In this lab, we are going to setup two server for the SCCM infrastructure.
- Server1: Domain Controller with all the FRSO.
- Server 2: SCCM and SQL server
Hardware :Processor – AMD Opteron, AMD Athlon 64, Intel Xeon with Intel EM64T support, Intel Pentium IV with EM64T support. The minimum processor speed expected is 1.4 GHz.
RAM – A minimum of 2 GB RAM is required.
Disk Space – A minimum of 50 GB hard disk space is a must.
In the first 3 steps ensure that you are logged on to the schema master domain controller (server1)with an account that is a member of the of Domain Admin, Schema Admin.
Step1. Create the system management container
Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services.
On the Domain controller machine, click on Server Manager, Tools, click on ADSI Edit.
Right click ADSI Edit and click on Connect to. On the Connection Settings window, the naming context should be Default naming context. Do not change anything here, click on OK.
1. In the ADSI Edit Console, expand the Default Naming Context, right click CN=System, click on New and create an Object.
2. On the Create Object windows, select the class as container and click on Next.
3. Provide the value as System Management. Click on Next and click on Finish to close the wizard.
Step2. Grant the site server’s computer account the permissions that are required to publish site information to the container. The primary site server computer account must be granted Full Control permissions to the System Management container and all
its child objects.
1. Click on Server Manager, click on Tools, click on Active Directory Users and Computers. Click on View and click Advanced Features. Expand System, right click System Management and click on Delegate Control.
2. The primary site server computer account must be granted Full Control permissions to the System Management container. Click on Add, on select users,computers or groups window click on Object Types and check for Computers as object types. Click on OK. Type the name of the primary site server computer account and click on OK.
3. You must see the primary site server computer account listed under the users or groups. Click on Next.
4. On the Tasks to Delegate page, click on Create a custom task to delegate. Click on Next.
5. On the Active Directory Object Type window, select the option This folder, existing objects in this folder and creation of new objects in this folder. Click on Next.
6. We need to select the permissions to delegate, choose General, Property Specific and Creation/deletion of specific child objects. Under the permissions, click on Full Control. when you check the box for Full Control all the other permissions gets checked automatically. Click on Next and click on Finish to close the wizard.
7. Create an sccm account, we will create an account named sccmadmin, which is a member of Domain admin
Step3. Extending Active Directory Schema
To extend the Active Directory Schema using extadsh.exe utility, locate the extadsh.exe which can be found in \SMSSETUP\BIN\X64 of the configuration manager setup DVD. Hold the shift key on your keyboard and right click extadsh.exe and click on Copy as Path.
Launch the command prompt. Right click and click paste and hit enter. You should see the line Successfully extended the Active Directory Schema.
On the SCCM server (server2),
Step4. Server Role and click on Server Manager, click on Manage, click on Add Roles and Features. Click on Select a server from the server pool and click on Next.
1. Select Web Server (IIS) as the server role and click on Next.
2. You need to enable the following features for installing configuration manager 2012 R2 on Windows server 2012 R2
1) .Net Framework 3.5 Features [Install all sub features]
2) .Net Framework 4.5 Features [Install all sub features]
4) Remote Differential Compression
3. Under the Web Server Role(IIS), click Role Services, make sure following has been selected:
Common HTTP Features – Default Document, Static Content.
Application Development – ASP.NET 3.5, .NET Extensibility 3.5, ASP.NET 4.5, .NET Extensibility 4.5, ISAPI extensions.
Security – Windows Authentication.
IIS 6 Management Compatibility – IIS Management Console, IIS 6 Metabase Compatibility, IIS 6 WMI Compatibility, IIS Management Scripts and Tools.
4. click on Specify an alternate source path and provide the path as D:\Sources\sxs (where D is the drive letter where the Windows Server 2012 R2 media is mounted).
Step5. Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1
The Windows Assessment and Deployment Kit (Windows ADK) is a collection of tools that you can use to customize, assess, and deploy Windows operating systems to new computers. The latest version out there is ADK 8.1 and you can find the download links at the end of the post.
Download the adksetup.exe, right click on the file and click on Run as Administrator. On the Specify Location page, choose the install path. Click on Next, then next.
On the License Agreement page, Click on Accept.
Select Deployment Tools, Windows Preinstallation Environment and User State Migration Tool. Click on Install. Wait for the completion and click close.
The SCCM set report that the database version is wrong, or the update is not up to date:
After checking the ConfigMgrSetup.log in C:\, searching for “fail”, found the following error:
ERROR: Failed to get Service Pack version for SQL Server <SCCM.lab.com>. $$<Configuration Manager Setup><04-06-2017 00:41:21.037+420><thread=1376 (0x560)> Failed to connect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL registry key for reading on SQL Server [SCCM.lab.com]. $$<Configuration Manager Setup><04-06-2017 00:41:54.152+420><thread=1376 (0x560)> WARNING: failed to retrieve port number for SCCM.lab.com. $$<Configuration Manager Setup><04-06-2017 00:41:54.152+420><thread=1376 (0x560)>
After checking the Registry setting, there is no
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL
Then found the solution in https://blogs.technet.microsoft.com/microsoft_denmark_premier_field_engineering_config_manager_blog/2013/04/10/system-center-configuration-manager-2012-service-pack-1-fails-to-install-when-using-sql-server-2012-service-pack-1/
First go to start, SQL server configuration Manager.
Under SQL server configuration Manager, SQL Server Services, in the right pane right click SQL server, properties, advanced, check the Version value, note it down and replace the following version with that.
Created a .reg file with content:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\\MSSQLServer\CurrentVersion] "CurrentVersion"="11.0.3000.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer\SuperSocketNetLib] "ProtocolList"=hex(7):74,00,63,00,70,00,00,00,6e,00,70,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer\SuperSocketNetLib\Np] "PipeName"="\\\\.\\pipe\\sql\\query" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer\SuperSocketNetLib\Tcp] "TcpPort"="1433" "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer\SuperSocketNetLib\Tcp\IPAll] "TCPPort"="1433" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance names] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance names\SQL] "MSSQLSERVER"="MSSQL11.MSSQLSERVER" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\Setup] "Version"="11.0.3000.0"
double click it, done!
WSUS could not be installed due to restart
Go to event Viewer, Windows Logs > System , in the right pane, click Filter Current Log…, check Error after Event level, Event ID 7041.
The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error: Logon failure: the user has not been granted the requested logon type at this computer. Service: MSSQL$MICROSOFT##WID Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID This service account does not have the required user right "Log on as a service." User Action Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster. If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
There are 2 possible solutions to fix this issue :
1) By adding the account (NT SERVICE\MSSQL$MICROSOFT##WID) to log on as service using gpedit.msc. 2) implement the same solution using GPO.
1.Add account NT SERVICE\MSSQL$MICROSOFT##WID as log on as service using GPEDIT.MSC on local server
Open gpedit.msc using administrator account ,Computer Configuration—>Windows Settings—>Security Settings—>Local Policies—>User Rights Assignment
Go to properties of Logon as Service,click on Add user or Group,Enter NT SERVICE\MSSQL$MICROSOFT##WID ,click ok.
Restart the server and start installing WSUS role .
2) Implementing using GPO :
Go to your group policy management console,edit default domain policy
Computer Configuration—>Policies—>Windows Settings—>Security Settings—>Local Policies—>User Rights Assignment
After this you may find the SQL server is not running,because the setting overwrite the local settings, we have to add another name as well. As we used sccmadmin as the
How to Extend the Active Directory Schema Using ExtADSch.exe: https://technet.microsoft.com/en-us/library/bb680608.aspx