SCCM 2012 Design Consideration / Advice

Similar Messages

• SCCM 2012 Design and Management

  I'll preface this by saying I dont have much experience beyond setting up a stand alone primary site for SCCM 2012. 
  Here's the situation:
  1. Central Office in LA, CA with smaller offices in Texas and in SF (totaling about 4k clients)
  a. Fast 10G link to TX
  b. Slow link to SF
  2. Korea office with 500 clients (slow link)
  3. Europe office with 1500 clients (slow link)
  4. Local IT staff managing systems and software deployment in each location. 
  5. Central office would like oversight and management of other regions. 
  If anyone could provide suggestions on hierarchy design that would be appreciated. 
  Originally I was going to setup a CAS and a Primary Site in the US (DPs for SF and TX), and 2 other Primary Sites for KR and EU regions (Remote DPs and what not for the smaller branches within). IT staff for each region would manage their own primary. But this
  apparently isn't ideal. 
  My question is how a stand-alone primary design would work in this instance? And if the primary resides in the US, would administrative users have to use the console to access the primary over the slow WAN link?
  I think my confusion in design comes from whether the regional admins need direct access to the Primary site or not. 
  Thanks, and please excuse my ignorance. 

  I'm not sure what the internet cloud is there for.  Your LA Primary should be in that spot; remember those servers all need to be able to communicate with the primary, usually on the same domain.  If what you meant by that 'internet" cloud
  you really meant "Our Internal Company WAN Links", then ok.  By that I mean... I presume in SF, KR, EU... there are domain controllers servicing those locations?  then it's sorta similar to CM12.
  If you really *do* mean internet is how those locations are linked, no domain trusts, then what you may be looking at is pki certificates, and internet based client management.  And/Or possibly considering leveraging Intune for those clients.
  Regarding console usage; either publish the console via Citrix, or publish the console as a TS App.  i.e., publish the console from citrix via a citrix server in the same datacenter as the LA Primary--and everyone uses that console (if they need to
  use the console). 
  fyi/off topic... my opinion.  "helpdesk" type personnel have no need to be in the console, nor does anyone who simply needs to run reports.
  Standardize. Simplify. Automate.
  Correct, internal WAN links, all computers are domain joined. We will eventually move to internet management too but that seems to be something we'll tackle later down the road. 
  I will need to check with the other admins to see what kind of VDI we have in place. 
  Console access is for other admins to create/modify collections for their region, deploy software, etc. The console itself wont be made available to helpdesk/service desk.
  response to edit:
  - Correct, TX will only have a DP on a "site server" (not a secondary site). 
  - link to SF would be 1GB, and change to 10GB once they move into a perm location. In my diagram they would also just receive a DP
  edit 2: ok my vocab is off, when i put "site server" in the diagram i really mean "site system server"

• Sccm 2012 hierachy consideration

  The system consists of 10 data-centers, 200+ remote (geology) sites and has about 50,000 clients in total, with a single forest. 
  Now, when come into the plan/design a sccm2012 hierarchy for this system, I have some questions regarding site systems placement in data-centers:
  1. Do I need to place a primary site in each of the data-centers? This will result in 10 primary sites with a CAS.
  2. Can I place only one primary site in one (the largest) data-center, and place a MP/DP in each of the rest data-centers? This may lead to a stand-alone primary site.
  3. Can I place two primary sites in two major data-centers with a CAS, and place a MP/DP in each of the rest data-centers?
  4. In case placing one or two primary sites, can I place just a DP instead of MP/DP in each of the rest of the data-centers?
  For remote sites with 50+ clients I will consider place a DP over there.
  Thanks in advance for your help.

