Tuesday, December 8, 2015

Cisco CME and TOA 8000 Paging Setup

This year it seems that we have had a lot of equipment failures do to power outages.

This has been hard on the older paging equipment in our schools resulting in the need for new equipment.

We approached our audio experts for a solution that was network accessible and would still work with a Cisco CME based phone system if one was installed at that location at a later time.

Their solution was a TOA 8000 system which can be controlled and monitored over the network.

Unlike the previous TOA 9000 and Bogen PCM units that connected using an FXS port, the TOA 8000 requires different hardware.

The FXO port (same hardware that we use to connect to our telco provider phone lines) on the Cisco CME 2921 connects into the NL-8000AL interface unit.  The Cisco paging dial peers only required a port change and no changes were made to the Singlewire LPI software configuration we had set up for the Bogen equipment. (see previous post)

We found the TOA 8000 required a setting of a 1 second delay before paging.  If the delay was set to zero, the generated DTMF tones could be heard over the speakers on random occasions.

Monday, November 16, 2015

Singlewire's InformaCast LPI solution for Bells using a Cisco CME

We had been using SingleWire's InformaCast and LPI solution to run our bells schedule.
It integrated well with our Bogen equipment and allowed bells to ring both on the SCCP phones and Bogen paging system using a FXS port.

A few years ago we were installing a new CME into one of our remote sites, and found that the new version of Cisco OS was no longer compatible with InformaCast.  Or at least that is what SingleWire was telling us.

We couldn't downgrade the Cisco CME OS because the SRE module running the CUE would not work with older versions of Cisco CME OS.

After a little bit of trial and error, installing the InformaCast software using the HRE install option worked. Bells would now ring even though it reported an error about not being able to talk to the Communications Manager cluster... (see below)

Both the CUCM or CME install options for InformaCast wanted to 'talk' to the CME every time a bell was to ring and since it couldn't 'talk' to the new OS... the bell would not ring.

It's been working great until this year... now we are not sure if the Bogen equipment is starting to fail due to age or if the numerous power outages this summer have caused damage to the Bogen.  Either way the DTMF tones from the LPI software are not triggering the Bogen zones.  However paging from the Cisco CME using the same DTMF tones worked everytime.

After several tests, solutions were found for 3 out of 5 sites.  Adjusting the DTMF length and volume in the LPI device settings resolved the issue.  1 site will be getting new equipment as the Bogen is over 10 years old.  The other site will be testing this solution.

The previous config had the LPI software sending the DTMF tones based on the speaker on the single Device (ex 1410).  (Sip Address is the Voice Vlan IP of the CME)

The CME already has paging dial peers for the zones, so the LPI software will use those numbers (ex. 1411) when calling the CME via SIP calls.  The CME will pass along the DTMF codes and then the bell (aka message) will play.  (Sip Address is the Voice Vlan IP of the CME)

dial-peer voice 1411 pots
 destination-pattern 1411
 port 0/1/0 'FXS port connected to Bogen
 prefix ,07#

The problem was that the LPI device software needs at least 1 DTMF code or it will not create the InformaCast speaker.

The solution was rather simple after testing different volumes and time outs.
Change the "DTMF Via" option from "RFC2833" to "SIP INFO".
Now you do not hear the extra DTMF tones before the bell.

The other feature we lost in changing to HRE mode was the ability to play the messages on the phones.

Create a paging group for phones (In our case all phones)

ephone-dn  200
 number 1498
 name Paging All
 paging ip port 20482 'Works with SIP and SCCP phones
 paging group 201,202,203,204,205,206,207,208,251,303

Create a LPI Paging device that calls the 1498 via SIP.

Now create the speakers in InformaCast and add the Phones speaker to any of the InformaCast Paging Recipient Groups.  You may have to increase the "Wait Time" on the messages to allow the CME to send the DTMF tones.  The "Example Humoctopus Alert" message is perfect for testing.

Thursday, July 23, 2015

Cisco CME and Lync Simultaneous Ringing using Cisco SNR Feature

Cisco has a Single number reach feature that allows calls to ring more than one number. Think of it as a parallel hunt group but with the option to turn it off and on from the user's phone.

With this setup, the end user's Lync client and Cisco phone will ring a the same time.

Lync (Skype for Business) setup

Create PSTN Gateways
 - use the IP address of the CME

Create the Trunks
- Listening on port 5060 and Mediation port 5068.

