There is a well known issue with Symantec Endpoint Protection clients – they are not able to delete old definitions. This is a really big trouble as the C drive is getting full all the time.
Unfortunatelly I still haven’t developed a relyable way for dealing with this in an automated way [Tamper protection is the main reason] and as you may imagine, when the number of servers is high, Administrator is always busy 🙂
As a temporary reactive solution I was using SEP Manager notifications showing Out-Of-Date Clients. In 80% of cases out-of-date means C drive is full. But I’ve decided that I need something more intelligent, some additional indication that could show which servers are suffering from the old SEP definitions. SCCM reporting will be described bellow.
So, affected servers would have more then one definition. Here is an example of what you may see:
If you have been building Windows OS with SCCM then you know that Computer Association can be a pain in one place 🙂 Here are several things to be checked:
1. Check Unprovisioned Computers folder for the records on the SCCM server where you did association. Delete the record and retry Computer Association.
2. If your SCCM server has a Parent then you need to run SCCM console on the Parent site server and check for Unprovisioned Computers there as well. Delete the record and retry Computer Association.
3. Check for the same MAC address and Computer Name in SCCM database. There is a chance that there is an object with the same MAC or Name. This can be done using SCCM Reports. SQL query below finds computers with 00:15:4C:0B:1C:05 MAC address:
SELECT NETW.DNSHostName0, Netcard.MACAddress0, NETW.IPAddress0
FROM v_GS_NETWORK_ADAPTER Netcard
JOIN v_Network_DATA_Serialized NETW on Netcard.ResourceID=NETW.ResourceID and Netcard.MACAddress0=NETW.MACAddress0
WHERE Netcard.MACAddress0 LIKE '%00:15:4C:0B:1C:05%'
ORDER BY Netcard.MACAddress0
In case you need to find the Maintenance Windows assigned to all your servers, here is a short SQL query for the SCCM Report:
sw.Name AS [MW Name],
sw.Duration AS 'Duration Minutes',
sw.IsEnabled AS 'MW Enabled',
dbo.v_ServiceWindow AS sw INNER JOIN
dbo.v_FullCollectionMembership AS fcm ON sw.CollectionID = fcm.CollectionID INNER JOIN dbo.v_R_System ON fcm.ResourceID = dbo.v_R_System.ResourceID
ORDER BY [MW Name], dbo.v_R_System.Name0
You can be suprised finding that some of your servers belong to several MWs 🙂
Another SCCM detective story 🙂
Usually when you see a message [There are no task sequences available for this computer] after you set the IP addresses in the OSD deployment wizard, it means that Computer association was not completed correctly and SCCM is not able to find a server record in its database to map OSD Task Sequence to it.
In my case association was correct [to make sure that it was I’ve recreated association several times].
Variables [IP address, MAC address] are in place.
Server was able to communicate with SCCM.
Site Boundaries are in place [IP ranges are configured].
So, it’s time to read the log 🙂 Boot SCCM agent and press F8. Go to X:\Windows\Temp\SMSTSLog and run “notepad smsts.log”. Log was showing that SCCM is able to find the computer, but nothing is advertised to it. Continue reading
So, here is a frequent will – I want to know all Collections server belongs to. If you have time you could check all Collections you have 🙂 But there is another more efective way – ask SQL. I like to use SCCM ConfigMgr Reporting to do that. Here is a query you can use to do the work:
inner join v_Collection on v_Collection.CollectionID = v_FullCollectionMembership.CollectionID
WHERE v_FullCollectionMembership.Name LIKE ‘%Server_Name%’
ORDER BY v_FullCollectionMembership.Name
Change the Server_Name to a server name you are interested in.
In case you never worked with Reports here is a nice guide how to create one – http://technet.microsoft.com/en-us/library/dd334649.aspx