Enabling Email approvals for your requested applications in Configuration Manager 2012

By default application approvals must be done from within the ConfigMgr 2012 administrator console. If you have Service Manager 2012 you can use that to implement an approval process.

For those of you who do not (yet) have Service Manager here is a tool that you can use. The solution consists of a Website and a Web Service. None of them have to be installed on the same server. Also there is no requirement to install any the components on the site server.

Download our beta 0.9.8 version here

How it works

The Coretech Application Approval Server (CAAS) is installed on the Site server and will monitor any approval requests made by users.

  1. A request is made by the end user from the software web catalog 

    imageimage

  2. CAAS will monitor the request, look up the user in Active Directory and find the manager. In this example I’m my own manager.
  3. Send an approval mail to the manager.

    image
  4. The manager approves or rejects the request.
  5. Request rejected by the manager

    image
  6. Application approved by the manager and ready for installation.

    imageimage

Installing the Website

    1. Start the installation and click Next. 

      clip_image002

    2. Enter the FQDN, the Site Code and click Next.

      clip_image004
    3. Set a checkmark in the allowed actions and Click Next.clip_image006

      Allow Action by Id:
      Allows managers to deny/approve requests that match an Id
      http://fqdn/CAAWebsite?id=GUID
      Required to work the the Coretech AA Service
      Allow Action by User: Allows managers to deny/approve requests that match an User
      http://fqdn/CAAWebsite?user=domain\username

      Allow Action by Application:
      Allows managers to deny/approve requests that match an User
      http://fqdn/CAAWebsite?application=ApplicationName

      Allow Wildcard:
      Allows managers to deny/approve requests that match on wildcard
      http://fqdn/CAAWebsite?id=C75%
      http://fqdn/CAAWebsite?user=domain\userna%
      http://fqdn/CAAWebsite?application=ApplicationNa%

    4. Select a Site to place the Virtual Directory.

Give the Virtual Directory a name (Default: CAAWebsite).

Choose an Application Pool that runs ASP.Net v4 in Integrated mode.

Click Next.

clip_image008

  1. Click Next to start the installation.clip_image010
  2. Installation Complete, click Close.clip_image012

Installing the web Service

  1. Start the Installation and click Next.

    image
  2. Enter the FQDN of the Site Server and the the Site Code.
    Enter the FQDN of the Web Server that holds the Coretech AA Website.
    Enter the Virtual Path of the Coretech AA Website (Default: CAAWebsite).
    image
  3. Enter the FQDN of the mail server to use, the port to use on the mail server and the mail address to send as.image
  4. Enter the folder to install the Service, or keep the default.image
  5. Click Next to start the installation.image
  6. Installation is complete, click Closeimage

A huge tribute goes to Claus Codam who is the main developer behind the tool


Comments (47):

  1. [...] Enabling Email approvals for your requested applications in Configuration Manager 2012 [...]

  2. John Andre says:

    Thanks, but i am having some issues with the installer. The webservice installer throws an 1001 event cannot find service. And it rolls back the installation. programfiles(x86)\Coretech\Coretech Application Approval Service\ only contain the file : CM_AppReqListen.InstallState

    Seen this before?

    • Martin Cayer says:

      I have the same problem in my lab.

      Error 1001 An exception error occurred during the commit phase of the installation.

      Any help would greatly be appreciated.

  3. Jan Christiansen says:

    I’m experiencing the same problem, the website installs fine, but the service install fails.

    Would it be possible to make a user/password field for log on to the mailserver ?

  4. Rob says:

    Error 1001 An exception error occurred during the commit phase of the installation.

  5. Stan says:

    thank you
    a very useful thing
    been very different if it were possible to specify the email recipients are statically

  6. There are some great websites out there but Google isn’t the best at finding them. Try finding a relevant directory, they will often list a few lesser known websites

  7. Mark says:

    I have the same 1001 error while trying to setup the Application Approval service, rerunning the install won’t fix the failed install. Is any development work being done to the beta 0.9 version and will a fixed version be published?
    thanks

  8. Henrik says:

    I also got an error during installation.
    “Error 1001. An exception occurred during the Commit phase of installation. …”
    The Service was created but isn´t running. Did you have any solution for this? I would nicely use your tool. So please give us any hints!
    Thanks

  9. shadster says:

    any way to have replace the “manager” lookup in AD with a static recipient? like an ITPurchasing dept for example or the group responsible for maintaining and managing licenses keys as the “approver”?

    • Claus Codam Claus Codam says:

      Hi Shadster,

      There is a new release coming up, which is due to release within the month.
      This will have a “fallback” e-mail address, which will either be used when no manager is found for the user, or if specified in the config, always be used.

      Would that be sufficient in your case?
      If not, then please let us know what you need specifically, and we will make sure to implement it in an upcoming release.

      Thanks.

  10. Johan says:

    Claus, any word when the “new” version will be available..?

