Hi,
Before I get started I wish this LAB helpful to practice and get familiar with System Center Configuration Manager 2007 SP1, this wiki is (Step By Step Guide Install and Configure ConfigMgr 2007)
This lab is based on (Virtual Machine) I'm using VMware Workstation 6.5.1
I assume you have first installed on you Virtual Machine:
1. Windows Server 2003 R2 Standard
ConfigMgr 2007 requires a few things to be prepared and configured before installing the product.
We will be using CMSRV Server to complete this task:
WebDAV extensions must be enabled:
Extend the Active Directory schema by running the ExtADSch.exe file located in the SMSSETUP\BIN\I386 folder on the Configuration Manager 2007 installation media to add the new classes and attributes to the Active Directory schema
Active Directory Schema done... but we need to verify that the schema extension was successful by reviewing the extadsch.log located in the root of the system drive C:\
Now we need to set security permissions on the System container we will use the Computer Account for the permissions to successfully enable Configuration Manager Clients to query Active Directory Domain Services to locate site resources
Go to Active Directory users and computers and make sure that Advanced Features selected
We will be using CMSRV Server to complete this task:
After click on SPLASH.HTA the menu appears click on Run the prerequisite checker, we'll do this to see if our windows needs any additional fix the warnings/errors prior to installing ConfigMgr 2007 SP1
Enter your server name as below. (CMSRV)
This gave us prerequisites which needed looking at, the AD Schema extensions before start the installation. (We extend Schema but this example)
Once you completed the check without any Error or Warning click on Begin Install. You can double check in the log file ConfigMgrPrereq.log in drive C:\
Welcome screen
Because thisis the first site server choose the first option, Install a Configuration Manager Site Server
Accept the license [:D]
The type of installation we want to see all the options, choose Custom
Site Type, this is will be our (Primary Site)
Decide if you want to participate in CEIP
Product Key will be there
Where to install it you can change the directory
Site settinsg, in the Site Code in the lab JED and the friendly site name Head Office
Site Mode, we will choose Mixed Mode the Native Mode needs a certificate installed
Asem Alhourani: You need to have a PKI in the environment
Client Agent Selection specify default
Database server details
Specify your SMS provider settings
Specify the ConfigMgr Management Point FQDN CMSRV.EKTIFAN.LOC to avoid any mistake copy and paste from the computer properties by default will be there
Port setting I'll use the default port 80
Check the update perquisites components; you need to specify from where to download this update from the Internet or if you have these update 89 files download. In my lab I'll go with second options
We need to create a local folder to store these updates. In lab folder name (prereq)
Updates will be downloaded if we chose to download check the update from the internet
Once it's done review the setting summary and click Next
Start the prerequisite check (final) as everything is ok will check the log file ConfigMgrPrereq.log.
You can click on Begin Install
We will see the installation started it will take long time
Once the installation begin you can monitoring the process of the installation from the log file ConfigMgrSetup.log in the drive C:\
After a long wait you will see Setup has finished the installing click Next
The completing setup wizard you can click on Launch the ConfigMgr Console after closing or click Finish to Finish the installation [;)]
Configuration Manager 2007 SP1 is now installed; we need to launch the console
Go to Start > All Programs > Microsoft System Center > Configuration Manager 2007 > ConfigMgr Console
From the Configuration Manager Console we can see all the nodes we can check the setup status from the log file ConfigMgrSetup.log and form the ConfigMgr Console
From the console go to System Status> Site Status you can check Component Status and Site System Status witch installed
We will be using DCSRV Server to complete this task:
Now we need to back to the Active Directory Server to check if the System Management Container created or not. Inside the System Management we can see SMS Management Point and SMS Site
Our preparation and installation are completed. And I think we're in a good shape.
This is (Part 1) we've completed:
Adding Authoring rules in WebDav and changing WebDav settings
Part !!
This guide assumes you've installed ConfigMgr 2007 SP1 (Part 1)
In this part we will cover:
New Site Boundary will appear it contains description, site code, type of boundary as we can see we've 4 types you can choose:
I'm going to chose Active Directory Site and click on browse to select site name and click Ok
Note: by default the Active Directory called (Default-First-Site-Name) you can change that in my lab AD site name Ektifan
Choose the type of network connection Fast (LAN) and click Ok
We have configured the Site Boundary and you can see we've the boundary listed in the console
To do so go to the Site Settings > Site Systems right click on the server and select New Roles
When you select the New Roles a wizard will start this will take us into another list of sequences to configure each role individually accept the defaults and click next
We'll select all the roles will run on the server:
First sequence installs the Server Locator Point (SLP) use the site database and click next
Next up is the Reporting Point (RP) leaves the default and click next
Software Update Point (SUP) I would like to talk a little about (SUP) a required component of software updates on primary sites, the software update point site system role must be created on a server that has Windows Server Update Services (WSUS) 3.0 SP1 installed. The software update point interacts with the WSUS services to configure update settings.
Because we only installed the WSUS 3.0 SP1 the SUP Role will allow you to do that how so:
Proxy Settings, settings you may need to specify proxy server settings if you need to in order to get out to the Internet, click next
Put a checkmark in Use this server as the active software update point, and click next
Then leave the Sync source settings as default and click next
Then accept the Sync Schedule as defaults and click next
The Update Classifications allows you to choose what classes of updates you want to download choose the following Critical Updates, Definition Updates, Security Updates, Service Packs, Update Rollups, and Updates, and then click next
The Products you want to downloads updates for, choose (Office, SQL, Windows Server 2003 and Windows XP) and click next
The Languages to download the updates I am going to specify only English and click next
Now we are at the Summary page and you can review the settings and go back if you need to make any changes, and then click next
The install process begin
We are done...with Server Roles of the configuration click close
Now you can see the new roles are listed in the console. Go to the Site Settings > Site Systems
Lest go back to Active Directory server to check the System Management container to see what we have new added to the container?
You can notice we've Server Locater Point (SLP) because we added the (SLP) role
Now we need to check the log file to see our installation status, got to C:\program files\Microsoft Configuration Manager\logs
Server Locator Point (SLP) Log
Reporting Point (RP) Log
Software Update Point (SUP) Log
Now we need to configure:
Double click on ConfigMgr Distribution Point (DP) and click Allow clients to transfer content from this distribution point using BITS
Double click on Configmgr Management Point (MP) click Allow devices to use this management point and click Ok
Now we need to Configure Client Agents:
We will configure:
Double click the Hardware Inventory Client Agents
Click Enable hardware inventory on client, set the inventory schedule to 1 Day. And click Ok
Software Inventory agent, verify the schedule is set to 7 Days
Click on the inventory collection tab, click on File types and delete the default scan listed
Click on the yellow star and add files of type *.exe then click on Set beside location, select
Variable or Path name and enter %ProgramFiles%\ as the program path location so that it only scans that area for EXE files,
Remove the tick from the windows directory and then click Ok
Then click Ok
Double click on Advertised Programs Client Agent
Under the General tab, enable software distribution to clients, select New Program notification icon opens Add or Remove Programs. And click Ok
We will configure the Computer Client Agent Properties
We'll specify the Network Access Account, click on Set enter an account (ektifan\smsadmin) to be used by ConfigMgr client computers to communicate with network resources and must be member of Domain Admin, domain\user
You can also modify the client polling time for policy updates in this window, the default is 60 minutes the max is 1440 minutes. Click Ok
On Customize tab the message that is displayed to the users when they are notified of a new advertisement. You can change the message in our lab I'll choose the default and click Ok
Remote Tools Client Agent enable the remote tools client agent and to configure settings for access, security, notification and remote assistance
Click on Users cannot change Policy or Notification settings in the Remote Control Panel
Security Permitted viewers Windows user names and user group names that may remotely access client computers add permitted viewers (blank by default)
Click on yellow star to specify user (smsadmin) and click Ok and Ok
Software Update Client Agent click enable software update on clients scan schedule 7 Days click Ok
Client Installation Methods to push ConfigMgr client software to discovered computer or resources
Note:
If clients are running the Windows Firewall, this can prevent client push installation from succeeding until a Firewall disabled. To do so using Group Policy
Go to Run, type > gpedit.msc
Go to the Site Management > Site Name > Site Settings > Client installation methods and double click on Client Push Installation.
