Disclaimer
The opinions expressed herein are my own personal opinions and do not represent anyone else's view in any way, including those of my employer.
© Copyright 2008
The opinions expressed herein are my own personal opinions and do not represent anyone else's view in any way, including those of my employer.
© Copyright 2008
I got a really good question today on maintenance windows and patching and how they can or cannot work together. Specifically if you had a maintenance window defined, but told the patches to install ignoring the maintenance window but suppress the reboots until the maintenance window will it install the updates and hold off on rebooting the clients until the maintenance window?
First let’s go over defining maintenance windows.
Assuming you already have a collection of computers built that you will apply the maintenance window to right click on that collection of computers (never users for maintenance windows).
Select Modify collection settings from the context menu.
On the Maintenance Windows tab click the starburst icon to create a new maintenance window.
Give it a name, and set the reoccurrence pattern, I set mine to daily and left the default time from 1 – 4 AM. Then click OK.
You should now see the maintenance window defined, click OK again and now we have set the maintenance window for these clients from 1 – 4 AM each day, or however you defined yours.
OK now for software updates.
The machine I am going to test on is an XP box that is one of my test machines in my home lab, it has been off for quite some time so it is not fully patched and makes an excellent client.
I have also created a search folder under software updates for critical XP patches in previous testing. This makes deployment much easier and if you don’t use search folders I highly recommended it.
Let’s look at the different settings for this package of XP Critical updates I have defined.
In the Deployment Management folder there is already the XP Critical Updates package, I am going to right click on the package itself and select properties and then look at the Schedule tab. I want to check the bottom box that tells it to ignore the maintenance windows and install as soon as the deadline comes.
And then on the Restart Settings tab, make sure that the checkbox telling ConfigMgr to restart outside of the maintenance window is not checked. I also have the box to suppress reboots on workstations unchecked.
Now I am going to add the new patches to this package by going to my search folder selecting my search for Critical XP Patches, selecting the new patches
and in the Actions pane clicking Download Software Update under the selected items section which start the Download Updates Wizard and I tell it to add these patches to my XP Critical Patches package.
I finish going through the wizard and wait for the patches to download and about a minute later I get a success telling me that the patches have been downloaded and added to my package.
Meanwhile, back at the ranch or on our client, once the client notices that there are patches to be installed and the deadline for install has passed the patches do get installed on the computer. You can completely hide this from the user now, or you can give them a balloon notification and allow them to watch the progress.
If the user does watch the progress, assuming you allowed this through your configuration, they also have the option to reboot now or close the window. If the users selects the close option we see in the %System32%\CCM\logs\RebootCoordinator.log file that our maintenance window is preventing the client from being rebooted until the maintenance window.
I have adjusted the maintenance window settings for this client to put us inside a maintenance window to see if it will actually reboot the computer. And after I force the client to do a policy refresh a couple seconds later up comes the dialog box telling the user they have five minutes before their computer is restarted.
To answer the original question, yes you can use maintenance windows to only delay the reboots and have the patches install ASAP.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
This is a 1E customer who not only uses our NightWatchman software to save electricity and subsequently reduce their own carbon footprint in doing so but they are also saw a return on investment of of less than three months on a project that also included our user self service product Shopping and services to design and implement SMS. In the long run they are going to reduce the amount of carbon emitted into the environment by 1 metric tonne annually and their head count is only 4,500 employees. Other benefits they will realize are faster and easier application delivery to the end users, and less IT staff costs by implementing SMS and Shopping, all along side NightWatchman.
I was not involved in this project personally, but I can tell you that with all of my customers who use NightWatchman they are not only saving millions of dollars on electricity each year and saving the planet at the same time but when they add our other software solutions like 1E WakeUp with our custom Wake-on-LAN solution and the much imitated Client Health patching of computers is much faster and reaching a patch level of 100% compliant is not only possible but now the expectation, add in our branch distribution software Nomad Enterprise and the fear of sending a package over a link and hoping it doesn’t saturate the pipe is gone, no longer can the Network admin’s point their finders at the SMS or ConfigMgr if their traffic shaping doesn’t quite work, Nomad has dynamic true bandwidth throttling built in that handles any change in network traffic, oh the stories I could tell. And then when you add Shopping in and you never have to worry again about getting those frantic phone calls from your manager or director telling you to stop what you were working on “…because the department head of X is leaving for the airport in 45 minutes and has to have the latest version of Visio and PowerPoint installed on their laptop before they go, and I mean right now! Create the package and ad thing you do. No, I have no idea what their computer name is why? Oh, and make sure they have the right service pack and all the patches installed with those too! We can’t have them getting infected.” Because with Shopping that department head could sit in their chair open up their browser, select Visio and PowerPoint from the list of application on the Shopping portal and in just a few minutes it would all be installed while they were checking online to make sure they had the best seat for their return flight next week, all without ever contacting IT!
My customers scale, as far as client numbers, are almost always in excess of 100k so I get to design and test some very interesting solutions. Hierarchies are very large and complicated, not to mention the sheer size of the IT operations and the risk associated with making changes to the computing environment and processes. But when the design is complete, and we have checked every box indicating that all of the PoC tests are a success, and all requirements have been met, and I produce a report telling them how much they are going to reduce their carbon footprint and save on electricity, that they no longer have to worry about traffic shaping to make sure an SMS distribution doesn’t cause a network outage, that we meet and exceed application delivery to the end users where service level agreements are measured in seconds not days, and they are finally going to get the client fixed on all those computers where it hasn’t worked for no one knows how long, all they can do is smile in disbelief and ask me why they didn’t call sooner! 
So I can attest to this case study being factual even though I didn’t work on the project because I have seen it all with my own customers using the 1E products and services.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
I used to hate the second Tuesday of every month. I honestly liked it better when patches were released as they were ready. What happens with the scheduled updates is that everyone knows that it is coming and that means that everyone expects their SMS Engineers to have the patches deployed that night, no matter how late, no matter how many people, no matter what! And on Wednesday morning, usually around nine, everyone wants to know the status of the deployments. For me I had some advantages, one I controlled the entire SMS hierarchy, everything from the design, the site servers, the physical servers, collections, packages, ads, reports, you name it, I was also on the west coast, when Microsoft didn’t release the catalog until noon, it was noon, not three in the afternoon or 11 PM. I also didn’t have other managers trying to tell me what to do, occasionally I would get a call from the IT director our someone higher up but when I uttered those three little words, "It’s patch Tuesday", 99% of the time that conversation was over. So I could close my door, not answer my bat phone, turn off my work cell phone, and make full use of my time.
But here’s the thing, my situation was unique, most SMS Engineers either have a ton of other responsibilities, a ton of competing requests from people, don’t have that kind of flexibility in their scheduling, don’t have that kind of control over the SMS hierarchy, don’t live in the PST time zone, or any combination of these including but not limited to all of these!
And if you are a manager and are reading this you may think to yourself, "they just need to manage their time better" or "these are just minor roadblocks that they can over come" or even "it’s their job and if they can’t do it then we will find someone else who can," I have a couple questions for you. First, have you ever read a KB article? No, no, no, not this summary…if that is what you read, and even if you read the entire KB article did you miss that one little piece about known issues, you had to click on a link, go to another page, and then click on another link, and then scroll down where you were presented with a little more information on what you may encounter, it reads like so…
Known issues
• During the last two steps of the SharePoint Products and Technologies Configuration Wizard, you may receive the following error message:
Failed to start service SPSearchServiceInstance on this server after completing upgrade. Please start it manually.
However, the SPSearchServiceInstance service was actually started after the SharePoint Products and Technologies Configuration Wizard finished. You can safely ignore this error message and the error message that is logged in the SharePoint Products and Technologies Configuration Wizard log file.
