Sunday, April 13, 2014

SCCM 2012 client push configure installation and troubleshooting


SCCM client push requirement
Disable firewall or open the necessary ports:

Port


Remark
80
TCP


443
TCP

native mode management point
445
TCP


135
TCP
UDP


In addition, the following needs to be open as well:
o   ICMP (ping) from server to client.
o   BITS service needs to enable.
o   Add the following as exceptions to the Windows Firewall:
Outbound and inbound: File and Printer Sharing
Inbound: Windows Management Instrumentation (WMI)
For complete list of ports used by the client:
·         Add Client Push Installation Account to local administrators group on the target machine (group policy is preferred method for that).
·         Make sure administrative shares available on the target machine (C$, Admin$ ect.):
Troubleshoot administrative shares
·         SCCM client require 500 MB available disk space, with 5 GB recommended for the Configuration Manager Client cache.
Computer Client Hardware Requirements


Configure Client Push Installation
The following settings need to be configured for Client Push Installation.
Go to Administration node -> Site Configuration -> Sites -> on the ribbon bar go to settings -> Client Installation Settings -> Client Push Installation:



On General tab of Client Push Installation Properties, enable automatic Site-wide client push installation and check the system type you like the client to be installed:



On Account tab, add Client Push Installation account. As mentioned before, this account needs to be member of local administrators group on target computers:


You can leave Installation properties as default – it needs to be set as SMSSITECODE=YourSiteCode


SCCM client push troubleshooting
  • First, make sure all client push requirements were meet.
  • Boundary and boundary group were created and the workstation fall into it. Make sure the site code appear next to the client name:



  • When client push installation request start, the request can be view in CCM.log on the SCCM server (locate under %programfiles%\Microsoft Configuration Manager\Logs). This is the place to look for errors if there is any communication issue between the SCCM server and the target workstation:



  • Next ccmsetup program runs as a service by default (you can see it in Services console) and downloads all the necessary files to complete the client installation from a specified management point or from a specified source location to C:\Windows\ccmsetup folder.
  • Check that ccmsetup folder was created under C:\Windows.
  • Open ccmsetup.log and client.msi.log under C:\Windows\ccmsetup\Logs with CMTrace.exe (located in %programfiles%\Microsoft Configuration Manager\tools) and look for any errors in the installation process.
  • On the client go to control panel and open the Configuration Manager applet. Go to Actions tab and  make sure you see all the below actions:



  • Go to client logs which located in C:\Windoes\CCM\Logs.
  • search for:

o   Clientlocation.log - Records tasks that are related to client site assignment.
o   Locationservices.log - Records the client activity for locating management points, software update points, and distribution points.

Other SCCM client logs
  • In case SCCM server fail to contact or start installation process, it will try install the client every 1 hour for 7 days.


Testing WMI service for remote computer
The following test needs to be done first on local machine (were client failed to be installed), then remotely from SCCM server:
  • From Run, type WMIMGMT.MSC
  • Right click WMI Control (Local) and click Connect to another computer.
  • On Change managed computer, click Another computer and type the remote computer name and click OK.
  • Right click WMI Control (Remote computer name) and click properties.
  • On WMI Control (Remote computer name) properties page you should see the remote computer information:


Any other message suggests you have trouble access local\remote computer WMI service. 


Troubleshoot WMI
Ensure COM security settings are configured correctly:
  • From Run type DCOMCNFG, navigate to Component Services -> Computers -> My Computers -> Properties. 
  • Go to  COM Security tab.
  • In Launch and Activation Permissions press on Edit Defaults and make sure SYSTEM, Administrators and INTERACTIVE have the following permissions:




In addition, the WMI DCOM settings should also be checked:

  • From Run type DCOMCNFG, navigate to Component Services -> Computers -> My Computers -> Windows Management and Instrumentation -> Properties.
  • Make sure Authentication level set to Default.


Rebuilding WMI
Rebuilding WMI can sometimes "fix" WMI issues but in most cases this is a workaround and not really fix the real issue, and as a result, the issue can be back shortly.
In addition, rebuilding WMI can lead to other issues with already installed application that useing WMI.
So in short, rebuilding WMI should be (in any) the last step for troubleshoot WMI issues.

Other WMI useful links:

No comments:

Post a Comment