Contents

Ex 2 - Nomad 7.0 - Deploying Software using Nomad

Exercise Overview:

Deploying Software using Nomad

Nomad can be used to deploy content associated with both legacy Packages and Applications in ConfigMgr. In this lab, you will enable Nomad for Application Management and then observe how Nomad obtains the content when the Application is deployed to the lab workstations. You will then learn how to configure a legacy Package to use Nomad and observe the deployment of that package using Nomad. We will also demonstrate the different ways peer to peer content can be distributed using Nomad.

Deploying an Application with Nomad

In this exercise, you will deploy an Application to the Lab Workstations collection using Nomad.

Enable Nomad for Application Management

Nomad is enabled or disabled for all Application deployments through the Client Settings. In this task, you will enable Nomad for Application Management in the Default Client Settings.

1ETRNCM

  1. Log on to 1ETRNCM as 1ETRN\SCCMAdmin and open the ConfigMgr console
  2. Open the Administration workspace and select the Client Settings node
  3. Right-click Default Client Settings in the right-hand pane and select 1E Nomad → Nomad Properties
  4. In the Nomad Properties dialog box, select Application Management on the left, make the following changes and click OK
    5. Check Enable Nomad
    Check Work Rate (%) and set the value to 60
    Click OK
    ConfigMgr clients in this lab refresh machine policy every 5 minutes. If you are working through these labs quite quickly, you should use the Client Notification (as described in step 134) to ensure that the clients in the Lab Workstations Collection have all received the new policy that enables Nomad for Application Management.

Deploy an Application

In this task, you will deploy the Microsoft Pro Photo Tools application to the Lab Workstations Collection. As you have enabled Nomad for Application Management, Nomad will be used to obtain the content for these clients when they execute the deployment.

1ETRNCM

  1. In the ConfigMgr console open the Software Library workspace, expand the Application Management node and select the Applications node
  2. Right-click the Microsoft Pro Photo Tools Application and select Deploy to start the Deploy Software Wizard
  3. On the General page browse for the Lab Workstations Collection (after selecting Device Collections from the drop-down in the upper left corner), click OK to close the Select Collection dialog, and click Next
  4. On the Content page click Next
  5. On the Deployment Settings page change the Purpose to Required and click Next
  6. On the Scheduling page click Summary to use the default settings for all remaining options
  7. On the Summary page click Next to create the Deployment and click Close when the wizard completes

Tracing the Nomad download process

In this exercise, you will trace the Nomad download process, starting with identifying the elected master then following the download of content into the Nomad cache and finishing with the validation and linking of the content to the CCM cache.

Observing behaviour using log files

1ETRNCM

  1. Open the Software Library workspace and select the application that has been deployed (Microsoft Pro Photo Tools)
  2. Select the Deployment Types tab in the lower half of the page and note the Content ID for the Deployment Type ('Microsoft Pro Photo Tools – Windows Installer (.msi file){*}' in this case)
    3. You will use this content ID to identify it in the log files. Make a note of the first six or so characters. For this example, the Content ID is Content_99a544b5-3b29-424c-aef5-317699c1f330.

1ETRNW71

  1. On 1ETRNW71 log on as 1ETRN\User and initiate computer policy via the Configuration Manager applet on the desktop
  2. Open the ConfigMgr Logs folder from the shortcut on the desktop and open CAS.log (the Content Access Service log file)

  1. Identify the point in the log file where the content request is initiated (the content ID will match the value you noted in step 250 shown to the right)

  1. Open the ContentTransferManager.log from the same location as the CAS.log. Identify the point where the CTM job started for this content (it will correspond to the time of the "Received request for content" in the CAS log as seen in the extract above). Note that the Content Transfer Manager modifies the content provider to NomadBranch (highlighted in the extract to the right)

  1. From the File menu, open NomadBranch.log from the same location

  1. Identify the point where Nomad is invoked by the CTM. The log extract below shows the ICcmAlternateDownloadProvider.DownloadContent being invoked at the time that the ContentTransferManager modified the provider to NomadBranch

  1. Identify the point where the 1E Client enumerates the Nomad options defined in the Application Management Client Agent Settings

Note that the settings highlighted reflect the settings for WorkRate (wr) and Cache Priority (pc) configured in step 241

  1. Identify the point where the list of available content locations presented to Nomad appears

  1. Identify the point where the election starts and identify which computer wins the election. In the log extract below 1ETRNW71 wins the election. In your lab, it may be a different computer


  1. If the elected master is not the client you are currently working on, from the File menu in cmtrace, open the NomadBranch.log on the elected master computer (from the Open dialog box, enter \\<computername>\admin$\CCM\Logs\NomadBranch.log in the filename field)


    2. Because there are two client subnets, there will be two elected masters, one per subnet, and each master will request an LsZ file. The first master to connect to the distribution point will find that there is not an LsZ file created yet and will request the generation of the LsZ file.  If the LsZ generation request is not found in the log file of the master you are looking at, it will be on the log file of the master on the other subnet.

