Year ago,I created CM07 report to know the patch compliance stats for active patches last 30 days.More info can be found from here.But this report was for configuration manager 2007 which will not work with Configmgr 2012 due to the changes in storing the information in SQL tables/Views.

I have created similar report for configuration manager 2012.This report will list down all active patches which are deployed during last 30 days .I have used the criteria to filter the days using patch released date(DateCreated).

SQL Code Used in SSRS Report:

select UI.Title, UI.BulletinID,
Count (case when UCS.ResourceID is not null then ‘*’ else Null end) as  Targetted,
Count(case when UCS.Status=3 then ‘*’ else Null end )AS Installed,
Count (case when UCS.Status=2 then ‘*’ else Null end ) AS Missing,
CONVERT(decimal(5,2),round(100.00*COUNT(case when UCS.Status=3 then UCS.ResourceID else NULL End) /count(UCS.ResourceID),1)) ['Success Ratio %'],
case UI.IsSuperseded
when 1 then ‘Yes’
Else ‘No’ End as [Superseded],
case UI.Isexpired
when 1 then ‘Yes’
Else ‘No’ End as [Expired],
case UI.IsDeployed
when 1 then ‘Yes’
Else ‘No’ End as [Deployed],
ui.dateposted,UI.DateCreated,
Deadline=cdl.Deadline,
UCS.CI_ID,
UI.InfoURL
         from v_UpdateComplianceStatus UCS
         inner join v_UpdateInfo UI On UI.CI_ID=UCS.CI_ID
         inner join v_R_System Sys on sys.ResourceID=UCS.ResourceID
        inner join v_CICategoryInfo CI On CI.CI_ID=UCS.CI_ID
        outer apply (
          select min(a.EnforcementDeadline) as [Deadline]
          from V_CIAssignment  a
         join v_CIAssignmentToCI  atc on atc.AssignmentID=a.AssignmentID and atc.CI_ID=UCS.CI_ID
           ) cdl
            where (DATEDIFF(Day,UI.DateCreated, GETDATE())) <=30
         group by UI.BulletinID,UI.Title,cdl.Deadline,UI.InfoURL,IsExpired,IsSuperseded,dateposted,IsDeployed,UCS.CI_ID,UI.DateCreated

Looking for RDL file ? Download it from here,uploaded to your SSRS Report folder and Run

To know more about software update management and how does system become compliant in Configmgr refer http://blogs.technet.com/b/system_center_in_action/archive/2011/05/02/test.aspx

Configmgr SSRS Report : Patch Compliance Statistics Last 30 days is a post from: Eswar Koneti's Blog

Recently,After the Path Tuesday, None of the clients which are reporting to Primary Site do not perform a successful Scan (clients beneath secondary Site are working Good) .This leads me to look at the software update logs on the client to see what is going wrong. Since most of the clients directly reporting to Primary are having issues so thought of checking/troubleshoot this issue on the Primary site itself .

Browse through the wuahandler.log from Drive:\Configmr\SMS_CCM\Logs,below is what I can see.

OnSearchComplete – Failed to end search job. Error = 0×80244022.

Scan failed with error = 0×80244022.

To know the error code description about ‘0×80244022’ ,use error lookup from cmtrace (ctrl+L).

Same as HTTP status 503 – the service is temporarily overloaded.

Source: Windows Update Agent

The 503 Service Unavailable error means, the problem is usually with the web site is down which is WSUS in this case.

Tried restarting the server ,followed by WSUS service and IIS service but issue still exist.

after the search on the internet,found this article ,leads me to check the application pool in IIS.I jump into IIS to check the status of WSUS application pool which was in stopped state .

After starting the wsuspool application,sync completed successfully.

Tried to initiate software update scan cycle on the client,monitor wuahandler.log

Hope it helps!

Configmgr: OnSearchComplete – Failed to end search job. Error = 0×80244022 WUAHandler.log is a post from: Eswar Koneti's Blog

Recently,I was troubleshooting configmgr 2012 client issue ,the installation keeps failing with error code :1603 (from ccmsetup.log) ,error says ,”Fatal error during installation”.

in addition to this,I see something interesting about network access location %APPDATA%.

MSI: Could not access network location %APPDATA%\.

File C:\Windows\ccmsetup\{181D79D7-1115-4D96-8E9B-5833DF92FBB4}\client.msi installation failed. Error text: ExitCode: 1603
Action: CostFinalize.
ErrorMessages:
Could not access network location %APPDATA%\.
Could not access network location %APPDATA%\.

From CCMSETUP.Log:

while installing sccm client,It requires to access the environmental variable %APPDATA% from registry location which are are corrupted/Changed for several reasons .

How do I Fix it ?

There is fix available on the support.Microsoft.com and msdn but with different Error Code Error 1606: Could Not Access Network Location.

I have applied the similar fix on the problem computer before reinstalling the ccmsetup.exe.it worked

Here is the simplified fix for you :

1. Open the Registry editor
2. Navigate to the following registry keys HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

If you look at all the values for the variables in the above pic,you can identify the odd one which is appdata.
3. The correct and default value for AppData should be: %USERPROFILE%\AppData\Roaming

4. It would be better to also check and correct the Appdata Value for the below registry keys as well before we start the installation.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\

Hope it helps !

Configmgr Client Error:ccmsetup failed with Exit Code: 1603, MSI Could not access network location %APPDATA% is a post from: Eswar Koneti's Blog

While Upgrading Clients from Configmgr 2007 to Configmgr 2012,we see lot of issues with respect to client failure like client is installed with exit Code ‘0’ but software center do not work as intended,client is installed but no policies etc.

I had interesting issue recently during the client up-gradation from CM07 to CM12.Client was installed successfully with Exit code ‘0’ from ccmsetup.log(%windir%\ccmsetup\logs) but software center doesn’t open.

If I look at the properties of configuration manager applet,actions tab,I can see only 2 policies appearing(Machine and User) .locationservices.log and clientlocation.log,clientIDmanagerstartup.log show positive information,there are no errors but still unable to launch software center.

Here is what I see when I launch software center message:

Software Center cannot get the current status for some of the software. Software Center will list any items with available status. You can press F5 to refresh the view. If the problem persists, contact your help desk.
More information:
Loading Software Center returned error code 0×0041013 (-2147217389).

Tried uninstalling client using ccmsetup.exe /uninstall , ccmclean.exe and all possible things we do to fix it but issue doesn’t go away.

The above error is causing because, Old CM client was not uninstalled successfully.

After long troubleshooting,found the culprit was dll file from registry.Interesting ?

So how do I fix it ?

