Version: 2
restore

Contents

Exercise Overview:

All command lines and queries used throughout the lab exercises are available by accessing the SkyTap Shared Drive shortcut on the desktop and browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\CommandLinesAndQueries.txt file to make copying and pasting within the virtual machines easier.

Installing the Nomad Components

In this lab, you will install ActiveEfficiency on the Application server, the Nomad Components on the ConfigMgr server, and the Nomad client on the Distribution Point and the workstations.

Install ActiveEfficiency Server

ActiveEfficiency Server is a core component of 1E solutions that discovers and stores information about the IT environment from various data sources. Nomad uses ActiveEfficiency to support the Single Site Download (SSD), Single Site Peer Backup Assistant (SSPBA), Nomad Pre-Cache and WakeUp Integration features. 

In this exercise, you will learn how to install and configure ActiveEfficiency Server for use with Nomad.

Other 1E solutions use ActiveEfficiency in different ways. This exercise covers the necessary steps required to install ActiveEfficiency for use with Nomad. Please refer to the ActiveEfficiency documentation for further information on sizing and capacity planning for your specific requirements.

Enable the Distributed Transaction Coordinator (MSDTC)

To support Nomad features, ActiveEfficiency will need to be able to synchronize with the ConfigMgr database. For this to succeed, the Distributed Transaction Coordinator needs to be configured. In this task, MSDTC will be set on the ConfigMgr server.

1ETRNCM

  1. Log on to 1ETRNCM as 1ETRN\SCCMAdmin and launch Server Manager
  2. Open Component Services from the Tools menu
  3. Expand Component Services\Computers\My Computer\Distributed Transaction Coordinator
  4. Right-click on Local DTC and select Properties
  5. Select the Security tab
  6. In the Security Settings section, check the Network DTC Access.
  7. In the Client and Administration subsection, select Allow Remote Clients. In the Transaction Manager Communication subsection, check Allow Inbound and Allow Outbound with the Mutual Authentication Required option selected.
  8. Select the Enable XA Transactions checkboxes and uncheck the Enable SNA LU 6.2 Transactions checkbox
  9. In the DTC Logon Account section, accept the default of NT AUTHORITY\NetworkService
  10. Click OK
  11. A prompt will be displayed warning you that the MSDTC service will be restarted. Click Yes to proceed
  12. Click OK on the MSDTC Service dialog box
  13. Close the Component Services MMC Snap-in and close Server Manager

Install required Windows Role Services and Features

ActiveEfficiency requires certain Web Server Role Services, which you will install on the application server in this task.

1ETRNAP
  1. Log into 1ETRNAP as 1ETRN\AppInstaller and open Server Manager
  2. From the Manage menu (top-right menu bar) select Add Roles and Features to start the Add Roles and Features Wizard
  3. On the Before you begin page click Next
  4. On the Select Installation Type page ensure Role-based or feature-based installation is selected and click Next
  5. On the Select destination server page, ensure the local server (1ETRNAP.1ETRN.local) is selected and click Next
  6. On the Select server roles page, locate and expand the Web Server (IIS) server role then expand the Web Server role service
  7. Expand Common HTTP Features and select Default Document and Static Content
  8. Expand Performance and select Static Content Compression
  9. Expand Security and select Windows Authentication
  10. Expand Application Development and select ASP.NET 4.6. You will be prompted to add the ISAPI Filters, ISAPI Extensions and .NET Extensibility 4.6 role services required by ASP.NET 4.6. Click Add Features to include these then click Next
  11. On the Features page, select Message Queuing and click Next
  12. ActiveEfficiency requires Microsoft Message Queuing (MSMQ) to support WakeUp integration with Nomad. If you are only using ActiveEfficiency for Nomad Single Site Download, MSMQ Is not needed, in which case, the 1E ActiveEfficiency windows service would not be installed when you install ActiveEfficiency Server. WakeUp integration is covered in an additional course module (1EWAK03-71 WakeUp and Nomad Integration) which can be appended to this course so we'll install MSMQ for future use. Additionally, the ActiveEfficiency Service is required for Nomad synchronization with the ConfigMgr database. This synchronization supports the Dynamic Nomad Precaching feature.No thats

  1. The Confirm installation selections page should now show the following Role Services and Features



  1. Click Install
  2. When the installation completes, close the wizard

Install ActiveEfficiency Server

In this task, you will install ActiveEfficiency Server on the Application server (1ETRNAP)

1ETRNAP
  1. From the SkyTap Shared Drive shortcut on the desktop navigate to:
    1E Nomad Course Content\Nomad 7.0 Course Content\ download and copy 1EActiveEfficiency.zip to C:\Temp once copied right click and select extract all
  2. From the Windows Start screen, right-click Command Prompt and select Run as administrator
  3. Switch to the C:\Temp\1EActiveEfficiency\activeefficiency.v1.10.0.62 folder and run the following command line to start the ActiveEfficiency installation wizard
  4. msiexec /i ActiveEfficiencyServer.msi patch=C:\Temp\1EActiveEfficiency\activeefficiency.v1.10.0.62\Q20481-activeefficiencyserver.v1.10.0.62.msp /l*v AEServer-Install.log
  5. On the Welcome page click Next
  6. On the License Agreement page select, I accept the terms of the license agreement and click Next
  7. On the Prerequisite Checks page, ensure all checks have passed and click Next
  8. As noted previously, it is possible to install ActiveEfficiency Server without the 1E ActiveEfficiency windows service if you are not using any of the features that require this service. If MSMQ is not installed at this point in the ActiveEfficiency Server installation wizard, the MSMQ check will fail, but installation can proceed. You can add the 1E ActiveEfficiency Service at a later date by installing MSMQ then uninstalling and reinstalling ActiveEfficiency Server.
  9. On the Destination Folder page accept the default location and click Next
  10. On the Database Server page select the (local) database server from the drop down and leave the database name as ActiveEfficiency. Click Next
  11. In production environments, it is best practice to create the ActiveEfficiency database at the required size before running the installation to avoid the database files having to auto-grow considerably, which would impact performance.
  12. On the ActiveEfficiency Website Settings click Next
  13. On the Nomad synchronization page, check the Enable Nomad Sync option, enter
  14. 1ETRNCM 
    CM_PS1 
    5
  15. On the Ready to Install the Program page click Install
  16. The Installing database step takes several minutes to complete.
  17. When the wizard completes, click Finish

Review the installation

In this task, you will observe the changes made by the ActiveEfficiency server installation

1ETRNAP
  1. Browse to C:\Program Files (x86)\1E\ActiveEfficiency and note the following folders
  2. Folder

    Description

    Notes

    Database

    Files used to create and manage the database

    Always created

    DeployCertificate

    Binaries associated with deploying a certificate to the client for communication with the 1E ActiveEfficiency cloud service

    Only created if MSMQ prerequisite is installed

    Service

    Binaries associated with the ActiveEfficiency service

    Only created if MSMQ prerequisite is installed

    Web

    Binaries associated with the ActiveEfficiency Web Service

    Always created

  3. Open the Internet Information Services (IIS) Manager and expand the 1ETRNAP server node
  4. Select the Application Pools node and note the ActiveEfficiency Application Pool, running with the identity of NetworkService
  5. Expand Sites, then the Default Web Site and select the ActiveEfficiency Web Site. Click the Basic Settings link (under Actions on the right) and note that the physical location is the Web\WebService folder identified in step 41. Click Cancel to close the dialog box
  6. Close Internet Information Services (IIS) Manager
  7. Open Chrome and browse to http://localhost/ActiveEfficiency
  8. This page provides a simple interface to the ActiveEfficiency web service, which is used to read or write data in the ActiveEfficiency database. Nomad uses the Devices and Locations tables that are exposed through this interface, as well as some other tables that are not.
  9. Click the Devices and Locations links in turn and observe devices and locations are currently empty. In a later exercise you will populate Locations, and later the 1E Clients will register with ActiveEfficiency and populate Devices
  10. Open the Registry Editor and navigate to HKLM\Software\Wow6432Node\1E\ActiveEfficiency. The values in this registry key define the ActiveEfficiency website settings, installation directory, SQL server instance, and ActiveEfficiency version. Close the Registry Editor
  11. Start the SQL Server Management Studio from the Start screen and connect to the local server. Expand the Databases node and note the ActiveEfficiency database
  12. Expand the ActiveEfficiency database and review the tables. Close SQL Server Management Studio
1ETRNCM
  1. Open Computer Management on 1ETRNCM and look at the properties of the ConfigMgr_DViewAccess local group. Note that 1ETRN\1ETRNAP has been added to the group

Installing the ConfigMgr Console extensions for Nomad

To enable the ConfigMgr client to interpret the Nomad settings and ensure Content Transfer Manager hands over content transfer jobs to Nomad to download content, we need to extend the standard software deployment and client settings policies associated with Packages, Applications and Software Updates. The additional Nomad attributes are configured through the ConfigMgr console by way of custom console extensions, which add properties pages to the standard Package, Driver Package, Operating System Image, Boot Image, Task Sequence, and Client Settings dialog boxes and wizards. In this exercise, you will install these ConfigMgr console extensions on the ConfigMgr server.

In a production environment, where you may have the ConfigMgr console installed on additional administrators' workstations, you would need to install the console extensions on any machine running the ConfigMgr console.

Install Nomad ConfigMgr Console Extensions

In this task, you will install the Nomad extensions to the ConfigMgr console on the CM server.

1ETRNCM
  1. Log on to 1ETRNCM as 1ETRN\SCCMAdmin
  2. Ensure the ConfigMgr console is closed
  3. From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content\ download and Copy NomadBranch.v7.0.0.205.zip to C:\Temp once copied right click and extract all
  4. From the Start screen, right-click Command Prompt and select Run as administrator. Change directory to C:\Temp\NomadBranch.v7.0.0.205\NomadBranch.v7.0.0.205 and run the following command
  5. msiexec /i NomadBranchAdminUIExt.msi /l*v NomadUIExt-Install.log
  6. On the Welcome screen, click Next
  7. Accept the terms in the license agreement on the License Agreement page and click Next
  8. On the Nomad Pre-Caching page, enter http://1ETRNAP/ActiveEfficiency for the ActiveEfficiency URL and click Next
  9. On the Nomad Tachyon Integration page, click Next
  10. On the Ready to Install the Program page click Install
  11. When the installation has completed, click Finish

Confirm the admin console extensions have been installed

1ETRNCM
  1. Start the ConfigMgr Console from the taskbar
  2. Open the Administration workspace and select the Client Settings node
  3. Note that the ribbon has a 1E Nomad button. Click the button and select Nomad Properties
  4. Note that Nomad Settings dialog enables you to configure Nomad settings for Application Management and Software Updates. Do not make any changes at this point (click Cancel)
  5. Open the Software Library workspace and expand the Application Management node. Click on the Packages node
  6. Right-click the CMTrace package and note that there is a new item at the bottom of the context menu named Pre-cache content using Nomad. We will explore that feature later in the lab exercises
  7. Select Properties from the context menu
  8. Note that a new Nomad tab has been added to the Package Properties dialog box
  9. Click Cancel in the dialog box to close it without any changes
  10. Close the ConfigMgr console

Installing the Nomad Tools for OSD

To extend Nomad functionality as it relates to OS Deployment, we need to install certain Nomad components onto each Primary Site Server where we intend to administer task sequence packages to use Nomad as the Alternate Content Provider. In this exercise, you will install the tools and observe the changes made by the installation.

Install the Nomad Tools for OSD

1ETRNCM
  1. From the previously used command prompt, run the following command
  2. msiexec /i NomadBranchTools.msi /l*v NomadTools-install.log
  3. On the Welcome screen, click Next
  4. Accept the terms of the license agreement on the License Agreement page and click Next
  5. On the Ready to Install the Program page click Install
  6. When the installation has completed, click Finish

Confirm the Nomad Tools for OSD installation


  1. Open the ConfigMgr console. Open the Software Library workspace, expand the Operating Systems node and select Task Sequences
  2. Right-click the Windows 10 Ent – Basic ConfigMgr Task Sequence and select Edit from the context menu
  3. In the Windows 10 Ent – Basic ConfigMgr Task Sequence Editor, click on the Add button and note that 1E tasks that have been added to the Task Sequence editor
  4. If Add does not open the list of tasks, close the ConfigMgr console and the VM tab in your browser and reopen it.
  5. Click Cancel to close the Task Sequence editor without saving any changes
  6. Browse to C:\Program Files\Microsoft Configuration Manager\OSD\bin\i386 and sort files by Date Modified (descending). Note the following files have been added
  7. If you don't see the files, you are likely in the wrong place. Please ensure you are using the correct path, for this task as well as the task below!

    C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62

These are the files you should see in the folder.

    64-bit versions of these tools are also installed in the OSD\Bin\x64 folder.
  1. Open C:\Program Files\Microsoft Configuration Manager\bin\x64\osdinjection.xml in Notepad
  2. Search for any of the files listed above and confirm they have been added
  3. Close the XML file, ensuring no changes were made. If asked to save the file, click Don't Save
  4. This manifest defines the files that are to be added into the Windows PE boot image when it is updated on a DP. Note that the files listed above, except the .PDB files, have been added to this manifest, ensuring that they will be added to all boot images that are updated on a DP from this point on.

The Nomad Dashboard – First Look

Nomad 6.x introduced the Nomad Dashboard that provides a graphical summary of how Nomad is configured and operating within your estate. Accessible within the CM console or via a Web browser, it has a set of tiles that provide you with a view of all your Nomad related activities.

The Nomad client health tile will no longer populate, client health should be checked using Guaranteed State within Tachyon.

The Nomad Dashboard

1ETRNCM
  1. Open the Monitoring workspace in the ConfigMgr console and expand the 1E Nomad folder at the bottom of the left-hand pane. Note the two items: Dashboard and Pre-caching Jobs. Pre-caching Jobs will be empty right now
  2. Select Dashboard and observe the tiles presented in the main pane. There won't be much to look at right now, but we will come back to the Dashboard at different times to observe the data presented here
  3. Hover over the different bars in the Content by type tile to see status of Nomad across the different content
  4. Use [CTRL +] and [CTRL -] to adjust how the tiles are displayed in the dashboard
  5. Make sure you click in the dashboard prior to using [CTRL -] as it will lower the display size (zoom) percentage of the browser hosting the VM and shrink it down.
  6. Browse to http://1ETRNAP/ActiveEfficiency/NomadDashboard in a browser to see the Nomad Dashboard as a standalone web page.  The [CTRL +] and [CTRL -] work in the web page as well
  7. This allows access to the Nomad dashboard without provisioning rights within the ConfigMgr console.

Understanding IIS Request Filtering on DPs

IIS 7 introduced IIS Request Filtering. This security feature allows administrators to configure IIS to block requests for specific file types and URL paths that include specific folder names or special characters. By default, IIS Request Filtering will block a number of file extensions and folder paths that may occur in distribution of content (Packages, Applications and Software Updates). 

Although the Microsoft documentation highlights this issue (http://technet.microsoft.com/en-gb/library/gg712264.aspx#BKMK_RequestFiltering), the ConfigMgr client actually bypasses this security measure by using a custom method when querying for the file rather than a standard HTTP GET for the file directly. 1E has developed Nomad per Microsoft security best practice, which means that we do a standard HTTP GET for the file that will be filtered by the IIS Request Filtering security feature. It is therefore necessary when using Nomad to follow the guidance in the Microsoft documentation and configure the IIS Request Filter on all Distribution Points to allow any file extensions, paths and special characters that may occur in your ConfigMgr content.
In this exercise, you will learn how to modify the filters to accommodate different scenarios.

View default restrictions

In this task, you will observe the file extensions and URL path elements that IIS Request Filtering blocks by default.

1ETRNCM
  1. On 1ETRNCM start Internet Information Services (IIS) Manager from the Start screen
  2. Select the 1ETRNCM server in the tree view on the left, then double-click the Request Filtering icon in the panel on the right (grouped under IIS) to view the Request Filtering properties page
  3. Select the File Name Extensions tab. This shows all the file extensions that are blocked by default. Note that by default, any file extensions not listed here are allowed. Nomad will fail to download any content that includes any of these file types
  4. Select the Hidden Segments tab. This shows all the folder names that are blocked by default. Nomad will fail to download any content where the URL path includes and of these Hidden Segments

Allowing restricted file extensions

In this task, you will learn how to reconfigure the Request Filtering to allow specific file extensions (in this case .config) to be served by the DP by removing the File Name Extension from the filter.

1ETRNCM
  1. Copy the CommandLinesAndQueries.txt file into c:\temp. This will ensure no changes are made mistakenly to the master copy of the file!
  2. The 'appcmd.exe' command lines used in the upcoming Tasks are available From the SkyTap Shared Drive shortcut on the desktop and browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\CommandLinesAndQueries.txt file. You may prefer to copy and paste the command lines into the command prompt to avoid typing errors.
  3. Start a command prompt (run as administrator) and change directory to C:\Windows\System32\inetsrv
  4. Run the following command
  5. appcmd set config /section:requestfiltering /-fileExtensions.[fileextension='.config']
    Although for optimal security you should only allow the specific file types that are included in your various packages, applications and software updates, practically you will probably want to remove all of the file extension filters on your DPs.

Allowing restricted folders (Hidden Segments)

In this task, you will learn how to reconfigure the Request Filtering to allow the \bin path segment that is blocked by default.

1ETRNCM
  1. From the command prompt, run the following command
  2. appcmd set config /section:requestfiltering /-hiddensegments.[segment='bin']

Allowing special characters (Double Escaping)

The third filtering option that may prevent Nomad from downloading content is allowDoubleEscaping. By default, any path or filename that includes special 'escape' characters are blocked by default. In this task, you will learn how to allow files with these special characters in their name to be downloaded.

1ETRNCM
  1. From the command prompt, run the following command
  2. appcmd set config /section:requestfiltering /allowdoubleescaping:true
  3. Repeat the steps in the exercise View default restrictions to view the effects of the changes you have made. The .config file extension should no longer be listed, nor should the bin folder in the Hidden Segments tab. (You may need to refresh the screen if IIS Manager was already open on the Request Filtering page)

Preparing for 1E Client Deployment

The Nomad agent functionality has been moved into the 1E Client Nomad Module in version 7 of Nomad. The 1E Client needs to be installed on all ConfigMgr Distribution Points and all clients. In this exercise, you will use the 1E Client Deployment Assistant to prepare for the installation of the 1E Client on the distribution point and clients in the lab.

Run the 1E Client Deployment Assistant

1ETRNCM
  1. On 1ETRNCM, logged on as 1ETRN\SCCMAdmin, open the SkyTap Shared Drive shortcut on the desktop and navigate to 1ETools\ClientDeploymentAssistant.v1.4.0.27.zip copy the file to C:\Temp then right click and extract all
  2. Double-click the 1EClientDeploymentAssistant.exe file in C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 to launch the wizard interactively
  3. On the Welcome page, click Next to begin
  4. Accept the license terms on the License Terms page and click Next
  5. On the ConfigMgr Connection page, with the Local ConfigMgr Site Server option selected, click the Connect button. When the status says "Connected", click Next
  6. On the 1E License File field click browse and select our licenses.txt file
  7. On the General Settings page, in the 1E ActiveEfficiency Server URL field type in http://1etrnap/ActiveEfficiency

