System Center 2012 Configuration Manager SP1 Case Studies and Migration Experiences Rodney Jackson Sr. Premier Field Engineer Microsoft
UD-B340
OPENING POINTS
• Aggressive pace for this session• Impossible to cover every possible migration
blocker in granular detail in a one hour session• Opportunity for further discussion• Speaker Q&A Session – Tuesday, April 9th, 5:30-6:30pm –Location- Social Central
• Evaluation following session VERY important
ASSUMPTIONS
• You are new to ConfigMgr 2012 and have not deployed it yet.
• You have attended or/and will review the breakout sessions related to Migration.
• Migration Best Practices from CM07 to CM2012 – UD-B404
• Migrating from CM07 to CM2012 – UD-B316
SETTING EXPECTATIONS • This is not a session on troubleshooting migration or every
single case covered.
• This session is intended for those who recently or are planning to deploy Configuration Manager 2012 into production.
• This is a review of issues that have been reported, discussed, and documented through troubleshooting and/or proactive solutions from engineers in the field and in the premier support line.
Assumptions
• You are familiar with the migration process & tool.
• You are at least running CM 2012 SP1, Windows 2008 R2, SP1 and SQL 2008 R2(with latest Cumulative Update) in your lab.
• You review all the SP1 requirements (AIK, WSUS hotfixes, etc.)
• Apply Cumulative Update 1 for System Center 2012 Configuration Manager SP1 http://support.microsoft.com/kb/2817245/en-us.
Agenda
• Objective• Service Pack 1(SP1) Notes From The Field • Cumulative Update 1(CU1) Notes From The Field• Migration Experiences • Case Studies
Provide information that will help you avoid and isolate any potential problems that can affect downtime during the migration process and general operations.
Session Objectives
Service Pack 1 Notes From The Field1. Review SP1 Links slides- Hidden Slide following this section.
2. Install WMF 3.0 if you are not running Windows Server 2012 http://www.microsoft.com/en-us/download/details.aspx?id=34595. SP1 requires PowerShell 3.0.
3. Uninstall the WAIK. 4. Install ADK (
http://www.microsoft.com/en-us/download/details.aspx?id=30652)
When you run the Windows ADK setup, select the following features: • Deployment Tools• Windows Preinstallation Environment (Windows PE)• User State Migration Tool (USMT)
Service Pack 1 Notes From The Field
5. Install WSUS Patch KB 2734608(Ensure that the CAS, Primary and Remote SUP site systems are patched).
6. SUP/WSUS Ports may be changed to default port if you have custom ports during upgrade.
7. Remove Anti-virus software for Boot Images prior to upgrading.
Service Pack 1 Notes From The Field
8. Prerequisite checker may give warnings if your primary server has remote site (MP, DP, and SUP) in a different domain without trust(like DMZ).
• Warnings will be related to BITS, IIS and Server service.• These warnings are because the account which runs prerequisite
checker doesn’t have proper access on Remote Site Systems.
Cumulative Update 1 (CU1) Notes
• Review http://support.microsoft.com/kb/2817245/en-us
• The CU1 installation will prompt to create several additional packages, one of these is a console package.
• To add the new Powershell CMDLET - Add-CMDistributionPoint you have to install the console package.
• Take a quick look at Neil Peterson’s blog At Long Last - Add-CMDistributionPoint PowerShell CMDLET included in Configuration Manager SP1 CU1
CU1 Package Has To Be Applied To Console
Three Types Of Packages Are Created
Migration Experiences
Migration Components
Prepare For Migration
Experiences During Migration
Experiences AfterMigration
Migration Components• SMS_Migration_Manager Component • MIGMCTRL.LOG• Mmctrl.box• Database Tables and Views
Migration Tables
Migration Views
Prepare For Migration
Hardware Configuration
Software Update Requirements
Data Gathering Requirements
SQL Server Configuration
Agenda
Hardware Requirements
The key factors that limit performance of the overall system include the following, in order:
1. Disk I/O performance2. Available memory3. CPU
System Center 2012 Configuration Manager Hardware used for site roles in Microsoft IT http://blogs.msdn.com/b/shitanshu/archive/2012/04/10/configuration-manager-2012-hardware-configuration-used-in-microsoft-it.aspx
SQL Server Memory Configuration • When you use a database server that is co-located
with the site server, limit the memory for SQL Server to 50 to 80 percent of the available addressable system memory.
