how can I setup ISS for SCCM 2007 in Windows Server 2008

[anyweb]

Part 1. Add the Web Server role to Windows Server 2008

 

This guide assumes that you have first installed Windows Server 2008 and configured it for Active Directory (AD) and setup a working DHCP server. Steps 1 and 2 of this guide will show you how to setup and configure both the AD role and the DHCP role. Once done you can continue below.

 

If you would like to read the Official Microsoft documentation for setting up IIS with Webdav then please read this

 

 

Add the Web Server role (IIS 7) to Windows Server 2008.

 

Click on Start, choose Server Manager, scroll down to Roles Summary and choose Add roles

 

 

at the Before you begin page, click next

 

 

in the Server Roles page, click on Web Server IIS

 

 

a window will appear notifying you that some required features also need to be installed

 

click on Add required features

 

 

at this point you can now click on Next in the Server roles page...

 

 

you'll get an Introduction about Web Server IIS and how it integrates with Windows Server, click next to continue

 

 

now we have to select the role services to install for IIS

 

under Application Development place a checkmark in ASP.NET

 

an additional window will pop up telling us that the following roles and features are also installed

 

Application Development

ISAPI Extensions

ISAPA Filters

.NET Extensibility

 

Windows Process Activation Service

.NET Environment

 

click on Add Required Role Services

 

 

Click on Next when done

 

review the confirmation screen and click Install to continue

 

 

Once done review the results pane

 

 

click Close to exit

 

The Web Server (IIS) role should now appear in Server Manager Roles Summary.

 

 

if you open a web-browser and enter the following address http://localhost you should see the nice IIS 7 welcome screen

 

[anyweb]

Part 2. Download and install Webdav for IIS 7

 

 

Note: If you are using Server 2008 R2 which has Webdav 7.5 then read this post first

 

 

 

An important note from Microsoft:-

 

Enabling WebDAV and modifying the requestFiltering section for the Web site increases the attack surface of the computer. Enable WebDAV only when required for management points and BITS-enabled distribution points. If you enable WebDAV on the default Web site, it is enabled for all applications using the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. For more information, see Best Practices for Securing Site Systems.

 

pick your version below

 

Microsoft WebDAV Extension for IIS 7.0 (x64)

 

or

 

Microsoft WebDAV Extension for IIS 7.0 (x86)

 

 

Accept the license agreement and let it install itself

 

 

Once we have installed Webdav, we need to Enable WebDAV Publishing Using the IIS Manager.

 

 

 

Enabling WebDAV Publishing Using the IIS Manager.

 

 

Startup IIS Manager and in the Connections pane, expand the Sites node in the tree, then click the Default Web Site, then double-click the WebDAV Authoring Rules icon.

 

 

 

Click enable webdav in the Actions pane on the right side

 

 

Once you've clicked it it will then say 'Disable webdav' so be sure not to click there again, now we need to click the Add Authoring Rule task in the Actions pane and set your options as below

 

 

That's it, you've now enabled WebDAV authoring in IIS 7. We will return to Webdav later in the guide, if you want to do them now then read Step 1 of this post or just continue with the below as we will get to it later anyway.

[anyweb]

Part 3. Verify that you have Authorization and Authentication configured

 

In IIS Manager, click on Default Web Site in the left pane, and choose the Authentication icon under IIS.

 

 

in this example (default install of IIS 7 in Windows Server 2008) we can see the following Authentication types are installed

 

Anonymous Authentication - Enabled

ASP.NET Impersonation - Disabled

Forms Authentication - Disabled

 

 

We want to add Basic Authentication and Windows Authentication to proceed further. To do this Click on Server Manager and scroll down to Roles Summary.

 

 

Click on Web Server (IIS) and scroll down to Role Services.

 

 

In this example both Basic and Windows Authentication are not installed, so let's install them. click on Add role services in the actions pane to the right.

 

 

scroll down to security and put a check mark in Basic and Windows Authentication, click next.

 

 

confirm your selections

 

 

and click install, once done you'll see a results screen

 

 

At this point you can close the IIS server manager, restart the World Wide Web Publishing Service service (W3SVC) and go back into the IIS server manager, when you click on Default Web Site now and the Authentication icon, you should see the two new authentication methods added.

 

 

Right click on Windows Authentication and choose Enable (Note: You can use Basic Authentication with WebDAV, but the WebDAV redirector will only use Basic Authentication with SSL connections, so we will not be using it here, I just installed it so that you were aware of it.)

 

 

 

 

In IIS Manager, click the Default Web Site under the Sites node in the tree, Double-click the Authorization rules icon.