Enable Enterprise Voice for user's account.

Assign a fake number to the Line URI in the user's account setup
(Example of user with extension 4025 would be Tel:+13065554025)

* You can also create a CME Dial Plan and a CME Voice Policy to allow Lync users to call out on the CME's phone lines from their Lync client.

Cisco CME setup

- If you are using Voice and Data Vlans on your CME, bind it to the CME same Vlan used by the Lync server.

interface GigabitEthernet0/0.1
 description Voice 
 encapsulation dot1Q 1
 ip address
interface GigabitEthernet0/0.134
 description Data
 encapsulation dot1Q 2
 ip address

voice service voip
  bind control source-interface GigabitEthernet0/0.1
  bind media source-interface GigabitEthernet0/0.1

Create voice translation-rules (these will add the +1306 in front of the number)

voice translation-rule 8000
 rule 1 /^81306/ /+\11306/
 rule 2 /^810101306/ /+\11306/
 rule 3 /^8306/ /+\11306/
 rule 4 /^8/ /+\11306/

voice translation-profile Lync
 translate called 8000

Create dial-peer for Lync server, 8 followed by the 7 digit phone number. 

dial-peer voice 8000 voip 
description ** SIP 7 digit to Lync13-01 ** 
translation-profile outgoing Lync 
destination-pattern 8....... 
notify redirect ip2pots 
session protocol sipv2 
session target ipv4: 

voice-class sip bind control source-interface GigabitEthernet0/0.2
voice-class sip bind media source-interface GigabitEthernet0/0.2
session transport tcp 
dtmf-relay rtp-nte 
codec g711ulaw 
fax rate disable 
fax protocol pass-through g711ulaw 
no vad

SNR on SIP Phones  (Add these commands to the basic DN and Pool settings)

voice register dn 1 
number 4025 
mobility snr 85554025 
delay 0 timeout 12 cfwd-noan 1200 
snr ring-stop 
snr answer-too-soon 1
voice register pool 1
number 1 dn 1
session-transport tcp
dtmf-relay rtp-nte sip-notify

SNR on SCCP phones (Add these commands to the basis Ephone-dn and ephone settings)

ephone-dn 300 octo-line 
snr calling-number local 
snr 85554025 delay 0 timeout 12 cfwd-noan 1200 
snr ring-stop 
snr answer-too-soon 1
ephone 1
button 1:300
See also - Cisco's Single Number Reach article

Tuesday, May 5, 2015

Find SCCM Device Variables Using Powershell

Sometimes you want a report of all the variables that computer/device will have when it runs the task sequence.

Here's a script that will report ...
a) device name
b) device assigned variables
c) Collection name with the assigned variables of which the device is a member.

It requires the SCCM console installed and you must provide the computer name in the command line.

The script will report back if the computer name is not valid and kill the powershell process.
For testing, run the script from a command prompt. i.e. powershell .\variables.ps1 computername

param (
    [Parameter(Mandatory=$true, HelpMessage="Computer Name",ValueFromPipeline=$true)] $strComputer
import-module ($Env:SMS_ADMIN_UI_PATH.Substring(0,$Env:SMS_ADMIN_UI_PATH.Length-5) + '\ConfigurationManager.psd1')
$nl = [Environment]::NewLine
$tab = "`t" #tab
$count = -1 # Allows for Null
write-host Checking Computer Name
    [System.Windows.Forms.MessageBox]::Show("Error! - No Source Computer Entered")
    stop-process $pid -Force #End Powershell task
#Verify Names
$Verify =  Get-CMDevice -Name $strComputer | forEach{$_.name}
    [System.Windows.Forms.MessageBox]::Show("No Record for "+ $strComputer)
    stop-process $pid -Force #End Powershell task
#Get-CMDeviceVariable -DeviceName <String>
# Find System Variables
write-host Checking System Variables
$Result = Get-CMDeviceVariable -DeviceName $strComputer
    #write-host $strComputer Not Found
    $strOutput = $strComputer
    $Result = Get-CMDeviceVariable -DeviceName $strComputer | forEach{$_.Name + $tab + $_.Value} |Out-String
    $strOutput = $strComputer.toUpper() + " Assigned Device Variables"+ $nl + "Variable Name" +$tab +"Variable Value" +$nl + $Result
If($ErrCount -ge 1){
    [System.Windows.Forms.MessageBox]::Show("Error" + $ErrCount)
    stop-process $pid -Force #End Powershell task
$strOutput = $strOutput + $nl + $strComputer.toUpper() + " Assigned Collection Variables"
write-host Checking Collection Variables
#Find Collection Variables
$ResID = Get-CMDevice -Name $strComputer | forEach{$_.ResourceID}
$Collections = (Get-WmiObject -ComputerName "SCCM SERVER NAME" -Class sms_fullcollectionmembership -Namespace root\sms\site_SITENAME -Filter "ResourceID = '$($ResID)'").CollectionID
foreach($collection in $Collections){
    $CollName = Get-CMDeviceCollection -CollectionId $Collection | forEach{$_.name}
    write-host $CollName
    $CollVar = Get-CMDeviceCollectionVariable -CollectionName $CollName | forEach{$CollName + $tab + $_.Name + $tab + $_.Value} |Out-String
    If ($CollVar){
        $CollOutput = "Collection Name" +$tab + "Variable Name" + $tab + "Variable Value"
        $CollOutput = $CollOutPut + $nl + $CollVar
$strOutput = $strOutput + $nl + $CollOutput
[IO.File]::WriteAllText('variables.txt', $strOutput)