  1. Identify the point where the elected master requests the LsZ file to be generated on the DP

1ETRNCM

  1. On the DP, open c:\Windows\CCM\Logs\NomadBranch.log and identify the point where the agent on the DP intercepts the request and generates the LsZ file

Nomad Master

  1. Identify the point where the master starts to download the content from the DP. The Remote_http highlighted below indicates that this is a download from a DP


  1. Identify the points where the other clients each initiated an election as they processed their content request


  1. Identify the point where the master completes the download and performs the content hash check. Note that the STATISTICS log entry indicates that this client (the master) got 100% of the content from the DP. You should also see the hardlinks being created shortly after


It is possible that if a peer is connected to the master when it starts doing the hashcheck, the master may return an "access denied" message to the peer until the hashcheck is done. The peer will pick back up again afterwards.

Switching from SMB to HTTPS

Starting with Nomad 6.2, peer to peer sharing via HTTP(S) was introduced. By default, Nomad uses File and Print Sharing to share content between peers via the Nomad share. Some environments have File and Print Sharing disabled for security concerns, and thus cannot use Nomad in the default mode. As an alternative, we can now use either HTTP or HTTPS for peer to peer content transfer. In this task, we will make a change to the P2PEnabled setting in the registry on the Nomad clients to switch from SMB to HTTPS.

For HTTPS, Server Authentication certificates can be deployed via your PKI infrastructure. The configuration of the certificate is out of scope for this course. By default, during the Nomad installation a self-signed certificate is installed in the Personal certificate store. You can review the certificate via the Certificates mmc console. If you don't know how to do this, ask your instructor.
Import a Configuration Item to configure P2P transfer via HTTPS

In this task, you will import a predefined Configuration Item that is configured to set the P2PEnabled registry value to enable content transfer via HTTPS. We can use the existing Nomad CI and baseline we created earlier, however you will learn how to create each manually here. You will then add these to a new Configuration Baseline and deploy the baseline to the lab workstations in the next task. 

1ETRNCM

  1. On 1ETRNCM download and copy ConfigurationItems.zip from the SkyTap Shared Drive shortcut on the desktop by browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\ to C:\Temp once copied right click and extract all
  2. Open the ConfigMgr console and select the Assets and Compliance workspace
  3. Expand the Compliance Settings node, right-click Configuration Items and select Import Configuration data to start the Import Configuration Data Wizard
  4. On the Select Files page, click Add…, select C:\Temp\ConfigurationItems\EnableP2PviaHTTPS_CI.cab and click Open
  5. You will be prompted with a warning that the publisher of this cab file cannot be verified. Live dangerously and click Yes to continue
  6. Click Next. Review the details on the Summary page then click Next again to import the Configuration Item. Close the wizard when complete

Create and deploy a Nomad Configuration Baseline

In this task, you will create a Nomad Configuration Baseline that will include the Enable Nomad transfer via HTTPS Configuration Item imported in the previous task then deploy this to the Lab Workstations Collection.

1ETRNCM

  1. From the Assets and Compliance workspace in the ConfigMgr console, right-click Configuration Baselines and select Create Configuration Baseline to open the Create Configuration Baseline dialog box
  2. Enter 1E Client Configuration as the Name, then in the lower half of the dialog box, click the Add drop-down and select Configuration Items
  3. From the Add Configuration Items dialog box, select Enable P2P via HTTPS and click Add to add this to the Configuration Baseline you are now creating. Click OK to return to the Create Configuration Baseline dialog box, then click OK again to save the 1E Client Configuration baseline
  4. With the Configuration Baselines node selected, right-click the 1E Client Configuration baseline in the right-hand side of the ConfigMgr console and select Deploy to open the Deploy Configuration Baselines dialog box
  5. Ensure 1E Client Configuration appears in the list of Selected configuration baselines on the right side of the dialog box, and check the option Remediate non-compliant rules when supported
    If the remediation option is not selected, the baseline will simply evaluate the settings and report that they are not compliant. It will not actually change the settings to enable HTTP
  6. In the lower half of the dialog box, use the Browse… button to select the Lab Workstations collection from Device Collections, click OK and then click OK on the Deploy Configuration Baselines page
  7. From the Assets and Compliance workspace, select the Device Collections node, then right-click the Lab Workstations Collection and select Client Notification > Download Computer Policy (this will cause the clients to download and apply the new Configuration Baseline right away)

