Managing Software Updates with SCCM 2007

Environment:

(Hostname)SCCM1: windows Server 2003 R2

(Hostname) DB1 : SQL 2008 Sp2

(Hostname) DC1 : Windows serve 2003 sp2

What all we need?

The SCCM Software updates Point (Role)

The Software Updates Client Agent

Steps involved in Managing Software Updates.

1) Create a deployment Template

2) Create an update List

3) Deploying Update

Scenario:

These days due to the Changing Technology, They are much software produced with have to be updates with Hot fixes, more Often we find that Software Updates released. IT becomes a difficult task to manage these software updates. This is where SCCM plays an Important Role in helping to manage a huge amount of Software updates.

What is the Relationship between SCCM & WSUS?

SCCM is just an extension to WSUS

Everything is handled through the SCCM console

SCCM does not need Group policy Modifications

WSUS does needs Group policy pushed to Clients to point them to WSUS to get the updates

What is the SCCM Software Update Point?

The Software Update Point is a role that is added via SCCM on of the Site Systems.

Microsoft Recommendation:

Install a new and independent WSUS for SCCM.

NO need to run the configuration Wizard after installing WSUS 3.0 SP1

What are the Requirements for Software Update Point ?

1) IIS 6.0 of Higher

2) WSUS 3.0 SP1 or Higher

3) Site System Membership in Local Admin Group

Eg : SCCM1 is a member of DB1 (local Admin Group)

Let’s start:

1) Install WSUS

Select create a WSUS 3.0 sp1 website

2) Install WSUS Software Update Point

Right Click one of the Site Systems (SCCM1)

Select New Roles.

Specify FQDN of the Site System (SCCM1)

Select Software Update Point

If you use a proxy server, mention the same

Select Use this Server as the Active Software Update point.

Specify the port Number

Port Number : 8530

SSL port Number: 8531

3) Synchronize from Microsoft Update, if you have another WSUS server, synchronize with WSUS.

Specify the Synchronization schedule.

Specify the update Classification. (Critical Update, Definition Updates, Service packs)

Specify Specific products Updates to be synchronized. (Office, windows, System Center products)

Specify what language you want the updates in (English)

This will take a long time, I ran all night for me.

Where do I check for Updates that get downloaded?

Under Software Updates.

Update Repository

Log file for WSUS synchronization

Wsyncmgr.log in c:\Program Files\Microsoft Configuration Manager\Logs (Synchronization of WSUS)

wcm.log (Managing the Software update point and association with WSUS.)

How often should a client machine check/Scans itself to check if it needs an update?

Site Managements

Site Settings

Client Agents

Software updates Client agents

Enable Software updates on clients

Specify the schedule

You can specify to enforce all mandatory Deployment.

You can also hide the notification for end users.

Specify the re-evaluation schedule

Whenever you make software changes on client. You would have to wait till those changes are active on the client. This depends on the Polling Schedule Specified in Computer Client Agent Properties (default 60 minutes)

What is a Deployment Template?

Object within SCCM which specified all the settings related to Updates to be pushed.

A deployment Template specifies to what Collection the Update will be applied.

Should users be notified that update are pending

Allow a system restart if necessary, Can a system restart or take place in maintenance window

Suppress SCOM Alerts.

Decide to push update via slow link

Recommended Templates

Workstation-Normal Priority

Workstation-Emergency Priority

Server-Normal Priority

Server-Emergency Priority

How to create Deployment Template

Under Computer Management>Software Updates>Deployment Template

Right click and select new deployment Template

Workstation-normal Priority

Specify the Collections to which it should be applied

Suppress Display for notification

Specify the Deployment Schedule

Specify the restart Settings (Workstation/ Server)

Do you want to create alerts with SCOM. If fails let it Alert

Slow or unreliable link-Download Update.

If you are running a Mixed environment, push updates to SMS 2003 Clients

(Note : Update would be ignored if they do not match the requirement, Eg : Xp update will not apply to vista)

Create an Update List

It Will specify which update would be included in the List

(Eg : out of 50 MS update, we selected only 20)

Now we would have to create a place for these update to reside before they get pushed to Software

Update Point and then we will associate our Deployment Template with the Update List.

Create a Package Source Folder

Create a Share Folder (\\SCCM1\Updates) Computer account Full Control.

Associate Update list with Workstation Normal Priority Deployment Template

Drag updates List to Deployment Template

This will start the Software Update deployment Wizard

Create a new Deployment Package

Specify the Source.

Binary Differential Helps with Minute changes in the package.

