Menu Close

ConfigMgr 2012 R2 – QuickStart Deployment Guide

This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This also happens to be a very typical scenario for small environments for a production deployment.  This is not an architecture guide or intended to be a design guide in any way. This is provided “AS IS” with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.

Server Names\Roles:

  • DB03               SQL Database Services, Reporting Services
  • CM1                Primary Site Server

Windows Server 2012 R2 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 with SP1 will be the base standard for all SQL database and reporting services.      http://technet.microsoft.com/en-us/library/gg682077.aspx

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

  • DOMAIN\ConfigMgrAdmins            ConfigMgr Administrators security group
  • DOMAIN\ConfigMgrLocalAdmin     ConfigMgr Client Push account

2.  Add the domain user accounts for yourself and your team to the “ConfigMgrAdmins” group.

3.  Install Windows Server 2012 R2 to all server role servers.

4.  Install Prerequisites and SQL 2012 with SP1.

5.  Install the Site Server and Database Components

6.  Install the Reporting components.

Prerequisites:

1.  Install Windows Server 2012 R2 to all Servers

2.  Join all servers to domain.

3.  Install all available Windows Updates.

4.  Add the “ConfigMgrAdmins” domain global group to the Local Administrators group on each server.

5.  On CM1, Install required prerequisites for the site system roles (this covers all site system roles combined on a single server):

Open PowerShell (as an administrator) and run the following:  

Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat -Restart

Note – if your machines are not internet connected, you might need to add a “–Source D:\sources\sxs” or whatever the path is to your Windows installation media.  By default Windows 2012 gets .NET 3.5 from Windows Update, but this doesn’t always work, and will never work for machines without an internet connection.

After installing these roles/features, you might have to register ASP.NET with IIS.  The simplest way is to open an elevated command prompt: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe –r

6.  On CM1 – Install the Deployment Tools, Windows PE, and the User State Migration tool from the Windows 8.1 ADK:   http://www.microsoft.com/en-us/download/details.aspx?id=39982 

7.  On CM1 – add the WSUS feature from Server Manager.

8. Install SQL 2012 with SP1 to the DB server role

  • Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
  • Run setup, choose Installation > New Installation…
  • When prompted for feature selection, install ALL of the following:
    • Database Engine Services
    • Full-Text and Semantic Extractions for Search (required for OpsMgr is doing a shared SQL deployment)
    • Reporting Services – Native
  • Optionally – consider adding the following to ease administration:
    • Management Tools – Basic and Complete (for running queries and configuring SQL services)
  • On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
  • On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account.  Input the DOMAIN\sqlsvc account and password for Agent, Engine, and Reporting.
  • On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
  • On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the ConfigMgrAdmins global group here. This will grant more rights than is required to all ConfigMgrAdmin accounts, but is fine for testing purposes of the POC.
  • On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
  • On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
  • Setup will complete.
  • You will need to disable Windows Firewall on the SQL server, or make the necessary modifications to the firewall to allow all SQL traffic.  See http://msdn.microsoft.com/en-us/library/ms175043.aspx

9.  On the SQL server – add the Computer Account in the domain to the local administrators group of the SQL database server (DOMAIN\CM1$)

10.  In Active Directory – extend the schema, create the System Management container, and assign permissions:  http://technet.microsoft.com/en-us/library/gg712264.aspx#BKMK_PrepAD

      Step by step deployment guide:

      1.  Install the Primary Site Server role on CM1.

      • Log on using your personal domain user account that is a member of the ConfigMgrAdmins group.
      • Run Splash.hta
      • Click Install
      • Read the “Before You Begin” Info and click Next.
      • On the Available Setup Options, choose to install a primary site, but to NOT check the box for typical options.  We are going to configure each step for our site and use a remote SQL database server.
      • Choose Eval or input your license key and click Next.
      • Accept the Eula and click Next.
      • Accept the additional license agreements and click Next.
      • Provide a path to the prereq file downloads.  If you have not downloaded these recently then create a new folder for these, locally or on a remote path.
      • Choose your language(s) and click Next, on the server and client screens.
      • Input a site code for your primary site.  Input a description.  Choose a path.  Make sure you are also installing the console.  Click Next.
      • Choose to install a primary site as a stand alone site.  We can add a CAS later in ConfigMgr 2012 SP1 and later.
      • Input the SQL server name, instance, click Next.
      • Accept the default for the SMS provider.  Next.
      • Choose to configure the communication method on each site system role, and to not use HTTPS (don’t check box.)  Next.
      • Choose HTTP for the MP and DP – we can change this to HTTPS with certs down the road.  Next.
      • Choose to enable CEIP or not.  Next.
      • Choose next to run prereq checker.  Resolve any issues.  Click Begin Install.
      • Install Completes.  Click Close.

      Post Deployment Configuration:

      1.  Add Site System Roles:

      2.  Enable discoveries

      image

      This will bring in the AD site and IP boundaries.

      • Enable AD Group discovery to bring in Security groups and group membership for computers.  Create a scope that makes sense only for groups you need to discover.
      • Enable AD system discoveries to bring in systems.
      • Enable User discovery

      3.   Configure Boundaries and Boundary Groups

      • Create a boundary group and add your site boundaries and site servers to it, for site assignment.

      4.  Configure Client Device Settings

      • Administration > Client Settings > Create Custom Client Device Settings
      • Check:
        • Client Policy
        • Computer Agent
        • Software Updates
      • Configure Client policy polling as appropriate (longer for production, faster for labs)
      • Configure “Set Website” for Application Catalog on Computer Agent settings and customize any additional settings.
      • Set a schedule for software update scans for 1 day.
      • Deploy your new client device systems to All Systems (for a lab)

      5.  Install Clients:   http://technet.microsoft.com/en-us/library/gg712298.aspx

      • Assign a client Push account to Administration > Site Configuration > Sites > Client Installation Settings
      • Install clients to a collection

      6.  Verify Hardware and software inventory for clients

      7.  Enable Endpoint protection

      • Client Settings – create a new client device setting.  Enable endpoint protection.
      • Configure Client device settings to turn on Endpoint protection and deploy endpoints.
      • Deploy new client policy to All Desktop and Server Clients Collection, or a custom collection
      • Create automatic deployment rule for definition updates using Definition template.

      Continue on with additional steps from TechNet, such as software deployment, software updates, OSD, etc.

      Leave a Reply

      Your email address will not be published.