SCCM Notes
SCCM Notes
SCCM Notes
sms provider - not hosting another site's sms provider - not an sql cluster - in the same domain as the site server and the site database 2. SQL Server - atleast sql server 2005 sp2 . 2008 supported from sccm 2007 sp1 but previoua r equires hotfix - full installation not express 3. IIS - to transfer data between client and servers.. data like policies, packages, st atus messages - IIS not required for all server roles # management point # reporting point # server locator point # BITS-enabled distribution point 4. WSUS Server.. required for BITS-enabled distribution point ================================================================================ ================================ STEPS NEEDED TO PREPARE A MICROSOFT WINDOWS 2008 R2 SERVER TO HOST A PRIMARY SIT E AND THE SITE ROLES THAT CAN BE INSTALLED. ================================================================================ ================================ ********1. Extend the Active Directory Schema for Configuration Manager 2007.*** ************ - To get the full benefit of SCCM 2007, it needs to be able to publish site info rmation to Active Directory. - By SCCM publishing site information to AD, clients can retrieve this informati on securely and automatically without any extra setup. - By extending the Schema, these settings are automatically configured. # Client installation settings: Client deployment options like the fallback stat us point nand server locator point are automatically retrieved during client set up.. # Native Mode Settings: Information like site mode and CRL checking are retrieve d by clients automatically when the schema is extended. # Port Configuration Settings: During setup, communication ports are defined for the site, so that clients can send data back and forth to different site system s. If the ports are changed after setup, this information is distributed to the clients if the schema is extended. # Others - The Schema can be extended using one of two methods:
# The ExtADSch.exe command line utility which is included in the SCCM media OR ~ Make sure you are logged in as a user who has schema admin permissions otherwi se the schema extension may fail. CAUTION: Take a backup of the Active Directory System state of the Schema master prior to extending the schema. Then take the schema master offline before starting the s chema extension.. This way, if the schema extension fails, you can revert the ch anges using the backup you took without having to worry about a damaged copy of the schema being replicated to all of your domain controllers in the forest. ~ Using the ExtADSch.exe command line utility is the easiest way to extend the s chema. a. login to the schema master with an account that has schema admin rights b. Navigate to the root of the configuration manager 2007 media, hold down the s hift button on the keyboard and right click into an empty space in the folder. C hoose open command window from here. c. Navigate to the i386 folder by typing cd \smssetup\bin\i386 and press enter. d. Type ExtADsch.exe and press enter. The results of the schema extension are di splayed. e. The utility writes a log file called extadsch.txt to the root of the system v olume. The results of the schema extension are written to this file for troubles hooting purposes. # the LDIFDE.exe command line utility with a custom LDF import file. (there is a custom file in the i386 folder called configmgr_ad_schema.ldf; open with a text file; edit and replace "dc=x" with the fqdn of your server e.g. dc=charis,dc=co m).. NOTE THAT THIS IS THE RECOMMENDED METHOD BY MICROSOFT.. Why? I dont know ye t.. COMMAND: LDIFDE.exe -i -f <location of the LDF FILE> -V -J <Location of the LDIF DE log file> E.G. LDIFDE.exe -i -f c:\configmgr_ad_schema.ldf -v -j c:\ldifdelog -i -f -v -j switch switch switch switch is for import points to the location ot the custom ldf file turns on verbose logging outputs the log file to the specified location.
After the AD Schema has been extended for SCCm 2007, site servers can now publis h information for client systems. HOWEVER, FOR ANY SITE SERVER TO PUBLISH INFORM ATION TO ACTIVE DIRECTORY, IT ALSO HAS TO BE GIVEN THE CORRECT PERMISSIONS TO DO SO. *************2. Configure the System Management Container. ********************* - After the AD Schema has been extended for SCCM 2007, site servers can now publ ish information for client systems. HOWEVER, FOR ANY SITE SERVER TO PUBLISH INFO RMATION TO ACTIVE DIRECTORY, IT ALSO HAS TO BE GIVEN THE CORRECT PERMISSIONS TO DO SO. - The system management container is where SCCM 2007 site information is publish ed and it resides under the system container in Active directory. - The system management container can be created automatically when site informa tion is first published or it can be created manually using the ADSI Edit utilit y.
- If you choose to have SCCM 2007 create the system management container automat ically, you must give your site server full control permissions to the system co ntainer prior to installation. (THIS IS A SECURITY RISK HOWEVER AS IF YOUR SITE SERVER GETS COMPROMISED, YOUR ACTIVE DIRECTORY INFRASTRUCTURE COULD ALSO BECOME COMPROMISED FROM THE EXCESS RIGHTS GIVEN TO THE SYSTEM CONTAINER.... BECAUSE OF THIS RISK, MICROSOFT RECOMMENDS THAT YOU MANUALLY ASSIGN THE APPROPRIATE RIGHTS BY USING THE ADSI EDIT UTILITY). NOTE: ~ The Active Directory database could be permanently damaged or destroyed if the ADSI Edit utility is used improperly.. You might want to take a backup of your Active Directory database prior to editing any information with the ADSI Edit ut ility. - Use the ADSI Edit utility to create a new container named "System Management" under System Container and give your Site Server full permissions to this contai ner.. Apply the permissions to its object and all child objects.. NOTE: ~ Each site server that will host a primary, secondary, or central site will nee d these same permissions set on the system management container. Depending on th e number of site servers you will have in your environment, you may want to crea te a group and apply the permissions to the group instead of on each server obje ct.. *****************3. Install IIS. ************************* - From the Server Manager Roles Node, install IIS. (Can get to Server Manager on Server 2008 R2 by right clicking 'My Computer' and selecting 'Manage') # # # # # # Install WebDAV publishing ASP.NET ASP WIndows Authentication IIS 6 Metabase Compatibility IIS 6 WMI Compatibility
***************4. Installing Remote Diferential Compression (RDC)*************** - Install RDC from the features node of server manager..
***************5. Install Background Intelligent Transfer Service (BITS) ******* ***** - Install BITS from the features node of Server Manager. ************** 6. Configuring WebDAV ********************** WebDAV: Web-based Didtributed Authoring and Viewing... and it is an extension of HTTP
- WebDAV is required for management points and BITS-enabled distribution points. - It comes by default in Windows Server 2008 R2 and it can be added during IIS i nstallation - Once WebDAV is installed, it must be enabled and configured to work for SCCM 2 007. - To configure: # Start IIS Manager (Start --> Admin Tools --> IIS Manager) # Expand 'Server node' --> 'Site node' --> Default Web site, then click on WebDA V Authoring Rules. # Double Click WebDAV authoring rules and click on 'add authoring ruke from the action pane' # Select All Content, All Users and the Read permission and click OK. # Click on WebDAV settings from the actions pane. # Set Allow anonymous property queries to TRUE. # Set Allow Custom Properties to FALSE. # Set Allow Property Queries with Infinite Depth to TRUE. # Set Allow Hidden Files to be Listed to TRUE (only needed for BITS enabled dist ribution point) # Re