System Center Configuration Manager 2012
Setup Share
3
System Center Configuration Manager (SCCM), Microsoft is a software used to manage
networks, servers and clients. Through this software, server and client management tools into a
corner and throwing a distributed and complex, with a single software can we minimize
management complexity.This article SCCM 2012 'We will see in detail how to perform the
installation and how to prepare the installation.
Login
SCCM 2007 SCCM 2012 is the successor of a product currently in beta phase. Although not yet
fully stable version therefore will establish a large proportion will give an idea about the final
shape of the product. Already beta-products should not be used for any real work environment
and just trial, should be used to değelendirme.
SCCM 2012 beta 2 was in the time of this article, I will perform the installation process on this
version.
Consider briefly why you would do this, use the SCCM. Numerous end of the unit (including
servers) and the business structure is a dispersed, especially if you have more than one location,
their patch management, software, inventory, reporting and versioning control of the structure,
install new operating systems, updating, and all the things beyond the automation and
standardization nu is very difficult to do.
SCCM installation of the operating system, patch management (WSUS role), the software install
/ remove / update, software inventory, hardware inventory, software usage reporting (software
metering) and great little tool that provides a lot of support from a large software. All System
Center System Center family of products as well as other products run as fully integrated.
Pre-installation
Pre-installation setup and configuration of the system and includes software components. Pre-
installation, installation is extremely important for a healthy. Beta 2 version of the system and
software requirements are as follows. Please read this section carefully.
Note: Microsoft may have made changes to these requirements. The above requirements at the
time of writing, a list of current needs.
Requirements: Hardware:
About the Memory and CPU (Speed / Capacity) now with no explanation yapılmamakla, primary
site database must be running on a server with 64 CPUs. At the same server that makes it easy to
use SQL Server kuracağınızıda think multicore CPUs.
Tavsyie I would use at least 4 GB of RAM. I performed a server with 8 GB of memory
kurulumumu.
Software:
- 64-bit operating system Windows Server 2008 or higher (R2 are supported).However,
Distribution Points, 32-bit operating system and Windows Server 2003, XP, and after
olabilir.Windows all clients, SCCM client may Although, as always the home versions (Vista
and Windows 7 starter for the home and included in distributions) supported.
The article I used as the operating system Windows Server 2008 R2 Enterprise Edition.
- Net Framework 3.5.1, Net Framework 4.0, IIS (InternetInformation Services): ASP, WebDAV,
BITS (Background Intelligent Transfer Services), WSUS (Windows Server Update Services)
Note: After installing the WSUS role under Roles, run the configuration wizard, configuration
necessarily has to be done by SCCM.
- 64-bit SQL Server 2008 with SP1 Cumulative Update 10 - This is especially important: SQL
2008 SP2 and SQL 2008 R2 is supported. However, SQL Compact Edition is available only for
secondary site'lar.As seen above, the only supported version for Beta2 2008 SP1 with CU 10
However social.technet.com 'cumulative update some people 13 Ile çalıştırabilmişler, this
configuration has not been tested by me.
- Case insensitive SQL Collation and must be necessarily 64-bit (in other words should not be
case-sensitive). SQL_Latin1_General_CP1_CI_AS like ...
* SQL server installation before making settings Türkçe Settings'indeki Regional / United States
as a set. Thus, the default collation will automatically be set to
SQL_Latin1_General_CP1_CI_AS. Control Panel-> Clock, Language and Region-> Region
and language through the relevant settings. To do this, you may receive the following two
reference shape.
Figure 1
The format for Turkce (United States) Select.
Figure 2
Change local system ... 'from the Current System Locale Türkçe (United States) Select.Keyboard
language Türkçe (United States) do not have to.
- Related products, trial versions of the links can be found below.
System Center Configuration Manager 2012
SQL Server 2008 Enterprise
SQL Server 2008 Service Pack 1 (the most recent version SP1'li higher than 10
installations CU version is coming together, the installation will fail, so it needs to be
done before the installation of SP1, then CU. For this reason, the SQL 2008 version here
sp1'li I did not link.)
