anyweb

Introduction UPDATE: please use the newer version of this guide here. This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1802 as of March 29th 2018. How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 1 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 2 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 3 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 4 You can use this multi-part guide to get a hierarchy up and running on Windows Server 2016 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed (for lab use) using manual methods or automated using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it's up to you to choose which method suits you best but I highly recommend automating everything that you can, using PowerShell. Method #1 - Do it manually Method #2 - Automate it with PowerShell Get your lab ready In this guide I assume you have already installed two WorkGroup joined servers with Windows Server 2016 installed, how you install the operating system is up to you. When installing the servers please choose Windows Server 2016 Standard (Desktop Experience). The servers used in this guide are configured as listed below, the SmoothWall (NAT) is optional. Server name: AD01 Server function: Domain Controller Server status: Workgroup joined IPv4 Address: 192.168.9.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.9.199 DNS: 192.168.9.1 Server name: CM01 Server function: Configuration Manager Primary site Server status: Workgroup joined IPv4 Address: 192.168.9.2 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.9.199 DNS: 192.168.9.1 Server name: Smoothwall Server function:Linux firewall Server status: 2 legacy nics eth0: 192.168.9.199 eth1: x.x.x.x (internet facing ip) Step 1. Configure Active Directory Domain Services (ADDS) Note: Perform the following steps on the AD01 server as a Local Administrator. To setup Active Directory Domain Services you could manually click your way through the appropriate wizard in Server Manager or automate it using PowerShell. For your benefit I'll show you both methods below, all you have to do is choose which one suits you. Method #1 - Do it manually Open Server Manager. Click on Add roles and features On the Before You Begin screen click Next For Installation Type select Role-based or Feature-based installation For Server Selection select Select a server from the server pool and choose AD01 For Server Roles select Active Directory Domain Services, when prompted to add features that are required for Active Directory Domain Services select Add Features Select DNS Server, when prompted to add features that are required for DNS Server, accept the changes by clicking on Add Features Continue the the wizard by clicking Next On the Features screen click Next On the AD DS screen click Next On the DNS Server screen click Next On the Confirmation screen click Install and then click on Close After it's finished, perform the Post Deployment Configuration by clicking on Promote this server to a domain controller select the Add a new forest option, give it a root domain name such as windowsnoob.lab.local Next, depending on your requirements set the Forest functional level and Domain functional level, I've selected the default options below however you may want to configure it differently for your hierarchy, For the password field use P@ssw0rd, Click Next when ready, for DNS options, click Next, Next verify the NetBIOS name and click Next To specify the location of the AD DS database, log files and so forth, either accept the defaults, or change them to something that suits your hierarchy and click Next. Next you can review the options (clicking view script will save your actions to a PowerShell script for use later if you wish). Click Next when done. Next, click Install to begin Once it is complete making the changes it will automatically reboot the server Method #2 - Automate it with PowerShell To configure ADDS and DNS automatically, use the ConfigureADDS.ps1 PowerShell script. 1. Copy the script to C:\scripts on AD01 2. Edit the variables in lines 17-24 as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Once the script is run, it will automatically reboot. Step 2. Join CM01 to the domain Note: Perform the following on the ConfigMgr server (CM01) as Local Administrator Method #1 - Do it manually To join the domain manually, login to CM01. Start Windows File Explorer. Right-click on This-PC and choose Properties. The System screen will appear. Click on Change settings to the right of Computer name. For the option To rename this computer or change its domain or workgroup, click Change, click Change and for Member of select Domain, enter the Domain details used in Step 1 and click OK when prompted for credentials, enter them and click OK You'll be welcomed to the Domain. Click OK. And prompted to reboot the computer, Click OK. In the Computer Name/Domain changes screen, click Close then click Restart now when prompted. Method #2 - Automate it with PowerShell To join the domain automatically, use the joindomain.ps1 PowerShell script. 1. Copy the script to C:\Scripts on CM01 2. Edit the variables (lines 16-18) as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Note: If DNS is not set correctly on the CM01 Network Properties, then the Domain Join process will fail. The script checks for success and reports an error if one occurs. If successful it will automatically restart the computer after the Domain Join process is complete. Step 3. Create users (optional) Note: Perform the following on the Active Directory Domain Controller server (AD01) as Administrator Method #1 - Do it manually To create users manually, click on Start and choose Windows Administrative Tools and then select Active Directory Users and Computers. In Active Directory Users and Computers, add new users by expanding <domain name>, select Users and right click, choose New then select User. In the wizard that appears fill in the New Object user details enter the Password