Tuesday, December 30, 2014

Happy New Year (2015)

From Henk's blog (and sponsors) we wish you all a Happy New Year! Thanks for visiting my blog, and hope you liked all information last year about Microsoft System Center and Microsoft Intune.

Expect more to come in 2015 again!

Tuesday, December 23, 2014

2 weeks left: Veeam end-of-year limited-time offers

Sponsor post
Veeam Special Offers until the end of December: Take on the NEW v8
There are only 2 weeks left to save with these special offers before the price increase! Improve your modern data center with 200+ new features and improvements of the NEW Veeam Availability Suite v8, including Veeam Backup & Replication v8:
Save up to 10% + upgrade to v8 for free
Offer ends December 31st
Veeam Special Offers
Or have a look at Full list of Veeam's special offers and promos

Happy holidays!

Monday, December 22, 2014

ConfigMgr 2012 R2 User-based application deployment

Today I deployed applications for Application Catalog usage. During installation the following error message was showed: The software change returned error code 0x643(1603). This is just a generic MSI error and tells you very little. Within Event Viewer the following error message was showed: Administrative Privileges Required. For it seems the user doesn't has enough permissions here?

Within the application deployment, User Experience tab, you can choose Installation behavior. There's "Install for user", "Install for system", and "Install for system if resource is device; otherwise install for user". Mine was configured on last one. Changed that to "Install for system", and all my issues were gone.

So long story short, when deploying to "Install for user", the account must have permissions to run the command-line provided in the chosen deployment type. When deploying to "Install for system", this isn't needed, and deployment is done under SYSTEM permissions.

When looking on Microsoft Technet HERE and HERE it seems that administrator permissions are needed indeed. When using "Install for system" this isn't needed. Issue solved.

Wednesday, December 17, 2014

Using offline servicing in a server image with multiple indexes

Within ConfigMgr 2012 it's possible to update images with offline servicing functionality. When doing that on server media however, it's possible that multiple indexes are found. When that's the case, updates will be installed on all indexes, which takes a lot of time. In this scenario I'm installing 75 updates on a Windows Server 2012 R2 image with 4 indexes, which are:

When starting offline servicing on this image, a total of 300 updates (4x 75) will be installed. Let's have a look at the ConfigMgr logfile (OfflineServicingMgr.log):
4 images are detected
300 updates are installed

When using DISM however it's possible to remove existing indexes from an image, so offline servicing can do a way better/faster job. This can be done with the following command: DISM /get-imageinfo/imagefile:<path to WIM file>
Now that we know which index to keep and which to remove, use the following command: DISM /delete-image /imagefile:<path to WIM file> /index:<index number to remove>
In my case I removed 3 indexes, because the only index needed is SERVERSTANDARD. Let's have a look again with: DISM /get-imageinfo/imagefile:<path to WIM file>

There's only 1 index left now. Let's start offline servicing again on this image and have a look at the logfile (OfflineServicingMgr.log):
1 image is detected
75 updates are installed

As you can see this did the trick on my Windows Server 2012 R2 image. Did see another image with 8 indexes before also, which is crazy when using offline servicing. Just use above steps for removing them in the future. Just great isn't it?

Offline servicing is still very handy for updating images easily/quickly, when MS Office is not included in the image.

Source: Microsoft TechNet

Option: /Get-ImageInfo
Displays information about the images that are contained in the .wim, vhd or .vhdx file. When used with the /Index or /Name argument, information about the specified image is displayed, which includes if an image is a WIMBoot image, if the image is Windows 8.1 Update, see Take Inventory of an Image or Component Using DISM. The /Name argument does not apply to VHD files. You must specify /Index:1 for VHD files.

Option: /Delete-Image
Deletes the specified volume image from a .wim file that has multiple volume images. This option deletes only the metadata entries and XML entries. It does not delete the stream data and does not optimize the .wim file.
This command-line option does not apply to virtual hard disk (VHD) files.
/CheckIntegrity detects and tracks .wim file corruption when used with capture, unmount, export, and commit operations. /CheckIntegrity stops the operation if DISM detects that the .wim file is corrupted when used with apply and mount operations.

Friday, December 12, 2014

Stop a hung service during Cumulative Update installation

Today I started a Cumulative Update 3 installation, which is the most recent one on ConfigMgr 2012 R2. As always (?) a reboot is needed before installation is started. This will be mentioned in the prerequisites wizard. After reboot however, installation hung on the first step. Stopping services.. This on the Windows Management Instrumentation (WMI) service. Let's have a look how to stop this service manually.

First have a look in the Services console for the service name. In this case the service is called WinMgmt. Then open a Command Prompt and type in the following command:
-sc queryex [servicename]
Replace [servicename] with the services registry name.

After running the query the PID is showed, which is 836 in my case. Type in the following command to stop it definitely:
-taskkill /f /pid [PID]
Replace [PID] with the number showed before.

This will forcefully kill the hung service! After that installation can be continued as expected.

Wednesday, December 10, 2014

Remote installation fails on Windows 8 and 2012

When deploying the ConfigMgr client on Windows 8 or 2012 systems, it's possible that remote installation fails. This because off User Account Control (UAC) which cannot be completely disabled. Remote Endpoint Agent installation requires that UAC is disabled on the Endpoint. This can be fixed however with a registry change and service restart. Let's have a look.

Deploy the following rule to Windows 8 or 2012 systems to enable Remote installation:
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
net stop LanManServer
net start LanManServer

Deploy the following rule to Windows 8 or 2012 systems to disable UAC:
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f

After that Remote installation is enabled and UAC disabled, and deploying the ConfigMgr client from the Management Console will be fine.

Source: Microsoft Support

Tuesday, December 9, 2014

End of the Year Promotion started from Jalasoft

Sponsor post

Great news for this month. This because Jalasoft started their special End of the Year Promotion today! You can purchase ANY of their solutions throughout the month of December with a 40% OFF discount. Isn't that good news? The End of the Year Promotion includes the following solutions from Jalasoft:
-Xian Network Manager
-Xian Wings (mobile solution!)
-The Xian SNMP Device Simulator
-XIAN Network Manager includes a FREE Xian Wings license!

To request a quote just click >HERE< or contact any of the sales representatives at sales@jalasoft.com.

Xian Wings can be a great help for the holidays since it lets you view your OpsMgr environment information anytime, anywhere. More on this can be found in the following blog post: How Xian Wings Saved Christmas and in a few others as well:
My personal experience with Jalasoft Xian Wings (part 1)
My personal experience with Jalasoft Xian Wings (part 2)
Let the Xian Suite help you make the most of your holiday time off!

Happy holidays!

Friday, December 5, 2014

Microsoft Surface Pro 3 second experience

One month ago my new work device was delivered, a Microsoft Surface Pro 3. I decided to order one because of great look & feel, very good feedback (reviews) and Windows 10 in pipeline. A blogpost about my first experience can be found HERE. Let's have a look at my second experience, after using it for over one month now. Most of my experiences are positive, but some negative ones also!

Still very happy with my device, it's fast, quiet, and have a good battery. It's both a notebook and tablet. Let's have a look!

-Fast (with i7 CPU, i5 performance don't know)
-Quiet (on battery always, on power not all the time)
-Battery (approx. 6/7 hours with Office and Internet open)
-12" display (sharp, resolution, pen support)
-Pen (great in presentations)
-Weight (1,1 kg with keyboard)
-New generation device, high wow factor!
-Windows 10 upgrade coming (free?)
-Kickstand (can be placed in all positions)
-It's both a notebook and tablet

-Fan blowing (on power only, not all the time)
-Out of sleep (when in sleep mode, it will wake up. for it seems because of the keyboard?)
-One USB port only (far too little to connect multiple devices!)
-Keyboard function keys (sometimes Fn is needed, sometimes not, which is confusing)

That's it for now. As you can see more pro's than con's are mentioned, so my total experience with the device is still very good. Hope that Microsoft can fix fan blowing with a future system firmware. Then it will be even better. Microsoft did a great job here!

Wednesday, December 3, 2014

Failed to find the current TS configuration path (0x80070003)

When capturing Windows 7 SP1 on VMware with a VMXNET3 network onboard, the following error is displayed during Capture media:
-Unable to read task sequence configuration disk
-ConvertBootToLogicalPath failed to convert 'MULTI(0)DISK(0)RDISK(0)PARTITION(2)\_SMSTASKSEQUENCE\WINPE\SOURCES\BOOT.WIM' (0x80070003)
-Failed to find the current TS configuration path
-Failed to find the configuration path. The system cannot find the path specified. (Error: 80070003; Source: Windows)
-Execution failed with error 80070003

This because of the following configuration:
-VMXNET3 Network device in virtual machine
-VMware Tools installed/running in virtual machine
-VMXNET3 Ethernet Adapter driver missing in boot image
-VMware PVSCSI Controller driver missing in boot image

Just use a virtual machine with Intel E1000 or VMXNET3 Network, and uninstall VMware Tools when installed/running. Make sure that both VMware Ethernet and PVSCSI drivers are installed in the boot image(s) used for Capture media.