SQL 2008 Cumulative Update (CU) 10
. NET Framework 3.5.1 and . Net Framework 4.0
Role and Feature'larının Windows installation:
Open Server Manager and click Roles'a. Click Add Here Roles'a and select the IIS Web
Manager.Role Services, select the components you see below.
Components that must be installed for IIS
Also
Security and management components
After the setup is complete, the Server Manager-> Features'dan Features, and click Add. Net
Framework 3.5.1 (or if you are using Windows Server 2008 may be 3.0) and Background
Intelligent Transfer Service (BITS), please mark boxes.
Certificates:
Site Server and Distribution Point (s) with the client communication takes place via the http
protocol. At this stage, either of traditional or non-secure http connection must use an encrypted
https connection. Of course, the recommended safe method to use https.
To set the https certificates in the certificate to a Microsoft server (CA server) is required. I
assume it exists. If you do not have this server for the installation , click here (Turkish link).
Must create and deliver the required certificate, the 3. These certificates;
ConfigMgr Site Server Signing Certificate (Web Server)
ConfigMgr Web Server Certificate (Web server and the other for all the Distribution
Point)
ConfigMgr Client Certificate (for clients)
In addition to a certificate by the C onfigMgr SQL Server Identification Certificate is
required. This created a self-signed certificate is a certificate installed SCCM.
ConfigMgr Site Server Signing Certificate, the Certificate of Establishment:
CA Server is installed on the server log and Administrative Tools'dan Open Certification
Authority.
Certificate Templates to right-click and click Manage'e. This will open a new window.
Offered by the Computer window, right-click the certificate template, click Duplicate
Template. This will open a small window.
General Tab you canConfigMgr Site Server Signing Certificate change the name of
the new templates.
Click the Requirements tab, and select the CA certificate manager approval issuance.
Subject Name tab, select Center and Supply in the request.
Click on the Tab Extensions, Application Policies and then click Edit. A small window
will open up more.
Client Authentication, Server Authentication, and remove the entries by clicking the
remove button.
Templates'e Certification Authority console, right click and go New-> Certificate
Template to Issue .. Select.
Ok'leyin created drop-down list, select the certificate template.
SCCM Please set up the server by opening Notepad and type the following:
[NewRequest]
Subject = "CN = The site code of this site server is ATA"
MachineKeySet = True
[RequestAttributes]
CertificateTemplate = ConfigMgrSiteServerSigningCertificate
Note: The server is ... of this site are briefly after I wrote the ATA. Here you enter the 3
digit code'unuzu site is made up of letters. During the installation you need to enter this
site Côde SCCM. So I'll be set when starting the site code as the ATA. 3 digit code that
you type is case-sensitive, and always with the same code should be setup to use the site
..
Sitesigning.inf save this file as.
C: \ also copy the inf file by creating a directory called sccm. The command line
"Administrator" sccm as a running change directories (cd c: \ sccm)
One by one, and he certreq-new sitesigning.inf sitesigning.req certreq-submit
sitesigning.req sitesigning.cer enter commands.
Figure 3
When you enter the second command, if the environment if you have more than one CA server,
opens a small window will ask you to make a choice. In this case, the certificate template you
created above, select the CA Server.
CA Server is installed, connect to the server and open the Certification Authority console.
Request Pending are briefly see a pending request. Here you can see the other requests.
Certreq-submit a request, id will be given to you when you enter the command
sitesigning.req sitesigning.cer. Locate and right-clicking on the request with ID of this
request, the All Tasks-> give the command issue. As can be seen above, my request is as
id'im 11 Issue here will be lost after the request.
certreq-retrieve 11 sitesigning.cer run. As explained above, here are 11 request id'dir
and you have this id will be different. This command allows you to receive the certificate.
certreq-accept sitesigning.certo activate it by entering the command at the certificate we
received. After this stage, no certificate will be installed on our server.
Figure 4
Figure 5
Creating ConfigMgr Web Server Certificate, the Certificate of
Open the Active Directory Users and Computers and create a group called the
ConfigMgr IIS Servers. If the Configuration Manager distribution point servers to this
group and Click OK, and then click OK again to close the group properties dialog box.
Open the Certification Authority console to connect to the CA server. Here, right-click
Certificate Templates'a, give the Manage command. This will open a separate window at
the Certificate Templates.
Web Server certificate template, give the command to find the right-click and Duplicate
Certificate.
ConfigMgr Web Server Certificate, enter the name of the certificate template.
Click the Subject Name tab, make sure that Build from this Active Directory
information is selected.Subject name format, select the appropriate one of the
following.:
Common name: This option SCCM'de Fully Qualified Domain Name (FQDN) if you
want to use (intranet and internet clients are suitable for ...) Select.
Fully distinguished name: Select this option to use the FQDN.
If checked, the User principal name (UPN) Uncheck the checkbox.
Security tab open, remove the Domain Admins and Enterprise Admins groups Enroll
authority (not the band itself, just remove the relevant authority). Add to ConfigMgr
IIS Servers group and give Enroll authority (authority to remove the Read, Read +
Enroll permissions are required). Sec, after more OK'leyerek Close all windows.
Templates'e Certificate Certification Authority console, right-click on it and the New-
> Certificate Template to Issue the command please.ConfigMgr Web Server Certificate
drop-down list, select the certificate template and OK'leyrek close the window.
Connect to the SCCM server to configure your server as the server or distribution point.
Run-> mmc.exe a blank MMC console by typing open. File-> Add / Remove Snap-in
Certificates window, click and pop 'on the left. (As shown as follows:
Figure 6
Computer-> After clicking on Next, select Local Computer and click OK Finiz.
Click Certificates, and expand and Personal'a. All tasks'dan Request New Certificate to
click.
Click on Next twice and select the Enroll Please Certificate'i ConfigMgr Web Server.
Figure 7
After this stage, the console is installed, you should see this sertifikanında.
Figure 8
After that you must load the certificate into IIS.This Administrative tools'dan
o Internet Information Services (IIS) Manager open.
o Right-click Default Web Site'a Bindings'i select Edit.
o editleyin HTTPS by selecting, adding that the pop up window select the
certificate and OK'leyin.
o If you do not have it then click Add https: Type kısımını do https and SSL
Certificate, we have added the certificate, are briefly seçiniz.IIS I reboot (This is
optional, but my recommendation)
Figure 9
Creating ConfigMgr Client Certificate, the Certificate of
Open the Certification Authority console, right click and Certificate Templates'e Click
Manage'e. Pop-up window, you will see at the bottom Workstation Authentication
certificate.
Right-click Workstation Authentication certificate, click the Duplicate Certificate'e.
Please provide the name of the certificate template that the ConfigMgr Client
Certificate.
Figure 10
Select the Security Tab you and the Domain Computers group Read, Enroll, and
Autoenroll permissions. Ok'leyerek close the windows.
Return to the console and right-clicking the CA Certificate Templates'e New->
Certificate Template to issue command to give. Pop-up window, select ConfigMgr
Client Certificate Ok'leyin.
Figure 11
After this stage, by the CA server certificate has already started running. Distribute the
certificate to the client computers to use Group Policy The most effortless and practical
method.
Log on domain controller, and the Administrative Tools, Group Policy, select
Managemen'I. If you do not have the Group Policy Management Console, you
probably have Windows Server 2003 DC and 2003 as the default domain controllers
Group Policy Management Console (GPMC) is not. To
installhttp://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21895
Click on the link.
Create a GPO in GPMC, right click and find the domain registrar in this domain, and
link it here will allow you to create a new GPO verin.Bu command. Policy that a name
like Autoenroll verebilirsiniz.Amaç serfikasını client to distribute to all clients .. Click
ok whether my job.
