Import Task Sequence Failure – CM 1606

As soon as I saw the word on Twitter that Configuration Manager (CM) 1606 was released to the fast ring, I upgraded my primary CM lab that I use for just about everything (and yes, I was on vacation at the time but that didn’t stop me).  CM is a very stable platform and the upgrade process is getting easier and easier, but software is software and every now and then you will run into an issue. That is exactly what happened to me when I was trying to import an OSD Task Sequence that had been exported from another lab that was running CM 1602. I was greeted by the dreadful error messages: “One or more errors occurred result may be incomplete” and “Object reference not set to an instance of an object”
01 Import TS Wizard
02 Import TS Wizard

Luckily, the fix turned out to be pretty easy once I knew the possible culprit. It turns out that there was some changed made to the Install Software Update step and it causes the Import Wizard to fail. All you have to do is remove the Install Software Update step before exporting your Task Sequence from a down level CM site. If you do not have access to the site but only to the exported Task Sequence, you can still fix it and here is how:

  1. The exported Task Sequence is contained in a zip file. Using Windows Explorer, extract the zip file into a working directory. For my example, I have unzipped my TS export called W10 BIOS to UEFI.
    03 Exported TS
  2. Navigate into the SMS_TaskSequencePackage directory and then the ID of the TS. Mine happens to be PS10003C.
    04 Exported TS
  3. Edit the object.xml file using Notepad (or your favorite editor). Look for the step that contains “SMS_TaskSequence_InstallUpdateAction” and delete everything between the opening <step> and closing </step> like highlighted in the screen shot below and then save the file. NOTE: You might need to run it as administrator depending on the location of your extracted files.
    04 object.xml
  4. Re-zip up the directory structure and then you should be able to import the Task Sequence without any issues.

Microsoft is aware of the issue, but hopefully this process helps out until it gets fixed.

Originally posted on https://miketerrill.net/

How to create a Power BI New Measure

I was recently working on a new Secure Boot State Power BI report and I wanted to use the native view from the ConfigMgr database that was created for the Secure Boot State hardware inventory extension (see Inventory Secure Boot State and UEFI with ConfigMgr). The value that gets returned is 0, 1 or null depending on how the hardware is configured. 0 means that Secure Boot is Off, 1 means it is On and null means that it is not reported and the system is probably running BIOS.

Those labels look much better than 0, 1 or nothing, so I wanted an easy way to modify the Power BI report without creating a custom query (which is also possible). Fortunately, Power BI has the ability to add a New Measure. For my New Measure, I selected New Column (New Measure is the other option). I gave my New Column the name “Secure Boot State”. The next thing was to translate the UEFISecureBootEnabled0 field into “On”, “Off”, or “BIOS”. Using the IF function, this was possible:

Secure Boot State = IF (ISBLANK(v_GS_UEFI_SecureBootState0[UEFISecureBootEnabled0]),”BIOS”, (IF (v_GS_UEFI_SecureBootState0[UEFISecureBootEnabled0]=1,”On”, (IF (v_GS_UEFI_SecureBootState0[UEFISecureBootEnabled0]=0,”Off”)))))

Now you can see that I have a new column and my source data set remains un-touched:

01 Power BI New Measure

This will be useful in creating my Power BI report for Secure Boot State.

Originally posted on http://miketerrill.net

PXE Booting in the Real World

At the Midwest Management Summit today in the 7 AM OSD Birds of a Feather session, there was a lot of discussion around troubleshooting PXE booting issues. A reference was made to a session that Troy Martin and I gave at the 2014 Midwest Management Summit called PXE Booting in the Real World. Troy put together some nice SQL queries that help with the troubleshooting process:

 

/* Get list of devices and their Last PXE boot for (a) required deployments */
SELECT * FROM [CM_PS1].[dbo].[LastPXEAdvertisement] order by MAC_Addresses
 
/* Get item key for unknown records */
select * [CM_PS1].[dbo].[UnknownSystem_DISC]
 
/* Is device known and a valid client on the site */
Use CM_PS1
exec NBS_LookupPXEDevice N'45A74041-2F02-4A5E-B413-CD35DDE47123',N'1E:1E:1E:1E:1E:B1'
exec NBS_LookupPXEDevice N'2DCFD0F8-9134-44A3-84BB-0BFC114ADD87',N'1E:1E:1E:1E:1E:B2'
 
/* Get list of deployments for device */
Use CM_PS1
exec NBS_GetPXEBootAction N'16777278',N'2046820352',N'45A74041-2F02-4A5E-B413-CD35DDE47123',N'1E:1E:1E:1E:1E:B1',N'CM12PS1.contoso.com'
exec NBS_GetPXEBootAction N'16777279',N'2046820353',N'2DCFD0F8-9134-44A3-84BB-0BFC114ADD87',N'1E:1E:1E:1E:1E:B2',N'CM12PS1.contoso.com'

Here is a link to the slide deck that contains more information and a bunch of useful references.

