Wednesday, October 15, 2008

Sccm 2007 DCM Web resources from Microsoft

 

Desired Configuraion Manager Web resources from Microsoft.com

Configuration Manager Configuration Pack Catalog

https://www.microsoft.com/technet/prodtechnol/scp/configmgr07.aspx

Technical Reference for Desired Configuration Management

http://technet.microsoft.com/en-us/library/bb680894.aspx

Configuration Pack Authoring Guide

http://technet.microsoft.com/en-us/library/bb680894.aspx

Configuration Manager Documentation Library

http://technet.microsoft.com/en-au/library/bb680651.aspx

Configuring Desired Configuration Management

http://technet.microsoft.com/en-au/library/bb680669.aspx

Desired Configuration Management on TechNet Forums

http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=1817&SiteID=17

 

-------------------
Thanks,
http://paddymaddy.blogspot.com/

DCM with SCCM 2007

Configuration Manager 2007 Toolkit for DCM Kit

The configuration Manager 2007 toolkit contains the following tools for DCM

DCM Model Verification - A tool used by desired configuration

management content administrators for the validation and testing of

configuration items and baselines authored externally from the

Configuration Manager console.

DCM Digest Conversion - A tool used by desired configuration

management content administrators to convert existing SMS 2003

Desired Configuration Management Solution templates to Desired

Configuration Management 2007 configuration items.

DCM Substitution Variables - A tool used by desired configuration

management content administrators for authoring desired

configuration management configuration items that use chained

setting and object discovery.


-------------------
Thanks,
http://paddymaddy.blogspot.com/

SCCM 2007 R2 Application Virtualization

There is good artical on SCCM R2 New Virtual Application
http://weblog.bassq.nl/?p=157#more-157

Enjoy,
Paddy

Tuesday, October 14, 2008

SCCM 2007 Virtual Application all Packages Tools Pdf files and Scripts how to use them

Using the Virtual Application Package Tools

The following list of procedures describes how to use the tools that are available to help manage virtual application packages in your Configuration Manager 2007 environment. By default, the files are located in the following directory: <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp.

AppVirtMgmtClient.sms

Use the AppVirtMgmtClient.sms file to create a Configuration Manager 2007 package to distribute the Microsoft Application Virtualization (App-V) Client. For more information about installing the App-V client, see How to Install the Microsoft Application Virtualization Client.

Note 

By default, the program created by AppVirtMgmtClient.sms file will restart the target computer because the App-V client setup needs to update files used by the operating system. When you upgrade from previous versions of the App-V client, you must use the setting ConfigMgr restarts computer. For new App-V client deployments, you can change this program setting to No action required. However, you should install the App-V client setup manually in a test environment to ensure the computer does not need to be restarted as part of the installation.

After the App-V client has been installed, software metering for virtual application packages will not be available until after you have restarted the target computer. You should choose the setting ConfigMgr restarts computer if you plan to run software metering for virtual application packages.

AppVirtMgmtSequencer.sms

Use the AppVirtMgmtSequencer.sms file to install the App-V sequencer into your Configuration Manager 2007 environment. For more information about installing an application using a program definition file, see How to Create a Package from a Package Definition File.

Using the ManageVAppPackage.vbs Script

You can use the ManageVAppPackage.vbs file to import new virtual applications and update existing virtual application packages in Configuration Manager 2007.

Use the following procedure to manage virtual application packages

To manage virtual application packages

Open a command prompt. Navigate to the directory containing the ManageVAppPackage.vbs. The default location is <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp \ ManageVAppPackage.vbs.

To update an existing virtual application package, or to import a new virtual application, type the applicable command.

 

To import a new virtual application, type the following command using your values:

cscript ManageVAppPackage.vbs /Action ADD /SGVAppSource VirtualApplicationSourceDirectory /SMSVAppSource \\Server\VappsourceDirectory\VirtualApplicationName [/DPList \\Server\Share] [/PackageName YourPackageName] [/PackageComment YourPackageComment] [/Manufacturer YourManufacturer] [/Language YourLanguage]

To update an existing virtual application package, type the following command using your values:

cscript ManageVAppPackage.vbs /Action UPDATE /PackageID YourPackageID /SGVAppSource VirtualApplicationSourceDirectory /PackageName YourPackageName [/PackageComment YourPackageComment] [/Manufacturer YourManufacturer] [/Language YourLanguage]

Use the value descriptions in the following table to help you determine the actual text you will use with the preceding commands.

Value  Description 

/Action

 Specifies if a new virtual application will be imported or an existing package will be upgraded. To import a new virtual application, use the ADD parameter. To update an existing virtual application package, use the UPDATE parameter. If you are importing a new virtual application, do not specify an associated PackageID. If you are updating an existing virtual application package, do not use the /DPList parameter.

/SGVAppSource

 Specifies the source location for the App-V virtual application. Configuration Manager 2007 will copy the contents from the specified directory. The directory specified can be a local folder or a folder specified by using UNC format.

/SMSVAppSource

 Specifies the Configuration Manager 2007 source folder. You must specify this location using UNC format.

/Packagename

 Specifies the package name for the virtual application package. If no name is specified, Configuration Manager 2007 will assign the name specified in the associated manifest file.

/DPList

 Specifies the distribution points that the virtual application package will be added to. If you want to add the package to all distribution points, use an asterisk (*).

/PackageComment

 Specifies the comment that will be associated with the virtual application package.

/PackageID

 Specifies the Configuration Manager 2007 package associated with the virtual application.

/Manufacturer

 Specifies the manufacturer that will be associated with the virtual application package.

/Language

 Specifies the language that will be associated with the virtual application package.

Using the SetRetensionRules.vbs Script

You can configure retention rules for virtual application packages by using the SetRetentionRules.vbs file. This script can be used only on a primary Configuration Manager 2007 site.

Use the following procedure to set the retention rules for virtual application packages located on Configuration Manager 2007 distribution points.

To set virtual application package retention rules

Open a command prompt. Navigate to the directory containing SetRetentionRules.vbs. The default location is <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp \ SetRetentionRules.vbs.

To set the retention rules, type the following command, replacing the text in brackets with your values:

cscript SetRetentionRules.vbs [TransitionDays] [Max Versions]

Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.

Value  Description 

TransitionDays

 Specifies the number of days virtual application packages will be saved.

Max Versions

 Specifies the maximum number of versions that will be saved.

Enjoy,
Paddy

Monday, October 13, 2008

Simple steps for Configure Virtual Application Components in SCCM 2007 R2

 
Simple steps to Configure Virtual Application Components in SCCM 2007 R2
  1. Configure the Client Agent Settings to Advertised Programs, and Run Virtual Applications
  2. On DP Enable Streaming for Virtual Application Packages
  3. Install the Microsoft Application Virtualization Client
 
I will come-up with more once i have tested more on this :P
 
-------------------
Thanks,

Create Package for Microsoft Virtual Application Virtualization Desktop Client

 

Microsoft Virtual Application Virtualization Desktop Client

  1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Software Distribution.

