Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Advanced Panelboxes for Confluence
namegrey
titleExercise Overview:

Table of Contents
maxLevel3
minLevel2
indent20px
excludeSummary|On this page|In this section...
separatornewline


1ediscussion point

All command lines and queries used throughout the lab exercises are available by accessing the SkyTap Shared Drive shortcut on the desktop and browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\CommandLinesAndQueries.txt file to make copying and pasting within the virtual machines easier.

Installing the Nomad Components

In this lab, you will install ActiveEfficiency on the Application server, the Nomad Components on the ConfigMgr server, and the Nomad client on the Distribution Point and the workstations.

Install ActiveEfficiency Server

ActiveEfficiency Server is a core component of 1E solutions that discovers and stores information about the IT environment from various data sources. Nomad uses ActiveEfficiency to support the Single Site Download (SSD), Single Site Peer Backup Assistant (SSPBA), Nomad Pre-Cache and WakeUp Integration features. 

In this exercise, you will learn how to install and configure ActiveEfficiency Server for use with Nomad.

1ediscussion point

Other 1E solutions use ActiveEfficiency in different ways. This exercise covers the necessary steps required to install ActiveEfficiency for use with Nomad. Please refer to the ActiveEfficiency documentation for further information on sizing and capacity planning for your specific requirements.

Enable the Distributed Transaction Coordinator (MSDTC)

To support Nomad features, ActiveEfficiency will need to be able to synchronize with the ConfigMgr database. For this to succeed, the Distributed Transaction Coordinator needs to be configured. In this task, MSDTC will be set on the ConfigMgr server.

1evirtualmachine

1ETRNCM

  1. Log on to 1ETRNCM as 1ETRN\SCCMAdmin and launch Server Manager
  2. Open Component Services from the Tools menu
  3. Expand Component Services\Computers\My Computer\Distributed Transaction Coordinator
  4. Right-click on Local DTC and select Properties
  5. Select the Security tab
  6. In the Security Settings section, check the Network DTC Access.
  7. In the Client and Administration subsection, select Allow Remote Clients. In the Transaction Manager Communication subsection, check Allow Inbound and Allow Outbound with the Mutual Authentication Required option selected.
  8. Select the Enable XA Transactions checkboxes and uncheck the Enable SNA LU 6.2 Transactions checkbox
  9. In the DTC Logon Account section, accept the default of NT AUTHORITY\NetworkService
  10. Click OK
  11. A prompt will be displayed warning you that the MSDTC service will be restarted. Click Yes to proceed
  12. Click OK on the MSDTC Service dialog box
  13. Close the Component Services MMC Snap-in and close Server Manager

Install required Windows Role Services and Features

ActiveEfficiency requires certain Web Server Role Services, which you will install on the application server in this task.

1evirtualmachine

1ETRNAP


1eolstart
startat14


1eli
Log into 1ETRNAP as 1ETRN\AppInstaller and open Server Manager


1eli
From the Manage menu (top-right menu bar) select Add Roles and Features to start the Add Roles and Features Wizard


1eli
On the Before you begin page click Next


1eli
On the Select Installation Type page ensure Role-based or feature-based installation is selected and click Next


1eli
On the Select destination server page, ensure the local server (1ETRNAP.1ETRN.local) is selected and click Next


1eli
On the Select server roles page, locate and expand the Web Server (IIS) server role then expand the Web Server role service


1eli
Expand Common HTTP Features and select Default Document and Static Content


1eli
Expand Performance and select Static Content Compression


1eli
Expand Security and select Windows Authentication


1eli
Expand Application Development and select ASP.NET 4.6. You will be prompted to add the ISAPI Filters, ISAPI Extensions and .NET Extensibility 4.6 role services required by ASP.NET 4.6. Click Add Features to include these then click Next


1eli
On the Features page, select Message Queuing and click Next


1ediscussion point

ActiveEfficiency requires Microsoft Message Queuing (MSMQ) to support WakeUp integration with Nomad. If you are only using ActiveEfficiency for Nomad Single Site Download, MSMQ Is not needed, in which case, the 1E ActiveEfficiency windows service would not be installed when you install ActiveEfficiency Server. WakeUp integration is covered in an additional course module (1EWAK03-71 WakeUp and Nomad Integration) which can be appended to this course so we'll install MSMQ for future use. Additionally, the ActiveEfficiency Service is required for Nomad synchronization with the ConfigMgr database. This synchronization supports the Dynamic Nomad Precaching feature.No thats




1eolstart
startat25


1eli
The Confirm installation selections page should now show the following Role Services and Features





1eolstart
startat26


1eli
Click Install


1eli
When the installation completes, close the wizard


Install ActiveEfficiency Server

In this task, you will install ActiveEfficiency Server on the Application server (1ETRNAP)

1evirtualmachine

1ETRNAP


1eolstart
startat28


1eli

From the SkyTap Shared Drive shortcut on the desktop navigate to:
1E Nomad Course Content\Nomad 7.0 Course Content\ download and copy 1EActiveEfficiency.zip to C:\Temp once copied right click and select extract all


1eli
From the Windows Start screen, right-click Command Prompt and select Run as administrator


1eli

Switch to the C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62 folder and run the following command line to start the ActiveEfficiency installation wizard


Code Block
msiexec /i ActiveEfficiencyServer.msi patch=C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62\Q20481-activeefficiencyserver.v1.10.0.62.msp /l*v AEServer-Install.log


1eli
On the Welcome page click Next


1eli
On the License Agreement page select, I accept the terms of the license agreement and click Next


1eli
On the Prerequisite Checks page, ensure all checks have passed and click Next


1ediscussion point

As noted previously, it is possible to install ActiveEfficiency Server without the 1E ActiveEfficiency windows service if you are not using any of the features that require this service. If MSMQ is not installed at this point in the ActiveEfficiency Server installation wizard, the MSMQ check will fail, but installation can proceed. You can add the 1E ActiveEfficiency Service at a later date by installing MSMQ then uninstalling and reinstalling ActiveEfficiency Server.