• When you use a dedicated SQL Server, limit the memory for SQL Server to 80 to 90 percent of the available addressable system memory.
• Each environment is different, so adjust that percentage until you find the right balance.
CM Requires SQL to reserve 8 GB min
Data Gathering -Permissions• SMS Provider Account: • This account is used to access the SMS
Provider of the source site and requires Read permission to all source site objects.
• Site SQL Server Account: • This account is used to access the SQL
Server database of the source site and requires Read and Execute permissions to the source site database.
• When CM2012 gathers data, the following network protocols and ports are used:
• NetBIOS/SMB – 445 (TCP)• RPC (WMI) - 135 (TCP)• SQL Server - 1433 (TCP)
• Note: You can use a custom port for SQL Server as long as you open the port when connecting.
Port Requirements For Data Gathering
SUP CM07 Catalog Products/Language Must Match CM2012 Prior To Migration
Equal
Equal
Experiences During Migration
Agenda
Permissions OSD NotesTask Sequences
Transfer Objects? Yes/No
Drivers
Agenda
Virtual Applications
Server Shares
Branch Distribution Points
Agenda
Branch Distribution Points
Permission Failure For Data Gathering
Console Permissions
SysAdmin Permission
What Objects Should You Transfer?
OSD CM 2012 SP1 Notes From The Field• CM2012 SP1 does not support deploying Win PE
3.0 boot images. SP1 requires ADK which is based on Win PE 4.0(Windows 8 and higher).
• Win PE 4.0 does not support non-ACPI computers. • CM2012 RTM used Windows AIK and was based on
Win PE 3.0.
OSD CM 2012 SP1 Notes From The FieldSo, how do you continue deploying images to legacy machines?
Option 1
• Use MDT (with WAIK) for machines that are not ACPI compliant computers (example VMWare 4.1 and earlier).
Option 2
• Remain at CM 2012 RTM until you have upgraded your legacy hardware.
OSDPreserveDriveLetter – Set Value
OSDPreserveDriveLetter -Set Drive Letter Variable
OSDPreserveDriveLetter Variable
Task Sequence Notes From Field
• All objects within a task sequence must migrate during the migration or it will fail.
• Trick from the field - duplicate all task sequence you plan to migrate.
• Verify all package and objects within a task can be migrated.
Task Sequence Notes From Field
• Remove any objects from task sequence that cannot migrate and add them in CM2012.
• Task that contain steps from MDT 2010/2012 cannot be migrated using the wizard tool.
Drivers Do Not Migrate -Permissions• Verify you have full permissions to the driver source
folder.
• Check Migctrl.log for similar error:
“SCCM Provider is missing read, write, or delete privilege for the driver package source path.”
Drivers Do Not Migrate -Permissions
• All Drivers MUST be imported to migrate.
• If the trick of pointing a driver package to the source files in a share versus importing the drivers in CM07 was used the drivers will not migrate in CM2012.
• Import drivers in CM2012.
Virtual Application Migration Notes
• Ensure 64-bit clients have AppV 4.6 and higher before upgrading to CM 2012 client.
• CM 2012 SP1 supports 5.0.
• You can migrate a virtual application package by using object migration.
Virtual Application Migration Notes
• You cannot migrate virtual applications by using Previously Migrated Object Migration type.
• If you need to migrate the same Virtual App from your CM07 source side again.
1. Delete the migrated virtual application package from CM 2012>
2. And then create a new migration job to migrate the virtual application.
Upgrading Branch DP Notes• Make sure the site server machine account is in the
local Admin Group of the BDP.
• Uninstall CM2007 client prior to upgrading BDP to CM 2012 DP.
• If site server machine account is not in local Administrators group of BDP and you do not uninstall the CM2007 client prior to upgrading to a CM2012 DP all content will be lost.
