© 2012 Microsoft Corporation. All rights reserved.
Microsoft Confidential
System Center 2012 Configuration Manager
Deploying System Center 2012 Configuration Manager
Microsoft Confidential
Conditions and Terms of Use
Microsoft Confidential
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software
is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content
and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind,
whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and noninfringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft
must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies,
organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no
association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should
be inferred.
Copyright and Trademarks
© 2012 Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United
States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Overview
Deploying System Center 2012 Configuration Manager Site
Servers
Deploying System Center 2012 Configuration Manager Site
Systems
3
Microsoft Confidential
Objective
After completing this lesson, you will:
Understand how to deploy System Center 2012
Configuration Manager Hierarchy:
Central Administration Site
Primary site(s)
Secondary site(s)
Site System Roles
Understand how to install Configuration Manager console
Understand how to perform Configuration Manager
Unattended setup
4
Microsoft Confidential
System Center 2012 Configuration Manager
Hierarchy Overview
System Center 2012 Configuration Manager Hierarchy
types
Active Directory and PKI certificate requirements
Extending AD Schema
5
Microsoft Confidential
System Center 2012 Configuration Manager
Hierarchy Types
Standalone site
One Primary Site server
One or more site system servers
Can support up to 100,000 clients
DP
DP
Primary Site
Site System
6
Microsoft Confidential
Primary Site
DP
MP
MP
System Center 2012 Configuration Manager
Hierarchy Types
Hierarchy of sites – without CAS
Single Primary Site server
Can support up to 250 Secondary
Sites
Can support up to 100,000 clients
Primary Site
DP
Primary Site
DP
Secondary Site
Site System
7
Microsoft Confidential
DP
MP
Secondary Site
System Center 2012 Configuration Manager
Hierarchy Types
Hierarchy of sites – with CAS
Central Administration Site (CAS)
Can support up to 25 child Primary
Sites
Can support up to 400,000 clients
using an Enterprise edition of SQL
Server
Central
Administration Site
Primary Site
Secondary Site
Site System
8
Microsoft Confidential
Expanding a Stand-Alone Primary Site into a
Hierarchy by adding CAS
Prerequisites
The stand-alone primary site and new CAS must run the same
version of Configuration Manager
The stand-alone primary site cannot be configured to migrate data
from another Configuration Manager hierarchy
The new CAS site computer account site must be a member of the
Administrators group on the stand-alone primary site
(Note account will be removed after site expansion completes.)
Remove Asset Intelligence synchronization point and Endpoint
Protection point from stand-alone primary site before you can
expand the site
When the stand-alone primary site is configured for migration, you
must stop all active Data Gathering before you expand the site
9
Microsoft Confidential
Expanding a Stand-Alone Primary Site into a
Hierarchy by adding CAS
10
Considerations
Details
Software update points
Install SUP on CAS as soon as possible after the
expansion. Until SUP is configured on CAS, SUP at the
Primary site cannot synchronize the new software
updates
After the expansion, Stand-alone Primary site
automatically reconfigures to synchronize with SUP at
the new CAS site
Pre-existing configuration at the primary site
automatically apply at CAS which includes Sync
schedules, supercedence configurations and additional
related settings
Packages for software deployment
Packages that were created at the stand-alone primary
site before your expand the site, continue to be
managed by the primary site. However, these packages
replicate as global data to all sites in the hierarchy, and
you can manage these packages from the central
administration site. The only exception to this is the
client installation package.
Microsoft Confidential
Expanding a Stand-Alone Primary Site into a
Hierarchy by adding CAS
11
Client installation package
After expansion, ownership of the client
installation package transfers to the CAS. As
manages this package, it modifies the
package to support only the client operating
system languages that are selected at that
site, ensure that the CAS site supports the
same client languages that are selected at
your primary site.
Client policy
After you expand a primary site, you must
restart the SMS_POLICY_PROVIDER or SMS
Executive else client will not get new policies.
Default Boot WIM
CAS creates and deploys a new default boot
WIM after expansion which will become the
new default WIM for use in the hierarchy.
The boot WIM from the stand-alone primary
site remains unmodified, and objects for
operating system deployment that are based
on this WIM continue to function.
Microsoft Confidential
Hierarchy Expansion: Process
Central
Administration
Site
Global Data initializedPrimary Site
Primary Site
12
Microsoft Confidential
Hierarchy Expansion vs. Site Attach
Configuration Manager 2007
Configuration Manager 2012
Join site to a hierarchy
New Site setup
Mergers & Acquisitions
Built-in migration feature
Hierarchy changes
Redeploy – Less of an issue
with simplified hierarchies
Upgrade paths
Path
Supported/Possible?
2012 RTM  2012 Sp1
Yes
2012 RTM  2012 SP1 Beta
No (support for TAP customers
only)
No (support for TAP customers
only)
No (fresh install and use
migration feature to migrate
data)
2012 SP1 Beta  2012 Sp1
2007  2012 RTM
2007  2012 SP1
No (fresh install and use
migration feature to migrate
data)
Upgrade considerations
Upgrade must be done using top-down approach.
Configuration Manager 2012 Sp1 clients cannot be
assigned to RTM sites.
Always run “testDBUpgrade” against a copy of your
database prior to upgrading in the production
environment.
Review Notes section for the best practices of upgrade
process.
