Advanced Panelboxes for Confluence

name	grey
title	Exercise Overview:

Table of Contents

maxLevel	3
minLevel	2
indent	20px
exclude	Summary\|On this page\|In this section...
separator	newline

1ediscussion point
All command lines and queries used throughout the lab exercises are available by accessing the SkyTap Shared Drive shortcut on the desktop and browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\CommandLinesAndQueries.txt file to make copying and pasting within the virtual machines easier.

Installing the Nomad Components

In this lab, you will install ActiveEfficiency on the Application server, the Nomad Components on the ConfigMgr server, and the Nomad client on the Distribution Point and the workstations.

Install ActiveEfficiency Server

ActiveEfficiency Server is a core component of 1E solutions that discovers and stores information about the IT environment from various data sources. Nomad uses ActiveEfficiency to support the Single Site Download (SSD), Single Site Peer Backup Assistant (SSPBA), Nomad Pre-Cache and WakeUp Integration features.

In this exercise, you will learn how to install and configure ActiveEfficiency Server for use with Nomad.

1ediscussion point
Other 1E solutions use ActiveEfficiency in different ways. This exercise covers the necessary steps required to install ActiveEfficiency for use with Nomad. Please refer to the ActiveEfficiency documentation for further information on sizing and capacity planning for your specific requirements.

Enable the Distributed Transaction Coordinator (MSDTC)

To support Nomad features, ActiveEfficiency will need to be able to synchronize with the ConfigMgr database. For this to succeed, the Distributed Transaction Coordinator needs to be configured. In this task, MSDTC will be set on the ConfigMgr server.

1evirtualmachine
1ETRNCM

Log on to 1ETRNCM as 1ETRN\SCCMAdmin and launch Server Manager
Open Component Services from the Tools menu
Expand Component Services\Computers\My Computer\Distributed Transaction Coordinator
Right-click on Local DTC and select Properties
Select the Security tab
In the Security Settings section, check the Network DTC Access.
In the Client and Administration subsection, select Allow Remote Clients. In the Transaction Manager Communication subsection, check Allow Inbound and Allow Outbound with the Mutual Authentication Required option selected.
Select the Enable XA Transactions checkboxes and uncheck the Enable SNA LU 6.2 Transactions checkbox
In the DTC Logon Account section, accept the default of NT AUTHORITY\NetworkService
Click OK
A prompt will be displayed warning you that the MSDTC service will be restarted. Click Yes to proceed
Click OK on the MSDTC Service dialog box
Close the Component Services MMC Snap-in and close Server Manager

Install required Windows Role Services and Features

ActiveEfficiency requires certain Web Server Role Services, which you will install on the application server in this task.

1evirtualmachine
1ETRNAP

1eolstart

startat	14

1eli
Log into 1ETRNAP as 1ETRN\AppInstaller and open Server Manager

1eli
From the Manage menu (top-right menu bar) select Add Roles and Features to start the Add Roles and Features Wizard

1eli
On the Before you begin page click Next

1eli
On the Select Installation Type page ensure Role-based or feature-based installation is selected and click Next

1eli
On the Select destination server page, ensure the local server (1ETRNAP.1ETRN.local) is selected and click Next

1eli
On the Select server roles page, locate and expand the Web Server (IIS) server role then expand the Web Server role service

1eli
Expand Common HTTP Features and select Default Document and Static Content

1eli
Expand Performance and select Static Content Compression

1eli
Expand Security and select Windows Authentication

1eli
Expand Application Development and select ASP.NET 4.6. You will be prompted to add the ISAPI Filters, ISAPI Extensions and .NET Extensibility 4.6 role services required by ASP.NET 4.6. Click Add Features to include these then click Next

1eli
On the Features page, select Message Queuing and click Next

1ediscussion point

ActiveEfficiency requires Microsoft Message Queuing (MSMQ) to support WakeUp integration with Nomad. If you are only using ActiveEfficiency for Nomad Single Site Download, MSMQ Is not needed, in which case, the 1E ActiveEfficiency windows service would not be installed when you install ActiveEfficiency Server. WakeUp integration is covered in an additional course module (1EWAK03-71 WakeUp and Nomad Integration) which can be appended to this course so we'll install MSMQ for future use. Additionally, the ActiveEfficiency Service is required for Nomad synchronization with the ConfigMgr database. This synchronization supports the Dynamic Nomad Precaching feature.No thats

1eolstart

startat	25

1eli
The Confirm installation selections page should now show the following Role Services and Features

1eolstart

startat	26

1eli
Click Install

1eli
When the installation completes, close the wizard

Install ActiveEfficiency Server

In this task, you will install ActiveEfficiency Server on the Application server (1ETRNAP)

1evirtualmachine
1ETRNAP

1eolstart

startat	28

1eli
From the SkyTap Shared Drive shortcut on the desktop navigate to: 1E Nomad Course Content\Nomad 7.0 Course Content\ download and copy 1EActiveEfficiency.zip to C:\Temp once copied right click and select extract all

1eli
From the Windows Start screen, right-click Command Prompt and select Run as administrator

1eli
Switch to the C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62 folder and run the following command line to start the ActiveEfficiency installation wizard

Code Block
msiexec /i ActiveEfficiencyServer.msi patch=C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62\Q20481-activeefficiencyserver.v1.10.0.62.msp /l*v AEServer-Install.log

1eli
On the Welcome page click Next

1eli
On the License Agreement page select, I accept the terms of the license agreement and click Next

1eli
On the Prerequisite Checks page, ensure all checks have passed and click Next

1ediscussion point

As noted previously, it is possible to install ActiveEfficiency Server without the 1E ActiveEfficiency windows service if you are not using any of the features that require this service. If MSMQ is not installed at this point in the ActiveEfficiency Server installation wizard, the MSMQ check will fail, but installation can proceed. You can add the 1E ActiveEfficiency Service at a later date by installing MSMQ then uninstalling and reinstalling ActiveEfficiency Server.

