Microsoft NDA Confidential
Kenny Buntinx
Principal Consultant
Kenny.Buntinx@Inovativ.be
http://www.inovativ.be
@KennyBunti...
Microsoft NDA Confidential
ConfigMgr 2012 SP1 is a massive upgrade that includes many
new features and subtle changes
 Support for Windows Server 20...
 Expand a stand-alone primary site into a hierarchy that includes a new
central administration site, and the migration of...
 Support for virtual environments that allow multiple virtual applications
to share file system and registry information ...
Here’s a list of things to download:
• The ADK is pretty big – 2.5GB big – so it may take a while to download.
• Latest su...
1. Backup your SUSDB
2. Backup your System Center Configuration Manager DB
 Note that with 2012, a normal SQL Server DB b...
5. Install the latest Windows stability and security updates.
6. Backup ---> Again ?
 In addition to your normal backup l...
8. Uninstall WAIK and install the ADK.
9. Install WMF 3.0
 WMF 3.0 will break your RTM Management Point (MP), so plan on ...
• Ensure hotfix KB2734608 is installed on your WSUS 3.0 SP2 SUP
(Note: Windows Server 2012 includes WSUS 4.0 so this hotfi...
• Additionally, if you have your 2012 hierarchy connected to your 2007
hierarchy for migration purposes, you will temporar...
1. Restart the site servers.
2. Run setup! Follow the wizard.
3. Review the log.
4. Take a break.
 Wait up to 30 minutes ...
1. Perform your standard health checks like reviewing replication, site
status, and component status.
2. Perform a backup....
5. Simply redeploy the default boot images to your PXE enabled DPs and
look if they were successfully updated.
 In genera...
7. Review, test, and update Task Sequences
 Native task sequences have changed a bit in SP1 but you shouldn’t haven’t any...
8. Track ConfigMgr client and WUA upgrade process.
 Using reporting or console queries (not collections).
9. Re-enable yo...
• Software Center
 After upgrade to Configuration Manager SP1, the following Software Center items will be
reset to their...
Post SP1 Hotfixes
• Post SP1 Hotfixes to install
 Cumulative Update 1 for SP1
http://support.microsoft.com/kb/2817245/en-...
Gotcha 1 – Built-in collections
• The built-in collections are overwritten in the site database. If you have
customized a ...
• When you use a Configuration Manager console that is of a lower service
pack version than the site you connect to, the c...
• Using dynamic ports in SQL? You must change them back to static in
order to successfully install SP1 on your SQL instanc...
• Have Secondary sites to upgrade? SQL Server cumulative updates must
be manually installed on secondary sites that use SQ...
• Visit :
 https://kc.mcafee.com/corporate/index?page=content&id=KB76867&actp=search&viewlocale=
en_US&searchid=135790792...
• Using a service account for your “Site System Installation Account”
(rather than the site server’s computer account)?
 ...
• OS Deployments on older hardware may become an issue due to the
fact that SP1 changes from utilizing WAIK (WinPE v3.x) t...
• VMware’s vSphere 4 doesn’t and will not support running Windows 8 and
Windows Server 2012
• Solution : Upgrade your vSph...
• Capturing images with ConfigMgr 2012 SP1, 8dot3name creation is
disabled on all volumes. They changed the default behavi...
• After the upgrade was successfully performed , suddenly all applications within my OSD task
sequence start failing :
 T...
• We found a workaround, you have simply to add a comment to each DT and it will update
the content ID. Nevertheless, the ...
• You get an access denied (hresult of 0×80070005) when downloading the
application content and is clearly denoted in eith...
• For build and capture task sequences, you should also be specifying the
SMSMP public property in the Setup Windows and C...
Reason : You have the following components running in
your environment :
• McAfee Virus Scan Enterprise (VSE) 8.8 Patch 2
...
• Windows 7 Setup.exe install is not supported (but also VISTA , Windows
Server 2008 / 2008 R2) on ConfigMgr 2012 SP1. Wit...
