security

SCCM 2012 – Security (Part 2)

Hi All, If you missed the Part I you can find it here today we go ahead with the Part 2 of the series of posts about security and now it is time to talk about certificates. I’m not going to tell you know to create your PKI infrastructure, but what certificates you need in your environment. In this post, we’ll focus on the client certificate. There are many people out there that like to create a new certificate for the client machines, not that i don’t like but most of the time you don’t need it as the default workstation certificate can be used. If you is like me and don’t want create a new certificate for the workstation authentication, you don’t need, however, you need to make sure a workstation certificate is being applied to all machines. The easiest way to do this is via GPO (note that…

SCCM 2012 – Application Catalog HTTPS Error

Hi All, recently i was at a customer site and that has a single primary site (with all roles on it). They have installed the Application Catalog but it was not working. the SMS_AWEBSVC_CONTROL_MANAGER component was generating the error “Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests. The http status code and text is 500, Internal Server Error. Possible cause: Internet Information Services (IIS) isn’t configured to listen on the ports over which AWEBSVC is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which AWEBSVC is configured to use. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. For more information, refer to Microsoft Knowledge Base.” every hour. Looking the logs, the installation happen without any problem, however, the awebsctl.log was giving me…

SCCM 2012 – Security (Part 1)

Hi All, security is always a hot topic and people think that only blocking certain actions from the console is enough. but what about the data that is being sent to/from a client? from a server? is it secure? Well…before i answer this questions, you need to understand a bit more about SCCM. SCCM 2007 had 2 installation modes. Mixed mode and Native mode. the mixed mode was “unsecure” by default while the native mode was “a bit secure” by default. what i mean by this? in a mixed mode, all network traffic was not encrypted and the default protocol for client communication was HTTP while on native mode the default protocol was HTTPS. This changed on SCCM 2012 as you can set this option per role, it means that you can have a management point accepting either HTTP or HTTPS and another management point accepting HTTPS only. for all…

SCCM 2012 – Software Updates

Hi All, Today I’m going to talk a bit aobut software updates. As you may be aware, softwre update is a “simple” task however, the process behind the software update can be a bit complex. And the reason is simple, what happen if I do this? Well…i don’t want this post to be dealt as “best practices” but a guidance on how to do software update and the reason is simple, many people know how to do, but always want a bit more guidance on what would be better….and remember…not best practices. I always refuse to talk about best practices because it always depends. Let’s imagine the scenario where you have a remote site with 3k users. Should you put a local DP there? maybe a secondary site? Let’s assume that as best practices, you would add a distribution point, but on this scenario, every single server should only be…

SCCM 2012 – Office 365

Hi All, with SCCM 2012, Microsoft introduced an option for management of the devices via Exchange Active Sync. On the Console, you can find this option under Administration->Hierarchy Configuration->Exchange Server Connectors. When you add a new on-premises exchange server, this configuration is quite simple, however, if you try to do this using your Exchange Online or Office 365 subscription, this is not quite easy, at least it was not for me. In this post, we’ll walk through all necessary steps to connect your SCCM 2012 R2 to your Office 365. I’d assume the steps for a 2012 SP1 environment will be the sames, however, as i have no SP1 lab anymore, i cannot confirm. 1- Download and install the Microsoft Online Services Sign-In Assistant version 7.0 or greater. From http://www.microsoft.com/en-us/download/details.aspx?id=41950 you can download the 7.2 version. Remember to install it on the site server:) The installation is really simple, couple…