Set up your lab - Configuration Manager | Microsoft Docs

Leave these settings as default. Step 15: Client Communication Settings, Confirm that All site system roles accept only HTTPS communication from ... Skiptomaincontent Thisbrowserisnolongersupported. UpgradetoMicrosoftEdgetotakeadvantageofthelatestfeatures,securityupdates,andtechnicalsupport. DownloadMicrosoftEdge Moreinfo Tableofcontents Exitfocusmode ReadinEnglish Save Tableofcontents ReadinEnglish Save Feedback Edit Twitter LinkedIn Facebook Email Tableofcontents SetupaConfigurationManagerlab Article 09/17/2021 12minutestoread 4contributors Isthispagehelpful? Yes No Anyadditionalfeedback? FeedbackwillbesenttoMicrosoft:Bypressingthesubmitbutton,yourfeedbackwillbeusedtoimproveMicrosoftproductsandservices.Privacypolicy. Submit Thankyou. Inthisarticle Appliesto:ConfigurationManager(currentbranch) FollowingtheguidanceinthistopicwillenableyoutosetupalabforevaluatingConfigurationManagerwithsimulatedreal-lifeactivities. Note Microsoftoffersapre-configuredversionofthislabusinganevaluationversionofConfigurationManager.Formoreinformation,seeWindowsandOfficedeploymentandmanagementlabkit. Corecomponents SettingupyourenvironmentforConfigurationManagerrequiressomecorecomponentstosupporttheinstallationofConfigurationManager. ThelabenvironmentusesWindowsServer2012R2,intowhichwewillinstallConfigurationManager. YoucandownloadanevaluationversionofWindowsServer2012R2fromtheEvaluationCenter. ConsidermodifyingordisablingInternetExplorerEnhancedSecurityConfigurationinordertomoreeasilyaccesssomeofthedownloadsreferencedthroughoutthecourseoftheseexercises.Formoreinformation,seeInternetExplorer:EnhancedSecurityConfiguration. ThelabenvironmentusesSQLServer2012SP2forthesitedatabase. YoucandownloadanevaluationversionofSQLServer2012fromtheMicrosoftDownloadCenter. SQLServerhasSupportedversionsofSQLServerthatmustbemetforusewithConfigurationManager. ConfigurationManagerrequiresa64-bitversionofSQLServertohostthesitedatabase. SQL_Latin1_General_CP1_CI_ASastheSQLCollationclass. Windowsauthentication,ratherthanSQLServerauthentication,isrequired. AdedicatedSQLServerinstanceisrequired. DonotlimitthesystemaddressablememoryforSQLServer. ConfiguretheSQLServerserviceaccounttorunusingalowrightsdomainuseraccount. YoumustinstallSQLServerreportingservices. IntersitecommunicationsusetheSQLServerServiceBrokerondefaultportTCP4022. IntrasitecommunicationsbetweentheSQLServerdatabaseengineandselectConfigurationManagersitesystemrolesusedefaultportTCP1433. ThedomaincontrollerusesWindowsServer2008R2withActiveDirectoryDomainServicesinstalled.ThedomaincontrolleralsofunctionsasthehostfortheDHCPandtheDNSserversforusewithafullyqualifieddomainname. Formoreinformation,seeoverviewofActiveDirectoryDomainServices. Hyper-Visusedwithafewvirtualmachinestoverifythatthemanagementstepstakenintheseexercisesarefunctioningasexpected.Aminimumofthreevirtualmachinesisrecommended,withWindows10installed. Formoreinformation,seeoverviewofHyper-V. Administratorpermissionswillberequiredforallofthesecomponents. ConfigurationManagerrequiresanadministratorwithlocalpermissionswithintheWindowsServerenvironment ActiveDirectoryrequiresanadministratorwithpermissionstomodifytheschema Virtualmachinesrequirelocalpermissionsonthemachinesthemselves Thoughnotrequiredforthislab,youcanreviewSupportedconfigurationsforConfigurationManagerforadditionalinformationonrequirementsforimplementingConfigurationManager.Refertodocumentationforsoftwareversionsotherthanthosereferencedhere. Onceyouhaveinstalledallofthesecomponents,thereareadditionalstepsyoumusttaketoconfigureyourWindowsenvironmentforConfigurationManager: PrepareActiveDirectorycontentforthelab Forthislab,youwillcreateasecuritygroup,thenaddadomainusertoit. Securitygroup:Evaluation Groupscope:Universal Grouptype:Security Domainuser:ConfigUser Undernormalcircumstances,youwouldnotgrantuniversalaccesstoalluserswithinyourenvironment.Youaredoingsowiththisuserinordertostreamlinebringingyourlabonline. ThenextstepsrequiredtoenableConfigurationManagerclientstoqueryActiveDirectoryDomainServicestolocatesiteresourcesarelistedoverthenextprocedures. CreatetheSystemManagementcontainer ConfigurationManagerwillnotautomaticallycreatetherequiredSystemManagementcontainerinActiveDirectoryDomainServiceswhentheschemaisextended.Therefore,youwillcreatethisforyourlab.ThisstepwillrequireyoutoinstallADSIEdit. EnsurethatyouareloggedonasanaccountthathasCreateAllChildObjectspermissionontheSystemContainerinActiveDirectoryDomainServices. TocreatetheSystemManagementcontainer: RunADSIEdit,andconnecttothedomaininwhichthesiteserverresides. ExpandDomain,expand,right-clickCN=System,clickNew,andthenclickObject. IntheCreateObjectdialogbox,selectContainer,andthenclickNext. IntheValuebox,typeSystemManagement,andthenclickNext. ClickFinishtocompletetheprocedure. SetsecuritypermissionsfortheSystemManagementcontainer Grantthesiteserver'scomputeraccountthepermissionsthatarerequiredtopublishsiteinformationtothecontainer.YouwilluseADSIEditforthistaskaswell. Important Confirmthatyouareconnectedtothesiteserver'sdomainpriortobeginningthefollowingprocedure. TosetsecuritypermissionsfortheSystemManagementcontainer: Intheconsolepane,expandthesiteserver'sdomain,expandDC=,andthenexpandCN=System.Right-clickCN=SystemManagement,andthenclickProperties. IntheCN=SystemManagementPropertiesdialogbox,clicktheSecuritytab,andthenclickAddtoaddthesiteservercomputeraccount.GranttheaccountFullControlpermissions. ClickAdvanced,selectthesiteserver'scomputeraccount,andthenclickEdit. IntheApplyontolist,selectThisobjectandalldescendantobjects. ClickOKtoclosetheADSIEditconsoleandcompletetheprocedure. Formoreinformation,seeExtendtheActiveDirectoryschemaforConfigurationManager ExtendtheActiveDirectoryschemausingextadsch.exe YouwillextendtheActiveDirectoryschemaforthislab,asthisallowsyoutouseallConfigurationManagerfeaturesandfunctionalitywiththeleastamountofadministrativeoverhead.ExtendingtheActiveDirectoryschemaisaforest-wideconfigurationthatisdoneonetimeperforest.ExtendingtheschemapermanentlymodifiesthesetofclassesandattributesinyourbaseActiveDirectoryconfiguration.Thisactionisirreversible.ExtendingtheschemaallowsConfigurationManagertoaccesscomponentsthatwillallowittofunctionmosteffectivelywithinyourlabenvironment. Important EnsurethatyouareloggedontotheschemamasterdomaincontrollerwithanaccountthatisamemberoftheSchemaAdminssecuritygroup.Attemptingtousealternatecredentialswillfail. ToextendtheActiveDirectoryschemausingextadsch.exe: Createabackupoftheschemamasterdomaincontroller'ssystemstate.Formoreinformationaboutbackingupmasterdomaincontroller,seeWindowsServerBackup Navigateto\SMSSETUP\BIN\X64intheinstallationmedia. Runextadsch.exe. Verifythattheschemaextensionwassuccessfulbyreviewingtheextadsch.loglocatedintherootfolderofthesystemdrive. Formoreinformation,seeExtendtheActiveDirectoryschemaforConfigurationManager. Otherrequiredtasks Youwillalsoneedtocompletethefollowingtaskspriortoinstallation. Createafolderforstoringalldownloads Therewillbemultipledownloadsrequiredforcomponentsoftheinstallationmediathroughoutthisexercise.Beforebeginninganyinstallationprocedures,determinealocationthatwillnotrequireyoutomovethesefilesuntilyouwishtodecommissionyourlab.Asinglefolderwithseparatesubfolderstostorethesedownloadsisrecommended. Install.NETandactivateWindowsCommunicationFoundation Youwillneedtoinstalltwo.NETFrameworks:first,.NET3.5.1andthen.NET4.5.2+.YouwillalsoneedtoactivateWindowsCommunicationFoundation(WCF).WCFisdesignedtoofferamanageableapproachtodistributedcomputing,broadinteroperability,anddirectsupportforserviceorientation,andsimplifiesdevelopmentofconnectedapplicationsthroughaservice-orientedprogrammingmodel.Formoreinformation,seeWhatIsWindowsCommunicationFoundation?. Toinstall.NETandactivateWindowsCommunicationFoundation: OpenServerManager,thennavigatetoManage.ClickAddRolesandFeaturestoopentheAddRolesandFeaturesWizard. ReviewtheinformationprovidedintheBeforeYouBeginpanel,thenclickNext. SelectRole-basedorfeature-basedinstallation,thenclickNext. SelectyourserverfromtheServerPool,thenclickNext. ReviewtheServerRolespanel,thenclickNext. AddthefollowingFeaturesbyselectingthemfromthelist: .NETFramework3.5Features .NETFramework3.5(includes.NET2.0and3.0) .NETFramework4.5Features .NETFramework4.5 ASP.NET4.5 WCFServices HTTPActivation TCPPortSharing ReviewtheWebServerRole(IIS)andRoleServicesscreen,thenclickNext. ReviewtheConfirmationscreen,thenclickNext. ClickInstallandverifythattheinstallationcompletedproperlyintheNotificationspaneofServerManager. Afterthebaseinstallationof.NETcompletes,navigatetotheMicrosoftDownloadCentertoobtainthewebinstallerforthe.NETFramework4.5.2.ClicktheDownloadbutton,thenRuntheinstaller.Itwillautomaticallydetectandinstalltherequiredcomponentsinyourselectedlanguage. EnableBITS,IIS,andRDC TheBackgroundIntelligentTransferService(BITS)isusedforapplicationsthatneedtotransferfilesasynchronouslybetweenaclientandaserver.Bymeteringtheflowofthetransfersintheforegroundandbackground,BITSpreservestheresponsivenessofothernetworkapplications.Itwillalsoautomaticallyresumefiletransfersifatransfersessionisinterrupted. YouwillinstallBITSforthislab,asthissiteserverwillalsobeusedasamanagementpoint. InternetInformationServices(IIS)isaflexible,scalablewebserverthatcanbeusedtohostanythingontheweb.ItisusedbyConfigurationManagerforanumberofsitesystemroles.ForadditionalinformationonIIS,reviewWebsitesforsitesystemservers. RemoteDifferentialCompression(RDC)isasetofAPIsthatapplicationscanusetodetermineifanychangeshavebeenmadetoasetoffiles.RDCenablestheapplicationtoreplicateonlythechangedportionsofafile,keepingnetworktraffictoaminimum. ToenableBITS,IIS,andRDCsiteserverroles: Onyoursiteserver,openServerManager.NavigatetoManage.ClickAddRolesandFeaturestoopentheAddRolesandFeaturesWizard. ReviewtheinformationprovidedintheBeforeYouBeginpanel,thenclickNext. SelectRole-basedorfeature-basedinstallation,thenclickNext. SelectyourserverfromtheServerPool,thenclickNext. AddthefollowingServerRolesbyselectingthemfromthelist: WebServer(IIS) CommonHTTPFeatures DefaultDocument DirectoryBrowsing HTTPErrors StaticContent HTTPRedirection HealthandDiagnostics HTTPLogging LoggingTools RequestMonitor Tracing Performance StaticContentCompression DynamicContentCompression Security RequestFiltering BasicAuthentication ClientCertificateMappingAuthentication IPandDomainRestrictions URLAuthorization WindowsAuthentication ApplicationDevelopment .NETExtensibility3.5 .NETExtensibility4.5 ASP ASP.NET3.5 ASP.NET4.5 ISAPIExtensions ISAPIFilters ServerSideIncludes FTPServer FTPService ManagementTools IISManagementConsole IIS6ManagementCompatibility IIS6MetabaseCompatibility IIS6ManagementConsole IIS6ScriptingTools IIS6WMICompatibility IIS6ManagementScriptsandTools ManagementService AddthefollowingFeaturesbyselectingthemfromthelist: BackgroundIntelligentTransferService(BITS) IISServerExtension RemoteServerAdministrationTools FeatureAdministrationTools BITSServerExtensionsTools ClickInstallandverifythattheinstallationcompletedproperlyintheNotificationspaneofServerManager. Bydefault,IISblocksseveraltypesoffileextensionsandlocationsfromaccessbyHTTPorHTTPScommunication.Toenablethesefilestobedistributedtoclientsystems,youwillneedtoconfigurerequestfilteringforIISonyourdistributionpoint.Formoreinformation,seeIISRequestFilteringfordistributionpoints. ToconfigureIISfilteringondistributionpoints: OpenIISManagerandselectthenameofyourserverinthesidebar.ThiswilltakeyoutotheHomescreen. VerifythatFeaturesViewisselectedatthebottomoftheHomescreen.NavigatetoIISandopenRequestFiltering. IntheActionspane,clickAllowFileNameExtension... Type.msiintothedialogboxandclickOK. InstallingConfigurationManager YouwillcreateaDeterminewhentouseaprimarysitetomanageclientsdirectly.ThiswillallowyourlabenvironmenttosupportmanagementforSitesystemscaleofpotentialdevices. Duringthisprocess,youwillalsoinstalltheConfigurationManagerconsole,whichwillbeusedtomanageyourevaluationdevicesgoingforward. Beforeyoubegintheinstallation,launchthePrerequisiteCheckerontheserverusingWindowsServer2012toconfirmthatallsettingshavebeencorrectlyenabled. TodownloadandinstallConfigurationManager: NavigatetotheSystemCenterEvaluationspagetodownloadthenewestevaluationversionofConfigurationManager. Decompressthedownloadmediaintoyourpredefinedlocation. FollowtheinstallationprocedurelistedatInstallasiteusingtheConfigurationManagerSetupWizard.Withinthatprocedure,youwillinputthefollowing: Stepinsiteinstallationprocedure Selection Step4:theProductKeypage SelectEvaluation. Step7:PrerequisiteDownloads SelectDownloadrequiredfilesandspecifyyourpredefinedlocation. Step10:SiteandInstallationSettings -Sitecode:LAB-Sitename:Evaluation-Installationfolder:specifyyourpredefinedlocation. Step11:PrimarySiteInstallation SelectInstalltheprimarysiteasastand-alonesite,thenclickNext. Step12:DatabaseInstallation -SQLServername(FQDN):inputyourFQDNhere.-Instancename:leavethisblank,asyouwillusethedefaultinstanceofSQLServerthatyoupreviouslyinstalled.-ServiceBrokerPort:leaveasdefaultportof4022. Step13:DatabaseInstallation Leavethesesettingsasdefault. Step14:SMSProvider Leavethesesettingsasdefault. Step15:ClientCommunicationSettings ConfirmthatAllsitesystemrolesacceptonlyHTTPScommunicationfromclientsisnotselected Step16:SiteSystemRoles InputyourFQDNandconfirmthatyourselectionofAllsitesystemrolesacceptonlyHTTPScommunicationfromclientsisstilldeselected. EnablepublishingfortheConfigurationManagersite EachConfigurationManagersitepublishesitsownsite-specificinformationtotheSystemManagementcontainerwithinitsdomainpartitionintheActiveDirectoryschema.BidirectionalchannelsforcommunicationbetweenActiveDirectoryandConfigurationManagermustbeopenedtohandlethistraffic.YouwillalsoadditionallyenableForestDiscoverytodeterminecertaincomponentsofyourActiveDirectoryandnetworkinfrastructure. ToconfigureActiveDirectoryforestsforpublishing: Inthebottom-leftcorneroftheConfigurationManagerconsole,clickAdministration. IntheAdministrationworkspace,expandHierarchyConfiguration,thenclickDiscoveryMethods. SelectActiveDirectoryForestDiscoveryandclickProperties. InthePropertiesdialogbox,selectEnableActiveDirectoryForestDiscovery.Oncethisisactive,selectAutomaticallycreateActiveDirectorysiteboundarieswhentheyarediscovered.AdialogboxwillappearthatstatesDoyouwanttorunfulldiscoveryassoonaspossible?ClickYes. IntheDiscoveryMethodgroupatthetopofthescreen,clickRunForestDiscoveryNow,thennavigatetoActiveDirectoryForestsinthesidebar.YourActiveDirectoryforestshouldbeshowninthelistofdiscoveredforests. Navigatetothetopofthescreen,totheGeneraltab. IntheAdministrationworkspace,expandHierarchyConfiguration,thenclickActiveDirectoryForests. ToenableaConfigurationManagersitetopublishsiteinformationtoyourActiveDirectoryforest: IntheConfigurationManagerconsole,clickAdministration. Youwillconfigureanewforestthathasnotyetbeendiscovered. IntheAdministrationworkspace,clickActiveDirectoryForests. OnthePublishingtabofthesiteproperties,selectyourconnectedforest,thenclickOktosavetheconfiguration. Feedback Submitandviewfeedbackfor Thisproduct Thispage Viewallpagefeedback Inthisarticle