After that you will be fine!

Monday, December 1, 2014

New ConfigMgr Hotfix speeds up retire or wipe to seconds

Last month a new ConfigMgr hotfix became available, specific for Mobile Device Management devices in Microsoft Intune. This hotfix greatly reduces the time that's required to execute a successful retire or wipe of an MDM device by using a notification to "push" these tasks. Without this hotfix, retire and wipe operations could require 24 hours to run successfully, because they relied on a "pull" mechanism of this frequency. This happens with me on installations also, where retirement could require 24 hours of even more!
After you apply this hotfix, retire and wipe operations are pushed to the following MDM device types: iOS, Android, Windows 8.1
These operations now run on the device in a matter of seconds, assuming the device is reachable by Microsoft Intune. The device must have an active data connection for Intune to communicate with it. Just great that this ConfigMgr Hotfix speeds up retire and wipe operations to seconds!
Note: If a device is not reachable by Intune when a retire or wipe operation is requested, the operation will run the next time that the device comes online and connects with the Intune service. This could require up to 24 hours.

To apply this hotfix, you must have Cumulative Update 3 for ConfigMgr 2012 R2 installed.

Download hotfix: Microsoft Support

Thursday, November 27, 2014

Microsoft’s Mobile-first, Cloud-first vision (part 2)

In Microsoft’s Mobile-first, Cloud-first vision (part 1) I mentioned to be VERY excited about Microsoft’s Mobile-first, Cloud-first vision based on Microsoft Azure services. This time I mention new Intune and Windows 10 features, partly based on Experts Live sessions.

Windows 10 is created as One product family running on One platform using One appstore. It's the platform for the new world, where focus is on cloud-based devices and management. Using one Windows offers the same user experience on multiple devices, with universal Windows applications running on it. To make things easier, big changes are coming to deploy and manage the Operating System.

Some notes on Windows 10 for Enterprise:
-Windows 10 can be managed as mobile OS fully in Microsoft Intune. No GPO's needed for that.
-Every Microsoft-based device, system or phone should be support Windows 10, that's the idea or message!
-No image management in Windows 10 is needed anymore. Just manage it like a mobile OS from now on.
-Windows is called Windows 10 because it's really a new OS which everyone is familiar with! It's the platform for the new world.
-Join Windows 10 with Azure Active Directory instead of using on-premises Directory Services. New way of thinking ;)
-New infrastructure model will like to be Azure with Active Directory, Azure RemoteApp, Enterprise Mobility Suite and Windows 10.

-ConfigMgr still can be used, but is not needed anymore. Hybrid with Intune is best option I guess!
To manage Windows 10 for Enterprise, Microsoft Intune can be used. Microsoft released a new Wave this week with new functionality:
New Microsoft Intune capabilities coming this week
-iOS & android App Wrapper (company apps)
-Per-App VPN (can be used per single app)
-Conditional Access Policies (differs per OS)
-Managed Mobile Apps (Intune MAM)
-Protected Browser Management (URL filtering)
-Bulk Device Enrollment (single service account used)
-Device Lock Down (Kiosk Mode)
-Allow & Deny Applications (blacklist/whitelist)

Finally you can say that Microsoft Intune is enterprise ready now! Let's have a look at some notes during this week:
-New features mentioned on TEE14 will be available now!
-New ConfigMgr hotfix makes Intune policies applying much faster. It can be downloaded here: Microsoft Support
-Intune Q4 updates on data/application containerization and wrapping.
-Intune and ConfigMgr hybrid features still not in sync. Would be great if this can be optimized in the future. You must wait multiple weeks/months for having same functionality in ConfigMgr!
-Windowsphone Feature Pack for 8.x devices which offers many improvements on management.
-Bulk enrollment, enterprise lock and application wrapper are finally there! Many people were waiting for it.

