|64-Bit Advanced Clients|
|Clients at Secondary Sites|
|Windows XP SP2|
|A.||The Advanced Client only runs on Windows 2000 and later. If you still have Windows 98 or Windows NT 4.0 client computers, you must run the Legacy Client. The Advanced Client is the recommended client for all clients running Windows 2000 and later.|
For more information about client upgrades, see "Appendix H: Upgrading to SMS 2003" in Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment on Microsoft TechNet.
|A.||No. All SMS 2.0 clients running Windows 98 and Windows NT 4.0 SP 6a will upgrade to the SMS 2003 Legacy Client on their next CCIM cycle after the client access point is updated with SMS 2003 binaries. You can use the cliupgrade tool to prevent SMS 2.0 clients from upgrading and allow staging of upgrades in addition to direct upgrade to the SMS 2003 Advanced Client.|
For more information about upgrading SMS client software, see "Appendix H: Upgrading to SMS 2003" in Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment on Microsoft TechNet.
|A.||Yes. For details, see "Appendix I: Installing and Configuring SMS Clients" in
Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment on Microsoft TechNet. You can also search on "creating a computer master image with the SMS Advanced Client installed" in the
SMS 2003 Operations Release Notes.|
|A.||Yes. The Server service must be running, because you connect to the Admin$ share on the client. This is the same as in SMS 2.0.|
Also, to enable Client Push Installation for client computers running Windows XP SP 2, enable File and Print Sharing in the Windows Firewall (formerly known as Internet Connection Firewall, or ICF) configuration on the Windows XP client. You might need to change the scope of the exception to define the set computers for which this port is open.
For more information about deploying SMS clients, see "Appendix C: Client Deployment Planning" in Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deploymenton Microsoft TechNet. For information about how to configure Windows Firewall on Windows XP SP 2, search for "Windows Firewall" in Help and Support Center.
CCMSetup.exe is the manual installation program for the Advanced Client. SMSMan.exe is the manual installation program for the Legacy Client.
Capinst is used for Logon Script-initiated Client Installation. It requires a server locator point to determine which site the client is assigned to. Capinst.exe then starts CCMSetup.exe or SMSMan.exe, as appropriate.
CCMSetup is recommended because it:
Client.msi is a Windows Installer package containing the Advanced Client software. It can be used to distribute the Advanced Client through Group Policy, but it should not be run manually on the client. Clients installed using Client.msi will experience difficulties with upgrade and repair operations if the version of the MSI file used to install the client is not available when the client is repaired or patched. (Unlike Ccmsetup, Client.msi does not manage a local copy of the correct Client.msi for future repairs of the client.) If you installed the client using Group Policy, using use Advanced Client and Management Point Cleaner (CCMClean.exe) to remove the client is not recommended or supported. Group Policy installation creates registry keys that are not removed by use Advanced Client and Management Point Cleaner and these residual registry keys might complicate future reinstallation of the Advanced Client through Group Policy. If you configure Group Policy to install the Advanced Client, configure the policy to Uninstall this application when it falls out of the scope of management. If you need to remove the advanced client from a computer, change the permissions on the policy so it does not apply to that computer. Removing the Advanced Client software through the software settings in the GPO removes all related registry keys and allows for future reinstallation through Group Policy.
Note Due to a Group Policy limitation, Group Policy cannot be used to apply Hotfixes to Advanced Client components.
For more information about managing Group Policy, see the Help and Support Center. For more information about CCMSetup, see Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment.
|A.||No. Advanced Clients do not automatically update when a newer version of the Advanced Client software is available at the SMS site. You must manually upgrade existing Advanced Clients. Windows 2000 SP2 is the earliest supported version of a Windows operating system for SMS 2003 SP1 Advanced Clients. SMS 2.0 and Legacy Client computers running the Microsoft Windows® 2000, Microsoft Windows XP, and Microsoft Windows Server® 2003 operating systems do not upgrade to SMS 2003 SP1 clients. For best practices for upgrading to SMS 2003 SP1 client software, see
Scenarios and Procedures for Microsoft Systems Management Server on Microsoft TechNet.|
Determining the version and type of the SMS client software that is installed on a computer is often important during troubleshooting and for other purposes, such as verifying the success of client deployment. The following section shows how you can check the client version and type from the SMS Administrator console or on the client computer.
If you need to determine the client version by using a script or any other programmatic method, you can locate the client version in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Client Components\ SMS Client Base Components\Installation Properties|Installed Version
On the Advanced Client, this client's version registry key value is set to 99.9.9999.9999. This value ensures that the Advanced Client software is never overwritten by the Legacy Client software. To determine the client's software version, you can check Windows Management Instrumentation (WMI). The client's software version is stored in the ClientVersion property of the SMS_Client class in the root\CCM namespace.
At a client, you can determine the client type by the SMS client installation directory. If a %Windir%\MS\SMS directory exists, then the client is a Legacy Client. If a %Windir%\System32\CCM\Clicomp directory exists, then the client is an Advanced Client. Also, Systems Management in Control Panel on the Advanced Client has an Actions tab, which the Legacy Client does not have.
Common client versions for SMS 2003 are listed below.
No. Advanced Clients can run in Windows NT 4.0 domains. Active Directory is required for advanced security mode. Active Directory schema extensions are required for global roaming. Active Directory with schema extensions is also required if you want clients to automatically detect the server locator points and management points without generating WINS traffic.
For more information about Advanced Clients, see "Appendix E: Designing Your SMS Sites and Hierarchy" in Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment on Microsoft TechNet.
|A.||No. The administrator must create an advertisement with a new or updated version of the Advanced Client files. SMS never checks or updates the Advanced Client version automatically like a Legacy Client does. Because the client is installed by using .msi, it can perform self-repair, like any other .msi application can. If a hotfix is applied to an Advanced Client component, you must apply the .MSP patch file to all Advanced Clients. You can do this by using SMS Software Distribution.|
When using CCMSETUP to install the Advanced Client, you can use the CCMDEBUGLOGGING switch to enable debug logging. The default for the CCMLOGLEVEL switch is 1. Changing that setting to 0 when using CCMSETUP enables verbose logging.
To enable debug logging after installation, create the following registry key: HKLM\SOFTWARE\Microsoft\CCM\Logging\debuglogging
To enable verbose logging after installation, change the following value to 0:
You might need to change the registry permissions on this key to change these values.
For more information about enabling Windows Installer logging, see
article 223300, "How to Enable Windows Installer Logging," in the
Microsoft Knowledge Base.
By default, the Advanced Client for 32-Bit clients is installed in the %Windir%\System32\CCM folder. You can change this default by running Ccmsetup.exe with the CCMINSTALLDIR installation property. Regardless of where the Advanced Client software is installed, the Ccmcore.dll file is always installed in the %Windir%\System32 folder. This is done so the SMS Advanced Client programs in Control Panel function properly.
A new Advanced Client that is not configured as a management point will store the client logs at %windir%\System32\CCM\Logs. A new Advanced Client that is configured as a management point will store the client log files in SMS_CCM\Logs. SMS 2003 Legacy Clients still store the client log files at %windir%\MS\SMS\Logs.
The SMS 2003 Advanced Client installation location differs on computers running supported 64-bit operating systems. In this case, Advanced Client installation files are always copied to %Windir%\CCMSetup before installation. SMS 2003 64-bit Advanced Client software is always installed to %Windir%\Syswow64\CCM. You cannot modify this installation location.
For more information about using the advanced client installer, see "Appendix I: Installing and Configuring SMS Clients" in
Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment on Microsoft TechNet.
|A.||No, if the CCR was created at the primary site, the client.msi is initiated from the primary site's management Point. If the CCR was created at the secondary site then the proxy management point will be used.|
|A.||SMS 2003 (no service pack) does not support changing the port. In SMS 2003 SP1 you can specify the TCP ports used by Advanced Clients on the Ports tab in the properties of your SMS site. For more information, see "Securing SMS Communications" in see
Scenarios and Procedures for Microsoft Systems Management Server 2003: Security on Microsoft TechNet.|
The SMS Advanced Client software is not automatically removed under any circumstances. Only a user with administrative credentials on the computer can remove the Advanced Client software. You can manually remove it in two ways. You can use Advanced Client and Management Point Cleaner (CCMClean.exe) from the SMS 2003 Toolkit, which is available for download on the SMS Web site.
You can also run
msiexec /x \\<management point>\smsclient\i386\client.msi.
|A.||On the Control Panel on a 64-bit Advanced Client, click View x86 Control Panel Icons to see the SMS icons.|
|A.||On a 64-bit computer, the Advanced Client is installed in <systemroot>\windows\syswow64\ccm.|
|A.|| Yes, there are Hotfixes available. At this time, you can see article IDs 886197 and 886902 for information about currently released Hotfixes. If additional Hotfixes are released, you can find out about them by searching the
Microsoft Knowledge Base. Also see
SMS 2003 Supported Configurations for SP1 for more information about 64-bit support.|
Secondary sites do support Advanced Clients. However, Advanced Clients cannot be assigned to the secondary site. They are always assigned to the parent primary site, but can reside in the boundaries of the secondary site, taking advantage of any proxy management points and distribution points at the secondary site.
For more information about planning site boundaries and roaming boundaries, see "Appendix E: Designing Your SMS Sites and Hierarchy" in Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment on Microsoft TechNet.
Management points must communicate with an SMS site database. Secondary sites do not have their own SMS site database; they use the site database at their parent primary site. The Policy system for Advanced Clients is based off the primary site and the clients can get policy only when assigned to the primary sites.