1eli
On the Destination Folder page accept the default location and click Next

1eli
On the Database Server page select the (local) database server from the drop down and leave the database name as ActiveEfficiency. Click Next

1ebest practice
In production environments, it is best practice to create the ActiveEfficiency database at the required size before running the installation to avoid the database files having to auto-grow considerably, which would impact performance.

1eli
On the ActiveEfficiency Website Settings click Next

1eli
On the Nomad synchronization page, check the Enable Nomad Sync option, enter

1eimplementationicontable
1ETRNCM CM_PS1 5

1eli
On the Ready to Install the Program page click Install

1ediscussion point
The Installing database step takes several minutes to complete.

1eli
When the wizard completes, click Finish

Review the installation

In this task, you will observe the changes made by the ActiveEfficiency server installation

1evirtualmachine
1ETRNAP

1eolstart

startat	40

1eli
Browse to C:\Program Files (x86)\1E\ActiveEfficiency and note the following folders

Folder	Description	Notes
Database	Files used to create and manage the database	Always created
DeployCertificate	Binaries associated with deploying a certificate to the client for communication with the 1E ActiveEfficiency cloud service	Only created if MSMQ prerequisite is installed
Service	Binaries associated with the ActiveEfficiency service	Only created if MSMQ prerequisite is installed
Web	Binaries associated with the ActiveEfficiency Web Service	Always created

1eli
Open the Internet Information Services (IIS) Manager and expand the 1ETRNAP server node

1eli
Select the Application Pools node and note the ActiveEfficiency Application Pool, running with the identity of NetworkService

1eli
Expand Sites, then the Default Web Site and select the ActiveEfficiency Web Site. Click the Basic Settings link (under Actions on the right) and note that the physical location is the Web\WebService folder identified in step 41. Click Cancel to close the dialog box

1eli
Close Internet Information Services (IIS) Manager

1eli
Open Chrome and browse to http://localhost/ActiveEfficiency

1ediscussion point
This page provides a simple interface to the ActiveEfficiency web service, which is used to read or write data in the ActiveEfficiency database. Nomad uses the Devices and Locations tables that are exposed through this interface, as well as some other tables that are not.

1eli
Click the *Devices* and *Locations* links in turn and observe devices and locations are currently empty. In a later exercise you will populate Locations, and later the 1E Clients will register with ActiveEfficiency and populate Devices

1eli
Open the Registry Editor and navigate to HKLM\Software\Wow6432Node\1E\ActiveEfficiency. The values in this registry key define the ActiveEfficiency website settings, installation directory, SQL server instance, and ActiveEfficiency version. Close the Registry Editor

1eli
Start the SQL Server Management Studio from the Start screen and connect to the local server. Expand the Databases node and note the ActiveEfficiency database

1eli
Expand the ActiveEfficiency database and review the tables. Close SQL Server Management Studio

1evirtualmachine
1ETRNCM

1eolstart

startat	50

1eli
Open Computer Management on 1ETRNCM and look at the properties of the ConfigMgr_DViewAccess local group. Note that 1ETRN\1ETRNAP has been added to the group

Installing the ConfigMgr Console extensions for Nomad

To enable the ConfigMgr client to interpret the Nomad settings and ensure Content Transfer Manager hands over content transfer jobs to Nomad to download content, we need to extend the standard software deployment and client settings policies associated with Packages, Applications and Software Updates. The additional Nomad attributes are configured through the ConfigMgr console by way of custom console extensions, which add properties pages to the standard Package, Driver Package, Operating System Image, Boot Image, Task Sequence, and Client Settings dialog boxes and wizards. In this exercise, you will install these ConfigMgr console extensions on the ConfigMgr server.

1ediscussion point
In a production environment, where you may have the ConfigMgr console installed on additional administrators' workstations, you would need to install the console extensions on any machine running the ConfigMgr console.

Install Nomad ConfigMgr Console Extensions

In this task, you will install the Nomad extensions to the ConfigMgr console on the CM server.

1evirtualmachine
1ETRNCM

1eolstart

startat	51

1eli
Log on to 1ETRNCM as 1ETRN\SCCMAdmin

1eli
Ensure the ConfigMgr console is closed

1eli
From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content\ download and Copy NomadBranch.v7.0.0.205.zip to C:\Temp once copied right click and extract all

1eli
From the Start screen, right-click Command Prompt and select Run as administrator. Change directory to C:\Temp\NomadBranch.v7.0.0.205\NomadBranch.v7.0.0.205 and run the following command

Code Block
msiexec /i NomadBranchAdminUIExt.msi /l*v NomadUIExt-Install.log

1eli
On the Welcome screen, click Next

1eli
Accept the terms in the license agreement on the License Agreement page and click Next

1eli
On the Nomad Pre-Caching page, enter http://1ETRNAP/ActiveEfficiency for the ActiveEfficiency URL and click Next

1eli
On the Nomad Tachyon Integration page, click Next

1eli
On the Ready to Install the Program page click Install

1eli
When the installation has completed, click Finish

Confirm the admin console extensions have been installed

1evirtualmachine
1ETRNCM

1eolstart

startat	61

1eli
Start the ConfigMgr Console from the taskbar

1eli
Open the Administration workspace and select the Client Settings node

1eli
Note that the ribbon has a 1E Nomad button. Click the button and select Nomad Properties

1eli
Note that Nomad Settings dialog enables you to configure Nomad settings for Application Management and Software Updates. Do not make any changes at this point (click Cancel)

1eli
Open the Software Library workspace and expand the Application Management node. Click on the Packages node

1eli
Right-click the CMTrace package and note that there is a new item at the bottom of the context menu named Pre-cache content using Nomad. We will explore that feature later in the lab exercises

1eli
Select Properties from the context menu

1eli
Note that a new Nomad tab has been added to the Package Properties dialog box

1eli
Click Cancel in the dialog box to close it without any changes

1eli
Close the ConfigMgr console

Installing the Nomad Tools for OSD

To extend Nomad functionality as it relates to OS Deployment, we need to install certain Nomad components onto each Primary Site Server where we intend to administer task sequence packages to use Nomad as the Alternate Content Provider. In this exercise, you will install the tools and observe the changes made by the installation.

Install the Nomad Tools for OSD

1evirtualmachine
1ETRNCM

1eolstart

startat	71

1eli
From the previously used command prompt, run the following command

Code Block
msiexec /i NomadBranchTools.msi /l*v NomadTools-install.log

1eli
On the Welcome screen, click Next

1eli
Accept the terms of the license agreement on the License Agreement page and click Next

1eli
On the Ready to Install the Program page click Install

1eli
When the installation has completed, click Finish

Confirm the Nomad Tools for OSD installation

1eolstart

startat	76

1eli
Open the ConfigMgr console. Open the Software Library workspace, expand the Operating Systems node and select Task Sequences

1eli
Right-click the Windows 10 Ent – Basic ConfigMgr Task Sequence and select Edit from the context menu

1eli
In the Windows 10 Ent – Basic ConfigMgr Task Sequence Editor, click on the Add button and note that 1E tasks that have been added to the Task Sequence editor

1ediscussion point
If Add does not open the list of tasks, close the ConfigMgr console and the VM tab in your browser and reopen it.

1eli
Click Cancel to close the Task Sequence editor without saving any changes

1eli
Browse to C:\Program Files\Microsoft Configuration Manager\OSD\bin\i386 and sort files by Date Modified (descending). Note the following files have been added

1ediscussion point

If you don't see the files, you are likely in the wrong place. Please ensure you are using the correct path, for this task as well as the task below!

C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62

1ediscussion point
These are the files you should see in the folder.

1eolstart

startat	81

1ediscussion point
64-bit versions of these tools are also installed in the OSD\Bin\x64 folder.

1eli
Open C:\Program Files\Microsoft Configuration Manager\bin\x64\osdinjection.xml in Notepad

1eli
Search for any of the files listed above and confirm they have been added

1eli
Close the XML file, ensuring no changes were made. If asked to save the file, click Don't Save

1ediscussion point
This manifest defines the files that are to be added into the Windows PE boot image when it is updated on a DP. Note that the files listed above, except the .PDB files, have been added to this manifest, ensuring that they will be added to all boot images that are updated on a DP from this point on.

The Nomad Dashboard – First Look

Nomad 6.x introduced the Nomad Dashboard that provides a graphical summary of how Nomad is configured and operating within your estate. Accessible within the CM console or via a Web browser, it has a set of tiles that provide you with a view of all your Nomad related activities.

1ehot tip
The Nomad client health tile will no longer populate, client health should be checked using Guaranteed State within Tachyon.

The Nomad Dashboard

1evirtualmachine
1ETRNCM

1eolstart

startat	84

1eli
Open the Monitoring workspace in the ConfigMgr console and expand the 1E Nomad folder at the bottom of the left-hand pane. Note the two items: Dashboard and Pre-caching Jobs. Pre-caching Jobs will be empty right now

1eli
Select Dashboard and observe the tiles presented in the main pane. There won't be much to look at right now, but we will come back to the Dashboard at different times to observe the data presented here

1eli
Hover over the different bars in the Content by type tile to see status of Nomad across the different content

1eli
Use [CTRL +] and [CTRL -] to adjust how the tiles are displayed in the dashboard

1ediscussion point
Make sure you click in the dashboard prior to using [CTRL -] as it will lower the display size (zoom) percentage of the browser hosting the VM and shrink it down.

1eli
Browse to http://1ETRNAP/ActiveEfficiency/NomadDashboard in a browser to see the Nomad Dashboard as a standalone web page. The [CTRL +] and [CTRL -] work in the web page as well

1ediscussion point
This allows access to the Nomad dashboard without provisioning rights within the ConfigMgr console.

Understanding IIS Request Filtering on DPs

IIS 7 introduced IIS Request Filtering. This security feature allows administrators to configure IIS to block requests for specific file types and URL paths that include specific folder names or special characters. By default, IIS Request Filtering will block a number of file extensions and folder paths that may occur in distribution of content (Packages, Applications and Software Updates).

Although the Microsoft documentation highlights this issue (http://technet.microsoft.com/en-gb/library/gg712264.aspx#BKMK_RequestFiltering), the ConfigMgr client actually bypasses this security measure by using a custom method when querying for the file rather than a standard HTTP GET for the file directly. 1E has developed Nomad per Microsoft security best practice, which means that we do a standard HTTP GET for the file that will be filtered by the IIS Request Filtering security feature. It is therefore necessary when using Nomad to follow the guidance in the Microsoft documentation and configure the IIS Request Filter on all Distribution Points to allow any file extensions, paths and special characters that may occur in your ConfigMgr content.
In this exercise, you will learn how to modify the filters to accommodate different scenarios.

View default restrictions

In this task, you will observe the file extensions and URL path elements that IIS Request Filtering blocks by default.

1evirtualmachine
1ETRNCM

1eolstart

startat	89

1eli
On 1ETRNCM start Internet Information Services (IIS) Manager from the Start screen

1eli
Select the 1ETRNCM server in the tree view on the left, then double-click the Request Filtering icon in the panel on the right (grouped under IIS) to view the Request Filtering properties page

1eli
Select the File Name Extensions tab. This shows all the file extensions that are blocked by default. Note that by default, any file extensions not listed here are allowed. Nomad will fail to download any content that includes any of these file types

1eli
Select the Hidden Segments tab. This shows all the folder names that are blocked by default. Nomad will fail to download any content where the URL path includes and of these Hidden Segments

Allowing restricted file extensions

In this task, you will learn how to reconfigure the Request Filtering to allow specific file extensions (in this case .config) to be served by the DP by removing the File Name Extension from the filter.

1evirtualmachine
1ETRNCM

1eolstart

startat	93

1eli
Copy the CommandLinesAndQueries.txt file into c:\temp. This will ensure no changes are made mistakenly to the master copy of the file!

1ehot tip
The 'appcmd.exe' command lines used in the upcoming Tasks are available From the SkyTap Shared Drive shortcut on the desktop and browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\CommandLinesAndQueries.txt file. You may prefer to copy and paste the command lines into the command prompt to avoid typing errors.

1eli
Start a command prompt (run as administrator) and change directory to C:\Windows\System32\inetsrv

1eli
Run the following command

Code Block
appcmd set config /section:requestfiltering /-fileExtensions.[fileextension='.config']

1ehot tip
Although for optimal security you should only allow the specific file types that are included in your various packages, applications and software updates, practically you will probably want to remove all of the file extension filters on your DPs.

Allowing restricted folders (Hidden Segments)

In this task, you will learn how to reconfigure the Request Filtering to allow the \bin path segment that is blocked by default.

1evirtualmachine
1ETRNCM

1eolstart

startat	96

1eli
From the command prompt, run the following command

Code Block
appcmd set config /section:requestfiltering /-hiddensegments.[segment='bin']

Allowing special characters (Double Escaping)

The third filtering option that may prevent Nomad from downloading content is allowDoubleEscaping. By default, any path or filename that includes special 'escape' characters are blocked by default. In this task, you will learn how to allow files with these special characters in their name to be downloaded.

1evirtualmachine
1ETRNCM

1eolstart

startat	97

1eli
From the command prompt, run the following command

Code Block
appcmd set config /section:requestfiltering /allowdoubleescaping:true

1eli
Repeat the steps in the exercise View default restrictions to view the effects of the changes you have made. The .config file extension should no longer be listed, nor should the bin folder in the Hidden Segments tab. (You may need to refresh the screen if IIS Manager was already open on the Request Filtering page)

Preparing for 1E Client Deployment

The Nomad agent functionality has been moved into the 1E Client Nomad Module in version 7 of Nomad. The 1E Client needs to be installed on all ConfigMgr Distribution Points and all clients. In this exercise, you will use the 1E Client Deployment Assistant to prepare for the installation of the 1E Client on the distribution point and clients in the lab.

Run the 1E Client Deployment Assistant

1evirtualmachine
1ETRNCM

1eolstart

startat	99

1eli
On 1ETRNCM, logged on as 1ETRN\SCCMAdmin, open the SkyTap Shared Drive shortcut on the desktop and navigate to 1ETools\ClientDeploymentAssistant.v1.4.0.27.zip copy the file to C:\Temp then right click and extract all

1eli
Double-click the 1EClientDeploymentAssistant.exe file in C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 to launch the wizard interactively

1eli
On the Welcome page, click Next to begin

1eli
Accept the license terms on the License Terms page and click Next

1eli
On the ConfigMgr Connection page, with the Local ConfigMgr Site Server option selected, click the Connect button. When the status says "Connected", click Next

1eli
On the 1E License File field click browse and select our licenses.txt file

1eli
On the General Settings page, in the 1E ActiveEfficiency Server URL field type in http://1etrnap/ActiveEfficiency

1ediscussion point
We could pre-populate these fields by editing the values in the AppImport.xml file in the 1E Client Deployment Assistant folder.

1eli
On the Application Content Source and the Package Content Source fields type in \\1ETRNDC\ConfigMgrSource\Software

1ediscussion point
The Application and Package content locations may be different in some production environments, but this training environment uses a common content location.

1eli
Check the Distribute Content box and ensure that All Distribution Points is selected by default for the Distribution Point Group. Click Next on the General Settings page

1eli
On the Agent Selection page, uncheck everything except PXE Everywhere 3.2.0.56 and 1E Client 4.1.0.267 and note that the license key for PXE Everywhere is imported from the licenses.txt file. Click Next

1eli
On the PXE Everywhere 3.2.0.56 page check the Create Application and Create Package boxes. We do not need to create a deployment as we will deliver PXE Everywhere in a Task Sequence in order to stage our boot image. Uncheck the Create Application Deployment. Click Next

1eli
On the PXE Everywhere settings page set the PXE Everywhere Central Web Service to: http://1etrncm.1etrn.local/PXELite/PXELiteConfiguration.asmx

1eli
On the 1E Client 4.1.0.267 page, ensure that both Create Application and Create Application Deployment are selected along with Create Package. Ensure that the limiting collection is set to All Desktop and Server Clients and click Next

1ediscussion point
The Client Deployment Assistant allows for the creation of packages and applications. Certain environments prefer one over the other. You can deselect either one, however, we will create both for this lab. We will deploy the client via the application, however use the package in a Task Sequence later in the labs.

