Thursday, October 25, 2012

SCCM How to deploy a client

Overview

Within Config manager the client is within the "All Systems" collection however, under the column 'Client' the answer is NO.

Stage 1

First thing to do is click on "Client installation methods"  located under Site Settings.  Then right click on "Client Push Installation" and select properties.  On the general tab if you click on "Enable Client Push Installation to assigned resources" any system discovered throug AD (or other) will have a client automatically installed.  Depending on you environment consider this tick box.

On the Accounts tab you must input account credentials that will have administrative access to the admin$ share of the client system.  The account that can access desktops may be different to domain controllers so you can put multiple accounts in here and it will try them in order.

On the Client tab you can specify the Site code.  It is also possible to define SMS cache size rather than the 5gb default. See Microsoft for additional properties http://technet.microsoft.com/en-us/library/bb680980.aspx

Client agents under Site Settings will list the agents that will be pushed out with the SCCM client.
The computer client agent is critical.  On the properties tab is important you have set a Network access account.  This agent will connect back to the SCCM server looking installation folders so it must have suitable access delegated.

Stage 2

Now SCCM is configure correctly and agents have the appropriate account setup for connection.  Right click the system without the client, Then "Install Client".  This will bring up a wizard, i like to select include only clients in this site's boundaries and Always install (repair ...). Finish the wizard.

Stage 3

Check the log files for errors! c:\Prgram Files\Microsoft Configuration Manager\Logs

Using Trace32 open the CCM log on the SCCM server.  Which will show the client deployment process so we can see if it is succeeding.



On the client system you can open the CCMSetup log file to monitor the client installation (this can take a while to complete (located admin$\system32\ccmsetup\ccmsetup.log)

On the client there are three key log to know that your client install was successful (located dmin$\system32\ccm\logs)

"Clientlocation.log" confirm the current management point is correct.
"Location services.log" Confirm the current AD site of machine is "" correct
"Execmgr.log"  This log reads policy from the management point. So advertisements creates a policy which the client reads .  "Software distribution agent was enabled" will not be in red.

Stage 4

Within the control panel there will now be three additional icons.  The Configuration Manager, Run Advertised Programs, Remote control Properties, and Program Download monitor.

There are two services installed on the client system.
SMS Agent Host
SMS Task Sequence Agent

SCCM How to deploy a client

Overview

Within Config manager the client is within the "All Systems" collection however, under the column 'Client' the answer is NO.

Stage 1

First thing to do is click on "Client installation methods"  located under Site Settings.  Then right click on "Client Push Installation" and select properties.  On the general tab if you click on "Enable Client Push Installation to assigned resources" any system discovered throug AD (or other) will have a client automatically installed.  Depending on you environment consider this tick box.

On the Accounts tab you must input account credentials that will have administrative access to the admin$ share of the client system.  The account that can access desktops may be different to domain controllers so you can put multiple accounts in here and it will try them in order.

On the Client tab you can specify the Site code.  It is also possible to define SMS cache size rather than the 5gb default. See Microsoft for additional properties http://technet.microsoft.com/en-us/library/bb680980.aspx

Client agents under Site Settings will list the agents that will be pushed out with the SCCM client.
The computer client agent is critical.  On the properties tab is important you have set a Network access account.  This agent will connect back to the SCCM server looking installation folders so it must have suitable access delegated.

Stage 2

Now SCCM is configure correctly and agents have the appropriate account setup for connection.  Right click the system without the client, Then "Install Client".  This will bring up a wizard, i like to select include only clients in this site's boundaries and Always install (repair ...). Finish the wizard.

Stage 3

Check the log files for errors! c:\Prgram Files\Microsoft Configuration Manager\Logs

Using Trace32 open the CCM log on the SCCM server.  Which will show the client deployment process so we can see if it is succeeding.



On the client system you can open the CCMSetup log file to monitor the client installation (this can take a while to complete (located admin$\system32\ccmsetup\ccmsetup.log)

On the client there are three key log to know that your client install was successful (located dmin$\system32\ccm\logs)

"Clientlocation.log" confirm the current management point is correct.
"Location services.log" Confirm the current AD site of machine is "" correct
"Execmgr.log"  This log reads policy from the management point. So advertisements creates a policy which the client reads .  "Software distribution agent was enabled" will not be in red.

Stage 4

Within the control panel there will now be three additional icons.  The Configuration Manager, Run Advertised Programs, Remote control Properties, and Program Download monitor.

There are two services installed on the client system.
SMS Agent Host
SMS Task Sequence Agent

How to send internet traffic out the ISP (not through the BES server)

http://www.blackberryforums.com.au/forums/general-bes-discussion/3946-how-send-internet-traffic-out-isp-not-through-bes-server.html

When you are on BES you have the three browsers by default, they are Internet Browser (use BlackBerry APN), BlackBerry Browser (uses BES MDS service) and the Carrier’s WAP Browser (Vodafone Live). If you use Vodafone Live you change be charged extra for the data usage so this isn't really recommended. What you should do on the BES is go "I.T Policy > Default Policy > Browser Policy Group" and change the following:

1. MDS Browser Title = MDS Internet
2. Allow IBS Browser = True
3. MDS Browser Use Separate Icon = True

After changing these policies you Internet Browser that uses the BES internet connection will be called "MDS Internet" and you should also see a separate "Browser" icon. This separate Browser icon will bypass your BES internet and use the free Blackberry APN get internet data

How to send internet traffic out the ISP (not through the BES server)

http://www.blackberryforums.com.au/forums/general-bes-discussion/3946-how-send-internet-traffic-out-isp-not-through-bes-server.html

When you are on BES you have the three browsers by default, they are Internet Browser (use BlackBerry APN), BlackBerry Browser (uses BES MDS service) and the Carrier’s WAP Browser (Vodafone Live). If you use Vodafone Live you change be charged extra for the data usage so this isn't really recommended. What you should do on the BES is go "I.T Policy > Default Policy > Browser Policy Group" and change the following:

1. MDS Browser Title = MDS Internet
2. Allow IBS Browser = True
3. MDS Browser Use Separate Icon = True

After changing these policies you Internet Browser that uses the BES internet connection will be called "MDS Internet" and you should also see a separate "Browser" icon. This separate Browser icon will bypass your BES internet and use the free Blackberry APN get internet data

Monday, October 22, 2012

SCCM PXE Task Sequence

Step 1

1 Check DHCP scope has option 66 with the SCCM server name set as the value.
2 WDS service is installed and running.
3 Under site Systems select the SCCM server and make sure "ConfigMgr PXE service point" role is installed
3.1 For a lab environment. Enable "Allow this PXE... to repond to incoming PXE requests" and "Respond to PXE request on all network interfaces".
4 Create a Collection called "Bare Metal OSD deployment"

Step 2

5 Click on "Computer Asscocation"  > "Import computer Information" > Import single computer
5.1 Enter Computer name and MAC address to define system > Add to "Bare Metal OSD deployment" collection
6 Under the node OSD in SCCM click on "Task Sequence"> Select the TS you want to deploy to the collection > Right click and "Advertise", specify the "bare metal OSD deployments".
6.1 Set as mandatory assignemtn. Tick "Ignore maintenance windows when running program and "Allow system restart outside maintenance Window.
6.2 Select "access content directly from a DP ...."

Summary

Setup WDS, DHCP scope, PXE point service, Advertised Task Sequence, Imported system via MAC address and added to collection. SCCM is ready next step is to restart the computer defined for a network boot, typically F12.

The computer will advertise that it is looking for a PXE service, the DHCP server will point it to the SCCM server that will then pick up the computer and push a Win PE image following the TS options.

Deployment

7 While SCCM WinPE  is deploying the WIM file it is possible to press F8 to bring up a DOS window and exam the SMSTSLog directory.

\\Map network drive: enter credentials
x:\> net use z: \\sccm\c$\tempsmslog

\\Copy all logs files to z:\
x:\> copy z:\ *.log

Now on your SCCM server\c$\tempsmslog folder you will find a smsts.log file.  Open with trace32 to troubleshoot.