1. Go to registry Editor (regedit from Run command)

Right click on HKEY_CLASSES_ROOT and Find with {555B0C3E-41BB-4B8A-A8AE-8A9BEE761BDF}

On the search found value, check, if the value for default  (HKEY_CLASSES_ROOT\CLSID\{555B0C3E-41BB-4B8A-A8AE-8A9BEE761BDF}\InProcServer32) is set to below or not if not, change the value to C:\WINDOWS\CCM\ccmcisdk.dll

Check the registry with same ID once again (you can press F3) {555B0C3E-41BB-4B8A-A8AE-8A9BEE761BDF} , under HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ ,if exist, the below underlined value should be deleted.

Now launch software center, it should allow you to see the applications(may take time depends on the policy retrieval time).

Until next!

Configmgr 2012: Software Center returned error code 0×0041013 (-2147217389) is a post from: Eswar Koneti's Blog

A question asked in the forum recently about,way to get list of applications ,packages assigned to specific collection.I looked at the default reports if there is any or similar which can be customized but cannot find.

It is hard to see always what apps/packages assigned to collection using manual method.Here is the SSRS /SQL query to get list of apps assigned.

This contains 2 queries 1) apps assigned and 2) packages assigned both excluding the software updates and endpoint protection updates.

I always use Configmgr 2012 R2 SQL views excel spreadsheet to find the correct view for what you need.For this report,application name is available from v_ApplicationAssignment and package name(legacy) from v_advertisement.

Applications Assigned:

select CA.ApplicationName,
case when NotifyUser=1 then ‘Yes’ Else ‘No’ End as ‘Notify User’,
case when  UserUIExperience=1 then ‘Yes’ Else ‘No’ End as ‘UserUIExperience’,
case when AssignmentAction=2 then ‘Install’ Else ‘Uninstall’ End as ‘Action’,
CA.CreationTime,CA.LastModificationTime,CA.LastModifiedBy from v_ApplicationAssignment CA,v_Collection coll
where ca.CollectionID=coll.CollectionID and
coll.CollectionID=@collection and (CA.AssignmentName not like ‘%Software Update%’ and CA.AssignmentName not like ‘%Endpoint Protection%’)

Package Assigned:

select SUBSTRING(adv.AdvertisementName, 1, CHARINDEX(‘_’, adv.AdvertisementName) – 1) aS [Advertisement Name],
adv.ProgramName,adv.ExpirationTime from v_Advertisement adv,v_Collection coll
where adv.CollectionID=coll.CollectionID
and coll.CollectionID = @Collection

Prompt:

select CollectionID,name from v_Collection
order by name

Download the RDL file from Technet Gallary:

Some information about Notify User and UserUIExpeirnce from Phil .

Application Deployments which are marked as Available will have two options:

Display in Software Center and show all notifications
Display in Software Center, and only show notifications for computer restarts

Deployments marked as Required also have a third option to “Hide in Software Center and all notifications”

The NotifyUser value determines whether the user sees notifications for new applications in the system tray, and the UserUIExperience determines whether the user sees anything at all related to the application.  Thus an available deployment set to show all notifications would have a value of 1 for both, an Available or Required deployment set to only show notifications for reboots would have NotifyUser set to 0 and UserUIExperience set to 1, and a Required deployment set to hide everything would have both set to 0

SCCM Configmgr 2012 Report Applications packages assigned to specific collection is a post from: Eswar Koneti's Blog

If you are using User Device Affinity–associating a user with one or more specified devices  for application deployment to make sure the application install on all devices that are associated with that user,it is necessary to identify the computers which do not have primary User Defined.More about User Define Affinity http://technet.microsoft.com/en-us/library/gg699365.aspx.

Create collection using below WQL query for list of computers with Primary Device is NULL.(Make sure you limit the collection to computers with Client installed and Active) else you will get all computers who do not have sccm client installed .

WQL query uses wmi class (SMS_UserMachineRelationship) which store the information only about UDA relationship. Usermachinerelationship will not have any entries for computers do not have UDA relationship.

so I use subselected query using not in function.Get list of computers for which UDA relationship is not null and compare them with v_r_system active clients.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId not in (select resourceid from SMS_UserMachineRelationship where UniqueUserName is not null)

Hope it helps.

SCCM Configmgr 2012 Collection for computers with Primary User (UDA) is NULL is a post from: Eswar Koneti's Blog

Configmgr 2012 allow admins to specify the Client Settings at collection level to control the behavior and functionality of the clients.

You can create as many number of Custom Client Device/User settings (9999) which you can apply onto collections(Device/User).

What happens if client is member of multiple collections that have client settings ? All the Custom Client settings that you create are chosen with the priority. Higher the priority(1) will take over the settings with lower priority(10000).

If you are going to have multiple client agent settings,focus attention else you will see undesired results.

By Default,Configmgr will Configure default client settings at Hierarchy Level with priority 10000 (low) which is applied to every User and Device.To know more about Client Settings refer TechNet http://technet.microsoft.com/en-us/library/gg682067.aspx

Now,lets jump into the subject line. After the Configmgr 2012 Installation ,Default Client settings is configured with necessary changes,in this case,Remote tools is configured ‘Permitted viewers of remote control and remote assistance’ with AD security groups allowing users, who are member of this AD security group can do Remote control from Configmgr.

These settings(remote Control) will be then applied to every Client (both workstations and servers) in next policy interval.what happens when this is applied ?

It will create Local security group called ‘ConfigMgr Remote Control Users’ by providing necessary DCOM permissions to this group.You can verify the remote control properties via wmi or registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control)

so far so good ,but recently I had requirement from server Team to deny the remote control on servers –the other way,Remote control is not allowed using Configmgr.

The course of action would be ,to create custom device settings and disable the remote tools ? I have done this but after sometime,server team comeback saying,there are still AD security groups part of local group.

Disabling the remote tools will deny user to do remote control from configmgr but you are also supposed to remove the entries from both registry and local Security Group for server team .

Simply Disabling the Remote tools will not help you in this case,so I have to test with different options to meet the server guys requirement and below goes for you.

Case 1: Disable ‘Enable Remote control On clients’ without removal of permitted viewers ?—In this case,remote tools will be disabled on the client but you will have both security groups from registry and Local group(ConfigMgr Remote Control Users).

Case 2: Disable ‘Enable Remote control On clients’ with removal of permitted viewers ?—In this case,remote tools will be disabled on the client by removing the entries from registry but not from Local group(ConfigMgr Remote Control Users).

Case 3:Enable ‘Enable Remote control On clients’ with removal of permitted viewers ? In this case,Remote tools will be enabled but it will delete the entries from both registry and as well local Group (ConfigMgr Remote Control Users).

Note: I am not describing about other remote tool options here like ‘Manage remote desktop settings’ ,’Play sound on client’ etc.

I chosen option 3 in this case .

Questions via comments section(Leave a Reply).

Configmgr 2012:Custom Client Device Settings What happens when you enable or disable Remote control On Clients is a post from: Eswar Koneti's Blog

Few days back,I was working on Client health remediation issues.for this activity,I created some cool SSRS reports based on client health statistics(soon,will post them on the blog) how many are with client,without client etc.

count of missing clients are not too bad (few hundreds) but still need to get possible clients* into configmgr console using different client installation methods like client push,logon script etc.

During this process,I found many clients are with duplicate records,obsolete ,multiple resource ID with same computer name.More via http://social.technet.microsoft.com/Forums/systemcenter/en-US/8f3fd7cd-0e3d-4429-bcde-02b2ec77324d/report-showing-servers-showing-two-os?forum=configmgrgeneral#ac775d37-141a-404c-a345-7d882b1bbe17

the above issues are addressed in multiple blogs—- how to create collection to find duplicate records and delete them from database but I thought of presenting all in this blog including new issue—One computer with different Resource IDs

I ran below SQL query on SSMS (management Studio) ,found many entries .pick one computer and ran select * from v_r_system where name0=’computer name’ .This results 2 entries for one computer name,both the computers are active,No Obsolete,Client is 1 ,what else I can check to differentiate between .This is really confusing ,you should try to fix it by somehow else you will impact on patch compliance % because only one computer will send the compliance report but no other.

select sys.name0
from v_r_system sys
group by  sys.name0
having count(sys.name0) >=2

How do you cleanup this mess from Database ?

Created a collection with all these entries using query based or what ever you prefer and delete them from database.don’t worry though,these deleted computers will be back to the console with their next DDR cycle.

List of collection you need to have in place to cleanup duplicate entries are:

Duplicate Computer Names:

select R.ResourceID,R.ResourceType,R.Name,R.SMSUniqueIdentifier,R.ResourceDomainORWorkgroup,R.Client from SMS_R_System as r full join SMS_R_System as s1

on s1.ResourceId = r.ResourceId full join SMS_R_System as s2 on s2.Name = s1.Name where s1.Name = s2.Name and s1.ResourceId != s2.ResourceId and R.Client = null

Duplicate Resource ID with same Computer Name(based on Active Status):

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,

SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Active is null  and SMS_R_System.Name in (select Name  from  SMS_R_System where SMS_R_System.Active = "1")

Obsolete Computers:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,

SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Obsolete = "1" and SMS_R_System.Name not like "Unknown"

You can either manually delete the entries from collection or create schedule job which performs delete resources from the collection using task scheduler .

SCCM Configmgr 2012 Delete duplicate ,Obsolete records etc using collections is a post from: Eswar Koneti's Blog

Content Prestage in Configmgr 2012 is a new/Updated feature from its previous Version Configmgr 2007(Preloading).Content Prestaging is mainly used for the sites which has Slow or costly network connectivity.

When you are creating new site Distribution Point at remote location with Slow connectivity,you cannot distribute the missing packages due to bandwidth constraints.Configmgr 2012 allows you to create Prestage Content means,You can Export the content from One DP (Note: Only DPs under this particular Site could be Primary or Secondary will be listed but not from Other sites) ,copy to Disk,ship it and then import to the newly configured DP.

To know more about how to export content,Import Content using ExtractContent.exe refer TechNet  and Kent’s blog.

Lets jump into the Issue Now.As usual,configured New DP,copied the exported content (.pkgx) to ship,imported the content to newly Created server and started prestaging the content using ExtractContent.exe.

As  I have hundreds of packages to prestage,I created batch script and leave the server for day to complete the process. Next day,I ran query to see how many packages missing on the server ,report show few of them though the prestage is successfully done. I took one random package,do the prestage on the newly configured DP manually using command:extractcontent.exe /P:J:\Compressed_Packages\P0100035.pkgx /F to see its progress.

Monitor J:\SMS_DP$\sms\logs\PrestageContent.log for progress,it says “Sent P0100035.3 package state message to site”.

Immediately look into distmgr.log on the Site server(primary or Secondary where the DP is created attached ),search with package ID ‘P0100035’ ,found below message.

Will reject STA for DP ["Display=\\INSCCM1.eskonr.com\"]MSWNET:["SMS_SITE=P01"]\\INSCCM1.eskonr.com\ as it does not exist in the PkgServers table

Will not process this invalid package status file from remote DP ["Display=\\INSCCM1.eskonr.com\"]MSWNET:["SMS_SITE=P01"]\\INSCCM1.eskonr.com\, delete F:\SCCM\inboxes\distmgr.box\INCOMING\Q01XWOHT.STA

The error says,the prestaged package do not exist in ‘PkgServers’ table thus,site system cannot accept the STA file to process it.this leads me to think about, I have not added any of the imported packages to this DP prior running ExtractContent.exe

and why is it giving error only for few packages ? Question Remains ?

How do I make sure the content is available on the server without utilizing the WAN link ?

Get list of packages (mix of all package types like apps,OSD,Packages,drivers etc) that are having issue with prestaging,use the script to available here to distribute to DP.

On the DP server,do prestage content for missing packages using :extractcontent.exe /P:J:\Compressed_Packages\P0100035.pkgx /F

Monitor distmgr.log on Primary/Secondary ,you will see package being processed processed and content will not send over the WAN as site already received status message(.STA) saying package is already installed.

I have also seen other issues with content prestaging from distmgr.log like ‘Discarding old status update for package P01003BE for distribution point ["Display=\\INSCCM1.eskonr.com\"]MSWNET:["SMS_SITE=P01"]\\INSCCM1.eskonr.com\.’

which means,the prestaging file version(for ex: 10)  is older than the version (Ex:11) that exist on the Primary site.For this ,you will have to either export the updated content or let the content transfer via WAN link.

Conclusion: It is good practice to have all the production packages assigned to DP group(DP group contains list of all DPs).So ,If you build New DP,you don’t have to target packages individually instead,you can DP to DP Group.

hope it helps!

Configmgr 2012 Content Prestage Error from distmgr log -Will reject STA for DP as it does not exist in the PkgServers table is a post from: Eswar Koneti's Blog

Most awaited and First Cumulative Update which was expected to be released in Q2 (as per the news from various forums) but Microsoft decided to release it early and here it is for you.

There has been many DCR’s(Design Change Request) raised by several of Configmgr guys and my self raised support ticket with Microsoft about software center available date after showing old date(1998) ,more info here and Microsoft tried to resolve most of them in Cumulative Update 1.

As this is the first Cumulative Update,it will not replace any other previous Update.

so what are the issues that are fixed and functionality Cumulative Update 1 (CU1) ?

• Administrative console
• Mobile Device Management
• Reporting
• Application Virtualization
• Internet-based clients
• Software Center
• Operating system deployment
• Endpoint Protection
• Application management
• Site systems
• Windows PowerShell http://support.microsoft.com/kb/2932274
• Wake-up proxy

If you look at above ,we can understand ,CU1 fixes issues in almost all areas of Configmgr 2012 R2.

