Installing the Nomad Components

In this lab, you will install ActiveEfficiency on the Application server, the Nomad Components on the ConfigMgr server, and the Nomad client on the Distribution Point and the workstations.

Install ActiveEfficiency Server

ActiveEfficiency Server is a core component of 1E solutions that discovers and stores information about the IT environment from various data sources. Nomad uses ActiveEfficiency to support the Single Site Download (SSD), Single Site Peer Backup Assistant (SSPBA), Nomad Pre-Cache and WakeUp Integration features. 

In this exercise, you will learn how to install and configure ActiveEfficiency Server for use with Nomad.

Enable the Distributed Transaction Coordinator (MSDTC)

To support Nomad features, ActiveEfficiency will need to be able to synchronize with the ConfigMgr database. For this to succeed, the Distributed Transaction Coordinator needs to be configured. In this task, MSDTC will be set on the ConfigMgr server.

1. Log on to 1ETRNCM as 1ETRN\SCCMAdmin and launch Server Manager
2. Open Component Services from the Tools menu
3. Expand Component Services\Computers\My Computer\Distributed Transaction Coordinator
4. Right-click on Local DTC and select Properties
5. Select the Security tab
6. In the Security Settings section, check the Network DTC Access.
7. In the Client and Administration subsection, select Allow Remote Clients. In the Transaction Manager Communication subsection, check Allow Inbound and Allow Outbound with the Mutual Authentication Required option selected.
8. Select the Enable XA Transactions checkboxes and uncheck the Enable SNA LU 6.2 Transactions checkbox
9. In the DTC Logon Account section, accept the default of NT AUTHORITY\NetworkService
10. Click OK
11. A prompt will be displayed warning you that the MSDTC service will be restarted. Click Yes to proceed
12. Click OK on the MSDTC Service dialog box
13. Close the Component Services MMC Snap-in and close Server Manager

Install required Windows Role Services and Features

ActiveEfficiency requires certain Web Server Role Services, which you will install on the application server in this task.

14. Log into 1ETRNAP as 1ETRN\AppInstaller and open Server Manager
15. From the Manage menu (top-right menu bar) select Add Roles and Features to start the Add Roles and Features Wizard
16. On the Before you begin page click Next
17. On the Select Installation Type page ensure Role-based or feature-based installation is selected and click Next
18. On the Select destination server page, ensure the local server (1ETRNAP.1ETRN.local) is selected and click Next
19. On the Select server roles page, locate and expand the Web Server (IIS) server role then expand the Web Server role service
20. Expand Common HTTP Features and select Default Document and Static Content
21. Expand Performance and select Static Content Compression
22. Expand Security and select Windows Authentication
23. Expand Application Development and select ASP.NET 4.6. You will be prompted to add the ISAPI Filters, ISAPI Extensions and .NET Extensibility 4.6 role services required by ASP.NET 4.6. Click Add Features to include these then click Next
24. On the Features page, select Message Queuing and click Next
ActiveEfficiency requires Microsoft Message Queuing (MSMQ) to support WakeUp integration with Nomad. If you are only using ActiveEfficiency for Nomad Single Site Download, MSMQ Is not needed, in which case, the 1E ActiveEfficiency windows service would not be installed when you install ActiveEfficiency Server. WakeUp integration is covered in an additional course module (1EWAK03-71 WakeUp and Nomad Integration) which can be appended to this course so we'll install MSMQ for future use. Additionally, the ActiveEfficiency Service is required for Nomad synchronization with the ConfigMgr database. This synchronization supports the Dynamic Nomad Precaching feature.No thats

26. Click Install
27. When the installation completes, close the wizard

Install ActiveEfficiency Server

In this task, you will install ActiveEfficiency Server on the Application server (1ETRNAP)

28. From the SkyTap Shared Drive shortcut on the desktop navigate to:
    1E Nomad Course Content\Nomad 7.0 Course Content\ download and copy 1EActiveEfficiency.zip to C:\Temp once copied right click and select extract all
29. From the Windows Start screen, right-click Command Prompt and select Run as administrator
30. Switch to the C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62 folder and run the following command line to start the ActiveEfficiency installation wizard

msiexec /i ActiveEfficiencyServer.msi patch=C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62\Q20481-activeefficiencyserver.v1.10.0.62.msp /l*v AEServer-Install.log