More SCCM related posts

Friday, May 1, 2015

SCCM Boot Image with UltraVNC remote access

In preparing for a Universal Imaging Task sequence, the thought came across my mind, what if I want to see what's going on and the computer is 2 hours away?

Once the task sequence installs Windows, we have it install UltraVNC so after that point it is possible to remotely connect.  However what about before when the computer has booted from our PXE server and is running Windows PE.

Here is the quick and dirty version of how we can now VNC into a computer that has started up in Windows PE.

1) Create Standard WIM file using the Windows ADK and then before committing the changes...
1a) Created an 'xtras' folder on the root of the mount folder (I called it 'xtras' because it's always drive x: in our PE environment)

2) UltraVNC program with password protection
2a) Installed on test system running Windows 7 with any settings (i.e. password)
2b) Copied the UltraVNC found in Program Files to mount\xtras

3) Create Computername.vbs and copy into mount\xtras
3a) Basic script that extracts the IP address of the computer using WMI
3b) Disables the WinPE firewall - "wpeutil disablefirewall"
3c) Installs UltraVNC
3d) Popup message with IP address - only on screen for 90secs so that it does not prevent the task sequence from running.

4) Create startup.cmd file in mount\xtras
4a) In that file, it runs wscript.exe %systemdrive%\xtras\computername.vbs

5) Once files have been copied to the mount\xtras folder, you can commit the changes to the WIM and proceed with importing it into SCCM.

6) Create at 'winpeshl.ini' file (See below)
6a) Save to... C:\Program Files\Microsoft Configuration Manager\OSD\bin\x64 or C:\Program Files\Microsoft Configuration Manager\OSD\bin\i386

7) Add Drivers and any extra components that you require

8) Distribute/update boot images.

'winpeshl.ini' file contents
%SYSTEMDRIVE%\Windows\System32\wpeutil.exe, "initializenetwork"
computername.vbs example.
 'Extract Computer Details
'Version 3.01 WMI Query
'May 1, 2015
on error resume next
Dim oTaskSequence
'Create Objects
Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2") 'Local computer WMI
Set objShell = CreateObject("WScript.Shell")
strQuery = "SELECT * FROM Win32_NetworkAdapterConfiguration WHERE MACAddress > ''"
Set colItems = objWMIService.ExecQuery( strQuery, "WQL", 48 )
For Each objItem In colItems
for each IP in ObjItem.IPAddress
If left(IP,4) = "192." then
strIP = IP & vbCRLF & strIP
end if
StrInfo = "If you require any assistance..." & vbCRLF &_
"Please send this information to the IP department." & vbCRLF &_
vbCRLF & "IP Address: " & strIP
cmdFirewall = "wpeutil disablefirewall"
objShell.run cmdFirewall,0,1
cmdUltra = "%systemdrive%\xtras\UltraVnc\winvnc.exe -install"
'msgbox cmdUltra
ObjShell.run cmdUltra
objShell.Popup strInfo, 90, "Message Box Title"

More SCCM related posts

Monday, April 20, 2015

Blocking Cyber Attacks on Windows Servers using CyberArms software and PowerShell scripts

Recently the number of audit failures on our Remote Desktop and IIS servers has increased drastically in the last month.
List of IP addresses found here.
Found this program for our 2012 servers (or any RDP using TLS)

CyberArms Intrusion Detection and Defence System

Default config...
After 3 failed login attempts, it would temporarily block the IP for 20 minutes. (Soft Lock)
After 10 login attempts, it would block the IP for 24 hours. (Hard lock)
-There is the option to hard lock the IP address forever.