More about issues that are fixed with full description and download Hotfix http://support.microsoft.com/kb/2938441/en-us and Powershell issues http://support.microsoft.com/kb/2932274

How do you check if the Cumulative Update has been installed and what changes made to the Admin Console,Client and what else ?

On the Site systems,check the registry key located under the following Subkey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Setup

The CULevel value is set to 1 for Cumulative Update 1.

The version of Administrative Console will be 5.0.7958.1203

Configmgr 2012 R2 Client Version will be 5.00.7958.1203

Endpoint Protection Client Anti-malware Client Version will be 4.5.0216.0

How to Install CU1 on Primary and secondary ,admin console and clients ,http://eskonr.com/2014/03/how-to-install-configmgr-2012-r2-cu1-part-1/

Configmgr 2012 R2 Cumulative Update 1 –KB2938441 Released is a post from: Eswar Koneti's Blog

Configmgr 2012 R2 Cumulative Update 1 released today(Mar 28,2014), to know more about this update,refer http://eskonr.com/2014/03/configmgr-2012-r2-cumulative-update-cu1-released/

Installation of any Cumulative Update is straight forward process (so Far) by clicking Next,Next ,Next and is simple to consider but you should be cautious before doing the upgrade like taking up the backup of Configmgr and should be recent one,make sure your site is running in good condition.

My Lab Hierarchy Consists of 1 Primary,1 Secondary and 2 Distribution points with several clients. all servers running on Server 2012 OS.

What is the Hierarchy to install the Update ? You should come from top to bottom (Means from CAS if you have else Primary to secondary’s).

You can install this Update on the following:

• Central Administrative Site
• Primary Site (Standalone)
• Secondary Site(Hierarchy)
• Provider and Console

I have divided this task into 2 posts  1) How to install Configmgr 2012 R2 CU1 on Primary Site 2) How to install Configmgr 2012 R2 CU1 on Secondary Site and upgrade Clients.

so,we are now ready to upgrade Primary Site to CU1 after having good backup of Site.Make sure you close the Configmgr Console connections if any.

Here is my Primary Site properties.You might be wondering why did i capture the screenshot,This is not because to check the Version of Site is updated to New(of course it is one of the Reason) but also compare if any Information available in the Properties of Primary site about what is the CU level and What version are we running like R2 etc as you might have seen in Configmgr 2007 about R2 or R3 etc in Site Properties.

R2 running on Version:5.00.7958.1000.

Download the Hotfix,Unzip and install CM12-R2CU1-KB2938441-X64-ENU.exe.

From above,you can notice that, Where all you can install this Update on and what

Small Prerequisite Check

you can also check the log what is happening on the backend ,log located at:C:\windows\temp\cm12-r2cu1-kb2938441-x64-enu.log

Click Next

Select ,Yes,Update the Database

this step will create packages with programs which you can deploy to other configuration manager systems like SMS provider,Console and clients.

By Default,It will select the default location ,if you want to provide custom name,you can do so but i like the default options.

This package is for Configmgr Admin Console.

This package is for X86 and X64 clients.

we are done with most of the steps, and ready to start the installation.

Click Next

Installation Started ,meantime start looking at log file to see the progress ,log at C:\windows\temp\cm12-r2cu1-kb2938441-x64-enu.log

back to the installation wizard,setup completed. (It took 15 min to complete the setup wizard)

Click Next

We have successfully installed CU1 on Primary Site.

Before you open the Configmgr Console,lets have a look at folder structure for the packages what has been created during the installation.

Browse to your Configmgr installation Directory F:\SCCM\hotfix\KB2938441

so you basically have 4 packages created 1) Console 2) clients 3) Update Publisher 4)Site servers

you can see these packages created in Console.

How do you check What version of CU level applied onto the Site server ? You can find this using Registry Key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Setup with CULevel=1

Now lets open the Console and see what has been changed to the console ?

Check the properties of Primary Site

Go to administration node—Site configuration –Sites—right click on Primary Site,properties,

If you compare the above pic and the one which we capture before we upgrade to CU1,both are same.there are no changes with respect to displaying the CU information in Site properties but lets check the console if it has updated or not.

From the Console ,on the top Left Corner,click on about Configuration manager

As you can see,the Version is changed to .1203

so we are done with Installation of Configmgr 2012 R2 CU1 on primary Site and verified it is successfully installed by looking at Registry Key also the admin Console.

Next part,we will see how to Update Secondary Sites,Consoles and Clients http://eskonr.com/2014/03/how-to-install-configmgr-2012-r2-cu1-part-2/

How to Install Configmgr 2012 R2 CU1 Part 1 is a post from: Eswar Koneti's Blog

This is continues to my Previous post (Part 1) that we saw yesterday on how to install Configmgr 2012 R2 CU1 on Primary Site.

In this post,we will see how to install CU1 on Secondary Sites ,Distribution Points ,Admin Console and Clients.

Installation of CU1 on secondary Site can be done in 2 ways depends on hierarchy.If you have more number of secondary sites,prefer to go with software distribution method OR if you have limited say 1 or 2 ,prefer to CU manually on the secondary Site .

In this blog post,I will talk through the installation of CU using software distribution method on Secondary Site and Distribution Points.

After the packages created in Console,we need to make sure they available on the DP’s.Lets distribute all the 4 created packages to DP’s.

Note:By Default,configuration manager create packages with simple command line(uses .exe) ,you can make use of msi to add /norestart and log file (l*v) etc.

Next,create collection for secondary sites,admin console and clients (x86 and x64).

Collection for R2 CU1-Site server to get all DPs and secondary Sites:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,
SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System
where SMS_R_System.SystemRoles = “SMS Component Server“

Collection for R2 CU1-Console Update:

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from  SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "System Center 2012 R2 Configuration Manager Console" and SMS_R_System.Client = "1" and SMS_R_System.Active = "1"

Collection for R2 CU1 Client x86:

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from  SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SMS_ADVANCED_CLIENT_STATE on SMS_G_System_SMS_ADVANCED_CLIENT_STATE.ResourceID = SMS_R_System.ResourceId where SMS_R_System.Client = "1" and SMS_G_System_SYSTEM.SystemType = "X86-based PC" and SMS_R_System.Active = "1" and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.DisplayName = "CCM Framework" and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.Version != "5.00.7958.1203"

Collection for R2 CU1 client x64:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,
SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId
inner join SMS_G_System_SMS_ADVANCED_CLIENT_STATE on SMS_G_System_SMS_ADVANCED_CLIENT_STATE.ResourceId = SMS_R_System.ResourceId
where SMS_R_System.Client = "1" and SMS_G_System_SYSTEM.SystemType = "X64-based PC"
and SMS_R_System.Active = "1" and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.DisplayName = "CCM Framework"
and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.Version != "5.00.7958.1203"

Note: Make sure the quotes while copying as blog convert them to fancy quotes.

with this,we are almost there to deploy the CU1 on respective collections.

