Step by Step Installation of SCCM CB1606

Step by Step guide of Installation of SCCM CB 1606 on Windows server 2012 R2.
I have already installed the SQL server on the same box and have completed all the configuration.
now you are ready to install the CB 1606.
go to the ISO image and extract that. follow the steps in given file and your SCCM installation would be completed.
you can download the complete guide from following link.

Step by Step Installation of SCCM CB1606

Windows 10 Servicing Model and plan

I was searching about the Windows 10 servicing model and plan but did not get much on internet, then I thought I should share my knowledge with you guys. go through the complete blog post and let me know what you think, if you are happy with the provided solution and that meets your expectation. 

I have gone through with Naill blog which is our master database for any new feature in SCCM or MS Intune. 
Windows 10 servicing

however I thought I would also give some more details and have a blogged it.

In System Center Configuration Manager, you can view the state of Windows as a Service in your environment, create servicing plans to form deployment rings and ensure that Windows 10 current branch systems are kept up to date when new builds are released, and view alerts when Windows 10 clients are near end of support for their build of Current Branch (CB) or Current Branch for Business (CBB).

The following Windows 10 branch and build information is discovered and stored in the following attributes:

o    Operating System Readiness Branch: Specifies the operating system branch. For example, 0 = CB (no not defer upgrades), 1 = CBB (defer upgrades), 2 = Long Term Servicing Branch (LTSB)

o    Operating System Build: Specified the operating system build. For example, 10.0.10240(RTM) or 10.0.10586 (version 1511)

·         The service connection point must be installed and configured for Online, persistent connection mode to see data on the Windows 10 servicing dashboard. When you are in offline mode, you will not see data updates in the dashboard until you get Configuration Manager servicing updates.

Specify the group policy setting, Defer Upgrades and Updates, to determine whether a computer is CB or CBB.

Servicing plan workflow

Windows 10 servicing plans in Configuration Manager are much like automatic deployment rules for software updates. You create a servicing plan with the following criteria that Configuration Manager evaluates:

·         Upgrades classification: Only updates that are in the Upgrades classification are evaluated.

·         Readiness state: The readiness state defined in the servicing plan is compared with the readiness state for the upgrade. The metadata for the upgrade is retrieved when the service connection point checks for updates.

·         Time deferral: The number of days that you specify for How many days after Microsoft has published a new upgrade would you like to wait before deploying in your environment in the servicing plan. Configuration Manager evaluates whether to include an upgrade in the deployment if the current date is after the release date plus the configured number of days.

When an upgrade meets the criteria, the servicing plan adds the upgrade to the deployment package, distributes the package to distribution points, and deploys the upgrade to the

collection based on the settings that you configure in the servicing plan. You can monitor the deployments in the Service Plan Monitoring tile on the Windows 10 Servicing Dashboard

there are three Windows 10 servicing options we need to consider:

·         Current Branch

·         Current Branch for Business

·         Long Term Servicing Branch

Each branch has its' own properties. If you are using Current Branch, then updates and upgrades are made available as soon as they are released from Microsoft and the key benefits are that it makes new features available to users as soon as possible. Current Branch for Business allows more time (4 to 8 months depending on your Defer Updates and Upgrades preferences) to 'wait and see' how those updates (and upgrades) can impact your environment. The key benefit here is it provides additional time to test new feature upgrades before deployment which is useful in a business scenario. Long Term Servicing Branch is aimed at low-change configurations (Operational Technology for example) where changing functionality can impact production.

In the ConfigMgr console select Software Library and expand Windows 10 Servicing. The below screenshot should appear. 

The following Table clear the servicing plan:

·         Release Ready : Current Branch

·         Business Ready : Current Branch for Business

·         Long Term Servicing Branch : Long Term Servicing Branch

Create a Windows 10 servicing plan

Step-1 Sync the sup with WSUS

Then create the servicing plan

Servicing plans are akin to Automatic Deployment Rules (ADR) in Software Updates in that they can automatically download, and deploy updates to a collection based on the settings you define in the rule. Servicing plans however allow you to define what Windows 10 branches are in user in your environment and then monitor them in the servicing dashboard. From version 1602 onward, servicing plans are also tied so that you can manage the behavior for high-risk deployments.

Note: Servicing plans are designed to upgrade Windows 10 versions from one build to another build only.

you will create a servicing plan for Windows 10 Current Branch In the ConfigMgr console select Software Library and expand Windows 10 Servicing. Select Servicing Plans and in the ribbon click on Create Servicing Plan.

  

When the wizard appears, give the Servicing Plan a suitable name like SUM: Servicing Plan for Windows 10 (The SUM prefix allows you to clearly see that the deployment is for software updates in the monitoring console later.)

Next, point it to your target collection, this collection should contain Windows 10 computers that are suitable for this servicing plan (i.e. Current Branch as defined by not setting the Defer Upgrades setting).

