Successfully added DaRT to boot image….or did it?

, , , , , , , , ,
Successfully added DaRT to boot image….or did it? Here is how to identify the problem and  a link to fix it!
I was recently onsite with a customer where the proposed design document included MDOP DaRT integration into the boot images. DaRT is a great tool to have because it gives the engineer the ability to remotely connect to the machine while within the WinPe environment. This particular customer is undergoing a massive and understaffed windows 10 migration where every bit of efficiency really makes a difference on deployment nights.
First a quick review on installing MDOP DaRT, Enabling Monitoring, and creating the boot image.
  1.  Install MDOP DaRT on primary site server
  2.  Copy the Toolsx86/64 cab files into proper directories into the MDT deployment share
  3.  Enable Monitoring on deployment share
Deployment share \SERVERD$DeploymentShare
Ports: 9800 (Event port) 9801 (Data port)

Connect to deployment share > Right click on “Monitoring” > Navigate to Monitoring Tab and fill the check box

Once this is filled you will start to see systems as they image from this view. 
DaRT
If you are in an environment that is not really using the MDT deployment share you would still open up the MDT toolkit and modify the CustomSettings.INI. This customer is heavily utilizing the MDT Deployment Share with all the settings applied we can access the “Rules” tab and see the setting is automatically applied after we enabled monitoring. The great part about using the deployment share in this scenario is that we can make constant on demand changes and not have to worry about hash mismatch errors like if were working within the MDT toolkit package.
DaRT
 We are now able to make our DaRT integrated boot image from the console on our primary site server. Begin by selecting “Create Boot Image using MDT” Make sure to select the following optional components “MDAC/ADO Support, and DaRTT”
 
DaRT
From this point we distributed the enabled the boot image for PXE deployment, added drivers, and attach it to a task sequence. In the screenshot below you will notice we are missing something? We do not have the “DaRT Remote Control” option that we should have.

 

DaRT
NOTE: Sometimes when the boot image is “Successfully” created it does not add the “DaRT” tool. I am able to verify this to be a LIE by looking into the PEMananger.LOG located in my temp folder.

C:Users%UserNameAppDataLocalTemp5PEManager.12520PEManager.log

DaRT
When we look at the command that was ran by accessing the “RunCMD.CMD” we see that only the WinPE-MDAD_EN-US.CAB is the only package even attempted to be added.
DaRT
You can investigate further by opening up DISM GUI and searching for any trace of DaRT on the boot image. As you can see DaRT did not even attempt to be installed into the wim.
Manually modify boot image to include Dart functionality by using the script below.
HOW TO FIX IT: Johan Arwidmark has a script available online that I have used to inject the Dart into a newly created WIM.

 

Once we ran the script created by Johan and injected the drivers I was able to start using DaRT tools.
After the USMT toolkit is called and the Gather step starts to run a box on the bottom left will appear  on the system being imaged but minimized. This is your indicator to let you know that you can now use DaRT functionality.

 

DaRT
From the Monitoring Node in the deployment workbench right click the computer we are trying to troubleshoot > Select Properties > Select DaRT Remote Control
DaRT
DaRT
TL;DR
Do not always take the console UI at face value and always verify with log files. Some occasions the console indicates something was done correctly but you need to check the logs. If this happens then you need to go old school and use the tried/true methods. If you run into a problem always do a quick search b/c the Deployment Research guys might already have a work-around.
To vote for this to be fixed from SCCM team please visit the link below.
 https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/32344414-dart-bug
 

SCCM Power Plan SQL Queries

, , , ,

SCCM Power Plan SQL Queries

In one of my customers environments there was a request for a quick review of ConfigMgr SCCM Power Plan settings. This turned out to show us that there were over 20+ power plans in the environment and needed to be reduced. Below is the quick query I came up with for the customer.

