Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Deployment Solution 7.x: End to End in 8 hours

Created: 11 Jan 2012 • Updated: 09 Oct 2012 | 34 comments
Language Translations
Vaibhav Sharma's picture
+15 15 Votes
Login to vote

This is my observation on the Deployment Solution forum that there are mostly three types of Deployment Solution users :) one who are new to DS and evaluating it to find its fitness with their requirements; another who are mostly using only a few features as per their best fit requirements but not the entire product; the third type who are very advance DS users and very thorough with DS knowledge.

In this article I am mostly targeting to first and second type of DS users; so that they can get end to end understanding of DS features. And expecting feedback and blessing from the third type of DS users :)

Before starting anything, I would also like to add that this Deployment Solution product is very beautiful and robust (I admit here of having issues in it but trust us that very soon this DS 7.x will give you experience similar to DS 6.x or any other leading product of market)

This part of article consists following information:

  1. Setup Preparation: What is the basic requirement to start with
  2. Pre-requisites: Few important considerations
  3. Execution: Actual flow of DS to be experience by this article users

This much in 8 hours; HOW?

Yes; this end to end exercise is very much possible in 8 hours; If you go step by step with a bit of patience and above mentioned 1st and 2nd points are completed :)

Setup Preparation:

We do not require server class hardware to understand DS end to end execution and following VMs can also be very well suitable for this need:

  • Domain Environment:
    • AD, DNS, DHCP and optionally WINS (Proper name resolution is one of the most important requirement in DS environment and centralized authentication makes the configuration and later executions very easy)

Pre-requisite:

  • Symantec Management Platform (SMP) formally called as Notification Server (NS):
  • Windows 2008 R2 with 4GB RAM and 150GB Storage; in domain environment
  • Firewall should be disabled on SMP OS and in network (Just for this test run)
  • Add Feature .NET Frameworks 3.5
  • IIS (Few important settings are required here as mentioned at http://www.symantec.com/connect/blogs/required-iis7-settings-package-server-only-image-presentation
  • SQL 2008 R2 (best to use SQL authentication as “sa” user)
  • Java (Latest JRE)
  • Silver Light (Latest)
  • Flash player (Latest)
  • Adobe Reader (Latest)
  • Clients:
    • One VM client of Windows XP 64bit (Disk10GB) without OS installed
    • One VM client of Windows 7 32bit (Disk15GB) without OS installed (Disk size 15GB)
    • One VM client of RH/SuSe Linux 64bit “with” OS installed (Disk10GB) (Note: Linux is supported for x86 only but x86 VM images are having NIC driver support issue with DS whereas x64 can have supported e1000 NIC driver in VM image)
  • Configuration: There are many types of configuration supported for SMP (aka DS) installation which I will list at the end of this execution but to start with; only following is the requirement-
    • IIS with Default web site (with support of both HTTP and HTTPS but not only HTTPS)
    • IIS with Default ports (80 and 443)
    • SMP Installation on default path (C:\Programm Files)

Execution:

At this point I would request to make a check list based on the following execution with the issues observed mentioned in the same list. This list will help you to dig deep in product at latter point of time.

  1. Download and Install SIM from Symantec Official site for evaluation purpose
  2. Install complete ITMS suite [which has DS 7.1.2316] and check for Build info and License info
  3. Enable/Start all SBS (PXE) services

Once the Installation is completed successfully, you can log in to SM Console. Here DS specific components can be seen at following locations:

  1. Plug-in Policies: Console > Settings > All Settings > Agent and Plug-ins >Deployment and Migration [Or Console > Action > Deployment]
  2. Initial Settings: Console > Settings > All Settings > Deployment and Migration [Or Settings > Deployment ]
  3. Jobs and Tasks: Console > Manage > Jobs and Tasks > Deployment and Migration [Or few are at Console > Action > Deployment]
  4. Filters : Console > Manage > Filters > Software Filters > Agent and Plug-in [Search “Deployment”]
  5. Reports: Console > Reports > All Reports > Deployment and Migration

Now the actual execution :)

