How to deploy Cisco ISE agents through SCCM 2012 R2

Similar Messages

• How to manage Work group Computer through SCCM 2012 R2

  Hello..Experts,
  We have to manage the Workgroup Computers both Linux and windows Environment through SCCM 2012 R2.
  what are limitation associated with managing Workgroup computer both with Linux and windows Computers through SCCM.
  Please help us how to achieve this.

  Windows devices that are Workgroup members have the same features for management as domain joined devices except that it is slightly more difficult to get the client installed on these 'unmanaged' devices.
  The Linux computers have only basic support for  Inventory, Application Management, and Compliance.
  I hope that helps,
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you've found a bug or want the product worked differently,
  share your feedback.
  <-- If this post was helpful, please click "Vote as Helpful".

• How to deploy .msp files through SCCM 2012

  Team,
  Can you please help me to deploy .msp files through SCCM 2012?
  Regards,
  Mahadev Nitture

  I tried to search and got few things but didn't understand to proceed with.
  Please help me with this.
  Regards,
  Mahadev Nitture
  You can use a typical/standard application deployment method (just a minor change because of MSPfile).
  Here are some guides, for typical application deployment:
  http://technet.microsoft.com/en-us/library/gg682159.aspx
  http://www.gerryhampsoncm.blogspot.ie/2013/03/sccm-2012-sp1-step-by-step-guide-part_7075.html
  Familiarise yourself with these methods, then return to the example suggested by Torsten for specific steps for MSP:
  https://social.technet.microsoft.com/Forums/en-US/3dac27fd-ce4f-4d3d-946b-d08d4c7f5af5/best-way-to-deploy-an-msp?forum=configmanagerapps
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• MS Office Pro 2013 Deployment through SCCM 2012 R2

  Hi Friends,
  I have deployed MS Office Pro 2013 through SCCM 2012. But from Windows 7 Client Machines It's not Installing. Noticed following error in Software Center.
  I'm testing two deployments before bring into production.
  Test Machine 1 :  Purpose = Available 
  From Software Center I have found Test Machine 1 is Status failed.
  Test Machine 2 : Purpose = Required
  From Software Center I have found Test Machine 2 is Status post due-will be retried
  The following Error code is same for both Machines.
  ====================================================
  The software change returned error code 0x87D00607(-2016410105).
  ====================================================
  Any idea please .
  Regards,Ali

  Hi,
  Check out this great guide from Ronni on how to deploy Office 2013 using Configuration Manager 2012, a good read.https://gallery.technet.microsoft.com/office/How-to-Deploying-Office-0f954e7f
  Are the content succefully deployed to all DPs?
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• SP1 does not get installed when the machine is set to Japanese Language, software push through sccm 2012

  Hi,
  Please help me with the below issue, iam trying to deploy Service pack 1 on Windows 7 , 32 Bit OS
  SP1 does not get installed when the machine is set to Japanese Language, software push through sccm 2012 , it does gets installed of installed manually, by remoting into the machine
  also it gets installed through sccm when the machine is set to english language, 
  Thank you
  Tanoj
  OSLM ENGINEER - SCCM 2007 & 2012

  Hi Friends,
  we are deploying the SP1 via SCCM 2012 , and the success rate is around 50 %, its a Light touch installation where user will initiate the installation via Software Center ( Web based )
  i was able to gather few errors , and this are the errors which failed during SP1 Installation 0x800f0828,
  some errors which sccm reports display are 
  11171
  10008
  10021-
  17031 - 
  1602 - User Cancelled installation
  113 - No more internal file identifiers available
  10070 - File handle reference is no longer available
  10050 - A socket operation encountered a dead network
  11170  - The task sequence manager could not successfully complete execution of the task sequence
  i could not find the reason for some of the errors, also i am looking for a fix/woraround if any
  Also i have noticed that in few computers the task seq failed at a place where after the sp1 installation a reboot happens and then PGP BYPASS utility is uninstalled, it did not start the PGP bypass uninstall after reboot
  is there a way to cut short the Task seq and keep it simple ?
  right now its like this 
  1. checking for prerequisite : checks for OS Name and OS version
  2. installs PGP Bootgaurd Bypass
  3. System Restart
  4. Installing Windows 7 Service Pack 1
  5. Final Restart
  6. uninstall PGP Bootgaurd Bypass
  Regards
  Tanoj
  OSLM ENGINEER - SCCM 2007 & 2012

• Not able to install sccm agent in sccm 2012 servers after cu3 update

  not able to install sccm agent in sccm 2012 servers after cu3 update
  MSI: Setup was unable to register the CCM_Service_HostingConfiguration endpoint
  The error code is 80041002 ,below URl specify fix to uninstall Management point ,but in sccm 2012 secondary site canot unintall management point  ,please help to install agent in config manager servers
  https://blogs.technet.com/b/configurationmgr/archive/2013/11/25/hotfix-quot-error-25150-setup-was-unable-to-register-the-ccm-service-hostingconfiguration-endpoint-quot-when-you-try-to-install-the-client-agent-in-configuration-manager.aspx
  ankith

