Wednesday, September 7, 2011

How to move WSUS from SQL 2005 to SQL 2008 R2

I needed to move my WSUS database from SQL 2005 to a new SQL 2008 R2 server.  It was difficult to find the exact directions online so I hashed together some from several places and it worked just fine.  Here's how.

1. On the WSUS server, stop the "IIS Admin" service and "Update Services" service from services.msc.
2. On the SQL 2005 server, backup the SUSDB.
     Right click on the running SUSDB database in SQL Management Studio and select All Tasks -> Backup.
     Database = SUSDB
     Backup Type = Full
     Destination =  Disk.  I chose the desktop.
     Options Page = I selected to Verify the database when finished.  Press OK.

3. Copy the database over to the new SQL 2008 R2 server.
4. On the new SQL 2008 R2 server, open SQL Management Studio and connect to the database engine.  Then click on New Query.
5. Type in the following and then execute by pressing the green checkmark in the toolbar:

6. Once that is done right click on Databases and select Restore Database.
     To database = SUSDB
     From database = From device and then find the file you copied over from the old SQL server.
     Under Select the backup sets to restore = put a check mark next to the SUSDB database to restore.
     Press OK.

7. Back on the WSUS server, open regedit.exe and navigate to HKLM\Software\Microsoft\UpdateServices\Server.  Find the SqlServerName object and change that to the name of your new SQL server.
8. Restart the "IIS Admin" and "Update Services" services.
9. Open WSUS admin console and give it a moment to connect.

That's it.  It worked perfectly for me and was really easy to do.

Thursday, April 28, 2011

SCCM client install fix

I recently had to add the SCCM client to a bunch of machines from a non-trusted domain to manage them because the group previously tasked with those machines could no longer handle it.  The majority of the machines installed correctly but some did not.  This fix takes a couple minutes but has fixed all of my client issues so far.

1. Check the CCMInstall\Logs\ folder.  Look at the logs, in particular look at ccmexec, clientIDmanagerstartup, and locationservices logs.  Also look at the ccmsetup folder for the ccmsetup.log and client.msi.log.  These logs can help you pinpoint the reasons for the installation problems.

2. If you see errors like "Unable to retrieve AMP for site code" in the CCMInstall\logs\LocationServices.log, the install may see more than 1 client certificate and not be able to pick one.  If you AD automatically enrolls the machines and issues a new cert, you can run mmc, add the certificates snap-in for the computer account, and remove the client certificates under personal.  If you can't delete those add CCMFIRSTCERT=1 to the client install options.  There are some other things you can do also to make sure the correct certificates are available on the untrusted client.

3. Uninstall the SCCM client if it already exists but isn't working correctly.  Go to a cmd window and change to the ccmsetup folder.  run ccmsetup.exe /uninstall.

4. (optional and I haven't seen any effects from not using it)  CCMClean does still work in SCCM 2007.  You can download the SMS2003ToolKit and copy just that one tool.  It helps remove registry links and orphaned files if any.

5. Cmd window and run "net stop winmgmt".  You may have to run this twice to get it to stop because sometimes the service will start again immediately.  As soon as it stops rename the c:\windows\system32\wbem\repository folder to oldrepository.  This will reset WMI when the service restarts which we will do with a reboot in a minute.

6. Delete the c:\windows\system32\ccm and ccmsetup folders on 32bit machines or the c:\windows\syswow64\ccm folder on 64bit machines.

7. Restart the machine and you will have a repaired WMI and ready for a clean install of the SCCM client.

Friday, April 15, 2011

Change in how to apply Patch with SCCM Client push

There used to be a couple of articles online explaining how to add the PATCH=... command to the Client Push installation properties, but those articles have disappeared.  I also began seeing error 1635 on machines trying to install with that argument.

The new way to add a patch, such as, is this:

In the Client source folder (%installdir%\Microsoft Configuration Manager\Client) create a folder called ClientPatch.  Copy the .msp file into that folder.

So it looks like this:
    Microsoft Configuration Manager\

That's it.  SCCM will automatically try to install any .msp files you put in that folder when the Client is pushed to machines.  Once I changed to that and removed the PATCH argument, my client pushes started working again.

Wednesday, April 6, 2011

Windows Malicious Software Removal Tool and SCCM Software Updates

The MSRT was not designed to be pushed as a regular update through SCCM Software Updates.  If you put it in an SU deployment package your machines will fail to install and will notify the users repeatedly that it failed.  If you want to push this update each month, you can do so with Group Policy or as a Software Package in SCCM.  Here is the related Technet article.