Shared DP Eligibility Upgrade Guide
Standalone Co-located with other site roles
Co-located with secondary site server
Standard DP Y N Y
DP on Server Shares
Y N N
*Branch DP Y N N
Planning for Content Deployment During Migration to System Center 2012 Configuration Manager http://technet.microsoft.com/en-us/library/gg712275.aspx
Migrating Content On Server SharesServer Share (+) Secondary Site = Not Eligible
1. Enable the standard DP on the secondary site
server.
2. Redistribute the content to that standard DP.
3. Remove Server Share on Secondary Site.
4. Remove the duplicate site system role.
5. The DP becomes eligible for upgrade.
Redistribute Server Share Content
Step-by-Step
Experiences After Migration
Custom Reports
PXE CacheExpire Setting
Managing CM07 & CM2012 Clients
Client Migration Notes
Source Package Location
Agenda
• CM07 reports cannot be migrated.
• Copy classic reports to SQL Reporting Services in CM07.
• Backup Reporting database.
• Export RDL files.
• Import to CM 2012.
Custom Reports
Migration Options
Option 1: SSRS Report Downloader http://ssrsdownloader.codeplex.com
Option 2: Copying RDL files from one reporting server to the other
Option 3: Report Sync http://code.google.com/p/reportsync/downloads/list (not endorsed by Microsoft).
Custom Reports
• CM2007 clients with App-v must have 4.6 SP1 or later to migrate.
• Clients will resend inventory to new destination hierarchy after migrating.
• Compliance data will be resent to new destination hierarchy.
Client Migration Notes
CM07
• If both CM07/2012 sites are in the same boundaries remove boundaries from CM07 site.
• Configure Advertisement for unreliable network boundary.
Managing CM07 & CM2012 Clients During Migration
CM2012
• Disable Automatic Client Push Installation in CM2012 environment during migration.
• Phase in Client Migration (software deployment, SUP, etc.).
• CM 2012 clients check for site version.
Managing CM07 & CM2012 Clients During Migration
• In CM2007 you could change the CacheExpire setting per KB2019640 to prevent PXE failures within one hour of a previous deployment.
• The CacheExpire setting does not exist by default in CM2012.
PXE CacheExpire Not Set By Default
PXE CacheExpire Value Not Available By Default
• In CM2007 you could modify the registry key HKLM\Software\Microsoft\SMS\PXE\CacheExpire.
• The key does not apply in CM2012 because PXE is integrated with the Distribution Point.
Add CacheExpire Regdword to the Software\Microsoft\SMS\DP registry key.
• Change local package source paths.• Change package source in Configuration Manager
2007 environnent.• Change package source in Configuration Manager
2012 environnent.• Reference Sean Mahoney’s script in note page.
Source Path For Packages
Case Studies
Cases
CM2012 & Server Notes
CM2012 & SQL 2012 Notes
Cannot Read SQL Version
SQL Setup Not Supported
Client Unable To Register with MP
Cases
Cannot Create/Edit Report
CM2012 & SQL 2012 Notes
Software Metering Rejected
App Not Deployed to some users
MP Install fails on Server 2012
Cases
SUM Deployment Not Downloading
CM2012 and Win Server 2012 Notes From The Field• Not supported to upgrade Win2008/Win2008 R2 to
Win Server 2012. Backup/Reinstall/Restore process is supported method. http://technet.microsoft.com/en-us/library/gg712697.aspx#BKMK_RecoverSite
• Windows Server 2012 allows you to leverage WSUS 4.0.
CM2012 and SQL 2012 Notes From The Field• CM 2012 must be on SP1 to support SQL 2012.
• SQL 2012 has better transactional performance and better memory allocation, especially for CLR operations.
• It not recommended to use Dynamic Memory on SQL with virtual machines.
CM2012 Cannot Read SP Version of SQL 2012 SP1
Problem
After installing SQL 2012 SP1 CM2012 ConfigMgrSetup.log fails to read SQL 2012 SP1 version.
