Logo
Lose Weight
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Server

System Center Configuration Manager 2007 : Operating System Deployment - Native Mode

3/25/2013 6:33:45 PM

1. Native Mode

OSD in a native mode ConfigMgr environment requires one additional certificate. Systems use this certificate when they are booted using PXE or physical media. It allows these systems to authenticate and securely communicate with the ConfigMgr site systems. You can share a single certificate for all OSD deployments; this certificate is used only during the deployment process and not actually installed on the target system.

The requirements for this certificate are as follows:

  • The Enhanced Key Usage value must contain Client Authentication (1.3.6.1.5.5.7.3.2).

  • The Subject Name or Subject Alternative Name field must be unique.

  • The certificate must be stored in a Public Key Certificate Standard (PKCS #12) format file, which must also contain the private key.

  • The maximum key length is 2,048 bits.

When you create a PXE service point or task sequence media, ConfigMgr prompts you to create a self-signed certificate or import a certificate. For a native mode site, you must choose to import a certificate and supply the password protecting the certificate file.

You can view imported certificates under the Site Management -> <Site Code> -> <Site Name> -> Site Settings -> Certificates in the Boot Media and PXE nodes. Only two options are available from the context menu of imported certificates: Block and Unblock.

In addition to the new certificate, you must also specify the Root Certificate Authority (CA) certificate to ConfigMgr. You do this on the Site Mode tab of the Site Properties configuration dialog by pressing the Specify Root CA Certificates button, as shown in Figure 1.

Figure 1. Specifying Root CA Certificates

Certificate Revocation Lists

By default, ConfigMgr enables Certificate Revocation List (CRL) checking. Depending on your PKI implementation, you can publish the CRL to multiple, various locations including Active Directory and a website. OSD targets booted using PXE or media cannot access CRLs published to Active Directory. Thus if your CRLs are published only to Active Directory, OSD cannot access them and will fail.

In addition, if the first CRL distribution point listed in your certificates is Active Directory, you might experience a delay during the Windows PE startup process. This happens because Windows PE tries to access each CRL distribution point in the order listed in the certificate.

Although it is possible to change your CRL distribution points, certificates already issued will not reflect this change; you have to revoke the existing certificates and issue new ones. Disabling CRL checking in ConfigMgr is another option but is discouraged.

The recommended solution is to carefully plan your PKI infrastructure and ensure that your CRLs are accessible to all systems that need them.

2. Upgrading from SMS 2003

Although Microsoft supports both in-place upgrades and side-by-by-side migrations from SMS 2003 to Config 2007, you cannot directly transfer any work done in the OSD Feature Pack of SMS 2003. In fact, you must uninstall the OSD Feature Pack from SMS 2003 before you perform an upgrade. Here are some of the limitations:

  • The upgrade process creates a new node named OSD FP Packages under the Operating System Deployment node in the ConfigMgr console, with all existing operating system feature pack packages placed under this new node. The node appears until you delete the existing operating system packages.

  • You cannot create new advertisements in this node or distribute down-level feature pack operating system images to distribution points.

  • Down-level image packages are not available as a choice when choosing an Operating System Image package in the Apply Operating System Image task, although existing advertisements and package deployments for down-level images are upgraded intact and still usable after the upgrade.

  • Images created using the OSD Feature Pack are not compatible with OSD in ConfigMgr, and you cannot directly import them. 

For the long-term, you should definitely consider revamping your imaging process and use a full-fledged Build and Capture task sequence to create your image.

Other -----------------
- System Center Configuration Manager 2007 : Operating System Deployment - Post Deployment Tasks, Troubleshooting
- System Center Configuration Manager 2007 : Operating System Deployment - Drivers
- System Center Configuration Manager 2007 : Operating System Deployment - Tips and Techniques
- Understanding Network Services and Active Directory Domain Controller Placement for Exchange Server 2007 : Global Catalog and Domain Controller Placement
- Understanding Network Services and Active Directory Domain Controller Placement for Exchange Server 2007 : Configuring DNS to Support Exchange Servers, Troubleshooting DNS Problems
- Understanding Network Services and Active Directory Domain Controller Placement for Exchange Server 2007 : Understanding DNS Requirements for Exchange Server 2007
- Understanding Network Services and Active Directory Domain Controller Placement for Exchange Server 2007 : Examining DNS Components
- Nginx HTTP Server : Basic Nginx Configuration - Base module directives
- Nginx HTTP Server : Basic Nginx Configuration - Configuration file syntax
- SharePoint 2010 : Configuring Search Settings and the User Interface - Web Parts (part 4)
- SharePoint 2010 : Configuring Search Settings and the User Interface - Web Parts (part 3)
- SharePoint 2010 : Configuring Search Settings and the User Interface - Web Parts (part 2)
- SharePoint 2010 : Configuring Search Settings and the User Interface - Web Parts (part 1)
- Windows Server 2008 R2 file and print services : Administering Print and Document Services (part 2) - Distributed scan server
- Windows Server 2008 R2 file and print services : Administering Print and Document Services (part 1)
- Windows Server 2008 R2 file and print services : Services for Network File System, Windows Search Service
- Windows Server 2008 R2 file and print services : File Server Resource Manager
- Managing Windows Small Business Server 2011 : Adding a Terminal Server (part 3) - Configuring RD Licensing
- Managing Windows Small Business Server 2011 : Adding a Terminal Server (part 2) - Installing the Remote Desktop Services Role
- Managing Windows Small Business Server 2011 : Adding a Terminal Server (part 1)
 
 
Popular tags
Active Directory Biztalk Exchange Server Microsoft Access Microsoft Dynamic Microsoft Excel Microsoft LynServer Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Pen and Touch Sharepoint Sql Server Windows Server 2008
Most view of day
- Microsoft Dynamic GP 2010 : Purchase Order Processing
- Creating a Home Network : Setting Up a Wireless Network
- Microsoft Exchange Server 2010 : Creating and Managing Accepted Domains (part 2) - Creating Accepted Domains
- How to Troubleshoot Disk Problems (part 2) - How to Use the Graphical Chkdsk Interface
- Extending Dynamics GP with Free Software : Checking Dynamics GP spelling with Willoware
- Sharepoint 2013 : Backup and Restore (part 2) - Export and Import - Using PowerShell, STSADM, Central Administration
- Sharepoint 2013 : SharePoint Designer 2013 (part 1) - New Features
- Windows Server 2012 : Enhanced security and compliance (part 1) - Dynamic Access Control
- Preparing and Configuring Boot Images (part 2) - Adding Drivers to a Boot Image
- Adobe Flash Catalyst CS5 : Convert Artwork to a Data List
Top 10
- Windows Phone 8 Apps : Camera (part 4) - Adjusting Video Settings, Using the Video Light
- Windows Phone 8 Apps : Camera (part 3) - Using the Front Camera, Activating Video Mode
- Windows Phone 8 Apps : Camera (part 2) - Controlling the Camera’s Flash, Changing the Camera’s Behavior with Lenses
- Windows Phone 8 Apps : Camera (part 1) - Adjusting Photo Settings
- MDT's Client Wizard : Package Properties
- MDT's Client Wizard : Driver Properties
- MDT's Client Wizard : Application Properties
- MDT's Client Wizard : Operating System Properties
- MDT's Client Wizard : Customizing the Deployment Share
- Windows Server 2012 : Software and User Account Control Administration (part 5) - Maintaining application integrity - Configuring run levels
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro