SCCM 2012 R2 Environment Preparation Requirements

This article covers the installation on a SCCM 2012 R2 environment for Computer management (OS Deployment and Inventory). There are:

  • One server for SQL and Reporting services
  • One server for SCCM Primary Site
  • One server for a secondary SCCM Management and Deployment Point (it will be used later for SUP roles and Application Catalog).

 

All servers are installed with Windows Server 2012 R2.

This article not covers a SCCM CAS (Central Administration Site) Server deployment (need if you plan to deploy multiple Primary Sites).

 

Article Parts:

 

SCCM 2012 R2 – Design Guide

This part is not cover in this article. For more information see TechNet:

 

 

 

SQL – Design Guide

There are a lot of constraints for SQL on a SCCM environment.

 

High Availability:

  • Configuration not supported:
  • SQL AlwaysOn
  • SQL Database Mirroring
  • SQL Peer-to-Peer Replication.
  • SQL Server cluster in a Network Load Balancing (NLB) cluster configuration

 

  • Configuration supported:
  • SQL Server Cluster (Site Database role only)
Note: If you use a SQL Server cluster for the site database, you must add the computer account of the site server to the Local Administrators group of each Windows Server cluster node computer.
  • Another possibility is to use a Hyper-V Replica.

 

SQL Database Engine:

  • A dedicated instance of SQL Server must be used for each Site.
  • Each SCCM Site Database can be installed on either the default instance or a named instance.
  • The Instance can be co-located with the Site System Server, or on a Remote computer.
  • Only SQL Server 64-bit is supported

 

For Secondary Site:

  • Two options (*):
  • Install a dedicated SQL Server Instance
  • Allow Setup to install an instance of SQL Server Express
(*) Whichever option, SQL Server must be located on the Secondary Site Server.

 

Configuration:

  • Collation: SQL_Latin1_General_CP1_CI_AS
  • For SQL Server Instance on a remote server the Remote Registry service must be enabled
  • The Instance can be co-located with the Site System Server, or on a Remote computer.
  • SQL Server features required for each site server: Only the “Database Engine Services”

 

TCP Port (Instance):

  • The following site system roles communicate directly with the SQL Server database (default port TCP 1433):

 

  • Management point
  • SMS Provider computer
  • Reporting Services point
  • Site server
  • Dynamic Port option is not supported.
  • Since SCCM 2012 SP1, defined a custom static TCP Port is supported.
Note:
The custom TCP port cannot be configured on SCCM, so the “SQL Browser” Service must be enabled.

I’m currently testing to force the TCP port in the “SQL Server Native client” configuration, SCCM server can connect to the database but I have not tested whether there were other impacts (in addition, if it works, I’m not sure it is supported by Microsoft..). The solution of the alias is not working.

 

TCP Port (Broker):

  • Inter-site communications use the “SQL Server Broker” service, which by default uses port TCP 4022.
  • Defined a custom TCP Port is supported.

 

SQL Server Memory:

  • Microsoft recommendations (if Site Database role is co-located with the Site System role on the same Server):

Limit the memory for SQL Server to 50 to 80 percent of the available addressable system memory.

SCCM requires SQL Server to reserve a minimum of (SQL setting “Minimum Server Memory”):

  • 8 GB of memory in the buffer pool used by an instance of SQL Server for the CAS and Primary Site.
  • 4 GB for the secondary site.

 

SCCM Reporting Service Point (SSRS Instance):

  • Can be the same instance you use for the site DB.
  • Can be shared with other System Center Products as long as the other do not have restrictions for sharing the instance (Example: SCOM cannot share SSRS Instance).

 

Components Requirements

 

Notes: Internet Information Services (IIS)

SCCM Site Systems roles which require IIS:

  • Application Catalog web service point
  • Application Catalog website point
  • Distribution point
  • Enrollment point
  • Enrollment proxy point
  • Fallback status point
  • Management point
  • Software update point

 

Note: IIS must be enabled before SCCM Components installation

 

Components

 

SCCM Role

Components required

Source

Site server
  • .Net Framework 3.5 SP1
  • .Net Framework 4.5
  • Remote Differential Compression
  • Windows ADK for Windows 8.1
Windows feature
Windows feature
Windows feature
ADK
Database Server
  • SQL Server Database Engine
SQL Server
Reporting services point
  • .Net Framework 4.5
  • SQL Server Reporting Services
Windows feature
SQL Server
Deployment Point
  • Remote Differential Compression
  • IIS Web Server with :
    • Application Development – ISAPI Extensions
    • Security – Windows Authentication
    • IIS 6 Management Compatibility

      IIS 6 Metabase Compatibility

      IIS 6 WMI Compatibility

  • Windows Deployment Services (WDS) (*)
Windows feature
Application Catalog web service point
  • .NET Framework 3.5
    • HTTP Activation (and automatically selected options)
  • .NET Framework 4.5
    • ASP.NET 4.5
  • IIS Web Server with:
    • Common http Features – Default Document
    • IIS 6 Management Compatibility:

      IIS 6 Metabase Compatibility

    • Application Development

      ASP.NET 3.5 (and automatically selected options)

      .NET Extensibility 3.5

Windows feature
Application Catalog website point
  • .NET Framework 3.5
  • .NET Framework 4.5
    • ASP.NET 4.5
  • IIS Web Server with:
    • Common HTTP Features:

      Default Document

      Static Content

    • Application Development:

      ASP.NET 3.5 (and automatically selected options)

      ASP.NET 4.5 (and automatically selected options)

      .NET Extensibility 3.5

      .NET Extensibility 4.5

    • Security: Windows Authentication
    • IIS 6 Management Compatibility:

      IIS 6 Metabase Compatibility

Windows feature

 

(*) On a Deployment Point, WDS feature is automatically installed when PXE option is enabled. But if you want to specify a custom path for “RemoteInstall” folder you have to install and configure feature before enabling PXE.

