[anyweb]

Part 1. Add the Web Server role to Windows Server 2008

This guide assumes that you have first installed Windows Server 2008 and configured it for Active Directory (AD) and setup a working DHCP server. Steps 1 and 2 of this guide will show you how to setup and configure both the AD role and the DHCP role. Once done you can continue below.

If you would like to read the Official Microsoft documentation for setting up IIS with Webdav then please read this


Add the Web Server role (IIS 7) to Windows Server 2008.

Click on Start, choose Server Manager, scroll down to Roles Summary and choose Add roles



at the Before you begin page, click next



in the Server Roles page, click on Web Server IIS



a window will appear notifying you that some required features also need to be installed

click on Add required features



at this point you can now click on Next in the Server roles page...



you'll get an Introduction about Web Server IIS and how it integrates with Windows Server, click next to continue



now we have to select the role services to install for IIS

under Application Development place a checkmark in ASP.NET

an additional window will pop up telling us that the following roles and features are also installed

Quote

Application Development
ISAPI Extensions
ISAPA Filters
.NET Extensibility

Windows Process Activation Service
.NET Environment

click on Add Required Role Services



Click on Next when done

review the confirmation screen and click Install to continue



Once done review the results pane



click Close to exit

The Web Server (IIS) role should now appear in Server Manager Roles Summary.



if you open a web-browser and enter the following address http://localhost you should see the nice IIS 7 welcome screen

[anyweb]

Part 2. Download and install Webdav for IIS 7


Note: If you are using Server 2008 R2 which has Webdav 7.5 then read this post first



An important note from Microsoft:-

Quote

Enabling WebDAV and modifying the requestFiltering section for the Web site increases the attack surface of the computer. Enable WebDAV only when required for management points and BITS-enabled distribution points. If you enable WebDAV on the default Web site, it is enabled for all applications using the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. For more information, see Best Practices for Securing Site Systems.

pick your version below

Microsoft WebDAV Extension for IIS 7.0 (x64)

or

Microsoft WebDAV Extension for IIS 7.0 (x86)



Accept the license agreement and let it install itself



Once we have installed Webdav, we need to Enable WebDAV Publishing Using the IIS Manager.



Enabling WebDAV Publishing Using the IIS Manager.


Startup IIS Manager and in the Connections pane, expand the Sites node in the tree, then click the Default Web Site, then double-click the WebDAV Authoring Rules icon.




Click enable webdav in the Actions pane on the right side



Once you've clicked it it will then say 'Disable webdav' so be sure not to click there again, now we need to click the Add Authoring Rule task in the Actions pane and set your options as below



That's it, you've now enabled WebDAV authoring in IIS 7. We will return to Webdav later in the guide, if you want to do them now then read Step 1 of this post or just continue with the below as we will get to it later anyway.

[anyweb]

Part 3. Verify that you have Authorization and Authentication configured

In IIS Manager, click on Default Web Site in the left pane, and choose the Authentication icon under IIS.



in this example (default install of IIS 7 in Windows Server 2008) we can see the following Authentication types are installed

Anonymous Authentication - Enabled
ASP.NET Impersonation - Disabled
Forms Authentication - Disabled



We want to add Basic Authentication and Windows Authentication to proceed further. To do this Click on Server Manager and scroll down to Roles Summary.



Click on Web Server (IIS) and scroll down to Role Services.



In this example both Basic and Windows Authentication are not installed, so let's install them. click on Add role services in the actions pane to the right.



scroll down to security and put a check mark in Basic and Windows Authentication, click next.



confirm your selections



and click install, once done you'll see a results screen



At this point you can close the IIS server manager, restart the World Wide Web Publishing Service service (W3SVC) and go back into the IIS server manager, when you click on Default Web Site now and the Authentication icon, you should see the two new authentication methods added.



Right click on Windows Authentication and choose Enable (Note: You can use Basic Authentication with WebDAV, but the WebDAV redirector will only use Basic Authentication with SSL connections, so we will not be using it here, I just installed it so that you were aware of it.)





In IIS Manager, click the Default Web Site under the Sites node in the tree, Double-click the Authorization rules icon.



NOTE: if (like me) you do not see the Authorization rules icon (feature) then go back into Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Security, check if URL Authorization is installed, if it is not installed, click on Add role Services in the right pane and install it,







then restart the Internet Information Services (IIS) Manager. The icon (feature) should now appear....



When the Authorization feature opens, make sure that an Allow rule is defined that includes the administrator account. IE: the default rule for IIS allowing access to All Users will include the administrator account.



you can now test logging into your WebDav site using your administrator account by opening a command prompt and typing this

net use * http://localhost/

after a few moments you should see a result like this

Quote

C:\Users\Administrator>net use * http://localhost/
Drive Z: is now connected to http://localhost/.

The command completed successfully.

If you don't see the above, for example if you get a an error like this

Quote

"System error 67 has occurred." The network name cannot be found.

then install the Desktop Experience Feature using the Add Features Wizard) reboot the server and try again. The reason we need the Desktop Experience feature installed in Server 2008 is because it will install the Webclient service which is required for this.


Note: if you now get a new error which states

Quote

System error 1920 has occurred. The file cannot be accessed by the system.

Then you must open up IIS Manager, click on Default Web Site, and go into the WebDav Authoring Rules and add the current user you are attempting to do this as (eg: add user DOMAIN\user). See below screenshot.



Tip: for a list of webdav errors and solutions to resolving them see this page

so now we have mapped drive Z: to the WebDav site, using the administrator account and using the authorization rules we setup above, we have read/write/source acccess to the directory.

[anyweb]

Part 4. Install the IIS 6 Management compatibility

Open Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Management Tools, check if IIS 6 Management Compatibility is installed, if it is not installed, click on Add role Services in the right pane and install it.



click next to confirm the install, and then Install.







Part 5. Install the BITS Server Extensions

Open Server Manager, select Features



click on Add Features, and placed a checkmark in the BITS Server Extensions box



when the 'add role services required for BITS Server Extensions' query comes up, click on Add required role services



click next to proceed



you'll get an IIS introduction, click next



review the new choices it's made for you and click next



confirm the selections it made, and click install



finally you should see BITS installation successful





Part 6. Add ASP (required for ConfigMgr Reporting Point to function)

Open Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Application Development, verify that ASP is installed, if it isn't, install it.




Summary

The following Web Server role services should be installed.

IIS Role Services

Web Server
Common HTTP Features
Static Content
Default Document
Directory Browsing
HTTP Errors
HTTP Redirection

Application Development
ASP.NET
.NET Extensibility
ASP
ISAPI Extensions
ISAPI Filters

Health and Diagnostics
HTTP logging
Logging tools
Request Monitor
Tracing

Security
Basic Authentication
Windows Authentication
URL Authorization
Request Filtering
IP and Domain Restrictions

Performance
Static Content Compression

Management Tools
IIS Management Console
IIS Management Scripts and Tools
Management Service
IIS 6 Management Compatibilty
IIS 6 Metabase Compatibility
IIS 6 WMI Compatibility
IIS 6 Scripting Tools
IIS 6 Management Console

[itismike]

Hi anyweb,

We followed your guide to install and configure SCCM a few months ago. Now we are attempting to build another similar environment, but you've moved on! Is there any place I can look to find the original steps to configure things based on Server 2003 with IIS 6?

[anyweb]

try this link, does it help ?

cheers
anyweb

[itismike]

It does! Thank you for the immediate reply! Are the other steps for the rest of the 2003 SCCM configuration available somewhere or do you just recommend extrapolating the steps from the 2008 guides?

[anyweb]

just use the 2008 guides i have, it should be pretty much the same,. if you run into any problems raise a new post here and we'll deal with it

[itismike]

Still running into problems following the 2008 guides. I remember we created accounts for SMS_SiteSystemToSiteServerConnection_xxx. Was that covered in the 2003 guide but not in the 2008 guide? Isn't it still necessary?

[itismike]

in case anyone stumbles upon this, the answer to my last question is at the top of this page: http://www.windows-n...p?showtopic=489

[TheProfessor]

Hey Brother,

I read you step be step guide to installing sccm on server 2008. After installing the webdav and testing with the "net use * http://localhost" i get a

System error 67 has occured.
The Network name is cannot be found.

I can browse to the localhost perfectly. I just get this when I test. I tried playing with the permissions but still nothing. Please help?

Thank You friend,

Anthony

[anyweb]

is your firewall disabled or enabled ? have you left out any steps at all ?

[TheProfessor]

Yes sir. I verified that the firewall was off and that your steps were followed precisely. I also took a look at the Micrsoft technet articles. Basically the same thing as your instructions. I'm really stuck at this point.

[TheProfessor]

I am running windows server 2008. I could not find this driver in device manager after enabling the show hidden devices. Also in our DC we do not have DFS installed or enabled.

[anyweb]

ok then, is your server an all in one ? ie, is DNS, DHCP and AD all installed on it ?

i need more info...

[TheProfessor]

No. It is a member server in a domain. Our DC is a seperate box running the AD, DNS, DHCP. I even tried looking and following this article for MS http://technet.micro...y/cc431377.aspx to see if any changes would occur. Again same msg. No firewall is enabled, IIS Service works and can connect via web browser and see the nice green welcome screen.

[anyweb]

is iis installed on this server or another one ?

what type of USER are you doing this as ?

can you copy and paste the EXACT commands you are typing and the output here please

cheers

[TheProfessor]

Here is a jpg of my desktop on the server. I am a Domain Administrator.

Cheers

Attached image(s)

• 

[TheProfessor]

Also IIS7.0 is local on the box where SCCM2007 SP1 will reside.

[anyweb]

try this

net use * http://127.0.0.1/

does that work ?