Best ofmms kb_final
Best ofmms kb_final
Best ofmms kb_final
Best ofmms kb_final
Best ofmms kb_final
Best ofmms kb_final
Best ofmms kb_final
Best ofmms kb_final
Best ofmms kb_final
Best ofmms kb_final
Best ofmms kb_final
Upcoming SlideShare
Loading in …5
×

Best ofmms kb_final

671
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
671
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Best ofmms kb_final

  1. 1. Microsoft NDA Confidential Kenny Buntinx Principal Consultant Kenny.Buntinx@Inovativ.be http://www.inovativ.be @KennyBuntinx http://be.linkedin.com/pub/kenny-buntinx/3/639/107 http://scug.be/blogs/sccm
  2. 2. Microsoft NDA Confidential
  3. 3. ConfigMgr 2012 SP1 is a massive upgrade that includes many new features and subtle changes  Support for Windows Server 2012 , Windows 8 and SQL Server 2012 SP1.  Clients are now supported on Mac computers, and on Linux and UNIX servers.  Windows PowerShell cmdlets are available to automate Configuration Manager operations)
  4. 4.  Expand a stand-alone primary site into a hierarchy that includes a new central administration site, and the migration of a Configuration Manager SP1 hierarchy to another Configuration Manager SP1 hierarchy.  Support for multiple software update points for a site to provide automatic redundancy for clients in the same way as you can configure multiple management points.  Client notification to initiate some client operations from the Configuration Manager console.
  5. 5.  Support for virtual environments that allow multiple virtual applications to share file system and registry information instead of running in an isolated space.  Email alert subscriptions are now supported for all features, not just Endpoint Protection. First, make sure you review the official KB and the documents linked there: 2801416.
  6. 6. Here’s a list of things to download: • The ADK is pretty big – 2.5GB big – so it may take a while to download. • Latest supported SQL Server SP • Latest supported SQL Server CU for the latest SP • WMF 3.0 • Latest WSUS 3.0 SP2 hotfix 2734608 - Note that this hotfix includes 2720211. • ConfigMgr SP1 installation files from the media (make sure you downloaded the media after January 25, 2013) Download the ConfigMgr 2012 SP1 pre-requisite files using setupdl.exe from the install media and replicate these to all site servers also for use during setup.
  7. 7. 1. Backup your SUSDB 2. Backup your System Center Configuration Manager DB  Note that with 2012, a normal SQL Server DB backup is sufficient for restoring a ConfigMgr site. The only major difference between a SQL Backup and the site maintenance task is the use of the afterbackup.bat process to initiate additional backup processing. Note that inboxes are discarded for both methods. 3. Upgrade SQL Server to the latest supported SP and Cumulative Update. 4. Resolve any major issues identified in the site status or component status.
  8. 8. 5. Install the latest Windows stability and security updates. 6. Backup ---> Again ?  In addition to your normal backup location, make an extra copy particularly if you are using the built-in task where it overwrites the backup every time. If you don’t and you have an issue, the backup task may overwrite the known good DB and you’ll be toast. 7. Restore a copy of the DB to a test server and test the DB upgrade process using the /TESTDBUPGRADE option.
  9. 9. 8. Uninstall WAIK and install the ADK. 9. Install WMF 3.0  WMF 3.0 will break your RTM Management Point (MP), so plan on doing this shortly before the actual upgrade. Installing WMF 3.0 usually requires a reboot also. 10. Disable your anti-virus product. 11. Disable the “Delete Aged Client Operations site maintenance task” on all sites. 12. Uninstall PCM
  10. 10. • Ensure hotfix KB2734608 is installed on your WSUS 3.0 SP2 SUP (Note: Windows Server 2012 includes WSUS 4.0 so this hotfix is not required). • SUP on a remote server ? Install the hotfix on the site server as well since it has the WSUS admin console installed. This will only present a warning if it’s not installed (it actually states KB2720211, but KB2734608 includes KB2720211) • However, if you upgrade to SP1 without this WSUS hotfix, your SUP will not function properly after the upgrade! Therefore it is highly recommended you install the WSUS hotfix(es) before continuing.
