Operating System Deployment with System Center Configuration Manager 2007 (July 10, 2007)

Article
08/07/2008

Chat Topic: Operating System Deployment with System Center Configuration Manager 2007
Date: Tuesday, July 10, 2007

**Please note:****Portions of this transcript have been edited for clarity

Experts:
Dan Ward, Kerwin Medina, Eric Zager, Jesse Heneghen, Brent Dunsire, Srikanth Krishnamurt, Ryan Anderson, Dan Conley

Newsgroup:
https://connect.microsoft.com/messageboards/community.aspx?SiteID=16?
https://www.microsoft.com/technet/sms/2007/evaluate/default.mspx

Dan Conley [MSFT] (Moderator):
Hello and Welcome to the chat with the SCCM Operating System Deployment Feature team. Today's chat will focus on the OSD feature of SCCM. If you have questions about other features, please review the TechNet chat schedule for other upcoming chats on SCCM. (https://www.microsoft.com/technet/community/chats/default.mspx)

Start of Chat

Kerwin Medina (Expert):
Q: Can Operating System deployment with System Center Operations Manager run along side ADS on the same server or will it require a different Server
A: You can have SCCM 2007 and ADS on the same box. However, you cannot have WDS and ADS on the same box (they share the same ports). This means that you cannot have ADS and SCCM PXE (which is a WDS provider) on the same box, but it is not a supported or tested configuration, and performance may be an issue.

Eric Zager [MSFT] (Expert):
Q: Does the lab shell will be supported on SCCM OSD also?. Do we have additional logging facility for SCCM OSD?
A: Yes, the lab shell is supported in SCCM OSD. It is disabled by default, to enable it you change a property on the boot image properties page in the admin UI, and then update the distribution point(s).

Jesse Heneghen[MSFT] (Expert):
Q: Is there any WDS configuration required for PXE initiated OS deploys? Ie do I need any boot images on WDS, or are they retrieved right from the PXE service Point (along with everything else advertised)?
A: WDS does not need to be configured before installing a PXE service point. After installing WDS and the PXE service point you will need to distribute boot images to the PXE service point distribution point in order for clients to PXE boot. The PXE distribution point should be used only for PXE boot images, and no other packages.

Eric Zager [MSFT] (Expert):
Q: Can we deploy patches with OSD image?. [Without using BDD]
A: There are two options for this. First, you can create a fully patched image to deploy. Second, you can use the Install Software Updates step in your task sequence.

Dan Ward [MSFT] (Expert):
Q: Is there any way to use ZTI in SCCM OSD without using BDD ZTI files
A: The short answer is no. BDD ZTI is a solution accelerator built on top of SCCM. Is there a specific scenario you are looking at?

Jesse Heneghen[MSFT] (Expert):
Q: Have you seen any issues with having the PXE service point on a different server and subnet than the site server? I have had issues with the PXE service point server’s machine account getting the generic anonymous logon failure to the SQL database.
A: The PXE service point should not need to be on the same server or subnet as the site server, but the PXE service point server will need to have access to the SQL DB. Currently the PXE service point machine account will need to be added to the SQL server. After RTM you can use a domain account for the PXE service point to connect to the DB.

Dan Conley [MSFT] (Moderator):
Q: When will the documentation for SCCM be updated on Microsoft's website? Looking right now, it is the Beta 2 version. From the SCCM webcasts so far, there is a lot of information missing between the Beta 2 and the RC version.
A: The SCCM online docs will be refreshed again when we ship SCCM RC1 (very soon), and again at RTM.

Jesse Heneghen[MSFT] (Expert):
Q: What is the version of WINPE in SCCM OSD?
A: WinPE version 2.0

Eric Zager [MSFT] (Expert):
Q: Can OSD service clients from a branch DP?
A: If your question is whether OSD can retrieve packages (OS images, etc) from a branch DP, then the answer is yes.

Ryan Anderson [MSFT] (Expert):
Q: What are the system requirements (especially in regards to hard drive space) to setup a secondary server with all the necessary roles to deploy SCCM OSD? Trying to get existing SMS 2003 servers ready for SCCM upgrade and adding these additional roles.

Dan Ward [MSFT] (Expert):
Q: will OSD and BDD be more compatible in SCCM (image format)
A: Both solutions use the same WIM format. SCCM has the concept of a WIM Ecosystem. So I am a customer and have created and image using ImageX, you can import it in to SCCM. The only constraint is that images built using the SMS2k3 OSD FP (WIM 1.0) cannot be imported in to SCCM.

Eric Zager [MSFT] (Expert):
Q: Is there going to be a way to slipstream a manufacture's cd such as OpenManage boot disk along with Server 2003 using OSD?
A: OSD does not provide any built in slipstreaming functionality. However if you slipstreamed manually then you should be able to use with OSD.

Jesse Heneghen [MSFT] (Expert):
Q: When I add a Windows XP SP2 OS to SCCM do I point at the root of the CD or the i386 folder ?
A: You point to the root of the CD

Jesse Heneghen [MSFT] (Expert):
Q: Does SCCM ODS support multicast ?
A: Not in this release, we are investigating it for a future release.

Jesse Heneghen [MSFT] (Expert):
Q: Do you recommend saving images in cm, and boot images in WDS?
A: We recommend saving both images and boot images in SCCM. With SCCM WDS is integrated via the PXE service point, so there is no need to separate your images, except to distribute boot images to the PXE service point, but this can be done through SCCM.

Dan Ward [MSFT] (Expert):
Q: Are there any plans to support real-time push deployment of images via SCCM & OSD, a-la Altiris or IBM director?
A: No. SCCM clients use a "pull" based method and will continue to do so in this release. There are controls in place that allows the admin to crank up the polling interval to 5min for example. Additionally have many customers have a written scripts to kick WMI based on their environmental needs.

Eric Zager [MSFT] (Expert):
Q: Is it support if I upgrade my OSD winpe to windows pe 2005? if it’s not supported how do i restore it back to original OSD WIN PE?
A: This sounds like a question about the OSD Feature Pack from SMS 2003. The most current release of the OSD FP only supports Win PE 2005. SCCM OSD only supports Windows PE 2.0.

Jesse Heneghen[MSFT] (Expert):
Q: Could you provide more details on SCCM OSD deals with bare metal computers. I know we need to import the new computer into the SCCM database. For example, how would you delegate rights to allow this and how quickly do imports appear at secondary sites?
A: Imports appearing in the secondary site depends heavily on your network performance, size of imports, how busy the site servers are, etc... As for delegating rights, there are really too many variables to even venture an answer to that.

Kerwin Medina (Expert):
Q: So then create your images, ZT settings with BDD, then put them into cm? Why use wds? Do you really need it if you have CM?
A: You need WDS if you want to use the PXE feature of CM 2007. The CM 2007 PXE is a provider under WDS.

Dan Conley [MSFT] (Moderator):
Q: Should we plan to transition from SMS 2003 SP1 to other releases of SMS 2003 (and if so, which ones) before moving to SCCM this fall? Or a fresh deployment of SCCM?
A: SMS 2003 SP2 is the minimum version of SMS that you can upgrade to SCCM. Choosing to upgrade or a fresh deployment is entirely dependent on your infrastructure and business policies.

Dan Ward [MSFT] (Expert):
Q: will .wim images captured in SCCM OSD be able to be imported into BDD?
A: As I understand it, yes. However images that are created with the SMS2K3 OSD FP (using WIM1.0) cannot be imported in to SCCM.

Srikanth Krishnamurt (Expert):
Q: I have a test lab running SCCM Beta 2. I have created a Task Sequence than deploys Windows Vista to a "bare metal" computer. Everything works fine. The client installs just fine. The only problem is that the SMS agent isn’t installed. Any hints?
A: If SMS Client didn’t install, the Task Sequence will fail. You can check the ccmsetup.log (%windir%\system32\ccmsetup directory) and see if there are any errors. Also check ccmexec.log to see if the service didn’t start for some reason

Eric Zager [MSFT] (Expert):
Q: Will SCCM support a computer refresh for machines with Bit Locker enabled?
A: Yes. SCCM OSD provides two built in steps, Enable Bit Locker and Disable Bit Locker, which you can use during a computer refresh. In general, you will need to re-partition your disk while in Windows PE to remove Bit Locker before you apply the new image. Then you can use the Enable Bit Locker step once in the new OS to turn Bit Locker on and re-encrypt the drive. The Disable Bit Locker step does not decrypt the drive, it puts the key protectors in the clear on the drive, so that you can access the drive while in Windows PE.

Srikanth Krishnamurt (Expert):
Q: Do you need to have the Release State Store action when creating a capture user state task sequence, or is this only required for state restore? Could you list the actions required for capture and restore?
A: Yeah we need to have a release State Store action (both for capture and restore user state). This action ensures, that the network share created to store the SMP state is release correctly, and any permissions given to the client to copy the state is revoked.

Jesse Heneghen[MSFT] (Expert):
Q: So PXE request are answered by WDS, and then it passes on requests to SCCM for deploying the OS?
A: Yes, the WDS service is used for the initial contact, but before initializing an operating system deployment SCCM takes over and checks that the client is a known machine, and checks the MP for policy. After receiving policy SCCM will trigger the machine to boot into the associated boot image, and the task sequence manager will take over from there and run the task sequence. There has to be an advertised task sequence to use WDS and SCCM to deploy an operating system. If the advertisement is mandatory the client will automatically run it, if it is optional there will be a UI to select the optional task sequence you would like to run.