1) No option to customized notification emails. -wanted to include
2) Cannot white-list a service provider only IP addresses.
3) No Response to inquiry about their products and licensing.

Since the program creates an event log for when it blocks the IP address, a PowerShell script was created to add firewall rules (permanent rules) and send email notifications out with detailed information.

The original PowerShell script just sent out emails with the server name when an event log with 4001 or 9001 is created in the "CyberArms" event log.

It worked great on our 2012 servers, however 2008 stored the Event log data with extra returns and spaces in the IP addresses.  In testing it caused the local network to be blocked via firewall.  Good thing it was a virtual machine and could still be access through Virtual Center.

Updated the PowerShell script to distinguish between 2008 and 2012 servers.

Another VBscript was created to manually delete any firewalls from 'trusted' IP addresses using netsh from another computer.

After the first weekend having to check each IP address and manually delete the rules got old and time consuming.

The next revision of the script added NSlookup to a ProviderLookup function in the script.

The ProviderLookup function was created to allow certain IP addresses or provider names (provided by NSLookup) to be unblocked automatically.

Example if NSlookup returned a provider name with "Domain.ca" in it, then we trusted it and the firewall was deleted.

Emails now include the IP address, the provider information and if the rule was deleted.

Install CyberArms software
Enable any security agents in CyberArms
Download PowerShell Script "CyberArms Eventlog Script.txt"
- Rename to .PS1 and change "DOMAIN.CA" and email settings.
Create Task Sequence to run the script when event 4001 or 9001 is logged.

Update - April 21, 2015

The ProviderLookup function will now include Country and ISP information extracted from http://ipaddress.com if it cannot find a DNS name for the IP address.

Future options
1) Create the same firewall rule on more that one server via PowerShell Array variable.
2) Create a pause between rule creation and rule deletion, just in case there was malicious intentions.
- probably use a ping command to for 10 minutes then have it delete the rule.
3) Working on cleaning up the ProviderLookup function so that certain ISP names will be allowed.

Thursday, April 2, 2015

Removing a Lync Contact using Powershell and XML

Back in February I posted about adding contacts to Lync Groups.
However, what happens when you spell the contact address wrong and you just imported that into your 1000+ clients contact list...

Well, you need to find a way to remove the contact from the XML file.
I could have restored the backup files to the user accounts... but didn't think of that until I got this solution working. *

After trying to create an XML script tath use the same script in the previous post, but this time we will replace the offending string with blanks.

Add this to the Configurable Variables section
#Delete this line from XML
$Variable = @'
<Contact Buddy="contact@domain.com" SubscribePresence="1" Groups="1 20" />
$CommonContact = "contact@domain.com" # The one that is spelled wrong.

In the Process-Contacts Function,

Change If ($ContactsToAdd) to If ($ContactsToAdd) 

Remove the $ContactsToAdd section and replace it with.

$DeleteRecord = (Get-Content "$WorkingFolder\DocItemSet.xml") |
    ForEach-Object {$_ -replace $Variable, ""} |
    Set-Content "$WorkingFolder\DocItemSet.xml"

* This does remove the contact from the user's visual list of contacts.  However, when the user's contact info is exported, the old contact is still there just not listed in any groups which is why it doesn't appear in the client.

In short, double check spelling and try it on a test account.

To change the script from all users to 1 users change...
$AllSipAddresses = Get-CsUser -Identity lyncroom@domain.com -Filter {Enabled -eq $True} | Select SipAddress | %{$_.SipAddress.Replace('sip:','')}

Original Post about adding groups found here on Roland Paix's IT Blog

More on the custom Lync rooms found here.

Tuesday, March 31, 2015

Intel NUC and SCCM issues

We purchased a couple of the Intel NUC mini desktops (model NUC5i3RYK) for our custom Lync Room systems.

Deploying with Microsoft System Center Configuration Manager...