• The Microsoft GroupBoard Workspace 2007 add-in template for Windows SharePoint Services 3.0 may cause the SharePoint Products and Technologies Configuration Wizard to fail during a build-to-build upgrade.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:941678 (http://support.microsoft.com/kb/941678/) SharePoint Products and Technologies Configuration Wizard does not finish successfully on a computer that also has GroupBoard Workspace 2007 installed
• When you run a gradual upgrade of a Windows SharePoint Services 2.0 site collection to a Windows SharePoint Services 3.0 site collection, the server may be brought down. You must allow the gradual upgrade to complete before you apply this security update.
• You use quiet mode to install Windows SharePoint Services 3.0. If this security update is applied during the installation, the SharePoint Products and Technologies Configuration Wizard unexpectedly runs after the installer program has finished.
To resolve this issue, extract this security update to a folder on the computer. Then, copy the files to the Updates folder of the program’s release version. After the extracted files are copied to that location, the folder is ready to be used to install the release version of the program that is updated to this security update level.• After you install this update on a computer that is running Microsoft Windows Small Business Server 2003, the Web sites may not restart within the time-out period. Therefore, you may be unable to access the Backup, CompanyWeb, Microsoft Server ActiveSync, Monitoring, Outlook Web Access, or Remote Web Workplace Web sites. To resolve this problem, use one of the following methods:
• Open Internet Information Services (IIS) Manager, and start any Web sites that are stopped.
• Restart the computer.
• If you run a virus scanning program during the installation of this security update, you may experience intermittent issues during the installation. To resolve these issues, turn off the virus scanning program before you apply this security update.
• You use host-named site collections in Windows SharePoint Services 3.0. If you have many host-named site collections in your deployment, you may experience severe performance issues while this security update is being applied. For example, this issue may occur when there are more than 50 host-named site collections in your deployment.
Microsoft is aware of this issue in which the installation and upgrade will take a long time to update the databases when you run the SharePoint Products and Technologies Configuration Wizard. If you have many host-named site collections in your deployment, we recommend that you do not apply this security update at this point.
Note If you do not use host-named site collections in Windows SharePoint Services 3.0, you can safely apply this security update.• Consider the following scenario. You unprovision a Windows SharePoint Services 3.0 search service database by using one of the following methods:
• Method 1
You run the following command-line:%ProgramFiles%\Common Files\Microsoft Shared\web server extensions\12\bin\STSADM.EXE" -O SPSEARCH -ACTION STOP -F
• Method 2
You use the Central Administration page to stop the "Windows SharePoint Help Search" service. To do this, follow these steps:1. Click Start, point to Administrative Tools, and then click SharePoint 3.0 Central Administration.
2. Click Operations, and then click Services on Server under Topology and Services.
3. Click Stop to stop the Windows SharePoint Help Search service.
You perform a basic installation of Windows SharePoint Services 3.0 that contains the unprovisioned search service database and this security update. When you run the SharePoint Products and Technologies Configuration Wizard in this scenario, the wizard is not completed successfully.
To determine whether you are experiencing this issue, open the latest PSConfig log that is saved in the following location:%ProgramFiles%\Common Files\Microsoft Shared\web server extensions\12\Logs
If you receive the following error message in the PSConfig log, you are experiencing this issue:
Exception: System.ArgumentException: The object with id SOME-RANDOM-GUID does not exist in the configuration store. The object may have been deleted by another operation.
at Microsoft.SharePoint.Administration.SPConfigurationDatabase.DeleteObject(Guid id)
at Microsoft.SharePoint.Administration.SPConfigurationDatabase.DeleteObject(SPPersistedObject obj)
at Microsoft.SharePoint.Administration.SPPersistedObject.Delete()
at Microsoft.SharePoint.Search.Administration.SPSearchServiceInstance.ProvisionDatabase()
at Microsoft.SharePoint.Search.Administration.SPSearchServiceInstance.Provision()
at Microsoft.SharePoint.PostSetupConfiguration.ServicesTask.InstallServiceInstanceInConfigDB(Boolean provisionTheServiceInstanceToo, String serviceInstanceRegistryKeyName, Object sharepointServiceObject)
at Microsoft.SharePoint.PostSetupConfiguration.ServicesTask.InstallServiceInstances(Boolean provisionTheServiceInstancesToo, String serviceRegistryKeyName, Object sharepointServiceObject)
at Microsoft.SharePoint.PostSetupConfiguration.ServicesTask.InstallServices(Boolean provisionTheServicesToo)
at Microsoft.SharePoint.PostSetupConfiguration.ServicesTask.Run()
at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()To work around this issue, follow these steps:
1. Do one of the following:
• Delete the Windows SharePoint Services 3.0 search service database in the Windows SharePoint Services 3.0 SQL instance. The database name starts with "WSS_Search_" and ends with the server name.
• Reprovision the Windows SharePoint Services 3.0 search service database by specifying a nondefault Windows SharePoint Services 3.0 search service database. To do this, use one of the following methods:
• Method 1
Run a command-line that resembles the following command-line:%ProgramFiles%\Common Files\Microsoft Shared\web server extensions\12\bin\STSADM.EXE" -O SPSEARCH -ACTION START -DATABASENAME “DBNameExample"
• Method 2
a. Click Start, point to Administrative Tools, and then click SharePoint 3.0 Central Administration.
b. Click Operations, and then click Services on Server under Topology and Services.
c. Verify that the Windows SharePoint Services Search service is stopped. If it is running, stop the service.
d. Click Windows SharePoint Services Search under Services.
e. Under the Search Database, change the database name to any name other than the default name, and then click OK.
f. On the Services on Server page, click Start to start the Windows SharePoint Services Search service.
2. Run the following command-line:
%ProgramFiles%\Common Files\Microsoft Shared\web server extensions\12\bin\ PSConfigUI.exe
• The hotfixes for the following issues are included in this security update. However, if you install a Windows SharePoint Services 3.0 service pack after you install this security update, the following hotfixes are lost.
• You rename a Windows SharePoint Services 3.0 site collection. If you add a new user to the site collection, the welcome e-mail message that is received by the new user contains the old site name.
• You use the Application Definition Designer tool to import a database model that is included in the Business Data Catalog Definition Editor tool (BDC tool) of the software development kit (SDK) for Microsoft Office SharePoint Server 2007. After the database model is imported, the database connection string is blank.
• When you run SPWriter.exe, the program closes unexpectedly with an error message in module Oleaut32.dll. This issue was resolved by a hotfix that moved the GetTimeZoneMoveParameters() function to the end of the Owssvr.dll file.
• You migrate user accounts to a new site collection by using the Stsadmin.exe command-line tool. When the new site collection is crawled, you receive event errors 6482, 6875 and 6482 in the Application log. This issue may occur when the user’s SID in Windows SharePoint Services 3.0 is invalid.
• You use a custom template in a Windows SharePoint Services 3.0 site collection. If you create a new Web page, all the standard Web parts may not be available when you click Add a Web Part.
• When you apply this security update, some third-party services may be incorrectly stopped. If this issue occurs after you apply this security update, you must restart the computer.
• You connect to a Windows SharePoint Services 3.0 site collection. If the page contains a Calendar Web part that is set to Calendar view, the page may not load completely. This issue may occur if you do not have the permission to read the Calendar list.
Prerequisites
There are no prerequisites to apply this security update.
Restart information
In certain circumstances, a restart of the computer may be required. If a restart is required, follow these steps:
1.Restart the computer.
2.Run the "SharePoint Products and Technologies Configuration Wizard."
3.Verify that all the SharePoint services are now running in the services console.
4.Verify that all the Web sites are running in the Internet Information Services (IIS) Manager.
Removal information
After you install this security update, you cannot remove the update.