1eli
On the Destination Folder page accept the default location and click Next


1eli
On the Database Server page select the (local) database server from the drop down and leave the database name as ActiveEfficiency. Click Next


1ebest practice

In production environments, it is best practice to create the ActiveEfficiency database at the required size before running the installation to avoid the database files having to auto-grow considerably, which would impact performance.


1eli
On the ActiveEfficiency Website Settings click Next


1eli
On the Nomad synchronization page, check the Enable Nomad Sync option, enter


1eimplementationicontable

1ETRNCM 
CM_PS1 
5


1eli
On the Ready to Install the Program page click Install


1ediscussion point

The Installing database step takes several minutes to complete.


1eli
When the wizard completes, click Finish


Review the installation

In this task, you will observe the changes made by the ActiveEfficiency server installation

1evirtualmachine

1ETRNAP


1eolstart
startat40


1eli
Browse to C:\Program Files (x86)\1E\ActiveEfficiency and note the following folders


Folder

Description

Notes

Database

Files used to create and manage the database

Always created

DeployCertificate

Binaries associated with deploying a certificate to the client for communication with the 1E ActiveEfficiency cloud service

Only created if MSMQ prerequisite is installed

Service

Binaries associated with the ActiveEfficiency service

Only created if MSMQ prerequisite is installed

Web

Binaries associated with the ActiveEfficiency Web Service

Always created


1eli
Open the Internet Information Services (IIS) Manager and expand the 1ETRNAP server node


1eli
Select the Application Pools node and note the ActiveEfficiency Application Pool, running with the identity of NetworkService


1eli
Expand Sites, then the Default Web Site and select the ActiveEfficiency Web Site. Click the Basic Settings link (under Actions on the right) and note that the physical location is the Web\WebService folder identified in step 41. Click Cancel to close the dialog box


1eli
Close Internet Information Services (IIS) Manager


1eli
Open Chrome and browse to http://localhost/ActiveEfficiency


1ediscussion point

This page provides a simple interface to the ActiveEfficiency web service, which is used to read or write data in the ActiveEfficiency database. Nomad uses the Devices and Locations tables that are exposed through this interface, as well as some other tables that are not.


1eli
Click the Devices and Locations links in turn and observe devices and locations are currently empty. In a later exercise you will populate Locations, and later the 1E Clients will register with ActiveEfficiency and populate Devices


1eli
Open the Registry Editor and navigate to HKLM\Software\Wow6432Node\1E\ActiveEfficiency. The values in this registry key define the ActiveEfficiency website settings, installation directory, SQL server instance, and ActiveEfficiency version. Close the Registry Editor


1eli
Start the SQL Server Management Studio from the Start screen and connect to the local server. Expand the Databases node and note the ActiveEfficiency database


1eli
Expand the ActiveEfficiency database and review the tables. Close SQL Server Management Studio



1evirtualmachine

1ETRNCM


1eolstart
startat50


1eli

Open Computer Management on 1ETRNCM and look at the properties of the ConfigMgr_DViewAccess local group. Note that 1ETRN\1ETRNAP has been added to the group


Installing the ConfigMgr Console extensions for Nomad

To enable the ConfigMgr client to interpret the Nomad settings and ensure Content Transfer Manager hands over content transfer jobs to Nomad to download content, we need to extend the standard software deployment and client settings policies associated with Packages, Applications and Software Updates. The additional Nomad attributes are configured through the ConfigMgr console by way of custom console extensions, which add properties pages to the standard Package, Driver Package, Operating System Image, Boot Image, Task Sequence, and Client Settings dialog boxes and wizards. In this exercise, you will install these ConfigMgr console extensions on the ConfigMgr server.

1ediscussion point

In a production environment, where you may have the ConfigMgr console installed on additional administrators' workstations, you would need to install the console extensions on any machine running the ConfigMgr console.

Install Nomad ConfigMgr Console Extensions

In this task, you will install the Nomad extensions to the ConfigMgr console on the CM server.

1evirtualmachine

1ETRNCM


1eolstart
startat51


1eli
Log on to 1ETRNCM as 1ETRN\SCCMAdmin


1eli
Ensure the ConfigMgr console is closed


1eli
From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content\ download and Copy NomadBranch.v7.0.0.205.zip to C:\Temp once copied right click and extract all


1eli
From the Start screen, right-click Command Prompt and select Run as administrator. Change directory to C:\Temp\NomadBranch.v7.0.0.205\NomadBranch.v7.0.0.205 and run the following command


Code Block
msiexec /i NomadBranchAdminUIExt.msi /l*v NomadUIExt-Install.log


1eli
On the Welcome screen, click Next


1eli
Accept the terms in the license agreement on the License Agreement page and click Next


1eli
On the Nomad Pre-Caching page, enter http://1ETRNAP/ActiveEfficiency for the ActiveEfficiency URL and click Next


1eli
On the Nomad Tachyon Integration page, click Next


1eli
On the Ready to Install the Program page click Install


1eli
When the installation has completed, click Finish


Confirm the admin console extensions have been installed

1evirtualmachine

1ETRNCM


1eolstart
startat61


1eli
Start the ConfigMgr Console from the taskbar


1eli
Open the Administration workspace and select the Client Settings node


1eli
Note that the ribbon has a 1E Nomad button. Click the button and select Nomad Properties


1eli
Note that Nomad Settings dialog enables you to configure Nomad settings for Application Management and Software Updates. Do not make any changes at this point (click Cancel)


1eli
Open the Software Library workspace and expand the Application Management node. Click on the Packages node


1eli
Right-click the CMTrace package and note that there is a new item at the bottom of the context menu named Pre-cache content using Nomad. We will explore that feature later in the lab exercises


1eli
Select Properties from the context menu


1eli
Note that a new Nomad tab has been added to the Package Properties dialog box


1eli
Click Cancel in the dialog box to close it without any changes


1eli
Close the ConfigMgr console


Installing the Nomad Tools for OSD

To extend Nomad functionality as it relates to OS Deployment, we need to install certain Nomad components onto each Primary Site Server where we intend to administer task sequence packages to use Nomad as the Alternate Content Provider. In this exercise, you will install the tools and observe the changes made by the installation.

Install the Nomad Tools for OSD

1evirtualmachine

1ETRNCM


1eolstart
startat71


1eli
From the previously used command prompt, run the following command


Code Block
msiexec /i NomadBranchTools.msi /l*v NomadTools-install.log


1eli
On the Welcome screen, click Next


1eli
Accept the terms of the license agreement on the License Agreement page and click Next


1eli
On the Ready to Install the Program page click Install


1eli
When the installation has completed, click Finish


Confirm the Nomad Tools for OSD installation


1eolstart
startat76


1eli
Open the ConfigMgr console. Open the Software Library workspace, expand the Operating Systems node and select Task Sequences


1eli
Right-click the Windows 10 Ent – Basic ConfigMgr Task Sequence and select Edit from the context menu


1eli
In the Windows 10 Ent – Basic ConfigMgr Task Sequence Editor, click on the Add button and note that 1E tasks that have been added to the Task Sequence editor


1ediscussion point

If Add does not open the list of tasks, close the ConfigMgr console and the VM tab in your browser and reopen it.


1eli
Click Cancel to close the Task Sequence editor without saving any changes


1eli
Browse to C:\Program Files\Microsoft Configuration Manager\OSD\bin\i386 and sort files by Date Modified (descending). Note the following files have been added


1ediscussion point

If you don't see the files, you are likely in the wrong place. Please ensure you are using the correct path, for this task as well as the task below!

C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62




1ediscussion point
These are the files you should see in the folder.



1eolstart
startat81


1ediscussion point

64-bit versions of these tools are also installed in the OSD\Bin\x64 folder.


1eli
Open C:\Program Files\Microsoft Configuration Manager\bin\x64\osdinjection.xml in Notepad


1eli
Search for any of the files listed above and confirm they have been added


1eli
Close the XML file, ensuring no changes were made. If asked to save the file, click Don't Save


1ediscussion point

This manifest defines the files that are to be added into the Windows PE boot image when it is updated on a DP. Note that the files listed above, except the .PDB files, have been added to this manifest, ensuring that they will be added to all boot images that are updated on a DP from this point on.


The Nomad Dashboard – First Look

Nomad 6.x introduced the Nomad Dashboard that provides a graphical summary of how Nomad is configured and operating within your estate. Accessible within the CM console or via a Web browser, it has a set of tiles that provide you with a view of all your Nomad related activities.

1ehot tip

The Nomad client health tile will no longer populate, client health should be checked using Guaranteed State within Tachyon.

The Nomad Dashboard

1evirtualmachine

1ETRNCM


1eolstart
startat84


1eli
Open the Monitoring workspace in the ConfigMgr console and expand the 1E Nomad folder at the bottom of the left-hand pane. Note the two items: Dashboard and Pre-caching Jobs. Pre-caching Jobs will be empty right now


1eli
Select Dashboard and observe the tiles presented in the main pane. There won't be much to look at right now, but we will come back to the Dashboard at different times to observe the data presented here


1eli
Hover over the different bars in the Content by type tile to see status of Nomad across the different content


1eli
Use [CTRL +] and [CTRL -] to adjust how the tiles are displayed in the dashboard


1ediscussion point

Make sure you click in the dashboard prior to using [CTRL -] as it will lower the display size (zoom) percentage of the browser hosting the VM and shrink it down.


1eli
Browse to http://1ETRNAP/ActiveEfficiency/NomadDashboard in a browser to see the Nomad Dashboard as a standalone web page.  The [CTRL +] and [CTRL -] work in the web page as well


1ediscussion point

This allows access to the Nomad dashboard without provisioning rights within the ConfigMgr console.


Understanding IIS Request Filtering on DPs

IIS 7 introduced IIS Request Filtering. This security feature allows administrators to configure IIS to block requests for specific file types and URL paths that include specific folder names or special characters. By default, IIS Request Filtering will block a number of file extensions and folder paths that may occur in distribution of content (Packages, Applications and Software Updates). 

Although the Microsoft documentation highlights this issue (http://technet.microsoft.com/en-gb/library/gg712264.aspx#BKMK_RequestFiltering), the ConfigMgr client actually bypasses this security measure by using a custom method when querying for the file rather than a standard HTTP GET for the file directly. 1E has developed Nomad per Microsoft security best practice, which means that we do a standard HTTP GET for the file that will be filtered by the IIS Request Filtering security feature. It is therefore necessary when using Nomad to follow the guidance in the Microsoft documentation and configure the IIS Request Filter on all Distribution Points to allow any file extensions, paths and special characters that may occur in your ConfigMgr content.
In this exercise, you will learn how to modify the filters to accommodate different scenarios.

View default restrictions

In this task, you will observe the file extensions and URL path elements that IIS Request Filtering blocks by default.

1evirtualmachine

1ETRNCM


1eolstart
startat89


1eli
On 1ETRNCM start Internet Information Services (IIS) Manager from the Start screen


1eli
Select the 1ETRNCM server in the tree view on the left, then double-click the Request Filtering icon in the panel on the right (grouped under IIS) to view the Request Filtering properties page


1eli
Select the File Name Extensions tab. This shows all the file extensions that are blocked by default. Note that by default, any file extensions not listed here are allowed. Nomad will fail to download any content that includes any of these file types


1eli
Select the Hidden Segments tab. This shows all the folder names that are blocked by default. Nomad will fail to download any content where the URL path includes and of these Hidden Segments


Allowing restricted file extensions

In this task, you will learn how to reconfigure the Request Filtering to allow specific file extensions (in this case .config) to be served by the DP by removing the File Name Extension from the filter.

1evirtualmachine

1ETRNCM


1eolstart
startat93


1eli
Copy the CommandLinesAndQueries.txt file into c:\temp. This will ensure no changes are made mistakenly to the master copy of the file!


1ehot tip

The 'appcmd.exe' command lines used in the upcoming Tasks are available From the SkyTap Shared Drive shortcut on the desktop and browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\CommandLinesAndQueries.txt file. You may prefer to copy and paste the command lines into the command prompt to avoid typing errors.


1eli
Start a command prompt (run as administrator) and change directory to C:\Windows\System32\inetsrv


1eli
Run the following command


Code Block
appcmd set config /section:requestfiltering /-fileExtensions.[fileextension='.config']


1ehot tip

Although for optimal security you should only allow the specific file types that are included in your various packages, applications and software updates, practically you will probably want to remove all of the file extension filters on your DPs.


Allowing restricted folders (Hidden Segments)

In this task, you will learn how to reconfigure the Request Filtering to allow the \bin path segment that is blocked by default.

1evirtualmachine

1ETRNCM


1eolstart
startat96


1eli
From the command prompt, run the following command


Code Block
appcmd set config /section:requestfiltering /-hiddensegments.[segment='bin']


Allowing special characters (Double Escaping)

The third filtering option that may prevent Nomad from downloading content is allowDoubleEscaping. By default, any path or filename that includes special 'escape' characters are blocked by default. In this task, you will learn how to allow files with these special characters in their name to be downloaded.

1evirtualmachine

1ETRNCM


1eolstart
startat97


1eli
From the command prompt, run the following command


Code Block
appcmd set config /section:requestfiltering /allowdoubleescaping:true


1eli
Repeat the steps in the exercise View default restrictions to view the effects of the changes you have made. The .config file extension should no longer be listed, nor should the bin folder in the Hidden Segments tab. (You may need to refresh the screen if IIS Manager was already open on the Request Filtering page)


Preparing for 1E Client Deployment

The Nomad agent functionality has been moved into the 1E Client Nomad Module in version 7 of Nomad. The 1E Client needs to be installed on all ConfigMgr Distribution Points and all clients. In this exercise, you will use the 1E Client Deployment Assistant to prepare for the installation of the 1E Client on the distribution point and clients in the lab.

Run the 1E Client Deployment Assistant

1evirtualmachine

1ETRNCM


1eolstart
startat99


1eli
On 1ETRNCM, logged on as 1ETRN\SCCMAdmin, open the SkyTap Shared Drive shortcut on the desktop and navigate to 1ETools\ClientDeploymentAssistant.v1.4.0.27.zip copy the file to C:\Temp then right click and extract all


1eli
Double-click the 1EClientDeploymentAssistant.exe file in C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 to launch the wizard interactively


1eli
On the Welcome page, click Next to begin


1eli
Accept the license terms on the License Terms page and click Next


1eli
On the ConfigMgr Connection page, with the Local ConfigMgr Site Server option selected, click the Connect button. When the status says "Connected", click Next


1eli
On the 1E License File field click browse and select our licenses.txt file


1eli
On the General Settings page, in the 1E ActiveEfficiency Server URL field type in http://1etrnap/ActiveEfficiency


1ediscussion point

We could pre-populate these fields by editing the values in the AppImport.xml file in the 1E Client Deployment Assistant folder.


1eli
On the Application Content Source and the Package Content Source fields type in \\1ETRNDC\ConfigMgrSource\Software


1ediscussion point

The Application and Package content locations may be different in some production environments, but this training environment uses a common content location.


1eli
Check the Distribute Content box and ensure that All Distribution Points is selected by default for the Distribution Point Group. Click Next on the General Settings page


1eli
On the Agent Selection page, uncheck everything except PXE Everywhere 3.2.0.56 and 1E Client 4.1.0.267 and note that the license key for PXE Everywhere is imported from the licenses.txt file. Click Next


1eli
On the PXE Everywhere 3.2.0.56 page check the Create Application and Create Package boxes. We do not need to create a deployment as we will deliver PXE Everywhere in a Task Sequence in order to stage our boot image. Uncheck the Create Application Deployment. Click Next


1eli
On the PXE Everywhere settings page set the PXE Everywhere Central Web Service to: http://1etrncm.1etrn.local/PXELite/PXELiteConfiguration.asmx


1eli
On the 1E Client 4.1.0.267 page, ensure that both Create Application and Create Application Deployment are selected along with Create Package. Ensure that the limiting collection is set to All Desktop and Server Clients and click Next


1ediscussion point

The Client Deployment Assistant allows for the creation of packages and applications. Certain environments prefer one over the other. You can deselect either one, however, we will create both for this lab. We will deploy the client via the application, however use the package in a Task Sequence later in the labs.


1eli
On the Tachyon and other client Settings page, uncheck the Enable Tachyon, and Enable Inventory checkboxes. We are not using these features in this class. Click Next


1eli
On the Nomad Client Settings page, check the Enable Nomad checkbox, and accept the defaults for Log Path and Log Size. Ensure that only Hidden Nomad Share and Prevent Failing Over to BITS are selected. Click Next


1ediscussion point

We will be enabling Single Site Download, Fanout and Peer Backup Assistant in later lab exercises.


1eli
On the Summary page, wait for the summary to be compiled. Review all the actions that will be performed based on the settings selected in the wizard. When finished reviewing the summary, click Create


1eli
The progress will be displayed as each task is completed. When the status is displayed as Successful, click Next


1eli
On the Completionpage, note that all tasks completed successfully. Click Finish


Observe the results of running the 1E Client Deployment Assistant Wizard

In this task, we will observe the ConfigMgr objects created by running the 1E Client Deployment Assistant wizard.

1evirtualmachine

1ETRNCM


1eolstart
startat117


1eli
Open the ConfigMgr console, select the Assets and Compliance node and click on Device Collections


1eli
Note that the 1E Client 4.1.0.267 – Required collection is created with All Desktop and Server Clients as the limiting collection and that there are no members


1eli
Click on the Deployments tab for the collection and note that the 1E Client 4.1.0.267 Application is deployed to this collection


1eli
Click on the Software Library node and select Applications in the Application Management section


1eli
Click on the 1E Client 4.1.0.267 application and select the Deployment Types tab at the bottom of the console


1eli

Note that the application has two Deployment Types created – 1E Client x86 and 1E Client x64


1ediscussion point

When the 1E Client Deployment Assistant wizard is run, the deployment types that are created have been limited (using prerequisites) to workstation operating systems for the Nomad x86 deployment type and workstation and server operating systems for the Nomad x64 deployment type. This behavior is defined in the AppImport.xml file in the: C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 folder.


1eli
Right-click the 1E Client x64 Deployment Type and select Properties


1eli
Click on the Requirements tab, select the Operating system Requirement Type and click Edit


1eli
In the list of operating systems, scroll down, and select the Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019. Click OK


1eli
Click OK to close the 1E Client x64 Properties


1eli
Select Packages under Application Management and note that there are two packages created – one for x86 and one for x64 and that each Package has two programs – one for install and one for uninstall


Deploy the 1E Client

In this exercise, we will use the collection and application created by the Endpoint Agent Installation wizard to deploy the 1E Client to all workstations.

Deploy 1E Client to Workstations and Distribution Point

1evirtualmachine

1ETRNCM


1eolstart
startat128


1eli
On 1ETRNCM, select the Assets and Compliance node of the ConfigMgr console and click on Devices


1ehot tip

Ensure all workstations have been powered on in SkyTap.


1eli
Select the following machines from the device list (You may hold the CTRL key down and use multi-select)


1eimplementationicontable

1ETRNCM
1ETRNW71
1ETRNW72
1ETRNW73
1ETRNW101
1ETRNW102


1eli
Right-click on any of the selected devices and choose Add Selected Items > Add Selected Items to Existing Device Collection


1eli
Select 1E Client 4.1.0.267 – Required and click OK


1eli
Under Assets and Compliance, select Device Collections and observe the 1E Client 4.1.0.267 – Required collection. If the member count is still zero, you may need to refresh the collection to see the member count display six members


Monitor the progress of the installation

1evirtualmachine

1ETRNCM


1eolstart
startat133


1eli
In the ConfigMgr Console, select the Assets and Compliance workspace, select the Device Collections node then right-click 1E Client 4.1.0.267 – Required and select Client Notification > Download Computer Policy. A dialog box will pop up indicating there are six resources in this Collection. Click OK


1ediscussion point

This process will cause each of the ConfigMgr clients to download the new deployment policy you have just created rather than waiting for them to do it on their regular schedule. In the lab environment, this interval is only 5 minutes rather than the default value of 60 minutes.


1eli
Select the Monitoring workspace and select the Deployments node


1eli
Right-click the 1E Client 4.1.0.267 deployment and select View Status monitor the progress (refresh periodically to view updated status information)


1ediscussion point

Please note that this may not be updated very quickly because this information is provided by status/state messages sent up from the individual ConfigMgr client. Take a 5 minute break, and if it has still not updated, proceed to the next task – you will likely find that the agent has already been installed.


Review the Installation on the Workstations

1evirtualmachine

1ETRNW71


1eolstart
startat136


1eli
Log on to 1ETRNW71 as 1ETRN\User


1ediscussion point

1ETRN\User is a member of the Workstation Admins group and will be able to perform administrative tasks on the Lab Workstations.


1eli
Double-click the services.msc shortcut on the desktop


1eli
Note the 1E Nomad Branch and 1E Client services are running


1eli
Leave the Services interface open and from the Start menu, right-click Computer and select Manage


1eli
In the Computer Management interface, expand the Local Users and Groups node and click on the Users folder


1eli
Note that the local user SMSNomadP2P& has been created


1eli
In the Computer Management interface, expand the Shared Folders node and click on Shares


1eli
Note that the NomadSHR$ share has been created. This is the Nomad cache


1eli
Right-click the NomadSHR$ and select Properties from the context menu


1eli
In the NomadSHR$ properties dialog, on the General tab, note the path to the share, and the 6 user (connection) limit


1eli
Select the Share Permissions tab and note the permissions applied to the share


1eli
Cancel the NomadSHR$ properties dialog to return to the Computer Management interface


1eli
Leave the Computer Management interface open and return to the Services interface


1eli
Right-click the 1E Nomad Branch service and select Stop


1eli
Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is deleted when the service is stopped


1eli
Switch to the Services interface and start the 1E Nomad Branch service


1eli
Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is recreated when the service starts


1ediscussion point

The Nomad share is deleted every time the Nomad service is stopped. The content in the Nomad share will still reside on the machine but won't be shared unless the service is running.

If the P2P protocol is changed to HTTP(S), the share no longer plays a role in content sharing. The share will still exist, but will not be required, because we are no longer using SMB to connect to a share to copy content.


1eli
Close the Services interface and the Computer Management interface


1eli
Start Windows Explorer and browse to C:\ProgramData\1E\NomadBranch. This is the folder that is shared as NomadSHR$, and is the root of the Nomad cache


1eli
Browse to the ConfigMgr Logs folder on the desktop and double-click the NomadBranch.log to open it. You will use this log file in future exercises to follow Nomad processing a distribution


1eli
Observe the Nomad service startup activity at the beginning of the log. Note that the agent has created a hidden share, and has automatically set the option to use HTTP and SMB because it has detected an installed CM client




1ediscussion point
Your log should look like this.



1eolstart
startat157


1eli
Close the NomadBranch.log file


1eli
From the Start menu run regedit


1eli
Navigate to HKLM\Software\1E\NomadBranch. This registry key contains all the configuration options used by Nomad


1ediscussion point

In later labs you will learn how to use the Configuration Manager Compliance and Settings feature to manage the 1E Client settings in this registry key after the agent has been installed.


Changing the StatusMsgEvents using a the Create Nomad Baseline functionality

Nomad 6.3 introduced new functionality to manage Nomad settings on the client. Best practice is to manage client settings, which all reside in the registry, using CI's deployed via Configuration Baselines. Nomad has now productized this functionality to simplify the management of client settings. In this task, we will change the value of StatusMsgEvents from 0 to a specific number so the clients send data back to ActiveEfficiency which will then be used by the Nomad Dashboard.


1evirtualmachine

1ETRNCM


1eolstart
startat160


1eli
Logged in as 1ETRN\SCCMAdmin navigate to the Assets and Compliance workspace in the ConfigMgr console




1eolstart
startat161


1eli
Expand Compliance Settings, click on Configuration Baselines. Note the Create Nomad Baseline button in the ribbon




1eolstart
startat162


1eli
Click the Create Nomad Baseline button to start the wizard


1eli
On the Configuration Type page, input Nomad Settings into the name


1eli
Configuration Type – leave Configure settings manually selected. Configure settings using MSI Transform would be selected if you had a transform (.mst) created to perform the settings changes required. This setting will allow you to import the .msi and .mst files so you do not have to recreate the settings. Click Next


1eli
On the Nomad Settings page, start typing StatusMsgEvents into the Registry Value Name field. It should autofill. Click on the value


1eli
In the Registry Value box, input 0x1000000064. Click Next


1ehot tip

Copy the value from the doc so the correct value will be used. There are 7 zeros between the 1 and the 64.


1eli
On the Summary page, click Apply


1eli
Once completed, click Finish


Review the Configuration Baseline


1eolstart
startat169


1eli
Click on the Assets and Compliance workspace in the ConfigMgr console


1eli
Expand the Compliance Settings node. Select Configuration Items and Right-click on the newly created Configuration Baseline named Nomad Registry Settings - Nomad Settings and select Properties


1eli
Click on the Settings tab and note StatusMsgEvents Registry Value setting


1eli
Click the Edit button to review the setting


1eli
Click on the Compliance Rules tab to confirm the condition reflects the value we defined for the setting. Click Cancel


1eli
Click on the Compliance Rules tab of the CI and note that Remediate is set to Yes. Click Cancel to close out of the CI


1eli
Navigate to the Configuration Baselines node and note the newly create baseline


1eli
Right-click the Nomad Settings baseline and select Properties


1eli
Click on the Evaluation Conditions tab and confirm the CI we just reviewed is listed there. Click Cancel


1eli
Right-click the Configuration Baseline and select Deploy


1eli
Check the Remediate noncompliant rules when supported and select Lab Workstations as the collection. 