ERROR: Failed to get Service Pack version for SQL Server Failed to connect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL registry key for reading on SQL Server [NYC-CFG.LAB.local]. Configuration Manager Setup 3/16/2013 9:51:04 PM 2720 (0x0AA0)
CM2012 Cannot Read SP Version of SQL 2012 SP1Troubleshooting
Notice additional errors:
Failed to connect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL registry key for reading on SQL Server [NYC-CFG.LAB.local]. Configuration Manager Setup
CM2012 Cannot Read SP Version of SQL 2012 SP1
CM2012 Cannot Read SP Version of SQL 2012 SP1Troubleshooting
Notice additional errors:
Failed to connect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL registry key for reading on SQL Server [NYC-CFG.LAB.local]. Configuration Manager Setup
CM2012 Cannot Read SP Version of SQL 2012 SP1
Workaround
• Compared a side by side comparison of SQL 2008 R2 with the SQL 2012 SP1 and the registry keys.
• Added Registry information to SQL 2012 SP1 installation from the ConfigMgrSetup.log:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL
CM2012 Log Produces SQL Version Not Supported
Troubleshooting
After installing SQL 2012 SP1 CM2012 ConfigMgrSetup.log produces SQL Server version is not supported.
CM2012 Setup Media Confusion
Troubleshooting
• This is not the full installation of SP1 for SQL.
• This is an SP1 GDR Setup Update that fixes known Windows Installer issues.
CM2012 Setup Media Confusion
Solution
• This dialog box shows the full SP1 version for SQL 2012. This is the slipstream version.
CM 2012 SP1 client unable to register with MPProblem
• CM2012 SP1 client cannot register with MP.• Client cannot communicate over HTTPS.
Troubleshooting
• Clients binaries are installed successfully. • Clients are getting site assignment.
CM 2012 SP1 client unable to register with MPTroubleshooting
• Clients binaries are installed successfully. • Clients are not getting site assignment nor policies. • Using PKI for more secure environment. • Reviewed IIS logs and it shows error 404. 403.4 SSL
required The request.• Verified HTTPS only is selected for Client
Communication Mode.
CM 2012 SP1 client unable to register with MPTroubleshooting
• Reviewed IIS logs and it shows error 404.
403.4 SSL required The request is made over a nonsecure channel, and the web application requires a Secure Sockets Layer (SSL) connection.
CCM_POST /ccm_system_windowsauth/request - 80 - 10.10.10.10 ccmhttp - 403 4 5 2
Why do we see port 80 and not 443 if this is configured for HTTPS Only?
CM 2012 SP1 client unable to register with MPCause
• Did not use /UsePKICert switch during the client installations. This is required for HTTPS only.
• If they had setup HTTP or HTTPS the client would fallback successfully.
CM 2012 SP1 client unable to register with MPSolution
• Removed the Client and reinstalled with /UsePKICert.
CCMSETUP.EXE /UsePKICert CCMALWAYSINF=1 CCMHOSTNAME=HTTPS://NYC-CFG.Contoso.com SMSSITECODE=CFG
Problem
• After upgrading to CM 2012 SP1 cannot use edit/create report button
Cannot Use Edit/Create Report Button
Troubleshooting
• Reporting Server is SQL 2008 R2 SP1 CU6.• Uninstalled/Reinstalled Reporting Services Point. • Modify registry ReportBuilder value from 2.0 to 3.0. http://
technet.microsoft.com/en-us/library/gg712698.aspx#BKMK_ReportBuilder3
Cannot Use Edit/Create Report Button
Resolution
• Modify Microsoft.ConfigurationManagement.exe.config file and registry.
Cannot Use Edit/Create Report Button
Problem
• The Reports folder is empty after enabling a Reporting Services Point(RSP). Received following error message when click on Create Report.
"At least one report category must exist before a report can be created"
Reports Not Published After Enabling RSP
Troubleshooting
• Verified permissions – Reporting Services CM.• Verified SMS_SRSRP folder and contents exist. • No errors in event logs. • Verified SQL Reporting Services was running. • Verified MSSQL Instance name existed – SQL CM.• Noticed “invalid class” errors and could not
retrieve the reporting services name for instance “MSSQLSERVER” in srsrp.log.
