How can I install System Center Configuration Manager (Current Branch) ?

Introduction

Microsoft have been hard at work developing the next version of Configuration Manager (after System Center 2012 Configuration Manager). Up until now they’ve released a bunch of Technical Previews and today they’ve announced the General Availability of the RTM release, along with it’s official name: System Center Configuration Manager and Endpoint Protection (version 1511). The version used in the product name specifies the YY/MM (year/month) that it was released.

 

This release is the first Current Branch release of Configuration Manager. This release has the ability to update itself based on your choices (Software as a Service SAAS) so as Microsoft releases newer versions of Configuration Manager to the Enterprise in the coming years, the Current Branch version identifier will change too (for example to 1607, 1611, 1702 etc). This is explained in Brad’s post here.

 

This long and detailed post will guide you through installing System Center Configuration Manager version 1511 using some automation via scripts, and you get to choose between two installation methods, manual or unattended. Regardless of what method you use to install ConfigMgr, this guide will configure everything correctly so that your environment is ready to manage all devices and to do Windows 10 servicing via Software Update Management, which is a topic that will be covered in a later post. Lastly, the guide looks at the Service Connection Point role settings, how you can change them and how to configure Usage Data.

 

Technet Reading

You can read the release notes for System Center Configuration Manager version 1511 here.

Recommended hardware for System Center Configuration Manager here.

Supported operating systems for sites and clients for System Center Configuration Manager here.

Support for SQL Server versions for System Center Configuration Manager here.

Support for Active Directory domains for System Center Configuration Manager here.

Support for Windows features and networks in System Center Configuration Manager here.

Support for Virtualization Environments for System Center Configuration Manager here.

 

Assumptions

In this guide I assume you have already installed two servers running Server 2012 R2 as listed below, I also assume you have some knowledge of PowerShell, if you don’t, start learning it now !

 

AD1

Active directory domain controller with DNS, DHCP

  • IPv4 Address: 192.168.5.1
  • Subnet Mask: 255.255.255.0
  • Default Gateway: 192.168.5.199

CM01

Configuration Manager server, joined to the domain.

  • IPv4 Address: 192.168.5.2
  • Subnet Mask: 255.255.255.0
  • Default Gateway: 192.168.5.199

Smoothwall (optional)

A Linux firewall running on 192.168.5.199 purely for sharing internet into these vm’s.

 

Scripts used in this guide

The scripts used in this guide are available at the bottom of the guide in the Downloads section, download them before beginning and extract them to C:\Temp on your ConfigMgr server.

 

Step 1. Define some GPO’s

Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

 

To allow SQL to replicate data, open the following TCP ports in the Configuration Manager firewall, 1433, 4022. You can do this by targettingĀ  your ConfigMgr servers with a GPO. To create the GPO do as follows. Start the Group Policy Management tool (GPMC.MSC) and create a new GPO.

 

create a gpo in this domain.png

 

Note: In the preceding screenshot I link the GPO to the domain GPO however you should consider creating an OU specifically for your Configuration Manager servers and target this GPO only to that OU (your Configuration Manager servers require this GPO for SQL replication).

 

Give the GPO a name such as SQL Ports for System Center Configuration Manager.

 

give the gpo a name.png

 

When done, right click on the GPO and choose Edit.

 

editing a gpo.png

 

Select Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security and select Inbound Rules, choose New Rule and follow the wizard for opening up TCP port 1433 as per this guide on Technet. Once done, repeat the above for TCP Port 4022.

 

tcp ports opened.png

 

Optional: Once the above is done, and if you intend on using the PowerShell script in Step 2 to create users and to make a user a local admin on the CM01 server, create another GPO called Allow Inbound File and Printer sharing exception which sets Windows Firewall: Allow inbound file and printer sharing exception to Enabled.

 

This policy is located in Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile.

 

allow inbound.png

 

Once done, apply the GPO’s by running gpupdate /force on CM01.

 

gpo applied.png

 

Step 2. Create users
Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

You can do this step manually or automated using the supplied PowerShell script.

 

To create users manually, add the following users in AD using Active Directory Users and Computers:

 

* <your user name>, a domain user, this user will become a local administrator on CM01
* Testuser, a domain user
* CM_BA, used for building ConfigMgr created images

* CM_JD, used for joining computers to the domain
* CM_SR used for reporting services.
* CM_CP, a domain user used when installing the Configuration Manager Client for Client Push.
* CM_NAA, a domain user, (Network Access Account) used during OSD

 

To create users automatically, use the Create Users Usergroups and OU in AD.ps1 PowerShell script

 

 

Copy the script to AD1, start Windows PowerShell ISE as Administrator and open the Create Users Usergroups and OU in AD.ps1 script. Edit the variables as desired before running.

 

Note: You need to edit the script and adjust the variables to your liking, for example if you want to change the default password. You may also want to rem out the MDT and MBAM user/groups that are created and change some of the user names within the script.
After running the PowerShell script in Windows PowerShell ISE you’ll see something like the following.

 

script to add users to ad.png

 

and in Active Directory Users and Groups you can see the OU and structure it has created.

 

users and groups created.png

 

Step 3. Create the System Management Container
Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

 

Open ADSI Edit, click on Action, Connect To and click Ok, Double Click on Default Naming Context and the DC= that appears below it. Click on the + and scroll down to CN=System.

Right Click on CN=System and choose New, Object, choose Container from the options, click Next and enter System Management as the value as shown below

 

system management.png

 

Step 4. Delegate Permission

Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

 

Open Active Directory Users and Computers. Click on view, select Advanced Features. Select the System Management Container, and right click it, choose All Tasks and Delegate Control. When the Welcome to Delegation of Control Wizard appears click next, then click Add. click on Object Types, select Computers.

 

Type in your Configuration Manager server nameĀ  (CM01) and click on Check Names, it should resolve.

 

delegation of control.png

 

Click Ok, then Next. Choose Create a Custom Task to Delegate, click next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected.

 

Click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in Full Control.

 

full control.png

 

Tip: Repeat the above for each site server that you install in a Hierarchy.

 

Step 5. Install Roles and Features on CM01

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

To support the various features in System Center Configuration Manager, the setup wizard requires some Server Roles and Features pre-installed on CM01, so let’s go ahead and install them. On CM01, login as the username you added to the Local Administrators group and navigate to C:\Temp. The XML files within the Scripts Used in This Guide.zip were created using the Export Configuration File option in Server Manager after manually installing roles and features and the accompanying PowerShell script simply installs it.

 

Note: Make sure your Server 2012R2 media is in the drive specified in the script or edit the script to point to the location of the media.

 

To install the roles and features needed, start Windows Powershell ISE as Administrator and run the install roles and features.ps1 script.

 

running the script in ise.png

 

Step 6. Download and install Windows ADK 10

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

The ConfigMgr prerequisite checker will check for various things, including ADK components such as USMT and Windows Preinstallation Environment (amongst others), therefore you need to install Windows ADK on your server. To do so, either download ADKsetup from here and manually install it or run the setup ADK and WDS.ps1 PowerShell script to download and install the correct components for you. This script not only downloads the components needed, it’s also installs ADK 10 and then installs Windows Deployment Services. The setup ADK and WDS.ps1 PowerShell script is available in the Scripts Used in this Guide zip file.

 

Note: due to issues with Windows ADK 10 for build 1511,I’m using the original Windows 10 ADK in the download script.

 

To download and then install Windows ADK 10 with the components needed, start Windows Powershell ISE as Administrator and run the setup ADK and WDS.ps1 script.

 

setup ADK.png

 

Step 7. Install SQL on CM01

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

Before you install the Configuration Manager you need SQL installed, both SQL Server 2012 and SQL Server 2014 are supported however you will use the latest release in this guide which is SQL 2014. I used the following release from MSDN for this guide, however you should use Volume License media in production:-

  • en_sql_server_2014_standard_edition_with_service_pack_1_x64_dvd_6669998.iso

The command line below will install SQL Server with the correct collation needed for ConfigMgr to the following location: C:\Program Files\Microsoft SQL Server. If you don’t want to use that location you can change it by modifying the /INSTANCEDIR reference. In addition, make sure to place your SQL Server 2014 media in the appropriate drive before running the script, if it’s on a different drive letter, modify D:\setup.exe accordingly.

 

To start the install, open an administrative cmd prompt on CM01 and change “windowsnoob\niall” to match your domain\username, after you’ve made the edit, press enter to install SQL Server 2014.

D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" "windowsnoob\niall" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms

For a list of options for installing SQL Server 2014, see this page on Technet: https://technet.micr…v=sql.120).aspx

 

Once installed, you should see success messages like below, if not, troubleshoot the errors and/or review your command line for typos.

 

sql server installed.png

 

Step 8. SQL Memory Configuration

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

Depending on your memory configuration and server setup, you may also want to configure SQL memory limits as per the following guidance prior to installing ConfigMgr otherwise you’ll get warnings in the Prerequisite checker when it runs the Server Readiness checks.

