Chapter 10. The Configuration Manager Console

IN THIS CHAPTER

Using Microsoft Management Console 3.0

Console Deployment

Customizing the Console

Security Considerations

Configuration Manager Service Manager

Troubleshooting Console Issues

The Administrator console is a key element of any Configuration Manager (ConfigMgr) 2007 environment. The console is the interface administrators use to maintain the site and hierarchy as well as to perform daily tasks to manage and configure sites, the site database, clients, and monitor the status of the hierarchy.

This chapter describes how to deploy the console, console features, and how to use those features.

Using Microsoft Management Console 3.0

The ConfigMgr console has a new fresh look, with a different look and feel from the older Systems Management Server (SMS) 2003 console. This new look and feel is because the console is based on the new Microsoft Management Console 3.0 (MMC) framework.

Using the MMC, an administrator can load multiple tools, known as snap-ins. A snap-in is an application built to run within the MMC. Adding snap-ins themselves has much improved with MMC 3.0; instead of having to use a tedious procedure involving two dialog boxes to build a separate console, version 3.0 provides a single dialog box, thus making it much easier to create custom consoles. You can then make these consoles available to individuals when you want to delegate specific management tasks.

The capability to add these custom consoles is of particular interest to ConfigMgr administrators, because the ConfigMgr Administrator console itself is actually a snap-in hosted by the MMC. Using the MMC allows ConfigMgr admins to create consoles easily that allow users to see only a specific part of the ConfigMgr functionality. As an example, you may want to create a custom console for helpdesk users where they only have the ability to use the ConfigMgr Remote Tools feature.

Touring the Console

When opening the ConfigMgr 2007 console, you will notice it contains the following three panes:

Console tree— The console tree is on the left side of the console. It allows you to browse the multiple nodes to manage your site and clients.

Result pane— The result pane is the middle section of the console. When you select a tree object, this pane displays the results.

Actions pane— The Actions pane is the pane displayed at the right side of the console. This is the only pane that you can hide. The Actions pane contains options and tasks, which are available as well when you right-click an object in the console tree or the result pane.

Figure 10.1 shows the ConfigMgr console.

Figure 10.1. The Configuration Manager console

image

The ConfigMgr 2007 console includes search folders, a search bar, allows drag and drop, can replicate folders down the hierarchy, and incorporates home pages. The next sections discuss several of these features.

New Console Features

As described earlier, the MMC 3.0 framework introduces many new features and capabilities in the Configuration Manager console:

Drag and drop— The ConfigMgr 2007 console allows you to drag and drop objects. As an example, you can drag a program and drop it onto a collection to create an advertisement. This saves much time and keystrokes, and can help you keep things organized.

Home pages— When you select a main node such as Software Distribution or Desired Configuration Management, a home page will display in the result pane. These home pages give you a quick overview of the status of a certain feature when you select the root node of that feature. As an example, you can view the status of deployed packages or the percentage of compliant systems with Desired Configuration Management.

Sort columns— This is not exactly a new feature because it was also an option with SMS 2003, although the SMS 2003 version did not work and was very buggy. This feature now functions with ConfigMgr 2007. You can also sort the columns to find information more quickly.

Search bar— Sites can grow very fast with custom collections, packages, programs, and advertisements. Also, over 300 reports come with the ConfigMgr 2007 product. The search bar at the top of the results pane will help you to find all your objects in multiple columns.

Search folders— Search folders comprise another new feature. Although search folders do not ship with the console, you can create your own search folder in most nodes. Search folders are not available in the Collection nodes and on several of the main nodes such as Software Distribution and Operating System Deployment. You can define a query criterion for each search folder, which filters the results that will display in the folder. Search folders provide a great way to arrange different objects, and they make things much easier for those individuals who want to organize their admin consoles.

Creating a Search Folder

Search folders work great for filtering and organizing the objects and information in the console. As an example, you can create a search folder for all your packages with a specific manufacturer. To create this search folder, perform the following steps:

  1. Navigate to the Computer Management node, expand Software Distribution, and then right-click Packages.
  2. Select New and choose Search Folder.
  3. In the Search Folder Criteria dialog box, choose the object Manufacturer.
  4. In the Edit the property’s search criteria box, click the <text to find> hyperlink.
  5. Specify a manufacturer to define your search criteria (such as Microsoft). Click Add and then OK.
  6. Repeat steps 4 and 5 to define multiple combined criteria, as displayed in Figure 10.2.