1eli
On the Tachyon and other client Settings page, uncheck the Enable Tachyon, and Enable Inventory checkboxes. We are not using these features in this class. Click Next

1eli
On the Nomad Client Settings page, check the Enable Nomad checkbox, and accept the defaults for Log Path and Log Size. Ensure that only Hidden Nomad Share and Prevent Failing Over to BITS are selected. Click Next

1ediscussion point
We will be enabling Single Site Download, Fanout and Peer Backup Assistant in later lab exercises.

1eli
On the Summary page, wait for the summary to be compiled. Review all the actions that will be performed based on the settings selected in the wizard. When finished reviewing the summary, click Create

1eli
The progress will be displayed as each task is completed. When the status is displayed as Successful, click Next

1eli
On the Completionpage, note that all tasks completed successfully. Click Finish

Observe the results of running the 1E Client Deployment Assistant Wizard

In this task, we will observe the ConfigMgr objects created by running the 1E Client Deployment Assistant wizard.

1evirtualmachine
1ETRNCM

1eolstart

startat	117

1eli
Open the ConfigMgr console, select the Assets and Compliance node and click on Device Collections

1eli
Note that the 1E Client 4.1.0.267 – Required collection is created with All Desktop and Server Clients as the limiting collection and that there are no members

1eli
Click on the Deployments tab for the collection and note that the 1E Client 4.1.0.267 Application is deployed to this collection

1eli
Click on the Software Library node and select Applications in the Application Management section

1eli
Click on the 1E Client 4.1.0.267 application and select the Deployment Types tab at the bottom of the console

1eli
Note that the application has two Deployment Types created – 1E Client x86 and 1E Client x64

1ediscussion point
When the 1E Client Deployment Assistant wizard is run, the deployment types that are created have been limited (using prerequisites) to workstation operating systems for the Nomad x86 deployment type and workstation and server operating systems for the Nomad x64 deployment type. This behavior is defined in the AppImport.xml file in the: C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 folder.

1eli
Right-click the 1E Client x64 Deployment Type and select Properties

1eli
Click on the Requirements tab, select the Operating system Requirement Type and click Edit

1eli
In the list of operating systems, scroll down, and select the Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019. Click OK

1eli
Click OK to close the 1E Client x64 Properties

1eli
Select Packages under Application Management and note that there are two packages created – one for x86 and one for x64 and that each Package has two programs – one for install and one for uninstall

Deploy the 1E Client

In this exercise, we will use the collection and application created by the Endpoint Agent Installation wizard to deploy the 1E Client to all workstations.

Deploy 1E Client to Workstations and Distribution Point

1evirtualmachine
1ETRNCM

1eolstart

startat	128

1eli
On 1ETRNCM, select the Assets and Compliance node of the ConfigMgr console and click on Devices

1ehot tip
Ensure all workstations have been powered on in SkyTap.

1eli
Select the following machines from the device list (You may hold the CTRL key down and use multi-select)

1eimplementationicontable
1ETRNCM 1ETRNW71 1ETRNW72 1ETRNW73 1ETRNW101 1ETRNW102

1eli
Right-click on any of the selected devices and choose Add Selected Items > Add Selected Items to Existing Device Collection

1eli
Select 1E Client 4.1.0.267 – Required and click OK

1eli
Under Assets and Compliance, select Device Collections and observe the 1E Client 4.1.0.267 – Required collection. If the member count is still zero, you may need to refresh the collection to see the member count display six members

Monitor the progress of the installation

1evirtualmachine
1ETRNCM

1eolstart

startat	133

1eli
In the ConfigMgr Console, select the Assets and Compliance workspace, select the Device Collections node then right-click 1E Client 4.1.0.267 – Required and select Client Notification > Download Computer Policy. A dialog box will pop up indicating there are six resources in this Collection. Click OK

1ediscussion point
This process will cause each of the ConfigMgr clients to download the new deployment policy you have just created rather than waiting for them to do it on their regular schedule. In the lab environment, this interval is only 5 minutes rather than the default value of 60 minutes.

1eli
Select the Monitoring workspace and select the Deployments node

1eli
Right-click the 1E Client 4.1.0.267 deployment and select View Status monitor the progress (refresh periodically to view updated status information)

1ediscussion point
Please note that this may not be updated very quickly because this information is provided by status/state messages sent up from the individual ConfigMgr client. Take a 5 minute break, and if it has still not updated, proceed to the next task – you will likely find that the agent has already been installed.

Review the Installation on the Workstations

1evirtualmachine
1ETRNW71

1eolstart

startat	136

1eli
Log on to 1ETRNW71 as 1ETRN\User

1ediscussion point
1ETRN\User is a member of the Workstation Admins group and will be able to perform administrative tasks on the Lab Workstations.

1eli
Double-click the services.msc shortcut on the desktop

1eli
Note the 1E Nomad Branch and 1E Client services are running

1eli
Leave the Services interface open and from the Start menu, right-click Computer and select Manage

1eli
In the Computer Management interface, expand the Local Users and Groups node and click on the Users folder

1eli
Note that the local user SMSNomadP2P& has been created

1eli
In the Computer Management interface, expand the Shared Folders node and click on Shares

1eli
Note that the NomadSHR$ share has been created. This is the Nomad cache

1eli
Right-click the NomadSHR$ and select Properties from the context menu

1eli
In the NomadSHR$ properties dialog, on the General tab, note the path to the share, and the 6 user (connection) limit

1eli
Select the Share Permissions tab and note the permissions applied to the share

1eli
Cancel the NomadSHR$ properties dialog to return to the Computer Management interface

1eli
Leave the Computer Management interface open and return to the Services interface

1eli
Right-click the 1E Nomad Branch service and select Stop

1eli
Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is deleted when the service is stopped

1eli
Switch to the Services interface and start the 1E Nomad Branch service

1eli
Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is recreated when the service starts

1ediscussion point

The Nomad share is deleted every time the Nomad service is stopped. The content in the Nomad share will still reside on the machine but won't be shared unless the service is running.

