ConfigMgr client automatic site assignment behavior in a multi site environment

 

I’m currently working on a project where we implement a new ConfigMgr 2012 hierarchy in a forest where several ConfigMgr 2007 hierarchies already exist. The new ConfigMgr 2012 environment will be installed in a new domain within that existing Forest and we will not migrate any content from these ConfigMgr 2007 environments, but install every client using the OSD functionality of ConfigMgr 2012, but other deployment methods could be necessary for special scenario’s.

Even though this isn’t such a common scenario, I think the results of the test provide some insight on what you can expect in your own migration from ConfigMgr 2007 to ConfigMgr 2012, therefore I decided to share my findings. I hope it will be useful for someone reading this article.

Because one of the requirements for the implementation of ConfigMgr 2012 is that the impact on the existing environment should be as minimal as possible we did some test on what would happen if a ConfigMgr 2007 client would assign itself to a ConfigMgr 2012 environment and possible ways to prevent that.

• Install a ConfigMgr 2007 client when conflicting boundaries are configured on both ConfigMgr 2007 and ConfigMgr 2012
• Install a ConfigMgr 2007 client when there is only a boundary group with corresponding boundary defined in ConfigMgr 2012
• Install a ConfigMgr 2007 client and see what happens when it assigns to the ConfigMgr 2012 site and automatic client upgrade is turned on
• Install a ConfigMgr 2007 client and see what happens if only a boundary for Content Location in ConfigMgr 2012 is defined.

First there are some known and documented rules which we need to take into account:

A ConfigMgr 2012 client cannot attach itself to a ConfigMgr 2007 site. During Automatic Site Assignment, the ConfigMgr 2012 client will do a version check and when the site it tries to attach to isn’t at the correct level, it will fail to assign to that site.

In order to test the scenario’s, we build the following test environment

ConfigMgr 2007 Primary Site (pss1.nl.domain.local) in the NL child domain, with code N01

ConfigMgr 2012 Primary site (pss2.emea.domain.local) in the EMEA child domain, with site code E01

 

Test 1:Conflicting boundaries configured on both the ConfigMgr 2007 as the ConfigMgr 2012 site

• Configured an IP range boundary on the ConfigMgr 2007 site
• Configured an IP range boundary on the ConfigMgr 2012 site, and created a boundary group containing this boundary serving as a boundary group for both site assignment and content location
• Installed Windows 7 from its original ISO file in a VM
• Joined the Windows 7 client to the NL domain
• Started CCMSetup.exe from the \\<site server>\SMS_N01\Client folder.

Automatic Site Assignment process

LocationServices.log

<![LOG[A Fallback Status Point has not been specified.  Message with STATEID=’500′ will not be sent.]LOG]!><time=”13:51:54.708+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2064″ file=”fspclientdeployassign.cpp:53″>

<![LOG[Current AD site of machine is ADAM]LOG]!><time=”13:51:54.708+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2064″ file=”lsad.cpp:457″>

<![LOG[This client might be within the boundaries of more than one site – AD SiteCode search matched 2 entries]LOG]!><time=”13:51:55.130+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”2″ thread=”2064″ file=”lsad.cpp:1915″>

<![LOG[The client will be assigned to the first valid site]LOG]!><time=”13:51:55.130+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2064″ file=”lsad.cpp:1916″>

<![LOG[LSGetAssignedSiteFromAD : Trying to Assign to the Site <N01>]LOG]!><time=”13:51:55.130+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2064″ file=”lsad.cpp:1922″>

<![LOG[LSVerifySiteVersion : Verifying Site Version for <N01>]LOG]!><time=”13:51:55.130+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2064″ file=”lsad.cpp:5321″>

<![LOG[LSGetSiteVersionFromAD : Successfully retrieved version ‘4.00.6487.0000’ for site ‘N01’]LOG]!><time=”13:51:55.145+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2064″ file=”lsad.cpp:5129″>

<![LOG[LSVerifySiteVersion : Verified Client Version ‘4.00.6487.2000’ is not greater than Site Version ‘4.00.6487.0000’. Client can be assigned to site <N01>.]LOG]!><time=”13:51:55.145+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2064″ file=”lsad.cpp:5452″>

<![LOG[Current assigned site code for the client is ‘N01’]LOG]!><time=”13:51:55.176+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2064″ file=”lsad.cpp:3589″>

 

Results:

Even though the AD lookup returns 2 possible sites, the client assigns to the N01 site.

Automatic Site Assignment from the Control Panel fails.

 

New Questions based on this result are:

1.Does it assign to the N01 site, because that site is member of the NL domain as well (meaning, the computer account for the PSS for Site 1 resided in the NL domain)?

2.Does it assign to the N01 site, because maybe that’s the last site being returned from the Query (N01 is the last in the array)?

3. What happens if a ConfigMgr 2007 client gets assigned, and we turn on automatic client upgrade.

 

We repeated this scenario for another time, to see whether the N01 site code match was random, but the client assigned to the N01 site again. This does say nothing though, because we need to conduct several similar test to be really sure. But for now are guess is that probably N01 is the last site returned from the query, and which will be used.

We also repeated this scenario, but instead of joining the client to the NL domain we joined the client to the EMEA domain. Same behavior though, the client still auto assigned to the NL1 site.

 

Test 2:Boundary configured on ConfigMgr 2012 site only

• Removed the IP range boundary on the ConfigMgr 2007 site
• Configured an IP range boundary on the ConfigMgr 2012 site, and created a boundary group containing this boundary serving as a boundary group for both site assignment and content location
• Installed Windows 7 from its original ISO file in a VM
• Joined the Windows 7 client to the NL domain
• Started CCMSetup.exe from the \\<site server>\SMS_N01\Client folder.

Automatic Site Assignment process:

LocationServices.log

<![LOG[A Fallback Status Point has not been specified.  Message with STATEID=’500′ will not be sent.]LOG]!><time=”15:03:56.034+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”fspclientdeployassign.cpp:53″>

<![LOG[Current AD site of machine is ADAM]LOG]!><time=”15:03:56.034+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”lsad.cpp:457″>

<![LOG[LSGetAssignedSiteFromAD : Trying to Assign to the Site <E01>]LOG]!><time=”15:03:56.440+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”lsad.cpp:1922″>

<![LOG[LSVerifySiteVersion : Verifying Site Version for <E01>]LOG]!><time=”15:03:56.440+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”lsad.cpp:5321″>

<![LOG[LSGetSiteVersionFromAD : Successfully retrieved version ‘5.00.7711.0000’ for site ‘E01’]LOG]!><time=”15:03:56.456+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”lsad.cpp:5129″>

<![LOG[LSVerifySiteVersion : Verified Client Version ‘4.00.6487.2000’ is not greater than Site Version ‘5.00.7711.0000’. Client can be assigned to site <E01>.]LOG]!><time=”15:03:56.456+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”lsad.cpp:5452″>

<![LOG[Current assigned site code for the client is ‘E01’]LOG]!><time=”15:03:56.487+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”lsad.cpp:3589″>

<![LOG[A Fallback Status Point has not been specified.  Message with STATEID=’700′ will not be sent.]LOG]!><time=”15:03:56.487+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”fspclientdeployassign.cpp:53″>

<![LOG[Attempting to retrieve default management point from AD]LOG]!><time=”15:03:56.487+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”lsad.cpp:2537″>

<![LOG[Retrieved Default Management Point from AD: PSS2.EMEA.DOMAIN.LOCAL]LOG]!><time=”15:03:56.487+-120″ date=”06-26-2012″ component=”LocationServices” context=”” type=”1″ thread=”2292″ file=”lsad.cpp:2543″>

Result:

The ConfigMgr 2007 client can assign successfully to the ConfigMgr 2012 site. After a while the Actions Tab of the ConfigMgr 2007 client gets filled with all the available actions, and we see that HW inventory is working for example because the Resource Explorer returns the version of the ConfigMgr 2007 client. Even a optional deployment to the computer of a Package turns up in the Run Advertised Programs control panel applet on the ConfigMgr 2007 client.

 

We do see though, that there are a lot of logs with faults, like the policyevaluator.log:

<![LOG[Failed to update policy CCM_Policy_Policy4.PolicyID=”{542af439-2433-4bcc-987a-af641d17a67b}”,PolicySource=”SMS:E01″,PolicyVersion=”3.00″]LOG]!><time=”15:34:57.665+-120″ date=”06-26-2012″ component=”PolicyAgent_PolicyEvaluator” context=”” type=”3″ thread=”1464″ file=”policyutil.cpp:6852″>

 

Test 3:Automatic Client Upgrade options turned on.

New in ConfigMgr 2012 is the option to automatically upgrade a client which is below a certain defined version. In the RTM version this is every client with a version lower than 5.0.7711.0. Peter Daalmans, a ConfigMgr MVP has described its functionality in a blogpost which can be found here: http://www.systemcenterblog.nl/2012/02/22/configuration-manager-2012-client-upgrade-settings/

 

Microsoft doesn’t recommend this method as your primary method to install your ConfigMgr 2012 clients though, please keep this in mind. Prefer to use any other available method. You can use this method though in certain special scenario’s. Further I hope that MS is going to make this method standard so we can centrally configure client upgrade after a patch is made available for example. Just like we do in SCOM.

• Removed the IP range boundary on the ConfigMgr 2007 site
• Configured an IP range boundary on the ConfigMgr 2012 site, and created a boundary group containing this boundary serving as a boundary group for both site assignment and content location
• Installed Windows 7 from its original ISO file in a VM
• Joined the Windows 7 client to the NL domain
• Started CCMSetup.exe from the \\<site server>\SMS_N01\Client folder.
• Turned on Automatic Client Upgrade in the ConfigMgr 2012 Hierarchy settings.

Result:

We see the same behavior as in Test 2, only after a while we see in the task manager that a new CCMSetup.exe is started, which uninstalls the ConfigMgr 2007 client, and installs the ConfigMgr 2012 client. We don’t see any Automatic Site Assignment taking place though, which means that the ConfigMgr 2012 client uses the settings of the previously installed ConfigMgr 2007 client.

 

Testscenario 4:No sites defined for client assignment.

• Removed the IP range boundary on the ConfigMgr 2007 site
• Configured an IP range boundary on the ConfigMgr 2012 site, and modified the boundary group containing this boundary serving as a boundary group for only content location
• Installed Windows 7 from its original ISO file in a VM
• Joined the Windows 7 client to the NL domain
• Started CCMSetup.exe from the \\<site server>\SMS_NL\Client folder.
• Turned on Automatic Client Upgrade in the ConfigMgr 2012 Hierarchy settings.

 

Locationservices.log

<![LOG[A Fallback Status Point has not been specified. Message with STATEID=’500′ will not be sent.]LOG]!><time=”14:09:15.299+-120″ date=”06-27-2012″ component=”LocationServices” context=”” type=”1″ thread=”2684″ file=”fspclientdeployassign.cpp:53″>

<![LOG[Current AD site of machine is ADAM]LOG]!><time=”14:09:15.299+-120″ date=”06-27-2012″ component=”LocationServices” context=”” type=”1″ thread=”2684″ file=”lsad.cpp:457″>

<![LOG[Attempting to retrieve SLPs from AD]LOG]!><time=”14:09:15.377+-120″ date=”06-27-2012″ component=”LocationServices” context=”” type=”1″ thread=”2684″ file=”lsad.cpp:2261″>

<![LOG[Retrieved SLPs from AD]LOG]!><time=”14:09:15.705+-120″ date=”06-27-2012″ component=”LocationServices” context=”” type=”1″ thread=”2684″ file=”lsad.cpp:2265″>

<![LOG[Current AD site of machine is ADAM]LOG]!><time=”14:09:15.721+-120″ date=”06-27-2012″ component=”LocationServices” context=”” type=”1″ thread=”2684″ file=”lsad.cpp:457″>

<![LOG[Raising event:

instance of CCM_CcmHttp_Status

{

DateTime = “20120627120915.830000+000”;

HostName = “PSS1”;

HRESULT = “0x00000000”;

ProcessID = 2712;

StatusCode = 0;

ThreadID = 2684;

};

]LOG]!><time=”14:09:15.830+-120″ date=”06-27-2012″ component=”LocationServices” context=”” type=”1″ thread=”2684″ file=”event.cpp:525″>

<![LOG[LSGetAssignedSiteFromSLP : No site code returned from SLP]LOG]!><time=”14:09:15.846+-120″ date=”06-27-2012″ component=”LocationServices” context=”” type=”3″ thread=”2684″ file=”lsad.cpp:2076″>

 

Results:

Client fails to assign successfully to a ConfigMgr site, which means that it is unmanaged and is expected behavior

Overall Conclusion:

When you have a similar situation, and currently you use automatic site assignment for your ConfigMgr 2007 environment, you have some challenges to overcome when you configure conflicting boundaries for your ConfigMgr 2012 clients. This is a common scenario issue which you need to overcome when migrating clients, especially while the two systems are active on the same time for a while.

If automatic site assignment is used, you need to have insight in the boundaries used, and determine if a client can possibly assign itself to the ConfigMgr 2012 environment when overlapping boundaries are present. If that is the case, you can’t use automatic site assignment on one of the sites. In our case this wasn’t a problem since we would use OSD to install the ConfigMgr client and therefore will not use Automatic Site Assignment by specifying a boundary group enabled for this.

Site assignment during OSD works a little bit different. Below is how assignment works in the ConfigMgr 2007 Setup Windows and ConfigMgr Task Sequence Step.

Source: http://technet.microsoft.com/en-us/library/bb693951.aspx

The client should automatically be assigned to a site by the Config Windows and ConfigMgr action.  We do not allow you to specify what site the client joins because it needs to join a specific site for the task sequence to complete successfully:

1.       If the task sequence is started from the Full OS on an existing client then the site assignment will be migrated
2.       If the task sequence is started from PXE it will be assigned to the PXE server’s site
3.       If the task sequence is started from media it will be assigned to the site the media was created on.

At time of writing the expected behavior for ConfigMgr 2012 clients isn’t documented yet. But we can expect this to work similar to ConfigMgr 2007. Except for option 3, since we now have 2 media options, one specific for a site, and one media which is hierarchy wide. I would expect this information to show up here:  http://technet.microsoft.com/en-us/library/hh846237.aspx

Microsoft has the following statement about this scenario, as stated in the Supported Configurations (http://technet.microsoft.com/en-us/library/gg682077#BKMK_SupConfigSiteAssignment)

To prevent Configuration Manager 2007 clients from unintentionally assigning to a System Center 2012 Configuration Manager site when the two hierarchies have overlapping boundaries, configure Configuration Manager 2007 client installation parameters to assign clients to a specific site.