ADK 1511 – don’t use it quite yet

http://blogs.technet.com/b/configmgrteam/archive/2015/11/20/issue-with-the-windows-adk-for-windows-10-version-1511.aspx

Pretty minor… its not as if many people that use SCCM would use the ADK…. only 100% of them.

Some interesting comments at the bottom of the page…

Previously I was one of those who thought Microsoft’s patching and release quality testing was getting better… and it was… for a while… but between this, the MDT 2013 U1 buggy release, multiple exchange RU’s that got released and re-released, the windows update that killed outlook… well, I think MS might have some QA issues.

Java 8 update 60 install with SCCM

Java….. not only is the product itself pretty much a virus, the deployment and ongoing management of it just plain sucks.

 

It seems that for Java 8 update 60, the dev’s have managed to add that little bit more complexity.

If you download and install the offline installer from the java web site (http://www.java.com/en/download/manual.jsp), you get the familiar .exe with an msi within it.

The msi can be obtained by simply running the installer and navigating to C:\users\%username%\AppData\LocalLow\Oracle\Java\jre1.8.0_60 <or similar for later versions>

This has been a common method of getting the MSI then simply putting it into SCCM for years…. but now there is a requirement to have the file C:\Programdata\Oracle\Java\Java.Settings.cfg in place before running the MSI.

 

So… what about alternate methods

Using the recommend approach by Oracle – http://www.oracle.com/technetwork/java/javase/silent-136552.html results in utilising the executable with a config file.

From my testing, it seems that the config file must be fully path’ed and must be on a local drive (i.e. not a unc path) – this is do-able via SCCM by simply scripting the files to be copied locally and executed….  but this is turning something that should be simple into more lines than it needs to be. You can still use the msi detection method – but having the msi already extracted makes finding the code just quicker and easier.

Another method is to get the java natively as an MSI as per https://www.java.com/en/download/help/msi_install.xml , however, this required an oracle logon – and even with the logon, unless you have ” Oracle Java SE Advanced” (whatever that is), you do not get access to it.

 

Why is this so fucked?

I’m going to go out on a very very short limb here and suggest that Java is almost universally hated by deployment admins, its not that its stupidly hard – its that the deployment methods seem to change regularly, they do stupid things such as make a compiling a jar file required for updating security settings (java 7 update 51) and just generally seem to love making deployment and management of Java far far harder than it needs to be… for reasons best known to themselves.

In this instance, its not obvious from the doco (nor past experience) that this file needs to be copied down first.

When it does become clear, thanks to posts such as https://www.reddit.com/r/SCCM/comments/3iq6tq/installing_java_8u60_during_bc_task_sequence/?

all it does is add another un-necessary step to the packaging process….  and kill time.

 

Anyhoo – in short, to sum up

Extract the msi (as you have for the last few years) from the java install exe

Create your app

Copy a pre-made java.settings.cfg to C:\Programdata\Oracle\Java\Java.Settings.cfg (settings can be found here http://docs.oracle.com/javase/8/docs/technotes/guides/install/config.html#installing_with_config_file )

Install your MSI

Shake your head and wonder why they don’t just give us an msi in the first place

SCCM 2012 R2 SP1 – Unlocking objects “in use”

Since moving to SCCM 2012 R2 SP1 at some sites, I’ve been having some issues where the console crashes while editing task sequences.

This is frequent, maybe once every 2 or 3 days… and is something that I’ve only been experiencing since SP1.

The downside of this, is that even when restarting the console or the entire server, the TS is locked for editing.

Fortunately – this article was unavailable on how to clear the lock

http://myitforum.com/myitforumwp/2013/02/22/unlocking-configmgr-2012-objects/

The short version

  • Open SQL manager
  • Create a new query against the CM database
  • select * from SEDO_LockState where LockStateID <> 0
  • DELETE from SEDO_LockState where LockID = ‘<LockID of the record identified in the previous query>’

Windows 8.1u1 – Power button does not show up on start screen

This happens with devices that are classed as tablets – for some bizarre reason as per https://support.microsoft.com/en-us/kb/2959188

and can be modified using https://technet.microsoft.com/en-us/library/dn660972.aspx

Here’s a screenshot of what it should look like in WSIM

PowerButton

 

or in xml

<settings pass=”specialize”>
<component name=”Microsoft-Windows-UnattendedJoin” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State”>
<Identification>
<Credentials>
<Username>
</Username>
<Domain>
</Domain>
<Password>
</Password>
</Credentials>
<JoinDomain>
</JoinDomain>
<JoinWorkgroup>
</JoinWorkgroup>
<MachineObjectOU>
</MachineObjectOU>
</Identification>
</component>
<component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State”>
<ComputerName>
</ComputerName>
<ProductKey>
</ProductKey>
<RegisteredOrganization>
</RegisteredOrganization>
<RegisteredOwner>
</RegisteredOwner>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
<TimeZone>Pacific Standard Time</TimeZone>
<ShowPowerButtonOnStartScreen>true</ShowPowerButtonOnStartScreen>
</component>

 

 

 

You cannot import a Windows 8 signed driver on a Windows Server 2008 R2-based WDS server

Run into by an employee – John. straight copy from his email.