— individual systems with power plans and collection they belong to
select
SMS_R_System.Name0 AS [System Name],
V_Collection.Name AS [Collection Name],
__R_MANAGEMENT_CONFIGURATION0.NonPeakPowerPlanName00 AS ‘Non Peak Power Plan Name’,
__R_MANAGEMENT_CONFIGURATION0.PeakPowerPlanName00,
__R_MANAGEMENT_CONFIGURATION0.PowerConfigID00 AS [Collection Power setting Source] from
vSMS_R_System AS SMS_R_System
INNER JOIN POWER_MANAGEMENT_CONFIGURATION_DATA AS __R_MANAGEMENT_CONFIGURATION0 ON __R_MANAGEMENT_CONFIGURATION0.MachineID = SMS_R_System.ItemKey
Inner JOIN V_Collection on V_Collection.CollectionID = __R_MANAGEMENT_CONFIGURATION0.PowerConfigID00
Order by
SMS_R_System.Name0

 

SCCM Power Plan

— collections with count of systems with power plans
select
V_Collection.Name AS [Collection Name],
__R_MANAGEMENT_CONFIGURATION0.PowerConfigID00 AS [Collection Power setting Source],
count (V_Collection.Name) AS Count,
__R_MANAGEMENT_CONFIGURATION0.NonPeakPowerPlanName00 AS ‘Non Peak Power Plan Name’,
__R_MANAGEMENT_CONFIGURATION0.PeakPowerPlanName00
from
vSMS_R_System AS SMS_R_System
INNER JOIN POWER_MANAGEMENT_CONFIGURATION_DATA AS __R_MANAGEMENT_CONFIGURATION0 ON __R_MANAGEMENT_CONFIGURATION0.MachineID = SMS_R_System.ItemKey
Inner JOIN V_Collection on V_Collection.CollectionID = __R_MANAGEMENT_CONFIGURATION0.PowerConfigID00
Group by
v_Collection.Name,
__R_MANAGEMENT_CONFIGURATION0.NonPeakPowerPlanName00,
__R_MANAGEMENT_CONFIGURATION0.PeakPowerPlanName00,
__R_MANAGEMENT_CONFIGURATION0.PowerConfigID00

 

SCCM Power Plan

In a future blog post I’ll drop a massive amount of sql queries you should find helpful in any environment.

Rebuild site servers without redistributing content over the WAN

, , , , , , , , , ,

Rebuild site servers without redistributing content over the WAN:

Outlining the Project

 

                In order to support the Windows 10 Migration project for this customer the hierarchy needed to be upgraded to a level to support deploying/managing of windows 10v1607. The current level of the environment is 2012 R2 SP1 and we will move to CB1606 and upgrade to CB1610. During this time I took the opportunity to simplify the architecture as there were dozens of unnecessary secondary sites. These locations would have the site replaced with a single distribution point. There was no getting around these secondary sites as the pre-req check would fail due to the unsupported version of SQL server express installed on the systems. SCCM does support in place upgrade of SQL on a site server but that is limited to full SQL and not the express version. The best practice would be to spin up the new servers, configure them as Pull Distribution Points, pull the content from the old servers, and then smoothly transition between the two. In this environment, however, we were not provided with new servers to use, and we were faced with the added difficulty of prohibitively slow WAN connections, requiring us to come up with an alternative solution.

WARNING: WHEN REMOVING A SECONDARY SERVER AND YOU HAVE OTHER DPs THAT ARE ASSIGNED TO THAT SITE WILL BE REMOVED. THIS WILL OCCUR WHEN THE HIERARCHY MANANGER COMPONENT RECIEVES NOTIFICATION THAT XXX SITE IS NO LONGER PART OF THE HIEARCHY. SO KEEP THAT IN MIND WHEN DOING A SECONDARY SITE SERVER CONVERSTION. WHEN YOU LOOK IN THE CONSOLE YOU WILL EVENTUALLY SEE THE DPs HAVE BEEN REMOVED. THE ONLY WAY TO CHANGE THE SITE CODE FOR A DP IS DURING THE SETUP OF DP. WHEN THIS ROLE IS REMOVED BY HIEARCHY MANANGER BELIEVING IT IS NO LONGER PART OF SCCM IT WILL STILL RETAIN THE CONTENT LIBRARY. YOU WILL HAVE TO ADD BACK THE ROLE AND REDISTRIBUTE CONTENT WHICH THE HASH WILL STILL BE CURRENT (PENDING YOU DO CONTENT VALIDATION).

 

 

Best Practice/Worst Practice

 

                What we came up with was a series of PowerShell scripts that eventually evolved into the Distribution Content Migration Tool-Kit module.  This module takes queries WMI to pull a list of all content assigned to a Distribution Point and runs on the Distribution Point to create prestage packages for all of that content.  Once the required roles have been removed, reconfigured, and added back to the server, the module then allows all of that content to be reassigned to the Distribution Point and subsequently extracted to complete the migration.