 

 

NOTE: if (like me) you do not see the Authorization rules icon (feature) then go back into Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Security, check if URL Authorization is installed, if it is not installed, click on Add role Services in the right pane and install it,

 

 

 

 

then restart the Internet Information Services (IIS) Manager. The icon (feature) should now appear....

 

 

When the Authorization feature opens, make sure that an Allow rule is defined that includes the administrator account. IE: the default rule for IIS allowing access to All Users will include the administrator account.

 

 

you can now test logging into your WebDav site using your administrator account by opening a command prompt and typing this

 

net use * http://localhost/

 

after a few moments you should see a result like this

 

C:\Users\Administrator>net use * http://localhost/

Drive Z: is now connected to http://localhost/.

 

The command completed successfully.

 

If you don't see the above, for example if you get a an error like this

 

"System error 67 has occurred." The network name cannot be found.

 

then install the Desktop Experience Feature using the Add Features Wizard) reboot the server and try again. The reason we need the Desktop Experience feature installed in Server 2008 is because it will install the Webclient service which is required for this.

 

 

Note: if you now get a new error which states

 

 

System error 1920 has occurred. The file cannot be accessed by the system.

 

 

Then you must open up IIS Manager, click on Default Web Site, and go into the WebDav Authoring Rules and add the current user you are attempting to do this as (eg: add user DOMAIN\user). See below screenshot.

 

 

Tip: for a list of webdav errors and solutions to resolving them see this page

 

so now we have mapped drive Z: to the WebDav site, using the administrator account and using the authorization rules we setup above, we have read/write/source acccess to the directory.

[anyweb]

Part 4. Install the IIS 6 Management compatibility

 

Open Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Management Tools, check if IIS 6 Management Compatibility is installed, if it is not installed, click on Add role Services in the right pane and install it.

 

 

click next to confirm the install, and then Install.

 

 

 

 

 

Part 5. Install the BITS Server Extensions

 

Open Server Manager, select Features

 

 

click on Add Features, and placed a checkmark in the BITS Server Extensions box

 

 

when the 'add role services required for BITS Server Extensions' query comes up, click on Add required role services

 

 

click next to proceed

 

 

you'll get an IIS introduction, click next

 

 

review the new choices it's made for you and click next

 

 

confirm the selections it made, and click install

 

 

finally you should see BITS installation successful

 

 

 

 

Part 6. Add ASP (required for ConfigMgr Reporting Point to function)

 

Open Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Application Development, verify that ASP is installed, if it isn't, install it.

 

 

 

Summary

 

The following Web Server role services should be installed.

 

IIS Role Services

 

Web Server

Common HTTP Features

Static Content

Default Document

Directory Browsing

HTTP Errors

HTTP Redirection

 

Application Development

ASP.NET

.NET Extensibility

ASP

ISAPI Extensions

ISAPI Filters

 

Health and Diagnostics

HTTP logging

Logging tools

Request Monitor

Tracing

 

Security

Basic Authentication

Windows Authentication

URL Authorization

Request Filtering

IP and Domain Restrictions

 

Performance

Static Content Compression

 

Management Tools

IIS Management Console

IIS Management Scripts and Tools

Management Service

IIS 6 Management Compatibilty

IIS 6 Metabase Compatibility

IIS 6 WMI Compatibility

IIS 6 Scripting Tools

IIS 6 Management Console

[Guest itismike]

Hi anyweb,

 

We followed your guide to install and configure SCCM a few months ago. Now we are attempting to build another similar environment, but you've moved on! Is there any place I can look to find the original steps to configure things based on Server 2003 with IIS 6?

[anyweb]

try this link, does it help ?

 

cheers

anyweb

[Guest itismike]

It does! Thank you for the immediate reply! Are the other steps for the rest of the 2003 SCCM configuration available somewhere or do you just recommend extrapolating the steps from the 2008 guides?

[anyweb]

just use the 2008 guides i have, it should be pretty much the same,. if you run into any problems raise a new post here and we'll deal with it

[Guest itismike]

Still running into problems following the 2008 guides. I remember we created accounts for SMS_SiteSystemToSiteServerConnection_xxx. Was that covered in the 2003 guide but not in the 2008 guide? Isn't it still necessary?

[Guest itismike]

in case anyone stumbles upon this, the answer to my last question is at the top of this page: http://www.windows-noob.com/forums/index.php?showtopic=489

[TheProfessor]

Hey Brother,

 

I read you step be step guide to installing sccm on server 2008. After installing the webdav and testing with the "net use * http://localhost" i get a

 

System error 67 has occured.

The Network name is cannot be found.

 

I can browse to the localhost perfectly. I just get this when I test. I tried playing with the permissions but still nothing. Please help?

 

Thank You friend,

 

Anthony