Ran into this issue yesterday, ConfigMgr 2012 R2 running on Windows 2008 R2. When attempting to import some network drivers, the Windows 7 driver’s imported fine, however the Windows 8 or later drivers gave the error

 

“Error: Failed to import the following drivers:

<Driver> – The selected driver is not applicable to any supported platforms.”

 

Turns out the Windows 8+ drivers are signed by using the SHA-2 hash algorithm. Therefore, the driver cannot be validated on a WDS platform on which a version of Windows earlier than Windows Server 2012 is installed.

 

Additional Info: https://support.microsoft.com/en-us/kb/3025419

 

Fix : https://support.microsoft.com/en-us/kb/2837108

 

In this instance the driver as the Intel I217-LM/ I218-LM network driver and was need to be injected into the boot image

SCCM 2012 R2 SP1…. must have SP2 installed ?

If I logon to MSDN downloads (which is my only option now TechNet downloads is gone) I see this

first

I stupidly thought it would be SCCM 2012 R2 SP1….

The file name also made me think it would be SCCM 2012 R2 SP1

 

second

 

But, I was wrong….

3

 

Apparently to install SP1, I must have SP2 installed.

What you actually need is the iso titled mu_system_center_2012_configuration_manager_and_endpoint_protection_with_service_pack_2_x86_x64_dvd_6677749.iso

 

4

 

Why am I downloading SP2 media to move to SP1?… well, that’s a good question – and one that only Microsoft can answer.

The media will move SCCM 2012 (non-R2) environments to SP2 and SCCM 2012 R2 environments to SP1…

Makes perfect sense.

Updates for SCCM 2012 and R2 coming next week…

http://blogs.technet.com/b/configmgrteam/archive/2015/05/04/announcing-support-for-windows-10-management-with-system-center-configuration-manager.aspx

The main bit that I’m interested in is

Next week, we will also be releasing service packs for Configuration Manager 2012 and 2012 R2 customers. These will deliver full compatibility with existing features for Windows 10 deployment and management as well as several other features, including:

  • App-V publishing performance – Improved performance that reduces the time required for apps to display after the first logon for non-persistent VDI environments.

  • Scalability improvements – Increased hierarchy scale to 600K and primary/standalone site scale to 150K.

  • Content distribution improvements – Improved data transfer reliability for slow and latent networks, and also improved scale and performance for pull distribution points (DP).

  • Native support for SQL Server 2014 – Added native support for SQL Server 2014 to enable site installation and recovery using SQL Server 2014.

  • Hybrid features Added a large number of hybrid features for customers using ConfigMgr integrated with Microsoft Intune (hybrid). Some of the features that you can expect to see in this release include conditional access policy, mobile application management, and support for Apple Device Enrollment Program (DEP).

 

While we obviously don’t know what those improvements exactly are yet – hopefully they will help out many of our customers with sites on the end of the shitty networks we have in Australia.

Adding .net 3.5 to 8.1 and 2012 R2 – the easier way

First of all – we mount the existing WIM (in this case, I’m mounting server 2012 R2 standard)

The directory D:\PSource$\OSD.Windows.2012.R2 has a full copy of 2012 R2

The directory D:\mount is empty

Dism /Mount-Image /ImageFile:D:\PSource$\OSD.Windows.2012.R2\sources\install.wim /Index:2 /MountDir:D:\mount

Dism /Image:D:\mount /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:D:\PSource$\OSD.Windows.2012.R2\sources\sxs

Dism /Unmount-Image /MountDir:D:\mount /Commit

 

This is much easier than the scripts and other things I see floating around the internet to do this in a task sequence. It also means that avoid issue applying the “.net killer” updates – KB2966826, KB2966827,KB2966828.

My suggestion when building a 8.1 or 2012 R2 TS is to

1) Dump the contents of the iso into your PackageSource with an appropriate name

2) Run the commands above to enable .net 3.5 in your base wim

3) Perform a dummy run of the TS, to see that it works, but also to allow the required updates list to be generated

4) Force (or wait) for a software updates scan to occur

5) Create your ADR (or manually select the required updates if you really want)

6) Use the awesome “Schedule updates” in SCCM 2012 R2 functionality to integrate updates into the wim

 

That way, you are off to quite a good start for your builds.