  11. 11. • Additionally, if you have your 2012 hierarchy connected to your 2007 hierarchy for migration purposes, you will temporarily need to click the “Stop Gathering Data” button in the Migration folder in order to install SP1. • When the upgrade is completed, in order to be able to restart the data gathering, you will need to go back into the Source Hierarchy section of the Migration folder, select the hierarchy, and click “Configure”.
  12. 12. 1. Restart the site servers. 2. Run setup! Follow the wizard. 3. Review the log. 4. Take a break.  Wait up to 30 minutes or so for the site components to re-install (watch the sitecomp.log) before proceeding any further with any post-install steps. Sometimes there may be component installation failures or sometimes the re-install of the management point completes but states that a reboot is required (3010 exit code.)
  13. 13. 1. Perform your standard health checks like reviewing replication, site status, and component status. 2. Perform a backup.  Make sure you don’t overwrite any of the previous backups made during the course of upgrading the sites – you may still need them. 3. Perform a functionality check. 4. Re-enable the “Delete Aged Client Operations site maintenance task” on all sites.
  14. 14. 5. Simply redeploy the default boot images to your PXE enabled DPs and look if they were successfully updated.  In general, you should be injecting fewer drivers into your boot images though because they will hopefully already be built in. Also note of course that older systems (6+ years or so) are not Win8 (and thus not WinPE 4.0) compatible and neither are some ATOM processors because of the lack of some processor options. This goes for some versions of VMWare also. There is currently no supported fix or work-around for this – you have been warned. 6. Deploy the updated client agent.  Use the auto-upgrade process was completely re-designed in 2012 SP1 to handle this for any size organization (in fact, they used this at Microsoft to upgrade all 250,000+ clients to SP1).
  15. 15. 7. Review, test, and update Task Sequences  Native task sequences have changed a bit in SP1 but you shouldn’t haven’t any issues with them after the upgrade; however, if you have anything non-native, like MDT in your task sequence, then you will have some work ahead of you. Generally, MDT based task sequences need lots of TLC after the upgrade and many folks just end up recreating them. Also note that MDT 2012 Update 1 had a minor update also to support SP1 so make sure you have the latest version.  That is another reason why I stay away from MDT 
  16. 16. 8. Track ConfigMgr client and WUA upgrade process.  Using reporting or console queries (not collections). 9. Re-enable your Anti-virus product.  Make sure you have all of the recommended exclusions in place before doing this. If you are using SCEP, there are templates built-in.
  17. 17. • Software Center  After upgrade to Configuration Manager SP1, the following Software Center items will be reset to their default values: • Work information is reset to business hours from 5.00am to 10.00pm Monday to Friday. • Computer maintenance is reset to Suspend Software Center activities when my computer is in presentation mode. • Remote control is set to the value configured by the client settings assigned to the computer. • Software update summarization schedules  Custom summarization schedules for SU or SU groups are reset to the default value of 1 hour. After the upgrade completes, reset custom summarization values to the desired frequency.
  18. 18. Post SP1 Hotfixes • Post SP1 Hotfixes to install  Cumulative Update 1 for SP1 http://support.microsoft.com/kb/2817245/en-us  Post CU1 Hotfix - packages getting stuck in “In progress – Waiting for Content” after updating a package to a distribution point http://support.microsoft.com/kb/2828900
  19. 19. Gotcha 1 – Built-in collections • The built-in collections are overwritten in the site database. If you have customized a built-in collection, create a copy of that collection before you upgrade. • This issue occurs because built-in collections are read-only and cannot be changed in System Center 2012 Configuration Manager SP1.  More details in http://support.microsoft.com/kb/2739984.