  Excellent Article!!!!!! Pls check here, Follow the same steps
  http://eskonr.com/2013/09/sccm-configmgr-2012-sp1-cu3-installationcollections-upgrade-clients/
  This too
  http://it.peikkoluola.net/2013/11/18/update-sccm-2012-to-sp1-cu3/
  Thanks, Prabha G

• System task 'policyevaluator_unlock ' returned error code 0x8000fff in windows pacth deployment on windows 7 by sccm 2012 Sp1

  hi All,
  I have faced mentioned error in Win7's ccmexec.log file doing windows pacth deployment on windows 7 by sccm 2012 Sp1
  system task 'policyevaluator_unlock ' returned error code 0x8000fff
  Kirpal Singh

  Thanks for reporting this symptom. We investigated and found that this error occurs when user unlocks the workstation. Due to this error, ccmexec service doesn’t request for user required policies when user
  unlocks the workstation. We will investigate and address this symptom. Other than user unlock, all other user policy scenarios will be functioning as expected. The client will process user policies when user logs on as well as in the regular user policy polling
  schedule”.
  BC

• How to create an exclusion into an SCCM 2012 to not discover Non Windows OS

  How to create an exclusion into an SCCM 2012 to not discover Non Windows OS 

  I assume they are in your AD. In that case your only option is to not discover them by not including their OUs in your
  Active Directory System Discovery.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• How to repackage "jre-7u72-windows-i586.exe" application and deploy through SCCM 2012

  Hi,
  Along with IE 11 we are planning to deploy "jre-7u72-windows-i586.exe"
  Created transform file for "jre-7u72-windows-i586.exe" by using Adminstudio Installshield.
  Identified vendor .MSI file at
  %AppData%\LocalLow\Sun\Java\jre1.7.0_72\jre1.7.0_72.msi"
  %AppData%\LocalLow\Sun\Java\jre1.7.0_72\Data1.cab
  Created Transform file
  Created transform file for "jre-7u72-windows-i586.exe" by using Adminstudio Installshield with the Tuner feature
  My queries:
  Do we have any best practices while repackaging “jre-7u72-windows-i586.exe?” by Adminstudio
  How to deploy the jre-7u72-windows-i586.exe application assuming with parallel deployment of IE
    11.
  Do we uninstall lower versions of Java when installing any newer versions like jre-7u72-windows-i586.exe?
   if yes then how to handle
  Do we install jre-7u72-windows-i586.exe application without uninstallations of any lower version of JAVA , if yes then how to handle
  Looking for best practices / Customizations ?
  Thanks, appreciate your help.
  Han,
  Gc.Hanumareddy

  Alternatively, why not actually reference Oracle official documentation or post in their forums (because as Torsten said, this really has nothing to do with ConfigMgr or Microsoft even).
  http://java.com/en/download/help/msi_install.xml looks to be a great place to start.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Windows 8.1 clients are not detecting updates deployed to them through SCCM 2012 R2

  Hello, 
  We are using SCCM 2012 R2 to deploy software updates. 
  On Windows 8.1 SCCM does not show certain updates as being needed and isn't deploying them to the clients even though Windows Update will show them as high importance. These same updates are being detected and deployed to Windows 8 clients successfully.
  I believe that the update catalog that WSUS uses may have some incorrect detection rules for the following updates:  
  2917933
  2913320
  2913270
  2913152
  2909569
  2904440
  2904266
  2903939
  2899189 
  2893984
  2893294
  2892074
  2916626
  2898785
  My automatic deployment rules include Windows 8.1 in the product category. I have even created a standalone rule for Windows 8.1 that builds a new package and the behavior is the same. 
  We only have a handful of Windows 8+ clients so this hasn't been a big issue but others may want to keep an eye out. 

  I am also running into this issue.  After "checking online for updates" on one of my machines in office I found that there were 21 important updates for my 8.1 box.  When I cross reference them in SCCM under All Software Updates, it appears these
  8.1 updates are not listed.  They are however listed for all other OS.  
  10 seconds after typing this, I went in to verify my WSUS ->  Products and Classifications settings and come to find 8.1 and 2012 R2 weren't selected, even though it's an option in SCCM.  Go figure!  This wasn't the end though.  After
  running a Synchronization, my issue still wasn't resolved.  Went back to check my settings and they again were changed back to having these OS unchecked.  Finally, a solution!  I found that in SCCM, under Administration tab, Site Configuration
  > Sites > ABC - Mysitename, right click and scroll down to "Configure Site Components" > Software Update Point.  This setting (although the same as is in WSUS) takes precedence, thus was rolling my settings back to the original configuration
  in WSUS.
  So long story short, even though my automatic deployment rules stated approve all windows 7/8/8.1 criticals/importants, 8.1 was getting skipped for the most part because my WSUS server wasn't syncing with Microsoft for all of the updates I required.  I
  did have a couple of updates that squeezed through because they were categorized as "Security Updates for Windows 8, 8.1".
  Not sure if this is the solution you were looking for, but your thread got me started in the right direction, hopefully this response helps in the same way!
  Thanks!