Dan Conley [MSFT] (Moderator):
Q: My impression is that we should move directly to SCCM when available and proved, rather than transitioning through upgrades from SMS 2003 SP1. We're currently using WSUS, no ITMU, and history retention is unimportant. Any infrastr. or bus. gotcha's?
A: Before upgrade, you will need to ensure that your SMS site is at a minimum of SMS 2003 SP2, and uninstall the OSD and Device Management FP. You should also run the SCCM prereq checker and address all warnings and errors before running the upgrade.

Dan Ward [MSFT] (Expert):
Q: In an answer to question #20 you mention controls in place to crank up the polling interval to 5 min and scripts to kick WMI. Any examples and/or more details? Question #24 is asking ways to speed up the process for IT staff scattered around the world.
A: A couple things to keep in mind when cranking up the polling interval is that this method should be used in very controlled manner, for example you would not want to set this for your whole hierarchy. This is something you would do for a specific deployment scenario. WRT the script I do not have a specific example with me, but if you want to email me (dward@microsoft.com), I mail be able to find one for you. I actually remember so customers posting a few of these on MyITForum.

Dan Conley [MSFT] (Moderator):
Q: Any recommended blog sites ?
A: Check out our Community site on TechNet. It includes links to our MVP blogs as well as SMS Product team blogs: https://www.microsoft.com/technet/sms/community/default.mspx

Dan Conley [MSFT] (Moderator):
Q: Thanks for your notes about upgrade-process requirements. But what if we skip the upgrade and do a side-by-side replacement? What infrastructure or business-policy circumstances, if any, might make this a bad strategy if history retention is unimportant?
A: There is information on this topic in the core SCCM docs. You can review the topic here: https://www.microsoft.com/technet/prodtechnol/sms/smsv4/smsv4_help/6ffe5c59-3858-49c5-83cb-16f63823187c.mspx?mfr=true

Eric Zager [MSFT] (Expert):
Q: So the scenario is we have IT staff all the time wanting to deploy images to bare metal systems. They want to deploy the image NOW to a given new system. How can I tweak the SCCM OSD process to make this process go as quickly as possible?
A: In this scenario, if you are using a bootable media or PXE boot, then the process does not depend on polling intervals, etc, it will pull policy and content as needed, so the OSD process will begin immediately. We don't really support the "deploy it now" scenario to a system already managed by SCCM.

Dan Ward [MSFT] (Expert):
Q: Can you comment on the interplay between VMM and SCCM with respect to OS deployment?
A: There is no native integration at this point with administration/management. From a deployment perspective OSD just treats VM's just like any other client.

Kerwin Medina (Expert):
Q: If you enable the "Make this task sequence available to boot media and PXE", will the advertisement still run even if you do not do a PXE boot? Ie whether you set a mandatory schedule or not?
A: Task sequence advertisements will always show up on CM 2007 clients where they are advertised to. They will show up just like a regular advertisement.

Eric Zager [MSFT] (Expert):
Q: When I attempt to use the Build and Capture a reference machine (Vista Ultimate - Virtual Server Guest), I successfully build the machine but the capture fails with a (8007005) access denied error. Share and NTFS permissions are correct. Any ideas?
A: The error is not actually access denied, it is E_FAIL, a generic error. There should be a log file, smsts.log, on the client. You can look for failures in that log file to help narrow down what went wrong.

Srikanth Krishnamurt (Expert):
Q: Will it be possible to execute a TS through local policy?
A: In theory, it might work, but it is not supported

Kerwin Medina (Expert):
Q: So exactly what does this option do? Create another policy that the PXE service point uses when machine PXE boots, and WDS talks to the PXE SP?
A: If a TS advertisement is not marked as 'available for boot media and PXE', then when you run boot media or boot from PXE, the TS advert will not show up in the list of available TSs to run.

Dan Ward [MSFT] (Expert):
Q: To sell the use of OSD in SCCM to management, what are the advantages of using OSD vs. just WDS (besides task sequencing)? We only want to deploy images to bare metal systems...
A: OSD also provides richer targeting and reporting capabilities, in addition to task sequencing. WDS is more of a core infrastructure type approach (fire and forget). Whereas SCCM provides the end to end provisioning capabilities.

Dan Conley [MSFT] (Moderator):
Thanks for attending this chat everyone. Don't forget to attend the other SCCM chats in the next few weeks. (DCM, SUM, and Native Mode/IBCM). you can find the full TechNet chat schedule here: https://www.microsoft.com/technet/community/chats/default.mspx

Operating System Deployment with System Center Configuration Manager 2007 (July 10, 2007)

Additional resources