Originally posted on https://miketerrill.net/

How to Inventory Dell BIOS and UEFI Settings with ConfigMgr Part 2

Dell LaptopWhen starting any operating system deployment project, it is a good idea to know what systems are in your environment so that you can determine which of these systems need to support the new OS. Some systems may need to be replaced, where as others might only need a BIOS UEFI update. It is also a good idea to standardize on the BIOS UEFI settings for each supported model in the environment. This ensures that consistent settings are used so that certain systems management features function correctly (for example, like wake-on-lan).

Now that Windows 10 is here, now is the time to standardize on native UEFI as the default boot mode. When making this switch, it is also important to enable Secure Boot at the same time. But, before you can do that, you need to determine not only what is in your environment, but how each system is configured.

You can inventory these hardware specific settings with System Center Configuration Manager. In How to Inventory Dell BIOS and UEFI Settings with ConfigMgr Part 1 I went through the steps for deploying the Dell Command | Monitor application to your Dell workstation clients. This is required in order to get the Dell specific information into WMI so that we can inventory it with ConfigMgr. Now we need to add the Dell classes to the Default Client Settings Hardware Inventory.

  1. Open the Default Client Settings, select Hardware Inventory and click the Set Classes button.
    01 Dell-Default Client Settings
  2. On the Hardware Inventory Classes window, click the Import button.
    02 Dell-Hardware Inventory Classes
  3. On the Add Hardware Inventory Class window, click the Connect button.
    03 Dell-Add Hardware Inventory Class
  4. If the system that is running the ConfigMgr Console is a Dell with the Dell Command | Monitor installed, leave the pre-populated computer name. Otherwise type the computer name of a Dell system that has Dell Command | Monitor installed and is currently on the network. For the WMI namespace field, enter: root\dcim\sysman and check the Recursive box. Enter credentials if connecting to a remote system and click the Connect button.
    04 Dell-Connect to WMI
  5. On the Add Hardware Inventory Class window, select the following class: DCIM_BIOSEnumeration and click OK. This enables us to inventory BIOS UEFI settings (current and possible).
    05 Dell-Add Hardware Inventory Class
  6. Back on the Hardware Inventory Classes window, I recommend un-selecting the class for the Default Client Settings (in fact, I recommend trimming the Default Client Hardware Inventory Classes down to just a few and target only the necessary classes via Custom Client Settings). We will add them to a Custom Client Settings designed for Workstations. Unselect DCIM_BIOSEnumeration and click OK.
    06 Hardware Inventory Classes
  7. On the Default Settings windows, click OK.
    07 Dell-Default Settings
  8. Next, create a Custom Client Device Settings, give it the name Workstation Client Settings, select Hardware Inventory (or use a previously created one).
    08 Dell-Create Custom Client Device Settings
  9. Click on Hardware Inventory in the left pane and click Set Classes.
    09 Dell-Create Custom Client Device Settings
  10. Select DCIM_BIOSEnumeration and the following fields should be selected: AttributeName, CurrentValue, DefaultValue, IsReadOnly, PossibleValues, PossibleValuesDescription (InstanceName gets selected by default) and click OK. These are the fields that have useful information that we can use for reporting.
    10 Dell-Hardware Inventory Classes
  11. On the Create Custom Client Device Settings window, adjust the desired Hardware Inventory schedule and click OK.
    11 Dell-Create Custom Client Device Settings
  12. Deploy the newly created Workstations Client Settings out to a collection that contains Dell workstation systems. I have one called All Workstation Clients.
    12 Dell-Workstation Client Settings
  13. On a targeted Dell system, kick off a Machine Policy Retrieval & Evaluation Cycle and then a Hardware Inventory Cycle. In the InventoryAgent.log on the client, you should find an entry being inventoried for the newly defined namespace.
    13 Dell-Inventory Agent Log
  14. Back in the ConfigMgr Console, use the Resource Explorer and open up the Hardware Inventory for the system that was used in the previous step. Here you will see that the new class and corresponding values have been added.
    14 Dell-Resource Explorer

Hopefully you found this post useful and it helps you to gather and report on Dell specific settings using System Center Configuration Manager.