7.1 Alternatively within SCCM select the Reporting Node and run the "Deployment status of all task sequence advertisements".  This report details the last action, exit code and Action output.

SCCM PXE Task Sequence

Step 1

1 Check DHCP scope has option 66 with the SCCM server name set as the value.
2 WDS service is installed and running.
3 Under site Systems select the SCCM server and make sure "ConfigMgr PXE service point" role is installed
3.1 For a lab environment. Enable "Allow this PXE... to repond to incoming PXE requests" and "Respond to PXE request on all network interfaces".
4 Create a Collection called "Bare Metal OSD deployment"

Step 2

5 Click on "Computer Asscocation"  > "Import computer Information" > Import single computer
5.1 Enter Computer name and MAC address to define system > Add to "Bare Metal OSD deployment" collection
6 Under the node OSD in SCCM click on "Task Sequence"> Select the TS you want to deploy to the collection > Right click and "Advertise", specify the "bare metal OSD deployments".
6.1 Set as mandatory assignemtn. Tick "Ignore maintenance windows when running program and "Allow system restart outside maintenance Window.
6.2 Select "access content directly from a DP ...."

Summary

Setup WDS, DHCP scope, PXE point service, Advertised Task Sequence, Imported system via MAC address and added to collection. SCCM is ready next step is to restart the computer defined for a network boot, typically F12.

The computer will advertise that it is looking for a PXE service, the DHCP server will point it to the SCCM server that will then pick up the computer and push a Win PE image following the TS options.

Deployment

7 While SCCM WinPE  is deploying the WIM file it is possible to press F8 to bring up a DOS window and exam the SMSTSLog directory.

\\Map network drive: enter credentials
x:\> net use z: \\sccm\c$\tempsmslog

\\Copy all logs files to z:\
x:\> copy z:\ *.log

Now on your SCCM server\c$\tempsmslog folder you will find a smsts.log file.  Open with trace32 to troubleshoot.

7.1 Alternatively within SCCM select the Reporting Node and run the "Deployment status of all task sequence advertisements".  This report details the last action, exit code and Action output.

Blackberry How to factory reset your device.

Here's how to FACTORY RESET the device.

Install Blackberry Desktop Manager on a PC.  Connect the Blackberry to the PC with a USB cable.

From a DOS prompt (command) window on the users PC (from Start - Run  type cmd <OK>  then change directory path to:

C:\Program Files\Common Files\Research In Motion\Apploader     by typing cd\ (enter)  followed by cd Program Files (enter) then cd Common Files (enter)  etc etc

Run the command:   Loader.exe /resettofactory

That will bring the Blackberry back to the state it should be in when you get a brand new one out of the box.

Blackberry How to factory reset your device.

Here's how to FACTORY RESET the device.

Install Blackberry Desktop Manager on a PC.  Connect the Blackberry to the PC with a USB cable.

From a DOS prompt (command) window on the users PC (from Start - Run  type cmd <OK>  then change directory path to:

C:\Program Files\Common Files\Research In Motion\Apploader     by typing cd\ (enter)  followed by cd Program Files (enter) then cd Common Files (enter)  etc etc

Run the command:   Loader.exe /resettofactory

That will bring the Blackberry back to the state it should be in when you get a brand new one out of the box.

BES Troubleshooting Enterprise Activation

Troubleshooting the enterprise activation process can be broken down into 4 stages – when troubleshooting activation issues, let the process complete or until an error messages appears.



For more help with Enterprise Activation issues – KB13852

 

1.1.1        Stage 1 – Authentication

1.       The BESAdmin creates a new user and assigns an activation password using the Blackberry Manager (4.1.x) or the Blackberry Administration Service (5.0.X). The user list store in the blackberry Configuration Database is updated with the new user name, email address, mailbox information, activation password, activation status and other user account information.

Points of Failure – BAS, Configuration Database

 

2.       The Blackberry Dispatcher assigns the new user to a Blackberry Messaging Agent. The Blackberry Messaging Agent starts to monitor the user’s mailbox on the messaging server for new email messages. An email message containing the ETP.dat file attachment is required to continue the activation process over the Vodafone Network.

Points of Failure – Dispatcher, Messaging Agent

 

3.       The user goes to the Enterprise Activation screen on the blackberry and enters the email address and activation password. The user selects the menu key and clicks Activate. The blackberry displays Activating username@company_name.com

Points of Failure – Device

 

4.       The Blackberry creates an activation request email message that contains the email address, PIN and public key authentication information, based on the activation password typed in by the user. The activation request email message is encrypted and is sent to the RIM Relay over the Vodafone Network.

Points of Failure – Device, Network

 

5.       The RIM Relay receives the activation email message and identifies uit as an activation request. The RIM Relay forwards the email message using SMTP to the email address that was used for the Enterprise Activation screen.

Points of Failure – Antivirus software, spam filters, provisioning, users mailbox, messaging server, network

 

















































































IssueReason Solution
Failure to add user to the BESIncorrect permissions for the BESAdmin accountEnsure the permissions are correct for the BESAdmin account – KB02276
 Incorrect MAPI subsystem installed on the BESEnsure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285
 User Data cannot be written to the BB Configuration DatabaseBackup the BB Configuration Database - KB10292 and increase the size - KB10969
An Error has occurred. Please contact your system administrator appears on the BB deviceIncorrect password entered on the EA screenThe activation ETP.dat email message has reached the user’s mailbox and the BES has rejected the activation password and sent the error message to the BB device. The BES will allow 4 more attempts with the current password before a new EA password has to be created.
No EA application exists on the BB deviceThe BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
 The BB device may not be registered correctly on the VF networkConfirm that the BB device has in capital letters of either GPRS, EDGE, 3G. And is able to Register Now via the Hosting Routing Table – KB00014
 The BB device may not be running Ver. 4 or later of the device softwareConfirm that the BB device is running ver. 4 or higher of the software. To install BB device software – KB03901
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
The BB Device is not in a wireless network coverage area.Confirm that the BB device has the correct signal type. Can the BB device send a PIN message to check coverage?
The users has entered in an incorrect email address in the EA screenThe user must retry the EA process with the correct email address.
An activation password was not createdCreate an activation password
The activation email message was moved to another folder than the inbox.Confirm that there are no filtering or forwarding rules on the Messaging Server or the user’s mailbox to a folder other than the inbox.
The user’s mailbox is full.Confirm that the user’s mailbox can receive email messages.

 
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The user’s email messages are being routed to a .pst folder or .ost folder.Confirm that the user’s email mailbox is configures to leave a copy of the messages on the Messaging Server.

Personal and Offline folders are inaccessible to the BES.
The ETP.dat message is not reaching the user’s inbox because it is being deleted or modified by a virus scanning application.Confirm that the company’s antivirus software is not rejecting activation email message and that the EPT.dat attachment is not being deleted, flagged or modified.
The ETP.dat attachment is not reaching the user’s inbox because it is being identified as spam.Confirm that the company’s firewall is not filtering email messages from the blackberry,net domain.

Confirm that the company’s anti spam software is not flagging the activation email message and modifying its title, contents or the ETP.dat attachment.

Confirm that the users email application is not moving the activation email message to the default junk email message folder.

 

 

1.1.2        Stage 2 - Encryption Verification

1.       On arrival in the user’s mailbox, the Blackberry Messaging Agent identifies the new activation request email message and removes it from the user’s mailbox. The Blackberry Messaging Agent recognises the EPT.dat attachment in the activation request email message and begins the authentication process.