31. On the Welcome page click Next
32. On the License Agreement page select, I accept the terms of the license agreement and click Next
33. On the Prerequisite Checks page, ensure all checks have passed and click Next
As noted previously, it is possible to install ActiveEfficiency Server without the 1E ActiveEfficiency windows service if you are not using any of the features that require this service. If MSMQ is not installed at this point in the ActiveEfficiency Server installation wizard, the MSMQ check will fail, but installation can proceed. You can add the 1E ActiveEfficiency Service at a later date by installing MSMQ then uninstalling and reinstalling ActiveEfficiency Server.
34. On the Destination Folder page accept the default location and click Next
35. On the Database Server page select the (local) database server from the drop down and leave the database name as ActiveEfficiency. Click Next
In production environments, it is best practice to create the ActiveEfficiency database at the required size before running the installation to avoid the database files having to auto-grow considerably, which would impact performance.
36. On the ActiveEfficiency Website Settings click Next
37. On the Nomad synchronization page, check the Enable Nomad Sync option, enter
1ETRNCM 
CM_PS1 
5
38. On the Ready to Install the Program page click Install
The Installing database step takes several minutes to complete.
39. When the wizard completes, click Finish

Review the installation

In this task, you will observe the changes made by the ActiveEfficiency server installation

40. Browse to C:\Program Files (x86)\1E\ActiveEfficiency and note the following folders

Folder	Description	Notes
Database	Files used to create and manage the database	Always created
DeployCertificate	Binaries associated with deploying a certificate to the client for communication with the 1E ActiveEfficiency cloud service	Only created if MSMQ prerequisite is installed
Service	Binaries associated with the ActiveEfficiency service	Only created if MSMQ prerequisite is installed
Web	Binaries associated with the ActiveEfficiency Web Service	Always created

41. Open the Internet Information Services (IIS) Manager and expand the 1ETRNAP server node
42. Select the Application Pools node and note the ActiveEfficiency Application Pool, running with the identity of NetworkService
43. Expand Sites, then the Default Web Site and select the ActiveEfficiency Web Site. Click the Basic Settings link (under Actions on the right) and note that the physical location is the Web\WebService folder identified in step 41. Click Cancel to close the dialog box
44. Close Internet Information Services (IIS) Manager
45. Open Chrome and browse to http://localhost/ActiveEfficiency
This page provides a simple interface to the ActiveEfficiency web service, which is used to read or write data in the ActiveEfficiency database. Nomad uses the Devices and Locations tables that are exposed through this interface, as well as some other tables that are not.
46. Click the Devices and Locations links in turn and observe devices and locations are currently empty. In a later exercise you will populate Locations, and later the 1E Clients will register with ActiveEfficiency and populate Devices
47. Open the Registry Editor and navigate to HKLM\Software\Wow6432Node\1E\ActiveEfficiency. The values in this registry key define the ActiveEfficiency website settings, installation directory, SQL server instance, and ActiveEfficiency version. Close the Registry Editor
48. Start the SQL Server Management Studio from the Start screen and connect to the local server. Expand the Databases node and note the ActiveEfficiency database
49. Expand the ActiveEfficiency database and review the tables. Close SQL Server Management Studio

50. Open Computer Management on 1ETRNCM and look at the properties of the ConfigMgr_DViewAccess local group. Note that 1ETRN\1ETRNAP has been added to the group

Installing the ConfigMgr Console extensions for Nomad

To enable the ConfigMgr client to interpret the Nomad settings and ensure Content Transfer Manager hands over content transfer jobs to Nomad to download content, we need to extend the standard software deployment and client settings policies associated with Packages, Applications and Software Updates. The additional Nomad attributes are configured through the ConfigMgr console by way of custom console extensions, which add properties pages to the standard Package, Driver Package, Operating System Image, Boot Image, Task Sequence, and Client Settings dialog boxes and wizards. In this exercise, you will install these ConfigMgr console extensions on the ConfigMgr server.

Install Nomad ConfigMgr Console Extensions

In this task, you will install the Nomad extensions to the ConfigMgr console on the CM server.

51. Log on to 1ETRNCM as 1ETRN\SCCMAdmin
52. Ensure the ConfigMgr console is closed
53. From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content\ download and Copy NomadBranch.v7.0.0.205.zip to C:\Temp once copied right click and extract all
54. From the Start screen, right-click Command Prompt and select Run as administrator. Change directory to C:\Temp\NomadBranch.v7.0.0.205\NomadBranch.v7.0.0.205 and run the following command

msiexec /i NomadBranchAdminUIExt.msi /l*v NomadUIExt-Install.log

55. On the Welcome screen, click Next
56. Accept the terms in the license agreement on the License Agreement page and click Next
57. On the Nomad Pre-Caching page, enter http://1ETRNAP/ActiveEfficiency for the ActiveEfficiency URL and click Next
58. On the Nomad Tachyon Integration page, click Next
59. On the Ready to Install the Program page click Install
60. When the installation has completed, click Finish

