Anyone who has used WSUS 3.0 for software updates and then switched to the Essentials 2007 (SCE) software update functionality may be looking for some missing features in the integrated interface. Because SCE was designed for the mid-market (read smaller environments), the interface for patch management is somewhat simplified, and some WSUS 3.0 functionality was left out.
What you may not realize is that SCE actually relies on WSUS 3.0 for update management (and several other functions for that matter, but thats for another day). Over a couple posts, I want to touch on some workarounds you can use in safely in enhancing your update management experience with Essentials.(
continue at source)
Streaming multiple concurrent applications across a wide-area network presents potential issues in terms of application launch times and WAN availability. These issues can be mitigated by implementing Microsoft Systems Center Virtual Application Branch Servers. This document gives a basic orientation of the components and considerations necessary for such an architecture.
Download Microsoft System Center Virtual Application Server Branch Configuration Guide
Brian Madden: All of the big vendors are so focused on managing "systems" (virtual, local, remote, streaming, on-demand, snap-shotted) that they're forgetting the "other half" of what customers have to deal with each day: the users! What if they took user management as seriously as system management?(
continue at source)
System Center Virtual Machine Manager provides centralized administration of virtual machine infrastructure and enables increased physical server utilization and rapid provisioning of new virtual machines by the administrator and authorized end users.
Download Microsoft System Center Virtual Machine Manager 2007 VHD
Ryan Brennan: Ok so I know I blogged a few weeks about being able to deploy ACS Agents and infra without OpsMgr. I decided to write a script to allow folks to do this. The script will essentially let you deploy ACS without having to deploy an OpsMgr agent thus leveraging ACS functionality.
Please understand that you need to have OpsMgr Licensing to deploy ACS and this is not an MS supported install! Also the intent is to help MS OpsMgr customers who want to leverage ACS that already have MOM 2005 and are currently migrating to OpsMgr.(
continue at source)
Localized versions of the Exchange 10.1 MP's are now available for download from the
MP catalog
The Opsmgr07 version
The MOM 2005 version
Localized versions for Chinese (traditional), Chinese (simplified), French, German, Italian , Japanese, Korean, Portuguese (Brazil), Russian, Spanish
The
Microsoft Update Catalog site can be used with System Center Configuration Manager 2007 to deploy updates that are not automatically synchronized with WSUS. For example drivers, QFEs, or other optional updates can be downloaded from the site (more info
here). This is a great additional capability, but how exactly can you make it work with SCCM?
Jeff Wettlaufer: Hi everyone, I thought it might be interesting to post an article on the integration System Center has developed with the Windows Server 2008 NAP team. As we head towards
February 27th, and Los Angeles for
the launch of Windows Server, I thought it might be interesting to detail how NAP works, and how
System Center adds value to the core out of the box functionality
NAP in Windows Server 2008 delivers.
Today’s increasingly mobile workforce and the need for inter-connectivity present an entirely new set of challenges for IT departments. In addition to ensuring that the desktop computers on the network are up-to-date and meet the company’s requirements for system health, network perimeters must also protect networks from roaming devices that may be vulnerable to security exploits.(continue at source)
Microsoft Deployment Team: We have received a number of emails and questions on how to receive support from Premier Support for Microsoft Deployment. There have been several of you who have been routed to the incorrect support person while trying to receive support for Microsoft Deployment. We apologize for your frustration and inconvenience.
To get routed to the correct support person, follow these instructions. Please note that support for Microsoft Deployment is done on via callback with response times generally ranging between 1 and 4 hours depending on the severity of your issue and the other issues in the queue
To receive support:
a) Call the support number (1-800-936-3500)
http://www.microsoft.com/services/microsoftservices/srv_premier.mspx
or
b) Submit a web incident
http://support.microsoft.com/select/default.aspx?target=assistance&c1=508&
c) Clearly state that you have a BDD/MDT issue. (If you talk about deployment they will be routed to a different queue. ).
To enable Windows Update debug logging perfom the following. Verbose output goes to the%windir%\windowsupdate.log file.
a. Open regedit and navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
b. Create a New Key called Trace
c. In Trace, create a new DWORD value called Flags with a Data of 7
d. In Trace, create a new DWORD value called Level with a Data of 4
e. Close regedit
2. Navigate to %windir%, find the file named ‘WindowsUpdate.log’, rename it to ‘WindowsUpdate.old’.
3. Restart the Automatic Updates server and run the “wuauclt /detectnow” command to force an update detection cycle.
Greg Shields:
Last time we looked at how proactive management using Microsoft's Systems Center Essentials can improve the lives of administrators in the smallest of networks. This time, let's look at the how to handle the inventory process with SCE. With its regular inventory along with its reporting capabilities, you'll immediately get an understanding of the composition of servers and workstations on your network.