If you as the SMS Engineer also own the SharePoint servers and sites then you may not have that much work to do on this one, but it is unlikely that you don’t, then this might cause some concern for you. You know that you have to get this patch out tonight, and you have to build a query for several products now, find out the owners of those servers, contact them, discuss this with them, come up with a plan for patching the server, and do this for each one, unless the one person owns all the SharePoint servers. And when you are done with that, you get to setup a SharePoint server and test the patch on it. So what time is it? Do you have SharePoint on the network? Know where the media is? If you read each one of the articles in full, that alone is a couple hours, and that is only the first step in a very long list of procedures for deploying patches.
If you are a manager reading this, my advice, first, never ever utter the last example to an SMS Engineer because if your guy or gal has stuck it out this long, you are unlikely to find someone else as good or better for what pay you are giving them, second, on Wednesday morning bring coffee, tea, Diet Coke, your engineers caffinated beverage of chose, and lastly, relax you have a firewall and it is configured correctly – right?
This is the Daily Ramblings of an (ex)SMS Engineer…
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E Inc.
© 2007 Anthony Clendenen
On the System Center Configuration Manager site there is currently a list of five audiocast or podcasts that you can listen to. They are all fairly short and cover a specific area of ConfigMgr. Wally kicks it off with the best practices for upgrading and setup, and also discusses a few new features and prerequisites. I am sure they will add more to this over time so if you are reading this months after it has been posted use the bottom link to get to the page and see the whole list.
Speakers:
Jeff Wettlaufer, Sr. Technical Product Manager, System Center Configuration Manager
Wally Mead, Sr. Program Manager, System Center Configuration Manager
The next release of SMS 2003, System Center Configuration Manager 2007, is now available. In this episode of the Configuration Manager audiocast series, listen to Jeff Wettlaufer and Wally Mead discuss the best practice guidance and recommendations for how to install System Center Configuration Manager. From SMS upgrades to green field deployment, hear from the early experiences of Configuration Manager customers about deploying the infrastructure and clients.
url: mms://wm.microsoft.com/ms/systemcenter/configmgr/demos/microsoft_sccm_operating_system_deployment.wma
Length: 11:02
Speakers:
Jeff Wettlaufer, Sr. Technical Product Manager, System Center Configuration Manager
Michael Kelley, Sr. Program Manager, System Center Configuration Manager
The next release of SMS 2003, System Center Configuration Manager 2007, is now available. A significant investment in the new release is focused around Operating System Deployment. Taking advantage of new technologies in Windows Vista and Windows Server 2008, listen to Jeff and Michael talk about concepts such as the Task Sequencer, Driver Catalog, WinPE and other areas of OSD. Learn how the same toolset can be used for both Client and Server deployments, and how Configuration Manager can drive end to end automation into your next deployment project.
url: mms://wm.microsoft.com/ms/systemcenter/configmgr/demos/microsoft_sccm_desired_configuration_management.wma
Length: 10:22
Speakers:
Jeff Wettlaufer, Sr. Technical Product Manager, System Center Configuration Manager
Jeffrey Sutherland, Sr. Program Manager, System Center Configuration Manager
The next release of SMS 2003, System Center Configuration Manager 2007, is now available. One of these is abilities is the concept of Desired Configuration Management. DCM is a new approach to configuration management, using SML concepts to define Configuration baselines that can be used to monitor your enterprise. In this audiocast, listen to Jeff and Jeffrey discuss the concepts of configuration management, how to define configuration items, baselines, and the deployment of these in the network. Learn how to interpret this information, and understand the concept of analyzing Configuration Drift.
url: mms://wm.microsoft.com/ms/systemcenter/configmgr/demos/microsoft_sccm_software_distribution.wma
Length 9:10
Speakers:
Jeff Wettlaufer, Sr. Technical Product Manager, System Center Configuration Manager
Dave Randall, Sr. Program Manager, System Center Configuration Manager
SMS has always done software distribution, but in the new release entitled System Center Configuration Manager there are some significant new improvements to this feature that will add new levels of control and reliability to your organization. In this edition of the Configuration Manager audiocast series, Listen to Jeff and Dave discuss the concepts of Software Distribution, what has improved, what is new, and the benefits these enhancements will bring to your organization.