Originally posted on https://miketerrill.net/

How to Inventory Dell BIOS and UEFI Settings with ConfigMgr Part 1

Dell monitor logoSimilar to the Dell Command | Configure utility, Dell recently released the Dell Command | Monitor utility (previously known as OMCI or OpenManage Client Instrumentation). Where as the Dell Command | Configure utility enables IT administrators to configure Dell Enterprise client systems, the Dell Command | Monitor allows IT administrators to monitor and inventory system configurations and system health with enterprise management consoles, like System Center Configuration Manager. Now that Windows 10 is here, organizations are going to want to be able to report on UEFI capable systems as part of their planning so that they can be reconfigured for UEFI (instead of legacy BIOS). Running UEFI is a requirement in order to take advantage of the new security features in Windows 10 like Secure Boot, Device Guard and Credential Guard.

In a previous post, Inventory Secure Boot State and UEFI with ConfigMgr, I provided a method that will inventory systems that are running Secure Boot. This method results in the return of three possible values On (1), Off (0) or not detected (Null). Since UEFI is a requirement for Secure Boot, we can determine that UEFI is not enabled for a device if the Secure Boot state is not detected. This is great for high level reporting on how much of the environment is running UEFI, but it does not tell us how many systems (that are not running UEFI) can run UEFI.  Using Dell Command | Monitor and System Center Configuration Manager, we can determine not only which systems are running UEFI, but also which systems are UEFI capable. Dell Command | Monitor creates the necessary classes and properties in WMI that enables the monitoring and reporting of this information programmatically.

Part 1 of this post will show you what you need to do in order to distribute Dell Command | Monitor out to your existing systems using System Center Configuration Manager.

Part 2 of this post will show you how to extend System Center Configuration Manager to be able to collect this information and show the exact class that needs to be enabled.

The first thing you need to do is download the x86 and x64 versions (from here: Download 32-bit Dell Command | Monitor v9.1/Download 64-bit Dell Command Monitor v9.1) and install/extract it on a Dell system that is already running Windows 7/8/8.1/10 (there is an option to just extract the contents of the package as well). As of this post, version 9.1 is the latest release.