    Figure 10.2. A search folder for English packages from Microsoft

    image
  7. By default, the search folder will only search in the current folder. You can mark the “Search all folders under this feature” option in the bottom of Figure 10.2 to let Configuration Manager search in all subfolders.
  8. The last step is to define a friendly name for the search folder, such as English packages from Microsoft.

In addition to organizing and filtering information in the console, you can combine search folders with an action (for example, with software updates).

You can create a search folder containing a criterion that filters required updates released in a previous month for client computers or servers. The use of search folders is part of the Software Updates workflow. This allows you to add the resulting updates from the search folder to an update list, to create reports to display compliancy, and eventually to create a deployment based on the software update list.

Perform the following steps to create a search folder to locate updates released on a specific date:

  1. In the Configuration Manager console, navigate to Site Database -> Computer Management -> Software Updates -> Update Repository.
  2. The Update Repository contains a search folder by default. Right-click Search Folders and then select New Search Folder.
  3. To define the criteria, select Date Released to specify the date the software update was released.
  4. Check the box Search all folders under this feature.
  5. Enter a name for the folder (as an example, Updates released in March) and click OK.
  6. Back in the console, click the folder you created. The software updates are displayed by article ID and are based on the criteria you specified for this search folder. In the folder, you can check if the software update is required for computers and create an update list based on the results.

Home Pages

Another new feature in the ConfigMgr 2007 console is home pages. The goal of the home page is to deliver a complete status overview specific to the selected node. Home pages are available for the following nodes:

Software Distribution— This home page shows the status of all package advertisements. For each advertisement, you can see how many have started, succeeded, failed, retried, or are waiting.

Software Updates— Here you can see the status of required, deployed, and already installed updates. It also shows the update compliancy percentage of the site.

Operating System Deployment— The Operating System Deployment home page also shows the status of advertisements, but only for those task sequences that are advertised.

Asset Intelligence— This home page shows the inventoried software titles, categories, and software families.

Desired Configuration Management— The compliancy of Desired Configuration Management items is shown in this home page.

Network Access Protection— This home page also shows compliancy and remediation errors, and the total number of computers in remediation.

When you select any of these main nodes, the home page appears in the result pane.

As an example, the Software Distribution home page by default shows the status of the top-10 active advertisements in the last 7 days.

Home pages are divided in three sections.

On each home page, the first section enables you to configure the filters for the results shown in the middle section.

Every home page has different types of filters you can apply. As an example, with the Desired Configuration Management home page, you can set filters such as time-frames and severities. The Software Updates home page provides you with filters such as Vendor and Update classifications as well as the ability to apply a filter for the month and year the update was released.

• When the filters are applied, the middle section displays the results, with the number and a chart for a quick status overview.

• The bottom of each home page has a Links and Resources section. This section contains shortcuts to other nodes such as Advertisements, enabling you to navigate quickly through the console. It also contains links to web reports and help resources.

To run web reports, you must configure a reporting point. This is discussed in Chapter 18, “Reporting.”

Figure 10.3 displays the home page of Software Updates.

Figure 10.3. The Software Updates home page

image

The results in the home pages are automatically refreshed. This is also known as home page summarization. Except for the Asset Intelligence node, each node has a summarization interval. Table 10.1 shows the interval for each node.

Table 10.1. Default Refresh Interval for Each Home Page

image

If you prefer a tighter or specific interval, you can configure a custom schedule with the Schedule Home Page Summarization link provided in the Actions pane. To apply the new custom schedule, click Run Home Page Summarization, also provided in the Actions pane.

Console Nodes

In addition to the new, improved look provided with MMC 3.0, Microsoft wanted to create a more user-friendly console with ConfigMgr 2007. The ConfigMgr team reorganized the console tree, which now consists of five main nodes, rather than the 12 nodes you had with the SMS 2003 console.

Here are the five main nodes:

Site Management— The Site Management node shows the site hierarchy and the site components, such as boundaries, client agents, addresses, site maintenance tasks, and roles.

Computer Management— This is the main node for the administrator. It contains all the components to manage the clients in the site.

System Status— This node shows the overall health of the site, and includes tasks for troubleshooting a site.