Right-click the Linked Group Policy Objects tabındaki Autoenroll policysine press
EDIT. That under the Computer Configuration Group Policy Management Editor in
Windows Settings / Security Settings / Public Key Policies' Turn out.
Certificate Services Client - Auto-enrollment'a right-click and open Properties. .
Configuration Model list, select the Enabled option is alsoRenew expired certificates,
update pending certificates, and remove revoked certificates and Update certificates
that use certificate templates, okleyin mark.
Figure 12
Policy is created, the default Group Policy settings have not done any changes will be updated in
30-90 min. However, the certificate that the client computers may need to restart the clients to
upload an. On the client computer at the command prompt, type gpupdate / force command
with the detection process can shorten the GPO.
Schema for SCCM 2012 Installing Plug-Ins
But if you do not install the Active Directory Schema plug-ins do not have to install some of the
important features of SCCM kaçınılmızdır remain deprived, they are:
- SCCM Client Installation (Push), and site assignment,
- Site mode, CRL checking,
- Port configuration,
- Network Access Protection support,
- Secure Key Exchange Between Site'lar ..
For this reason, I suggest you install the Active Directory schema extensions. Schema extensions
can be done after or before installation of SCCM, but I will perform the necessary work prior to
installation. Extend schema before performing a backup of the Domain Controllerlarınızın
recommend that you get.
First of all, the installation DVD to the SCCM Schema plug-ins smssetup \ bin directory in the
directories i386 or x64 is installed in the vehicle at extadsch.exe. Extensionları schema, the
server must be installed with the Active Directory Schema Master role.
If this server is a server 32-bit i386, x64-x64 directory of the domain controller server, be sure to
copy the map or over the network.
Figure 13
32bitlik I do I have a DC and DC to the i386 folder C: \ dizininei pasted.Schema Master
Serverda "Schema Admins" group member with a user-that is a member of this group by default,
the Administrator's log in and enter into the command line by opening the i386 or x64 directory.
Here
Extadsch.exe
Write. I need a screen like the following encounter.
Figure 14
Run-> Open the ADSI Edit tool by typing adsiedit.msc. By default, this tool from Windows
2008 Domain controllerlarda, 2003 is not available on servers, also need to download from
Microsoft. If you do not have the ADSI Edit tool http://support.microsoft.com/kb/892777
download and install from. (part of Windows Server 2003 Support Tools)
Open ADSI Edit and the Domain-> DC = domain, dc = name cn = System, as a domain registrar
to find and right click and create a new object: Select the type of property as a contianer.
Figure 15
Container name must be;
System Management
must ...
Figure 16
After you create the System Management container object, you must give full authority on the
SCCM server, the container object. To do this, right-click the System Management'a, select
Properties. Click the Security pop-up window. Then click Add, click Object Types'e Select
Computers. Add to the list and added to the SCCM server's name and then click Full Control
Allow'a and press Apply, close the window. Thus, all the powers on the server, you agree to this
container.
However, the authorization given at the bottom of System Management for objects and
containers are kapsamayacağı, the authorization given to the child object and the configuration is
containerlarıda need to cover. To do this, click the Advanced button, tabındaki Security, a
window opens as follows (Sheki 17)
Figure 17
Find the name of SCCM sunucuzun Enties permission under the "Apply To" under the heading
"This object only" should be written down. Choose your server and a window will appear as Edit
tıklayın.Aşağıdaki (Figure 18)
Figure 18
Apply Onto drop-down box "This object and all child objects" Select and close all windows
OK'leyip. SCCM server correctly so that you may give the necessary permissions.
SQL Server Setup
SQL Server is an important factor for pre-installation process. As I explained in the early
summer of the Primary Site Database Server SQL Server 2008 SP1 must be installed and must
be 10 cumulative update. With a higher version of SQL Server 2008 SP2, SQL Server 2008 now
supported for R2 versions, but these requirements are updated after the stable release is not
difficult to predict.Primary site database in SQL Express can not, however, secondary site
servers can be databases, Express Edition (SQL 2008 Express, and again with the same SP and
CU).