  1. After downloading (starting with the 64-bit version) and running the exe, click on extract.
    01 Extract package
  2. Create a temporary folder to extract the contents.
    02 Extract temp folder
  3. After the extraction completes, click View Folder.
    03 Extract complete
  4. Create a new folder structure on your Application repository (for this example I use Applications>Dell>Command-Monitor>9.1>x64) and copy the extracted contents to this location.
    04 App repository
  5. Download, extract the contents and copy to your Application repository (place the contents in Applications>Dell>Command-Monitor>9.1>x86).
    05 App repository x86
  6. In the ConfigMgr Console, create a new Application by browsing to the MSI in the x64 subdirectory on the Application repository and click Next.
    06 New App
  7. View the imported information from the MSI and click Next.
    07 New App
  8. On the General Information screen verify the following information and click Next. Note: I like to add REBOOT=ReallySuppress and /qn to the command line.
    08 New App
  9. Confirm the settings on the Summary screen and click Next.
    09 New App
  10. Verify that The Create Application Wizard completed successfully and click Close.
    10 New App
  11. Next, open up the Properties of the newly created Application.
    11 New App
  12. Select the Deployments Types tab and edit the listed Deployment Type.
    12 DT x64
  13. On the Deployment Type Properties, select the Requirements tab. Note: I like to add x64 to the name of the Deployment Type.
    13 DT x64
  14. On the Requirements tab, click the Add button.
    14 DT x64
  15. Select all of the 64-bit workstation versions of Windows that are supported in your environment and click Ok.
    15 DT x64
  16. Back on the Deployment Type Properties screen verify the following and click Ok.
    16 DT x64
  17. Now we need to add in the 32-bit Deployment Type. Back on the Deployment Types tab, click the Add button.
    17 DT
  18. On the General screen of the Create Deployment Type Wizard, browse to the Application repository for the 32-bit MSI and click Next.
    18 DT x86
  19.  Verify the that import succeeded and click Next.
    19 DT x86
  20. On the General Information screen, verify the following information and click Next. Note: I like to x86 to the Name and add REBOOT=ReallySuppress and /qn to the command line.
    20 DT x86
  21. On the Requirements screen, click the Add button.
    21 DT x86
  22. Select all of the 32-bit workstation versions of Windows that are supported in your environment and click Ok.
    22 DT x86
  23. Back on the Requirements screen, verify the following information and click Next.
    23 DT x86
  24. On the Dependencies screen, click Next.
    24 DT x86
  25. On the Summary screen, verify the settings and click Next.
    25 DT x86
  26. On the Completion screen, verify success and click Close.
    26 DT x86
  27. Back on the Deployment Types tab click Ok.
    27 App DT tab
  28. You will now see the Application with two Deployment Types listed in the console. Now we need to distribute the content to our Distribution Point(s). Right-click and select Distribute Content.
    28 Distribute Content
  29. On the General screen of the Distribute Content Wizard, click Next.
    29 Distribute Content
  30. On the Content screen, click Next.
    30 Distribute Content
  31. On the Content Destination screen, select the desired Distribution Point Group (or Distribution Point) and click Next.
    31 Distribute Content
  32. On the Summary screen, confirm the settings and click Next.
    32 Distribute Content
  33. On the Completion screen, verify the wizard completed successfully and click Close.
    33 Distribute Content
  34. Now we need to create a collection that contains only Dell workstation clients that we can use to deploy the newly created Dell Command | Monitor Applications. Create a new collection called All Dell Workstation Clients. On the General screen of the Create Device Collection Wizard, enter the following information and click Next. Note: I like to limit workstation collections to my All Workstation Clients collection.
    34 Dell Collection
  35. On the Membership Rules screen, click Add Rule and select Query Rule.
    35 Dell Collection
  36. On the Query Rule Properties screen, type All Dell Systems for the Name and then click Edit Query Statement.
    36 Dell Collection
  37. On the Query Statement Properties screen, select the Criteria tab and use Computer System.Manufacturer is like “%Dell%” and click Ok.
    37 Dell Collection
  38. Back on the Query Rule Properties screen, verify the following information and click Ok.
    38 Dell Collection
  39. Back on the Membership Rules screen, verify the following information and click Next.
    39 Dell Collection
  40. On the Summary screen, confirm the settings and click Next.
    40 Dell Collection
  41. On the Completion screen, verify the wizard completed successfully and click Close.
    41 Dell Collection
  42. Once the collection evaluation has completed, verify that the collection membership is working as expected and only contains Dell Workstation Clients.
    42 Collection
  43. Create a test deployment of the Dell Command | Monitor Application and verify that it is installing correctly. Back in the Software Library in the ConfigMgr Console, right click on Dell Command | Monitor Application and select Deploy.
    43 Deploy
  44. On the General screen of the Deploy Software Wizard, select the All Dell Workstation Clients collection and click Next. Note: Be sure to thoroughly test this in a lab first!
    44 Deploy
  45. On the Content screen, verify that the content has already been distributed to the Distribution Point Group(s)/Distribution Point(s) and click Next.
    45 Deploy
  46. On the Deployment Settings screen, choose Required for the Purpose and click Next.
    46 Deploy
  47. On the Scheduling screen, select the desired schedule and click Next.
    47 Deploy
  48. On the User Experience screen, select the desired settings and click Next.
    48 Deploy
  49. On the Alerts screen, click Next.
    49 Deploy
  50. On the Summary screen, verify the settings and click Next.
    50 Deploy
  51. On the Completion screen, verify the wizard completed successfully and click Close.
    51 Deploy
  52. Next, verify that it installed successfully by looking in Software Center and Programs and Features.
    52 Software Center52 Programs and Features
  53. Using Wbemtest, you will now see all of the Dell specific classes in root\dcim\sysman.
    53 Wbemtest

Now that Dell Command | Monitor is deployed, we can now use this information in a whole new way with System Center Configuration Manager. We can use it in Reports, Settings Management, and query criteria (just to name a few). Part 2 of this blog will show you how to extend System Center Configuration Manager to be able to collect this information and show the exact class that needs to be enabled to report on BIOS-UEFI settings.

Originally posted on https://miketerrill.net/

HP BIOS Screens

HP LaptopI was getting ready for some of my upcoming presentations that I need to give on the BIOS options of the various hardware manufacturers and since some projectors do not always like to display the low level BIOS screens, I thought it would be a good idea to do some screen captures as backup.

The following screen shots were taken from a HP EliteBook Folio 9470m. I plan on explaining some of the necessary settings in the future as they relate to UEFI and Secure Boot for Windows 10, but for now if you need some screen shots for documentation or are just curious as to some of the settings feel free to use the ones below. I did not grab every screen, but I did get the important ones.

001 HP BIOS

002 HP BIOS

003 HP BIOS

004 HP BIOS

005 HP BIOS

006 HP BIOS

007 HP BIOS

008 HP BIOS

009 HP BIOS

010 HP BIOS

011 HP BIOS

012 HP BIOS

013 HP BIOS

014 HP BIOS

015 HP BIOS

016 HP BIOS

017 HP BIOS

018 HP BIOS

019 HP BIOS

020 HP BIOS

021 HP BIOS

022 HP BIOS

Originally posted on https://miketerrill.net/

How to Inventory Lenovo BIOS and UEFI Settings with ConfigMgr

lenovo-laptop

When starting any operating system deployment project, it is a good idea to know what systems are in your environment so that you can determine which of these systems need to support the new OS. Some systems may need to be replaced, where as others might only need a BIOS UEFI update. It is also a good idea to standardize on the BIOS UEFI settings for each supported model in the environment. This ensures that consistent settings are used so that certain systems management features function correctly (for example, like wake-on-lan).

