News Contact Company



October 24, 2012
Newsletter October 2012

Having trouble reading this email? View it in your browser.

TrueSec

News and Geek Stuff

October 2012

Microsoft took the bold move in creating a “solutions “class for the private-cloud developer incorporating all the components in the System Center 2012 suite. That is different from what was done in the past, with each product covered in its own 3 or 5 day class. However that meant that for the individual components (besides ConfigMgr) there are no, or little, in-depth training available outside of what we at TrueSec and a few others offer.

As in the past, we offer 3 and 4 day labs for each product in System Center 2012 suite as we believe each product is complex enough to deserve its own space in the training sphere.

(It can be compared to the training in the Office suite; there are still individual trainings around for Word, Excel and the other applications rather than an overall Office training).

If you are waiting for the System Center SP 1 to release before taking a class, there is no need. As usual our guys have developed their labs so that it runs on the latest bits and bytes available to the public. Thus the System Center 2012 Configuration Manager and System Center 2012 Virtual Machine Manager class already incorporates the SP1 beta and so will the upcoming Mastering System Center 2012 Operations Manager and Mastering System Center 2012 Orchestrator class in December do.This is of course not the only difference between the “vanilla class” and the TrueSec experience. Our labs are run by experts gaining their expertise from real life, thus we train in a real life scenario. Not best case…….

We will resume our monthly Live Meetings with the dynamic duo Johan Arwidmark and Mikael Nystrom with guests, covering news and essentials in the deployment and system management world. First session is December 10 at 2pm EST on the subject “Windows 8 and Server 2012 OS Deployment – Lessons learnt” Register to log on to this and the other free events on our website. Please note that seats are limited and registration needed.

Enjoy this month’s contribution from our infra-structure experts below.

Cheers.

Per
PS. Both Kent & Johan are in Orlando in early December to run the epic "MVP Combo-the ultimate MDT 2012 and ConfigMgr 2012 SP1 training"

 

johan-arwidmark-soft-mugshot.png

Johan Arwidmark:

Windows 8 Deployment - The specified path, file name, or both are too long

mikael-nystrom-soft-mugshot.png

Mikael Nystrom:

Where to find all WinPE drivers for almost all HP Servers in one location and get them into WinPE?

Kent Agerlund

Creating a Cloud Distribution point in ConfigMgr 2012

Naming conventions in SCOM 2012

Windows 8 Deployment - The specified path, file name or both are too long.

If you started to do deployment with Windows 8 and MDT 2012 Update 1 you are likely to have seen the following error:

The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters.

In MDT 2012 Update 1 it will look like this:

The root cause goes back to limitations in the Windows file I/O APIs, but it got worse because of the not-that-bright person(s) in the Windows team who decided files and folder names on the Windows 8 installation media… The longest path on the Window 8 media is 168 characters which leave only 79 characters for the MDT deployment share(s).

The longest path can easily be tested via PowerShell (Thanks David Eggins @ www.eggins.com for posting this sample)

The command is: $len=0;dir -r|%{if ($_.FullName.Length -gt $len) {$len=$_.FullName.Length}};$len

If you

 

What’s in it for me?

Well, if you create a deployment share in the “D:\MDTproduction” folder, and when importing the Windows 8 operating system select to create the “Windows 8 Enterprise X64 RTM Default Image” folder, the result below will have a total path length of 243 characters which is OK.

OK (243 characters in total)
D:\MDTProduction\Operating Systems\Windows 8 Enterprise X64 RTM Default Image

However if you create an offline media of the above deployment share, MDT will add a few new folders, and if you put the media in D:\MDTMedia001 the result is a total path length of 256 characters which is not OK.

Not OK (256 characters in total)
D:\MDTMedia001\Content\Deploy\Operating Systems\Windows 8 Enterprise X64 RTM Default Image


Solution

Use slightly shorter destination directory name when importing the Windows 8 operating system, like “Windows 8 Enterprise X64 RTM”

OK (229 characters in total)
D:\MDTProduction\Operating Systems\Windows 8 Enterprise X64 RTM

Offline media version:

OK (242 characters in total)
D:\MDTMedia001\Content\Deploy\Operating Systems\Windows 8 Enterprise X64 RTM

/ Johan

 

 

Creating a Cloud Distribution Point in Configuration Manager 2012

One of the new features in ConfigMgr SP1 is Cloud based distribution points. ConfigMgr SP1 clients can use the CDP as a fallback solution when the requested content is not available at an on-premise distribution point (the new term for the “old fashion DP”). It is not a replacement for Internet Based Client Management.

The benefit of having cloud distribution points are:

·        You can easily create them

·        You can easily add more resources if the scenarios where extra bandwidth is needed e.g. when upgrading to Office 2013 worldwide

·        Nice fallback solution

·        Clients will fallback to the Cloud DP if the requested packages are not found on the local DP or a remote DP.

Installing the Cloud DP – high level

When installing the Cloud DP you will have to go thru these steps.

·        Prepare Configuration Manager, install and export the needed certificate

·        Configure Windows Azure

·        Install the CloudDP in SCCM 2012 and configure the Client Settings to allow the use of a Cloud DP

·        Configure DNS so clients can connect with the Cloud DP

Prepare Configuration Manager

First you need to create a certificate that can be uploaded to Azure and also used when installing the Cloud DP role.

1.      I used the Windows Server 2012 certificate authority to create the certificate with these settings:

2.      from the Server Manager Dashboard, select Tools and Certification Authority

3.      Right click Certificate Templates and click Manage.

4.      Select the WEB Server Template and click Duplicate Template

5.     General tab, Name: CM12 Windows Azure

6.     Request handling tab, allow the private key to be exported True

7.     Security tab: Added the Active Directory group CM Servers with Read and Enroll Certificate permissions

8.      Click OK and close Certificate Templates Console.

9.      Right click Certificate Template, select New Certificate Template to Issue

10.   Select the CM12 Windows Azure Certificate and click OK. The certificate is now created and must be enrolled on the server.

11.   Open an MMC and add the Certificates snap-in, select the Local Computer.

12.   Open the Personal store, right click Certificates and select  All Tasks, Request New certificate.

13.   On the Before you begin page, click Next.

14.   On the Select Certificate Enrollment Policy page, select Active Directory Enrollment Policy and click Next.

15.  On the Request Certificates page, select the CM12 Windows Azure certificate and click the link more information is required to enroll this certificate…..

16.   In the Subject name, select Common name and type CloudDP.SC2012.Local and click Add (where SC2012.local is the name of your domain)

17.  In Alternative name, select DNS, type CloudDP.SC2012.local and click Add.

18.   Click OK and finish the enrollment.

19.  Still in the Certificates snap-in, right click the new CloudDP, select All Tasks, Export. You need to walkthru the export process twice, export a cer file and a pxf certificate. 

 

20.   On the first page click Next.

21.   On the Export Private Key page, select No do not export the private key and click Next.

22.  On the Export file format, select CER and click Next.

23.  Save the file as CloudDP.cer and finish the wizard.

24.  Export the certificate once more and this time select Yes, I want to export the private key.

25.  Finish the export and save the certificate using the default settings.

Configuring Windows Azure

1.      In order to get started you first need to create a Windows Azure account.

2.      Log on to Windows Azure with your account

3.      Select Hosted Services, Storage Accounts & CDN

4.     Click on Management Certificates.

5.     Right click on the subscription and select Add Certificate and add the .Cer file.

6.     That was it for Azure – it takes a little while before the settings are applied.

Install the Cloud DP

1.      In Configuration Manager, select the Administration Workspace, Hierarchy Configuration, Cloud.

2.      Click Create Cloud Distribution Point on the Ribbon.

3.      In Subscription ID, copy the subscription ID from you Azure account (you find it, by selecting Certificates).

4.     In Management Certificate, click Browse and select the PXF certificate.

5.      Click Next – it might take a little while to verify the subscription ID.

6.     Select your “local region” and click Next

7.     Configure the expected storage quota, monthly transfer rate and finish the wizard.

8.      In the background the CloudDP manager component will connect to Azure and start creating the service. This process can easily take several minutes (as in 30).

9.     When Azure is configured the Status in the ConfigMgr console will change to Ready.

10.  The Cloud DP is now ready and you can start distributing content to the service in the same way as you normally distribute content.

11.  You can monitor the content in Azure or open the Cloud DP properties and select the Content tab.

Configure DNS

1.     In order for the clients to be able to download content, they must be able to resolve the CloudDP.SC2012.Local name to an IP address. You find the IP address in Windows Azure. Select Hosted Services, and navigate to the BLOB.

2.     Open DNS and create a new host record for CloudDP.SC2012.Local

Testing the deployment

1.     Distribute the content as any other regular package and select the CloudDP type

2.     The package transfer manager will copy the content to the Cloud

3.     The client receives the policy and initiates the download. Notice that the contentlocation is our new CloudDP

 

 

 

Naming Conventions in SCOM 2012

During many Operations Manager installations at customers two things really struck me – the lack of naming conventions and good coffee – You guys have really good coffee machines which for sure make a consultant daily life easier and even better. Back to Naming Conventions – SCOM is just easier to maintain when you have good references aka Naming’s for all of your Object Reference. Sometimes companies writes a 28 pages long documents about the naming’s – like Microsoft’s (From MSDN) pretty good explanations where one of the first statement is: Do not use Hungarian Notations, - Ohhh no - so everything we learnt about notation have been changed – no, not at all – you just use the Notation that is easiest for your organization, and perhaps not the one written down – SO Change it…..

On the long track a good naming is priceless – and if it’s really easy even your colleagues will adapt it and perhaps even follow you in your Naming Quest- Think About: IBM.SAP.Monitor.Event.AppLog.200 – this is so easy – The company IBM is using SAP and have created a monitor which are looking for an event 200 in the Application Log. Or ACME.Oracle.Rule.Script.ActiveSessions again very easy to see what’s about – One issue though – a dot notation like the samples – cannot be used in APM (A reason for using underscore) – yes a underscore is considered ok.

Samples:

ACME.SynTran.TCP.161.Router.Au
ACME.Oracle.DistApp
ACME.Attr.Rg.Location
ACME.SAP.MP.Overrides
ACME.View.Dashboard.DBA


You could also add a scope – like ACME.FS.Defrag.Disable.LocationSeattle

From now on all of your searches regarding Target/Class, objects, overrides, discoveries etc works like a dream – You could even guess the name of a new Performance Monitor – Static, Single, Delta Threshold on Process, Explorer, WorkingSet – hehe: ACME.OS.PerfMon.Static.Process.Explorer.WorkingSet

Have a great Naming Conventions which gives you at least two days off each year.

//Kare

 

 

 

 

 

 

 

 

 

 

 

Where to find all WinPE drivers for almost all HP Servers in one location and get them into WinPE?

As a part of my daily life I build deployment solutions for customers that support both Server OS and for Client OS and one of the components need are drivers for WinPE. Normally not a problem on the client side, but for servers there are some things that could let you grow a bit more gray hair then needed.

32bit drivers for 64bit OS

Since I prefer to have only one single boot image I would like to have the 32 bit version since that handles both 32 and 64 bit OS images. There is no obvious way to find the 32 bit versions of the driver in the 64 bit edition of Windows Server webpage. When deploying using System Center 2012 Virtual Machine Manager you need the 64 bit drivers and you might want to use the HP Insight Control for System Center instead

Specialized WinPE drivers might be needed

Even if WinPE is a subset of Windows it should be able to use the normal drivers, but “should” is just a word. In many cases the dual bus architecture or other “inventions” might require monolithic drivers. Those drivers should not be used in the running OS, only in WinPE

The solution (if you have a HP Server)

HP have something called Scripting Toolkit and that just happens to contain all the drivers needed for storage and network for all ML/DL/BL HP ProLiant DL/ML/SL 300, 500, 700, 900 and HP ProLiant BL server series and HP ProLiant 100 G6 series and higher which basically covers “all” server from HP. The current version is 8.70 for x86 and can be downloaded and the x64bit version here
When you extract the archive into a folder it will look like this


Guess where the drivers are…

Getting the drivers in the correct location

For MDT 2012 Update 1

This is pretty straight forward. Open deployment workbench and add the drivers to the WinPEx86 folder (if you do not have one, you should create that)