Reports Not Published After Enabling RSP
Resolution
1. Stop WMI services2. Backed up SQLmgmproviderxpsp2up.mof. 3. Verified I had a CM2012 database backup. 4. Compile SQL MOF file from C:\Program Files (x86)\
Microsoft SQL Server\100\Shared\ sqlmgmproviderxpsp2up.mof
Reports Not Published After Enabling RSP
Software Metering Is Rejected Problem
• Software Metering data being rejected swmproc.log:
“Error processing file 09W0XWFR.MUX, file contains bad start or end time value”
Software Metering Is Rejected Troubleshooting
• Software Metering data being rejected• Enabled SQL Tracing
MUX fileBad Entry
Good Entry
Problem
• App deployment to user collection never runs for some users.
• Never shows up as available under software center.
Troubleshooting • App is located on DP. • Boundary is in correct Boundary Group.• Logged on another machine with same user with same
result.
• CM 2012 1 CAS, 3 primary sites, Over 100,000 clients; metering data collected every 5 days.
• A lot of metering rules.
App not deployed to some users
Troubleshooting
• Reviewed IIS logs on DP and noticed HTTP 400 errors.
• Reviewed HTTP 400 - Bad Request (Request Header too long)" error in Internet Information Services (IIS).http://support.microsoft.com/kb/2020943
• Verified AD group membership of user.
App not deployed to some users
Cause
• User is a member of too many AD User Groups.
Resolution
1) Decrease the number of AD groups.OR 2) Modify MaxFieldLength and MaxRequestBytes registry settings on IIS servers. New resolution for problems with Kerberos authentication when users belong to many groups http://support.microsoft.com/kb/327825
App not deployed to some users
Problem
• MP Install fails to get installed on Windows Server 2012• Mpmsi.log shows following failures:
Failed to compile 'D:\Program Files\SMS_CCM\CcmExec_Global.mof' (Phase: 3, Object: 5, Lines: 76 - 83, Error: 80041002)MSI (s) (AC!18) [10:37:11:128]: Product: ConfigMgr Management Point -- Error 25140. Setup was unable to compile the file CcmExec_Global.mofThe error code is 80041002Error 25140. Setup was unable to compile the file CcmExec_Global.mof
CM2012 MP Install Fails On Windows Server 2012
Troubleshooting
• Removed and Reinstalled MP. • Disabled UAC on Server 2012 and Rebooted. • Reviewed Mpmsi.log again and noticed line 76 is failure for
instance CCM_Service_HostingConfiguration with compiled 'D:\Program Files\SMS_CCM\CcmExec.mof‘ error.
• Reviewed the root\CCM class and noticed CM7 client version.
CM2012 MP Install Fails On Windows Server 2012
Checked CCM_Client Namespace
CM07 Client CM2012 Client
Resolution
• Removed the CM07 client. • Remove MP and Reinstall.
CM2012 MP Install Fails On Windows Server 2012
Problem
• Software Update Deployment not downloading on some clients.
Troubleshooting
• Reviewed ContentTransfer.log. • Reviewed LocationServices.log.
SUM Deployment Not Downloading
ContentTransferManager.log:
CCTMJob::UpdateLocations - Received empty location update for CTM Job {D33F82F9-4E52-416A-8439-6909C6C13486} CTM job {D33F82F9-4E52-416A-8439-6909C6C13486} suspended ContentTransferManager
LocationServices.log:
Calling back with empty distribution points list LocationServices
SUM Not Downloading On Some Clients
Cause: Site Server with the DP was not in a Boundary Group
Solution: 1) Add the DP to a boundary group that the client belongs toOR2) In the deployment properties, check the option “Download and install software updates from the fallback content source location”
SUM Deployment Not Downloading
SUM Deployment Not Downloading
Evaluation
Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.
We want to hear from you!
Resources
http://channel9.msdn.com/Events
Access MMS Online to view session recordings after the event.
• I would like to thank the following individuals for their contributions to this sessions either through sample cases, input, review or morale support. Thank You!
Acknowledgements
• Buz Brodin • Neil Peterson • Christine Gerth • Eric Orman • Randy Ivey • Don Brown• Heath Lawson• Ray Rosen
• Sean Mahoney• Rushi Faldu • Nat Bowman• Anzio Breeze• Scott Williams • Frank Rojas• Matthew Grimshaw• Santos Martinez • Oz Messner