SCCM 2012 R2 Upgrade Path for Multisite Hierarchy

Requirements:

• Download SCCM 2012 R2 RTM bits

• Download Windows 8.1 ADK

Steps:

• Start upgrade from the top in hierarchy, first CAS then Primary and then Secondary Servers.

• Take backup of CAS as well as Primary servers. Ensure that you’ve a good copy (I would suggest to have 2 copies just in case) of backup.

• In CAS server, Uninstall Windows 8 ADK from Programs and Features

• Install Windows 8.1 ADK along with three features (Deployment Tools, WinPE and USMT)

• Disable the site maintenance tasks “Backup Site Server”, “Delete Aged Client Operations” and “Delete Aged Data Discovery” on SCCM ConfigMgr sites.

• No need to update remote Site System servers (remote DPs, MPs, SUPs). However, ensure that prerequisite for installed site system roles.

• Open the SCCM 2012 R2 bits and run the Splash.hta

• On the Getting Started page, make sure that Upgrade this Configuration Manager site is selected.

• Follow the GUI and finish the installation.

• Once installation is successful in CAS, then follow the same process for Primary server.

Desired Configuration Management Evaluation

Compliance Evaluation Schedule:

• Clients download configuration baseline assignements with their machine policy.
• Configuration baseline will not be evaluated until their shceduled compliance evaluation time or unless you manually initiate evaluation on the client.
• Client which is not yet evaluated will report their compliance as Unknown.
• Client will ensure that it has the correct version of the configuration data in the CB before it begins the evaluation, if necessary client download the CB data from MP.
• The evaluation schedule initiates a compliance evaluation that starts randomly within the next two hours. This random initiation ensures that the management point is not saturated with compliance results from multiple clients at the same time.
• The compliance results are sent to the client's assigned management point in state messages and status messages.
• If the computer is not currently connected to the network but the client has downloaded all the configuration data referenced in the assigned configuration baselines, the client performs offline evaluation. When the computer is next connected to the network, the cached compliance information is sent to its management point.

Compliance Information sent as State Messages in DCM:

• The desired configuration management client mainly uses state messages to send compliance results.
• State messages are consolidated on the client and sent according to the State message reporting cycle (minutes) value configured in the Computer Client Agent Properties. By default, this cycle is set to occur every 15 minutes.
• The Actual Compliance state (Applicable, Detected, Compliant or Non-Compliant) for each configuration item is sent as a state message to the management point in the following circumstances:

                     When the configuration item is first evaluated.

                     Whenever the client detects a change in the compliance of a configuration baseline

• If the client does not detect a change in its compliance with an assigned configuration baseline, it sends only its overall compliance state with its assigned configuration baseline to the management point, except in the following circumstances:
• The non-compliance severity level of a setting or object changes.
• The validation criteria of a setting or object changes after it has previously been reported as non-compliant.

Reference:

http://technet.microsoft.com/en-us/library/bb680847.aspx

http://technet.microsoft.com/en-us/library/bb632467.aspx

Enable Verbose logging in SCCM Client

Enable Verbose logging in SCCM Client

• On clients, update a register value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Logging\@GLOBAL, make LogLevel=0.
• Add a new key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Logging\DebugLogging add a string value under it, Enabled = True

 After enabling verbose logging, please restart SMS Agent Host service on client

Create Cloud Distribution Point in SCCM 2012

 

Cloud Distribution Point Implementation

As I mentioned in my previous post following are the Prerequisites to use a Cloud Distribution Point

• A subscription to Windows Azure.
• A management certificate (self-signed or PKI) for communication from a Configuration Manager primary site server to the cloud service in Windows Azure.
• A service certificate (PKI) that Configuration Manager clients use to connect to cloud-based distribution points and download content from them by using HTTPS.
• Before a device or user can access content from a cloud-based distribution point, they must receive the client setting for Cloud Services of Allow access to cloud distribution points set to Yes. By default, this value is set to No.
• Clients must be able to resolve the name of the cloud service, which requires a DNS alias (CNAME record) in your DNS namespace.
• Clients must be able to access the Internet to use the cloud-based distribution point.

Implementation Steps:

In Windows Azure:

• Login to your Windows Subscription ID and click Settings and select management certificate in the center pane.
• In the bottom of the browser window, select Upload Certificate and browse for a .CER file of the Management Certificate.

• Once you uploaded the .CER file, make a note of the SUBSCRIPTION ID, which we will use it in SCCM console while creating Cloud DP.

In SCCM Console:

• In SCCM Console, Click on Administration and Right click on Cloud to "Create Cloud Distribution Point"
• On the Specify details for this cloud service page, this is where we’ll use the copy/pasted Subscription ID we saved, as well as the .pfx file that we exported earlier. 

• In Specify additional details for this distribution point select the specific region and in PKI certificate select the .pfx file which you have created earlier. 

We can use the wildcard certificate (.pfx) as well with our specific FQDN name.

• On the configure alerts for this distribution point page, make note of the different alert thresholds that can be set. We leave the defaults and click next.

• On the summary page, review the details and then click next.
• And now you’ll see your new Cloud Distribution Point listed in the main part of the page, that will have a status of Provisioning.  Eventually that status will change to Ready.
• You can follow the process by looking in the CloudMgr.log as well