  20. 20. • When you use a Configuration Manager console that is of a lower service pack version than the site you connect to, the console cannot display or create some objects and information that are available in the new service pack version. • When you use a Configuration Manager console that is of a higher service pack version than the site you connect to, the connection is blocked.  Hint: If you have many administrators connecting to your hierarchy, the ConfigMgr 2012 admin console is a prime candidate for virtualization using App-V v5 – which by the way has no more Q: drive!!!
  21. 21. • Using dynamic ports in SQL? You must change them back to static in order to successfully install SP1 on your SQL instance (this includes secondary sites). Configuration Manager does not support dynamic ports.  For more information refer to http://technet.microsoft.com/en- us/library/gg682077.aspx#BKMK_SupConfigSQLDBconfig  If you aren’t sure how to configure SQL to listen on a specific TCP/IP port, visit http://technet.microsoft.com/library/ms177440.aspx.
  22. 22. • Have Secondary sites to upgrade? SQL Server cumulative updates must be manually installed on secondary sites that use SQL Express.  See http://support.microsoft.com/kb/2688247 for more information. You must update to SQL 2008 R2 SP1 CU6 or SP2 at minimum.
  23. 23. • Visit :  https://kc.mcafee.com/corporate/index?page=content&id=KB76867&actp=search&viewlocale= en_US&searchid=1357907921573  http://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012- configuration-manager-antivirus-exclusions-with-more-details.aspx or prepare to suffer from corrupted boot images or setup failure. There are some additional A/V exclusions that are important to add to insure this doesn’t happen.
  24. 24. • Using a service account for your “Site System Installation Account” (rather than the site server’s computer account)?  There is a known issue if you are using an AD account. The evidence that you are experiencing this issue is your console will have errors on the DP Monitoring stating “Distribution Manager failed to find or create the defined share or volume on distribution…” Your distmgr.log will say things like “Failed to set share security on share serverSMSSIG$. Error = 5” (which is access denied and “Failed to set access security on share SMSSIG$ on server xxx”. • To resolve this issue, change your site server settings back to use the “site server’s computer account” to install the site system, and your DP will successfully install.
  25. 25. • OS Deployments on older hardware may become an issue due to the fact that SP1 changes from utilizing WAIK (WinPE v3.x) to using ADK (WinPE v4.0 – Win8/Server 2012).  If a BIOS update does not resolve it, make sure your PC is Windows 8 compatible or the new WinPE 4 in the ADK will not boot properly. Freezing or blue screens with errors such as “HAL_INITIALIZATION_FAILED”, and “UNSUPPORTED_PROCESSOR” along with a 0x0000005D are the more common symptoms of this.  More importantly, see this blog posting on how to collect NX, PAE, and SSE2 supportability information from your [PowerShell execution capable] clients at http://blogs.technet.com/b/configmgr_geek_speak/archive/2013/03/03/winpe-4-0-boot- images-not-working-with-cpu-s-that-do-not-support-nx-pae-sse2.aspx.