Confirm the admin console extensions have been installed

61. Start the ConfigMgr Console from the taskbar
62. Open the Administration workspace and select the Client Settings node
63. Note that the ribbon has a 1E Nomad button. Click the button and select Nomad Properties
64. Note that Nomad Settings dialog enables you to configure Nomad settings for Application Management and Software Updates. Do not make any changes at this point (click Cancel)
65. Open the Software Library workspace and expand the Application Management node. Click on the Packages node
66. Right-click the CMTrace package and note that there is a new item at the bottom of the context menu named Pre-cache content using Nomad. We will explore that feature later in the lab exercises
67. Select Properties from the context menu
68. Note that a new Nomad tab has been added to the Package Properties dialog box
69. Click Cancel in the dialog box to close it without any changes
70. Close the ConfigMgr console

Installing the Nomad Tools for OSD

To extend Nomad functionality as it relates to OS Deployment, we need to install certain Nomad components onto each Primary Site Server where we intend to administer task sequence packages to use Nomad as the Alternate Content Provider. In this exercise, you will install the tools and observe the changes made by the installation.

Install the Nomad Tools for OSD

71. From the previously used command prompt, run the following command

msiexec /i NomadBranchTools.msi /l*v NomadTools-install.log

72. On the Welcome screen, click Next
73. Accept the terms of the license agreement on the License Agreement page and click Next
74. On the Ready to Install the Program page click Install
75. When the installation has completed, click Finish

Confirm the Nomad Tools for OSD installation

76. Open the ConfigMgr console. Open the Software Library workspace, expand the Operating Systems node and select Task Sequences
77. Right-click the Windows 10 Ent – Basic ConfigMgr Task Sequence and select Edit from the context menu
78. In the Windows 10 Ent – Basic ConfigMgr Task Sequence Editor, click on the Add button and note that 1E tasks that have been added to the Task Sequence editor
If Add does not open the list of tasks, close the ConfigMgr console and the VM tab in your browser and reopen it.
79. Click Cancel to close the Task Sequence editor without saving any changes
80. Browse to C:\Program Files\Microsoft Configuration Manager\OSD\bin\i386 and sort files by Date Modified (descending). Note the following files have been added

If you don't see the files, you are likely in the wrong place. Please ensure you are using the correct path, for this task as well as the task below!

C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62

64-bit versions of these tools are also installed in the OSD\Bin\x64 folder.
81. Open C:\Program Files\Microsoft Configuration Manager\bin\x64\osdinjection.xml in Notepad
82. Search for any of the files listed above and confirm they have been added
83. Close the XML file, ensuring no changes were made. If asked to save the file, click Don't Save
This manifest defines the files that are to be added into the Windows PE boot image when it is updated on a DP. Note that the files listed above, except the .PDB files, have been added to this manifest, ensuring that they will be added to all boot images that are updated on a DP from this point on.

The Nomad Dashboard – First Look

Nomad 6.x introduced the Nomad Dashboard that provides a graphical summary of how Nomad is configured and operating within your estate. Accessible within the CM console or via a Web browser, it has a set of tiles that provide you with a view of all your Nomad related activities.

The Nomad Dashboard

84. Open the Monitoring workspace in the ConfigMgr console and expand the 1E Nomad folder at the bottom of the left-hand pane. Note the two items: Dashboard and Pre-caching Jobs. Pre-caching Jobs will be empty right now
85. Select Dashboard and observe the tiles presented in the main pane. There won't be much to look at right now, but we will come back to the Dashboard at different times to observe the data presented here
86. Hover over the different bars in the Content by type tile to see status of Nomad across the different content
87. Use [CTRL +] and [CTRL -] to adjust how the tiles are displayed in the dashboard
Make sure you click in the dashboard prior to using [CTRL -] as it will lower the display size (zoom) percentage of the browser hosting the VM and shrink it down.
88. Browse to http://1ETRNAP/ActiveEfficiency/NomadDashboard in a browser to see the Nomad Dashboard as a standalone web page.  The [CTRL +] and [CTRL -] work in the web page as well
This allows access to the Nomad dashboard without provisioning rights within the ConfigMgr console.

Understanding IIS Request Filtering on DPs

IIS 7 introduced IIS Request Filtering. This security feature allows administrators to configure IIS to block requests for specific file types and URL paths that include specific folder names or special characters. By default, IIS Request Filtering will block a number of file extensions and folder paths that may occur in distribution of content (Packages, Applications and Software Updates). 

Although the Microsoft documentation highlights this issue (http://technet.microsoft.com/en-gb/library/gg712264.aspx#BKMK_RequestFiltering), the ConfigMgr client actually bypasses this security measure by using a custom method when querying for the file rather than a standard HTTP GET for the file directly. 1E has developed Nomad per Microsoft security best practice, which means that we do a standard HTTP GET for the file that will be filtered by the IIS Request Filtering security feature. It is therefore necessary when using Nomad to follow the guidance in the Microsoft documentation and configure the IIS Request Filter on all Distribution Points to allow any file extensions, paths and special characters that may occur in your ConfigMgr content.
In this exercise, you will learn how to modify the filters to accommodate different scenarios.

View default restrictions

In this task, you will observe the file extensions and URL path elements that IIS Request Filtering blocks by default.

89. On 1ETRNCM start Internet Information Services (IIS) Manager from the Start screen
90. Select the 1ETRNCM server in the tree view on the left, then double-click the Request Filtering icon in the panel on the right (grouped under IIS) to view the Request Filtering properties page
91. Select the File Name Extensions tab. This shows all the file extensions that are blocked by default. Note that by default, any file extensions not listed here are allowed. Nomad will fail to download any content that includes any of these file types
92. Select the Hidden Segments tab. This shows all the folder names that are blocked by default. Nomad will fail to download any content where the URL path includes and of these Hidden Segments

Allowing restricted file extensions

In this task, you will learn how to reconfigure the Request Filtering to allow specific file extensions (in this case .config) to be served by the DP by removing the File Name Extension from the filter.

93. Copy the CommandLinesAndQueries.txt file into c:\temp. This will ensure no changes are made mistakenly to the master copy of the file!
The 'appcmd.exe' command lines used in the upcoming Tasks are available From the SkyTap Shared Drive shortcut on the desktop and browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\CommandLinesAndQueries.txt file. You may prefer to copy and paste the command lines into the command prompt to avoid typing errors.
94. Start a command prompt (run as administrator) and change directory to C:\Windows\System32\inetsrv
95. Run the following command

appcmd set config /section:requestfiltering /-fileExtensions.[fileextension='.config']

Although for optimal security you should only allow the specific file types that are included in your various packages, applications and software updates, practically you will probably want to remove all of the file extension filters on your DPs.

Allowing restricted folders (Hidden Segments)

In this task, you will learn how to reconfigure the Request Filtering to allow the \bin path segment that is blocked by default.

96. From the command prompt, run the following command

appcmd set config /section:requestfiltering /-hiddensegments.[segment='bin']

Allowing special characters (Double Escaping)

The third filtering option that may prevent Nomad from downloading content is allowDoubleEscaping. By default, any path or filename that includes special 'escape' characters are blocked by default. In this task, you will learn how to allow files with these special characters in their name to be downloaded.

97. From the command prompt, run the following command

appcmd set config /section:requestfiltering /allowdoubleescaping:true

98. Repeat the steps in the exercise View default restrictions to view the effects of the changes you have made. The .config file extension should no longer be listed, nor should the bin folder in the Hidden Segments tab. (You may need to refresh the screen if IIS Manager was already open on the Request Filtering page)

Preparing for 1E Client Deployment

The Nomad agent functionality has been moved into the 1E Client Nomad Module in version 7 of Nomad. The 1E Client needs to be installed on all ConfigMgr Distribution Points and all clients. In this exercise, you will use the 1E Client Deployment Assistant to prepare for the installation of the 1E Client on the distribution point and clients in the lab.

Run the 1E Client Deployment Assistant

99. On 1ETRNCM, logged on as 1ETRN\SCCMAdmin, open the SkyTap Shared Drive shortcut on the desktop and navigate to 1ETools\ClientDeploymentAssistant.v1.4.0.27.zip copy the file to C:\Temp then right click and extract all
100. Double-click the 1EClientDeploymentAssistant.exe file in C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 to launch the wizard interactively
101. On the Welcome page, click Next to begin
102. Accept the license terms on the License Terms page and click Next
103. On the ConfigMgr Connection page, with the Local ConfigMgr Site Server option selected, click the Connect button. When the status says "Connected", click Next
104. On the 1E License File field click browse and select our licenses.txt file
105. On the General Settings page, in the 1E ActiveEfficiency Server URL field type in http://1etrnap/ActiveEfficiency




We could pre-populate these fields by editing the values in the AppImport.xml file in the 1E Client Deployment Assistant folder.
106. On the Application Content Source and the Package Content Source fields type in \\1ETRNDC\ConfigMgrSource\Software
The Application and Package content locations may be different in some production environments, but this training environment uses a common content location.
107. Check the Distribute Content box and ensure that All Distribution Points is selected by default for the Distribution Point Group. Click Next on the General Settings page
108. On the Agent Selection page, uncheck everything except PXE Everywhere 3.2.0.56 and 1E Client 4.1.0.267 and note that the license key for PXE Everywhere is imported from the licenses.txt file. Click Next
109. On the PXE Everywhere 3.2.0.56 page check the Create Application and Create Package boxes. We do not need to create a deployment as we will deliver PXE Everywhere in a Task Sequence in order to stage our boot image. Uncheck the Create Application Deployment. Click Next
110. On the PXE Everywhere settings page set the PXE Everywhere Central Web Service to: http://1etrncm.1etrn.local/PXELite/PXELiteConfiguration.asmx
111. On the 1E Client 4.1.0.267 page, ensure that both Create Application and Create Application Deployment are selected along with Create Package. Ensure that the limiting collection is set to All Desktop and Server Clients and click Next




The Client Deployment Assistant allows for the creation of packages and applications. Certain environments prefer one over the other. You can deselect either one, however, we will create both for this lab. We will deploy the client via the application, however use the package in a Task Sequence later in the labs.
112. On the Tachyon and other client Settings page, uncheck the Enable Tachyon, and Enable Inventory checkboxes. We are not using these features in this class. Click Next
113. On the Nomad Client Settings page, check the Enable Nomad checkbox, and accept the defaults for Log Path and Log Size. Ensure that only Hidden Nomad Share and Prevent Failing Over to BITS are selected. Click Next
We will be enabling Single Site Download, Fanout and Peer Backup Assistant in later lab exercises.
114. On the Summary page, wait for the summary to be compiled. Review all the actions that will be performed based on the settings selected in the wizard. When finished reviewing the summary, click Create
115. The progress will be displayed as each task is completed. When the status is displayed as Successful, click Next
116. On the Completionpage, note that all tasks completed successfully. Click Finish

Observe the results of running the 1E Client Deployment Assistant Wizard

In this task, we will observe the ConfigMgr objects created by running the 1E Client Deployment Assistant wizard.

117. Open the ConfigMgr console, select the Assets and Compliance node and click on Device Collections
118. Note that the 1E Client 4.1.0.267 – Required collection is created with All Desktop and Server Clients as the limiting collection and that there are no members
119. Click on the Deployments tab for the collection and note that the 1E Client 4.1.0.267 Application is deployed to this collection
120. Click on the Software Library node and select Applications in the Application Management section
121. Click on the 1E Client 4.1.0.267 application and select the Deployment Types tab at the bottom of the console
122. Note that the application has two Deployment Types created – 1E Client x86 and 1E Client x64
     
     
When the 1E Client Deployment Assistant wizard is run, the deployment types that are created have been limited (using prerequisites) to workstation operating systems for the Nomad x86 deployment type and workstation and server operating systems for the Nomad x64 deployment type. This behavior is defined in the AppImport.xml file in the: C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 folder.
123. Right-click the 1E Client x64 Deployment Type and select Properties
124. Click on the Requirements tab, select the Operating system Requirement Type and click Edit
125. In the list of operating systems, scroll down, and select the Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019. Click OK
126. Click OK to close the 1E Client x64 Properties
127. Select Packages under Application Management and note that there are two packages created – one for x86 and one for x64 and that each Package has two programs – one for install and one for uninstall

Deploy the 1E Client

In this exercise, we will use the collection and application created by the Endpoint Agent Installation wizard to deploy the 1E Client to all workstations.

Deploy 1E Client to Workstations and Distribution Point

128. On 1ETRNCM, select the Assets and Compliance node of the ConfigMgr console and click on Devices
Ensure all workstations have been powered on in SkyTap.
129. Select the following machines from the device list (You may hold the CTRL key down and use multi-select)
1ETRNCM
1ETRNW71
1ETRNW72
1ETRNW73
1ETRNW101
1ETRNW102
130. Right-click on any of the selected devices and choose Add Selected Items > Add Selected Items to Existing Device Collection
131. Select 1E Client 4.1.0.267 – Required and click OK
132. Under Assets and Compliance, select Device Collections and observe the 1E Client 4.1.0.267 – Required collection. If the member count is still zero, you may need to refresh the collection to see the member count display six members

Monitor the progress of the installation

133. In the ConfigMgr Console, select the Assets and Compliance workspace, select the Device Collections node then right-click 1E Client 4.1.0.267 – Required and select Client Notification > Download Computer Policy. A dialog box will pop up indicating there are six resources in this Collection. Click OK
This process will cause each of the ConfigMgr clients to download the new deployment policy you have just created rather than waiting for them to do it on their regular schedule. In the lab environment, this interval is only 5 minutes rather than the default value of 60 minutes.
134. Select the Monitoring workspace and select the Deployments node
135. Right-click the 1E Client 4.1.0.267 deployment and select View Status monitor the progress (refresh periodically to view updated status information)
Please note that this may not be updated very quickly because this information is provided by status/state messages sent up from the individual ConfigMgr client. Take a 5 minute break, and if it has still not updated, proceed to the next task – you will likely find that the agent has already been installed.