 

Preparation

Sources needed:

  • ISO – WS2012 R2 Standard or Enterprise
  • ISO – SQL Server 2012 Enterprise with SP1
  • ISO – SCCM 2012 R2
  • FILES – SQL Server 2012 SP1 Update(s) (Actually CU7)
  • FILES – ADK 8.1 (download offline files)
  • FILES – SCCM Prerequisite files (see below)

 

Download SCCM Prerequisites

From a computer (x64) with Internet Connection:

  • Navigate to SCCM 2012 R2 ISO source: .\smssetup\bin\X64
  • Run SetupDL.exe <targetdir> (Example SetupDL.exe E:\CM2012PR)

 

This download .Net 4.0, SQL Express (not needed but you can skip this step), etc…


Build an ISO with this source and copy it on Hyper-V/SCVMM.

 

Download ADK Prerequisites

Download “adksetup.exe” file:

Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 Update – https://www.microsoft.com/en-us/download/details.aspx?id=39982

For more information about ADK tools, see TechNet article – “Windows Deployment Tools Technical Reference“: https://technet.microsoft.com/en-us/library/hh825039.aspx

 

Select “Download the Windows Assessment….” and specify a path

Build an ISO with the sources:

 

Extend Active Directory Schema for SCCM

Extend the AD schema is not mandatory for SCCM. However it facilitates client administration, especially for the following points (TechNet extract):

Client computer installation and site assignment:
When a new Configuration Manager Windows client installs, the client can search Active Directory Domain Services for installation properties. If you do not extend the schema, you must use one of the following workarounds to provide configuration details that computers require to install:
Port configuration for client-to-server communication:
When a client installs, it is configured with port information. If you later change the client-to-server communication port for a site, a client can obtain this new port setting from Active Directory Domain Services. If you do not extend the schema, you must use one of the following workarounds to provide this new port configuration to existing clients

 

For more information, see TechNet article “Determine Whether to Extend the Active Directory Schema for Configuration Manager” – https://technet.microsoft.com/en-us/library/gg712272.aspx

Four actions are required to successfully enable Configuration Manager Clients to query AD DS to locate site resources:

  • Extend the Active Directory schema.
  • Create the System Management container.
  • Set security permissions on the System Management container.
  • Enable Active Directory publishing for the Configuration Manager site

 

For more information, see TechNet article “Prepare the Windows Environment for Configuration Manager” – https://technet.microsoft.com/en-us/library/gg712264.aspx#BKMK_PrepAD

 

Note about previous versions:

The SCCM 2012 R2 AD Schema Extensions are the same as SCCM 2007, 2012 or 2012 SP1. So if you have already extended the schema for a previous mentioned above, you do not have to extend it again to install SCCM 2012 R2.

 

Extend the Active Directory schema

Create a checkpoint of your Domain Controller (I have only one DC):

Logon a server with an account that is a member of “Schema Admins” security group.

From SCCM ISO run .\SMSSETUP\BIN\X64\extadsch.exe

Check schema extension result, open extadsch.log located in the root of the system drive.

 

Create the System Management Container

Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services

Start ADSI Edit, go to the “System” containter and create a new Object:

Select “container”:

Enter “System Management”:

 

Set Security Permissions on the System Management Container

 

TechNet Note:
After you have created the System Management container in Active Directory Domain Services, you must grant the site server’s computer account the permissions that are required to publish site information to the container.Important
The primary site server computer account must be granted Full Control permissions to the System Management container and all its child objects. If you have secondary sites, the secondary site server computer account must also be granted Full Control permissions to the System Management container and all its child objects.
You can grant the necessary permissions by using the Active Directory Users and Computers administrative tool or the Active Directory Service Interfaces Editor (ADSI Edit). For more information about how to install and use ADSI Edit, see ADSI Edit (adsiedit.msc).

 

Open properties of the container “System Management” created previously.

In the “Security” tab, add the site server computer account and Grant the “Full Control” permissions.

Click Advanced, select the site server’s computer account, and then click Edit.

In the “Applies to” list, select “This object and all descendant objects“.

Click OK and close the ADSIEdit console.

About Gilles Monville

Gilles Monville is a passionate of IT for many years; he works for over 10 years on Microsoft and VMware environments. In addition to Virtualization and Cloud computing, he loves automation (Orchestrator, PowerShell, Cloud deployment …)

One comment

  1. Hello,I check your blogs named “SCCM 2012 R2 Environment Preparation Requirements -” like every week.Your humoristic style is awesome, keep it up! And you can look our website about proxy list https://proxylistdaily4you.blogspot.com/.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

SCCM Software Update PART 5 – Best practices

SCCM Software Update PART 1 – Introduction to SCCM and WSUS SCCM Software Update PART ...

SCCM Software Update PART 4 – Create deployment packages manually

SCCM Software Update PART 1 – Introduction to SCCM and WSUS SCCM Software Update PART ...

Software Update with SCCM PART 3 – Automatic Deployment Rules

SCCM Software Update PART 1 – Introduction to SCCM and WSUS SCCM Software Update PART ...