details using password P@ssw0rd and click Finish when done Repeat the above process to add remaining users as appropriate for your environment Testuser, used for testing stuff CM_BA, used for building ConfigMgr created images CM_JD, used for joining computers to the domain CM_RS, used for reporting services. CM_CP, used when installing the Configuration Manager Client for Client Push. CM_NAA, (Network Access Account) used during OSD Note: The PowerShell script creates users and makes a user a local admin on the CM01 server. To facilitate the local administrator creation, you'll need to (optionally) manually create a GPO on AD01 called Allow Inbound File and Printer sharing exception which sets Windows Firewall: Allow inbound file and printer sharing exception to Enabled. To Create the GPO on AD01, click the Start menu and choose Windows Administrative Tools, then select Group Policy Management. Expand Group Policy Objects and Right click, choose New and give it a Name: Allow Inbound File and Printer Sharing Exception. In the GPO settings, expand Computer Configuration, Policies, Administrative Templates, then select Network, Network Connections, Windows Firewall and select the Domain Profile. Locate the Windows Firewall: Allow inbound file and printer sharing exception and set it to Enabled. Apply the changes. Here you can see the path to the GPO setting. After creating the GPO, you'll want to limit it to only apply to your ConfigMgr server (or servers). To do that select the Delegation tab of the GPO, and click on Advanced button. Select the Authenticated Users security group and then scroll down to the Apply Group Policy permission and un-tick the Allow security setting. This denies authenticated users from applying this GPO setting Next, click on the Add button, for Select this object type make sure to select Computers from the Object Types and select the group or Computer object that you want to have this policy apply to. Then select the group (e.g. ConfigMgr Servers) and scroll the permission list until you see the Apply group policy option and then tick the Allow permission as shown here. Finally, you need to Link the GPO, to do that, right click on your Domain (in this example it's windowsnoob.lab.local) and select Link an existing GPO and then select the newly created GPO Note: Once the above is completed, please update Group Policy on CM01 using Gpupdate /force prior to running the PowerShell script below. Method #2 - Automate it with PowerShell To create users automatically, use the Create Users Usergroups and OUs in AD.ps1 PowerShell script. Tip: You should edit the script and adjust the variables to your liking, for example if you want to change the default password. You may also want to rem out the MDT and MBAM user/groups that are created and change some of the user names within the script. To rem out a line place a # in front of it. 1. Copy the script to C:\scripts on AD01 2. Edit the variables [lines 79-100] as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Once the script is complete you can browse Active Directory Users and Groups to see the Users and Groups it created. Step 4. Create the System Management Container Note: Perform the following on the Active Directory Domain Controller server (AD01) as Local Administrator For details of why you are doing this see https://docs.microsoft.com/en-us/sccm/core/plan-design/network/extend-the-active-directory-schema Method #1 - Do it manually Open ADSI Edit, click on Action, then Connect To and click Ok, Double Click on Default Naming Context and the DC= that appears below it. Click on the > and scroll down to CN=System. Right Click on CN=System and choose New, Object choose Container from the options, click Next enter System Management as the value. Click Next and then click Finish. Method #2 - Automate it with PowerShell Note: Perform the following on the Active Directory Domain Controller server (AD01) as Local Administrator To create the System Management container automatically, use the Create System Management container.ps1 PowerShell script. Step 5. Delegate Permission Note: Perform the following on the Active Directory Domain Controller server (AD01) as Local Administrator Method #1 - Do it manually Open Active Directory Users and Computers. Click on view, select Advanced Features. Select the System Management Container under System Right click the System Management container, choose All Tasks and Delegate Control. When the Welcome to Delegation of Control Wizard appears click next, then click Add. click on Object Types, select Computers. Type in your Configuration Manager server name (CM01) and click on Check Names, it should resolve. Click Ok Click Next then select Create a Custom Task to Delegate, click Next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected. Click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in Full Control. Tip: Repeat the above process for each site server that you install in a Hierarchy. Method #2 - Automate it with PowerShell To delegate permissions to the System Management container automatically, use the Delegate Permissions.ps1 PowerShell script on AD01. Edit line 24 to point to the ConfigMgr server if you are using a different computer name than CM01. Note: You need to start Windows PowerShell ISE as a user that has Administrative Permissions in AD on the AD01 server. Downloads The scripts used in this guide are available for download here. Unzip to C:\Scripts on both servers. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (AD01 or CM01). Scripts.zip Summary Using PowerShell to automate things leaves more time for yourself and it's fun. Please join me in Part 2 of this multi-part guide where you will configure Windows Server 2016 roles and features and then install SQL Server 2017. Continue to Part 2 of this guide > https://www.windows-noob.com/forums/topic/16116-how-can-i-install-system-center-configuration-manager-current-branch-version-1802-on-windows-server-2016-with-sql-server-2017-part-2/