Once you've installed SCE into your network, one of the first things you'll want to do is run its discovery and agent installation process. That process will locate servers and workstations on your network and install the SCE client. Also possible under Advanced Discovery is the enumeration of network devices that have known "read" SNMP strings configured. The benefit here is the ability for SCE to notify you when network devices go down.(
continue at source)
Do you routinely troubleshoot issues with SMS clients? Issues such as WMI not functioning, CCMEXEC not running, Bits issues, etc. The place I always start my troubleshooting is with the client log files (C:\Windows\System32\ccm\logs) as they contain a wealth of information and usually quickly lead you down the road to problem resolution.
Recently I've begun using a tool called
Log Parser to quickly parse through SMS client log files on both local and remote locations. The beauty of using log parser is in it's simplicity, it provides query based access to numerous types of data. For this scenario the data we care about is in the SMS client log files, which it handles with ease.
Another option for utilizing log parser is to use
Visual Log Parser from SerialCoder.net. This is a front-end to Log Parser that makes searching log files even more user friendly.
Windows Vista SP1 will be released as an update on Microsoft Update (MU). The patch is very large and there is a bug in Windows Server 2003 in the WinVerifyTrust API that will cause signing validation to fail.
What this means is that once you approve this update on a System Center Essentials 2007 server on a Windows Server 2003 server, every time the server sync’s from MU it will redownload the package, fail the cert validation, and so the download will fail. The problem will continue until you install the WinVerifyTrust patch on the System Center Essentials server. This patch is a hotfix (not a public GDR), so is not intended to be widely distributed. We recommend it only be installed on the System Center Essentials server itself.
You can obtain this hotfix here:
Windows Server Update Services cannot download large Windows update files in Windows Server 2003
Summary: SMS and ConfigMgr, and possibly other systems, make a lot of logs available in case you have to troubleshoot a tricky problem. If you need to look at some of those logs on a lot of clients or sites, then doing so manually will be very labor intensive. Why not do it via script?
There are a wide variety of problems where you have to look at a lot of logs. For example, the problem might be rare but nasty. Or it might be fairly common but counterintuitive - some people may think that the problem is so unlikely that the small subset of logs you manually look at are not representative of the rest of your clients or servers. Maybe the problem comes and goes. Maybe it occurs under special circumstances but you don't know which ones, yet. Or maybe you're just a perfectionist and you want to find every last problem.
Some relatively simple scripting will allow you to get a computer to do the log analysis.(
continue at source)
Find yourself needing to test/prove the patch management features of System Center Configuration Manager 2007 in a disconnected lab environment? You’re not alone.
Thankfully, the Microsoft Update Catalog has provided an easy-to-use shopping basket type system for manually downloading the security update binaries. Couple this with the well-documented process for manually adding security updates to the SCCM Deploy Software Updates Wizard and your only a USB-drive away from having everything you need to begin your tests.
You can find out more from the following links:
Microsoft Update Catalog
How to Manually Download Software Updates
Satya Vel answers some questions about deploying System Center Operations Manager 2007.
What level of privileges are required to install the product?
Someone recently asked a question regarding what level of privileges are required to install the product and later they asked me why the accounts had to be what they were. I thought I would take some time to write this blogs and explain these accounts in a simple way.
The account doing the install on the server where the SQL server and Root Management Server are going to be installed needs to have local administrator privileges. To run MSI packages users must at a minimum have local admin privileges. In addition to this account would also require system administrator privileges on the instance of SQL where the Operations manager Database is going to be hosted. This would be required so that the setup can configure the necessary privileges for the SDK and Config service account and assign them the proper roles and rights on the Operations Manager Database as the SDK and the Config services read and write to the database Operations manager DB. The reason why we require the user installing to be an admin is because setup creates services, file/folders. It also creates SQL DB, SQL logins/roles so it needs to have necessary permission in order to do this.(
continue at source)
Configuration Packs are designed to be used for managing the configuration of Microsoft's various Windows Servers. These configuration packs were developed based on recommendations from the Microsoft Product Groups regarding the configuration of these server roles. It is recommended that users begin by evaluating their configuration against the Basic configuration pack, and then progress to the Intermediate and Comprehensive configuration packs as desired configurations are verified.
