Hi,
We are using SCCM 2012 R2 which isn't compatible with vRealize 6.2, but I need to be able to add a machine to a collection via Orchestrator. I can do this using the command:
Add-CMDeviceCollectionDirectMembershipRule -CollectionName "mycollection" -ResourceId $(get-cmdevice -name "mymachine").ResourceID from a host with the conosle enabled, but I cant seem to run it from VCO.
I have tried two methods:
1. Remote Powershell commands running from the Powershell Host:
$sess = New-PSSession -ComputerName mySCCMhost -ConfigurationName Microsoft.Powershell32 -Authentication Kerberos -Credential $cred
Invoke-Command -Session $sess -ScriptBlock {$env.computername; Import-Module "D:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"; Add-CMDeviceCollectionDirectMembershipRule -CollectionName "myCollection" -ResourceId $(get-cmdevice -name "myVM").ResourceID}
2. Running a script on the Powershell host:
Import-Module ($Env:SMS_ADMIN_UI_PATH.Substring(0,$Env:SMS_ADMIN_UI_PATH.Length-5) + '\ConfigurationManager.psd1')
CD MySiteDrive:\
Add-CMDeviceCollectionDirectMembershipRule -CollectionName "myCollection" -ResourceId $(get-cmdevice -name "myVM").ResourceID
Neither work, I believe its something to do with the ConfigurationManager module not being able to be called remotely.
Both methods add the module successfully but cant connect to the SCCM site drive with the error "Cannot find drive. A drive with the name 'DPS' does not exist."
I have verified that I have remote access to the SCCM server by doing invoking the command to get the hostname or the runnign services, which is successful, so I have ruled out auth issues.
Has anyone got any ideas how I can call this command?
Hey,
We are doing this using the Library/Powershell/Invoke an external script. We found that the vCo service account needs to connect to SCCM using powershell once and then it worked.
Login to SCCM server with vCo service account (this is the account configured under inventory\powershell\<SCCM server added as a PShost>)
Open SCCM and from the top left chose connect using powershell. this will prompt you to say yes to running scripts.
try running your script again.
I actually worked around this issue by using Guest Operations on the Powershell host, ie running powershell scripts locally so as not using Powershell remoting.
It's pretty painful that the SCCM module doesn't support Powershell remoting
Hello JOJOG.
Can you explain what you mean when you say using Guest Operations running powershell scripts locally?
I am trying to create a WKFL which either installs the SCCM 2012 agent and/or SCOM 2012 agent. Any links or ideas or possible wflw download?
When I am logged into the newly deployed VMs we run the following to install the SCCM agent.
\\SCCMSERVER01\sms_sa1\Client\ccmsetup.exe /mp:SCCMSERVER01.ourdomain.com /logon /skipprereq:silverlight.exe SMSSITECODE=XX1 FSP=$BACKUPSCCMSERVER.ourdomain.com
How did you create the wflw to prompt you for which ever local server you are trying to install it on?
Thanks so much if you can help!
I have the SCCM client already in the base VM template, which you can anonymise by deleting the SMS certificates and one other file, I think its called SMSConfig.ini.
The real problem was the lack of Powershell remoting on the module. Therefore I utilise the VMware Guest Operations API to launch the script on the Powershell host, which is also a VM (luckily) to do the SCCM commands. I dont yet have the code tracking any errors, its fire and forget, but use the inbuilt workflow from the VCO LIbrary called "Run Command in Guest OS" and change the parameters to run on the Powershell host, such as:
programPath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
arguments: -Command c:\powershell\scripts\SCCMPostBuild.ps1 -vm
Ohmy gosh.. I'm excited to try this out.. So much appreciated!.. !!
Dont get too excited - SCCM can be painful when you're trying to do rapid deployments. It is just so slow to react despite taking poll intervals down to the minimum. I ma finding the client takes about 6 mins to register in the console, then I have a task sequence which often fails, but then sets to auto retry 15 mins later and goes through without a hitch.
I'm seriously thinking of ditching the SCCM integration and just running installs directly off a DFS-Namespace
Ouch.. well.. I just would like a wflw which installs or removes the agents on VMs, after the OS / Mcafee agent is installed. So, seeing how you do you have it installed in the template.. we did try that.. I think we had an issue but fixable.
Otherwise, I just would like to figure out how to call PS commands to install or query from a wflow with a "pop-up" sort of the server name.
Our decommission process requires the engineers to remove the agent locally from a PS command on the server ( in our case multiple servers ) locally with the following PS command -
$resID = Get-WmiObject -computername OURSCCMSERVER -Query "select resourceID from sms_r_system where name like 'SERVER_NAME'" -Namespace "root\sms\site_xx01"; $computerID = $resID.ResourceID; $comp = [wmi]"\\OURSCCMSERVER\root\sms\site_xx01:sms_r_system.resourceid=$computerID"; $comp.psbase.delete()
or from the SCCM console by deleting..
So, not sure which is easier..at this point.
Ahh.. vCO 5.5.2 does not have that particular name of wflw but does have Run program in guest.
I have never had any issues with the SCCM client being baked into the template as long as you delete the certs and delete the file I mentioned above
Why bother removing the agent on Decommissioning? Just let the VM be deleted, and delete the object in SCCM using the command:
$compObject = get-wmiobject -query "select * from SMS_R_SYSTEM WHERE Name='$vm'" -computername SCCMServer -namespace "ROOT\SMS\sitecode"
$compObject.psbase.delete()
This looks similar to what you are doing anyway
So, would run the workflow Run program in guest wflw from the library? I guess I'm confused where I would put that script or which wkflw I could use to enter it and then get a prompt for the server name. :smileyconfused:
Are you trying to provision VMs through vRA using SCCM 2012 R2? If so you can just use the native vRA integration. Works great. We deploy about a dozen different OSes from SCCM 2012 R2 from vRA 6.2.2. The deployments take about 20 minutes for a fully patched OS. It can take longer if we place it into an OU with additional software packages.
I attached an image of the vRA custom properties im using with SCCM to deploy our systems.
We have a large CM installation so we had to set the timeout of the connection to SCCM from 5 minutes to 10 minutes.
also, make sure you on a recent update pack. There was an issue with OSD in earlier updates that was making our OSD take over an hour. Applying the latest update pack resolved the issue.
Negative. I am using vCO 5.5 or 6 to deploy and only SCCM for agent and post deployment customization / software installs.
Well there's your problem right there!
Ive had problems tunneling through powershell sessions where the credentials get jacked up. I've had much better luck executing powershell scripts from vRO using the guest script manager package.
With this you're essentially logging into the server using the vmware tools and executing the script.
Hey pizzle85,
Question for you -
We're trying to test the native vRA 6.2.2/SCCM 2012 R2 integration right now and we're pretty close to having it working...however at the end the vRealize Agent script/installation gets stuck (we used the "Create a Software Package for SCCM Provisioning" VMware doc steps to set it up). Have you seen this happen before, or any idea what could cause this?
Is your management service behind a load balancer where the deployed machines IP address can not directly access the individual IaaS management services? If that's the case then you will run into an issue where the vCAC Agent will try to communicate with the management server that deployed the machine directly, which will result in a hang. I had to modify the GuestAgent.vbs script in the guest agent package as follows:
'End If
' CUSTOM
isItHttps = 1
h = "LoadBalancer FQDN:443"
' Have to fix the bat file that actually runs agent executable
This basically overwrites the scripting that decides which management node to communicate with.
No, the management service is not behind a load balancer. It's a minimal installation deployment. Do you know if there are certain SCCM or VRA logs we should focus on for troubleshooting?