Security Rights— Security rights can be set here on entities of ConfigMgr, such as collections, remote tools, packages, and advertisements.

Tools— The Tools node contains the ConfigMgr Service Manager, which can be used to start and stop services and components.

When you deploy a site, the Computer Management and System Status nodes are the most commonly used nodes for daily administration and management of your clients.

Table 10.2 describes the nodes and subnodes in more detail.

Table 10.2. Configuration Manager Console Nodes

image

image

image

image

 

Console Keystrokes

Although you can use the mouse to navigate through all the nodes in Configuration Manager, it also has a number of keystrokes you can use. The combination of those keystrokes and the mouse enables you to browse through the console very quickly. Table 10.3 displays a list of the available keystrokes.

Table 10.3. Configuration Manager Keystrokes

image

About the SMS Right Click Tools

The SMS “Right Click” tools were introduced as SMS Administrator console additions, provided free of charge at http://offshore-it.co.uk/smstools.html. You can download enhancements, described at http://myitforum.com/cs2/blogs/rhouchins/archive/2008/04/09/sccm-right-click-tools.aspx, including support for ConfigMgr 2007.

Launching Reports

With Configuration Manager 2007 Release 2 (R2), you have the capability to view either classic or SQL Reporting Services (SRS) reports using the Configuration Manager console.

The ConfigMgr Report Viewer allows you to navigate the reporting site, enter parameters for reports, and render the reports for viewing in a web browser. Accessing this functionality either from the console or from a web browser requires IE 5.01 Service Pack (SP) 2 or later to host the Report Viewer ActiveX control.

Microsoft provides over 300 ready-made reports that you can use or modify for your reporting requirements; these reports are described in Chapter 18. The next sections discuss viewing classic and SQL Reporting Services (SRS) reports available with ConfigMgr 2007 R2.

Viewing Classic Reports from the ConfigMgr Console

To view ConfigMgr classic reports from the console, perform the following steps:

  1. Expand the Configuration Manager console tree to System Center Configuration Manager -> Site Database -> Computer Management -> Reporting -> Reports. The Reports pane on the right displays a list of available reports.

    The “Look for” list box allows you to filter the list of reports.

  2. Right-click the report you wish to run and choose Run from the context menu.
  3. The console now invokes the Report Viewer, which permits you to enter any required or optional parameters for the selected report and launch the report. Notice that the Report Viewer, displayed in Figure 10.4, provides a Values button, allowing you to view and select from the list of values corresponding to the parameters that are stored in the database. You can enter a partial string using the wildcard characters _ (to match a single character) and % (to match zero or more characters) to narrow the list.

    Figure 10.4. The Report Viewer

    image

    By default, the Report Viewer displays a list of up to 1,000 values. The DWORD Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftSMSReportingValues Rowcount on the reporting server specifies the maximum number of values returned in the values list. This DWORD value does not exist by default. To specify that Report Viewer should display all values, set Values Rowcount to 0xffffffff.

  4. Click the Display icon in the upper-right section of Report Viewer to display the report. By default, the Report Viewer will display up to 10,000 rows of data in the report. The DWORD Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftSMSReportingRowcount on the reporting server specifies the maximum number of rows returned by Report Viewer. To specify that reports should display all values, set Rowcount to 0xffffffff.
  5. You can use the Show Tree button in the upper-left corner of Report Viewer to display the reporting hierarchy as a tree control. This is the same tree displayed by IE when you open the reporting point URL.

Viewing SRS Reports from the ConfigMgr Console

To view ConfigMgr SRS reports from the console, perform the following steps:

  1. Expand the Configuration Manager console tree to System Center Configuration Manager -> Site Database -> Computer Management -> Reporting Services -> <servername>, where <servername> represents your reporting services point.
  2. The All Reports folder displays a list of reports similar to that in the Reports console tree node used for classic reporting. SRS also provides a folder called Report Folders containing reports arranged in subfolders by folder category. Locate the report you wish to run under either folder structure, right-click the report, and choose Run from the context menu.
  3. The report viewer pane displayed in Figure 10.5 is functionally equivalent to the Report Viewer control provided with classic reporting. Enter the required parameters and any optional parameters you choose to supply, or use the Values links to use the selection list, and then click View Report to open the report.

