System Centre Config Manager:- SCCM Config

Hi,

First, CM is a massive, massive product and I'd say the most complicated product MS have. If you fight it, it will win!
Let's tackle the client install first. Updates are complex and demands a whole page.

Collections - how are you targeting machines? To start, if you're new to CM, create a blank collection and add ONE machine as a direct member. Also always, always create limiting collection for clients machines (by OS) and use that to limit ALL workstation based collections. That stops any "oops I did again and deployed W10 to my servers". It *does* happen.

To test your setup, try browsing to the path  \\siteserver\sms_sitecode\Clients - that is where the agent is copied from to c:\windows\ccmsetup.

Can you see that path?
Is the copy working?
If you run cmsetup what happens?

in c:\windows\ccmsetup\logs is the full, explicit log of the installer. Read it, trace it. CM uses lots of logs and the best way to learn is reading them, in detail. Always use CMtrace to read logs.

It is in \\siteserver\sms_sitdecode\tools. Just copy it to somewhere you it's easy to find and run. You can also browse and read clients logs from the server, as long as you have firewall ports open.

WSUS
======
Did you install WSUS from scratch and NOT configure it? If not, it's unlikely to work correctly.

I will explain more once the client is sorted out.

Mike

Thanks for your comments.

So have created a Test collection with 1 device.
I can browse to the client.
When I run the client locally, I get prompted with security warning, then run/cancel.
Click on run and then get message saying you do not have permission to access, even though I am admin.

Got to run it as local Administrator,  nothing appeared on screen, not sure anything happened

The logs are not updating.

I ran it again there and process has appeared in task mgr, ccmsetup (32 bit)

"ran it again there and process has appeared in task mgr, ccmsetup (32 bit) " is the result. It takes 5-10 mins because lots is happening. When done, look in control panel "system and security". A new icon will be there, Configuration Manager (32-bit). Open it and check you have 4 tabs at least. Check the General tab info. Connection type needs to say Always Intranet.
On components tab, at least ONE thing needs to show as Enabled. If it does not, the client is not getting policies from CM server.

When installing there is NO GUI. That's by design. You have to wait or watch task manager.

Thanks, yes can see it now in control panel/system and security.
I have attached a screenshot, do I configure all of the tabs?
Config.PNG

Hi - no, tabs only show what you have set at the back-end. the only change you can make is the cache size.

Configuring anything is quite a long thing and beyond this question!

So are you now happy you can deploy a client. using Client Push (as they call it)? If so, I can try and tackle WSUS.

I still cannot install the client.
So in Devices then my Test Device, go through install client and looks as if it has installed.
But still saying no client installed.

Strange

Have Client Push settings attached.
Client-Push.PNG

Hi,

OK, the client push settings look fine. Please clarify, the agent IS being push, IS being installed on machines, but it just shows in the CM console says "Client = No".

If that is the case, it's a different issue and means the client is not getting policy from the Management Point and that in turn means the Management Point does not see that there's anything on the machine that it owns. This means digging through more logs...

Thanks.
So after disabling firewall for McAfee, eventually getting the agent copied over and trying to install.
But looks like it is the wrong version, 32 bit instead of 64, as it should be.

Have attached screenshot, can this be changed in the setup?
CcmInstall.PNG

It's not quite as simple as that with the client. My OS is 64-bit but the agent "looks" like it installed the 32-bit one, but check the registry here:
C:\Windows\SysWOW64\CCM <<< and it's using 64-bit keys.

Rest assured, the client itself *is* a 64-bit application, it's just that some of functions default to Windows-On-Windows for compatibility.

This is looking a bit better although I thought I only asked it to deploy the agent?
have attached file.
Download.PNG

OK, that's doing something more. Which log file is that?

This is on the device I am pushing out the client to.
But only wanted the client,  had to kill the client as was installing for almost 2 hours.. Something not right

Also meant to ask.
Is the Client a one time install to the device you push it out to.. Or does it 'install' each time something is deployed?

LAst first - yes, it's a one time install.

Your other question - I can't tell what else is happening without logs. Installing the client does NOT trigger anything else at all, unless you have Mandatory deployments set up.

I have no other Mandatory deployments setup at all, very confusing.
have attached the logs, would appreciate if you could have a look at the last section from
19/1/2017 15:26 to end
ccmsetup.log

Hello, onto the second part of my question regarding sccm.
The updates are pulled into wsus ok but nothing appearing in sccm console.

How do i resolve this to push out to clients?

You need to explain how EXACTY you installed WSUS. Start with "Is it a fresh install?".

Yes, fresh install, built server and added WSUS Role.
With wid database/wsus Services.
Then pointed to store updates locally.
Specified database and then restarted.

Didnt do the post configs

Do not see Sites under Monitoring.
See Site Hierarchy (see attached)
And also Site status (see attached)

Is this look ok?
Site.PNG
Status.PNG

Hi - I meant System Status. Didn't have it in front of me at the time. Yes it all looks good so you can just follow the steps. The sync takes a while so be patient.

Mike

Still not updating.
Something not right here but have checked and just going round in circles

It's looking a lot better now.
The issue was the wrong port number in SUP.
Updates are pulling through, taking a bit of time, but that is to be expected.

OK - good show. It's not the quickest on first run, but once it's done a full sync things will speed up. The only issue now is the size of the new Windows 7 rollup updates really, but there's nothing you can do about that!

Mike

Again thanks for your help