Jump to content




Sign in to follow this  
anyweb

how can I configure SCCM 2007 in Windows Server 2008 - Part 2



Recommended Posts

This guide assumes you have installed SCCM 2007 SP1 and then configured it as outlined here in Part 1.

 

Note: if you are using Server 2008 R2 and need to configure WebDav as below then please read this post first.

 

Step 1. We need to configure the Distribution Point (DP) and the Management Point (MP).

 

Technet: How to Configure the Default Management Point for a Site

 

 

 

Open up the SCCM Configuration Manager Console, and highlight the SCCM server listed under site systems, in the right pane we'll see the role's we've already installed.

 

configuration_manager_console.jpg

 

then double click on ConfigMgr distribution point and place a checkmark in Allow clients to transfer content from this distribution point using BITS,...

 

allow_dp.jpg

 

Once done, click ok and Double click on Configmgr Management Point to bring up its' properties. If you are planning on managing mobile devices (phones) put a checkmark in Allow devices to use this management point and click Apply, otherwise don't (it allows anonymous access so Mobile Devices can talk to the Management Point).

 

post-1-1219829477.jpg

 

At this point I checked my SCCM status (click System Status in the left pane, expand it, and choose Site Status, then your SCCM site code, then Component Status), this revealed there were problems with my Management Point which were preventing it from starting.

 

mp_status_errors.jpg

 

right-click on the Critical error, and choose Show Messages, All.

 

show_all.jpg

 

hidden inside one of the two re-occuring errors was this (you have to scroll in the error window to read it)

 

SMS Site Component Manager faild to install component SMS_MP_CONTROL_MANAGER on server WIN-2SDX7MZCDA7.

 

The WebDAV server extension is either not installed or not configured properly.

Solution: Make sure WebDAV is installed and enabled. Make sure there is an authoring rule that allow "All users" read access to "All content". Make sure the WebDAV settings "Allow anonymous property queries" and "Allow property queries with infinite depth" are set to "true" and "Allow Custom Properties" is set to false.

 

error_details.jpg

 

well, i know that Webdav is installed, but perhaps a slight configuration change is needed, so let's start up Server Manager and click on roles then select Web Server IIS and then Internet Information Services (IIS) Manager, then select your website listed under Sites (probably called Default Web Site unless you changed it). In the right side select WebDav Authoring Rules

 

webdav_rules.jpg

 

Double click on WebDav authoring rules and you should see the rule you originally setup, click on Webdav Settings in the right pane.

 

edit_rules.jpg

 

so according to the error message above we need to verify the following:-

 

Solution:

Make sure WebDAV is installed and enabled. [it is]

Make sure there is an authoring rule that allow "All users" read access to "All content". [this rule is not setup yet]

Make sure the WebDAV settings "Allow anonymous property queries" and "Allow property queries with infinite depth" are set to "true" [they are currently set to false] and "Allow Custom Properties" is set to false.[it's set to true]

 

 

Ok, let's fix these WebDav problems

 

Note: if you are using Server 2008 R2 and need to configure WebDav as below then please read this post first.

 

Lets start with adding a new authoring rule. In WebDav settings, click on WebDav Authoring rules in the right pane

 

 

 

webdav_settings_change.jpg

 

Next click on Add authoring rule under actions and make the changes as per below screenshot, click ok when done and you'll see your new authoring rule listed in Webdav.

 

add_authoring_rule.jpg

 

rule_added.jpg

 

Click on WebDav Settings now

 

make the changes above ("Allow anonymous property queries" and "Allow property queries with infinite depth" are set to "true", and "Allow Custom Properties" is set to false.)

 

Click Apply in the actions pane.

 

true.jpg

 

lastly you should change the WebDav Behaviour for Allow hidden files to be listed from False to True if this is going to be a Distribution Point using BITS (it is).

 

hidden.JPG

 

 

 

Note: if you are trying to Configure WebDav in Server 2008 R2 then please read this post.

 

 

 

Ok back in SCCM Configuration Manager console, under site status, right click on your SITE and choose Reset Counts, then All. Pressing F5 (refresh) on your keyboard should refresh the system status.

 

reset_counts.jpg

 

A quick look back in System Status for our Management Point, now we can see that it has installed and started properly

 

mp_working.jpg

 

(to speed up the automatic installation of this, you can use ConfigMgr's Service manager and select the SMS_Site_Component_manager server and restart the service.)

 

sms_site_component_manager.jpg

 

If after making the changes above the Management Point role is still complaining about webdav then check the following file in c:\windows\system32\inetsrv\config\schema\WEBDAV_schema.xml (open a command prompt with Run As Administrator to edit the file in notepad). Verify the settings have been applied to this file (even if they are present in the Internet Information services gui), if they are missing, correct them and try again.

Share this post


Link to post
Share on other sites


Step 2. Make sure the System Management container in Active Directory has the correct permissions for SCCM

 

In other words we will make sure the local computer (the server SCCM is running on, in this case WIN-2SDX7MZCDA7) has full access to this particular area in Active Directory. For more info on Creating and configuring the AD system management container For SCCM using Adsiedit described here.

 

Start up the Active Directory Users and Computers console.

 

Make sure that Advanced Features is selected under the View option.

 

ad_avanced_view.jpg

 

Once it is, in the left pane select System, and then scroll down to the System Management Container.

 

system_management.jpg

 

Right-click it and choose properties, then select the Security tab, Verify your SCCM server computer account is listed in the Group or user names, scroll down to check, if it is not there then add it by clicking on Add.

 

security_tab.jpg

 

Click on Object types as in the screenshot below

 

computer.jpg

 

then select computers (by default it's not selected).

 

Click on OK and then click on Advanced to expand the view, then Find now.

 

When you see your server listed, highlight it and click OK. click ok again to add it to the Security tab.

 

server_account_name.jpg

 

Now that we have added it, we need to edit it's security permissions to make sure that the permissions apply to both the Container and descendant (formally child) objects. So let's click on Advanced.

 

child_and_child_objects.jpg

 

At this point you should see your computername listed but with read permissions that apply only to This object only. We are going to change that to Full access to This object and all descendant objects. to do so highlight our computername and click on Edit.

 

editing_permissions.jpg

 

In the window that appears click the drop down menu called Apply onto: and select This object and all descendant objects.

 

Once done, click on Full Control for the Allow permissions and don't forget to select Apply these permissions to objects and /or containers within this container only. Click ok when done.

 

In an enterprise, please verify the correct AD permissions for this container and set them accordingly, for advice on this please visit technet.

 

descendant_objects.jpg

Share this post


Link to post
Share on other sites

Step 3. Publish this site in Active Directory Domain Services

 

Note: In Configuration Manager, Verify that the following setting is set

 

Highlight your SCCM Site right click, choose properties, Advanced.

 

For specify settings for publishing and secure key exchange

 

 

publish.jpg

 

make sure to Select publish this site in active directory domain services

 

 

 

Next step > SCCM 2007 SP1 configuration guide - Part 3

 

The guide covers:-

 

Configuring the Client Agents, setting up client installation methods and configuring discovery methods.

Share this post


Link to post
Share on other sites

Hi there,

 

I followed your guide from installing sql to configuring sccm 2007 but I'm kind of stuck here on this post.

 

2 problems:

- when I'm configuring the management point, it frozen after I clicked the "OK" button

- after I restarted and configure the WebDAV for the all user - read access, it runs ok but then smsexec.exe eat up all the CPU usage

 

What did I do wrong?

Share this post


Link to post
Share on other sites

Hi guys,

I struggled for about 2 days getting SCCM site server up and running and installing the client software on a client in the domain. The Client Push Install did not work for me :(. The ccm.log said ccmexe service started on client machine. But on the client machine, the ccmsetup service started and stopped. The problem was the service manifest and other files were not downloaded in the ccmsetup folder. So, I manually issued ccmsetup /MP:<MP name> /noservice. This worked!

Could anyone let me know why this happens, there is something fishy about the Management Point settings on my site server?

Share this post


Link to post
Share on other sites

I am at a lost I been reading along doing step by step but when i got to AD part System Management Container it not listed in my AD.I have view advance on but it missing. Any ideas?

Share this post


Link to post
Share on other sites

Hi,

 

I've been following true our guide and it worked pretty well setting up SCCM.

I'm currently not using the AD schema extension.

So the Question is, is it required to publish the site to AD and create the System Management Container?

Or does it even work without the AD extension installed?

 

I've created a IP Boarder and used AD Systemdiscovery to find my machines.

The Clientpushsetup worked but it couldn't discover the Site.

Trying to Discover the site manually failed with "Automatic site code discovery was unsuccessful"

 

I've searched online and found that the Server Location Point search utilizes WINS, but I manually configured the IP address without any wins addresses.

The solution was to add the Server Location Point server name and disable WINS with the Installation Properties string:

 

SMSSITECODE=<Site CODE> SMSDIRECTORYLOOKUP=NOWINS SMSSLP=<SERVER FQDN>  SMSCACHESIZE=8000

 

So far I've not tried adding a wins server to the IP settings...

 

maybe this will help others...

 

Stephan

Share this post


Link to post
Share on other sites

You shouldn't use SMSDIRECTORYLOOKUP=NOWINS when your AD is not extended.

 

Take a look here: http://technet.microsoft.com/en-us/library/bb680985.aspx

"Configure client computers to use Active Directory Only mode The most secure option for client configuration is SMSDIRECTORYLOOKUP=NoWINS, however it can be used only if your clients can query the global catalog so it should not be used for clients in remote forests or workgroups, or if Active Directory schema has not been extended. If clients must use WINS for service location and SMSDIRECTORYLOOKUP=NoWINS, then service location will fail. For more information, see Configuration Manager and Service Location (Site Information and Management Points). If no properties are specified, the client installs in Secure WINS mode. The Any WINS mode is not secure and is not recommended. For more information, see About Configuration Manager Client Installation Properties."

Share this post


Link to post
Share on other sites

Hi,

 

You shouldn't use SMSDIRECTORYLOOKUP=NOWINS when your AD is not extended.

 

Take a look here: http://technet.microsoft.com/en-us/library/bb680985.aspx

 

Thanks it really didn't work with this setting, I think best would be to publish the MP to DNS when there is no AD extension installed.

Maybe anyweb could add a hint to the guide here for others with no AD extension installed.

 

I've fixed my WINS and published the MP to DNS and now my problem with the client site communication failing from this post has been fixed.

 

The advertised software still doesn't work, but I will investigate further and open a new Post like you suggested if I can't get it to work.

 

Thanks

Share this post


Link to post
Share on other sites

- When using AD Sites and Services for your boundaries, please verify those are correctly installed and the ranges are properly defined. Otherwise the publishing of the site in Active Directory Domain Services as described in step 3 will work, but the clients will not find their site.

Share this post


Link to post
Share on other sites

I was having errors on the SMS_MP_CONTROL_MANAGER. I had to actually go to C:\Windows\System32\inetsrv\config\schema and edit my WebDAV_schema.xml and change to the following:

 

<element name="fileSystem">

<attribute name="allowHiddenFiles" type="bool" defaultValue="true" />

<attribute name="useTransactionalIo" type="bool" defaultValue="false" />

<attribute name="hideChildVirtualDirectories" type="bool" defaultValue="false" />

</element>

 

<element name="properties">

<attribute name="allowAnonymousPropfind" type="bool" defaultValue="true" />

<attribute name="allowInfinitePropfindDepth" type="bool" defaultValue="true" />

<attribute name="allowCustomProperties" type="bool" defaultValue="false" />

<collection addElement="add" removeElement="remove" clearElement="clear" allowUnrecognizedAttributes="true">

<attribute name="xmlNamespace" type="string" isUniqueKey="true" required="true" validationType="nonEmptyString" />

<attribute name="propertyStore" type="string" required="true" validationType="nonEmptyString" />

</collection>

</element>

 

It didn't save it otherwise, doing it through IIS. After doing this I restarted IIS, and after about 5 min my SMS_MP_CONTROL_MANAGER status went green.

Share this post


Link to post
Share on other sites

I'm having a problem. I just installed SCCM2007 on my Windows Server 2008 R2 box and everything installed right except for the SMS_MP_CONTROL_MANAGER. I have double and triple checked WebDAV and it's configured properly, as is the C:\windows\system32\inetsrv\config\schema\WebDAV_Schema.xml file, however when I go into the ConfigMgr Service Manager and attempt to query the SMS_MP_CONTROL_MANAGER component, I get the following error 'Error communicating with component.'

Any idea what to do??

 

UPDATE: in my MPSetup.log file the only error I see is 'Failed to get WebDAV settings on the machine'

 

UPDATE: I don't know what was wrong, but I ended up removing SCCM, WSUS, WebDAV, IIS and reinstalling all from scratch and everything seems to be working properly now

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


×