SCCM+2012+Upgrade+at+Osseo


 * This page will be where Osseo Area Schools makes entries about the experience of migrating from 2007 to 2012 - "The Broden Chronicles", authored by Brent Broden.**
 * Project kick-off meeting - April 23, 2012. Scope of Work with Now Micro signed that day.**


 * 5-2-12** - This is the first entry of what is apparently called "The Broden Chronicles." I'll try and document what we are doing day-by-day in the SCCM 2012 install process led by Nash Pherson from Now Micro.

The first thing we did was to take a look at our system and make sure we had all the prerequisites for the install. Our server is currently slightly behind on memory and processors, but that shouldn't be a problem at first, and we're going to be able to upgrade this summer. We installed SQL 2008 R2 SP1 CU4. The install was actually able to be slipstreamed so we didn't have to keep adding updates and service packs. They were all included in the initial installation. We also added the roles to the server that SCCM was going to need. Once that was done, we were ready to actually install SCCM 2012.

The install itself was pretty simple and didn't take long at all. Once the install was done, we set up our boundaries (by hand, no importing available,) and started a system discovery. It found all of our systems (even the Macs,) and the count was accurate. We then modified some of our default client settings. Nash explained that the policies for the clients are like a set of overhead transparencies. The default policy is on the bottom and subsequent policies are set on top of that. All changes show through, but default changes are superseded by policies to specific collections. We ended the day by kicking of both User and Group discoveries, thus allowing us to embrace Microsoft's "User-centric" approach.


 * 5-4-12 -** Today we installed our first client! We're holding off on doing the rest until many more things are done. We also began the migration of collections from our SCCM 2007 server. We're not pulling over all of them, only the hand full that we'll be needing for sure. (By hand full I still mean about 2000 collections.)

We began work on the Endpoint protection setup and getting the Update point configured for antivirus updates and regular Windows updates. There was an issue we were having where we weren't getting all the virus definition updates we were looking for when the Update point was active. The problem turned out to be human error. We forgot that it's now Endpoint protection instead of Forefront protection. When we searched for the correct term, we found everything we needed.

We created our first application. Just a small install of CMTrace (A helpful log reading tool.) The Software Center and Application Catalog were next. We ran into issues with getting the software to show up in either, but after a reboot of the test machine, the program showed up, but still wouldn't install.


 * 5-7-12** - We started this week with fixing our issues with the Software Center. We weren't all able to install the software, or in some cases, couldn't see the software at all. A change in the options for the Software Center cleared things up and we were able to install CMTools. Software Updates also finished downloading over the weekend. Next we want to see all the updates that are needed by 32 and 64 bit clients. Virtual machines are going to be used to find this information.

We also started getting the Console and Client Centers installed on our laptops. We tried to send them through the Software Center, but are running into problems. (More on this later.)


 * 5-8-12** - Today we started on Updates. We created a few collections for updates (Pilot, 25%, 25%, 50%) to send the updates out on a schedule.We have approximately 80 machines in the Pilot group and have divided the rest of the district in 2 25% chunks and the final 50% chunk. We've set up a schedule that concludes 8 days from Microsoft's Tuesday updates. The Pilot machines acquire the updates on day 1 and are required to install them the same day. We allow 4 full days for testing and on the 5th day we then allow the rest of the machines to get the updates. They are required to run by the 6th day for the first 25%, the 7th day for the 2nd 25% and by the end of the 8th day for the remaining 50%.

We also cleaned up some of the collection that were imported over from our SCCM 2007 server. Mainly just housekeeping things. An HTA was also discussed and we will cover that later. We finished with setting up automatic deployments with rules and schedules for the Windows updates.


 * 5-14-12** - Today we finally finished the Build and Capture task sequences. It took 3 times today. The first one timed out for an unknown (at the time) reason. After the second began to exhibit the same issues, we started poking around on the box we were using and realized that we were almost completely out of space. We had the hard drive extended and tried again with very successful. we now have a working image to deploy!


 * 5-15-12** - Started 2 tasks today. The first was to start looking at the packages we imported and get applications created out of them. We pulled a report of the most installed programs from our SCCM 2007 server and started at the top, working our way down. The majority of the packages should be easy to convert as they are created using MSI files. We do have to change a few scripts, but since they work in SCCM 2007, they should work in 2012.

We also started looking at the various models of machines we have in the district to see which drivers would be needed in the task sequence. The 2 models of desktops worked pretty much out of the box. We used the same setup we had for 2007 and everything seemed to run just fine. Laptops are a different story. We're having issues with some models not joining the domain, and having a 1024x768 resolution by default. I'm currently working on a solution to this issue.


 * 5-22-12** - We finished the task sequence for our Server 2k8 install that will be deployed on our existing DPs to upgrade them and get them prepared for the new DP roles. There are several steps to configure the DPs. We have to remove all the old content from them first using our SCCM 2007 system. We then had to remove any roles that were assigned in order to decommission the servers correctly. After all that, we ran our task sequence and after it completed, added our DP roles and set our boundaries which were subnet based.


 * 5-23-12** - We did a test deployment of 5 schools. They were our smaller sites with less than 100 computers each and the OALC with just under 200. The first step was to run our Server 2k8 task sequence on the existing DPs. We then sent the clients during the day, particularly so we could get some idea of any impact the client installs have on the end user. There didn't seem to be anything. Most of the users didn't even notice any change at all.


 * 5-24-12** - Mass client install went out tonight. We sent 16 schools worth of clients (6000+) out around 8 PM. We anticipate the client installs are going to take a long time, but we're hoping to have a majority of them out there by tomorrow morning. We only received 3 emails about issues with the installs. 2 of the emails stated that a forefront warning message popped up on screen. After investigation, we determined that these machines had fallen off the domain, and only needed to be re-joined. They responded normally after that. We also had 1 machine that had the restart dialog box pop up when updates needed a restart. The postpone button was pressed, and the problem disappeared until reboot.

That issues brought up a concern. The online testing software is set to shut down if a pop up occurs anytime during testing. Very inconvenient when we're trying to send out a TON of updates to a TON of machines. Our solution to this was to change our group policy to prevent update pop ups from showing up. The down side of this is that the updates themselves won't run while the change is in effect. We also contacted the company that created the testing program and they told us that the windows pop ups shouldn't be a problem since the testing software is displayed full screen. We haven't tested that, but we figured we'd be better safe than sorry and made the group policy change. We will have to conduct some tests in the future to find a solution. Online testing is very important, but so are Windows updates. We'll have to find the right balance so they can coexist.


 * 5-25-12** - We came in to people asking why the internet seemed slow. At first, we were sure it didn't have anything to do with our client install, but we discovered on closer review that we were wrong. When we created our image that is currently on all the machines, we accidentally left the update server hard-coded in the image. This pointed the machines at our old site and SUS server. Since these don't exist anymore, it defaulted to go back to Windows for updates. After we discovered this issue, we sent out a registry change via Group Policy that changed the site and SUS server the machines looked at. We then used our packet shaper to discover which websites were being used to download the updates, and throttled the bandwidth available for those sites, and then internet started to speed back up.


 * 5-30-12** - We ran into a problem with come machines getting IE 9 pushed to them via Windows update. It only happened to about 150 machines, so we weren't too worried about it. The main reason we haven't sent it out is that we use Altiris Helpdesk Solution, and it doesn't work correctly in IE 9. We traced the problem and it appears to have come down on machines that had been pulling updates directly from Microsoft instead of from our SUS server. An uninstall job was created that reverted the machines back to IE 8, and everything seems. to be well again.