All command lines and queries used throughout the lab exercises are available by accessing the SkyTap Shared Drive shortcut on the desktop and browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\CommandLinesAndQueries.txt file to make copying and pasting within the virtual machines easier.

Installing the Nomad Components

In this lab, you will install ActiveEfficiency on the Application server, the Nomad Components on the ConfigMgr server, and the Nomad client on the Distribution Point and the workstations.

Install ActiveEfficiency Server

ActiveEfficiency Server is a core component of 1E solutions that discovers and stores information about the IT environment from various data sources. Nomad uses ActiveEfficiency to support the Single Site Download (SSD), Single Site Peer Backup Assistant (SSPBA), Nomad Pre-Cache and WakeUp Integration features. 

In this exercise, you will learn how to install and configure ActiveEfficiency Server for use with Nomad.

Other 1E solutions use ActiveEfficiency in different ways. This exercise covers the necessary steps required to install ActiveEfficiency for use with Nomad. Please refer to the ActiveEfficiency documentation for further information on sizing and capacity planning for your specific requirements.

Enable the Distributed Transaction Coordinator (MSDTC)

To support Nomad features, ActiveEfficiency will need to be able to synchronize with the ConfigMgr database. For this to succeed, the Distributed Transaction Coordinator needs to be configured. In this task, MSDTC will be set on the ConfigMgr server.

1ETRNCM

  1. Log on to 1ETRNCM as 1ETRN\SCCMAdmin and launch Server Manager
  2. Open Component Services from the Tools menu
  3. Expand Component Services\Computers\My Computer\Distributed Transaction Coordinator
  4. Right-click on Local DTC and select Properties
  5. Select the Security tab
  6. In the Security Settings section, check the Network DTC Access.
  7. In the Client and Administration subsection, select Allow Remote Clients. In the Transaction Manager Communication subsection, check Allow Inbound and Allow Outbound with the Mutual Authentication Required option selected.
  8. Select the Enable XA Transactions checkboxes and uncheck the Enable SNA LU 6.2 Transactions checkbox
  9. In the DTC Logon Account section, accept the default of NT AUTHORITY\NetworkService
  10. Click OK
  11. A prompt will be displayed warning you that the MSDTC service will be restarted. Click Yes to proceed
  12. Click OK on the MSDTC Service dialog box
  13. Close the Component Services MMC Snap-in and close Server Manager

Install required Windows Role Services and Features

ActiveEfficiency requires certain Web Server Role Services, which you will install on the application server in this task.

1ETRNAP



Log into 1ETRNAP as 1ETRN\AppInstaller and open Server Manager


From the Manage menu (top-right menu bar) select Add Roles and Features to start the Add Roles and Features Wizard


On the Before you begin page click Next


On the Select Installation Type page ensure Role-based or feature-based installation is selected and click Next


On the Select destination server page, ensure the local server (1ETRNAP.1ETRN.local) is selected and click Next


On the Select server roles page, locate and expand the Web Server (IIS) server role then expand the Web Server role service


Expand Common HTTP Features and select Default Document and Static Content


Expand Performance and select Static Content Compression


Expand Security and select Windows Authentication


Expand Application Development and select ASP.NET 4.6. You will be prompted to add the ISAPI Filters, ISAPI Extensions and .NET Extensibility 4.6 role services required by ASP.NET 4.6. Click Add Features to include these then click Next


On the Features page, select Message Queuing and click Next


ActiveEfficiency requires Microsoft Message Queuing (MSMQ) to support WakeUp integration with Nomad. If you are only using ActiveEfficiency for Nomad Single Site Download, MSMQ Is not needed, in which case, the 1E ActiveEfficiency windows service would not be installed when you install ActiveEfficiency Server. WakeUp integration is covered in an additional course module (1EWAK03-71 WakeUp and Nomad Integration) which can be appended to this course so we'll install MSMQ for future use. Additionally, the ActiveEfficiency Service is required for Nomad synchronization with the ConfigMgr database. This synchronization supports the Dynamic Nomad Precaching feature.No thats





The Confirm installation selections page should now show the following Role Services and Features






Click Install


When the installation completes, close the wizard


Install ActiveEfficiency Server

In this task, you will install ActiveEfficiency Server on the Application server (1ETRNAP)

1ETRNAP



From the SkyTap Shared Drive shortcut on the desktop navigate to:
1E Nomad Course Content\Nomad 7.0 Course Content\ download and copy 1EActiveEfficiency.zip to C:\Temp once copied right click and select extract all


From the Windows Start screen, right-click Command Prompt and select Run as administrator


Switch to the C:\Temp\1EActiveEfficiency\activeefficiency.v1.10.0.62 folder and run the following command line to start the ActiveEfficiency installation wizard


msiexec /i ActiveEfficiencyServer.msi patch=C:\Temp\1EActiveEfficiency\activeefficiency.v1.10.0.62\Q20481-activeefficiencyserver.v1.10.0.62.msp /l*v AEServer-Install.log


On the Welcome page click Next


On the License Agreement page select, I accept the terms of the license agreement and click Next


On the Prerequisite Checks page, ensure all checks have passed and click Next


As noted previously, it is possible to install ActiveEfficiency Server without the 1E ActiveEfficiency windows service if you are not using any of the features that require this service. If MSMQ is not installed at this point in the ActiveEfficiency Server installation wizard, the MSMQ check will fail, but installation can proceed. You can add the 1E ActiveEfficiency Service at a later date by installing MSMQ then uninstalling and reinstalling ActiveEfficiency Server.