Points of Failure – Messaging Agent, Messaging Server, Users Mailbox

 

2.        The Blackberry Messaging Agent compares the authentication key received in the activation request email message with the authentication key generated from the activation password and stored in the Blackberry Configuration Database. If the authentication keys match, the blackberry Messaging Agent notifies the Blackberry device that the activation request has been received. The Blackberry Messaging Agent and the Blackberry device then generate their encryption keys that will be used to encrypt and decrypt all data

Points of Failure – Blackberry device, Messaging Agent

 

 


























IssueReason Solution
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages with the ETP.dat attachment appear in the user’s mailbox.
The BES does not receive the UDP notification for the new email message from the Messaging Server.Confirm that there BES can communicate with the Messaging Server
Incorrect MAPI subsystem installed on the BES.Ensure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285

 
The BESAdmin account does not have the correct permissions to access the user’s mailbox and retrieve the ETP.dat activation email message.Ensure the BESAdmin account permissions are correct for the users mailbox – KB10823

The EPT.dat activation email message must arrive in the user’s mailbox before the BESAdmin account is notified is notified that the email message has been received.
An Error has occurred. Please contact your system administrator appears on the BB deviceThe Enterprise Service Policy has restricted which BB devices can be activated on the BESConfirm that the Enterprise Service Policy allows the BB device to be activated on the BES

 

 

1.1.3        Stage 3 - Receiving services

3.       At this stage, the BES and the Blackberry device have established an encryption key and have verified their knowledge of the encryption key to each other. The Blackberry device now displays the message Encryption Verified. Waiting for Services. All data between the BES and the Blackberry device from now on is compressed and encrypted using this encryption key.

4.       The Blackberry Messaging Agent forwards the request to the Blackberry Policy Service to generate the service books. The Blackberry Policy Service adds the unique authentication key that the Blackberry Domain uses to sign IT policy data and then forwards the IT policy data through the Blackberry Dispatcher to the Blackberry Router and then to the Blackberry device. The Blackberry Policy Service waits for confirmation from the Blackberry device that the IT policy has been applied successfully.

Points of Failure – Configuration database, Messaging Agent, Policy Service, Blackberry device

 

5.       The Blackberry device applies the IT policy and sends a confirmation to the BES. The IT policy applied to the Blackberry device. The IT policy applied to the Blackberry device is now in a read-only state and can be modified only by IT policy updates sent from the same Blackberry Domain.

Points of Failure – Blackberry device

 

6.       When the Blackberry Policy Service receives the confirmation that the IT policy has been applied successfully, the Blackberry Policy Service generates and sends the service books to the Blackberry device.

Points of Failure – Configuration database, Policy Service, Blackberry device

 

7.       The Blackberry device receives the service books and displays the following message Services Received. Your email address, username@company_name.com is now enabled. At this point the users can send and receive email messages on the Blackberry device.

Points of Failure – Blackberry device

 


























IssueReason Solution
The BB device stops responding at Waiting for Services...The BB Policy Service or the BB Synchronisation Service is not started or responding.Confirm that the BB Policy Service and the BB Synchronisation Service are started or restart the services if required.
The BB Policy Service is processing the service books and the IT policy.Allow sufficient time for the BB Policy Service to process the service books and the IT policy.
Another user with the same PIN is active in the BB Configuration Database.Remove the duplicate user account from the BES.
IT Policy Rejected. Please wipe handheld and try again appears on the BB device.The BB device was previously active on another BES and has a conflicting IT policy.

This happens when the previous BES and the current BES do not share the same BB configuration database.
The user must delete all data using the Security Wipe option on the BB device to allow the new BES to overwrite the IT policy from the previous BES.

 

1.1.4        Stage 4 – Slow Synchronisation

8.       The slow synchronisation process begins. The Blackberry device requests the synchronisation configuration information from the Blackberry Synchronisation Service, the configuration information indicates whether wireless data synchronisation on the BES is turn on and which PIM databases can be synchronised. The configuration information also provides database synchronisation types (one way or two way) and conflict resolution settings.

Points of Failure – Synchronisation Service, Blackberry device

 

9.       The Blackberry Synchronisation Service returns the configuration information and synchronises the databases in the Blackberry device.

Points of Failure – Configuration Database, Blackberry device, users’ mailbox, Synchronisation Service

 

10.   The slow synchronisation process is complete when all the databases are synchronised between the Blackberry device and the BES. The blackberry device displays Activation Complete and the user account status displays Completed in the BAS console.

 








































IssueReason Solution
The EA process only completes the synchronisation process of the Calendar database.The BB Synchronisation Service is not started or responding.Confirm that the BB Synchronisation Service are started or restart the services if required.

Confirm that the MS XML parser is installed.
The BES has network connection issues with the MS SQL Server.Confirm that there are no network connectivity issues between the BES and the BB Configuration Database.
Not all databases synchronised successfully – Address Book appears on the BB device.Due to requirements for contact information, some entries in the Address Book application might have been skipped.Confirm that all contacts have a first name, last name or company name. When a contact entry is missing information in all 3 fields then the entry is not synchronised and this error message is displayed on the BB device.
PIM databases are not synchronised after the enterprise activation process has finished.The IT policy is disabling wireless bulk load, PIM synchronisation or individual PIM applications.Confirm that the IT policy allows for wireless synchronisation of PIM applications.
The EA process stops responding and the slow synchronisation process cannot complete.Content Protection is enabled on the BB Device.Turn off Content Protection before stating the EA process again.
Multiple users are attempting the slow synchronisation process at the same time.If Multiple users are attempting the slow synchronisation process at the same time, then it may take long to complete depending on BES settings and workload and the Messaging Server performance.
The Desktop [SYNC] service is corrupt.Delete and undelete the Desktop [SYNC] service books – if necessary resend from the BES.

BES Troubleshooting Enterprise Activation

Troubleshooting the enterprise activation process can be broken down into 4 stages – when troubleshooting activation issues, let the process complete or until an error messages appears.



For more help with Enterprise Activation issues – KB13852

 

1.1.1        Stage 1 – Authentication

1.       The BESAdmin creates a new user and assigns an activation password using the Blackberry Manager (4.1.x) or the Blackberry Administration Service (5.0.X). The user list store in the blackberry Configuration Database is updated with the new user name, email address, mailbox information, activation password, activation status and other user account information.

Points of Failure – BAS, Configuration Database

 

2.       The Blackberry Dispatcher assigns the new user to a Blackberry Messaging Agent. The Blackberry Messaging Agent starts to monitor the user’s mailbox on the messaging server for new email messages. An email message containing the ETP.dat file attachment is required to continue the activation process over the Vodafone Network.

Points of Failure – Dispatcher, Messaging Agent

 

3.       The user goes to the Enterprise Activation screen on the blackberry and enters the email address and activation password. The user selects the menu key and clicks Activate. The blackberry displays Activating username@company_name.com

Points of Failure – Device

 

4.       The Blackberry creates an activation request email message that contains the email address, PIN and public key authentication information, based on the activation password typed in by the user. The activation request email message is encrypted and is sent to the RIM Relay over the Vodafone Network.

Points of Failure – Device, Network

 

5.       The RIM Relay receives the activation email message and identifies uit as an activation request. The RIM Relay forwards the email message using SMTP to the email address that was used for the Enterprise Activation screen.

Points of Failure – Antivirus software, spam filters, provisioning, users mailbox, messaging server, network

 

















































































IssueReason Solution
Failure to add user to the BESIncorrect permissions for the BESAdmin accountEnsure the permissions are correct for the BESAdmin account – KB02276
 Incorrect MAPI subsystem installed on the BESEnsure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285
 User Data cannot be written to the BB Configuration DatabaseBackup the BB Configuration Database - KB10292 and increase the size - KB10969
An Error has occurred. Please contact your system administrator appears on the BB deviceIncorrect password entered on the EA screenThe activation ETP.dat email message has reached the user’s mailbox and the BES has rejected the activation password and sent the error message to the BB device. The BES will allow 4 more attempts with the current password before a new EA password has to be created.
No EA application exists on the BB deviceThe BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
 The BB device may not be registered correctly on the VF networkConfirm that the BB device has in capital letters of either GPRS, EDGE, 3G. And is able to Register Now via the Hosting Routing Table – KB00014
 The BB device may not be running Ver. 4 or later of the device softwareConfirm that the BB device is running ver. 4 or higher of the software. To install BB device software – KB03901
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
The BB Device is not in a wireless network coverage area.Confirm that the BB device has the correct signal type. Can the BB device send a PIN message to check coverage?
The users has entered in an incorrect email address in the EA screenThe user must retry the EA process with the correct email address.
An activation password was not createdCreate an activation password
The activation email message was moved to another folder than the inbox.Confirm that there are no filtering or forwarding rules on the Messaging Server or the user’s mailbox to a folder other than the inbox.
The user’s mailbox is full.Confirm that the user’s mailbox can receive email messages.

