System Center 2012 R2 Update Rollup 2

I’ve created a toll for downloading the bits for Update Rollup 2, as well as extracting the .cab files. This keeps it a bit more organized and is quicker than navigating through windows update. Enjoy!


<#
.SYNOPSIS
Downloads all of UR2 (english only)   
.DESCRIPTION   
All prereqs are downloaded and unpacked   
.INPUTS  
 -DestinationFoler      
used to define the location where everything is stored.  Default is C:\SysCen2012R2UR2  
 -Cleanup     
true/false used to delete cab files after expanding.  Default is $true   
.OUTPUTS   
None    
.NOTES   
Author:         Daniel Kucinski   
Date:           June 2014   
Purpose/Change: Initial creation    
.EXAMPLE   
.\SCUR2downloader.ps1 -DestinationFolder c:\UpdateRollup2 -CleanUp $true -Verbose 
.EXAMPLE   
...just right-click and run   enjoy! 
#>

    [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='High')]
    param(
    [Parameter(position=0)]
    [string]$DestinationFolder = "C:\SysCen2012R2UR2",

    [Parameter(position=1)] #Mandatory=$true
    [bool]$CleanUp = $true
    )

$erroractionpreference = "SilentlyContinue"
$error.clear()
$download = New-Object System.Net.WebClient

function Expand-ZIPFile($file, $destination) {
    $shell = New-Object -ComObject shell.application
    $zip = $shell.NameSpace($file)
        ForEach ($item in $zip.items())
        {
            $shell.NameSpace($destination).CopyHere($item,0x14)
        } #foreach
    } #function

# create dir and download prereqs from MS
[array]$components = @("VMM","SCSM","SCO","SCOM","SPF","SMA","DPM")
    New-Item -Type directory -path $DestinationFolder | Out-Null
        ForEach ($item in $components) {
            New-Item -Type directory -Path $DestinationFolder\$item | Out-Null
        } #foreach
    Write-Verbose "created  directories - continuing..."

# SCSM
IF (Test-Path "$DestinationFolder\SCSM\SCSM2012R2_CU_KB2904710_AMD64_7.5.3079.61.exe") {
    Write-Verbose "SCSM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading SCSM components"
        $source = "http://download.microsoft.com/download/1/6/A/16A55195-AA6A-4210-A780-0403D7F7D6EE/SCSM2012R2_CU_KB2904710_AMD64_7.5.3079.61.exe"
        $destination = "$DestinationFolder\SCSM\SCSM2012R2_CU_KB2904710_AMD64_7.5.3079.61.exe"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

# SCOM
#management server
IF (Test-Path "$DestinationFolder\SCOM\kb2929891-amd64-server_efa0a2029f892ab08b3b5c869fe57f8c267dc6e6.cab") {
    Write-Verbose "SCSM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading SCOM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/04/kb2929891-amd64-server_efa0a2029f892ab08b3b5c869fe57f8c267dc6e6.cab"
        $destination = "$DestinationFolder\SCOM\kb2929891-amd64-server_efa0a2029f892ab08b3b5c869fe57f8c267dc6e6.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

#gateway
IF (Test-Path "$DestinationFolder\SCOM\kb2929891-amd64-gateway_6c78f8fcacf5e679d6ef63398fb6538322c92e98.cab") {
    Write-Verbose "SCSM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading SCOM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/04/kb2929891-amd64-gateway_6c78f8fcacf5e679d6ef63398fb6538322c92e98.cab"
        $destination = "$DestinationFolder\SCOM\kb2929891-amd64-gateway_6c78f8fcacf5e679d6ef63398fb6538322c92e98.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

#webconsole
IF (Test-Path "$DestinationFolder\SCOM\kb2929891-amd64-enu-webconsole_f459a18aa85e98d6270fe6bbbeb26ed29ebab466.cab") {
    Write-Verbose "SCSM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading SCOM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/04/kb2929891-amd64-enu-webconsole_f459a18aa85e98d6270fe6bbbeb26ed29ebab466.cab"
        $destination = "$DestinationFolder\SCOM\kb2929891-amd64-enu-webconsole_f459a18aa85e98d6270fe6bbbeb26ed29ebab466.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

# SMA
IF (Test-Path "$DestinationFolder\SMA\kb2904689_powershellmoduleinstaller_x64_d57fd83f3066ad603201e3d42630cbd00bc28e67.cab") {
    Write-Verbose "SCSM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading SCOM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/04/kb2904689_powershellmoduleinstaller_x64_d57fd83f3066ad603201e3d42630cbd00bc28e67.cab"
        $destination = "$DestinationFolder\SMA\kb2904689_powershellmoduleinstaller_x64_d57fd83f3066ad603201e3d42630cbd00bc28e67.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