Specify the Distribution Point

Download Software updates from the internet

Set a Deadline and Select Wake on LAN if required.

Ignore Maintenance Window

(Note: This will download the Software update to the share we created and then push it to the Software update Point and install it on the Clients)

Has the Software Update Point been Updates?

Go to Computer Management> Software Updates.

Deployment Package Node

Workstation deployment Package.

Distribution Point>Verify the Distribution Point

Software Updates>check the list of software update

Package Status> check the state (should be Installed)

Some Reports For Software Updates

Computer Management >Reporting

Management 1: Updates required but not Deployed.

Management 1: Updates in a deployment

State 1: Enforcement State of a deployment

How does it appear on the Client Side.

You would see Software Update Installation Progress.

What’s on the SCCM Console Results

Go to Computer management> Software updates.

On the Right Pane check the Graph (For office)

It shows 50 % Required and 50% installed

You can check which machines have it installed.

(Note : we Targeted it to Workstation Collections and We also have office 2007 on Servers, so it shows as Required =50%)

Check on update List

Installed Column

Read More »

"Whats new in SCOM 2012"

Removal of root management server

In Operations Manager 2012, all management servers are peers; there is no root management server. The workload is split among all management servers in a management group, which provides high availability without requiring a cluster.

Resource pools

A resource pool provides the ability to distribute workloads across multiple management servers, such as availability, network device monitoring, distributed monitor health rollup, and group calculation.

Agent Configuration

Operations Manager 2012 provides an easy method for configuring agents to report to multiple management servers by adding an Operations Manager Agent application to Control Panel on each agent-managed Windows-based computer.

Operations Console

You will notice some subtle changes to the Operations console. TheActions pane is now the Tasks pane, and includes a new section calledNavigation Tasks that makes it easy for you to open views for a selected object. The Tasks pane offers two tabs: one for actions and one for resources and Help links. The Navigation and Tasks panes can be minimized or expanded instantly by clicking the arrow in the title bar of the pane.

Web console

Operations Manager 2012 introduces a new web console. In Operations Manager 2012, all Operations Manager views are available in the web console.

Network monitoring

Operations Manager 2012 provides the ability to discover and monitor network routers and switches, including the network interfaces and ports on those devices and the virtual LAN (VLAN) that they participate in. You can also delete discovered network devices and prevent the deleted network devices from being rediscovered the next time discovery runs. For more information, see Monitor Network Devices.

Application monitoring

In Operations Manager 2012, you can monitor ASP.NET applications and web services from server- and client-side perspectives to get details about application availability and performance that can help you pinpoint solutions. Allowing you to specify settings, the types of events to collect, the performance goals to measure, and which servers to monitor, Operations Manager 2012 application monitoring provides insight into how web-based applications are running. You can see how frequently a problem is occurring, how a server was performing when a problem occurred, and the chain of events related to the slow request or method that is unreliable. This is the information needed to partner with software developers and database administrators to help ensure that application availability and performance are at optimal levels. For more information, see Monitor an ASP.NET Application.

Dashboard views

Operations Manager 2012 includes new comprehensive dashboard views that combine multiple panels of information into a single view. In Operations Manager 2012, you can add the new dashboard views to My Workspace and the Monitoring workspace.

Display dashboard views using SharePoint

The Operations Manager web part displays specified dashboard views and can be added to Microsoft SharePoint 2010 sites. For more information, see Add a Dashboard View to a SharePoint Site.

Creating dashboard views

Dashboard views have been significantly upgraded in Operations Manager 2012 from their capabilities in Operations Manager 2007 R2, including custom layouts and nested dashboard views. For more information, see Create a Dashboard View.

Operations Manager Module for Windows PowerShell

Operations Manager 2012 provides a Windows PowerShell 2.0 module containing a full set of new cmdlets. The cmdlets in this module are only compatible with Operations Manager 2012. You can recognize the Operations Manager 2012 cmdlets by the "SC" preceding the noun. For additional information about the Operations Manager 2012 cmdlets, open the Operations Manager command shell and type Get-Help about_OpsMgr_WhatsNew. For information about how the Operations Manager 2007 cmdlets map to the Operations Manager 2012 cmdlets, type Get-Help about_OpsMgr_Cmdlet_Names.

To use the Operations Manager 2012 cmdlets, you must establish a connection to an Operations Manager management group. You can establish either a persistent connection in which you can run multiple cmdlets, or a temporary connection when running a single cmdlet. For more information about connections, open the Operations Manager Shell and type Get-Help about_OpsMgr_Connections.