 

 

Prerequisite Components

 

                Because portions of this module had to run locally on our Secondary servers, we needed the Configuration Manager libraries loaded as well as the most recent version of the Windows Management Framework.  While it is possible to just copy over the required DLL files and import them into PowerShell, we did want to stick with something more reliable and consistent, so we installed .NET 4.5, WMF 5, which is required to install the Configuration Manager Console. These updates were all copied to the server and then installed to the clients with a quick PowerShell query to find all servers with the Secondary Site role installed piped into a Copy command.  A few reboots later, and the servers were primed to migrate.

 

 

Before Removing Roles

 

                Modify the site assignment and site server referenced on your boundary groups to talk to another site system server. This is set for your boundary by the boundary group applied to it. I changed the site assignment to my primary site server. I changed my site system servers to the MP on my primary and I left the DP blank as this was only an expected outage of less than 2 hours. Once the conversion is complete I will place my DP here for the boundary group. If you do not want to leave that blank you can use the closest DP that has open ports for communication. Remember do not remove any of the roles until we create the pre-staged content locally on the site server.

 

 

Prepare server for role removal

 

                The tool-kit is made up of four separate scripts written out as the functions Get-DPContent, Prestage-Content, Restage-Content, and Extract-Content.  

 

 

Script Step 1: Get-DPContent

 

                The Get-DPContent function requires you to specify a Distribution Point and will pull a list of every piece of content SCCM has assigned to it.  It returns an unformatted array of WMI SMS_PackageBaseClass objects which can look a little daunting, but can be easily formatted for reporting or further processing.

 

Title: A single DP Content Info object - Description: This is the raw dump of the information returned when you get the SMS DPContentInfo class

 

Figure 1 – Raw data produced by the SMS_DPContentInfo Class

 

 

 

Figure 2 – Table-formatted values for just PackageID and Name

 

                I’ve seen some guides online use Get-CMDeploymentPackage to get package info, but I’ve found that WMI works up to 3x faster when querying large data sets, and it runs without needing a connection to a CMSite drive, so it’s become my preferred method.

 

 

Script Step 2: Prestage-Content

 

                This function does the actual work of creating a prestage PKGX file based on the package ID you provide it, the Distribution Point that holds the content, and the location of the folder that will store the package for later use.  The ConfigurationManager PowerShell module actually comes with a cmdlet called Publish-CMPrestageContent, but because that cmdlet requires you to specify the type of item you’re prestaging, we wrote this function to make the WMI call, examine the package type, and issue the correct command for you.  For one off package prestaging, this is still far and away superior to going through right click menus, but where this function shines is when it’s used in conjunction with the Get-DPContent function. 

 

 

Figure 3 – Prestaging a single package

 

 

 

 

Figure 4 – Prestaging multiple packages via For loop

 

Remove roles from SCCM console.

 

After you successfully create the pre-staged content locally on the server we can move forward.   In our case, we needed to remove all roles assigned to the server and only add the DP role back. This action required us to remove the DP, MP, and SUP. After these roles are removed we can go ahead and remove the site server.

 

Note: when you are decommissioning the secondary site this will also uninstall the DP role naturally. Out of habit I recommend to remove all soles prior to uninstallation of the Site.

 

  • Validated via the distmgr.log on the primary site server
  • Validated by no longer being seen in distribution point configuration status in the console

 

 

 

 

Removing the site server

 

                From the console Administration > Expand Overview > Expand Site Configuratoin > Sites > Select the site and “Delete”. This will create a new dialog box and it is important that you read the differences btwn uninstall and remove. We will choose to uninstall.

 

 

 

 

From here you can see the state of the secondary site server has moved to “Deleting”

 

 

How to monitor and the site server uninstallation process

 

On your secondary site server you can monitor this from C:ConfigMgrSetup.log. The site server uninstallation process is roughly as follows.

 

1. ConfigMgr2012 Setup is started by system with command line options /deinstall / msg2parent /nouserinput

2. Information is checked, this will be things such as the following. FQDN, OS is verified, Checks for existing setup information, existing SQL information, existing configmgr installation and version number, etc.