Go to software library—application management—packages.

Deploy CU1 packages to respective collections and monitor the status of deployment.

Login to the secondary Site server,open software center,check for the status ..you can also monitor log execmgr.log from client logs (could be c:\windows\ccm or SMS_CCM)

also from registry(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Setup) ,you can check CULevel =1

If you look at client version from configuration manager applet,you will see the updated version of client to .1203

Until Next!

How to Install Configmgr 2012 R2 CU1 – Part 2 is a post from: Eswar Koneti's Blog

With the recent Cumulative Update releases CU1,CU2 and now CU3 for Configuration Manager 2012 SP1,as Configmgr admin,you will have make sure to get the Configmgr clients are running on the Version of your Primary Site.

Each cumulative update will have its new Version with its previous Cumulative Update. so if you are upgrading from previous CU’s to Newly Released Cumulative Update,you may have to look at the client versions in your environment if they are all on same boat or not.

Update: Configmgr 2012 R2 CU1 version also added to the Report.

Use this below SQL query to count the Client Versions from Configmgr environment.You can create list of PC’s with the specific client version to drill down.

select "Client Version"=
case sys.Client_Version0
when ’5.00.0000.0000′ then ‘RTM (5.00.0000.0000)’
when ’5.00.7804.1000′ then ‘SP1 (5.00.7804.1000)’
when ’5.00.7804.1202′ then ‘SP1 CU1 (5.00.7804.1202)’
when ’5.00.7804.1300′ then ‘SP1 CU2 (5.00.7804.1300)’
when ’5.00.7804.1400′ then ‘SP1 CU3 (5.00.7804.1400)’
when ’5.00.7958.1000′ then ‘R2 (5.00.7958.1000)’

when ’5.00.7958.1203′ then ‘R2 CU1 (5.00.7958.1203)’

else ‘Others(non-Clients)’
End,count(*) [Total]
from v_R_System sys
where sys.Name0 not like ‘unknown’
group by sys.Client_Version0
order by 2 desc

Note:If you have configmgr 2007 clients appearing in CM12,you can add them too here using simple case statement. List of Client versions available on Wikipedia

SSRS Report:

Configmgr 2012 SSRS Report Count of Client Versions is a post from: Eswar Koneti's Blog

This Blog post brings up some basics about Configmgr Client Actions, what they are and what each action does.

After you have installed the Configuration manager 2012 Client on computers, Client will installed (ccmsetup.log) with exit code 0 and It takes little while ,to register the client in Configuration manager Database, assigned to Site, load policies etc.

After a while, you can open Configuration manager applet from Control panel (shortcut to use: control smscfgrc from Run Command), go to Actions, you should see more than 2 actions, if not ,as usual start troubleshooting by looking into logs. On working Configmgr 2012 Client (normal Client but not site server Client), You would see around 11 actions (at least I see on my client) which you can run independently from schedules that are configured in Configuration Manager Console.

Actions:

Application Deployment Evaluation Cycle: This evaluation Cycle is applicable to software deployments (applications) .This action will re-evaluates the requirement rules for all deployments and make sure the application is installed on the computer. The default value is set to run every 7 days.

Discovery Data Collection Cycle: This actions can be considered as Heartbeat Discovery cycle. This action will resend the client information to site and keeping the client record Active ‘I am live’,also responsible to submits a client’s installation status to its assigned site(Status:Yes).If you are migrating the client from SP1 to R2 or R2 to CU1 ,it takes time to get the client version update in Console and update action is carried out by this Cycle.Heartbeat Discovery actions are recorded on the client in the InventoryAgent.log

If you accidentally delete a computer from the configmgr console, do not be panic, it will automatically "come back" if it is still active on the network.For this to happen,wait for the next heartbeat inventory cycle or try running Discovery Data Collection Cycle using manual method or use custom tools or script based.

To know more about what information is sent back to site,refer http://blogs.catapultsystems.com/jsandys/archive/2011/04/29/what%E2%80%99s-in-a-heartbeat.aspx

File Collection Cycle: This action is to search for specific file that you have defined in client Agent settings(Software inventory—collect Files).  If the software inventory client agent finds a file that should be collected, the file is attached to the inventory file and sent to the site.This action differs from software inventory in that it actually sends the file to the site , so that it can be later viewed using Resource Explorer.

The site server collects the five most recently changed versions of collected files and stores them in the <ConfigMgr installation directory>\Inboxes\Sinv.box\Filecol directory. If a file has not changed since the last software inventory was collected, the file will not be collected again.

Files larger than 20 MB are not collected by software inventory.The value Maximum size for all collected files (KB) in the Configure Client Setting dialog box displays the maximum size for all collected files. When this size is reached, file collection will stop. Any files already collected are retained and sent to the site.

Hardware Inventory Cycle: The first and very important action to send client inventory information.This is where,most of spending our time troubleshooting clients ,about why the client is not reporting inventory from X days .Many folks think that,hardware inventory is actually getting information about hardware but it is more than that.It inventory information about ‘add and remove programs ‘,OS info,RAM ,disk and many things.

Hardware inventory is WMI inventory that collects the information from WMI ,based on the settings you defined in Client agent settings—>Hardware inventory .Configmgr client will collect only the information that you have selected/customized in client agent settings  and send it to server. More info about inventory flow,http://be.enhansoft.com/post/2013/07/25/Troubleshooting-Inventory-Flow.aspx              Hardware inventory information will be logged into inventoryagent.log

You can use the collection available here to identify the computers not sending hardware inventory:http://eskonr.com/2009/08/sccm-collection-report-for-hardware-inventory-not-reported-for-x-days/

Machine Policy retrieval and Evaluation Cycle:This action is to download policies assigned to client computer.Anything that you assign to collection(group of computers) like client agent settings,applications related to deployment or what ever.By default,this action will be triggered based on a schedule ,what you have defined in Client agent settings (Policy polling interval (minutes).                                                     If you cannot wait until the policy polling interval,you can initiate this action(Adhoc Request),will start pulling the policies from management Point.This action results will be logged into policyagent.log,Policyevalutor.log,policyagentprovider.log

Software Inventory Cycle: Unlike hardware inventory,software inventory,inventory information about file system data and file properties such as .EXE (Executables).you can customize what executable files to be inventories which allows admins to report on software inventory.When this action runs, it inventory the information in the file header of the inventoried files and send to site . This information will be logged into inventoryagent.log on the client.If you are experiencing slow software inventory issues,refer http://be.enhansoft.com/post/2013/10/03/Slow-Software-Inventory-Cycle-in-SCCM-2012.aspx

so what is the difference between Hardware & software Inventory : Hardware inventory works on WMI to get the information about computer and software inventory works on files to get information in the file header.