UNIX- and Linux-based computers

In Operations Manager 2012, you can perform privileged operations on UNIX-based and Linux-based computers using unprivileged Run As accounts by combining with “sudo” elevation on the target UNIX-based and Linux-based computers. This capability avoids the need for UNIX or Linux root passwords to be known on the management server, and keeps the privilege control entirely within the domain of the UNIX or Linux administrator. Operations Manager 2012 also includes new Windows PowerShell cmdlets for performing agent maintenance functions on UNIX-based and Linux-based computers, allowing for scripting and background operations. In addition, the resource pool feature supports computers running UNIX and Linux. If a management server fails, another management server in the resource pool can take over the monitoring, providing high availability.

Read More »

SCOM 2012 Deployment -Quick Start

Quick Start Guide for Operations Manager 2012 Beta

Definitions:

• MS - Management Server
• SRS - SQL reporting services

Server Names\Roles:

• OMDB SQL 2008 R2 Database Services, Reporting Services
• OMMS1 Management Server, Web Console server
• OMMS2 Management Server

Windows Server 2008 R2 SP1 Enterprise edition will be installed as the base OS for all platforms. All servers will be a member of the AD domain.

SQL 2008 R2 ENT edition with CU6 will be the base standard for all database and SQL reporting services. (Note: CU6 is not technically required, however it is strongly recommended to always apply the latest CU to SQL when deploying.)

High Level Deployment Process:

1. In AD, create the following accounts and groups, according to your naming convention:

• DOMAIN\OMAA OM Server action account
• DOMAIN\OMDAS OM Config and Data Access service account
• DOMAIN\OMWRITE OM Reporting Write account
• DOMAIN\OMREAD OM Reporting Read account
• DOMAIN\SQLSVC SQL 2008 service account
• DOMAIN\OMAdmins OM Administrators security group

2. Add the “OMAA” account and the “OMDAS” account to the “OMAdmins” global group.

3. Add the domain user accounts for yourself and your team to the “OMAdmins” group.

4. Install Windows Server 2008 R2 SP1 to all server role servers.

5. Install Prerequisites and SQL 2008.

6. Install the Management Server and Database Components

7. Install the Reporting components.

8. Deploy Agents

9. Import Management packs

10. Set up security (roles and run-as accounts)

Prerequisites:

1. Install Windows Server 2008R2 SP1 to all Servers

2. Add the .NET 3.5.1 feature to windows. Use the Server Manager UI, or use PowerShell:

From http://technet.microsoft.com/en-us/library/bb691354.aspx open PowerShell (as an administrator) and run the following:

Import-Module ServerManager

Add-WindowsFeature NET-Framework-Core

3. Install .NET 4.0 to all servers

4. Install the Report Viewer controls to all Management Servers. Install them from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=3841

5. Install all available Windows Updates.

6. Join all servers to domain.

7. Add the “OMAdmins” domain global group to the Local Administrators group on each server.

8. Install IIS on any management server that will also host a web console:

From http://technet.microsoft.com/en-us/library/bb691354.aspx open PowerShell (as an administrator) and run the following:

Import-Module ServerManager

Add-WindowsFeature NET-Framework-Core,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Metabase,Web-Asp-Net,Web-Windows-Auth -Restart

9. Install SQL 2008 R2 to the DB server role

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation > New Installation…
• When prompted for feature selection, install ALL of the following:
• Database Engine Services
• Full-Text Search
• Reporting Services
• Optionally – consider adding the following to ease administration:
• Business Intelligence Development Studio (for custom report development)
• Management Tools – Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic. Click “Use the same account for all SQL Server Services, and input the SQL service account and password we created earlier.
• On the Collation Tab – make sure SQL_Latin1_General_CP1_CI_AS is selected, as that is the ONLY collation supported.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the OMAdmins global group here. This will grant more rights than is required to all OMAdmin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• On the Reporting Services Configuration – choose to install the native mode default configuration. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
• Setup will complete.
• Apply SQL 2008 R2 CU6
• The update is very straightforward. Accept the defaults and update all features. When complete, reboot the SQL server.

Step by step deployment guide:

1. Install the Management Server role on OMMS1. You can also refer to: http://technet.microsoft.com/en-us/library/hh301922.aspx

• Log on using your domain user account that is a member of the OMAdmins group.
• Run Setup.exe
• Click Install
• Accept the license agreement and click Next.
• Select the following, and then click Next:
• Management Server
• Management Console
• Web Console
• Accept or change the default install path and click Next.
• You might see an error from the Prerequisites here. If so – read each error and try to resolve it. Common errors:
• Report Viewer controls are not installed. Install them from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=3841
• ISAPI/ASP.NET errors. This can happen if you install .NET 4.0 as part of your OS build, but then add the IIS role later. Simply run the following command to resolve, from an elevated command prompt: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -i -enable
• On the Proceed with Setup screen – click Next.
• On the Configuration screen – give your management group a name. Don’t use any special or Unicode characters, just simple text. Click Next.
• On the Database Configuration screen, enter in the name of your SQL database server name and instance. In my case this is “OMDB”. Leave the port at default unless you are using a special custom fixed port. If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.
• On the data warehouse database screen, input the servername, instance, and if necessary change path locations as on the previous screen. Click Next.
• On the Web Console screen, choose the default web site, and leave SSL unchecked. Click Next.
• On the Web Console authentication screen, choose Mixed authentication and click Next.
• On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS, DOMAIN\OMREAD, and DOMAIN\OMWRITE accounts we created previously. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation. Click Next.
• Choose Yes to send Customer Experience and Error reports.
• Click Install.
• Close when complete.
• The Management Server will be very busy (CPU) for several minutes after the installation completes. Before continuing it is best to give the Management Server time to complete all post install processes, complete discoveries, configuration, etc. 10 minutes is typically sufficient.

2. Install the second Management Server on OMMS2. You can also refer to: http://technet.microsoft.com/en-us/library/hh284673.aspx

• Log on using your domain user account that is a member of the OMAdmins group.
• Run Setup.exe
• Click Install
• Accept the license agreement and click Next.
• Select the following, and then click Next:
• Management Server
• Management Console
• Accept or change the default install path and click Next.
• Resolve any issues with prerequisites, and click Next.
• Choose “Add a management server to an existing management group” and click Next.
• Input the servername\instance hosting the Ops DB. Select the correct database from the drop down and click Next.
• On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS, DOMAIN\OMREAD, and DOMAIN\OMWRITE accounts we created previously. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation. Click Next.
• Choose Yes to send Customer Experience and Error reports.
• Click Install.
• Close when complete.

3. Install OM12 Reporting on the SQL server. You can also refer to: http://technet.microsoft.com/en-us/library/hh298611.aspx

• Log on using your domain user account that is a member of the OMAdmins group, and has System Administrator (SA) rights over the SQL instances.
• Run Setup.exe. Click Install.
• Accept the license agreement and click Next.
• Select the following, and then click Next:
• Reporting Server
• Accept or change the default install path and click Next.
• Resolve any issues with prerequisites, and click Next.
• Type in the name of a management server, and click Next.
• Choose the correct SQL instance and click Next.
• Enter in the DOMAIN\OMREAD account when prompted. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation. Click Next.
• Choose Yes to send ODR information to Microsoft. This is very important to assist Microsoft in getting good information to help improve the product.
• Click Install.
• Close when complete.

4. Deploy an agent to the SQL DB server.

• This process has not changed from OpsMgr 2007 R2, so you would use the typical mechanism to push or manually install. You can also refer to:http://technet.microsoft.com/en-us/library/hh205985.aspx

5. Import management packs. Also refer to: http://technet.microsoft.com/en-us/library/hh205975.aspx

• Using the console – you can import MP’s using the catalog, or directly importing from disk.
• Import the Base OS and SQL MP’s at a minimum.

6. Create a dashboard view:

• http://technet.microsoft.com/en-us/library/hh227265.aspx

7. Manually grow your Database sizes and configure SQL

• When we installed each database, we used the default of 1GB. This is not a good setting for steady state as our databases will need to grow larger than that very soon. We need to pre-grow these to allow for enough free space for maintenance operations, and to keep from having lots of auto-growth activities which impact performance during normal operations.
• A good rule of thumb for most deployments of OpsMgr is to set the OpsDB to 30GB for the data file and 15GB for the transaction log file. This can be smaller for POC’s but generally you never want to have an OpsDB set less than 10GB/5GB. Setting the transaction log to 50% of the DB size for the OpsDB is a good rule of thumb.
• For the Warehouse – you will need to plan for the space you expect to need using the sizing tools available and pre-size this from time to time so that lots of autogrowths do not occur.

8. Continue with optional activities from the Quick Start guide on TechNet:

• http://technet.microsoft.com/en-us/library/hh205988.aspx

Read More »

SCOM 2012 public beta is available for Download

Here is the Download Link: http://www.microsoft.com/download/en/details.aspx?id=26804

Read More »