Jump to content


anyweb

how can I setup ISS for SCCM 2007 in Windows Server 2008

Recommended Posts

Part 1. Add the Web Server role to Windows Server 2008

 

This guide assumes that you have first installed Windows Server 2008 and configured it for Active Directory (AD) and setup a working DHCP server. Steps 1 and 2 of this guide will show you how to setup and configure both the AD role and the DHCP role. Once done you can continue below.

 

If you would like to read the Official Microsoft documentation for setting up IIS with Webdav then please read this

 

 

Add the Web Server role (IIS 7) to Windows Server 2008.

 

Click on Start, choose Server Manager, scroll down to Roles Summary and choose Add roles

 

add_roles.jpg

 

at the Before you begin page, click next

 

before_you_begin.jpg

 

in the Server Roles page, click on Web Server IIS

 

WEB_SERVER_IIS.jpg

 

a window will appear notifying you that some required features also need to be installed

 

click on Add required features

 

add_required.jpg

 

at this point you can now click on Next in the Server roles page...

 

next.jpg

 

you'll get an Introduction about Web Server IIS and how it integrates with Windows Server, click next to continue

 

iis_intro.jpg

 

now we have to select the role services to install for IIS

 

under Application Development place a checkmark in ASP.NET

 

an additional window will pop up telling us that the following roles and features are also installed

 

Application Development

ISAPI Extensions

ISAPA Filters

.NET Extensibility

 

Windows Process Activation Service

.NET Environment

 

click on Add Required Role Services

 

add_required_role_services.jpg

 

Click on Next when done

 

review the confirmation screen and click Install to continue

 

install.jpg

 

Once done review the results pane

 

results.jpg

 

click Close to exit

 

The Web Server (IIS) role should now appear in Server Manager Roles Summary.

 

web_server_roles.jpg

 

if you open a web-browser and enter the following address http://localhost you should see the nice IIS 7 welcome screen

 

welcome.png

Share this post


Link to post
Share on other sites

Part 2. Download and install Webdav for IIS 7

 

 

Note: If you are using Server 2008 R2 which has Webdav 7.5 then read this post first

 

 

 

An important note from Microsoft:-

 

Enabling WebDAV and modifying the requestFiltering section for the Web site increases the attack surface of the computer. Enable WebDAV only when required for management points and BITS-enabled distribution points. If you enable WebDAV on the default Web site, it is enabled for all applications using the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. For more information, see Best Practices for Securing Site Systems.

 

pick your version below

 

Microsoft WebDAV Extension for IIS 7.0 (x64)

 

or

 

Microsoft WebDAV Extension for IIS 7.0 (x86)

 

webdav.jpg

 

Accept the license agreement and let it install itself

 

webdav_done.jpg

 

Once we have installed Webdav, we need to Enable WebDAV Publishing Using the IIS Manager.

 

 

 

Enabling WebDAV Publishing Using the IIS Manager.

 

 

Startup IIS Manager and in the Connections pane, expand the Sites node in the tree, then click the Default Web Site, then double-click the WebDAV Authoring Rules icon.

 

enable_webdav.jpg

 

 

Click enable webdav in the Actions pane on the right side

 

enable_webdav2.jpg

 

Once you've clicked it it will then say 'Disable webdav' so be sure not to click there again, now we need to click the Add Authoring Rule task in the Actions pane and set your options as below

 

authoring_options.jpg

 

That's it, you've now enabled WebDAV authoring in IIS 7. We will return to Webdav later in the guide, if you want to do them now then read Step 1 of this post or just continue with the below as we will get to it later anyway.

Share this post


Link to post
Share on other sites

Part 3. Verify that you have Authorization and Authentication configured

 

In IIS Manager, click on Default Web Site in the left pane, and choose the Authentication icon under IIS.

 

check_authentication.jpg

 

in this example (default install of IIS 7 in Windows Server 2008) we can see the following Authentication types are installed

 

Anonymous Authentication - Enabled

ASP.NET Impersonation - Disabled

Forms Authentication - Disabled

 

authentication.jpg

 

We want to add Basic Authentication and Windows Authentication to proceed further. To do this Click on Server Manager and scroll down to Roles Summary.

