Cannot edit the Object, which is used by - Admin console - SEDO - Serialized editing of distributed objects" - ConfigMgr 2012

Hello guys. yesterday one of colleague called me and wanted me to look into an issue while editing Task Sequence. The admin console did not let him edit the task sequence with a message "Cannot edit the object, which is used by Domain\admin at site 000". On seeing the message i was able to explain him that admin console is preventing this edit, since another admin is editing the same object from different site or computer. This feature of ConfigMgr 2012 is called SEDO - Serialized editing of distributed objects"

  In earlier 2007 more than one admin user can edit the same object at a time and whoever writes last wins and others changes will be dishonored. This may cause unexpected results. But in 2012 we have SEDO and with this only one admin user can edit an object at a time. This prevents unexpected results.

  So how does this work ?. Consider that i have two admin users named admin1 and admin2. Admin 1 opens ConfigMgr console and starts Task sequence edit to edit an task sequence named Task sequence1. Now the object Task sequence1 will be locked to edit. So if admin2 launches consolle and tries to edit task sequence1 the admin to will receive a message like this and he will have an option to open Task sequence1 in read only mode.

The lock will be released only when Admin one closes Task Sequence editor.

  For whatever reason if the Admin1 is not able to close the task sequence editor in a regular way (Admin console crashed or Admin1 went for a break or Vm crashed) the lock will remain for 30 more minutes on the object.

  If you dont want to wait for 30 mins you may have to release the lock manually through SQL management studio.The Lock state will be maintained on the table SEDO_LockState. By running

"SELECT *
FROM SEDO_LockState
WHERE AssignedUser = 'Domain\admin1' AND LockStateID = 1"

in sql management studio you will get the Lock_State information. If you want to remove the lock you will have to run this query in SQL management studio.

"DELETE FROM SEDO_LockState WHERE AssignedUser = 'Domain\admin1' AND LockStateID = 1"

Listed below are the SEDO enabled objects

• SMS_Application
• SMS_AuthorizationList
• SMS_BootImagePackage
• SMS_ConfigurationBaselineInfo
• SMS_ConfigurationItem
• SMS_DeploymentType
• SMS_Driver
• SMS_DriverPackage
• SMS_GlobalCondition
• SMS_ImagePackage
• SMS_OperatingSystemInstallPackage
• SMS_Package
• SMS_SoftwareUpdatesPackage
• SMS_TaskSequencePackage

Hope this helps..
                                                                                                                                S A Delphin

Read more »

"mp.msi exited with return code: 1603" Mpsetup.log - ConfigMgr 2012



Hi friends.. This post is exclusively for Newbies.

One of my friend was experiencing  an error while trying to install MP in ConfigMgr 2012 Environment. The error message is snipped below.

MpSetup.log

<10/24/13 07:04:56> mp.msi exited with return code: 1603
<10/24/13 07:04:56> Backing up C:\Program Files\Microsoft Configuration Manager\logs\mpMSI.log to C:\Program Files\Microsoft Configuration Manager\logs\mpMSI.log.LastError
<10/24/13 07:04:56> Fatal MSI Error - mp.msi could not be installed.
<10/24/13 07:04:56> ~RoleSetup().

After seeing these message i wanted to look at Mpmsi.log since mpsetup.log did not show any specific error so i asked him the copy of mpmsi.log too.. While digging inside mpmsi.log i found these snippet 

MpMSI.log

MSI (s) (7C!6C) [07:04:55:972]: Product: ConfigMgr Management Point -- Error 25051. Internet Information Services BITS support is not installed

Error 25051. Internet Information Services BITS support is not installed

CustomAction CcmValidateServerConfig returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

This shows clearly that IIS extension for BITS is not installed or removed. perhaps he would have installed IIS after installing BITS. So i asked him to install IIS extension for BITS through windows features and try re installing MP.

And voila it succeeded. 

Hope this helps..

S A Delphin

Read more »

SQL Query to List Collections with Maintenance Windows - ConfigMgr 2012

  Hi folks.. Have you ever worked with numerous collections with multiple maintenance windows? If it yes, probably you would know that to check the maintenance windows for each and every collection you have to visit property page of all collections.

  I have a ConfigMgr 2012 Development environment, with considerable amount of clients and collections. One fine day i was testing Nomad deployment in some of my member servers. As it is a Development environment a single member server can be a member of multiple ConfigMgr collections. One of the member from patching team configured  maintenance window of 5 mins on a test collection and the member server is a member of that collection too..

  So when i deployed Nomad Branch agent deployment failed with a message "Service windows too short". Remember as i said before to check the maintenance window in all collection i had to visit the property page of all collection and there is not default report to show the maintenance window of all collections. So i thought i would build SQL query to list maintenance window of all collections.. here is the query,

SELECT v_Collection.Name, v_Collection.Comment,v_ServiceWindow.Description, v_ServiceWindow.StartTime, v_ServiceWindow.Duration

FROM v_ServiceWindow

JOIN v_Collection ON v_Collection.CollectionID = v_ServiceWindow.CollectionID

ORDER BY v_Collection.Name

 Create a report with this query and that report will list maintenance window configured in all collections.

Hope this helps..

S A Delphin

Read more »

A Comparison between all Client deployment methods in SCCM 2012

 Hi Folks.. I'm back after a long pause to blogging.. And this time this post is about SCCM Client deployment. I thought i would start with Client deployment methods since that is the first step in SCCM deployment.

 We have almost 6 methods to deploy SCCM client to endpoints but all of them are not the same. With their pros and cons Each deployment method stand ideal for different scenarios. Let's talk about that in this post.

Client Push Method

The easiest method to deploy clients through out your hierarchy but requires some Homework. This client push can be enabled within ConfigMgr console and the status can be inspected in ccm.log in ConfigMgr installation directory and the log files found in C:\Windows\Cccmsetup folder in client.

Requirements:

•  The client must be a member of a domain in which the configmgr site server is installed. Or trust must be present
• firewall ports tcp 80-Http, 443-Https, 445-SMB, Rpc endpoint mapper- 135 and Rpc dynamic ports must be opened between client and site systems (If we use default ports for client communication)
• Client push account must be configured correctly
• DNS name resolution should be working.
• The clients must be discovered before initiating client push

Pro's and Cons

• Reports are available to see the success and failure status
• Trouble shooting is easy
• No additional infrastructure change is required to deploy clients
• Cannot target workgroup and internet based clients
• With multiple physical locations it's a pain to open ports through firewall

Suitable for:

• large number of clients within headquarters or single physical locations for domain computers.
• IT environment which is well organized and structured

GPO Installation

 This is another client deployment method which can be used in a Domain environment. the msi which is deployed through GPO is just a Bootstrap and the client will download the package from DP. The the installation status can be found in the log files found in C:\Windows\Cccmsetup folder in client

Requirements:

• The client must be a member of a domain.
• Ad publishing or GPO for client  assignment is mandatory
• The client installation package must be available on DP and must be reachable to client
• DNS name resolution should be working.

Pro's and Cons

• No additional infrastructure change is required to deploy clients
• If combined with Client push the success rate will be close 100 for domain computers
• Cannot target workgroup and internet based clients
• Client will download client package from DP

Suitable for:

• Best at deployment across domain wide computers with multiple physical locations
• IT environment which is well organized and structured
• Domain computers residing at remote locations 

Logon script based Installation

 In this type of client deployment the client installation switches can be specified in the logon script and GPO for site assignment is not mandatory. The the installation status can be found in the log files found in C:\Windows\Cccmsetup folder in client.

Requirements:

• The client must be a member of a domain.
• firewall ports tcp 80-Http, 443-Https, 445-SMB must be opened between client and site systems (If we use default ports for client communication)
• DNS name resolution should be working.

Pro's and Cons

• If combined with Client push the success rate will be close 100 for domain computers
• Cannot target workgroup and internet based clients

Suitable for:

• Best at deployment across domain wide computers with multiple physical locations
• IT environment which is well organized and structured

SUP Based Installation

This is the most robust client deployment method that can be used to deploy clients. This method can be used to deploy clients to work group computers. No additional changes required if the WSUS system is already in place.The the installation status can be found in the log files found in C:\Windows\Cccmsetup folder in client.

Requirements:

• This method can be used to deploy client to work group computers, domain computers and internet clients.
• firewall ports tcp 80-Http, 443-Https, 445-SMB must be opened between client and site systems (If we use default ports for client communication)
• Well configured WSUS environment is mandatory
• Client targeting must be done through WSUS
• DNS name resolution should be working

Pro's and Cons

• If combined with Client push the success rate will be close 100 through out the Hierarchy
• Workgroup clients can be targetted
• Roubust design
• Internet based clients can be targeted if the WSUS server is published on the internet

Suitable for:

• Best at deployment across an environment which has domain and workgroup clients scatered across multiple physical locations
• Robust IT environment

Manual or Script based Installation

This is the best suitable option available to install internet based clients. But this method is painfull method amongst other deployment methods.

Requirements:

•  DNS name resolution should be working.
• The local copy should have all the files required to install Cm client and must be the same version as the management point that you specify
• firewall ports tcp 80-Http, 443-Https, 445-SMB must be opened between client and site systems (If we use default ports for client communication)
• Work group client must be approved manually with in sccm console

Pro's and Cons

• Workgroup and internet based clients can be targetted
• Roubust design

Suitable for:

• Best method to deploy clients to internet based boxes
• Where all the other deployment type fails because of network issue

 The above comparison is truely based on my observation and perception. One can have different thoughts abou the deployment methods. Apreciate improvement in the above post..

Hope this helps..

S A Delphin

Read more »