Enable Client Push Installation to assigned resources, warning note appear click Ok,
We need to select the system types that ConfigMgr will push the client software
On the Accounts tab, we need to specify account for ConfigMgr to use when connecting to the computer to install the client software Click on Yellow Star to specify user (ektifan\smsadmin) Pass, click Ok
Note:
The account specified must have administrative rights on the computer that will have the client software installed
Client tab, we need to specify SMS cache size on the client to something like 8GB
SMSSITECODE=JED SMSCACHESIZE=8000 and click Ok
Configure Discovery methods to set discovery type, discovery schedule, and other elements, such as Active Directory containers; we need to configure the discovery method to do so:
Go to the Site Management > Site Name > Site Settings > Discovery Methods
Duple click on Active Directory System Group Discovery and click on Enable, and click on the Yellow star to add an Active Directory Container where the ConfigMgr will search for these computers
Active Directory Containers window comes up, select Local Domain and click Ok
Select New Container window comes up, you can chose the Active Directory or by OUs
In my lab I will select AD and click ok
OUs example
OUs
In my lab, I will select AD and click Ok
In the Polling Schedule tab, click on Run discovery as soon as possible and click Ok
We need to do the same configuration to
•1. Active Directory System Group Discovery
•2. Active Directory Security Group Discovery
•3. Active Directory System Discovery
•4. Active Directory User Discovery
Heartbeat Discovery is how often clients send an updated data discovery record (DDR) to the Management Point.
By default, it is enable with a standard Configuration Manager Site installation. We need to configure only the schedule for my lab I will change to 1 Hours
We need to check in the clients PC if the Configuration Manager Client installed or not, to do so;
Go to Control Panel, Okay... we can see 4 new icons listed in the control panel
Duple click on Configuration Manager in General tab we can see the system properties such as;
Active Directory Site Name, ConfigMgr Site Code, IP, domain
Components tab
Actions tab
Advanced tab
We need to go back to the ConfigMgr Server to check the client's status to do so:
Go to the Site Database > Computer Management > Collections
Before I get started I wish this LAB helpful to practice and get familiar with System Center Configuration Manager 2007 SP1, this wiki is (Step By Step Guide Install and Configure ConfigMgr 2007)
This lab is based on (Virtual Machine) I'm using VMware Workstation 6.5.1
I assume you have first installed on you Virtual Machine:
1. Windows Server 2003 R2 Standard
- 2. System Center Configuration Manager 2007 SP1
- 3. SQL 2005 with Service Pack 2
- Note" SQL Server 2005, Service Pack 2 is the only version of SQL Server supported for hosting the Configuration Manager 2007 site database.
- 4. WSUS3.0 SP1
- 5. 4 Windows XP SP2 Clients
- Computer name: DCSRV
- Domain: ektifan.loc
- IP address: 192.168.2.20
- Subnet mask: 255.255.255.0
- Default Gateway: 192.168.2.2
- Computer name: CMSRV
- IP address: 192.168.2.21
- Subnet mask: 255.255.255.0
- Default Gateway: 192.168.2.2
- SQL 2005 SP3
- WSUS3.0 SP1
- 1. XP-WST1 192.168.2.22
- 2. XP-WST2 192.168.2.23
- 3. XP-WST3 192.168.2.24
- 4. XP-WST4 192.168.2.25 Note" This PC Physical will be use for OS deployment
ConfigMgr 2007 requires a few things to be prepared and configured before installing the product.