  I concur with Narcoticoo (lots of folks agreeing on this thread :-) ) that the consultant didn't know what he was talking about -- I'd even go so far as saying you should ask for your money back.
  For the question of "is a secondary preferable for higher bandwidth or a low/narrow bandwidth?", low bandwidth or high client count is where secondary sites are best used. This is because they compress, throttle, and schedule most client
  to MP traffic destined for the primary site including state and status messages and hw and sw inventory. The overhead caused by this traffic is quite small though in normal scenarios which is why they aren't strictly required/recommended unless the bandwidth
  between the clients at a location and the MP will be over-utilized. This is a subjective standard though because it truly depends on the network involved as well as the client count.
  For the question "As a secondary in sccm2012 also has a database (express though), does it cause latency of replication when bandwidth is not good enough?" the answer is not black and white. If the links are truly terrible, volatile, and/or have
  extreme latency, like say VSAT connections to roaming ships, then yes, the replication between the secondary site and primary site is an issue. In these extreme cases, the use of third-party, complementary tools is a valid option. Generally though, the trade-off
  of less client chattiness combined with the scheduling, throttling, and compression of upward client traffic is beneficial where bandwidth is a concern.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• SCCM 2007 Migration to SCCM 2012

  Hello,
  I read http://social.technet.microsoft.com/Forums/en-US/58ba35e5-d84e-4741-8089-624f5269a2ca/sccm-2012-design-consideration-advice?forum=configmanagergeneral&prof=required with the following notes:
  Secondary vs. DP is a subjective call based on two factors: client count and available bandwidth. More clients and/or less bandwidths means secondary site, less clients and/or more bandwidth means DP. Both use a server OS so there's really no cost difference, just some added complexity for a secondary site. Without knowing the bandwidth, no way for me to be able to say one way or the other.
  As for IBCM, correct, it's no a primary site server, it's simply a site system that typically hosts an MP, DP, and SUP. The App Catalog Website Point is also applicable.
  Are you planning on managing legacy mobile devices or Mac OSX? If not, the Enrollment Proxy Point is not needed -- it's not applicable to IBCM anyway to my knowledge.
  Also, the FSP must be on a separate site system so that clients can communicate with it via HTTP.
  I have for now two sites:
  - 25,000 Desktops on one site
  - 1,500 Servers on the second site
  in SCCM 2007 I had three sites: One Parent doing the reporting and two child sites handling the inventory, distribution, etc... (No SUP do far)
  I have on each child sites 1 DP.
  What should be changed for SCCM 2012?
  What is "More Clients" or "Less Clients" ?
  "More Bandwidth" or "Less Bandwidth"?
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  Hello Dom,
  If you have Two Primary servers you may need to plan for a CAS (Central administration site), in SCCM 2012 when you have more than one primary server you need a CAS to connect them. But remember the CAS does not
  process any client data, DPs nor MPs (hardware nor software inventory), and bear in mind that a primary stand-alone can support up to 100,000 clients, and in SCCM 2012 the big idea is to simplify the hierarchy. So if you have a primary site you can manage
  a lot of clients, and you can separate them in your case in boundaries, boundaries in 2012 do two things: Site assignment and content lookup, but they only work with boundary groups, in which you set the limits in the boundary, and latter associate it with
  a boundary group.   
  You can then just have a primary server and remote DPs, and decide how the clients will look for content in the DPs with the boundaries and boundary groups. The bandwidth needs to be really important about sending
  packages between sites, or if the boundaries are not configured properly the clients can end up looking for content where it should not.  Also don’t forget about fallback packages and content, because DPs and packages can be set as fallback, so if clients
  cannot find in a local DP they will search those packages.
  Below a few references that may help you with your migration.
  Any more questions, please let me know.  
  References
  ==========
  Planning for Configuration Manager Sites and Hierarchy
  http://technet.microsoft.com/en-us/library/gg682075.aspx
  Planning for Sites and Hierarchies in Configuration Manager
  http://technet.microsoft.com/en-us/library/gg712681.aspx
  Migrating Hierarchies in System Center 2012 Configuration Manager
  http://technet.microsoft.com/en-us/library/gg682006.aspx
  VIDEOS
  ========
  Configuration Manager 2012: Plan, Deploy, and Migrate from Configuration Manager 2007
  http://technet.microsoft.com/en-us/video/configuration-manager-2012-plan-deploy-and-migrate-from-configuration-manager-2007.aspx
  Microsoft System Center Configuration Manager 2012: Plan, Deploy, and Migrate from Configuration Manager 2007 to 2012
  http://channel9.msdn.com/Events/TechEd/Europe/2012/MGT313
  Cheers,
  Renato S. Pacheco

