With the recent release of Configuration Manager 2012 SP1, I thought I’d blog my installation experience. SP1 for ConfigMgr 2012 brings many new and exciting features, and includes additional bug fixes, as well as all the fixes released in both cumulative update 1 and 2.
One of the most significant changes is support for Windows 8. Configuration Manager SP1 supports Windows 8 in the following ways:
- You can install the Configuration Manager client on Windows 8 computers and deploy Windows 8 to new computers or to upgrade previous client operating versions. Configuration Manager also supports Windows To Go.
- Configuration Manager supports Windows 8 features, such as metered Internet connections and Always On Always Connected.
- You can configure user data and profiles configuration items for folder redirection, offline files, and roaming profiles.
- You can configure new deployment types for Windows 8 applications, which support standalone applications (.appx files) and links to the Windows Store.
Other significant changes include the following:
- Support for Windows Server 2012 and SQL Server 2012 SP1.
- Clients are now supported on Mac computers, and on Linux and UNIX servers.
- Windows PowerShell cmdlets are available to automate Configuration Manager operations by using Windows PowerShell scripts (see http://technet.microsoft.com/en-us/library/jj849987.aspx)
- More flexible hierarchy management with support to expand a stand-alone primary site into a hierarchy that includes a new central administration site, and the migration of a Configuration Manager SP1 hierarchy to another Configuration Manager SP1 hierarchy.
- Support for multiple software update points for a site to provide automatic redundancy for clients in the same way as you can configure multiple management points.
- Client notification to initiate some client operations from the Configuration Manager console, which include downloading computer policy and initiating a malware scan to be performed as soon as possible, instead of during the normal client policy polling interval.
- Support for virtual environments that allow multiple virtual applications to share file system and registry information instead of running in an isolated space.
- Email alert subscriptions are now supported for all features, not just Endpoint Protection.
For a full explanation of these features, please visit the “What’s New in Configuration Manager SP1” TechNet +article at http://technet.microsoft.com/en-us/library/jj591552. Another very good read before proceeding is “Planning to Upgrade System Center 2012 Configuration Manager” at http://technet.microsoft.com/en-us/library/jj822981.aspx as well as “Considerations for Upgrading to Configuration Manager SP1” at http://technet.microsoft.com/en-us/library/jj822981.aspx#BKMK_ConsiderationsforSP1Upgrade, and last but certainly not least, be sure to review the Configuration Manager 2012 SP1 Checklist at http://technet.microsoft.com/en-us/library/jj822981.aspx#BKMK_UpgradeSP1Checklist.
Additionally, for a list of all hotfixes included in SP1, visit http://support.microsoft.com/kb/2801420
First, a brief FAQ:
Q: Where can I download the SP1 installation?
A: SP1 must be downloaded from Microsoft Volume Licensing Center https://licensing.microsoft.com. It is a fully slipstreamed ConfigMgr 2012 install including SP1. This is the only form in which it is downloadable – there is not a separate SP1 download available by itself.
Q: Is SQL 2012 SP1 supported?
A: Yes, SQL 2012 SP1 is supported
Q: Will my client push automatically deploy and use the SP1 client going forward?
A: Clients will only begin automatically upgrading only if you enable the automatic client upgrade feature in the site hierarchy settings (this is not enabled by default). If you do enable this, you can set a random number of days that all clients should be upgraded in. Clients will randomly select a date within the range and, of course, get the upgrade. Be sure to remember this is on in the event another SP or other update is released in the future, as your clients will do the same thing (upgrade) automatically then as well. The automatic client upgrade isn’t intended for doing mass client upgrades. It’s intended to be more of a straggler upgrade feature for those you didn’t upgrade during your more-controlled client push method.
The client package on your distribution points will automagically be upgraded with the SP1 version of the client. Therefore when you use client push or other client installation methods, all clients going forward will automatically install the SP1 version of the client.
IMPORTANT UPDATE (added 1/29/2013)
If you’ve downloaded the SP1 bits prior to January 28, 2013, I recommend re-downloading them prior to installation as they have been updated to include the KB2801987 hotfix as well as to update some corrupted binaries in the Linux & iOS client installations.