I am in this article, we will build on the same server as SCCM SQL server, but SQL Server can
run on a different server üzerindede. In this case, SQL is installed, then run the SQL Server
Configuration Named Pipes and TCP / IP protocols, we need to let.
Let it come to the main screen of the installation media for SQL server, insert the installation. If
you do not work automatically, the installation DVD in the "setup.exe" Run. Installation from
the menu on the left, click on the link. Here, the "New SQL Server stand-alone installation or
add features to an existing installation" option (Figure 19)
Figure 19
Enter the Product Key section of the product or the product key during a test period to use the
"Specify a free edition" option (Figure 20)
Figure 20
Okuyuo the license agreement and continue.
Figure 21
Install'a clicking kuurlumun Provide for the start of the installation of the necessary files (Figure
22)
Figure 22
Figure 23
Required to install and continue with the installation of controls in case of success, I can not
olmalısınız.Error sure. Edebilmekle warning and proceed with the case, you may experience
errors in the SQL and its components work, warnings, and certainly not prove as soon as
possible.
Feature selection in the Select the following options: Database Engine, Reporting Services,
Client Tools, Management Tools-Basic, Complete ... (Figure 24). In addition, you can change the
SQL Server installation dizinlerinide.
Figure 24
Enter the name of the SQL instance, no need to change. By default MSSQLSERVER (Figure 25)
Figure 25
We continue, click on Next.
Figure 26
Server Configuration Screen, which is the SQL services to run with user rights, or select the
Security Principle. The following as "NT AUTHORITY \ SYSTEM" SP'sini choose. (Figure 27)
Figure 27
Be found in two important configuration in the Configuration section of the Database Engine.
One of them, and Authentication Mode, the second is to define the SQL admins. Windows
Authentication Mode as Authentication Mode should remain selected. Specify SQL Server
Administrators altındanda, who is the SQL Server Administration operations, or which group /
user (s) If it is to be added. Sign in to perform this operation because I want to add the user
account that I opened the Current User to add to the list by clicking on myself. However, for
security reasons, the best, identify a group to carry out this work, the group is the best way to add
to the list. (Fig. 28)
Figure 28
Start by accepting the default values kuulumu all subsequent steps. When the installation is done
without any problem, make sure (Figure 29)
Figure 29
SCCM 2012 is no longer necessary to set up this way, we managed to complete all preliminary
requirements.
Installation
SCCM 2012 installation media into the drive, run the setup file or a screen like the following.
(Figure 30) is beta version yet for my hand to help and reference links to many here, not yet
working, to mention it. In this screen, Click Install.
Figure 30
Click on Next to continue.
Figure 31
Getting Started screen, select Install a Configuration Manager Site Server Pimary, check the
box below ... Use the typical installation (Şekil32)
Figure 32
These key section of the product key, enter the license terms by checking the box I accept and
continue (Figure 33)
Figure 33
Desktop or anywhere else you want to create an empty folder, I created a desktop .. Updated
Prerequisite Components screen, select Download and use latest updates. Updates will be saved
by clicking Browse and then select the location of the following and just show that you have
created an empty folder, then click Next. In this process, we have identified all the latest updates
to SCCM will download to the folder, your Internet connection speed, and it may take some time
depending on the operating system as current. (Figure 34)
Figure 34
Use the same screen, this time after all the updates indirldikten previously downloaded updates,
select from the following and select the location, select the folder indirldiği Update for future
updates. This folder already klasördü we have identified. Then click on Next to continue (Figure
35)
Figure 35
Site and Installation Settnigs monitor is quite important. Here, consisting of 3 letters determine
the site code and site name.Site code site code is determined to be the same with the settings for
the certificate. I remember it, "ATA" have determined, here I am writing the same thing. SCCM
2012 Primary Site I enter the site name. Here one does not matter what you type, but you can not
change this name later. In addition, as a secondary site server is a hierarchical 's set up, no
matter, all of the site with that name server will be connected.
Do not skip the option to install the Admin Console, management console must be installed
(Figure 36)
Figure 36
Determine the hierarchical position in the next step SCCM'in. If you do not have environment-
which in this case do not have any other SCCM servers - Primary site will be installed as a
standalone site, select. (Figure 37)
Figure 37
SQL Database Server under the name of the server and enter the settings in SQL Server (FQDN
format). Sql instance, the default instance name chosen for the başkabir gerekmez.Database
CM_ATA setting as determined to do.If you set up Network named instance (for example,
Microsoft was whether an instance), here Microsoft \ CM_ATA need to enter into the form (Fig.
38)
Figure 38
SCCM server's NetBIOS name as the next step, we enter the SMS provider, you do not normally
make a dğişiklik, this step is only to be used by the SMS provider (Figure 39)
Figure 39
Next step, Site Server, Client and Distibution Point will determine how the method of
communication between servers. We spilled a lot of sweat in the process of pre-installation for
secure https communication and communication is here, of course, choose to run in https. All
communication must therefore occur over HTTPS client site to select and continue the role.
(Fig. 40)
Figure 40
PKI certificates for https at this stage must be warned that it should be done properly and take the
necessary configuration. We did complete the necessary settings and answering Yes to continue.
Figure 41
Continuing in step, the Management and Distribution Points, the DNS name of the set. Here you
normally do not need to make a change. The names must be the FQDN format. This article, I hid
my domain name for privacy reasons. Make sure the writing is definitely Dis. (Fig. 42)
Figure 42
Prerequisite Check screen, something that is a problem kuurlum're not pre-determine whether it
is something of a control operation is performed. Here, we can not continue with the installation,
but if you encounter with Error warning we can continue the installation. All error and warning
note must perform the required operations. (Fig. 43). I'm still not any warning or error.
Figure 43
Begin by clicking on the Install screen now başlatıyorum installation. This process may take
long or short depending on computer configuration, but in most cases does not exceed 15 dk'yı.
(Fig. 44)
Figure 44
Upon completing the installationComplete the form of setup are briefly top of the screen need to
be written. But when you look at the components (Figure 45) if they still feel panic if loading
continues J, this is not important and let's finish the installation process by clicking on Close.
Figure 45
Now for the final control the Start-> All Programs-> Microsoft System Center-> Configuration
Manager 2012 ConfigMgr console by clicking under the konsolumuzu let's open. If there is no
error opening the SCCM 2012 console and see that it is ready to work (Figure 46)
Figure 46
Thus, SCCM 2012 setup adventure is finished.
Result
SCCM is a complex product, although, after alışıldıktan will be an indispensable part of your
network. This is necessary for the smooth operation of the product and installation phases of the
pre-installation in detail in this article we tried to process. In the next article, SCCM'in examine
the configuration and operations.
Questions on this topic http://forum.mshowto.org forum page to ask questions you can ask by
using the link can reach
References
Documentation Library Configuration Manager 2012
Step-By-Step Example Deployment of the PKI Certificates Required for Configuration Manager
Native Mode: Windows Server 2003 Certification Authority
Related Articles:
Symantec Endpoint Protection (SEP) Manager Installation and Configuration
How to Backup Exchange 2010 with Windows Backup
Lync Server User Migration Problem Solution
Installing Web Server in Windows Server 2008 R2
Symantec Brightmail Message Filter How to Set Up
I was born in 1982 in Ankara. I completed my education in Ankara, my life. 9 years am continuing my life in
Istanbul. Been in the IT industry for almost 10 years. Hardware, server systems, system, network, security,
cisco networking, management falls within the areas of study.Besides, I have been an amateur photography
and historical research. Currently working as a Systems Engineer Sistemleri'nde Ataco Information.