Friday, October 10, 2008
System Center Configuration Manager 2007 for Dummies
System Center Configuration Manager - Software Update
To prepare SCCM for Software Updates
1. First, we have to add a new role to SMSSERVER called the Software Update Management Point.
2. If not already running, on the Start menu, click ConfigMgr Console.
3. The ConfigMgr Console window appears.
4. In the tree pane, expand SMSSERVER, expand Site Management, expand SV4, expand Site Settings, expand Site Systems, and then click \\SMSSERVER.
5. In the Actions pane, click New Roles
6. In the New Site Role Wizard, click Next
7. On the System Role Selection page, select Software update point, then click Next
8. On the Software Update Point page, enter proxy information (if any) to enable access to the Internet.
9. Click Next when done
10. From here on, the setting selected here will correspond to the Options set in WSUS. All changes made here will be automatically reflected in WSUS.
11. On the Active software update point settings page, click on the checkbox next to Use this server as the active software update point to enable it.
12. Also enter port information used by the WSUS server if changes have been made. If not, leave all settings as default.
13. Click Next to continue
14. On the Synchronization schedule page, configure the frequency of synchronization with Microsoft Update or do not enable if manual synchronization is preferred
15. Click Next to continue
16. Select the appropriate Update classifications that you require WSUS to synchronize with.
17. Click Next to continue
18. Next, select the products that you would like WSUS to synchronize with Microsoft Updates
19. Click Next to continue
20. On the Languages page, select all language version of updates that WSUS should download.
21. Click Next to continue
22. After going through the Summary of the configuration, Click Next to continue
23. At this point, the Software Update Point role will be created
24. Click Close
To view SCCM logs
1. Launch a Windows Explorer session and navigate to C:\Program Files\MicrosoftSCCM2007\Logs
2. Open the SUPSetup.log to view it and you should see the installation details of the SUP
3. Notice a line that states:(Parameters: C:\PROGRA~1\MIF5F3~1\bin\i386\ROLESE~1.EXE /install /siteserver:SMSSERVER SMSWSUS)
4. This is the command line operative that SMSSERVER uses to install the Software Update Point
5. A clear giveaway that installation was successful is the last line which states the exact.
6. What has also happen at this point is that SCCM has taken over WSUS and relatively own it.
To configure SUP in SCCM
1. In the SCCM Console tree pane, expand SMSSERVER, expand Site Management, expand SV4, expand Site Settings, expand Site Systems, and then click \\SMSSERVER.
2. You should now notice the ConfigMgr software update point already installed
3. Click on Component Configuration
4. Right-click the Software Update Point Component option and select Properties
5. You will notice that most of the settings here seem familiar from the Wizard during setup of the SUP.
6. Click through the different tabs to look at the settings.
7. REMEMBER, SCCM is now the main owner of WSUS and whatever we configure here will reflect in the WSUS Options
8. Click on the Products tab and then select.
9. Click OK
Install Software Update Point in SCCM
Configure the Windows Update agent GPO:
1. Open a GPO
2. Go to Computer configuration\Windows Components\Windows Update
3. Configure the Configure automatic updates option, Set it to auto download and shedule the install
4. Choose your own schedule
5. Configure the Specify intranet microsoft update service location
6. Configure both options with the value http://wsusserver:80
7. Import the SCCM-2007 adm template:
8. Download the adm template to configure SCCM 2007 client installation command line parameters http://www.blogcastrepository.com/files/folders/documents/entry15469.aspx
9. Open a GPO
10. In Computer Configuration Right-click on Administrative templates
11. Browse to the SCCM-2007 and add the template.
12. Go to Computer configuration\Windows Components\SCCM 2007\Software Update point client installation
13. Configure the command line with the parameters you want.
· SCCM2007_Example="smscachesize=1500 smssitecode=S01 smsfp=FSP01"
To publish the Configuration Manager 2007 client to the WSUS server:
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management /
2. Right-click Software Update Point Client Installation, and click Properties.
3. To enable client installation, select the Enable Software Update Point Client Installation check box.
4. If the client software on the Configuration Manager 2007 site server is newer than that stored on the software update point, the Upgrade Client Package Version dialog box will open. You should click Yes in this dialog box to publish the most recent version of the client software to he software update point.
5. To finish configuring the software update point client installation, click OK.
To configure SCCM Client Agents
1. If not already running, on the Start menu, click ConfigMgr Console.
2. The ConfigMgr Console window appears.
3. In the tree pane, expand SMSSERVER, expand Site Management, expand SV4, expand Site Settings, and then click on Client Agents.
4. In the results pane, right-click the Software Updates Client Agent and select Properties
5. In the Software Updates Client Agent Properties dialog box, you should see three tabs.
6. Ensure that Enable Software Updates on clients is selected.
7. Click on the Update Installation tab.
8. This is a setting for mandatory updates
9. Click on the Deployment Re-Evaluation
10. Select how long you would like the Client Agent to re-evaluate itself for software updates. The default is 7 days. For testing purposes you may want to reduce this setting
To look at Inventory Updates
1. Expand the Software Updates container.
2. You will notice 5 nodes under the container.
3. The way SCCM works with regards to software updates is different than SMS2003. Although essentially patches are deployed via a software distribution model, it no longer ties itself to the Software Distribution Feature per say.
4. Click on the Updates Repository. This is where you will find the complete inventory of updates that is synchronized with WSUS.
5. Right-click Updates Repository and select Run Synchronization. This will initiate an action to pull all the updates from the WSUS database
6. To verify synchronization is taking place, navigate to the C:\Program Files\MicrosoftSCCM2007\Logs folder and launch the wsyncmgr.log
7. Look for a line that states Found local sync request in site control file (You can pause the SMSTrace utility to hold your log place)
8. Let’s look at the Site Control File.
9. In a Windows Explorer session, navigate to C:\Program Files\ MicrosoftSCCM2007\inboxes\sitectrl.box
10. Open the sitectrl.ct0 file with Notepad
11. Once the file is opened, Click on the Edit menu and select Find and key in WSUS and then click FIND NEXT.
12. Click Find Next until you find a section in the file that looks similar to this:
BEGIN_COMPONENT
SMS_WSUS_SYNC_MANAGER>
6>
SMSSERVER> PROPERTY Sync Schedule><><><0>
PROPERTY Sync Retry Intercal><><><60>
13. This section of the Site Control File controls the synchronization of SCCM with the WSUS Server
· Notice a setting that states PROPERTY
To deploy updates
1. Select an update that you would like to deploy, right-click it and select Deploy Software Updates
2. The Deploy Software Updates Wizard should appear
3. First, key in a name that you would like to identify this deployment, then click Next
4. On the Deployment Templates page, select Create a new deployment definition.
5. Deployment Templates are essentially pre-defined settings that you can re-use. This is to save time and the number of clicks needed to complete the tasks if you should have setting which can be re-used on to other deployment scenarios.
6. Click Next to continue.
7. On the Collection page, Browse and select a Collection that you would like to deploy to.
8. Click OK to accept it.
9. Then, Click Next to continue.
10. In the Display/Time Settings, configure how you want display notifications and time sync options. For the purpose of this exercise, select Allow display notifications on clients and Client Local Time.
11. The final setting on this page is important. This setting denotes the timeline when the software update will become mandatory and forced to install. When the time you advertise the package, it will not automatically install until the duration specified here. So if you want updates to apply IMMEDIATELY, set this to 0 weeks.
12. Click Next to continue.
13. On the Restart Settings page, configure whether you would like to suppress the restarts. For the purpose of this exercise, suppress Servers and Workstations by selecting the check boxes.
14. Click Next to continue.
15. On the Event Generation page, select Create Windows event for software update installation failure to have events written into the Event logs.
16. Click Next to continue.
17. On the Update Binary Download page, select how you want clients to react to distribution points. Select Download software updates from distribution point and install for both settings
18. Click Next to continue.
19. On the Create Template page, specify whether you would like to save the settings you had selected earlier as a template for re-use at a later time. For the purpose of this exercise, key-in
20. Click Next to continue.
21. The Deployment Package page is where you would specify the installation files that will be available to clients. Select Create a new deployment package.
22. At this point of time, you have to create a shared folder on the SMSSERVER. This is the folder SMS Clients will poll the updates from.