  2. If necessary, expand the Software Distribution node and select Packages. To open the Create Package from Definition Wizard, right-click Packages, and then click New / Package From Definition.

  3. On the welcome page, click Next.

  4. On the Package Definition page, to specify the publisher and definition for the new package, click Browse. Locate and select the AppVirtMgmtClient.sms file. The default location for the AppVirtMgmtClient.sms file is <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp \ AppVirtMgmtClient.sms. The Name, Version, and Language associated with the specified .sms file are displayed in the Package definition pane. Click Next.

  5. On the Source Files page, select Always obtain files from a source directory to help ensure the latest version of the client software will be available, and then click Next.

  6. On the Source Directory page, specify the directory that contains the source files for the package. This is the directory that contains the Microsoft Application Virtualization Desktop Client or the Microsoft Application Virtualization for Terminal Services installation file depending on the version of the client you are planning to install. Specify the source location by providing the UNC path. Alternatively, click Browse to specify the location that contains the setup files for the type of client you want to install. Click Next.

  7. On the Summary page, review the Details for the package definition file. To create the package definition file and close the wizard, click Finish. To access the new package select the Packages node and the package will be available in the results pane.

  8. If you installed the Microsoft Application Virtualization for Terminal Services client, after the package has been created, you should select the Packages node, right-click the package in the in the Results pane and select Properties. On the General tab, update the Name of the package so that it reflects that it is the terminal services version of the client.

 

-------------------
Thanks,
http://paddymaddy.blogspot.com/

Once SMS 2003 Upgraded you must delete these accounts ; SMS 2003 accounts delete

Always Delete

The following accounts should always be deleted because they are never used for Configuration Manager 2007.

  • SMS Service account
  • CCM Boot Loader (DC) (SMS#_dc)
  • CCM Boot Loader (Non-DC)( SMSCCMBootAcct&)
  • Client Services (DC) (SMS&_dc)
  • Client Services (Non-DC) (SMSCliSvcAcct&)
  • Client User Token (DC) (SMSCliToknAcct&)
  • Client User Token (Non-DC) (SMSCliToknLocalAcct&)
  • Client Connection (SMSClient_sitecode)
  • Legacy Client Software Installation
  • Internal client group (SMSInternalCliGrp)
  • Site System Database (SMS_SQL_RX_sitecode)
  • Server Connection (SMSServer_sitecode)

The Site System to SQL Server Connection (SMS_SiteSystemToSQLConnection_sitecode) group is not used after upgrade and can be deleted for Configuration Manager 2007 sites, but is still used for SMS 2003 site servers and site systems to connect to their site database servers.

Do Not Delete

Do not delete the following groups; even though they have SMS in their names, they are still used for Configuration Manager 2007.

  • SMS Administrators (SMS Admins)
  • Reporting Users (SMS Reporting Users)
  • Site System to Site Server Connection (SMS_SiteSystemToSiteServerConnection_sitecode)
  • Site to Site Connection (SMS_SiteToSiteConnection_sitecode)

Do not delete the Client Push Installation account or the Site Address account, if used in your environment. These accounts are still used in Configuration Manager 2007. The Advanced Client Network Access account can still be used in Configuration Manager 2007, but is called simply the Network Access account.

 
 
 

-------------------
Thanks,
http://paddymaddy.blogspot.com/

Windows Ports and protocols

 
 