# SPF
IF (Test-Path "$DestinationFolder\SPF\kb2932939_microsoft.systemcenter.foundation.setup_x64_0a38ef61d7850cfb903492670e3fa3cf6c8471f3.cab") {
    Write-Verbose "SPF Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading SCOM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/04/kb2932939_microsoft.systemcenter.foundation.setup_x64_0a38ef61d7850cfb903492670e3fa3cf6c8471f3.cab"
        $destination = "$DestinationFolder\SPF\kb2932939_microsoft.systemcenter.foundation.setup_x64_0a38ef61d7850cfb903492670e3fa3cf6c8471f3.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

# VMM
#adminconsole x64
IF (Test-Path "$DestinationFolder\VMM\kb2932942_adminconsole_amd64_5dd291de44899042205ec70eecb8555f1c2c10d0.cab") {
    Write-Verbose "VMM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading VMM components"
        $source = "http://download.windowsupdate.com/c/msdownload/update/software/uprl/2014/04/kb2932942_adminconsole_amd64_5dd291de44899042205ec70eecb8555f1c2c10d0.cab"
        $destination = "$DestinationFolder\VMM\kb2932942_adminconsole_amd64_5dd291de44899042205ec70eecb8555f1c2c10d0.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

#VMM server
IF (Test-Path "$DestinationFolder\VMM\kb2932926_vmmserver_amd64_ebd2c3f90127efa11f750f1464cb44bd1b0108bc.cab") {
    Write-Verbose "VMM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading VMM components"
        $source = "http://download.windowsupdate.com/c/msdownload/update/software/uprl/2014/04/kb2932926_vmmserver_amd64_ebd2c3f90127efa11f750f1464cb44bd1b0108bc.cab"
        $destination = "$DestinationFolder\VMM\kb2932926_vmmserver_amd64_ebd2c3f90127efa11f750f1464cb44bd1b0108bc.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

# SCO
#webservice
IF (Test-Path "$DestinationFolder\SCO\kb2904689_webserviceinstaller_x64_fa0016be99b73e5738d9a30068ca93566d26a622.cab") {
    Write-Verbose "VMM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading VMM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/04/kb2904689_webserviceinstaller_x64_fa0016be99b73e5738d9a30068ca93566d26a622.cab"
        $destination = "$DestinationFolder\SCO\kb2904689_webserviceinstaller_x64_fa0016be99b73e5738d9a30068ca93566d26a622.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

#runbook server
IF (Test-Path "$DestinationFolder\SCO\kb2904689_runbookserver_x86_4cfc6f108fc6432d251ab861401ceeb6c93acd8a.cab") {
    Write-Verbose "SCO Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading SCO components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/04/kb2904689_runbookserver_x86_4cfc6f108fc6432d251ab861401ceeb6c93acd8a.cab"
        $destination = "$DestinationFolder\SCO\kb2904689_runbookserver_x86_4cfc6f108fc6432d251ab861401ceeb6c93acd8a.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

#runbook designer
IF (Test-Path "$DestinationFolder\SCO\kb2904689_runbookdesigner_x86_55fa0a511b6def5b80e72f7edb162277b32b9ae9.cab") {
    Write-Verbose "SCO Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading SCO components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/04/kb2904689_runbookdesigner_x86_55fa0a511b6def5b80e72f7edb162277b32b9ae9.cab"
        $destination = "$DestinationFolder\SCO\kb2904689_runbookdesigner_x86_55fa0a511b6def5b80e72f7edb162277b32b9ae9.cab"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else

# DPM
#central console server
IF (Test-Path "$DestinationFolder\DPM\dpmcentralconsoleserver-kb2963543_ce185cdaad05fb7f5df55a6b14883eede2c031b2.exe") {
    Write-Verbose "DPM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading DPM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/05/dpmcentralconsoleserver-kb2963543_ce185cdaad05fb7f5df55a6b14883eede2c031b2.exe"
        $destination = "$DestinationFolder\DPM\dpmcentralconsoleserver-kb2963543_ce185cdaad05fb7f5df55a6b14883eede2c031b2.exe"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else   