9 NEW Management Packs:
SharePoint Portal Server 2003
+
MSIT Basic Configuration Pack
+
MSIT Intermediate Configuration Pack
+
MSIT Comprehensive Configuration Pack
SharePoint Server 2007 Configuration Pack
SharePoint Server 2007 MSIT Basic Configuration Pack
SQL Server 2000
+
MSIT Basic Configuration Pack
+
MSIT Intermediate Configuration Pack
+
MSIT Comprehensive Configuration Pack
System Center Operations Manager 2007 Configuration Pack
Microsoft Deployment has been released for a little over three months and we now have had enough questions and support calls come in to generate a FAQ. You might want to bookmark this post because we plan on updating this list as additional questions are asked.
Visit the Microsoft Deployment Technical FAQ
The System Center Operations Manager 2007 Configuration Pack is designed to be used for managing the configuration of Operations Manager 2007 servers. This configuration pack defines recommended configurations based on a number of settings identified through best practice recommendations from the System Center Operations Manager Product Group.
Once imported into SCCM 2007, this configuration pack and its included configuration items can be targeted to collections of systems which are then audited for compliance with the recommended configurations. When settings are detected to be out of compliance, events will be generated and sent to the Configuration Manager server where the data is available for reporting. This enables early detection of potentially detrimental configuration changes and allows the administrator to correct the settings before they may cause downtime events.
Download the System Center Operations Manager 2007 Configuration Pack for Configuration Manager 2007
If you have a branch office with a limited number of servers, you may be faced with unique challenges. It may be necessary for you to isolate workloads – for example, your customer data may have to be isolated from your system data for regulatory compliance. It may be expensive or impractical to add physical machines to separate your workloads. You may have legacy applications that cannot be upgraded to a new operating system easily when new equipment is added. You may find that you have several underutilized servers; this adds unnecessary expense. Virtualization, the process of re-hosting applications in virtual machines, can help you address these challenges and help make your branch office more efficient.
This deployment cookbook is written for you, the IT generalist at the branch office. The goal of this guide is to provide all of the steps and guidance necessary for you to successfully install and configure Virtual Server 2005 R2 SP1 and System Center Virtual Machine Manager—and to migrate workloads to a virtual machine.
Download the Virtual Machine Manager Cookbook
The purpose of this document is to describe how to monitor the operational health of an OpsMgr 2007 management group. It will provide instructions for creating a collection of basic rules targeted to key performance objects and associated views and dashboards. Its purpose is to allow an Administrator to quickly measure and analyze the performance of a management group as a function of the performance of the disk subsystem hosting the OperationsManager database.(
continue at source)
Unified Reporting
Unified reporting based on the SQL 2005™ reporting engine is provided to help you easily run, review, save, print or email information about the status of your IT environment. Essentials 2007 provides you with more than 30 preconfigured reports upon installation to cover your reporting needs. These reports cover things like: asset inventory, status of your IT environment, capacity planning, software deployment, and update compliance. You can even configure Essentials 2007 to email you a comprehensive daily status report first thing in the morning.
Expert Knowledge
With Essentials 2007 you get a breadth of expert knowledge for managing your important platforms, applications and workloads. This knowledge includes support and diagnostic information for things like Windows Server and Client operating systems, Active Directory, Office, Exchange, SQL, and IIS.(
more)
J. Deva Gnanam made a visio drawing giving a good overview of the Exchange Server 2007 transport architecture.
Here you will find a listing of the Microsoft OpsMgr 2007 used Ports.