 

roles_summary.jpg

 

Click on Web Server (IIS) and scroll down to Role Services.

 

role_services.jpg

 

In this example both Basic and Windows Authentication are not installed, so let's install them. click on Add role services in the actions pane to the right.

 

add_role_services.jpg

 

scroll down to security and put a check mark in Basic and Windows Authentication, click next.

 

basic_and_windows.jpg

 

confirm your selections

 

confirm_selections.jpg

 

and click install, once done you'll see a results screen

 

add_role_done.jpg

 

At this point you can close the IIS server manager, restart the World Wide Web Publishing Service service (W3SVC) and go back into the IIS server manager, when you click on Default Web Site now and the Authentication icon, you should see the two new authentication methods added.

 

auth_added.jpg

 

Right click on Windows Authentication and choose Enable (Note: You can use Basic Authentication with WebDAV, but the WebDAV redirector will only use Basic Authentication with SSL connections, so we will not be using it here, I just installed it so that you were aware of it.)

 

enable_windows_auth.jpg

 

 

 

In IIS Manager, click the Default Web Site under the Sites node in the tree, Double-click the Authorization rules icon.

 

 

NOTE: if (like me) you do not see the Authorization rules icon (feature) then go back into Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Security, check if URL Authorization is installed, if it is not installed, click on Add role Services in the right pane and install it,

 

url_auth.jpg

 

url_auth2.jpg

 

url_auth3.jpg

 

then restart the Internet Information Services (IIS) Manager. The icon (feature) should now appear....

 

auth_rules.jpg

 

When the Authorization feature opens, make sure that an Allow rule is defined that includes the administrator account. IE: the default rule for IIS allowing access to All Users will include the administrator account.

 

auth_rules_ok.jpg

 

you can now test logging into your WebDav site using your administrator account by opening a command prompt and typing this

 

net use * http://localhost/

 

after a few moments you should see a result like this

 

C:\Users\Administrator>net use * http://localhost/

Drive Z: is now connected to http://localhost/.

 

The command completed successfully.

 

If you don't see the above, for example if you get a an error like this

 

"System error 67 has occurred." The network name cannot be found.

 

then install the Desktop Experience Feature using the Add Features Wizard) reboot the server and try again. The reason we need the Desktop Experience feature installed in Server 2008 is because it will install the Webclient service which is required for this.

 

 

Note: if you now get a new error which states

 

 

System error 1920 has occurred. The file cannot be accessed by the system.

 

 

Then you must open up IIS Manager, click on Default Web Site, and go into the WebDav Authoring Rules and add the current user you are attempting to do this as (eg: add user DOMAIN\user). See below screenshot.

 

authorization_rules_logged_in_as_SMSadmin.jpg

 

Tip: for a list of webdav errors and solutions to resolving them see this page

 

so now we have mapped drive Z: to the WebDav site, using the administrator account and using the authorization rules we setup above, we have read/write/source acccess to the directory.

Share this post


Link to post
Share on other sites

Part 4. Install the IIS 6 Management compatibility

 

Open Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Management Tools, check if IIS 6 Management Compatibility is installed, if it is not installed, click on Add role Services in the right pane and install it.

 

iis6_management.jpg

 

click next to confirm the install, and then Install.

 

iis6_confirm.jpg

 

iis6_done.jpg

 

 

 

Part 5. Install the BITS Server Extensions

 

Open Server Manager, select Features

 

add_features_bits.jpg

 

click on Add Features, and placed a checkmark in the BITS Server Extensions box

 

add_bits.jpg

 

when the 'add role services required for BITS Server Extensions' query comes up, click on Add required role services

 

add_bit2s.jpg

 

click next to proceed

 

add_bits3.jpg

 

you'll get an IIS introduction, click next

 

add_bits4.jpg

 

review the new choices it's made for you and click next

 

add_bits_iis_choices.jpg

 

confirm the selections it made, and click install

 

add_bits_iis_confirm.jpg

 

finally you should see BITS installation successful

 

add_bits_iis_success.jpg

 

 

 

Part 6. Add ASP (required for ConfigMgr Reporting Point to function)

 

Open Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Application Development, verify that ASP is installed, if it isn't, install it.