We will be using CMSRV Server to complete this task:
- IIS 6.0, with BITS 2.0
- a. Go to Control Panel
- 1. Add or Remove Programs
- 2. Add/Remove Windows Components
- 3. Application Server click on Details
- 4. Select Internet Information Services (IIS), ASP.NET and click on Details
- 5. Select Background Intelligent Transfer Services (BITS) Server Extensions
- 6. Click Ok 2 times and click on Next then Finish
WebDAV extensions must be enabled:
- a. Go to Administrative Tools> Internet Information Services (IIS) Manager
- 1. Expand the (local computer)
- 2. Click on Web Services Extensions
- 3. Click on WebDAV
- 4. Click on Allow
- Extend the Active Directory schema
Extend the Active Directory schema by running the ExtADSch.exe file located in the SMSSETUP\BIN\I386 folder on the Configuration Manager 2007 installation media to add the new classes and attributes to the Active Directory schema
- Note" extending the schema is an irreversible action
Active Directory Schema done... but we need to verify that the schema extension was successful by reviewing the extadsch.log located in the root of the system drive C:\
Now we need to set security permissions on the System container we will use the Computer Account for the permissions to successfully enable Configuration Manager Clients to query Active Directory Domain Services to locate site resources
Go to Active Directory users and computers and make sure that Advanced Features selected
- 1. Select System > Right-Click Properties
- 2. Click on Security
- 3. Click on Advanced
- 4. Click on Add
- 5. Click Object Types
- 6. Click on Computers click Ok
- Select the ConfigMgr Server name and click on Ok. in my lab (CMSRV)
- Select the computer and click on Add
- On Object select Apply onto and select This object and all child objects click Full Control
Now we completed the prerequisites preparation before start the party
Asem
Alhourani: I would like to add here that the above procedure is a must
when you want the Setup Program to create the ‘Systems Management’
container.
If
you want to create the container manually make sure to install the
ADMTedit.msc; However I prefer the method introduced above by
Mazen.
Install and Configure ConfigMgr 2007 SP1 Step By Step
We will be using CMSRV Server to complete this task:
After click on SPLASH.HTA the menu appears click on Run the prerequisite checker, we'll do this to see if our windows needs any additional fix the warnings/errors prior to installing ConfigMgr 2007 SP1
Enter your server name as below. (CMSRV)
This gave us prerequisites which needed looking at, the AD Schema extensions before start the installation. (We extend Schema but this example)
Asem
Alhourani: A note here: extending the Active Directory Schema is not a
must hence it only returned a warning, and if you notice a warning still
allows you to begin the installation.
Once you completed the check without any Error or Warning click on Begin Install. You can double check in the log file ConfigMgrPrereq.log in drive C:\
Welcome screen
Because thisis the first site server choose the first option, Install a Configuration Manager Site Server
Accept the license [:D]
The type of installation we want to see all the options, choose Custom
Site Type, this is will be our (Primary Site)
Decide if you want to participate in CEIP
Product Key will be there
Where to install it you can change the directory
Asem
Alhourani: I prefer to install it in a different drive than the drive
holds the OS, however its acceptable as this is a
lab.
Site settinsg, in the Site Code in the lab JED and the friendly site name Head Office
Site Mode, we will choose Mixed Mode the Native Mode needs a certificate installed
Asem Alhourani: You need to have a PKI in the environment
Client Agent Selection specify default
Database server details
Specify your SMS provider settings
Specify the ConfigMgr Management Point FQDN CMSRV.EKTIFAN.LOC to avoid any mistake copy and paste from the computer properties by default will be there
Port setting I'll use the default port 80
Check the update perquisites components; you need to specify from where to download this update from the Internet or if you have these update 89 files download. In my lab I'll go with second options
We need to create a local folder to store these updates. In lab folder name (prereq)
Updates will be downloaded if we chose to download check the update from the internet
Once it's done review the setting summary and click Next
Start the prerequisite check (final) as everything is ok will check the log file ConfigMgrPrereq.log.
You can click on Begin Install
We will see the installation started it will take long time
Once the installation begin you can monitoring the process of the installation from the log file ConfigMgrSetup.log in the drive C:\
After a long wait you will see Setup has finished the installing click Next
The completing setup wizard you can click on Launch the ConfigMgr Console after closing or click Finish to Finish the installation [;)]
Configuration Manager 2007 SP1 is now installed; we need to launch the console
Go to Start > All Programs > Microsoft System Center > Configuration Manager 2007 > ConfigMgr Console
From the Configuration Manager Console we can see all the nodes we can check the setup status from the log file ConfigMgrSetup.log and form the ConfigMgr Console
From the console go to System Status> Site Status you can check Component Status and Site System Status witch installed
We will be using DCSRV Server to complete this task:
Now we need to back to the Active Directory Server to check if the System Management Container created or not. Inside the System Management we can see SMS Management Point and SMS Site
Our preparation and installation are completed. And I think we're in a good shape.
