Thursday 28 April 2016

Configuration Manager (CB) Upgrades - what you should not do

System Center Configuration Manager landing page

The Configuration Manager Product Group shared this information on our monthly call last night. There was no objection to me publishing it here. I hope you find it useful.

This is a list of things that you absolutely should NOT do in relation to upgrading Configuration Manager (Current Branch) to a newer version. It seems that some IT Pros are being creative in trying to resolve problems and in some cases are making them worse.

So, here we go - #4 is my personal favourite.
  1. Do NOT manually clean up EasySetupPayload folder for CM update that is being downloaded/processed.
  2. Do NOT manually clean up CMU without confirming the correct state and content library for the Easy Setup package.
  3. Do NOT restore the CM database/CM site server if there is an error with CM update (fix the issue and "retry installation").
  4. Do NOT reinstall the Service Connection Point if an update is in progress.
  5. Do NOT use 1602 cd.latest to install a standalone primary site (Note: you can use this method to install a child primary to a 1602 CAS).
  6. Do NOT use 1602 cd.latest to upgrade a 1511 site or R2 SP1 (or earlier) site.
  7. Do NOT manually clean up any CM_Update* tables.
  8. Do NOT restart CMU service during installation.
  9. Do NOT keep the CMUStaging\<Guid> folder open during installation.
  10. Do NOT copy files in CMUStaging.
  11. Do NOT restart SMSEXEC during payload download (dmpdownloader.log shows if the package content is downloading). The Notification can get lost in that scenario.
Microsoft will try to make most of these more resilient in release 1606.

I hope this helps. Until next time......

Friday 8 April 2016

Configuration Manager: in-console upgrade to latest Current Branch

System Center Configuration Manager landing page

As promised, Microsoft have really delivered with the new style in-console upgrade of Configuration Manager. It works seamlessly. I've carried out the upgrade numerous times (both in production and lab) and have only seen minor issues to resolve.

Remember that the first iteration of Configuration Manager was 1511 (released November 2015). Now we have 1602. We've been given many seriously cool new features with this release. For the full list, see What's new in version 1602 of Configuration Manager

The Configuration Manager Team Blog has already provided this summary of the new features.

  • Client Online Status: You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline.
  • Support for SQL Server AlwaysOn Availability Groups: Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database.
  • Windows 10 Device Health Attestation Reporting: You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software.
  • Office 365 Update Management: You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update.
  • New Antimalware Policy Settings: New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan.
  • Windows 10 Servicing: New improvements were added based on your feedback such as filters in servicing plans for upgrades that meet specified criteria, integration with deployment verification and a dialog in Software Center when starting an upgrade.
For Configuration Manager with Intune:
  • Conditional Access for PCs Managed by Configuration Manager: You can now use conditional access capabilities to help secure access to Office 365 and other services on PCs managed with Configuration Manager agent. Conditions that can be used to control access include: Workplace Join, BitLocker, Antimalware, and Software Updates.
  • Windows 10 Conditional Access Enhancements: For Windows 10 devices that are managed through the Intune MDM channel, you can now set and deploy an updated Compliance Policy that includes additional compliance checks and integration with Health Attestation Service.
  • Microsoft Edge Configuration Settings: You can now set and deploy Microsoft Edge settings on Windows 10 devices.
  • Windows 10 Team Support: You can now set and deploy Windows 10 Team configuration settings.
  • Apple Volume Purchase Program (VPP) Support: You can now manage and deploy applications purchased through the Apple Volume Purchase Program for Business portal.
  • iOS App Configuration: You can now create and deploy iOS app configuration policies to dynamically change settings such as server name or port for iOS applications that support these configurations.
  • iOS Activation Lock Management: New capabilities include enabling iOS Activation Lock management, querying for the status, retrieving bypass codes, and performing an Activation Lock bypass on corporate-owned iOS devices.
  • Kiosk Mode for Samsung KNOX Devices: Kiosk mode allows you to lock a managed mobile device to only allow certain apps and features.
  • User Acceptance of Terms and Conditions: You can now see which users have or have not accepted the deployed terms and conditions.
How to Upgrade

Carry out the following tasks before you start (you'll know how to do this by now):
  1. Back up your site
  2. Snapshot the virtual machine
  3. Run TestDBUpgrade
  4. Back up Configuration.mof (it will be overwritten by the upgrade)

Now let's have a look at the upgrade process. Navigate to Administration > Cloud Services > Updates and Servicing.