With Windows Phone Feature Pack for 8.x devices (as mentioned earlier) there will be:
-Richer Policy set (more then other vendors)
-Wifi, (trigger) VPN, Certificates push
-Encryption intelligence for SD cards
-Improved Application lifecycle management
-Improved Inventory
-Remote Lock, Password (PIN) reset

With these products coming and already there, the future looks bright for Microsoft. There is a new System Center (and ConfigMgr) coming, but nothing to hear about that. It's about Mobile-first, Cloud-first vision, which seems to be a new way for getting things done. Stay tuned for a next blogpost on my own experiences!

Tuesday, November 25, 2014

Microsoft’s Mobile-first, Cloud-first vision (part 1)

On Tuesday November 18th I attended Experts Live in Ede (NL). This event based on new Microsoft technology is held once a year. It was full house with almost 800 people listening to around 50 speakers divided over more then 40 sessions. Most of sessions and opening keynote was about Microsoft Azure technology. Let's have a look at my sessions attended and lessons learned!

I did 2 sessions on Microsoft Azure, 2 on Microsoft Intune, 1 one Azure RemoteApp and 1 on Windows 10 for Enterprise. The message was Mobile-first, Cloud-first in keynote and almost all sessions. It's about bringing all systems and applications to the cloud, and manage it from there! On-premises is definitely not hot anymore. Not on Directory Services, not on System Center, not on Exchange, not on SQL, not on management and monitoring. Time to start working from a new perspective, let go what is and move to the cloud ;)

As seen on the Azure footprint, Microsoft Azure is growing rapidly. At the moment there are 19 Azure datacenter regions open for business already. Numbers are changing fast (weekly), but just for overview I include some of them:
-New Azure customers a week: >10.000
-SQL databases in Azure: 1.200.000
-Storage objects: >30 trillion
-Active Directory (AD) users: 350 million
-AD authentications a week: >18 billion
Hyperscale: over 300 services spanning compute, storage and networking supporting a wide spectrum of workloads!

Microsoft Azure is booming business, changing fast with resources scaling up daily. Payment is done on resources used, not on VM's which are turned off. Microsoft released a new Azure portal preview which looks awesome to me. There is Azure Resource Manager to create deployment templates (for example: deploy SQL 2014 Always-On servers with a single template) and Azure Operational Insights for online monitoring. Furthermore there is Windows Azure Pack for managing Private clouds, Azure RemoteApp for global access to business applications, and Enterprise Mobility Suite for mobile management.

Last but not least there is Windows Phone Feature Pack for 8.x devices, which offers a richer policy set (and many more), Microsoft Identity Manager offers self-service identity management for users, and Azure AD Application Proxy offers access to on-premises applications from the cloud. Microsoft is doing a great job here! On both Microsoft Azure and Microsoft Intune you can start a 30-day trial to have a look at functionality. Just start it today and decide what it can do for your business/organization.

Some notes on Azure and RemoteApp:
-At the moment there are 19 Azure datacenter regions open for business this month (growing rapidly).
-Over 300 services spanning Compute, Storage and Networking supporting a wide spectrum of workloads!
-The new Azure portal is ready for role-based access and can be used for admins and view-only access now.
-New Azure G-family (Godzilla) systems are coming, with 32 cores, 448 GB RAM and 6,5 TB local SSD maximum!
-Azure RemoteApp offers applications on both Windows, Mac OS X, iOS, or Android. Applications runs on Windows Server in the Azure cloud, where they are easier to scale and update. Users can access the applications remotely from their Internet-connected device.
-With Windows 10 coming as One product family, One platform and One store, management is or can be done fully from the cloud.

I'm VERY excited about Microsoft’s Mobile-first, Cloud-first vision, and hope to be part of it very soon. Stay tuned for a next blogpost on new Microsoft Intune and Windows 10 features!

Friday, November 21, 2014

An error occurred while starting the task sequence (0x8007000E)

Just when you thought you seen all error messages during ConfigMgr deployment, there's a new one popping up: "An error occurred while starting the task sequence (0x8007000E)". This on multiple systems randomly showed, before task sequence is starting. When starting deployment again it's possible that it's working, or showing the error message again. That's definitely not what you want.
When looking on Microsoft TechNet i found the following post: An error occurred while starting the task sequence (0x8007000E). It mentions:
-Actually, 0x8007000e ="Not enough storage is available to complete this operation." This refers to memory (RAM), not disk storage.
-The task sequence could not save the policy to the TS Environment. The TS environment has run our of space. Your task sequence has too many apps, or too many updates, or too many steps, or too many referenced packages.
-The task sequence will try to download all polices that at targeted to the client machine. So, if you targeted updates to a collection and the client machine is a member of that collection, the task sequence will download the policy for those updates. The task sequence cannot distinguish what the policies mean unless it downloads them. All it knows is that they are meant for that client. So, if a lot of policies are targeted to the client, the task sequence will run out of environment space.
-This issue is not fixed in  2012 SP1 :-(
-One note:  In SCCM 2012 R2, the XML max size goes up to 32MB.  So, you can have over 3 times as many deployments in R2 without hitting that barrier.  (That's the sales pitch for R2 today) I still recommend that you break your WSUS deployments out.  I'm seeing much better SQL performance by doing this.  
-Deleting the old software update groups, and clean up WSUS then restarting the server worked for me too.

