Jump to content


anyweb

how can I configure SCCM 2007 in Windows Server 2008 - Part 2

Recommended Posts

This guide assumes you have installed SCCM 2007 SP1 and then configured it as outlined here in Part 1.

 

Note: if you are using Server 2008 R2 and need to configure WebDav as below then please read this post first.

 

Step 1. We need to configure the Distribution Point (DP) and the Management Point (MP).

 

Technet: How to Configure the Default Management Point for a Site

 

 

 

Open up the SCCM Configuration Manager Console, and highlight the SCCM server listed under site systems, in the right pane we'll see the role's we've already installed.

 

configuration_manager_console.jpg

 

then double click on ConfigMgr distribution point and place a checkmark in Allow clients to transfer content from this distribution point using BITS,...

 

allow_dp.jpg

 

Once done, click ok and Double click on Configmgr Management Point to bring up its' properties. If you are planning on managing mobile devices (phones) put a checkmark in Allow devices to use this management point and click Apply, otherwise don't (it allows anonymous access so Mobile Devices can talk to the Management Point).

 

post-1-1219829477.jpg

 

At this point I checked my SCCM status (click System Status in the left pane, expand it, and choose Site Status, then your SCCM site code, then Component Status), this revealed there were problems with my Management Point which were preventing it from starting.

 

mp_status_errors.jpg

 

right-click on the Critical error, and choose Show Messages, All.

 

show_all.jpg

 

hidden inside one of the two re-occuring errors was this (you have to scroll in the error window to read it)

 

SMS Site Component Manager faild to install component SMS_MP_CONTROL_MANAGER on server WIN-2SDX7MZCDA7.

 

The WebDAV server extension is either not installed or not configured properly.

Solution: Make sure WebDAV is installed and enabled. Make sure there is an authoring rule that allow "All users" read access to "All content". Make sure the WebDAV settings "Allow anonymous property queries" and "Allow property queries with infinite depth" are set to "true" and "Allow Custom Properties" is set to false.

 

error_details.jpg

 

well, i know that Webdav is installed, but perhaps a slight configuration change is needed, so let's start up Server Manager and click on roles then select Web Server IIS and then Internet Information Services (IIS) Manager, then select your website listed under Sites (probably called Default Web Site unless you changed it). In the right side select WebDav Authoring Rules

 

webdav_rules.jpg

 

Double click on WebDav authoring rules and you should see the rule you originally setup, click on Webdav Settings in the right pane.

 

edit_rules.jpg

 

so according to the error message above we need to verify the following:-

 

Solution:

Make sure WebDAV is installed and enabled. [it is]

Make sure there is an authoring rule that allow "All users" read access to "All content". [this rule is not setup yet]

Make sure the WebDAV settings "Allow anonymous property queries" and "Allow property queries with infinite depth" are set to "true" [they are currently set to false] and "Allow Custom Properties" is set to false.[it's set to true]

 

 

Ok, let's fix these WebDav problems

 

Note: if you are using Server 2008 R2 and need to configure WebDav as below then please read this post first.

 

Lets start with adding a new authoring rule. In WebDav settings, click on WebDav Authoring rules in the right pane

 

 

 

webdav_settings_change.jpg

 

Next click on Add authoring rule under actions and make the changes as per below screenshot, click ok when done and you'll see your new authoring rule listed in Webdav.

 

add_authoring_rule.jpg

 

rule_added.jpg

 

Click on WebDav Settings now

 

make the changes above ("Allow anonymous property queries" and "Allow property queries with infinite depth" are set to "true", and "Allow Custom Properties" is set to false.)

 

Click Apply in the actions pane.

 

true.jpg

 

lastly you should change the WebDav Behaviour for Allow hidden files to be listed from False to True if this is going to be a Distribution Point using BITS (it is).

 

hidden.JPG

 

 

 

Note: if you are trying to Configure WebDav in Server 2008 R2 then please read this post.

 

 

 

Ok back in SCCM Configuration Manager console, under site status, right click on your SITE and choose Reset Counts, then All. Pressing F5 (refresh) on your keyboard should refresh the system status.

 

reset_counts.jpg

 

A quick look back in System Status for our Management Point, now we can see that it has installed and started properly

 

mp_working.jpg

 

(to speed up the automatic installation of this, you can use ConfigMgr's Service manager and select the SMS_Site_Component_manager server and restart the service.)