15
Microsoft Confidential
Upgrade: Interoperability
Central
Administration
Site
Primary Site
Primary Site
Off
18
Microsoft Confidential
Changes to Site System Roles
Reporting Point
Reporting services point
PXE service point
Distribution point
Server locator point
Management Point
Branch distribution point
Standard DP & BranchCache
NLB Management Point
Multiple Management Points
Each Primary Site can support up to 10 Management
Points and each MP can support up to 25,000 clients.
Default Management Point Client will automatically select one of multiple MPs in
a site based on network location and capability
(HTTPS or HTTP)
Proxy management point
19
MP installed at Secondary site
The Secondary Site Management Point can support
up to 5,000 computer clients.
Microsoft Confidential
Replicated Data Types
Global Data
Site Data
File content
Database replication
Database replication
File-based replication
• Alert rules
• Client discovery
• Collections rules and count
• Configuration Items
metadata
• Deployments
• Operating system images
(boot images and driver
packages)
• Package metadata
• Program metadata
• Site control file
• Site security objects (security
roles and security scopes)
• Software updates metadata
• System Resource List (site
system servers)
21
• Alert messages
• Asset Intelligence client
access license (CAL) tracking
data
• Client Health data
• Client Health history
• Collection membership
results
• Component and Site Status
Summarizers
• Hardware inventory
• Software distribution status
details
• Software inventory and
metering
• Software updates site data
• Status messages
• Status summary data
Microsoft Confidential
• Package files used by
deployments
• Data from secondary sites
• Fallback Status Point state
messages
• Discovery data records
Replication Model
Global
Site Data
Data
Content
Available
Available at:
at:
where
content
CAS
CAS,been
&Replicating
Primary
Sites
Primary
has
distributed
to a
Ex.
Ex.
DP
•• Collections
HINV
•• Packages
Status
•• Deployments
Collection Membership
• Security
Results Scopes
Central Site
(Berlin)
Germany
(Berlin)
Spain(Madrid)
Cordoba
Global Data subset
Primary Site
Sevilla
Secondary
Site
22
2/15/2012
Content routing between
Secondaries
Microsoft Confidential - For Internal Use Only
Ex.
•
Packages (metadata)
•
Programs
Replication Improvement in Sp1
Replication Link
Replication traffic compression
Decrease CAS traffic size ~>70%
Increase SQL CPU ~< 11%
Default on for all links
Change SQL Server Service Broker Ports
Ease management for security
Configure replication retention threshold
Allow for extended outages
Configure for problematic networks
23
Microsoft Confidential
Replication Improvement in Sp1
Distributed Views
Distributed Views are setup under Link properties between
CAS and Primary Sites.
CAS and Primary should be well connected
It reduces site data replication and SQL Server replication
loads
Improve SQL server performance
Notes:
• Single provider supported at the CAS
• Single SSRS at the CAS
• Distributed Views and Scheduling are mutually exclusive
24
Microsoft Confidential
Replication Improvement in Sp1
Schedule Site Data
Schedule Site Data are setup under Link properties
between CAS and Primary Sites.
CAS and Primary should be well connected.
It reduces site data replication and SQL Server replication
loads.
Improve SQL server performance
Protect business critical network applications
Use excess bandwidth
Notes:
• Distributed Views and Scheduling are mutually exclusive
25
Microsoft Confidential
Replication Improvement in Sp1
Reporting
There are 10 new reports for Replication traffic
26
Microsoft Confidential
Active Directory requirements
All site systems must be members of Active Directory
domain
Changing domain membership or computer name of a site
system after installation is not supported
Sites and hierarchies can span Active Directory forests.
Configuration Manager supports the Exchange Server
connector in a different forest from the site server
DNS forwarding might be required
Extending Active Directory schema is optional but highly
recommended
If you extended the schema for SCCM 2007 SP1 you do not need to
extend the schema again
Configuration Manager can publish site data to trusted
forests
27
Microsoft Confidential
Cross-forest Communication
Communication
Two-way forest trust
Site<->Site
•
Required
•
•
Site <->Site System
•
Not Required
Grant appropriate access to the SQL Server
database to :
• Management Point Database
Connection Account
• Enrollment Point Connection Account
User policies are supported only when the
Internet-based management point trusts
the forest that contains the user accounts
Actions required
Firewall configuration
Name resolution
Out of band service point, must be
installed in the same forest as the site
server.
Client<->Site System
28
Clients that are not in the same
forest as their site’s site server*:
• Two way trust required or the
site system must be in the same
forest as the client.
• The site system role server is
located in the same forest as the
client
• The client is on a domain
computer that does not have a
two-way trust with site server
and site system role are not
installed in the client’s forest
Microsoft Confidential
Clients must be able to locate:
• Site system servers
• Site resources, such as Management
Points and deployment content
Client can use AD when their site is
published to their AD Forest. To publish site
information to another AD Forest, you must
first specify the forest and then enable
publishing to that forest in the AD Forests
node of the Administration workspace.
For clients that cannot use AD for service
location, you can use DNS/WINS or the
client’s assigned MP.
AD Schema Extension
Extending the Active Directory schema is a forest-wide
irreversible action and can only be done one time per forest
Member of the Schema Admins Group
You can extend the schema before or after setup
There are no changes in AD Schema extensions in Configuration
Manager 2012 Sp1 from RTM version.
