From a608e58fa568d78845b07f8c32a439e405ac330b Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 30 Mar 2017 12:07:24 -0700 Subject: [PATCH 1/5] proxy page --- .../deploy/upgrade-readiness-data-sharing.md | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 windows/deploy/upgrade-readiness-data-sharing.md diff --git a/windows/deploy/upgrade-readiness-data-sharing.md b/windows/deploy/upgrade-readiness-data-sharing.md new file mode 100644 index 0000000000..dad2b5a63b --- /dev/null +++ b/windows/deploy/upgrade-readiness-data-sharing.md @@ -0,0 +1,55 @@ +--- +title: Upgrade Readiness data sharing +description: Connectivity scenarios for data sharing with Upgrade Readiness +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +--- + +# Upgrade Readiness data sharing + +To enable data sharing with the Upgrade Readiness solution, the following endpoints must be accessible: + + +| **Endpoint** | **Function** | +|---------------------------------------------------------|-----------| +| `https://v10.vortex-win.data.microsoft.com/collect/v1`
`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. | +| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. | +| `https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. | + +Whitelist these endpoints on your network. This might require working with your organizations's network security group. + +## Connectivity to the Internet + +There are several different methods your organization can use to connect to the Internet, and these methods can affect how authentication is performed by the deployment script. + +### Direct connection to the Internet + +This scenario is very simple since there is no proxy involved. If you are using a network firewall which is blocking outgoing traffic, please keep in mind that even though we provide DNS names for the endpoints needed to communicate to the Microsoft telemetry backend, We therefore do not recommend to attempt to whitelist endpoints on your firewall based on IP-addresses. + +In order to use the direct connection scenario, set the parameter **ClientProxy=Direct** in **runconfig.bat**. + +### Connection through the WinHTTP proxy + +This is the first and most simple proxy scenario. The WinHTTP stack was designed for use in services and does not support proxy autodetection, PAC scripts or authentication. + +In order to set the WinHTTP proxy system-wide on your computers, you need to +•Use the command netsh winhttp set proxy \:\ +•Set ClientProxy=System in runconfig.bat + +The WinHTTP scenario is most appropriate for customers who use a single proxy or f. If you have more advanced proxy requirements, refer to Scenario 3. + +If you want to learn more about Proxy considerations on Windows, please take a look at this post in the ieinternals blog + +### Logged-in user’s Internet connection + +In order to accommodate complex proxy scenarios, we also support using the currently logged-in user’s internet connection. This scenario supports PAC scripts, proxy autodetection and authentication. Essentially, if the logged in user can reach the Windows Telemetry endpoints, the telemetry client can send data. If runconfig.bat runs while no user is logged in, telemetry events get written into a buffer which gets flushed when a user logs in. + +In order to enable this scenario, you need: +- A current quality update Rollup for Windows 7, 8.1 or Windows 10 Version 1511. Updates shipped after October 2016 have the needed code +- Set the reg key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\DisableEnterpriseAuthProxy to 0. If the value does not exist, create a new DWORD, name it DisableEnterpriseAuthProxy and set the value to 0. The deployment script will check this is configured correctly. +- Set ClientProxy=User in bat. + + From 25a2b1e67f51713047b14511d41bf623531f0b2e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 18 Apr 2017 13:13:18 -0700 Subject: [PATCH 2/5] added to table --- .../upgrade-readiness-deployment-script.md | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/windows/deploy/upgrade-readiness-deployment-script.md b/windows/deploy/upgrade-readiness-deployment-script.md index f8d311cd6b..43870037ce 100644 --- a/windows/deploy/upgrade-readiness-deployment-script.md +++ b/windows/deploy/upgrade-readiness-deployment-script.md @@ -264,6 +264,26 @@ or
**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersio Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception. Check the logs for the exception message and HResult. +44 +Function **Diagtrack.dll** version is old and so Auth Proxy will not work. +Update the computer using Windows Update or WSUS. + +45 +**Diagtrack.dll** not found. +Update the computer using Windows Update or WSUS. + +46 +**DisableEnterpriseAuthProxy** property should be set to 1 for ClientProxy=Telemetry to work. +The ClientProxy=Telemetry scenario requires the **DisableEnterpriseAuthProxy** registry key to be set to 1 at registry path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**. + +47 +**TelemetryProxyServer** property is not present in the Windows registry at **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**. +ClientProxy selected is Telemetry. The **TelemetryProxyServer** key is not present at Windows registry path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**. + +48 +The **CommercialID** referenced in RunConfig.bat must be a GUID. +The **CommercialID** that is entered in RunConfig.bat must be a GUID. Copy the commercial ID from your workspace. To find the commercialID on the OMS portal, view Upgrade Readiness > Settings. You will find the commercial ID on the settings page. +
From 9e5db828bc0bd8469095b42e6a1867f34c70aacc Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 18 Apr 2017 13:54:38 -0700 Subject: [PATCH 3/5] new connection table added --- windows/deploy/upgrade-readiness-get-started.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/windows/deploy/upgrade-readiness-get-started.md b/windows/deploy/upgrade-readiness-get-started.md index 7cb98c4cf2..58111403a5 100644 --- a/windows/deploy/upgrade-readiness-get-started.md +++ b/windows/deploy/upgrade-readiness-get-started.md @@ -79,14 +79,23 @@ For Upgrade Readiness to receive and display upgrade readiness data from Microso To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this. -Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) to learn what you need to do to run it under the logged on user account. - | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| | `https://v10.vortex-win.data.microsoft.com/collect/v1`
`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. | | `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. | | `https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. | +Note: The compatibility update KB runs under the computer’s system account. + +### Connection settings + +The settings that are used to enable client computers to connect to Windows Telemetry depend on the type of connection scenario you use. These scenarios are discussed in [this blog post](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) and are summarized below. + +| **Connection scenario** | **ClientProxy setting** | **Local computer configuration** | +|---------------------------------------------------------|-----------|-----------| +| Direct connection to the Internet (no proxy) | Set **ClientProxy=Direct** in **runconfig.bat** | No other configuration necessary | +| WinHTTP proxy | Set **ClientProxy=System** in **runconfig.bat** | Specify `netsh winhttp set proxy :` on client computers | +| Other proxy | Set **ClientProxy=User** in **runconfig.bat** | Configure the Windows Registry value **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\DisableEnterpriseAuthProxy** to 0 on client computers | ## Deploy the compatibility update and related KBs From 2dc04c2aed788be269a5ff5254ee7bca28e55314 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 18 Apr 2017 14:05:34 -0700 Subject: [PATCH 4/5] edited table slightly --- windows/deploy/upgrade-readiness-get-started.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deploy/upgrade-readiness-get-started.md b/windows/deploy/upgrade-readiness-get-started.md index 58111403a5..d9c9b0ca14 100644 --- a/windows/deploy/upgrade-readiness-get-started.md +++ b/windows/deploy/upgrade-readiness-get-started.md @@ -91,11 +91,11 @@ Note: The compatibility update KB runs under the computer’s system account. The settings that are used to enable client computers to connect to Windows Telemetry depend on the type of connection scenario you use. These scenarios are discussed in [this blog post](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) and are summarized below. -| **Connection scenario** | **ClientProxy setting** | **Local computer configuration** | +| **Connection scenario** | **ClientProxy setting**
in **runconfig.bat** | **Local computer configuration** | |---------------------------------------------------------|-----------|-----------| -| Direct connection to the Internet (no proxy) | Set **ClientProxy=Direct** in **runconfig.bat** | No other configuration necessary | -| WinHTTP proxy | Set **ClientProxy=System** in **runconfig.bat** | Specify `netsh winhttp set proxy :` on client computers | -| Other proxy | Set **ClientProxy=User** in **runconfig.bat** | Configure the Windows Registry value **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\DisableEnterpriseAuthProxy** to 0 on client computers | +| Direct connection to the Internet (no proxy) | **ClientProxy=Direct** | No additional configuration necessary | +| WinHTTP proxy | **ClientProxy=System** | Specify `netsh winhttp set proxy :` on client computers | +| Other proxy | **ClientProxy=User** | Configure the Windows Registry value: **HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection\DisableEnterpriseAuthProxy** to 0 on client computers | ## Deploy the compatibility update and related KBs From 8f42c079194cbe9c3485652fbce47030882529ca Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 18 Apr 2017 14:25:04 -0700 Subject: [PATCH 5/5] reg key --- windows/deploy/upgrade-readiness-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deploy/upgrade-readiness-get-started.md b/windows/deploy/upgrade-readiness-get-started.md index d9c9b0ca14..f8dbb049ab 100644 --- a/windows/deploy/upgrade-readiness-get-started.md +++ b/windows/deploy/upgrade-readiness-get-started.md @@ -95,7 +95,7 @@ The settings that are used to enable client computers to connect to Windows Tele |---------------------------------------------------------|-----------|-----------| | Direct connection to the Internet (no proxy) | **ClientProxy=Direct** | No additional configuration necessary | | WinHTTP proxy | **ClientProxy=System** | Specify `netsh winhttp set proxy :` on client computers | -| Other proxy | **ClientProxy=User** | Configure the Windows Registry value: **HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection\DisableEnterpriseAuthProxy** to 0 on client computers | +| Other proxy | **ClientProxy=User** | Configure the Windows Registry value:

**HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection\DisableEnterpriseAuthProxy**

to 0 on client computers | ## Deploy the compatibility update and related KBs