Ports and protocols

The following table summarizes the information from the "System services ports" section. This table is sorted by port number instead of by the service name.
Port Protocol Application protocol System service name
n/a GRE GRE (IP protocol 47) Routing and Remote Access
n/a ESP IPsec ESP (IP protocol 50) Routing and Remote Access
n/a AH IPsec AH (IP protocol 51) Routing and Remote Access
7 TCP Echo Simple TCP/IP Services
7 UDP Echo Simple TCP/IP Services
9 TCP Discard Simple TCP/IP Services
9 UDP Discard Simple TCP/IP Services
13 TCP Daytime Simple TCP/IP Services
13 UDP Daytime Simple TCP/IP Services
17 TCP Quotd Simple TCP/IP Services
17 UDP Quotd Simple TCP/IP Services
19 TCP Chargen Simple TCP/IP Services
19 UDP Chargen Simple TCP/IP Services
20 TCP FTP default data FTP Publishing Service
21 TCP FTP control FTP Publishing Service
21 TCP FTP control Application Layer Gateway Service
23 TCP Telnet Telnet
25 TCP SMTP Simple Mail Transfer Protocol
25 TCP SMTP Exchange Server
42 TCP WINS Replication Windows Internet Name Service
42 UDP WINS Replication Windows Internet Name Service
53 TCP DNS DNS Server
53 UDP DNS DNS Server
53 TCP DNS Internet Connection Firewall/Internet Connection Sharing
53 UDP DNS Internet Connection Firewall/Internet Connection Sharing
67 UDP DHCP Server DHCP Server
67 UDP DHCP Server Internet Connection Firewall/Internet Connection Sharing
69 UDP TFTP Trivial FTP Daemon Service
80 TCP HTTP Windows Media Services
80 TCP HTTP World Wide Web Publishing Service
80 TCP HTTP SharePoint Portal Server
88 TCP Kerberos Kerberos Key Distribution Center
88 UDP Kerberos Kerberos Key Distribution Center
102 TCP X.400 Microsoft Exchange MTA Stacks
110 TCP POP3 Microsoft POP3 Service
110 TCP POP3 Exchange Server
119 TCP NNTP Network News Transfer Protocol
123 UDP NTP Windows Time
123 UDP SNTP Windows Time
135 TCP RPC Message Queuing
135 TCP RPC Remote Procedure Call
135 TCP RPC Exchange Server
135 TCP RPC Certificate Services
135 TCP RPC Cluster Service
135 TCP RPC Distributed File System
135 TCP RPC Distributed Link Tracking
135 TCP RPC Distributed Transaction Coordinator
135 TCP RPC Distributed File Replication Service
135 TCP RPC Fax Service
135 TCP RPC Microsoft Exchange Server
135 TCP RPC File Replication Service
135 TCP RPC Group Policy
135 TCP RPC Local Security Authority
135 TCP RPC Remote Storage Notification
135 TCP RPC Remote Storage Server
135 TCP RPC Systems Management Server 2.0
135 TCP RPC Terminal Services Licensing
135 TCP RPC Terminal Services Session Directory
137 UDP NetBIOS Name Resolution Computer Browser
137 UDP NetBIOS Name Resolution Server
137 UDP NetBIOS Name Resolution Windows Internet Name Service
137 UDP NetBIOS Name Resolution Net Logon
137 UDP NetBIOS Name Resolution Systems Management Server 2.0
138 UDP NetBIOS Datagram Service Computer Browser
138 UDP NetBIOS Datagram Service Messenger
138 UDP NetBIOS Datagram Service Server
138 UDP NetBIOS Datagram Service Net Logon
138 UDP NetBIOS Datagram Service Distributed File System
138 UDP NetBIOS Datagram Service Systems Management Server 2.0
138 UDP NetBIOS Datagram Service License Logging Service
139 TCP NetBIOS Session Service Computer Browser
139 TCP NetBIOS Session Service Fax Service
139 TCP NetBIOS Session Service Performance Logs and Alerts
139 TCP NetBIOS Session Service Print Spooler
139 TCP NetBIOS Session Service Server
139 TCP NetBIOS Session Service Net Logon
139 TCP NetBIOS Session Service Remote Procedure Call Locator
139 TCP NetBIOS Session Service Distributed File System
139 TCP NetBIOS Session Service Systems Management Server 2.0
139 TCP NetBIOS Session Service License Logging Service
143 TCP IMAP Exchange Server
161 UDP SNMP SNMP Service
162 UDP SNMP Traps Outbound SNMP Trap Service
389 TCP LDAP Server Local Security Authority
389 UDP LDAP Server Local Security Authority
389 TCP LDAP Server Distributed File System
389 UDP LDAP Server Distributed File System
443 TCP HTTPS HTTP SSL
443 TCP HTTPS World Wide Web Publishing Service
443 TCP HTTPS SharePoint Portal Server
443 TCP RPC over HTTPS Exchange Server 2003
445 TCP SMB Fax Service
445 TCP SMB Print Spooler
445 TCP SMB Server
445 TCP SMB Remote Procedure Call Locator
445 TCP SMB Distributed File System
445 TCP SMB License Logging Service
445 TCP SMB Net Logon
464 TCP Kerberos Password V5 Net Logon
500 UDP IPsec ISAKMP Local Security Authority
515 TCP LPD TCP/IP Print Server
548 TCP File Server for Macintosh File Server for Macintosh
554 TCP RTSP Windows Media Services
563 TCP NNTP over SSL Network News Transfer Protocol
593 TCP RPC over HTTPS endpoint mapper Remote Procedure Call
593 TCP RPC over HTTPS Exchange Server
636 TCP LDAP SSL Local Security Authority
636 UDP LDAP SSL Local Security Authority
993 TCP IMAP over SSL Exchange Server
995 TCP POP3 over SSL Exchange Server
1067 TCP Installation Bootstrap Service Installation Bootstrap protocol server
1068 TCP Installation Bootstrap Service Installation Bootstrap protocol client
1270 TCP MOM-Encrypted Microsoft Operations Manager 2000
1433 TCP SQL over TCP Microsoft SQL Server
1433 TCP SQL over TCP MSSQL$UDDI
1434 UDP SQL Probe Microsoft SQL Server
1434 UDP SQL Probe MSSQL$UDDI
1645 UDP Legacy RADIUS Internet Authentication Service
1646 UDP Legacy RADIUS Internet Authentication Service
1701 UDP L2TP Routing and Remote Access
1723 TCP PPTP Routing and Remote Access
1755 TCP MMS Windows Media Services
1755 UDP MMS Windows Media Services
1801 TCP MSMQ Message Queuing
1801 UDP MSMQ Message Queuing
1812 UDP RADIUS Authentication Internet Authentication Service
1813 UDP RADIUS Accounting Internet Authentication Service
1900 UDP SSDP SSDP Discovery Service
2101 TCP MSMQ-DCs Message Queuing
2103 TCP MSMQ-RPC Message Queuing
2105 TCP MSMQ-RPC Message Queuing
2107 TCP MSMQ-Mgmt Message Queuing
2393 TCP OLAP Services 7.0 SQL Server: Downlevel OLAP Client Support
2394 TCP OLAP Services 7.0 SQL Server: Downlevel OLAP Client Support
2460 UDP MS Theater Windows Media Services
2535 UDP MADCAP DHCP Server
2701 TCP SMS Remote Control (control) SMS Remote Control Agent
2701 UDP SMS Remote Control (control) SMS Remote Control Agent
2702 TCP SMS Remote Control (data) SMS Remote Control Agent
2702 UDP SMS Remote Control (data) SMS Remote Control Agent
2703 TCP SMS Remote Chat SMS Remote Control Agent
2703 UPD SMS Remote Chat SMS Remote Control Agent
2704 TCP SMS Remote File Transfer SMS Remote Control Agent
2704 UDP SMS Remote File Transfer SMS Remote Control Agent
2725 TCP SQL Analysis Services SQL Analysis Server
2869 TCP UPNP Universal Plug and Play Device Host
2869 TCP SSDP event notification SSDP Discovery Service
3268 TCP Global Catalog Server Local Security Authority
3269 TCP Global Catalog Server Local Security Authority
3343 UDP Cluster Services Cluster Service
3389 TCP Terminal Services NetMeeting Remote Desktop Sharing
3389 TCP Terminal Services Terminal Services
3527 UDP MSMQ-Ping Message Queuing
4011 UDP BINL Remote Installation
4500 UDP NAT-T Local Security Authority
5000 TCP SSDP legacy event notification SSDP Discovery Service
5004 UDP RTP Windows Media Services
5005 UDP RTCP Windows Media Services
6001 TCP Information Store Exchange Server 2003
6002 TCP Directory Referral Exchange Server 2003
6004 TCP DSProxy/NSPI Exchange Server 2003
42424 TCP ASP.Net Session State ASP.NET State Service
51515 TCP MOM-Clear Microsoft Operations Manager 2000
1024-65535 TCP RPC Randomly allocated high TCP ports
Microsoft provides the information in this table in a Microsoft Excel worksheet. This worksheet is available for download from the Microsoft Download Center:

DownloadDownload the Port_Requirements_for_Microsoft_Windows_Server_System.xls package now. (http://download.microsoft.com/download/1/5/c/15c5287d-7a49-4c83-8ce0-aea7641b1835/Port_Requirements_for_Microsoft_Windows_Server_System.xls)

Active Directory port and protocol requirements

Application servers, client computers and domain controllers that are located in common or external forests have service dependencies so that user and computer initiated operations like domain join, logon authentication, remote administration, and Active Directory replication work correctly. Such services and operations require network connectivity over specific port and networking protocols.

A summarized list of services, ports and protocols required for member computers and domain controllers to inter-operate with each other or for application servers to access Active Directory include but are not limited to the following.
Services on which Active Directory depends
Active Directory / LSA
Computer Browser
Distributed File System
File Replication Service
Kerberos Key Distribution Center
Net Logon
Remote Procedure Call (RPC)
Server
Simple Mail Transfer Protocol (SMTP) (if so configured)
WINS (in Windows Server 2003 SP1 and later versions for backup Active Directory replication operations, if DNS is not working)
Windows Time
World Wide Web Publishing Service
Services that require Active Directory services
Certificate Services (required for specific configurations)
DHCP Server (if so configured)
Distributed File System
Distributed Link Tracking Server (optional but on by default on Windows 2000 computers)
Distributed Transaction Coordinator
DNS Server (if so configured)
Fax Service (if so configured)
File Replication Service
File Server for Macintosh (if so configured)
Internet Authentication Service (if so configured)
License Logging (on by default)
Net Logon
Print Spooler
Remote Installation (if so configured)
Remote Procedure Call (RPC) Locator
Remote Storage Notification
Remote Storage Server
Routing and Remote Access
Server
Simple Mail Transfer Protocol (SMTP) (if so configured)
Terminal Services
Terminal Services Licensing
Terminal Services Session Directory

-------------------
Thanks,
http://paddymaddy.blogspot.com/

SCCM It's Ports ; SCCM using Ports

 

Configurable Ports

Configuration Manager 2007 allows you to configure the ports for the following types of communication:

  • Client to site system
  • Client to Internet (as proxy server settings)
  • Software update point to Internet (as proxy server settings)
  • Software update point to WSUS server
  • Client to reporting point

By default, the HTTP port used for client to site system communication is port 80 and the default HTTPS port is 443. Ports for client-to-site system communication over HTTP or HTTPS can be changed during Setup or in the Site Properties for your Configuration Manager site.

Reporting point site system roles have configurable port settings for HTTP and HTTPS communication defined on the reporting point site system role property page. By default, users connect to the reporting point using the HTTP port 80 and HTTPS port 443. These ports are defined during installation only. To redefine the reporting point communication port, the reporting point site system must be deleted and reinstalled.

Non-Configurable Ports

Configuration Manager does not allow you to configure ports for the following types of communication:

  • Site to site (primary-to-primary or primary-to-secondary)
  • Site server to site system
  • Site server to site database server
  • Site system to site database server
  • Configuration Manager 2007 console to SMS Provider
  • Configuration Manager 2007 console to the Internet

Port Details

The port listings that follow are used by Configuration Manager 2007 and do not include information for standard Windows services, such as Active Directory group policy and Kerberos authentication. For information about Windows Server services and ports, see http://go.microsoft.com/fwlink/?LinkID=123652.

The following diagram indicates connections between Configuration Manager 2007 computers. The number for the link corresponds to the table that lists the ports for that link. The arrows between the computers represent the direction of the communication.

  • -- > indicates one computer initiates and the other computer always responds
  • < -- > indicates that either computer can initiate

1. Site Server < -- > Site Server

Description UDP TCP

Server Message Block (SMB)

--

445

Point to Point Tunneling Protocol (PPTP)

--

1723 (See note 3, RAS Sender)

2. Primary Site Server -- > Domain Controller

Description UDP TCP

Lightweight Directory Access Protocol (LDAP)

--

389

LDAP (Secure Sockets Layer [SSL] connection)

636

636

Global Catalog LDAP

--

3268

Global Catalog LDAP SSL

--

3269

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

3. Site Server < -- > Software Update Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

Hypertext Transfer Protocol (HTTP)

--

80 or 8530 (See note 4, Windows Server Update Services)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 or 8531 (See note 4, Windows Server Update Services)

4. Software Update Point -- > Internet

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 1, Proxy Server port)

5. Site Server < -- > State Migration Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

6. Client -- > Software Update Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 or 8530 (See note 4, Windows Server Update Services)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 or 8531 (See note 4, Windows Server Update Services)

7. Client -- > State Migration Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

Server Message Block (SMB)

--

445

8. Client -- > PXE Service Point

Description UDP TCP

Dynamic Host Configuration Protocol (DHCP)

67 and 68

--

Trivial File Transfer Protocol (TFTP)

69 (See note 5, Trivial FTP (TFTP) Daemon)

--

Boot Information Negotiation Layer (BINL)

4011

--

9. Site Server < -- > PXE Service Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

10. Site Server < -- > System Health Validator

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

11. Client -- > System Health Validator

The client requires the ports established by the Windows Network Access Protection client, which is dependent upon the enforcement client being used. For example, DHCP enforcement will use ports UDP 67 and 68. IPSec enforcement will use ports TCP 80 or 443 to the Health Registration Authority, port UDP 500 for IPsec negotiation and the additional ports needed for the IPsec filters. For more information, see the Windows Network Access Protection documentation. For help with configuring firewalls for IPsec, see http://go.microsoft.com/fwlink/?LinkId=109499.

12. Site Server < -- > Fallback Status Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

13. Client -- > Fallback Status Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

14. Site Server -- > Distribution Point

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

15. Client -- > Distribution Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

Server Message Block (SMB)

--

445

Multicast Protocol

63000-64000

--

16. Client -- > Branch Distribution Point

Description UDP TCP

Server Message Block (SMB)

--

445

17. Client -- > Management Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

18. Client -- > Server Locator Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

19. Branch Distribution Point -- > Distribution Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

20. Site Server -- > Provider

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

21. Server Locator Point -- > Microsoft SQL Server

Description UDP TCP

SQL over TCP

--

1433

22. Management Point -- > Microsoft SQL Server

Description UDP TCP

SQL over TCP

--

1433

23. Provider -- > SQL Server

Description UDP TCP

SQL over TCP

--

1433

24. Reporting Point -- > SQL Server / Reporting Services Point -- > SQL Server

The reporting point and the Reporting Services point use the same ports. The Reporting Services point is applicable to Configuration Manager 2007 R2 only.

Description UDP TCP

SQL over TCP

--

1433

25. Configuration Manager Console -- > Reporting Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

26. Configuration Manager Console -- > Provider

Description UDP TCP

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

27. Configuration Manager Console -- > Internet

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80

28. Primary Site Server -- > Microsoft SQL Server

Description UDP TCP

SQL over TCP

--

1433

29. Management Point -- > Domain Controller

Description UDP TCP

Lightweight Directory Access Protocol (LDAP)

--

389

LDAP (Secure Sockets Layer [SSL] connection)

636

636

Global Catalog LDAP

--

3268

Global Catalog LDAP SSL

--

3269

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

30. Site Server -- > Reporting Point / Site Server -- > Reporting Services Point

The reporting point and the Reporting Services point use the same ports. The Reporting Services point is in Configuration Manager 2007 R2 only.

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

31. Site Server -- > Server Locator Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

32. Configuration Manager Console -- > Site Server

Description UDP TCP

RPC (initial connection to WMI to locate provider system)

--

135

33. Software Update Point -- > WSUS Synchronization Server

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 or 8530 (See note 4, Windows Server Update Services)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 or 8531 (See note 4, Windows Server Update Services)

34. Configuration Manager Console -- > Client

Description UDP TCP

Remote Control (control)

2701

2701

Remote Control (data)

2702

2702

Remote Control (RPC Endpoint Mapper)

--

135

Remote Assistance (RDP and RTC)

--

3389

35. Management Point < -- > Site Server

(See note 6, Communication between the site server and site systems)

Description UDP TCP

RPC Endpoint mapper

--

135

RPC

--

DYNAMIC

Server Message Block (SMB)

--

445

36. Site Server -- > Client

Description UDP TCP

Wake on LAN

9 (See note 2, Alternate Port Available)

--

37. Configuration Manager client -- > Global Catalog Domain Controller

A Configuration Manager client does not contact a global catalog server when it is a workgroup computer or when it is configured for Internet-only communication.

Description UDP TCP

Global Catalog LDAP

--

3268

Global Catalog LDAP SSL

--

3269

38. PXE Service Point -- > Microsoft SQL Server

Description UDP TCP

SQL over TCP

--

1433

39. Site Server < -- > Asset Intelligence Synchronization Point (Configuration Manager 2007 SP1)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

40. Asset Intelligence Synchronization Point < -- > System Center Online (Configuration Manager 2007 SP1)

Description UDP TCP

Secure Hypertext Transfer Protocol (HTTPS)

--

443

41. Multicast Distribution Point -- > Microsoft SQL Server(Configuration Manager 2007 R2)

Description UDP TCP

SQL over TCP

--

1433

42. Client status reporting host --> Client (Configuration Manager 2007 R2)

Description UDP TCP

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

ICMPv4 Type 8 (Echo) or

ICMPv6 Type 128 (Echo Request)

n/a

n/a

43. Client status reporting host --> Management Point (Configuration Manager 2007 R2)

Description UDP TCP

Server Message Block (SMB)

--

445

NetBIOS Session Service

--

139

44. Client status reporting host --> Microsoft SQL Server (Configuration Manager 2007 R2)

Description UDP TCP

SQL over TCP

--

1433

45. Site Server < -- > Reporting Services Point (Configuration Manager 2007 R2)

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

46. Configuration Manager Console -- > Reporting Services Point (Configuration Manager 2007 R2)

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

47. Reporting Services Point -- > Microsoft SQL Server (Configuration Manager 2007 R2)

Description UDP TCP

SQL over TCP

--

1433

Notes

1 Proxy Server port    This port cannot be configured but can be routed through a configured proxy server.

2 Alternate Port Available    An alternate port can be defined within Configuration Manager for this value. If a custom port has been defined, substitute that custom port when defining the IP filter information for the IPsec policies.

3 RAS Sender    Configuration Manager 2007 can also use the RAS Sender with Point to Point Tunneling Protocol (PPTP) to send and receive Configuration Manager 2007 site, client, and administrative information through a firewall. Under these circumstances, the PPTP TCP 1723 port is used.

4 Windows Server Update Services    WSUS can be installed either on the default Web site (port 80) or a custom Web site (port 8530).

After installation, the port can be changed.

If the HTTP port is 80, the HTTPS port must be 443.

If the HTTP port is anything else, the HTTPS port must be 1 higher—for example 8530 and 8531.

5 Trivial FTP (TFTP) Daemon    The Trivial FTP (TFTP) Daemon system service does not require a user name or password and is an integral part of the Windows Deployment Services (WDS). The Trivial FTP Daemon service implements support for the TFTP protocol defined by the following RFCs:

  • • RFC 350—TFTP
  • • RFC 2347—Option extension
  • • RFC 2348—Block size option
  • • RFC 2349—Time-out interval, and transfer size options

Trivial File Transfer Protocol is designed to support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port will allow the TFTP service to receive incoming TFTP requests but will not allow the selected server to respond to those requests. Allowing the selected server to respond to inbound TFTP requests cannot be accomplished unless the TFTP server is configured to respond from port 69.

6 Communication between the site server and site systems    By default, communication between the site server and site systems is bi-directional. The site server initiates communication to configure the site system, and then most site systems connect back to the site server to send back status information. Reporting points and distribution points do not send back status information. If you select Allow only site server initiated data transfers from this site system on the site system properties, the site system will never initiate communication back to the site server.

7 Ports used by distribution points for application virtualization streaming    A distribution point enabled to support application virtualization can be configured to use either HTTP or HTTPS. This feature is available in Configuration Manager 2007 R2 only.

Configuration Manager Remote Control Ports

When you use NetBIOS over TCP/IP for Configuration Manager 2007 Remote Control, the ports described in the following table are used.

Description UDP TCP

RPC Endpoint Mapping

--

135

Name resolution

137

--

Messaging

138

--

Client Sessions

--

139

AMT Out of Band Management Ports (Configuration Manager 2007 SP1)

When you use the out of band management feature in Configuration Manager 2007 SP1, the following ports are used.

A. Site Server <--> Out of Band Service Point

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

B. AMT Management Controller --> Out of Band Service Point

Description UDP TCP

Provisioning

--

9971 (configurable)

C. Out of Band Service Point --> AMT Management Controller

Description UDP TCP

Discovery

--

16992

Power control, provisioning, and discovery

--

16993

D. Out of Band Management Console --> AMT Management Controller

Description UDP TCP

General management tasks

--

16993

Serial over LAN and IDE redirection

--

16995

Ports Used by Windows Servers 

The following table lists some of the key ports that Windows Server uses and their respective functions. For a more complete list of Windows Server services and network ports requirements, see http://go.microsoft.com/fwlink/?LinkID=123652.

Description UDP TCP

Domain Name System (DNS)

53

--

Dynamic Host Configuration Protocol (DHCP)

67 and 68

--

Windows Internet Name Service (WINS)

138

--

NetBIOS datagrams

138

--

NetBIOS datagrams

--

139

Connecting with Microsoft SQL Server

If you use the TCP/IP Net-Library, enable port 1433 on the firewall. Use the Hosts file or an advanced connection string for host name resolution.

If you use named pipes over TCP/IP, enable port 139 for NetBIOS functions. NetBIOS should be used only for troubleshooting Kerberos issues.

Note
TCP/IP is required for network communications to allow Kerberos authentication. Named pipes communication is not required for Configuration Manager 2007 site database operations and should be used only to troubleshoot Kerberos authentication issues.

By default, SQL Server uses TCP (not UDP) port 1433 to listen on TCP/IP. To change the port, run SQL Server Setup on the server, and then click Change Network Support. If SQL Server uses port 1433, the client Net-Library works. If SQL Server uses a custom port number, the client must specify that port in the Data Source Name (DSN).

Microsoft does not recommend that you enable UDP ports 137 and 138 for NetBIOS name resolution by using B-node broadcasts. Instead, you can use a WINS server or an LMHOSTS file for name resolution.

Installation Requirements for Internet-Based Site Systems

The Internet-based management point, software update point, and fallback status point use the following ports for installation and repair:

  • Site server --> site system: RPC endpoint mapper using UDP and TCP port 135.
  • Site server --> site system: RPC dynamic TCP ports.
  • Site server < --> site system: Server message blocks (SMB) using TCP port 445.

Distribution points do not install until the first package is targeted to them. Package installations on distribution points require the following RPC ports:

  • Site server --> distribution point: RPC endpoint mapper using UDP and TCP port 135.
  • Site server --> distribution point: RPC dynamic TCP ports.
 

-------------------
Thanks,
http://paddymaddy.blogspot.com/

Microsoft Deployment Toolkit 2008 Webcasts

All SCCM 2007 logs at one Place

Client Log Files

The Configuration Manager 2007 client logs are located in one of the following locations: ·         On computers that serve as management points, the client logs are located in the SMS_CCM\Logs folder. ·         On all other computers, the client log files are located in the %Windir%\System32\CCM\Logs folder or the %Windir%\SysWOW64\CCM\Logs.The following table lists and describes the client log files.

Log File Name Description
CAS Content Access service. Maintains the local package cache.
CcmExec.log Records activities of the client and the SMS Agent Host service.
CertificateMaintenance.log Maintains certificates for Active Directory directory service and management points.
ClientIDManagerStartup.log Creates and maintains the client GUID.
ClientLocation.log Site assignment tasks.
ContentTransferManager.log Schedules the Background Intelligent Transfer Service (BITS) or the Server Message Block (SMB) to download or to access SMS packages.
DataTransferService.log Records all BITS communication for policy or package access.
Execmgr.log Records advertisements that run.
FileBITS.log Records all SMB package access tasks.
Fsinvprovider.log (renamed to FileSystemFile.log in all SMS 2003 Service Packs) Windows Management Instrumentation (WMI) provider for software inventory and file collection.
InventoryAgent.log Creates discovery data records (DDRs) and hardware and software inventory records.
LocationServices.log Finds management points and distribution points.
Mifprovider.log The WMI provider for .MIF files.
Mtrmgr.log Monitors all software metering processes.
PolicyAgent.log Requests policies by using the Data Transfer service.
PolicyAgentProvider.log Records policy changes.
PolicyEvaluator.log Records new policy settings.
Remctrl.log Logs when the remote control component (WUSER32) starts.
Scheduler.log Records schedule tasks for all client operations.
Smscliui.log Records usage of the Systems Management tool in Control Panel.
StatusAgent.log Logs status messages that are created by the client components.
SWMTRReportGen.log Generates a usage data report that is collected by the metering agent. (This data is logged in Mtrmgr.log.)

Site Server Log Files

Most Configuration Manager 2007 site server log files are located in the <InstallationPath>\LOGS folder. Because Configuration Manager 2007 relies heavily on Microsoft Internet Information Services (IIS), you can review the IIS log file for additional errors that relate to client access to the IIS server. The IIS log file is located in the %Windir%\System32\logfiles\W3SVC1 folder on the IIS server. The following table lists and describes the site server log files.

Log File Name Description
Ccm.log Client Configuration Manager tasks.
Cidm.log Records changes to the client settings by the Client Install Data Manager (CIDM).
Colleval.log Logs when collections are created, changed, and deleted by the Collection Evaluator.
Compsumm.log Records Component Status Summarizer tasks.
Cscnfsvc.log Records Courier Sender confirmation service tasks.
Dataldr.log Processes Management Information Format (MIF) files and hardware inventory in the Configuration Manager 2007 database.
Ddm.log Saves DDR information to the Configuration Manager 2007 database by the Discovery Data Manager.
Despool.log Records incoming site-to-site communication transfers.
Distmgr.log Records package creation, compression, delta replication, and information updates.
Hman.log Records site configuration changes, and publishes site information in Active Directory Domain Services.
Inboxast.log Records files that are moved from the management point to the corresponding SMS\INBOXES folder.
Inboxmgr.log Records file maintenance.
Invproc.log Records the processing of delta MIF files for the Dataloader component from client inventory files.
Mpcontrol.log Records the registration of the management point with WINS. Records the availability of the management point every 10 minutes.
Mpfdm.log Management point component that moves client files to the corresponding SMS\INBOXES folder.
MPMSI.log Management point .msi installation log.
MPSetup.log Records the management point installation wrapper process.
Ntsvrdis.log Configuration Manager 2007 server discovery.
Offermgr.log Records advertisement updates.
Offersum.log Records summarization of advertisement status messages.
Policypv.log Records updates to the client policies to reflect changes to client settings or advertisements.
Replmgr.log Records the replication of files between the site server components and the Scheduler component.
Rsetup.log Reporting point setup log.
Sched.log Records site-to-site job and package replication.
Sender.log Records files that are sent to other child and parent sites.
Sinvproc.log Records client software inventory data processing to the site database in Microsoft SQL Server.
Sitecomp.log Records maintenance of the installed site components.
Sitectrl.log Records site setting changes to the Sitectrl.ct0 file.
Sitestat.log Records the monitoring process of all site systems.
Smsdbmon.log Records database changes.
Smsexec.log Records processing of all site server component threads.
Smsprov.log Records WMI provider access to the site database.
SMSReportingInstall.log Records the Reporting Point installation. This component starts the installation tasks and processes configuration changes.
Srvacct.log Records the maintenance of accounts when the site uses standard security.
Statmgr.log Writes all status messages to the database.
Swmproc.log Processes metering files and maintains settings.

The Admin UI log files are located in <InstallationPath>\AdminUI\. The following table lists and describes the Admin UI log files.

Log File Name Description
RepairWizard.log Records errors, warnings, and information about the process of running the Repair Wizard.
ResourceExplorer.log Records errors, warnings, and information about running the Resource Explorer.
SMSAdminUI.log Records the local Configuration Manager 2007 console tasks when you connect to Configuration Manager 2007 sites.

Management Point Log Files

If management points are installed in the site hierarchy, management point log files are stored in the SMS_CCM\LOGS folder on the management point computer. The following table lists and describes the management point log files.

Log File Name Description
MP_Ddr.log Records the conversion of XML.ddr records from clients, and copies them to the site server.
MP_GetAuth.log Records the status of the site management points.
MP_GetPolicy.log Records policy information.
MP_Hinv.log Converts XML hardware inventory records from clients and copies the files to the site server.
MP_Location.log Records location manager tasks.
MP_Policy.log Records policy communication.
MP_Relay.log Copies files that are collected from the client.
MP_Retry.log Records the hardware inventory retry processes.
MP_Sinv.log Converts XML hardware inventory records from clients and copies them to the site server.
MP_Status.log Converts XML.svf status message files from clients and copies them to the site server.

Mobile Device Management Log Files

If mobile device management is enabled in the site hierarchy, mobile device management point log files are generally stored in the <ConfigMgrInstallPath>\LOGS folder on the mobile device management point computer. The following table lists and describes the mobile device management point log files.

Mobile Device Management Point Logs

Log File Name Description
DmClientHealth.log Records the GUIDs of all the mobile device clients that are communicating with the Device Management Point.
DmClientRegistration.log Records registration requests from and responses to the mobile device client in Native mode.
DmpDatastore.log Records all the site database connections and queries made by the Device Management Point.
DmpDiscovery.log Records all the discovery data from the mobile device clients on the Device Management Point.
DmpFileCollection.log Records mobile device file collection data from mobile device clients on the Device Management Point.
DmpHardware.log Records hardware inventory data from mobile device clients on the Device Management Point.
DmpIsapi.log Records mobile device communication data from device clients on the Device Management Point.
dmpMSI.log Records the MSI data for Device Management Point setup.
DMPSetup.log Records the mobile device management setup process.
DmpSoftware.log Records mobile device software distribution data from mobile device clients on the Device Management Point.
DmpStatus.log Records mobile device status messages data from mobile device clients on the Device Management Point.
FspIsapi.log Records Fallback Status Point communication data from mobile device clients and client computers on the Fallback Status Point.

Mobile Device Management Client Logs

For the locations of log files on managed mobile devices and on computers that are used to deploy the mobile device client, see How to Configure Logging for Windows Mobile and Windows CE Devices. The following table lists and describes the mobile device management client log files.

Log File Name Description
DmCertEnroll.log Records certificate enrollment data on mobile device clients.
DMCertResp.htm (in \temp) Records HTML response from the certificate server when the mobile device Enroller program requests a client authentication certificate on mobile device clients.
DmClientSetup.log Records client setup data on mobile device clients.
DmClientXfer.log Records client transfer data for Windows Mobile Device Center and ActiveSync deployments.
DmCommonInstaller.log Records client transfer file installation for setting up mobile device client transfer files on client computers.
DmInstaller.log Records whether DMInstaller correctly calls DmClientSetup and whether DmClientSetup exits with success or failure on mobile device clients.
DmInvExtension.log Records Inventory Extension file installation for setting up Inventory Extension files on client computers.
DmSvc.log Records mobile device management service data on mobile device clients.

Operating System Deployment Log Files

The following table lists and describes the operating system deployment log files.

Log File Name Description
CCMSetup.log Provides information about client-based operating system actions.
CreateTSMedia.log Provides information about task sequence media when it is created. This log is generated on the computer running the Configuration Manager 2007 administrator console.
DriverCatalog.log Provides information about device drivers that have been imported into the driver catalog.
MP_ClientIDManager.log Provides information about the Configuration Manager 2007 management point when it responds to Configuration Manager 2007 client ID requests from boot media or PXE. This log is generated on the Configuration Manager 2007 management point.
MP_DriverManager.log Provides information about the Configuration Manager 2007 management point when it responds to a request from the Auto Apply Driver task sequence action. This log is generated on the Configuration Manager 2007 management point.
MP_Location.log Provides information about the Configuration Manager 2007 management point when it responds to request state store or release state store requests from the state migration point. This log is generated on the Configuration Manager 2007 management point.
Pxecontrol.log Provides information about the PXE Control Manager.
PXEMsi.log Provides information about the PXE service point and is generated when the PXE service point site server has been created.
PXESetup.log Provides information about the PXE service point and is generated when the PXE service point site server has been created.
Setupact.log Setupapi.log Setuperr.log Provide information about Windows Sysprep and setup logs.
SmpIsapi.log Provides information about the state migration point Configuration Manager 2007 client request responses.
Smpmgr.log Provides information about the results of state migration point health checks and configuration changes.
SmpMSI.log Provides information about the state migration point and is generated when the state migration point site server has been created.
Smsprov.log Provides information about the SMS provider.
Smspxe.log Provides information about the Configuration Manager 2007 PXE service point.
SMSSMPSetup.log Provides information about the state migration point and is generated when the state migration point site server has been created.
Smsts.log General location for all operating system deployment and task sequence log events.Log file location:·         If task sequence completes when running in the full operating system with a Configuration Manager 2007 client installed on the computer: <CCM Install Dir>\logs·         If task sequence completes when running in the full operating system with no Configuration Manager 2007 client installed on the computer: %temp%\SMSTSLOG·         If task sequence completes when running in WindowsPE: <largest fixed partition>\SMSTSLOG

Note
<CCM Install Dir> is %windir%\system32\ccm\logs for most Configuration Manager 2007 clients and is <Configuration Manager 2007 installation drive>\SMS_CCM for the Configuration Manager 2007 site server. For 64-bit operating systems, it is %windir%\SysWOW64\ccm\logs.
TaskSequenceProvider.log Provides information about task sequences when they are imported, exported, or edited.
USMT Log loadstate.log Provides information about the User State Migration Tool (USMT) regarding the restore of user state data.
USMT Log scanstate.log Provides information about the USMT regarding the capture of user state data.

Network Access Protection Log Files

By default, client log files related to Network Access Protection are found in %windir%\CCM\Logs. For client computers that are also management points, the log files are found in %ProgramFiles%\SMS_CCM\Logs.The following table lists and describes the Network Access Protection log files.

Log File Name Description
Ccmcca.log Logs the processing of compliance evaluation based on Configuration Manager NAP policy processing and contains the processing of remediation for each software update required for compliance.
CIAgent.log Tracks the process of remediation and compliance. However, the software updates log file, Updateshandler.log, provides more informative details on installing the software updates required for compliance.
locationservices.log Used by other Configuration Manager features (for example, information about the client's assigned site) but also contains information specific to Network Access Protection when the client is in remediation. It records the names of the required remediation servers (management point, software update point, and distribution points that host content required for compliance), which are also sent in the client statement of health.
SDMAgent.log Shared with the Configuration Manager feature desired configuration management and contains the tracking process of remediation and compliance. However, the software updates log file, Updateshandler.log, provides more informative details about installing the software updates required for compliance.
SMSSha.log The main log file for the Configuration Manager Network Access Protection client and contains a merged statement of health information from the two Configuration Manager components: location services (LS) and the configuration compliance agent (CCA). This log file also contains information about the interactions between the Configuration Manager System Health Agent and the operating system NAP agent, and also between the Configuration Manager System Health Agent and both the configuration compliance agent and the location services. It provides information about whether the NAP agent successfully initialized, the statement of health data, and the statement of health response.

The System Health Validator point log files are located in %systemdrive%\SMSSHV\SMS_SHV\Logs, and they are listed and described in the following table.

