Skip to main content

Software Update Management- SCCM 2012

The below post explains the end to end process of software updates management in SCCM 2012 Pre-requisites: 1.  WSUS Server (WSUS 3.0 SP2 ) should be installed on the SCCM site server or if you want to install WSUS on another server, it is important that you install WSUS administration console as the SCCM Server uses API. This  link explains the step by step procedure to install WSUS 3.0 SP2 2. Install SUP-Software Update Point on the SCCM Server . 3. Reporting Services Point: Install reporting services point role as described in this link . 4. Client agent: The software update client agent should be enabled(will be enabled by default) and the settings have to specified as per the requirement. On SCCM console, go to Administration>Site Configuration>Client settings>Right click on Default client settings> Click on Properties. If required, we can create custom client settings and then enable client settings for that settings. Unde
4 comments

Installation & Configuration of Windows 2008 R2 AD for SCCM


This article will address how to prepare and install Active Directory Domain Services (AD) on Windows Server 2008 R2 Standard 64-bit (W2K8R2) for System Center Configuration Manager 2007.
Please check the below TechNet links for the supported configurations for SCCM.
http://technet.microsoft.com/en-us/library/bb680717.aspx
To execute the below steps, you should be familiar with the Windows server 2008.
Here I have taken Windows Server 2008 R2 Standard edition for the lab purpose.
Section A
Preparing Windows for Active Directory Domain Services installation.
1.  Change the computer name of the AD system. Here I have changed the name to AD.


2. Turn off Windows Firewall


3.  Disable IPV6 and configure IPV4 settings as below


4. Add the required role from Server manager as shown:




To add the “Active Directory Domain Services” Role click on the Role Directory within Server Manager and select Add Roles in the Roles Summary. Install DotNet Framework when prompted.
Consider using a Proper domain name for the new domain controller.
We need not install DNS separately; installation of AD DC will automatically prompt for the installation of DNS server.

Section B
Installation of Active Directory Domain Services (DCPROMO)
Now that the Server has been prepared for the installation of AD we can proceed. You now have three different ways we can begin the installation.
  1.  Within Server Manager, if you expand the Roles directory you will see the Active Directory Domain Services directory. Select that and you will find in the Summary “Run the Active Directory Domain Services Installation Wizard (dcpromo.exe)” Simply click that to begin the installation.



2.  The command line equivalent to Active Directory Domain Services Installation Wizard is Servermanagercmd.exe –I ADDS-Domain-Controller

 3. The last and the most recognized method is typing DCPROMO.exe at the command prompt.



Whichever way you choose, you should get to this point. Simply click next. You do not check advanced mode.




Click Next and select Create a new domain in a new forest



Click next and provide the Forest Root Domain Name, Here I have given it as contoso.com



After the installation verifies that the NetBIOS Name, you will choose the Forest function level. I chose 2008 R2. After selecting click Next.




It will examine and verify your DNS setting. DNS server should already be checked. Now click Next.




The next prompt is ok; you can safely click on Yes.



Click Next and verify the log files locations, if needed you can change the locations.





Click next and enter the Domain Administrator password. This is not the local admin password but for recovery options.



Click Next and then summary is displayed, you can also export the settings to be used for other AD installations by supplying this answer file.




The installation will now complete. You can check the reboot on completion if you like.



Click Finish and reboot the server.


AD Domain Controller is ready and you can login with the domain admin account into the system




Section C
Preparing for SCCM
  1. Map the  SCCM media and find the file extadch
We have to run this file to extend  the schema for SCCM



Note:
  • The location of the file is in \SMSSETUP\BIN\I386 in the SCCM media
  • The account used to run this application should have schema admins rights.
In production environment, consult your AD Windows team for extending schema.
  • The below reference link is for AD schema extension
http://technet.microsoft.com/en-us/library/bb680608.aspx

2. We can verify whether  the schema is extended  or not  by checking the extadch.log file  in the  C drive(  root) of the system where  the  file  has been executed.



3. Once the schema has been extended, we have to create appropriate groups for SCCM Servers.  Here I have created a group called SCCM_SERVERS
We can add all the upcoming SCCM servers into this group for better management


4. Then, we have to create system management container within the system node in the AD and provide full permissions for the SCCM_SERVERS group on that container.
The reference article for the same.
http://technet.microsoft.com/en-us/library/bb632591.aspx
  • Log on as an account that has the Create All Child Objects permission on the System container in Active Directory Domain Services.
Here, the domain admin account contoso\administrator

  • Run ADSI Edit, and connect to the domain in which the site server resides
i.e. connect to default naming context



  • Expand Domain <computer fully qualified domain name>, expand <distinguished name>, right-click CN=System, click New, and then click Object.



  • In the Create Object dialog box, select Container, and then click Next.


  • In the Value box, type System Management, and then click Next.
Type the exact name without any changes; this is the container where the SCCM will publish the data into Active directory



  • Click Finish.
5. Now the only part left out in AD is providing permissions for SCCM group to the newly created System Management container, then we are good to go with the SCCM installation.
Here is how we do it—
Go to System management container, right click and select properties. Select Security tab on the property window>>> click add, enter the sccm_servers group and provide full permissions to the group on the container.



Make sure permissions are provided to all the descendant and child objects as shown.




Disclaimer: This document is only for Lab purpose and should be thoroughly tested before implementing the procedures in the production. :)
Hope this post has been informative to you, happy installations!!!
Labels:

Comments

Post a Comment

Popular posts from this blog

Registering SPN for SQL Server for SCCM

If using a domain account to install SQL server 2008 R2 for SCCM, you have to register a SPN (Service Principal Name) in Active Directory for that domain account. Two SPNs for the account should be registered,     1. For NETBIOS name of the SQL Server     2. For the FQDN of SQL server. The procedure to do that is as follows 1. Log on to a domain controller; open a command prompt with administrative privileges. 2. Type the below commands replacing SQL server name. setspn –A MSSQLSvc/< SQL Server NETBIOS name >:1433<Domain\Account> setspn –A MSSQLSvc/< SQL Server FQDN >:1433 <Domain\Account> 3. As shown in the below screenshot, the server name here is  CM2012 for NETBIOS name and CM2012.CONTOSO.COM 4.  Verify the registration of SPN by typing the below command Setspn –L  <domain\account>
1 comment
Read more

Consistency validation for SQL Server registry keys failed error -SQL for SCCM

During installation of SQL server, "Consistency validation for SQL Server registry keys failed” error pops up in the below scenarios. 1.   Previous installation of SQL exists. 2.   Inappropriate permissions on the registry keys of Microsoft SQL server. Solution that worked me is explained below. A. Identify the issue: 1. Go to %Program Files%\Microsoft SQL Server\100\SetupBootstrap\Log\”date  and time of installation” 2. Search (in Detail_GlobalRules.txt) for lines containing the following string "Could not fix registry key" 3. Run “regedit”, s et full control permissions for the appropriate registry keys mentioned in "Detail_GlobalRules.txt" file. Re-run the installation. B. Modifying the registry: 1. Locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server in registry. (To open registry, run “regedit”) 2. Right click and go to Permission 3. Click on Advance tab and c heck the below options.     i. Include i
6 comments
Read more

Collection query to find Machines--based on GUID Criteria

You can use the below SQL query to create a new collection based on GUID. select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SMBIOSGUID = " 18764D56-C91F-83A5-51FB-4AD4B6699D04 " Replace the GUID with the one that you intend to delete. This is particularly useful when performing OSD related tasks. To know how to create a collection , go through this link .
3 comments
Read more