Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 1. Installation - CAS

Recommended Posts

Introduction

System Center 2012 Configuration Manager was released to General Availability (GA) April 17th, 2012 at MMS 2012. If you've been following my previous series of Step by Step guides on System Center 2012 Configuration Manager (from Beta 1 through to Release Candidate 2) then you'll know where this is going, we are going to install System Center 2012 Configuration Manager in a LAB from scratch and configure it, use it, test it, learn it, love it :-)

This is Part 1 of a new series which will cover the installation, setup, configuration and usage of Microsoft System Center 2012 Configuration Manager. In the guides important Notes will be in RED and useful Tips in BLUE.

Tip: To see the an index of all parts please refer to (and bookmark) this link.

Technet Recommended Reading:-
Release Notes for System Center 2012 Configuration Manager- http://technet.microsoft.com/en-us/library/jj870706.aspx
Fundamentals of Configuration Manager - http://technet.microsoft.com/en-us/library/gg682106.aspx
Supported Configurations for Configuration Manager - http://technet.microsoft.com/en-us/library/gg682077.aspx
Planning for Configuration Manager Sites and Hierarchy - http://technet.microsoft.com/en-us/library/gg682075.aspx
Example Scenarios for planning a simplified Hierarchy - http://technet.microsoft.com/en-us/library/gg712989.aspx

Site and Role Scalability - http://technet.microsoft.com/en-us/library/gg682077#BKMK_SiteAndRoleScale

 

Getting Started with Configuration Manager 2012 - http://technet.microsoft.com/en-us/library/gg682144.aspx
What’s New in Configuration Manager - http://technet.microsoft.com/en-us/library/gg699359.aspx
Planning for Site Systems in Configuration Manager - http://technet.microsoft.com/en-us/library/gg712282.aspx
Install Sites and Create a Hierarchy for Configuration Manager - http://technet.microsoft.com/en-us/library/gg712320.aspx
Technical Reference for Site Communications in Configuration Manager - http://technet.microsoft.com/en-us/library/gg712990.aspx
Migrating from Configuration Manager 2007 to Configuration Manager 2012 - http://technet.microsoft.com/en-us/library/gg682006.aspx
Frequently Asked Questions for Configuration Manager - http://technet.microsoft.com/en-us/library/gg682088.aspx


Site Types

Configuration Manager 2012 introduces the central administration site (often referred to as the CAS) and some changes to primary and secondary sites. The following tables summaries these sites and how they compare to sites in Configuration Manager 2007.

Central administration site
The central administration site coordinates inter-site data replication across the hierarchy by using Configuration Manager database replication. It also enables the administration of hierarchy-wide configurations for client agents, discovery, and other operations. Use this site for all administration and reporting for the hierarchy. You should probably only consider installing a CAS if you intend to manage more than 100,000 clients, why ? because the limit for Primary sites is 100,000 clients so if you want to manage more than that you'll need more than one primary and therefore will need a CAS. There are other reasons for installing or not installing a CAS (and opinions too!) and a quick search on the internet will reveal them.

Note: Here's a blog from from Brian Mason (ConfigMgr MVP). Please read it and re-consider if you really need a CAS. If you think having a CAS helps with failover then think again and please read the following.

Here's some information about a CAS that you need to know:-

  • A central administration site can support up to 25 child primary sites.
  • When using SQL Server Enterprise for the site database at the central administration site, the shared database and hierarchy supports up to 400,000 clients. The maximum number of supported clients per hierarchy depends on the SQL Server edition in the central administration site, and is independent of the SQL Server edition at primary or secondary sites. Configuration Manager supports up to 400,000 clients per hierarchy when you use the default settings for all Configuration Manager features.
  • When you use SQL Server Standard for the site database at the central administration site, the shared database and hierarchy supports up to 50,000 clients. This is because of how the database is partitioned. After you install Configuration Manager, if you then upgrade the edition of SQL Server at the central administration site from Standard to Enterprise, the database does not repartition and this limitation remains.

Although this is the site at the top of the hierarchy in Configuration Manager 2012, it has the following differences from a central site in Configuration Manager 2007:

  • Does not process client data.
  • Does not accept client assignments.
  • Does not support all site system roles.
  • Participates in database replication

Note: Even though you don’t have a Distribution Point on your CAS – make sure that you have enough storage to hold EVERY package that will be in your environment (even packages added directly at child primaries) and that your disks are fast enough to allow processing of every package added to Configuration Manager.

Primary site
Manages clients in well-connected networks. When you use SQL Server that is installed on the same computer as the site server, the primary site can support up to 50,000 clients. When you use SQL Server that is installed on a computer that is remote from the site server, the primary site can support up to 100,000 clients.

 

Note: Each primary site can support up to 250 secondary sites.

 

Primary sites in Configuration Manager 2012 have the following differences from primary sites in Configuration Manager 2007:

  • Additional primary sites allow the hierarchy to support more clients.
  • Cannot be tiered below other primary sites.
  • No longer used as a boundary for client agent settings or security.
  • Participates in database replication.