• SCCM 2012 software distribution not able to distribute content for chrome

  Hi I am using sccm 2012, need some advice, thanks! I tried to deploy chrome exe to a xp pc but the PC software centre shows downloading for very long time, more than a few hours. I created a 64bit chrome for a win7 pc and deployment also not working, it
  just failed. Then I downloaded a msi installer to deploy to an xp pc, the downloading also takes forever, I checked the distribution content, it's failed. I then created a DP group and add the single DP into it. but still not working. I did the work before
  for firefox and it did work before. Not sure what happened. Not sure where to check the log for software distribution, any advice please?thanks!
  Thanks and best regards, -- KF

  Thanks, Narcoticoo!your advice is helpful!
  So, does it mean I can use xxxx.exe /install /silent for all other exe installers? And to find out the detection method, do I have to install the exe on a local pc to find out the actual directory it will install it (Then uninstall it)? and xxx.exe /uninstall
  is for uninstallation? Can I create a  bat file like chrome-install.bat to have one line like "ChromeSetupStandAloneSetup.exe
  /silent /install " as the the actual installer? Why there is a package option below application? it confused me ....
  Thanks!
  Thanks and best regards, -- KF

• SCCM 2012 Site Design with multiple agency seperation

  I have read through some of the other posts, and none quite seem to match my scenario.
  I have a new task to design a new SCCM 2012 Site. At first I thought this was going to be easy, but it seems to have become a bit of a challenge. I have been tasked with designing and implementing a site for about 45k clients that span about 25 agencies.
  all of these machines are part of a top level AD forest, but are broken into domains under that. The forest admins have to be able to mandate software/updates from the top level for all machines, but each agency will have to manage their own machines/content.
  If it wasn't for the political aspect of this project, everything would be easier.
  I originally thought about a CAS/PS scenario, but when I tested this, I found that every PS connected to the CAS shares everything between each other, and that will not work.
  So I need to be able to design a site where each agency will be able to create/manage their own content/machines that is not shared with everything else. They need to have a feeling like they are managing their own PS. And need to have a top level that can
  mandate software/updates to everything and also get a complete inventory of all machines in all agencies. Can this be done with RBA and a single site, or is there a better option for this?
  At this point there is no need to consider bandwidth because most of the systems are on the same campus network, and remote DPs and other site systems can be added and adjusted as needed. I just need to know if and how this can be done best.
  Please let me know if you need anymore information.
  Thanks in advance for any advice.

  Hi,
  Here is a good guide explaining RBA,
  http://blogs.technet.com/b/hhoy/archive/2012/03/07/role-based-administration-in-system-center-2012-configuration-manager.aspx
  and here is a good one deploying RBA:
  http://blogs.technet.com/b/jchalfant/archive/2014/02/27/using-rba-to-separate-servers-and-workstations-in-configuration-manager-2012.aspx
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Help needed -- Considerations to be taken while migrating 2 different SCCM 2007 hierarchies into a single SCCM 2012 Hierarchy.

  Hi, I need your help on consolidating two different SCCM 2007 infrastructures into a single SCCM 2012.
  We have two different SCCM 2007 Hierarchies, Lets say 123 and ABC
  About 123 SCCM 2007 -- On 123 Hierarchy, we have already started migrating clients from SCCM 2007 to SCCM 2012.
  About ABC SCCM 2007 -- On ABC Hierarchy, This is still running on SCCM 2007 (This hierarchy only be started migrating once                                      we
  are completed migration on 123)
  Out of which, we have few co located offices across the globe for both 123 and ABC. Now we are decided to replace the hardware on all these locations by removing the existing two servers (one for 123 and other for ABC,with two different Forest and domains),
  and consolidate them into a single server.how can we plan/design to ensure that we covering both hierarchies SCCM clients for the operations.
  ===================Below are some possibilities we are discussing on================================
  1.Is there any way on "System management" in AD to enable access either in 123's domain or ABC's domain.
  2.Since we are planning to replace the hardware with Server 2012 R2 with Hyper-V, Create two instances and migrate 123 hierarchy to SCCM 2012 and other instance will serve ABC until we start the migration on this.
  ========================================================================================
  correct me, If i am in wrong direction. Please suggest me the best of doing it. Thanks in advance.
  srkr