  26. 26. • VMware’s vSphere 4 doesn’t and will not support running Windows 8 and Windows Server 2012 • Solution : Upgrade your vSphere environment to version 5.1 Hyper-V
  27. 27. • Capturing images with ConfigMgr 2012 SP1, 8dot3name creation is disabled on all volumes. They changed the default behavior of the formatting tools in Windows 8. (ADK). • In some environments, certain applications do not work properly. (Almost all Legacy XP Apps that work on Win7).  To manually enable 8.3 naming after formatting, you can use fsutil.exe from the command line: fsutil 8dot3name set x: 0 (where x: is the drive letter to enable 8.3 naming on) More info at : http://scug.be/sccm/2013/01/15/configmgr-2012-sp1-the-8dot3name-settings-are- disabled-on-the-volumes-upon-partitioning-and-formatting-of-the-local-disk/
  28. 28. • After the upgrade was successfully performed , suddenly all applications within my OSD task sequence start failing :  The task sequence failed to install application Intel Management Engine 6.0.40.1215(ScopeId_67A221E3- 64F0-47D4-AA5A-BB3729EC221F/Application_2071f753-7604-42a5-b6be-b1b45c3c1f0a) for action (Install HW Driver Applications for HP8540P) in the group () with exit code 615. The operating system reported error 615: The password provided is too short to meet the policy of your user account. Please choose a longer password.  The task sequence failed to install application NVIDIA Quadro/NVS Mobile Drivers 305.93(ScopeId_67A221E3-64F0-47D4-AA5A-BB3729EC221F/Application_17e0153e-3d4f-467b-a2b3- 68491516b0e1) for action (Install HW Driver Applications for HP8540P) in the group () with exit code 580. The operating system reported error 580: An event pair synchronization operation was performed using the thread specific client/server event pair object, but no event pair object was associated with the thread.  The task sequence failed to install application Synaptics Touch Pad Driver(ScopeId_67A221E3-64F0-47D4- AA5A-BB3729EC221F/Application_a0628bfc-3f06-4096-a001-c1a6c92675ea) for action (Install HW Driver Applications for HP8540P) in the group () with exit code 16389. The operating system reported error 2: The system cannot find the file specified.
  29. 29. • We found a workaround, you have simply to add a comment to each DT and it will update the content ID. Nevertheless, the change means that a redistribution of your application on all your DP’s. • Confirmed with Application Catalog downloads as well. You will see “+++ Did not detect app deployment type”… in the AppDiscovery.log file. Additionally, the Software Center will show the error message “Failed”. Clicking on the details will result in “The software change returned error code 0x87D00607(-2016410105).”  Following the steps above and further discussed at http://scug.be/sccm/2013/01/27/configmgr- 2012-sp1-powershell-script-to-repair-broken-applications-after-upgrading-them-from-rtm/, the application will successfully install.  This is also resolved with an upgrade from SCCM 2012 SP1 RTM to SCCM 2012 SP1 CU1
  30. 30. • You get an access denied (hresult of 0×80070005) when downloading the application content and is clearly denoted in either smsts.log (if the application install is during a task sequence) or CAS.log. • This only happens on client systems in untrusted domains (note that workgroups are essentially untrusted domains); for task sequences, this is of course the case during a build and capture.  Create a deployment tasksequence that install’s the following hotfix : http://support.microsoft.com/kb/2522623/en-us For a build and capture task sequence, simply put the hotfix msu into a “classic” package and use a Software Install task followed by a reboot task before you try to deploy any applications.
  31. 31. • For build and capture task sequences, you should also be specifying the SMSMP public property in the Setup Windows and ConfigMgr task so that the MP can be found. • During a build and capture, the client is in a workgroup and thus has no way to locate the MP which is needed for Application installs as well as Software Updates during the task sequence.
  32. 32. Reason : You have the following components running in your environment : • McAfee Virus Scan Enterprise (VSE) 8.8 Patch 2 • TrendMicro enterprise scan  http://scug.be/sccm/2013/01/14/cm2012-sp1-no- default-boot-images-available-only-finalized-boot- images-are-supported/
  33. 33. • Windows 7 Setup.exe install is not supported (but also VISTA , Windows Server 2008 / 2008 R2) on ConfigMgr 2012 SP1. With SP1, you need to use a WIM installation unless you’re installing Windows 8.  http://technet.microsoft.com/en-us/library/jj591552.aspx#BKMK_WhatsNewSP1_Software • You must add a Set Task Sequence Variable step before the Apply Operating System step that sets OSDPreserveDriveLetter=False if you want to have the WIM file on the c: drive  http://scug.be/sccm/2013/01/13/configmgr-sp1-windows-7-deployment-is-not-supported- anymore-from-the-setup-exe/
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×