Visit http://support.microsoft.com/kb/2801416 for a high level overview of the SP1 installation, and http://technet.microsoft.com/library/jj739872.aspx for the SP1 release notes. You will need to also install USMT 5.0, Windows Deployment Tools, and the Windows Pre-installation (WinPE) Environment which are available in the Windows 8 ADK which is downloadable from http://www.microsoft.com/en-us/download/details.aspx?id=30652. These pre-requisites are mandatory and you cannot install ConfigMgr 2012 SP1 without them. NOTE: You should also uninstall WAIK if it is installed.
If you have multiple System Center products, there is a recommended order to install the SP1 in http://technet.microsoft.com/en-us/library/jj628203.aspx.
You will also need to ensure hotfix KB2828185 is installed on your WSUS 3.0 SP2 SUP (Note: Windows Server 2012 includes WSUS 4.0 so this hotfix is not required). If you have your SUP on a remote server, you’ll need to install the hotfix on the site server as well since it has the WSUS admin console installed. This will only present a warning if it’s not installed (it actually states KB2720211, but KB2828185 includes KB2720211), and will allow you to continue the SP1 installation without the hotfix. However, if you upgrade to SP1 without this WSUS hotfix, your SUP will not function properly after the upgrade! Therefore it is highly recommended you install the WSUS hotfix(es) before continuing.
Additionally, if you have your 2012 hierarchy connected to your 2007 hierarchy for migration purposes, you will temporarily need to click the “Stop Gathering Data” button in the Migration folder in order to install SP1. When the upgrade is completed, in order to be able to restart the data gathering, you will need to go back into the Source Hierarchy section of the Migration folder, select the hierarchy, and click “Configure”. Ensure the credentials are properly configured, click OK and the data gathering process will resume.
If you have a CAS and one or multiple Primary Sites, you must start the SP1 installation at the CAS level first and work your way down the hierarchy. CAS—>Primaries—>Secondaries. If you are lucky enough to have significantly less than 100,000 clients or lack an excessive amount of internal politics, you will only need to install in the order of Primaries—>Secondaries.
Gotcha 1 – Built-in collections
When you upgrade to ConfigMgr SP1, the built-in collections are overwritten in the site database. If you have customized a built-in collection, create a copy of that collection before you upgrade. More details in http://support.microsoft.com/kb/2739984.
Gotcha 2 – Client push issues after installing SP1
NOTE: You should not have this issue if you’ve downloaded the 2012 SP1 BITS after January 28, 2013.
After installing SP1, ConfigMgr client installations may fail to install due to an Authenticode issue such as the following lines in ccmsetup.log
Couldn’t verify ‘C:\Windows\ccmsetup\MicrosoftPolicyPlatformSetup.msi’ authenticode signature. Return code 0x800b0101
InstallFromManifest failed 0x80004005
CcmSetup failed with error code 0x80004005
To resolve this issue, follow one of the two resolutions at http://support.microsoft.com/kb/2801987.
Gotcha 3 – Administrative Console backwards compatibility
When you use a Configuration Manager console that is of a lower service pack version than the site you connect to, the console cannot display or create some objects and information that are available in the new service pack version. When you use a Configuration Manager console that is of a higher service pack version than the site you connect to, the connection is blocked. Hint: If you have many administrators connecting to your hierarchy, the ConfigMgr 2012 admin console is a prime candidate for virtualization using App-V v5 – which by the way has no more Q: drive!!!
Gotcha 4 – Dynamic SQL Ports
Using dynamic ports in SQL? You must change them back to static in order to successfully install SP1 on your SQL instance (this includes secondary sites). Configuration Manager does not support dynamic ports. Because SQL Server named instances by default use dynamic ports for connections to the database engine, when you use a named instance, you must manually configure the static port that you want to use for intrasite communication. For more information refer to http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSQLDBconfig, and if you aren’t sure how to configure SQL to listen on a specific TCP/IP port, visit http://technet.microsoft.com/library/ms177440.aspx.
Gotcha 5 – Upgrading Secondary sites
Have Secondary sites to upgrade? SQL Server cumulative updates must be manually installed on secondary sites that use SQL Express. See http://support.microsoft.com/kb/2688247 for more information. You must update to SQL 2008 R2 SP1 CU6 or SP2.
Gotcha 6 – While we’re on the subject of having secondary sites, consider the following scenario:
- You configure a Microsoft System Center 2012 Configuration Manager Service Pack 1 (SP1) primary site and a System Center 2012 Configuration Manager SP1 secondary site.
- You create a package on the primary site.
- You distribute the package to the distribution point of the secondary site.
- You validate the package on the distribution point of the secondary site after the content status reads Success.
- You verify that the content status reads Success after the validation is completed.
- You right-click the package and then select Update distribution point.
In this scenario, the content status is stuck in In progress – Waiting for Content status instead of Success status. Install http://support.microsoft.com/kb/2828900 to resolve this specific issue.
Gotcha 7 – Got McAfee or Trend?
Be sure to visit https://kc.mcafee.com/corporate/index?page=content&id=KB76867&actp=search&viewlocale=en_US&searchid=1357907921573 and http://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspx or prepare to suffer from corrupted boot images. There are some additional A/V exclusions that are important to add to insure this doesn’t happen.
Gotcha 8 – Using a service account for your “Site System Installation Account” (rather than the site server’s computer account)? There is a known issue if you are using an AD account. The evidence that you are experiencing this issue is your console will have errors on the DP Monitoring stating “Distribution Manager failed to find or create the defined share or volume on distribution…” Your distmgr.log will say things like “Failed to set share security on share \\server\SMSSIG$. Error = 5” (which is access denied and “Failed to set access security on share SMSSIG$ on server xxx”.
To resolve this issue, change your site server settings back to use the site server’s computer account to install the site system, and your DP will successfully install. Also, be sure to restart the SMS_Executive service after changing this setting.
Gotcha 9 – OS Deployments on older hardware may become an issue due to the fact that SP1 changes from utilizing WAIK (WinPE v3.x) to using ADK (WinPE v4.0 – Win8/Server 2012). If a BIOS update does not resolve it, make sure your PC is Windows 8 compatible or the new WinPE 4 in the ADK will not boot properly. Freezing or blue screens with errors such as “HAL_INITIALIZATION_FAILED”, and “UNSUPPORTED_PROCESSOR” along with a 0x0000005D are the more common symptoms of this. You have a better chance of no issues if your processor supports the NX (no-execution) bit, PAE, and SSE2. See http://msdn.microsoft.com/en-us/library/windows/hardware/hh975398.aspx for more information on this.
More importantly, see my blog posting on how to collect NX, PAE, and SSE2 supportability information from your [PowerShell execution capable] clients at http://blogs.technet.com/b/configmgr_geek_speak/archive/2013/03/03/winpe-4-0-boot-images-not-working-with-cpu-s-that-do-not-support-nx-pae-sse2.aspx.
To manually check a client, use Coreinfo 3.2 from Windows Sysinternals @ http://technet.microsoft.com/en-us/sysinternals/cc835722.aspx. If it supports NX, PAE, and SSE2, it’s more than likely going to work with WinPE 4.0.
Configurations affected by an upgrade: When a site upgrades to Configuration Manager SP1, some configurations and settings do not persist after the upgrade or are set to a new default configuration. The following table includes configurations and settings that do not persist or that change, and provides details to help you plan for them during a site upgrade.
When you upgrade to Configuration Manager SP1, the following Software Center items will be reset to their default values:
- Work information is reset to business hours from 5.00am to 10.00pm Monday to Friday.
- The value for Computer maintenance is set to Suspend Software Center activities when my computer is in presentation mode.
- The value for Remote control is set to the value configured by the client settings assigned to the computer.
Software update summarization schedules
When you upgrade to Configuration Manager SP1, custom summarization schedules for software updates or software update groups are reset to the default value of 1 hour. After the upgrade completes, reset custom summarization values to the desired frequency.
Now, on to the install!
First, burn, mount, or extract the ConfigMgr 2012 SP1 ISO to your desired path. Double click on “splash.hta” in the root directory to begin the install.
Wait! Did you back up your SQL database, and test the database upgrade process on a copy of the most recent site database backup? If not, immediately “abend” and re-read the TechNet links above. If you haven’t, proceed at your own risk!
You will be prompted with the usual options at this point for server readiness assessments, release notes, etc. Notice the new entry under Tools and Standalone Components titled “Download clients for additional operating systems”. This is here if you need to install clients for any non-Windows OS machines you might have.
Click the blue “Install” to begin…
You’ll be presented with the Before You Begin dialog, and the very first important item listed here is to make sure you verify you have a supported SQL Server installation available for Configuration Manager. Configuration Manager 2012 SP1 supports SQL 2012, and as of 2/11/2013, it also officially supports SQL 2012 with SP1 as well.
The Configuration Manager Setup prerequisite check rules verify that software and settings required for setup are installed. In some cases, the required software itself might require additional software updates not verified by Configuration Manager Setup. Before you start the Setup process, make sure that the operating system running on the computer, and additional installed software that Configuration Manager Setup relies on, have been updated with all relevant software updates.
After reading the remaining steps, click “Next”.
The “Getting Started” dialog appears, and we will select “Upgrade the Configuration Manager site” and click “Next”.
Insert your valid license key (the same key you used to install the RTM version if this is not a fresh install), and click “Next”
Accept the license terms (after fully reading them of course), and click “Next”
Accept the license terms for SQL 2012 Express, Native Client, and Silverlight 5. Yes, secondary site installations will now automatically install SQL 2012 Express rather than SQL 2008 Express.
Download the prerequisites. Be sure to save them to a UNC path so can re-use them and don’t have to re-download them for any other primary site servers you need to upgrade.
After downloading the prerequisites, you’re then prompted for both the Server Language and Client Language selection.
Click ‘Next’ to confirm that you’re doing an upgrade, and you’ll get to the pre-requisite checker.
At this point, if you’ve failed any of the pre-requisite checks, you can correct them (or verify they are applicable) and re-run the pre-requisite checker again if needed.
When the prerequisite check runs, it logs its results in the ConfigMgrPrereq.log file on the system drive of computer. The log file can contain additional information that does not display in user interface.
Once finished, you can click “View Log” to see the installation process steps and troubleshoot any issues that may have occurred.
ALSO, check your RCMCTRL.LOG to verify there are no replication issues. If you launch the ConfigMgr SP1 console immediately after the upgrade, you may find the console is in Read-Only mode. Give replication and the site reset initiated by SP1 some time to finish and try again. If you still have replication issues, check this blog post out on DRS replication first http://blogs.technet.com/b/sudheesn/archive/2012/10/21/drs-initialization-in-configuration-manager-2012.aspx and if this fails, a Premier support case may be needed.
NOTE: There is a known issue with the pre-SP1 version of ConfigMgr 2012 which may cause this window to never get to this point.
If you think this may have occurred, go to your ConfigMgr installation directory, into the Logs sub-directory, and look for a sub-directory called “CrashDumps”. If you see this directory, open it and look for a sub-directory named “YYYYMMDD_HHMMSS_smsexec”. If the YYYYMMDD_HHMMSS matches today’s date, the SMS_Executive service is probably no longer running. Start the SMS_Executive service back up, and the upgrade process will then be able to finish (give it a few more minutes to finish the site reset). The good news is, this issue is resolved by SP1 so this should be the last time you’ll experience it. The bad news is the SP1 upgrade process itself seems to be pretty successful at causing the issue when it stops the SMS_Executive service during the upgrade process. Just start the SMS_Exec back up and the upgrade will then be able to finish.
Once you’re able to open the 2012 admin console without it warning you that it is in read-only mode / maintenance mode, the upgrade of the specific site is finished.
What to do now? Upgrade any remotely installed admin consoles to SP1 so they are able to connect to your new SP1 site.
Did you know? You can now use CCMSETUP.exe switches and CLIENT.MSI switches in the Client Push settings. You can also use the new /skipprereq:bits switch to skip the BITS pre-requisite check on your old 2003 SP2 servers with BITS 2.0, so you can actually use ConfigMgr to deploy the BITS 2.5 install to them! Cool!
Also be sure to check out all the new application types! New to the application types are Application Packages for iOS, Android, Mac OS X, Windows 8, App-V v5, and Windows Phone. Very nice selection indeed!
Another notable change is the CCMSetup directory now has it’s own \logs subdirectory for the ConfigMgr client install/uninstall logs. The full default path to the client installation logs is now C:\Windows\ccmsetup\logs\.
Be sure to also install the latest from CM2012 Toolkit for SP1 from http://www.microsoft.com/en-us/download/details.aspx?id=36213
Update 03/21/2013 – Cumulative 1 for 2012 SP1 is now out – see http://support.microsoft.com/kb/2817245/en-us for more information.
After applying CU1, I also recommend applying the following post SP1 CU1 hotfix http://support.microsoft.com/kb/2828900 which resolves an issue with packages getting stuck in “In progress – Waiting for Content” after updating a package to a distribution point.