Recently been tasked with migrating a fair ton of apps from Win7->10. One of the challenges in this space is testing. Previously with Windows 7 the guys worked on static persistent VM’s rolled out to testers to run their updated app through it’s paces. Few obvious problems with this approach
I) Quite a bit of VM admin to do – clean up post test of apps
2) Quite a bit of email admin to do – separate mails tailored for specific app owners detailing their specific machine to test etc
Luckily things have moved on a bit most importantly regards “delivery” of the apps. By that I mean previously was hamstrung with only allowing a VDI-type scenario being of use to cover app-v sequenced apps as they where using the “follow-the-user” model (user added to SCCM user collection and deployment type set to include VDI. As such at the time experience was limited with app-v which meant a VDI solution wasn’t practical for testing as vast majority of apps where MSI’s.
To that end we have been able to get over that hurdle by publishing the MSI’s as applications in SCCM rather than packages this gives us the flexibility to use the same follow-the-user approach as with app-v sequences. That being so a Win10 VDI then would have merit.
So recently got going on standing one up (XenDesktop 7.13 back-end). Tested adding a few of the team to a few random app-v sequences / MSI’s applications and noticed horrible download performance for all our apps/packages in Software Center. For example a 200mb MSI took 40 minutes to download.
Issue was put down to the BITs client configuration. For all workstations in general in an environment there is a cap on download speed. Enclosed illustrates what’s in my lab environment
as you can see there is cap’s on performance at certain times of the day. That makes sense for the general workstation population in an environment particularly for remote users over VPN as SCCM does not have an elegant way to identify a user that roams between local and VPN.
As such of course for VDI its not a requirement so in order to switch off I inserted a GPP into my GPO to set no limit on download rate. Registry key is called EnableBitsMaxBandwidth and set to 0 (located under HKLM \Software \ Policies \ Microsoft \ Windows \ BITS)
once I place was rocking and rolling and downloads flew along
Always handy when dealing in a large scale SCCM environment to have good controls in place for monitoring site server availability, of course from a day to day perspective if a site server was to exhibit issues users’ will probably let you know before you’d know but below is a simple PS cmdlet easily of course made into a script to alert you (preferably over a weekend before folks come online) if site server has whatever gone down/unavailable.
Check the SCCM site server is available
As part of the SCCM site server availability test, we can perform a simple ping test to ensure that the servers are reachable from the central Central Administration Site (CAS). We can use the
Test-Connection cmdlet to check the connectivity status of the site servers:
Test-Connection -ComputerName $Computer -Count 2 -Quiet
This cmdlet will return either true or false depending on the availability of the site server. If the result is true, we can conclude that the server is reachable at the point in time and if the result is false, the server can be considered to be unreachable and intervention is required.
One commonly overlooked good practice to put in place for your SCO environment is to invoke the use of the Microsoft best practices analyzer which by default is not installed with Orchestrator and is a firm recommendation to help assess the health of your Orchestrator environment.
- First, you’ll need to download and install the Microsoft Baseline Configuration Analyzer (MBCA) on the Orchestrator Management Server.
- Then, you’ll have to download and install the
Once you have this installed and ready, you’ll be able to do the following:
- Scan Orchestrator deployment
- Validate against Microsoft recommendations
- Get an extraction of misconfigurations or missed best practices
Once you finish the scan, you’ll be able to extract a compliance report that comes in an XML export-able format that you can process and import
Unattended Recovery of a Site
Configuration Manager 2012 supports recovering a CAS and a primary site via the Setup Wizard. You can also recover these sites via an unattended recovery script.
In order to use the unattended recovery solution you will need to create the .INI file that will be read by the Setup.exe application. The name of the file is not important, but the file extension must be .INI. You will run the Configuration Manager Setup command and reference the unattended script file in the command-line syntax. For example, if your unattended recovery script is named SCCMrecover.ini and is located on the C: drive in the CASRestore folder, the command will be Setup.exe /script C:\CASRestore\SCCMrecover.ini. The account used to execute Setup.exe must have administrator rights, so you may need to open a command prompt as an administrator and then run Setup.exe from there.
The INI file created will contain the same information as if done via a site recovery via the Setup Wizard. One key difference is that no default settings are applied in the unattended scenario, and as a result, all values for the recovery process must be specified in the script file.
The information that is required in the .INI file will depend on what is needed to be recovered. Worth noting when you provide values for keys you must use an equals sign to separate the key from the value.
The TechNet article “Unattended Site Recovery Script File Keys” at http://technet.microsoft.com/en-us/library/gg712697.aspx#BKMK_UnattendedSiteRecoveryKeys documents the available keys that can be used in the .INI file
Based on my experience with using Orchestrator and something that very much depend on your usage its a good practice to either throttle your runbook activity up and down to ensure best performance.
To do this need to look at Runbook Server Throttling which is set to run 50 Runbooks parallel by default maximum.
Depending on your specification of your server this figure might be too high or too low (will get a good indication anyways via taskmgr/perfmon) , anyways to increase or decrease the number of parallel Runbooks allowed to be run in parallel see below.
So the Runbook Server Throttling tool is the tool you need. To run go to
C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator\Management Server
and run the following command:
aspt <RunbookServer> <MaxRunningRunbooks>
So, environment is:
Citrix PVS 6.1 Hotfix 19
SCCM 2012 r2 Client (version : 5.00.7958.1000) installed in vDisk image
Duplicate Guid’s for all target devices
Followed the steps in
Did find this piece in addition to the above steps to fix
In it mentions disabling the client authentication service under the personal folder and your server certificate.
Untick the client authentication box, click ok, do your sealing up steps and voila! no more duplicate GUID’s!