#dpm
IF (Test-Path "$DestinationFolder\DPM\dataprotectionmanager2012r2-kb2963543_a975a99c79b2c1267f3087dc34af68398994849d.exe") {
    Write-Verbose "DPM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading DPM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/05/dataprotectionmanager2012r2-kb2963543_a975a99c79b2c1267f3087dc34af68398994849d.exe"
        $destination = "$DestinationFolder\DPM\dataprotectionmanager2012r2-kb2963543_a975a99c79b2c1267f3087dc34af68398994849d.exe"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else   

#management shell 1
IF (Test-Path "$DestinationFolder\DPM\dpmmanagementshell-kb2963543_015ac9652a3cbb3fef17496fdaf90a0b64feeb95.exe") {
    Write-Verbose "DPM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading DPM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/05/dpmmanagementshell-kb2963543_015ac9652a3cbb3fef17496fdaf90a0b64feeb95.exe"
        $destination = "$DestinationFolder\DPM\dpmmanagementshell-kb2963543_015ac9652a3cbb3fef17496fdaf90a0b64feeb95.exe"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else   

#management shell 2
IF (Test-Path "$DestinationFolder\DPM\dpmmanagementshell-kb2963543_7e533fb1e095022cb8a4298af77c139ae0c34bd7.exe") {
    Write-Verbose "DPM Update Rollup 2 located"
    }
    ELSE {
        Write-Verbose "Downloading DPM components"
        $source = "http://download.windowsupdate.com/d/msdownload/update/software/uprl/2014/05/dpmmanagementshell-kb2963543_7e533fb1e095022cb8a4298af77c139ae0c34bd7.exe"
        $destination = "$DestinationFolder\DPM\dpmmanagementshell-kb2963543_7e533fb1e095022cb8a4298af77c139ae0c34bd7.exe"
        Invoke-WebRequest -Uri $source -OutFile $destination
        Write-Verbose "Downloaded $destination"
    } #else   

# unzip cab files
$Cabs = Get-ChildItem -Path $DestinationFolder -Recurse -Filter *.cab

    foreach ($cab in $cabs) {
        #$FriendlyName =
        Write-Verbose "Expanding $Cab.BaseName"
        Expand-ZIPFile –File $Cab.FullName –Destination $Cab.DirectoryName
        Write-Verbose "done..."
    } #foreach

# cleanup
IF ($CleanUp -eq $true) {
    foreach ($cab in $cabs) {
        #$FriendlyName =
        Write-Verbose "Deleting $Cab.BaseName"
        Remove-Item $Cab.FullName -Force
        Write-Verbose "done..."
    } #foreach
} #IF

Collection of Virtual Machines

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from  SMS_R_System where SMS_R_System.ResourceId not in (select SMS_R_SYSTEM.ResourceID from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Model like "%Virtual%")

Offline Serving a WIM without SCCM

Recently, I came across a problem while setting up OSD at one of my clients: I was unable to use install Windows 7 on a variety of their systems using the drivers from the manufacturer.  Specifically, with the Lenovo T440s, it would fail when booting up the first time, after successfully applying the driver pack.

The error read: Windows could not configure one or more system components.  To install Windows, restart the computer and then restart the installation.

This problem is caused by the drivers some of these newer systems are using, and their reliance on an updated version of the Kernel Mode Driver Framework.  The best approach, in my opinion, is to add the latest hotfix to the WIM so that Windows is ready when the drivers come down.  Normally this could be accomplished through the ConfigMan console with offline servicing.  However, my current client isn’t using SCCM for patching, so our site doesn’t have a SUP.  Furthermore, all I’m doing here is an OSD build out, so I’m not going to go setting one up.  Instead, I’m going to inject the hotfix the same way SCCM does, just manually.  This is also useful if you’ve ever just wondered what goes on under the hood.

To start, we’ll need the latest KMDF from Microsoft: http://www.microsoft.com/en-us/download/details.aspx?id=38423

Once you’ve downloaded it to your SCCM server, you’ll need to extract it using a tool such as 7zip:

.\7za.exe x kmdf-1.11-Win-6.1-x64.msu

Image

Also, we’ll need to find our WIM.  If you don’t know which image index you’re after, you can retrieve it using dism /get-wiminfo /wimfile:F:\source$\OSD\WIMs\MYWIM.wim like I did here.