    Figure 10.5. The SRS report viewer pane with the compliance for a computer by configuration baseline report selected

    image

Using Internet Explorer to View Reports

You can also use a web browser (Internet Explorer 5.01 SP 2 or later) to view reports. This enables individuals to view reports who do not otherwise need access to the ConfigMgr console.

Perform the following steps to view ConfigMgr classic reports using Internet Explorer (IE):

  1. Launch Internet Explorer and enter the reporting point URL. The default URL is http://<servername>/SMSReporting_<Site Code>, where <servername> is the name of your reporting point server and <Site Code> is the ConfigMgr site code.
  2. The Report Viewer tree control will open as shown in Figure 10.6. You can use the tree control to navigate to the reports in your reporting folder. The reports are arranged in folders under the Reports node of the tree control (Chapter 18 includes a list of those categories). Figure 10.6 shows the reporting point website as displayed in Internet Explorer.

    Figure 10.6. The Reporting Point website, with the tree control expanded to the report Computers with a specific network adapter

    image

Perform the following steps to view ConfigMgr SRS reports using Internet Explorer:

  1. Launch IE and enter the SRS URL. The default URL is http://<servername>/reports/, where <servername> is the name of your reporting services point server. (Chapter 18 discusses configuring the reporting services point.) The default report folder name is ConfigMgr_<Site Code>.
  2. The SRS home page will open, as displayed in Figure 10.7. You can click the category links to open the corresponding report folders.

    Figure 10.7. The Reporting Services page for the central site server (Bluebonnet), displayed in Internet Explorer

    image

Console Deployment

Now that you have been introduced to the console, let’s spend some time discussing its installation. When you install a new primary site, the ConfigMgr console is also installed on that system by default. However, organizations typically require multiple consoles to manage the site hierarchy; this is particularly true in enterprise organizations. In these scenarios, you will also want to install the console on the desktops of ConfigMgr administrators. The next sections discuss the platforms on which the console is supported, installation prerequisites, the steps to install the ConfigMgr console using the setup wizard, and performing an unintended console installation.

Supported Platforms

Microsoft supports the Configuration Manager console on the following Microsoft platforms:

• Windows XP Professional with Service Pack 2 or above.

Windows Vista, all editions.

• Windows Server 2003, all editions with Service Pack 1 or above.

• Windows Server 2008, all editions other than Server Core. Server Core is only supported with Configuration Manager 2007 with SP 1 or higher.

Prerequisites

Prior to installing the console, ensure the intended system has met the following prerequisites:

• Microsoft Management Console 3.0

• .NET Framework 2.0 or higher

• At least 100MB (megabytes) free disk space

To make sure you meet all the prerequisites before you start the installation wizard, you can choose to run the prerequisite checker from the splash screen initiated from the Configuration Manager 2007 installation media.

Installation Using the Configuration Manager Setup Wizard

After meeting the prerequisites discussed in the previous section, start installing the console by running the Configuration Manager Setup Wizard. If you are using the ConfigMgr installation CD, the wizard will automatically start. If installing from the file system, you can start the setup manually by opening the splash.hta file, found in the root of the installation media. Perform the following steps to install the console:

  1. The first screen presents several options, including running the prerequisite checker, reviewing the release notes, and installing ConfigMgr. Figure 10.8 displays this screen.

    Figure 10.8. The Configuration Manager 2007 splash screen

    image
  2. Select Install Configuration Manager 2007 to proceed to the welcome screen. This screen suggests steps you should take prior to starting the installation wizard. When you are ready, click Next in the welcome screen, displayed in Figure 10.9.

    Figure 10.9. The Configuration Manager 2007 welcome screen

    image
  3. The next screen shows the available setup options, displayed in Figure 10.10. Select Install or upgrade an administrator console. Click Next to continue.

    Figure 10.10. Choose one of the available setup options.

    image
  4. The following screen, displayed in Figure 10.11, is the Microsoft Software License Terms screen. Ensure you read the license agreement, and select the option “I accept these license terms.” Click Next to advance to the next screen.

    Figure 10.11. Microsoft software license terms

    image
  5. On the Customer Experience Improvement Program Configuration page displayed in Figure 10.12, you can choose to join the program. Microsoft uses the Customer Experience Improvement Program to gather information regarding your ConfigMgr installation. You can read the documentation at http://technet.microsoft.com/en-us/library/bb693975.aspx for more information.