Secondary site
Controls content distribution for clients in remote locations across links that have limited network bandwidth.
Secondary sites in Configuration Manager 2012 have the following differences from secondary sites in Configuration Manager 2007:

  • SQL Server is required and SQL Server Express will be installed during site installation if required.
  • A proxy management point and distribution point are automatically deployed during the site installation.
  • Secondary sites can be tiered to support content distribution to remote locations.
  • Participates in database replication.

Note: In Production you should most likely not use a CAS unless you are managing over 100,000 clients (as stated above), however being familiar with how a small hierarchy works is good for you to know and it is for that reason that I am doing this series based on a Hierarchy with a CAS. If you want to install a Standalone Primary Server instead please follow my earlier guide here and replace the SQL versions in that post with the SQL versions listed in this post otherwise you may have issues with Reporting amongst other things.

Hardware Requirements
Note: The following page on Technet describes the recommend hardware requirements for site servers in a Hierarchy. Use this information to help plan for hardware requirements for your CAS site server.

Central administration site with the Standard edition of SQL Server

  • SQL Server is located on the site server computer.
  • This configuration supports a hierarchy with up to 50,000 clients

The following hardware is recommended for the above CAS server.

  • 8 cores (Intel Xeon 5504 or comparable CPU)
  • 32 GB of RAM
  • 300 GB of disk space for the operating system, Configuration Manager, SQL Server, and all database files.

Central administration site with the Enterprise or Datacenter edition of SQL Server

  • SQL Server is located on the site server computer
  • This configuration supports a hierarchy with up to 400,000 clients

The following hardware is recommended for the above CAS server.

  • 16 cores (Intel Xeon L5520 or comparable CPU)
  • 64 GB of RAM
  • 1.5 TB of disk space for the operating system, Configuration Manager, SQL Server, and all database files.

Step 1. Create the Lab Environment

 

Note: At the time of writing this guide, Server 2008 R2 was the highest level supported OS, as were the versions of SQL Server posted below, however since then Server 2012R2 (and SQL Server 2012) have become supported, please use Server 2012 R2 and SQL Server 2012 if possible. See this post for the latest Supported Configurations including Operating System Support and SQL server versions.

In previous Guides you've seen how to create a standalone ConfigMgr server. For this guide you are going to create a a small hierarchy in your LAB consisting of a CAS and a Primary.

I use Hyper-v exclusively in my LAB and that's what all these virtual machines will be running on. I chose to install Windows Server 2008 R2 standard as the server OS for the three LAB computers below.

Tip: You can use virtual machines with only 2GB of ram on both the CAS and Primary servers in a small LAB however you will see disc swapping, so if you can, try to use at least 4GB of ram in your LAB site servers as described below, and refer to the Hardware requirements section above for detailed information on site server hardware requirements in production.

Active Directory, DNS, DHCP

  • AD1 512mb, 30gb hdd, server 2008r2sp1 Standard

Central Administration Site Server

  • CAS 4096mb, 127gb hdd, server 2008r2sp1 standard, os on C:\ 30gb part, D:\ rest of drive

Primary Server

  • P01 4096mb, 127gb hdd, server 2008r2sp1 standard, os on C:\ 30gb part, D:\ rest of drive

Once done I joined CAS and P01 to my domain (SERVER2008R2), verified DNS was working correctly via nslookup and was ready to begin the steps below.

Create AD users:
Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

In addition I created some accounts in AD, namely:

* SMSadmin, a domain user
* Testuser, a domain user
* Testuser2, a domain user
* Testuser3, a domain user
* DomJoin, a domain user,(for joining computers to the domain)
* ReportsUser, a domain user for reporting services.
* ClientInstall, a domain user used when installing the Configuration Manager Client for Client Push. This user must be a local administrator on computers you want to install the Configuration Manager Client.
* SCCMNAA, a domain user, (Network Access Account) used during OSD


Create Local Administrator accounts:
Note: Perform the following on the SCCM 2012 server as Local Administrator

On both the CAS and P01 ConfigMgr servers add the SMSadmin and ClientInstall users to the Local Administrators group.

Step 2. Get the ConfigMgr 2012 ISO and extract it

Note: This guide was written when RTM was the only release of Configuration Manager available, since then Service Pack 1 was released, as a result the pre-requisites have changed, for example SP1 requires the ADK to be installed. To see what SP1 requires please review this part of the series.

 

 

Download your Configuration Manager 2012 ISO (I used the following RTM ISO for this Guide as Configuration Manager 2012 Service Pack 1 was not available).

 

SW_DVD5_Sys_Ctr_ConfigMgrClt_ML_2012_MultiLang_Client_SCEP_MLF_X17-95285.ISO) from Technet or MSDN and mount the iso so that you can copy it's contents to a temporary folder on your Active Directory computer (AD1) like so. (If you are using CM12SP1 then name the directory accordingly).

C:\Temp\CM12RTM

cm12rtm temp folder.png

Step 3. Create The System Management Container

Note: Perform the following on the Active Directory Domain Controller as a Domain Administrator.

Open ADSI Edit, click on Action, Connect To and click Ok, Double Click on Default Naming Context and the DC= that appears below it. Click on the + and scroll down to CN=System.

