SCCM 1702 Upgrade – What to be aware of!

SCCM 1702 is now available under the current branch model. There are some new features that come along with this but also some items to be aware of.

What is be being dropped?

  • SQL Server 2008 R2, for site database servers. This version of SQL Server remains supported when you use a Configuration Manager version prior to version 1702.
    ..
  • Windows Server 2008 R2, for site system servers and most site system roles. This version of Windows remains supported when you use a Configuration Manager version prior to version 1702.
    ..
    Beginning with version 1702, this operating system is not supported for site servers or most site system roles, however versions prior to 1702 continue to support its use. This operating system does remain supported for the state migration point and distribution point site system role (including pull-distribution points, and for PXE and multicast) until deprecation of this support is announced, or this operating system’s extended support period expires.
    ..
  • Windows Server 2008, for site system servers and most site system roles.
    ..
    This operating system is not supported for site servers or site system roles with the exception of the distribution point and pull-distribution point. You can continue to use this operating system as a distribution point until deprecation of this support is announced, or this operating system’s extended support period expires
    ..
  • Windows XP Embedded, as a client operating system. This version of Windows remains supported when you use a Configuration Manager version prior to version 1702.

Be sure to read this extensively: https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/removed-and-deprecated-features

What is coming?

  • Close executable files at the deadline when they would block application installation – If executable files are listed on the Install Behavior tab for a deployment type and the application is deployed to a collection as required, then a more intrusive notification experience is provided to inform the user, and the specified executable files will be closed automatically at the deadline
    ..
  • Support for Windows 10 Creators Update – This version of Configuration Manager now supports the release of upcoming Windows 10 Creators Update
    ..
  • Express files support for Windows 10 Cumulative Update – Configuration Manager now supports Windows 10 Cumulative Update using Express files
  • Customize high-risk deployment warning – You can now customize the Software Center warning when running a high-risk deployment, such as a task sequence to install a new operating system.

As per any upgrade, make sure you check everything and what is supported. Make sure to run the Pre-Req first to start your planning.

SCCM – Server OS upgrade from 2008R2 to 2012R2

I recently completed an OS upgrade of my environment from 2008R2 to 2012R2 on a CAS>Primary Hierarchy. I found the documentation a bit limiting especially post install as without a doubt there are some issues you are bound to run into. So what is a good way going about the process? I broke this up into 3 main steps

  1.  Prepare the OS Drive by cleaning up data (a Windows.Old Directory is stored post upgrade that consumes a lot of space)
  2. The OS upgrade itself. (If using a VM, Snapshot!)
  3. Post upgrade Tasks and remediation

1. Preparation

  • Check Disk space of OS Drive
  • Delete old log files in inetpub.
  • Install desktop experience so that you get the Disk cleanup utility to use post upgrade.
  • If using a static IP, take note of these details as the upgrade will change to DHCP
  • Uninstall WSUS 3.0 SP2
  • Remove the Software Update Point Role from SCCM
  • Stop the SCCM site using Presinst.exe /StopSite (Stopping the CAS server will stop the whole hierarchy)
  • Create a snapshot here if you have a VM

2. OS Upgrade

Just like any OS upgrade, however you are doing it. In this case with a VM the ISO was mounted the the in place upgrade was kicked off.

 

3. Post upgrade:

  • Ensure the Windows Deployment Service is started and running for the following site system roles (this service is stopped during upgrade):
    • Site server
    • Management point
    • Application Catalog web service point
    • Application Catalog website point
    • Ensure the Windows Process Activationand WWW/W3svc services are enabled, set for automatic start, and running for the following site system roles (these services are disabled during upgrade):
  • Site server
  • Management point
  • Application Catalog web service point
  • Application Catalog website point

Ensure each server that hosts a site system role continues to meet all of perquisites for site system roles that run on that server. For example, you might need to reinstall BITS, WSUS, or configure specific settings for IIS.

Below are the common issues I came across and the fix for each.

Application Catalog does not connect

http://blogs.microsoft.co.il/u-btech/2016/05/25/sccm-1602-application-catalog-is-broken-after-windows-server-inplace-upgrade/

After upgrading SCCM OS the application server config point stopped working. This is due to .Net 4.5

Cannot connect to the application server error message below.

When looking in the Site Component node, I could see that the SMS_AWEBSVC_CONTROL_MANAGER possess a warning sign which was in fact a several error notifications with the following description:

After installing .Net framework 4.5.2,  rebooting the server I still had that same error message.

Again, browsing to  http://localhost/CMApplicationCatalogSvc/applicationofferService.svc resulted in providing me a lead to an error in a line (which can be a result of one of my troubleshooting steps before writing these words) fixing a line in the file: “C:\Program Files\SMS_CCM\CMApplicationCatalogSvc\Web.config”

from:

<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix=”HTTP://SCCM.U-BTech.COM:80“/></baseAddressPrefixFilters>
</serviceHostingEnvironment>

To:

<serviceHostingEnvironment>
<baseAddressPrefixFilters><add prefix=”HTTP://SCCM.U-BTech.COM:80″/></baseAddressPrefixFilters>
</serviceHostingEnvironment>

And performing IISReset was the last piece in that puzzle that fortunatly solved the problem.

Console not working Remotely

Post upgrade the WMI permissions get overwritten thus the console does not work remotely any longer.

On the site server launch wmimgmt.msc console.

Then browse to root / SMS and root / SMS / site_[site name]. Add the SMS Admins local group back to both of these, and make sure they have Execute Methods, Provider Write, Enable Account, and Remote Enable allowed.

 

WSUS High CPU/Memory Usage

I also had multiple issues with WSUS 4.0 post upgrade. Most importantly was to patch the OS so that it is current. Also had to apply the steps in my post below to resolve the issue.

IIS w3wp.exe 100% CPU, WSUS and SCCM

Happy Upgrading!!

Weekly News – Microsoft Ignite – Windows Feature Update Size

So this week I am at Microsoft Ignite, only the start of day 2 at the moment but already some useful information. I will add more as the week goes on.

So apart from the heavy talk of cloud, the Desktop Track has some good news. A big focus seems to be around Windows Feature updates and how these will be managed going forward.

At the moment feature packs are huge, the ISO around 3.5GB and SCCM/WSUS deployments using ESD are about 1GB less. They plan to get this even smaller using something called a differential update which allows the client to only download what is required. This somewhat ties into express updates that were just released. The downside of this is that your WSUS/SCCM update point will need a much larger storage repository, these updates will take up to 5 times the storage of what you have now with WSUS so you will need weigh up whether the advantage of smaller updates to clients is worth the extra storage on your WSUS server and also your DP’s.

 

IIS w3wp.exe 100% CPU, WSUS and SCCM

A rather unique issue I came across recently in an environment was with the IIS Worker process w3wp.exe using 100% CPU.

With over 1500 clients you will see the WSUS IIS worker process start to use larger amounts of memory, and what happens when the default memory limit is hit, the CPU on the worker process will max out causing issues and stops WSUS from working.

The way to view the worker processes and current resource utilization is to go to IIS Manager, select the server name and open Worker Processes.

You will see here the utilization.  Make sure you check WCM.log and WSUSCtrl.log for any errors as well.

The recommendation usually is just to increase from the default limit 1843200 to a larger amount such as 4GB 4194304 however I found this didn’t resolve the issue. It is best to set it as so that it has access to the largest amount required.   This alone does not always fix the issue.

See the full  list of instructions below of what to change.

  1. On your WSUS Server, launch the IIS Manager
  2. Open Application Pools
  3. Right click ‘WsusPool’ and select ‘Advanced Settings…’
  4. To support the maximum SCCM Software Update Point clients, change ‘Queue Length’ from the default 1,000 to 25,000
  5. Change ‘”Service Unavailable” Response Type’ from the default HttpLevel to TcpLevel
  6. Change ‘Failure Interval (minutes) from the default 5 to 30
  7. Change ‘Maximum Failures’ from the default 5 to 60
  8. Click ‘OK’ to save the App Pool changes
  9. Open Services.Msc
  10. Go to the logon properties of World Wide Web Publishing Service
  11. Enable Allow Service to interact with desktop
  12. Restart the  World Wide Web Publishing Service 

The pool will use a large amount of memory initially but will start to settle. In this example it consumed around 11GB of RAM and now hovers around 1.0 GB.

