Search This Blog

Tuesday, January 25, 2011

SCCM Clients installation Troubleshooting Check list

Here is the check list which i have prepared to follow in brief .There may be other issues which are not mentioned here but mostly, issues lies under the below conditions.
There are a variety of Client deployment methods that are available to you when installing the client. Each has its advantages and disadvantages along with the need to meet specific business requirements.
If you choose to go SCCM client push installation method, Ensure you have created Client push installation account which should have Admin rights on the target computer else it may fail .Client push installation Step by Step Guide is here http://technet.microsoft.com/en-us/library/bb632380.aspx and with Screen shots how to configure from Windows-Noob
Once you initiated the Client push installation from SCCM console( right click on computer,say install client etc ),you can start monitoring CCM.log from your <SCCM installation folder:>\Logs. For more info on how SCCM client push installation works,please refer this article for process and troubleshooting .
The procedure  is same what ever the installation method you choose.The CCMSETUP.EXE will be downloaded to the system (c:\windows\system32\ccmsetup) and is executed. The ccmsetup.exe reads the manifest file (and also mobileclient.tcf) and fetches the remaining files(prerequisites files listed below ) to continue the client installation.
Some of the components that are used in the client deployment process include the following:
CCMSetup.exe: Used to Install, uninstall and upgrade the SCCM 2007 client using client push installation or manual installation. It is low bandwidth aware and is the single way to launch client deployment. You also do not need to use CCMClean to uninstall the client as the uninstall switch can be used instead.
BITS: BITS 2.0 is required for Windows 2000 clients. BITS 2.5 is used for most of the Windows operating systems with the exception of Windows Vista which uses BITS 3.0.
Note: When installing BITS 2.0 on Windows 2000 SP4 machines, a restart is required. This means that if you do not have BITS 2.0, then ccmsetup will stop the install and wait until the next process of reboot before it starts the next process.
Microsoft Windows Installer v3.1 v2 (KB 893803): Update to all operating systems except Windows Server 2003 SP1 and later
• Windows Update Agent (WUA) version 7.0.6000.363: Used on clients to support detection of applicable updates and deployment
MSXML6.msi - Windows installer script for installing the Core XML Services
MSRDC (Remote Differential Compression): Required for branch DP to support binary differential replication. For more information on binary differential replication, please visit http://technet.microsoft.com/en-us/library/bb693953.aspx%20.
Regarding windows 2000 clients, they don't support MSRDC, so Windows 2000 clients cannot be branch DP’s. Windows XP and later will install this utility and the associated windows server code will be used to install the bits.
Wimgapi.msi: Imaging API for custom tools for image management
CCMSetup.msi: Windows installer package for deploying of the SCCM 2007 client using AD GPO. You cannot run CCMSetup.msi to install clients manually.
You can monitor CCMSETUP.LOG ,CLIENTMSI.LOG from your ccmsetup folder. It will take few min to complete the installation .Once you see, client installation succeeded,You may confirm that,installation is done but it doesn't mean,client is healthy and able to receive policies /send information to Management Point.
Below are the SMS Related services which should (applicability depends on the client perform actions let say BITS is not used when you run the Application from DP) be running on the Client to be healthy all the time..
  1. Automatic Updates
  2. Background intelligence Transfer service
  3. Remote Registry
  4. SMS agent Host
  5. Terminal Services
  6. Windows Installer
  7. Windows Management Instrumentation
To know if the client is healthy and able to send /receive polcicies /able to talk to Management point or not ,there are few Log files which you should look into:
CCMSETUP.LOG----->Logs the Client installation activities
ClientLocation.log---->  Records site assignment tasks. Can help to troubleshoot scenarios where the client is not assigned to a Configuration Manager 2007 site.
LocationServices.log---> Records attempts to find management points and distribution points.Can help to troubleshoot scenarios where the client cannot find a management point or distribution point.
AND open the configuration manager Applet from control Panel and go to actions tab,check if you are able to if you are able to see more than 5 policy agents displaying or not which means that client is healthy and sent its inventory information to SCCM site server. You should be able to see the Client with SCCM client Installed and assigned Yes
Agents more information about  SCCM client log files,please refer TechNet
Now its time to do the actual troubleshooting why client is not getting the above policy agents or not reported to SCCM console with Client YES and Installed YES


1.Check the Firewall Enabled or Disabled if enabled,allow the ports to talk to site server.Guide to add Ports to the firewall to allow the required files or policies to download.
2.Check Boundaries (could be (AD site or IP Range or IP Subnet) of the Agent are specified in the site server
3.Schema extension and ensure attributes published into AD system management container (you can see component status if there are any errors while updating the system Management container with attributes)
4.Check the if there no DNS issue in the client and that client is able to resolve the SCCM server NetBIOS as well as FQDN without any issues.
5. Check if the Client is able to talk to Management Point or not using the following Links.
http://%3csccm_server/SMS_MP/.sms_aut?mplist ----should give you blank page
http://%3csccm_server/SMS_MP/.sms_aut?mpcert------should give you some random numbers
6.Check if WMI is working or not if not try repairing the WMI by stopping WMI service and renaming repository folder (C:\Windows\System32\wbem) and start the service.
If the above test fails make sure that MP is working fine. You can check mpcontrol.log on the site server to find the error and make sure that the same works.
4.Check the Locationservices.log( Finds management points and distribution points) and clientlocation.log( Site assignment tasks) and ClientIDManagerStartup.log(Creates and maintains the client GUID)
If you see anything apart from the above discussed,you may can post the query on  SCCM forums also I would like to hear from you if i miss anything from above steps.
Posted by at 1 comment:

Certificate Details From Machine Through Inventory

VBScript:

'****************************************************************
'c:\windows\syswow64\cscript NameOfTheScript.vbs to use the 32bit capicom
'Option Explicit
On Error Resume next
dim ExtProp, certificatedata,Extension,EKU
dim sho, fso, strcurrentdir, strsysfolder
Set sho = Wscript.CreateObject("Wscript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
Dim Store, Certificates, Certificate
Dim StrsubjectName(500), STRIssuerName(500), strValidFrom(500), strValidTo(500),
strDaysToExpire(500), i,j,k,g,m
Dim strEDUOID(500,500), StrFriendlyName(500,500)
Const CAPICOM_LOCAL_MACHINE_STORE = 1
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1
Const CAPICOM_STORE_OPEN_READ_ONLY = 0
const CAPICOM_PROPID_FRIENDLY_NAME =11
const CAPICOM_ENCODE_BINARY = 1
Set Store = CreateObject("CAPICOM.Store")
Select Case err.number
   Case 0'object registered OK
   Case 429'CAPICOM needs to be registered
      registercapicom 'go register capicom
      err.Clear
   Case Else
   wscript err.number
   err.Clear
End Select
Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY
Set Certificates = Store.Certificates
If Certificates.Count >0 Then
   For Each Certificate in Certificates
       g=g+1
       strSubjectName(g) = Certificate.SubjectName
       strIssuerName(g) = Certificate.IssuerName
       strValidFrom(g) = Certificate.ValidFromDate
       strValidTo(g) = Certificate.ValidToDate
       strDaysToExpire(g) = DateDiff("d",now(),Certificate.ValidToDate)
       if Certificate.ExtendedKeyUsage.IsPresent Then
          i=1
          For Each EKU In Certificate.ExtendedKeyUsage.Ekus
             strEDUOID(g,i) = EKU.OID
             i=i+1
          Next
       end if
       For Each ExtProp In Certificate.ExtendedProperties
           j=1
           If  ExtProp.PropID = CAPICOM_PROPID_FRIENDLY_NAME then
             strFriendlyName(g,j) = ExtProp.Value (CAPICOM_ENCODE_BINARY)
             j=j+1
           End if
       Next
  Next
End If
'------The dump in WMI section
Dim wbemCimtypeSint16
Dim wbemCimtypeSint32
Dim wbemCimtypeReal32
Dim wbemCimtypeReal64
Dim wbemCimtypeString
Dim wbemCimtypeBoolean
Dim wbemCimtypeObject
Dim wbemCimtypeSint8
Dim wbemCimtypeUint8
Dim wbemCimtypeUint16
Dim wbemCimtypeUint32
Dim wbemCimtypeSint64
Dim wbemCimtypeUint64
Dim wbemCimtypeDateTime
Dim wbemCimtypeReference
Dim wbemCimtypeChar16
wbemCimtypeSint16 = 2
wbemCimtypeSint32 = 3
wbemCimtypeReal32 = 4
wbemCimtypeReal64 = 5
wbemCimtypeString = 8
wbemCimtypeBoolean = 11
wbemCimtypeObject = 13
wbemCimtypeSint8 = 16
wbemCimtypeUint8 = 17
wbemCimtypeUint16 = 18
wbemCimtypeUint32 = 19
wbemCimtypeSint64 = 20
wbemCimtypeUint64 = 21
wbemCimtypeDateTime = 101
wbemCimtypeReference = 102
wbemCimtypeChar16 = 103
Set oLocation = CreateObject("WbemScripting.SWbemLocator")
'Remove classes
Set oServices = oLocation.ConnectServer(, "root\cimv2")
set oNewObject = oServices.Get("SCCM_Certs")
oNewObject.Delete_
Set oServices = oLocation.ConnectServer(, "root\cimv2\SMS")
set oNewObject = oServices.Get("SCCM_Certs")
oNewObject.Delete_
'Create data class structure
Set oServices = oLocation.ConnectServer(, "root\cimv2")
Set oDataObject = oServices.Get
oDataObject.Path_.Class = "SCCM_Certs"
oDataObject.Properties_.add "Counter", wbemCimtypeUint32
oDataObject.Properties_.add "SubjectName", wbemCimtypeString
oDataObject.Properties_.add "IssuerName", wbemCimtypeString
oDataObject.Properties_.add "ValidFrom", wbemCimtypeString
oDataObject.Properties_.add "ValidTo", wbemCimtypeString
oDataObject.Properties_.add "DaysToExpire", wbemCimtypeUint32
oDataObject.Properties_.add "EKUOID", wbemCimtypeString
oDataObject.Properties_.add "FriendlyName", wbemCimtypeString
oDataObject.Properties_.add "ScriptLastRan", wbemCimtypeString
oDataObject.Properties_("Counter").Qualifiers_.add "key", True
oDataObject.Put_
'*********************************************
'Add Instances to data class
Set oServices = oLocation.ConnectServer(, "root\cimv2")
for k = 1 to g 'number of certs
 Set oNewObject = oServices.Get("SCCM_Certs").SpawnInstance_
        oNewObject.Counter = k
        oNewObject.SubjectName = strSubjectName(k)
        oNewObject.IssuerName = strIssuerName(k)
        oNewObject.ValidFrom = strValidFrom(k)
        oNewObject.ValidTo = strValidTo(k)
        onewObject.DaysToExpire = strDaysToExpire(k)
        oNewObject.FriendlyName = strFriendlyName(k,1)

 for m = 1 to i 'number of extended keys
  if strEDUOID(k,m) = "" then
   'do nothing
   else
         if m = 1 then
            oNewObject.EKUOID = strEDUOID(k,m)
         else
            oNewObject.EKUOID = oNewObject.EKUOID &"," & strEDUOID(k,m)
         end if
  end if
 next
   oNewObject.ScriptLastRan = Now
   oNewObject.Put_
next 'end of number of certs

'Create reporting class structure
Set oServices = oLocation.ConnectServer(, "root\cimv2\SMS")
Set oRptObject = oServices.Get("SMS_Class_Template").SpawnDerivedClass_
'Set Class Name and Qualifiers
oRptObject.Path_.Class = "SCCM_Certs"
oRptObject.Qualifiers_.Add "SMS_Report", True
oRptObject.Qualifiers_.Add "SMS_Group_Name", "Certificates"
oRptObject.Qualifiers_.Add "SMS_Class_ID", "Custom|Certificates|1.0"
'Add Reporting Class Properties
oRptObject.Properties_.Add("Counter", wbemCimtypeUint32).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("SubjectName", wbemCimtypeString).Qualifiers_.Add "SMS_Report",
True
oRptObject.Properties_.Add("IssuerName", wbemCimtypeString).Qualifiers_.Add "SMS_Report",
True
oRptObject.Properties_.Add("ValidFrom", wbemCimtypeString).Qualifiers_.Add "SMS_Report",
True
oRptObject.Properties_.Add("ValidTo", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("DaysToExpire", wbemCimtypeUint32).Qualifiers_.Add "SMS_Report",
True
oRptObject.Properties_.Add("EKUOID", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("FriendlyName", wbemCimtypeString).Qualifiers_.Add "SMS_Report",
True
oRptObject.Properties_.Add("ScriptLastRan", wbemCimtypeString).Qualifiers_.Add
"SMS_Report", True
oRptObject.Properties_("Counter" ).Qualifiers_.Add "key", True
oRptObject.Put_
Set Certificates = Nothing
Set Store = Nothing
sub registercapicom
  '''''''''''''' registr capcom.dll from system 32
  strCurrentDir = Left(Wscript.ScriptFullName, (InstrRev(Wscript.ScriptFullName, "\") -1))
  Set strSysFolder = FSO.GetSpecialFolder(1) 'get system32 folder
  'Copy the dll to the system folder
  FSO.CopyFile strcurrentdir & "\capicom.dll",strSysFolder & "\"
  'Register the dll
  sho.Run "cmd.exe /c regsvr32.exe /s " & Chr(34) &_
    strSysFolder & "\capicom.dll" & Chr(34),0,vbTrue
end sub

SMS_Def.Mof


----------SMS_DEF.MOF-------------------------------------------
[ SMS_Report     (TRUE),
  SMS_Group_Name ("Certificates"),
  SMS_Class_ID   ("CUSTOM|Certificates|1.0") ]
class SCCM_Certs : SMS_Class_Template
{
    [SMS_Report (TRUE), key ] uint32  Counter;
    [SMS_Report (TRUE)      ] uint32  DaysToExpire;
    [SMS_Report (TRUE)      ] string  EKUOID;
    [SMS_Report (TRUE)      ] string  FriendlyName;
    [SMS_Report (TRUE)      ] string  IssuerName;
    [SMS_Report (TRUE)      ] string  ScriptLastRan;
    [SMS_Report (TRUE)      ] string  SubjectName;
    [SMS_Report (TRUE)      ] string  ValidFrom;
    [SMS_Report (TRUE)      ] string  ValidTo;
};
Posted by at No comments:

WQL Query for DDRHeartbeat Not send by last 14 days

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId not in (select ResourceID from SMS_R_System where AgentName in ("Heartbeat Discovery") and DATEDIFF(day,AgentTime,GetDate())<=14)
Posted by at No comments:

Machines Which Has Last Software Scan ( WQL Query)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_LastSoftwareScan on SMS_G_System_LastSoftwareScan.ResourceId = SMS_R_System.ResourceId where SMS_G_System_LastSoftwareScan.LastScanDate < DateAdd(dd,-30,GetDate())
Posted by at 6 comments:

Find Machines Which had Last Hardware Scan ( WQL Query )

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_WORKSTATION_STATUS.LastHardwareScan < DateAdd(dd,-30,GetDate())
Posted by at No comments:

Client installed but showing as 'No' to SCCM console - troubleshooting tips

It's better to understand the difference between reinstalling sccm client and repairing sccm client. When you reinstall a client, it creates SMS classes in WBEM repository, initiates policies for notification to SCCM management point and gets new SMS GUID as an identification but it won't delete the exisitng GUID (SMS keeps it until we delete certificate using ccmdelcert.exe from the toolkit.. or uninstall sccm client porperly). SMS identifies it as new record and acts on it as new client. If you have added this machine to somewhere your system based collection, it won't be getting any policies. Machine, having old GUID certificate, would be negligable and policies would be rejected from respective Management point.
While, if you repair a client; it removes old certs, assigns it new certificate and initiates policies as unique record. It works properly and policies are apporved by MP.
Posted by at No comments:

Packages stucked to copy on DP: 'Install Pending'

There might be different scenarios so apply fix as per need-

1. Packages are not copied to DP due to lack of permissions, pls check the necessary rights.
2. Check for package on affected DP whether it's present or not.
3. If not, check distmgr.log file on affected DP and manually copy .pck file from primary server to affected DPs and use PreloadPkgOnSite.exe tool to replicate package information to SCCM database.
here's info regarding this tool-
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=C36FCDA8-9336-4D44-9568-5530FF7635DD&amp%3Bdisplaylang=en
4. If package is present on DP but not updated to database or SCCM console; refresh DP again.
5. If still DPs not updated, try run these queries for affected DPs through central server-

update pkgstatus set Status = 2 where id = ' ' and sitecode = ' ' and type = 1

update pkgstatus set SourceVersion = 0 where id = ' ' and sitecode = ' ' and type = 1

6. After running above queries, refresh DPs again.
Posted by at No comments:
Subscribe to: Posts (Atom)