Skip navigation

Category Archives: Work

With the vulnerability and fixes supplied to BASH a few months back there’s been a need to update the service control script I had written for the Configuration Manager client.

The updated client can be found here.

Be sure to read the README file contained within the tarball and modify the cm-installer file as required for your environment.

If you want additional information, please review the original post found here.

Ok, so I didn’t see this documented anywhere, but found a need to reduce additional I/O from our SCCM application folder (thanks RCM and BCP).

Anyway, thanks to Stack Overflow and a random post I ran across about enumerating and changing registry values simply, here’s an example that would move them from e: to a similar folder structure on i:

( I’ve modified these to make them readable within the sites format, be sure to delete any breaks and have them as a single line before copying them into your console.)

get-itemproperty -path HKLM:\software\microsoft\sms\tracing\* tracefilename | 
%{set-itemproperty -Path $_.PSPath TraceFilename -Value 
( $_.TraceFilename -Replace "e:","i:")}

and

get-itemproperty -path HKLM:\Software\Microsoft\sms\providers\ "Logging Directory" | 
%{set-itemproperty -Path $_.PSPath "Logging Directory" -value 
( $_."Logging Directory" -Replace "e:","i:")}

( I’ve modified these to make them readable within the sites format, be sure to delete any breaks and have them as a single line before copying them into your console.)

Finally restart the sms_executive service and you should be good to go.

I’m just gonna leave this example right here….

gwmi -Namespace root -class __Namespace -Filter "name = 'ccm'" | rwmi

I updated this last month, and didn’t make a point to highlight it. It’s fairly important that if you are using any of my service control scripts or cron jobs that you update with the newer version.

I updated this within the previous post which can be found here.

So there was a recent security update for RHEL that breaks a library dependency for the Configuration Manager client and OMI.

/opt/microsoft/configmgr/bin/ccmexec.bin: error while loading shared libraries:
 libssl.so.1.0.0: cannot open shared object file: No such file or directory

The issue is simple enough to fix with a sym link update.

sudo ln -sf /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.1.0.0
sudo ln -sf /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.1.0.0

Simple enough.  If you are on x86 then change /usr/lib64 to just /usr/lib/

Special thanks to Morten Vinding for the best library to use.

A really cool graphical representation of the current attakcs occuring all over the world.

Here’s the source page.

Post updated 1/24/15


With the SP1 release of Configuration Manager 2012 support for certain Linux distributions as a client platform has been introduced.  Interestingly enough, they’ve added a WMI type mock up that the client uses to interact with and gather data from these varied distributions.  It’s not a perfect solution, but certainly a step in the right direction.  I’ve spent a fair amount of time working through some of the Linux client problems (within Redhat) and have built an installer, and service control script, along with cron jobs to overcome some of the faults I’ve seen with the client failing to perform certain tasks in a timely fashion.

Before using any of my code, I recommend reviewing the Linux Configuration Manager installation documentation provided via Technet.  I’d also encourage you to read up on managing these clients from the Technet as well.  It’s fairly straight forward, but as I stated before it’s not a perfect solution.  I’ve found problems with zombied threads of the client on the box preventing policy updates, or needs for random restarts of the omiserver etc.

You are welcome to use parts of or all of the provided code as you see fit in your environments of course:

This first portion is a service control script that works for the Redhat distrubtions of the client.  I place this within the bin of all my assets to give simpler control of the services and for simplified cron entries.

#!/bin/bash

#CM Client Script
#Author: Daniel Belcher
#Date: 8/7/13 Modified: 1/19/15
#This script is intended for automation of services by cron and simpler
#asset management through the command line

#LDIR="/var/log/"
#DATE=`date '+%m%d%y'`
RUID=0
CCMEXEC="/opt/microsoft/configmgr/bin/ccmexec"
if [ "$UID" -ne "$RUID" ]
        then
        echo "User needs to be root to run $0 $1"
                exit 1
fi

start () {
$CCMEXEC
        sleep 1
echo
        exit 1
}

stop () {
$CCMEXEC -s
        sleep 1
echo
        if $(ps aux | grep [c]cmexec.bin) > /dev/null
        then
                kill $(ps aux | grep [c]cmexec.bin | awk '{print $2}')
        fi
exit 0
}

restart () {
$CCMEXEC -s
        sleep 2
                if [ $(ps aux | grep [c]cmexec.bin) ]
                then
                        kill $(ps aux | grep [c]cmexec.bin | awk '{print $2}')
                fi
        sleep 1
$CCMEXEC
        sleep 1
echo
        exit 0
}

trimlogs () {
        if [ ! $2 ];then
                SIZE=2048
        else
                SIZE=$(( $2 * 1024 ))
        fi

rollover $SIZE "/var/opt/microsoft/scxcm.log"
rollover $SIZE "/var/opt/mirorosft/scx/log/scx.log"
rollover $SIZE "/var/opt/microsoft/scx/log/scxcimd.log"
rollover $SIZE "/var/opt/microsoft/scxcmprovider.log"
}

rollover () {
FILESIZE=$1
LOGPATH=$2

if [ -f $LOGPATH ];then
LOGSIZE=$(du ${LOGPATH} | awk '{print $1}')
        if [ $LOGSIZE -gt $FILESIZE ];then
                cat /dev/null > $LOGPATH
                        echo "Clearing entries in $LOGPATH"
        fi
fi
}

policy () {
$CCMEXEC -rs policy
        sleep 1
echo
        exit 0
}

hinv () {
$CCMEXEC -rs hinv
        sleep 1
echo
        exit 0
}

sinv () {
$CCMEXEC -rs sinv
        sleep 1
echo
        exit 0
}

case "$1" in
        start)
                start
        ;;
        stop)
                stop
        ;;
        restart)
                restart
        ;;
        policy)
                policy
        ;;
        hinv)
                hinv
        ;;
        sinv)
                sinv
        ;;
        trimlogs)
                trimlogs $2
        ;;
        *)
                echo $"Usage: $0 (start|stop|restart|policy|hinv|sinv|trimlogs)"
                exit 1
esac

This next portion is a simplified installer script that can be used to build a unified installer for your environment that I’m currently using (it also places the script from above, and imports the cron jobs I’ve created).  It’s still required to place the client install files in the folder with this script of course:

#!/bin/bash

RUID=0
MP="management.point.server.com"
SITECODE="ABC"
if [ "$UID" -ne "$RUID" ]
        then
        echo "User needs to be root to run $0"
                exit 1
fi

if [ -f "fix-lib.sh" ]; then
        ./fix-lib.sh
fi

./install -mp $MP -sitecode $SITECODE -clean ccm-Universalx64.tar
        cp configmgr /bin/
#               crontab cm-crontab

sleep 5
configmgr stop
        sleep 30
cp scxcmprovider.conf /opt/microsoft/omi/etc/
if [ -f "/opt/microsoft/omi/scxcmprovider.log" ]; then
        echo "Moving scxcmprovider.log to /var/opt/microsoft/"
                mv /opt/microsoft/omi/scxcmprovider.log /var/opt/microsoft/
fi
configmgr start

These are the cron entries, to be used as an example:

#---Begin Configmgr Jobs---
0 0 * * 2,4,7 configmgr restart
1 * * * * configmgr policy
0 12 * * * configmgr hinv
0 8 * * 3 configmgr sinv
0 * * * * configmgr trimlogs 5
#---End Configmgr Jobs---

For more information regarding cron and what these entries mean, please read this.  They do a nice job of explaining this in a fairly straightforward manner.

Putting it all together….

This following link contains the tar.gz that can be used to install from.  Be mindful to read the README file and update the cm-installer script before you begin to insure you are pointing to a proper site.

Redhat CM12 Client Installer.

A further note that the Red Hat install I’m using here is based off the universal x64 binaries and will work for a lot of different distributions. Be sure to verify your distribution against the required package and substitute as needed.

As some of you know, I’ve been working on CM 2012 for a while now, and establishing a hierarchy.  One of the unfortunate tasks with this job has been boundary creation.  Finally after a longer period than it should have taken I went to build a tool to create site boundaries for me out of a csv, similar to tools with SCCM 2007.

I found the sms_boundary class hadn’t changed (outside of an obsolete boundaryflag property) so I decided to test it out with powershell as a one liner, and it worked great.  I did a bit more research and stumbled across something already written by MVP Kaido Järvemets from Estonia, and enjoyed his minimalistic script for it so I followed his methodology (mostly) and ended up with this script that reads from a boundaries.csv file

boundary

 

$sitecode = "ABC"
$siteserver = "mysiteserver"
$boundarylist = Import-Csv '.\boundaries.csv'

foreach($Item in $boundarylist)
{Switch($item.'type')
	{"Subnet" 	{$Type = 0}    
	 "AD" 		{$Type = 1}
     "IPv6" 	{$Type = 2}
     "Range" 	{$Type = 3}}
$arrValues = @{DisplayName = $Item.description; BoundaryType = $Type; `
Value = $Item.boundary}
Set-WmiInstance -Namespace "Root\SMS\Site_$sitecode" -Class SMS_Boundary `
-Arguments $arrValues -ComputerName $siteserver}

Not to take credit for other peoples work, especially since this is a hacked up version of his original which can be found here.

Laziness is the true mother of necessity I think in IT, and the tedious act of viewing multiple properties pages brought about this one liner.  If you too are setting up diverse deployment sets and need to quickly verify multiple deployments for reboot supression state. Here’s a way to do it in powershell:

gwmi -namespace "root\sms\site_<sitecode>" 
-query "select assignmentname from sms_updategroupassignment 
where assignmentname like '%<NAME SEARCH VALUE>%' and suppressreboot = '3'"
 -ComputerName <SITESERVERNAME> |Select -Property assignmentname

<chopped up for readability sake>

Suppressreboot values:
0 = No Suppression
1 = Workstation Suppression
2 = Server Suppression
3 = Server & Workstation Suppression

replace <> values with your relevant search criteria.

More class information.

Just a link, but well done.

http://martinvalasek.com/blog/pictures-from-a-developers-life

Animated gifs to describe the day to day of a developer; or most personnel in an engineering level role of IT.