Long story short, I found 66 Software Update Groups (SUGs) in ConfigMgr, for only 4 Automatic Deployment Rules. Most has lots of expired and superseded updates. I deleted most of them, and leave only the SUGs needed. You can choose "Add to an existing SUG" instead of "Create a new SUG" for that and remove all old SUGs left. After that deployment was working immediately again!

Another reason for me to put updates in an existing SUG always! That's better for overview, keeping ConfigMgr fast/clean, and less deployment issues too. Problem solved ;)

Wednesday, November 19, 2014

Clearing Duplicate Firmware Objects in UEFI BIOS (resolved)

When deploying physical or virtual systems with a UEFI BIOS, at every deployment there will be a bootmgfw.efi file created. This is bad for two reasons: (1) there will be lot of files in the bootstore after a few deployments, (2) on Hyper-V Generation 2 VM's this will be top file in boot order, so PXE boot isn't active at next deployment. That way you need to "Move up" the Network adapter after each deployment. In this blogpost I describe how to edit the bootstore and remove the EFI files. Not that easy if you ask me. At the moment it's not clear to me is this' a bug, or choosen by default?

Warning: Removing entries in the bootstore can disrupt your VM. This because besides of Windows Boot Manager items (bootmgfw.efi) EFI SCSI and Network devices (disk, network) can be removed also!
Let's have a look at the steps needed to free up boot store, these are coming from http://jeff.squarecontrol.com/archives/184 but there's an error in it:
To view these duplicate entries, use the command: bcdedit /enum firmware
1. Save a copy of the current BCD system store by running the following command: bcdedit /export newbcd
2. Make another backup of the system store, just in case: copy newbcd bcdbackup
3. Enumerate the firmware namespace objects in the BCD system store, saving to a text file: bcdedit /enum firmware > enumfw.txt
4. Open the enumfw.txt file in Notepad, and delete all lines except those with firmware GUIDs.  Delete the {fwbootmgr} and {bootmgr} lines as well – you only want the GUIDs.
5. Rename the edited enumfw.txt file to a command file called enumfw.cmd.
6. Insert the following BCDEDIT command in front of each identifier in the enumfw.cmd file: bcdedit /store newbcd /delete

Let's wait here because the command mentioned is not right. Because of an error you get the message: "The boot configuration data store could not be opened". This because for two reasons: (1) the QUIDs mentioned must be within double-quotes, (2) the /f qualifier is missing (optional).
When using both double-quotes and /f qualifier in the end it's working fine.
No error message this time: "The operation completed successfully"! Let's start edit the bootstore and remove the EFI files furthermore. 
7. Add the following command to the end of the enumfw.cmd file, then save it: bcdedit /import newbcd /clean

Note: The /import /clean option deletes all NVRAM entries and then re-initializes NVRAM based on the firmware namespace objects in the newbcd BCD store.
8.Run the enumfw.cmd file and reboot the system afterwards (optional). This time it will be working fine.

Use bcdedit /enum firmware to verify that the extra entries are gone. Just great that all bootmgfw.efi files are removed now!

Still I would like to know is this' a bug, or choosen by default? In this case I'm using around 10 Virtual Machines (used as Microsoft RDS hosts), but what to do when having many many more VM's? That seems like a lot of work to me? (to be continued)

Clearing Duplicate Firmware Objects in UEFI BIOS
bcdedit: The delete command specified is not valid

Monday, November 17, 2014

Deploy multiple applications using Dynamic Variables in a Task Sequence

When deploying applications within a task sequence you can add 10 applications at maximum in a single step. When deploying more applications you can add another "Install application" step or choose for "Install applications according to dynamic variable list". That way you can use a single step for as many applications you want. Just configure the following steps:

-Create a collection and add Collection Variables on it. Name must be APP01, APP02, APP03 (for example) and so on. Value must be the name of the application. Add as many applications needed.
-In the task sequence add a "Install application" step and choose for "Install applications according to dynamic variable list": APP (for example). Mark "If an application installation fails, continue installing other applications in the list" when needed.
-Just make sure that on every application used, "Allow this application to be installed from the Install Application task sequence action without being deployed" is checked.
(instead of APP you can use any name you want, as long as numbers are used. The name used in task sequence must be same.)

