Jump to content


Recommended Posts

Hi All,

I have the following problem. Today, we have the SCCM CB1910 Bitlocker Selfservice and the Helpdesk on the SCCM Primary Site Server.
Now, we want to move out, those mainly used services to another server (in our case a distribution server which is located in another data center).

First:
Is this possible, or must those services be located on a Primary Site ?

Second:
How can I get rid of the actual IIS Sites (Self Service and Helpdesk) or move them to another server ?

Third:
What are the prereqs, we have to do, before we move it to the other server (install additional roles, or something like that)

I would appreciate a quick answer.

Florian

Share this post


Link to post
Share on other sites

you can move them by running the powershell script to install the helpdesk and self service desk on another site server, it must have IIS installed along with the prerequisites below

 

  • In version 1910, to create a BitLocker management policy, you need the Full Administrator role in Configuration Manager.

  • To integrate the BitLocker recovery service in Configuration Manager requires a HTTPS-enabled management point. On the properties of the management point, the Client connections setting must be HTTPS.

    Note

    In version 1910, it doesn't support Enhanced HTTP.

  • To use the BitLocker management reports, install the reporting services point site system role. For more information, see Configure reporting.

    Note

    In version 1910, for the Recovery Audit Report to work from the administration and monitoring website, only use a reporting services point at the primary site.

  • To use the self-service portal or the administration and monitoring website, you need a Windows server running IIS. You can reuse a Configuration Manager site system, or use a standalone web server that has connectivity to the site database server. Use a supported OS version for site system servers.

    Note

    In version 1910, only install the self-service portal and the administration and monitoring website with a primary site database. In a hierarchy, install these websites for each primary site.

  • On the web server that will host the self-service portal, install Microsoft ASP.NET MVC 4.0.

  • The user account that runs the portal installer script needs SQL sysadmin rights on the site database server. During the setup process, the script sets login, user, and SQL role rights for the web server machine account. You can remove this user account from the sysadmin role after you complete setup of the self-service portal and the administration and monitoring website.

Share this post


Link to post
Share on other sites

Hi Niall,

thanks for your quick reply.

1. Can you please post the commandlines I have to use for moving those roles to another server ?
2. If I understand correctly, I don't have to prepare something, because:

- I am a full admin in Configuration Manager
- My MPs are all HTTPs enabled
- The reporting service point is on my primary site (here it can stay, or must it be also installed on the Distribution Point, where I want the Helpdesk and SelfService to be ?)
- I only have to install the ASP.NET MVC 4.0 on the Distribution Point, where I want to host the SelfService and the Helpdesk, correct ?
- My user is a sql sysadmin

I would appreciate a quick answer.

Florian

Share this post


Link to post
Share on other sites

Hi Niall,

thanks for your reply.
OK, I installed the Helpdesk and the SelfService on the Distribution Point. How can I now remove the old installation (Helpdesk and Selfservice) from the primary site ?

Can you also tell me, if it is a must to set the ssl settings for both iis sites (Helpdesk and SelfService) to RequireSSL ?

Thanks in advance.

Florian

Share this post


Link to post
Share on other sites

hi Florian, I'd suggest you look inside the powershell script itself, and use switches based on that, here's a hint, post your results here.

And as regards the Bitlocker Management websites being in SSL or not, Microsoft recommends but doesn't require the use of HTTPS for the Bitlocker websites (HTTPS is still required in CM1910 for the MP recovery service endpoint though)

https://docs.microsoft.com/en-us/configmgr/protect/deploy-use/bitlocker/setup-websites

image.png

Share this post


Link to post
Share on other sites

Hi Niall,

thanks for your reply.
I did everything you mentioned, but now I got a really strange error message, when I try to load a report (via the browser URL to the Reportserver):

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)

I tried that from the Reportserver itself, which is hosted on the SCCM Primary Site (The SQL Server is also on that Server - Primary Site)

I don't know why, because if I click on the lock in the browser to see the certificate and its chain, everything looks ok.
Have you got an idea, what I did wrong ?

Thanks in advance.

Florian

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.