ACS forwarder to ACS collector: 51909
Agent to Root Management Server: 5723
Agent-less management: Uses RPC
Operations Console to Reporting Server: 80
Operations Console to Root Management Server: 5724
SQL Server 2005 (Default Instance): 1433
Web Console to Web Console server: 51908, 445
Introducing a new version of Windows Server in the role of a domain controller in an existing forest typically requires update to the forest schema. This is accomplished by running ADPREP command line utility (with /forestprep switch) on the domain controller functioning as the Schema Operation Master (FSMO). In order to avoid suprises during Active Directory Installation Wizard (DCPromo) on Windows Server 2003, Windows Server 2003 R2, or Window Server 2008 in an existing Active Directory forest, keep in mind the following rules:
- You can determine the current version of the schema by checking value of the objectVersion attribute of the cn=schema,cn=configuration,dc=
partition (where is the distinguished name of the root domain of your Active Directory forest - e.g. dc=myITforum,dc=com). This can be done using any utility that provides you with direct view of LDAP properties of Active Directory objects (such as LDP.EXE or ADSIEdit.msc, included with Windows Support Tools). Alternatively, on Windows Server 2003, you can also take advantage of DSQUERY command line utility by examining the output of the following command:
dsquery * cn=schema,cn=configuration,dc= -scope base -attr objectVersion
- The values of objectVersion attribute you might encounter are (including the corresponding version of the Windows Server):
13 Windows 2000 Server
30 Windows Server 2003 RTM and Windows Server 2003 SP1
31 Windows Server 2003 R2
44 Windows Server 2008 RC1
- Make sure that you use the ADPrep.exe utility included with the installation media. Note that, in case of the Windows Server 2003 R2, the updated file is located in the \CMPNENTS\R2\ADPREP folder on the second installation CD.
On the WSUS server, open Internet Information Services (IIS) Manager. Expand Web Sites, and then expand the Web site for the WSUS server. It is recommended that the WSUS Administration custom Web site be used, but the default Web site might have been chosen when installing WSUS. Perform the following steps on the WSUS Web site or on the APIRemoting30, ClientWebService, DSSAuthWebService, SelfUpdate, ServerSyncWebService, and SimpleAuthWebService virtual directory that reside under the WSUS Web site:
1. Right-click the Web site or virtual directory, and then click Properties.
2. Click the Directory Security tab, and then click Edit in the Secure Communications section.
3. Select Require secure channel (SSL), and then click OK.
4. Click OK to close the properties for the virtual root.
5. Close IIS Manager.
6. Run the following command from \Tools: WSUSUtil.exe configuressl .
Near Real Time Monitoring (NRTM) Connector of Disk Space uses the new Data Graphics feature of Visio 2007 to display the results of server monitoring. This application enables effective integration of Visio 2007 with the service management solution System Center Operations Manager 2007. The connector helps to view the results of monitoring servers as a clear, comprehensive Visio network diagram.
Download Near Real Time Monitoring (NRTM) Connector from Visiotoolbox.com
Stefan Stranger:
Have you ever wanted to send e-mail notifications with the high importance flag set?
It's possible but you have to start your favorite XML editor
Modifying Microsoft.SystemCenter.Notifications.Internal MP XML to Support Email Priority/Importance
(continue at source)
Exam 70-400: Microsoft System Center Operations Manager 2007, Configuring is live as of yesterday, Monday 21 January*, 2008. What this means is that you can now earn a certification called MCTS: System Center Operations Manager 2007, Configuration. A certification for System Center Configuration Manager will be available in March.
Hi everyone, my name is Jeff Wettlaufer, and I am the Sr. Technical Product Manager for System Center Configuration Manager. We have an incredibly big year ahead of us, and from a Technical perspective I wanted to highlight some things you can expect to be seeing from our team.
Being a management division - without client OS, servers, applications, or workloads our products are like a house with no furniture :) . So when things ramp up to launch, or get announced, the Technical Product guys get pretty jazzed. (ok well we also snicker at the work load it creates, but that's the fun bit). With our Wave 2 product line now running in the market (Configuration Management, Performance Management, Data Protection and Vitalization Management) we look towards what's next in the journey with our customers and partners. What a year this is going to be for System Center. I thought it might be cool to highlight from a technology perspective, our product release lineup and our technical content efforts (to support the releases) -to try and summarize how many things we have kicking off to look forward to in 2008. I am sure I might miss something here, but hey, its a blog, :). So in addition to the release plan for the System Center product lineup, check out the list of things we are working on to attach to, build support for, and generally provide solutions around this year.