 
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The user’s email messages are being routed to a .pst folder or .ost folder.Confirm that the user’s email mailbox is configures to leave a copy of the messages on the Messaging Server.

Personal and Offline folders are inaccessible to the BES.
The ETP.dat message is not reaching the user’s inbox because it is being deleted or modified by a virus scanning application.Confirm that the company’s antivirus software is not rejecting activation email message and that the EPT.dat attachment is not being deleted, flagged or modified.
The ETP.dat attachment is not reaching the user’s inbox because it is being identified as spam.Confirm that the company’s firewall is not filtering email messages from the blackberry,net domain.

Confirm that the company’s anti spam software is not flagging the activation email message and modifying its title, contents or the ETP.dat attachment.

Confirm that the users email application is not moving the activation email message to the default junk email message folder.

 

 

1.1.2        Stage 2 - Encryption Verification

1.       On arrival in the user’s mailbox, the Blackberry Messaging Agent identifies the new activation request email message and removes it from the user’s mailbox. The Blackberry Messaging Agent recognises the EPT.dat attachment in the activation request email message and begins the authentication process.

Points of Failure – Messaging Agent, Messaging Server, Users Mailbox

 

2.        The Blackberry Messaging Agent compares the authentication key received in the activation request email message with the authentication key generated from the activation password and stored in the Blackberry Configuration Database. If the authentication keys match, the blackberry Messaging Agent notifies the Blackberry device that the activation request has been received. The Blackberry Messaging Agent and the Blackberry device then generate their encryption keys that will be used to encrypt and decrypt all data

Points of Failure – Blackberry device, Messaging Agent

 

 


























IssueReason Solution
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages with the ETP.dat attachment appear in the user’s mailbox.
The BES does not receive the UDP notification for the new email message from the Messaging Server.Confirm that there BES can communicate with the Messaging Server
Incorrect MAPI subsystem installed on the BES.Ensure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285

 
The BESAdmin account does not have the correct permissions to access the user’s mailbox and retrieve the ETP.dat activation email message.Ensure the BESAdmin account permissions are correct for the users mailbox – KB10823

The EPT.dat activation email message must arrive in the user’s mailbox before the BESAdmin account is notified is notified that the email message has been received.
An Error has occurred. Please contact your system administrator appears on the BB deviceThe Enterprise Service Policy has restricted which BB devices can be activated on the BESConfirm that the Enterprise Service Policy allows the BB device to be activated on the BES

 

 

1.1.3        Stage 3 - Receiving services

3.       At this stage, the BES and the Blackberry device have established an encryption key and have verified their knowledge of the encryption key to each other. The Blackberry device now displays the message Encryption Verified. Waiting for Services. All data between the BES and the Blackberry device from now on is compressed and encrypted using this encryption key.

4.       The Blackberry Messaging Agent forwards the request to the Blackberry Policy Service to generate the service books. The Blackberry Policy Service adds the unique authentication key that the Blackberry Domain uses to sign IT policy data and then forwards the IT policy data through the Blackberry Dispatcher to the Blackberry Router and then to the Blackberry device. The Blackberry Policy Service waits for confirmation from the Blackberry device that the IT policy has been applied successfully.

Points of Failure – Configuration database, Messaging Agent, Policy Service, Blackberry device

 

5.       The Blackberry device applies the IT policy and sends a confirmation to the BES. The IT policy applied to the Blackberry device. The IT policy applied to the Blackberry device is now in a read-only state and can be modified only by IT policy updates sent from the same Blackberry Domain.

Points of Failure – Blackberry device

 

6.       When the Blackberry Policy Service receives the confirmation that the IT policy has been applied successfully, the Blackberry Policy Service generates and sends the service books to the Blackberry device.

Points of Failure – Configuration database, Policy Service, Blackberry device

 

7.       The Blackberry device receives the service books and displays the following message Services Received. Your email address, username@company_name.com is now enabled. At this point the users can send and receive email messages on the Blackberry device.

Points of Failure – Blackberry device

 


























IssueReason Solution
The BB device stops responding at Waiting for Services...The BB Policy Service or the BB Synchronisation Service is not started or responding.Confirm that the BB Policy Service and the BB Synchronisation Service are started or restart the services if required.
The BB Policy Service is processing the service books and the IT policy.Allow sufficient time for the BB Policy Service to process the service books and the IT policy.
Another user with the same PIN is active in the BB Configuration Database.Remove the duplicate user account from the BES.
IT Policy Rejected. Please wipe handheld and try again appears on the BB device.The BB device was previously active on another BES and has a conflicting IT policy.

This happens when the previous BES and the current BES do not share the same BB configuration database.
The user must delete all data using the Security Wipe option on the BB device to allow the new BES to overwrite the IT policy from the previous BES.

 

1.1.4        Stage 4 – Slow Synchronisation

8.       The slow synchronisation process begins. The Blackberry device requests the synchronisation configuration information from the Blackberry Synchronisation Service, the configuration information indicates whether wireless data synchronisation on the BES is turn on and which PIM databases can be synchronised. The configuration information also provides database synchronisation types (one way or two way) and conflict resolution settings.

Points of Failure – Synchronisation Service, Blackberry device

 

9.       The Blackberry Synchronisation Service returns the configuration information and synchronises the databases in the Blackberry device.

Points of Failure – Configuration Database, Blackberry device, users’ mailbox, Synchronisation Service

 

10.   The slow synchronisation process is complete when all the databases are synchronised between the Blackberry device and the BES. The blackberry device displays Activation Complete and the user account status displays Completed in the BAS console.

 








































IssueReason Solution
The EA process only completes the synchronisation process of the Calendar database.The BB Synchronisation Service is not started or responding.Confirm that the BB Synchronisation Service are started or restart the services if required.

Confirm that the MS XML parser is installed.
The BES has network connection issues with the MS SQL Server.Confirm that there are no network connectivity issues between the BES and the BB Configuration Database.
Not all databases synchronised successfully – Address Book appears on the BB device.Due to requirements for contact information, some entries in the Address Book application might have been skipped.Confirm that all contacts have a first name, last name or company name. When a contact entry is missing information in all 3 fields then the entry is not synchronised and this error message is displayed on the BB device.
PIM databases are not synchronised after the enterprise activation process has finished.The IT policy is disabling wireless bulk load, PIM synchronisation or individual PIM applications.Confirm that the IT policy allows for wireless synchronisation of PIM applications.
The EA process stops responding and the slow synchronisation process cannot complete.Content Protection is enabled on the BB Device.Turn off Content Protection before stating the EA process again.
Multiple users are attempting the slow synchronisation process at the same time.If Multiple users are attempting the slow synchronisation process at the same time, then it may take long to complete depending on BES settings and workload and the Messaging Server performance.
The Desktop [SYNC] service is corrupt.Delete and undelete the Desktop [SYNC] service books – if necessary resend from the BES.

Friday, October 19, 2012

Logs in c:\windows\system32\LogFiles\W3SVC1 filling up C: drive

A solution is to periodically purge the oldest logfiles. This is easily done by creating a scheduled task with following command:

C:\>Forfiles.exe /P C:\WINDOWS\system32\LogFiles\W3SVC1 /M *.log /D -30 /C "Cmd.exe /C del @path"

 

See http://technet.microsoft.com/en-us/library/cc753551(v=ws.10).aspx

Logs in c:\windows\system32\LogFiles\W3SVC1 filling up C: drive

A solution is to periodically purge the oldest logfiles. This is easily done by creating a scheduled task with following command:

C:\>Forfiles.exe /P C:\WINDOWS\system32\LogFiles\W3SVC1 /M *.log /D -30 /C "Cmd.exe /C del @path"

 

See http://technet.microsoft.com/en-us/library/cc753551(v=ws.10).aspx

Thursday, October 18, 2012

Cannot open your default email folders Microsoft exchange is not available.Either there are network problems or the exchange server is down for maintenance.