url: mms://wm.microsoft.com/ms/systemcenter/configmgr/demos/microsoft_sccm_software_update_management.wma
Length: 8:33
Speakers:
Jeff Wettlaufer, Sr. Technical Product Manager, System Center Configuration Manager
Marc Umeno, Sr. Program Manager, System Center Configuration Manager
Patch management has always been a never ending process for organizations of any size. In SMS 2003, this solution was a collection of tools (and processes), but in System Center Configuration Manager, there are some new features and tools integrated that drastically simplify the challenge of keeping your computers updated. In this edition of the Configuration Manager audiocast series, listen to Jeff and Marc speak about the improvements in Software Update Management. From setup to WSUS integration, to streamlining your processes, learn how to employ these today in your organization and become truly secure and well managed.
System Center Configuration Manager 2007 Audiocasts
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E Inc.
© 2007 Anthony Clendenen
Kevin is right, this has already been talked about, but he does a nice job of explaining the two types of multicasting. Two drawbacks to this however…First you cannot multicast across subnets, well you can but if your network supports this you are wide open to a SQL Slammer type of attack where one laptop brings your network to its knees. Second, you have to have Server 2008 to make this work.
A simple, less costly solution, that you can utilize now is to use the 1E OSD Plus Pack, or SMSNomad Branch to accomplish this – now.
One of the gazillion new and improved features of the soon to be released Windows Server 2008 is that we now have the ability to perform enhanced multicasting when deploying OS images right out of the box. The new Windows Deployment Services (WDS) will now support an enhanced multicast feature which will allow you to multicast out your Windows OS’s from Windows Server 2008. This is not ‘new’ news as I believe we have documented that this will be a feature for quite some time, but one that I feel is overlooked given all of the other many features of the new product.
There will be two types of multicast supported:
- Scheduled-Cast: This is your traditional multicast scenario where you can specify a time or certain number of clients requesting an image before a session begins for all at the same time. You can also start the session manually once all clients are in the ‘waiting’ state and ready to go.
- Auto-Cast: As soon as an allowed client requests an image, a multicast transmission begins. Other clients can then join this same session in progress and can ‘make up’ what they missed earlier by dropping back to a unicast session at the end. To me, this is a pretty cool feature as it allows one to set up an ‘always on’ multicast session to your environment that can be invoked at any time and by multiple different folks pulling down the same image. This gives you maximum flexibility and efficient use of bandwidth. Below is a screen shot from my lab that show two machines on the same multicast session – note the different session times and % complete:
I know that this has been a huge ask from my HED and K12 customers responsible for installing entire labs of machines on a regular basis. Now we have a solution ‘in-the-box’ with W08 to address this. Now all that is left to do is to integrate this multicast functionality with SCCM’s OS deployment features – don’t worry, this is already being worked on!!!
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E Inc.
© 2007 Anthony Clendenen
If you have never worked with Microsoft PSS, PFE, QFE, MCS, RRE, or any other arm of their professional support staff you may not be aware of the tools that these army of men and women come equipped with to resolve issues. These are often home grown, field developed, custom tools that these same folks have written to help customers and the support staff at Microsoft quickly resolve issues and the WMIDiag tool is a prime example of this. Often these tools are used only by the Microsoft staff and are not given to the public to use and I can only speculate here (sorry Bill) but I am going to say that they hesitate to give these tools to customers for two reasons, first because they would have to support these tools if they provided them to customers and secondly because they help generate revenue. I know it is hard to believe but Microsoft is actually in this business to make money and providing support is costly and giving away tools that they use to generate revenue would probably cause them to lose money, a lose lose situation for them. But often times these tools do make their way to the public and are available on the Microsoft Download site, WMIDiag v1 and v2 are prime examples of these as well as the recent VMRCPlus tool.
WMIDiag was developed by Alain Lissoir who works on the WMI team at Microsoft, I can’t say if this was developed as a support tool that made its way to the main stream because of its usefulness or if it was specifically developed for customers but I am thinking the later. WMIDiag is a VBScript that helps you diagnose issues with WMI on a computer and suggest resolutions to issues it discovers, in many cases step by step detailed instructions on resolving the issue.
WMI has become more stable in recent months, there was the additional improvements that Microsoft made to WMI with Vista, although I was not able to ever ascertain specifics on what this actually means, then the same improvements were made available in an update for Windows Server 2003 and then Windows XP. But as an IT admin, and even more specifically an SMS Engineer or SMS anything, WMI is critical to a reliable working SMS hierarchy. As companies move to ConfigMgr this will become even more important, not only for the clients but for the ConfigMgr servers also as vendors and others plugin to the providers and create their own classes in WMI.
Each week I receive several emails from people who have come across my blog and have a support related question and one of the most difficult problems to diagnose and resolve is WMI issues. WMI problems can often result in incomplete patching, often to the point where SLA’s are not met, clients no longer reporting and eventually being marked inactive and removed from the SMS db, preventing the install of the SMS client using any method, and countless hours spent at the users desk trying to determine the root cause. WMI can be a very painful and difficult thorn in the side of an SMS admin. With my job I get to see quite a few SMS installs and if you are feeling these pains you are not alone – trust me!
So why should you care? Because your other options of fixing WMI are to delete the repository, an absolute last resort tactic, use other tools, to manually test the repository and remove the offending class manually, or just examine it yourself (why?). None of these are high on the priority list for a busy SMS admin unless you have had recent events that warrant the extra attention. Usually the number of clients having problems leaves the lowly SMS admin just shaking their head and dealing with tasks that they can cope with.
A side note on this last point, I heard for years that you should not rebuild the repository but no one that I asked could ever really tell me why other than they heard it from someone else so I eventually took it upon myself to figure out why. When the repository gets built it runs through the MOF files and if the file contains a #PRAGMA AUTORECOVER statement then it will rebuild those classes into the repository. If the MOF file does not have this entry, you guessed it, it gets left out. So now you have an application installed with no corresponding classes or methods in WMI so when you try to do an operation or another application tries to use its class you get an error, or maybe nothing. The easiest way to fix this is to reinstall the applications but this can be very time consuming. This also causes the SMS Client to kick off a reinstall of the client including a full hardware and software inventory!
As I mentioned above you can run this tool as an SMS package and it has built in support to run silent you only need to add the SMS switch to the command line and it will set the tool to not display any output to the user or return the exit code when it completes as to not confuse SMS into thinking something bad has happened.
You must run this tool locally on the system and cannot run it remotely against a list of machines without using SMS or a similar method, this is because it does not rely on WMI to get its data it actually runs under WSH to collect the data it needs and because of that you cannot use the impersonate method you are accustom to with WMI, you must also have local admin rights when starting it on the system. I could debate this issue and most of you could probably get this to work remotely but I am not going down that path today.
Here are some of the other switches and functionality of WMIDiag.
The SMTP switches will report your troubles to Microsoft (by default).
You can run this by simply double clicking it, you can launch it from the command line, run it as a package in SMS, the method is up to you. When you launch it the tool starts by first verifying that you have the required rights to run the tool successfully, it then creates the log and csv files, begins the diagnostics, and then the checks of WMI. This can take anywhere from a few minutes to over 10 minutes to possibly hours, in some cases it can cause the computer to become unresponsive during the time it runs. It will depend on the level of checking and logging you set when you launch the tool and the computer. The list of tests performed can be found in Appendix A on the WMIDiag page.
