Wednesday, July 31, 2013

Enable Verbose logging in SCCM Client




Enable Verbose logging in SCCM Client

  • On clients, update a register value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Logging\@GLOBAL, make LogLevel=0.
  • Add a new key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Logging\DebugLogging add a string value under it, Enabled = True
 After enabling verbose logging, please restart SMS Agent Host service on client

Posted by at No comments:

Wednesday, July 17, 2013

Create Cloud Distribution Point in SCCM 2012

 
Cloud Distribution Point Implementation
As I mentioned in my previous post following are the Prerequisites to use a Cloud Distribution Point
  • A subscription to Windows Azure.
  • A management certificate (self-signed or PKI) for communication from a Configuration Manager primary site server to the cloud service in Windows Azure.
  • A service certificate (PKI) that Configuration Manager clients use to connect to cloud-based distribution points and download content from them by using HTTPS.
  • Before a device or user can access content from a cloud-based distribution point, they must receive the client setting for Cloud Services of Allow access to cloud distribution points set to Yes. By default, this value is set to No.
  • Clients must be able to resolve the name of the cloud service, which requires a DNS alias (CNAME record) in your DNS namespace.
  • Clients must be able to access the Internet to use the cloud-based distribution point.

Implementation Steps:
In Windows Azure:
  • Login to your Windows Subscription ID and click Settings and select management certificate in the center pane.
  • In the bottom of the browser window, select Upload Certificate and browse for a .CER file of the Management Certificate.
  • Once you uploaded the .CER file, make a note of the SUBSCRIPTION ID, which we will use it in SCCM console while creating Cloud DP.

In SCCM Console:
  • In SCCM Console, Click on Administration and Right click on Cloud to "Create Cloud Distribution Point"
  • On the Specify details for this cloud service page, this is where we’ll use the copy/pasted Subscription ID we saved, as well as the .pfx file that we exported earlier. 
  • In Specify additional details for this distribution point select the specific region and in PKI certificate select the .pfx file which you have created earlier. 
We can use the wildcard certificate (.pfx) as well with our specific FQDN name.
  • On the configure alerts for this distribution point page, make note of the different alert thresholds that can be set. We leave the defaults and click next.
  • On the summary page, review the details and then click next.
  • And now you’ll see your new Cloud Distribution Point listed in the main part of the page, that will have a status of Provisioning.  Eventually that status will change to Ready.
  • You can follow the process by looking in the CloudMgr.log as well
Posted by at No comments:

Tuesday, July 2, 2013

Branch Cache SCCM 2012


Branch Cache for SCCM 2012 Application Distribution

If you are planning to implement as a test then perform the below mentioned changes in the local group policy and then make a change in the domain wide using group policy.

Here are the steps
 1.       Make the following changes in the Group policy Computer Configuration --> Administrative Templates --> Network --> BranchCache, enable the following settings

  • Turn on Branch Cache
  • Set Branch Cache Distributed Cache Mode
  • Configure BranchCache for network files -- 80 milliseconds
  • Set percentage of disk space used for client computer cache -- 10

2.   Make the following change in the group policy (Computer Configuration --> Windows Settings --> Security Settings and Windows Firewall with Advanced Security) enable the below mentioned settings in both Inbound and Outbound Rules of client machines

  • BranchCache Content Retrieval (HTTP-In) – Port 80
  • BranchCache Peer discovery (WSD-In) – Port 3702
  • BranchCache Content Retrieval (HTTP-Out) – Port 80
  • BranchCache Peer discovery (WSD-Out) – Port 3702

3.       Install Branch Cache feature in both Site Servers (CAS and Primary Site Servers)

To check BranchCache is working, verify the following logs in the client
  • DataTransferService.log
  • FileBits.log
  • ContentTransferManager.log

Validation Method:
Posted by at No comments:

Monday, July 1, 2013

Cloud Distribution Point in SCCM 2012



 The following are prerequisites to use a cloud-based distribution point:

  • A subscription to Windows Azure.
  • A management certificate (self-signed or PKI) for communication from a Configuration Manager primary site server to the cloud service in Windows Azure.
  • A service certificate (PKI) that Configuration Manager clients use to connect to cloud-based distribution points and download content from them by using HTTPS.
  • Before a device or user can access content from a cloud-based distribution point, they must receive the client setting for Cloud Services of Allow access to cloud distribution points set to Yes. By default, this value is set to No.
  • Clients must be able to resolve the name of the cloud service, which requires a DNS alias (CNAME record) in your DNS namespace.
  • Clients must be able to access the Internet to use the cloud-based distribution point.

 About Certificates

Cloud-based distribution points require certificates to enable Configuration Manager to manage the cloud service that hosts the distribution point, and for clients to access content from the distribution point. The following table provides overview information about these certificates.  

Certificate
Details
Management certificate for site server to distribution point communication
The management certificate establishes trust between the Windows Azure management API and Configuration Manager. This authentication allows Configuration Manager to call on the Windows Azure API when you perform tasks such as deploying content or starting and stopping the cloud service. Windows Azure allows customers to create their own management certificates, which can be either a self-signed certificate or a certificate issued by a certification authority (CA):
  • Provide the .cer file of the management certificate to Windows Azure when you configure Windows Azure for Configuration Manager. The .cer file contains the public key for the management certificate and you must upload this certificate to Windows Azure before you install a cloud-based distribution point. This certificate enables Configuration Manager to access the Windows Azure API.
  • Provide the .pfx file of the management certificate to Configuration Manager when you install the cloud-based distribution point. The .pfx file contains the private key for the management certificate. Configuration Manager stores this certificate in the site database. Because the .pfx file contains the private key, you must provide the password to import this certificate file into the Configuration Manager database.
 
If you create a self-signed certificate, you must first export the certificate as a .cer file, and then export it again as a .pfx file.
 
Service certificate for client communication to the distribution point
The Configuration Manager cloud-based distribution point service certificate establishes trust between the Configuration Manager clients and the cloud-based distribution point and secures the data that clients download from it by using SSL over HTTPS.
Important
The common name in the certificate subject field of the service certificate must be unique in your domain and not match any domain joined device.
 
Site Server to Cloud-Based Distribution Point Communication

When you install a cloud-based distribution point, you must assign one primary site to manage the transfer of content to the cloud service. This is equivalent to installing the distribution point site system role to a specific site.


When a device or user of a device is configured with the client setting that enables the use of a cloud distribution point, they can receive the cloud-based distribution point as a valid content location. A cloud-based distribution point is considered a remote distribution point when a client evaluates available content locations. Clients on the intranet only use cloud-based distribution points as a fallback option if on-premises distribution points are not available.

Clients that can use cloud-based distribution points use the following sequence when they perform a content location request:

  1. A client that is configured to use cloud distribution points always attempts to obtain content from a preferred distribution point first.
  2. When a preferred distribution point is not available, the client will use a remote distribution point, if the deployment supports this option and a remote distribution point is available.

    1. When a preferred distribution point or remote distribution point is not available, the client can then fall back to obtain the content from a cloud-based distribution point.

      Note
Clients on the Internet that receive both an Internet-based distribution point and a cloud-based distribution point as content locations for a deployment, only attempt to retrieve content from the Internet-based distribution point. If the client on the Internet fails to retrieve content from the Internet-based distribution point, the client does not then attempt to access the cloud-based distribution point.

When a client uses a cloud-based distribution point as a content location, the client authenticates itself to the cloud-based distribution point by using a Configuration Manager access token. If the client trusts the Configuration Manager cloud-based distribution point certificate, the client can then download the requested content.

 Log File need to be analyzed are :

Distmgr.log in CAS Server

Cloudmgr.log in Primary Server
Posted by at No comments:
Subscribe to: Posts (Atom)