Proper TempDB creation for Configuration Manager

As a consultant, one of the major issues I see with SQL Server configuration for Configuration Manager is allowing default settings for TempDB.

The default TempDB size for all versions of SQL Server (prior to SQL 2016 – more on this later), is set to 8MB, file growth 1 MB.

Recently checked a Configuration Manager site SQL Server database properties, and TempDB had grown to 1.5 GB. This was with the default settings of 8MB size, 1 MB file growth. Can you imagine how many data file fragments occurred to get to 1.5GB?!

When SQL Server (MSSQLServer) service is restarted, TempDB gets reset to? The default size! And, the fun starts all over again.

First steps in correcting this; estimate the size of TempDB. There are some great calculators out there, Kent Agerlund did a nice job taking standard MSFT recommendations and converting it to an Excel “calculator”. This is a great starting point to determine the total size of TempDB, based on estimated client counts. Typically TempDB will be approximately 25-30% of the total, estimated CM DB size.

The only flaw with this calculator, it calculates a single TempDB file. TempDB can greatly benefit from multiple data files.

Let’s work through an example:

Projected # clients

10,000

Estimated CM data size

54 GB

Estimated TempDB size

16 GB

Making the assumption that your server has at least 2 processors and 8 cores, you’d want to start TempDB at least four (4) equal sized files, of 4GB each. Now, there may be some benefit in creating TempDB with eight (8) total, equal sized data files. Under no circumstance should you create more than 8 data files.

Now, to create, you can use the SQL Server management studio and add the files… even easier, use PowerShell.

To create using PowerShell follow the following instructions:

Open an elevated PowerShell prompt, create the additional SQL TempDB database files and set their initial size to a total of 16 GB by running the following command (the command is wrapped and should be one line):

Invoke-Sqlcmd –QueryTimeout 0
-InputFile C:\Setup\Scripts\ConfigureTempDB.sql

clip_image002

The SQL TempDB database files.

Note: change paths as appropriate – sample script can be downloaded for free, from book sample files, from my Reporting Services book.

As a side note, SQL Server 2016 now creates the following default TempDB settings. Probably still too small for most production instances. None the less, much better!

image

The SQL Server 2016 TempDB database files.

Intune – Mobile Application Management policy

What are Mobile Application Management policies?

According to Microsoft:

Mobile application management policies in Microsoft Intune let you modify the functionality of apps that you deploy to help bring them into line with your company compliance and security policies. For example, you can restrict cut, copy and paste operations within a managed app, or configure an app to open all web links inside a managed browser.

Source: https://technet.microsoft.com/library/dn878026.aspx

For example; when you first attempt to deploy a managed application, such as Skype for Business, you may receive the following informational dialog.

"The software you are trying to deploy must be associated with a mobile app management policy and there are currently none defined. Create a policy from the Policy workspace."

clip_image002

Application Policy Informational

To create an Application policy (sometimes called MAM), choose New Policy, then Mobile Application Management (platform), then choose Create a policy with the recommended settings, click Create Policy.

Note: This policy is not deployed, it will be associated with a subsequent app deployment. Also, note the available Managed Browser policies.

clip_image004

Policy – Create Mobile Application Management

Resultant MAM policy.

clip_image006

Policy – Mobile Application Management

The only modification made to the default MAM policy, was allow the device settings to control the encryption.

clip_image008

Policy – Mobile Application Management Properties

Now we are ready to Deploy Skype for Business. This application was deployed using the standard process. At the Mobile App Management step, associate the app with the App Management Policy, created in the last step. Click Next, through to Finish.

clip_image010

Deployment – with MAM policy

Resources:

Configure and deploy mobile application management policies in the Microsoft Intune console

https://technet.microsoft.com/library/dn878026.aspx

Multi-Identity and Mobile App Management with Microsoft Intune

http://blogs.technet.com/b/microsoftintune/archive/2015/07/21/multi-identity-and-mobile-app-management-with-microsoft-intune.aspx

Deploying Windows 10 GPO Administrative Templates

New GPO administrative templates are available with Windows 10.

You can find them here:

Administrative Templates (.admx) for Windows 10

https://www.microsoft.com/en-us/download/details.aspx?id=48257

The corresponding GPO settings matching XLS can be found here:

Group Policy Settings Reference for Windows and Windows Server

https://www.microsoft.com/en-us/download/details.aspx?id=25250

Note: You’ll want the “Windows 10 ADMX spreadsheet.xlsx” file

To install

If you have not previously enabled the domain GPO central store, see scenario 2 (next link):

Managing Group Policy ADMX Files Step-by-Step Guide

https://msdn.microsoft.com/en-us/library/bb530196.aspx

Integrating Intune with Configuration Manager

Our first attempt at adding the Intune subscription to the Configuration Manager console. First appearance, is that it may be a security issue.

clip_image001

Access is denied to the user when trying to enroll.