If you have extended schema for Configuration Manager 2007 or
Configuration Manager 2012 RTM, you do not have to extend
the schema again for Configuration Manager 2012 Sp1.
29
Microsoft Confidential
Why should I extend AD Schema?
30
Functionality
AD Schema Extended
Client computer installation and site
assignment
Clients can search Active Directory Domain
Services for installation properties.
Port configuration for client-toserver communication
Client can obtain this new port setting from
Active Directory Domain Services.
Network Access Protection
Required
Content deployment scenarios
Site’s public key is made available to all
sites in the hierarchy.
Microsoft Confidential
Actions Required if AD Schema is not Extended
Functionality
Required actions
Client computer installation
and site assignment
You must use one of the following workarounds to provide configuration
details that computers require to install:
• Use client push installation
• Install clients manually and provide client installation properties by using
CCMSetup installation command-line properties. This must include the
following:
• /mp:=<Management Point name computer name> or
/source:<path to client source files>
• SMSMP (Specify a list of initial Management Points for the client
to use)
• Publish the Management Point in DNS or WINS and configure clients to
use this service location method
Port configuration for
client-to-server
communication
You must use one of the following workarounds to provide this new port
configuration to existing clients:
• Reinstall clients and configure them to use the new port information.
• Deploy a script to clients to update the port information. If clients cannot
communicate with a site because of the port change, you must deploy this script
externally to Configuration Manager. For example, you could use Group Policy
31
Network Access Protection
Not available
Content deployment
scenarios
Use the hierarchy maintenance tool, preinst.exe, to exchange the secure
key information between sites directly
Microsoft Confidential
How to Prepare Active Directory for Configuration
Manager
Extend the Active Directory schema
By running the extadsch.exe
By using the ConfigMgr_ad_schema.ldf file
Create the System Management
container in Active Directory Domain
Services
Set security permissions on the System
Management container
All site server computer accounts must be
granted Full Control permissions to the
System Management container and all its
child objects
Enable Active Directory publishing for the
Configuration Manager site
32
Microsoft Confidential
PKI Requirements
Sites are no longer configured for mixed mode or native
mode
Individual site system roles can be configured to support
client connections over HTTPS or HTTP
Mobile devices and client connections over the Internet
must use HTTPS
Most of the PKI certificate requirements from Configuration
Manager 2007 remain the same for HTTPS site systems
roles
Many certificates now support SHA-2 in addition to SHA-1
33
Microsoft Confidential
PKI Certificates for Servers
34
Configuration Manager component
Certificate purpose/
Microsoft certificate template to use
Site systems that run IIS and HTTPS client connections:
• Management Point
• Distribution Point
• Software Update Point
• State Migration Point
• Enrollment point
• Enrollment proxy point
• Application Catalog web service point
• Application Catalog website point
Server authentication
Web Server
Network Load Balancing (NLB) cluster for a Software Update Point
Server authentication
Web Server
Site system servers and servers that run Microsoft SQL Server
Server authentication
Web Server
Site system monitoring for:
• Management Point
• State Migration Point
Client authentication
Workstation Authentication
Site systems that have a Distribution Point installed
Client authentication
Workstation Authentication
Out of band service point
AMT Provisioning
Web Server (modified)
Network infrastructure component
Certificate purpose/
Microsoft certificate template to use
Proxy web server accepting client connections over the Internet
Server authentication and client authentication
1. Web Server
2. Workstation Authentication
Microsoft Confidential
PKI Certificates for Clients
35
Configuration Manager component
Certificate purpose/
Microsoft certificate template to use
Client computers
Client authentication
Workstation Authentication
Mobile device clients
Client authentication
Authenticated Session
Boot images for deploying operating systems
Client authentication
Workstation Authentication
Root certification authority (CA) certificates for the following
scenarios:
Operating system deployment
Mobile device enrollment
RADIUS server authentication for Intel AMT-based computers
Client certificate authentication
Certificate chain to a trusted source
N/A
Intel AMT-based computers
Server authentication.
Web Server (modified) *
Intel AMT 802.1X client certificate
Client authentication
Workstation Authentication **
Microsoft Confidential
Demonstration
Extending Active Directory schema
36
Microsoft Confidential
Lesson Review
Can a single site span multiple forests?
How can you verify if AD Schema extension is completed
successfully?
38
Microsoft Confidential
Deploying a Central Administration Site
Configuration Manager supported configurations
Central Administration Site prerequisites
Central Administration Site setup options
Demo: Central Administration Site setup
39
Microsoft Confidential
Configuration Manager Supported Configurations
Must be 64-bit operating system
Windows Server 2008/2008 R2
Standard/Enterprise/Data Center Edition
Windows Server 2012 (for Configuration Manager 2012
Sp1)
Server Core installations is not supported
Windows Server cluster is supported only for the site
database server
Secondary sites and site database servers are not
supported on a computer running Windows Server 2008 or
Windows Server 2008 R2 that uses a read-only domain
controller (RODC)
40
Microsoft Confidential
Support for Virtualized Environments
All site server roles are supported in the following
virtualization environments:
Windows Server2008
Microsoft Hyper-V Server 2008
Windows Server 2008 R2
Microsoft Hyper-V Server 2008 R2
Note:
You can validate that your virtualization environment is supported for Configuration Manager by using the Server
Virtualization Validation Program and its online Virtualization Program Support Policy Wizard. For more information about
the Server Virtualization Validation Program, see Windows Server Virtualization Validation Program.