Image

Mount it using DISM:

dism /mount-wim /wimfile:F:\source$\OSD\WIMs\MYWIM.wim /mountdir:E:\Scratch /index:1

Image

Inject the hotfix you extracted earlier:

dism /image:E:\Scratch /add-package /Packagepath:F:\source$\Hotfix\KMDF1.11

Image

Since I still had the .MSU file in my directory, I got an error, but the hotfix (KB2685811) did install properly.  I can verify this with DISM:

dism /get-packages /image e:\scratch

Image

Now all that’s left to do is unmount and commit:

dism /unmount-wim /mountdir:E:\Scratch /commit

Image

That’s it!  Once it unmounts, just update your distribution points and we’re ready to support newer drivers for newer models.

-easy

Configuring SCCM 2012 for PKI and SSL: Managing Apple Computers

Now that our site is running in HTTPS, we’re ready to setup and enroll our first Mac clients.  This requires some additional infrastructure, as well as another cert, which we’ll walk through here.

Enrollment Point Role

Managing Macs requires the Enrollment point and Enrollment proxy point roles.  That’s pretty easy, just install them same as other roles.  There really aren’t any special configurations that need to be done, so just follow through the wizard.

2014-03-20 11_53_08-sunsetlabs.no-ip.biz - sunsetlabs.no-ip.biz

Continue reading

Configuring SCCM 2012 for PKI and SSL: Setting up HTTPS communication

Recently, I’ve begun a rather large and complex SCCM implementation for a customer here in Seattle.  One of the requirements that they have is managing their rather extensive fleet of Apple laptops.  As you know, SP1 introduced OS X support, and that has expanded with R2.  However, I have never implemented this, and I was worried doing so might be a bit tricky.

This is my attempt at a soup-to-nuts guide at setting it up. As you know, PKI is a requirement for managing macs, but you should be using SCCM in SSL-mode anyway. But why? I often here people state that they don’t need encryption on a bunch of info about Windows patches etc. While this is true, it misses the point, and encryption is only a by-product of what we’re really after: authentication. SCCM is a very powerful tool, used to manage the configuration of your entire environment. Authenticating the servers that are doing the managing to the systems that are being managed is important.

Enough on that. For starters, I’ll assume the following:

  • A windows domain
  • SCCM 2012 R2 installed and basic configurations completed
  • Active Directory Certificate Services is installed and configured

If you’ve not set up a domain or installed ADCS before, good luck with that.  I’ll try to look around for a good guide and post, but that is beyond the scope of this guide.  You can review the basic of ADCS here: http://technet.microsoft.com/en-us/library/hh831740.aspx

If you’ve not installed SCCM before, I highly recommend you check out MVP Niall Brady’s guides here: http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/

Clear?  Great!  Let’s get started.  We’ll need a few certs to put our site into HTTPS mode, so we’ll start by creating those here:

Workstation Client Certificate

Continue reading

Configuring Server 2008 x86 for use as a Distribution Point

So, I’m running into an interesting problem:

I have about 20 servers that are running 2008 SP2 x86 that are in remote offices that will be used as DPs in my customer’s 2012 site.  Installation is going well, and everything is working perfectly, except for these recurring errors in SMS_SITE_COMPONENT_MANAGER:

Severity,Type,Site code,Date / Time,System,Component,Message ID,Description
Error,Detail,PRI,8/1/2013 11:03:23 AM,PRIMARYSITESERVER.DOMAIN.local,SMS_SITE_COMPONENT_MANAGER,1039,Site Component Manager detected that the site server does not contain the binary files for the platform (processor architecture) of site system “\\REMOTEDP.DOMAIN.LOCAL”. Possible cause: When installing this site, you did not specify that the binary files for this site system’s platform should be installed on the site server. Solution: Use Configuration Manager Setup to modify the configuration of this site. When asked to select the server platforms for this site, select this site system’s platform. Possible cause: You accidently configured the site to use the wrong computer as a site system. Solution: Remove this site system from the list of site systems for this site, and add the correct site system to the list. The list appears in the Site Systems node of the Configuration Manager Console. Possible cause: The site system is turned off, not connected to the network, or not functioning properly. Solution: Verify that the site system is turned on, connected to the network, and functioning properly. Possible cause: Site Component Manager does not have sufficient access rights to remotely administer the site system. Solution: Verify that the Site System Installation accounts are properly configured to allow the site to remotely administer the site system. Possible cause: Network problems are preventing Site Component Manager from properly accessing to the site system. Solution: Investigate and correct any problems on your network.

 

I’m getting one every hour for each of the 2008 x86 servers.

WQL query to create a collection of newly installed systems

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where (DateDiff(day, SMS_G_System_OPERATING_SYSTEM.InstallDate, GetDate()) < 30)

-easy