Deep Dive into Application Deployment on the Client Side in Microsoft SCCM

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi my name is Justin shellphone I'm the engineering lead at patch my PC we develop a third-party patch management solution that integrates into Microsoft configuration manager proud in my current role is also a premier field engineer at Microsoft supporting config manager in this video we're gonna be doing a deep dive into the application deployment process from a client side perspective so this is not going to be an overview of creating applications and deployment types this is going to be a deep dive into what's actually happening on the client side when it gets policy for applications how the client evaluates the different requirements that you might have for your deployment types the download process of the content as well as the installation so just a deep dive into what it actually looks like on the client side and all of the client components involved in the actual installation of applications so if you're looking for a basic guide on creating applications this video would not be the one for you this is really going to be that deep dive of what's actually happening when we deploy it how that client is gonna actually evaluate and install the application but for this demo I do want to show you the application that we will be using in deploying to our client so it's a 7-zip application so it's a pretty basic app so what we've got going on is our application and we have two different deployment types so we have the 32-bit MSI in the 64-bit MSI of 7-zip within this application for our deployment types so if we actually do properties of this it's pretty basic what we're doing here so within our content for the 32-bit version we're just pointing out to the 32-bit MSI file so that's all that's going on there for the installation we're just using our MSI but for the requirements since this is the 32-bit version we're making it so it would only install on client operating systems that are running the 32-bit version of the OS so that's what we have going on for this deployment type now our second deployment type that's going to be for our 64-bit version of 7-zip so everything else is quite similar the only difference here is that we're using the 64-bit MSI and for the requirements we're using the 64-bit version of our client operating systems now I have already deployed this to my device so the device that we're gonna be analyzing we have this in a collection of that device is in and this is just an available deployment so we're gonna see it in software Center and we are showing notification so we would get the balloon notification when it's available and we would see that in the system tray all right so jumping over to our client this is a Berggren be analyzing most of the content within this video for the application installation process and the evaluation this is all going to be on our client side so this machine has not got policy yet for this application so we just powered this machine on and what we'll do to speed things up is we'll go ahead and start a machine policy cycle so if we go ahead and look at policy agent what we're going to notice here is this machine's gonna start downloading different policies in our case it's gonna go get the policy for the application and then things will be happening in the background for the evaluation and what we're going to do will dig through each of these different components that are involved in this download in this evaluation of the application so now we can see that since we showed notifications and this is just an available deployment we did get that notification saying hey you have new software available so at this point I think that we'll go ahead and close out of this log and we'll minimize that and then what we'll do we'll go ahead and open up all our log files on our client because there's a lot of different components involved and what we'll do we'll kind of walk through the different process of how we would go through and see what actually is happening so what I'm going to do is go ahead and open up all my client logs and I'm going to choose the merge option within CM trace so we can kind of walk through and see what specifically is happening here now what we want to do is if I jump back to my console and if I look at my application in my deployment what I'm going to do is go ahead and copy the deployment ID and then what we're going to do is after we go back to our client so we've merged every single log file so what we're gonna do next here is I'm going to copy that deployment ID and then we're gonna search for that right so if we look at where it found it we're about halfway through this log file so most of the information that we've got up here this is mostly gonna be just information about the SMS service when it was starting up so this is just a lot of data different log files for when that service was actually starting but if we come back here and search for that deployment ID the first thing that's really going to be relevant for us is going to be the policy so since we've got all these mark log files merged this is actually coming from our policy agent log file so that's the first thing that needs to happen for our client when we get a new application deployment so it's going to get the policy when it downloads that from our management point now once we verify that policy agents start seeing that we have the policy the next thing that's gonna happen is our data transfer service is actually gonna kick in and then it's going to start downloading that policy so let me just do a quick search that shouldn't be too much further down here so I'm going to search for the policy ID so here we go so now that we've got the policy data transfer services can then actually initiate the download of that policy and then it's going to start evaluating different things within that now once we download the policy we're gonna store that into WMI so I'm using WMI explorer I'll include a link to this and our resources within the company blog post so if we go ahead and connect into our machine here what we're gonna want to look at is our CCM namespace so if we take a look at that expand that and then there's going to be a policy and we want to look at the Machine policy here we are and then the actual config so if we go ahead and open that up the information where this application information actually gets stored in WMI is going to be in the class the CCM application CI assignment so if we actually look at this class we're gonna notice we have a new instance now if we look at the instance we can verify that the assignment ID actually matches that deployment ID within config manager so this is going to be where the policy gets compiled and this is going to be where all the different config menu component a lot of data that they've read about different actions it stores that in WMI and a lot of data will get read from WMI so here we can see just various information about this so for example we're gonna get the name of the application we're gonna get whether it's available required information about whether we're making it visible to the user and just different information the deadlines the start time just data about that now another different namespace that we store data and if we look at the client SDK go ahead and open that up and then within the CCM application class so if we open that up and we look at the application deployment ID so this is going to be this namespace controls different information that the user might see so data that was show up in software Center we're gonna get data about that here so for example we're gonna give you the full name of the application different actions so whether it's only allowed to be installed if you enable the uninstall feature or the repair you would also get more information available here we're gonna show whether it's currently installed as well as the progress so if we were to click install in software Center we would see this WMI namespace in these different properties and attributes automatically update we can also see that it's set to notify the user so that's why we got that notification in our history what's the information about the version and I think that's probably what's kind of relevant here within WMI at least for what we're what we need to see here so that looks good so going back to the log so this is really just the beginning of what started happening here so once we start downloading policy the next thing that's gonna kick in is to actually see whether the application is needed so once we get the policy and the basics about the information it's then gonna start evaluating whether the application is required for any of the deployment types so let's just walk through the log a lot of these lines are gonna be related to downloading the initial policy so all those different requirements and the rules that we created they all need to be evaluated and downloaded so we'll keep on kind of scrolling down what we're gonna be looking for is the DCM agent component within this log file so that's gonna be once we actually get everything downloaded and we get all the policy that's gonna be the component that's actually gonna start evaluating the requirements to see if it's actually needed all right so I went ahead and found the first message from the DCM agent so there's gonna be high-level information about the evaluation of the application so if we look over here we can see information that it's going to start seeing whether or not it needs this assignment for the application deployment so that's gonna go ahead and kick in and then it's going to start evaluating different things within that application so we can we can see that the component it sees that the application is targeted to the machine so then it's gonna go ahead and start downloading a little bit more let me just run another quick search to find the next DCM agent log so here we go so it can see that the the scan is happening here it can tell that it's not a mandatory application deployment but it's going to give us some basic information about how it's evaluating CI agents then going to kick in so this is going to start doing a Depot level evaluation so we're gonna start seeing information from the configuration item agent where it's going to start evaluating whether or not it's required right so next we're gonna get a lot of different configuration item data starting to download from our management point so here we can see data transfer service is starting to download just different data within this application so when I refer to a configuration item that's really just an application so on the back end an application is stored as a configuration item the same way that updates are also configuration items so that's gonna be as downloading all the different data for the configuration item within that application so let me just run a quick search to see the next line that I'm looking at so the CIA agent we're gonna see information that the deployment is applicable and it's in scope for being evaluated so the base requirements within our requirements met are met so then it's going to continue evaluating additional requirements to see whether or not any of the deployment types within that application are applicable so here for example we can see it evaluating some of the different requirements for the client os's that we did for those different deployment types so the next action once it's kind of done evaluating all of those there's going to be a app intent eval log that we're gonna look at here now this is gonna give us some detailed stats about whether any of the applications dependencies or deployment types are within scope for being needed on this device so here we can see that the deployment type so here we can see the application we can see the MSI and then what we're gonna do is we can see it has two different IDs here so that's our two different deployment types now what we're gonna also see that it's going to start evaluating each of those deployment types so after the CIA agent evaluated all the different requirements the app intent evals gonna tell us whether anything's actually needed on that device for that so if we take a look at this log file for app intend eval we can see hey this deployment for this application the current state is not installed the applicability is applicable so that looks good now the resolved state is available so that means that it's available to deployment so this would never all or reevaluate like if it was a required deployment so we can see the configuration state it doesn't need to remediate or install this because it's just available so it's not going to automatically force anything for the title we can see that this is the 64-bit MSI deployment type that we're detecting as applicable and available to install now if we look at the next line we can see that this is evaluating the deployment type for the 32-bit version since this is a 64-bit OS we can verify that the applicability for this deployment type is reporting back as not being applicable so now that we've determined that the 64-bit deployment type is applicable the next line that I'm gonna search for is the CCM SDK provider so this is gonna be a log file that's gonna determine whether or not we actually need to display anything to the users and notify anybody about this deployment so we can see that this provider is gonna be what reports back that this application is needed and then that's going to determine whether we need to display any messages so for example this was available and it was set to show notifications so since a user was logged in that's why we got the notification so some of these components are gonna be what's actually going to be sending that notification in so once that reports that the application is needed and it needs to determine whether it's there the next log file that we're going to do is show you the actual notification here so if we search out we can see that there's a component called SEC client so this is going to be the actual component that's going to report and interactively show things to Software Center and or any logged in user depending on the way that your application is set to deploy ok so here's that same component so this is where we can actually see that namespace that we were looking at in WMI for that Client SDK this is that same namespace and property that we were looking at within W my Explorer over here so there's gonna be what's being reported into software center and determining whether we're showing any user notifications like pop-ups or whether it's going to be even displayed in software Center if the user was to manually open up software Center so that looks good now since we showed the notification let me just run a quick search here we can see a component called SC toast notifications is going to automatically prompt the actual balloon notification that we saw here in the notification center so that's going to be where we can see that it starts to trigger that and then it's going to show that a notification here all right so that's pretty much where we're at right now so the next thing that we're gonna go ahead and look at is what actually happens when an installation is triggered and what other components are involved so what we're doin okay all right so I just want to take a note where we're at in a log file so we can ignore anything before this so it looks like 10 49 18 all right so we're gonna go ahead and trigger a install from Software Center so this should be pretty quick since it's just a small MSI so there we can go we can see that the installation is now completed so what I'll do I'll go ahead and minimize this and we will open up a lot of log files again and just because there might be some new log files that weren't previously there I might go ahead and select everything again and then choose to merge and then open alright so now that the log files have loaded we're back to where we previously left off so I've already scrolled down to my 10 4918 mark so what we can see here is the first thing that's going to kick in is our SC see client so this gonna show us hey an installation is now being performed the reason we're seeing this from SCC client is because that's because I triggered the installation from Software Center and that's gonna be what triggered the install to actually initiate here so here we go the right after we started triggering that that's gonna tell the DCM agent to start evaluating whether the application is still needed so if we take a look at that log file line we can see that the deployment for the application is now starting to install or starting to evaluate so we can see that it's set to be a machine targeted deployment and it's going to start evaluating and installing now the next relevant log is going to be app discovery so if I do a quick search for the log line that I'm looking at what we're gonna see is it's gonna start performing the detection of the deployment type so we can see that's going to evaluate whether that 64-bit deployment type for the MSI is still applicable to my device so I can see that information here and then we can see if we look back here scroll down and we can see that it detected that the MSI is not discovered or the print or whatever requirements that you had within there for our install rule we can see that it's not installed currently so that looks good so that's gonna mean that that deployment type is now needed and it's gonna start triggering the next action here so once that's determined it's needed it's gonna then do a Content lookup for the application so if I search for my next relevant line we can see that the Cavs log or content access is then going to determine that it has content that it needs to download so if we take a quick look here we can see that the content that it's determined that it needed is this Content ID now if we go ahead and copy that and look back in our console if we take a look at the deployment type in the Content ID we can see that the ID that we copied here is going to correlate to the 64-bit only deployment type because we wouldn't need to download anything for this 32-bit version because we determined that that content and that deployment type is not applicable for our device so searching back we can just verify in that log file that we're downloading the content that ends in four to nine so jumping back over here we can see that we're downloading four to nine and the revision is just version one so if you had any modifications to that content and chose to update the DP you might see like a dot two or dot three or whatever revision number that we're on so once we determine the content that we actually need the next line that I'm going to look at here is going to be our content transfer manager is actually gonna start a download operation for bits so we're gonna see that that's gonna kick in and say hey I need to download some content and that's going to initiate a session for bits that's actually going to perform the download so once we're ready to download the content the next component that comes into play is location services so that's going to be when our client sends a request to our management point to determine is this content available on any of our distribution points so here we can see that location services is creating a request to determine whether or not this content is available here alright so then we can see that it's waiting for locations to reply so just keep scrolling down here wait till we see the distribution points that respond back whether there's any available here within this we can also see that the client SDK as well as Software Center client some of these are getting updated so for example this would be changing the state to be in the downloading state once you once were in this phase instead of installing so before we get to installing it was show downloading here because this is where it's actually looking for the content so here we go so back to the cavs log once location services request that we can see that it's going to give us information about whether it found anything right so we can see that it found the distribution points and then that's going to return back to the Cavs log and then we can see that it found the distribution point and this is the first that so zero means the first one found so depending on how your boundaries are set up you could have multiple hits and then it might determine it based on whether there's any in the same subnet or other different priorities that you might have within your boundary groups but what we can see here we did determine that this content that we requested within this boundary that we're on is also in the local subnet here so that would be preferred if you had multiple dps with this and your client was in multiple boundaries for those dps so this will give us the path of where that content is essentially being hosted on our distribution point so that's the actual path that we would be using when we start requesting this download so once we have that location sent back the next thing is going to be the actual downloading of the content so if we run a quick look here that's gonna actually hand off the download to the data transfer service let me see if I can search out and find this really quick all right so here we go so now we can see the data transfer service it's got the URL passed to it from the cache component and now this is going to be what's actually performing the download of the actual content so here we can see that it's starting the download and then we can see data transfer service starting to download all the information about that now one thing note is that we could actually see how this looks from where our clients downloading this so if I come in here and copy this path we could actually open up a web browser here now since I am requiring authentication we will get prompted most likely for a username here there we go and I'm just going to enter my credentials but here we can actually see the MSI being hosted on our DP so this is basically what the day's transfer service would be initiating to actually download the content so once the download is complete what would do is the Cavs log is going to report back where that actually got downloaded so we can see that the download was complete and it also verified the hash file the Cavs component did and then it's also going to tell us where it is in our cache folder so for example if I copy this path and actually look at this folder this is going to contain our MSI file that was in our source for our deployment type so that looks good so now that's in the cache the next thing that we're really interested in it's the actual installation of the MSI file or really whatever depending on your application whatever your installation command would be so we can see a lot of different things going on here so we're notifying things back to Software Center so at that point it would probably be the download complete and then it would update Software Center to show installing at this phase but the component that we're interested in next is going to be the app enforce component let me just do a quick search to see if I can jump here faster so here we go so the app enforce is then going to verify one last time that that deployment type is still needed and then it's going to go ahead and start doing the installation so if I go ahead looks like we have some other logs that kind of kicked in before the next log file here so looking back to the next log for the app enforce we can see that the MSI for that deployment type was not currently installed so now we're going to actually get information about what did we do to actually install this deployment type so if I look at this long line it's going to give us information about the command line whether or not the installation command is allowing the user to interact information about where we're installing it from and then that's going to actually trigger the installation so if we look at the next line here in app enforce we can see that it started the command line to actually perform the installation here so that looks good so while that was installing you know we have some other components just kind of over here reporting different things back but here's the app enforce week see that it is installing I just run a quick search because I know how that's going to exit so here is the last line here in app enforce so we can see that it was executing and then it completed with exit code zero so that means it was successful and then we would report that back so once apon force is done installing it's going to verify that the MSI or the detection method for that deployment type is now compliant so we can see that it discovered that hey this is now installed so once that's done there's gonna be a lot of different components coming into play so the SDK is gonna come into play it's then gonna also start sending different messages back to our sec client so we would see in software Center this would start showing back as installed so there's gonna be quite a bit going on here in the background so that's looking just different reporting in the CI is evaluating and things getting reported back using state messages so things get reported back to our management point that hey this application state is now installed so if we look back in WMI and we look back at our client sdk and our application we can now see that the application is showing as not needed so now that its installed that's going to show us compliant so what I had to do is go ahead and refresh this object so now we can see that if we look at our allowed actions instead of just having install we now have uninstalled as well and now we can see that the install state is now showing installed for this application one item they did want to show you over here is the application policy I meant to pull this up earlier but this should still show is all the data so the deployment types and the application data a lot of the information about the evaluation the requirements of each deployment type is going to be stored in this CCM application policy and then the instance for the application ID here so one interesting thing if we copy the deployment report and let me just bring that over from a different window that I pasted that into this is going to give us all the metadata in the XML about our configuration item or our application so for example we can see this is our application for 7-zip we can see that all the information about the requirements for that so here's our name of the application and we can also see each different deployment type so here's the deployment type for the 32-bit MSI so if I look at that it's going to give us all the requirement options that we created here so all those 32-bit OS is and this is going to be the actual logic that the client is going to be using for evaluating those different compliance roles as well so scrolling down we can also see hey this is the 64-bit MSI and this is going to be the data that the client is going to read from WMI when it's actually evaluating that so all those different CIA agent logs and the things that we're evaluating the background it's going to be pulling the application configuration items and the deployment type data from WMI after the policy gets downloaded and then saved in the WMI so I thought this was a pretty interesting class and property for actually where it stores information that we're evaluating about these all right so I think that's all I had I know this is a pretty complex topic there are a lot of different components and log files that were involved with the way that applications get evaluated and installed on the client side I will include resources within the accompanying blog post so be sure to check that out I try to list everything that was looking at all the relevant components and log files that take place during the application evaluation download and installation I hope this video was helpful and thank you for watching
Info
Channel: Patch My PC
Views: 19,185
Rating: undefined out of 5
Keywords: SCCM Applications, ConfigMgr Applications, ConfigMgr Application Deployments, Application Deployment Deep SCCM, Application Install SCCM, Application Install ConfigMgr
Id: vnlMn_hEHGo
Channel Id: undefined
Length: 30min 40sec (1840 seconds)
Published: Tue Sep 18 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.