IT Consultant Everyday Notes

Just some problems/solutions storage

Monthly Archives: May 2016

SCCM: Windows 10 in-place upgrade Task Sequence improvements

MVP Johan Arwidmark published two things to change in standard SCCM CB Windows 10 in-place upgrade TS:

source is here

Adding Setup Upgrade Assessment and Driver support

As you probably know, ConfigMgr Current Branch has a built-in task sequence template for Windows 10 Inplace-Upgrades. This template is used for Windows 7/8/8.1 to Windows 10 upgrades as well as Windows 10 to Windows 10 upgrades (when a new build is available).
However, the default task sequence template for inplace upgrades are missing some useful features. This post shows you how to add them.

Adding Setup Upgrade Assessment and Driver support
The features I recommend adding to the Inplace-Upgrade task sequence is a setup upgrade assessment action, as well as support for injecting drivers.
1. Edit your Inplace-Upgrade task sequence, add an extra Upgrade Operating System action, configured it to continue on error, and rename it to Upgrade Assessment

Adding the upgrade assessment action.
The compatibility scan will always spit out a non-zero return code, for example 0xC1900210 which is the no issues found return code. The return code is set in a new read-only task sequence variable, the _SMSTSOSUpgradeActionReturnCode variable, and the reason for having a variable that, is so you can use it further down the line in the task sequence. The important thing is that even though Windows setup spits back a hexadecimal value, ConfigMgr reads it as a decimal value, so you need to do some conversion. For example 0xC1900210 in hex is 3247440400 in decimal.
2. Modify the Upgrade the Operating System group to use a task sequence variable as condition: Add _SMSTSOSUpgradeActionReturnCode, and set the value to 3247440400.

Configuring the Upgrade the Operating System group with a condition.
Next up is adding driver support, and in this example I had a Windows 10 driver package for a HP Elitebook 8560w.
3. In the Upgrade the Operating System group, add a new group named Drivers, and then use the new (for v1511) Download Package Content action to download the driver package. Also set a condition to only download the package if you’re deploying to that model.
4. Configure each Download Package Content action to save the path as a variable, in my case I used a custom path of C:\W10Drivers andW10Drivers as the variable

Adding Download Package Content actions with driver packages.
5. Finally, configure the Upgrade Operating System action to use the drivers by selecting Staged content to %W10Drivers01%.
Note: Don’t forget to add “01” to the end of the variable or it won’t work.

Lync: Presence information is missed in Outlook

One day I noted Presence information is no longer available in my Outlook.

I tried to apply KB https://support.microsoft.com/en-us/kb/2726007 but that did not help

Resolution: it turned out Cisco Jabber installed recently switched  “DefaultIMApp” under HKEY_CURRENT_USER\Software\IM Providers to “Cisco Jabber”. I changed it back to “Lync” (without quotation) and presence is back Smile

Windows 7: April 2016 Convenience Pack

How to integrate all post SP1 updates to your Win 7 SP1 media. Great time saver!

http://www.fosund.com/slipstream-the-convenience-rollup-update-april-2016-with-windows-7-enterprise-x64/

Bitlocker: Disable protection of system drive during Microsoft updates

 

Here is an elegant technique to automate Bitlocker protectors disable while Microsoft updates are installing.

This was shared by one of Microsoft Support Engineers.

 

Sometimes Microsoft updates can introduces changes locking the machine. To avoid that you can disable protectors for update time and re-enable them after.

To do that you can use Scheduler and monitor for Windows Updates event.

We need to create two scheduled tasks (either locally or using GPO):

image

First one is Suspend Bitlocker

SNAGHTML5837d2f

It will start on Event

image

When MSInstaller starts Windows Updates it generates Event ID 1040

image

At that event we want to run a command to suspend protectors on C:

image

image

The second Scheduled Task is similar except Event ID we monitor and action.