23. Navigate back to the Deploy Software Updates Wizard
24. On the Deployment Package page, enter the name.
25. Enter \\SMSSERVER\location in the Package Source box, then click Browse to check its path
26. Click Next to continue.
27. On the Distribution Points page, click Browse and select a Distribution point. Select SMSSERVER and click OK.
28. Click Next to continue.
29. Click Next to continue.
30. Select the update language Click Next to continue.
31. In the Deployment Schedule, select when the updates should be made available. Select As soon as possible.
32. Notice that the deadline for software installation is 2 weeks from the deployment date which was the setting chosen during the Deployment Template
33. Click Next to continue.
34. Do not enable NAP Evaluation for this exercise
35. Click Next to continue.
36. Click Next on the Summary page to begin the process.
37. Once done, a Successful message will appear. Click Close.
To verify the update packages
1. Launch a Windows Explorer session and navigate to \\smsserver\location
2. You should now see the update installer present in the folder
3. Let’s check the log files.
4. Navigate to C:\SMS_CCM\Logs\ and launch the PatchDownloader.log
5. Look for a line that starts with …
6. Download destination = \\smsserver\location\a213789.. (this set of numbers is the Unique patch ID and it is significant for tracking the updates through the logs on the client side.)
7. You should notice the other entries signifying downloading and successful creation.
8. Now, navigate back to the ConfigMgr Console
9. Expand Software Updates and click on Deployment Management.
· Note You may have to Refresh to see the Updates
10. Right-click
11. Go through the different tabs. You will notice that these are all the setting which was configured through the wizard. You may change these settings at any time.
12. Click Cancel
13. Under the
14. Click on Deployment Templates.
· Note You may have to Refresh to see the Templates
15. Right-click
16. This is the setting which was saved during the wizard and can be modified here.
17. Click on the Deployment Packages
· Note You may have to Refresh to see the Packages
18. Right-click
19. Browse through the tabs
20. Under the
To view the process from the client side
· Note: Perform the following on the SMS Client, WINXP2
1. Launch Control Panel and double-click on Systems Management
2. Click on the Actions tab.
3. Select the Software Updates Evaluation Cycle and click Initiate Action
4. Launch a Windows Explorer session and navigate to C:\WINDOWS\System32\CCM\Logs
5. Open the smscliui.log. Notice the last line verifying that a Software Updates Assignments Evaluation cycle was triggered.
6. Navigate to C:\WINDOWS\System32\CCM\Logs and open the UpdateDeployment.log
7. Notice the last couple of lines.
· Message received: …. (denotes a message received to initiate cycle)
8. Then…
· Removing scan history… (denotes the removal of previous scans)
9. Then…
· Starting updates assignments… (denotes the start of a scan)
10. Then…
· No updates assigned.. (denotes the end of the process)
· Note The Software Updates Evaluation Cycle does not actually perform an evaluation on what the SCCM Client is lacking but rather compares with an assignment from the SCCM. At the moment, there is no assignment from the SCCM there fore, no comparison is done.
11. Now, in the Systems Management Control Panel dialog box, click on the Actions tab and select Update Source Scan Cycle, then click Initiate Action.
12. Launch a Windows Explorer session and navigate to C:\WINDOWS\System32\CCM\Logs
13. Open the ScanAgent.log
14. Notice the line that says: ***WSUSLocationUpdate received for location…. (denotes the start of scanning by WSUS)
15. Then…
· ScanJob completed. (denotes Scan completed)
· Note: The Update Source Scan Cycle is essentially the manual scanning Trigger.
To view the process from the SCCM
Note: Perform the following on the SCCM Site Server, SMSSERVER
1. Go to the SCCM Admin Console and expand Software Updates, then Refresh the Update Repository.
2. Expand the Update Repository, then expand Security Updates followed by Microsoft.
3. Click on Windows XP
4. Notice the columns are now updated with the recent scan results. Denoting clients that would need the updates and those that do not. It also states what percentage of compliancy are the computers on the network.
To modify the Deployment Update
Note: Perform the following on the SCCM Site Server, SMSSERVER
1. Earlier, we targeted our software update to the All Mobile Devices Collection so that the updates will not be deployed. We need to change that now
2. In the ConfigMgr Console, expand Software Updates, then expand Deployment Management.
3. Right-click
4. Click on the Collection tab, then click on the Browse button.
5. Select All System, then click OK
6. Click OK on the
Note: Perform the following on the SCCM Client
1. Go to the Control Panel and launch the Systems Management option.
2. Click on the Actions tab and select Machine Policy Retrieval & Evaluation Cycle.
3. This will trigger the download of new policies and will initiate the advertised security update
· Note: You may have to wait a couple of minutes to see the advertised program
4. A pop up should appear from the tray area denoting that there is a new software update waiting to be installed.
5. Click on the balloon to launch the Available Software Updates dialog box
6. There should be information about the KB885836 security update that was configured earlier to be deployed. Click Install
just my 2cents at 11:20 PM |
0 Comments:
Post a Comment
<< Home