Modify so that all drivers from that folder is imported into the boot image

For Windows Deployment Services for Windows Server 2012

Not that hard either, remember we only need these drivers for WinPE, not for the running OS so when we import them we need to flag them so that will never be installed, we just need to have them imported so that we can apply them to the WinPE image, it should look like this

For WinPE from ADK

The offline method:

Dism /Mount-WIM /WimFile:c:\winpe\winpe.wim /index:1 /MountDir:c:\winpe\mount\
Dism /image:c:\winpe\mount /Add-Driver /Driver:e:\drivers /Recurse
Dism /unmount-wim /Mountdir:c:\winpe\mount /commit

The online method:

drvload.exe <path>

For System Center 2012 Virtual Machine Manager:

Note: For System Center 2012 Virtual Machine Manager you can also download the HP Insight Control for System Center, that contains HP server drivers for network and storage, however, those are only 64 bit drivers. So for the SCVMM solution you can either download the scripting toolkit driver pack, but for SCVMM they need to be x64 bit drivers or you can download the HP Insight Control for System Center kit that is only x64 bit version. It will basically be the same driver, the HP insight management kit has one part that is rather nice, it has an installer that will install all the drivers and then tag them during the import so that you can use tags when injecting them into WinPE

If the drivers are imported into the SCVMM library and tagged method:

Use the following PowerShell command:

Import-Module "C:\Program Files\Microsoft System Center 2012\Virtual Machine Manager\bin\psModules\virtualmachinemanager\virtualmachinemanager.psd1"
Get-SCVMMServer localhost
$mountdir = "e:\mount"
$winpeimage = "e:\temp\boot.wim"
$winpeimagetemp = $winpeimage + ".tmp"
mkdir "e:\mount"
copy $winpeimage $winpeimagetemp
dism /mount-wim /wimfile:$winpeimagetemp /index:1 /mountdir:$mountdir
$drivers = get-scdriverpackage | where { $_.tags -match "WINPE" }
foreach ($driver in $drivers)
{
$path = $driver.sharepath
dism /image:$mountdir /add-driver /driver:$path
}
Dism /Unmount-Wim /MountDir:$mountdir /Commit
publish-scwindowspe -path $winpeimagetemp
del $winpeimagetemp

If the drivers are in folder and NOT imported into the SCVMM library:

Use the following PowerShell command:

Import-Module "C:\Program Files\Microsoft System Center 2012\Virtual Machine Manager\bin\psModules\virtualmachinemanager\virtualmachinemanager.psd1"
Get-SCVMMServer localhost
$mountdir = "e:\mount"
$winpeimage = "e:\temp\boot.wim"
$winpeimagetemp = $winpeimage + ".tmp"
mkdir "e:\mount"
copy $winpeimage $winpeimagetemp
dism /mount-wim /wimfile:$winpeimagetemp /index:1 /mountdir:$mountdir
$path = "e:\temp\drivers"
dism /image:$mountdir /add-driver /driver:$path /recourse
Dism /Unmount-Wim /MountDir:$mountdir /Commit
publish-scwindowspe -path $winpeimagetemp
del $winpeimagetemp

For more information you can follow me on:

Twitter: @mikael_nystrom

Blog: http://deploymentbunny.com

/mike

 

 Where to find us......

 

Mastering System Center Operations Manager 2012 (SCOM) with Kare Rude Andersen

Boston, MA

December 3-6

Deployment Geek Week with Johan Arwidmark and Mikael Nystrom

Berlin, Germany

November 12-16

Mastering System Center Orchestrator 2012(SCORCH)  with Jakob Gottlieb Svendsen

Dallas, TX

December 3-5

MVP Combo-The ultimate MDT2012 and ConfigMgr2012 training
with Johan Arwidmark and Kent Agerlund

Orlando, FL

December 3-7

Full schedule at http://www.truesec.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This message was intended for '%%emailaddress%%'
Unsubscribe | To contact us please email info@truesec.com

TrueSec Inc.
8201 164th Ave NE, Redmond, WA 98052


 




TrueSec Inc    |     +1(425) 285-4477     |     info[at]truesec.com    |     Infrastructure    |     Security    |     Pentesting    |     TrueSec Inc. Website Privacy Statement