Trying to trace how sccm agents 2012 got installed on client computers?

Hello,

I was doing a side-by-side migration of sccm 2007 to sccm 2012 in my environment.  I migrated the collections and enabled discovery of the AD forest and network.  In the discovery option, I disabled the option to create new boundaries.  I have not enabled any options to push out the 2012 clients, such as site pushes, SUP pushes, or scripts with GPOs.  All my site servers have 1 subnet assigned to it; however, I noticed that all the computers across multiple subnets in my domain have either been upgraded to the sccm 2012 client or installed on a computer that did not previously have any clients.  When I checked the logs on a computer with a newly installed sccm 2012 client, I see that the source of the installation is from the ip address that corresponds to the sccm 2012 server.  The clients are also configured with the site code that corresponds to a primary site (which, again, is not assigned to any boundary that contains these clients).  

What other methods are there that can automate the installation of these clients? Are there logs on the server or clients that can tell me where these updates are coming from?

Thanks.
akyuenAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike TLeading EngineerCommented:
Hi,

I think your network has become the victim of subnet boundary ranges. For many, many reasons, most ConfigMgr admins strongly suggest/demand you use IP ranges not subnets, because machines interpret the subnet differently to how you expect and either fallout *out* of boundaries and don't get deployments, or in your case fall *in* and machines you don't want to get anything do so!

Ref: http://blog.configmgrftw.com/ip-subnet-boundaries-are-evil/
and the sequel http://blog.configmgrftw.com/ip-subnet-boundaries-still-evil/

Both are by Jason Sandys, a long time MVP.

As for you question - is your site a standalone primary or a CAS?

There are 7 methods to install the client

1) Client Push
2) SUP
3) GPO
4) logon script
5) Manual
6) Upgrade
7) Automatic Upgrade

I am going to guess that 7 is set, since you have explicitly not setup 2,3,4 or 5 and 6 won't work to upgrade 2007 clients.

Full info from TechNet here:
https://technet.microsoft.com/en-us/library/gg682191.aspx

Configuring auto upgrade:


To configure automatic client upgrades (Configuration Manager with no service pack)

In the Configuration Manager console, click Administration.

In the Administration workspace, expand Site Configuration, and then click Sites.

On the Home tab, in the Sites group, click Hierarchy Settings.

In the Client Installation Settings tab of the Site Settings Properties dialog box, configure the following options:

Upgrade client automatically when new client updates are available – Enables or disables automatic client upgrades.
Allow clients to use a fallback source location for content – Allows clients to use a fallback source location to retrieve the client installation files.

Do not run program when a client is within a slow or unreliable network boundary or when the client uses a fallback source location for content – Select this option to ensure that clients do not retrieve client installation files from distribution points that are on a slow or unreliable network from the client location and only use distribution points that are in a boundary group with a fast connection.
Automatically upgrade clients within days – Specify the number of days in which client computers must upgrade the client after they receive client policy. The client will be upgraded at a random interval within this number of days. This prevents scenarios where a large number of client computers are upgraded simultaneously.

Automatically upgrade clients that are this version or earlier – Specify the minimum client version to upgrade on client computers.

Click OK to save the settings and close the Site Settings Properties dialog box. Clients will receive these settings when they next download policy.



Logs to check:

c:\Windows\ccmsetup\ccmsetup.log
CCM.log file on the site server records any problems that the site server has connecting

Reports to check:

the client deployment and assignment reports tracks client installation progress.
Count of Configuration Manager clients by client versions in the report folder Site – Client Information to identify the different versions of the Configuration Manager client in your hierarchy.

Hope that helps,

Mike
akyuenAuthor Commented:
Hi Mike,

Thanks for the comment.  I just checked the site settings properties and the box for "upgrade client automatically when new client updates are available," is not checked.  I'm leaning towards the possibility that somebody accidentally selected a bunch of clients from a collection and deployed the upgrade.  

I've checked the ccmsetup and ccm logs, which still show the management console attempting to installed the client on computers that have previously failed.  I'm just not sure if the logs are granular enough to show which user performed the task.
Mike TLeading EngineerCommented:
Hi,

I suspect you are right, but need to check everything before pointing fingers at people. The logs do track pretty much everything that ever happens. Check the reports.

This blog is very similar but shows who deleted clientes:

http://blogs.technet.com/b/configurationmgr/archive/2013/10/01/how-to-determine-who-deleted-what-objects-in-the-configuration-manager-console.aspx
 
Jeff Hornbeck posts excelente material and is a good person to take note of.

You will need a diferent status ID to report against, but I don't know which one without digging.

Mike

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SCCM

From novice to tech pro — start learning today.