Category: SCCM

Azure Update Management – Part II

A little while ago, I blogged on OMS’ (Operations Management Suite) Update Management Solution. As great as this solution was, there were some limitations at the time, such having the ability to exclude specific patches, co-management with SCCM (Configuration Manager), and few others.

Since that post, there have been some great improvements to Update Management, so let’s go over some of the key updates, and do a quick setup walk-through:

  1. Both Windows (2008R2+) and (most) Linux Operating Systems are supported
  2. Can patch any machine in any cloud, Azure, AWS, Google, etc.
  3. Can patch any machine on-premises
  4. Ability to Exclude patches

One of the biggest improvements I want to highlight is, the ability to EXCLUDE patches, perhaps in time there will also be INCLUDE only patches. 😉

First, we need to get into our Azure VM properties.. Scroll down to the Update Management.

  • If the machine belongs to a Log Analytics workspace, and/or does not have an Automation Account, then link it now, and/or link/create the Automation Account
  • If you do not have an Log Analytics workspace and/or an Automation Account, then you have the ability to create it at run-time now.

In this scenario, I kept it clean as possible, so both the Log Analytics workspace needs to be created, and likewise for the Automation Account, and Update Management needs to be linked to the workspace.

Once enabled, it a few minutes to complete the solution deployment….

After Update Management has been enabled, and it has run its discovery on the VM, insights will be populated, like its compliance state.

Now we know this machine is not compliant, as it missing a security update(s), in addition, missing 3 other updates too. Next, we will schedule a patching deployment for the future. So let’s do that now.

Now we can create a deployment schedule with some base settings, name, time, etc. But one thing to note, we can now EXCLUDE specific patches! This is a great feature, as let’s say, we are patching an application server, and a specific version of .NET will break our application, as the application Dev team has not tested the application against the latest .NET framework.

In this demo, I am going to EXCLUDE patch, KB890830.

Next, we need to create a schedule. This can be an ad-hoc schedule, or a recurring schedule.

Once you hit create, we can now see the Deployment Schedule, under Scheduled Update Deployments.

You can also click on the deployment to see it’s properties, and which patches have been excluded.

After the deployment has initiated, you can take a look at its progress.

If we go into the Update Deployment (yes, I got impatient, and deleted the first one, and re-created it…), and click on the Deployment we created, we can see the details.

As you can see, patch, KB890830 was not applied! Awesome.

If we not go back to the Update Management module, we can now see the VM is compliant.

 

Advertisements

How to Deploy Office 2016 ProPlus Click-to-Run (C2R) with ODT and SCCM

In this blog post, we will be deploying Office 2016 ProPlus (retail; Click-to-Run (C2R)) with Office 2016 Deployment Tool (ODT) and System Center Configuration Manager.

Office 2016 Deployment Tool (ODT)

To begin, we need to get the Office 2016 Deployment Tool (ODT). That can be downloaded from here, Microsoft Download Center. Create a folder on your SCCM application source folder, I called mine, “Office 2016“. Install the deployment tool on your SCCM server, save the extracted files to the folder you just created. Once the installation is complete, the following two files will be found:

Next, we need to create an XML file within the folder. I copied the original “configuration.xml” and called it, “Office 2016 Config.xml” and updated its contents to below. In my deployment, I am deploying Office 2016 32-bit. However, if you are deploying 64 bit, then just change OfficeClientEdition=”32″ to OfficeClientEdition=”64″.

<Configuration>
<Add SourcePath="your path to source files" OfficeClientEdition="32"> >
 <Product ID="O365ProPlusRetail">
 <Language ID="en-us" />
 </Product>
 </Add>
</Configuration>

Next, we need to run Command Prompt (run as Administrator), and run, “setup.exe” with the XML file we just created/modified. After this completes (give it a few minutes), you should now have the following four files within your folder.

setup.exe /download "Office 2016 Config.xml"

Next, we need to update the, “configuration.xml” file. This file is used to deploy Office 2016. As previously, we have set the version to 32-bit, again change this to 64, if you are deploying 64-bit Office. In this deployment, I am deploying a per-user licensing model, if you are using a product key per machine, you will need to add, “PIDKEY” value to the configuration file.

