DirectAccess deployment in a LAB on 2012 R2

Similar Messages

• WSUS 3.2 work on Win2008 R2, how to use it deploy MS patch for Win 2012 ?

  WSUS 3.2 work on Win2008 R2, how to use it deploy MS patch for Win 2012 ?
  I have installed KB2734608, but when I search MS13-101 , no patch for Win 2012.
  Can you help me resolve this problem ?
  Thanks

  On Thu, 10 Apr 2014 06:01:48 +0000, fujitsu08 wrote:
  WSUS 3.2 work on Win2008 R2, how to use it deploy MS patch for Win 2012 ?
  WSUS has its own, dedicated forum where the WSUS experts answer questions.
  You should repost your question here:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverwsus
  Paul Adare - FIM CM MVP
  Aibohphobia: n. Fear of Palindromes

• How to deploy .msp files through SCCM 2012

  Team,
  Can you please help me to deploy .msp files through SCCM 2012?
  Regards,
  Mahadev Nitture

  I tried to search and got few things but didn't understand to proceed with.
  Please help me with this.
  Regards,
  Mahadev Nitture
  You can use a typical/standard application deployment method (just a minor change because of MSPfile).
  Here are some guides, for typical application deployment:
  http://technet.microsoft.com/en-us/library/gg682159.aspx
  http://www.gerryhampsoncm.blogspot.ie/2013/03/sccm-2012-sp1-step-by-step-guide-part_7075.html
  Familiarise yourself with these methods, then return to the example suggested by Torsten for specific steps for MSP:
  https://social.technet.microsoft.com/Forums/en-US/3dac27fd-ce4f-4d3d-946b-d08d4c7f5af5/best-way-to-deploy-an-msp?forum=configmanagerapps
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Deploy Java Updates using SCCM 2012 SP1 and SCUP 2011

  What is the best way to deploy Java updates using sccm 2012 SP1 and SCUP 2011?

  I didn´t find Kent´s blog useful when talking about Java. I can deploy Adobe products fine, but I have to import Java manually because not having Shavlik certificate. So with that said, I have the fallowing problem;
  I have full offline installer unpacked, .msi file and Data1.cab. When I´m importing these binaries to SCUP, I only can point to .msi. Doing that, installation fails in client side fails because of lack of data1.cab fine, which is the main file.
  Should I use some other downloaded files of Java? I couldn´t find any Java-update-file only type of files to download.

• DirectAccess easy-quick-short lab ?

  Hi
  I'm learning for MCTS 70-642 exam and I’m trying to be hands-on in Direct Access. I'm using 2008R2 and Win7 VMs on VmWare. I did deploy DirectAccess at least 10 times. At every trial, I struggled a lot for troubleshooting
  ; and it worked only couple of times.
   I did use very good labs ; but, often, they are little bit long and confusing :
   - http://www.microsoft.com/en-us/download/details.aspx?id=24144
  - The lab in the MS Press book "Self-Paced-Training-Exam-70-642-Infrastructure".
   I'm tryning to find a quick and short lab for making work the most basic functionnalities of DirectAccess ; with, only, the following components :
   - AD corporate domain with the following computers joined to it : DC1, DA-SERVER, WIN7-MEMBER-CLIENT, 2008R2-MEMBER-SERVER.
  - NLS and AD CS are deployed on Domain Controller (DC1).
  - Computer certificates are auto-enrolled on all computers.
  - Web Server certificate is deployed on DC1 only (for NLS).
  - 6to4 must be the only tunnelling protocol used on clients. Setting public Ipv4 addresses must automatically activate 6to4.
  - IP-HTTPS certificates or settings are not configured.
  - CRLs are note configured (for AD, it is not necessary).
  QUESTIONS :
  Could DirectAccess work with that limited infrastructure ?
  Anybody could help me build that easy-quick-short lab in VMs ?

  On Tue, 25 Mar 2014 11:26:56 +0000, kayoumt wrote:
  Could DirectAccess work with that limited infrastructure ?
  DirectAccess questions should be posted to:
  http://social.technet.microsoft.com/Forums/forefront/en-US/home?forum=forefrontedgeiag
  Paul Adare - FIM CM MVP
  I have the diesel-powered Plonkulator warmed up. -- rone

• DirectAccess easy-quick-short lab with VMs ?