If the P2P protocol is changed to HTTP(S), the share no longer plays a role in content sharing. The share will still exist, but will not be required, because we are no longer using SMB to connect to a share to copy content.

1eli
Close the Services interface and the Computer Management interface

1eli
Start Windows Explorer and browse to C:\ProgramData\1E\NomadBranch. This is the folder that is shared as NomadSHR$, and is the root of the Nomad cache

1eli
Browse to the ConfigMgr Logs folder on the desktop and double-click the NomadBranch.log to open it. You will use this log file in future exercises to follow Nomad processing a distribution

1eli
Observe the Nomad service startup activity at the beginning of the log. Note that the agent has created a hidden share, and has automatically set the option to use HTTP and SMB because it has detected an installed CM client

1ediscussion point
Your log should look like this.

1eolstart

startat	157

1eli
Close the NomadBranch.log file

1eli
From the Start menu run regedit

1eli
Navigate to HKLM\Software\1E\NomadBranch. This registry key contains all the configuration options used by Nomad

1ediscussion point
In later labs you will learn how to use the Configuration Manager Compliance and Settings feature to manage the 1E Client settings in this registry key after the agent has been installed.

Changing the StatusMsgEvents using a the Create Nomad Baseline functionality

Nomad 6.3 introduced new functionality to manage Nomad settings on the client. Best practice is to manage client settings, which all reside in the registry, using CI's deployed via Configuration Baselines. Nomad has now productized this functionality to simplify the management of client settings. In this task, we will change the value of StatusMsgEvents from 0 to a specific number so the clients send data back to ActiveEfficiency which will then be used by the Nomad Dashboard.

1evirtualmachine
1ETRNCM

1eolstart

startat	160

1eli
Logged in as 1ETRN\SCCMAdmin navigate to the Assets and Compliance workspace in the ConfigMgr console

1eolstart

startat	161

1eli
Expand Compliance Settings, click on Configuration Baselines. Note the Create Nomad Baseline button in the ribbon

1eolstart

startat	162

1eli
Click the Create Nomad Baseline button to start the wizard

1eli
On the Configuration Type page, input Nomad Settings into the name

1eli
Configuration Type – leave Configure settings manually selected. Configure settings using MSI Transform would be selected if you had a transform (.mst) created to perform the settings changes required. This setting will allow you to import the .msi and .mst files so you do not have to recreate the settings. Click Next

1eli
On the Nomad Settings page, start typing StatusMsgEvents into the Registry Value Name field. It should autofill. Click on the value

1eli
In the Registry Value box, input 0x1000000064. Click Next

1ehot tip
Copy the value from the doc so the correct value will be used. There are 7 zeros between the 1 and the 64.

1eli
On the Summary page, click Apply

1eli
Once completed, click Finish

Review the Configuration Baseline

1eolstart

startat	169

1eli
Click on the Assets and Compliance workspace in the ConfigMgr console

1eli
Expand the Compliance Settings node. Select Configuration Items and Right-click on the newly created Configuration Baseline named Nomad Registry Settings - Nomad Settings and select Properties

1eli
Click on the Settings tab and note StatusMsgEvents Registry Value setting

1eli
Click the Edit button to review the setting

1eli
Click on the Compliance Rules tab to confirm the condition reflects the value we defined for the setting. Click Cancel

1eli
Click on the Compliance Rules tab of the CI and note that Remediate is set to Yes. Click Cancel to close out of the CI

1eli
Navigate to the Configuration Baselines node and note the newly create baseline

1eli
Right-click the Nomad Settings baseline and select Properties

1eli
Click on the Evaluation Conditions tab and confirm the CI we just reviewed is listed there. Click Cancel

1eli
Right-click the Configuration Baseline and select Deploy

1eli
Check the Remediate noncompliant rules when supported and select Lab Workstations as the collection.

1ediscussion point
This is what your window should look like this. Then click Ok

1eolstart

startat	180

1eli
From the Device Collections node, right-click the Lab Workstations collection and initiate a machine policy refresh by selecting Client Notification - Download Computer Policy

1evirtualmachine
1ETRNW71

1eolstart

startat	181

1eli
On 1ETRNW71, logged in as 1ETRN\User, run regedit

1eli
Navigate to HKLM\software\1E\NomadBranch. Confirm the StatusMsgEvents setting is set to 0x0. Leave regedit open

1eli
Open the ConfigMgr applet from the desktop

1eli
Click on the Configurations tab and note the Nomad Settings baseline present

1ediscussion point
It might take a minute or two for policy to refresh and the baseline to show. If you do not see it, wait a minute and then click Refresh.

1eli
Click the Evaluate button, then Refresh. Note the Compliance value change to Compliant

1eli
Return to regedit and refresh the view. Confirm the StatusMsgEvents settings has changed to the value we specified in the Configuration Item

Review the installation on the Distribution Point

The installation on the DP server results in the same 1E Client component being installed on the server, however the service will perform the LsZ generation and RDC processing as it identifies that it is running on a Site Server and DP.

1evirtualmachine
1ETRNCM

1eolstart

startat	187

1eli
From the Start menu, click Services

1eli
Note the 1E Nomad Branch and 1E Client services are running

1eli
From the Start screen, start typing regedit and click regedit when it appears in the Search results. Note the HKLM\Software\1E\NomadBranch registry key

1ediscussion point
As 1ETRNCM is running a 64-bit OS, the 64-bit version of the 1E Client has been installed based on the requirements of the Deployment Type.

1eli
Navigate to C:\ProgramData\1E\NomadBranch folder. Note that as this is a DP, the agent has created the LSZFILES folder. Note that the folder is empty. When content is requested, this is where the LSZ files will be generated and stored

1eli
Open the C:\Windows\CCM\Logs folder and double-click the NomadBranch.log file

1ediscussion point
Note that we set the log file path in the Endpoint Agent Installation wizard based on where the ConfigMgr client logs are on client systems (C:\Windows\CCM\Logs) to make access to the CM client logs and the Nomad logs easier. Since this server had the management point role installed prior to the CM client installation, the CM client logs are actually located in C:\Program Files\SMS_CCM\Logs.

1eli
Near the top of the log file, notice that the computer (1ETRNCM) has been identified as an SMS Site Server and an SMS Distribution Point

1ediscussion point
This is what your log should look like when Nomad identifies the DP

1eolstart

startat	193

1eli
Note also that the HTTP LsZ generation option (normally set in SpecialNetShare) has also been enabled as Nomad has detected this is a ConfigMgr Distribution Point and will therefore be using HTTP

1ediscussion point
This is what the log looks like when Nomad is installed on a DP for HTTP LsZ Generation

1eolstart

startat	194

1eli
Open Internet Information Services (IIS) Manager from the Start menu and expand 1ETRNCM\Sites\Default Web Site

1eli
Note the LSZFILES and NOMAD_PKGCACHE virtual directories

1ediscussion point

These virtual directories are in C:\ProgramData\1E\NomadBranch\LSZFILES and C:\ProgramData\1E\NomadBranch\NOMAD_PKGCACHE respectively. The LSZFILES directory store the LsZ files used for content validation and the NOMAD_PKGCACHE is the storage location for compressed (also compressed and encrypted) content when the Nomad SECure feature is used to compress the content.

The Client version distribution tile in the Nomad Dashboard will eventually reflect the deployment of the 1E Client, but this will take a little time. A hardware inventory sync from the client machines must happen, and then that data is synced into ActiveEfficiency to populate the data in the dashboard tiles.

Installing the Nomad Download Monitor

The Nomad Branch Download Monitor is a useful admin tool to monitor Nomad activity on either the local or a remote client. In this exercise, you will create a new Application to install the download monitor and then deploy this to all workstations.

Create the Nomad Download Monitor Package and Program

1evirtualmachine
1ETRNCM

1eolstart

startat	196

1eli
From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content and download DownloadMonitor.zip to c:\temp. Right click the file and choose Extract All. Copy the DownloadMonitor folder to \\1etrndc\ConfigMgrSource\Software. The DownloadMonitor folder contains the installer (msi) file and a transform (mst) file

1eli
A shortcut to the ConfigMgrSource location has been created on the desktop, named ConfigMgr Content Source

1eli
From the ConfigMgr Console, open the Software Library workspace, expand the Application Management node

1eli
Right-click the Packages node and select Create Package to start the Create Package and Program Wizard

1eli
On the Package page, enter Nomad Download Monitor as the Name. Check the option This package contains source files then click the Browse… button and enter or browse to \\1ETRNDC\ConfigMgrSource\Software\DownloadMonitor as the source folder. Click OK to close the Set Source Folder dialog, then click Next

1eli
On the Program Type page ensure Standard program is selected and click Next

1eli
On the Standard Program page enter the following details and click Next

1eimplementationicontable
Name: Install Nomad Download Monitor Command line: msiexec /i NomadBranchGUI.msi TRANSFORMS=NomadGUIAdvancedMode.mst /qn Program can run: Whether or not a user is logged on

1ediscussion point
The default install of the Nomad Download Monitor is in Basic Mode (UI=0). Basic Mode provides only progress bars. Advanced Mode (UI=1) allows adjustment of the workrate and allows connection to remote clients for remote monitoring. The transform contains the configuration to allow Nomad Download Monitor to be deployed in Advanced Mode.

1eli
Click Next

1eli
On the Requirements page click Next

1eli
On the Nomad Settings page select Enable Nomad and click Next

1ediscussion point
This will be the first bit of content that the newly installed Nomad clients will download.

1eli
On the Summary page, click Next then close the wizard when it completes

1eli
From the Packages node, right-click the Nomad Download Monitor package and select Distribute Content to start the Distribute Content Wizard

1eli
On the General page click Next

1eli
On the Content Destination page click Add, select Distribution Point, and select the 1ETRNCM.1ETRN.LOCAL Distribution Point. Click OK. Click Next

1eli
On the Summary page click Next, then click Close when the wizard completes

Deploy the Nomad Download Monitor

In a production environment, you would normally only deploy the Nomad Download Monitor to administrators' workstations, using the Advanced UI (UI=1) option to allow connection to any 1E Client for monitoring. In this task, you will deploy the Download Monitor onto all workstations for convenience.

1evirtualmachine
1ETRNCM

1eolstart

startat	211

1eli
From the Packages node in the ConfigMgr Console, right-click the Nomad Download Monitor package and select Deploy to start the Deploy Software Wizard

1eli
On the General page, select the Lab Workstations Collection by clicking the Browse… button to the right of the Collection field. Once the collection is selected click OK to close the Select Collection dialog. Click Next

1eli
On the Content page ensure the 1ETRNCM Distribution Point is listed in the top half of the page and click Next

1eli
On the Deployment Settings page, note that the Action is set to Install and ensure that the Purpose to Required and click Next

1eli
On the Scheduling page click New… to create a new Assignment Schedule then from the Assignment Schedule dialog box click OK to use the default (current time) schedule and return to the Scheduling page. Click Next

1eli
On the User Experience page select Allow users to run the program independently of assignments and click Next

1eli
On the Distribution Points page ensure the Deployment options are set to Download content from distribution point and run locally in both drop-downs, make sure the box Allow clients to use distribution points from the default site boundary group is unchecked, click Next

1eli
On the Summary page, review the settings and click Next

1eli
When the wizard completes click Close

1eli
Use the Client Notifications feature (as described in step 134) to make sure all the clients in the Lab Workstations Collection download the new deployment policy without having to wait

1evirtualmachine
1ETRNAP

1eolstart

startat	221

1eli
Open a Command Prompt (run as administrator) and switch to the C:\Program Files (x86)\1E\ActiveEfficiency\Service directory

1ediscussion point
Leave the command prompt window open, we'll be back shortly to use it again.

1eli
Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency

Code Block
ServiceHost.exe -NomadSyncAll

1ediscussion point
We are forcing a sync between ConfigMgr and ActiveEfficiency here to review the status of this deployment in the Nomad dashboard.

1evirtualmachine
1ETRNCM

1eolstart

startat	223

1eli
Open the Nomad Dashboard under the Monitoring workspace and observe the Deployments tile

1eli
The Download Progress for this deployment should indicate what percentage of the targeted machines have started the download yet. The percentage will be driven by how fast the machines retrieved the software distribution policy

1eli
The Caching Metrics tile will potentially have data available, but this is dependent on machines retrieving policy

1eli
We will revisit these tiles in a few minutes to see what changed

1eli
The Client version distribution tile might now show the client version of some or all clients as well

Verify the installation

1evirtualmachine
All Workstations

1eolstart

startat	228

1eli
When the above deployment has completed on the clients, log on to all of them as 1ETRN\User and check the following

1eolstart

startat	229

1eli
Note the new Nomad icon in the system tray.

1eolstart

startat	230

1eli
If the download monitor is not running, launch it from the Start menu

1eli
Double-click the Nomad icon in the system tray to open the UI. Note that there is a Connect option in the top menu and a table labelled All downloads in the middle of the GUI. This indicates that the GUI was installed in Advanced mode (UI=1 on the msiexec command line)

1eli
Close the Download Monitor

1ediscussion point
Note that when you close the UI, the icon remains in the system tray and the monitor is still active. To completely exit the monitor, right-click the system tray icon and select Exit from the context menu.

1evirtualmachine
1ETRNAP

1eolstart

startat	233

1eli
Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency

Code Block
ServiceHost.exe -NomadSyncAll

1evirtualmachine
1ETRNCM

1eolstart

startat	234

1eli
Open the Nomad Dashboard in the ConfigMgr console and observe the changes in the Deployments tiles. Download Progress shows 100% complete and the Caching Metrics show that 60% of the clients retrieved content from a peer while 40% retrieved the content from the DP

1eli
Why are we seeing these proportions here? Ask your instructor if you aren't sure

1eli
Click the expand button on either tile to get more details

Lab Summary

In this lab, you have learned how to install the Nomad extensions to the ConfigMgr console and the additional tools that are used during an Operating System Deployment Task Sequence. The Nomad Tools installer updates OSDINJECTION.XML to ensure these tools are added to all future boot images.

You then used the 1E Endpoint Agent Installation wizard to create the ConfigMgr deployment objects (collections, packages, applications and deployment types) to support the deployment of the 1E Client on the client workstations. You have learned where the 1E Client is installed and where the Nomad cache is located.
You have begun to explore the data presented in the Nomad Dashboard as we've deployed the Nomad Agent and Nomad-enabled content. In order for the Dashboard to populate, we changed a value in the Nomad settings using the Create Nomad Baseline functionality.
Finally, you installed the Nomad Branch download monitor that will be used in later exercises to observe Nomad behaviour.

Next Page
Ex 2 - Nomad 7.0 - Deploying Software using Nomad

Page tree

Versions Compared

Old Version 1

New Version 2

Key

Installing the Nomad Components

Install ActiveEfficiency Server

Enable the Distributed Transaction Coordinator (MSDTC)

Install required Windows Role Services and Features

Install ActiveEfficiency Server

Review the installation

Installing the ConfigMgr Console extensions for Nomad

Install Nomad ConfigMgr Console Extensions

Confirm the admin console extensions have been installed

Installing the Nomad Tools for OSD

Install the Nomad Tools for OSD

Confirm the Nomad Tools for OSD installation

The Nomad Dashboard – First Look

The Nomad Dashboard

Understanding IIS Request Filtering on DPs

View default restrictions

Allowing restricted file extensions

Allowing restricted folders (Hidden Segments)

Allowing special characters (Double Escaping)

Preparing for 1E Client Deployment

Run the 1E Client Deployment Assistant

Observe the results of running the 1E Client Deployment Assistant Wizard

Deploy the 1E Client

Deploy 1E Client to Workstations and Distribution Point

Monitor the progress of the installation

Review the Installation on the Workstations

Changing the StatusMsgEvents using a the Create Nomad Baseline functionality

Review the Configuration Baseline

Review the installation on the Distribution Point

Installing the Nomad Download Monitor

Create the Nomad Download Monitor Package and Program

Deploy the Nomad Download Monitor

Verify the installation

Lab Summary