<Configuration>
<Add OfficeClientEdition="32">
<Product ID="O365ProPlusRetail"
<Language ID="en-us" />
</Product>
</Add>
<Display Level="None" AcceptEULA="TRUE" />
</Configuration>

Now we are ready to create and deploy our application package!

Create Application Deployment

First, we need to create the application package. We will choose the manual “Manually specify the application information” approach here.

Next, we need to provide some application information. Office 2016 deployment, owner, etc…

Now we need to add and create the deployment type

Next, we will choose “Manually specify the deployment type information“.

Again, give this deployment a name, and some descriptive comment(s).

Now, we need to specify the location of the source/installation file(s), and need to specify the “configuration.xml” file.

Next, we want to add a detection clause. Essentially, this deployment, once deployed, will validate against this code to confirm the installation was successful and both the detection code and product code match.

Note, if the deployment “fails”, yet the Office suite installed, confirm the product code and detection code match.

For the detection method, we will choose, Windows Installer, and the following Product code: {90160000-008C-0000-1000-0000000FF1CE}.

Next we will select, Install, and leave the Logon requirement to either.

We have no requirements and/or dependencies for this, but for completeness, here are those screenshot windows.

Great! Deployment is complete. Now we need to complete the application deployment wizard.

Great, application deployment is now complete. Now we need to deploy the package itself… Let’s do that.

Deploy Package Deployment to Collection(s)

Right click and select your collection, in this case, my collection is a test group, named “Test1”.

Specify the distribution point

We are going to mark Install and Available for the deployment settings here.

Provide a set time for the deployment to kick off, remember to set it to the correct time of day.. (struggled for a few deployments, after learning I forgot to set to AM…)

We will give the user the option to install, as the update will appear in their Software Center.

Now we if go to our client machine(s). I am testing on both Windows 7 and Windows 10 machines.

Validate Deployment

If we go into the Software Center, check under the “Available Software”, we now see the Office 2016 ready for deployment! Go ahead hit Install Selected, and let the magic happen!

Windows 7

We can validate the deployment, as we see the Office 2016 applications within the start menu.

Likewise for Windows 10:

 

For complete information on this deployment, please feel free to visit Microsoft’s article.

SCCM 2012 R2 (Configuration Manager) – Setup is unable to connect to SQL Server

Chances are you have a named instance for your SCCM SQL install, which is definitely the way to go. However, when installing SCCM 2012 (R2) you are presented with the following error.

Setup is unable to connect to SQL Server with the connection information provided. Verify the following:

  • The SQL Server and instance names are entered correctly
  • The specified SQL Server instance is not configured to use dynamic ports
  • If a firewall is enabled on the SQL Server, inbound rules exist to allow connections to the correct ports
  • The account used to run Setup has permissions to connect to the specified SQL server instance

1

 

To resolve this is pretty pain-less.

In my scenario, I implemented the following two solutions:

  1. Enable Named Pipes for your SQL Server Network Configuration
  2. Delete all Dynamic (TCP/IP) Ports within the Protocols for your SQL Named Instance

First, to Enable Named Pipes, Launch SQL Server Configuration Manager, expand the SQL Server Network Configuration. Locate your named instance, right-click on TCP/IP and enable.

2

Second, within the same console view, double-click and open the TCP/IP properties.

  • Here you need to delete any 0‘s (Zero’s) assigned to the TCP Dynamic Ports (Yes, remove for all IPv4, IPv6, IPAll, etc.).
  • Also within the IPAll there will be a random port assigned here (TCP Dynamic Ports), go ahead and delete this too.
  • Lastly, now you need to assign some port (ensure this port is open between your SCCM server and SCCM SQL server, if you are making use of the Windows or any Firewall(s)). In my case, I decided to assign port 1433. Within each interface, IPv4, IPv6, etc. apply your port here within the TCP Port. (See below)

2b

 

Once you have implemented the two solutions above, now go ahead and restart the SQL Server (instance name) service.

3

Now proceed with your SCCM 2012 R2 Install.

If you want to learn more on Configuring SQL Server and TCP Port(s), please see the following Microsoft article, HERE.

Cheers!