Same with any new system... the Window PE boot image needed new drivers for the Ethernet adapter. (In our case the 64 bit driver - e1d64x64.inf)

Created a driver pack for the Intel NUC system, however the drivers were not getting installed into the image by the "Apply Device Drivers" task.

Decided to try the "Apply Driver Package" and picked the Intel NUC package option to see what would happen.

Now the task sequence fails with...
This task sequence cannot be run because a package referenced by the task sequence could not be found. For more information, please contact your system administrator or helpdesk operator.

Using F8 and cmtrace to open the \windows\temp\SMSTS.log file and found this error message...
Failed to resolve selected task sequence dependencies. Code(0x80040104)

Found this website and updated the distribution points so that the source version number would not be '1' and now the task sequence is working and drivers are installing.

More SCCM related posts

Friday, March 6, 2015

SCCM Task Sequence User Verification

We know that Config Manager's Task Sequences run with a system account and can only be advertised to Device collections.

What if we wanted only certain people to have permission to re-image their computer?

This script will record the logged in username via wmi as a Task Variable.
If that account is a member of a specific domain group then the 'ValidUser' Task Variable will be set as True.

You can then use that 'ValidUser' Task Variable to allow groups or other commands/applications to run.

To test the sequence with the msgbox dialogs you will need the ServiceUI.exe file from the Microsoft Development kit.

'Find Logged in user
'Version 1.60
on error resume next
Dim objNetwork, objDomain, oTaskSequence
'msgbox "Testing"
'Create Objects
Set objNetwork = CreateObject("Wscript.Network")
Set objDomain = GetObject("LDAP://RootDSE")
Set oTaskSequence = CreateObject ("Microsoft.SMS.TSEnvironment")

' Obtain user information.
'strUserName = objNetwork.UserName
strcomputer = "."

Set objWMI = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 
Set colSessions = objWMI.ExecQuery ("Select * from Win32_ComputerSystem",,48) 
For Each objItem in colSessions 
if objItem.Username <> "" then
strUserName = Replace(Lcase(objItem.UserName),"prairiesouth","")
oTaskSequence("UserName") = replace(strUserName,chr(92),"")
'msgbox strUserName
strUserName = objNetwork.UserName
end if

If not lcase(strUserName) = "system" then
'Verifies not the System account.
strDomain = objDomain.Get("dnsHostName")
Set objUser = GetObject("WinNT://" & strDomain & "/" & strUserName)
For Each strGroup in objUser.Groups
If Lcase(strGroup.Name) = "help desk end users" or Lcase(strGroup.Name) = "information technology department" then
strValid = 1
oTaskSequence("UserGroup") = strGroup.Name
'msgbox strGroup.Name
exit for
end if
strValid = 0
end if

If strValid = 1 then
oTaskSequence("ValidUser") = "True"
'msgbox strValid
oTaskSequence("ValidUser") = "False"
'msgbox strValid
end if

More SCCM related posts

Friday, February 20, 2015

Bulk Import Custom Contact Groups into Lync User accounts

Was looking for a way to Populate our Lync Room systems into end users Lync Contacts as a group rather than a bunch of individual accounts.  (More on Lync Room Systems here http://bit.ly/netadmlr)

Based on the PowerShell script found below, a new section was created for the Contact Groups.

Rather than repost the entire code, here's the updated sections...
For each Lync group that you want to create I would suggest creating new scripts.

For Individual account testing...

#Old version Enable for All users Disable for individual testing
$AllSipAddresses = Get-CsUser -Filter {Enabled -eq $True} | Select SipAddress | %{$_.SipAddress.Replace('sip:','')}

#GM Added - Enable for individual testing
#$AllSipAddresses = Get-CsUser -Identity lastname.first@domain.com -Filter {Enabled -eq $True} | Select SipAddress | %{$_.SipAddress.Replace('sip:','')}

# Common Contacts - Enable and populate this variable with a set of Lync contacts to distribute to all users instead of distributing all users to all users. Overrides $DontAddUsers.
#$CommonContacts = "lrs1@domain.com","lrs2@domain.com"