Right Click on CN=System and choose New, Object

adsiedit new object.png

Choose Container from the options, click Next and enter System Management as the value.

system management.png

Click Next and Finish. Press F5 to refresh ADSI Edit and you should now see the new System Management Container.

container made.png

Close ADSI Edit.

Step 4. Delegate Permission to the System Management Container.

Note: Perform the following on the Active Directory Domain Controller as a Domain Administrator

Open Active Directory Users and Computers. Click on view, select Advanced Features.

Select the System Management Container, and right click it, choose All Tasks and Delegate Control.

delegate control.png

When the Welcome to Delegation of Control Wizard appears click next, then click Add. click on Object Types, select Computers. Type in your Configuration Manager server name for the CAS Server (CAS) and click on Check Names, it should resolve.

cas.png

Click Ok, then Next. Choose Create a Custom Task to Delegate, click next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected.

this folder.png

click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in FULL CONTROL

full control.png

click next then Finish.

cas added.png

Repeat all the above steps for P01 (our Primary Server).
p01 added.png

Failure to do the above will mean that the System Management Container in AD will NOT POPULATE with ConfigMgr site info needed by the Clients and you will see many errors in your site status warning you about this.

Note: Repeat the above for Each site server that you install in a Hierarchy.

Step 5. Extend the Active Directory schema for Configuration Manager

Note: Perform the following on the Active Directory Domain Controller as a Domain Administrator

Tip: The Active Directory schema extensions for Configuration Manager 2012 are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for Configuration Manager 2012.

Perform the below on your Active Directory server, simply browse the network to your Active Directory server \\ad1\c$\ and locate the folder where you uncompressed ConfigMgr (temp\CM12RTM) and find \SMSSetup\Bin\x64\Extadsch.exe, right click and choose Run As Administrator.

extadsch.png

A command prompt window will appear briefly as the schema is extended, check in c:\ for a log file called ExtADSch.log it should look similar to this

 

<04-17-2012 21:40:59> Modifying Active Directory Schema - with SMS extensions.
<04-17-2012 21:40:59> DS Root:CN=Schema,CN=Configuration,DC=server2008r2,DC=lab,DC=local
<04-17-2012 21:41:02> Defined attribute cn=MS-SMS-Site-Code.
<04-17-2012 21:41:02> Defined attribute cn=mS-SMS-Assignment-Site-Code.
<04-17-2012 21:41:02> Defined attribute cn=MS-SMS-Site-Boundaries.
<04-17-2012 21:41:02> Defined attribute cn=MS-SMS-Roaming-Boundaries.
<04-17-2012 21:41:02> Defined attribute cn=MS-SMS-Default-MP.
<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Device-Management-Point.
<04-17-2012 21:41:03> Defined attribute cn=MS-SMS-MP-Name.
<04-17-2012 21:41:03> Defined attribute cn=MS-SMS-MP-Address.
<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Health-State.
<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Source-Forest.
<04-17-2012 21:41:03> Defined attribute cn=MS-SMS-Ranged-IP-Low.
<04-17-2012 21:41:03> Defined attribute cn=MS-SMS-Ranged-IP-High.
<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Version.
<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Capabilities.
<04-17-2012 21:41:05> Defined class cn=MS-SMS-Management-Point.
<04-17-2012 21:41:06> Defined class cn=MS-SMS-Server-Locator-Point.
<04-17-2012 21:41:07> Defined class cn=MS-SMS-Site.
<04-17-2012 21:41:07> Defined class cn=MS-SMS-Roaming-Boundary-Range.
<04-17-2012 21:41:08> Successfully extended the Active Directory schema.

<04-17-2012 21:41:08> Please refer to the ConfigMgr documentation for instructions on the manual
<04-17-2012 21:41:08> configuration of access rights in active directory which may still
<04-17-2012 21:41:08> need to be performed. (Although the AD schema has now be extended,
<04-17-2012 21:41:08> AD must be configured to allow each ConfigMgr Site security rights to
<04-17-2012 21:41:08> publish in each of their domains.)


Step 6. Open TCP port 1433 and 4022 for SQL replication

Note: Perform the following on the Active Directory Domain Controller as a Domain Administrator

Start the Group Policy Management tool and create a new GPO.

Note: In the example screenshot below (LAB) I link the GPO to the domain GPO however you should consider creating an OU specifically for your Configuration Manager servers and target this GPO only to that OU (your Configuration Manager servers require this GPO for SQL replication).

create a gpo in this domain.png

Give the GPO a name such as SQL Ports for CM12. When done, right click on the GPO and choose Edit.

edit gpo.png

Select Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security and select Inbound Rules, choose New Rule and follow the wizard for opening up TCP port 1433 as per this guide on Technet. Once done, repeat the above for Port 4022.

tcp ports.png

Step 7. Install .NET 3.5.1 and WCF Activation

Note: Perform the following on the Configuration Manager 2012 servers (CAS and P01) as SMSadmin

In Server Manager select Features, Add Features, Select .NET Framework 3.5.1, also select WCF Activation and when prompted answer Add Required Role Services click next and next again

Verify the following IIS components are installed in addition to the ones preselected by the wizard.