This is (Part 1) we've completed:
Adding Authoring rules in WebDav and changing WebDav settings
- Extending the Active Directory Schema
- Making sure the System Management container in Active Directory has the correct permissions for CMSRV
- Checking and fixing errors in CMSRV System Status from Log
- Installed ConfigMgr2007 SP1
Part !!
Step By Step Guide Install and Configure ConfigMgr 2007 Part 2
This guide assumes you've installed ConfigMgr 2007 SP1 (Part 1)
In this part we will cover:
- Configure Boundaries
- Configure Site Server Components
- Configure Client Agent Components
Configure Boundaries
We will start with the most important setting to configure first setting the (Site Boundaries) to do so, go to ConfigMgr Console > Expand the Site Management > Site Setting > Boundaries node, right click the node and select New Boundary
New Site Boundary will appear it contains description, site code, type of boundary as we can see we've 4 types you can choose:
- 1. IP subnet
- 2. Active Directory Site
- 3. IPv6 Prefix
- 4. IP Address
I'm going to chose Active Directory Site and click on browse to select site name and click Ok
Note: by default the Active Directory called (Default-First-Site-Name) you can change that in my lab AD site name Ektifan
Choose the type of network connection Fast (LAN) and click Ok
We have configured the Site Boundary and you can see we've the boundary listed in the console
Configure Site Server Components
Now we'll move to setting and configure the Site System Roles. To do so go to the Site Settings > Site Systems right click on the server and select New Roles
When you select the New Roles a wizard will start this will take us into another list of sequences to configure each role individually accept the defaults and click next
We'll select all the roles will run on the server:
- Server Locator Point (SLP)
- Reporting Point (RP)
- Software Update Point (SUP)
First sequence installs the Server Locator Point (SLP) use the site database and click next
Next up is the Reporting Point (RP) leaves the default and click next
Software Update Point (SUP) I would like to talk a little about (SUP) a required component of software updates on primary sites, the software update point site system role must be created on a server that has Windows Server Update Services (WSUS) 3.0 SP1 installed. The software update point interacts with the WSUS services to configure update settings.
Because we only installed the WSUS 3.0 SP1 the SUP Role will allow you to do that how so:
Proxy Settings, settings you may need to specify proxy server settings if you need to in order to get out to the Internet, click next
Put a checkmark in Use this server as the active software update point, and click next
Then leave the Sync source settings as default and click next
Then accept the Sync Schedule as defaults and click next
The Update Classifications allows you to choose what classes of updates you want to download choose the following Critical Updates, Definition Updates, Security Updates, Service Packs, Update Rollups, and Updates, and then click next
The Products you want to downloads updates for, choose (Office, SQL, Windows Server 2003 and Windows XP) and click next
The Languages to download the updates I am going to specify only English and click next
Now we are at the Summary page and you can review the settings and go back if you need to make any changes, and then click next
The install process begin
We are done...with Server Roles of the configuration click close
Now you can see the new roles are listed in the console. Go to the Site Settings > Site Systems
Lest go back to Active Directory server to check the System Management container to see what we have new added to the container?