For more information about planning site boundaries and roaming boundaries, see "Appendix E: Designing Your SMS Sites and Hierarchy" in
Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment.
|A.||The secondary site server often has an existing connection to the primary site server. This interferes with the security context needed to install the SMS client. For more information, see the section "Configuring Client Push Installation to a Secondary Site Server Computer from a Primary Site Server" in the most recent version of
Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment.|
Roaming is the ability to move a computer running the SMS Advanced Client from one IP subnet or Active Directory site to another. Roaming always involves an IP address change on the client. In SMS 2.0, clients moving to other sites might have been uninstalled and reinstalled into a new site, or they might have retrieved packages and contacted client access points across slow WAN links. Roaming was developed to help control how mobile computers use the network when communicating with SMS distribution points and management points.
For a Flash demonstration illustrating the concepts and processes of Advanced Client Roaming, see the "Systems Management Server 2003 Product Documentation" page on the SMS Web site.
For more information about roaming and roaming boundaries, see the "Configuration and Operation of Advanced Client Roaming" whitepaper on the Microsoft Download site.
When configuring roaming boundaries, the SMS administrator specifies whether a roaming boundary is a local roaming boundary or a remote roaming boundary. The terms local and remote are designed to be used by the SMS administrator as a way to label well-connected and not well-connected network segments, respectively. If the SMS administrator defines the roaming boundaries in this way, then the following definitions apply:
Local roaming boundary A roaming boundary in which the site distribution points are locally available to the Advanced Client and software packages are available to that client over a well-connected link. Advertisements sent to Advanced Clients specify whether the Advanced Client downloads the package source files from the locally available distribution point before running the program.
Remote roaming boundary A roaming boundary in which the site distribution points are not locally available to the Advanced Client. Advertisements sent to Advanced Clients specify whether the client downloads the software program from a remote distribution before running it, runs the package from a remote distribution point, or does nothing and waits until a distribution point becomes available locally.
As a best practice, specify local roaming boundaries for the well-connected segments of an SMS site (such as over a LAN). Specify remote roaming boundaries for the slow or unreliable network links in your SMS site (such as RAS, a wireless network, a 56 Kbps dial-up connection, or a branch office that is not configured as a separate site).
Remote and local roaming boundaries are considered equivalent for automatic site assignment.
For more information about roaming and roaming boundaries, see the
"Configuration and Operation of Advanced Client Roaming"whitepaper on the Microsoft Download site.
If Active Directory is not available, or if the Active Directory schema for SMS is not extended, Advanced Clients can roam only to the lower level sites of their assigned site. This is called regional roaming. In regional roaming, the Advanced Client can roam to lower level sites and still receive software packages from distribution points.
Global roaming allows the Advanced Client to roam to higher level sites, sibling sites, and sites in other branches of the SMS hierarchy, and still receive software packages from distribution points. Global roaming requires Active Directory and the SMS Active Directory schema extensions. Global roaming cannot be performed across Active Directory forests.
For more information about roaming and roaming boundaries, see the "
Configuration and Operation of Advanced Client Roaming" whitepaper on the Microsoft Download site.
|A.||Ensure that you entered the correct site code during installation. The client might finish the install successfully with correct control panel items but will not communicate with any existing SMS site to get policy if it does not have the correct site code specified. Check the ClientLocation.log to determine if the client is assigned. Check the Locationservices.log to verify that the client is able to find the site management point. If you do not see any errors in those log files, look for policy request and download in the DataTransferservice.log.|
Simulate a simple client request to IIS on the management point. First, on the Start menu, Click Run and type http://<management point name>/sms_mp/.sms_aut?mplist. If you see a blank screen instead of an error message, the request is successful. Next, on the Start menu, Click Run and type
http://<management point name>/sms_mp/.sms_aut?mpcert. If the request is successful, you will see a long list of numbers and letters. Finally, run the MPGetPolicy tool from the SMS Toolkit1, available on
the Microsoft Download site. If all of these tests fail, verify that your management point has been installed correctly. For more information about verifying the successful installation of a management point, see "Site Systems Frequently Asked Questions" on Microsoft TechNet.
Verify that the client is assigned to the site. By default, the wizard only pushes to clients assigned to the site.
Verify that you have created the appropriate accounts and they have access to all chosen client computers. Client Push Installation requires that you grant administrator rights and permissions to either the SMS Service Account (if the site is running in standard security mode) or Client Push Installation Accounts that you create in the Client Push Installation Properties dialog box in the SMS Administrator console.
To troubleshoot Client Push Installation problems during Advanced Client installation, review the Ccm.log file on the SMS site server, which is located in the SMS\Logs folder. On the client, review the Ccmsetup.log and Client.msi.log file, which is located in %Windir%\System32\Ccmsetup.