Tip: If you want to know why certain components of IIS are being use then Microsoft explains what you need to install on the following page.




 

Common HTTP Features
Static Content
Default Document
Directory Browsing
HTTP Errors
HTTP Redirection

Application Development
ASP.NET
.NET Extensibility
ASP
ISAPI Extensions
ISAPI Filters

Health and Diagnostics
HTTP logging
Logging tools
Request Monitor
Tracing

Security
Basic Authentication
Windows Authentication
URL Authorization
Request Filtering
IP and Domain Restrictions

Performance
Static Content Compression

Management Tools
IIS Management Console
IIS Management Scripts and Tools
Management Service
IIS 6 Management Compatibilty
IIS 6 Metabase Compatibility
IIS 6 WMI Compatibility
IIS 6 Scripting Tools
IIS 6 Management Console


answer yes to any additional prompts, then Click Next and Install and close when done.

Step 8. Download and install .NET 4

Note: Perform the following on the Configuration Manager 2012 servers (CAS and P01) as SMSadmin

Download .NET 4 from here (webinstall) or here (Standalone). Double click the file, After a while it will complete, Click Finish when done

restart when prompted

Tip: In some scenarios, such as when IIS is installed or reconfigured after the .NET Framework version 4.0 is installed, you must explicitly enable ASP.NET version 4.0. For example, on a 64-bit computer that runs the .NET Framework version 4.0.30319, run the following command:%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe –i –enable

Step 9. Add BITS and Remote Differential Compression

Note: Perform the following on the Configuration Manager 2012 servers (CAS and P01) as SMSadmin

Finally, in Server Manager click on Add Features, place a selection mark in BITS and RDC (Site servers and Distribution Points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison.)

bits and rdc.png


Step 10. Download Microsoft SQL Server 2008 R2 SP1 CU6

Note: Perform the following on the Active Directory server AD1 as an Administrator

The supported versions of SQL Server 2008 and SQL Server 2008 R2 are listed here on Technet:- http://technet.micro...nfigSQLDBconfig

In this guide I will be installing SQL Server 2008 R2 SP1 CU6. The currently supported version for Configuration Manager 2012 is SQL Server 2008 R2 SP1 CU6.

Download the following from Technet:- File Name: en_sql_server_2008_r2_standard_x86_x64_ia64_dvd_521546.iso (4177 MB)

Download Microsoft® SQL Server® 2008 R2 Service Pack 1

Download Cumulative update package 6 for SQL Server 2008 R2 Service Pack 1

Step 11. Install SQL Server 2008 R2

Note: Perform the following on the Configuration Manager 2012 servers (CAS and P01) as SMSadmin

Note: If you use SQL Server Standard, your server will only support 50k clients.

Database collation

The instance of SQL Server in use at each site must use the following collation: SQL_Latin1_General_CP1_CI_AS. (more info below)

SQL Server instance

You must use a dedicated instance of SQL Server for each site.

As we are setting up more than one server with SQL Server, we'll copy the source files to our Active Directory server (AD1) temp folder (C: emp) or to a temp folder on both the CAS and P01 servers and run each install script from the directory where you copied those files, so if installing CU6 then run the script from the directory where the CU6 SQLServer2008R2-KB2679367-x64.exe file is present.

sql copied.png

For SQL Collation note that you must use SQL_Latin1_General_CP1_CI_AS. If you want to change the collation or find out what the collation is set to on an already installed SQL Server please see the following post.

To Install SQL server you can follow this guide but please install SQL on D:\Program Files\Microsoft SQL Server and when running setup.exe right click and choose Run as Administrator, alternatively you can script the installation by using the scripts below. Test them first to make sure you have no typos.

SQL Server 2008 R2 RTM Setup:

This will install to D:\Program Files\Microsoft SQL Server if you don't want to use that location you can change it by changing the /INSTANCEDIR below.

setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,AS,IS,SSMS,TOOLS,BIDS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="D:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ASSVCACCOUNT="NT AUTHORITY\System" /ASSVCSTARTUPTYPE=Disabled /ASSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms

Here's what the script above looks like when run from an Administrative command prompt with the SQL Server DVD in drive Z:

setup with script.png

SQL Server 2008 R2 SP1 Setup:

SQLServer2008R2SP1-KB2528583-x64-ENU.exe /Action=Patch /IAcceptSQLServerLicenseTerms /AllInstances /Quiet

SQL Server 2008 R2 SP1 CU6 Setup:



SQLServer2008R2-KB2679367-x64.exe /Action=Patch /IAcceptSQLServerLicenseTerms /AllInstances /Quiet

Reboot when the above is complete.


SQL Server security

You will also want to think about what security to grant your users, Grant the Server2008r2\Smsadmin the SQL server sysadmin role by adding the user to the SQL server security Logins.

Note: Do this by logging off the server as SMSAdmin, and then logging back on to the server as Administrator, then start up SQL Server Enterprise. See the below screenshot. Make the change, log off, and log back on again as SMSAdmin.

smsadmin sql server roles.png

SQL Memory Configuration.

