Install Updates OSD Task Sequence
Why is it that the install updates step will only work if I have it joining the domain in the "Apply Network Settings" step. Other wise, the install updates step just starts at 0%, says detecting updates, and goes to the next step.
Problem is that I'm running a build and capture task sequence and I'm getting an error (0x00000004) during the "Prepare OS" step which I believe is related to running sysprep when joined to domain not workgroup.
Can someone give me a clue?
January 17th, 2012 4:03pm
Hi,
If the computer is not joined to the domain it cannot use the site boundries published in AD, so if you install the client with SMSSLP=Server and install the Server Locator Point on the site server, you will see that it starts to work for you.
regards,
Jörgen-- My System Center blog ccmexec.com -- Twitter @ccmexec
Free Windows Admin Tool Kit Click here and download it now
January 17th, 2012 5:22pm
When putting Software Updates in the Task Sequence, and the system is not yet domain member, add the next lines to the "Setup windows and ConfigMgr" step (SMSSLP=SERVERNAME.FQDN.COM SMSMP=SERVERNAME.FQDN.COM)
http://henkhoogendoorn.blogspot.com/2011/02/handy-tips-and-tricks-for-configmgr.html
My blogs: Henk's blog and
Virtuall | Follow Me on:
Twitter | View My Profile on:
LinkedIn
January 18th, 2012 5:50am
got this in my "setup windows and configmgr" task sequence step
SMSCACHESIZE=10240 SMSMP=mysiteserver.mydomain.local SMSSLP=mysiteserver.mydomain.local
Only way it runs updates is if I join domain in "apply network settings" step still...
HELP!!
Free Windows Admin Tool Kit Click here and download it now
January 18th, 2012 4:17pm
Do you have a Server Locator Point installed already? Do you have advertised Software updates to the Collection where your client resides? That way Software updates will be installed during B&C when it's a member of a workgroup.
At the point that Sysprep runs, the system must be a member of a workgroup. It's best for it to remain in a workgroup throughout the entire B&C process. No need to be domain member at all.
My blogs: Henk's blog and
Virtuall | Follow Me on:
Twitter | View My Profile on:
LinkedIn
January 19th, 2012 7:00am
yes there is a server locator point.
I have advertised the updates to two collections:
Unknown computers is one deployment
A Windows 7 collection is another deployment
It seems that it only works when joining the domain because that places the client into a known collection (Windows 7) that gets the software updates deployment.
If it is still in a workgroup, the unknown collection deployment is not working. Is the computer still considered unknown at this point or should I target the deployment to another collection?
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2012 1:22pm
If it is still in a workgroup, the unknown collection deployment is not working. Is the computer still considered unknown at this point or should I target the deployment to another collection?
I think it's not unknown anymore at this point because off ConfigMgr client installation?
When I create a reference image and want updates in it, i don't advertise Software updates on the Unknown computer collection. Normally I import the computer with mac-address (so it's known) and place it in a Build & Capture collection. Then I advertise
Software updates on that collection. That way (and place the SMSSLP & SMSMP rule) it works without adding the reference computer to the domain! 100% sure.My blogs: Henk's blog and
Virtuall | Follow Me on:
Twitter | View My Profile on:
LinkedIn
January 19th, 2012 3:12pm
Similar to the post here:
http://social.technet.microsoft.com/Forums/en-US/configmgrosd/thread/4fae2e3a-4a28-41eb-822d-eab9fbc9c8dd/
I get an 8004005 error right after it says detecting updates, now this is ONLY when not joined to the domain...
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2012 1:08pm
When Software Updates are not installed during the Task Sequence, change the advertisement at Download Settings > Slow network boundary from "Do not install updates" to "Download software updates from distribution point
and install".
http://henkhoogendoorn.blogspot.com/2011/02/handy-tips-and-tricks-for-configmgr.html
> 80004005 means in the most situations access denied. Check security on your NA account.My blogs: Henk's blog and
Virtuall | Follow Me on:
Twitter | View My Profile on:
LinkedIn
January 26th, 2012 4:03pm
does that mean that if I have AD site boundaries and I add SMSLP to the client install it will work for software updates or do I still have to add another boundary that the client is in if in workgroup?
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2012 10:06am
As I said in my own thread. You do need to define the boundaries Active Directory boundaries work only for Active Directory clients.MCITP Server Administrator
MCTS Configuration Manager
MCTS Operations Manager
Blog: http://www.nixadmins.net Twitter: Mats_Hellman
January 31st, 2012 10:13am
does that mean that if I have AD site boundaries and I add SMSLP to the client install it will work for software updates or do I still have to add another boundary that the client is in if in workgroup?
The best you can do is configure boundaries based on IP-address ranges! Just make sure that all devices managed (also workgroup devices) are inside the boundaries configured in your environment.
My blogs:
Henk's blog and
Virtuall | Follow Me on:
Twitter | View My Profile on:
LinkedIn
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2012 10:22am
and if my distribution point is protected and I'd rather not unprotect, then would I add this boundary to it??
January 31st, 2012 11:26am
Yes, you would. Protecting distribution points means that clients form other boundaries can't access them. Mostly this is used if one distribution point is behind a slow connection and you really dont want clients from other subnets accessing this site,
you protect it. The main site is usually unprotected since we mostly want to manage all clients one way or the other.
From the ConfigMGR documentation,
"Protecting a Microsoft System Center Configuration Manager 2007 site system means that clients outside of the protected boundaries will be unable to access the distribution point or state migration point roles on that site system. Protection is applied
to the entire site system, not just to the properties of the site role. However, protection has no effect on any site system roles except distribution points and state migration points. "
http://technet.microsoft.com/en-us/library/bb932133.aspxMCITP Server Administrator
MCTS Configuration Manager
MCTS Operations Manager
Blog: http://www.nixadmins.net Twitter: Mats_Hellman
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2012 11:43am
Yes, you would. Protecting distribution points means that clients form other boundaries can't access them. Mostly this is used if one distribution point is behind a slow connection and you really dont want clients from other subnets accessing this site,
you protect it. The main site is usually unprotected since we mostly want to manage all clients one way or the other.
From the ConfigMGR documentation,
"Protecting a Microsoft System Center Configuration Manager 2007 site system means that clients outside of the protected boundaries will be unable to access the distribution point or state migration point roles on that site system. Protection is applied
to the entire site system, not just to the properties of the site role. However, protection has no effect on any site system roles except distribution points and state migration points. "
http://technet.microsoft.com/en-us/library/bb932133.aspxMCITP Server Administrator
MCTS Configuration Manager
MCTS Operations Manager
Blog: http://www.nixadmins.net Twitter: Mats_Hellman
January 31st, 2012 7:40pm