  11. Johan says:

    Any news regarding the new version?

  12. Mihir says:

    The webservice installer throws an 1001 event cannot find service.

  13. Thanks says:

    Hey,

    There is any beta for the new version (that i will supply one email address..?)

    Thanks

  14. Jason says:

    Is there a new version that does not throw the 1001 error?

  15. Mithun Vinod says:

    Hi Kent,
    I’m working on a similar setup, where-in I am trying to integrate ServiceNow with System Center 2012 Config Mgr SP1 for ticket work-flow + approvals and eventually deployment of software to user/device. Could you provide some guidance on how ServiceNow webservice could integrate with CM12 (web-service or APIs)?

  16. 1001 error says:

    1001 error
    service Coretech SCCM Application Request Listener stoped

  17. Magnus says:

    Hi….im getting this when I browse the website…
    Unable to Retrieve Manager of User. Index was out of range. Must be non-negative and less than the size of the collection.
    Any ideas?

    • Henrik says:

      Yes, you have to setup a Manager in properties of the user under organization.

      • Sebastien P says:

        Hi Henrik,

        I’ve the same message even with a manager defined under Organization. Do you have further idea ?

        Thanks and Regards,
        SeB

        • Sven says:

          Hi,

          we are facing a allmost simular problem. The message is Unable to Retrive Manager of User. An operations error occured.

          Is there any clue where the root of the problem is.

          Thank you and Regards
          Sven

  18. Mark says:

    Hello, mail arrives at administrator configuration manager? or the head do not understand. if Configuration Manager administrator happens when there are more than one

  19. Mike Stewart says:

    I have having an issue with the webpage. Page not found. Any ideas? Email part works great but when I click Approve, Deny, Details, or pending request they all fail w/ Webpage not found

  20. Erik Smith says:

    After clicking the links to Approve or Deny requests in the email message, the Application Approval page displays “No such Id”. When clicking Details or Pending Requests, no data is display although it can be seen in the SCCM console. Any suggestions to resolve these issues?

  21. Nickolaj says:

    Hey, cool tool!

    I’m trying to install the website on a Windows Server 2012, but the installations fails just seconds after starting with “The installer was interrupted before the …”.

    Looking in the log file there’s only a “nice” msi error 1603 with no usefull information.

    Any ideas?

    Thanks in advance.

    Regards,
    Nickolaj

  22. Matt Benson says:

    Great tool! Thanks for your efforts. I am wondering if it would be possible for this to work with a flat file or database of manager information as opposed to an LDAP query of AD? Unfortunately AD is not the authoritative source for this information in my environment.

    Regards,
    Matt

  23. Mason says:

    How do I setup the “fallback email”? In may case I’d prefer all approval requests to go to our helpdesk. I’ve installed the latest release but I’m not seeing any configuration options.

  24. Jon says:

    Hi, will there ever be a version 1.0?

  25. serj says:

    Hello, I`ve got problem with your tool on Windows 2012, in a test lab deployment. I installed a website, with a AppPool Net4.5 but something is wrong. It works only over http and opens with an error “Unable to Retrieve Manager of User. Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: indexDC…” + some wrong elements in a layout. I suppose there is some permissions or config problem. Can you help me with a fix?

  26. Dave says:

    I too am wondering if there will be a production version, and if there is any time line to do so?

  27. MVaj says:

    Hi,

    I’m having some issues with your soft. All installing fine and i’m receiving the email notification when app request. Unluckily, when i’m trying to approve or deny, i got the error :

    Approvalhandle Exception
    Denyhandle Exception

    Any ideas ?

  28. Manuel says:

    Hi,

    I am using your tool for test proposes and it rocks. The only thing which I don’t like is that the email is send to the manager. Is there any possibility to send this email to a group defined in AD ???

  29. IT says:

    can we have the version with specific email not the manager

  30. LoKkY says:

    Hi,there any way to put email instead of manager?. Our managers are department heads and they know nothing of IT.

    Thx for all!!!!

  31. Russo says:

    For those getting the error “Unable to Retrieve Manager of User”, make sure the user account has a manager; and also and this is the error I experienced I had a manager assigned and still had the error.

    I changed my application pool to “ASP.NET v4.0 DefaultAppPool” and if fixed it. In the website config as well under Authentication ensure Windows Authentication is enabled, In providers make sure NTLM is on the top and in advanced settings turn extended protection off and enable Kernel-mode authentication.

  32. Dave says:

    Thank you so much. Having a bit of a problem. From the server where the website is hosted, I can access the website and see ALL requests. When I try the same thing from my workstation I get and error “Handle Exception. Error:Access is denied. (Exception from HRESULT: 0×80070005 (E_ACCESSDENIED))”

    If I try to access a specific request from eith the server or my workstation, I get the same error.
    The email and approval process worked ok when I was on the website server and approved/denyed requests.

Leave a Reply

(required)