question

MarkLewis-9488 avatar image
0 Votes"
MarkLewis-9488 asked AllenLiu-MSFT commented

Setting up new MECM 2103 to sit alongside existing SCCM 2006

Hi everyone,

I’m hoping somebody can help me out, as I trawled the web and can’t find anything specifically related to my situation. I'm fairly new to SCCM (and subsequently MECM) and have been assigned a project upon starting my new role.

I’ve inherited a 2006 SCCM. Over the years it’s been tinkered and tweaked with to a point where it’s now no longer fit for purpose. The in-house knowledge has disappeared over the years, so rather than trying to unpick and fix the current environment, I have built a new Endpoint (MECM) current branch from scratch.

This new, clean, current branch environment will firstly sit alongside the existing SCCM environment, with a view to moving across all devices into the new MECM. The new current branch has: New SQL, new site name, new service accounts for adding Site Roles and no PXE for interference. The essential pre-requisite is that the new MECM doesn’t bleed into or cross-pollinate with the current SCCM, until we are ready for it to fully replace the current infrastructure.

My idea is to keep the new current branch ringfenced from the older SCCM and manually move over a few ‘test’ devices, prior to making any wholesale changes. I’ve ensured Boundaries haven’t crossed and have installed various Site System roles (including Software Update Point). I’ve also configured Client Push Installation and authenticated via a different service account to that used in the older SCCM.

However, I’ve encountered several issues:

Firstly, I’m unable to push out the Install Client directly from MECM.

Nor am I able to prevent new and existing Devices from being automatically discovered and added into SCCM. Despite me moving certain devices to a dedicated OU in AD and setting that Boundary IP range within the new MECM, the devices are still discoverable and automatically appear back in SCCM. I have disabled all Discovery Methods in SCCM as well as deleting the devices from SCCM and manually uninstalled the client, but still they re-appear.

How do I make SCCM stop discovering these devices? And prevent it from continuing to push out the Client? What do I need to disable from SCCM in order for this to happen? Am I correct in saying that I should remove the Client Push Installation account?

Also, shall I remove or disable the existing Boundaries and Groups? Or is there something else I should try first?

I'm wondering if this is merely a SCCM issue, or could there be policies embedded within AD that is causing the issue. There was a GPO within AD that was pushing out the client, but I have disabled this. However, it feels that there’s still an underlying policy or something else within AD that is continues to identify and add these devices to SCCM.

I’d like to thank you in advance for reading this and your consideration.

Thanks,

Mark.

mem-cm-site-deployment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarkLewis-1176 avatar image
0 Votes"
MarkLewis-1176 answered AllenLiu-MSFT commented

Very strange indeed!

Yes, the sites codes are indeed different. I've found a similar issues reported on TechNet and have followed the instructions suggested by a forum member:

https://social.technet.microsoft.com/Forums/en-US/409fec94-7da0-4034-874c-4a56dfbe53ae/cant-assign-new-site-code-sccm-2012?forum=configmanagerdeployment&ppud=4

This seems to have worked for me too!

I've manually updated the registry entry for clients still connecting to site A so that they now use site B as their 'site code'. I then hit 'Run Now' on the 'Machine Policy Retrieval' service via the Configuration Manager Properties window on the client.

The client now show as pointing to site code B and is no longer connected to A.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Glad to hear that you found a solution for this issue, please accept your reply as answer, we believe this will be very beneficial for other community members who have similar questions. You need to use the account "MarkLewis-9488" to accept answer.

1 Vote 1 ·
AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered

Hi, @MarkLewis-9488
Thank you for posting in Microsoft Q&A forum.

Here are the client installation method that don't require computers to be discovered before the client can be installed:
Software update point-based installation
Group policy installation
Logon script installation
Microsoft Intune MDM installation

You may check from these aspects.

For the details:
https://docs.microsoft.com/en-us/mem/configmgr/core/clients/deploy/plan/client-installation-methods


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarkLewis-9488 avatar image
0 Votes"
MarkLewis-9488 answered

Hi @AllenLiu-MFST,

Thank you for helpful response.

Yes, the client push installation via Software Update point is my preferred method for rolling out the client (and I setup this function with relevant service account to this).

However, I have been unable to push the client from the Config Manager. Which leads me to think that there is something 'blocking' the install or preventing the device from receiving the install.

Within MECM itself, I run through Install Config Manager Client Wizard and I receive a 'completed successfully' notification (please see attachment). However, when jumping on the client itself I can see that the install did not complete. Judging from the logs I can see that the install gets underway but does not complete.

Would it be helpful for me to upload the logs, so you can take a look and try to identify the issue? I'm afraid the log results don't make much sense to me...

Thanks,

Mark.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarkLewis-9488 avatar image
0 Votes"
MarkLewis-9488 answered

131997-client-push.png



client-push.png (169.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered

Hi, @MarkLewis-9488

You may start from checking the ccm.log on site server and ccmsetup.log on client.
For more details, we may refer to this article:
https://docs.microsoft.com/en-us/archive/blogs/sudheesn/troubleshooting-sccm-part-i-client-push-installation

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarkLewis-9488 avatar image
0 Votes"
MarkLewis-9488 answered AllenLiu-MSFT commented

Hi AllenLiu-MFST,

Thank you for the information.

I've checked the various log errors and the link above and there's nothing obviously blocking the path to the install.

Firewall ports are open and there are no DNS issues.

The strange thing is that when pushing the client out from MECM (let's call this 'Site B') the client is talking directly to SCCM ('Site A') and installing the client from there instead.

The device in question is no longer in Site A (after I've deleted it from the list of Devices, as well as uninstalling the client through CMD). I've placed the device into a new OU in AD and have added the IP address as a Boundary in MECM. The device appears within Site B.

However, the device still seems to be communicating with Site A and getting it's client from there.

How do I break this link?

I've read some other forum posts which seem to suggest that it could be related to Distribution Point or Management Point issues. Can you confirm whether this could be the case? Or do you think there is another solution we can try?

Thanks,

Mark.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The strange thing is that when pushing the client out from MECM (let's call this 'Site B') the client is talking directly to SCCM ('Site A') and installing the client from there instead.

Where do you see that the client is talking directly to SCCM site A?
0 Votes 0 ·
MarkLewis-9488 avatar image
0 Votes"
MarkLewis-9488 answered AllenLiu-MSFT commented

Thanks for the update.

Within site A itself, I can see the device listed within SCCM here:
132650-sccm1.png

This is despite me pushing out the client through site B. I've even logged onto the client, uninstalled the Software Center app through CMD and then navigated to site B's client share folder and manually installed, but still the client links back to site A.



sccm1.png (51.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sounds strange. Did you have a different site code between site A and site B?

0 Votes 0 ·