  8. We could pre-populate these fields by editing the values in the AppImport.xml file in the 1E Client Deployment Assistant folder.
  9. On the Application Content Source and the Package Content Source fields type in \\1ETRNDC\ConfigMgrSource\Software
  10. The Application and Package content locations may be different in some production environments, but this training environment uses a common content location.
  11. Check the Distribute Content box and ensure that All Distribution Points is selected by default for the Distribution Point Group. Click Next on the General Settings page
  12. On the Agent Selection page, uncheck everything except PXE Everywhere 3.2.0.56 and 1E Client 4.1.0.267 and note that the license key for PXE Everywhere is imported from the licenses.txt file. Click Next
  13. On the PXE Everywhere 3.2.0.56 page check the Create Application and Create Package boxes. We do not need to create a deployment as we will deliver PXE Everywhere in a Task Sequence in order to stage our boot image. Uncheck the Create Application Deployment. Click Next
  14. On the PXE Everywhere settings page set the PXE Everywhere Central Web Service to: http://1etrncm.1etrn.local/PXELite/PXELiteConfiguration.asmx
  15. On the 1E Client 4.1.0.267 page, ensure that both Create Application and Create Application Deployment are selected along with Create Package. Ensure that the limiting collection is set to All Desktop and Server Clients and click Next

  16. The Client Deployment Assistant allows for the creation of packages and applications. Certain environments prefer one over the other. You can deselect either one, however, we will create both for this lab. We will deploy the client via the application, however use the package in a Task Sequence later in the labs.
  17. On the Tachyon and other client Settings page, uncheck the Enable Tachyon, and Enable Inventory checkboxes. We are not using these features in this class. Click Next
  18. On the Nomad Client Settings page, check the Enable Nomad checkbox, and accept the defaults for Log Path and Log Size. Ensure that only Hidden Nomad Share and Prevent Failing Over to BITS are selected. Click Next
  19. We will be enabling Single Site Download, Fanout and Peer Backup Assistant in later lab exercises.
  20. On the Summary page, wait for the summary to be compiled. Review all the actions that will be performed based on the settings selected in the wizard. When finished reviewing the summary, click Create
  21. The progress will be displayed as each task is completed. When the status is displayed as Successful, click Next
  22. On the Completionpage, note that all tasks completed successfully. Click Finish

Observe the results of running the 1E Client Deployment Assistant Wizard

In this task, we will observe the ConfigMgr objects created by running the 1E Client Deployment Assistant wizard.

1ETRNCM
  1. Open the ConfigMgr console, select the Assets and Compliance node and click on Device Collections
  2. Note that the 1E Client 4.1.0.267 – Required collection is created with All Desktop and Server Clients as the limiting collection and that there are no members
  3. Click on the Deployments tab for the collection and note that the 1E Client 4.1.0.267 Application is deployed to this collection
  4. Click on the Software Library node and select Applications in the Application Management section
  5. Click on the 1E Client 4.1.0.267 application and select the Deployment Types tab at the bottom of the console
  6. Note that the application has two Deployment Types created – 1E Client x86 and 1E Client x64

  7. When the 1E Client Deployment Assistant wizard is run, the deployment types that are created have been limited (using prerequisites) to workstation operating systems for the Nomad x86 deployment type and workstation and server operating systems for the Nomad x64 deployment type. This behavior is defined in the AppImport.xml file in the: C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 folder.
  8. Right-click the 1E Client x64 Deployment Type and select Properties
  9. Click on the Requirements tab, select the Operating system Requirement Type and click Edit
  10. In the list of operating systems, scroll down, and select the Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019. Click OK
  11. Click OK to close the 1E Client x64 Properties
  12. Select Packages under Application Management and note that there are two packages created – one for x86 and one for x64 and that each Package has two programs – one for install and one for uninstall

Deploy the 1E Client

In this exercise, we will use the collection and application created by the Endpoint Agent Installation wizard to deploy the 1E Client to all workstations.

Deploy 1E Client to Workstations and Distribution Point

1ETRNCM
  1. On 1ETRNCM, select the Assets and Compliance node of the ConfigMgr console and click on Devices
  2. Ensure all workstations have been powered on in SkyTap.
  3. Select the following machines from the device list (You may hold the CTRL key down and use multi-select)
  4. 1ETRNCM
    1ETRNW71
    1ETRNW72
    1ETRNW73
    1ETRNW101
    1ETRNW102
  5. Right-click on any of the selected devices and choose Add Selected Items > Add Selected Items to Existing Device Collection
  6. Select 1E Client 4.1.0.267 – Required and click OK
  7. Under Assets and Compliance, select Device Collections and observe the 1E Client 4.1.0.267 – Required collection. If the member count is still zero, you may need to refresh the collection to see the member count display six members

Monitor the progress of the installation

1ETRNCM
  1. In the ConfigMgr Console, select the Assets and Compliance workspace, select the Device Collections node then right-click 1E Client 4.1.0.267 – Required and select Client Notification > Download Computer Policy. A dialog box will pop up indicating there are six resources in this Collection. Click OK
  2. This process will cause each of the ConfigMgr clients to download the new deployment policy you have just created rather than waiting for them to do it on their regular schedule. In the lab environment, this interval is only 5 minutes rather than the default value of 60 minutes.
  3. Select the Monitoring workspace and select the Deployments node
  4. Right-click the 1E Client 4.1.0.267 deployment and select View Status monitor the progress (refresh periodically to view updated status information)
  5. Please note that this may not be updated very quickly because this information is provided by status/state messages sent up from the individual ConfigMgr client. Take a 5 minute break, and if it has still not updated, proceed to the next task – you will likely find that the agent has already been installed.

