Ok, back at my last article here: http://cmxp.blogspot.sg/2015/04/log-file-investigation-part-1.html
I mentioned that there is 57 log files just in a client
folder alone. But when I ran through my lab this morning I realise it was, it
was a test for you guys to spot my mistake, but obviously I fail this test
myself as well :P
My bad, well, this is more painful than I thought, 74 log
files. So which log file to begin with?
 |
|
|
The above picture flash into mind, whenever we need to start
a trace software distribution. I think it
would be easier if we know the flow. Take note my workflow could be easily
improvise, you may have your own flow, but this is something I have used most
of the time, and it works well for me.
It will be definitely very time
consuming, if you do not know which log file to trace and look at.
In the second part of the investigation series, I will
explore Application and Package deployment log files, if I have the time I will
explore Software Updates (Security Updates) as well. Today I will put emphasis
on Application deployment.
There will be always be an argument on using packages vs
applications. The argument itself is already worthy for a page of blog. Maybe I
find some time to sit down and set out the differences. Meanwhile SCCM Team
Blog has written a nice article between the differences of two features back in
2012: http://blogs.technet.com/b/configmgrteam/archive/2012/03/31/introducing-the-application-catalog-and-software-center-in-system-center-2012-configuration-manager.aspx
Right let us start with the action shall we? In my lab I
have deployed 7-Zip as application.
You could do a right click on the header in the deployment
tab, turn on Deployment and Package ID. Trust me it will be very useful in
tracing your stuff when you investigate your log file later.
Next we go to our client machine to check the deployment
flow and status. For those who don’t know the path of the client log files:
C:\Windows\CMM\Logs
Next we zoom in two log files:
- AppDiscovery: Records details about the discovery or detection of applications on client computers.
- AppEnforce: Records details about enforcement actions (install and uninstall) taken for applications on the client.
Description of the log files are taken from: https://technet.microsoft.com/en-sg/library/hh427342.aspx#BKMK_AppManageLog
First, AppDiscovery log will allow you to see that the
application that deployed. What it will do is that it will detect the version for
the target machine. If the target machine has the product, it will proceed to
uninstall it and install with the current version.
Next, AppEnforce log will let you see where is your file
placed in the ccmcache folder, and how it execute the installation command.
(msiexec.exe command and parameter) and the exit code for the program
installation is recorded in here. Remember, exitcode: 0 will be your most
pleasing code.
Have fun investigating! :)
SY
No comments:
Post a Comment