Change the authentication method in IIS Server

In the Server Manger, Click on Tools and select Internet Information Services (IIS) Manager.















In the connections pane, expand the Server Name, expand the Sites and select the App Controller.














In the AppController Home page, Select Authentication under IIS.















By default, Windows Authentication is disabled.












Under Actions Pane, Enable Windows Integrated Authentication.












Verify and close the Internet Information Services (IIS) Manager console.

Introduction to System Center Configuration Manager:

  1. It is one of product from System Center suite which used for deploying and administering the IT infrastructure in an enterprise.
  2. System Center 2012 Configuration Manager increases IT productivity and reducing manual tasks .
  3. It is designed to deploy and manage desktops, laptops and servers from the moment they arrive to the enterprise environment.
  4. It also designed for handling operating systems, applications, patching, compliance, anti-virus, assets and logging.
  5. It can integrate with Windows Server Update Services (WSUS), Network Access Protections (NAP), Certificate Services, DNS server role, Windows Automated Installation Kit (Windows AIK), User State Migration Tool (USMT), Windows Deployment Services (WDS), and Remote Desktop Services.

Configuration Manager site Hierarchy consists of the following:
  1. Central Administrative Site
  2. Primary Site
  3. Secondary Site

Configuration Manager - Central Administration Site

The central administration site coordinates inter-site data replication across the hierarchy by using Configuration Manager database. The central administration site also allows the administration of client agents, discovery performance, and software updates.

Important notes of central administration site:
  1. Only one central administration site per hierarchy can be installed.
  2. In configuring a Configuration Manager hierarchy, the central administration site is the first one must installed.
  3. The central administration site cannot be joined or moved to an existing hierarchy.

Important considerations when deploying a central administration site:
  1. It supports up to 25 child primary sites simultaneously
  2. It participates in SQL database replication
  3. It does not support client data and client assignment
  4. It does not support a management point so no client can report to this site
  5. Not all site system roles are available. It supports roles of Asset Intelligence Synchronization Point, Reporting Service Point and Software Update Point.
  6. It used for all administration and reporting for the site hierarchy

Considerations when installing a central administration site:
  1. When more than one primary site is present in a hierarchy
  2. When there is a need to scale-up the number of clients that can be managed
  3. When there is a need to off-load reporting and administration from your primary site
  4. When there is a need to monitor and report from all sites and objects in the hierarchy

Steps to Extend the Active Directory Schema for System Center Configuration Manager

1. Login to Physical Server as Admnistrator.
2. Insert the System Center 2012 Configuration Manager media into server.
3. Click Start, in the Search Box type CMD and right-click on CMD and select Run as Administrator.
4. In command prompt type cd D:\SMSSETUP\BIN\i386 (Replace D:\ with the drive where the media is located).
5. Type extadsch.exe
6. Close the CMD window.
7. Verify the log file located in C:\extadsch.log
8. Open the log file in notepad and check for the status. If installation succeeds it writes "Successfully Extended Active Directory Schema".   

Configuration Manager - Extend the Active Directory Schema

Extending the Active Directory schema is a forest-wide action and can only be done one time per forest. 

 Important considerations for Active Directory schema extension:

  1. All Configuration Manager site systems must be members of an Active Directory domain.
  2. The schema does not need to be extended again for Configuration Manager 2012, if it has already been extended for Configuration Manager 2007.
  3. Update the Active Directory schema before or after you install Configuration Manager.
  4. Schema updates do not interfere with an existing Configuration Manager 2007 site or clients.
  5. Schema changes are stored in \SMSSETUP\BIN\x64\ConfigMgr_ad_schema.ldf

Configuration Manager - Boundaries & Boundary groups

Boundaries

 Each boundary represents a network location in Configuration Manager and is available from every site in your hierarchy. To manage a client, the boundary must also be a member of a boundary group. 

 Boundaries can be any of the following:
  • IP range
  • IP subnet
  • Active Directory site
  • IPv6 prefix

Boundary groups


Boundary groups are used to manage your network locations. 

Boundary groups have the following functions:
  • They enable clients to find a primary site.
  • They can provide clients with a list of available site systems that have content that associates with the distribution point and state migration point site system servers with the boundary group.
  • To support site assignment, configure the boundary group to specify an assigned site for clients. 
  • To support content location, specify one or more site systems. Site systems are specified with the distribution point or state migration point site system role. 
  • Both the site assignment and content location configurations are optional for boundary groups.
  • When there is a plan for boundary groups, consider creating one set of boundary groups for content location and a second set of boundary groups for automatic site assignment. This avoids overlapping boundaries for site assignment.