You'll probably see Event ID 9646 is logged in the application event log of your Exchange Server 2003 computer for a client opening many MAPI sessions.

This KB relates to the error below: http://support.microsoft.com/kb/842022

However, i found that moving the users mailbox to another store resolved this issue without making registry changes.

On a server that is running Microsoft Exchange Server 2003, an event that resembles the following event is logged in the Application log:

Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9646
Description:
Closing Mapi session "/o=Organization/ou=Administrative Group/cn=Recipients/cn=Recipient" because it exceeded the maximum of 32 objects of type "session".

When this issue occurs, you may also receive the following error message in Microsoft Office Outlook 2003:


Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server is down for maintenance.


Cannot open your default email folders Microsoft exchange is not available.Either there are network problems or the exchange server is down for maintenance.

You'll probably see Event ID 9646 is logged in the application event log of your Exchange Server 2003 computer for a client opening many MAPI sessions.

This KB relates to the error below: http://support.microsoft.com/kb/842022

However, i found that moving the users mailbox to another store resolved this issue without making registry changes.

On a server that is running Microsoft Exchange Server 2003, an event that resembles the following event is logged in the Application log:

Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9646
Description:
Closing Mapi session "/o=Organization/ou=Administrative Group/cn=Recipients/cn=Recipient" because it exceeded the maximum of 32 objects of type "session".

When this issue occurs, you may also receive the following error message in Microsoft Office Outlook 2003:


Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server is down for maintenance.


Ports that Systems Management Server 2003 uses to communicate through a firewall or through a proxy server

http://support.microsoft.com/kb/826852

Port Requirements: SMS site server to Active Directory


SMS 2003 site servers require access to the Active Directory global catalog server in order to do the following:

  • Publish site systems to Active Directory

  • Publish and query for Active Directory site boundaries

  • Run Active Directory discovery methods











































Service NameUDPTCP
LDAP389389
LDAP SSLN/A636
RPC Endpoint Mapper135135
Global Catalog LDAPN/A3268
Global Catalog LDAP SSLN/A3269
Kerberos8888


Port requirements: SMS 2003 site server to the child site, to the secondary site, or to the SMS SQL Server












Port 445Server Message Block (SMB)


Port requirements: SMS 2003 site server to remote SMS SQL Server database. Proxy management points, management point, server locator points, and reporting points to the SMS SQL Server database












Port 1433TCP (SMS site server to SQL server)


Note For more information about SQL server ports, see the section “Microsoft SQL Server ports” section.

Port requirements: SMS 2003 Advanced Client to Active Directory


In an Active Directory environment, the Advanced client makes a Lightweight Directory Access Protocol (LDAP) query to the global catalog server to find a management point that matches the client’s IP address. The following ports are required in Active Directory to allow the client to contact the global catalog server.


























Port 389UDP (User Datagram Protocol) LDAP Ping
Port 389TCP LDAP
Port 636TCP LDAP (SSL Connection)
Port 3268TCP (explicit connection to Global Catalog)
Port 3269TCP (explicit SSL connection to Global Catalog)


Port requirements: SMS 2003 Advanced Client to Management Point or to distribution point




















Port 80Hypertext Transfer Protocol (HTTP)
Port 139Client sessions (for non BITS-enabled DPs)
Port 445Server Message Block (for non BITS-enabled DPs)


Note When you use a Background Intelligent Transfer Service (BITS)-enabled distribution point through a firewall, only port 80 needs to opened both the management point and BITS-enabled distribution point. All communications will be initiated from the client. If you are only opening port 80, you will need to specify the management point by using the following script:


dim oSMSClient 
set oSMSClient = CreateObject ("Microsoft.SMS.Client")
oSMSClient.SetCurrentManagementPoint "MP NetBIOS name",0
set oSMSClient=nothing



Without access to the active directory or WINS in the environment, the advanced client will need an lmhosts file on the client computers. You will need entries for one or more MPs. For example, the following MP has an IP address of 10.0.0.1and a site code of AAA10.0.0.1 "MP_AAA x1A" #PRE. For more information about how to write an LMHOSTS file, click the following article number to view the article in the Microsoft Knowledge Base:
180094 How to write an Lmhosts file for domain validation and other name resolution issues

Port requirements: SMS Remote Control System service: Wuser32





















































Application protocolProtocolPorts
SMS Remote ChatTCP2703
SMS Remote ChatUDP2703
SMS Remote Control (control)TCP2701
SMS Remote Control (control)UDP2701
SMS Remote Control (data)TCP2702
SMS Remote Control (data)UDP2702
SMS Remote File TransferTCP2704
SMS Remote File TransferUDP2704


SMS Remote Control UDP


When you use NetBIOS over TCP/IP for SMS Remote Control, the following ports are used:


















Port 137Name resolution
Port 138Messaging
Port 139Client sessions


Note When you use NetBIOS over Novell NWLink, you must configure the router to forward type 20 packets. Type 20 packets provide NetBIOS support.

Microsoft Windows NT UDP


The following list includes the core UDP ports that Windows NT uses, and it also lists their respective functions:




































Domain Name System (DNS)UDP53
Dynamic Host Configuration Protocol (DHCP)UDP67
Remote procedure call (RPC)TCP135
Windows Internet Name Service (WINS)UDP138
NetBIOS datagramsUDP138
NetBIOS datagramsTCP139


Note The SMS Administrator console must have TCP port 135 open for communication. Otherwise, the console cannot display all the items in the console tree.

Microsoft SQL Server ports


If you use the TCP/IP Net-Library, enable port 1433 on the firewall. Use the Hosts file or an advanced connection string for host name resolution.

If you use named pipes over TCP/IP, enable port 139 for NetBIOS functions.

Microsoft does not recommend that you enable UDP ports 137 and 138 for NetBIOS name resolution by using B-node broadcasts. Instead, you can use a WINS server or an Lmhosts file for name resolution.

By default, SQL Server uses TCP (not UDP) port 1433 to listen on TCP/IP. To change the port, run SQL Server Setup on the server and then click Change Network Support. If SQL Server uses port 1433, the client Net-Library works. If SQL Server uses a custom port number, the client must specify that port in the Data Source Name (DSN).

SMS RAS Sender


SMS can also use the SMS RAS Sender with Point to Point Tunneling Protocol (PPTP) to send and to receive SMS site, client, and administrative information through a firewall. Under these circumstances, the following port is used:











PPTPTCP1723


Security


To help improve the security of your computer, you can configure your firewall to use Internet Protocol (IP) filters that permit only registered addresses to pass through the firewall.

If you enable specific ports on a proxy server or on a firewall, this may affect the security of your computer. For additional information about security issues, visit the following Microsoft Web site:

For more information about how to restrict TCP/IP ports for DCOM, click the following article number to view the article in the Microsoft Knowledge Base:
300083 How to restrict TCP/IP ports on Windows 2000 and Windows XP

Ports that Systems Management Server 2003 uses to communicate through a firewall or through a proxy server

http://support.microsoft.com/kb/826852

Port Requirements: SMS site server to Active Directory


SMS 2003 site servers require access to the Active Directory global catalog server in order to do the following:

  • Publish site systems to Active Directory

  • Publish and query for Active Directory site boundaries

  • Run Active Directory discovery methods











































Service NameUDPTCP
LDAP389389
LDAP SSLN/A636
RPC Endpoint Mapper135135
Global Catalog LDAPN/A3268
Global Catalog LDAP SSLN/A3269
Kerberos8888


Port requirements: SMS 2003 site server to the child site, to the secondary site, or to the SMS SQL Server












Port 445Server Message Block (SMB)


Port requirements: SMS 2003 site server to remote SMS SQL Server database. Proxy management points, management point, server locator points, and reporting points to the SMS SQL Server database












Port 1433TCP (SMS site server to SQL server)


Note For more information about SQL server ports, see the section “Microsoft SQL Server ports” section.

Port requirements: SMS 2003 Advanced Client to Active Directory


In an Active Directory environment, the Advanced client makes a Lightweight Directory Access Protocol (LDAP) query to the global catalog server to find a management point that matches the client’s IP address. The following ports are required in Active Directory to allow the client to contact the global catalog server.


























Port 389UDP (User Datagram Protocol) LDAP Ping
Port 389TCP LDAP
Port 636TCP LDAP (SSL Connection)
Port 3268TCP (explicit connection to Global Catalog)
Port 3269TCP (explicit SSL connection to Global Catalog)


Port requirements: SMS 2003 Advanced Client to Management Point or to distribution point




















Port 80Hypertext Transfer Protocol (HTTP)
Port 139Client sessions (for non BITS-enabled DPs)
Port 445Server Message Block (for non BITS-enabled DPs)


Note When you use a Background Intelligent Transfer Service (BITS)-enabled distribution point through a firewall, only port 80 needs to opened both the management point and BITS-enabled distribution point. All communications will be initiated from the client. If you are only opening port 80, you will need to specify the management point by using the following script:


dim oSMSClient 
set oSMSClient = CreateObject ("Microsoft.SMS.Client")
oSMSClient.SetCurrentManagementPoint "MP NetBIOS name",0
set oSMSClient=nothing



Without access to the active directory or WINS in the environment, the advanced client will need an lmhosts file on the client computers. You will need entries for one or more MPs. For example, the following MP has an IP address of 10.0.0.1and a site code of AAA10.0.0.1 "MP_AAA x1A" #PRE. For more information about how to write an LMHOSTS file, click the following article number to view the article in the Microsoft Knowledge Base:
180094 How to write an Lmhosts file for domain validation and other name resolution issues

Port requirements: SMS Remote Control System service: Wuser32





















































Application protocolProtocolPorts
SMS Remote ChatTCP2703
SMS Remote ChatUDP2703
SMS Remote Control (control)TCP2701
SMS Remote Control (control)UDP2701
SMS Remote Control (data)TCP2702
SMS Remote Control (data)UDP2702
SMS Remote File TransferTCP2704
SMS Remote File TransferUDP2704


SMS Remote Control UDP


When you use NetBIOS over TCP/IP for SMS Remote Control, the following ports are used:


















Port 137Name resolution
Port 138Messaging
Port 139Client sessions


Note When you use NetBIOS over Novell NWLink, you must configure the router to forward type 20 packets. Type 20 packets provide NetBIOS support.

Microsoft Windows NT UDP


The following list includes the core UDP ports that Windows NT uses, and it also lists their respective functions:




































Domain Name System (DNS)UDP53
Dynamic Host Configuration Protocol (DHCP)UDP67
Remote procedure call (RPC)TCP135
Windows Internet Name Service (WINS)UDP138
NetBIOS datagramsUDP138
NetBIOS datagramsTCP139


Note The SMS Administrator console must have TCP port 135 open for communication. Otherwise, the console cannot display all the items in the console tree.

Microsoft SQL Server ports


If you use the TCP/IP Net-Library, enable port 1433 on the firewall. Use the Hosts file or an advanced connection string for host name resolution.

If you use named pipes over TCP/IP, enable port 139 for NetBIOS functions.

Microsoft does not recommend that you enable UDP ports 137 and 138 for NetBIOS name resolution by using B-node broadcasts. Instead, you can use a WINS server or an Lmhosts file for name resolution.

By default, SQL Server uses TCP (not UDP) port 1433 to listen on TCP/IP. To change the port, run SQL Server Setup on the server and then click Change Network Support. If SQL Server uses port 1433, the client Net-Library works. If SQL Server uses a custom port number, the client must specify that port in the Data Source Name (DSN).

SMS RAS Sender


SMS can also use the SMS RAS Sender with Point to Point Tunneling Protocol (PPTP) to send and to receive SMS site, client, and administrative information through a firewall. Under these circumstances, the following port is used:











PPTPTCP1723


Security


To help improve the security of your computer, you can configure your firewall to use Internet Protocol (IP) filters that permit only registered addresses to pass through the firewall.

If you enable specific ports on a proxy server or on a firewall, this may affect the security of your computer. For additional information about security issues, visit the following Microsoft Web site:

For more information about how to restrict TCP/IP ports for DCOM, click the following article number to view the article in the Microsoft Knowledge Base:
300083 How to restrict TCP/IP ports on Windows 2000 and Windows XP

Tuesday, October 16, 2012

Modify Exchange 2003 Quotas above the 2Gb GUI AD Users and Computers Limit

Modify Exchange 2003 Quotas above the 2Gb GUI AD Users and Computers Limit

  1. Login to DC with ADSI Edit installed

  2. Create an MMC and add the ADSI Edit snap in

  3. Connect to the domain

  4. Navigate through ADIS Edit GUI to find user

  5. Right click and choose "properties"

  6. Modify these values


MDBOverQuotaLimit (Prohibit Send at.... value)

MDBStorageQuota (Issue Warning at....value)

e.g.

Set MDBOverQuotaLimit = "3000000" to set a 3.0Gb limit

Set MDBStorageQuota = "2800000" to set a 2.8Gb warning

Modify Exchange 2003 Quotas above the 2Gb GUI AD Users and Computers Limit

Modify Exchange 2003 Quotas above the 2Gb GUI AD Users and Computers Limit

  1. Login to DC with ADSI Edit installed

  2. Create an MMC and add the ADSI Edit snap in

  3. Connect to the domain

  4. Navigate through ADIS Edit GUI to find user

  5. Right click and choose "properties"

  6. Modify these values


MDBOverQuotaLimit (Prohibit Send at.... value)

MDBStorageQuota (Issue Warning at....value)

e.g.

Set MDBOverQuotaLimit = "3000000" to set a 3.0Gb limit

Set MDBStorageQuota = "2800000" to set a 2.8Gb warning

SMS SCCM WDS MDT Windows 7

Tips- How to package software


Switches


-r
Causes Setup.exe automatically to generate a silent setup file (.iss file), which is a record of the setup input, in the Windows folder.

 

Packages


cmd files must have drive letter
more info at http://www.appdeploy.com/
tick "suppress program notifications" to stop systray bubble/add and remove programs

Useful silent (un)install code:

  • msiexec /I "xxxx.msi" transforms="xxxx.mst" /qn /norestart (/qn shows no interface, /qb shows basic progress bar)

  • msiexec /x "xxxx.msi" /qn /norestart

  • C:\WINDOWS\IsUninst.exe -fC:\xxx\xxx.isu -a (-a is for silent)


IMAGEx


Enter “imagex /info img_file“, where “img_file” represents the location of the WIM file. You should see now the description of the WIM file as an XML file. The name of the tag for the image number is IMAGE INDEX.

Create a new folder where the image shall be mounted. This is the image path. Now, you can mount the image:

imagex /mount img_file img_number img_path

imagex /mountrw img_file img_number img_path

Once you’ve modified the image you can unmount it with this command:

imagex /unmount /commit img_path

DISM


dism /Mount-Wim /wimfile:d:\boot.wim /index:1 /MountDir:d:\mount
or
dism /Mount-Wim /wimfile:d:\boot.wim /index:2 /MountDir:d:\mount
or
dism /Mount-Wim /wimfile:d:\install.wim /index:3 /MountDir:d:\mount

http://technet.microsoft.com/en-us/library/dd744360%28v=ws.10%29.aspx


dism /Mount-Wim /wimfile:"E:\DeploymentShare\Operating Systems\Windows7x64-Aug12\Windows7x64.wim" /index:1 /MountDir:e:\mount
dism /Unmount-Wim /MountDir:e:\mount /commit
Dism /image:e:\mount /Set-UserLocale:EN-gb
Dism /image:e:\mount /Set-UILang:EN-us
Dism /image:e:\mount /Set-SysLocale:EN-gb
Dism /image:e:\mount /Set-InputLocale:EN-gb
Dism /image:e:\mount /Set-AllIntl:EN-gb
Dism /image:e:\mount /Set-SKUIntlDefaults:EN-gb

 

Add Drivers to Vista Boot Image


1. Update the WDS boot image to include the new third-party network driver. To do this, follow these steps.

Note The following procedure assumes that the Windows Automated Installation Kit (AIK) is installed on the WDS server. If the Windows AIK is not installed on the WDS server, you can perform the same procedure on another computer that does have the Windows AIK installed. Then, map a network drive to the WDS server.
a. On the WDS server, click Start, click Run, type wdsmgmt.msc, and then press OK.
b. Under your WDS server, double-click Boot images.
c. Right-click the boot image that you want, and then click Disable.
d. Right-click the same boot image, click Properties, and then click General.
e. Note the name and location of the boot image that is displayed in the File name box.
f. At a command prompt, type the following:
C:\program files\windows aik\tools\petools\copype.cmd x86 c:\windowspe-x86
Note Keep this command prompt window open for the next step.
Imagex /info o:\remoteinstall\boot\x86\images\kinstall.wim
Notes

  • Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.