Now that Windows 10 is here, now is the time to standardize on native UEFI as the default boot mode. When making this switch, it is also important to enable Secure Boot at the same time. But, before you can do that, you need to determine not only what is in your environment, but how each system is configured.

You can inventory these hardware specific settings with System Center Configuration Manager. For the Lenovo systems this is pretty simple – this information is already stored in WMI and does not require anything to be installed on the clients for it to be enabled. The information is all stored in the Namespace: root/wmi. In order to get this information into ConfigMgr, we need to add the classes to the Default Client Settings Hardware Inventory.

  1. Open the Default Client Settings, select Hardware Inventory and click the Set Classes button.
    01 Default Client Settings
  2. On the Hardware Inventory Classes window, click the Add button.
    02 Hardware Inventory Classes
  3. On the Add Hardware Inventory Class window, click the Connect button.
    03 Add Hardware Inventory Class
  4. If the system that is running the ConfigMgr Console is a Lenovo, leave the pre-populated computer name. Otherwise type the computer name of a Lenovo system that is current on the network. For the WMI namespace field, enter: root\wmi and check the Recursive box. Enter credentials if connecting to a remote system and click the Connect button.
    04 Connect to Windows Management Instrumentation
  5. On the Add Hardware Inventory Class window, select the following class: Lenovo_BiosSetting and click OK. This enables us to inventory BIOS UEFI settings (current and possible) and also the device boot order for Legacy Boot and UEFI Boot.
    05 Add Hardware Inventory Class
  6. Back on the Hardware Inventory Classes window, I recommend un-selecting the class for the Default Client Settings (in fact I recommend trimming the Default Client Hardware Inventory Classes down to just a few and target only the necessary classes via Custom Client Setting). We will add them to a Custom Client Settings designed for Workstations. Unselect Lenovo_BiosSetting and click OK.
    06 Hardware Inventory Classes
  7. On the Default Settings window, click OK.
    07 Default Settings
  8. Next, create a Custom Client Device Settings, give it the name Workstation Client Settings, select Hardware Inventory (or use a previously created one).
    08 Create Custom Client Device Settings
  9. Click on Hardware Inventory in the left pane and click Set Classes.
    09 Create Custom Client Device Settings
  10. Select Lenovo_BiosSetting  and the following fields should be selected: Active CurrentSetting (InstanceName gets selected by default) and click OK. These are the fields that have useful information that we can use for reporting.
    10 Hardware Inventory Classes
  11. On the Create Custom Client Device Settings window, adjust the desired Hardware inventory schedule and click OK.
    12 Create Custom Client Device Settings
  12. Deploy the newly created Workstation Client Settings out to a collection that contains HP workstation systems. I have one called All Workstation Clients.
    13 Workstation Client Settings
  13. On a targeted Lenovo system, kick off a Machine Policy Retrieval & Evaluation Cycle and then a Hardware Inventory Cycle. In the InventoryAgent.log on the client, you should find an entry being inventoried for the newly defined namespace.
    13 Inventory agent log
  14. Back in the ConfigMgr Console, use the Resource Explorer and open up the Hardware Inventory for the system that was used in the previous step. Here you will see that the new class and corresponding values have been added.
    14 Resource Explorer
  15. Unlike Dell and HP, Lenovo is a bit limited on the information that is provided (sorry Lenovo you get a F in this category). Both Dell and HP show current values and possible values in different fields. Lenovo only lumps the current setting and value in the same field. In order to determine if a machine is UEFI capable you need to look for the SecureBoot setting. This setting was not available on an older T410 (which does not support UEFI), but it is available on a newer T450.

Hopefully you found this post useful and helps you to gather and report on Lenovo specific settings using System Center Configuration Manager.

Originally posted on https://miketerrill.net/

Configuration Manager and OSD with a side of PowerShell

Greg's Systems Management Blog

Enterprise Systems Management - the good, bad, and ugly

Coretech Blog

Configuration Manager and OSD with a side of PowerShell

Chris Nackers Blog

Just another WordPress.com site

Steve Thompson [MVP]

The automation specialist

Follow

Get every new post delivered to your Inbox.

Join 455 other followers