You can notice we've Server Locater Point (SLP) because we added the (SLP) role
Now we need to check the log file to see our installation status, got to C:\program files\Microsoft Configuration Manager\logs
Server Locator Point (SLP) Log
Reporting Point (RP) Log
Software Update Point (SUP) Log
Now we need to configure:
- Distribution Point (DP)
- Management Point (MP)
Double click on ConfigMgr Distribution Point (DP) and click Allow clients to transfer content from this distribution point using BITS
Double click on Configmgr Management Point (MP) click Allow devices to use this management point and click Ok
Now we need to Configure Client Agents:
We will configure:
- Hardware Inventory
- Software Inventory
- Advertised Programs
- Computer Client
- Remote Tools
- Software Update Client Agent
Double click the Hardware Inventory Client Agents
Click Enable hardware inventory on client, set the inventory schedule to 1 Day. And click Ok
Software Inventory agent, verify the schedule is set to 7 Days
Click on the inventory collection tab, click on File types and delete the default scan listed
Click on the yellow star and add files of type *.exe then click on Set beside location, select
Variable or Path name and enter %ProgramFiles%\ as the program path location so that it only scans that area for EXE files,
Remove the tick from the windows directory and then click Ok
Then click Ok
Double click on Advertised Programs Client Agent
Under the General tab, enable software distribution to clients, select New Program notification icon opens Add or Remove Programs. And click Ok
We will configure the Computer Client Agent Properties
We'll specify the Network Access Account, click on Set enter an account (ektifan\smsadmin) to be used by ConfigMgr client computers to communicate with network resources and must be member of Domain Admin, domain\user
You can also modify the client polling time for policy updates in this window, the default is 60 minutes the max is 1440 minutes. Click Ok
On Customize tab the message that is displayed to the users when they are notified of a new advertisement. You can change the message in our lab I'll choose the default and click Ok
Remote Tools Client Agent enable the remote tools client agent and to configure settings for access, security, notification and remote assistance
Click on Users cannot change Policy or Notification settings in the Remote Control Panel
- Specifies the level of access sessions running on Windows 2000 client computers Full control
- Specifies the level of access sessions running on Windows XP or later client computers View Only and click Ok
Security Permitted viewers Windows user names and user group names that may remotely access client computers add permitted viewers (blank by default)
Click on yellow star to specify user (smsadmin) and click Ok and Ok
Software Update Client Agent click enable software update on clients scan schedule 7 Days click Ok
Client Installation Methods to push ConfigMgr client software to discovered computer or resources
Note:
If clients are running the Windows Firewall, this can prevent client push installation from succeeding until a Firewall disabled. To do so using Group Policy
Go to Run, type > gpedit.msc
Go to the Site Management > Site Name > Site Settings > Client installation methods and double click on Client Push Installation.
Enable Client Push Installation to assigned resources, warning note appear click Ok,
We need to select the system types that ConfigMgr will push the client software
On the Accounts tab, we need to specify account for ConfigMgr to use when connecting to the computer to install the client software Click on Yellow Star to specify user (ektifan\smsadmin) Pass, click Ok
Note:
The account specified must have administrative rights on the computer that will have the client software installed
Client tab, we need to specify SMS cache size on the client to something like 8GB
SMSSITECODE=JED SMSCACHESIZE=8000 and click Ok
Configure Discovery methods to set discovery type, discovery schedule, and other elements, such as Active Directory containers; we need to configure the discovery method to do so:
Go to the Site Management > Site Name > Site Settings > Discovery Methods
Duple click on Active Directory System Group Discovery and click on Enable, and click on the Yellow star to add an Active Directory Container where the ConfigMgr will search for these computers
Active Directory Containers window comes up, select Local Domain and click Ok
Select New Container window comes up, you can chose the Active Directory or by OUs
In my lab I will select AD and click ok
OUs example
OUs
In my lab, I will select AD and click Ok
In the Polling Schedule tab, click on Run discovery as soon as possible and click Ok
We need to do the same configuration to
•1. Active Directory System Group Discovery
•2. Active Directory Security Group Discovery
•3. Active Directory System Discovery
•4. Active Directory User Discovery
Heartbeat Discovery is how often clients send an updated data discovery record (DDR) to the Management Point.
By default, it is enable with a standard Configuration Manager Site installation. We need to configure only the schedule for my lab I will change to 1 Hours
We need to check in the clients PC if the Configuration Manager Client installed or not, to do so;
Go to Control Panel, Okay... we can see 4 new icons listed in the control panel
- 1. Configuration Manger
- 2. Program Download Monitor
- 3. Remote Control
- 4. Run Advertised Programs
Duple click on Configuration Manager in General tab we can see the system properties such as;
Active Directory Site Name, ConfigMgr Site Code, IP, domain
Components tab
Actions tab
Advanced tab
We need to go back to the ConfigMgr Server to check the client's status to do so:
Go to the Site Database > Computer Management > Collections
No comments:
Post a Comment