jamitupya

am i missing something? Just performed a basic Install, click click click click click install Windows Server 2008 Local SQL 2008 SP1 SCOM 2007 R2 Got it setup and everything, deploy the agents into my LAB, everything is showing up as not monitored... any ideas?

http://windowsitpro.com/article/articleid/102268/q-can-i-deploy-linux-using-system-center-configuration-manager-2007-sccm.html http://social.technet.microsoft.com/Forums/en/configmgrsetup/thread/b683476d-6368-4d76-b938-b341dc56f1d2 <-- check out the links in here

what does your log say when it fails? make a test application in a batch file and test that to see if the install mechanism is working in general. can you post a the logs?

yup tried that also, seems to be BITS related. tried troubleshooting it in lab but other things got in the way.... will clone again and try later.

i had similar issues with this ... are you using run command line or install software? we use run command line e.g. cscript.exe //nologo c:\local\app.vbs

yeah now i think of it that was on an r2 DC.....the roles handle the same mostly, just the friendly name in the selections have changed.... will confirm next week.... let us know if you have difficulties, we're all happy to assist

curious, what OS are you running?

yup got it sorted thanks, good to see activity though :-)

we have always had to virtualize the whole desktop for the application however this is XP<->Vista as Peter, havnt tested as yet...

yeah could have but seems to be resolved, may have been permissions on the source directory being changed but unsure....next time i will screengrab it for you...

oops....sorry missed this one.... i suggest setting up your NAA (network access account) to have full rights to the drive/directory. Right Click the Drive/Directory -> Properties click advanced click edit setup the permissions you wish, the select Replace all existing, click apply, wait. i only recommend this when used with folders.... with drives can cause issues with other applications etc.

OK, so no idea whats going on here..... the errors of note i can see are: smsts.log Failed to run the action: Configure. Access is denied. (Error: 00000005; Source: Windows) when searching through the zticonfigure.log last line is ZTI ERROR - Unhandled error returned by zticonfigure: Invalid procedure call or argument (5) searching the ZTI ERROR turns up squat..... have deleted the MDT Package and recreated and distributed.... no joy... ideas? smsts.log zticonfigure.log

weird....this thing is back... this time on 2 different TS's.... going to recreate the MDT Package i think

are you doing a full Operating System Deployment? If so yes TS would be the best option, if not you could set a prerequisite on each of your packages that you wish to install.... this can be found in the Packages Program properties

Delete the packages from the affected DP (physically in the file system) then refresh the DP's. thats where i start when all looks good.... reset the ACL's and assign the recursive option to do all sub-directories also.... back to basics.

i 100% agree with you Peter :-) this wasn't aimed at running SCCM in Native mode, this is something i threw together quickly as a place to start..... Running Native mode has its own headaches as we are all aware of and this was a lab guide to get people thinking about certificates.... i will update later, or early next week with a cleaner way to do it....

yeah thats true, but as per http://support.microsoft.com/kb/959195 there are a few memory handling issues when using the reporting services and stored proceedures... we just updated a client to SP3 and had to apply this as the SQL Cluster was failing over to often to the offsite cluster. Performance hit was larger than expected so hotfix here we come :-) check out the hotfixes included, if you use the function consider the updates

Crap sorry, thought you were in sccm forum...... ignore

update your dp's, sometimes its screwy like that.... check your distmgr.log to ensure packages are delivered correctly.... if they don't on your DP delete the following: <drive>\SMSSIG$\<failedpackage>.<rev>.tar <drive>\SMSSIG$\SMSPXEIMAGES$\ <failedpackage>.<rev>.tar <drive>\SMSPKG*$\<failedpackage> for e.g. I would kill. E:\SMSSIG$\LAB00001.1.tar E:\SMSSIG$\SMSPXEIMAGES$\LAB00001.1.tar E:\SMSPKG$$\LAB00001\ update your DP and check the package is distributed again

Not in Production, but i've found this the easiest way for people who are learning to get the idea. I'd go in and generate a Web Server Certificate against the CA even in lab but we cant be expected to think for everybody can we? EDIT: Peter, What would you put in there? Let me know i'll update....no issues with that :-)

Assigning SSL Certificate to IIS Start Internet Information Services Manager Tool Navigate down to the Default Site. Right Click Select "Edit Bindings" Select HTTPS and click EDIT Select your Certificate from the Drop down List - Important to note, that this is extremely dangerous in production and you should ONLY use this root CA Certificate until you request a Web Server Certificate. Click OK and Close Right Click Default Site -> Manage Web Site -> Restart to restart the web service (or reboot the DC) Finished.