On the Destination Folder page accept the default location and click Next


On the Database Server page select the (local) database server from the drop down and leave the database name as ActiveEfficiency. Click Next


In production environments, it is best practice to create the ActiveEfficiency database at the required size before running the installation to avoid the database files having to auto-grow considerably, which would impact performance.


On the ActiveEfficiency Website Settings click Next


On the Nomad synchronization page, check the Enable Nomad Sync option, enter


1ETRNCM 
CM_PS1 
5


On the Ready to Install the Program page click Install


The Installing database step takes several minutes to complete.


When the wizard completes, click Finish


Review the installation

In this task, you will observe the changes made by the ActiveEfficiency server installation

1ETRNAP



Browse to C:\Program Files (x86)\1E\ActiveEfficiency and note the following folders


Folder

Description

Notes

Database

Files used to create and manage the database

Always created

DeployCertificate

Binaries associated with deploying a certificate to the client for communication with the 1E ActiveEfficiency cloud service

Only created if MSMQ prerequisite is installed

Service

Binaries associated with the ActiveEfficiency service

Only created if MSMQ prerequisite is installed

Web

Binaries associated with the ActiveEfficiency Web Service

Always created


Open the Internet Information Services (IIS) Manager and expand the 1ETRNAP server node


Select the Application Pools node and note the ActiveEfficiency Application Pool, running with the identity of NetworkService


Expand Sites, then the Default Web Site and select the ActiveEfficiency Web Site. Click the Basic Settings link (under Actions on the right) and note that the physical location is the Web\WebService folder identified in step 41. Click Cancel to close the dialog box


Close Internet Information Services (IIS) Manager


Open Chrome and browse to http://localhost/ActiveEfficiency


This page provides a simple interface to the ActiveEfficiency web service, which is used to read or write data in the ActiveEfficiency database. Nomad uses the Devices and Locations tables that are exposed through this interface, as well as some other tables that are not.


Click the Devices and Locations links in turn and observe devices and locations are currently empty. In a later exercise you will populate Locations, and later the 1E Clients will register with ActiveEfficiency and populate Devices


Open the Registry Editor and navigate to HKLM\Software\Wow6432Node\1E\ActiveEfficiency. The values in this registry key define the ActiveEfficiency website settings, installation directory, SQL server instance, and ActiveEfficiency version. Close the Registry Editor


Start the SQL Server Management Studio from the Start screen and connect to the local server. Expand the Databases node and note the ActiveEfficiency database


Expand the ActiveEfficiency database and review the tables. Close SQL Server Management Studio



1ETRNCM



Open Computer Management on 1ETRNCM and look at the properties of the ConfigMgr_DViewAccess local group. Note that 1ETRN\1ETRNAP has been added to the group


Installing the ConfigMgr Console extensions for Nomad

To enable the ConfigMgr client to interpret the Nomad settings and ensure Content Transfer Manager hands over content transfer jobs to Nomad to download content, we need to extend the standard software deployment and client settings policies associated with Packages, Applications and Software Updates. The additional Nomad attributes are configured through the ConfigMgr console by way of custom console extensions, which add properties pages to the standard Package, Driver Package, Operating System Image, Boot Image, Task Sequence, and Client Settings dialog boxes and wizards. In this exercise, you will install these ConfigMgr console extensions on the ConfigMgr server.

In a production environment, where you may have the ConfigMgr console installed on additional administrators' workstations, you would need to install the console extensions on any machine running the ConfigMgr console.

Install Nomad ConfigMgr Console Extensions

In this task, you will install the Nomad extensions to the ConfigMgr console on the CM server.