We need to begin with Windows Server 2008 . It is such a massive product to launch, and there are so many facets of it to be aligned to. Most of my career was spent in the United Kingdom as an Infrastructure Consultant, and Windows Client Specialist, and seeing in the past 2 years how we launch Vista and Server is incredibly interesting. I'll try in this and future blogs to share what it's like being around the product guys, as it is truly a unique experience. From the dev engineering side to the Marketing and Business side, there are many moving parts. For products like System Center, we all are working with the Server team at different angles to help them, share our stories and share the attach messages on where we work together. This is where the team I sit in gets onto the ice. So, I have some cool topics ready to post on like Server Deployment, NAP, Configuration Baseline Management, and Datacenter Software Update strategies. Stay tuned, I hope they are interesting for you.(continue at source)
Omar van der Hoeven: It has been a while since Microsoft has released any information about System Center Service Manager. The product team of Ken van Hyning and Stefan Negritolu (ITIL integration lead) had released their first (and only) public beta in june 2007. I have been told that there has been 'a reset with the project' and more information will follow @ MMS 2008. Understandably, there was no much more elaboration on the reasons for this situation.
At MMS 2007 it looked like if the SM team (and I do hope that MSFT does not change the product name) had their stuff together. but I remember the discussion at the thursday session (it was about the database) where the 'techies' were confronted with the 'process' people. After a quite well executed presentation, a young lady came up to the Microphone and asked: "What do you consider to be the configuration database?" - The presenters looked startled and there was applause from the audience...
In basic: SCSM will use (or would? Let's go on in present tense) a single database for storing process information (eg. the call logged from the SD rep, RfC's, Asset information) and it's own operational information (e.g. workflows how to get from a software request to automaticly deploy the software using SC ConfigMan). The core of the question was: who owns the process information an can it - from a formal standpoint - be contained in one database? This caviat could become a mayor issue if you want to implement SCSM in an ITIL compliant organization.
While you’ve been getting to grips with the new features and options in Configuration Manager, I’ve been busy learning about yet another great feature coming out in SP1 – out of band management. "Out of band" here means management below the operating system layer - you can manage computers even in the following scenarios:
* The Configuration Manager client isn’t installed.
* The computer stops responding – perhaps the disk is corrupt or the operating system has hung.
* The computer does not have an operating system installed.
* The computer is turned off.
That’s pretty powerful! You can see how it’s ideally suited to extreme troubleshooting scenarios, but being able to power up computers also helps with routine maintenance tasks such as reconfiguration and upgrades, not to mention catching those last few computers that are preventing you from achieving your compliance levels for security updates.(continue at source)
If you have looked at Operations Manager to any extent, you know management packs have changed significantly since MOM 2005. For one thing, they tend to be "sealed" - so you can't change them. They also no longer use the AKM format, they are now actually XML documents.
Since not everyone may want to code in XML, how does one create a management pack? Like many questions in IT, the answer is, It depends. It depends on what you what to accomplish, and the technique(s) you are most proficient with. Management packs range from doing something simple to extremely complex, so a tool you may use for a simple management pack may not always meet your needs.(continue at source)
Active Directory is a hierarchical database that holds information about the network’s resources such as computers, servers, users, groups and more. The main purpose of Active Directory is to provide central authentication and authorization services. Normal administrative tasks when working with Active Directory include creating, managing, moving, editing and sometimes – deleting – various objects such as user accounts, computer accounts, groups, contacts and other objects. The Active Directory database is stored on Domain Controllers (or DCs), in a file called NTDS.DIT (continue at source)
Ian Blyth:
I was chatting with my friend who specialises in SharePoint and we were discussing what you need to ask you get designs going on our respective technologies. Apparently SharePoint is quite complex. I was saying that SCOM is quite easy and that got me thinking.. What are the questions that I ask that help me narrow down the design options and help me work out how long the project will take. Here is what I would ask a customer as to help establish a design. Based on discussions around these questions I can quickly establish what the SCOM design should be for that organisation.
(continue at source)
Microsoft Exchange support was the number-one feature request of users of DPM 2006—and Microsoft listened. As Calvin Keaton describes in our January issue, the new version of Data Protection Manager introduces support for both Exchange Server 2003 and Exchange Server 2007. Moreover, DPM 2007 adds support for other business-critical Microsoft applications such as SQL Server and SharePoint, and offers many new features to deliver a powerful and flexible solution for managing your backups. Take a look at our overview of how the enhancements in this release can bring a new level of protection for your organization.
For more on protecting your data, see Simplify File Recovery with Data Protection Manager. And be sure to visit the System Center Essentials TechCenter to take a proactive approach to managing your environment.
As described in this 
| 23 Jan '08 - 07:13 | kenneth | 
one comment | news source ~ http://oehoeven.spaces.live.com/blog/cns!DA5513D12D034F6E!398.entry 