1602 is available and ready for installation. All subsequent upgrades will also be available here. Note that the upgrades will be cumulative. In the future you will not have to install them all if you don't want to (if you don't need their new features). You can skip a few and install the latest if you wish.


Right click the upgrade and select "Run prerequisite check". This is important to verify that there are no issues before you actually start the upgrade.


The console verifies that Configuration Manager is checking the prerequisites.


Have a look at the CMUpdate.log file. See "Update package will not install as it is marked for prereq check only".


Brilliant. The prerequisite check has not found any issues. So far, in all the upgrades I've done, this has been the case.


Now let's do the upgrade. Choose "Install Update Pack" this time.


The Configuration Manager Updates Wizard is launched. You can see some general information. Click Next to continue.


Some new features are not enabled by default. You can choose to enable them now if you wish. If you don't you can enable them in the console later. I normally just select them all - why not? Make your choices and click Next.


Select your preference for overwriting the Configuration Manager client package. You can overwrite immediately or you can select to have a period of validation first. Continue through the wizard.


Read and accept the license terms.


You're almost there. Confirm the settings on the summary page and click Next to upgrade.


The wizard has completed successfully. This doesn't mean that the upgrade has finished. You've simply started the process.


Monitor the CMUpdate.log for progress.


You can see progress in the Updates and Servicing node.


You can also see progress in the Monitoring > Site Servicing Status node.


Right click the upgrade and select Show Status for more details.


You can see full details of the upgrade steps.


Soon you will see that the upgrade has completed successfully.


Verify that all the components are healthy.


Finally you will get notification that you need to upgrade your consoles. Click OK to install.

That's it. Upgrade has been completed and you can now enjoy the new features. Wasn't that seriously slick and seamless? Remember that this upgrade process will be the same for future in-console upgrades.

I hope this blog post was useful to you. Until next time.....




Friday 1 April 2016

First book published today

I'm very pleased to say that my first book was published today. I wrote "Troubleshooting System Center Configuration Manager" with my co-author @PeterEgerton.


The chapter list is as follows:

  • The Troubleshooting Toolkit
  • Configuration Manager Log Files
  • Troubleshooting Configuration Manager Clients
  • Troubleshooting Hierarchies and site servers
  • Troubleshooting Management Points and Distribution Points
  • Troubleshooting other Configuration Manager roles
  • Troubleshooting Common tasks
  • Disaster Recovery
  • Avoiding Trouble

The book is available on Amazon or directly from Packt website

I hope you enjoy it and it is useful for you.


Great WMUG event yesterday


We had a great event yesterday at Microsoft's fancy new offices in Paddington. My Windows Management User Group colleagues and I delivered a day of sessions with a ConfigMgr and Cloud theme.

The agenda was as follows:


Here are some photographs from the event. Perhaps you'd like to join us next time.


@SCCMentor (Paul Winstanley) talking about High Availability and MP replicas.


Yours truly delivered a session on how to implement on-premise MDM.


@RobMVP discussed ConfigMgr servicing and didn't go off-topic once.......


@SamErskine talked about OMS but warned us in advance that he wouldn't try to impress us.


@MatthewWhite showed us cool management of Windows 10 in the cloud.


@phil2pint finished up the day with an excellent session on content delivery and management.

Check in on WMUG website for details of upcoming events.

Until next time......