Você está na página 1de 8

SCCM Deployment Guide

Contents
[hide]

1 Deployment
Environment

2 Deployment Checklist

3 Deployment
o 3.1 Active
Directory
o 3.2 Windows
Servers
o 3.3 SCCM

Deployment Environment
SFAC would like to deploy SCCM2K7 primarily for the Operating System Deployment
functionality. A secondary interest is in Software and Update publishing. Currently
UoA ITS host a SMS2003 server which SFAC utilise for OSD. Due to time constraints
the decision was made to proceed with a standalone SCCM2K7 deployment in SFAC.
Ideally the SFAC site should be able to be integrated at a later date with an ITS
SCCM environment, so consideration of naming conventions and also name
resolution (FQDN and DNS SRV Records) is important.

The SFAC geographic profile, organisational structure and network topology can be
considered fairly flat in terms of this deployment so a single site mixed mode (native
- umm may upgrade to native at a later date, possibly issues with ITS instance with
native mode) SP1 (R2 - when RTM) installation will be deployed. SFAC AD contains
roughly 2600 Computer objects and is configured as 1 site. Internet based clients
will not be supported. Core network infrastructure services are predominately Linux
based (i.e. DHCP, DNS, PXE, Firewalls, etc) so attention needs to be given to name
resolution and remote boot options.

The web, application and database tier's will be installed on Windows 2003 Servers,
with the exception of the System Health Validator service which requires a Windows
2008 Server.

The following new servers will be deployed :


Windows 2003 Standard Server (sit-mssql-01, City Server Subnet)

- MS SQL 2005 SP2 Database

- SCCM Reporting Point

Windows 2003 Standard Server (sit-sccm-01, City Server Subnet)

- SCCM 2007 Site Server

- SCCM SMS Provider

- SCCM Management Point

Windows 2003 Standard Server (sit-wsus-01, City Server Subnet)

(reuse/decomission sfac-sms-city / sfac-sus-01)

- WSUS 3.0 SP1 (Primary WSUS Server - sync from MS)

- SQL 2005 Express (for WSUS DB)

- SCCM Software Update Point

- SCCM Distribution Point

- SCCM PXE Service Point (possibility)

NOTE: Requires minimum 100GB D: Drive

Windows 2003 Standard Server (sit-wsus-02, OGG Server Subnet)

- WSUS 3.0 SP1 (Downstream WSUS Server - sync from sit-wsus-01)

- SQL 2005 Express (for WSUS DB)

- SCCM Software Update Point

- SCCM Distribution Point

- SCCM Fallback Status Point

- SCCM Proxy Management Point (possibility)


NOTE: Requires minimum 100GB D: Drive

Windows 2003 Standard Server (sit-wsus-03, Tamaki Server Subnet)

(reuse/decomission sfac-sms-tmk)

- WSUS 3.0 SP1 (Downstream WSUS Server - sync from sit-wsus-01)

- SQL 2005 Express (for WSUS DB)

- SCCM Software Update Point

- SCCM Distribution Point

- SCCM PXE Service Point (possibility)

- SCCM Fallback Status Point

- SCCM Proxy Management Point (possibility)

NOTE: Requires minimum 100GB D: Drive

Deployment Checklist

 Prepare Active Directory environment (extend Schema for SCCM).


 Prepare SQL Server.
 Prepare SCCM Server.
 Install SCCM.
 Configure SCCM.

Deployment
Active Directory

 Extend Active Directory Schema for new SMSv4 extensions

"netdom query fsmo"

to identify the Schema Master role holder


 Backup the systems state on the Schema Master DC
 Disconnect the Schema Master from the network (just in case it all goes
horribly wrong)

This procedure needs to be done by someone with schema modification rights (i.e
Schema Admins). You can extend the schema by opening a command prompt,
browsing the contents of your SCCM files (assuming you have extracted the exe) in
the SMSSETUP\BIN\I386 directory locate the extadsch.exe file, and drag it into the
command prompt window and execute it. After it completed, which should take less
than a minute, browse to the root of your boot drive and open the log ExtADSch.log,
open that file and look for the line

Successfully extended the Active Directory schema.

If you see this then it worked. Once you have extended the schema and the SMS
Admin account has been created you will want to log off as the Administrator and
logon as the SMS admin before you run setup.

