Link to home
Avatar of akyuen
akyuen

asked on

Trying to trace how sccm agents 2012 got installed on client computers?

Hello,

I was doing a side-by-side migration of sccm 2007 to sccm 2012 in my environment.  I migrated the collections and enabled discovery of the AD forest and network.  In the discovery option, I disabled the option to create new boundaries.  I have not enabled any options to push out the 2012 clients, such as site pushes, SUP pushes, or scripts with GPOs.  All my site servers have 1 subnet assigned to it; however, I noticed that all the computers across multiple subnets in my domain have either been upgraded to the sccm 2012 client or installed on a computer that did not previously have any clients.  When I checked the logs on a computer with a newly installed sccm 2012 client, I see that the source of the installation is from the ip address that corresponds to the sccm 2012 server.  The clients are also configured with the site code that corresponds to a primary site (which, again, is not assigned to any boundary that contains these clients).  

What other methods are there that can automate the installation of these clients? Are there logs on the server or clients that can tell me where these updates are coming from?

Thanks.
Avatar of Mike Taylor
Mike Taylor
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi,

I think your network has become the victim of subnet boundary ranges. For many, many reasons, most ConfigMgr admins strongly suggest/demand you use IP ranges not subnets, because machines interpret the subnet differently to how you expect and either fallout *out* of boundaries and don't get deployments, or in your case fall *in* and machines you don't want to get anything do so!

Ref: http://blog.configmgrftw.com/ip-subnet-boundaries-are-evil/
and the sequel http://blog.configmgrftw.com/ip-subnet-boundaries-still-evil/

Both are by Jason Sandys, a long time MVP.

As for you question - is your site a standalone primary or a CAS?

There are 7 methods to install the client

1) Client Push
2) SUP
3) GPO
4) logon script
5) Manual
6) Upgrade
7) Automatic Upgrade

I am going to guess that 7 is set, since you have explicitly not setup 2,3,4 or 5 and 6 won't work to upgrade 2007 clients.

Full info from TechNet here:
https://technet.microsoft.com/en-us/library/gg682191.aspx

Configuring auto upgrade:


To configure automatic client upgrades (Configuration Manager with no service pack)

In the Configuration Manager console, click Administration.

In the Administration workspace, expand Site Configuration, and then click Sites.

On the Home tab, in the Sites group, click Hierarchy Settings.

In the Client Installation Settings tab of the Site Settings Properties dialog box, configure the following options:

Upgrade client automatically when new client updates are available – Enables or disables automatic client upgrades.
Allow clients to use a fallback source location for content – Allows clients to use a fallback source location to retrieve the client installation files.

Do not run program when a client is within a slow or unreliable network boundary or when the client uses a fallback source location for content – Select this option to ensure that clients do not retrieve client installation files from distribution points that are on a slow or unreliable network from the client location and only use distribution points that are in a boundary group with a fast connection.
Automatically upgrade clients within days – Specify the number of days in which client computers must upgrade the client after they receive client policy. The client will be upgraded at a random interval within this number of days. This prevents scenarios where a large number of client computers are upgraded simultaneously.

Automatically upgrade clients that are this version or earlier – Specify the minimum client version to upgrade on client computers.

Click OK to save the settings and close the Site Settings Properties dialog box. Clients will receive these settings when they next download policy.



Logs to check:

c:\Windows\ccmsetup\ccmsetup.log
CCM.log file on the site server records any problems that the site server has connecting

Reports to check:

the client deployment and assignment reports tracks client installation progress.
Count of Configuration Manager clients by client versions in the report folder Site – Client Information to identify the different versions of the Configuration Manager client in your hierarchy.

Hope that helps,

Mike
Avatar of akyuen
akyuen

ASKER

Hi Mike,

Thanks for the comment.  I just checked the site settings properties and the box for "upgrade client automatically when new client updates are available," is not checked.  I'm leaning towards the possibility that somebody accidentally selected a bunch of clients from a collection and deployed the upgrade.  

I've checked the ccmsetup and ccm logs, which still show the management console attempting to installed the client on computers that have previously failed.  I'm just not sure if the logs are granular enough to show which user performed the task.
ASKER CERTIFIED SOLUTION
Avatar of Mike Taylor
Mike Taylor
Flag of United Kingdom of Great Britain and Northern Ireland image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial