If this title means nothing to you, then this blog entry is not for you. However, if you were a beta customer for Configuration Manager 2007 and delved into native mode configuration, then the title might strike a chord. If this is the case, read on.
A couple of sharp-eyed customers noticed that the documentation for Configuration Manager Beta 2 included a client.msi installation parameter CCMHTTPSSTATE that disappeared with RC1 documentation, and is not listed in the release documentation. They’ve contacted us to ask if this is a documentation error, because if they continue to use this option, nothing breaks. So, what’s the scoop?
This humble native mode client installation property has quite a story behind it. For the short version, read the following Need to Know section and then skip to the summary. If you’ve got time on your hands or just plain intrigued, the Background Information section provides the inside information of why this option disappeared.
Need to Know Information: Specifying Native Mode Options during Client Installation
The client.msi option CCMHTTPSSTATE is no longer supported and is replaced with the CCMSetup property /native:[<native mode option>]. The client installation options that you can specify are documented with examples in the topic About Configuration Manager Client Installation Properties.
Most of the time, you probably do not need to specify native mode configuration options when installing clients for a native mode site. For example, you don’t need to specify them if you have extended Active Directory Domain Services for Configuration Manager 2007 and clients can read the published site information (ie the site is publishing and clients are from the same forest). These clients will automatically configure themselves for native mode by reading the native mode site configuration.
Additionally, if you are installing clients using Client Push, these clients are automatically configured for native mode even if Active Directory Domain Services is not extended, because this setting is pushed out to the clients using the site configuration. I’ve seen from newsgroup posts that customers have been specifying CCMHTTPSSTATE as an additional client push installation property (using the Client tab of the Client Push Installation Properties dialog box). While this didn’t do any harm, it’s not necessary. However, you can’t specify the replacement /native:[<native mode option>] as a client push installation property, because it’s a CCMSetup option rather than a client.msi option, which is not supported.
The only time you need to specify the native mode configuration for client installation is if you are not installing clients using Client Push, and clients cannot read the native mode site configuration published to Active Directory Domain Services (eg installing clients when they are on the Internet, or workgroup clients). Actually, there’s technically another exception, although I can’t in reality see a good reason to do this: if clients can read the site information from Active Directory Domain Services but you want a different native mode configuration during installation than normal operation.
The August version of the Configuration Manager documentation library includes an example assignment scenario which demonstrates what happens when a client is installed in one mode and is assigned to a site that is configured for a different mode. The topic is Example Assignment Scenarios for Configuration Manager: Primary Sites and this scenario appears last on the list: “Site Assignment When the Client’s Communication Mode Doesn’t Match its Assigned Site’s Mode”.
Background Information: So Why Did CCMHTTPSSTATE Disappear?
The native mode options include specifying native mode communication (HTTPS instead of HTTP), CRL checking for revoked certificates, and the option for clients to fallback to HTTP communication with a server locator point for site assignment and when roaming into a mixed mode site. Instead of implementing these as separate options (as they appear in the Site Mode tab of the site properties), in the code they were implemented efficiently as a bitmask.
Bitmask values meant remembering which number to use with CCMHTTPSSTATE, which wasn’t always easy. Remembering 1 for native mode communication was easy enough, but many people also wanted a combination of the three native mode options: HTTPS client communication, CRL checking, and the ability to fallback to HTTP. And just to add to the confusion, there were officially supported values, and unofficial values. Although our documentation listed only the supported values, some customers got to hear about other values, and started to use them.
To help address the situation, the product group took a change for RC1 which implemented the /native:[<native mode option>] property for CCMSetup to be used instead of CCMHTTPSSTATE=<number>. Because the option uses words instead of numbers, it’s easy to see at a glance what the setting is (eg CRLANDFALLBACK rather than 97).
If you need to specify the native mode options on the command line, /native:[<native mode option>] is now the supported way to do this. In the background, CCMSetup still converts it to a bitmask value and passes it to client.msi where it is processed as CCMHTTPSSTATE=<number>. For example, if you are installing a client that is on the Internet, installing it with the /native:[<native mode option>] is the correct procedure because it cannot get this configuration from anywhere else. For more information about installing clients when they are on the Internet, see Decide How to Install Configuration Manager Clients for Internet-Based Client Management.
- Specifying CCMHTTPSSTATE on the command line will not be supported going forward, even if it is still used “under the hood”.
- Client Push will automatically install clients for the current site mode.
- If your site is in native mode, Active Directory Domain Services is extended for Configuration Manager 2007, and clients can read the site published data, clients will be automatically reconfigured with their site’s native mode settings.
- Specifying /native:[<native mode option>] is necessary if you’re installing clients on the Internet.
- Specifying /native:[<native mode option>] might be necessary if you’re installing clients manually and they cannot read the site mode configuration from Active Directory Domain Services (eg workgroup clients, clients from another forest, your site isn’t publishing to Active Directory Domain Services, or Active Directory Domain Services isn’t extended for Configuration Manager 2007).
For our beta customers who got used to specifying CCMHTTPSSTATE, it’s a bit disconcerting to no longer use it. But beta versions are all about making changes as a result of customer feedback, and I’m sure we’ve now got a better solution for our RTM customers. And if you’re still confused about native mode options, send me an email (Carol.Bailey@Microsoft.com) and I’ll do my best to help!
– Carol Bailey
This posting is provided “AS IS” with no warranties and confers no rights.