  1) In CM 2012 you can publish data to System Management in other forest but you have to configure the permissions manually and create the forest object in the ConfigMgr console.
  2) CM07 and CM2012 instances can co-exist as long as you don't create boundary groups in CM12 for site assignment (that will cause overlapping boundaries if you still have boundaries in Cm07)
  Kent Agerlund | My blogs: blog.coretech.dk and
  SCUG.DK | Twitter: @Agerlund | Linkedin:
  Kent Agerlund

• SCCM 2012 Hierarchy design

  Hi
  I am designing an SCCM 2012 environment at the moment.
  We have 7 locations.  2 are data centers and have excellent links between them.  our main office is well connected to the DCs 100MB link.
  All other offices have between 50 and 200 users.  All of these offices have at least 10MB links to the main office and the 2 x DCs.
  I was thinking of deploying CAS and Primary Site servers in 1 DC.  Installing SQL 2008 R2 there also to support this.  Then in secondary DC installing Secondary Site Server.
  For all offices with users I am planning to implement distribution points.  
  My main concern is that we have an 8th location that is a partner company that has a separate forest with no trust.  How can I configure that so that we can control what can be deployed but that the local staff can administer the deployments etc??
  Also how will SQL work for me in this regard in the szecondary location - I know SQL Express will be used, but will Express support a large SCCM database?
  Thanks in advance!

  So basically I should install a primary site in our main location and then DPs and SUPs in all other locations (aprt from the remote untrusted forest)??
  Correct.
  Also what do I need to consider for DR if the main site that holds the primary site server is lost?
  DR in ConfigMgr (like most other products) is backup and restore. Are you actually asking about HA and/or site resiliency?
  If I do go with secondary sites, how large does the SCCM DB grow to, with 5-6K clients connected?  Im just thinking will SQL Express be able to support this?
  Secondary sites do not store client information so the DB doesn't grow very large at all.
  Jason | http://blog.configmgrftw.com

• Software Distribution & Patching Design Issues - Migration of Packages SCCM 2007 to Application or Conventional Packages in SCCM 2012

  Hi All
  I am starting in discussion to deep root on Software Distribution & Patching model in large environments from SCCM 2007 migrating to SCCM 2012.
  Below are certain assertions i am putting forward for your expert views or you may in a similar situation
  1- I have migrated the packages from SCCM 2007 to SCCM 2012 as conventional methods, now i am deploying them [ not migrated the advertisements and collections ], so while deploying i am facing a peculiar situation that the deployment when created is of the
  name "<<Package name>>(program)". I am not able to rename the deployment for the conventional packages. is there a way out to that??
  2- Will the collection queries work the same in SCCM 2012 as was in SCCM 2007??
  3- In SCCM 2012 Primary site there is default role called Site System role in that there is tab for proxy settings. I have observed that if do not check the proxy tab there and punch in proxy IP and port then after some time in the WSUS server the update
  source and proxy server tab the proxy option gets unchecked and hence the sync in software update point status appears failed. Is that anyone else also has observed !!!!!
  Regards Sushain KApoor

  This is a duplicate of
  https://social.technet.microsoft.com/Forums/en-US/2ddb8170-529b-4652-830e-fd0ade384b98/software-distribution-patching?forum=configmanagermigration
  Please do not double post.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• SCCM 2012 Client Install Failing ONLY on 8.1 Machines - Advice?

  Good morning,
  I've got a rather interesting situation.  We have a SCCM 2012 site configured for https, the site server is acting as the MP and DP, and we are installing the client via the SCCM 2012 Client GPO.  Our cert is an InCommon cert.  We have 4000+
  Windows 7 machines that are able to install the client.  We tested on a Window 8 machine and the client install works as well.  Whenever a Windows 8.1 machine tries to install it fails.  We have checked the boundaries (we can't specify IP ranges
  since we don't manage the whole network).  I can manually browse to the source files on the MP/DP.  The switches we use when installing via the GPO are /usepkicert /mp:[redacted] CCMHTTPSSTATE=63 SMSSITECODE=[redacted] SMSCACHESIZE=12288.  However,
  it always fails with:
  <![LOG[GetDPLocations failed with error 0x80004005]LOG]!><time="09:33:26.329+300" date="03-13-2015" component="ccmsetup" context="" type="3" thread="12944" file="siteinfo.cpp:532">
  <![LOG[Failed to get DP locations as the expected version from MP 'https://[redacted]'. Error 0x80004005]LOG]!><time="09:33:26.329+300" date="03-13-2015" component="ccmsetup" context="" type="2"
  thread="12944" file="ccmsetup.cpp:11261">
  <![LOG[Failed to find DP locations from MP 'https://[redacted]' with error 0x80004005, status code 403. Check next MP.]LOG]!><time="09:33:26.329+300" date="03-13-2015" component="ccmsetup" context="" type="2"
  thread="12944" file="ccmsetup.cpp:11117">
  <![LOG[Only one MP https://[redacted] is specified. Use it.]LOG]!><time="09:33:26.330+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="12944" file="ccmsetup.cpp:10080">
  <![LOG[Have already tried all MPs. Couldn't find DP locations.]LOG]!><time="09:33:26.330+300" date="03-13-2015" component="ccmsetup" context="" type="3" thread="12944" file="ccmsetup.cpp:11146">
  <![LOG[MapNLMCostDataToCCMCost() returning Cost 0x1]LOG]!><time="09:33:26.332+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="12944" file="ccmutillib.cpp:5479">
  <![LOG[GET 'https://[redacted]/CCM_Client/ccmsetup.cab']LOG]!><time="09:33:26.333+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="12944" file="httphelper.cpp:807">
  <![LOG[Failed to successfully complete WinHttp request. (StatusCode at WinHttpQueryHeaders: 403)]LOG]!><time="09:33:26.366+300" date="03-13-2015" component="ccmsetup" context="" type="3" thread="12944"
  file="httphelper.cpp:1013">
  <![LOG[DownloadFileByWinHTTP failed with error 0x80004005]LOG]!><time="09:33:26.366+300" date="03-13-2015" component="ccmsetup" context="" type="3" thread="12944" file="httphelper.cpp:1081">
  <![LOG[A Fallback Status Point has not been specified.  Message with STATEID='308' will not be sent.]LOG]!><time="09:33:26.367+300" date="03-13-2015" component="ccmsetup" context="" type="1"
  thread="12944" file="ccmsetup.cpp:9763">
  <![LOG['Configuration Manager Client Retry Task' is scheduled to run at 03/13/2015 02:33:26 PM (local) 03/13/2015 07:33:26 PM (UTC) time with arguments ' "/usepkicert" "/mp:[redacted]" "CCMHTTPSSTATE=63" "SMSSITECODE=AHC"
  "SMSCACHESIZE=12288" /RetryWinTask:1'.]LOG]!><time="09:33:26.369+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="10100" file="wintask.cpp:315">
  <![LOG[CcmSetup failed with error code 0x80004005]LOG]!><time="09:33:26.409+300" date="03-13-2015" component="ccmsetup" context="" type="1" thread="10100" file="ccmsetup.cpp:10879">
  Anyone have any idea why this is happening only on 8.1 machines?  I can't think of where else to check.  Thanks for any help.