Deploy the task sequence on the created collection. All applications will get deployed in a sequence based on the numbering of the collection variables choosed. Just another way for installing applications ;)
In my case I'm installing around 30 applications in a single step. Not a problem at all, and very easy to configure.

More blogposts on this topic:
Deploy multiple packages using Dynamic Variables in a Task Sequence

Veeam Availability Suite v8 - Availability for the Modern Data Center

Sponsor post

Veeam Availability Suite v8 is NOW AVAILABLE for VMware vSphere and Microsoft Hyper-V!


Veeam Availability Suite v8 delivers Availability for the Modern Data Center to enable the Always-On Business. This new suite provides recovery time and point objectives (RTPO) of < 15 minutes for ALL applications and data through:

High-speed recovery: Rapid recovery of what you want, the way you want it
Data loss avoidance: Near-continuous data protection (near-CDP) and streamlined disaster recovery
Verified protection: Guaranteed recovery of every file, application or virtual server, every time
Leveraged data: Using backup data to create an exact copy of your production environment
Complete visibility: Proactive monitoring and alerting of issues before they result in operational impact

Thursday, November 13, 2014

Webinar: Maximize the ROI of your private cloud

Sponsor post

This upcoming week, you can join Savision’s complimentary webinars on the cloud. Find out how you can minimize unplanned downtime and know when cloud resources are going to be exhausted long before it happens. Get familiar with Savision’s Cloud Capacity Management solution- Cloud Reporter- and Savision’s free tuning and optimization solution- Cloud Advisor. They both featured a new release during TechEd EU. The newest release of both solutions adds VMware support. Register for the webinar now. The webinar will be hosted by Savision’s VP of R&D, Steven Dwyer.

Here are the links to use for each webinar:
Tuesday, Nov 18, 2014 11:00 am EDT/ 17:00 pm CEST http://bit.ly/1pN01Yr
Thursday, Nov 20, 2014 9:30 am EDT/ 15:30 pm CEST
The webinar is specially designed to highlight the new features and walk you through the many benefits of using Cloud Reporter & Cloud Advisor to monitor your cloud!

MDT 2013 - Deploy Multiple Windows versions with a single Deploymentshare

When deploying an Windows image in MDT 2013 you can add rules in CustomSettings.ini to offer a product key during deployment (for example). Settings in this ini file are used to create the unattend file, which is needed during mini-setup. Just add the following rules for skipping the product key:

When using multiple Windows versions however, this will not do the job. In that case add the product key in the deployment task sequence(s). Just add it at start in the task sequence, beneath the Initialization phase. Just name the variable ProductKey and enter a KMS Client Setup Key (for example). It's just that simple ;)

When looking for KMS Client Setup Keys have a look here: http://technet.microsoft.com/en-us/library/jj612867.aspx

Just love MDT because of simplicity and functionality!

Wednesday, November 12, 2014

Xian Network Manager SP3 has been officially released now!

Sponsor post
Today Jalasoft has released the latest version for Xian Network Manager. This new version (SP3) has several internal improvements and most visible one is adding support for SFlow. Let's have a look at the improvements:
SFlow monitoring:
SFlow support has been added so Xian NM can now properly receive and filter SFlow packets along with Netflow V5 and V9, so three of the most important and used flow technologies are supported and can be processed at the same time to generate alerts, performance graphs, and reports on OpsMgr related to the content of the network traffic.
New virtual center rules:
to monitor the data storages associated to ESX hosts and virtual machines.
Environmental sensor rules for Cisco routers and ASA devices:
to monitor the voltage, temperature, battery status, and more.
IP addresses resolving for Flow:
the engine can now properly resolve any public IP address into its domain name and improve the performance to make sure no delays are happening while translating these IP addresses into something users can understand when seeing the corresponding alerts or performance counters in the OpsMgr console.
Flow monitor service:
a new service has been included in Xian NM to explicitly monitor Flow data. This improves performance and functionality since it is now possible to have multiple Flow services installed and each of them can independently monitor Flow traffic from various sources and with independent databases, queues, and performance parameters.
SDK Loader:
a new connector module and improved OpsMgr SDK communication has been implemented exclusively for OpsMgr 2012 so performance and reliability when talking to OpsMgr has been greatly improved. For backward compatibility, if you install NM on OpsMgr 2007, the previous SDK communication is loaded but if it detects OpsMgr 2012, the new one is used, therefore the name.