Log File Name Description
Ccmperf.log Contains information about the initialization of the System Health Validator point performance counters.
SmsSHV.log The main log file for the System Health Validator point; logs the basic operations of the System Health Validator service, such as the initialization progress.
SmsSHVADCacheClient.log Contains information about retrieving Configuration Manager health state references from Active Directory Domain Services.
SmsSHVCacheStore.log Contains information about the cache store used to hold the Configuration Manager NAP health state references retrieved from Active Directory Domain Services, such as reading from the store and purging entries from the local cache store file. The cache store is not configurable.
SmsSHVRegistrySettings.log Records any dynamic changes to the System Health Validator component configuration while the service is running.
SmsSHVQuarValidator.log Records client statement of health information and processing operations. To obtain full information, change the registry key LogLevel from 1 to 0 in the following location:HKLM\SOFTWARE\Microsoft\SMSSHV\Logging\@GLOBAL

Setup information for the System Health Validator point can be found in a setup log file, described in the following table, on the computer running the Network Policy Server.

Log File Name Description
<ConfigMgrInstallationPath>\Logs\SMSSHVSetup.log Records the success or failure (with failure reason) of installing the System Health Validator point.

Desired Configuration Management Log Files

By default, the Configuration Manager 2007 client computer log files are found in %windir%\System32\CCM\Logs or in %windir%\SysWOW64\CCM\Logs. For client computers that are also management points, the client log files are located in the SMS_CCM\Logs folder. The following table lists and describes these log files.

Log File Name Description
ciagent.log Provides information about downloading, storing, and accessing assigned configuration baselines.
dcmagent.log Provides high-level information about the evaluation of assigned configuration baselines and desired configuration management processes.
discovery.log Provides detailed information about the Service Modeling Language (SML) processes.
sdmagent.log Provides information about downloading, storing, and accessing configuration item content.
sdmdiscagent.log Provides high-level information about the evaluation process for the objects and settings configured in the referenced configuration items.

Wake On LAN Log Files

The Configuration Manager 2007 site server log files related to Wake On LAN are located in the folder <ConfigMgrInstallationPath>\Logs on the site server. There are no client-side log files for Wake On LAN. The following table lists and describes the Wake On LAN log files.

Log File Name Description
Wolmgr.log Contains information about wake-up procedures such as when to wake up advertisements or deployments that are configured for Wake On LAN.
WolCmgr.log Contains information about which clients need to be sent wake-up packets, the number of wake-up packets sent, and the number of wake-up packets retried.

Software Updates Site Server Log Files

The Configuration Manager 2007 site server log files are found, by default, in <InstallationPath>\Logs. The following table lists and describes the software updates site server log files.

Log File Name Description
ciamgr.log Provides information about the addition, deletion, and modification of software update configuration items.
distmgr.log Provides information about the replication of software update deployment packages.
objreplmgr.log Provides information about the replication of software updates notification files from a parent to child sites.
PatchDownloader.log Provides information about the process for downloading software updates from the update source specified in the software updates metadata to the download destination on the site server.

Note
On 64-bit operating systems and on 32-bit operating systems with no Configuration Manager 2007 installed, PatchDownloader.log is created in the server logs directory. On 32-bit operating systems, if the Configuration Manager 2007 client is installed, PatchDownloader.log is created in the client logs directory.
replmgr.log Provides information about the process for replicating files between sites.
smsdbmon.log Provides information about when software update configuration items are inserted, updated, or deleted from the site server database and creates notification files for software updates components.
SUPSetup Provides information about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file.
WCM.log Provides information about the software update point configuration and connecting to the Windows Server Update Services (WSUS) server for subscribed update categories, classifications, and languages.
WSUSCtrl.log Provides information about the configuration, database connectivity, and health of the WSUS server for the site.
wsyncmgr.log Provides information about the software updates synchronization process.

WSUS Server Log Files

By default, the log files for WSUS running on the software update point site system role are found in %ProgramFiles%\Update Services\LogFiles. The following table lists and describes the WSUS server log files.

Log File Name Description
Change.log Provides information about the WSUS server database information that has changed.
SoftwareDistribution.log Provides information about the software updates that are synchronized from the configured update source to the WSUS server database.

Software Updates Client Computer Log Files

By default, the Configuration Manager 2007 client computer log files are found in %windir%\CCM\Logs. For client computers that are also management points, the log files are found in %ProgramFiles%\SMS_CCM\Logs. The following table lists and describes the software updates client computer log files.

Log File Name Description
CAS.log Provides information about the process of downloading software updates to the local cache and cache management.
CIAgent.log Provides information about processing configuration items, including software updates.
LocationServices.log Provides information about the location of the WSUS server when a scan is initiated on the client.
PatchDownloader.log Provides information about the process for downloading software updates from the update source to the download destination on the site server. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.
PolicyAgent.log Provides information about the process for downloading, compiling, and deleting policies on client computers.
PolicyEvaluator Provides information about the process for evaluating policies on client computers, including policies from software updates.
RebootCoordinator.log Provides information about the process for coordinating system restarts on client computers after software update installations.
ScanAgent.log Provides information about the scan requests for software updates, what tool is requested for the scan, the WSUS location, and so on.
ScanWrapper Provides information about the prerequisite checks and the scan process initialization for the Inventory Tool for Microsoft Updates on Systems Management Server (SMS) 2003 clients.
SdmAgent.log Provides information about the process for verifying and decompressing packages that contain configuration item information for software updates.
ServiceWindowManager.log Provides information about the process for evaluating configured maintenance windows.
smscliUI.log Provides information about the Configuration Manager Control Panel user interactions, such as initiating a Software Updates Scan Cycle from the Configuration Manager Properties dialog box, opening the Program Download Monitor, and so on.
SmsWusHandler Provides information about the scan process for the Inventory Tool for Microsoft Updates on SMS 2003 client computers.
StateMessage.log Provides information about when software updates state messages are created and sent to the management point.
UpdatesDeployment.log Provides information about the deployment on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.
UpdatesHandler.log Provides information about software update compliance scanning and about the download and installation of software updates on the client.
UpdatesStore.log Provides information about the compliance status for the software updates that were assessed during the compliance scan cycle.
WUAHandler.log Provides information about when the Windows Update Agent on the client searches for software updates.
WUSSyncXML.log Provides information about the Inventory Tool for the Microsoft Updates synchronization process. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.

Windows Update Agent Log File

By default, the Windows Update Agent log file is found on the Configuration Manager Client computer in %windir%. The following table provides the log file name and description.

Log File Name Description
WindowsUpdate.log Provides information about when the Windows Update Agent connects to the WSUS server and retrieves the software updates for compliance assessment and whether there are updates to the agent components.

-------------------
Thanks,
http://paddymaddy.blogspot.com/