Monthly Archives: November 2010

McAfee Agent Status Monitor on x64/Server Core Systems

The McAfee Agent Status Monitor is normally launched from the system tray.  But if you have a 64-bit OS and/or Server Core installed, there is no icon.

Fret not!  You can still pull up the Agent Status Monitor from the command line:

c:\Program Files\McAfee\Common Framework\cmdagent.exe /s

Running SCCM 2007 Software Updates on Server Core

Updated 2/8/2016

Oh man, this is my best work in months!

Our network has several Windows Server 2008 (and now 2012 R2) Server Core installations.  We also run System Center Configuration manager 2007 to manage software updates.  As anyone who has used SSCM knows, advertised software updates show up as a notification in the system tray, which is fine, unless you’re running Server Core.  That’s because Server Core doesn’t have a system tray!

Now, I don’t know about you, but I’m a control freak when it comes to running software updates on my servers.  I only want them to run one at a time, when the server is offline for maintenance, and with me there watching the updates happen.  So that means a mandatory advertisement to my Server Core machines was out of the question.

I started searching the Interweb for solutions discovered by similarly-situated system administrators.  Unfortunately, this is what I found:

– People (trying to be helpful) answering the question (or posting snarky responses) when they didn’t even understand the question… this makes me absolutely crazy (c’mon folks… either help up or shut up)!
– Powershell scripts invoking other Powershell scripts invoking…
– Some weird thingy using Maintenance Windows to stagger updates across machines

Ugh!  I wanted a simple, elegant solution.  I didn’t want to do any of this.  So after I thought about this for a few days, I realized you could use a task sequence as a proxy to initiate updates (since control panels are still available in Server Core):

1. Create a Software Update deployment like you normally do and assign it to your Server Core machines.  Make sure the deployment is not mandatory.
2. Now, create a Task Sequence.  In it, add a single task: Install Software Updates.  Be sure All Software Updates is selected.
3. Advertise the Task Sequence you just created to your Server Core machines.  Ensure the advertisement has progress display checked.  Check the SCCM log to make sure the advertisement is pushed before continuing.
4. On each Server Core machine you want to update, perform the following:

a.  Open the SCCM control panel: c:\Program Files\SMS_CCM\SMSCFGRC.cpl (on 64-bit OS, this will be in Program Files (x86) [UPDATE: SCCM files on 64-bit machines may be located at c:\WINDOWS\SysWOW64\CCM instead].
b.  On the Actions tab, initiate a Software Updates Scan Cycle.  This can usually take a few minutes.  Check ScanAgent.log for status
c.  On the Actions tab, initiate a Machine Policy Retrieval & Evaluation Cycle.  Wait a few moments for this to complete.
d.  Open the Run Advertised Programs control panel: c:\Program Files\SMS_CCM\SMSRAP.cpl (again the path for 64-bit will differ)
e.  You should see your advertised task sequence to run software updates.  Initiate the task and watch it go!

Ha ha! No code and no weird settings!  And, I get to reuse it over and over again!

P.S. Be aware that there is no way to suppress a forced restart for a task sequence if the update package requires it.  So make sure your server is ready for a reboot when you start your updates!

SCCM 2007 Active Directory System Discovery Agent DDR Errors

If you are getting DDR errors during AD System Discovery, check to see if there are any cluster objects within the tree that the service is discovering.  Since these are not actual hosts, they will flag as having inaccessible properties.  The fix to this is to either exclude that OU from your discovery or better yet, deny access for the CCM server to that OU by way of AD Users and Computers security configuration.  This effectively hides the OU from the CCM server.

SCCM Site Configuration for Windows Server 2008/2008 R2

Was just finishing up creating a secondary site and started getting an error in the Distribution Manager component.  Turns out I forgot to enable RDC, which is disabled by default in Server 2008.  There is a Technet article that explains what you need to do to use 2008 for SCCM.  Don’t forget to do these!

Thanks to Teh Wei King’s System Center Blog for the solution.