Thursday, 23 May 2013

SCCM2012 with SCUP 2011 - Move your database and make it shared

So as you can see, a lot of SCCM 2012 posts mainly due to the fact that I setup SCCM2012 from the begining to the end at my company, and experienced lots of challenges along the way, but it is all now running as a well oiled machine, with Endpoint Protection 2012, MBAM2.0 integration, Citrix Publisher Integration, WSUS, SCUP 2011 with Shavlik updates, pretty much the whole nine yards.

One of the requirements around here was to get SCUP 2011 working to be able to publish Adobe updates at the least. Since there are only a few live catalogue providers (Dell, HP and Adobe last I checked) this wasn't really a requirement per say, but in an effort to make the transition from SCCM 2007 to 2012 as seamless as possible, I took the challenge on to get this working.

As some of you may know, SCUP 2011 is a single user application by default. You set things up, everything is great, it works for you, but if anyone else wants to use it, then they have to set everything up as well. This includes having to add all update sources, WSUS and SCCM integration components ect. I didn't know this myself until I had a co-worker test out SCUP, and to my surprise it was completely empty, with nothing configured at all. I figured there has to be a way to make this all work, so I searched on Google and found a few very interesting posts which got me 90% there, but the other 10% took me a few more days to figure out.

As posted here, the database file that SCUP 2011 uses is actually stored under the user's profile, which can be moved to a different, shared location. In my case, the database file was located at this directory

C:\Users\EBLEND\AppData\Local\Microsoft\System Center Updates Publisher 2011\5.00.1727.0000\scupdb.sdf
 
I copied the file to the install directory where I installed SCUP 2011 as it is accessibly by all administrators, and modified the  Scup2011.exe.config file in the same directory to reflect the new location as described in that post I mentioned earlier.

    <applicationSettings>
        <Scup.Properties.Settings>
            <setting name="SSCEDataFile" serializeAs="String">
                <value>D:\Program Files (x86)\System Center Updates Publisher 2011\scupdb.sdf</value>
            </setting>
        </Scup.Properties.Settings>
    </applicationSettings>
 
Excellent I thought, this is now ready....but this was not the case. When a co-worker tried to open SCUP, he got an error "An error occured. Please refer to log file for details". I did a quick Google search and found this post where it explained that for whatever reason, a user or a group that is a member of a local administrator group, even if granted permissions directly to the SCUP folder, does not have access to access the database file. I looked at the permissions on the SCUP folder, and Administrators had full access, and I had my AD SCCM groups as part of the local Administrator's group, but it wouldn't work. The trick is to assign your AD SCCM administrator groups directly to the folder, after I did this, SCUP opened without issue.....I thought....more on this in a minute.

So as you can see, ConfigHelpDesk was granted full permissions on the SCUP install folder directly, even though it was already a member of the local Administrators group.



So all this work got me to about 90%...users were now able to login (one at a time) and see everything that is configured on this shared database. Great, so my work was done I thought. A few weeks later a co-worker was ready to publish something and the options were not there, so I was called in to take a look. Looked at the options, and sure enough, all the certificates, WSUS integration and SCCM integration is not even configured! So it looks as though the database holds some information, the configuration is stored somewhere else. I started to do some looking around, and stumbled upon this nicely named directory in my user profile:

C:\Users\EBLEND\AppData\Local\Microsoft\Scup2011.exe_StrongName_2wzdfznimh1kefuisr0pqsefwkw5k4tp\5.0.1727.0\user.config
 
I opened up this file  and sure enough, it seems like all of the configution for Certificates, WSUS and SCCM integration is stored here, and looks something like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <userSettings>
        <Scup.Properties.Settings>
            <setting name="EnableWSUSPublish" serializeAs="String">
                <value>True</value>
            </setting>
            <setting name="LastKnownCertificateIssuer" serializeAs="String">
                <value>CN=certauthsa1, DC=auc, DC=ab, DC=ca</value>
            </setting>
            <setting name="LastKnownCertificateExpire" serializeAs="String">
                <value>3/21/2015 10:01:07 AM</value>
            </setting>
            <setting name="IsTimestampEnabled" serializeAs="String">
                <value>False</value>
            </setting>
            <setting name="SigningCertSectionEnabled" serializeAs="String">
                <value>True</value>
            </setting>
            <setting name="EnableCMIntegration" serializeAs="String">
                <value>True</value>
            </setting>
            <setting name="LocalSourcePublishingFolder" serializeAs="String">
                <value>I:\AdobeUpdates</value>
            </setting>
            <setting name="UseCustomLocalSourceFolder" serializeAs="String">
                <value>False</value>
            </setting>
            <setting name="Height" serializeAs="String">
                <value>720</value>
            </setting>
            <setting name="Width" serializeAs="String">
                <value>1000</value>
            </setting>
            <setting name="Left" serializeAs="String">
                <value>412</value>
            </setting>
            <setting name="Top" serializeAs="String">
                <value>368</value>
            </setting>
            <setting name="TrustedPublishers" serializeAs="Xml">
                <value>
                    <ArrayOfString xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                        <string>MIIFkTCCBHmgAwIVyaXNpZ24uY29tL3Jw...........9/cD+1zUzqr</string>
                    </ArrayOfString>
                </value>
            </setting>
        </Scup.Properties.Settings>
    </userSettings>
</configuration>