In researching this issue, it turns out that the Intune Mobile Device Management Authority was set to Intune. The dialog is misleading.

In the Set MDM Authority, note the important section:

clip_image002Important

Consider carefully whether you want to manage mobile devices using Intune-only (cloud service only) or System Center Configuration Manager with Intune integration (on-premises in conjunction with cloud service). After you set the mobile device management authority to either of these options, it cannot be changed again. If you’re unsure of your options, see Ways to do enterprise mobility. The Intune service can be used in conjunction with Office 365. You can specify which cloud service manages specific mobile devices in the Office 365 admin center and Intune admin console, respectively.

Source: https://technet.microsoft.com/en-us/library/mt346013.aspx

How to get support for Microsoft Intune

https://technet.microsoft.com/en-US/library/dn646963.aspx

Microsoft can reset the MDM authority, note that it can take between 1 and 5 days. Any existing managed devices should be selectively wiped.

After the MDM authority is reset. (At this point we should be able to add Intune to Configuration Manager)

For reference, before:

image

After:

image

Changes in Configuration Manager Backup Strategy

Starting with Configuration Manager 1511 and later, you’ll want to include the CD.Latest folder in your files backup.

https://technet.microsoft.com/en-us/library/mt605292.aspx#bkmk_Cdlatest

The site maintenance task backup will include this folder as part of its backup.

Now, if we could only use SQL Server native backup with compression for the backup task, we’d have a winning combination. Brian Mason noted that here in uservoice:

https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/10958460-use-sql-backup-with-compression-for-the-backup-tas

Related post here:

http://gerryhampsoncm.blogspot.com/2015/12/configuration-manager-1511-important.html

PXE Boot issues – BCD Error 98

Discovered an interesting WDS PXE boot issue after upgrading to CM 2012 R2 Sp1.

Side Note: it appears that this issue may have occurred before the upgrade, based on forum posts, it seems to be fairly common. May not be strictly version dependent.

When starting the OSD process, and attempting to LAN boot it would fail, before it launches PXE with the following error:

Recovery – Your PC needs to be repaired
File: \Tmp\x86x64{GUID}.bcd

Error code: 0xc0000098

Screen shot here:

image

Created new boot images with MDT, used the proper WinPE 5.1 drivers. Still failed.

Tried the following, with no change in behavior.

  • untick the enable PXE checkbox on the distribution point. Answer yes that you want to remove the Windows Deployment service.
  • remove boot images from your distribution point, then delete %windir%\temp
  • check with server manager. If WDS is done uninstalling there is a reboot pending. Reboot.
  • check if the remoteinstall folder is located on your system.
  • If it fails to delete due to permission issues with the SMSTempBootFiles path, delete all folders except that one and then rename the remoteinstall folder something else.
  • reboot
  • Add the PXE point again by checking the box on the distribution point properties.
  • Check the distrmgr.log and see if the remoteinstall folder reappears..
  • Replicate the boot image to the DP again.  After they land you can try running an F12 and it should roll smoothly.

From <https://community.spiceworks.com/topic/628123-sccm-2012-r2-pxe-boot-fails-bcd-error-0xc98>

Gerry has a similar process here:

http://www.gerryhampsoncm.blogspot.ie/2013/02/sccm-2012-task-sequence-fails-with-bcd.html

What we finally discovered, the SMS Agent Host service on the site server running WDS and the MP had stopped.

The CCMExec.log had the following clues:

image

Manually starting the the SMS Agent Host service allowed the WDS/PXE process to start working again! It must be that dependencies exist between the SMS Agent Host service, the MP and WDS.

Once we were aware of the service stopping, we monitored and watched it suddenly stop a few more times one afternoon. It would manually start though…

Once we upgraded the site server to CM 2012 R2 Sp1 CU2 appears to correct the SMS Agent Host service issue. The release notes make no mention of this fix.

Manually Installing the CM client

For a recent POC (Proof of Concept) production deployment, I needed to manually install the Configuration Client on several clients in an environment where Active Directory schema had not been extended.

After working out the command line details, I thought I’d share them here. Additionally, I had enabled a Fallback Status Point (recommended).

On the client you plan to install, open a command prompt and copy/paste the following in one line (editing the site server, MP information as below):

\\<SiteServerName>\SMS_<SiteCode>\Client\ccmsetup.exe /source:"\\<SiteServerName>\SMS_<SiteCode>\Client" /MP:<SiteServerFQDN> SMSSITECODE=<SiteCode> FSP=<SiteServerName>

<SiteServerName> = Site Server NETBIOS name

<SiteServerFQDN> = Site Server FQDN

<SiteCode> = Three character site code