Configuration Manager - Site System Roles

Configuration Manager uses site system roles to support management operations at each site. Each site system role supports different management functions. The site system roles that provide basic management functionality are:
  1. Management Point (MP): A site system role that provides communication between configuration server and clients. Clients uses this server for downloading the policies.
  2. Distribution Point: A site system role used by the clients for downloading contents such as software packages and updates, application contents, OS image, and boot image.
  3. Asset Intelligence Synchronization Point: A site system role that connects to System Center Online to download and manage Asset Intelligence catalog information and upload uncategorized titles to consider them for future inclusion in the catalog.
  4. Reporting services Point:A site system role that provides integration with SQL server reporting services to create and manager reports for configuration manager
  5. Software update point :A site system role that runs Microsoft windows server update services and allows configuration manager to use the WSUS catalog to scan clients for software updates
  6. Application Catalog Website Point: A site system role that publishes the list of softwares on the website for users to browse/install.
  7. Application Catalog Web Service Point: A site system role that serves applications to the website which are to be listed in the catalog. This site system role requires IIS.
  8. Out of band service point: A site system role that allocates and configures Intel AMT-based computers for out of band management, when the computer is turned off, in hibernation, or not responding.
  9. Endpoint Protection Point: A site system role that allows to manage Window Firewall and antimalware security policies for client computers.
  10. Fallback Status Point: A site system role that receives messages from clients for monitoring client installation and identifies clients which are not able to communicate with their Management Point.
  11. State Migration Point: A site system role that stores user state data when a computer is migrated to a new operating system.
  12. Enrollment Point: A site system role that enables authentication when enrolling their mobile devices from an untrusted forest.
  13. Enrollment Proxy Point: A site system role that communicates with mobile devices with security enrollment proxy point in the network.
  14. System Health Validator Point: A site system role must be installed to validate configuration manager clients and passes the health state of the computers to the Windows Network Policy Server.
  15. Component Server: A server that runs Configuration Manager services. While installing the site system roles, configuration Manager automatically installs the component server.
  16. Site Server: A server which provides the core configuration manager functionality for the site.
  17. Site System: A server that hosts one or more site system roles for Configuration Manager site
  18. Site Database Server :A site system role that runs Microsoft SQL server and hosts the configuration Manager Site Database.
Roles CAS Primary Secondary http https
Management Point No Yes Yes Yes Yes
Distribution Point No Yes Yes Yes Yes
Asset Intelligence Synchronization Point No Yes Yes Yes Yes
Reporting Service Point Yes Yes No Yes Yes
Software Update Point Yes Yes No Yes Yes
Application Catalog Website Point No Yes No Yes Yes
Application Catalog Webservice Point No Yes No Yes Yes
Out of Band service Point No Yes No No Yes
Endpoint protection point No Yes No Yes Yes
Fallback status point No Yes No Yes No
State migration Point No Yes Yes Yes Yes
Enrollment Point No Yes No No Yes
Enrollment proxy point No Yes No No Yes
System health validator Point No Yes No Yes Yes

Configuration Manager - Distribution Points

A distribution point is a computer designed to deliver binary files/packages to Configuration Manager clients.

Important considerations when deploying distribution points:
  1. Binary files include applications, operating system deployment images, boot images and software updates.
  2. In Configuration Manager, distribution points use a new storage format called the content library.
  3. The content library stores all content on the distribution point using single instance storage.
  4. The file is stored only once on the distribution point even if it is contained in multiple packages.
  5. It is considered only if there are limited number of users.

Considerations when installing a secondary site:

  1. If there is no concern about network usage due to clients reporting status, inventory and discovery to their primary site location. In this case you would use a distribution point instead of secondary site.
  2. If there is a concern that client-side BITS does not provide enough bandwidth control for your WAN.

Configuration Manager - Secondary Sites

Secondary sites control content distribution for clients in remote locations that have limited network bandwidth.

Important considerations when deploying secondary sites:
  1. It is used to host site system roles to offload WAN link traffic.
  2. It can be installed from the Configuration Manager console and can communicate with clients but never have clients assigned to them.
  3. A management point and distribution point are automatically deployed during the site installation.
  4. It can distribute content to other secondary sites but cannot report to another secondary site

Considerations when installing a secondary site:

  1. When a local administrative user is not required in a location
  2. When there is need to manage the transfer of deployment content/Client data across low-bandwidth networks
  3. When there is need to establish tiered content routing for deep network topologies

Configuration Manager - Primary Sites

Primary sites can be used to manage clients in well-connected networks and these cannot be tiered.

Important considerations when deploying primary sites:
  1. It will be a stand-alone site or a member of a hierarchy
  2. It only supports a central administration site as a parent site and secondary sites as child sites
  3. It uses database replication to communicate directly to their central administration site
  4. It supports up to 250 secondary sites and 100,000 clients attached
  5. It is responsible for processing all client data.

Considerations when installing a primary site:

  1. When there is need to manage clients directly and provide a local point of connectivity for administration.
  2. When there is need to increase the number of clients to manage and administer.
  3. When there is need to reduce the possible result of failure of a single primary site.
  4. When there is need to provide load-balancing support for clients across multiple servers.
  5. When there is need to manage the transfer of deployment content across a low-bandwidth network.
Subscribe to: Comments (Atom)