 

asp.jpg

 

 

Summary

 

The following Web Server role services should be installed.

 

IIS Role Services

 

Web Server

Common HTTP Features

Static Content

Default Document

Directory Browsing

HTTP Errors

HTTP Redirection

 

Application Development

ASP.NET

.NET Extensibility

ASP

ISAPI Extensions

ISAPI Filters

 

Health and Diagnostics

HTTP logging

Logging tools

Request Monitor

Tracing

 

Security

Basic Authentication

Windows Authentication

URL Authorization

Request Filtering

IP and Domain Restrictions

 

Performance

Static Content Compression

 

Management Tools

IIS Management Console

IIS Management Scripts and Tools

Management Service

IIS 6 Management Compatibilty

IIS 6 Metabase Compatibility

IIS 6 WMI Compatibility

IIS 6 Scripting Tools

IIS 6 Management Console

Share this post


Link to post
Share on other sites
Guest itismike

Hi anyweb,

 

We followed your guide to install and configure SCCM a few months ago. Now we are attempting to build another similar environment, but you've moved on! Is there any place I can look to find the original steps to configure things based on Server 2003 with IIS 6?

Share this post


Link to post
Share on other sites
Guest itismike

It does! Thank you for the immediate reply! Are the other steps for the rest of the 2003 SCCM configuration available somewhere or do you just recommend extrapolating the steps from the 2008 guides?

Share this post


Link to post
Share on other sites

just use the 2008 guides i have, it should be pretty much the same,. if you run into any problems raise a new post here and we'll deal with it

Share this post


Link to post
Share on other sites
Guest itismike

Still running into problems following the 2008 guides. I remember we created accounts for SMS_SiteSystemToSiteServerConnection_xxx. Was that covered in the 2003 guide but not in the 2008 guide? Isn't it still necessary?

Share this post


Link to post
Share on other sites

Hey Brother,

 

I read you step be step guide to installing sccm on server 2008. After installing the webdav and testing with the "net use * http://localhost" i get a

 

System error 67 has occured.

The Network name is cannot be found.

 

I can browse to the localhost perfectly. I just get this when I test. I tried playing with the permissions but still nothing. Please help?

 

Thank You friend,

 

Anthony

Share this post


Link to post
Share on other sites

ok then, is your server an all in one ? ie, is DNS, DHCP and AD all installed on it ?

 

i need more info...

Share this post


Link to post
Share on other sites

No. It is a member server in a domain. Our DC is a seperate box running the AD, DNS, DHCP. I even tried looking and following this article for MS http://technet.microsoft.com/en-ca/library/cc431377.aspx to see if any changes would occur. Again same msg. No firewall is enabled, IIS Service works and can connect via web browser and see the nice green welcome screen.

Share this post


Link to post
Share on other sites

is iis installed on this server or another one ?

 

what type of USER are you doing this as ?

 

can you copy and paste the EXACT commands you are typing and the output here please

 

cheers

Share this post


Link to post
Share on other sites

ok then,

 

continue with the REST of the guide and ignore that problem for now. We'll come back to it later but i'm sure you have a configuration issue somewhere..

 

if you are willing I can do a remote desktop session with you

 

but for now, for any new problems you get please open a NEW topic/thread

 

cheers

anyweb

Share this post


Link to post
Share on other sites

Hi Anyweb and professor

 

I had the same problem I solved this with the following maybe this also helps you

 

 

If you are using Windows Server 2008, you need to install the Desktop Experience feature. To do so, use the following steps:

 

Start the Windows Server Manager.

In the tree view, highlight the Features node.

In the details pane, click Add Features.

In the Add Features Wizard, check the Desktop Experience box, and then click Next.

Click Install.

When the Add Features Wizard has finished, click Close.

Click Yes when promoted to restart the computer

 

Regards,

 

J

Share this post


Link to post
Share on other sites

that is totally weird, on all the server 2008's i setup with SCCM i've never enabled that feature,

 

I hope to get a definitive answer to this problem soon.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...