 Create Security Groups for SCCM / MSSQL


 Create and permission System Management container in Active Directory

NOTE: Because domains controllers do not replicate their System Management


container to other domains in the forest, a System Management container must be
created for each domain that hosts a Configuration Manager Site

1. Open the Active Directory Users and Computers administrative tool

2. Click View, and then click Advanced Features

3. Expand the System container

4. Right-click System Management. On the context menu, click Properties

5. In the System Management Properties dialog box, click the Security tab

6. Click Add to add the site server computer account and grant the account Full

Control permissions

7. Click Advanced, select the site server’s computer account, and click Edit
8. In the Apply onto list, select This object and all child objects, click OK

To enable a Configuration Manager site to publish site information to Active Directory


Domain Services

In the Configuration Manager console, navigate to System Center Configuration

Manager / Site Database / Site Management / <site code> - <site name>.

Right-click <site code> - <site name>, and click Properties.

On the Advanced tab of site properties, select the Publish this site in Active

Directory Domain Services check box.

When Configuration Manager site information is published to Active Directory Domain


Services, Configuration Manager clients can automatically detect server locator
points and management points without generating Windows Internet Name Service
(WINS) traffic. If Configuration Manager site information is not published to Active
Directory Domain Services, you must manually add Configuration Manager site role
information in WINS.

Windows Servers

 Deploy Win2K3 Servers from template with latest service pack / hotfixes

Install SQL

 Install MS SQL 2005 STD (SQL Data D:\SQL) (Use Domain User account for
services)
 Install SQL 2005 SP2
 Add SCCM Server Computer Account to local Administrators group
 Add "s-MSSQL Administrators" to local Administrators group
 Register Service Principal Name (SPN) for Domain User Service account

setspn -A MSSQLSvc/<FQDN> <SQL_Service_User_Account> NOTE: YOU MUST USE THE

FQDN
setspn -A MSSQLSvc/<FQDN>:<SQL_PORT> <SQL_Service_User_Account> NOTE: YOU MUST

USE THE FQDN

setspn -A MSSQLSvc/<NetBIOS_NAME> <SQL_Service_User_Account>

setspn -A MSSQLSvc/<NetBIOS_NAME>:<SQL_PORT> <SQL_Service_User_Account>

SCCM
You will need to have the following updates installed for the SCCM prerequisite
checker to complete successfully :

.NET Framework v2.0

MMC v3.0 (KB907265)

WMI Hotfix (KB913538)

Security Bulletin MS06-030 (KB914389)

SQL Hotfix (KB925335)

COM+ v1.5 Hotfix Rollup Package 11 (KB927673)

WMI Hotfix (KB923202)

WS-Management v1.1 (KB936059)

MMC Hotfix (KB940848)

Intel AMT (schannel) Hotfix (KB942841)

 Install IIS (with ASP.NET/BITS/WebDAV support)

NOTE:

If you get this eventID: 1020, you need to run aspnet_regiis.exe /i to register
ASP.NET in IIS.
Updates to the IIS metabase were aborted because IIS is either not installed or is
disabled on this machine. To configure ASP.NET to run in IIS, please install or enable
IIS and re-register ASP.NET using aspnet_regiis.exe /i.

In order to install SCCM on a Windows 2000 or Windows 2003 server to avoid having
any IIS based Installation Prerequisite Check(s) fail there are certain things that
need to be installed. For example you must have BITS installed and configured and
you must have WebDAV installed and configured. Other wise you will receive Errors
when the Installation Prerequisite Check is performed.

Install SCCM

 Install WSUS.30SP1 Administration Console - WSUSSetup_30SP1_x86.exe


 Run Prerequisite checker
 Install SCCM

- Custom setttings

- Primary Site

- Install to D:\SCCM

- Site Code "FOS"

- Site Name "Faculty of Science Site"

- Configuration Manager Mixed Mode

- Enable client agent settings as required

- Default port (80)

- Download updates to D:\SCCM_Updates

During the installation the installer will prompt you to check for updates or supply a
path to the update files if you have already downloaded them. Once the install
routine has completed you should see "Setup completed all operations successfully".

 Install SCCM SP1


 Review C:\ConfigMgrSetup.log for errors

NOTE: Configuration Manager 2007 will not install component files on a drive that
contains an empty file named "no_sms_on_drive.sms". Instead, site role
components will be installed on a different NTFS formatted disk drive that does not
contain the no_sms_on_drive.sms file. This is useful to prevent files being installed
on the system partition.

Install Site Systems

 Install Reporting Point


 Install Software Update Points
 Install Software Distribution Points

Você também pode gostar