Software Metering Usage Report Cycle:The name itself says,metering which means, Configmgr client monitor and collect software usage data for the software metering rules that are enabled on the Site .Client computers evaluate these rules during the machine policy interval and collect metering data and send it to site.

After you collect the usage data for specific application, you can use this information in different ways by creating collection.reporting etc. some of the uses of metering are given below:

• How many copies of a particular software program have been deployed to the computers in your organization. Among those computers, you can determine how many users actually run the program.
• How many licenses of a particular software program you have to purchase when you renew your license agreement with the software vendor.
• Whether users are still running a particular software program. If the program is not being used, you might retire the program.
• Which times of the day a software program is most frequently used.

Software updates deployment evaluation Cycle:This action will initiate scan for software updates compliance. Evaluates the state of new and existing deployments and their associated software updates. This includes scanning for software updates compliance, but may not always catch scan results for the latest updates. This is a forced online scan and requires that the WSUS server is available for this action to succeed.  This action results will be logged into couple of log files on the client: scanagent.log (scan requests for software updates),UpdatesStore.log(Status of patches like missing,Installed),UpdatesDeployment.log(update activation, evaluation, and enforcement,notify about reboot) etc.

More info about software update compliance: http://technet.microsoft.com/en-us/library/bb694299.aspx

Software Update Scan Cycle: This action Scans for software updates compliance for updates that are new since the last scan. This action does not evaluate deployment policies as the Software Updates Deployment Evaluation Cycle does. This is a forced online scan and requires that the WSUS server is available for this action to succeed. This action results will be logged into WUAHandler.log (if Scan is succeded or not),UpdatesStore.log(Status of patches like missing,Installed),scanagent.log (scan requests for software updates) etc

User Policy retrieval and Evaluation Cycle: This action is similar to Machine Policy Retrieval & Evaluation Cycle, but this will initiates an ad-hoc user policy retrieval from the client outside of its scheduled polling interval.This action results will be logged into policyagent.log,Policyevalutor.log,policyagentprovider.log

Windows Installer Source list update cycle: This action also very important while installing MSI applications.This action causes the Product Source Update Manager to complete a full update cycle. When you install an application using Windows Installer, those Windows Installer applications try to return to the path they were installed from when they need to install new components, repair the application, or update the application. This location is called the Windows Installer source location. Windows Installer Source Location Manager can automatically search Configmgr 2012 distribution points for the source files, even if the application was not originally installed from a distribution point.

I hope this blog post will be helpful to others who are looking for these action to know what they actually do.

SCCM Configmgr 2012 Client Actions and its Description is a post from: Eswar Koneti's Blog

Background: I had a requirement to not allow others except Configmgr admins to deny access to Configmgr 2012 Console, also to Configmgr SQL Database access (this can be done by revoking access from SSRS_Read Group.If the users are part of this group,they can install SQL and try to connect to configmgr database remotely to run queries).How do we provide access to service Desk /Others to access reports In General? Create AD security group,add this group to SMS Admins (to get access to the SMS Provider) on Configmgr server,Create new Security role in Configmgr by providing Run report permissions and add the AD sec group to administrative users by selecting the above created security scope.

So far,everything is fine but the problem here is,we usually create SSRS reports using custom tools like Business intelligence studio(Visual Studio) .

so during the process of new Report creation,we mostly go with Data  source connection string as ‘Data Source=SQLserverName;Initial Catalog=DatabaseName’. once you are done with reports,we publish them to SSRS by Uploading the RDL file or auto publish from BIDS. How to publish the custom reports to specific folder in SSRS available here

what happens when end users browse these reports ? they get access denied since they are not allowed to connect to SQL server(they are not part of SSRS_Read group) ,what is used in above Reports. So you are required to change the Data source to Shared Data source(default Data source for Configmgr). 

For single report,you can do this by going to report properties—data source and select the Shared Data source from Configmgr_P01 as shown below:

But what,if you want to do this change for multiple custom reports ,manual method is not preferable.

Here is the powershell script to change form Custom Data Source to Share data source for multiple reports under specific folder.

#Set variables:
#Change the Configmgr Report server name
$reportserver = "sccm2012pri";
$url = "http://$($reportserver)/reportserver/reportservice2005.asmx?WSDL";
#Provide New Data source Path ,you need to replace this with correct one from your SSRS report
$newDataSourcePath = "/ConfigMgr_P01/{5C6358F2-4BB6-4a1b-A16E-8D96795D8602}"
#Provide new Data source Name which is part of above source path
$newDataSourceName = "{5C6358F2-4BB6-4a1b-A16E-8D96795D8602}";
# provide Report folder path that contains reports to change the Data source.in my case,i want to change DS for all reports under eskonr/eswar/sup folder.If you have multiple folders to change the Data source,you need to run the script by changing the folder name .
$reportFolderPath = "/eskonr/eswar/SUP"
#————————————————————————
$ssrs = New-WebServiceProxy -uri $url -UseDefaultCredential
$reports = $ssrs.ListChildren($reportFolderPath, $false)
$reports | ForEach-Object {
$reportPath = $_.path
Write-Host "Report: " $reportPath
$dataSources = $ssrs.GetItemDataSources($reportPath)
$dataSources | ForEach-Object {
$proxyNamespace = $_.GetType().Namespace
$myDataSource = New-Object ("$proxyNamespace.DataSource")
$myDataSource.Name = $newDataSourceName
$myDataSource.Item = New-Object ("$proxyNamespace.DataSourceReference")
$myDataSource.Item.Reference = $newDataSourcePath
$_.item = $myDataSource.Item
$ssrs.SetItemDataSources($reportPath, $_)
Write-Host "Report’s DataSource Reference ($($_.Name)): $($_.Item.Reference)";
}
Write-Host "————————"
}

I have also attached the powershell script here for your reference, incase of any syntax errors.

Note: replace the quotes as blog converts them to fancy.

Bold letters refers require change.

Hope it helps others who wants to change the Custom Data source to Shared Data source.

SCCM Configmgr 2012 How to change Custom Data source to Shared Data Source for multiple SSRS reports is a post from: Eswar Koneti's Blog

Configmgr 2012 allow admins to specify the Client Settings at collection level to control the behavior and functionality of the clients.

You can create as many number of Custom Client Device/User settings (9999) ,which you can apply onto collections(Device/User).

What happens if client is member of multiple collections that have client settings ? All the Custom Client settings that you create are chosen with the priority. Higher the priority(1) will take over the settings with lower priority(10000).

If you are going to have multiple client agent settings,focus attention else you will see undesired results.

By Default,Configmgr will Configure default client settings at Hierarchy Level with priority 10000 (low) which is applied to every User and Device.To know more about Client Settings refer TechNet http://technet.microsoft.com/en-us/library/gg682067.aspx

Now,lets jump into the subject line. After the Configmgr 2012 Installation ,Default Client settings is configured with necessary changes,in this case,Remote tools is configured ‘Permitted viewers of remote control and remote assistance’ with AD security groups allowing users, who are member of this AD security group can do Remote control from Configmgr.

Note: Remote control always takes control of the console session. It cannot and does not control other remote sessions.

These settings(remote Control) will be then applied to every Client (both workstations and servers) in next policy interval.what happens when this is applied ?

It will create Local security group called ‘ConfigMgr Remote Control Users’ by providing necessary DCOM permissions to this group.You can verify the remote control properties via wmi or registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control)

also,if you have the option ‘Manage Remote Desktop settings’ is set to Yes in the Remote tools,then ‘ConfigMgr Remote Control Users’ group will be added automatically to

1)  Start > Administrative Tools > Local Security Policy > User Rights Assignment > Allow log on through Remote Desktop Services

2) Remote Desktop settings: “ConfigMgr Remote Control Users” group added with Full Control (See screenshot below),How do i check RDP-tcp IP properties,follow guide here

So far,we have seen how remote tools works and what changes it will do on the client.

Issue: I don’t want the above changes(1 &2 ) to be reflected on the server (for workstation,it should be fine) ,this happened because i do not have separate client device settings for workstations and servers.Default client settings with remote tools enabled and is applied at hierarchy level for both workstations and servers.

How do i correct the issue 1 & 2 on the existing servers and should not occur on new servers going forward as explained above screenshots ?

Create a Custom Client device settings for Remote Tools  and other settings if you are interested to manage via settings.Go to Remote tools and set All Yes/Enabled options to No/Disabled including ‘Manage Remote Desktop settings’ to ‘No’

Note: its always recommended to not touch the default client settings and create custom client device settings for workstations and servers.

Deploy this setting to server based collection ,wait for the machine policy to load or trigger the action on one of the server from the collection and see the changes.

You should not see ConfigMgr Remote Control Users’ from rdp-tcp properties also from Allow log on through Remote Desktop Services.

What about the Local Security group which was created in the past ?

TechNet article says ,After you disable remote tools for a client, this group is not automatically removed and must be manually deleted this from each client computer.

So we have to delete this group on all the existing servers.To do this,I created simple vbscript checks the group and deletes if exist.

strComputer = "."
Set objComputer = GetObject("WinNT://" & strComputer & "")
For Each objgroup In objComputer
If (objgroup.Name) = "ConfigMgr Remote Control Users" Then
objComputer.Delete "group", "ConfigMgr Remote Control Users"
End If
next

Create a package using this script and deploy to collection.This will remove the local group  on all the existing servers and do nothing if the group do not exist.

Thanks to windows-noob (Niall Brady) for helping out on this .

Configmgr 2012 Remote control –How to get Rid of Local security group ConfigMgr Remote Control Users is a post from: Eswar Koneti's Blog

working on some Inventory Customizations.I need to get some registry information into Configmgr Database.For this,I have to do MOF changes to both configuration.mof and hardware inventory from Default Client settings.

How to get the MOF Syntax ? I have used mark’s Regkey2mof tool .This tool will provide you both configuration.mof and clientsettings mof .

with the syntax,I got from the tool, done the changes in both the places (configuration.mof and default client settings—hardware inventory and import the mof file)

Monitor the log dataldr.log on the server,if the mof files are complied successfully or not.

Initiated machine policy retrieval on the target computer using script available here to load the policies and then ran hardware inventory action.

Monitor inventoryagennt.log on the client,after while,client sent the hardware inventory to assigned management point.

After this is done,I have been waiting to see the changes in Database but the table never get updated ,just empty.

So went ahead to look at Management point logs (Mp_hinv.log) ,I see below message.

Hinv: Mapping table marked for reloading.

Hinv: class name not found in the mapping table: ClientSW

Hinv: the report could not be processed completely due to unknown classes or properties – it may be obsolete

After spending so much time in troubleshooting this, I tried initiating a Full hardware inventory action using the script available here http://eskonr.com/2013/08/sccm-configmgr-2012-script-to-trigger-machine-policy-inventory-and-other-actions-on-clients/

Monitor logs,this time problem solved.

Do i need to initiate Full Hardware inventory on all the clients ? No. For Some Reason,MP could not able to process /Update the delta inventory information collected from the client into Database.

Once the Table updated with inventory information,delta inventory from rest of the clients will be updated automatically.

Solution : Initiating A Full Hardware Inventory on the client fix the issue.

SCCM Configmgr 2012 Hardware Inventory Error class name not found in the mapping table mp_hinv.log is a post from: Eswar Koneti's Blog

During month of March 2014,Microsoft released first Cumulative Update CU1 for Configmgr 2012 R2 and now ,Microsoft released 2nd Cumulative Update CU2 for System Center Configuration Manager 2012 R2 with lot of fixes,powershell changes and some of them been modified.

This Update (Cumulative Update 2) Replaces Cumulative Update 1 .If you have not installed R2 CU1 yet,you can directly go with Cumulative Update 2.

Download the Cumulative Update 2 from http://support.microsoft.com/kb/2970177

Description of Windows PowerShell changes in CU2 http://support.microsoft.com/kb/2962855

About Cumulative Update documentation,creation of collection ,refer http://technet.microsoft.com/en-us/library/jj553405.aspx

You can apply this update to:
Central Administrative site
Primary Site(Stand Alone)
Primary Site(Hierarchy)
Secondary Site
SMS Provider
Configuration manager console
Client

Admin Console Version :5.00.7958.1303

Configmgr Client Version:5.00.7958.1303

No Version change to Site System :5.00.7958.1000

So what are issues that are fixed and functionality that is updated in Cumulative Update 2 (CU2) ?

1. Administrative Console
2. Remote Control
3. Mobile Device Management /Intune
4. configmgr Client
5. Operating System Deployment
6. Site Systems
7. Application Virtualization
8. Content Management
9. Windows Powershell
10. Additional changes to Ubuntu OS 14.04
11. Cloud based Distribution Point

This update do not require Restart after the installation but recommended to close the admin console before you start the installation.

How to determine the installation status of this cumulative update:
This cumulative update changes the following Configuration Manager version numbers and installation properties.
The CULevel value is located under the following registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Setup 
The CULevel value is set to 2 for Cumulative Update 2.

Admin Console Version :5.00.7958.1303

Client Version:5.00.7958.1303

SCCM Configmgr 2012 R2 Cumulative Update 2 –KB2970177 Available for Download is a post from: Eswar Koneti's Blog

few weeks Ago, Microsoft released Cumulative Update 2 (kb2970177) for Configuration manager 2012 R2 which supersedes previously released cumulative Update (1).

