Tag Archives: Guide

System Center 2012 Configuration Manager R2 (SCCM 2012 R2) Standalone Deployment

Recently, I had to install System Center 2012 Configuration Manager R2.  I have had no prior experience using this product up to this point, so I thought I would document my notes and findings while giving the installation a whirl.

Prerequisites

  • Domain Controller
    • DNS Role (could be on a seperate machine)
    • DHCP Role (could be on a seperate machine)
  • Server 2012 R2 instance for SCCM
    • Should be joined to the domain
    • 200GB HDD
      • 40-50GB for OS
      • 150GB for SCCM
  • Windows 7 Client for Testing
    • Should be joined to the domain

If you wish to use a different Operating System version for your server or client, you can find a list of supported configurations from the following technet article: http://technet.microsoft.com/en-us/library/gg682077.aspx

Here are my tutorials on deploying System Center 2012 R2 Configuration Manager Standalone

  1. Deploying System Center 2012 R2 Configuration Manager
  2. Adding a Software Update Point
  3. Discovery Methods and Boundaries
  4. Client Web Service Point and Deploying the SCCM Agent
  5. Deploying Endpoint Protection

Tutorial

  1. Manually create the System Management Container in Active Directory Domain Services
    1. From the following technet article: http://technet.microsoft.com/en-us/library/bb632591.aspx
      Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services.

      1. Log on to one of your domain controllers
      2. From Server Manager, select Tools -> ADSI Edit
        Server Manager - ADSI Edit
      3. Right click ADSI Edit and select Connect to...
        ADSI Edit - Connect To
      4. Ensure the Connection Point is set as Default naming Context and click OK
        ADSI Edit - Connection Settings - Default naming context
      5. Expand Default naming context <FQDN>, expand <distinguished name>, right-click CN=System, click New, and then click Object
        ADSI Edit - System - New - Object
      6. In the Create Object dialog box, select Container, and then click Next
        ADSI Edit - Create Object - Container
      7. In the Value box, type System Management, and then click Next
        ADSI Edit - Create Object - System Management
      8. Click Finish
        ADSI Edit - Create Object - Finish
  2. Add Permission to the System Management Container
    1. From the following technet article: http://technet.microsoft.com/en-us/library/bb633169.aspx
      After you have created the System Management container in Active Directory Domain Services, you must grant the site server's computer account the permissions that are required to publish site information to the container.

      1. On your domain controller navigate to Server Manager -> Tools -> Active Directory Users and Computers
        Server Manager - Active Directory Users and Computers
      2. Click View and select Advanced Features
        Active Directory Users and Computers - View - Advanced Features
      3. Expand your site, System, System Management and select Properties
        Active Directory Users and Computers - System - System Management - Properties
      4. On the System Management Properties dialog box select the Security Tab
        System Management Properties - General Tab
      5. Click Add.. on the Security Tab
        System Management Properties - Security Tab - Add
      6. Click the Object Types... button, check Computers, and click OK
        Select Active Directory Object - Object Types
      7. Type in the computer's name and click OK
        Select Active Directory Object - SCCM
      8. Check Full Control on the Security Permissions for your SCCM machine
        System Management Properties - Security Tab - Full Control - SCCM
      9. Click the Advanced button, select the computer account, and click Edit
        Advanced Security Settings for System Management - SCCM
      10. Select This object and all descendant objects in the Applies to section and click OK
        Permission Entry for System Management - Advanced - SCCM
  3. Create Service Accounts for System Center in Active Directory
    1. SCCMDJ
      1. This service account is actually defined as the Task Sequence Editor Domain Joining Account.  The account is used in a task sequence to join a newly imaged computer to a domain. This account is required if you add the step Join Domain or Workgroup to a task sequence, and then select Join a domain. This account can also be configured if you add the step Apply Network Settings to a task sequence, but it is not required.
    2. SCCMCP
      1. The Client Push Installation Account is used to connect to computers and install the Configuration Manager client software if you deploy clients by using client push installation. If this account is not specified, the site server account is used to try to install the client software.  This account will need to be a local administrator on the machine we want to push software to.
    3. SCCMNA
      1. The Network Access Account is used by client computers when they cannot use their local computer account to access content on distribution points. For example, this applies to workgroup clients and computers from untrusted domains. This account might also be used during operating system deployment when the computer installing the operating system does not yet have a computer account on the domain.
    4. SCCMRA
      1. The Reporting Services Point Account is used by SQL Server Reporting Services to retrieve the data for Configuration Manager reports from the site database. The Windows user account and password that you specify are encrypted and stored in the SQL Server Reporting Services database.
    5. NOTE: There are other service accounts that can be created for SCCM other than these as well.  You can see a full listing from the following technet article (additional note, descriptions for the service accounts above were copied from this same article): http://technet.microsoft.com/en-us/library/hh427337
  4. Download a copy of Microsoft System Center 2012 R2 Configuration Manager and Endpoint Protection from the Volume Licensing Center or the Technet Evaluation Center
    1. This is called System Center 2012 R2 Config Mgr Client Mgmt License in the Volume Licensing Center
    2. The evaluation copy can be found here: http://technet.microsoft.com/en-us/evalcenter/dn205297.aspx
    3. NOTE: In this tutorial, I will be using the ISO distributed from the volume licensing center
  5. Extend the Active Directory schema for Configuration Manager
    1. Mount/extract the System Center 2012 R2 Configuration Manager media to your SCCM machine
    2. Navigate to D:\SMSSETUP\BIN\X64 (or where ever your installation media is).  Right click on a file called extadsch.exe and right click, Run as Administrator
      extadsch_exe - Run as administrator
    3. You will notice a black command prompt popup and then dissappear.  Once it has dissappeared, open the following text document: c:\ExtADSch.txt
      ExtADSch - Extended Schema Results
    4. Verify the schema has been successfully extended
      ExtADSch - Successfully extended the Active Directory Schema
  6. Install Pre-requisits to System Center Configuration Manager 2012 R2
    1. Execute the following powershell command
      1. Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat -Restart
        Add-WindowsFeature - SCCM Prerequisites
    2. Execute the following command
      1. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -r
        aspnet_regiis_exe - PowerShell
      2. NOTE: Apparently there was/is? a bug in the .NET framework which causes an error later on.  Although optional, I would run this just be sure the .NET framework works properly with two different versions installed.  You can read more about this command here: http://msdn.microsoft.com/en-US/library/k6h9cz8h(v=vs.80).ASPX
    3. Install Windows Server Update Services
      1. Execute the following commands (ensure you change the values to where you want the WSUS definitions and SQL server locations reside)
        1. Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementToolsInstall-WindowsFeature -Name UpdateServices_UpdateServices-DB -IncludeManagementTools
        2. cd "c:\Program Files\Update Services\Tools"
        3. ./wsusutil.exe postinstall CONTENT_DIR=E:\WSUS sql_instance_name=SQLSERVERNAME
          wsusutil postinstall content_dir sql_instance_name
    4. Install User State Migration Tool (USMT)
      1. Download a copy of the User State Migration Tool (USMT) from Microsoft's website: http://go.microsoft.com/fwlink/?LinkId=301570
      2. Right click and run adksetup.exe as an administrator (Click Yes if prompted by UAC)
        adksetup_exe - Run as administrator
      3. Click Next on the Specify Location screen
        Windows Assessment and Deployment Kit for Windows 8_1 - Specify Location
      4. Click Next on the Join the Customer Experience Imporovement Program (CEIP) screen
        Windows Assessment and Deployment Kit for Windows 8_1 - Join the Customer Experience Improvement Program (CEIP)
      5. Click Accept on the License Agreenment screen
        Windows Assessment and Deployment Kit for Windows 8_1 - License Agreement
      6. Check Deployment Tools, Windows Preinstallation Environment (Windows PE), and User State Migration Tool (USMT), and then click Install
        Windows Assessment and Deployment Kit for Windows 8_1 - Select the features you want to install - Deployemnt Tools - Windows PE - USMT
      7. Click Close on the Welcome to Windows Assessment and Deployment Kit for Windows 8.1
        Windows Assessment and Deployment Kit for Windows 8_1 - Welcome to the Windows Assessment and Deployment Kit for Windows 8_1
    5. Run Windows Updates to ensure you are fully patched
      Latest Windows Updates
  7. Install and Configure SQL Server
    1. Install SQL Server
      1. This step can vary on how you want to deploy SQL server.  In this particular environment, a SQL cluster had already been deployed in the organization, so I will take advantage of that.  However, in smaller environments, you can install the SQL Service on the same machine.  You can find a compatibility matrix and which versions of SQL Server can be installed: http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSQLDBconfig
    2. If you have a remote SQL server, make sure you add the SCCM computer account as a local administrator of the SQL server.  More information on how to do that can be found in this guide: http://jackstromberg.com/2014/06/sccm-2012-r2-site-server-computer-account-administrative-rights-failed/
  8. Install System Center 2012 Configuration Manager R2
    1. Navigate to your installation media and double click on splash.hta to launch the installer
      SCCMSCEP - splash_hta

