The torture of installing System Center Essentials 2010
Last week I decided to add System Center Essentials (SCE) to my network, having decided a little while ago that the full System Center Configuration Manager and its associated sister products were slightly overkill for my network. This opinion was not helped by the fact that a 3-day attempt to get System Center Configuration Manager 2007 installed a few years ago resulted in nothing more than a near mental breakdown and 3 days of my life wasted that I will never get back. So, SCE seemed like it might be a less stressful choice.
Like hell it was.
Little did I know that within minutes, trying to install this on my WSUS server (since SCE cannot be on a different server from WSUS) would fail dismally when it tried to move the WSUS database from the Windows Internal Database system to a proper SQL Server instance:
13:10:36:CreateShareForBackup: Failed to create the share for the WSUS backup.: Threw Exception.Type: Microsoft.SystemCenter.Essentials.Configuration.Common.EssentialsShareException, Exception Error Code: 0x80131500, Exception.Message: Failed to create the share.
13:10:37:StackTrace: at Microsoft.SystemCenter.Essentials.Configuration.Common.ReadOnlyTemporaryShare..ctor(String shareName) at Microsoft.SystemCenter.Essentials.SetupFramework.HelperClasses.MoveUpdateServicesDatabase.CreateShareForBackup.Execute(MoveUpdateServicesDatabaseItem item)
13:10:37:SystemCenterEssentialsPreinstallProcessor: SUSDB move failed.
13:10:37:ProcessInstalls: Running the PreprocessDelegate for SCE failed.... This is a fatal item. Setting rollback.
That log snippet very quickly led me to a post titled “Upgrade from WSUS to SCE 2010 fails, Cannot move WSUS DB“. The process by which the author arrived at this error was slightly different, but the resolution was the same. Despite that last line talking about a rollback, the installer doesn’t completely undo all of the actions it’s performed up to this point. If you want to try again, you have to remove the sceWsusBackupShare yourself. In fact, there is so much that doesn’t get rolled back that the developers added a tool to the System Center Essentials 2010 Resource Kit called Essentials Server Cleanup Tool, which apparently does the job that the hopelessly installer always should have.
Of course, doing this is no guarantee the damned thing will then work the second time around. My install failed again almost immediately, again while trying to move the WSUS database onto an SQL Server instance. This time the logs only spoke cryptically of a server timeout.
“Sod this for a game of soldiers,” I thought. I knew how to perform this migration myself, having several times consulted the TechNet documentation on Migrating from Windows Internal Database to SQL Server. I tried the procedure, only to be denied because something was locking the database open. Suspecting that once again the SCE installer had not relinquished its vice-like grip on the system. I rebooted, and was met with success the second time around.
Once done, the SCE installer continued unabated, and everything ran smoothly.
Well, apart from this about 20 minutes later:
- Exchange 2010 MP Reports – fail on not properly designed OpsMgr installation
- Failed to store data in the Data Warehouse. Cannot resolve the collation conflict between “SQL_Latin1_General_CP1_CI_AS” and “Latin1_General_CI_AS” in the equal to operation
I suppose I should count myself lucky that I spotted this early and was still at a point where a reinstall was even remotely palatable. However, it didn’t help dismiss my consistent opinion that most of System Center is too damned complicated for its own good – especially when all I really wanted from it is the ability to be able to deploy .exe files, since the Microsoft Office team decided they were too good for GPO deployment ever since 2007…
11 responses to “The torture of installing System Center Essentials 2010”
Copyright
"The Angry Technician" by angrytechnician.wordpress.com is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.0 UK: England & Wales License.
Please read my submission policy.
The Angry Technician 
I installed System Center Operations Manager 2007 about 2 years ago on our internal network. Since then, i’ve conquered the basics of it and it’s much better than the Nagios setup i’ve used previously. I’ve upgraded it to R2 in the meantime and i’m still happy with it. Even deployed it at two of our larger customers, with success.
With the release of SCVMM 2008 R2, i’ve implemented that too, to manage our growing Hyper-V Clusters (yeah, we’ve got more than one – one for my production stuff and one for our developers to test out stuff). Compared to SCOM, SCVMM was a breeze to install and use. And even our developers got the hang of it quickly – and these are people that absolutely detest anything todo with system administration.
Most of customers are using OEM operating systems and OEM licenses, making software deployment and images not an option for deployment, so i’ve never looked at SCCM – until i’ve learned that Forefront Endpoint Protection (MSE for Businesses) would require SCCM (if you want to manage it).
Now, i’ve spent all the free (work) time i’ve head on SCCM, i got all the basics working, but it’s horribly cumbersome. I don’t want to integrate it with our WSUS, because WSUS actually works – SCCMs idea of managing Windows Updates just sucks.
SCE looks nice from what i’ve read about it, but i’m quite happy with SCOM/SCVMM, i’m not sure that i want to drop those for a stripped down counterpart. I guess i’ll book myself for an SCCM course, in the hope that someone else can help me get my head around it.
Oh dear GOD.
I had no idea until now that Forefront Endpoint Protection would require Configuration Manager.
Well, Microsoft just lost a customer for Forefront. There’s no way I’m struggling through a Configuration Manager install again for fewer than 150 clients. It’s just not worth it.
I feel your pain AT. We use SCCM 2007 R2 for image and software deployment.
OSD works an absolute treat, as does the software deployment side – we can advertise a rebuild of an entire IT suite overnight, go home and in the morning it’s been reimaged. Without so much as a finger lifted at the workstation.
However, the downside to this is that it was a complete git to set up. I wasted many hours – no, sorry, days – screaming at it because of various certificate issues (which, to be fair, weren’t all down to SCCM). Now it’s in and done and I am reaping the benefits, I ask myself if I would do it all again.
And the answer is yes. Without hesitation.
But during that week when I was setting it all up, I was happily wishing a pox on whoever at Microsoft had had the bright idea to take SMS and complicate it horribly….
And I’m currently fighting with SCCM 2007 and certificates trying to get it installed. I think it’s quite telling when every person I’ve talked to that’s tried to install SCCM has had problems. And I’m not talking little problems, I’m talking tear your hair out and after the third complete reinstall get the thing to work problems.
It’s a shame it’s such a powerful tool. I really do wish they’d work on the install and setup to make it just that little bit more straightforward!
Balls, I was going to install this next week, as a “something to do” job. I probably won’t now!
Forefront Endpoint 2010 works just fine as a standalone. The documentation all claims you need the management parts which you don’t. Tried setting up SCE 2010 today and I have to agree it’s a load of c***. I’m just glad I deleted it before it ate my network.
It’s worth the work to get this all working! Just do it!
You know what? It really wasn’t.
SCCM, SCSM and SCOM were installed and tested (all products equally painful — none went through smoothly without issues) and after playing around them promptly UNINSTALLED. They are absolutely overkill unless you have more than 1000 computers to manage AND a dedicated team that handles the software/monitoring. Otherwise, these products are nothing but a time-sink.
Alternatives for a simple-installation and 10 minutes up-and-running system:
Dell’s Kace
ManageEngine’s OpsManager
even Spiceworks + WSUS are better alternatives
PRTG kicks System Centers ass. One server does it all, very well. Low overhead. No MS bloated servers just to monitor servers, very ironic.
I found this after Googling ‘SCCM 2012 is rubbish’. Admittedly, I’m in the middle of a number of exceedingly frustrating issues, but I took the time to take a step back the other day, and it occurred to me that SCCM really is a pile of steaming manure.
I don’t say this lightly. I am what many would consider to be an ‘expert’ in System Center, and I’ve designed and rolled out SCCM to many of my customers. It seemed like the simplest/cheapest way of achieving something, and appeared to be an accepted standard.
I’ve dealt with SCCM since SMS 1.0, and I certainly know my way around it – know all the different log files backwards, and can sort most problems out fairly quickly.
However, I find myself being contacted almost constantly by people having trouble with this product, and I don’t always have an answer for them these days. Both of these points trouble me greatly.
If so many people consistently have so many issues setting it up, there must be something wrong. If I, who has seen this product go from a relatively simple software management tool to the monstrosity it is now, cannot always resolve these issues without resorting to low level tools like Wireshark, Filemon, Netmon, etc. then there also must be something very wrong.
It seems the product is almost designed to shroud you from its inner workings, yet the inner workings are so unreliable in most situations (due to the sheer complexity of it all) that you absolutely have to know what’s going on to troubleshoot it. You, as a SCCM 2012 guy need to know what it’s doing and how it works.
In the process of ‘improving’ the Distribution Point situation, they’ve overcomplicated it to the point that it no longer works particularly well, and means that there’s no way to manually work around the problems.
So, when I find that even though SCCM tells me the content on a particular DP is all there, I actually find that it’s still processing in the background, and need to open up the distmgr.log to see what’s going on. Then trace back through various other logs!
I do understand that they’ve looked at ways to improve the performance of the product over poor bandwidth, but I don’t see this as much of an improvement. Any customers I’ve ever had with many sites and poor links tend to turn all of this off anyway, as it causes more problems than it solves in the end. They get people to ‘visit HQ’ more often!
I think what they need to concentrate on is ensuring that the delivery mechanism is simple and robust, that you know what’s going on with any particular client/server at any one time and that if there’s an issue, the architecture is open and transparent enough that you can easily jump on the issue and fix it.
Microsoft have done the opposite on all counts. Very, very poor show.