To add /verify the Group exists.
$AllContacts = @($SipAddressesToAdd | ?{$_ -ne $User})
    [xml]$XMLFile = Get-Content "$WorkingFolder\DocItemSet.xml"
    $XMLPart = $XMLFile.DocItemSet.DocItem | ?{$_.Name -like "urn:lcd:*"}
    $XMLNode = $XMLPart.Data.HomedResource.Contacts
$XMLNodeGroup = $XMLPart.Data.HomedResource.ContactGroups #GM
    $ExistingContacts = @($XMLNode.Contact | Select -ExpandProperty Buddy)
$ExistingContactGroups = @($XMLNodeGroup.ContactGroup | Select -ExpandProperty DisplayName) #GM
#GM Lync Rooms Contact Group Add
If($ExistingContactGroups -eq "THluYyBSb29tcw=="){
write-host "`r`nLync Room Group Exists. Nothing changed.`r`n"
write-host "`r`nLync Room Group will be added.`r`n"
[System.XML.XMLLinkedNode]$NewContactGroup = $XMLFile.CreateElement('ContactGroup','http://schemas.microsoft.com/RtcServer/2002/11/dbimpexp')
            $NewContactGroup.SetAttribute('Number','20') #High number so as to not overwrite existing groups.
            #Display name in ContactGroups found in XMl file in test account
            #Export-CsUserData -PoolFqdn "lyncserver.domain.com" -UserFilter name@domain.com -FileName "c:\scripts\test.zip"
write-host "`r`nNo existing contact groups found.`r`n"
write-host "`r`nAdding New Contact Group XML Element.`r`n"
[System.XML.XMLLinkedNode]$NewNodeGroup = $XMLFile.CreateElement('ContactGroups','http://schemas.microsoft.com/RtcServer/2002/11/dbimpexp')
            [System.XML.XMLLinkedNode]$NewContactGroup = $XMLFile.CreateElement('ContactGroup','http://schemas.microsoft.com/RtcServer/2002/11/dbimpexp')
            $NewContactGroup.SetAttribute('Number','20') #High number so as to not overwrite existing groups.
            $XMLCGroup = $XMLPart.Data.HomedResource.Containers
            [xml]$XMLFile = Get-Content "$WorkingFolder\DocItemSet.xml"
            $XMLPart = $XMLFile.DocItemSet.DocItem | ?{$_.Name -like "urn:lcd:*"}
            $XMLNode = $XMLPart.Data.HomedResource.Contacts
#Back to original code
    Write-Host "`r`nExisting contacts:`r`n" 

Change these lines to include 1 and the group number in the $ContactstoAdd | foreach{} section
$NewContact.SetAttribute('Groups','1 20') 

If you have a large organization, you will need to create a new policy or edit the Global Presence policy.  Once all the Lync users had the Lync Rooms in the list, the "Maximum Followers Reached" error showed up on the Lync Room systems.

A new Presence Policy was created and applied to the Lync Room accounts. The MaxCategorySubcriptions was to 3000 and the error went away.

 Since it was only applied to the Lync Room systems it should not drastically increase the server traffic as compared to applying to all our Lync users.

Monday, February 2, 2015

SCCM 2012 Hard Drive with Bad Blocks Baseline

This PowerShell script will detect systems where the main hard drive is developing bad blocks.
Or as I call it, the "Click of Death".

Continuing with my previous posts on SCCM 2012 baselines items...

Same steps as Option 2 in the above mentioned post but using the discovery script below...
  1. You can add more If statements or expand it use ElseIf to record bad blocks from other hard drives.
  2. Or change the text in the If statement to just '*bad block*' to count all bad blocks event entries.

#Version 1.00 Feb 2, 2015
#SCCM Baseline for Bad Block on C Drive
$AllEvents = 0

#Default Event Logs
$Provider = "Disk"
$HourChange = 24 
$TimeNow = [DateTime]::Now
$TimeChange = [DateTime]::Now.AddHours(-$HourChange)

#Check Event Log for errors
$EventLogNames = "System"

ForEach ($log in $EventLogNames){
    $entry = " " 
    #Search Event Logs
    $LogEntry = Get-WinEvent -LogName $log | Where-Object {$_.timeCreated -ge $TimeChange -and $_.ProviderName -eq $Provider}
        ForEach ($entry in $LogEntry){
            $EvLevel = "Level: `t" + $entry.LevelDisplayName + $nl
            $EvEventID = "EventID: `t" + $entry.ID + $nl
            $EvMessage = "Message: `t" + $entry.Message
            $EvSource = "Source: `t" + $entry.ProviderName + $nl
            $EvTime = "Time Created: `t" + $entry.TimeCreated + $nl
            #write-host $EvLevel + $EvEventID + $EvMessage + $EvSource +$EvTime + $nl

           If ($EvMessage -like '*The device, \Device\Harddisk0\DR0, has a bad block*'){
                $AllEvents += 1

write-host $AllEvents

More SCCM related posts

Thursday, January 29, 2015

SCCM 2012 Task Sequence for Failing Hard Drive

Now that you have collections created based S.M.A.R.T diagnostics or Disk event log entries baselines for failing hard drives... (See previous post)

We can create a custom Task Sequence to notify the user of the problem, when they log onto the computer.

Optionally, you could also deploy this as an available task sequence, for end users to manually check hard drive status.

Here are my suggestions for the task sequence...

Name: Hard Drive Diagnostic
Progress notification text: "Please submit a help desk ticket if the hard drive reports as failing."  (or use the standard "Running: <Task sequence name>")
Suppress task sequence notifications - Optional
Maximum run time: 5 minutes
Run on any platform.

Sequence of Tasks... (Keep in mind that the "Name" is what the end user will see on the screen)
  1. Set Task Sequence Variable
    1. Name: Testing hard drive health. Please wait.
    2. Variable: HD Failure
    3. Value: True
    4. Options:Add a WMI query Condition
      1. WMI Namespace: root\wmi
      2. WQL Query: select * from MSStorageDriver_FailurePredictStatus Where PredictFailure = True
  2. Group 1:
    1. Name: Hard Drive Diagnostic Finished
    2. Options: Add a Task Sequence Variable
      1. Variable: HD Failure
      2. Condition: Equals
      3. Value: True
    3. Run Command Line (Under Group 1)
      1. Name: The hard drive is failing
      2. Command line: ping -n 30
        1. Should last about 30 seconds on the screen
    4. Run Command Line (Under Group 1)
      1. Name: We recommend replacing the hard drive.
      2. Command line: ping -n 30
        1. Should last about 30 seconds on the screen
  3. Group 2:
    1. Name: Hard drive Diagnostics Finished
    2. Options: Add a Task Sequence Variable
      1. Variable: HD Failure
      2. Condition: Not Exists
    3. Run Command Line (Under Group 1)
      1. Name: Hard drive passed diagnostics
      2. Command line: ping -n 10
        1. Should last about 10 seconds on the screen.

More SCCM related posts

Using SCCM 2012 Compliance Settings to Determine Hard Drive Health

As long as your computer has S.M.A.R.T hard drive diagnostic capabilities, the following can be used to track hard drive failures.

Configuration Item(s) in SCCM 2012.

Option 1 - Using WQL query

Name - Hard Drive Predictive Failure
Platforms - All (Although, if they are virtual machines this will not work.)

Settings -
  • Name: Storage Driver Failure Prediction
  • Type: WQL Query
  • Data: String
  • Namespace: root\wmi
  • Class: MSStorageDriver_FailurePredictStatus
  • Property:PredictFailure
Compliance Rules
  • Name: Possible Hard Drive Failure is True
    • I named it this to remind me that "False" is the result we want.
  • Rule: Storage Driver Failure Prediction Equals False
  • Noncompliance severity: Critical

 Option 2 - Using PowerShell script to read system event log

This option will read the System event log and count any 'disk' source logs that are not Information level. 
Note: This will include issues with temporarily attached external hard drives or USB drives.

Name - Event Log Disk Errors
Platforms - All (This will work for servers and virtual machines)
  • Name: Report disk errors found in Event Log
  • Type: Script
  • Discovery script (See end of post)
    • Counts the events and writes that value.
Compliance Rules
  • Name: Disk error count
  • Rule: Less than 1 (That's a number one)
  • Noncompliance severity: Critical
Now that you have created the Configuration Items, you can add (one or both) to a Configuration Baseline and deploy them to your collections.

Once deployed create collections for the non compliant systems and then use that information in reports for your help desk or create a Task sequence that alerts the end user that the hard drive is may be failing.

Here's the PowerShell script...
- Updated Feb 3, 2015 to exclude '*Device\Harddisk1\DR1*' event logs.