      1. NOTE: If you are doing an offline install (no internet), run the setupdl.exe installer from your installation media (example: D:\SMSSETUP\BIN\X64\setupdl.exe)
    2. Click on Install (Click Yes if prompted by UAC)
      System Center 2012 R2 Configuration manager Setup - Install
    3. Click Next >
      System Center 2012 R2 Configuration manager Setup - Before You Begin
    4. Ensure Install a Configuration Manager primary site is checked and click Next >
      System Center 2012 R2 Configuration manager Setup - Getting Started - Install a Configuration Manager primary site
    5. Enter your license key or hit Install the evaluation edition of this product and click Next >
      System Center 2012 R2 Configuration manager Setup - Install the licensed edition of this product
    6. Accept the license agreemt for the Microsoft Software License Terms
      System Center 2012 R2 Configuration manager Setup - Microsoft Software License Terms
    7. Accept the license agreements for SQL Server 2012 Express, SQL Server 2012 Native Client, and Silverlight, then click Next >
      System Center 2012 R2 Configuration manager Setup - Prerequisite Licenses
    8. Check Download required files and put them on your desktop
      1. This will grab the latest copy of SCCM.  If you need to do an offline installation, you can manually run the offline installer from your installation media (in my case: D:\SMSSETUP\BIN\X64\setupdl.exe).
        System Center 2012 R2 Configuration manager Setup - Prerequisite Downloads
    9. Select your language to run System Center server in and then click Next >
      System Center 2012 R2 Configuration manager Setup - Server Language Selection
    10. Select your languages to support on your client devices and click Next >
      System Center 2012 R2 Configuration manager Setup - Client Language Selection
    11. Set a site code (I would use an airport code if you only have one office in each office location), enter your site name, and then change the installation folder to use your second partition.  Once done, click Next >
      System Center 2012 R2 Configuration manager Setup - Site and Installation Settings
    12. Check Install the primary site as a stand-alone site and click Next >
      System Center 2012 R2 Configuration manager Setup - Primary Site Installation - Install the primary site as a stand-alone site
    13. Click Yes on the Configuration Manager dialog box that explains you can configure SCCM to be in a heirrachy to scale at a later time
      System Center 2012 R2 Configuration manager Setup - Primary Site Installation - Install the primary site as a stand-alone site - Dialog Confirm
    14. Enter in the SQL Server Name (FQDN) to your database server and click Next >
      1. If you installed the SQL Server service on this same machine, it should be the FQDN to your SCCM machine.  If you have a SQL Server you would like to point to, enter in the FQDN of that server.
        System Center 2012 R2 Configuration manager Setup - Database Information
    15. Click Next > on the Database Information screen
      System Center 2012 R2 Configuration manager Setup - Database Information
    16. Click Next > on the SMS Provider Settings
      System Center 2012 R2 Configuration manager Setup - SMS Provider Settings
    17. Check Configure the communication method on each site system role and then click Next > if you do not have  PKI setup.  If you have a PKI implemented in your environment, you may go ahead and choose All site system roles accept only HTTPS communication from clients.
      System Center 2012 R2 Configuration manager Setup - Client Computer Communication Settings

      1. Click Yes to continue if you selected All site system roles accept only HTTPS communication from clients
        System Center 2012 R2 Configuration manager Setup - Client Computer Communication Settings - Confirmation Dialog
    18. Ensure Install a management point and Install a distribution point are checked and click Next >
      System Center 2012 R2 Configuration manager Setup - Site System Roles
    19. Click Next > on the Customer Experience Improvement Program
      System Center 2012 R2 Configuration manager Setup - Customer Experience Improvement Program
    20. Verify the settings you chose on the Settings Summary and then click Next >
      System Center 2012 R2 Configuration manager Setup - Settings Summary
    21. Click Begin Install on the Prerequisite Check once you have passed all of the potential issues.  In this case, I have a few that are false possitives, so I am going to go ahead with the install.
      System Center 2012 R2 Configuration manager Setup - Prerequisite Check
    22. Once done installing, hit Close
      System Center 2012 R2 Configuration manager Setup - Install Completed

Try opening up the System Center 2012 R2 Configuration manager console.  If it opens, congrats on your newly deployed System Center! 🙂

System Center 2012 R2 Configuration Manager - Overview

Lync 2010 - Deploying Monitoring Server Reports

I recently had the lovely experience of setting up the monitoring role for Lync 2010.  In doing so, I documented the steps I took to successfully deploy the Monitoring Server Reports Services.

Before beginning, here are a few notes:

  • Ensure you are using Microsoft SQL Server 2008 x64 Standard or greater (if you need to upgrade, see the following tutorial: SQL Server 2008 R2 – Updating a msSQL instance/server)
  • You have deployed Lync 2010 Standard or Enterprise
    • Both versions allow you to add this service

Alright, so lets begin!

  1. Our first step is to install the "Reporting Services" feature for SQL Server 2008
  2. Open up the Reporting Services Configuration Manager
  3. Enter the SQL Server Reporrting Services instance you want to connect to
  4. Click Web Service URL
  5. Enter the virtual directory name, port, and configure your SSL certificate
  6. Click Apply
    1. Note: If you had IIS on this box, you will need to choose different port numbers
  7. Open up Microsoft SQL Server Management Studio
  8. Login to your SQL server and create a new service account for your SQL server
    1. Make a sysadmin for the time being
  9. Head back over to the Reporting Services Configuration Manager
  10. Setup the Database Name and select the language.
  11. Leave Native Mode selected and click Next.
  12. Enter the same credentials on the Credentials step and click Next
  13. Click Next on the Summary pane
  14. Click Finish
  15. Go back to your SQL Server and deprivilege your account
    1. Uncheck sysadmin and Set the default database to ReportServer
  16. Click on the Report manager URL in the reporting Services Configuration Manager
  17. Click Reports if you are happy with the /Reports directory
  18. Once you have clicked Apply, verify you can view the website by clicking on the link it shows (it should bring you to a site that kind of reminds you of an old version of sharepoint :P)
  19. Go to your Lync Front End server and run the Lync Server Topology Builder program (Start->All Programs->Microsoft Lync Server 2010->Lync Server Topology Builder)
  20. Upon login, check "Download Topology from existing deployment" and click OK
  21. Save the topology to your desktop when prompted (or anywhere else, doesn't really matter)
  22. Expand your Site, and click on the Monitoring Servers folder
  23. Right click on Monitoring Servers and select New Monitoring Server...
  24. Enter in the server to install the role on
  25. Enter the SQL server name/instance to use
  26. Finish the installation
  27. Head over to the server where you are going to install the Monitoring/Archieving role
  28. Open up the Lync Server 2010 - Deployment Wizard (run as administrator)
  29. Click on Install or Update Lync Server System
  30. Click on Setup or Remove Lync Server Componenets
  31. Let it install/configure all of its stuff
  32. Click on Run next to Server Status (Optional)
  33. Verify Lync Server Call Detail Recording and Lync Server QoE Monitoring Service services have been started (start them if they aren't running)
  34. Go back to the Lync Server 2010 deployment wizard homepage and click on Deploy Monitoring Server Reports
  35. The server information should already be prefilled in. Click Next
  36. Enter in the SQL credentials needed to connect in
    1. For this step, I would recommend creating the account yourself (A good tutorial I came across on doing this can be found here, but I have summarized the steps below):
      1. Head over to Active Directory and create a new user
      2. Head over to the SQL Server
      3. Right click on Security->Logins and click New Login...
      4. Enter in your AD account you just created
      5. Click on User Mapping
        1. Check both the LcsCDR and QoEMetrics databases
      6. Click OK
        1. Do the following for both the LcsCDR and QoEMetrics databases
          1. Expand the database, expand Security, export Users
          2. Right click on the user you mapped to the database and click Properties
          3. Check ReportsReadOnlyRole and click OK
  37. Enter in the User Group you want access to run reports.
    1. This group is a list of users who have access to actually run the reports/will point and click on reports.
  38. Click Next, you should notice the following info when it starts configuring, that is normal:
    1. The following URL will be used for deployment: https://myserver.mydomain:443/ReportServer SQL Server logon credentials for "mydomain\myuser" already exist. Use the existing logon credentials. "[QoEMetrics]" role "[ReportsReadOnlyRole]" has already assigned to "mydomain\myuser". "[LcsCDR]" role "[ReportsReadOnlyRole]" has already assigned to "mydomain\myuser".
  39. Click Finish (Assuming all went OK) 🙂
  40. Head over to your Lync admin panel (web GUI)
  41. Click on Monitoring and Archiving
  42. Select Global and click on Action and select Enable CDR
  43. You can change any other settings in here to your preference at this point.
  44. Head over to your reports page. https://yourdomain/ReportServer
  45. Click on LyncServerReports
  46. Click on Reports Home Page

If you see the Monitoring Server Reports page with the Lync 2010 logo in the top left corner, get up, celebrate, and pat yourself on the back! 🙂

Other thoughts: The first time I deployed this, I ran into a ton of errors.  I have documented many of these issues and other issues that you might run into during your deployment.  Hopefully you don't run into any, but if you do, hopefully they help you get up-and-going again.

Lync 2010 – Publishing the topology error: Missing Machine

SQL Server 2008 R2 – Reporting Services Configuration Manager – Create certificate binding failed – HRESULT: 0×80040238

SQL Server 2008 R2 – Reporting Services Configuration Manager – The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Lync 2010 – The feature: “Customizing security roles” is not supported in this edition of Reporting Services.

Lync 2010 – Cannot impersonate user for data source ‘CDRDB’. (rsErrorImpersonatingUser) error