Review the Installation on the Workstations

1ETRNW71
  1. Log on to 1ETRNW71 as 1ETRN\User
  2. 1ETRN\User is a member of the Workstation Admins group and will be able to perform administrative tasks on the Lab Workstations.
  3. Double-click the services.msc shortcut on the desktop
  4. Note the 1E Nomad Branch and 1E Client services are running
  5. Leave the Services interface open and from the Start menu, right-click Computer and select Manage
  6. In the Computer Management interface, expand the Local Users and Groups node and click on the Users folder
  7. Note that the local user SMSNomadP2P& has been created
  8. In the Computer Management interface, expand the Shared Folders node and click on Shares
  9. Note that the NomadSHR$ share has been created. This is the Nomad cache
  10. Right-click the NomadSHR$ and select Properties from the context menu
  11. In the NomadSHR$ properties dialog, on the General tab, note the path to the share, and the 6 user (connection) limit
  12. Select the Share Permissions tab and note the permissions applied to the share
  13. Cancel the NomadSHR$ properties dialog to return to the Computer Management interface
  14. Leave the Computer Management interface open and return to the Services interface
  15. Right-click the 1E Nomad Branch service and select Stop
  16. Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is deleted when the service is stopped
  17. Switch to the Services interface and start the 1E Nomad Branch service
  18. Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is recreated when the service starts
  19. The Nomad share is deleted every time the Nomad service is stopped. The content in the Nomad share will still reside on the machine but won't be shared unless the service is running.

    If the P2P protocol is changed to HTTP(S), the share no longer plays a role in content sharing. The share will still exist, but will not be required, because we are no longer using SMB to connect to a share to copy content.

  20. Close the Services interface and the Computer Management interface
  21. Start Windows Explorer and browse to C:\ProgramData\1E\NomadBranch. This is the folder that is shared as NomadSHR$, and is the root of the Nomad cache
  22. Browse to the ConfigMgr Logs folder on the desktop and double-click the NomadBranch.log to open it. You will use this log file in future exercises to follow Nomad processing a distribution
  23. Observe the Nomad service startup activity at the beginning of the log. Note that the agent has created a hidden share, and has automatically set the option to use HTTP and SMB because it has detected an installed CM client

Your log should look like this.

  1. Close the NomadBranch.log file
  2. From the Start menu run regedit
  3. Navigate to HKLM\Software\1E\NomadBranch. This registry key contains all the configuration options used by Nomad
  4. In later labs you will learn how to use the Configuration Manager Compliance and Settings feature to manage the 1E Client settings in this registry key after the agent has been installed.

Changing the StatusMsgEvents using a the Create Nomad Baseline functionality

Nomad 6.3 introduced new functionality to manage Nomad settings on the client. Best practice is to manage client settings, which all reside in the registry, using CI's deployed via Configuration Baselines. Nomad has now productized this functionality to simplify the management of client settings. In this task, we will change the value of StatusMsgEvents from 0 to a specific number so the clients send data back to ActiveEfficiency which will then be used by the Nomad Dashboard.


1ETRNCM
  1. Logged in as 1ETRN\SCCMAdmin navigate to the Assets and Compliance workspace in the ConfigMgr console

  1. Expand Compliance Settings, click on Configuration Baselines. Note the Create Nomad Baseline button in the ribbon

  1. Click the Create Nomad Baseline button to start the wizard
  2. On the Configuration Type page, input Nomad Settings into the name
  3. Configuration Type – leave Configure settings manually selected. Configure settings using MSI Transform would be selected if you had a transform (.mst) created to perform the settings changes required. This setting will allow you to import the .msi and .mst files so you do not have to recreate the settings. Click Next
  4. On the Nomad Settings page, start typing StatusMsgEvents into the Registry Value Name field. It should autofill. Click on the value
  5. In the Registry Value box, input 0x1000000064. Click Next
  6. Copy the value from the doc so the correct value will be used. There are 7 zeros between the 1 and the 64.
  7. On the Summary page, click Apply
  8. Once completed, click Finish

Review the Configuration Baseline


  1. Click on the Assets and Compliance workspace in the ConfigMgr console
  2. Expand the Compliance Settings node. Select Configuration Items and Right-click on the newly created Configuration Baseline named Nomad Registry Settings - Nomad Settings and select Properties
  3. Click on the Settings tab and note StatusMsgEvents Registry Value setting
  4. Click the Edit button to review the setting
  5. Click on the Compliance Rules tab to confirm the condition reflects the value we defined for the setting. Click Cancel
  6. Click on the Compliance Rules tab of the CI and note that Remediate is set to Yes. Click Cancel to close out of the CI
  7. Navigate to the Configuration Baselines node and note the newly create baseline
  8. Right-click the Nomad Settings baseline and select Properties
  9. Click on the Evaluation Conditions tab and confirm the CI we just reviewed is listed there. Click Cancel
  10. Right-click the Configuration Baseline and select Deploy
  11. Check the Remediate noncompliant rules when supported and select Lab Workstations as the collection. 