Review the Installation on the Workstations

136. Log on to 1ETRNW71 as 1ETRN\User
1ETRN\User is a member of the Workstation Admins group and will be able to perform administrative tasks on the Lab Workstations.
137. Double-click the services.msc shortcut on the desktop
138. Note the 1E Nomad Branch and 1E Client services are running
139. Leave the Services interface open and from the Start menu, right-click Computer and select Manage
140. In the Computer Management interface, expand the Local Users and Groups node and click on the Users folder
141. Note that the local user SMSNomadP2P& has been created
142. In the Computer Management interface, expand the Shared Folders node and click on Shares
143. Note that the NomadSHR$ share has been created. This is the Nomad cache
144. Right-click the NomadSHR$ and select Properties from the context menu
145. In the NomadSHR$ properties dialog, on the General tab, note the path to the share, and the 6 user (connection) limit
146. Select the Share Permissions tab and note the permissions applied to the share
147. Cancel the NomadSHR$ properties dialog to return to the Computer Management interface
148. Leave the Computer Management interface open and return to the Services interface
149. Right-click the 1E Nomad Branch service and select Stop
150. Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is deleted when the service is stopped
151. Switch to the Services interface and start the 1E Nomad Branch service
152. Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is recreated when the service starts

The Nomad share is deleted every time the Nomad service is stopped. The content in the Nomad share will still reside on the machine but won't be shared unless the service is running.

If the P2P protocol is changed to HTTP(S), the share no longer plays a role in content sharing. The share will still exist, but will not be required, because we are no longer using SMB to connect to a share to copy content.

153. Close the Services interface and the Computer Management interface
154. Start Windows Explorer and browse to C:\ProgramData\1E\NomadBranch. This is the folder that is shared as NomadSHR$, and is the root of the Nomad cache
155. Browse to the ConfigMgr Logs folder on the desktop and double-click the NomadBranch.log to open it. You will use this log file in future exercises to follow Nomad processing a distribution
156. Observe the Nomad service startup activity at the beginning of the log. Note that the agent has created a hidden share, and has automatically set the option to use HTTP and SMB because it has detected an installed CM client

157. Close the NomadBranch.log file
158. From the Start menu run regedit
159. Navigate to HKLM\Software\1E\NomadBranch. This registry key contains all the configuration options used by Nomad
In later labs you will learn how to use the Configuration Manager Compliance and Settings feature to manage the 1E Client settings in this registry key after the agent has been installed.

Changing the StatusMsgEvents using a the Create Nomad Baseline functionality

Nomad 6.3 introduced new functionality to manage Nomad settings on the client. Best practice is to manage client settings, which all reside in the registry, using CI's deployed via Configuration Baselines. Nomad has now productized this functionality to simplify the management of client settings. In this task, we will change the value of StatusMsgEvents from 0 to a specific number so the clients send data back to ActiveEfficiency which will then be used by the Nomad Dashboard.

160. Logged in as 1ETRN\SCCMAdmin navigate to the Assets and Compliance workspace in the ConfigMgr console

162. Click the Create Nomad Baseline button to start the wizard
163. On the Configuration Type page, input Nomad Settings into the name
164. Configuration Type – leave Configure settings manually selected. Configure settings using MSI Transform would be selected if you had a transform (.mst) created to perform the settings changes required. This setting will allow you to import the .msi and .mst files so you do not have to recreate the settings. Click Next
165. On the Nomad Settings page, start typing StatusMsgEvents into the Registry Value Name field. It should autofill. Click on the value
166. In the Registry Value box, input 0x1000000064. Click Next
Copy the value from the doc so the correct value will be used. There are 7 zeros between the 1 and the 64.
167. On the Summary page, click Apply
168. Once completed, click Finish

Review the Configuration Baseline

169. Click on the Assets and Compliance workspace in the ConfigMgr console
170. Expand the Compliance Settings node. Select Configuration Items and Right-click on the newly created Configuration Baseline named Nomad Registry Settings - Nomad Settings and select Properties
171. Click on the Settings tab and note StatusMsgEvents Registry Value setting
172. Click the Edit button to review the setting
173. Click on the Compliance Rules tab to confirm the condition reflects the value we defined for the setting. Click Cancel
174. Click on the Compliance Rules tab of the CI and note that Remediate is set to Yes. Click Cancel to close out of the CI
175. Navigate to the Configuration Baselines node and note the newly create baseline
176. Right-click the Nomad Settings baseline and select Properties
177. Click on the Evaluation Conditions tab and confirm the CI we just reviewed is listed there. Click Cancel
178. Right-click the Configuration Baseline and select Deploy
179. Check the Remediate noncompliant rules when supported and select Lab Workstations as the collection. 

180. From the Device Collections node, right-click the Lab Workstations collection and initiate a machine policy refresh by selecting Client Notification - Download Computer Policy

181. On 1ETRNW71, logged in as 1ETRN\User, run regedit
182. Navigate to HKLM\software\1E\NomadBranch. Confirm the StatusMsgEvents setting is set to 0x0. Leave regedit open
183. Open the ConfigMgr applet from the desktop
184. Click on the Configurations tab and note the Nomad Settings baseline present
It might take a minute or two for policy to refresh and the baseline to show. If you do not see it, wait a minute and then click Refresh.
185. Click the Evaluate button, then Refresh. Note the Compliance value change to Compliant
186. Return to regedit and refresh the view. Confirm the StatusMsgEvents settings has changed to the value we specified in the Configuration Item

Review the installation on the Distribution Point

The installation on the DP server results in the same 1E Client component being installed on the server, however the service will perform the LsZ generation and RDC processing as it identifies that it is running on a Site Server and DP.

187. From the Start menu, click Services
188. Note the 1E Nomad Branch and 1E Client services are running
189. From the Start screen, start typing regedit and click regedit when it appears in the Search results. Note the HKLM\Software\1E\NomadBranch registry key
As 1ETRNCM is running a 64-bit OS, the 64-bit version of the 1E Client has been installed based on the requirements of the Deployment Type.
190. Navigate to C:\ProgramData\1E\NomadBranch folder. Note that as this is a DP, the agent has created the LSZFILES folder. Note that the folder is empty. When content is requested, this is where the LSZ files will be generated and stored
191. Open the C:\Windows\CCM\Logs folder and double-click the NomadBranch.log file
Note that we set the log file path in the Endpoint Agent Installation wizard based on where the ConfigMgr client logs are on client systems (C:\Windows\CCM\Logs) to make access to the CM client logs and the Nomad logs easier. Since this server had the management point role installed prior to the CM client installation, the CM client logs are actually located in C:\Program Files\SMS_CCM\Logs.
192. Near the top of the log file, notice that the computer (1ETRNCM) has been identified as an SMS Site Server and an SMS Distribution Point

193. Note also that the HTTP LsZ generation option (normally set in SpecialNetShare) has also been enabled as Nomad has detected this is a ConfigMgr Distribution Point and will therefore be using HTTP

194. Open Internet Information Services (IIS) Manager from the Start menu and expand 1ETRNCM\Sites\Default Web Site
195. Note the LSZFILES and NOMAD_PKGCACHE virtual directories

These virtual directories are in C:\ProgramData\1E\NomadBranch\LSZFILES and C:\ProgramData\1E\NomadBranch\NOMAD_PKGCACHE respectively. The LSZFILES directory store the LsZ files used for content validation and the NOMAD_PKGCACHE is the storage location for compressed (also compressed and encrypted) content when the Nomad SECure feature is used to compress the content.

The Client version distribution tile in the Nomad Dashboard will eventually reflect the deployment of the 1E Client, but this will take a little time. A hardware inventory sync from the client machines must happen, and then that data is synced into ActiveEfficiency to populate the data in the dashboard tiles.

Installing the Nomad Download Monitor

The Nomad Branch Download Monitor is a useful admin tool to monitor Nomad activity on either the local or a remote client. In this exercise, you will create a new Application to install the download monitor and then deploy this to all workstations.

Create the Nomad Download Monitor Package and Program

196. From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content and download DownloadMonitor.zip to c:\temp. Right click the file and choose Extract All. Copy the DownloadMonitor folder to \\1etrndc\ConfigMgrSource\Software. The DownloadMonitor folder contains the installer (msi) file and a transform (mst) file
197. A shortcut to the ConfigMgrSource location has been created on the desktop, named ConfigMgr Content Source
198. From the ConfigMgr Console, open the Software Library workspace, expand the Application Management node
199. Right-click the Packages node and select Create Package to start the Create Package and Program Wizard
200. On the Package page, enter Nomad Download Monitor as the Name. Check the option This package contains source files then click the Browse… button and enter or browse to \\1ETRNDC\ConfigMgrSource\Software\DownloadMonitor as the source folder. Click OK to close the Set Source Folder dialog, then click Next
201. On the Program Type page ensure Standard program is selected and click Next
202. On the Standard Program page enter the following details and click Next
Name: Install Nomad Download Monitor
Command line: msiexec /i NomadBranchGUI.msi TRANSFORMS=NomadGUIAdvancedMode.mst /qn
Program can run: Whether or not a user is logged on
The default install of the Nomad Download Monitor is in Basic Mode (UI=0). Basic Mode provides only progress bars. Advanced Mode (UI=1) allows adjustment of the workrate and allows connection to remote clients for remote monitoring. The transform contains the configuration to allow Nomad Download Monitor to be deployed in Advanced Mode.
203. Click Next
204. On the Requirements page click Next
205. On the Nomad Settings page select Enable Nomad and click Next
This will be the first bit of content that the newly installed Nomad clients will download.
206. On the Summary page, click Next then close the wizard when it completes
207. From the Packages node, right-click the Nomad Download Monitor package and select Distribute Content to start the Distribute Content Wizard
208. On the General page click Next
209. On the Content Destination page click Add, select Distribution Point, and select the 1ETRNCM.1ETRN.LOCAL Distribution Point. Click OK. Click Next
210. On the Summary page click Next, then click Close when the wizard completes