When updates are installed an Event ID 1042 is issued

image

We are going to resume protectors at that event:

image

 

Note: The machine will have protectors in suspended state during Microsoft updates (they will be resumed after installation finish or after reboot), so it is a potential breach in your security. Use it on your own risk!

Azure: Regional Data Center is not available for resource deployment

Recently Microsoft made Canadian Data Centres available and I tried to put some workload there.

I tried to create a Resource Group and figured out Canada Central is not an available region to place RG into.

After googling/troubleshooting I was found a Microsoft.Compute provider must be re-registered for my Azure subscription. So I made it from PowerShell:

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Compute

After some time Canadian region appeared for Resource Group, Storage Account and VM resources. But, when I tried to add a VNet to the RG Canada Central was not available for that resource again.

After some troubleshooting with help of Microsoft it turned out Microsoft.Network should be re-registered too

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network

Lesson learnt: if anything else will not be available for my region I probably need to find a resource provider to restart.

Azure: Amazon-Azure feature comparison

Microsoft published it her: https://azure.microsoft.com/en-us/campaigns/azure-vs-aws/mapping/

remember both platforms are constantly changing.

SCCM: List of SQL views you may need for SCCM CB (1602) custom reports

SCCM: SCCM CB–list of communication ports

 

SCCM_CB_Intune_Architecture_Diagram

 

Excel spreadsheet can be downloaded from:  https://gallery.technet.microsoft.com/List-of-SCCM-ConfigMgr-CB-d8c72077

Azure: Azure Site Recovery (ASR). Virtual Network is NOT assigned to a migrated machine.

I set up ASR to protect my VMWare-based VM and tried to use “Test-Failover” to verify the machine can be successfully restored.

SNAGHTML75a3c8

The “Test-Failover” wizard has only one question – what Virtual Network use to restore the VM (it is not recommended to use a Production networks since this is the test).

SNAGHTML772855

so I selected my ASR-failover-test network and start the Test Failover.

When the VM was restored and started I assigned a RDP endpoint (another surprise, even though the machine is created endpoints are not set by default).

When I RDPed to the VM I found assigned IP is from a random 100.x.x.x range, not from the VNet I indicated.

From several troubleshooting attempts I opened a case with Microsoft.

 

Resolution:

For unknown reasons, after you set up a Protection Group and add a VM to protect to this group you need to go to Configuration Tab in Properties of that VM and set up ANY Microsoft Azure Vnet there manually (by default it is set to “Not Connected”

SNAGHTML7ce7a5

Save the settings and wait for operation to complete.

 

After that if you select a VNET in “Test Failover” Wizard that VNET will be assigned properly and a VM will get a proper IP.

Thank you Microsoft for the help.

Azure: How to save drive letters during Azure Site Recovery (ASR)?

Update: Article is working for Classic ASR only. For Enhanced ASR Microsoft added the policy to the recovered machine automatically, so you do not need to tweak the policy in on-prem machine.

 

By setting the SAN policy to “OnlineAll,” you can make sure that the drive letter is maintained when the virtual machine starts to run in Azure (i.e. you will have Drive D: assigned to your drive and Azure scratch disk will be at the end).
To view the current SAN policy from the guest system, follow these steps:

  1. On the VM (not on the host server), open an elevated Command Prompt window.
  2. Type diskpart.
  3. Type SAN.

If the drive letter of the guest operating system is not maintained, this command returns either “Offline All” or “Offline Shared.”
To make sure that all disks are brought online and are both readable and writeable, set the SAN policy to OnlineAll. To do this, run the following command at the DISKPART prompt:

SAN POLICY=ONLINEALL

After you make this change, wait for the Copy Frequency (Recovery Point Objective) value to be configured to make sure that the changes are replicated to Azure. Then, run a test failover to verify whether the drive letters are preserved.

 

This Microsoft Article is gold!

 

Update: Article is working for Classic ASR only. For Enhanced ASR Microsoft added the policy to the recovered machine automatically, so you do not need to tweak the policy in on-prem machine.