Depending on your memory configuration and server setup, you may also want to configure SQL memory limits as per the following guidance prior to installing ConfigMgr otherwise you'll get warnings when you run the Server Readiness checks.

  • Configuration Manager requires SQL Server to reserve a minimum of 8 gigabytes (GB) of memory for the central administration site and primary site and a minimum of 4 gigabytes (GB) for the secondary site. This memory is reserved by using the Minimum server memory setting under Server Memory Options and is configured by using SQL Server Management Studio. For more information about how to set a fixed amount of memory, see here.
  • If your SQL Server is configured for unlimited memory usage, you should configure SQL Server memory to have a maximum limit.

Based on the above recommendations i've configured the SQL Server memory for CAS as follows:

cas memory.png



Step 12. Install Configuration Manager 2012 on CAS.

Note: Perform the following on the CAS server as SMSadmin


In windows Explorer, browse to the Active Directory domain controller (AD1) and locate the temp folder where you extracted CM12. Copy the temp folder and all it's contents to C:\ on your CAS server.

cm12 rtm over the network.png

Browse to C:\Temp\CM12RTM on your CAS server, and double click on splash.hta the System Center 2012 Configuration Manager Setup screen appears, note the various options available to you.

cm12 wizard.png

Click on the Assess Server Readiness link and answer yes when prompted. This allows you to do a quick check to see that you havn't forget anything important or that you are not running some unsupported setup. Provided that you've followed my advice above, you should see something similar to below, warnings are in Yellow and you can click on them for more info.

 

Note: This guide was written when RTM was the only release of Configuration Manager available, since then Service Pack 1 was released, as a result the pre-requisites have changed, for example SP1 requires the ADK to be installed. To see what SP1 requires please review this part of the series.

wsus sdk.png

we will be installing WSUS later in the series so we can ignore this warning. Click ok to close the Server Readiness Check.

Tip: The ConfigMgrPrereq.log file will provide more details about the checks performed etc, you can find this in the root of c:\, open the file in CMTrace for best viewing results.

After you have read the release notes, click on Install to start the installation process.

install.png

The Before you Begin screen is displayed, read it and click Next to continue

before you begin.png

we are installing a Central Administration Site so select that option and click next

install a cas.png

next enter your Product key and click next or if you just want to evaluate the software select the first option

product key.png

and accept the License terms to continue

eula.png

next up are the SQL Server R2 Express and Microsoft Silverlight license terms, select them to continue..

sql server license.png
Select the file location for the Configuration Manager prerequisite downloads (internet connection required) or point to previously downloaded files. Note that you need to create this folder prior to clicking next.

Tip: If you don't have an internet connection on your Configuration Manager server then you can download the required updates on another computer by doing like so:-

  • Open a command prompt with administrative permissions
  • Navigate to .\Configuration Manager 2012 Install source\smssetup\bin\X64
  • Run SetupDL.exe target dir (as in the example below, SetupDL.exe C:\Temp\downloads)

c temp downloads.png

click Next and the downloading begins,

downloading updates.png

and then you can select the Language that you want the Configuration Manager Server console and reports to appear in

language.png

and then the Client Languages that you wish to support

client languages.png

fill in your desired Site Code and name, and install it to D:\, make sure you are happy with the choices as you can't change them later...also make sure you are not using a reserved site code name

site code and name.png

next you have the Database Information screen, verify everything is ok,

database info.png

and where do you want to install the SMS Provider, select the default and continue

sms provider.png

if you are interested in CEIP join it, if not, don't. It helps Microsoft to improve their products via feedback.

ceip.png

review the Summary

summary.png

click next and the Prerequisite check runs, we did this already so all should be good, click Begin Install to start installing

begin install.png

TIP: now is a very good time to look at the C:\ConfigMgrSetup.log with CMtrace, watch it for any errors (in Red)

configmgrsetup.png

The installation of System Center 2012 Configuration Manager begins nd you can review the overall progress

installation overall progress.png

after a long install (approximately 45 minutes to one hour or so depending on the speed of your hardware) you should see the installer finish, verify all progress is listed in Green (scroll up and down) and if all is ok click on Close.

cm12 done.png

reboot the Configuration Manager server and then login again as SMSadmin, start the Configmgr console,

cas done.png

Congratulations, you've now installed a Configuration Manager central administration site. In the next part of this series we will install the Primary server and start configuring it.

  • Like 4

Share this post


Link to post
Share on other sites

I have a question about step # 1. Why create all these accounts?

 

More specifically... I don't understand what is the need for this account - SMSadmin. Why not use a domain admin account for all these installs?

Share this post


Link to post
Share on other sites

More specifically... I don't understand what is the need for this account - SMSadmin. Why not use a domain admin account for all these installs?

 

using a domain admin account for the SMSAdmin user would be a huge security risk and is definetly not best practice, create the SMSadmin user using any username you wish (SMSadmin is easy to remember..) and the user should just be a regular domain user, adding them as local administrator on the configuration manager server(s) is sufficient for our needs.

 

the other accounts listed as used to get the job done, test users are for testing things, domjoin for joining the domain during OSD

Share this post


Link to post
Share on other sites

Hi!