  1. [using Domain Membership/WINS Import] Enable network discovery for your domain
  2. [using Microsoft Active Directory Import] Import the AD users and computers
  3. [using Symantec Management Agent Installation] Enable Schedule Push to Computers for Symantec Management Agent
  4. [using DS Plug-in policies] Enable all DS policies for x86 and x64 bit Windows/Linux clients except uninstall policies
  5. [using Create Preboot Configurations] Add the PXE images for Win(x86/x64/Both) and Lin(x86)
  6. [using Driver Management] Add Drivers required for both DA/Preboot - You can add drivers of VMware, NIC, Video, Audio
  7. [using Image Multicasting] Add the Multicasting values as per setup need
  8. [using OS Files] Add OS files [For Windows XP 64 bit (add only AMD and i386 folder from installer ISO) use GUI/ For Windows 7 (add only source folder from installer ISO) use *Resource Import Tool*]
  9. [using OS Licenses] Add license for selected OS
  10. [using Predefined Computers] Import a Predefined computer [Here use a clients Name, MAC address for Windows 7 ONLY]
  11. [using PXE Server Configuration] Enable and select PXE images Predefined (Win x86) and Unknown computer (Win x64)
  12. [using Sysprep Imaging Configuration]Add Deploy.cab files for 32bit and 64bit [Applicable only for Windows XP and Windows 2k3 ]
  13. [using System Configuration] Add new System configuration for “Computer Name range” with Domain and Domain credentials
  14. [using Tokens] Optional but can add custom token here

DS Jobs and Task:

Boot all three clients at this point; where Win XP 64bit must boot in Predefined 64bit PXE Preboot Image, Win 7 32bit must boot in Unknown 32bit PXE Preboot Image, and Linux must boot in OS mode (SMAgent would be required to manually install on Linux here). Now start executing following commands one after another:

  1. Task Erase Disk – All partitions [This task is NOT applicable for newly created VM client as disk is already unformatted]
  2. Task Partition Disk – Primary and Active partition with 90%
  3. Task Install OS Windows using DA – One for Windows XP and Another for Windows 7
  4. Task Apply System Configuration – Select earlier created System Configuration [Enable Administrator user of Windows 7 at this point]
  5. Task Prepare for Image Capture – Create separate tasks for WinXP 64bit/Win7 32bit/Linux)
  6. Task Create Image (Disk) - Create separate tasks of image type Ghost & Rdeploy
  7. Task Reboot to Production - Do some OS theme (say name is NEW) change for next task
  8. Task Capture Personality - Using default PBT [Applicable to ONLY Windows desktop OS (Win7) ONLY]
  9. Task Reboot to Automation
  10. Task Deploy Image – Create separate tasks for WinXP/7 (for Ghost using DA) /Linux
  11. Task Reboot to Production - Theme should be of earlier type when Windows installation done
  12. Task Distribute Personality – Run it back on Win7 client; “New” theme should get applied [May be you need to do logout and log in back]
  13. Task Copy File – Copy a folder with some script in it [Scripts must support silent installation and MUST run without user intervention] and Execute script - To install an application, Say folder is GHOST and Application is Office
  14. Task Reboot to Automation
  15. Task Create Image (Backup) - Of Ghost
  16. Task Deploy Image - Of RDP using DA
  17. Task Reboot to Production - Theme should be of earlier type
  18. Task Distribute Personality - New theme should get applied
  19. Task Copy folder and Execute a script - To install an application, other then done for Ghost, Say folder is Rdeploy and Application is GTALK
  20. Task Reboot to Automation
  21. Task Create Image (Backup) - Of Rdeploy
  22. Task Restore Backup Image - Of Ghost taken earlier with folder name GHOST
  23. Task Reboot to Production - Should show folder copied and installed application
  24. Task Reboot to Automation
  25. Task Restore Backup Image - Of Rdeploy taken earlier with folder name Rdeploy
  26. Task Reboot to Production - Should show folder copied and installed application
  27. At the end check DS Reports and also Filters.

That’s it yes for first part.

Next Part would be for DS Initial Deployment, DS Site Server Configuration, other Advance DS configurations and feature specific known issues.

Hope this would be helpful but again I would like to add that the feedback is highly required, recommended and appreciated from all specially third type of DS users. So that I can add/edit/delete the information from here and modify this article to make it best suitable to be followed smiley

Thanks,

Vaibhav

Comments 34 CommentsJump to latest comment

Sunil Kr Mishra's picture

A functionality works but what are the background activity that makes them work info would be highly appreciated.

 

Thanks,

Sumish

0
Login to vote
Vaibhav Sharma's picture

Thanks Sunil for your feedback :)

While writting this article only first and second type of users were in my mind as mentioned above; so this is a basic but complete DS hands on information but I am also planning to create a doc with advance information there I will include the suggestion given by you :)

Thanks again,

Vaibhav

0
Login to vote
Vaibhav Sharma's picture

Humm.. It’s a good one but I am more interested in next part this feedback will also work :)

0
Login to vote
NewAdmin's picture

Its really with very good information but again as you said I am more interested in next part :)

0
Login to vote
Anirudha's picture

enlightenedAppreciate the efforts. Good article with excellent information.   

0
Login to vote
SMP-n00b's picture

Excellent article mate! yes .

I have a small question though. Does DS 7.1 support Windows CE 5.0?

I was unable to find any documentation on that with the ITMS SP2 compatibility matrix.

We have about 8500 Thin Clients running Windows CE 5.0 which worked brilliantly with DS 6.9 SP4. However, we are unable to get them moved over to DS 7.1.

I was hoping to find some info on how to configure the Thin Clients for DS 7.1. With DS 6.9, we had this awesome article that explained everything. But I have had no success in looking for articles that assist with agent configuration for DS 7.1. 

Any ideas will be greatly appreciated.

Thanks again mate! Keep up the good work!

+1
Login to vote
Vaibhav Sharma's picture

Thank you for your appreciation :)

But I am also not aware about Windows CE 5.0 support in DS 7.x.

0
Login to vote
SanjayDeo7x's picture

Realy usefull ....!

0
Login to vote
SMP-n00b's picture

Hmm, no problem Vaibhav :) I got my answer.

As of now, Windows CE 5.0 is NOT supported for ITMS SP2. Sadly sad So we will be moving our PC infrastructure over to DS 7.1 SP2, and keeping the Thin Clients on the DS 6.9 installation.

0
Login to vote
ShaneB's picture

This is a great walkthough of how to get some of the high points of DS from start to finish.  Having gone through learning DS in the last year I would have greatly benefited from a description and explanation of how PXE works, specifically in regards to having multiple task servers.  Maybe this would be a point to mention on a second doc. Cheers

0
Login to vote
Vaibhav Sharma's picture

Thank you ShaneB. I will take care to incorporate the specific request as best as possible :)

0
Login to vote
Vaibhav Sharma's picture

Thanks David to test this which is very much needed by someone other than me :) but please do provide me your feedback.

0
Login to vote
Jeremy Roberts's picture

This is a worthy effort and should be applauded, however the fact that it exists suggests that 7.x so far has failed to work for a significant number of users, most likely those in catagory two who are still using 6.9 as 7.x does not fit with their simpler requirements.

7.1 is great if you buy in to the whole Symantec product line (CMS, Patching, AV etc) however if you just want to deploy images, apps and do some remote control it makes things more complicated and takes way longer to acheive simple tasks, indeed it seems they have removed remote control from DS.

Many people don't need the complexity of 7.x and would prefer a much simpler product that is a better fit with their requirements.

+1
Login to vote
Vaibhav Sharma's picture

Thanks Jeremy. I do agree with you that many people (mostly DS 6.9 users) don't need the complexity of 7.x and we are working here to address this concern as best as possible.

0
Login to vote
JimChud's picture

nice guide, i've given this as a read through to a colleague who just started working with DS. though alot of it was already done i think it gave him a guide to why those things existed and what was done to get it working.

Unfortunately for me NS / DS 7 isnt the full package yet and i couldnt move away from DS6.9 even if i wanted to, but it has some nice features and im hoping if they listen to the community they should resolve and change some of the things that just dont work the way they are currently setup!

again nice work!

Regards Jim.
Connect Etiquette: "Mark as Solution" those posts which resolve your problem and give a thumbs up to useful comments, articles and downloads.

0
Login to vote
Vaibhav Sharma's picture

Thanks Jim.

Please do provide me the feedback once your colleague is done with it. Also I do expect that your (or of DS 6.9 users) most of concerns will get resolved in upcoming DS solution release. :)

0
Login to vote
kw@bts's picture

Hello,

Firstly, thanks to Vaibhav for a well written article.

I would guess i fall into the first type of user where I'm evaluating the suite to see whether it suits our needs however I am having issues getting it installed.

I have met the requirements for the package although it has recommended a different CPU for better performance (this is a test box so not worried about that). The installation always fails when installing the TaskServer Handler x64 (7.1.2316) with a runtime error c:\windows\installer\msi9a55.tmp.

Tried running the MSI file directly but Windows reports this a non valid install package. Has anyone experienced this so far?

Thanks in advance.

Ken

0
Login to vote
Vaibhav Sharma's picture

Thanks Ken.

Please let me know if your setup is with all default (Website/Port/Drive) or there is some diff.

0
Login to vote
kw@bts's picture

Hi Vaibhav

Standard installation path and any web config that is required. I am using the SQL instance from another server though, not local.

Thanks

0
Login to vote
Vaibhav Sharma's picture

Please share altiris-deploymentsolutiontaskserverhandler_7_1_x64.msi_install.log from SIM Logs\Installlogs.

Thanks

0
Login to vote
kw@bts's picture

Sorry but I'm unable to locate the log file you specified.

The only logs available are here C:\Program Files\Altiris\Symantec Installation Manager\InstallHistory\PerfLogs

I have attached the latest log from this folder. If this is not the correct one then please post up the folder path to the correct one.

Thanks for your time

AttachmentSize
SIM_Metrics_2012_02_28 08_37_29.zip 9.04 KB
0
Login to vote
Vaibhav Sharma's picture

Hi Ken,

Thanks for sharing the log but this was not of much help.

I would request you to share the support package logs, which can be created from SIM > Settings.

Also let us know if this is an english installation.

Thanks

0
Login to vote
kw@bts's picture

Thanks for the advice, I'll enable this setting and reinstall to generate the log file.

It is an english installation

0
Login to vote
kw@bts's picture

Hi Vaibhav

You'll find attached the log file. This is an english installation.

AttachmentSize
altiris_deploymentsolutiontaskserverhandler_7_1_x64.msi_install.zip 254.27 KB
0
Login to vote
Vaibhav Sharma's picture

Hi Ken,

This is the problem related to "RunCreateDSShare 3: C:\Windows\Installer\MSIC056.tmp" which I have also seen on some other DS forum thread but without resolution. This seems to an uncommon problem where DS share is not getting created during DS solution installation and installation is getting terminated.

I am not in a potion to give the solution of the same but this could be issue related to Windows User Access Control which is not allowing to create a Windows share (Deployment) during installation.

As of now you are stuck for the successful installation so I would recommend running the installation in workgroup environment with local admin privileges and see if this goes successful.

Thanks.

0
Login to vote
kw@bts's picture

Disabled user account control and ran the install under the local admin account on the server but the installation still failed.

Thanks for your assistance on this. I'll keep reading the forums to see if it gets resolved

0
Login to vote
dsmith1954's picture

There are 4th, 5th, and 6th types of users, although some may classify them as just a 4th type. They follow the same lines as the first three, but prefer to remain on feature rich DS 6.9, mostly because it is a Win32 application and does so much more than the lame web-based DS 7.1, and partly because it works 99.99% of the time.

We have v7.1 installed, but don't use DS. It is just not up to the task of replacing DS 6.9. We can do so much more in 6.9, without the convoluted mess people put up with in 7.1.

DS 6.9 remote control works, and there are no known security vulnerabilities. pcAnywhere might work sometime,  depending on the day of the week, or if it just wants to work that time. Did I mention security vulnerabilities in pcAnywhere? Those that were discovered in 2006 were finally patched earlier this year. They only released the following advisory in Jan 2012, and finally patched the last one in March.

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120124_00

Another pcAnywhere vulnerability. Discovered in March. Patch available in April.

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00

Imaging just flat out works in DS 6.9. And, if you want to image with Linux or DOS you can - as long as you can find drivers for your hardware. Ghost or RDP - your choice. Whichever is quicker or better for your environment.

Software deployment - works. No need to create fancy workflows for tasks/jobs. Copying one task to another job just works. Copying a job, pasting it into another folder and making minor changes for whatever reason, just works without any duplicating of tasks/workflows, or any of the other myriad of issues I've read about here.

Filters for deployment - simple. Create a condition in a matter of seconds instead of having to create convoluted filters in DS 7.1.

Want to deploy an app to a few computers? Just select them in the console and drag them to the job - done.

Want to schedule the installation for 3am? Select the computers, drag to the job and schedule. Need to wake them up at that time? Done automatically, if the console is configured that way.

If anybody hasn't experienced DS 6.9, then you don't know what you are missing. I highly recommend everyone give it a try. You don't have to bow to the almighty web-based DS 7.1.

+4
Login to vote
Gibson99's picture

our shop is exactly what you just described.  we also use 7.1 but not the DS part.  still on ds 6.9 for all the reasons you mentioned.  it's not perfect, but its console is MUCH faster, more robust, and has nifty addons available like ImageInvoker (search connect for it).  PXE in ds 6.9 is a lot more flexible because i can actually configure it however i want to do additional steps inside WinPE, other than JUST imaging.  my imaging scripts consist of a fair bit more than just laying down an image and injecting a generic sysprep answer file - i've customized the heck out of my answer file, and i also inject a bunch of other stuff for pre-installation and other config tweaks, all during winPE, so that it's there during windows' first boot (minisetup), so setupcomplete.cmd can actually do a bunch of stuff for me.  no chance of doing any of that in 7.1; at least, none that i could find.

the only caveat i can find is that DS remote doesn't work with win7 unless someone is already logged in, and even then, if an elevated dialog box comes up (something running as admin, or a UAC box), you lose remote control.  if nobody's logged in, you can't even remote in, and so you can't login to do what you need.  that's one thing that at least PCA can do right (but as you said - when it decides to work).  

IMHO, symantec took on too big of a project with the whole 7.x branch, and fell on its face with it.  7.1 isn't ready to displace 6.9, yet i hear they're going to EOL 6.9 (no idea when, but i keep hearing that).  that will leave a huge hole in their offerings, and i wouldn't be surprised to see a bunch of customers jump ship.  altiris isn't the only game in town anymore.  microsoft's system center looks like it's maturing quite well, and even dell (who used to rebrand and resell altiris) now has their own mgmt offerings.  brand loyalty isn't what it used to be back in the day.  board rooms focus on $ and if the end-user can't tell a difference, they don't care what the backend product looks like or whose name is on it, as long as it gets the job done and doesn't break the budget.  

If a Connect post helped you out, be sure to click "Mark As Solution" or the "Thumbs Up" button to let other users know about it.

+2
Login to vote
jlawson's picture

one note for pca

It works fantastically after they rewrote the code back in April.  Before this yes PCA was a major headache.

0
Login to vote
Gibson99's picture

we're running the latest PCA.  for whatever reason, it never takes my password when i try to authenticate, but it takes the service account password just fine. it takes most other peoples' passwords too.  my passwords aren't that complex, and i even tried leaving out high ascii and spaces, to rule them out.  i'm in the right access groups/AD groups, but i think PCA just doesn't like me.  Carbon copy didn't like me either.  

If a Connect post helped you out, be sure to click "Mark As Solution" or the "Thumbs Up" button to let other users know about it.

+1
Login to vote
dsmith1954's picture

If they do finally EOL DS 6.9, and don't offer a Win32/Win64 version, I'll recommend EOL our contract with Symantec.

If the vendor doesn't offer what you need, and someone else does, then there's no reason to stay.

Every vendor wants to rush into the webapps game, almost all of them fail, but most don't want to believe it.

IMHO, webapps just don't cut it. There are a few that excel at what they do, but the majority that I've had the displeasure to work with, excel only at losing me as a customer. Most that I've seen don't do error checking, don't have a clue as to what browser settings are required for their app, don't check screen size and make adjustments, Java - don't get me started, and the list goes on and on.

I had the displeasure of working on one yesterday that seemed to use Silverlight, but the vendor (Salesperson) didn't have a clue, and when it (the app) opened a box inside the browser the OK or Submit button was not visible, and you couldn't scroll IE to find it. Lousy programming.

Sorry, just couldn't pass up the opportunity to rant about webapps! smiley

0
Login to vote
Gibson99's picture

"I had the displeasure of working on one yesterday that seemed to use Silverlight, but the vendor (Salesperson) didn't have a clue, and when it (the app) opened a box inside the browser the OK or Submit button was not visible, and you couldn't scroll IE to find it. Lousy programming." 

gee, was that SMP 7.1?  It does this very thing to me quite often.  my laptop's screen is only 768 px tall.  when it happens, i have to hit the little X on the "pop-inside" window, hit f11 to go fullscreen, then try whatever i was doing again.  it's really just an annoyance, but a real popup wouldn't have given me that problem because i could've resized it.

to me, it seems like if you're going to write all this stuff that locks you into a specific browser (IE) plus some plugins that are dynamically changing every time there's an update for something (java, silverlight, flash, etc ad nauseum) then you might as well just write a dedicated 32bit application that DOESN'T depend on  other stuff that you have no control over.  if you're saying they have to run windows no matter what, then at least with a 32bit app, users (us) get a consistent, reliable experience.  

in fact, i just saw a demo of system center 2012 yesterday - it has a 32bit console that looks and functions a lot like SMP 7.1's silverlight section.  except a lot faster, even on the overtaxed VM they had it running on.  

If a Connect post helped you out, be sure to click "Mark As Solution" or the "Thumbs Up" button to let other users know about it.

0
Login to vote
dsmith1954's picture

Haven't had that experience with SMP yet, although I did get something somewhat similar when we attempted to go to ServiceDesk. At the time, it wasn't IE8 compatible, or IE9 I don't remember which now.

My UI issues with SMP have mostly been the slowness, reports that don't scale to the size of the field, lack of ability to scroll a list of anything - it always refreshes instead of scrolling, inability to multiple select in some areas, etc., etc., etc.

We've been looking at System Center as well. Our main concern is Asset Management. Management likes to have reports that shows which user is assigned to which computer, and Altiris/Symantec Asset Management is about the only application that does that fairly well. Although I'm told there's a plug-in for System Center that does the same thing, so we may be making the move...

0
Login to vote