1ETRNCM



Log on to 1ETRNCM as 1ETRN\SCCMAdmin


Ensure the ConfigMgr console is closed


From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content\ download and Copy NomadBranch.v7.0.0.205.zip to C:\Temp once copied right click and extract all


From the Start screen, right-click Command Prompt and select Run as administrator. Change directory to C:\Temp\NomadBranch.v7.0.0.205\NomadBranch.v7.0.0.205 and run the following command


msiexec /i NomadBranchAdminUIExt.msi /l*v NomadUIExt-Install.log


On the Welcome screen, click Next


Accept the terms in the license agreement on the License Agreement page and click Next


On the Nomad Pre-Caching page, enter http://1ETRNAP/ActiveEfficiency for the ActiveEfficiency URL and click Next


On the Nomad Tachyon Integration page, click Next


On the Ready to Install the Program page click Install


When the installation has completed, click Finish


Confirm the admin console extensions have been installed

1ETRNCM



Start the ConfigMgr Console from the taskbar


Open the Administration workspace and select the Client Settings node


Note that the ribbon has a 1E Nomad button. Click the button and select Nomad Properties


Note that Nomad Settings dialog enables you to configure Nomad settings for Application Management and Software Updates. Do not make any changes at this point (click Cancel)


Open the Software Library workspace and expand the Application Management node. Click on the Packages node


Right-click the CMTrace package and note that there is a new item at the bottom of the context menu named Pre-cache content using Nomad. We will explore that feature later in the lab exercises


Select Properties from the context menu


Note that a new Nomad tab has been added to the Package Properties dialog box


Click Cancel in the dialog box to close it without any changes


Close the ConfigMgr console


Installing the Nomad Tools for OSD

To extend Nomad functionality as it relates to OS Deployment, we need to install certain Nomad components onto each Primary Site Server where we intend to administer task sequence packages to use Nomad as the Alternate Content Provider. In this exercise, you will install the tools and observe the changes made by the installation.

Install the Nomad Tools for OSD

1ETRNCM



From the previously used command prompt, run the following command


msiexec /i NomadBranchTools.msi /l*v NomadTools-install.log


On the Welcome screen, click Next


Accept the terms of the license agreement on the License Agreement page and click Next


On the Ready to Install the Program page click Install


When the installation has completed, click Finish


Confirm the Nomad Tools for OSD installation



Open the ConfigMgr console. Open the Software Library workspace, expand the Operating Systems node and select Task Sequences


Right-click the Windows 10 Ent – Basic ConfigMgr Task Sequence and select Edit from the context menu


In the Windows 10 Ent – Basic ConfigMgr Task Sequence Editor, click on the Add button and note that 1E tasks that have been added to the Task Sequence editor


If Add does not open the list of tasks, close the ConfigMgr console and the VM tab in your browser and reopen it.


Click Cancel to close the Task Sequence editor without saving any changes


Browse to C:\Program Files\Microsoft Configuration Manager\OSD\bin\i386 and sort files by Date Modified (descending). Note the following files have been added


If you don't see the files, you are likely in the wrong place. Please ensure you are using the correct path, for this task as well as the task below!

C:\Temp\1EActiveEfficiency\1EActiveEfficiency\activeefficiency.v1.10.0.62




These are the files you should see in the folder.




64-bit versions of these tools are also installed in the OSD\Bin\x64 folder.


Open C:\Program Files\Microsoft Configuration Manager\bin\x64\osdinjection.xml in Notepad


Search for any of the files listed above and confirm they have been added


Close the XML file, ensuring no changes were made. If asked to save the file, click Don't Save


This manifest defines the files that are to be added into the Windows PE boot image when it is updated on a DP. Note that the files listed above, except the .PDB files, have been added to this manifest, ensuring that they will be added to all boot images that are updated on a DP from this point on.


The Nomad Dashboard – First Look

Nomad 6.x introduced the Nomad Dashboard that provides a graphical summary of how Nomad is configured and operating within your estate. Accessible within the CM console or via a Web browser, it has a set of tiles that provide you with a view of all your Nomad related activities.

The Nomad client health tile will no longer populate, client health should be checked using Guaranteed State within Tachyon.

The Nomad Dashboard

1ETRNCM



Open the Monitoring workspace in the ConfigMgr console and expand the 1E Nomad folder at the bottom of the left-hand pane. Note the two items: Dashboard and Pre-caching Jobs. Pre-caching Jobs will be empty right now


Select Dashboard and observe the tiles presented in the main pane. There won't be much to look at right now, but we will come back to the Dashboard at different times to observe the data presented here


Hover over the different bars in the Content by type tile to see status of Nomad across the different content


Use [CTRL +] and [CTRL -] to adjust how the tiles are displayed in the dashboard


Make sure you click in the dashboard prior to using [CTRL -] as it will lower the display size (zoom) percentage of the browser hosting the VM and shrink it down.


Browse to http://1ETRNAP/ActiveEfficiency/NomadDashboard in a browser to see the Nomad Dashboard as a standalone web page.  The [CTRL +] and [CTRL -] work in the web page as well


This allows access to the Nomad dashboard without provisioning rights within the ConfigMgr console.


Understanding IIS Request Filtering on DPs

IIS 7 introduced IIS Request Filtering. This security feature allows administrators to configure IIS to block requests for specific file types and URL paths that include specific folder names or special characters. By default, IIS Request Filtering will block a number of file extensions and folder paths that may occur in distribution of content (Packages, Applications and Software Updates). 