  Hi.
  I'm learning for MCTS 70-642 exam and I’m trying to be hands-on in Direct Access. I'm using 2008R2 and Win7 VMs on VmWare. I did deploy DirectAccess at least 10 times. At every trial, I struggled a lot for troubleshooting
  ; and it worked only couple of times.
  I did use very good labs ; but, often, they are little bit long and confusing :
  - http://www.microsoft.com/en-us/download/details.aspx?id=24144
  - The lab in the MS Press book "Self-Paced-Training-Exam-70-642-Infrastructure".
  I'm tryning to find a quick and short lab for making work the most basic functionnalities of DirectAccess ; with, only, the following components :
   - AD corporate domain with the following computers joined to it : DC1, DA-SERVER, WIN7-MEMBER-CLIENT, 2008R2-MEMBER-SERVER.
  - NLS and AD CS are deployed on Domain Controller (DC1).
  - Computer certificates are auto-enrolled on all computers.
  - Web Server certificate is deployed on DC1 only (for NLS).
  - 6to4 must be the only tunnelling protocol used on clients. Setting public Ipv4 addresses must automatically activate 6to4.
  - IP-HTTPS certificates or settings are not configured.
  - CRLs are note configured (for AD, it is not necessary).
   QUESTIONS :
   Could DirectAccess work with that limited infrastructure ?
  Anybody could help me build that easy-quick-short lab in VMs ?

  Hi BenoitS,
  1) My DirectAccess server is configured with 2 NICs : 1 internal (corpo) and 1 public (internet). The public NIC is configured with two consecutive addresses (131.107.0.1, 131.107.0.2).
  2) When all computers (including the DA Server) are intially joined to the domain (inside corpo), they auto-enroll Computer certificate in their Computer store. That certificate is used for IPSEC.
  3) As I said in my first post ; I want to keep things basic. All I want to configure on the DA server is : the DirectAccess application and an auto-enrolled Computer certificate for IPSEC. No DNS, no IIS, no AD CS, no NLS, ... on that server.
  4) I do no want to configure IPHTTPS. Because, I'm avoiding to install IIS on DA Server. I'm also avoiding to install a certificate and to configure a CRL for IPHTTPS.
  5) To keep things basic, I think 6to4 is a good option. I learnt that 6t04 configures automatically when you configure a public Ipv4 address on Win7. And it does. It does it automatically both on client and DA Server sides.
  6) All the infrastructure is running on the DC : DNS, AD CS, IIS, NLS, ...
  7) IPSEC is required by DirectAccess. I think, that's why it is important to install computer certificates on DA and on all clients. Could the computer certificates auto-enrolled by AD CS (inside corpo) be used when clients are communicating by internet
  (outside corpo) ? I have no idea.
  Back again to my question : Is that minimal configuration supposed to work ?

• Windows 8.1 clients are not detecting updates deployed to them through SCCM 2012 R2

  Hello, 
  We are using SCCM 2012 R2 to deploy software updates. 
  On Windows 8.1 SCCM does not show certain updates as being needed and isn't deploying them to the clients even though Windows Update will show them as high importance. These same updates are being detected and deployed to Windows 8 clients successfully.
  I believe that the update catalog that WSUS uses may have some incorrect detection rules for the following updates:  
  2917933
  2913320
  2913270
  2913152
  2909569
  2904440
  2904266
  2903939
  2899189 
  2893984
  2893294
  2892074
  2916626
  2898785
  My automatic deployment rules include Windows 8.1 in the product category. I have even created a standalone rule for Windows 8.1 that builds a new package and the behavior is the same. 
  We only have a handful of Windows 8+ clients so this hasn't been a big issue but others may want to keep an eye out. 