Next you get to choose which Deployment Ring you'd like to use. The Deployment Ring refers to the Windows readiness state that applies to this servicing plan, and once again you get to choose between Release Ready (Current Branch) or Business Ready (Current Branch for Business). Depending on which state you choose, you will see different results in the console, so it's a good idea to use the Preview button on the Upgrades screen particularly when moving the days (to wait) slider.

 This servicing plan is aimed at Current Branch computers so select the first option

On the Upgrades screen select the three checkboxes and set the search criteria to

·         Language=English

·         Required=>=1

·         Title= Upgrade to Windows 10 Enterprise

Note: Make sure to select the right version (SKU) of Windows 10 for your deployment, if your clients are running Windows 10 Enterprise, then you should select the Enterprise version of the upgrade

Next, click on the Preview button, this will show what updates the wizard found that match your criteria

For the Deployment Schedule screen set the Software Available Time to be at least 4 hours after the rule has run in order for the actual software update deployment packages to reach the destination distribution points. In a slow wan, increase that time. For Installation Deadline, the deadline is the displayed deadline time plus a random amount of time up to 2 hours, this is to reduce the load generated by all computers in the collection downloading the updates at the same time.

On the User Experience screen, for User Notifications select Display in Software Center and show all notifications. For Deadline behavior, place a checkmark in Software Update Installation and System Restarts.

 On the Deployment Package screen choose Create a new deployment package and fill in the details as appropriate

Add the DP

Then download from the internet

Review additional servicing plan properties

Select the Evaluation Schedule tab, as you can see by default it's set to run after every SUP sync, if you want to change that behavior modify it here.

Then Run the servicing plan

Now that’s it, review all the steps and see once you get the update on Windows 10

Goodbye Patch Tuesday

Patch Tuesday is soon to be a thing of the past. Beginning in October, Microsoft will deploy fixes for Windows 7, Windows 8.1, Windows Server 2008 and Windows Server 2012 with a single cumulative monthly patch. This is designed help reduce fragmentation across your company’s PCs. The new system is right in the line with how updates are currently deployed for Windows 10.

From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update. The Monthly Rollup will be published to Windows Update (WU), WSUS, SCCM, and the Microsoft Update Catalog. Each month’s rollup will supersede the previous month’s rollup, so there will always be only one update required for your Windows PCs to get current. i.e. a Monthly Rollup in October 2016 will include all updates for October, while November 2016 will include October and November updates, and so on. Devices that have this rollup installed from Windows Update or WSUS will utilize express packages, keeping the monthly download size small.

Windows will proactively add patches to the Monthly Rollup that have been released in the past. Microsoft's goal is eventually to include all of the patches we have shipped in the past since the last baseline, so that the Monthly Rollup becomes fully cumulative and you need only to install the latest single rollup to be up to date. We encourage you to move to the Monthly Rollup model to improve reliability and quality of updating all versions of Windows.Microsoft is planning to add these previously shipped patches over the next year and will document each addition so IT admins know which KBs have been included each month.

It’s a big departure from the current system, under which Microsoft sporadically releases individual patches for the older platforms. That has some advantages, allowing IT administrators to selectively deploy updates as needed, but it also comes with some serious drawbacks. Under the current system, individual PCs frequently wind up with different updates installed, which causes syncing problems, boosts scan times, and ups testing complexity. Even just pinpointing the right patches before applying them can be a pain.

Here’s how the new system will work. In October, up-to-date PCs running the older platforms will receive just a single package of security and stability fixes from Windows Update, Windows Server Update Services (WSUS), System Center Configurations Manager (SCCM) and the Microsoft Update Catalog. If you delay the update in October, you’ll be prompted to install it again in November, along with another single set of patches for that month, and so on. Each month’s update will include patches for all previously-uninstalled months, from October onwards.

older updates will begin to be included in the monthly patch rollouts, dating all the way back to Service Pack 1 for Windows 7. That means that — at some point — you’ll be able to get fully up to date with just a single installation, no matter the current state of your PC.

Microsoft is allowing one exception for its new all-in-one update system, affording the ability to download and deploy security patches separately from stability fixes. That will reduce the size of the initial update needed to secure your company’s PCs as quickly as possible. Those updates will be available from WSUS, SCCM and the Microsoft Update Catalog, not Windows Update.

Servicing Stack and Adobe Flash updates won’t be included in the rollups. Microsoft will move to the same monthly rollup model for the .NET Framework in October too.

for more about patch Tuesday see on Patch Tuesday

Cireson ConfigMgr User Device Affinity app

The User Device Affinity app enables administrators, help desk staff, and other users to easily search, view, edit, and manage user to device relationships outside of the Configuration Manager Console.

