Our latest webinar, Making the Most of Configuration Manger in 2017 was a huge success. It was our most registered for and most attended webinar to date. Naturally, there were loads of questions.
In this 2 part blog series, we will answer some questions received. Remember, you can re-watch the webinar here.
Question: Regarding security & critical updates which are valid 4 months after ConfigMgr version release – which updates are we talking exactly? for example when using Software Update Point with WSUS, which product and classification should be selected to download the metadata? or are those the fixes which also appear under Updates and Servicing in the console, like the new version updates?
Answer: In the webinar, we were specifically talking about security and critical updates for Configuration Manager only. These would show up under the Updates and Servicing node in the console.
Question: I have a virtual LAB with 1701 TP installed. how would you recommend doing tests of OS upgrade from W7 to W10? What I’m wondering is, while I have TP infrastructure, which Windows 7 and Windows 10 versions should I use for such a test? Can Win7 nonTP be upgraded to Win10 insider preview for example?
Answer: It is best to test with the production ready releases that you plan on deploying and supporting in your production environment. The Configuration Manager Technical Previews and Windows Insider releases are strictly for lab testing so that you can get a look at and test new features that might make it in the production release.
Question: We are on SCCM 1606 but running ADK 10 RTM… would you recommend later ADK?
Answer: It is recommended to be running the latest version of the ADK. However, ADK 1511 does provide some basic forward compatibility for Windows 10 1607. For more information see the blog Configuration Manager and the Windows ADK for Windows 10, version 1607 by Microsoft Senior Program Manager Aaron Czechowski.
Question: What recommendations do you have for Windows 10 upgrade scenarios? i.e. Wipe and load? In place upgrade?
Answer: This really depends on your environment and the desire to leverage the security capabilities in Windows 10. Chances are you will probably using a mixture of deployment methods – New Computer, Hardware Replace, Wipe-and-Load, In-place Upgrade (and hopefully soon, Provisioning). In order to convert a BIOS system to UEFI today (and be supported by Microsoft), this requires a Wipe-and-Load. If you already have devices configured for UEFI, then you can use the In-place upgrade deployment method. As mentioned on the webinar, Microsoft is going to simplify this process with the next release of Windows 10 called Windows 10 Creators Update. See the following blog for more information: BIOS to UEFI made easier with Windows 10 Creators Update.
Question: What is the blog from Kim Oppalfens that Kent mentioned for driver management?
Answer: The holy grail of ConfigMgr driver management, or whatever you’d like to call it by Kim Oppalfens.
Question: We are moving from 1511 to 1610. I am running ADK-RTM. Am I required to update the ADK to ADK10 1607?
Answer: In order to stay supported – yes! If running CB1610 what MDT and ADK versions should you be using? ADK 1607 and MDT build 8443. see the blog Microsoft Deployment Toolkit (8443) Now Available by Microsoft Senior Program Manager Aaron Czechowski for more details.
Question: Task Sequence Media Version Control – what options are there to “revoke” a previously made Task Sequence Media (USB)? (Besides waiting for the boot media certificate expiration.)
Answer: You can just go in and select the correct Boot Media certificate and Block it. This will present a “Failed to Run Task Sequence” error message when a device is attempting to receive Task Sequence policies from the Management Point. There is a Configuration Manager Uservoice item called Provide a method for expiring standalone media that has been Started and the feature is in Technical Preview 1701.
Question: Would Kent be able to briefly review the Parallels Plugin (for Mac mgmnt), just seen in his Console?
Answer: That has to be in another session, or attend MMS (mmsmoa.com) in May where it will be demonstrated.
Question: About Client Online Status, how does that relate to Internet-Based Client Management; I’ll guess these clients are online also when at home?
Answer: Port 10123 has to be open between the client and the management point in order to detect the online status.
Question: Are the client sharing capabilities the same in 2012 r2 or are they different than the neighborhood sharing you talked about in the latest builds?
Answer: In 2012 R2 (and prior to that version) the feature you are referring to is BranchCache.
Question: Briefly mentioned an issue with ADK 10 1607 causing driver injection to fail – can you expand on that or provide a link, please?
Answer: The issue occurs with ADK 1607 running on CB 1606 or later and seems to happen on systems with fast NVMe SSD drives. Microsoft’s Frank Rojas published a great blog on the topic with three work around solutions: Apply Driver Package task fails when the ADK is upgraded to ADK 10 1607. Kent also showed the way to apply drivers without Driver Packages using dism.
Question: Is it fair to say that Cloud Management Gateway is the new IBCM?
Answer: Yes, the goal is to remove the challenges and complexities around managing clients regardless of their location. It is IBCM without the need for servers in DMZ.
Question: Can we efficiently manage R2 SP1 CU3 clients with the latest release?
Answer: Yes. Today, you would upgrade 2012 R2 SP1 environment to CB 1606. Once that is complete, then you applied the CB 1610 update. After that is complete, then you would proceed to upgrade the 2012 R2 SP1 clients directly to CB 1610. Be sure to upgrade your clients as soon as possible for best performance and to take advantage of the latest features.
Question: The Content Library Cleanup Tool sounds great, can it be used only with TP1701 and later or can you take that command line and run in any SCCM environment?
Answer: Currently, it is only in the Technical Previews and it is not supported to run it in a production environment. Microsoft MVP Niall Brady recently published an excellent blog on the tool – What is the ContentLibraryCleanup tool and how can I use it?
Question: Is it possible to upgrade CM if it’s already unsupported (eg. upgrade 1511 now)?
Answer: Yes, but for best results, make sure you upgrade to a supported version within the supported time frame. For example, 1511 to 1606 was a tested and supported upgrade path. However, an upgrade from 1511 to the next baseline build (170x) will possibly not be supported since that build will be released after 1511 is already out of support.
Question: Will MDT integration work with config mgr Current branch?
Answer: Yes, and be sure to use the latest MDT version, build 8443.
Question: After Upgrading from SCCM CB 1606 to 1610 and Nomad 6.100 and AE 1.9.600. (also seen on other upgrades.) The Client Pilot upgrade is failing on existing clients. This is a hidden build in the package in SCCM. Creating a new package based on the same binaries and command line options as seen in the log then enabling Nomad on the package works. Is this something known to 1E?
Answer: Yes, the built in CM Client Package is locked and does not allow Nomad to be enabled on it. Also, the client upgrade process uses ccmsetup, which is not aware of Nomad. In testing 1602 to 1606 I noticed 47.2 MB of network traffic (using BITS), which can cause WAN saturation for slow link sites. The recommendation is to create another package with the CM Client that is Nomad aware and distribute it in order to prevent any network outages. Please let your Microsoft TAM know that you would like to have the client upgrade (ccmsetup) process be Nomad aware.
Question: Is the in-place OS upgrade of a ConfigMgr server possible if SQL is running on the same box?
Answer: Yes – but as always backup the DB prior to performing any upgrade.
Question: Any chance for on integrated solution for driver update management, including version and compatibility tracking?
Answer: We truly hope so.