    Figure 10.12. The Customer Experience Improvement Program Configuration screen

    image

    When you participate in the program, information regarding the health and performance of ConfigMgr components and your server is sent to Microsoft in a summary file. Microsoft uses this information for analysis and future releases of ConfigMgr.

    Select whether or not to participate in the program, and click Next to continue. You can always decide to opt out later.

  6. You now are requested to specify a destination folder for installing the console, as displayed in Figure 10.13. Type the path or select the Browse option to specify the location where setup will install the console installation files. Click Next.

    Figure 10.13. Specifying the destination folder

    image
  7. The next screen, shown in Figure 10.14, is the Site Server screen. Specify the name of the primary site server you want to connect to in the console and then click Next to continue.

    Figure 10.14. Specifying the server you want the console to initially connect to

    image
  8. You now advance to the Settings Summary screen, displayed in Figure 10.15. Verify the details you specified in the previous steps, and either click Back to change the information or click Next to proceed to the next step.

    Figure 10.15. Verifying your settings

    image
  9. Once you verify your settings, the wizard automatically performs an installation prerequisite check. Notice in Figure 10.16 that the prerequisite checker is displaying two warnings. You can double-click any prerequisite listed to display details regarding that problem, with information on how to resolve outstanding issues.

    Figure 10.16. Installation Prerequisite Check results

    image

    You can also troubleshoot by checking the ConfigMgrPrereq.log, located in the root of the system drive. When all the prerequisites are met (or there are only warnings), the Begin Install button becomes available. Click Begin Install to start installing the console.

  10. The Setup Action Status Monitoring screen shows the progress and status of all the installation actions (see Figure 10.17). When all actions are complete, click Next to continue.

    Figure 10.17. Displaying installation status

    image
  11. Figure 10.18 shows the final page of the wizard, which displays the installation completion status. If the installation failed, you can review ConfigMgrSetup.log by clicking the View Log button. This log file is located in the root of your system drive.

    Figure 10.18. Completing the Configuration Manager Setup Wizard

    image

When the installation is successful, you can select the option Launch the Configuration Manager console after closing. Click Finish to complete and close the wizard.

Unattended Console Installation

Instead of using the Configuration Manager Setup Wizard, you can install the console in unattended mode. An unattended installation can be used to deploy the console silently to multiple systems at once, potentially using ConfigMgr software distribution, or with a group policy object (GPO).

Before installing the console to multiple systems, verify that every targeted system is on a supported platform and that all the required prerequisites, described earlier in the “Prerequisites” section, are met. You can choose to check these requirements using the ConfigMgr hardware and inventory functions.

When you install the console using the setup wizard, as in the previous section, the wizard asks you to specify a number of settings. For an unattended installation, you can use an initialization file to specify these settings in advance.

The initialization file is a text file and can be created using Windows Notepad. The following information is required in the initialization file:

image

Specify the required options, and save the initialization file with an extension of .ini. As an example, you might name the file AdminConsole.ini.

To start the unattended setup and combine the initialization file with the setup installation files, run the following command from the command prompt or in a batch file:

image

The installation will run in silent mode, meaning no installation screens will display during setup. To check for errors, review ConfigMgrSetup.log, which is located at the root of your system drive.

Finding Console Information on an Installed Server

Two areas are used to populate information for the console—the Windows Registry and the file system.

Registry information related to the console is located under

• HKEY_LOCAL_MACHINESoftwareMicrosoftMMCSnapinsFX:{6de537a5-7a1c-4fa4-ac3a-1b6fc1036560}

• HKEY_LOCAL_MACHINESoftwareMicrosoftConfigMgr

The console files are located in several places on the file system:

• %ProgramFiles%Microsoft Configuration ManagerAdminUI.

• %ProgramFiles%Microsoft Configuration ManagerAdminUIinadminconsole.msc.

• The cache is stored at %HOMEPATH%Application DataMicrosoftMMCadminconsole.

This file retains custom settings for the console, as well as connections to site databases.

You can find an additional discussion on this subject at http://wmug.co.uk/groups/articles/pages/configmgr-console.aspx.