With the User Device Affinity app, you can easily:

1. View existing user to device relationships
2. Associate new users to existing devices
3. Remove users from existing devices
4. Add new devices to existing users
5. Remove devices from existing users
6. Search and filter users and devices for management of UDA relationships
7. Launch Remote Manage in the context of a computer

Associating users to their primary devices (user device affinity) is a great feature of Configuration Manager. It allows you to easily deploy applications to a user’s primary device (often referred to as ‘user centric software delivery’). It also provides helpful information to your Help Desk so when a user calls in for support, they can have information on what computer they might be using. The problem with user device affinity is getting it configured, and configured correctly, in your environment. There are over a half dozen ways to associate users to computers – some automated, however most manual – which can lead to mistakes. The Cireson User Device Affinity app easily allows an administrator to view and manage the relationships between users and devices. This process is completed outside the Configuration Manager Console, which reduces complexity and confusion.

Thanks to Cireson, who made this fantastic tool.

for more detail and download the tool visit on cireson 

credit goes to Cireson. 

Current Branch Update ConfigMgr 1602

Microsoft announced the release today of System Center Configuration Manager (SCCM) 1602, which is the latest update to its device management product. The "1602" part of the update's name refers to its year and month release time (as in "2016 February"), but Microsoft announced its arrival today in March. It's just an update and not a new current branch for business release.

The current branch of System Center Configuration Manager was released on December 8, 2015. Today's announcement was the first update for the current branch with new features, not a brand new release.

SCCM as a Service
Microsoft now updates SCCM like the service model of Windows 10, with updates pushed down at certain intervals, called "current branch" and "current branch for business" for summer and fall releases. There's also a "long-term servicing branch" option for Windows 10. Possibly, Windows 10 will get an altered update cycle with this year's releases

Prior to this update, the current branch release of SCCM was known as "1511" (for "2015 November"). Microsoft announced the SCCM 1511 current branch in December.

A new current branch update is supposed to appear every month, per past Microsoft descriptions of its update process. A new current branch for business update is expected to appear every four months, so 1602, released after three months, wasn't the next current branch for business release.

These updates appear in the Updates and Servicing node of SCCM's console.

Microsoft has a similar update model for Office 365, but it uses slightly different terminology. "Branches" are called "channels" for Office 365 updates. Office 365 has "current channel" updates every month and "deferred channel" updates every four months.

If we fail to update to the next current branch for business after eight months' time, then we risk running "unsupported software." That means that the software will no longer get updates and security patches, a risky situation.

SCCM 1602 Perks
Organizations are getting plenty of perks with SCCM 1602. It enables in-place upgrades of Windows Server 2008 R2 to Windows Server 2012 R2.Other benefits include the ability to see the clients that are online and view the "health" of Windows 10 devices.

Another big benefit of SCCM 1602 concerns the management of Office 365 clients. They can be managed using SCCM's "Software Update Management workflow." This capability is possible for "Office 365 ProPlus, Visio Pro for Office 365 and Project Pro for Office 365,"

Intune-SCCM Management
Microsoft also announced new capabilities with SCCM 1602 when integrated with Microsoft Intune, which is Microsoft's mobile device management service. Organizations can use Intune as a standalone tool or it can be integrated with SCCM. The standalone tool tends to get its new capabilities faster than the integrated SCCM solution.

One new capability in the integrated Intune-SCCM solution is the ability to impose conditional access on devices. we can now specify with SCCM 1602 that devices have to have current software updates, antimalware protection and BitLocker encryption to connect with a network.

SCCM 1602 with Intune also permits Microsoft Edge browser deployments to devices. Edge browser settings can be changed with the SCCM 1602-Intune combo.

Some management capabilities for Apple iOS devices are unlocked with SCCM 1602 and Intune. we can set policies to "dynamically change settings such as server name or port for iOS applications."  They can enable iOS Activation Lock on devices or they can bypass it.

This update includes the following improvements:

• Client Online Status: You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline.
• Support for SQL Server AlwaysOn Availability Groups: Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database.
• Windows 10 Device Health Attestation Reporting: You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software.
• Office 365 Update Management: You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update.
• New Antimalware Policy Settings: New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan.
• Windows 10 Servicing: New improvements were added based on your feedback such as filters in servicing plans for upgrades that meet specified criteria, integration with deployment verification and a dialog in Software Center when starting an upgrade.