  I am also running into this issue.  After "checking online for updates" on one of my machines in office I found that there were 21 important updates for my 8.1 box.  When I cross reference them in SCCM under All Software Updates, it appears these
  8.1 updates are not listed.  They are however listed for all other OS.  
  10 seconds after typing this, I went in to verify my WSUS ->  Products and Classifications settings and come to find 8.1 and 2012 R2 weren't selected, even though it's an option in SCCM.  Go figure!  This wasn't the end though.  After
  running a Synchronization, my issue still wasn't resolved.  Went back to check my settings and they again were changed back to having these OS unchecked.  Finally, a solution!  I found that in SCCM, under Administration tab, Site Configuration
  > Sites > ABC - Mysitename, right click and scroll down to "Configure Site Components" > Software Update Point.  This setting (although the same as is in WSUS) takes precedence, thus was rolling my settings back to the original configuration
  in WSUS.
  So long story short, even though my automatic deployment rules stated approve all windows 7/8/8.1 criticals/importants, 8.1 was getting skipped for the most part because my WSUS server wasn't syncing with Microsoft for all of the updates I required.  I
  did have a couple of updates that squeezed through because they were categorized as "Security Updates for Windows 8, 8.1".
  Not sure if this is the solution you were looking for, but your thread got me started in the right direction, hopefully this response helps in the same way!
  Thanks!

• Deploying iTunes in lab environments campuswide

  We are creating an iTunes U page for our institution (small college), but my question involves the deployment of iTunes across our campus. What is the best, most streamlined method for deploying and using iTunes over a campus network that has migrating user profiles?
  We have several lab environments in which students would access iTunes, and we want to minimize the issues involving storage limits with migrating profiles, when any particular user will login to access iTunes from any particular workstation. Specifically, what would be the profile ramifications from accessing the user agreement to syncing their devices? Furthermore, we are mostly a Windows-based campus, so we're looking for any additional caveats that might occur.
  Any thoughts, suggestions or references would be greatly appreciated.

  We are creating an iTunes U page for our institution (small college), but my question involves the deployment of iTunes across our campus. What is the best, most streamlined method for deploying and using iTunes over a campus network that has migrating user profiles?
  We have several lab environments in which students would access iTunes, and we want to minimize the issues involving storage limits with migrating profiles, when any particular user will login to access iTunes from any particular workstation. Specifically, what would be the profile ramifications from accessing the user agreement to syncing their devices? Furthermore, we are mostly a Windows-based campus, so we're looking for any additional caveats that might occur.
  Any thoughts, suggestions or references would be greatly appreciated.

• Windows 8 App Deployment in School Lab environment?

  After doing some reading and research on Windows 8 Store app deployment from sources like
  http://www.microsoft.com/en-us/download/details.aspx?id=39685 and this forum and I am getting pretty depressed.  Here is one part of my scenario which is pretty simple I think.
  Lab of 20 Dell 3011 AIO Touchscreens that were depoyed with Win8Ent via MDT2012U1.  For simplicity I will talk about a subset of my problem.  I have 3 classes of Kindergartners who use the lab.  The students aren't capable of really logging
  in themselves so the teacher logs them all in to a shared account for each class since all they do is web / app stuff.  I don't want to create 60 accounts for this young of kids since they can't handle the process anyway.
  Here is my understanding of what I would have to do if I wanted to install Fresh Paint (a great free app) for all the students to use.
  1.  Create a minimum of 4 Microsoft accounts due to device limits of store app install.
  2.  Assign / attach those Microsoft accounts to specific lab machines (while logged in as each shared student account).
  3.  Login to each of my 20 lab machines as each of the 3 share accounts (which can't have roaming profile since Windows <-> Microsoft account association now needs to be unique).  This would be a minimum of 60 individual logins for this one
  app and one grade.
  4.  Install the app on a per user / per device basis.
  5.  Potentially repeat process any time an update is released since the students can't handle it themselves.
  I think this is the majority of the process, am I leaving any important steps or details out?  This sounds like it would be HOURS of work to install ONE app for ONE grade.  I could potentially need 5-10 unique apps per grade.
  This just isn't feasible on any type of scale.  Even this limited amount of devices / users is overkill when dealing with users who are to young to maintain their own devices or exist in lab environment.  In reading the doc refrenced above it doesn't
  seem like there is a solution for this offered by MDT, SCCM or Intune?  Please tell me I am missing the magic deploy button?  Also I don't even want to begin to think about apps that aren't free and managing that.
  Thanks for any helpful info.
  Brian Hoyt