Customizing the Console

Using MMC technology gives you the ability to create your own custom console. You can use custom consoles to hide those features you do not use or features you want to restrict to certain individuals, because not everyone may require access to the full console. Custom consoles are also useful when you have multiple administrators with specific roles. Those administrators can create their own consoles with their most commonly used features.

To create a custom console, perform the following steps:

  1. Open a new MMC by going to Start -> Run, type mmc, and then click the OK button. This brings up an empty console root, as displayed in Figure 10.19.

    Figure 10.19. A new Microsoft Management Console

    image
  2. In the new console, select File -> Add/Remove Snap-in, as shown in Figure 10.20.

    Figure 10.20. Adding a snap-in to the console

    image
  3. In the Add/Remove Snap-in dialog box, click Add and choose the System Center Configuration Manager snap-in. Click the Add button at the bottom of Figure 10.21.

    Figure 10.21. Adding the System Center Configuration Manager snap-in

    image
  4. The next screen begins the Database Connection Wizard. Click Next at the Welcome screen, displayed in Figure 10.22.

    Figure 10.22. The Database Connection Wizard Welcome screen

    image
  5. In the Locate Site Database screen shown in Figure 10.23, verify you selected the correct site database (this example shows the Bluebonnet site server, the central site server for the SCCMUnleashed hierarchy) and then choose the Select console tree items to be loaded (custom) option at the bottom of the screen. Click Next to continue.

    Figure 10.23. Specifying the site database

    image
  6. The next screen of the Database Connection Wizard, shown in Figure 10.24, allows you to select the items you want to appear in the console tree. Check the items you want to be available in the console and click Next to continue.

    Figure 10.24. Selecting console tree items

    image
  7. Figure 10.25 displays the Summary screen. To change any of your selections, click the Previous button. Otherwise, click Finish to complete the wizard.

    Figure 10.25. Summary screen of the Database Connection Wizard

    image

You can now close the Add/Remove Snap-in dialog box and click OK to open the custom snap-in. The custom console, displayed in Figure 10.26, will now load. To save the console, select File -> Save.

Figure 10.26. A newly created custom console

image

When you create a custom console, be aware you can only add a single Configuration Manager snap-in to the console. However, this does not limit you in managing multiple sites in a hierarchy. You can manage child sites by connecting to them directly, or from their parent site. When managing a child from its parent, you are not connecting directly to the child, but to the database of the parent.

If you face any site communication issues, you can also directly connect to a child site by adding a separate site database connection. Figure 10.27 shows the central site with a separate connection to a primary child site.

Figure 10.27. A custom console with multiple-site databases

image

To add a site database connection with a custom console tree to a previously created custom console, perform the following steps:

  1. In your current custom console, right-click the main System Center Configuration Manager node and select Connect to Site database.
  2. The Database Connection Wizard will start. Click Next at the Welcome screen.
  3. In the Locate Site Database screen, select the option Connect to the site database for the following site server. Then choose the Select Console tree items to be loaded (custom) option at the bottom of the screen. Click Next to continue.
  4. The next screen of the Database Connection Wizard allows you to select the items you want to appear in the console tree. Check the items you want to be available in the console and click Next to continue.
  5. At the Summary screen, check your configuration. To change any of your selections, click the Previous button. Otherwise, click Finish to complete the wizard.

Figure 10.27 displays a single console containing a custom configuration for two sites.

Security Considerations

As mentioned earlier in the “Console Deployment” section, the console is installed during the site server setup process. After installation, by default only the administrator who ran the setup has access to the console.

Special permissions are required when other users want to install and use the console from their workstations. These permissions can be divided into two categories:

• Distributed Component Object Model (DCOM)

• Windows Management Instrumentation (WMI)

The next sections discuss these areas.

Configuring Required DCOM Permissions for the ConfigMgr Console

Administrators running the console from their workstation require Remote Activation DCOM permissions. These permissions are required on the site server and the SMS provider.

The SMS provider is the interface between the Configuration Manager console and the site database. The console uses WMI to connect to the SMS provider, and WMI itself uses DCOM. Due to these dependencies, DCOM permissions are required when running the console on a system other than the SMS provider.

Access to the SMS provider is delivered through the SMS Admins group, which is a local security group on every site server. All users running the console must be members of this group. By default, members of this group do not have administrator rights in Configuration Manager. Specific class and instance rights are still required. In the following procedure, DCOM permissions are linked to the SMS Admins group:

• If the SMS provider is installed on a computer other than the site server, you must perform this procedure on both the site server and the SMS provider computer.

