anyweb Posted April 26, 2012 Report post Posted April 26, 2012 IntroductionSystem Center 2012 Configuration Manager was released to General Availability (GA) April 17th, 2012 at MMS 2012. If you've been following my previous series of Step by Step guides on System Center 2012 Configuration Manager (from Beta 1 through to Release Candidate 2) then you'll know where this is going, we are going to install System Center 2012 Configuration Manager in a LAB from scratch and configure it, use it, test it, learn it, love it :-)This is Part 1 of a new series which will cover the installation, setup, configuration and usage of Microsoft System Center 2012 Configuration Manager. In the guides important Notes will be in RED and useful Tips in BLUE.Tip: To see the an index of all parts please refer to (and bookmark) this link.Technet Recommended Reading:-Release Notes for System Center 2012 Configuration Manager- http://technet.microsoft.com/en-us/library/jj870706.aspxFundamentals of Configuration Manager - http://technet.microsoft.com/en-us/library/gg682106.aspxSupported Configurations for Configuration Manager - http://technet.microsoft.com/en-us/library/gg682077.aspxPlanning for Configuration Manager Sites and Hierarchy - http://technet.microsoft.com/en-us/library/gg682075.aspxExample Scenarios for planning a simplified Hierarchy - http://technet.microsoft.com/en-us/library/gg712989.aspx Site and Role Scalability - http://technet.microsoft.com/en-us/library/gg682077#BKMK_SiteAndRoleScale Getting Started with Configuration Manager 2012 - http://technet.microsoft.com/en-us/library/gg682144.aspxWhat’s New in Configuration Manager - http://technet.microsoft.com/en-us/library/gg699359.aspxPlanning for Site Systems in Configuration Manager - http://technet.microsoft.com/en-us/library/gg712282.aspxInstall Sites and Create a Hierarchy for Configuration Manager - http://technet.microsoft.com/en-us/library/gg712320.aspxTechnical Reference for Site Communications in Configuration Manager - http://technet.microsoft.com/en-us/library/gg712990.aspxMigrating from Configuration Manager 2007 to Configuration Manager 2012 - http://technet.microsoft.com/en-us/library/gg682006.aspxFrequently Asked Questions for Configuration Manager - http://technet.microsoft.com/en-us/library/gg682088.aspxSite TypesConfiguration Manager 2012 introduces the central administration site (often referred to as the CAS) and some changes to primary and secondary sites. The following tables summaries these sites and how they compare to sites in Configuration Manager 2007.Central administration site The central administration site coordinates inter-site data replication across the hierarchy by using Configuration Manager database replication. It also enables the administration of hierarchy-wide configurations for client agents, discovery, and other operations. Use this site for all administration and reporting for the hierarchy. You should probably only consider installing a CAS if you intend to manage more than 100,000 clients, why ? because the limit for Primary sites is 100,000 clients so if you want to manage more than that you'll need more than one primary and therefore will need a CAS. There are other reasons for installing or not installing a CAS (and opinions too!) and a quick search on the internet will reveal them.Note: Here's a blog from from Brian Mason (ConfigMgr MVP). Please read it and re-consider if you really need a CAS. If you think having a CAS helps with failover then think again and please read the following.Here's some information about a CAS that you need to know:- A central administration site can support up to 25 child primary sites. When using SQL Server Enterprise for the site database at the central administration site, the shared database and hierarchy supports up to 400,000 clients. The maximum number of supported clients per hierarchy depends on the SQL Server edition in the central administration site, and is independent of the SQL Server edition at primary or secondary sites. Configuration Manager supports up to 400,000 clients per hierarchy when you use the default settings for all Configuration Manager features. When you use SQL Server Standard for the site database at the central administration site, the shared database and hierarchy supports up to 50,000 clients. This is because of how the database is partitioned. After you install Configuration Manager, if you then upgrade the edition of SQL Server at the central administration site from Standard to Enterprise, the database does not repartition and this limitation remains. Although this is the site at the top of the hierarchy in Configuration Manager 2012, it has the following differences from a central site in Configuration Manager 2007: Does not process client data. Does not accept client assignments. Does not support all site system roles. Participates in database replication Note: Even though you don’t have a Distribution Point on your CAS – make sure that you have enough storage to hold EVERY package that will be in your environment (even packages added directly at child primaries) and that your disks are fast enough to allow processing of every package added to Configuration Manager.Primary site Manages clients in well-connected networks. When you use SQL Server that is installed on the same computer as the site server, the primary site can support up to 50,000 clients. When you use SQL Server that is installed on a computer that is remote from the site server, the primary site can support up to 100,000 clients. Note: Each primary site can support up to 250 secondary sites. Primary sites in Configuration Manager 2012 have the following differences from primary sites in Configuration Manager 2007: Additional primary sites allow the hierarchy to support more clients. Cannot be tiered below other primary sites. No longer used as a boundary for client agent settings or security. Participates in database replication. Secondary site Controls content distribution for clients in remote locations across links that have limited network bandwidth.Secondary sites in Configuration Manager 2012 have the following differences from secondary sites in Configuration Manager 2007: SQL Server is required and SQL Server Express will be installed during site installation if required. A proxy management point and distribution point are automatically deployed during the site installation. Secondary sites can be tiered to support content distribution to remote locations. Participates in database replication. Note: In Production you should most likely not use a CAS unless you are managing over 100,000 clients (as stated above), however being familiar with how a small hierarchy works is good for you to know and it is for that reason that I am doing this series based on a Hierarchy with a CAS. If you want to install a Standalone Primary Server instead please follow my earlier guide here and replace the SQL versions in that post with the SQL versions listed in this post otherwise you may have issues with Reporting amongst other things.Hardware RequirementsNote: The following page on Technet describes the recommend hardware requirements for site servers in a Hierarchy. Use this information to help plan for hardware requirements for your CAS site server.Central administration site with the Standard edition of SQL Server SQL Server is located on the site server computer. This configuration supports a hierarchy with up to 50,000 clients The following hardware is recommended for the above CAS server. 8 cores (Intel Xeon 5504 or comparable CPU) 32 GB of RAM 300 GB of disk space for the operating system, Configuration Manager, SQL Server, and all database files. Central administration site with the Enterprise or Datacenter edition of SQL Server SQL Server is located on the site server computer This configuration supports a hierarchy with up to 400,000 clients The following hardware is recommended for the above CAS server. 16 cores (Intel Xeon L5520 or comparable CPU) 64 GB of RAM 1.5 TB of disk space for the operating system, Configuration Manager, SQL Server, and all database files. Step 1. Create the Lab Environment Note: At the time of writing this guide, Server 2008 R2 was the highest level supported OS, as were the versions of SQL Server posted below, however since then Server 2012R2 (and SQL Server 2012) have become supported, please use Server 2012 R2 and SQL Server 2012 if possible. See this post for the latest Supported Configurations including Operating System Support and SQL server versions.In previous Guides you've seen how to create a standalone ConfigMgr server. For this guide you are going to create a a small hierarchy in your LAB consisting of a CAS and a Primary.I use Hyper-v exclusively in my LAB and that's what all these virtual machines will be running on. I chose to install Windows Server 2008 R2 standard as the server OS for the three LAB computers below.Tip: You can use virtual machines with only 2GB of ram on both the CAS and Primary servers in a small LAB however you will see disc swapping, so if you can, try to use at least 4GB of ram in your LAB site servers as described below, and refer to the Hardware requirements section above for detailed information on site server hardware requirements in production.Active Directory, DNS, DHCP AD1 512mb, 30gb hdd, server 2008r2sp1 StandardCentral Administration Site Server CAS 4096mb, 127gb hdd, server 2008r2sp1 standard, os on C:\ 30gb part, D:\ rest of drivePrimary Server P01 4096mb, 127gb hdd, server 2008r2sp1 standard, os on C:\ 30gb part, D:\ rest of driveOnce done I joined CAS and P01 to my domain (SERVER2008R2), verified DNS was working correctly via nslookup and was ready to begin the steps below.Create AD users:Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local AdministratorIn addition I created some accounts in AD, namely:* SMSadmin, a domain user* Testuser, a domain user* Testuser2, a domain user* Testuser3, a domain user* DomJoin, a domain user,(for joining computers to the domain)* ReportsUser, a domain user for reporting services.* ClientInstall, a domain user used when installing the Configuration Manager Client for Client Push. This user must be a local administrator on computers you want to install the Configuration Manager Client.* SCCMNAA, a domain user, (Network Access Account) used during OSDCreate Local Administrator accounts:Note: Perform the following on the SCCM 2012 server as Local AdministratorOn both the CAS and P01 ConfigMgr servers add the SMSadmin and ClientInstall users to the Local Administrators group.Step 2. Get the ConfigMgr 2012 ISO and extract itNote: This guide was written when RTM was the only release of Configuration Manager available, since then Service Pack 1 was released, as a result the pre-requisites have changed, for example SP1 requires the ADK to be installed. To see what SP1 requires please review this part of the series. Download your Configuration Manager 2012 ISO (I used the following RTM ISO for this Guide as Configuration Manager 2012 Service Pack 1 was not available). SW_DVD5_Sys_Ctr_ConfigMgrClt_ML_2012_MultiLang_Client_SCEP_MLF_X17-95285.ISO) from Technet or MSDN and mount the iso so that you can copy it's contents to a temporary folder on your Active Directory computer (AD1) like so. (If you are using CM12SP1 then name the directory accordingly).C:\Temp\CM12RTMStep 3. Create The System Management ContainerNote: Perform the following on the Active Directory Domain Controller as a Domain Administrator.Open ADSI Edit, click on Action, Connect To and click Ok, Double Click on Default Naming Context and the DC= that appears below it. Click on the + and scroll down to CN=System.Right Click on CN=System and choose New, ObjectChoose Container from the options, click Next and enter System Management as the value.Click Next and Finish. Press F5 to refresh ADSI Edit and you should now see the new System Management Container.Close ADSI Edit.Step 4. Delegate Permission to the System Management Container.Note: Perform the following on the Active Directory Domain Controller as a Domain AdministratorOpen Active Directory Users and Computers. Click on view, select Advanced Features.Select the System Management Container, and right click it, choose All Tasks and Delegate Control.When the Welcome to Delegation of Control Wizard appears click next, then click Add. click on Object Types, select Computers. Type in your Configuration Manager server name for the CAS Server (CAS) and click on Check Names, it should resolve.Click Ok, then Next. Choose Create a Custom Task to Delegate, click next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected.click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in FULL CONTROLclick next then Finish.Repeat all the above steps for P01 (our Primary Server).Failure to do the above will mean that the System Management Container in AD will NOT POPULATE with ConfigMgr site info needed by the Clients and you will see many errors in your site status warning you about this.Note: Repeat the above for Each site server that you install in a Hierarchy.Step 5. Extend the Active Directory schema for Configuration ManagerNote: Perform the following on the Active Directory Domain Controller as a Domain AdministratorTip: The Active Directory schema extensions for Configuration Manager 2012 are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for Configuration Manager 2012.Perform the below on your Active Directory server, simply browse the network to your Active Directory server \\ad1\c$\ and locate the folder where you uncompressed ConfigMgr (temp\CM12RTM) and find \SMSSetup\Bin\x64\Extadsch.exe, right click and choose Run As Administrator.A command prompt window will appear briefly as the schema is extended, check in c:\ for a log file called ExtADSch.log it should look similar to this <04-17-2012 21:40:59> Modifying Active Directory Schema - with SMS extensions.<04-17-2012 21:40:59> DS Root:CN=Schema,CN=Configuration,DC=server2008r2,DC=lab,DC=local<04-17-2012 21:41:02> Defined attribute cn=MS-SMS-Site-Code.<04-17-2012 21:41:02> Defined attribute cn=mS-SMS-Assignment-Site-Code.<04-17-2012 21:41:02> Defined attribute cn=MS-SMS-Site-Boundaries.<04-17-2012 21:41:02> Defined attribute cn=MS-SMS-Roaming-Boundaries.<04-17-2012 21:41:02> Defined attribute cn=MS-SMS-Default-MP.<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Device-Management-Point.<04-17-2012 21:41:03> Defined attribute cn=MS-SMS-MP-Name.<04-17-2012 21:41:03> Defined attribute cn=MS-SMS-MP-Address.<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Health-State.<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Source-Forest.<04-17-2012 21:41:03> Defined attribute cn=MS-SMS-Ranged-IP-Low.<04-17-2012 21:41:03> Defined attribute cn=MS-SMS-Ranged-IP-High.<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Version.<04-17-2012 21:41:03> Defined attribute cn=mS-SMS-Capabilities.<04-17-2012 21:41:05> Defined class cn=MS-SMS-Management-Point.<04-17-2012 21:41:06> Defined class cn=MS-SMS-Server-Locator-Point.<04-17-2012 21:41:07> Defined class cn=MS-SMS-Site.<04-17-2012 21:41:07> Defined class cn=MS-SMS-Roaming-Boundary-Range.<04-17-2012 21:41:08> Successfully extended the Active Directory schema.<04-17-2012 21:41:08> Please refer to the ConfigMgr documentation for instructions on the manual<04-17-2012 21:41:08> configuration of access rights in active directory which may still<04-17-2012 21:41:08> need to be performed. (Although the AD schema has now be extended,<04-17-2012 21:41:08> AD must be configured to allow each ConfigMgr Site security rights to<04-17-2012 21:41:08> publish in each of their domains.) Step 6. Open TCP port 1433 and 4022 for SQL replicationNote: Perform the following on the Active Directory Domain Controller as a Domain AdministratorStart the Group Policy Management tool and create a new GPO.Note: In the example screenshot below (LAB) I link the GPO to the domain GPO however you should consider creating an OU specifically for your Configuration Manager servers and target this GPO only to that OU (your Configuration Manager servers require this GPO for SQL replication).Give the GPO a name such as SQL Ports for CM12. When done, right click on the GPO and choose Edit.Select Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security and select Inbound Rules, choose New Rule and follow the wizard for opening up TCP port 1433 as per this guide on Technet. Once done, repeat the above for Port 4022.Step 7. Install .NET 3.5.1 and WCF ActivationNote: Perform the following on the Configuration Manager 2012 servers (CAS and P01) as SMSadminIn Server Manager select Features, Add Features, Select .NET Framework 3.5.1, also select WCF Activation and when prompted answer Add Required Role Services click next and next againVerify the following IIS components are installed in addition to the ones preselected by the wizard.Tip: If you want to know why certain components of IIS are being use then Microsoft explains what you need to install on the following page. Common HTTP FeaturesStatic ContentDefault DocumentDirectory BrowsingHTTP ErrorsHTTP RedirectionApplication DevelopmentASP.NET.NET ExtensibilityASPISAPI ExtensionsISAPI FiltersHealth and DiagnosticsHTTP loggingLogging toolsRequest MonitorTracingSecurityBasic AuthenticationWindows AuthenticationURL AuthorizationRequest FilteringIP and Domain RestrictionsPerformanceStatic Content CompressionManagement ToolsIIS Management ConsoleIIS Management Scripts and ToolsManagement ServiceIIS 6 Management CompatibiltyIIS 6 Metabase CompatibilityIIS 6 WMI CompatibilityIIS 6 Scripting ToolsIIS 6 Management Console answer yes to any additional prompts, then Click Next and Install and close when done.Step 8. Download and install .NET 4Note: Perform the following on the Configuration Manager 2012 servers (CAS and P01) as SMSadminDownload .NET 4 from here (webinstall) or here (Standalone). Double click the file, After a while it will complete, Click Finish when donerestart when promptedTip: In some scenarios, such as when IIS is installed or reconfigured after the .NET Framework version 4.0 is installed, you must explicitly enable ASP.NET version 4.0. For example, on a 64-bit computer that runs the .NET Framework version 4.0.30319, run the following command:%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe –i –enableStep 9. Add BITS and Remote Differential CompressionNote: Perform the following on the Configuration Manager 2012 servers (CAS and P01) as SMSadminFinally, in Server Manager click on Add Features, place a selection mark in BITS and RDC (Site servers and Distribution Points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison.)Step 10. Download Microsoft SQL Server 2008 R2 SP1 CU6Note: Perform the following on the Active Directory server AD1 as an AdministratorThe supported versions of SQL Server 2008 and SQL Server 2008 R2 are listed here on Technet:- http://technet.micro...nfigSQLDBconfigIn this guide I will be installing SQL Server 2008 R2 SP1 CU6. The currently supported version for Configuration Manager 2012 is SQL Server 2008 R2 SP1 CU6.Download the following from Technet:- File Name: en_sql_server_2008_r2_standard_x86_x64_ia64_dvd_521546.iso (4177 MB)Download Microsoft® SQL Server® 2008 R2 Service Pack 1Download Cumulative update package 6 for SQL Server 2008 R2 Service Pack 1Step 11. Install SQL Server 2008 R2Note: Perform the following on the Configuration Manager 2012 servers (CAS and P01) as SMSadminNote: If you use SQL Server Standard, your server will only support 50k clients.Database collationThe instance of SQL Server in use at each site must use the following collation: SQL_Latin1_General_CP1_CI_AS. (more info below)SQL Server instanceYou must use a dedicated instance of SQL Server for each site.As we are setting up more than one server with SQL Server, we'll copy the source files to our Active Directory server (AD1) temp folder (C: emp) or to a temp folder on both the CAS and P01 servers and run each install script from the directory where you copied those files, so if installing CU6 then run the script from the directory where the CU6 SQLServer2008R2-KB2679367-x64.exe file is present.For SQL Collation note that you must use SQL_Latin1_General_CP1_CI_AS. If you want to change the collation or find out what the collation is set to on an already installed SQL Server please see the following post.To Install SQL server you can follow this guide but please install SQL on D:\Program Files\Microsoft SQL Server and when running setup.exe right click and choose Run as Administrator, alternatively you can script the installation by using the scripts below. Test them first to make sure you have no typos.SQL Server 2008 R2 RTM Setup:This will install to D:\Program Files\Microsoft SQL Server if you don't want to use that location you can change it by changing the /INSTANCEDIR below. setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,AS,IS,SSMS,TOOLS,BIDS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="D:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ASSVCACCOUNT="NT AUTHORITY\System" /ASSVCSTARTUPTYPE=Disabled /ASSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms Here's what the script above looks like when run from an Administrative command prompt with the SQL Server DVD in drive Z:SQL Server 2008 R2 SP1 Setup: SQLServer2008R2SP1-KB2528583-x64-ENU.exe /Action=Patch /IAcceptSQLServerLicenseTerms /AllInstances /Quiet SQL Server 2008 R2 SP1 CU6 Setup: SQLServer2008R2-KB2679367-x64.exe /Action=Patch /IAcceptSQLServerLicenseTerms /AllInstances /Quiet Reboot when the above is complete.SQL Server securityYou will also want to think about what security to grant your users, Grant the Server2008r2\Smsadmin the SQL server sysadmin role by adding the user to the SQL server security Logins.Note: Do this by logging off the server as SMSAdmin, and then logging back on to the server as Administrator, then start up SQL Server Enterprise. See the below screenshot. Make the change, log off, and log back on again as SMSAdmin.SQL Memory Configuration.Depending on your memory configuration and server setup, you may also want to configure SQL memory limits as per the following guidance prior to installing ConfigMgr otherwise you'll get warnings when you run the Server Readiness checks. Configuration Manager requires SQL Server to reserve a minimum of 8 gigabytes (GB) of memory for the central administration site and primary site and a minimum of 4 gigabytes (GB) for the secondary site. This memory is reserved by using the Minimum server memory setting under Server Memory Options and is configured by using SQL Server Management Studio. For more information about how to set a fixed amount of memory, see here. If your SQL Server is configured for unlimited memory usage, you should configure SQL Server memory to have a maximum limit. Based on the above recommendations i've configured the SQL Server memory for CAS as follows:Step 12. Install Configuration Manager 2012 on CAS.Note: Perform the following on the CAS server as SMSadminIn windows Explorer, browse to the Active Directory domain controller (AD1) and locate the temp folder where you extracted CM12. Copy the temp folder and all it's contents to C:\ on your CAS server.Browse to C:\Temp\CM12RTM on your CAS server, and double click on splash.hta the System Center 2012 Configuration Manager Setup screen appears, note the various options available to you.Click on the Assess Server Readiness link and answer yes when prompted. This allows you to do a quick check to see that you havn't forget anything important or that you are not running some unsupported setup. Provided that you've followed my advice above, you should see something similar to below, warnings are in Yellow and you can click on them for more info. Note: This guide was written when RTM was the only release of Configuration Manager available, since then Service Pack 1 was released, as a result the pre-requisites have changed, for example SP1 requires the ADK to be installed. To see what SP1 requires please review this part of the series. we will be installing WSUS later in the series so we can ignore this warning. Click ok to close the Server Readiness Check.Tip: The ConfigMgrPrereq.log file will provide more details about the checks performed etc, you can find this in the root of c:\, open the file in CMTrace for best viewing results.After you have read the release notes, click on Install to start the installation process.The Before you Begin screen is displayed, read it and click Next to continuewe are installing a Central Administration Site so select that option and click nextnext enter your Product key and click next or if you just want to evaluate the software select the first optionand accept the License terms to continuenext up are the SQL Server R2 Express and Microsoft Silverlight license terms, select them to continue..Select the file location for the Configuration Manager prerequisite downloads (internet connection required) or point to previously downloaded files. Note that you need to create this folder prior to clicking next.Tip: If you don't have an internet connection on your Configuration Manager server then you can download the required updates on another computer by doing like so:- Open a command prompt with administrative permissions Navigate to .\Configuration Manager 2012 Install source\smssetup\bin\X64 Run SetupDL.exe target dir (as in the example below, SetupDL.exe C:\Temp\downloads) click Next and the downloading begins,and then you can select the Language that you want the Configuration Manager Server console and reports to appear inand then the Client Languages that you wish to supportfill in your desired Site Code and name, and install it to D:\, make sure you are happy with the choices as you can't change them later...also make sure you are not using a reserved site code namenext you have the Database Information screen, verify everything is ok,and where do you want to install the SMS Provider, select the default and continueif you are interested in CEIP join it, if not, don't. It helps Microsoft to improve their products via feedback.review the Summaryclick next and the Prerequisite check runs, we did this already so all should be good, click Begin Install to start installingTIP: now is a very good time to look at the C:\ConfigMgrSetup.log with CMtrace, watch it for any errors (in Red)The installation of System Center 2012 Configuration Manager begins nd you can review the overall progressafter a long install (approximately 45 minutes to one hour or so depending on the speed of your hardware) you should see the installer finish, verify all progress is listed in Green (scroll up and down) and if all is ok click on Close.reboot the Configuration Manager server and then login again as SMSadmin, start the Configmgr console,Congratulations, you've now installed a Configuration Manager central administration site. In the next part of this series we will install the Primary server and start configuring it. 4 Quote Share this post Link to post Share on other sites More sharing options...
Rajiv Posted May 8, 2012 Report post Posted May 8, 2012 I have a question about step # 1. Why create all these accounts? More specifically... I don't understand what is the need for this account - SMSadmin. Why not use a domain admin account for all these installs? Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted May 9, 2012 Report post Posted May 9, 2012 More specifically... I don't understand what is the need for this account - SMSadmin. Why not use a domain admin account for all these installs? using a domain admin account for the SMSAdmin user would be a huge security risk and is definetly not best practice, create the SMSadmin user using any username you wish (SMSadmin is easy to remember..) and the user should just be a regular domain user, adding them as local administrator on the configuration manager server(s) is sufficient for our needs. the other accounts listed as used to get the job done, test users are for testing things, domjoin for joining the domain during OSD Quote Share this post Link to post Share on other sites More sharing options...
christianhau Posted May 10, 2012 Report post Posted May 10, 2012 Hi! Excellent tutorial! I tried installing it by myself before I found this guide and had problems with the prerequisite check regarding collation and user rights. I tried following your guide with the exception that I used my existing DC in a lab I have, I created two brand new machines for the installation of SCCM. All is well untill I get to the following prerequisite check:http://dl.dropbox.com/u/5041604/P01.png The sccm log has the following information: INFO: File hash check successfully for DeviceClient_WinCE7.0_X86.CAB $$<Configuration Manager Setup><05-09-2012 12:38:24.401-120><thread=2652 (0xA5C)> INFO: setupdl.exe: Finish $$<Configuration Manager Setup><05-09-2012 12:38:24.401-120><thread=2924 (0xB6C)> INFO: Attempting to load resource DLL... $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Registered type P01.CHRISTIANHAUGEN.COM MSSQLSERVER\MASTER for P01.christianhaugen.com MSSQLSERVER\master $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Registered type SMS Master for P01.christianhaugen.com MSSQLSERVER\master $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Registered type P01.CHRISTIANHAUGEN.COM MSSQLSERVER\CM_CHK for P01.christianhaugen.com MSSQLSERVER\CM_CHK $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Registered type SMS ACCESS for P01.christianhaugen.com MSSQLSERVER\CM_CHK $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Attempting to load resource DLL... $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Prerequisite rules for primary site fresh installation are being run. $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=1504 (0x5E0)> INFO: File \\P01.christianhaugen.com\admin$\sms_lanman_test_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=1504 (0x5E0)> INFO: Verifying Configuration Manager Active Directory Schema Extensions. $$<Configuration Manager Setup><05-09-2012 12:39:07.597-120><thread=1504 (0x5E0)> INFO: Found DS Root:CN=Schema,CN=Configuration,DC=christianhaugen,DC=com~ $$<Configuration Manager Setup><05-09-2012 12:39:07.628-120><thread=1504 (0x5E0)> INFO: Verifying Configuration Manager Active Directory Domain Function Level. $$<Configuration Manager Setup><05-09-2012 12:39:07.628-120><thread=1504 (0x5E0)> INFO: Found Domain Function level: 4~ $$<Configuration Manager Setup><05-09-2012 12:39:07.644-120><thread=1504 (0x5E0)> The installed WSUS build (0.0.0.0) does not have the valid and supported WSUS Administration DLL assembly version. Please install WSUS 3.0 SP2 (minimum 3.1.6001.65) or above~ $$<Configuration Manager Setup><05-09-2012 12:39:07.800-120><thread=1504 (0x5E0)> CWmi::GetFirstObjectFromQuery() : IEnumWbemClassObject->Next() returned zero objects. - 0x80004005~ $$<Configuration Manager Setup><05-09-2012 12:39:08.222-120><thread=1504 (0x5E0)> INFO: File \\P01.christianhaugen.com\admin$\sms_get_ADPERMS_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:39:08.238-120><thread=1504 (0x5E0)> CSql Error: Cannot find type data, cannot get a connection. $$<Configuration Manager Setup><05-09-2012 12:39:15.945-120><thread=1504 (0x5E0)> *** [08001][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]Invalid connection. $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)> *** [01000][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]ConnectionOpen (ParseConnectParams()). $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)> *** Failed to connect to the SQL Server. $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)> *** [08001][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]Invalid connection. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> *** [01000][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]ConnectionOpen (ParseConnectParams()). $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> *** Failed to connect to the SQL Server. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> ERROR: The current user does not have administrative rights on computer: P01.christianhaugen.com. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> ERROR: Prerequisite checking stopped on this machine. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> INFO: File \\P01.christianhaugen.com\admin$\sms_client_test_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:41:19.167-120><thread=1504 (0x5E0)> INFO: P01.christianhaugen.com is a 64 bit operating system. $$<Configuration Manager Setup><05-09-2012 12:41:26.952-120><thread=1504 (0x5E0)> I installed the sql database with the correct collation, and I have tried to change the collation of the individual database as well as I create it. I used the smsadmin user that your mentioned, but also set the sql running accounts as the domain administrator just to see if that worked and I still got the same error. Have you got any idea what might be causing this? Thanks in advance!! Quote Share this post Link to post Share on other sites More sharing options...
Rajiv Posted May 10, 2012 Report post Posted May 10, 2012 When we install any application, for example an antivirus software - like McAfee on a server...we need admin rights on the server. I can logon using my domain admin credentials and install that application. That software usually does NOT run using my domain admin credentials. How is SCCM 2012 any different? I guess I need to understand what the SMSAdmin user is really for. Is it a service account [meaning SCCM will be running under that account]? Even if that is true...why the need to logon using SMSAdmin to do the install. Just do the install using any user who has enough rights and then change the services to run under SMSAdmin. .......or I am totally missing something? using a domain admin account for the SMSAdmin user would be a huge security risk and is definetly not best practice, create the SMSadmin user using any username you wish (SMSadmin is easy to remember..) and the user should just be a regular domain user, adding them as local administrator on the configuration manager server(s) is sufficient for our needs. the other accounts listed as used to get the job done, test users are for testing things, domjoin for joining the domain during OSD Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted May 11, 2012 Report post Posted May 11, 2012 Hi! Excellent tutorial! I tried installing it by myself before I found this guide and had problems with the prerequisite check regarding collation and user rights. I tried following your guide with the exception that I used my existing DC in a lab I have, I created two brand new machines for the installation of SCCM. All is well untill I get to the following prerequisite check:http://dl.dropbox.com/u/5041604/P01.png The sccm log has the following information: INFO: File hash check successfully for DeviceClient_WinCE7.0_X86.CAB $$<Configuration Manager Setup><05-09-2012 12:38:24.401-120><thread=2652 (0xA5C)> INFO: setupdl.exe: Finish $$<Configuration Manager Setup><05-09-2012 12:38:24.401-120><thread=2924 (0xB6C)> INFO: Attempting to load resource DLL... $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Registered type P01.CHRISTIANHAUGEN.COM MSSQLSERVER\MASTER for P01.christianhaugen.com MSSQLSERVER\master $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Registered type SMS Master for P01.christianhaugen.com MSSQLSERVER\master $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Registered type P01.CHRISTIANHAUGEN.COM MSSQLSERVER\CM_CHK for P01.christianhaugen.com MSSQLSERVER\CM_CHK $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Registered type SMS ACCESS for P01.christianhaugen.com MSSQLSERVER\CM_CHK $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Attempting to load resource DLL... $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=2136 (0x858)> INFO: Prerequisite rules for primary site fresh installation are being run. $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=1504 (0x5E0)> INFO: File \\P01.christianhaugen.com\admin$\sms_lanman_test_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:38:58.670-120><thread=1504 (0x5E0)> INFO: Verifying Configuration Manager Active Directory Schema Extensions. $$<Configuration Manager Setup><05-09-2012 12:39:07.597-120><thread=1504 (0x5E0)> INFO: Found DS Root:CN=Schema,CN=Configuration,DC=christianhaugen,DC=com~ $$<Configuration Manager Setup><05-09-2012 12:39:07.628-120><thread=1504 (0x5E0)> INFO: Verifying Configuration Manager Active Directory Domain Function Level. $$<Configuration Manager Setup><05-09-2012 12:39:07.628-120><thread=1504 (0x5E0)> INFO: Found Domain Function level: 4~ $$<Configuration Manager Setup><05-09-2012 12:39:07.644-120><thread=1504 (0x5E0)> The installed WSUS build (0.0.0.0) does not have the valid and supported WSUS Administration DLL assembly version. Please install WSUS 3.0 SP2 (minimum 3.1.6001.65) or above~ $$<Configuration Manager Setup><05-09-2012 12:39:07.800-120><thread=1504 (0x5E0)> CWmi::GetFirstObjectFromQuery() : IEnumWbemClassObject->Next() returned zero objects. - 0x80004005~ $$<Configuration Manager Setup><05-09-2012 12:39:08.222-120><thread=1504 (0x5E0)> INFO: File \\P01.christianhaugen.com\admin$\sms_get_ADPERMS_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:39:08.238-120><thread=1504 (0x5E0)> CSql Error: Cannot find type data, cannot get a connection. $$<Configuration Manager Setup><05-09-2012 12:39:15.945-120><thread=1504 (0x5E0)> *** [08001][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]Invalid connection. $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)> *** [01000][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]ConnectionOpen (ParseConnectParams()). $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)> *** Failed to connect to the SQL Server. $$<Configuration Manager Setup><05-09-2012 12:40:16.840-120><thread=1504 (0x5E0)> *** [08001][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]Invalid connection. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> *** [01000][14][Microsoft][ODBC SQL Server Driver][DBMSLPCN]ConnectionOpen (ParseConnectParams()). $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> *** Failed to connect to the SQL Server. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> ERROR: The current user does not have administrative rights on computer: P01.christianhaugen.com. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> ERROR: Prerequisite checking stopped on this machine. $$<Configuration Manager Setup><05-09-2012 12:41:18.417-120><thread=1504 (0x5E0)> INFO: File \\P01.christianhaugen.com\admin$\sms_client_test_svc.exe does not exist. No zapping needed. $$<Configuration Manager Setup><05-09-2012 12:41:19.167-120><thread=1504 (0x5E0)> INFO: P01.christianhaugen.com is a 64 bit operating system. $$<Configuration Manager Setup><05-09-2012 12:41:26.952-120><thread=1504 (0x5E0)> I installed the sql database with the correct collation, and I have tried to change the collation of the individual database as well as I create it. I used the smsadmin user that your mentioned, but also set the sql running accounts as the domain administrator just to see if that worked and I still got the same error. Have you got any idea what might be causing this? Thanks in advance!! what exact version of SQL server did you install ? when running the SPLASH.HTA are you logged in as a domain user or as local administrator ? Quote Share this post Link to post Share on other sites More sharing options...
KillerBot Posted May 14, 2012 Report post Posted May 14, 2012 When we install any application, for example an antivirus software - like McAfee on a server...we need admin rights on the server. I can logon using my domain admin credentials and install that application. That software usually does NOT run using my domain admin credentials. How is SCCM 2012 any different? I guess I need to understand what the SMSAdmin user is really for. Is it a service account [meaning SCCM will be running under that account]? Even if that is true...why the need to logon using SMSAdmin to do the install. Just do the install using any user who has enough rights and then change the services to run under SMSAdmin. .......or I am totally missing something? I'm a little unsure of this too. I can understand the need for the domain user (local admin on clients) for the client installer but not sure how using the SMSAdmin as opposed to domain admin is any more secure in the sense of installing the SCCM & SQL software. Having said that though isn't it best practice to only use Domain Admins accounts as and when you need them as opposed to all the time (which I'm guilty of doing unfortunately)? Quote Share this post Link to post Share on other sites More sharing options...
lucastee Posted May 18, 2012 Report post Posted May 18, 2012 Hey there, Long time lurker, first time poster. I seem to be having issues with the PXE deployment aspect of SCCM 2012 RTM. I have deployed both boot images (x64 and x86). They are also listed as successful in the summary field. The network access account is clearly defined, and has domain access. I have tried adding a premade .WIM image created using ImageX, as well as creating a Operating System Images job using the source files from a Win7 ISO. Our clients get their IP from DHCP, and PXE is enabled on the SCCM server. No matter what I do, our clients will not boot into PXE. They get the error 'No boot file name recieved'. I have even tried defining the PXE server on the DHCP server using options 66 and 77. Note: The PXE server (sccm) and DHCP servers are different servers. We did have an AltirisPXE server running on the same domain, but it has been deactivated for SCCM testing. From the %installdir%\Logs\distmgr.log file, the only error I see when I distribute the packages is the following (taken directly from the log) ExpandPXEImage: C0100004, 1184 SMS_DISTRIBUTION_MANAGER 18/05/2012 10:36:44 AM 1540 (0x0604) Expanding C:\SCCMContentLib\FileLib\E4AD\E4AD46A6C40964E4C07C8D7499C4FEE2DD90BAEE0DC0071A7C7293EAE3B6211C from package C0100004 SMS_DISTRIBUTION_MANAGER 18/05/2012 10:36:44 AM 1540 (0x0604) Finding Wimgapi.Dll SMS_DISTRIBUTION_MANAGER 18/05/2012 10:36:44 AM 1540 (0x0604) Found WAIK upgrade code SMS_DISTRIBUTION_MANAGER WIMApplyImage failed for C:\SCCMContentLib\FileLib\E4AD\E4AD46A6C40964E4C07C8D7499C4FEE2DD90BAEE0DC0071A7C7293EAE3B6211C to C:\RemoteInstall\SMSTempBootFiles\C0100004 SMS_DISTRIBUTION_MANAGER ExtractPXEImage failed; 0x80070522 SMS_DISTRIBUTION_MANAGER Apparently this has to do with UAC being enabled, or that the user that is trying to access the folder requires elevated privledges to process the command. However, as a temporary measure, I have given the USERS group full access to the folders, source and destination. Oddly enough, I am able to deploy software without problems. Which I would have thought would need the same access in order to deploy. Any help would be greatly appreciated. I'm racking my brain over this. Regards, Luke Quote Share this post Link to post Share on other sites More sharing options...
tokenpleb Posted May 24, 2012 Report post Posted May 24, 2012 I'm a little unsure of this too. I can understand the need for the domain user (local admin on clients) for the client installer but not sure how using the SMSAdmin as opposed to domain admin is any more secure in the sense of installing the SCCM & SQL software. Having said that though isn't it best practice to only use Domain Admins accounts as and when you need them as opposed to all the time (which I'm guilty of doing unfortunately)? When you have multiple staff administrating your SCCM servers, like we do where I work it is helpful to do your SCCM server installs under the one account. That way if anyone leaves or you have multiple people working on the install over the course of time, it is all done under the same account. You can then also use that same account x months down the track when you then have to install any other patch/hotfix/update rollup. Quote Share this post Link to post Share on other sites More sharing options...
Supreme Posted May 29, 2012 Report post Posted May 29, 2012 When we install any application, for example an antivirus software - like McAfee on a server...we need admin rights on the server. I can logon using my domain admin credentials and install that application. That software usually does NOT run using my domain admin credentials. How is SCCM 2012 any different? I guess I need to understand what the SMSAdmin user is really for. Is it a service account [meaning SCCM will be running under that account]? Even if that is true...why the need to logon using SMSAdmin to do the install. Just do the install using any user who has enough rights and then change the services to run under SMSAdmin. .......or I am totally missing something? Microsoft recommends that you always use a seperate account to install applications and that even your user credentials should not be a part of the Domain Administrators group. Also remember that when you use a SMSAdmin account it is installed under that service accounts security context. So if the user that installed SCCM is disabled/removed it will keep a clean install. I'm a little unsure of this too. I can understand the need for the domain user (local admin on clients) for the client installer but not sure how using the SMSAdmin as opposed to domain admin is any more secure in the sense of installing the SCCM & SQL software. Having said that though isn't it best practice to only use Domain Admins accounts as and when you need them as opposed to all the time (which I'm guilty of doing unfortunately)? The SMSAdmin account is part of the BUILTIN/Administrators group in these instructions. You could do it either way but i think he wants to present the instructions from a "best practices" standpoint. And yes you should use seperate a Domain Admin from your user account...but who does that. Quote Share this post Link to post Share on other sites More sharing options...