If you are running WSUS 3.0 SP2 on Server 2008R2 ensure you have installed:

  • KB2720211
  • KB2734608

If you are running WSUS 4.0 on Server 2012R2 ensure you have installed:

  • KB2919442
  • KB2919355
  • KB3095113
  • KB3159706

This will bring you from version 6.3.9600.16384 to 6.3.9600.18324

For WSUS 4.0 make sure you enable ESD for Windows 10 Servicing after installing the above updates

Open CMD as Administrator and run:
“C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing
The finally restart the WSUS Services

If it is still not working then you are best to start from scratch, remove WSUS, delete your WSUS files, Database, Wsus IIS Site and Worker Process. Ensure your OS is patched, Install WSUS then install the KB’s above. You will probably still need to modify the worker process as well. Restart your server and initiate a sync.

Happy Troubleshooting!

Content Mismatch Warnings on a Distribution Point

You might see content mismatch warnings in SCCM when content validation runs and determines that there is a discrepancy between the expected list of packages in WMI on the distribution point and the packages in the content library. In this scenario, the distribution point status goes into a warning state and the status message returned by the distribution point is listed in the Details pane when you view the status of the distribution point in the Monitoring workspace, Distribution Point Configuration Status node.

To determine which package is causing this mismatch, review the smsdpmon.log file on the distribution point.

Notice the log entries:

CContentDefinition::LibraryPackagesWmi: The package data in WMI is not consistent to PkgLib
CContentDefinition::LibraryPackagesWmi: Package CCA0000A can’t be found in PkgLib

The simplest way to determine the missing package is to view the Content Status  in the Monitoring workspace and search for the package ID by using the search field. After you have found the package ID, you can determine the name of the software.

If the package is not on the site, you must remove the package from WMI on the distribution point. The namespace to connect to is rootsccmdp. The class that contains the list of packages expected is SMS_PackagesInContLib. The simplest way to find the package and remove it from WMI is to run a query on the distribution point such as the following, and then delete the object that is returned.

select * from SMS_PackagesInContLib Where PackageID = ‘CCB00002’

Note: Ensure that you replace the CCB00002 with your own package ID

If the package is on the site, you can update the content on the distribution point to clear the Warning state.

If the error still persists you can use this script to remove the offending packages/applications.

Download the Script from TechNet

 

SCCM Redistributing Multiple items on a distribution point(s)

Like many SCCM admins,  one of the common issues we come across is a distribution point with failed packages. This may occur due to many reasons such as a bad link, corrupt content, disk space etc. just to name a few.

It is rather painstaking though in SCCM that you cannot refresh multiple items from the console, limited to using the distribution point  content in monitoring to refresh by content only and not by distribution point . Luckily though there is a script to do the work for you.

This script checks all packages assigned to a distribution point  and redistributes any packages that have an error status.

To use the script (Download at the end of the post), modify the VBS file to put in your server details in the variable section

‘ The name of the CAS/Primary site server
Public Const CASServerName = “CASorPRIServer”

‘ Which DP to refresh packages for – leave this blank to check ALL DPs
Public Const DPServerName = “DPServer”

Once done open Command Prompt as administrator. Change Directory to where the script it stored and type in cscript DP_Refresh.vbs press Enter

The script will now refresh the DP, you can view the status in the console.

Download Script Here

Welcome

Welcome to my SCCM Blog.

I’m an experienced SCCM Engineer with a broad knowledge specialising in the management of corporate devices with over 14 years IT experience.

With this blog I hope to provide some useful information about problems that I have come across day to day, as well as features and updates.

Stay Tuned!

Matthew Russo