• Deploy Windows 8 To Go through SCCM 2012 SP1

  First a little backgroud:
  I have SCCM 2012 SP1 with MDT 2012 Update 1 integrated. I am using an MDT UDI task sequence to deploy windows 8 and it works perfectly. My Windows 8 image is fairly thin (only containing OS updates and C++ runtimes), and I am using the MDT database
  and an MDT task sequence in SCCM 2012  to dynamically set a list of SCCM Applications to install as well as settings based on location. 
  Now I want to get Windows To Go provisioning working in SCCM 2012 SP1. I had a powershell script that preparied the drive and applied a thick image (including office and other apps) to it then updated unattend.xml with a computer name and the domain join
  info.  That worked for me however I'd like to levarage the dynamic task sequence that I described above to build these To Go sticks the same as my other Windows 8 machines without having to keep updating the thick image evertime something changes. 
  There isn't much info out there that Iv'e found on setting up SCCM 2012 SP1 to provision windows to go here are the two that I have found 
  http://ixrv.blogspot.com/2012/10/provisioning-windows-8-to-go-with.html
  http://technet.microsoft.com/en-us/library/jj651035.aspx
  I followed the instructions in the first link and was able to run the Windows to Go Creator program and apply the prestaged wim to the USB stick. I rebooted from the USB stick Windows PE started and started to run my task sequence then it errored out on
  the apply image step. At this point it occured to me that the MDT SCCM task sequence was probably not setup for prestaged media and or Windows To Go. 
  So my question is am I on the right track? Do I just need to examine each step in my task sequence and make sure that it will work properly with my Prestaged/Windows To Go stick? If so has anyone actually gotten this to work that could give me some advice?
  Or is it asking too much to have a dynamic Windows To Go task sequence and I should just be building a thick image and using a second task sequence specifically for Windows to go? 
  are there any other resources for Windows To Go with SCCM that I'm missing? 
  Thanks, 
  Tony

  First of all sorry I missed your last three posts I have to check my email notifications. I'll try to answer all of them even though I think the last part is the only one where you are still stuck. 
  When I created my prestaged media I didn't put anything into it except for the the OS image and my PE image. On the Select Application and Select Package screen in the prestaged media wizard remove any application or packages that are added automatically.
  The task sequence is supposed to be smart enough to know if the version of the package that is on the prestaged media is out of date and go to a DP to get it but that didnt work for me. The only way I was able to get it to work was to remove all the packages
  from the prestaged media even the Customsettings package, the MDT toolkit package, USMT, etc.. 
  http://social.technet.microsoft.com/Forums/en-US/configmgrosd/thread/d729d0ff-829f-4af8-91af-2131b3355fd0/
  This thread which is about prestaged media in SCCM 2007 helped me to understand how prestaged media is supposed to work. Basically what I learned is that once the computer is rebooted from the ToGo stick into PE the task sequence will run the same as any
  other task sequence installing any applications and setting up your ToGo stick just like any other computer that runs the task sequence they dont need to be in your prestaged media for this to happen. 
  You shouldn't need to worry about partitioning WTGCreator.exe will partition the ToGo stick for you I'm just using the standard MDT Integrated partitioning in my task sequence. The one thing that I did was set the Windows To Go Creator package to "run from
  distribution point" which speed things up because then it didnt download the prestaged wim then apply it to the USB drive. 
  Is it booting into PE then rebooting? Did you check the "Allow unattend operating system deployment" check box when you made your prestaged media? If so it wants you to have set the task sequence to run in a task sequence variable SMSTSPreferredAdvertID
  to the task sequence ID you want to run. I'd just remake the media and leave that box unchecked. 
  Good luck and let me know how it works for you. I'll check back sooner this time I promise. 

• How to sell Cisco ISE.

  Hi all. I have always had challenges trying to 'prove' the importance of 802.1x and some of the advanced functionality provided by Cisco ISE. The OG150 (www.og150.com) is an automated penetration testing drop box. Once plugged into the network, it will automatically dial home (establish a reverse SSH tunnel) and performs a penetration test with a security report of the penetration test results emailed to you. This is ALL automated upon connection to the network, and takes about 7 minutes.
  I will be using this box to demonstrate to customers the benefits of using 802.1x with Cisco ISE.                  

