Saturday 27 August 2016

ConfigMgr Current Branch - native integration with Windows Store for Business

System Center Configuration Manager landing page

The eagerly awaited 1606 version of ConfigMgr Current Branch was recently released. As we have come to expect from the ConfigMgr team this version is full of enhancements and new features. There are changes in the following areas and you can find full details on TechNet
  • Updates and servicing
  • Accessibility
  • Administration
  • On premises Mobile Device Management
  • Application Management
  • Software Updates
  • Operating System Deployment
  • Compliance Settings
  • Device Configuration and Protection
  • Remote Control
I really like the subtle change in the Updates and Servicing node. The clutter of previous versions has been removed.


Only the latest version (and hotfix) is now listed.


Click on the History button on the ribbon to see the previous versions.

My two favourite features of this version continue the trend of "cloud integration".
  • Sync data from Configuration Manager to the Microsoft Operations Management Suite
  • Windows Store for Business integration
In this blog I'll concentrate on the WSfb integration. In a previous blog I described the WSfB and explained how to set up a store account so I won't repeat that here. Follow the steps below to integrate WSfB with ConfigMgr. At the end of the blog I list the issues encountered by me and some colleagues in configuring the solution.

Turn on Windows Store for Business integration

WSfB integration is a pre-release feature (even though it doesn't say so in the ConfigMgr console). You must first give you consent to use pre-release features.

Navigate to Administration > Site Configuration > Sites. Select your site and choose Hierarchy Settings in the ribbon above.


Tick the box Consent to use Pre-Release features.


Navigate to Administration > Cloud Services > Updates and Servicing > Features. Right click Windows Store for Business Integration and select Turn on.


Accept the warning to turn on the feature. Close and re-open the Configuration Manager console. The Windows Store for Business node is now available under Cloud Services.

Register ConfigMgr as a management tool in WSfB

For this step we are going to need access to the Azure and WSfB portals for the tenant.

Open the Azure Portal. Select your Azure Active Directory and click Applications > Add


Select Add an application my organization is developing.


Choose a suitable name for the application and select Web application and/or Web API. Click the arrow to continue.


Enter a URL for the Sign-on URL and App ID URI. The URL needs to be the same for both but doesn't have to exist. Click on the tick to complete the wizard.


The app has been added. Click on Configure from the menu at the top.


Note the Client ID (copy it as we'll need it later).


Under Keys select a duration and then click Save. This will create a new client key. You will only be able to copy the client key while on this page so don't navigate away until you have completely finished the process.

Copy the client key. We'll need it later.

Now log into the WSfB to add Configuration Manager as the store management tool. Select Settings > Management tools.


Click Add a management tool.


Search for the application you just created in AAD and click Add.


Activate the management tool (I missed this step first time round - see "Issues encountered" below).


Only one management tool can be active at a time.


If you are going to use offline-licensed apps navigate to the Manage > Account Information page.



Select Show offline licensed apps.

Add WSfB store account in Configuration Manager console.

Navigate to Administration > Cloud Services > Windows Store for Business.


Right click and choose Add Windows Store for Business account.


Read the instructions and verify that you have already carried out the steps.


Enter your tenant name. Enter the Client ID and Client key that you copied earlier. Click Verify. This verifies that the Client ID and Key are correct. It doesn't check that you have correctly added a management tool.

Add a location to store the content.


Select Application Catalog languages.


WSfB integration has been configured.


First sync has succeeded.


See WsfbSyncWorker.log file for progress.


Apps are available in Software Library > Application Management > License Information for Store Apps.

Application content has been downloaded.

Create application.

Create a ConfigMgr application as normal. Right click an app in Software Library > Application Management > License Information for Store Apps.


Select Create Application.


Review the information and click Next.


Application information was imported from the appx package.


Enter a suitable name and details.


The application has been created.


See the application and deployment types. The app can now be distributed and deployed as normal.

Issues encountered.

I just wanted to share some issues encountered by me and some of my colleagues while configuring the solution.

1. Unauthorized - this one happened to me.


The first sync failed and the error below appeared in the WsfbSyncWorker.log file.

Error occured making http request calling 'GET' method on 'https://bspmts.mp.microsoft.com/V1/Inventory?maxResults=1000&modifiedSince=0001-01-01T00:00:00.0000000': (Unauthorized) 'Unauthorized'.

This was caused by the fact that I had added my app as a management tool for WSfB but I had missed the step the activate the tool. This meant that ConfigMgr was not authorized as a client to manage the WSfB. Once I activated the app and restarted the SMS_CloudConnection component the sync started and I could see the apps downloading to the content share (and could see them in the Software Library).

2. Proxy authentication

The error below appeared in the WsfbSyncWorker.log file.

                          ErrorCode: unknown_error
                          StatusCode: 407
[24, PID:9024][08/22/2016 14:20:04] :Failed authenticate with the Windows Store for Business.

The correct proxy credentials had been configured and the Software Update Point on the same server was able to authenticate.

Proxy support for WSfB has not yet been implemented. It is planned for a future release. As a workaround, set the proxy in the system level IE proxy settings on the server where the SCP is installed.

3. Delete and re-create the WSfB account

You've made a mistake and you want to start again. Try it. You can't remove the WSfB account in the console. This has not yet been exposed but you can get out of trouble using WMI.

I believe my colleague will be posting a blog post shortly on how to do this so I don't want to interfere with that.

I hope this information in this blog post will be of use to you.

Until next time..... 

No comments:

Post a Comment