  • Boot.wim is the name of the boot image.
    g. Note the boot index number of the bootable image that is displayed. To identify the boot index number, locate the line that contains "boot index: X."


Note X is the boot index number. The number indicates that image number X is marked as bootable and that the image is to be updated. The second image is the default image that you would typically modify. However, always verify which image is marked as bootable.
h. At a command prompt, type the following:
Imagex /mountrw Drive:\remoteinstall\boot\x86\images\boot.wim 2 mount
peimg /inf=driver.inf mount\Windows
imagex /unmount /commit mount
Notes

  • Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.

  • Driver.inf is the name of the third-party driver.

  • The Imagex /mountrw command mounts the specified image, with read/write permissions, to the specified directory.
    2. Enable the boot image on the WDS server. To do this, follow these steps:
    . On the WDS server, click Start, click Run, type wdsmgmt.msc, and then click OK.
    a. Under WDS server, double-click Boot images.
    b. Right-click the boot image that you want, and then click Enable.


----











copype.cmd x86 c:\windowspe-x86



imagex /info O:\RemoteInstall\Boot\x86\Images\Kcapture.WIM

imagex /mountrw O:\RemoteInstall\Boot\x86\Images\Kcapture.WIM 3 mount


------------------------

[ option1- one driver]


peimg /inf="[path to .inf]" /image=C:\windowspe-x86\mount

-------------------------------------

[ option2- multidriver]


for /R O:\RemoteInstall\driver_to_inject\network\760-960\780 %i in (*.inf) do peimg /inf=%i c:\windowspe-x86\mount\windows\

---------------------------------------------


imagex /unmount /commit C:\windowspe-x86\mount



imagex /unmount /commit mount


----------





 



Labels: 



Microsoft deployment Toolkit (MDT)


Instructions:
These instructions are brief and hopefully a useful first step.

How to deploy and Windows server 2003 image to bare metal (set to capture the file at the end of the task sequence)

1 On the computer you wish to deploy an OS instance power on and press F12 when prompted.  Select network boot (PXE boot).  Be ready to press F12 again when prompted otherwise it will time out and proceed to the next item in the boot order. Proceeding will Format the computer and delete all data!
2 Select 'Lite Touch Windows PE (x64)-Engineering' to pull down the WinPE file.
3 This produces a MDT Wizard, enter your domain credentials.
4 Select 'Microsoft Server 2003 Standard x64' from the task sequence.
5 Complete the wizard and 'begin'.
5.1 If you choose to capture the image after deployment specify the capture location as \\contoso\DeploymentShareEng$\captures
6 Upon completion you will have Server 2003 installed (and if selected a captured image).

How to sysprep and capture a current image.

1 On the computer you wish to capture click Start > Run and type \\contoso\DeploymentShareEng$\scripts\LiteTouch.vbs
2 This produces a MDT Wizard, enter your domain credentials.
3 Select 'sysprep and capture' from the task sequence.
4 Save the capure to \\contoso\DeploymentShareEng$\captures
5 Complete the wizard and 'begin'.
6 Upon completion you will have a WIM file located in \\contoso\DeploymentShareEng$\captures which can be used in other task sequences.

SMS SCCM WDS MDT Windows 7

Tips- How to package software


Switches


-r
Causes Setup.exe automatically to generate a silent setup file (.iss file), which is a record of the setup input, in the Windows folder.

 

Packages


cmd files must have drive letter
more info at http://www.appdeploy.com/
tick "suppress program notifications" to stop systray bubble/add and remove programs

Useful silent (un)install code:

  • msiexec /I "xxxx.msi" transforms="xxxx.mst" /qn /norestart (/qn shows no interface, /qb shows basic progress bar)

  • msiexec /x "xxxx.msi" /qn /norestart

  • C:\WINDOWS\IsUninst.exe -fC:\xxx\xxx.isu -a (-a is for silent)


IMAGEx


Enter “imagex /info img_file“, where “img_file” represents the location of the WIM file. You should see now the description of the WIM file as an XML file. The name of the tag for the image number is IMAGE INDEX.

Create a new folder where the image shall be mounted. This is the image path. Now, you can mount the image:

imagex /mount img_file img_number img_path

imagex /mountrw img_file img_number img_path

Once you’ve modified the image you can unmount it with this command:

imagex /unmount /commit img_path

DISM


dism /Mount-Wim /wimfile:d:\boot.wim /index:1 /MountDir:d:\mount
or
dism /Mount-Wim /wimfile:d:\boot.wim /index:2 /MountDir:d:\mount
or
dism /Mount-Wim /wimfile:d:\install.wim /index:3 /MountDir:d:\mount

http://technet.microsoft.com/en-us/library/dd744360%28v=ws.10%29.aspx


dism /Mount-Wim /wimfile:"E:\DeploymentShare\Operating Systems\Windows7x64-Aug12\Windows7x64.wim" /index:1 /MountDir:e:\mount
dism /Unmount-Wim /MountDir:e:\mount /commit
Dism /image:e:\mount /Set-UserLocale:EN-gb
Dism /image:e:\mount /Set-UILang:EN-us
Dism /image:e:\mount /Set-SysLocale:EN-gb
Dism /image:e:\mount /Set-InputLocale:EN-gb
Dism /image:e:\mount /Set-AllIntl:EN-gb
Dism /image:e:\mount /Set-SKUIntlDefaults:EN-gb

 

Add Drivers to Vista Boot Image


1. Update the WDS boot image to include the new third-party network driver. To do this, follow these steps.

Note The following procedure assumes that the Windows Automated Installation Kit (AIK) is installed on the WDS server. If the Windows AIK is not installed on the WDS server, you can perform the same procedure on another computer that does have the Windows AIK installed. Then, map a network drive to the WDS server.
a. On the WDS server, click Start, click Run, type wdsmgmt.msc, and then press OK.
b. Under your WDS server, double-click Boot images.
c. Right-click the boot image that you want, and then click Disable.
d. Right-click the same boot image, click Properties, and then click General.
e. Note the name and location of the boot image that is displayed in the File name box.
f. At a command prompt, type the following:
C:\program files\windows aik\tools\petools\copype.cmd x86 c:\windowspe-x86
Note Keep this command prompt window open for the next step.
Imagex /info o:\remoteinstall\boot\x86\images\kinstall.wim
Notes

  • Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.

  • Boot.wim is the name of the boot image.
    g. Note the boot index number of the bootable image that is displayed. To identify the boot index number, locate the line that contains "boot index: X."


Note X is the boot index number. The number indicates that image number X is marked as bootable and that the image is to be updated. The second image is the default image that you would typically modify. However, always verify which image is marked as bootable.
h. At a command prompt, type the following:
Imagex /mountrw Drive:\remoteinstall\boot\x86\images\boot.wim 2 mount
peimg /inf=driver.inf mount\Windows
imagex /unmount /commit mount
Notes

  • Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.

  • Driver.inf is the name of the third-party driver.

  • The Imagex /mountrw command mounts the specified image, with read/write permissions, to the specified directory.
    2. Enable the boot image on the WDS server. To do this, follow these steps:
    . On the WDS server, click Start, click Run, type wdsmgmt.msc, and then click OK.
    a. Under WDS server, double-click Boot images.
    b. Right-click the boot image that you want, and then click Enable.