   802.1X offers the following benefits:
  •Visibility—802.1X provides greater visibility into the network because the authentication process provides a way to link a username with an IP address, MAC address, switch, and port. This visibility is useful for security audits, network forensics, network use statistics, and troubleshooting.
  •Security—802.1X is the strongest method for authentication and should be used for managed assets that support an 802.1X supplicant. 802.1X acts at Layer 2 in the network, allowing you to control network access at the access edge.
  •Identity-based services—802.1X enables you to leverage an authenticated identity to dynamically deliver customized services. For example, a user might be authorized into a specific VLAN or assigned a unique access list that grants appropriate access for that user.
  •Transparency—In many cases, 802.1X can be deployed in a way that is transparent to the end user.
  •User and device authentication—802.1X can be used to authenticate devices and users.

• CRM2013 Silent deployment through SCCM 2012 R2

  Hello.
  First of all im sorry, if im posting in the wrong Forum - but this seemed as the correct one.
  I want to deploy CRM 2013 Outlook Client, through Software center - but i cant seem to get it working.
  I cant seem to find a way, to disable / accept the License Agreement automatically, so that our Domain Users can enjoy a completely silent CRM deployment.
  I have tried several guides, and i have also tried with SetupClient.exe /A - and the "guide" completes, but theCrmClient_32.msi dosent work.
  I would really appreciate, if some of you guys would help me out :)
  We are using SCCM 2012 R2
  Datatechnician

  Looks like you need the /Q switch for this
  http://msdn.microsoft.com/en-us/library/hh699665.aspx
  /Q              
  Quiet mode installation. This parameter requires a configuration file in XML format. The /i parameter contains the name of the XML configuration file. No dialog boxes or error messages will appear on the display screen. To capture error message information,
  include the log file parameter (/L or /LV).
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson
  Hello.
  Ive found the solution my self :)
  SetupClient.exe /quiet /passive /norestart
  I didnt thought that you could have a /q and /p at the same time
  Datatechnician

• Deploying Office 2013 through SCCM 2012 SP1 leaves Office 2010 Tools and Sharepoint behind

  I apologize in advance, but I have searched similar topics to this, but I haven't seen an answer yet that describes where and how to accomplish this.  I'm also a bit new to SCCM and I'm still finding the nuances.
  Scenario:  Running SCCM 2012 SP1.  Office 2013 32bit is added as an application and deployed properly with an accompanied .msp file stored in the source folder.  The configuration is to have Office
  2010 uninstalled silently.  The deployment runs flawless and the user doesn't know otherwise.  Success in anyone's book, right?
  Except... Office 2010 Tools and SharePoint Workspace 2010 are left over.  Manual uninstallation is not an option.  This is for hundreds of PC's in several global locations. 
  I've seen it hinted to write a script.  That's fine I suppose, but what do I write, where do I store the script, and can I have SCCM2012 automatically run it before the installation of 2013? 
  Our favorite IT tool Google hasn't quite returned what I'm looking for.   Does anyone here have ideas or perhaps have experienced a similar issue?
  Thanks,

  1st, save the following content as a XML file on a server share, named as "config.xml".
  <Configuration Product="ProPlus">
  <Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />
  <Setting Id="SETUP_REBOOT" Value="Never" />
  </Configuration>
  Run the following script during or before the installation of Office 2013:
  "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall ProPlus /config \\servershare\Config.xml
  For more SCCM specific topics, we'd recommend you to visit the SCCM forums at:
  http://technet.microsoft.com/en-us/systemcenter/gg191847
  Max Meng
  TechNet Community Support

• How to deploy the Workspace Agent Services as a Window Service!

  Hi all,
  does anyone know how to install the Workspace Agent Service back as a Windows Service after i re-installed an reconfigured the workspace completly i do not see the Agent anymore in my Windows Services. I sure would like to avoid to have to uninstall and set it up completely again.
  The agent start file is located in common\workspacert\9.5.0.0\bin.
  Your help is much appreciated
  Cheers
  Andr&eacute;

  I hit the same problem after reinstalling workspace.
  It seems that the config tool does not create the workspace agent service on subsequent configurations.
  A quick search of the configtool.log from the original installation/configuration yields the following:
  com.hyperion.avalanche.config.CoreService, INFO, Running command: D:\Hyperion\common\workspacert\9.5.0.0\bin\wksagent.exe -RegService -Auto -Name HyS9Core1 -DisplayName Hyperion Workspace - Agent Service -Description HyS9Core1, Provides service infrastructure to run services locally
  Dropping the above line at the command prompt fixed the issue for me.
  Cheers,
  Aaron
  Edited by: user8871938 on 15-Feb-2010 06:56