 

Excellent tutorial! I tried installing it by myself before I found this guide and had problems with the prerequisite check regarding collation and user rights. I tried following your guide with the exception that I used my existing DC in a lab I have, I created two brand new machines for the installation of SCCM. All is well untill I get to the following prerequisite check:http://dl.dropbox.com/u/5041604/P01.png

 

The sccm log has the following information:

 

INFO: File hash check successfully for DeviceClient_WinCE7.0_X86.CAB $$<Configuration Manager Setup><05-09-2012 12:38:24.401-120><thread=2652 (0xA5C)>

INFO: setupdl.exe: Finish $$<Configuration Manager Setup><05-09-2012 12:38:24.401-120><thread=2924 (0xB6C)>

INFO: Attempting to load resource DLL... $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Registered type P01.CHRISTIANHAUGEN.COM MSSQLSERVER\MASTER for P01.christianhaugen.com MSSQLSERVER\master $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Registered type SMS Master for P01.christianhaugen.com MSSQLSERVER\master $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Registered type P01.CHRISTIANHAUGEN.COM MSSQLSERVER\CM_CHK for P01.christianhaugen.com MSSQLSERVER\CM_CHK $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Registered type SMS ACCESS for P01.christianhaugen.com MSSQLSERVER\CM_CHK $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Attempting to load resource DLL... $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Prerequisite rules for primary site fresh installation are being run. $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=1504 (0x5E0)>

INFO: File \\P01.christianhaugen.com\admin$\sms_lanman_test_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=1504 (0x5E0)>

INFO: Verifying Configuration Manager Active Directory Schema Extensions. $$<Configuration Manager Setup><05-09-2012 12:39:07.597-120><thread=1504 (0x5E0)>

INFO: Found DS Root:CN=Schema,CN=Configuration,DC=christianhaugen,DC=com~ $$<Configuration Manager Setup><05-09-2012 12:39:07.628-120><thread=1504 (0x5E0)>

INFO: Verifying Configuration Manager Active Directory Domain Function Level. $$<Configuration Manager Setup><05-09-2012 12:39:07.628-120><thread=1504 (0x5E0)>

INFO: Found Domain Function level: 4~ $$<Configuration Manager Setup><05-09-2012 12:39:07.644-120><thread=1504 (0x5E0)>

The installed WSUS build (0.0.0.0) does not have the valid and supported WSUS Administration DLL assembly version. Please install WSUS 3.0 SP2 (minimum 3.1.6001.65) or above~ $$<Configuration Manager Setup><05-09-2012 12:39:07.800-120><thread=1504 (0x5E0)>

CWmi::GetFirstObjectFromQuery() : IEnumWbemClassObject->Next() returned zero objects. - 0x80004005~ $$<Configuration Manager Setup><05-09-2012 12:39:08.222-120><thread=1504 (0x5E0)>

INFO: File \\P01.christianhaugen.com\admin$\sms_get_ADPERMS_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:39:08.238-120><thread=1504 (0x5E0)>

CSql Error: Cannot find type data, cannot get a connection. $$<Configuration Manager Setup><05-09-2012 12:39:15.945-120><thread=1504 (0x5E0)>

*** [08001][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]Invalid connection. $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)>

*** [01000][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]ConnectionOpen (ParseConnectParams()). $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)>

*** Failed to connect to the SQL Server. $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)>

*** [08001][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]Invalid connection. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

*** [01000][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]ConnectionOpen (ParseConnectParams()). $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

*** Failed to connect to the SQL Server. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

ERROR: The current user does not have administrative rights on computer: P01.christianhaugen.com. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

ERROR: Prerequisite checking stopped on this machine. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

INFO: File \\P01.christianhaugen.com\admin$\sms_client_test_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:41:19.167-120><thread=1504 (0x5E0)>

INFO: P01.christianhaugen.com is a 64 bit operating system. $$<Configuration Manager Setup><05-09-2012 12:41:26.952-120><thread=1504 (0x5E0)>

 

I installed the sql database with the correct collation, and I have tried to change the collation of the individual database as well as I create it. I used the smsadmin user that your mentioned, but also set the sql running accounts as the domain administrator just to see if that worked and I still got the same error. Have you got any idea what might be causing this?

 

Thanks in advance!!

post-15998-0-97064900-1336660768_thumb.png

Share this post


Link to post
Share on other sites

When we install any application, for example an antivirus software - like McAfee on a server...we need admin rights on the server. I can logon using my domain admin credentials and install that application. That software usually does NOT run using my domain admin credentials.

 

How is SCCM 2012 any different?

 

I guess I need to understand what the SMSAdmin user is really for.

Is it a service account [meaning SCCM will be running under that account]?

 

Even if that is true...why the need to logon using SMSAdmin to do the install. Just do the install using any user who has enough rights and then change the services to run under SMSAdmin.

 

.......or I am totally missing something?

 

 

using a domain admin account for the SMSAdmin user would be a huge security risk and is definetly not best practice, create the SMSadmin user using any username you wish (SMSadmin is easy to remember..) and the user should just be a regular domain user, adding them as local administrator on the configuration manager server(s) is sufficient for our needs.

 

the other accounts listed as used to get the job done, test users are for testing things, domjoin for joining the domain during OSD

Share this post


Link to post
Share on other sites

Hi!

 

Excellent tutorial! I tried installing it by myself before I found this guide and had problems with the prerequisite check regarding collation and user rights. I tried following your guide with the exception that I used my existing DC in a lab I have, I created two brand new machines for the installation of SCCM. All is well untill I get to the following prerequisite check:http://dl.dropbox.com/u/5041604/P01.png

 

The sccm log has the following information:

 

INFO: File hash check successfully for DeviceClient_WinCE7.0_X86.CAB $$<Configuration Manager Setup><05-09-2012 12:38:24.401-120><thread=2652 (0xA5C)>

INFO: setupdl.exe: Finish $$<Configuration Manager Setup><05-09-2012 12:38:24.401-120><thread=2924 (0xB6C)>

INFO: Attempting to load resource DLL... $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Registered type P01.CHRISTIANHAUGEN.COM MSSQLSERVER\MASTER for P01.christianhaugen.com MSSQLSERVER\master $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Registered type SMS Master for P01.christianhaugen.com MSSQLSERVER\master $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Registered type P01.CHRISTIANHAUGEN.COM MSSQLSERVER\CM_CHK for P01.christianhaugen.com MSSQLSERVER\CM_CHK $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Registered type SMS ACCESS for P01.christianhaugen.com MSSQLSERVER\CM_CHK $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Attempting to load resource DLL... $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)>

INFO: Prerequisite rules for primary site fresh installation are being run. $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=1504 (0x5E0)>

INFO: File \\P01.christianhaugen.com\admin$\sms_lanman_test_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=1504 (0x5E0)>

INFO: Verifying Configuration Manager Active Directory Schema Extensions. $$<Configuration Manager Setup><05-09-2012 12:39:07.597-120><thread=1504 (0x5E0)>

INFO: Found DS Root:CN=Schema,CN=Configuration,DC=christianhaugen,DC=com~ $$<Configuration Manager Setup><05-09-2012 12:39:07.628-120><thread=1504 (0x5E0)>

INFO: Verifying Configuration Manager Active Directory Domain Function Level. $$<Configuration Manager Setup><05-09-2012 12:39:07.628-120><thread=1504 (0x5E0)>

INFO: Found Domain Function level: 4~ $$<Configuration Manager Setup><05-09-2012 12:39:07.644-120><thread=1504 (0x5E0)>

The installed WSUS build (0.0.0.0) does not have the valid and supported WSUS Administration DLL assembly version. Please install WSUS 3.0 SP2 (minimum 3.1.6001.65) or above~ $$<Configuration Manager Setup><05-09-2012 12:39:07.800-120><thread=1504 (0x5E0)>

CWmi::GetFirstObjectFromQuery() : IEnumWbemClassObject->Next() returned zero objects. - 0x80004005~ $$<Configuration Manager Setup><05-09-2012 12:39:08.222-120><thread=1504 (0x5E0)>

INFO: File \\P01.christianhaugen.com\admin$\sms_get_ADPERMS_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:39:08.238-120><thread=1504 (0x5E0)>

CSql Error: Cannot find type data, cannot get a connection. $$<Configuration Manager Setup><05-09-2012 12:39:15.945-120><thread=1504 (0x5E0)>

*** [08001][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]Invalid connection. $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)>

*** [01000][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]ConnectionOpen (ParseConnectParams()). $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)>

*** Failed to connect to the SQL Server. $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)>

*** [08001][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]Invalid connection. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

*** [01000][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]ConnectionOpen (ParseConnectParams()). $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

*** Failed to connect to the SQL Server. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

ERROR: The current user does not have administrative rights on computer: P01.christianhaugen.com. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

ERROR: Prerequisite checking stopped on this machine. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)>

INFO: File \\P01.christianhaugen.com\admin$\sms_client_test_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:41:19.167-120><thread=1504 (0x5E0)>

INFO: P01.christianhaugen.com is a 64 bit operating system. $$<Configuration Manager Setup><05-09-2012 12:41:26.952-120><thread=1504 (0x5E0)>

 

I installed the sql database with the correct collation, and I have tried to change the collation of the individual database as well as I create it. I used the smsadmin user that your mentioned, but also set the sql running accounts as the domain administrator just to see if that worked and I still got the same error. Have you got any idea what might be causing this?

 

Thanks in advance!!

 

what exact version of SQL server did you install ? when running the SPLASH.HTA are you logged in as a domain user or as local administrator ?

Share this post


Link to post
Share on other sites

When we install any application, for example an antivirus software - like McAfee on a server...we need admin rights on the server. I can logon using my domain admin credentials and install that application. That software usually does NOT run using my domain admin credentials.

 

How is SCCM 2012 any different?

 

I guess I need to understand what the SMSAdmin user is really for.

Is it a service account [meaning SCCM will be running under that account]?

 

Even if that is true...why the need to logon using SMSAdmin to do the install. Just do the install using any user who has enough rights and then change the services to run under SMSAdmin.