1ediscussion point
This is what your window should look like this.  Then click Ok



1eolstart
startat180


1eli
From the Device Collections node, right-click the Lab Workstations collection and initiate a machine policy refresh by selecting Client Notification - Download Computer Policy



1evirtualmachine

1ETRNW71


1eolstart
startat181


1eli
On 1ETRNW71, logged in as 1ETRN\User, run regedit


1eli
Navigate to HKLM\software\1E\NomadBranch. Confirm the StatusMsgEvents setting is set to 0x0. Leave regedit open


1eli
Open the ConfigMgr applet from the desktop


1eli
Click on the Configurations tab and note the Nomad Settings baseline present


1ediscussion point

It might take a minute or two for policy to refresh and the baseline to show. If you do not see it, wait a minute and then click Refresh.


1eli
Click the Evaluate button, then Refresh. Note the Compliance value change to Compliant


1eli
Return to regedit and refresh the view. Confirm the StatusMsgEvents settings has changed to the value we specified in the Configuration Item


Review the installation on the Distribution Point

The installation on the DP server results in the same 1E Client component being installed on the server, however the service will perform the LsZ generation and RDC processing as it identifies that it is running on a Site Server and DP.

1evirtualmachine

1ETRNCM


1eolstart
startat187


1eli
From the Start menu, click Services


1eli
Note the 1E Nomad Branch and 1E Client services are running


1eli
From the Start screen, start typing regedit and click regedit when it appears in the Search results. Note the HKLM\Software\1E\NomadBranch registry key


1ediscussion point

As 1ETRNCM is running a 64-bit OS, the 64-bit version of the 1E Client has been installed based on the requirements of the Deployment Type.


1eli
Navigate to C:\ProgramData\1E\NomadBranch folder. Note that as this is a DP, the agent has created the LSZFILES folder. Note that the folder is empty. When content is requested, this is where the LSZ files will be generated and stored


1eli
Open the C:\Windows\CCM\Logs folder and double-click the NomadBranch.log file


1ediscussion point

Note that we set the log file path in the Endpoint Agent Installation wizard based on where the ConfigMgr client logs are on client systems (C:\Windows\CCM\Logs) to make access to the CM client logs and the Nomad logs easier. Since this server had the management point role installed prior to the CM client installation, the CM client logs are actually located in C:\Program Files\SMS_CCM\Logs.


1eli
Near the top of the log file, notice that the computer (1ETRNCM) has been identified as an SMS Site Server and an SMS Distribution Point




1ediscussion point
This is what your log should look like when Nomad identifies the DP



1eolstart
startat193


1eli
Note also that the HTTP LsZ generation option (normally set in SpecialNetShare) has also been enabled as Nomad has detected this is a ConfigMgr Distribution Point and will therefore be using HTTP




1ediscussion point
This is what the log looks like when Nomad is installed on a DP for HTTP LsZ Generation



1eolstart
startat194


1eli
Open Internet Information Services (IIS) Manager from the Start menu and expand 1ETRNCM\Sites\Default Web Site


1eli
Note the LSZFILES and NOMAD_PKGCACHE virtual directories


1ediscussion point

These virtual directories are in C:\ProgramData\1E\NomadBranch\LSZFILES and C:\ProgramData\1E\NomadBranch\NOMAD_PKGCACHE respectively. The LSZFILES directory store the LsZ files used for content validation and the NOMAD_PKGCACHE is the storage location for compressed (also compressed and encrypted) content when the Nomad SECure feature is used to compress the content.

The Client version distribution tile in the Nomad Dashboard will eventually reflect the deployment of the 1E Client, but this will take a little time. A hardware inventory sync from the client machines must happen, and then that data is synced into ActiveEfficiency to populate the data in the dashboard tiles.


Installing the Nomad Download Monitor

The Nomad Branch Download Monitor is a useful admin tool to monitor Nomad activity on either the local or a remote client. In this exercise, you will create a new Application to install the download monitor and then deploy this to all workstations.

Create the Nomad Download Monitor Package and Program

1evirtualmachine

1ETRNCM


1eolstart
startat196


1eli
From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content and download DownloadMonitor.zip to c:\temp. Right click the file and choose Extract All. Copy the DownloadMonitor folder to \\1etrndc\ConfigMgrSource\Software. The DownloadMonitor folder contains the installer (msi) file and a transform (mst) file


1eli
A shortcut to the ConfigMgrSource location has been created on the desktop, named ConfigMgr Content Source


1eli
From the ConfigMgr Console, open the Software Library workspace, expand the Application Management node


1eli
Right-click the Packages node and select Create Package to start the Create Package and Program Wizard


1eli
On the Package page, enter Nomad Download Monitor as the Name. Check the option This package contains source files then click the Browse… button and enter or browse to \\1ETRNDC\ConfigMgrSource\Software\DownloadMonitor as the source folder. Click OK to close the Set Source Folder dialog, then click Next


1eli
On the Program Type page ensure Standard program is selected and click Next


1eli
On the Standard Program page enter the following details and click Next


1eimplementationicontable

Name: Install Nomad Download Monitor
Command line: msiexec /i NomadBranchGUI.msi TRANSFORMS=NomadGUIAdvancedMode.mst /qn
Program can run: Whether or not a user is logged on


1ediscussion point

The default install of the Nomad Download Monitor is in Basic Mode (UI=0). Basic Mode provides only progress bars. Advanced Mode (UI=1) allows adjustment of the workrate and allows connection to remote clients for remote monitoring. The transform contains the configuration to allow Nomad Download Monitor to be deployed in Advanced Mode.


1eli
Click Next


1eli
On the Requirements page click Next


1eli
On the Nomad Settings page select Enable Nomad and click Next


1ediscussion point

This will be the first bit of content that the newly installed Nomad clients will download.