• When the SMS provider is installed on the site server, you need to perform this procedure only on the site server computer.

Perform the following steps to configure Remote Activation permissions for the SMS Admins group:

  1. To open the Component Services Management console, click Start -> Run and then type dcomcnfg.exe.
  2. In the Component Services Management console, select the Console root and then expand the Component Services node.
  3. Under the Component Services node, expand Computers and then click My Computer.
  4. In the Component Services menu bar, click Action and then select Properties from the menu.
  5. In the Properties dialog box, click the COM Security tab.
  6. In the Launch and Activation Permissions section, click Edit Limits.
  7. In the Launch and Activation Permissions dialog box, click Add.
  8. In the Select Users, Computer or Groups window, click the Locations button.
  9. In the Locations dialog box, select the computer account (rather than the domain) and click OK.
  10. In the Select Users, Computer or Groups window, type SMS Admins in the Enter object names to select section. Click OK.
  11. In the permissions area for SMS Admins, check the Remote Activation box. Figure 10.28 shows this selection.

    Figure 10.28. Establishing DCOM permissions for the SMS Admins group

    image
  12. Click OK twice and close the Component Services Management console.

Verifying and Configuring WMI Permissions

The SMS provider is the main communication interface between the site servers and the Configuration Manager console. The console itself uses a combination of DCOM and WMI.

In addition to the DCOM permissions, WMI permissions are also required. By default, the SMS Admins group has the required WMI permissions. Use the following procedure if you are using a security group other than the SMS Admins group, or if you face issues connecting due to misconfigured WMI permissions.

Note

Identifying Connection Problems

If you face connection problems, you can identify them by the following entry in the SMSAdminUI.log:

image

To log the entry, you must enable verbose logging. The steps to enable verbose logging are described in Appendix A, “Configuration Manager Log Files.” Verbose logging is described in more detail in the “Troubleshooting Console Issues” section in this chapter. After verbose logging is enabled, the log file is located in the <ConfigMgrInstallPath>AdminUIAdminUILog folder.

To verify or configure WMI permissions, perform the following steps:

  1. On the server running the SMS provider, click Start -> Run, type wmimgmt.msc, and then click OK.
  2. In the WMI Control console, right-click the WMI Control node and then click Properties in the menu.
  3. In the Properties dialog box, select the Security tab.
  4. Expand the Root and then click the SMS folder.
  5. To verify the configured permissions, click the Security button.
  6. The SMS Admins group or a custom group requires the Enable Account and Remote Enable permissions, as configured in Figure 10.29.

    Figure 10.29. Enabling WMI permissions for the SMS Admins group

    image
  7. When you have configured all permissions correctly, click OK twice.
  8. Close the WMI Control console.

Configuration Manager Service Manager

The Configuration Manager Service Manager, introduced in Chapter 8, “Installing Configuration Manager 2007,” allows you to easily control the Configuration Manager services. A service runs in the background for nearly all components and features. The Service Manager provides you with a tool to check the status of each service or component.

Whereas most Configuration Manager services run by default, others only run when a job is assigned to them (for example, the SMS_SITE_BACKUP service).

Starting the Configuration Manager Service Manager

The Configuration Manager Service Manager can only be started through the Configuration Manager console. To start the Service Manager, navigate to the Tools node in the ConfigMgr console, expand it, and right-click ConfigMgr Service Manager. Choose Start ConfigMgr Service Manager. A new window will open, as displayed in Figure 10.30.

Figure 10.30. The Configuration Manager Service Manager console

image

Using the Configuration Manager Service Manager

Within the Service Manager, you can perform several actions. Although the ConfigMgr services do not display in the regular Windows Services console (services.msc), they are threaded in a similar manner as standard Windows services. You can start, stop, pause, resume, or query a service. The query action is always the first step before performing the other actions, because the query action determines the status of the component. The following options are available:

Query—The Query action is used to determine the status of the selected component. The possible actions you can perform will be based on the state of the component. As an example, the only available action for a component in a stopped state is to start it.

Start—Use the Start action to start a stopped component.

Stop—This action stops a running component. Stopping a component also shuts down its runtime environment and clears the log files and other related files.