For more information on the new release have a look at:

Sysprep and Capture task sequence fails when capture a Windows 8.x image

Last week I created a Windows 8.1 Update 1 image with MDT 2013. During the Sysprep and Capture proces, the following error message came up. Time to take some action if you ask me! ;)

Looking on Microsoft TechNet the following answer was found:
This problem occurs because the LTIApply.wsf script fails to check for the existence of the boot folder on the system partition before the script runs the takeown.exe command to change ownership on the folder. The takeown.exe command fails with a "Not Found" error if the boot folder doesn't exist. This causes the Sysprep and Capture task sequence to fail.

For the workaround have a look here: https://support.microsoft.com/kb/2797676?wa=wsignin1.0

Great it works that way!

Monday, November 10, 2014

How to deploy a Windows Image on UEFI-based Computers

In an earlier post I described how to deploy a Windows Image on UEFI-based Computers using PXE boot. This post can be found here: Blogpost. This time I want to deploy a Windows image on a Hyper-V Generation 2 VM using ConfigMgr boot media. Because Generation 2 is using UEFI and Secureboot, deployment is not working by default. Let's have a look at some errors I see when starting deployment from a 64-bit boot image.

-Unable to find a raw disk that could be partitioned as the system disk.
-Failed to prepare the system partition for staging. The system cannot find the drive specified. (Error: 8007000F; Source: Windows)
-Failed to stage WinPE. Code(0x8007000F)

-System partition not set.
-Unable to find the partition that contains the OS boot loaders. Please ensure the hard disks have been properly partitioned.
-Failed to prepare the system partition for staging. Unspecified error (Error: 80004005; Source: Windows)
-Failed to stage WinPE. Code(0x80004005)

Trick is you must disable Secureboot and create UEFI partitions yourself. Just turn Secureboot off in properties and when ConfigMgr boot media is started press F8 and create partitions yourself.
  • Diskpart
  • Select disk 0 (0 being the disk to setup)
  • Clean (wipe the disk)
  • Convert gpt (convert disk to GPT)
  • Create partition efi size=200 (EFI system partition)
  • Assign letter=s (Any allowable letter)
  • Format quick fs=FAT32 (Format the ESP)
  • Create partition msr size=128 (Create the MSR partition)
  • Create partition primary (Create Windows partition)
  • Assign letter=c
  • Format quick fs=NTFS (Format primary partition)
  • Exit
After that start the task sequence and you will be fine. Just make sure the ConfigMgr boot media using is 64-bit and the one used on the deployment task sequence is 64-bit also. This is mandatory to get the job done. Hope it helps!

Comment 8-4-2016: Create a diskpart script and add it into your USB/ISO (not PXE) media, if you don't want to type it manually. Press F8 and start your script with: diskpart /s filename.txt (Source)

More blogposts on this topic:
PXE Boot files in RemoteInstall folder explained (UEFI)

Wednesday, November 5, 2014

My personal experience with HP ThinShell for Kiosk Mode

Because my mainly focus is on endpoints, I'm doing a lot with fat, thin and virtual clients and mobile devices. This time I want to mention HP thin clients, which have some nice software onboard by default. There is Cloud Connection Manager, ThinShell and Universal Write Filter (UWF) for example. ThinShell is a client automation tool that enables Kiosk Mode (shell replacement) functionality for standard users (non-administrators).

Features of HP ThinShell include the following:
-You can choose to customize and use the built-in ThinShell interface or specify an entirely different shell program.
-Using your administrator credentials, you can customize the ThinShell interface and settings from within a standard user account.
-ThinShell can be used in conjunction with Cloud Connection Manager to simplify Kiosk Mode deployments for multiple standard users.

Download can be done here (64-bit or 32-bit)
Installation is very easy, and on HP thin clients it's already there.

User interface, choose buttons

Applications for shell replacement

Control Panel items available

Default website to show

Default behavior when process stops

After reboot you will see changes immediately! It's like ThinKiosk but then integrated by default. Very nice to see some progress here.

When using ThinShell you can setup thin clients very easy. Just use HP Device Manager (or ConfigMgr) for capturing, deploying and managing thin clients afterwards.

Monday, November 3, 2014

Microsoft Surface Pro 3 first experience

Last week my new work device was delivered, a Microsoft Surface Pro 3. I decided to order one because of great look & feel, very good feedback (reviews) and Windows 10 in pipeline. In the past I did have a Surface (1) RT, but that was not actually what I wanted. This device however is a real notebook killer, no need to have a notebook next to this one. Great to experience the whole Windows look & feel, with touchscreen and pen functionality. With Windows 10 in pipeline this will become even better! Really happy with my choice here ;)
Because Surface Pro 3 is delivered with Windows 8.1 Pro, and Enterprise is needed for Direct Access functionality, I upgraded my device. Just start an inplace upgrade, so no need to format or remove anything. After the upgrade type in the new Windows Enterprise key and you're done! Just leave the recovery partition inplace, so when there's something wrong you can start a rollback. I did that once, so just leave it when needed sometime. After the upgrade however I did not see Windows 8.1 Update 1 features setup. This will be done at a later moment, when more software updates are installed.
When the power button on the start menu is needed, use registry instead. For it seems the power button is not displayed always, given the fact the operating system can be used in desktop or tablet mode. Just start registry editor and browse to "HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > ImmersiveShell". Expand the tree and create a new key called "Launcher". Create a new DWORD (32-bit) value here called "Launcher_ShowPowerButtonOnStartScreen". Give it a value of "1" to activate it and start the device again. Now it will be visible at once.

Nice thing that I worked whole day with type cover and pen. No mouse? Actually I didn't miss it today. With the pen you can do all daily operations also, without the need for a mouse. Curious if I switch back to a mouse or using the pen instead. Time will tell ;)

Can't wait for Windows 10 to complete my Surface experience! Expect more to come in a few weeks, when I did more on my device!
-My personal experience with Windows 10 Technical Preview
-Windows 10 Technical Preview updated with 7,000 changes and fixes  

When the pen isn't working right (open OneNote with a single click and Screen Capture with a double click) check these guides too:
-Quick Things to Try If Your Surface Pro 3 Pen Doesn’t Work
-Deploying Surface Pro 3 Pen and OneNote Tips
-Troubleshoot Surface Pen

Thursday, October 30, 2014

Open File Security Warning Prompt during Deployment

During deployment with MDT 2013, the following message is displayed: "Open File Security Warning Prompt". You have to click OK multiple times to get through the task sequence. Very annoying if you aks me! This because of the following problem: The issue is that when you download an .EXE, .ZIP, or .CAB Internet Explorer saves the Zone Identifier. This goes back to a feature that first appeared in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 and the feature works the same in later operating systems.
In my case this on ithe following files: gfxtray.exe, hkcmd.exe, igfxpers.exe and rtdcpl64.exe. Just rightclick the .EXE, click properties, and then click the “Unblock” option. After that no "Open File Security Warning Prompt" popup appear anymore!

Just nice to know if you ask me ;)

Wednesday, October 29, 2014

MDT 2013 - The task sequence has been suspended

During deployment with MDT 2013, after a few working deployments, the following message is displayed: "The task sequence has been suspended". After that the system is rebooting and you can start all over again. This because of the following problem: you have to wipe the disk to continue. Just press F8 during Windows PE and type in the following commands:
1. Diskpart
  2. List disk
    3. Select disk 0
      4. List part
        5. Select part 1
          6. Clean
            7. Create part primary
              8. Assign
                9. Active
                  10. Exit

After that deployment works as Always!

Tuesday, October 28, 2014

No IP-address set during MDT Sysprep and Capture

Last week I created a Windows 7 SP1 image manually, installed almost 200 updates in it (!) and started the MDT 2013 default task sequence "Sysprep and Capture". The first part went fine (Sysprep), but when in Windows PE there was no IP-address set. Oops! Lucky me you can start a command prompt and start "Retry" later. Let's have a look how to enter a static IP-address within Windows PE.
Just start Command Prompt with F8 and type in the following command: "Netsh interface ip show config" > which is showing that my interface is called "Ethernet0"
After that type in the command: "Netsh interface ipv4 set address “Ethernet0” static <IP address> <Subnet mask <Gateway>" 

After that it was possible to capture Windows 7 SP1 successfully!

This simply made my day! ;)