1eli
On the Summary page, click Next then close the wizard when it completes


1eli
From the Packages node, right-click the Nomad Download Monitor package and select Distribute Content to start the Distribute Content Wizard


1eli
On the General page click Next


1eli
On the Content Destination page click Add, select Distribution Point, and select the 1ETRNCM.1ETRN.LOCAL Distribution Point. Click OK. Click Next


1eli
On the Summary page click Next, then click Close when the wizard completes


Deploy the Nomad Download Monitor

In a production environment, you would normally only deploy the Nomad Download Monitor to administrators' workstations, using the Advanced UI (UI=1) option to allow connection to any 1E Client for monitoring. In this task, you will deploy the Download Monitor onto all workstations for convenience.

1evirtualmachine

1ETRNCM


1eolstart
startat211


1eli
From the Packages node in the ConfigMgr Console, right-click the Nomad Download Monitor package and select Deploy to start the Deploy Software Wizard


1eli
On the General page, select the Lab Workstations Collection by clicking the Browse… button to the right of the Collection field. Once the collection is selected click OK to close the Select Collection dialog. Click Next


1eli
On the Content page ensure the 1ETRNCM Distribution Point is listed in the top half of the page and click Next


1eli
On the Deployment Settings page, note that the Action is set to Install and ensure that the Purpose to Required and click Next


1eli
On the Scheduling page click New… to create a new Assignment Schedule then from the Assignment Schedule dialog box click OK to use the default (current time) schedule and return to the Scheduling page. Click Next


1eli
On the User Experience page select Allow users to run the program independently of assignments and click Next


1eli
On the Distribution Points page ensure the Deployment options are set to Download content from distribution point and run locally in both drop-downs, make sure the box Allow clients to use distribution points from the default site boundary group is unchecked, click Next


1eli
On the Summary page, review the settings and click Next


1eli
When the wizard completes click Close


1eli
Use the Client Notifications feature (as described in step 134) to make sure all the clients in the Lab Workstations Collection download the new deployment policy without having to wait



1evirtualmachine

1ETRNAP


1eolstart
startat221


1eli
Open a Command Prompt (run as administrator) and switch to the C:\Program Files (x86)\1E\ActiveEfficiency\Service directory


1ediscussion point

Leave the command prompt window open, we'll be back shortly to use it again.


1eli
Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency


Code Block
ServiceHost.exe -NomadSyncAll


1ediscussion point

We are forcing a sync between ConfigMgr and ActiveEfficiency here to review the status of this deployment in the Nomad dashboard.



1evirtualmachine

1ETRNCM


1eolstart
startat223


1eli
Open the Nomad Dashboard under the Monitoring workspace and observe the Deployments tile


1eli
The Download Progress for this deployment should indicate what percentage of the targeted machines have started the download yet. The percentage will be driven by how fast the machines retrieved the software distribution policy


1eli
The Caching Metrics tile will potentially have data available, but this is dependent on machines retrieving policy


1eli
We will revisit these tiles in a few minutes to see what changed


1eli
The Client version distribution tile might now show the client version of some or all clients as well


Verify the installation

1evirtualmachine

All Workstations


1eolstart
startat228


1eli
When the above deployment has completed on the clients, log on to all of them as 1ETRN\User and check the following




1eolstart
startat229


1eli
Note the new Nomad icon in the system tray.




1eolstart
startat230


1eli
If the download monitor is not running, launch it from the Start menu


1eli
Double-click the Nomad icon in the system tray to open the UI. Note that there is a Connect option in the top menu and a table labelled All downloads in the middle of the GUI. This indicates that the GUI was installed in Advanced mode (UI=1 on the msiexec command line)


1eli
Close the Download Monitor


1ediscussion point

Note that when you close the UI, the icon remains in the system tray and the monitor is still active. To completely exit the monitor, right-click the system tray icon and select  Exit  from the context menu.



1evirtualmachine

1ETRNAP


1eolstart
startat233


1eli
Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency


Code Block
ServiceHost.exe -NomadSyncAll



1evirtualmachine

1ETRNCM


1eolstart
startat234


1eli
Open the Nomad Dashboard in the ConfigMgr console and observe the changes in the Deployments tiles. Download Progress shows 100% complete and the Caching Metrics show that 60% of the clients retrieved content from a peer while 40% retrieved the content from the DP


1eli
Why are we seeing these proportions here? Ask your instructor if you aren't sure


1eli

Click the expand button on either tile to get more details


Lab Summary

In this lab, you have learned how to install the Nomad extensions to the ConfigMgr console and the additional tools that are used during an Operating System Deployment Task Sequence. The Nomad Tools installer updates OSDINJECTION.XML to ensure these tools are added to all future boot images.

You then used the 1E Endpoint Agent Installation wizard to create the ConfigMgr deployment objects (collections, packages, applications and deployment types) to support the deployment of the 1E Client on the client workstations. You have learned where the 1E Client is installed and where the Nomad cache is located.
You have begun to explore the data presented in the Nomad Dashboard as we've deployed the Nomad Agent and Nomad-enabled content. In order for the Dashboard to populate, we changed a value in the Nomad settings using the Create Nomad Baseline functionality.
Finally, you installed the Nomad Branch download monitor that will be used in later exercises to observe Nomad behaviour.

Next Page
Ex 2 - Nomad 7.0 - Deploying Software using Nomad