#Version 2.30 Feb 3, 2015
#Designed for SCCM Baseline
$AllEvents = 0

#Default Event Logs
$Provider = "disk"
$HourChange = 24 #Up to you how far back you want to go
$TimeNow = [DateTime]::Now
$TimeChange = [DateTime]::Now.AddHours(-$HourChange)

#Check Event Log for errors
$EventLogNames = "System"

ForEach ($log in $EventLogNames){
    $entry = " "
    #Search Event Logs
    $LogEntry = Get-WinEvent -LogName $log | Where-Object {$_.timeCreated -ge $TimeChange -and $_.ProviderName -contains $Provider -and ($_.LevelDisplayName -eq 'Warning' -or $_.LevelDisplayName -eq 'Error' -or $_.LevelDisplayName -eq 'Critical')}
        ForEach ($entry in $LogEntry){
            $EvLevel = "Level: `t" + $entry.LevelDisplayName + $nl
            $EvEventID = "EventID: `t" + $entry.ID + $nl
            $EvMessage = "Message: `t" + $entry.Message + $nl
            $EvSource = "Source: `t" + $entry.ProviderName + $nl
            $EvTime = "Time Created: `t" + $entry.TimeCreated + $nl
            #write-host $EvLevel + $EvEventID + $EvMessage + $EvSource +$EvTime + $nl

            #If ($entry.LevelDisplayName -eq "Critical" -or $entry.LevelDisplayName -eq "Warning" -or $entry.LevelDisplayName -eq "Error"){
            If ($EvMessage.tostring() -like '*Device\Harddisk1\DR1*'){
            ElseIf ($entry.LevelDisplayName -eq "Critical" -or $entry.LevelDisplayName -eq "Warning" -or $entry.LevelDisplayName -eq "Error"){
             $AllEvents += 1

write-host $AllEvents

More SCCM related posts

Monday, January 12, 2015

Cleaning up CCMCache folder in SCCM 2012

One thing I have found with System Center Configuration Manager is that the client cache folder can take up a lot space on the hard drive.  Filled with updates or applications source files that no longer are needed.

Only way is to set the Cache size to smaller value using a vbs script (or powershell) that runs these commands...
set oUIResManager = createobject("UIResource.UIResourceMgr")
set oCache=oUIResManager.GetCacheInfo()

However, if you were to install a program like AutoCAD that requires more than 4GB of cache storage, it would likely fail.

The PowerShell script listed at the bottom of this post (based on Kaido J√§rvemets posting at http://cm12sdk.net) will clean up the "old" content in ccmcache based on the LastReferenced WMI information. 

The '$ReferenceAge.Days -gt 30' section deletes anything not referenced in the last 30 days. 

The "#Change Cache size" section is optional and only included for reference.

The 'stop-process $pid -Force' command however is required as there have been cases where the PowerShell script fails to exit.

It can be run on a remote computer using the psexec program from Sysinternals.

copy the file over to hard drive of the remote system.
psexec.exe -s \\computername powershell -noprofile -file "c:\clear ccmcache.ps1"

Planned implementation... (other than manually running).

Compliance item for harddrives with less than x amount of free space that remediates with a PowerShell command.
Task sequence that runs every # of days.

$Today = Get-Date
$CacheInfoQuery = Get-WmiObject -Namespace Root\ccm\SoftMgmtAgent -Class CacheInfoEx
ForEach ($Item in $CacheInfoQuery) {
    $LastDate = [Management.ManagementDateTimeConverter]::ToDateTime($Item.LastReferenced)
    $CacheElementID = "{" + $Item.CacheID + "}"
    $ReferenceAge = $Today - $LastDate
    $FolderLocation = $item.location
    if ($ReferenceAge.Days -gt 30) {
        #Write-Host Found $CacheElementID Last referenced $LastDate That is $ReferenceAge ago in $FolderLocation -ForegroundColor Red
        #Based on
  Write-Host Too old, deleting folder $FolderLocation -ForegroundColor Red
        $CMObject = New-Object -ComObject "UIResource.UIResourceMgr"
        $CMCacheObjects = $CMObject.GetCacheInfo()
    #Remove number sign from the next 2 lines to allow for more information
    #else {
  #Write-Host $FolderLocation was last referenced $LastDate  That is $ReferenceAge days ago  -ForegroundColor Green}
#Change Cache size
$CacheQuery = Get-WmiObject -Namespace ROOT\CCM\SoftMgmtAgent -Class CacheConfig
$CacheQuery.Size = 1000
#Restart CcmExec service
Restart-Service -Name CcmExec

stop-process $pid -Force

More SCCM related posts