I copied everything between <userSettings> and </userSettings> from the config file above and pasted it into the same Scup2011.exe.config file that we have previously modified with a new database location, replacing the empty fields with the same labels. Once I did this, every admin user could publish and all of the certificate, WSUS and SCCM integration configuration was there, in a truly shared way. Keep in mind that you still have to run SCUP 2011 with "Run as Administrator", otherwise it will not publish.

In addition, for every update category that you publish, that category or vendor name will need to be checked of as a "product" in SCCM 2012 console under Administraton > Site Configuration > Sites > Right click to Configure Site Components > System Update Point.


You will have to run "Synchronize Software Updates" function twice from within SCCM 2012 console to first get the update to show up in the list above to be checked off for synchronization, and then again to actually get the updates to show up within your update list in SCCM.


Somewhere along the line, I learned that we actually have an active Shavlik subscription, so I attached our SCUPUpdates catalogue from Shavlik into SCUP and can easily publish all 3rd party updates directly into our SCCM 2012 server. Here is a picture of the 3rd party products that Shavlik can patch via SCUPUpdates with SCUP 2011 and SCCM 2012


I didn't see any reference to this complete solution, so hopefully this is of use to someone.

9 comments:

  1. Fantastic guide, worked for us on our SCCM 2012 R2 server running SCUP 2011.
    Thanks for putting this up.

    ReplyDelete
  2. Led It Rain Refueled PC Game Free Download Game setup in single direct link for Windows. It is an amazing action, racing and indie game. Led It Rain Refueled PC Game 2021 Overview. Motorcycles, guns, monsters and bikini-babes. Led It Rain is first person shooter motorcycle driving racing game. Faster you drive and shoot monsters more score you obtain.

    ReplyDelete
  3. Nice information. Useful content.We provide free examples of college assignments and give tips on how to deal with common student problems on our blog. In most cases, students hear from their friends who have bought essays and are impressed by our services, about our affordable work. Support Our Essay Services Org Company For further support get it here , one of our super authors will write a unique essay to your specifications, and our support staff is always ready to answer your questions.

    ReplyDelete
  4. Casino Reviews by the City of Ottawa
    Casino Reviews and Ratings 무료 룰렛 게임 for Casino at Ottawa. In our Casino Review we 벳 인포 해외 배당 흐름 are able to bet365 가상 축구 provide you 윌리엄힐 with an overview of the game variety, and 포커 족보 the casino's

    ReplyDelete
  5. If you intend to relocate your database, you should think about hiring a law dissertation help service. They can assist you with moving your database and ensuring that all of your data is secure.

    ReplyDelete
  6. Koreans underneath forty now account 우리카지노 for over half of the country’s family debt, up from 35% two years in the past. In addition to Seoul’s runaway house prices, rising unemployment charges have fueled this generation’s discontent. Since 2017, the variety of unemployed or underemployed young individuals has grown every year, reaching a high of 27.2% in January 2021, despite South Korea having the best share of young adults with tertiary schooling of all OECD international locations. In recent years, more of South Korea’s youth are identifying because the “dirt spoon” generation, belonging to the low-income rung of society. Even members of the hugely in style South Korean boy band BTS had been identified as|often recognized as} “dirt spoon idols” when they debuted in 2013, represented by a small, indebted leisure agency . “Such a mentality is widespread in societies the place alternatives for social mobility are limited,” says Andrew Eungi Kim, professor of worldwide studies at Korea University.

    ReplyDelete
  7. Hello! I'm Thomas, an Pay Someone To Take My Online Classes mentor committed to your academic success. Let's create a roadmap to excellence and embark on a transformative educational journey.

    ReplyDelete
  8. Dive into the world of AKC breeders, where passion meets pedigree. Explore the dedication and expertise behind breeding practices that produce exceptional canine companions. From health standards to temperament traits, AKC breeders uphold a legacy of excellence, ensuring each pup embodies the best of its breed. Discover the journey of responsible breeding and the joy it brings to countless homes worldwide.

    ReplyDelete
  9. At our best Lasik Austin clinic, we prioritize patient satisfaction and safety above all else. We adhere to strict medical guidelines and protocols to ensure that each procedure is performed with the highest standards of quality and precision. Our commitment to excellence has earned us a reputation as a trusted provider of Lasik surgery in the Austin area.

    Whether you are seeking to reduce your dependence on glasses or contact lenses, or simply want to improve your overall quality of life with clearer vision, our clinic is here to help you achieve your goals. Contact us today to schedule a consultation and take the first step towards better vision.

    ReplyDelete