  In reading the doc refrenced above it doesn't seem like there is a solution for this offered by MDT, SCCM or Intune?  Please tell me I am missing the magic deploy button? 
  No, you're not missing the magic deploy button :(
  If a Windows Store App (aka Modern UI app aka Metro App) is offered via the Windows Store, and not offered directly by the application developer, the only legitimate way to get that app is via the Store, and that requires an MS account.
  ConfigMgr offers two "deployment" methods;
  a) deep-link into the web-based Windows Store. The logged-on user must have an MS account and use that account to authenticate to the store. even if the app is free.
  b) sideload. requires the appx installation package.
  There are some other suggestions, but they are unsupported, and rather complicated:
  http://social.technet.microsoft.com/Forums/windows/en-US/763dc3d6-8dd2-4157-8f49-159f0826e97a/install-windows-store-apps-to-all-users-or-where-to-get-the-appx
  http://social.technet.microsoft.com/Forums/windows/en-US/04dd1938-a558-4cbe-ba70-b89d2d1eb95c/windows-apps-offline-download-and-install
  http://social.technet.microsoft.com/Forums/windows/en-US/72ccc40d-76aa-4325-92ae-27386b424e0f/sideloading-applications#bddbcd7f-fec3-4132-b573-b5e3d1aef57f
  http://social.technet.microsoft.com/Forums/windows/en-US/b7574287-d134-4a74-b227-f3dd793ab46b/download-appx-package#64745402-2254-4760-bc1f-f7483fc49d35
  The last time I spoke with our MS contacts (deployment engineers @ MS), even those guys can't get the MS free apps to sideload.
  All the documentation around sideloading appears to be catering for situations where a company has developed that app themselves, or, has commissioned a developer to create a custom app for the company.
  Apps which are offered via the Store, seem to only be available via the store. I'm not sure if there is some kind of contractual obligation with MS which demands this? (i.e. in the store means no distribution via other means?)
  At this time there are no options to federate an on-premises AD to the Store either. Which would be a nice option, even if it limited the user to free apps.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• SCCM 2012 : Deploying System Center Configuration Manager 2012, Required Desinging Help.

  Hi,
  I required some one to help designing an SCCM 2012 Solution. I dont have any knowledge on Design Part,  This is my first deployment
  My goal: Interconnect 3 remote offices and  The infrastructure is as follows:
   Primary Site Server ( HQ )    : 1000 users
   Secondary Site ( Location1) : 2000 Users
   Secondary Site ( Location2) : 2000 Users
  Link Between Primary and Secondary Sites : 8 MBPS MPLS link
  Database will be installed on a remote SQL 2012 Server.
  Please let me know is there any tool to generate Design document.
  If possible please design and put the Image on the blog.

  Why using a remote SQL server? I'd install it locally. There is no tool available.
  Just make sure that you are using a standalone primary site (therefore no CAS) and place a secondary at location 1 and 2.
  Torsten Meringer | http://www.mssccmfaq.de

• DB Deploy to Azure from SSMS 2012 keeps failing

  I have been attempting to deploy an existing test db from my local SQL Server 2012 instance (LocalDb) to azure using the SSMS 2012 Deploy to Azure tool.  I keep getting this error:
  I assume there is something wrong with the Azure user permissions not allowing the user creation?  If so, how I fix.  if not, what else should I check?
  Simon.

  Hi Simon,
  Please refer to the following statement to query the database user and role:
  select m.name as Member, r.name as Role
  from sys.database_role_members
  inner join sys.database_principals m on sys.database_role_members.member_principal_id = m.principal_id
  inner join sys.database_principals r on sys.database_role_members.role_principal_id = r.principal_id
  Regards,
  Fanny Liu
  If you have any feedback on our support, please click here.
  Fanny Liu
  TechNet Community Support

• Windows Assessment and Deployment Kit (ADK) for Windows 2012 Server

  Hi
  I need to download Windows ADK for Windows 2012 Server. The link mentioned on microsoft website "http://www.microsoft.com/en-in/download/details.aspx?id=30718" is not reachable. Can anyone please tell me, from where I can download Windows ADK for
  2012 Server.
  Thanks
  Manik Bansal

  Hi Johan, Hi Manik,
  Your reply with the link for the Windows Assessment and Deployment Kit (ADK) for Windows® 8 at http://www.microsoft.com/en-us/download/details.aspx?id=30652 has been very much appreciated.
  I have also found a new and updated link to the *NEW* Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 at http://www.microsoft.com/en-us/download/details.aspx?id=39982 that was released and published on 2013-Oct-17.
  Please note that this ADK can be used with Windows Server 2012, but there are some important differences between the Windows 8 ADK and the Windows Server 2012 ADK. The TechNet summary of the ADK may be explored at the link http://technet.microsoft.com/en-us/library/jj200116.aspx
  The details of the ADK for Windows 8 may be explored at the link http://go.microsoft.com/fwlink/?LinkId=248647
  Thank you,
  Michael C.