----











copype.cmd x86 c:\windowspe-x86



imagex /info O:\RemoteInstall\Boot\x86\Images\Kcapture.WIM

imagex /mountrw O:\RemoteInstall\Boot\x86\Images\Kcapture.WIM 3 mount


------------------------

[ option1- one driver]


peimg /inf="[path to .inf]" /image=C:\windowspe-x86\mount

-------------------------------------

[ option2- multidriver]


for /R O:\RemoteInstall\driver_to_inject\network\760-960\780 %i in (*.inf) do peimg /inf=%i c:\windowspe-x86\mount\windows\

---------------------------------------------


imagex /unmount /commit C:\windowspe-x86\mount



imagex /unmount /commit mount


----------





 



Labels: 



Microsoft deployment Toolkit (MDT)


Instructions:
These instructions are brief and hopefully a useful first step.

How to deploy and Windows server 2003 image to bare metal (set to capture the file at the end of the task sequence)

1 On the computer you wish to deploy an OS instance power on and press F12 when prompted.  Select network boot (PXE boot).  Be ready to press F12 again when prompted otherwise it will time out and proceed to the next item in the boot order. Proceeding will Format the computer and delete all data!
2 Select 'Lite Touch Windows PE (x64)-Engineering' to pull down the WinPE file.
3 This produces a MDT Wizard, enter your domain credentials.
4 Select 'Microsoft Server 2003 Standard x64' from the task sequence.
5 Complete the wizard and 'begin'.
5.1 If you choose to capture the image after deployment specify the capture location as \\contoso\DeploymentShareEng$\captures
6 Upon completion you will have Server 2003 installed (and if selected a captured image).

How to sysprep and capture a current image.

1 On the computer you wish to capture click Start > Run and type \\contoso\DeploymentShareEng$\scripts\LiteTouch.vbs
2 This produces a MDT Wizard, enter your domain credentials.
3 Select 'sysprep and capture' from the task sequence.
4 Save the capure to \\contoso\DeploymentShareEng$\captures
5 Complete the wizard and 'begin'.
6 Upon completion you will have a WIM file located in \\contoso\DeploymentShareEng$\captures which can be used in other task sequences.

Microsoft Office 2007 Pro Plus troubleshooting

Microsoft Office 2007 Pro Plus


Microsoft Office 2007 Pro Plus 

Microsoft Office Excel 2007 to analyze your business information, create spreadsheets, and track time, costs, resources, and people
Microsoft Office Word 2007 to create, manage, save, and edit documents
Microsoft Office Publisher 2007 to produce professional publications
Microsoft Office Outlook 2007 to manage tasks, daily appointments, and email
Microsoft Office PowerPoint 2007 to create dynamic sales presentations
Microsoft Access 2007 to create a database and then filter, sort, graph, and visualize business information
InfoPath 2007 to lower the cost of executing business transactions and processes with advanced electronic forms technologies

Trouble shooting section


Issue: Error starting Outlook: "Cannot start Microsoft Office Outlook. Cannot open the Outlook window."

Cause and FIX
This problem can occur when file that maintains the Navigation Pane settings becomes corrupted. This file is called profilename.xml, where profilename is the name of your Outlook profile. This file is stored in the following folder:

•Windows XP

C:\Documents and Settings\username\Application Data\Microsoft\Outlook

•Windows Vista, Windows 7

C:\Users\username\AppData\Roaming\Microsoft\Outlook
A good indication this file is corrupted is when the file size is 0 KB.

To resolve this problem, use the following steps.

1.On the Start menu click Run.
2.In the Run dialog box, type the following command:

Outlook.exe /resetnavpane

Note: There is a space between "Outlook.exe" and "/resetnavpane"

3.Click OK
Issue: Exchange 2003 SP2 and Outlook 2007, mapped mailbox indicates the inbox has one or more unread messages.  However, they are not being displayed in the reading pane.

Connecting directly to the mailbox via wmail reveals the unread messages as well many more read emails that were not present in the mapped mailbox.

Cause and FIX

1 You are able to see all emails when connecting to the mailbox directly (i.e via wmail) but not as a mapped mailbox. The reason is the emails are being sent with a special properties set. The 'sensitivity' setting is defined as 'Private' which mean only the intended recipient user can see the email not users sharing the mailbox.
Issue: Outlook starts with the error message "There is no email program associated to perform the requested action"

Cause and FIX
After clicking on the OK button Outlook appears to respond correctly. Does not relate to missing Plugins or other messages, only when you start Outlook the first time.  Looking at Default file extensions in Windows 7 was not revealing as the current settings mimic another working computer.

After investigation the FIX involved copying [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook] registry from another working computer.  The computer with the error message was missing all of the keys even after re-installing the software.

Issue: If a user has an issue where PowerPoint changes the hyperlink the user inputs from (e.g.) M:\Eng\pdfexample.pdf to ../../root/eng/pdfexample.pdf then please follow the below instructions to fix:

Following stops PowerPoint messing with links on save.

Tools -> Options -> General -> Web Options -> Files -> Update links on save.
Needs to be unchecked.

Microsoft Office 2007 Pro Plus troubleshooting

Microsoft Office 2007 Pro Plus


Microsoft Office 2007 Pro Plus 

Microsoft Office Excel 2007 to analyze your business information, create spreadsheets, and track time, costs, resources, and people
Microsoft Office Word 2007 to create, manage, save, and edit documents
Microsoft Office Publisher 2007 to produce professional publications
Microsoft Office Outlook 2007 to manage tasks, daily appointments, and email
Microsoft Office PowerPoint 2007 to create dynamic sales presentations
Microsoft Access 2007 to create a database and then filter, sort, graph, and visualize business information
InfoPath 2007 to lower the cost of executing business transactions and processes with advanced electronic forms technologies

Trouble shooting section


Issue: Error starting Outlook: "Cannot start Microsoft Office Outlook. Cannot open the Outlook window."

Cause and FIX
This problem can occur when file that maintains the Navigation Pane settings becomes corrupted. This file is called profilename.xml, where profilename is the name of your Outlook profile. This file is stored in the following folder:

•Windows XP

C:\Documents and Settings\username\Application Data\Microsoft\Outlook

•Windows Vista, Windows 7

C:\Users\username\AppData\Roaming\Microsoft\Outlook
A good indication this file is corrupted is when the file size is 0 KB.

To resolve this problem, use the following steps.

1.On the Start menu click Run.
2.In the Run dialog box, type the following command:

Outlook.exe /resetnavpane

Note: There is a space between "Outlook.exe" and "/resetnavpane"

3.Click OK
Issue: Exchange 2003 SP2 and Outlook 2007, mapped mailbox indicates the inbox has one or more unread messages.  However, they are not being displayed in the reading pane.

Connecting directly to the mailbox via wmail reveals the unread messages as well many more read emails that were not present in the mapped mailbox.

Cause and FIX

1 You are able to see all emails when connecting to the mailbox directly (i.e via wmail) but not as a mapped mailbox. The reason is the emails are being sent with a special properties set. The 'sensitivity' setting is defined as 'Private' which mean only the intended recipient user can see the email not users sharing the mailbox.
Issue: Outlook starts with the error message "There is no email program associated to perform the requested action"

Cause and FIX
After clicking on the OK button Outlook appears to respond correctly. Does not relate to missing Plugins or other messages, only when you start Outlook the first time.  Looking at Default file extensions in Windows 7 was not revealing as the current settings mimic another working computer.

After investigation the FIX involved copying [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook] registry from another working computer.  The computer with the error message was missing all of the keys even after re-installing the software.

Issue: If a user has an issue where PowerPoint changes the hyperlink the user inputs from (e.g.) M:\Eng\pdfexample.pdf to ../../root/eng/pdfexample.pdf then please follow the below instructions to fix:

Following stops PowerPoint messing with links on save.

Tools -> Options -> General -> Web Options -> Files -> Update links on save.
Needs to be unchecked.