Also, to enable Client Push Installation for client computers running Windows XP SP 2, enable File and Print Sharing in the Windows Firewall (formerly known as Internet Connection Firewall, or ICF) configuration on the Windows XP client.
Site-wide Client Push Installation cannot install the SMS client on computers that are running Windows NT 4.0, and are discovered only by Active Directory discovery methods. Instead, you can create a collection and deploy the client to the collection instead of the whole site.
For more information about using site-wide client push installation on Windows NT 4.0 computers, see the
SMS 2003 Installation Release Notes. For information about how to configure Windows Firewall on Windows XP SP 2, search for "Windows Firewall" in Help and Support Center.
Yes. It is called capinst.log and is located in the logged in the user’s temp directory (I.e. D:\documents and settings\User1\Local Settings\temp).
Note The Local Settings folder is marked as hidden by default.
|A.||First, verify that the SMS Agent Host service is installed and running. If it is, the Advanced Client really is installed. If it doesn’t show up in the All Systems collection, it might be either that the client is not assigned to a site or that the client cannot find the default management point in its assigned site. You can use the Advanced tab of the Systems Management program in Control Panel to verify that the client is assigned to a site. If not, you can configure the site code the client should be assigned to. If it is assigned to a site, view the LocationServices.log on the client (Windows\System32\CCM\Logs) to see if the client was able to retrieve the default management point for the assigned site. It may be that the management point installation failed due to lack of IIS or BITS services being installed prior to the management point role being assigned to the computer.|
No. The management point is not stored on the client in a registry setting that can be manipulated to cause it to be assigned to a management point. Clients use a dynamic process to locate their management point. This is an important feature of the Advanced Client that allows computers to roam to other sites.
Management point lookup occurs periodically, such as when the SMS Agent Host service starts. If you need to force the client to relocate the management point. you can:
If you have extended the Active Directory schema, then the client will use an LDAP query to determine the management point. If the schema has not been extended, the client will perform a WINS record lookup.
This is a known issue. If the upgrade was set to restart the Legacy Client after installation, the client generates status message 10022, which indicates the operation was successful, but a restart of the system is required for the operation to be complete. This message overrides the 10800 message that indicates a successful installation of the Advanced Client.
There are three reports that are currently affected by this condition:
These reports will show that the program completed successfully, but there is a restart pending. Assuming these clients have completed a restart, you can consider them fully installed. You can also add the client version to the detail in the report and use the version number to determine which clients have successfully installed the Advanced Client.
Note You may find a larger-than-expected number of computers reported as Succeeded in Advertisement status messages for a client being upgraded to the Advanced Client. If an Advanced Client successfully upgrades once, it will not rerun the upgrade program. If the Advanced Client package is advertised to more than one collection and the same client is a member of both collections, then that client will send the Program will not rerun status message. This status message moves the client from the Advanced Client installed count to the Succeeded count. If it is not possible to avoid the collection overlap, use client version reports to determine whether upgrades were successful.
Yes. At this time there are two known compatibility issues that require hotfixes and five application compatibility issues caused by the secure configuration of the Windows Firewall (also known as Internet Connection Firewall, or ICF).
Remote Control SMS clients running Windows XP SP 2 cannot be remotely managed by using SMS Remote Tools. The recommended best practice is to use Remote Assistance on client computers that support it, such as Windows XP. To enable SMS Remote Tools, add the following port for each necessary remote tool:
For more information about ports used by SMS remote control, see
article 256884 in the
Microsoft Knowledge Base. Remote Assistance is unavailable when initiated from the SMS Administrator console Remote assistance sessions initiated from the SMS Administrator console to a computer running Windows XP SP 2 will fail, although remote assistance sessions requested by the Windows XP client will succeed. To enable Remote Assistance to be initiated from the SMS Administrator console, add both the custom program helpsvc.exe and the custom port TCP 135 to the list of permitted programs and services in Windows Firewall on the Windows XP client. Also, Windows Firewall must be configured to permit Remote Assistance and Remote Desktop. If a user initiates a request for Remote Assistance from that computer, Windows Firewall will automatically be configured to permit Remote Assistance and Remote Desktop.
Some customers have reported this issue, but at this time, Microsoft has not been able to reproduce this condition. If you run the SMS Administrator console only from computers that belong to the same domain as the SMS Provider, permitting unsecapp.exe and port TCP 135 to pass through the Windows Firewall should be sufficient. However, some customers have reported that even after permitting these two exceptions, the SMS Administrator console still cannot connect to an SMS site database from the Windows XP SP 2 client, even when both computers are in the same domain. As a last resort, adding anonymous remote access rights in DCOM resolves the issue but increases your security risk.
Did you find this information useful? Send your suggestions and comments about the FAQ to email@example.com.
|Top of page|