Validate P2P Enabled Setting change

All workstations

  1. On any of the lab workstations, run Regedit and navigate to HKLM\Software\1E\NomadBranch
  2. Validate the P2PEnabled setting, ensuring it is set to the default value of 9
  3. To expedite the process of evaluation (and remediation – i.e. setting the required registry values) on the clients, perform the following steps on each workstation
    1. Open the Configuration Manager client UI (from the shortcut on the desktop)
    2. Select the Configurations tab
    3. Select the 1E Client Configuration baseline and click Evaluate (if the baseline is not listed initiate computer policy and refresh the Configurations node till it appears)
    4. Confirm that the evaluation completes and the Compliance column shows Compliant
    5. Check the registry and ensure the value for P2PEnabled has changed to 0x0049(73)
    6. Repeat these steps on each workstation in the lab
    By default, the port used for HTTP is 5080, and the port used for HTTPS is 5443. These ports would need to be open for the respective method to work. The settings are, however, configurable. The setting for the HTTP port is P2PHTTPPORT, while the setting for the HTTPS port is P2PHTTPSPORT. Both settings can be found under the default Nomad Branch key in the registry at HKLM\Software\1E\NomadBranch.

Deploying a legacy Package with Nomad

In this exercise, you will configure a legacy package to use Nomad and then deploy it to the Lab Workstations collection and observe the behavior.

Set Up Nomad Event Viewer on 1ETRNW71

To prepare for the monitoring of this deployment, we will set up the Nomad Event Viewer on 1ETRNW71. Note that the Event Viewer is currently an internal 1E tool designed for demonstration and troubleshooting purposes, and has not been released externally.

1ETRNW71

  1. Log on to 1ETRNW71 as 1ETRN\User open the ConfigMgr Content Source folder from the desktop. Navigate into the Software folder
  2. Copy the NomadEventViewer folder to C:\Tools
  3. Double-click C:\Tools\NomadEventViewer\NomadEvtVwr.exe to launch the Nomad Event Viewer

  1. A few seconds after the event viewer has started you should see the clients appear as connected. Keep the event viewer open, as you will use it in a later task


We have listed the five lab workstations in the XML file that defines which machines are in scope for analysis by the event viewer, thus you'll see activity related to all the client workstations.

Configure a Package to use Nomad

1ETRNCM

  1. In the ConfigMgr console, open the Software Library workspace, expand the Application Management node and select the Packages node
  2. Right-click the Phonebook Package and select Properties from the context menu
  3. In the Phonebook Properties dialog box, select the Nomad tab, make the following changes, and click OK
  4. Check the Enable Nomad box
  5. Check Work Rate (%) and set the value to 10
    6. Note that in contrast to Applications, which use the same settings for all deployments, Nomad settings must be defined for each Package. In this example, we are slowing down the download from the DP (workrate) to make it easier to monitor.

Deploy the Program to Lab Workstations

1ETRNCM

  1. With the Packages node selected, right-click the Phonebook Package and select Deploy to start the Deploy Software Wizard
  2. On the General page browse for the Lab Workstations Collection, click OK, then click Next
  3. On the Content page, ensure the content is on the 1ETRNCM DP and click Next
  4. On the Deployment Settings page ensure Purpose is set to Required and click Next
  5. On the Scheduling page, Click New to create a new assignment schedule
  6. In the Assignment Schedule dialog, select the Assign immediately after this event option. Click OK to accept the As soon as possible option, then click Next
  7. On the User Experience page click Next
  8. On the Distribution Points page, ensure the Deployment Options are set to Download content from distribution point and run locally for both when the client is connected within a fast network boundary and within a slow or unreliable network boundary
    9. When using Nomad in a production, we assume the DP to be connected via a slow network connection. Nomad will take care of the download ensuring the network is not impacted.
  9. On the Summary page click Next to complete the wizard, then close the wizard when it completes
  10. Select the Lab Workstations collection, and download computer policy for all machines

Monitor the download

ALL workstations

    The VMs in the lab environment sometimes default to the Administrator login, so be sure that you are logging in as the account specified below.


  1. Log onto each of the workstations as 1ETRN\User and start the Nomad Download Monitor (Refer to 1.8.3 for a reminder of how to open the Nomad Download Monitor)

1ETRNW71

  1. On 1ETRNW71 watch the Nomad Event Viewer to identify the elected master

As there are two subnets there will be two masters indicated in the Event Viewer. This is the expected behavior unless the Single Site Download feature is being used.
Note from the Nomad Event Viewer that clients intermittently start and stop copying from the master. This is because they connect, download as much as is available and then disconnect, allowing other clients to obtain content from the master. As the master is downloading slowly (with a workrate of 10), the clients 'catch up' with the master and then disconnect, attempting to reconnect a minute later.

  1. Switch to the client that is the active master in either of the subnets and in the Nomad Branch (download monitor) interface click the Pause Job button. This will effectively take the client offline

  1. Switch back to 1ETRNW71 and observe the Nomad Enterprise – Event Viewer (for at least 2 minutes) to see what happens now the master has been taken offline


  1. After a new master has been elected, resume the download on the previous master (click the Resume Job button in the Nomad Branch download monitor, reversing the action of step 303)
  2. Switch to the master on each subnet and in the Nomad Download monitor; slide the Work Rate slider to 100 to speed up the remainder of the download
  3. Leave the Event Viewer and all Download Monitors open

Review the HTTPS download

Note in the Event Viewer that the P2P copy is done via HTTP. With the change made to the P2PEnabled setting, we've switched from SMB to HTTPS. We will now review the logs to see that HTTPS is being used for peer to peer sharing.

1ETRNW73

  1. Open the NomadBranch.log file on one of the machines that was not a master on either subnet. In this instance we are looking at 1ETRNW73

  1. Look for the election for content ID PS100014


  1. Once a master has been elected, the machine will begin copying from the master. Scroll down in the log to the point where copy of the content begins. Note the difference between the P2P copy for this content vs. the Application we deployed earlier

Now that we've made the change to the P2PENABLED setting, all content transfer for the rest of the labs will be via HTTPS.

Deleting content from the Nomad Cache

In some cases, you may need to remove content from the Nomad Cache manually. In this exercise, you will use the Nomad Cache Cleaner tool to remove the compressed package downloaded in the previous exercise.

Observe the Cached Content

1ETRNW102

  1. On 1ETRNW102, open C:\Windows and view the properties of the CCMCache folder. Note the overall size of the folder
  2. Open the CCMCache folder and locate the folder in which the PhoneBook package is cached (it will be the one with the most recent modified date)
  3. Open the Nomad cache folder (C:\ProgramData\1E\NomadBranch) and observe the PS100014_Cache folder where the PhoneBook package is cached

Run CacheCleaner to Remove a Specific Package

It may be necessary at time to manually make room in the Nomad cache. The CacheCleaner.exe tool may be used to do this. In this task, we will use CacheCleaner.exe remove the content associated with the PhoneBook package that we deployed previously.

1ETRNW102

  1. On 1ETRNW102, start a command prompt (run as administrator), change directory to C:\Program Files\1E\Client\Extensibility\NomadBranch and run cachecleaner -? to view the options available
  2. Now run the following command to remove the PS100014 package 


    3. Cachecleaner -DeletePkg=PS100014 -PkgVer=1
  3. Observe the activity in the NomadBranch.log and CAS.log. Nomad cachecleaner removes content from the ConfigMgr cache before removing it from the Nomad cache


    4. In this example, you specified the content version (PkgVer) on the cachecleaner command line. In some cases, you may not know the version that is in the cache or may want to remove any version that is found. In this case, you can use -PkgVer=*. If you use this option, the content will be removed from the Nomad cache, but will remain in the CCM cache.
    To remove content associated with Applications or Software Updates with Cachecleaner, you will need to determine the Content ID and specify this as the -DeletePkg option, e.g. cachecleaner -DeletePkg=Content_92df0e08-46f1-481b-8595-485c740a6a6a -PkgVer=1 You can get the content ID from the content folder name in the Nomad cache.
  4. Look in C:\Windows\ccmcache folder and note the PhoneBook package is removed. Do the same with the Nomad cache

Lab Summary

In this lab, you have learned how Nomad integrates with the ConfigMgr Software Distribution process to download content required to deploy Applications and Legacy Packages. You have identified the log files that show the activity of the various components involved in the download process and learned how to use the Nomad Download Monitor and Nomad Event Viewer to observe the behavior and interaction of Nomad clients. 
You have observed the Nomad election process occur as each client requests the content and when the master goes offline, (in this case when you paused the Nomad download). Depending on how long the content download took in each case, you may also have observed the periodic election that occurs every five minutes. You changed the P2P transfer method from SMB to HTTPS by simply making a change to the P2PEnabled setting in the registry via a configuration baseline.
Lastly, you have observed the Nomad Cachecleaner tool in action, used to remove cached content manually outside of the normal automatic purging.

Next Page
Ex 3 - Nomad 7.0 - Deploying Software Updates with Nomad