  • Configuration Manager requires SQL Server to reserve a minimum of 8 gigabytes (GB) of memory for the central administration site and primary site and a minimum of 4 gigabytes (GB) for the secondary site. This memory is reserved by using the Minimum server memory setting under Server Memory Options and is configured by using SQL Server Management Studio. For more information about how to set a fixed amount of memory, see here.
  • If your SQL Server is configured for unlimited memory usage, you should configure SQL Server memory to have a maximum limit.

Based on this guidance I’ve configured the SQL Server memory for this standalone primary as follows:

 

min max sql ram.png

 

Step 9. Restart the Server

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

Open an administrative command prompt and issue the following command:

shutdown /r

shutdown reboot.png

 

Step 10. Getting ready for Windows 10 servicing

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

Microsoft recently blogged about an Important update for WSUS 4.0 (KB 3095113). This update allows WSUS 4.0 to use the new Upgrades classification in WSUS 4.0 (Windows Server 2012R2). Failure to install the hotfix will mean that WSUS will not have the Upgrades Classification even though ConfigMgr version 1511 will show this classification in the SUP properties. In addition, this hotfix is mandatory to support Windows 10 servicing via Software Update Management.

 

Before you can install the hotfix however you need a bunch of prerequisite updates and feature packs installed and then you need to install WSUS 4.0. The order of the installation of these updates is important too so I’m listing it here. The installation of some of these updates involve restarts. The installation of the WSUS 4.0 (KB 3095113) will take place immediately after installing WSUS 4.0 and is covered in the next step.

 

Note: In this guide I assume you’ve not yet installed any updates on your server and you are setting things up from Windows Server 2012R2 media (a clean install). If you are trying this on a server that is already updated via Windows Update, then some of the updates below may already be installed or superseded. However if that is the case, try and install any remaining updates in the same order as below.

You will need to download both KB2919442 and KB2919355 , make sure to download all the files within that Cumulative Update and Feature Pack release

 

The correct installation order is as follows, remember that you cannot install KB3095113 until after WSUS 4.0 is installed:-

  • KB2919442
  • KB2919355
  • clearcompressionflag.exe
  • KB2919355
  • KB2932046
  • KB2959977
  • KB2937592
  • KB2938439
  • KB2934018

Step 11. Install the WSUS role

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

Now that SQL server is installed, we can utilize that for the WSUS database. To install WSUS and configure it to use the SQL servers database instead of the Windows Internal Database, do as follows:

 

Browse to the location where you extracted the scripts, C:\Temp

 

Start Windows PowerShell ISE as administrator, then run the install roles and features_WSUS.ps1 script.

 

wsus installed.png

 

Finally, you can install the WSUS Upgrades Classification hotfix.

 

KB 3095113

 

Restart the server when prompted to do so.

 

installation complete.png

 

Note: Even though you have installed the Hotfix required to do Windows 10 servicing, the WSUS classifications will not display the Upgrades classification until the ConfigMgr Software Update Point has performed a successful sync.

 

Step 12. Download and extract the content

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

To install System Center Configuration Manager version 1511 you’ll need to download the content. You can download it from Microsoft’s Volume license site for use in production or from MSDN for use in a lab. For the purposes of this guide I used the following content from MSDN. This iso is named mu_system_center_configuration_manager_version_1511_x86_x64_dvd_7295963.iso and is 1.20GB in size.

 

Once downloaded, I mounted the ISO in Windows File Explorer and copied the contents to C:\ConfigMgrSources\SCCMversion1511

 

sccmversion1511.png

 

Step 13. Download the ConfigMgr Prerequisites

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

You can download the prerequisites during ConfigMgr setup or in advance. As you’ll probably want to install more than one copy of ConfigMgr (one lab, one production) it’s nice to have the prerequisites downloaded in advance. To do that, open a command prompt with administrative permissions and navigate to the following folder:

 

C:\ConfigMgrSources\SCCMversion1511\smssetup\bin\X64

 

Run the following line

SetupDL.exe C:\ConfigMgrSources\Downloads

downloading the prerequisites.png

 

Tip: Browse to C:\ConfigMgrSources\SCCMversion1511\SMSSETUP\TOOLS and double click on CMTrace.exe, answer Yes to the default logging question. Then, using Windows File Explorer, browse to C:\ and double click on ConfigMgrSetup.log which will open the log file in CMTrace. This will allow you to view any errors or problems with the download of the prerequisites in real time.

 

log in cmtrace.png

 

Step 14. Extend the Schema

Note: Perform the following on the Domain controller server (AD1) as Administrator. You do not have to extend the Active Directory schema if it was already extended for Configuration Manager previously.