After it completes and depending on how you configured the tool to log the information it found you can examine the results in event log (app), and the .log file it created. Open the .log file and do a search for “Report” this is the information you are looking for, it will show any errors or warnings, warnings can often be ignored but errors should be examined and accompanied by steps to resolve the error. Some errors will cause WMI not to function while others may cause annoying problems for applications. You should examine the list of errors on the WMIDiag web page to determine how serious your error is.
Here are some example scenarios of using this tool and the associated command lines that go along with it.
A monthly check of all WMI namespaces on all SMS clients where the error logs are copied to a central store and compiled into a single Excel spreadsheet.
Assumptions: You have, or will create, a SMS package and program with an advertisement that reoccurs on monthly basis. I would suggest you schedule this to run during off hours this can slow down machines and take some time to complete. The package source directory contains the WMIDiag.vbs file and it set to download and execute not run from the server. The package is set to run as admin and whether or not the user is logged in.
Command line: WMIDiag.vbs SMS RunOnce LogFilePath=\\serverName\Share OldestLogHistory=23
Explanation of command line: The SMS switch tells the tool to run silent and suppress popups,
the RunOnce will prevent the tool from running twice in the same day and this is added in as an insurance policy incase the computer restarts during the package running SMS will tell it to start over but this switch will keep the tool from starting again,
the LogFilePath switch tells the tool where to copy the log files to, the last switch will delete any log files for the client that are over 23 days, the reasons will be clear when you read the next three paragraphs.
After all of your clients have run the tool you can then compile all the results into the WMI Diagnostic spreadsheet by following these instructions.
On the server in a command prompt navigate to your share where the log files have been stored and then type copy /a *.csv Data.csv this will combine all of the spreadsheets into one. After that completes open the Data.csv file and click the top left corner selecting all the columns and rows in the worksheet and then use Control-C to copy the data. Next open the WMiDiag.xls file that comes with WMIDiag and then paste the data into the DATA spreadsheet. This should produce a very nice report for all of your clients giving you a very nice picture of the health of WMI on your SMS clients!
If you want to make it really slick you can create a custom macro that will use the copy command to combine all your spreadsheets the day after all your clients run the package, and then pastes the results into the DATA tab, and then deletes the clients spreadsheets from the share.
A monthly check of WMI on all SMS clients where the errors are reported to a local email alias.
Assumptions: You have, or will create, a SMS package and program with an advertisement that reoccurs on monthly basis. I would suggest you schedule this to run during off hours as it can take up to two hours to complete an entire check of WMI. The package source directory contains the WMIDiag.vbs file and it set to download and execute not run from the server. The package is set to run as admin and whether or not the user is logged in.
Command line: WmiDiag.vbs SMS RunOnce SMTPServer=SMTP.ConfigMgr.com SMTPFrom=localhost@ConfigMgr.com SMTPTo=WMIDiagTeam@CongifMgr.com SMTPInvalidState
Explanation of command line: The SMS switch tells the tool to run silent and suppress popups,
the RunOnce will prevent the tool from running twice in the same day and this is added in as an insurance policy incase the computer restarts during the package running SMS will tell it to start over but this switch will keep the tool from starting again,
the SMTPServer= switch indicates your local SMTP relay server to use when sending the email,
the switch SMTPFrom is just an indication of who is sending the email you can play with this to make your own custom from,
the SMTPTo switch is the email address that the email is going to be sent to if you leave this switch out and include the other two SMTP switches you will send the email to Microsoft instead.
The last switch, SMTPInvalidState tells the tool to only send an email when there is an error or warning reported and keeps you from sorting through emails to determine which ones are in need of help.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E Inc.
© 2007 Anthony Clendenen
I Recommend These Books!
SMS 2003 Administrator’s Reference: Systems Management Server 2003
And you can check out more books and gadgets at my Amazon store here.
More Options ...
Categories
Tag Cloud
Blog RSS
Comments RSS
Void 
Life « Default
Earth 
Wind 
Water 
Fire Light 
Last 50 Posts 
Back