the WSUS virtual directories correctly configured, run the following command on the WSUS server to finalize the configuration needed to support SSL:

WSUSUtil.exe configuressl {FQDN.stiteservername}

This utility is located in the Tools folder located within the WSUS installation folder.
(By default, this is folder is C:\Program Files\Update Services\Tools).

 

ConfigMgr Configuration

Under Administration – Overview – Site Configuration – Servers and Site System Roles choose your Software Update Point and select Properties.

Now select the Require SSL communication to the WSUS server.

 

And as visible in the WCM.log we have SSL communication:

SCCM 2012 SP1 and SQL Server

Posted on by
4

Here is an overview of the SQL Server configurations and requirements for supported SQL Server installations for ConfigMgr 2012.

Source: http://technet.microsoft.com/en-us/library/gg682077.aspx

 

Configurations for the SQL Server Site Database

Each System Center 2012 Configuration Manager site database can be installed on either the default instance or a named instance of a SQL Server installation. The SQL Server instance can be co-located with the site system server, or on a remote computer.

When you use a remote SQL Server, the instance of SQL Server used to host the site database can also be configured as a SQL Server failover cluster in a single instance cluster, or a multiple instance configuration. The site database site system role is the only System Center 2012 Configuration Manager site system role supported on an instance of a Windows Server cluster. If you use a SQL Server cluster for the site database, you must add the computer account of the site server to the Local Administrators group of each Windows Server cluster node computer.

Note
SQL Server database mirroring is not supported for the Configuration Manager site database.

 

When you install a secondary site, you can use an existing instance of SQL Server or allow Setup to install and use an instance of SQL Server Express. Whichever option that you choose, SQL Server must be located on the secondary site server. The version of SQL Server Express that Setup installs depends on the version of Configuration Manager that you use:

  • Configuration Manager without a service pack: SQL Server 2008 Express
  • Configuration Manager with SP1: SQL Server 2012 Express

The following table lists the SQL Server versions that are supported by System Center 2012 Configuration Manager.

SQL Server version SQL SP SQL CU ConfigMgr version ConfigMgr Site type
SQL Server 2008

  • Standard (1)
  • Enterprise
  • Datacenter
 SP2 Min CU9
  • ConfigMgr NO SP
  • ConfigMgr SP1
  • CAS
  • Primary
  • Secondary
SP3 Min CU4
  • ConfigMgr NO SP
  • ConfigMgr SP1
  • CAS
  • Primary
  • Secondary
SQL Server 2008 R2

  • Standard (1)
  • Enterprise
  • Datacenter
 SP1 Min CU6
  • ConfigMgr NO SP (2)
  • ConfigMgr SP1
  • CAS
  • Primary
  • Secondary
SP2 NO CU
  • ConfigMgr NO SP (2)
  • ConfigMgr SP1
  • CAS
  • Primary
  • Secondary
SQL Server 2012

  • Standard (1)
  • Enterprise
 NO SP Min CU2
  • ConfigMgr SP1
  • CAS
  • Primary
  • Secondary
SQL Server 2008 R2 Express SP1 Min CU6
  • ConfigMgr NO SP
  • ConfigMgr SP1
  • Secondary
SP2 NO CU
  • ConfigMgr NO SP
  • ConfigMgr SP1
  • Secondary
SQL Server 2012 Express NO SP Min CU2
  • ConfigMgr SP1
  • Secondary

 

  1. When you use SQL Server Standard for the database at the central administration site, the hierarchy can only support up to 50,000 clients. For more information, see Site and Site System Role Scalability.
  2. Configuration Manager with no service pack does not support the site database on any version of a SQL Server 2008 R2 cluster. This includes any service pack version or cumulative update version of SQL Server 2008 R2. With Configuration Manager SP1, the site database is supported on a SQL Server 2008 R2 cluster.

 

SQL Server Requirements

The following are required configurations for each database server with a full SQL Server installation, and on each SQL Server Express installation that you manually configure for secondary sites. You do not have to configure SQL Server Express for a secondary site if SQL Server Express is installed by Configuration Manager.

Configuration More Information
Database collation At each site, both the instance of SQL Server that is used for the site database and the site database must use the following collation: SQL_Latin1_General_CP1_CI_AS.
SQL Server features Only the Database Engine Services feature is required for each site server.

(Configuration Manager database replication does not require the SQL Server replication feature.)
Windows Authentication Configuration Manager requires Windows authentication to validate connections to the database.
SQL Server instance You must use a dedicated instance of SQL Server for each site.
SQL Server memory When you use a database server that is co-located with the site server, limit the memory for SQL Server to 50 to 80 percent of the available addressable system memory.

When you use a dedicated SQL Server, limit the memory for SQL Server to 80 to 90 percent of the available addressable system memory.

Configuration Manager requires SQL Server to reserve a minimum of 8 gigabytes (GB) of memory in the buffer pool used by an instance of SQL Server for the central administration site and primary site and a minimum of 4 gigabytes (GB) for the secondary site. This memory is reserved by using the Minimum server memory setting under Server Memory Options and is configured by using SQL Server Management Studio. For more information about how to set a fixed amount of memory, see How to: Set a Fixed Amount of Memory (SQL Server Management Studio).