 

sms_site_component_manager.jpg

 

If after making the changes above the Management Point role is still complaining about webdav then check the following file in c:\windows\system32\inetsrv\config\schema\WEBDAV_schema.xml (open a command prompt with Run As Administrator to edit the file in notepad). Verify the settings have been applied to this file (even if they are present in the Internet Information services gui), if they are missing, correct them and try again.

Share this post


Link to post
Share on other sites

Step 2. Make sure the System Management container in Active Directory has the correct permissions for SCCM

 

In other words we will make sure the local computer (the server SCCM is running on, in this case WIN-2SDX7MZCDA7) has full access to this particular area in Active Directory. For more info on Creating and configuring the AD system management container For SCCM using Adsiedit described here.

 

Start up the Active Directory Users and Computers console.

 

Make sure that Advanced Features is selected under the View option.

 

ad_avanced_view.jpg

 

Once it is, in the left pane select System, and then scroll down to the System Management Container.

 

system_management.jpg

 

Right-click it and choose properties, then select the Security tab, Verify your SCCM server computer account is listed in the Group or user names, scroll down to check, if it is not there then add it by clicking on Add.

 

security_tab.jpg

 

Click on Object types as in the screenshot below

 

computer.jpg

 

then select computers (by default it's not selected).

 

Click on OK and then click on Advanced to expand the view, then Find now.

 

When you see your server listed, highlight it and click OK. click ok again to add it to the Security tab.

 

server_account_name.jpg

 

Now that we have added it, we need to edit it's security permissions to make sure that the permissions apply to both the Container and descendant (formally child) objects. So let's click on Advanced.

 

child_and_child_objects.jpg

 

At this point you should see your computername listed but with read permissions that apply only to This object only. We are going to change that to Full access to This object and all descendant objects. to do so highlight our computername and click on Edit.

 

editing_permissions.jpg

 

In the window that appears click the drop down menu called Apply onto: and select This object and all descendant objects.

 

Once done, click on Full Control for the Allow permissions and don't forget to select Apply these permissions to objects and /or containers within this container only. Click ok when done.

 

In an enterprise, please verify the correct AD permissions for this container and set them accordingly, for advice on this please visit technet.

 

descendant_objects.jpg

Share this post


Link to post
Share on other sites

Step 3. Publish this site in Active Directory Domain Services

 

Note: In Configuration Manager, Verify that the following setting is set

 

Highlight your SCCM Site right click, choose properties, Advanced.

 

For specify settings for publishing and secure key exchange

 

 

publish.jpg

 

make sure to Select publish this site in active directory domain services

 

 

 

Next step > SCCM 2007 SP1 configuration guide - Part 3

 

The guide covers:-

 

Configuring the Client Agents, setting up client installation methods and configuring discovery methods.

Share this post


Link to post
Share on other sites

Hi there,

 

I followed your guide from installing sql to configuring sccm 2007 but I'm kind of stuck here on this post.

 

2 problems:

- when I'm configuring the management point, it frozen after I clicked the "OK" button

- after I restarted and configure the WebDAV for the all user - read access, it runs ok but then smsexec.exe eat up all the CPU usage

 

What did I do wrong?

Share this post


Link to post
Share on other sites

Hi guys,

I struggled for about 2 days getting SCCM site server up and running and installing the client software on a client in the domain. The Client Push Install did not work for me :(. The ccm.log said ccmexe service started on client machine. But on the client machine, the ccmsetup service started and stopped. The problem was the service manifest and other files were not downloaded in the ccmsetup folder. So, I manually issued ccmsetup /MP:<MP name> /noservice. This worked!

Could anyone let me know why this happens, there is something fishy about the Management Point settings on my site server?

Share this post


Link to post
Share on other sites

Hi,

 

I've been following true our guide and it worked pretty well setting up SCCM.

I'm currently not using the AD schema extension.

So the Question is, is it required to publish the site to AD and create the System Management Container?

Or does it even work without the AD extension installed?

 

I've created a IP Boarder and used AD Systemdiscovery to find my machines.

The Clientpushsetup worked but it couldn't discover the Site.

Trying to Discover the site manually failed with "Automatic site code discovery was unsuccessful"

 

I've searched online and found that the Server Location Point search utilizes WINS, but I manually configured the IP address without any wins addresses.

The solution was to add the Server Location Point server name and disable WINS with the Installation Properties string:

 

SMSSITECODE=<Site CODE> SMSDIRECTORYLOOKUP=NOWINS SMSSLP=<SERVER FQDN>  SMSCACHESIZE=8000

 

So far I've not tried adding a wins server to the IP settings...

 

maybe this will help others...

 

Stephan

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.