This update also includes new features for customers using System Center Configuration Manager integrated with Microsoft Intune. Some of the features that you can expect to see are:

• Conditional Access for PCs Managed by Configuration Manager: You can now use conditional access capabilities to help secure access to Office 365 and other services on PCs managed with Configuration Manager agent. Conditions that can be used to control access include: Workplace Join, BitLocker, Antimalware, and Software Updates.
• Windows 10 Conditional Access Enhancements: For Windows 10 devices that are managed through the Intune MDM channel, you can now set and deploy an updated Compliance Policy that includes additional compliance checks and integration with Health Attestation Service.
• Microsoft Edge Configuration Settings: You can now set and deploy Microsoft Edge settings on Windows 10 devices.
• Windows 10 Team Support: You can now set and deploy Windows 10 Team configuration settings.
• Apple Volume Purchase Program (VPP) Support: You can now manage and deploy applications purchased through the Apple Volume Purchase Program for Business portal.
• iOS App Configuration: You can now create and deploy iOS app configuration policies to dynamically change settings such as server name or port for iOS applications that support these configurations.
• iOS Activation Lock Management: New capabilities include enabling iOS Activation Lock management, querying for the status, retrieving bypass codes, and performing an Activation Lock bypass on corporate-owned iOS devices.
• Kiosk Mode for Samsung KNOX Devices: Kiosk mode allows you to lock a managed mobile device to only allow certain apps and features.
• User Acceptance of Terms and Conditions: You can now see which users have or have not accepted the deployed terms and conditions.

.

WMI Namespace Errors In CCMSetup Log file

 In your SMS client systems CcmSetup.Log file in the CcmSetup directory you may see any one of the following errors or warnings:

• MSI: Setup was unable to create the WMI namespace CCM
• The error code is 80041001 or 80070003

• MSI: Warning 25101. Setup was unable to delete WMI namespace CIMV2\SMS
• the error code is 80041001 or 80070003

• Client installation has failed too many times. Ccmsetup will now abort.

• Installation failed with error code 1603

what this is basically telling you is that WMI is out to lunch and has been reported as AWOL. To resolve these log file issues you must delete or rename the machines WMI Repository and allow it to recreate itself.

Follow the steps below to accomplish this:

1. Stop the "Windows Management Instrumentation" service.

2. Rename the Windows\System32\Wbem\Repository folder to ”Oldrepository”.

3. Restart the “Windows Management Instrumentation service”.

4. Verify that the Windows \System32\Wbem\Repository folder has been recreated.

5. Reinstall the SMS client software.

Troubleshooting Software Updates Client Issues SCCM

1-Client Scan Fails with Error 0x80040693

In the Microsoft System Center Configuration Manager 2007 console, view any reports in the category Software Updates - Troubleshooting. If a Configuration Manager 2007 client reports the error code 0x80040693, it means the client is running the wrong version of Windows Update Agent (WUA). Configuration Manager 2007 clients require version 7.0.6000.374 or higher.


Possible Solution
If client computers are configured for Automatic Update, they should automatically update their Windows Update Agent from their Automatic Update source. If clients are not configured for Automatic Update, you can locate the WUA redistributable file wuredist.cab on MSDN and deploy it using Configuration Manager 2007 software distribution.


2-Software Update Installation Fails with Error 0x80091007

Before a Configuration Manager 2007 client can install software updates, it verifies the hash on the content containing the software update. If the hash does not match, the client fails to install the software update and logs error 0x80091007 to the updatesdeployment.log on the client. The error is also sent to the management point and is visible in the reports under the category Software Updates 

Troubleshooting.
This issue is often caused by having the wrong version of the package on the distribution point. Frequently this issue occurs when content has not been replicated to a child site or when the package version has changed but the client has not received new policy yet.


Possible Solution

In the Configuration Manager 2007 console, navigate to System Center Configuration Manager ,Site Database, Computer Management,  Software Updates, Deployment Packages, Package Status, Package Status, and look at the source version for the package. Verify that all distribution points are using the same source version, including any distribution points at the child site. You can also look at distmgr.log for any errors that reference the package ID.


3-Software Update Installation Fails with Error = 0x80004002

A client computer fails to install a software update with the 0x80004002 error message reported in the client log files, such as the following sample log entries:
UpdatesHandler.log
WSUS update installation result = 0x80004002, Reboot State = NoReboot
Update execution failed.
WUAHandler.log
Failed to get final installation result of updates. Error = 0x80004002.
Update 1 () finished installing (0x80004002).
Update 2 () finished installing (0x80004002).
Installation of updates completed.
WindowsUpdate.log
WARNING: client failed installing updates with error 0x80004002
The UpdatesHandler.log and WUAHandler.log files are located in Logs, and the Windows Update.log is located in windir.

Possible Solution

The WUA installation on the client might be missing files or be corrupt. Reinstall WUA 3.0 on the client computer. For more information about installing WUA 3.0, 

Task Sequence Error 80070070 while deploying OSD

If you are getting Task sequence error 80070070



while deploying OS or capturing image, then that's mean there is no enough space in source directory to install OS, and also same thins there is no space in destination directory where you are storing Captured image.

so for avoid this error you have to provide enough space for Deploying OS and for source file where you are storing WIM Image.