Deploy the Nomad Download Monitor

In a production environment, you would normally only deploy the Nomad Download Monitor to administrators' workstations, using the Advanced UI (UI=1) option to allow connection to any 1E Client for monitoring. In this task, you will deploy the Download Monitor onto all workstations for convenience.

211. From the Packages node in the ConfigMgr Console, right-click the Nomad Download Monitor package and select Deploy to start the Deploy Software Wizard
212. On the General page, select the Lab Workstations Collection by clicking the Browse… button to the right of the Collection field. Once the collection is selected click OK to close the Select Collection dialog. Click Next
213. On the Content page ensure the 1ETRNCM Distribution Point is listed in the top half of the page and click Next
214. On the Deployment Settings page, note that the Action is set to Install and ensure that the Purpose to Required and click Next
215. On the Scheduling page click New… to create a new Assignment Schedule then from the Assignment Schedule dialog box click OK to use the default (current time) schedule and return to the Scheduling page. Click Next
216. On the User Experience page select Allow users to run the program independently of assignments and click Next
217. On the Distribution Points page ensure the Deployment options are set to Download content from distribution point and run locally in both drop-downs, make sure the box Allow clients to use distribution points from the default site boundary group is unchecked, click Next
218. On the Summary page, review the settings and click Next
219. When the wizard completes click Close
220. Use the Client Notifications feature (as described in step 134) to make sure all the clients in the Lab Workstations Collection download the new deployment policy without having to wait

221. Open a Command Prompt (run as administrator) and switch to the C:\Program Files (x86)\1E\ActiveEfficiency\Service directory
Leave the command prompt window open, we'll be back shortly to use it again.
222. Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency

ServiceHost.exe -NomadSyncAll

We are forcing a sync between ConfigMgr and ActiveEfficiency here to review the status of this deployment in the Nomad dashboard.

223. Open the Nomad Dashboard under the Monitoring workspace and observe the Deployments tile
224. The Download Progress for this deployment should indicate what percentage of the targeted machines have started the download yet. The percentage will be driven by how fast the machines retrieved the software distribution policy
225. The Caching Metrics tile will potentially have data available, but this is dependent on machines retrieving policy
226. We will revisit these tiles in a few minutes to see what changed
227. The Client version distribution tile might now show the client version of some or all clients as well

Verify the installation

228. When the above deployment has completed on the clients, log on to all of them as 1ETRN\User and check the following

230. If the download monitor is not running, launch it from the Start menu
231. Double-click the Nomad icon in the system tray to open the UI. Note that there is a Connect option in the top menu and a table labelled All downloads in the middle of the GUI. This indicates that the GUI was installed in Advanced mode (UI=1 on the msiexec command line)
232. Close the Download Monitor
Note that when you close the UI, the icon remains in the system tray and the monitor is still active. To completely exit the monitor, right-click the system tray icon and select  Exit  from the context menu.

233. Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency

ServiceHost.exe -NomadSyncAll

234. Open the Nomad Dashboard in the ConfigMgr console and observe the changes in the Deployments tiles. Download Progress shows 100% complete and the Caching Metrics show that 60% of the clients retrieved content from a peer while 40% retrieved the content from the DP
235. Why are we seeing these proportions here? Ask your instructor if you aren't sure
236. Click the expand button on either tile to get more details

Lab Summary

In this lab, you have learned how to install the Nomad extensions to the ConfigMgr console and the additional tools that are used during an Operating System Deployment Task Sequence. The Nomad Tools installer updates OSDINJECTION.XML to ensure these tools are added to all future boot images.

You then used the 1E Endpoint Agent Installation wizard to create the ConfigMgr deployment objects (collections, packages, applications and deployment types) to support the deployment of the 1E Client on the client workstations. You have learned where the 1E Client is installed and where the Nomad cache is located.
You have begun to explore the data presented in the Nomad Dashboard as we've deployed the Nomad Agent and Nomad-enabled content. In order for the Dashboard to populate, we changed a value in the Nomad settings using the Create Nomad Baseline functionality.
Finally, you installed the Nomad Branch download monitor that will be used in later exercises to observe Nomad behaviour.

Next Page
Ex 2 - Nomad 7.0 - Deploying Software using Nomad