i can remote in today, ping me when you are online please

i'm still working on this don't worry, please be patient and i'll come back to you as soon as I've something to verify

can you do a teamviewer session with me ?

i'm working with Microsoft PG on this, please email me your cmupdate.log, dataloader.log (and lo_ files) in ZIP format to niall@windows-noob.com and i'll come back to you asap.

i describe how to do this correctly here, please double check my steps against your environment

Mark please contact me via niall@windows-noob.com and i'll ask you to troubleshoot with some queries....

how does your unattend.xml look like ?

without the cmupdate.log and dmpdownloader.log we have nothing to go on, please zip them up (remove sensitive info first if you need) and attach them here.

when you say 'they just don't work', what exactly happens ? if anything ?

ok here's your first issue: failed to get the linked token information. It may not be available. Error 1312 based on the script which we don't have it's probably not good, next if fails on ... Failed to run the action: Join AD Groups. Incorrect function. (Error: 00000001; Source: Windows) but that could relate to the first failure, so what does the error 1312 mean ?

please tell me you are not using domain admin creds to do this ? and secondly can you attach the smsts.log so we can see the exact failure

Configuration Manager 1802 supports ADK 1709 as described here. https://www.niallbrady.com/2018/03/23/what-version-of-the-windows-adk-is-supported-with-system-center-configuration-manager-current-branch-version-1802/

i can do it in about 20 minutes if that works for you, if so, email me the details

if you still need help I can take a look if you can do teamviewer

I saw you were tweeting with Djammmer, so did he provide a fix or shall we continue troubleshooting ?

ok see my other comments above about your errors, until you can login to the sql server it will fail.

can you try rebooting the server, and try again please ?

what i can see in your log Cordell are the following errors.. *** [08001][-2146893051][Microsoft] A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online. [Click and drag to move] *** Failed to connect to the SQL Server, connection type: SMS ACCESS. *** [28000][18456][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'. *** [42000][4060][Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "CM_P03" requested by the login. The login failed. ... ERROR: Failed to renew inventory views and rbac functions Failed to update database. so until you fix the login issues it won't upgrade, is the DB local or remote ?

hi Cordell do you have any custom tables added in SQL for the CM database ? cheers niall

see my reply via email,

i'd recommend offline servicing within SCCM to apply the updates, Build and Capture of Windows 7 is notoriously flakey at best with the huge number of updates available for Windows 7. If you must go with WSUS only, then use MDT to b&c the image as described here.

i'm asking Microsoft PG for comment...

Introduction Managing Windows 10 computers using Microsoft Intune is getting easier and easier. To customize the experience for your Windows 10 users so that they have favorites pre-loaded in Microsoft Edge, you can configure favorites in Edge using Microsoft Intune, and here's how to do it step-by-step. Step 1. Configure some favorites On a Windows 10 virtual machine (don't have one ? create one with this PowerShell script), start up Microsoft Edge, browse to a website (1) by entering it's URL in the address field and then add it as a favorite (2) by clicking on the star. Repeat for as many site's as you want in your favorites. After you've added some favorites you can review the list of saved favorites by clicking on the favorites icon (3) Step 2. Export the custom favorites On the Windows 10 virtual machine, click on the Settings elipse in Microsoft Edge (4) and scroll down to Settings (5) Choose Import from another browser (6) and choose Export to file (7) change the name from Microsoft_Edge_‎03_‎23_‎2018 (the current date) to Favorites (8) The exported favorites are saved as Favorites.html in the Documents folder on the virtual machine. Step 3. Copy the Favorites file to your web server Using whatever method you choose, copy the Favorites.html file to your intranet (or extranet) web server, in the example below I've copied the file to my webserver which hosts this web site, and it just happens to be running on Linux. The file must be readable by the devices you intend to deploy it to, for example my favorites.html file is publicly readable at the following address https://www.windows-noob.com/favorites.html Step 4. Create a Configuration Profile in Intune In Microsoft Intune (in Azure), click on Device Configuration, select Profiles, then create a new profile by clicking on Create Profile. Fill in the following details: Name: Windows 10 - Edge favorites Description: windows-noob.com (c) 2018 Platform: Windows 10 and later Profile type: Device restrictions For Settings, select Edge Browser on the right and for Favorites List enter the URL that you verified above which contains your favorites.html file eg: https://www.windows-noob.com/favorites.html Click on OK when done, and OK again and finally click on Create to create the Configuration Profile. Finally, Assign the profile to a Device group containing Windows 10 devices that you want to target with this policy. Here you can see the profile is assigned to a Group which I've previously created and populated with a Windows 10 device Step 5. Verify the policy on the target device(s) Using a licensed Intune user, logon to one of the devices targeted with the policy and trigger a policy sync (optional, you could just wait an hour or so....) After the device has synced, you should see Browser under Policies. open Microsoft Edge and click on the Favorites icon. It should state "Some settings are managed by your organization" and your previously defined favorites should be listed. Success ! The favorites you defined will have a lock symbol on them so cannot be changed by the user, however the user can add/remove additional favorites of their own and those favorites will not have a lock symbol on them. Related reading How to configure device restriction settings in Microsoft Intune - https://docs.microsoft.com/en-us/intune/device-restrictions-configure Device restrictions Windows 10 - https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10 Summary So there you have it, with Microsoft Intune, you can easily customize Microsoft Edge favorites and deploy them to your Windows 10 devices. cheers niall

There is this what's new page, but i'm not sure about the bug fixes, what issues did you have exactly ?