Pause—Use this action to pause a running component. Pausing a component preserves its runtime environment. You can pause most components to observe the behavior and the created data in the log files. Several components cannot be paused, including SMS_REPORTING_POINT and SMS_SERVER_LOCATOR_POINT.

Resume—When a component is paused, the Resume action will resume the component so it is running again.

To run actions on Configuration Manager components, perform the following steps:

  1. In the ConfigMgr Service Manager, expand your site by double-clicking the site code. Then expand Components to view a list of components. To display a list of servers running one or more Configuration Manager components, expand the Servers node.
  2. Select a component. From the menu bar choose Component and then click Query to determine the status of the component.
  3. To perform an action such as Start, Stop, Pause, or Resume, select Components in the menu bar and then choose the appropriate action.

Troubleshooting Console Issues

This section of the chapter describes how to troubleshoot issues with the ConfigMgr console. The MMC 3.0 console itself is very stable, and issues are generally due to configuring the required permissions or issues with WMI.

Enable Verbose Logging

The first step in troubleshooting issues related to the console is to look at the log file. ConfigMgr by default provides many log files regarding the health of the site and its components.

This differs for the console log file. Because the log file generates a considerable amount of information requiring system resources, logging is not enabled by default.

To enable verbose logging, perform the following steps:

  1. Close all active Configuration Manager 2007 consoles.
  2. Browse to the <ConfigMgrInstallPath>AdminUIin folder.
  3. In the bin folder, locate the adminui.console.dll.config file and open this file using Windows Notepad.
  4. Within the file, navigate to the line

    <source name="SmsAdminUISnapIn" switchValue="Error" >

    Change this line to read

    <source name="SmsAdminUISnapIn" switchValue="Verbose" >

  5. Close the file and save your changes.

    Note that in Windows Server 2008, unless you are a member of the Domain Admins group, you have only read and execute permissions on this file. To modify the file, at least write permission is required.

  6. Start the Configuration Manager 2007 console.
  7. Navigate to the <ConfigMgrInstallPath>AdminUIAdminUILog folder and verify a log file named SMSAdminUI.log was created.

By default, only administrators and SMS admins have permissions to read the SMSAdminUI.log log file.

The logging starts immediately when you start the console. When the console starts, any navigation through the console is logged as well. Therefore, it is recommended you disable verbose logging when it is no longer required for troubleshooting.

To disable verbose logging, undo the line change described in step 4.

Common Issues

Table 10.4 describes the most common issues related to the Configuration Manager console.

Table 10.4. Common Issues and Resolutions

image

image

Preventing the Console from Hanging when Running Large Queries

By default, the Configuration Manager console stops responding when creating queries that return more than 2,000 results. This is the same as when creating collections with a query-based membership rule that returns more than the maximum of 2,000 results.

If you require such large queries, perform the following procedure to adjust the maximum threshold through the Registry. Follow these steps:

  1. Go to Start -> Run and type regedit. Click OK.
  2. In the Registry, browse to HKEY_LOCAL_MACHINESoftwareMicrosoftConfigMgrAdminUIQueryProcessors.
  3. Right-click QueryProcessors, select New, and choose the option DWORD Value.
  4. Name the new DWORD value ValueLimit.
  5. Configure ValueLimit with a value that is large enough to return the results of the query. As an example, use a value of 3000 to set the maximum allowed query results to 3,000.

Configuration Manager Console Command-Line Options

When the console is installed, the setup program creates a file named adminconsole.msc in the <ConfigMgrInstallPath>AdminUIin folder. This is the console MMC snap-in; launching the console will start this file. As described in the “Customizing the Console” section of this chapter, you can also create and save custom consoles.

The console has several parameters (command-line options) that you can use to modify how the console starts. Table 10.5 describes the available options and their functions.

Table 10.5. Configuration Manager Console Parameters

image

To start the console with a parameter, use the following syntax:

<ConfigMgrInstallPath>AdminUIBinadminconsole.msc /parameter


Summary

This chapter introduced the Configuration Manager 2007 console, an MMC 3.0 application. It described the console nodes, discussed launching reports, and stepped through the process of deploying the console. It also discussed security considerations. The chapter ended with a discussion of troubleshooting various console issues.

The next chapter discusses a number of the technologies used in ConfigMgr 2007.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset