joeman1881

I am curious what your typical deployment times are for machines in your environment? We are currently using an individual server 2012 r2 box with plenty of resources, and network connection. We have 1gb connection all the way to the machines we are deploying to so I'm pretty sure that isn't the culprit. Our typical task sequence at minimum Includes: Formatting, Applying OS Adding Device to domain Applying Driver package Setup Config manager client Configure Network settings (Batch File) Add Local admins (Powershell) Enable Remote access (Batch File) Add machine to wireless group in AD (Powershell) Install Applications (including office, adobe, java, etc., office being the biggest) Install Updates Restart machine Maybe I am following the wrong process by not deploying this T.S. and capturing an image for mass deployment, but this method has proven best for our environment because we support a large collection of different types of machines. Our deployment times following this guideline are: -Microsoft Surface Pro 2 - 2 hrs -Asus T100 tablet - 3.5 hrs -Most desktops/probook laptops - 45 minutes to 1hr (roughly) Our biggest obstacle is the more inexpensive devices like the Asus tablets and even the surface pro 2's. Whether we use 3.0 or 2.0 dongles the deployment time is roughly the same. Is anyone else running into issues like this? Are you able to provide me with an idea of your deployment times for similar devices? Thanks, -Joe

Thanks for the add-in. Is there any documentation on this anywhere within the site? I will see what I can find online... Just to be clear though, my network connection is becoming saturated during large deployments of updates which I believe is adding to the consoles performance lacking. This option may help increase performance though in general for the technicians.

I'm assuming they would both need to be Primary sites, and both would need to be Distribution points. This way Updates can still be deployed from one Primary server, and OS/software deployments can be deployed from the second Primary server. So what I need to do is just upgrade the current secondary site to a second Primary site. (that doesn't sound confusing at all)

Hello all, I previously ran all of our sites from my single SCCM 2012 server. This one server is managing WSUS/SCUP, OSD, App deployment. and EP, so I decided to create a secondary server. The Primary server managed all the clients well, but I noticed poor performance for the techs in the config mgr console when large update deployments were occurring. My hopes were creating a secondary server would allow me to distribute all content to the secondary server, which it did, and then connect to the secondary site with the console for deploying. This would leave my primary site available for update deployments, and eliminate sluggish console performance for my technicians... I quickly learned I cannot connect to my secondary site via the config manager console which leads me to think I may need to upgrade this guy to a Primary server? Or is there a better solution for what I am trying to achieve? Thanks, -Joe

Great, thanks for the advice. This helps a lot.

Thanks for the reply. Is there a common or best practice in place around splitting the services between two servers? Is there any reason I wouldn't want to split this the way I noted above? Thanks again!

Bump! Anyone have any advice? Thanks

The scenario is that I have 1 - 2012R2 Virtual right now hosting: -FEP -WSUS -MP -DP -SQL This is the configuration that was recommended for our environment by Microsoft. Now that I am gaining a little experience, and knowledge around this system I am realizing it's just too much for one server in our environment. We currently have about 6,500 machines being managed, but in the next year or two should be up to around 10,000 machines. My plan was to create a second virtual server (on a new box with dual 10GB copper) to take over the DP, WSUS, and FEP and then maybe migrate my original virtual to the new server as well. I would then have both servers on the same physical box, and shouldn't have any bandwidth issues going forward. Side note: The new server is exactly the same build as the host that my SCCM server currently resides on, we just added the new NIC, and installed 2012r2 rather than 2008r2 for host OS. Questions: - Will I run into issues migrating the server using SCVMM to migrate my current server (while shut down) to the new box? If it's shut down, this shouldn't cause any issues with SQL correct? - Is there a better way to split the services in an enterprise my size? - Whats the best way to 'migrate' the services to the second, new VM? Thanks for your input in advance, -Joe

I shouldn't have a DNS issue because I can ping the machines successfully from the server itself and/or any other machine in the domain. I cannot ping the devices using console extensions and I can see it attempting to connect using the last recorded/discovered IP address not a DNS name. Eventually the console realizes that the IP has changed, but I am not sure what event kicks off this update of current addresses.

I am sure this is somewhere else on the forum, but I am having trouble finding a solution. When a machine is issued a new address via dhcp, sccm doesn't see the change immediately. This makes it so the server cannot communicate with the clients for what I'm told is a few hours/days. I haven't been able to confirm the wait time on this, but shouldn't Delta discoveries pick up new addresses? This becomes an issue when my technicians deploy a machine and attempt to reconnect at a later time for a last minute push of an application. The server still has the old address recorded so when I even try to ping from the console extensions, I do not get a reply even though server itself can ping the machines. We run into this often with wireless devices, and machines that haven't been turned on within the lease period. Does anyone run into this, or is there a way to keep the console more current with issued IP's?

This is perfect, thank you! I just tried it out late yesterday and went off without a hitch. The only reason I can't do this is we deploy different versions tiers of office apps, and I don't want our images to become extremely convoluted. I definitely thought about this though, but ultimately I'd still run into windows update issues I think.

Hello, I am trying to find the best practice for deploying office during OSD. It seems like the updates are stacking up and seem to be around 30-40 since SP1. My techs are complaining that it adds another 20-30 minutes to their "profiling" of the machines, because Software Center will automatically begin receiving updates once the machine connects to the server. Anyone else run into this issue, or have a solution to correct this? I have the Check for Updates Line in my Task Sequence, but for some reason, it doesn't appear to really get the updates or check for available deployments during OSD. Thanks in advance, -Joe

Right now, I am just attempting to run this command as a package deployment to a set of machines for verification of functionality. I have the package set for "whether or not user is logged in" which automatically sets "run as administrator". Does that mean I am automatically running as a local admin? Is there maybe a switch I can use in my command to say run as domain admin //// password? Thanks as always for the reply Peter!

So......I may have finally gotten this figured out after working on it all day! This is my script: #Connect to Domain $strName = $env:computername $objDomain = [adsi] "(LDAP://dc=mydomain,dc=net)" $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.PageSize = 1000 $objSearcher.Filter = "(&(objectClass=Computer)(name=$strName))" #Get Computer DN $ComputerDN = $colResults.properties.distinguishedname # Get objects $group = [ADSI]”LDAP://CN=RemoteAccess Win8.1,OU=Accounts-Groups-Security.Only,DC=mydomain,DC=net” $machine = [ADSI]"LDAP://$computerdn" # add computer to group $group.Add($machine.Path) #> $null $group.SetInfo() The only issue I am running into is sometimes if I attempt to run in a different session I receive: Exception calling "Add" with "1" argument(s): "Unspecified error (Exception from HRESULT: 0x80004005 (E_FAIL))" ...relating to Line 20... Any words of wisdom?

I am trying to figure out a simple way to add machines to our "Wireless Devices" Security Group in AD in my OSD task sequence. I have looked into several powershell scripts and VB scripts online, but can't seem to find one or modify one that will work. My machines are all deployed and added to their respective Site OU's during deployment which seems to be part of my issue. I don't want to create a script for each Site OU just to add these machines to the same security group. My technicians don't have access to add users to groups which is why I am trying to come up with an alternative "fix" that can be used during deployment. Any advice? Thanks, -Joe

What a nightmare that was. Of course it was something completely simple. I have a service account added to sccm as an administrator and because this account is a domain admin of the parent domain and not the child domain, there was a loss of communication between the machines and the server. Adding PARENT\domain admins as local admin on the child machines the issue was resolved. The clients did need to be redeployed, but all is well finally! Thanks a lot for the assistance Peter!

Failed to open to WMI namespace '\\.\root\ccmvdi' (8007045b) ClientIDManagerStartup 4/10/2014 2:36:51 PM 1660 (0x067C) This is the error I see in this log. I will look into it.

In addition, I noticed that in the "ccmNotificationAgent.log", there are Bgb client agent is disabled, and TCP Listened is disabled notes. These showed up for a few days and not just a repeat of '"Wait 3600 Seconds for event notification". I will dig further into this and see what I can find but I wanted to update the thread in case this is an obvious fix. Update: I also just noticed on these machines that in the Config manager client properties on the suspect machines, the CCM Notifications Agent is Disabled...Hopefully I am getting somewhere now. I just need to figure out how to enable it.

Sorry, I was OOO Friday. Yes it does successfully join the domain. I can ping the machine from SCCM with the FQDN and also the machine to the SCCM Server if that's helpful.

Yes, the only step in my task sequence that uses credentials is adding to the domain.

Yes it does! That is why adding this new GPO via registry with a dependency that the client is not installed works now. Thank you for the reply!

Yes, this is what I saw as well. When I am looking in the server client, the machines (so far only in the child domain) show as "No" client installed. This issue was reported by our team of level 1 technicians (level 1 means they have some access, but not all). I did a test this morning and here were my results. I created a task sequence in SCCM using my credentials (enterprise admin) and added the machine to the child domain using those same credentials. This allowed the client to install correctly and communicate back to the server so it marked the client as "Yes" installed. I then used the same task sequence in SCCM but edited to use one of my level 1 technicians credentials to add the machine to the child domain. I changed nothing else yet the client again showed as "No" client installed? It's making me think it's permissions related, but how could adding it to the domain with one user vs another cause an issue with the client communicating back to the server? These technicians also are able to successfully install the client and the machines report back as "Yes" installed when deploying to the parent domain. The test I am running now adds the technician 1's security group to the local admin group, THEN installs the client. I probably won't be able to report my findings until the morning. If you have any other feedback please advise. Thank you, -Joe

Please let me know if I'm being too vague. I'm still a rookie so I won't take offense!

This is the same case if I have gone in and manually configured WSUS ADR's as well? Prior to shutting of the GPO for all, I was able to manually hit "check for updates" (not search online) and it would look to my SUP server for updates and install them according. It was just killing my ConfigMgr/SUP deployments because the GPO was in place. I guess it just confuses me that the client can point to SUP in the local policy, but can't point to WSUS itself if configured.

Recently we started deployment several hundred machines as a start of a 4,000 machine deployment. These machines are all on a child domain of our parent domain that I have been deploying to without issue for months. I want to say that I didn't have issues deploying to the child domain before but for some reason it isn't working now. I have about 120 machines right now that are missing the client. These machines were all imaged using PXE deployments, but for some reason the client didn't install correctly. When I attempt to force the client down from the server, this also fails. It seems the machine attempted to install the client during deployment, and didn't complete correctly, because I can see the folders in the C:\Windows folder. Is there additional configuration I am missing? I will attach the smsts.logs and ccmsetup-ccmeval log I found on an example machine. Thank you in advance! ccmsetup.log ccmsetup-ccmeval.log smsts.log smsts-20140402-132717.log