 

Using Windows File Explorer on the Active Directory Domain Controller, browse to \\<server>\c$\ConfigMgrSources\SCCMversion1511\SMSSETUP\BIN\X64 where <server> is your ConfigMgr server

 

locate extadsch.exe, right click and choose Run As Administrator.

 

A command prompt window will appear briefly as the schema is extended, check in C:\ for a log file called ExtADSch.log it should look similar to this

 

schema extended 1511.png

 

Step 15. Install Configuration Manager version 1511 manually

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

There are two ways to install ConfigMgr, manually using the ConfigMgr setup wizard or unattended. To install it manually use the settings below To do an unattended install jump to the next step.

 

Browse to C:\ConfigMgrSources\SCCMversion1511 and click on Splash.HTA, notice the version number is clearly listed !

 

splash.png

 

click on Install and then click on Next

 

install a primary.png

 

Note: In this release, you now have the option to install a Standalone Primary (recommended) or a CAS. If running setup on an already installed site (such as Configuration Manager 2012 R2) you will be offered the Upgrade option.

 

Select the option to Use typical installation options for a stand-alone primary site and click on Next. You’ll be prompted with a note, read it before clicking on Yes.

 

note.png

 

Next you get to install the licensed or evaluation version (180 days) of the product, choose your version and click on Next.

 

licensed.png

 

read the EULA and agree to the terms to continue

 

i accept.png

 

accept the license terms for SQL server express and Silverlight

 

license terms.png

 

select previously downloaded files and provide the following path C:\ConfigMgrSources\Downloads before clicking on Next

 

previously downloaded files.png

 

fill in your Site Code, Site name, Installation Folder and then click Next

 

Note: Change the Site Code, Site Name and Installation Folder to values that suit your environment, you can’t change them later so think before clicking next.

 

site code site name.png

 

review the Usage Data screen, this gives you info about what data Microsoft collects and how you can change the User Data levels and settings choice at a later stage from within the ConfigMgr Console.

 

usage data.png

 

Next you get to decide about the Service Connection Point setup, this is required if you want to allow ConfigMgr to check for updates to avail of new features and inform you about those updates (much like Intune Extensions show up in ConfigMgr 2012 R2 with Microsoft Intune integrated) and this role is the basis of ConfigMgr as a Service.

 

service connection point setup.png

 

finally, review your Settings Summary

 

summary.png

 

and if you followed this guide correctly all prerequisite rules pass successfully.

 

all prequisite checks passed successfully.png

 

Click on Begin Install to start the installation

 

installing 1511.png

 

and click on View Log in the lower left corner (or use Windows File Explorer and open C:\ConfigMgrSetup.log) to bring up the log file in CMTrace so you can see the installation progress (or issues encountered) in real time….perhaps now is a good time for a coffee or some other suitable beverage šŸ˜‰

 

installing 1511 in cmtrace.png

 

and after a while you are done !

 

you are done.png

 

Click on close.

 

You should now restart the Configuration Manager server via an administrative command prompt, enter the following:

shutdown /r

shutdown reboot.png

 

Step 16. Install Configuration Manager version 1511 unattended

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

To install ConfigMgr automated (unattended) you need to generate or use a previously created ini file called ConfigMgrAutoSave.ini. The easiest way to generate one is to go through a manual installation as shown in the step above and capture the file after everything is complete. The file will be stored in your %temp% profile as shown below:

 

configmgr autosave location.png

 

Below is a sample ConfigMgrAutoSave.ini file created from the above installation choices I made, I’ve removed the ProductID and SysCenterID values however.

[Identification]
Action=InstallPrimarySite

[Options]
ProductID=EVAL
SiteCode=P01
SiteName=windows-noob.com Primary Site
SMSInstallDir=C:\Program Files\Microsoft Configuration Manager
SDKServer=CM01.windowsnoob.lab.local
RoleCommunicationProtocol=HTTPorHTTPS
ClientsUsePKICertificate=0
PrerequisiteComp=1
PrerequisitePath=C:\ConfigMgrSources\Downloads
ManagementPoint=CM01.windowsnoob.lab.local
ManagementPointProtocol=HTTP
DistributionPoint=CM01.windowsnoob.lab.local
DistributionPointProtocol=HTTP
DistributionPointInstallIIS=0
AdminConsole=1
JoinCEIP=0

[SQLConfigOptions]
SQLServerName=CM01.windowsnoob.lab.local
DatabaseName=CM_P01
SQLSSBPort=4022

[CloudConnectorOptions]
CloudConnector=1
CloudConnectorServer=CM01.windowsnoob.lab.local
UseProxy=0
ProxyName=
ProxyPort=

[SystemCenterOptions]
SysCenterId=

[HierarchyExpansionOption]

You can find a copy of the above file in the Scripts Used in This Guide.zip file.

 

Note: You will need to edit this file and replace the values with those that work in your environment. For example, to change the ProductId open the file in notepad, locate the line that reads ProductID= and either enter your ConfigMgr Product Key or use the evaluation version of ConfigMgr by entering the word EVAL as shown below.

 

product key eval.png

 

To start an unattended install using the ini file do as follows. Save any changes you have made to the file, then copy the file to C:\ConfigMgrSources. Once copied, start the unattended install by running the following command:

SCCMversion1511\SMSSETUP\bin\X64\Setup.exe /script C:\ConfigMgrSources\ConfigMgrAutoSave.ini

as the install is unattended you’ll need to review the ConfigMgrSetup.log file stored in the root of C: using CMTrace to get a real time status of the installation.

 

unattended install.png
and after a period of time if all went well you’ll see this in the log file

 

unattended install is complete.png

 

However you should open the main log (more than likely renamed to ConfigMgrSetup.LO_) file to verify there were no issues during setup.

 

The above is great for doing unattended installs of ConfigMgr however If you want to automate this using PowerShell then you’ll need to write your own script to convert the required values to variables or take a look at Johan Arwidmark‘s excellent hydration kit(s) or have a look at this sample to get you started on writing that script.

 

Note: You’ll have to tweak these scripts to suitĀ  your environment and to work with this release of Configuration Manager, however, the ini file I’ve provided should be enough to get you started.

 

 

Step 17. Launch the Configuration Manager console

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

Launch the Configuration Manager console via the start screen and click on the white downward pointing arrow in the top left of the console then click on About Configuration Manager, notice the version info, and that it says Version 1511.

 

1511 version.png

 

Next, take a look at the top line of the ConfigMgr console to reveal whether you are running a licensed or evaluation version. Below is how the evaluation version will appear.

 

evaluation 180 days.png

 

Step 18. Configure Usage Data settings

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

Earlier in this guide you saw a Usage Data information screen with no configurable options. To configure what Usage Data is sent to Microsoft do as follows. In the ConfigMgr Console, click on the white downward pointing arrow in the top left, and select Usage Data from the options available.

 

usage data configuration.png

 

there are three levels shown, Basic, Enhanced (default) and Full. Make your choice and click on OK

 

Usage Data options.png

 

You can click on the two clickable links provided to get more info about what these Usage Data settings and levels mean.

Step 19. Configure Service Connection Point

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

During setup you have the choice of installing the Service Connection Point role (or skipping it). You can configure this by selecting Administration, Servers and Site System roles, select your Primary site and then select the Service Connection Point role from the roles listed as installed on the server. The options available are Online or Offline. If you do choose offline then you’ll have to use the Service Connection Point tool to manually setup the role and configure notifications.

 

service connection point settings.png

 

Downloads

 

You can download a Microsoft Word copy of this guide (dated 2015/12/08) here:

 

Attached File Ā Installing SCCM version 1511 windows-noob.com guide.zip Ā Ā 1.81MB Ā Ā 43 downloads

 

You can download a copy of the scripts used in this guide here:

 

Attached File Ā Scripts Used In This Guide.zip Ā Ā 13.47KB Ā Ā 48 downloads

 

Summary

Over the years Microsoft has evolved Configuration Manager to become a single-pane-of-glass for managing all devices and in addition they’ve finally delivered Configuration Manager as a Service to match Windows 10 as a Service. To quote some key points from Brad, this release when Integrated with Microsoft Intune will allow you to:

  • Update ConfigMgr easily each and every time new Windows capabilities are released.
  • Update ConfigMgr each and every time updates for iOS and Android are released.
  • Deliver the single-pane-of-glass for managing all devices ā€“ with immediate support across Windows, iOS and Android without you having to go through complex individual upgrades. Weā€™ll do the work for you.

Exciting times are ahead !

 

thanks for reading, and until next time, adios.

This entry was posted in System Center Configuration Manager (Current Branch). Bookmark the permalink.

One Response to How can I install System Center Configuration Manager (Current Branch) ?

  1. MZamudio says:

    Niall, I’ve just started reading your guide, fantastic!!!
    Thank you very much, I can’t wait to get started and using Config Mgr 1511!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.