This guide assumes you have completed Part 1 of this guide Install the CA to the Trusted Root CA Open IE on the Domain controller with the CA installed. goto: http://localhost/certsrv Click Download a CA Certificate, Certificate chain, or CRL Click "Download CA certificate" When Prompted, click OPEN Click Install Certificate When the Import Certificate Wizard Begins, Click Next Click Browse and Select "Trusted Root Certificate Authorities" Confirm your Settings and Click Finish Finished

This guide WILL give you a basic run down of howto setup a Trusted Certificate Server in your LAB Environment. This guide will NOT provide specific information outside of the sample data on management of the certificates. This guide assumes that you have first setup Windows Server2008 and configured it for Active Directory. In a productionenvironment please consult Technet for best practices, see below links: Active DirectoryCertificate Services Overview (AD CS Win2008+) http://technet.microsoft.com/en-us/library/cc755071.aspx CertificateServices Overview http://technet.microsoft.com/en-us/library/cc758473(WS.10).aspx CertificateServers Best Practices: Public Key http://technet.microsoft.com/en-us/library/cc738786(WS.10).aspx Installation of Active DirectoryCertificate Services: Log onto your Domain controller you wish touse as a CA Start "Server Manager" Select "Add Role" Click Next Select "Active Director Certificate Services" Click Next Select "Certification Authority", "Certification Authority Web Enrolment" and "Certificate Enrolment Policy Web Service" Click Next Select Enterprise and Click Next Select "Root CA" and click Next Select "Create a new Private Key" and Click Next Leave as Defaults (or above settings) and Click Next Configure your CA name as you see fit, Keep in mind that this is the "name" users will see when registering against this Certificate Authority Store. Click Next Select your time for the certificates to be valid (default is 5years) and Click Next Click Next Select Windows Integrated Authentication and Click Next Select Choose and Assign a Certificate for SSL Later and Click Next Click Install installing ........ Click Close Finished PART 1 <div><br></div><div><br></div><div><br></div>

OK, got some time spare so will try and whip out an applying GPO guide today.... In the mean time, check out technet and this post for a basic rundown. there are many many many many methods of designing GPO, and for many different reasons so that is difficult. For example: i work as a Global Managed Services Architect so most of my designs are built in a fashion that no one component can cause total systems failure. We build a tiered GPO within our clients SOE so many users (Service desks and Support Staff) are able to have delegated access to different components. Our basic structure for GPO is as follows <root> Anything that every OBJECT in the domain will receive ROOT-GPO-PasswordPolicy <- settings all users will receive for password policy ROOT-GPO-APP-ERM <- Settings in regards to your global erm/crm/sap application <region> Anything Specific to the region APAC-GPO-OCSClient <- ensures settings for the OCS client in Asia Pacific are correct <country> Anything everybody in the country would require JP-GPO-AllComputers-Proxy <- Proxy settings specific to Japan* (can be site specific also though) <site> Anything the is site specific TKY123-GPO-AllUsers-Mapping <- All user accounts are added to the mappings group of their OU (in regards to this post) TKY123-GPO-AllComputers-Printers <- All computers get the printers installed <group>/<user> Anything specific to group off computers or users TKY123-GPO-Finance <- all users in the finance group have this GPO applied (disables USB storage, etc) TKY123-GPO-Highly-Managed <- Workstations that are classed as a Highly Managed WorkStation under the SOE Again, there are many ways to do GPO and as longs as to stay as close to the accepted Best Practices for your Environment / Industry and that provided by MS your should be ok, its not always as simple as following MS 100%. We build as above so i can delegate the <country><site><group><user> to the local country as they will nearly always want it different to what HQ advises. give them le-way and me less work. Provided they follow the guidelines.... Active directory is a bit similar.

^^ what he said, and enable F8 support on the boot image you are using as per this post then press F8 support when you get to the PE Environment, and in a command prompt do a ipconfig/all and ping to your sccm server.... recover your log file from x:\Windows\Temp\SMSTSLog\smsts.log and post here....we have more detail to work with then :-) to understand the logs check here