This is what your window should look like this.  Then click Ok

  1. From the Device Collections node, right-click the Lab Workstations collection and initiate a machine policy refresh by selecting Client Notification - Download Computer Policy
1ETRNW71
  1. On 1ETRNW71, logged in as 1ETRN\User, run regedit
  2. Navigate to HKLM\software\1E\NomadBranch. Confirm the StatusMsgEvents setting is set to 0x0. Leave regedit open
  3. Open the ConfigMgr applet from the desktop
  4. Click on the Configurations tab and note the Nomad Settings baseline present
  5. It might take a minute or two for policy to refresh and the baseline to show. If you do not see it, wait a minute and then click Refresh.
  6. Click the Evaluate button, then Refresh. Note the Compliance value change to Compliant
  7. Return to regedit and refresh the view. Confirm the StatusMsgEvents settings has changed to the value we specified in the Configuration Item

Review the installation on the Distribution Point

The installation on the DP server results in the same 1E Client component being installed on the server, however the service will perform the LsZ generation and RDC processing as it identifies that it is running on a Site Server and DP.

1ETRNCM
  1. From the Start menu, click Services
  2. Note the 1E Nomad Branch and 1E Client services are running
  3. From the Start screen, start typing regedit and click regedit when it appears in the Search results. Note the HKLM\Software\1E\NomadBranch registry key
  4. As 1ETRNCM is running a 64-bit OS, the 64-bit version of the 1E Client has been installed based on the requirements of the Deployment Type.
  5. Navigate to C:\ProgramData\1E\NomadBranch folder. Note that as this is a DP, the agent has created the LSZFILES folder. Note that the folder is empty. When content is requested, this is where the LSZ files will be generated and stored
  6. Open the C:\Windows\CCM\Logs folder and double-click the NomadBranch.log file
  7. Note that we set the log file path in the Endpoint Agent Installation wizard based on where the ConfigMgr client logs are on client systems (C:\Windows\CCM\Logs) to make access to the CM client logs and the Nomad logs easier. Since this server had the management point role installed prior to the CM client installation, the CM client logs are actually located in C:\Program Files\SMS_CCM\Logs.
  8. Near the top of the log file, notice that the computer (1ETRNCM) has been identified as an SMS Site Server and an SMS Distribution Point

This is what your log should look like when Nomad identifies the DP

  1. Note also that the HTTP LsZ generation option (normally set in SpecialNetShare) has also been enabled as Nomad has detected this is a ConfigMgr Distribution Point and will therefore be using HTTP

This is what the log looks like when Nomad is installed on a DP for HTTP LsZ Generation

  1. Open Internet Information Services (IIS) Manager from the Start menu and expand 1ETRNCM\Sites\Default Web Site
  2. Note the LSZFILES and NOMAD_PKGCACHE virtual directories
  3. These virtual directories are in C:\ProgramData\1E\NomadBranch\LSZFILES and C:\ProgramData\1E\NomadBranch\NOMAD_PKGCACHE respectively. The LSZFILES directory store the LsZ files used for content validation and the NOMAD_PKGCACHE is the storage location for compressed (also compressed and encrypted) content when the Nomad SECure feature is used to compress the content.

    The Client version distribution tile in the Nomad Dashboard will eventually reflect the deployment of the 1E Client, but this will take a little time. A hardware inventory sync from the client machines must happen, and then that data is synced into ActiveEfficiency to populate the data in the dashboard tiles.

Installing the Nomad Download Monitor

The Nomad Branch Download Monitor is a useful admin tool to monitor Nomad activity on either the local or a remote client. In this exercise, you will create a new Application to install the download monitor and then deploy this to all workstations.

Create the Nomad Download Monitor Package and Program

1ETRNCM
  1. From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content and download DownloadMonitor.zip to c:\temp. Right click the file and choose Extract All. Copy the DownloadMonitor folder to \\1etrndc\ConfigMgrSource\Software. The DownloadMonitor folder contains the installer (msi) file and a transform (mst) file
  2. A shortcut to the ConfigMgrSource location has been created on the desktop, named ConfigMgr Content Source
  3. From the ConfigMgr Console, open the Software Library workspace, expand the Application Management node
  4. Right-click the Packages node and select Create Package to start the Create Package and Program Wizard
  5. On the Package page, enter Nomad Download Monitor as the Name. Check the option This package contains source files then click the Browse… button and enter or browse to \\1ETRNDC\ConfigMgrSource\Software\DownloadMonitor as the source folder. Click OK to close the Set Source Folder dialog, then click Next
  6. On the Program Type page ensure Standard program is selected and click Next
  7. On the Standard Program page enter the following details and click Next
  8. Name: Install Nomad Download Monitor
    Command line: msiexec /i NomadBranchGUI.msi TRANSFORMS=NomadGUIAdvancedMode.mst /qn
    Program can run: Whether or not a user is logged on
    The default install of the Nomad Download Monitor is in Basic Mode (UI=0). Basic Mode provides only progress bars. Advanced Mode (UI=1) allows adjustment of the workrate and allows connection to remote clients for remote monitoring. The transform contains the configuration to allow Nomad Download Monitor to be deployed in Advanced Mode.
  9. Click Next
  10. On the Requirements page click Next
  11. On the Nomad Settings page select Enable Nomad and click Next
  12. This will be the first bit of content that the newly installed Nomad clients will download.
  13. On the Summary page, click Next then close the wizard when it completes
  14. From the Packages node, right-click the Nomad Download Monitor package and select Distribute Content to start the Distribute Content Wizard
  15. On the General page click Next
  16. On the Content Destination page click Add, select Distribution Point, and select the 1ETRNCM.1ETRN.LOCAL Distribution Point. Click OK. Click Next
  17. On the Summary page click Next, then click Close when the wizard completes

Deploy the Nomad Download Monitor

In a production environment, you would normally only deploy the Nomad Download Monitor to administrators' workstations, using the Advanced UI (UI=1) option to allow connection to any 1E Client for monitoring. In this task, you will deploy the Download Monitor onto all workstations for convenience.

1ETRNCM
  1. From the Packages node in the ConfigMgr Console, right-click the Nomad Download Monitor package and select Deploy to start the Deploy Software Wizard
  2. On the General page, select the Lab Workstations Collection by clicking the Browse… button to the right of the Collection field. Once the collection is selected click OK to close the Select Collection dialog. Click Next
  3. On the Content page ensure the 1ETRNCM Distribution Point is listed in the top half of the page and click Next
  4. On the Deployment Settings page, note that the Action is set to Install and ensure that the Purpose to Required and click Next
  5. On the Scheduling page click New… to create a new Assignment Schedule then from the Assignment Schedule dialog box click OK to use the default (current time) schedule and return to the Scheduling page. Click Next
  6. On the User Experience page select Allow users to run the program independently of assignments and click Next
  7. On the Distribution Points page ensure the Deployment options are set to Download content from distribution point and run locally in both drop-downs, make sure the box Allow clients to use distribution points from the default site boundary group is unchecked, click Next
  8. On the Summary page, review the settings and click Next
  9. When the wizard completes click Close
  10. Use the Client Notifications feature (as described in step 134) to make sure all the clients in the Lab Workstations Collection download the new deployment policy without having to wait
1ETRNAP
  1. Open a Command Prompt (run as administrator) and switch to the C:\Program Files (x86)\1E\ActiveEfficiency\Service directory
  2. Leave the command prompt window open, we'll be back shortly to use it again.
  3. Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency
  4. ServiceHost.exe -NomadSyncAll
    We are forcing a sync between ConfigMgr and ActiveEfficiency here to review the status of this deployment in the Nomad dashboard.
1ETRNCM
  1. Open the Nomad Dashboard under the Monitoring workspace and observe the Deployments tile
  2. The Download Progress for this deployment should indicate what percentage of the targeted machines have started the download yet. The percentage will be driven by how fast the machines retrieved the software distribution policy
  3. The Caching Metrics tile will potentially have data available, but this is dependent on machines retrieving policy
  4. We will revisit these tiles in a few minutes to see what changed
  5. The Client version distribution tile might now show the client version of some or all clients as well

Verify the installation

All Workstations
  1. When the above deployment has completed on the clients, log on to all of them as 1ETRN\User and check the following

  1. Note the new Nomad icon in the system tray.

  1. If the download monitor is not running, launch it from the Start menu
  2. Double-click the Nomad icon in the system tray to open the UI. Note that there is a Connect option in the top menu and a table labelled All downloads in the middle of the GUI. This indicates that the GUI was installed in Advanced mode (UI=1 on the msiexec command line)
  3. Close the Download Monitor
  4. Note that when you close the UI, the icon remains in the system tray and the monitor is still active. To completely exit the monitor, right-click the system tray icon and select  Exit  from the context menu.
1ETRNAP
  1. Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency
  2. ServiceHost.exe -NomadSyncAll
1ETRNCM
  1. Open the Nomad Dashboard in the ConfigMgr console and observe the changes in the Deployments tiles. Download Progress shows 100% complete and the Caching Metrics show that 60% of the clients retrieved content from a peer while 40% retrieved the content from the DP
  2. Why are we seeing these proportions here? Ask your instructor if you aren't sure
  3. Click the expand button on either tile to get more details

Lab Summary

In this lab, you have learned how to install the Nomad extensions to the ConfigMgr console and the additional tools that are used during an Operating System Deployment Task Sequence. The Nomad Tools installer updates OSDINJECTION.XML to ensure these tools are added to all future boot images.

You then used the 1E Endpoint Agent Installation wizard to create the ConfigMgr deployment objects (collections, packages, applications and deployment types) to support the deployment of the 1E Client on the client workstations. You have learned where the 1E Client is installed and where the Nomad cache is located.
You have begun to explore the data presented in the Nomad Dashboard as we've deployed the Nomad Agent and Nomad-enabled content. In order for the Dashboard to populate, we changed a value in the Nomad settings using the Create Nomad Baseline functionality.
Finally, you installed the Nomad Branch download monitor that will be used in later exercises to observe Nomad behaviour.

Next Page
Ex 2 - Nomad 7.0 - Deploying Software using Nomad