Basics for Installing SCCM R2

Hey,

Just thought i'd go through some basics for SCCM  2007 r2 during the installation.

Before installation, make sure your server has the following installed
- remote differential compression (under features)
- IIS

• -ASP.NET (for the reporting)
• Windows authentication (for webdav)
• Basic Authentication (not used, but needed)

- Webdav (you need to download this and install it from the MS website, its not part of 2008 server by default)
- WDS (DO NOT CONFIGURE, JUST INSTALL) (for pxe deployment, if required)

There is a whole bunch of stuff that can go wrong if you don't pre-prep your server correctly. from experience, doing the above before install, even though it verifies anyway really does help the process.

There is also configuration of IIS and webdav that will need to be done as well. there are a few great guides @ windows-noob.com (funny title for a great website that covers not-noob stuff) as well as the microsoft documentation.
- the idea with webdav is to essentially enable it, and allow anon access. thats the concept used, anyway.

This is only a small part of the references i intend on supplying, but its a good start.

Yea i'm Back again

To my loyal (read:2) readers: sorry for the lack of posting, ive been quite the busy chap.

- i plan to post quite extensively on  SCCM, microsoft deployment and tools that can be used. there is so much jargon out there about the WAIK, the MDT, WDS, SCCM... for someone walking into it for the first time, its very, very daunting.

- i also plan to post up some interesting Vmware vpshere stuff as i do work with it quite constantly now.


it appears my career has driven me towards a MS Server 2008 and VMware path,with emphasis on deployment (at the moment) so if it interests, please keep reading :)

Squid and NTLM etc..

Hi all,


I've just implimented a Squid3 proxy @ work today, and used ntlm to authenticate back to the cache to provide reporting and filtering.


One thing i did notice that should be changed on a vista based network or 2008 server based network.. or hell, windows7 for that matter, is that vista does not negotiate ntlm v1 by default, which is what squid3 uses as well as linux on whole.


To get around this, create a GPO policy that modifies the client machines to negotiate to ntlm v1 if v2 isnt available. 

Start -> gpedit.msc (run as administrator)
Computer configuration -> Policies->Windows Settings ->Security Settings->Local Policies ->Security Options

Find  "Network Security: LAN MANAGER Authentication Level"
Set it  to "Send LM * NTLM - use NTLMv2 session security if negotiated"

Cannot deploy template: Number of virtual devices exceeds the maximum for a given controller (VMWare ESX vCenter)

If you get this error when trying to deploy a virtual machine from a
template, it could be because you have changed the name of the virtual
machine network, ie. from "VM Network" to something else.

To fix it, do the following:

Convert template to virtual machine.
Edit settings of virtual machine.
Choose correct network for template (it probably shows no name)
Convert virtual machine to template
Try to deploy new virtual machine from template to see if it works
correct again.

If you ever get a temporary profile problem

in windows, when the server cannot find a network path to a roaming
profile, it may start to use a temp folder which it will delete after
the user has logged out.

unfortunately, sometimes that lingeres around in server 2008, so what
you will need to do is goto the following key in regedit

hklm->software->microsoft->profilelist

and delete the sid of the user in question. that will be enough to
reset the sid and get the user back up and running

WSUS 403 forbidden issue

Hey All,

if you are getting a 403 error when windows clients are attempting to access your local wsus server on 2008 server, it may be due to the fact that during install, the default website was selected as the host for your clients to connect to.

there is nothing wrong with that, unless you have a proxy server setting. if you do, this is where the 403 error comes from.

the way to get around this quite bluntly is to uninstall wsus, reinstall and select to create a new website under the port 8530 - this will work first go, no problems.

also in your wsus GPO, remember that the server name you need to enter is http://hostnameofyourserver.domain.etc:8530

without doing this, your GPO will not work correctly and your clients will also not update!

Quick one! Deploying 2007 office compatibility!

Who knows why the office 2007 compatibility pack is a .exe file and not just an msi.

funnily enough, it does exist though.

download the fileformatconvertors.exe from microsoft (google it!). during the installation, goto the following path:

C:\Program Files\MSECache\O2007Cnv

inside of this you will notice the installation msi - O12Conv.msi

copy this directory and the associated files to your netlogon folder, create a Group policy object as per normal and you're done.