 

 

3. removes SQL alias for sccm

4. Starts uninstallation of secondary site by first cleaning up SQl server replication data, start uninstallation of local dp (if applicable) Remove content SCCMContentLib, SMSPKG, SMSPKGF$, SMSSIG$ directories from the server. The process will also move through list of all SCCM Services and stop/uninstall them if present and then stop WMI

 

 


NOTE:
After services/connections are removed you will see a number of redlines in the log file. This is only b/c connection can not be established which is expected right after stopping WMI

 

 

 

5. Connect to database, drop schema SMS_SiteSystemToSQLConnection, drop database, and uninstall SQL (if applicable)

 

 

NOTE: ONLY If your admin installed SQL instead of letting SCCM perform the uninstall action during site install you will see this message

 

 

6. Attempt unregister list of Binaries

 

 

7. Attempt delete remaining folders/files from within the configmgr installation directory

 

 

8. remove registry keys, restart WMI, and other services then complete uninstallation of Configuration Manager Site.

 

 

NOTE: After site is uninstalled you might run into issues where the secondary server is still showing “Deleting” this can be resolved by my other blogpost HERE where I had to use the hierarchy maintenance tool.

 

 

Remove unnecessary items

 

Start by uninstalling SQL (if applicable) the only time you will have to uninstall this is if the admin installed / configured SQL on the secondary site instead of letting SCCM do this action. Remove any other roles/features that are no longer needed. For this environment I also removed WSUS as it is no longer needed nor will be able to patch win 10 when the server is on server 2008R2 w/ WSUS 3.0
since we uninstalled SQL this freed up two extra drives on the machine that stored the database and the log files. These were then reclaimed by the storage team. For the entire project this allowed 1200 GB to be reclaimed. Uninstall the sccm console as it is no longer needed.

 

 

Before reinstalling DP

 

I have performed a number of conversions in the past where there were problems reinstalling the DP role. Typically this process goes just fine but in rare instances I ran into issues and have to completely remove the client / delete from database / rediscover / reinstall client / reinstall role, so I recommend doing the following.  

 

  1. Completely uninstall SCCM Client
  2. Remove the following registry HIVE “HKEY_Local_MachineSoftwareMicrosoftSMS”
  3. Reinstall SCCM client

 

 

Reinstall DP Role

 

                There should not be any additional configuration needed as this server previously had the DP role. Make sure this is not configured for pull dp and you enable this for pre-staged content. You can track the installation process in 2 logs: DISTMGR.LOG on the primary site server installation path and and SMSDPPROV.LOG located SMS_DP$smslogs. You can also Track through monitoring on the console

 

Track though the distmgr.log on your primary server and smsdpprov.log on the DP.

 

 

 

 

Script Step 3: Restage-Content

 

                The Restage-Content function crawls through the list of packages we saved and tells SCCM to re-assign the content.  While the Prestage-Content and Extract-Content functions need to be run on the DP you’re migrating, this command, along with Get-DPContent, can be run from any computer as it is only interacting with meta-data on the SCCM server. All you need to specify here is the location of the prestage files and the name of the distribution point they’ll be assigned to.  

 

 

Figure 5 – Content restaging in progress

 

 

Figure 6 – Existing content will not waste time trying to reassign

 

 

Script Step 4: Extract-Content

 

This function takes input in the form of the prestaged content location and uses Microsoft’s ExtractContent.exe program to manually add them to the content library.  While we messed with the idea of having it prompt you for the location of the ExtractContent.exe utility, we eventually decided that it was simpler to just require the exe file to be in the same directory as the prestage packages.  This takes a while to run depending on the quantity and size of your PKGX files, and in the event that some do not sync properly when you check your Distribution Point Configuration Status messages, you can run this function again, and it will only try to extract content that isn’t flagged as State=0 (successful).

 

 

Figure 7 – Content extracting one package at a time

 

 

 

Final Product

 

In conclusion, while there are some tools and packages out there that are more “double click and go” automation, we’ve found that every environment is too different for one solution to work for everybody. With that in mind, we focused on developing a toolkit that could be adjusted and tweaked for any environment and then used that to simplify our infrastructure to make life easier for the local admins.  Our next step in this project is to begin the upgrade from SCCM 2012 R2 SP1 to Current Branch 1606, and eventually to Current Branch 1610.    When all is said and done, we’ll have converted nearly three dozen secondary sites, all with their own Distribution Point, Software Update Point, and Management Point roles over to just Distribution Points.  In addition to saving several hundred GB of content distribution traffic this conversion will have eliminated much of the unnecessary SQL and WSUS traffic we saw. The storage team was also thrilled to realize 1.2TB of storage can now be reclaimed.
ALSO SEE : Lockstate Object