 

SQL Server Optional Configuration

The following configurations either support multiple choices or are optional on each database server with a full SQL Server installation.

Configuration More Information
SQL Server service On each database server, you can configure the SQL Server service to run by using a domain local account or the local system account of the computer that is running SQL Server.

  • Use a domain user account as a SQL Server best practice. This kind of account can be more secure than the local system account but might require you to manually register the Service Principle Name (SPN) for the account.
  • Use the local system account of the computer that is running SQL Server to simplify the configuration process. When you use the local system account, Configuration Manager automatically registers the SPN for the SQL Server service. Be aware that using the local system account for the SQL Server service is not a SQL Server best practice.

For information about SQL Server best practices, see the product documentation for the version of Microsoft SQL Server that you are using. For information about SPN configurations for Configuration Manager, see How to Manage the SPN for SQL Server Site Database Servers. For information about how to change the account that is used by the SQL Service, see How to: Change the Service Startup Account for SQL Server (SQL Server Configuration Manager).
SQL Server Reporting Services Required to install a reporting services point that lets you run reports.
SQL Server ports For communication to the SQL Server database engine, and for intersite replication, you can use the default SQL Server port configurations or specify custom ports:

  • Intersite communications use the SQL Server Service Broker, which by default uses port TCP 4022.
  • Intrasite communication between the SQL Server database engine and various Configuration Manager site system roles by default use port TCP 1433. The following site system roles communicate directly with the SQL Server database:
    • Management point
    • SMS Provider computer
    • Reporting Services point
    • Site server

When a SQL Server hosts a database from more than one site, each database must use a separate instance of SQL Server, and each instance must be configured to use a unique set of ports.

 

Configuration Manager does not support dynamic ports. Because SQL Server named instances by default use dynamic ports for connections to the database engine, when you use a named instance, you must manually configure the static port that you want to use for intrasite communication.

 

If you have a firewall enabled on the computer that is running SQL Server, make sure that it is configured to allow the ports that are being used by your deployment and at any locations on the network between computers that communicate with the SQL Server.

For an example of how to configure SQL Server to use a specific port, see How to: Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager) in the SQL Server TechNet library.

Microsoft System Center 2012 Endpoint Protection Cookbook

Posted on by
Reply

Hi,

I have done a book review on the Microsoft System Center 2012 Endpoint Protection Cookbook which I wanted to share with you.

The auther, Andrew Plue, has done a great job on explaining the latest and greatest anti-virus and anti-malware product of Microsoft, Endpoint Protection.

The book was published by Packt Publishing and can be found here!

Microsoft Forefront EndPoint Protection 2010 Cookbook

Microsoft Forefront EndPoint Protection 2010 Cookbook

Have fun with it, I did!

Report Builder 2.0 is not installed as a click-once application on report server – SCCM 2012

Posted on by
Reply

When you click on Monitoring > Reporting and you want to create a new custom report, you could get a prompt with the message that Report Builder 2.0 is not installed as a click once application.

Error custom report - SCCM 2012

Error custom report – SCCM 2012

 

Do not type in the url in to Internet Explorer and start downloading and installing the Report Builder 2.0. Instead do this, because ConfigMgr 2012 has the Report Builder 3.0 application bundled:

  1. Open Regedit
  2. Browse to[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ConfigMgr10\AdminUI\Reporting]
  3. Double click on ReportBuilderApplicationManifestName
  4. Change the Value data from ReportBuilder_2_0_0_0.application to ReportBuilder_3_0_0_0.application
  5. Run the SCCM Console as Administrator
Regedit for Report Builder 3.0

Regedit for Report Builder 3.0

SCCM 2012 – ConfigMgr on a SQL 2008 R2 Named Instance

Posted on by
1

When you install ConfigMgr 2012 on a separate box with a separate SQL 2008 R2 Server in a named instance remember that ConfigMgr cannot handle Dynamic Ports used by SQL!

Furthermore note the prerequisites needed for SQL on a ConfigMgr installation:

  • A dedicated SQL server or Instance for each site with Configmgr 2012.
  • The instance of the SQL Server at each site must use the following collation: SQL_Latin1_General_CP1_CI_AS.
  • For SQL 2008 R2 SP1 Cumulative Update 6 is needed. (You can run the installer with CU4 actually..) NOT Supported though!
  • Set the memory requirements.

Microsoft SQL Server will only set and use the standard port TCP 1433 to the first Default Instance (MSSQLSERVER). The Instances installed afterwards get a dynamic chosen port.

Configmgr 2012 does not support dynamic port for SQL.


SQL ports can be set in the SQL Server Configuration Manager.
Select the name you choose to call the Instance. Then choose TCP/IP.
And for All the IP1, IP2, …   delete the TCP Dynamic Ports   (remove 0)   and set a port number you find appropriate for your environment.

Dynamic Ports:


 

Static Ports:


 

When SQL Service is restarted and firewall ports a opened we can start with the Configmgr Setup.

The SSB Port is the port you have chosen +1.

Based on the name of the Instance, Configmgr will detect the port configured automatically.