This update fixes several issues ,supports to new platform for Unix/Linux and brings changes to Configmgr powershell cmd-lets as well.

Download the Cumulative Update 2 from http://support.microsoft.com/kb/2970177

Description of Windows PowerShell changes in CU2 http://support.microsoft.com/kb/2962855

About Cumulative Update documentation,refer http://technet.microsoft.com/en-us/library/jj553405.aspx

The installation procedure is straight forward.You can refer my previous blog post ,where i showed how to Install Configmgr 2012 R2 CU1 http://eskonr.com/2014/03/how-to-install-configmgr-2012-r2-cu1-part-1/.

In this post,I will show you how to create collections to bring the configmgr clients which are not with R2 CU2 .This will help you to target CU2 to these lower Version clients.

Note: If you have not installed CU1 yet on top of Configmgr 2012 R2,you can directly go with CU2 and it doesn't require any restart.

After you install R2 CU2 hotfix ,you will see folder kb2970177 from your Configmgr Installation Drive:\Configmgr folder\hotfix (for Ex:F:\SCCM\hotfix)

Packages in Configmgr Console:

It Contains updates to Admin Console,Client (X86 and X64),SCUP,Server (Includes Primary and Secondary Sites).

Lets start creating collections for all above:

Collection for R2 CU2-Site server:

After you install CU2 update,it will only write information to registry with CU level (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Setup ) and no into add and remove programs.so it would be difficult to create collection for sites that are not running on CU2 until unless you use regkey2mof to pull this via hardware inventory.

So it would be good to create collection for site server (secondary's) manually using direct membership or using the query below but you need to exclude Primary site manually in Query based.

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from  SMS_R_System where SMS_R_System.SystemRoles = "SMS Site Server"

Collection for R2 CU2-Console:

Again,for Console,you will get list of all Computers with configmgr 2012 console installed whether they are running on R2 CU2 or not .

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from  SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "System Center 2012 R2 Configuration Manager Console"

Collection for R2 CU2 X86:

This will list all configmgr Clients with criteria : should include X86,Client=1,Client <CU2 (5.00.7958.1303) and client version >= R2( 5.00.7958.1000).

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_R_System.Active = "1" and SMS_G_System_SYSTEM.SystemType = "X86-based PC" and SMS_R_System.ClientVersion < "5.00.7958.1303" and SMS_R_System.ClientVersion >= "5.00.7958.1000"

Collection for R2 CU2 X64:

This will list all configmgr Clients with criteria : should include X64,Client=1,Client <CU2 (5.00.7958.1303) and client version >= R2( 5.00.7958.1000).

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.Active = "1" and SMS_G_System_SYSTEM.SystemType = "X64-based PC" and SMS_R_System.ClientVersion < "5.00.7958.1303" and SMS_R_System.ClientVersion >= "5.00.7958.1000"

Now you have 4 packages and 4 collections .Deploy the CU2 package to respective Collection to have them on CU2 level.

Monitor the report to know the Deployment status .

SCCM Configmgr 2012 R2 Collections to Upgrade Clients to CU2 Version is a post from: Eswar Koneti's Blog

Microsoft released another Configuration manager extension tool called Service Extension (Beta) that provides useful information for maintaining a Configuration Manager environment.

This tool provides the following benefits from Configmgr Admin Console (administration Pane):

• Notifies you of Configuration Manager updates as they become available, with the ability to filter updates according to which major release they apply to
• Provides details on the sites in your environment, including the last major Configuration Manager version installed and the most recently installed Cumulative Update
• Provides a list of Configuration Manager client versions that may be present in your environment, and makes it easy to create queries to locate these clients
• Provides a built-in RSS reader to display recent blog postings from the System Center Configuration Manager Team Blog and The Configuration Manager Support Team Blog

Download the tool and documentation from Configuration Manager Open Beta community! http://connect.microsoft.com/ConfigurationManagervnext/Downloads/DownloadDetails.aspx?DownloadID=53752.

I have just installed this tool (msi) on my client computer which is running configuration manager 2012 R2 Console.After the installation is done,launched the console,can see some new add-ons to the console.

If you have installed any cumulative update to the Configmgr 2012 ,there is no way to check its CU level or version directly from Configmgr .you either have to look for admin console Version or look at the registry for CU level but with this service extension tool,it will provide the CU level and version info within the Console.

Lets take a look at the the console for new add-ons:

This extension adds 4 panes for Site Servicing node:

The Site Servicing pane is a top-level overview of information that you can use to maintain your Configuration Manager environment. It includes collapsible lists that show only the most recent updates
to the following:
1.Updates to configuration manager 
2.System Center Configuration Manager Team Blog 
3.The Configuration Manager Support Team Blog

Next, if you click on Site Updates Pane :This shows the updates that are applicable are applicable to a specific release of Configuration Manager. By choosing a release in the Show releases for list, you can filter which updates are shown in this pane to show the updates that are applicable to a specific release.

you can see the list of all available hotfix releases for all Configuration manager product releases For Ex: Configmgr 2012 R2,Configmgr 2012 SP1, Configmgr 2012 R2 CU1 etc.

The bold letters shows that, I have not marked the article as mark as Read ,If i click on Mark as read for specific article,Bold will changed to normal font to remind you that you have already reviewed this information.

Next is Site Versions : This tab gives you the information about Server name ,Site Code ,Site Name ,Base Version and CU Level.

Note: To display the CU level for all sites in your Configuration Manager environment, you must ensure that the Remote Registry service is enabled on both the computer that is running Servicing Extension, and on all other site server computers in your environment (Remote Registry service is enabled by default on Windows Server). Additionally, the user account must the user account must have sufficient privileges to use the Remote Registry service and to read the Configuration Manager registry path on all site server computers in your environment.

Client Targeting pane :
The Client Targeting pane helps you to create queries that you can use to target client computers in your Configuration Manager environment for updates. You can target clients with a version below a
selected release, or with a version at or above a selected release.

Example: You could create a query to find all clients running a version below System Center 2012 R2 Configuration Manager. You could later use that query to deploy a package that updates those clients to
this release. Then you could re-run the query to confirm that all clients were successfully updated.

If you click on Create Query for CU 2 for Configmgr 2012,it prompt Query Creator asking to create query:

go to monitoring node—>queries ,you will see the query created for and you can import this query while creating collections.

Blogs pane : provides a dedicated RSS reader for Microsoft’s official Configuration Manager blogs. Choose a blog to display from the Display Blog list, and then click the title of the applicable blog to open
it in a browser window

SCCM Configmgr 2012 Servicing Extension Tool available is a post from: Eswar Koneti's Blog