  Okay, so I installed via the following:  ccmsetup.exe /usepkicert /source:C:\Client CCMHTTPSSTATE=63 SMSSITECODE=AHC SMSCACHESIZE=12288 and the client installed.  But you're right, the CCMMessaging.log is full of https errors.  I know it's
  something with the cert and I've even requested new ones from the CA.  However, why what is it about 8.1 that is causing the issues?  Like I said, we have 4000 machines using the same client authentication cert and they work.  I've cut and paste
  some of the log entries.  One thing to note is the \\[redacted]\sms_ahc\client\ccmsetup.exe in the beginning was using the internet FQDN.  Everything else is using the intranet location.  Does that provide any insight as to what is going
  on?
  \\[redacted]\sms_ahc\client\ccmsetup.exe /usepkicert /source:C:\Client CCMHTTPSSTATE=63 SMSSITECODE=AHC SMSCACHESIZE=12288
  <![LOG[Successfully sent security settings refresh message.]LOG]!><time="12:43:12.834+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="ccmhttperror.cpp:369">
  <![LOG[Successfully sent location services HTTPS failure message.]LOG]!><time="12:43:12.837+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="ccmhttperror.cpp:396">
  <![LOG[Post to https://[redacted]/ccm_system_windowsauth/request failed with 0x87d00231.]LOG]!><time="12:43:12.837+300" date="03-16-2015" component="CcmMessaging" context="" type="2" thread="5452"
  file="messagequeueproc_outgoing.cpp:442">
  <![LOG[[CCMHTTP] ERROR: URL=https://[redacted]/ccm_system_windowsauth/request, Port=443, Options=63, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="12:45:12.880+300" date="03-16-2015" component="CcmMessaging"
  context="" type="1" thread="5452" file="ccmhttperror.cpp:297">
  <![LOG[Raising event:
  instance of CCM_CcmHttp_Status
  DateTime = "20150316174512.883000+000";
  HostName = "[redacted]";
  HRESULT = "0x87d0027e";
  ProcessID = 8572;
  StatusCode = 403;
  ThreadID = 5452;
  ]LOG]!><time="12:45:12.883+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="event.cpp:715">
  <![LOG[Successfully sent security settings refresh message.]LOG]!><time="12:45:12.889+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="ccmhttperror.cpp:369">
  <![LOG[Successfully sent location services HTTPS failure message.]LOG]!><time="12:45:12.892+300" date="03-16-2015" component="CcmMessaging" context="" type="1" thread="5452" file="ccmhttperror.cpp:396">
  <![LOG[Post to https://[redacted]/ccm_system_windowsauth/request failed with 0x87d00231.]LOG]!><time="12:45:12.892+300" date="03-16-2015" component="CcmMessaging" context="" type="2" thread="5452"
  file="messagequeueproc_outgoing.cpp:442">

• SCCM 2012 & SQL Cluster

  Hello..
  My Colleague and I are involved in implementing SCCM 2012 for a client and having a question on what would be the best practice (Microsoft Recommendation) for having DB for SCCM 2012 specifically, please note it is for 2012 and not for 2007. And, if
  we are going to install SQL 2012 on the same box as SCCM 2012 is going to be installed,
  1. Would it incur additional licensing cost for SQL 2012 (am asking as I read somewhere as long as the DB used just for CM, additional cost wouldn't be there)
  2. What difference does it make to have the DB on cluster and on the local Primary Site box
  3. If we gonna have DB in the Primary site box, what would happen if something goes wrong with this box (we just gonna have only one Primary site as per our design), and what happens until we bring this box functioning through Backup & Recovery (basically
  it is going to be VM Snapshot recovery)
  4. And finally, can we have the CM databases (one for CM & another for WSUS) on any existing instance (Production) which is running for Business critical applications? - Because, this we have to convince the App/DB owners of that particular instance
  that we gonna share for SCCM.
  And any additional steps related to DB considerations for SCCM that I missed to mention above can also be answered..
  Thanks, V@s!m