41
Microsoft Confidential
SQL Server Supported Configurations
Configuration Manager 2012 RTM or Sp1 (SQL Server
Enterprise/Standard Edition):
SQL Server 2008 SP2 with Cumulative Update 9
SQL Server 2008 SP3 with Cumulative Update 4
SQL Server 2008 R2* with SP1 and Cumulative Update 6
SQL Server 2008 R2* with Sp2 (no CU)
Secondary Site ONLY:
SQL Server Express 2008 R2 with SP1 and Cumulative Update 6
SQL Server Express 2008 R2 with Sp2 and no CU
Configuration Manager 2012 Sp1 only
SQL Server 2012 Standard/Enterprise with no SP and minimum of CU2
SQL Server 2012 Std./Enterprise with SP1
Secondary Site SQL Server 2012 Express (no SP) and min. of CU2
Secondary site SQL Server 2012 Sp1 or SQL Server Express 2012 Sp1.
Important:
* Configuration Manager with no service pack does not support the site database on any version of a SQL Server 2008 R2 cluster. This
includes any service pack version or cumulative update version of SQL Server 2008 R2. With Configuration Manager SP1, the site
database is supported on a SQL Server 2008 R2 cluster.
42
Microsoft Confidential
SQL Server Supported Configurations
Each site must use SQL_Latin1_General_CP1_CI_AS
collation
Only Database Engine Services feature* is required for
each site server
Windows authentication
Dedicated instance of SQL Server for each site on a shared
SQL Server
Active/Passive cluster and multiple instance configuration is
supported
* ConfigMgr database replication does not require the SQL Server replication feature.
43
Microsoft Confidential
SQL Server Memory Configuration
Maximum SQL Server memory:
Co-Located database server: 50% of the available memory
Dedicated SQL Server: 80% of the available memory
Minimum SQL Server memory:
8 GB for CAS and primary site servers
4 GB for secondary site servers
44
Microsoft Confidential
CAS Supported Configuration
Required for hierarchies with more than one primary site
Supports only primary sites as child sites (Up to 25 child
sites)
The hierarchy supports up to:
50,000 clients when using SQL Server Standard (co-located or
remote from the site server)
400,000 clients when using SQL Server Enterprise (co-located or
remote from the site server)
Supports only the following site system roles:
Asset Intelligence Synchronization Point
Endpoint Protection Point
Reporting Services Point
Software Update Point
System Health Validator Point
45
Microsoft Confidential
Pre-installation Applications
Setup Downloader (setupdl.exe)
A stand-alone* application that verifies and
downloads required prerequisite
redistributables, language packs, and the latest
product updates for Setup
You must have Full Control NTFS file system
permissions to the download folder
Log file: ConfigMgrSetup.log file in the root of
the C: drive
Command line
Description
/VERIFY:
Verify the files in the download folder, which include language files.
/VERIFYLANG:
Verify the language files in the download folder.
/LANG:
Download only the language files
/NOUI:
Start Setup Downloader without displaying the user interface.
you must specify the download path
<DownloadPath>:
Specify the path to the download folder
Example:
<ConfigMgrSourceFiles>\SMSSETUP\BIN\X64\setupdl /NOUI
\\MyServer\ConfigMgrUpdates
46
Microsoft Confidential
Pre-installation Applications
Prerequisite Checker (prereqchk.exe)
A standalone application that verifies server readiness for a site
server or specific site system roles
You must have Administrator rights on the server
Required files (<ConfigMgrSourceFiles>\SMSSETUP\BIN\X64):
prereqchk.exe
prereqcore.dll
basesql.dll
basesvr.dll
baseutil.dll
Log file: ConfigMgrPrereq.log file in the root of the C: drive
47
Microsoft Confidential
Prereqchk.exe Command-line for CAS
Command-Line Option
Required?
Description
/NOUI
No
Start Prerequisite Checker without displaying the user interface. You must
specify this option before any other option in the command-line.
/CAS
Yes
Verifies that the local computer meets the requirements for the Central
Administration Site.
/SQL <FQDN of SQL
Server>
Yes
Verifies that the specified computer meets the requirements for SQL
Server to host the Configuration Manager site database.
/SDK <FQDN of SMS
Provider>
Yes
Verifies that the specified computer meets the requirements for the SMS
Provider.
/Ssbport
No
Verifies that a firewall exception is in effect to allow communication on
the SSB port. The default is port number is 4022.
InstallDir
<ConfigMgrInstallationPath
No
Verifies minimum disk space on requirements for site installation.
Prereqchk.exe /CAS /SQL sqlsrv.consoto.com /sdk sdksrv.contoso.com /Ssbport InstallDir D:\ConfigMgr12
48
Microsoft Confidential
CAS -Prerequisites Checker
Prerequisite
Level
Site Type
Administrator rights on Central Administration Site
Error
Primary site
Administrative rights on site system
Error
CAS
Primary site
Secondary site
Connection to SQL Server on Central Administration
Site
Error
Primary site
Site server computer account administrative rights
Error
SQL Server
Secondary site
Site System to SQL Server Communication
Warning
Management
Point
Secondary site
SQL Server sysadmin rights
Error
SQL Server
49
Microsoft Confidential
CAS Setup Options
Configuration Manager Setup Wizard
Unattended install
New in Configuration Manager 2012 Sp1:
You have the option to install the CAS as the first site of a new
hierarchy, or install the central administration site to expand a
stand-alone primary site into a hierarchy with the new central
administration site.
You can upgrade from RTM version of Configuration Manager
2012 to Sp1.
50
Microsoft Confidential
Installing Central Administration Site (Screen
shots)
Microsoft Confidential
WAIK Recommendations
• It’s recommended to first uninstall the WAIK (Windows Automated Installation Kit) and
then Install Windows Assessment and Deployment Kit (ADK) for Windows 8 before
installing Configuration Manager 2012 SP1.
• Windows does not support WAIK and ADK being on the same box at the same time. If
your system do not have internet access then use the steps defined in this article to
install ADK - http://msdn.microsoft.com/enus/library/hh825494.aspx#InstallingNonNetworked
52
Microsoft Confidential
Site System Roles
Site system role
CAS
Child primary
site
Secondary
site
Site specific or
hierarchy wide
Application Catalog web service point
Hierarchy
Application Catalog website point
Hierarchy
Asset Intelligence synchronization point
Hierarchy
Distribution Point
Site
Fallback status point
Hierarchy
Management Point
Site
Endpoint Protection point
Hierarchy
Enrollment point
Site
Enrollment proxy point
Site
Out of band service point
Site
Reporting services point
Hierarchy
Software update point
Site
State migration point
Site
System Health Validator point
Hierarchy
53
Microsoft Confidential
Lesson Review
What is a CAS?
Which sites can report to a CAS?
Which site systems roles are supported on a CAS?
54
Microsoft Confidential
Deploying a Primary Site
Primary site supported configurations
Primary site prerequisites
Primary site setup options
Demo: Primary site setup
55
Microsoft Confidential
Primary Site Supported Configurations
Supports only Secondary sites as child sites (up to 250
secondary sites)
Supports up to:
50,000 clients when using SQL Server that is co-located with the
site server
100,000 clients when using a SQL Server that is remote from the
site server
Uses database replication to communicate directly to the
Central Administration Site
Cannot change its parent site relationship after installation
When a Primary site is installed, it automatically configures
database replication with its designated Central Administration Site
56
Microsoft Confidential
Pre-installation Applications
Setup Downloader
Prerequisite Checker
57
Microsoft Confidential
Prereqchk.exe Command-line for Primary Child Site
Command-Line Option
58
Required?
Description
/NOUI
No
Use this option to start Prerequisite Checker without displaying the user
interface. You must specify this option before any other option in the
command-line.
/PRI
Yes
Verifies that the local computer meets the requirements for the primary site.
/SQL <FQDN of SQL Server>
Yes
Verifies that the specified computer meets the requirements for SQL Server
to host the Configuration Manager site database.
/SDK <FQDN of SMS
Provider>
Yes
Verifies that the specified computer meets the requirements for the SMS
Provider.
/JOIN <FQDN of central
administration site>
Yes
Verifies that the local computer meets the requirements for connecting to
the central administration server.
/MP <FQDN of management
point>
No
Verifies that the specified computer meets the requirements for the
management point site system role. This option is only supported when you
use the /PRI option.
/DP <FQDN of distribution
point>
No
Verifies that the specified computer meets the requirements for the
distribution point site system role. This option is only supported when you
use the /PRI option.
/Ssbport
No
Verifies that a firewall exception is in effect to allow communication for the
SQL Server Service Broker (SSB) port. The default is port number is 4022.
InstallDir
<ConfigMgrInstallationPath>
No
Verifies minimum disk space on requirements for site installation.
Microsoft Confidential
Primary child site -Prerequisites Check
59
Prerequisite
Level
Site Type
Administrator rights on central administration site
Error
Primary Child
Administrative rights on site system
Error
Primary Child
Connection to SQL Server on central administration site
Error
Primary Child
Microsoft Confidential
Primary Site Setup Options
Configuration Manager Setup Wizard
Unattended installation by using the scripted installation
method
60
Microsoft Confidential
Installing Primary Site (Screen shots)
Microsoft Confidential
Lesson Review
Which sites can report to a Primary site?
Which site systems roles are not supported on a child
Primary site?
Can a child Primary site in a hierarchy be installed before
installing the CAS?
62
Microsoft Confidential
Deploying a Secondary Site
Secondary site supported configurations
Secondary site prerequisites
Secondary site setup options
Demo: Secondary site setup
63
Microsoft Confidential
Secondary Site Supported Configurations
Can support communications up to 5,000 clients
Has a SQL Server database
Uses file-based replication as well as database-replication
Console initiated installation only
Automatically deploy a Management Point and Distribution Point
that are located on the secondary site server
Cannot change parent site without reinstalling the site
When a secondary site is installed, it automatically configures
database replication with its parent primary site
Windows Server 2008 or Windows Server 2008 R2 that
uses a Read-Only Domain Controller (RODC) is not
supported
64
Microsoft Confidential
Prereqchk.exe Command-line for Secondary Site
Command-Line Option
Required?
Description
/NOUI
No
Use this option to start Prerequisite Checker without
displaying the user interface. You must specify this option
before any other option in the command-line.
/SEC <FQDN of secondary
site server>
Yes
Verifies that the specified computer meets the requirements
for the secondary site.
/INSTALLSQLEXPRESS
No
Verifies that SQL Express can be installed on the specified
computer.
No
Verifies that a firewall exception is in effect to allow
communication for the SQL Server Service Broker (SSB)
port. The default is port number is 4022.
/Sqlport
No
Verifies that a firewall exception is in effect to allow
communication for the SQL Server service port and that the
port is not in use by another SQL Server named instance.
The default port is 1433.
InstallDir
<ConfigMgrInstallationPath
No
Verifies minimum disk space on requirements for site
installation.
SourceDir
No
Verifies that the computer account of the secondary site
can access the folder hosting the source files for Setup.
/Ssbport
65
Microsoft Confidential
Secondary Site Setup Options
Console initiated installation only
Source files can be pre-staged on a network share
If no local instance of SQL Server is available Setup
automatically installs SQL Server Express
Setup configures database replication with its parent
primary site
Setup automatically installs the following site system roles :
Management Point
Distribution Point
66
Microsoft Confidential
Installing Secondary Site (Screen shots)
Microsoft Confidential
Lesson Review
How can you install a Secondary site?
Which SQL Server Edition will be installed during setup?
How do you monitor installation of Secondary site?
68
Microsoft Confidential
Deploying Site System Roles
Site system roles supported configurations
Site system roles prerequisites
Site systems setup options
Demo: Site systems setup
69
Microsoft Confidential
Management Points
Each primary site can support up to 10 Management
Points
Each primary site Management Point can support up to
25,000 computer clients
Each secondary site can support a single Management
Point that must be co-located on the Secondary site server
The secondary site Management Point can support up to
5,000 computer clients
Prerequisites:
IIS
BITS
70
Microsoft Confidential
Distribution Points
Each Primary site supports a combined total of up to 5,000 DPs*.
Individually, each Primary site and Secondary site supports up to 250 Distribution
Points. Each Distribution Point can support up to 4,000 clients**.
Each DP supports a combined total of up to 10,000 packages and applications.
Supported operating systems:
Client OS:
Windows Vista (x86)/Windows 7 (x86/x64)
PXE and Multicast not supported
Windows 8 (Pro/Enterprise – x86/x64) with Configuration Manager 2012 Sp1
PXE and Multicast not supported
Server OS:
Windows Server 2003 /R2 (x86/x64)
Multicast not supported
Windows Server 2008 /R2 (x64)
Windows Server 2012 Standard/Datacenter (x64) with Configuration Manager 2012 Sp1
Prerequisites:
Remote Differential Compression
IIS
BITS
Windows Deployment Services (To support PXE or multicast)
71
Microsoft Confidential
Distribution Points Upgrade/Sharing
Standalone
72
Co-located with
other site roles
Co-located with
secondary site server
Standard DP
Y
N
Y
DP on Server
Shares
Y
N
N
*Branch DP
Y
N
N
•
* Important: Admin must uninstall Configuration Manager 2007 client before
upgrading Branch DP, otherwise the upgrading will fail and the content will be
removed.
•
* The client OS must meet the OS requirement of Configuration Manager
2012 DP
Microsoft Confidential
Distribution Points on Server Shares
If the server shared DP is co-located with secondary site
Enable the standard DP on the Secondary site server
Redistribute the content to that standard DP
Redistribution does not cause network traffic
Remove the distribution point on server share
Upgrade the standard DP on the secondary site server
73
Microsoft Confidential
Distribution Points Disk space requirements
Remove unwanted data before upgrading.
It requires double disk space when upgrading DP from
Configuration Manager 2007 to 2012 RTM.
Configuration Manager 2012 Sp1 improvement – Now the
original content will be removed right after successful
conversion.
74
Microsoft Confidential
Cloud-based Distribution Points
New Site System role in Configuration Manager SP1:
Distribution Points that run as a cloud service in Windows
Azure. (requires subscription to Windows Azure)
Clients can use the cloud-based DP as standard content
location or as a fallback location.
You have to specify within Client Settings whether you
want to allow clients to access Cloud-based DP.
75
Microsoft Confidential
Pull Distribution Points
New option in Configuration Manager SP1:
You are able to define Pull Distribution Point option when
setting up the Distribution Point so that DP can download
the content from another DP rather than going back to the
original source.
Similar to “Distribute the content from the nearest site in
the hierarchy” feature.
77
Microsoft Confidential
Software Update Points (SUP)
The SUP can support up to 25,000 clients when WSUS 3.0
Sp2 runs on the SUP computer and SUP co-exists with
another site system role.
The SUP can support to 100,000 clients when WSUS 3.0
Sp2 runs on the SUP and it does not co-exist with another
site system role.
Prerequisites:
IIS
WSUS
WSUS Admin Console
78
Microsoft Confidential
Software Update Points (SUP) – (Configuration
Manager 2012 Sp1)
You can create one or more SUPs at a sit to support clients in an
untrusted forest
When there are multiple SUPs at a site, and then one fails or
becomes unavailable, clients will connect to a different SUP*.
When you have an active Software Update Point (SUP01) in a
Configuration Manager with RTM (no SP) site, upgrade the site
to Configuration Manager SP1, and then add a second Software
Update Point (SUP02). As a result, the existing clients will only
switch to SUP02 on the condition of a failed scan. All new clients
will randomly be assigned to SUP01 or SUP02 after you
upgraded your site to Configuration Manager SP1.
79
Microsoft Confidential
Proxy Server (new in Configuration Manager
2012 Sp1)
You can configure a proxy server on each site system server
for use by all site system roles installed on that system.
This is not a new site system role but a configuration for
site system servers.
You can use Configuration Manager Console to configure
each site system server to use a proxy server. This
configuration is used by each applicable site system role
that is installed on that computer.
Example: Software Update Point connection to Microsoft
Update site to download updates using proxy server.
80
Microsoft Confidential
Site System Roles Prerequisites
Site system role
.NET
Framework
Application Catalog
web service point
3.5 SP1
4.0
Application Catalog
website point
81
4.0
WCF
activation
IIS
Additional prerequisites
Required
ASP.NET
IIS 6 Metabase Compatibility
Windows Authentication
Not
Required
applicable
Static Content
Default Document
ASP.NET
Windows Authentication
IIS 6 Metabase Compatibility
Required
Asset Intelligence
4.0
synchronization point
Not
Not
Not applicable
applicable applicable
Endpoint Protection
point
Enrollment point
Enrollment proxy
point
3.5 SP1
Not
Not
Not applicable
applicable applicable
Required Required ASP.NET
4.0
Required
3.5 SP1
Required
Microsoft Confidential
ASP.NET
Site System Roles Prerequisites
Site system role
.NET Framework
Fallback status
Not applicable
point
Out of band
4.0
service point
Reporting services
4.0
point
Software update 3.5 SP1
point
4.0
State migration
Not applicable
point
System Health
Validator point
82
Not applicable
WCF activation
IIS
Additional
prerequisites
Not applicable
Required
Not applicable
Required
Not applicable Not applicable
Not applicable
Not applicable
SQL Server
Reporting Services.
Not applicable
Required
WSUS 3.0 SP2
Not applicable
Required
Not applicable
Not applicable
This site system role
is supported only on
Not applicable
a NAP health policy
server.
Microsoft Confidential
Site System Roles Setup Options
Add Site System Roles wizard
Create Site System Server
Wizard
Configuration Manager does
not support site system roles
for multiple sites on a single
site system server.
83
Microsoft Confidential
Create a Site System Server
84
Microsoft Confidential
Select Roles To Install
85
Microsoft Confidential
Installing the Configuration Manager Console
Configuration Manager console supported configurations
Configuration Manager console prerequisites
Configuration Manager console setup options
Demo: Configuration Manager console setup
86
Microsoft Confidential
Configuration Manager Console
Connects to either a Central Administration Site, or a Primary site
Can connect to other sites after the initial connection is made
Cannot connect to a Secondary site
No limit to the number of simultaneous Configuration Manager
console connections to a Primary site or Central Administration Site
Can be installed on the same computer with the Configuration
Manager 2007 console
Can be installed during setup or after setup by using the Configuration
Manager console Windows Installer package (consolesetup.exe)
No ICP (International Client Pack) required for multiple language
support
.NET Framework 4 is required
87
Microsoft Confidential
Read-only Mode Admin Console
The Primary site did not complete site installation yet
The Primary site has inter-site replication problems
The Primary site is running a site restoration
The Primary site is initializing global data
You must close, and reconnect the Configuration Manager
console to establish a normal session
88
Microsoft Confidential
Configuration Manager Console Supported
Configurations
Operating system
Windows XP Professional (SP3)
Windows XP Professional for 64-bit Systems (SP2)
Windows Vista
• Business Edition (SP2)
• Enterprise Edition (SP2)
• Ultimate Edition (SP2)
Windows Server 2003 R2 SP2
• Standard Edition
• Enterprise Edition
• Datacenter Edition
Windows Server 2008
• Standard Edition
• Enterprise Edition
• Datacenter Edition
Windows 7
• Professional Editions (without service pack, SP1)
• Enterprise Editions (without service pack, SP1)
• Ultimate Editions (without service pack, SP1)
Windows Server 2008 R2
• Standard Edition (without service pack, SP1)
• Enterprise Edition (without service pack, SP1)
• Datacenter Edition (without service pack, SP1)
89
System architecture
x86
x64
x86, x64
x86, x64
x86, x64
x86, x64
x64
Microsoft Confidential
Configuration Manager Console Supported
Configurations
Operating system
Windows 8
• Pro/Enterprise
Windows Server 2012
• Standard Edition
• Datacenter Edition
90
System architecture
x86, x64
CM12 Version
Configuration
Manager with SP1
•Configuration
Manager with SP1
x64
Microsoft Confidential
Pre-installation Applications
Prerequisite Checker
Run prereqchk.exe /Adminui to check requirements for
Configuration Manager console installation on the local computer
91
Microsoft Confidential
Administrator Console Setup Options
Configuration Manager Console setup wizard
consolesetup.exe
Command-Line options
Command-Line Option
/q
/uninstall
LangPackDir
TargetDir
EnableSQM
DefaultSiteServerName
92
Description
Unattended setup. The EnableSQM and DefaultSiteServerName
options are required
Uninstall the Configuration Manager console. You must specify this
option first when used with the /q option.
Specify the path to the folder that contains the language files.
Specify the installation folder. This option is required when used
with the /q option.
Specify whether to join the Customer Experience Improvement
Program (CEIP). This option is required when used with the /q
option.
Specify the FQDN of the site server to which the console will
connect when it opens. This option is required
Microsoft Confidential
Installing Admin Console (Screen shots)
Microsoft Confidential
Lesson Review
Can System Center 2012 Admin Console and Configuration
Manager 2007 Admin Console co-exist on the same
computer?
What’s the name of the program used to install the
Administrator Console?
94
Microsoft Confidential
Unattended Configuration Manager setup
Configuration Manager setup command line options
Configuration Manager Console unattended setup
95
Microsoft Confidential
Unattended installation
To perform a scripted installation, follow these steps:
The Configuration Manager installation process generates a file called
ConfigMgrAutoSave.ini and stores it under %temp% folder. This file can be
used to perform an unattended installation.
Save ConfigMgrAutoSave.ini (you can also create it) to another location.
From a CMD windows, go to <ConfigMgr install source\SMSSetup\Bin\X64
Type setup.exe /script <the script path> (you can also use setupwpf.exe)
 Note that setup.exe will not check components (.Net, manifest file, SQL Express …). They should be present (or
downloaded using setupDL.exe /NoUI <Path>)
To monitor the installation you can refer to ConfigMgrSetup.log and
sitecomp.log.
96
Microsoft Confidential
Configuration Manager Setup Command Line
Options
97
Command-Line Option
Description
/NODISKCHECK
Disable the verification of disk space requirements during prerequisite checking.
/UPGRADE <ProductKey>
<PathToSetupPrerequisiteFi
les>
Perform an unattended
Use a command-line for the /UPGRADE option similar to the following:
Setup /UPGRADE xxxxx-xxxxx-xxxxx-xxxxx-xxxxx <PathToSetupPrerequisiteFiles>
/DEINSTALL
Uninstall the site. You must run Setup from the site server computer.
/NOUSERINPUT
Disable user input during Setup, but display the Setup Wizard interface. This option must be
used in conjunction with the /SCRIPT option.
/RESETSITE
Perform a site reset that resets the database and service accounts for the site.
/TESTDBUPGRADE
<InstanceName\DatabaseN
ame>
Perform a test on the site database to ensure that it is capable of an upgrade. As a best
practice, run this command-line option on a backup of the site database instead of on your
production site database.
/SCRIPT <SetupScriptPath>
Perform unattended installations. A setup initialization file is required when you use the
/SCRIPT option.
SDKINST <FQDN>
Install the SMS Provider on the specified computer. You must provide the FQDN for the SMS
Provider computer.
SDKDEINST <FQDN>
Uninstall the SMS Provider on the specified computer. You must provide the FQDN for the
SMS Provider computer.
MANAGELANGS
<SetupScriptPath>
Manage the languages that are installed at the selected site.
Unattended Install -ConfigMgrAutoSave.ini
CAS
Primary site
[Identification]
Action=InstallCAS
[Options]
ProductID=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
SiteCode=<Site Code>
SiteName=<Site Name>
SMSInstallDir=<ConfigMgr install folder path>
SDKServer=<FQDN for SDKServer>
PrerequisiteComp=1
PrerequisitePath=<Prereqs folder path>
MobileDeviceLanguage=0
AdminConsole=1 (0 is you don’t want to install the console)
[Identification]
Action=InstallPrimarySite
[Options]
ProductID=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
SiteCode=<Site Code>
SiteName=<Site Name>
SMSInstallDir=<ConfigMgr install folder path>
SDKServer=<FQDN for SDKServer>
RoleCommunicationProtocol=HTTPorHTTPS
ClientsUsePKICertificate=0
PrerequisiteComp=0
PrerequisitePath=<Prereqs folder path>
MobileDeviceLanguage=0
ManagementPoint=<FQDN MP server>
ManagementPointProtocol=HTTP
DistributionPoint=<FQDN DP server>
DistributionPointProtocol=HTTP
DistributionPointInstallIIS=0
AdminConsole=1 (0 is you don’t want to install the console)
[SQLConfigOptions]
SQLServerName=<FQDN of the SQL Server machine>
DatabaseName=<SQLServerName\InstanceName> (leave
blank for the default instance)
SQLSSBPort=4022
[HierarchyExpansionOption]
[SQLConfigOptions]
SQLServerName=<FQDN SQL server machine>
DatabaseName=<SQLServerName\InstanceName> (leave blank for
the default instance)
SQLSSBPort=4022
[HierarchyExpansionOption]
CCARSiteServer=<FQDN CAS server> (This line is only to install a
child site, it’s no needed for a PS server)
98
Microsoft Confidential
Lesson Review
What is the option within unattended setup
“ConfigMgrAutoSave.ini” file to install Admin console
together with CAS or Primary Site installation?
What’s the name of the script created by setup?
99
Microsoft Confidential
Lesson summary
In this Lesson, you learned:
How to deploy a Central Administration Site
How to deploy a Primary child site
How to deploy a Secondary site
How to install site system roles
How to install the Administration Console
How to perform an unattended site installation
100
Microsoft Confidential