• Deploying the FEP client (SCCM 2012 R2) on computers that already have the FEP client from a previouse failed site installation

  Hello All
  I am in the process of rebuilding our SCCM 2012 R2 site server (single site). The FEP client from the previous sccm 2012 r2 deployment was successfully installed on all of our endpoints and communicating with no issue with the site server. Since losing that
  server we are in the process of deploying a one. My question is, when I configure FEP and the site server attemtps to deploy the FEP client will the current one be reinstalled even though its same version? Or will SCCM just recognize there is already
  a compatible client installed. I asked a similar question about the SCCM client in another post which was very helpful.
  Any advice would be greatly appreciated
  Phillip
  http://social.technet.microsoft.com/Forums/en-US/84923512-b456-4850-b2ba-8d22bb54ab5c/deploying-sccm-2012-r2-clients-to-computers-that-already-have-the-sccm-2012-r2-client-from-failed?forum=configmanagerdeployment#ab630267-6f25-45ff-a732-231b8008876c
  Phil Balderos

  No, the Endpoint Protection client is still a separate client. By, enabling the client settings the ConfigMgr client will make sure that the Endpoint Protection client is installed and makes sure it will be 'managed'. After re-installing the ConfigMgr
  client, the ConfigMgr client will see that Endpoint Protection is already installed and the new ConfigMgr client will start 'managing' the Endpoint Protection client.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Deploying Office 2013 through SCCM 2012 SP1 leaves Office 2010 Tools and Sharepoint behind

  I apologize in advance, but I have searched similar topics to this, but I haven't seen an answer yet that describes where and how to accomplish this.  I'm also a bit new to SCCM and I'm still finding the nuances.
  Scenario:  Running SCCM 2012 SP1.  Office 2013 32bit is added as an application and deployed properly with an accompanied .msp file stored in the source folder.  The configuration is to have Office
  2010 uninstalled silently.  The deployment runs flawless and the user doesn't know otherwise.  Success in anyone's book, right?
  Except... Office 2010 Tools and SharePoint Workspace 2010 are left over.  Manual uninstallation is not an option.  This is for hundreds of PC's in several global locations. 
  I've seen it hinted to write a script.  That's fine I suppose, but what do I write, where do I store the script, and can I have SCCM2012 automatically run it before the installation of 2013? 
  Our favorite IT tool Google hasn't quite returned what I'm looking for.   Does anyone here have ideas or perhaps have experienced a similar issue?
  Thanks,

  1st, save the following content as a XML file on a server share, named as "config.xml".
  <Configuration Product="ProPlus">
  <Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />
  <Setting Id="SETUP_REBOOT" Value="Never" />
  </Configuration>
  Run the following script during or before the installation of Office 2013:
  "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall ProPlus /config \\servershare\Config.xml
  For more SCCM specific topics, we'd recommend you to visit the SCCM forums at:
  http://technet.microsoft.com/en-us/systemcenter/gg191847
  Max Meng
  TechNet Community Support

• Deploy Lync 2013 Via SCCM 2012

  Dear,
  I wants to deploy Microsoft Lync 2013 via SCCM 2012, I have created a new deployment package based on MSI file to install Microsoft Lync 2013 for company machines, during the installation package will install for clients computer perfectly but instead of
  install automatically to users, every time message coming user should do it manually for example user should accept the terms of the agreement, kindly I need a way to solve this issue, I need Lync 2013 automatically install without users doing anything, please
  see attached snapshot.

  Make sure that you are using the right command line using your newly created MSP
  ex: setup.exe /adminfile "Lync_Updated.msp"
  As proposed, update your DP so that your MSP gets distributed.
  You can also follow this guide if you're still experiencing difficulties.
  http://systemcentersynergy.com/lync-2013-silent-or-unattended-install/
  Benoit Lecours | Blog: System Center Dudes