Ocelaris

Unless you want to open up your firewall directly to your CM 2012 server, yes, usually you have a DMZ CM site server with SCUP. I'm not clear if you have the updates sitting on SCUP, or just proxy them through to the primary site... because if you lay down a GPO that says "aim at this CM 2012 server" something.corp it won't be able to reach that out on the internet.

I'm with you, at about the same place. Make sure on the site, point it at your Internet FQDN. I'm not 100% if the PKI needs to match the external FQDN, my client is happy pointing at that website though...

Bump, I already have the certificates and Network part squared away, just looking for testing scenarios to troubleshoot/prove it works...

So I'm building out a test environment at my house to migrate our 2007 environment to 2012. I want to set up a DMZ server so our SCUP, FEP, software goes out over the internet. I have walked through all the PKI stuff, set up a server on the DMZ, installed a management point the certificate works, but just trying to figure out how clients which once were on the INTRANET discover the management points on the INTERNET... I've gotten the client to go back and forth between "internet" and "Intranet-only" (sorry no screen grab of the intranet only), but I have a cisco vpn to connect, and I installed the client from the console, it shows up fine. But it looks like the client doesn't know where to reach out to internet facing MP ? I scribbled out the actual internet facing FQDN, but basically I have it working, the cert is installed for *.ocelaris.corp, my FQDN is something.com but I am not sure that the internet facing client is able to reach back to that site. Even though I put in the DMZ facing server publish "something.com"... Does this look right? I'm not able to publish apps to the "Software center" yet...

Yeah, I'd double, triple check that the Device ID is correct in the .inf file. And if you imported it wholesale, in SCCM 2007 it said "oops, I already have this device ID" as it's probably a generic Intel video, and didn't put it into your categorized optiplex. i.e. it already existed somewhere else and didn't import it. I've run into this in our system where previous people had imported whole sale the Dell/Lenovo package and didn't break it down by component, i.e. intel video et all, which might overlap from model to model and manufacturer to manufacturer... So for my Lenovo T420s, I have to include the video from the Lenovo T410s. Makes it pretty ugly, and I'm hoping to start with a much better structure in 2012, AND break it down by component so I don't have this issue. Track back your driver to your location and Device ID, chances are it's not where you think it is, or at least I've seen that many times.

Thanks, After thinking it through again, I'm probably just going to start with a Side by side, and then keep that going forward. I have a home lab if I want to try something crazy. Most of the work in our migration is going to be migrating packages, task sequences, and I'm just going to use a new site code and nomenclature to differentiate; i.e. from NY-SCCM to NY-CM . Thanks

Quick question on site code, and side by side. In your lab environment, do you have everything completely seperate? i.e. different domain, no network connectivity? I wanted to do a side by side lab, to pull in all of our myriad task sequences and apps, but then I wanted to throw everything away when I was done, and start over. But I was worried about overlap with the AD System Management Container (they'll be different site codes). Is there going to be a problem with that site container if I'm using ABC for 2007 production, DEF for 2012 lab, GHI for 2012 production? I'm being careful about IP boundaries etc... just not sure about AD...

That's funny, exactly 1 year after, March 8th 2012 we had a similar issue with one server, it looks like it's fine after a reboot now, but will have to check up in a day or two.

That worked great, I just did a Criterion of Simple Value, then Network Adapter, and Mac Address, and my machine came right up. Strange how systems disappear out of collections, you would think that it would at least be in "All systems" but when the client is messed up, I've seen it not be in that group.

oh... shoot, that's a good idea! I have a query, but I can't do anything with the results (i.e. delete), but making a custom collection would work... Thanks!

Hi, I can't seem to find a computer in SCCM anywhere. I usually can find it in one of my collections, whether Win 7 machines or All systems; but this is an XP machine, and I've looked through almost every collection (we have hundreds). I know it exists in the system because I have a query which I enter the MAC address, and it spits out the hostname and GUID. Also particularly it doesn't boot into PXE because we can't find it to delete and readd out of SCCM. I've found when we have problems with the computer's entry in SCCM, (i.e. duplicates) it will not PXE boot, and the only solution is to find it, delete it, and readd it. But we can't seem to find it anywhere? I've wondered this for a long time, how do you go about really really deleting some machine if you can't find it, is there some way to clean it out forcefully, maybe a SQL query or something on the back end?

Bingo, I'd been looking for this forever! an easy way to go from Package ID to Name. Thanks as always!

I experience similar troubles, especially when we've had a system already entered (sometimes twice) and tried imaging, it failed, and then it seems like for a long time after it won't image. I'm testing this now at one of our sites and I'll report back.

So here's what I ended up doing. First I have a package called "local administrator rights" it has 2 programs, give and take. It does just that, it's a prerequisite for the first real prereq (Visual C++ 2005 Redistributable). So it logs them off, they log back in, and it fires off the next two programs. I'll just force the "take" local admin rights back once I've gotten everybody done. What a nightmare of an update!

Ok, sort of figured something out, it has to have the run mode "with user rights" ... not "administrative rights". But my users don't have local admin privileges... so I'm wondering if I can run it as a non-admin on that PC... getting somewhere finally! tbd...

So I'm cursed with this Microsoft Dynamics Patch that I just can't figure out I've tried every which way to push it, copying it locally, running from a share, various switches, and the logging is just terrible. I always end up with a 1603 error. The funny thing is, if I just double click on the SP5.msp file in the cache, or copy it anywhere on the local drive, it runs passively without any problems, just prompts for a reboot once it finishes. I've tried msiexec /p SP5.msp /qb+ /l*v c:\SP5.log msiexec /p SP5.msp /qn /l*v c:\SP5.log msiexec /p SP5.msp /l*v c:\SP5.log msiexec /i SP5.msp /l*v c:\SP5.log Even just tried a script to map a drive, copy it locally, and then run it. Once the file is local, the script works fine, i.e. net use j: \\server\share mkdir c:\SP5 copy j:\SP5.msp c:\SP5\ msiexec /p c:\SP5\SP5.msp /l*v c:\SP5.log works fine... but when I try anything in SCCM, it just fails. Script for Package:NYC00045, Program: Dynamics SP5 failed with exit code 1603 execmgr 2/5/2011 8:17:14 PM 2404 (0x0964) I know that it has to run locally, but I think my advertisement and program all say local drives, as per the execmgr.log here: Command line = "C:\WINDOWS\system32\msiexec.exe" /p SP5.msp /qb+ /l*v c:\SP5.log, Working Directory = C:\WINDOWS\system32\CCM\Cache\NYC00045.1.System\ execmgr 2/5/2011 8:16:25 PM 2208 (0x08A0) I've tried it with the working directory being from the share etc... and no dice. It's running as an admin etc... I have a prerquisite which fires off fine, it's a Visual C++ 2005 patch vcredist.exe which doesn't require a reboot (to my knowledge). And I've rebooted and tried the advertisement again, but just craps out on me... I've been working on this for 3 days, and am just at a loss, any ideas? Thanks, Bill PS. Sorry I posted this on another forum as well hoping to find some help. I was hoping to have it done this week, and now it's Saturday and really out of options!

Anyone by chance have ez-execute ? It's a front end gui for psexec. I'm running late on my SCCM pushes, and have to do some manually, so having trouble doing it all with psexec. It used to be here: http://www.penguinbyte.com/software/ezexecute But that link no longer works everything seems to point to the above link... http://www.savagenomads.net/2007/03/19/ez_execute_freeware_gui_for_psexec/

Here's one thing to try if your winpe images won't get an F8 prompt. I came across a microsoft article that stated point blank, if you can't hit F8 to get a command prompt, it may be an incompatible driver. i.e. it's not that your nic card is failing, it's that you have an incompatible driver with that image. Sure enough I was using the Lenovo 82577LM driver for our x201 laptops (win7 x86) dated 9/1/10 and as soon as I got the Intel dated 11/5/10 everything clicked... It's ALL about the nic drivers.

I'm glad I'm not the only one who over thought this problem. It's funny because I have the admin console installed and everything... just never thought to use it from my desktop... Sometimes plugging through a new hugely elaborate program like SCCM temporarily removes logical thinking because it's all so disjointed in my mind still.