Although the Microsoft documentation highlights this issue (http://technet.microsoft.com/en-gb/library/gg712264.aspx#BKMK_RequestFiltering), the ConfigMgr client actually bypasses this security measure by using a custom method when querying for the file rather than a standard HTTP GET for the file directly. 1E has developed Nomad per Microsoft security best practice, which means that we do a standard HTTP GET for the file that will be filtered by the IIS Request Filtering security feature. It is therefore necessary when using Nomad to follow the guidance in the Microsoft documentation and configure the IIS Request Filter on all Distribution Points to allow any file extensions, paths and special characters that may occur in your ConfigMgr content.
In this exercise, you will learn how to modify the filters to accommodate different scenarios.

View default restrictions

In this task, you will observe the file extensions and URL path elements that IIS Request Filtering blocks by default.

1ETRNCM



On 1ETRNCM start Internet Information Services (IIS) Manager from the Start screen


Select the 1ETRNCM server in the tree view on the left, then double-click the Request Filtering icon in the panel on the right (grouped under IIS) to view the Request Filtering properties page


Select the File Name Extensions tab. This shows all the file extensions that are blocked by default. Note that by default, any file extensions not listed here are allowed. Nomad will fail to download any content that includes any of these file types


Select the Hidden Segments tab. This shows all the folder names that are blocked by default. Nomad will fail to download any content where the URL path includes and of these Hidden Segments


Allowing restricted file extensions

In this task, you will learn how to reconfigure the Request Filtering to allow specific file extensions (in this case .config) to be served by the DP by removing the File Name Extension from the filter.

1ETRNCM



Copy the CommandLinesAndQueries.txt file into c:\temp. This will ensure no changes are made mistakenly to the master copy of the file!


The 'appcmd.exe' command lines used in the upcoming Tasks are available From the SkyTap Shared Drive shortcut on the desktop and browsing to 1E Nomad - Course Content\Nomad 7.0 Course Content\CommandLinesAndQueries.txt file. You may prefer to copy and paste the command lines into the command prompt to avoid typing errors.


Start a command prompt (run as administrator) and change directory to C:\Windows\System32\inetsrv


Run the following command


appcmd set config /section:requestfiltering /-fileExtensions.[fileextension='.config']


Although for optimal security you should only allow the specific file types that are included in your various packages, applications and software updates, practically you will probably want to remove all of the file extension filters on your DPs.


Allowing restricted folders (Hidden Segments)

In this task, you will learn how to reconfigure the Request Filtering to allow the \bin path segment that is blocked by default.

1ETRNCM



From the command prompt, run the following command


appcmd set config /section:requestfiltering /-hiddensegments.[segment='bin']


Allowing special characters (Double Escaping)

The third filtering option that may prevent Nomad from downloading content is allowDoubleEscaping. By default, any path or filename that includes special 'escape' characters are blocked by default. In this task, you will learn how to allow files with these special characters in their name to be downloaded.

1ETRNCM



From the command prompt, run the following command


appcmd set config /section:requestfiltering /allowdoubleescaping:true


Repeat the steps in the exercise View default restrictions to view the effects of the changes you have made. The .config file extension should no longer be listed, nor should the bin folder in the Hidden Segments tab. (You may need to refresh the screen if IIS Manager was already open on the Request Filtering page)


Preparing for 1E Client Deployment

The Nomad agent functionality has been moved into the 1E Client Nomad Module in version 7 of Nomad. The 1E Client needs to be installed on all ConfigMgr Distribution Points and all clients. In this exercise, you will use the 1E Client Deployment Assistant to prepare for the installation of the 1E Client on the distribution point and clients in the lab.

Run the 1E Client Deployment Assistant

1ETRNCM



On 1ETRNCM, logged on as 1ETRN\SCCMAdmin, open the SkyTap Shared Drive shortcut on the desktop and navigate to 1ETools\ClientDeploymentAssistant.v1.4.0.27.zip copy the file to C:\Temp then right click and extract all


Double-click the 1EClientDeploymentAssistant.exe file in C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 to launch the wizard interactively


On the Welcome page, click Next to begin


Accept the license terms on the License Terms page and click Next


On the ConfigMgr Connection page, with the Local ConfigMgr Site Server option selected, click the Connect button. When the status says "Connected", click Next


On the 1E License File field click browse and select our licenses.txt file


On the General Settings page, in the 1E ActiveEfficiency Server URL field type in http://1etrnap/ActiveEfficiency


We could pre-populate these fields by editing the values in the AppImport.xml file in the 1E Client Deployment Assistant folder.


On the Application Content Source and the Package Content Source fields type in \\1ETRNDC\ConfigMgrSource\Software


The Application and Package content locations may be different in some production environments, but this training environment uses a common content location.


Check the Distribute Content box and ensure that All Distribution Points is selected by default for the Distribution Point Group. Click Next on the General Settings page


On the Agent Selection page, uncheck everything except PXE Everywhere 3.2.0.56 and 1E Client 4.1.0.267 and note that the license key for PXE Everywhere is imported from the licenses.txt file. Click Next


On the PXE Everywhere 3.2.0.56 page check the Create Application and Create Package boxes. We do not need to create a deployment as we will deliver PXE Everywhere in a Task Sequence in order to stage our boot image. Uncheck the Create Application Deployment. Click Next


On the PXE Everywhere settings page set the PXE Everywhere Central Web Service to: http://1etrncm.1etrn.local/PXELite/PXELiteConfiguration.asmx


On the 1E Client 4.1.0.267 page, ensure that both Create Application and Create Application Deployment are selected along with Create Package. Ensure that the limiting collection is set to All Desktop and Server Clients and click Next


The Client Deployment Assistant allows for the creation of packages and applications. Certain environments prefer one over the other. You can deselect either one, however, we will create both for this lab. We will deploy the client via the application, however use the package in a Task Sequence later in the labs.


On the Tachyon and other client Settings page, uncheck the Enable Tachyon, and Enable Inventory checkboxes. We are not using these features in this class. Click Next


On the Nomad Client Settings page, check the Enable Nomad checkbox, and accept the defaults for Log Path and Log Size. Ensure that only Hidden Nomad Share and Prevent Failing Over to BITS are selected. Click Next


We will be enabling Single Site Download, Fanout and Peer Backup Assistant in later lab exercises.


On the Summary page, wait for the summary to be compiled. Review all the actions that will be performed based on the settings selected in the wizard. When finished reviewing the summary, click Create


The progress will be displayed as each task is completed. When the status is displayed as Successful, click Next


On the Completionpage, note that all tasks completed successfully. Click Finish


Observe the results of running the 1E Client Deployment Assistant Wizard

In this task, we will observe the ConfigMgr objects created by running the 1E Client Deployment Assistant wizard.

1ETRNCM



Open the ConfigMgr console, select the Assets and Compliance node and click on Device Collections


Note that the 1E Client 4.1.0.267 – Required collection is created with All Desktop and Server Clients as the limiting collection and that there are no members


Click on the Deployments tab for the collection and note that the 1E Client 4.1.0.267 Application is deployed to this collection


Click on the Software Library node and select Applications in the Application Management section


Click on the 1E Client 4.1.0.267 application and select the Deployment Types tab at the bottom of the console


Note that the application has two Deployment Types created – 1E Client x86 and 1E Client x64


When the 1E Client Deployment Assistant wizard is run, the deployment types that are created have been limited (using prerequisites) to workstation operating systems for the Nomad x86 deployment type and workstation and server operating systems for the Nomad x64 deployment type. This behavior is defined in the AppImport.xml file in the: C:\Temp\1EClientDeploymentAssistant.v1.4.0.27 folder.


Right-click the 1E Client x64 Deployment Type and select Properties


Click on the Requirements tab, select the Operating system Requirement Type and click Edit


In the list of operating systems, scroll down, and select the Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019. Click OK


Click OK to close the 1E Client x64 Properties


Select Packages under Application Management and note that there are two packages created – one for x86 and one for x64 and that each Package has two programs – one for install and one for uninstall


Deploy the 1E Client

In this exercise, we will use the collection and application created by the Endpoint Agent Installation wizard to deploy the 1E Client to all workstations.

Deploy 1E Client to Workstations and Distribution Point

1ETRNCM



On 1ETRNCM, select the Assets and Compliance node of the ConfigMgr console and click on Devices


Ensure all workstations have been powered on in SkyTap.


Select the following machines from the device list (You may hold the CTRL key down and use multi-select)


1ETRNCM
1ETRNW71
1ETRNW72
1ETRNW73
1ETRNW101
1ETRNW102


Right-click on any of the selected devices and choose Add Selected Items > Add Selected Items to Existing Device Collection


Select 1E Client 4.1.0.267 – Required and click OK


Under Assets and Compliance, select Device Collections and observe the 1E Client 4.1.0.267 – Required collection. If the member count is still zero, you may need to refresh the collection to see the member count display six members


Monitor the progress of the installation

1ETRNCM



In the ConfigMgr Console, select the Assets and Compliance workspace, select the Device Collections node then right-click 1E Client 4.1.0.267 – Required and select Client Notification > Download Computer Policy. A dialog box will pop up indicating there are six resources in this Collection. Click OK


This process will cause each of the ConfigMgr clients to download the new deployment policy you have just created rather than waiting for them to do it on their regular schedule. In the lab environment, this interval is only 5 minutes rather than the default value of 60 minutes.


Select the Monitoring workspace and select the Deployments node


Right-click the 1E Client 4.1.0.267 deployment and select View Status monitor the progress (refresh periodically to view updated status information)


Please note that this may not be updated very quickly because this information is provided by status/state messages sent up from the individual ConfigMgr client. Take a 5 minute break, and if it has still not updated, proceed to the next task – you will likely find that the agent has already been installed.


Review the Installation on the Workstations

1ETRNW71



Log on to 1ETRNW71 as 1ETRN\User


1ETRN\User is a member of the Workstation Admins group and will be able to perform administrative tasks on the Lab Workstations.


Double-click the services.msc shortcut on the desktop


Note the 1E Nomad Branch and 1E Client services are running


Leave the Services interface open and from the Start menu, right-click Computer and select Manage


In the Computer Management interface, expand the Local Users and Groups node and click on the Users folder


Note that the local user SMSNomadP2P& has been created


In the Computer Management interface, expand the Shared Folders node and click on Shares


Note that the NomadSHR$ share has been created. This is the Nomad cache


Right-click the NomadSHR$ and select Properties from the context menu


In the NomadSHR$ properties dialog, on the General tab, note the path to the share, and the 6 user (connection) limit


Select the Share Permissions tab and note the permissions applied to the share


Cancel the NomadSHR$ properties dialog to return to the Computer Management interface


Leave the Computer Management interface open and return to the Services interface


Right-click the 1E Nomad Branch service and select Stop


Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is deleted when the service is stopped


Switch to the Services interface and start the 1E Nomad Branch service


Return to the Computer Management interface and refresh the Shares node. Note that the NomadSHR$ share is recreated when the service starts


The Nomad share is deleted every time the Nomad service is stopped. The content in the Nomad share will still reside on the machine but won't be shared unless the service is running.

If the P2P protocol is changed to HTTP(S), the share no longer plays a role in content sharing. The share will still exist, but will not be required, because we are no longer using SMB to connect to a share to copy content.


Close the Services interface and the Computer Management interface


Start Windows Explorer and browse to C:\ProgramData\1E\NomadBranch. This is the folder that is shared as NomadSHR$, and is the root of the Nomad cache


Browse to the ConfigMgr Logs folder on the desktop and double-click the NomadBranch.log to open it. You will use this log file in future exercises to follow Nomad processing a distribution


Observe the Nomad service startup activity at the beginning of the log. Note that the agent has created a hidden share, and has automatically set the option to use HTTP and SMB because it has detected an installed CM client




Your log should look like this.




Close the NomadBranch.log file


From the Start menu run regedit


Navigate to HKLM\Software\1E\NomadBranch. This registry key contains all the configuration options used by Nomad


In later labs you will learn how to use the Configuration Manager Compliance and Settings feature to manage the 1E Client settings in this registry key after the agent has been installed.


Changing the StatusMsgEvents using a the Create Nomad Baseline functionality

Nomad 6.3 introduced new functionality to manage Nomad settings on the client. Best practice is to manage client settings, which all reside in the registry, using CI's deployed via Configuration Baselines. Nomad has now productized this functionality to simplify the management of client settings. In this task, we will change the value of StatusMsgEvents from 0 to a specific number so the clients send data back to ActiveEfficiency which will then be used by the Nomad Dashboard.


1ETRNCM



Logged in as 1ETRN\SCCMAdmin navigate to the Assets and Compliance workspace in the ConfigMgr console





Expand Compliance Settings, click on Configuration Baselines. Note the Create Nomad Baseline button in the ribbon





Click the Create Nomad Baseline button to start the wizard


On the Configuration Type page, input Nomad Settings into the name


Configuration Type – leave Configure settings manually selected. Configure settings using MSI Transform would be selected if you had a transform (.mst) created to perform the settings changes required. This setting will allow you to import the .msi and .mst files so you do not have to recreate the settings. Click Next


On the Nomad Settings page, start typing StatusMsgEvents into the Registry Value Name field. It should autofill. Click on the value


In the Registry Value box, input 0x1000000064. Click Next


Copy the value from the doc so the correct value will be used. There are 7 zeros between the 1 and the 64.


On the Summary page, click Apply


Once completed, click Finish


Review the Configuration Baseline



Click on the Assets and Compliance workspace in the ConfigMgr console


Expand the Compliance Settings node. Select Configuration Items and Right-click on the newly created Configuration Baseline named Nomad Registry Settings - Nomad Settings and select Properties


Click on the Settings tab and note StatusMsgEvents Registry Value setting


Click the Edit button to review the setting


Click on the Compliance Rules tab to confirm the condition reflects the value we defined for the setting. Click Cancel


Click on the Compliance Rules tab of the CI and note that Remediate is set to Yes. Click Cancel to close out of the CI


Navigate to the Configuration Baselines node and note the newly create baseline


Right-click the Nomad Settings baseline and select Properties


Click on the Evaluation Conditions tab and confirm the CI we just reviewed is listed there. Click Cancel


Right-click the Configuration Baseline and select Deploy


Check the Remediate noncompliant rules when supported and select Lab Workstations as the collection. 




This is what your window should look like this.  Then click Ok




From the Device Collections node, right-click the Lab Workstations collection and initiate a machine policy refresh by selecting Client Notification - Download Computer Policy



1ETRNW71



On 1ETRNW71, logged in as 1ETRN\User, run regedit


Navigate to HKLM\software\1E\NomadBranch. Confirm the StatusMsgEvents setting is set to 0x0. Leave regedit open


Open the ConfigMgr applet from the desktop


Click on the Configurations tab and note the Nomad Settings baseline present


It might take a minute or two for policy to refresh and the baseline to show. If you do not see it, wait a minute and then click Refresh.


Click the Evaluate button, then Refresh. Note the Compliance value change to Compliant


Return to regedit and refresh the view. Confirm the StatusMsgEvents settings has changed to the value we specified in the Configuration Item


Review the installation on the Distribution Point

The installation on the DP server results in the same 1E Client component being installed on the server, however the service will perform the LsZ generation and RDC processing as it identifies that it is running on a Site Server and DP.

1ETRNCM



From the Start menu, click Services


Note the 1E Nomad Branch and 1E Client services are running


From the Start screen, start typing regedit and click regedit when it appears in the Search results. Note the HKLM\Software\1E\NomadBranch registry key


As 1ETRNCM is running a 64-bit OS, the 64-bit version of the 1E Client has been installed based on the requirements of the Deployment Type.


Navigate to C:\ProgramData\1E\NomadBranch folder. Note that as this is a DP, the agent has created the LSZFILES folder. Note that the folder is empty. When content is requested, this is where the LSZ files will be generated and stored


Open the C:\Windows\CCM\Logs folder and double-click the NomadBranch.log file


Note that we set the log file path in the Endpoint Agent Installation wizard based on where the ConfigMgr client logs are on client systems (C:\Windows\CCM\Logs) to make access to the CM client logs and the Nomad logs easier. Since this server had the management point role installed prior to the CM client installation, the CM client logs are actually located in C:\Program Files\SMS_CCM\Logs.


Near the top of the log file, notice that the computer (1ETRNCM) has been identified as an SMS Site Server and an SMS Distribution Point




This is what your log should look like when Nomad identifies the DP




Note also that the HTTP LsZ generation option (normally set in SpecialNetShare) has also been enabled as Nomad has detected this is a ConfigMgr Distribution Point and will therefore be using HTTP




This is what the log looks like when Nomad is installed on a DP for HTTP LsZ Generation




Open Internet Information Services (IIS) Manager from the Start menu and expand 1ETRNCM\Sites\Default Web Site


Note the LSZFILES and NOMAD_PKGCACHE virtual directories


These virtual directories are in C:\ProgramData\1E\NomadBranch\LSZFILES and C:\ProgramData\1E\NomadBranch\NOMAD_PKGCACHE respectively. The LSZFILES directory store the LsZ files used for content validation and the NOMAD_PKGCACHE is the storage location for compressed (also compressed and encrypted) content when the Nomad SECure feature is used to compress the content.

The Client version distribution tile in the Nomad Dashboard will eventually reflect the deployment of the 1E Client, but this will take a little time. A hardware inventory sync from the client machines must happen, and then that data is synced into ActiveEfficiency to populate the data in the dashboard tiles.


Installing the Nomad Download Monitor

The Nomad Branch Download Monitor is a useful admin tool to monitor Nomad activity on either the local or a remote client. In this exercise, you will create a new Application to install the download monitor and then deploy this to all workstations.

Create the Nomad Download Monitor Package and Program

1ETRNCM



From the SkyTap Shared Drive shortcut on the desktop browse to 1E Nomad - Course Content\Nomad 7.0 Course Content and download DownloadMonitor.zip to c:\temp. Right click the file and choose Extract All. Copy the DownloadMonitor folder to \\1etrndc\ConfigMgrSource\Software. The DownloadMonitor folder contains the installer (msi) file and a transform (mst) file


A shortcut to the ConfigMgrSource location has been created on the desktop, named ConfigMgr Content Source


From the ConfigMgr Console, open the Software Library workspace, expand the Application Management node


Right-click the Packages node and select Create Package to start the Create Package and Program Wizard


On the Package page, enter Nomad Download Monitor as the Name. Check the option This package contains source files then click the Browse… button and enter or browse to \\1ETRNDC\ConfigMgrSource\Software\DownloadMonitor as the source folder. Click OK to close the Set Source Folder dialog, then click Next


On the Program Type page ensure Standard program is selected and click Next


On the Standard Program page enter the following details and click Next


Name: Install Nomad Download Monitor
Command line: msiexec /i NomadBranchGUI.msi TRANSFORMS=NomadGUIAdvancedMode.mst /qn
Program can run: Whether or not a user is logged on


The default install of the Nomad Download Monitor is in Basic Mode (UI=0). Basic Mode provides only progress bars. Advanced Mode (UI=1) allows adjustment of the workrate and allows connection to remote clients for remote monitoring. The transform contains the configuration to allow Nomad Download Monitor to be deployed in Advanced Mode.


Click Next


On the Requirements page click Next


On the Nomad Settings page select Enable Nomad and click Next


This will be the first bit of content that the newly installed Nomad clients will download.


On the Summary page, click Next then close the wizard when it completes


From the Packages node, right-click the Nomad Download Monitor package and select Distribute Content to start the Distribute Content Wizard


On the General page click Next


On the Content Destination page click Add, select Distribution Point, and select the 1ETRNCM.1ETRN.LOCAL Distribution Point. Click OK. Click Next


On the Summary page click Next, then click Close when the wizard completes


Deploy the Nomad Download Monitor

In a production environment, you would normally only deploy the Nomad Download Monitor to administrators' workstations, using the Advanced UI (UI=1) option to allow connection to any 1E Client for monitoring. In this task, you will deploy the Download Monitor onto all workstations for convenience.

1ETRNCM



From the Packages node in the ConfigMgr Console, right-click the Nomad Download Monitor package and select Deploy to start the Deploy Software Wizard


On the General page, select the Lab Workstations Collection by clicking the Browse… button to the right of the Collection field. Once the collection is selected click OK to close the Select Collection dialog. Click Next


On the Content page ensure the 1ETRNCM Distribution Point is listed in the top half of the page and click Next


On the Deployment Settings page, note that the Action is set to Install and ensure that the Purpose to Required and click Next


On the Scheduling page click New… to create a new Assignment Schedule then from the Assignment Schedule dialog box click OK to use the default (current time) schedule and return to the Scheduling page. Click Next


On the User Experience page select Allow users to run the program independently of assignments and click Next


On the Distribution Points page ensure the Deployment options are set to Download content from distribution point and run locally in both drop-downs, make sure the box Allow clients to use distribution points from the default site boundary group is unchecked, click Next


On the Summary page, review the settings and click Next


When the wizard completes click Close


Use the Client Notifications feature (as described in step 134) to make sure all the clients in the Lab Workstations Collection download the new deployment policy without having to wait



1ETRNAP



Open a Command Prompt (run as administrator) and switch to the C:\Program Files (x86)\1E\ActiveEfficiency\Service directory


Leave the command prompt window open, we'll be back shortly to use it again.


Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency


ServiceHost.exe -NomadSyncAll


We are forcing a sync between ConfigMgr and ActiveEfficiency here to review the status of this deployment in the Nomad dashboard.



1ETRNCM



Open the Nomad Dashboard under the Monitoring workspace and observe the Deployments tile


The Download Progress for this deployment should indicate what percentage of the targeted machines have started the download yet. The percentage will be driven by how fast the machines retrieved the software distribution policy


The Caching Metrics tile will potentially have data available, but this is dependent on machines retrieving policy


We will revisit these tiles in a few minutes to see what changed


The Client version distribution tile might now show the client version of some or all clients as well


Verify the installation

All Workstations



When the above deployment has completed on the clients, log on to all of them as 1ETRN\User and check the following





Note the new Nomad icon in the system tray.





If the download monitor is not running, launch it from the Start menu


Double-click the Nomad icon in the system tray to open the UI. Note that there is a Connect option in the top menu and a table labelled All downloads in the middle of the GUI. This indicates that the GUI was installed in Advanced mode (UI=1 on the msiexec command line)


Close the Download Monitor


Note that when you close the UI, the icon remains in the system tray and the monitor is still active. To completely exit the monitor, right-click the system tray icon and select  Exit  from the context menu.



1ETRNAP



Run the following command to initiate an on-demand sync from ConfigMgr to ActiveEfficiency


ServiceHost.exe -NomadSyncAll



1ETRNCM



Open the Nomad Dashboard in the ConfigMgr console and observe the changes in the Deployments tiles. Download Progress shows 100% complete and the Caching Metrics show that 60% of the clients retrieved content from a peer while 40% retrieved the content from the DP


Why are we seeing these proportions here? Ask your instructor if you aren't sure


Click the expand button on either tile to get more details


Lab Summary

In this lab, you have learned how to install the Nomad extensions to the ConfigMgr console and the additional tools that are used during an Operating System Deployment Task Sequence. The Nomad Tools installer updates OSDINJECTION.XML to ensure these tools are added to all future boot images.

You then used the 1E Endpoint Agent Installation wizard to create the ConfigMgr deployment objects (collections, packages, applications and deployment types) to support the deployment of the 1E Client on the client workstations. You have learned where the 1E Client is installed and where the Nomad cache is located.
You have begun to explore the data presented in the Nomad Dashboard as we've deployed the Nomad Agent and Nomad-enabled content. In order for the Dashboard to populate, we changed a value in the Nomad settings using the Create Nomad Baseline functionality.
Finally, you installed the Nomad Branch download monitor that will be used in later exercises to observe Nomad behaviour.

Next Page
Ex 2 - Nomad 7.0 - Deploying Software using Nomad