  Hi,
  1, No as long as you use SQL Standard Edition and only use it for System Center 2012 Databases.
  2, Cluster gives you higher availability than if you have it locally on the SCCM server but it is much more complex to manage, you will need additional SMS providers and so on to provide High-availability.
  3, If you have it on the same box you can do nothing if it goes down, but it still requires you to have all other roles on different servers as well. Note using VM snapshop recovery is not supported and should not be used as other site systems will not now
  what has happended when you restore it.
  4, You could but I always recommend not to do it, as service pack upgrades, SQL CU, collation e.t.c must match and you will have even more dependencies when you do upgrades e.t.c
  Using a Local SQL on the primaryn site server at least for implementations less than 50'000 clients is recommended, you will get better console performance, if you go for a cluster make sure the Network speed between the Primary Site and the SQL is as good
  as it can be preferably the same switch.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• SCCM 2012 Agent in a VMwar VDI pool

  We have a VMware pool of 40 virtual PCs that are regularly re-composed from a base image. Is there any definitive documentation on how to implement SCCM 2012 on VDI pools such as this.  I have found a couple of things relating to SCCM 2007 (below),
  are these still relevant to 2012?
  http://technet.microsoft.com/en-us/library/bb694095.aspx
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/72582bd9-d12c-49c6-9a6a-9f96ab3bdf65/installing-the-sccm-client-on-an-image?forum=configmgrgeneral
  Do I need to do anything with regard to certificates on my base image for example?
  Also, are there any specific considerations for using Endpoint Protection on VDI pools?
  Any advice welcome ;-)
  Hibs Ya Bass!

  See the "How to Install Configuration Manager Clients by Using Computer Imaging" at http://technet.microsoft.com/en-us/library/gg712298.aspx.
  For 2012 (post SP1), there is also a client setting that enables randomization of most client activity; this should be enabled on your VDI systems.
  Is there any actual value to installing the ConfigMgr client agent in your non-persistent VDI systems though?
  Jason | http://blog.configmgrftw.com
  Thanks Jason.
  There isn't really any value in having the agent on the non-peristent machines, no, but I need the agent on my master image so I can deploy software updates to it once a month. Then we recompose all the other virtual PCs from the master with with the new software
  updates applied. I will therefore only target the master image with software updates and not the other virtual PCs.
  I do plan to deploy EP signatures to ALL virtual PCs though.
  Hibs Ya Bass!

• Satellite Z930-14F - cannot install Win 8.1 from SCCM 2012 R2 environment

  Dear all,
  Sattelite Z series laptops cannot install OS (win 8.1) from our SCCM 2012 R2 environment.
  Either no installation is starting, or pxe boot aborted error is showed.
  The environment is used to successfully install OS (win 8.1) on different other vendor computers (dell) and virtual machines (hyper-v and vmware).
  I've tried both UEFI and CMS boot options and tried to switch off the secure boot. Please advice.
  Also, i've read about the "SCCM installation package for Toshiba". Will it help in my situation or is it just driver packages for SCCM?
  Best Regards, Evgeny.

  I guess you are speaking about this Toshiba package:
  http://www.toshiba.eu/services/on-demand/business-computing/sdp120gs-v/
  I dont have much experience using such SCCM drive package but it definitely compatible with the Toshiba business notebooks. The Satellite / Portege Z930 belong to the business range and I think the package should be compatible.
  This package seems to be for all IT administrators who manage devices on the corporate network with SCCM 2012 R2. Toshiba offers with the new Toshiba SCCM package a solution to integrate other notebook into an existing IT infrastructure quickly and smoothly and all Toshiba Driver and application packages and a demonstration task sequence are integrated.
  However, it seems that you could get more details about this package directly from Toshiba [email protected]
  By the way: The Win 8.1 installation requires the UEFI mode (in case the UEFI BIOS is available). But booting from another, external source requires the disabled secure boot option.
  So maybe you should use the UEFI mode but should disable the secure boot option in order to boot from LAN.

• SCCM 2012 RTM to SP1 Upgrade - Windows ADK 8.1

  Hello,
  I am after some advice.  We have two physical locations containing a single SCCM 2012 primary site server in one location and distribution point server in the other location.
  Both servers are also configured as DHCP Servers and DHCP scope options have been configured correctly to allow both DHCP and Windows Deployment Services to co-exist. 
  OSD was working fine, until I upgraded the primary site server to SCCM 2012 SP1.  During the upgrade process, I installed Windows ADK 8.1 which would appear is not supported however no errors were reported during the upgrade process.
  Issues I have encountered;
  - I can no longer PXE boot with the following error 'PXE-E55: ProxyDHCP service did not reply to request on port 4011'
  - The x:\remoteInstall\Boot\Fonts directory is empty suggesting the boots images were not finalised.
  - When updating the distribution points with the boot images i get the following error via the wizard;
  • The SMS Provider reported an error.: ConfigMgr Error Object:
  instance of SMS_ExtendedStatus
  • Description = "Failed to insert OSD binaries into the WIM file";
  • ErrorCode = 2152205056;
  • File = "e:\\nts_sccm_release\\sms\\siteserver\\sdk_provider\\smsprov\\sspbootimagepackage.cpp";
  • Line = 4566;
  • ObjectInfo = "CSspBootImagePackage::PreRefreshPkgSrcHook";
  • Operation = "ExecMethod";
  • ParameterInfo = "SMS_BootImagePackage.PackageID=\"UKS0003B\"";
  • ProviderName = "WinMgmt";
  • StatusCode = 2147749889
  SMSPXE.log contains the following errors;
  Failed to copy X:\RemoteInstall\SMSTempBootFiles\XXX00014\WINDOWS\Boot\PXE\wdsmgfw.efi to X:\RemoteInstall\SMSBoot\x86\wdsmgfw.efi
  InstallBootFilesForImage failed. 0x80070002
  Warning: Failed to copy the needed boot binaries from the boot image X:\RemoteInstall\SMSImages\XXX00014\WinPE.XXX00014.wim.
  The operation completed successfully. (Error: 00000000; Source: Windows)
  Failed adding image X:\RemoteInstall\SMSImages\XXX00014\WinPE.XXX00014.wim. Will Retry..
  The system cannot find the file specified. (Error: 80070002; Source: Windows)
  Failed to read ADK installation root registry value
  I am looking for some advice on the best way to rectify this issue.  Options I am considering are as follows, however I am unsure of the outcome should I attempt these;
  1 - Upgrade to SCCM 2012 R2 which supports ADK 8.1
  2 - Uninstall Windows ADK 8.1, install 8.0
  3 - Attempt to restore back to SCCM 2012 RTM using file system backups and SCCM backups.
  Any help or suggestions would be much appreciated.

  Thank you both for your replies and advice
  The configMgr 2012 environment is primarily used for OSD, and software updates for Servers only.
  I have followed Peter’ advice, and uninstalled WADK 8.1 and installed 8.0 and I am currently investigating errors within the SMSPXE.log, and I have seen other posts elsewhere within these forums
  with the same issue with suggested solutions which I shall investigate.
  With regards to DHCP on the ConfigMgr site servers – I could not agree with you more. 
  Unfortunately, my company use a third party DHCP solution which was incapable of supporting PXE-boot for OSD. 
  We were therefore required to have a separate Microsoft DHCP solution on the site servers to by-pass this issue. 
  The intention is to upgrade to Configmgr 2012 R2. 
  My understanding is that there is no direct upgrade process from SCCM 2012 RTM to R2, therefore I have upgraded to SP1 and would prefer all features are working correctly before progressing to R2. 
  Many thanks again,
  Regards,
  JohnRox

• Why is it not possible to move a SCCM 2012 Server to a new Domain?

  Hello everybody,
  I know it is not supported to move a SCCM 2012 Server to a new Domain. But I am still missing why it is not supported or possible....
  I could not find anything that explained it in detail on the forums/internet. So when the question comes up in front of a customer it is always better to have a good argumentation...Can somebody describe the reasons why??
  Thank you very much in advance!

  Have them call CSS then.
  It's ultimately the result of the design of the product but not an explicit decision. To my knowledge, it relies on the domain name for certain things and this is explicitly embedded with no defined way to change this. Could it be changed? Probably.
  But, that would take a lot of work and effort and is not something Microsoft has ever invested any time in.
  The grass is green and the sky is blue. Knowing why doesn't change these.
  Jason | http://blog.configmgrftw.com | @jasonsandys