 

.......or I am totally missing something?

 

I'm a little unsure of this too. I can understand the need for the domain user (local admin on clients) for the client installer but not sure how using the SMSAdmin as opposed to domain admin is any more secure in the sense of installing the SCCM & SQL software.

 

Having said that though isn't it best practice to only use Domain Admins accounts as and when you need them as opposed to all the time (which I'm guilty of doing unfortunately)?

Share this post


Link to post
Share on other sites

Hey there,

 

Long time lurker, first time poster.

 

I seem to be having issues with the PXE deployment aspect of SCCM 2012 RTM.

 

I have deployed both boot images (x64 and x86). They are also listed as successful in the summary field.

The network access account is clearly defined, and has domain access.

I have tried adding a premade .WIM image created using ImageX, as well as creating a Operating System Images job using the source files from a Win7 ISO.

Our clients get their IP from DHCP, and PXE is enabled on the SCCM server.

 

No matter what I do, our clients will not boot into PXE.

They get the error 'No boot file name recieved'.

I have even tried defining the PXE server on the DHCP server using options 66 and 77.

Note: The PXE server (sccm) and DHCP servers are different servers.

 

We did have an AltirisPXE server running on the same domain, but it has been deactivated for SCCM testing.

 

From the %installdir%\Logs\distmgr.log file, the only error I see when I distribute the packages is the following (taken directly from the log)

 

ExpandPXEImage: C0100004, 1184 SMS_DISTRIBUTION_MANAGER 18/05/2012 10:36:44 AM 1540 (0x0604)

Expanding C:\SCCMContentLib\FileLib\E4AD\E4AD46A6C40964E4C07C8D7499C4FEE2DD90BAEE0DC0071A7C7293EAE3B6211C from package C0100004 SMS_DISTRIBUTION_MANAGER 18/05/2012 10:36:44 AM 1540 (0x0604)

Finding Wimgapi.Dll SMS_DISTRIBUTION_MANAGER 18/05/2012 10:36:44 AM 1540 (0x0604)

 

Found WAIK upgrade code SMS_DISTRIBUTION_MANAGER

WIMApplyImage failed for C:\SCCMContentLib\FileLib\E4AD\E4AD46A6C40964E4C07C8D7499C4FEE2DD90BAEE0DC0071A7C7293EAE3B6211C to C:\RemoteInstall\SMSTempBootFiles\C0100004 SMS_DISTRIBUTION_MANAGER

ExtractPXEImage failed; 0x80070522 SMS_DISTRIBUTION_MANAGER

 

Apparently this has to do with UAC being enabled, or that the user that is trying to access the folder requires elevated privledges to process the command.

However, as a temporary measure, I have given the USERS group full access to the folders, source and destination.

 

Oddly enough, I am able to deploy software without problems. Which I would have thought would need the same access in order to deploy.

 

Any help would be greatly appreciated. I'm racking my brain over this.

 

 

Regards,

Luke

Share this post


Link to post
Share on other sites

I'm a little unsure of this too. I can understand the need for the domain user (local admin on clients) for the client installer but not sure how using the SMSAdmin as opposed to domain admin is any more secure in the sense of installing the SCCM & SQL software.

 

Having said that though isn't it best practice to only use Domain Admins accounts as and when you need them as opposed to all the time (which I'm guilty of doing unfortunately)?

 

When you have multiple staff administrating your SCCM servers, like we do where I work it is helpful to do your SCCM server installs under the one account.

 

That way if anyone leaves or you have multiple people working on the install over the course of time, it is all done under the same account. You can then also use that same account x months down the track when you then have to install any other patch/hotfix/update rollup.

Share this post


Link to post
Share on other sites

When we install any application, for example an antivirus software - like McAfee on a server...we need admin rights on the server. I can logon using my domain admin credentials and install that application. That software usually does NOT run using my domain admin credentials.

 

How is SCCM 2012 any different?

 

I guess I need to understand what the SMSAdmin user is really for.

Is it a service account [meaning SCCM will be running under that account]?

 

Even if that is true...why the need to logon using SMSAdmin to do the install. Just do the install using any user who has enough rights and then change the services to run under SMSAdmin.

 

.......or I am totally missing something?

 

 

Microsoft recommends that you always use a seperate account to install applications and that even your user credentials should not be a part of the Domain Administrators group. Also remember that when you use a SMSAdmin account it is installed under that service accounts security context. So if the user that installed SCCM is disabled/removed it will keep a clean install.

 

I'm a little unsure of this too. I can understand the need for the domain user (local admin on clients) for the client installer but not sure how using the SMSAdmin as opposed to domain admin is any more secure in the sense of installing the SCCM & SQL software.

 

Having said that though isn't it best practice to only use Domain Admins accounts as and when you need them as opposed to all the time (which I'm guilty of doing unfortunately)?

 

The SMSAdmin account is part of the BUILTIN/Administrators group in these instructions. You could do it either way but i think he wants to present the instructions from a "best practices" standpoint.

 

And yes you should use seperate a Domain Admin from your user account...but who does that.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.