I am building my image to test System Center Configuration Manager 2007 (SCCM). SCCM 2007 is the next generation SMS 2003 and is currently on RC1. Since I was responsible for maintaining the WSUS server in our infrastructure, I decided to take a peek at what SCCM 2007 has got to do with making my life easier with patch management. I’ve listed down a few things I did to prepare for SCCM 2007 installation.
- Windows Server 2003 SP1, SP2 or R2
Since I was doing a fresh installation, I chose Windows Server 2003 and installed SP2, although you can do this on a Windows Server 2008 as well. This will act as my domain controller, my database server, my WSUS 3.0 server and my SCCM 2007 server. In a typical setup, you would want to offload your SCCM 2007 and have a separate WSUS 3.0 server and database server (I am assuming that you do not want to run anything on your domain controller machine aside from AD).
- IIS 6.0
You need to install IIS 6.0 if you want to take advantage of BITS technology for clients on low bandwidth connection. There are a lot of reasons for using IIS and this is just one of them. Make sure to enable WebDAV and install BITS Extensions for IIS. I’ve learned this the hard way as my SCCM 2007 installation was not making any progress because of this. Since I was concerned about security, I did not install those components which I don’t need (ASP.NET, SMTP, FTP, NNTP, etc.) The ASP.NET version which I need is v2.0. The one which comes with Windows Server 2003 is v1.1. Another reason I am installing this first before any ASP.NET 2.0 component is that I no longer have to do anything related to ASP.NET 2.0 later on (like running aspnet_regiis.exe -i to install ASP.NET v2 on IIS). We just need to allow ASP.NET 2.0 later on in IIS after installing SQL Server 2005
- SQL Server 2005 with SP2
This will be my database server. Since SQL Server 2005 comes with .NET Framework 2.0, this takes care of my ASP.NET 2.0. Now since I will also host my WSUS 3.0 server on this machine, I can use this as the database server as well. Most of the time, I would work on different instances to identify which one is for what function since SCCM 2007 and WSUS 3.0 would require a database server. For this particular setup, I will just install one instance which will be used by both WSUS 3.0 and SCCM 2007. This makes management a lot easier for me. SP2 is definitely a must for SCCM 2007.
After SQL Server 2005 has been setup, ASP.NET 2.0 needs to be allowed in IIS
If SQL Server 2005 will be on a different machine, you need to set the Service Principal Name (SPN) as well. This is discussed in detail in this Microsoft KB article
- MMC 3.0
This will be required by both WSUS 3.0 and SCCM 2007. MMC 3.0 requires .NET Framework 2.0 which was already installed because of SQL Server 2005
- BITS 2.5
This is a new download available since June 26, 2007. It’s a required component for SCCM 2007 and Windows Live OneCare (which I don’t really need). There are a lot of versions for this but the one I installed is the one for Windows Server 2003. We are definitely going to need the Windows XP version as well for client management
- WSUS 3.0
Since I will be doing patch management with SCCM 2007, I definitely need WSUS 3.0. WSUS 3.0 is required to setup a Software Update Point. This is required for every primary site server that is managing software updates. SCCM 2007 is now tightly integrated with WSUS 3.0 for patch management. WSUS 3.0 requires MMC 3.0 and .NET Framework 2.0 which has already taken cared of
- Run extadsch.exe
Similar to what you do in SMS 2003, you need to extend your Active Directory schema. You definitely need schema admins permission on your AD to do this
- Give the SCCM 2007 machine Full Control permissions on the System container in your Active Diectory
This procedure will allow your SCCM 2007 machine to create the Systems management container and its necessary objects. Since by default, the System container is not shown, you have to enable the Advance Options in your Active Directory Users and Computers
- Install System Center Configuration Manager 2007
Once you reach the system checker portion of the installation, it will give you some information on whether or not you can proceed with the installation. This was my hint that BITS Extensions for IIS was not installed
- Configure your Site Boundaries
In order for your clients to be able to find your management point with the help of Active Directory(and vice versa), you have to define your Site Boundary. Under Boundaries, create a new boundary. You can specify whether your boundary type will be an Active Directory site, an IP subnet, an IP Address Range or an IPv6 prefix. If you select an Active Directory site, you can browse thru your AD sites and read the information from there, taking advantage of your existing AD configuration.
- Configure the Discovery Method
If you will be using Active Directory as your discovery method, you need to configure this as well. Under the Discover Methods, modify the proerties of the Active Directory System Discovery. Make sure to enable Active Directory System Discovery. You can also modify the Polling Schedule but for the purpose of testing, you can check the Run discovery as soon as possible checkbox so you can see later on when you start deploying your clients whether or not it is working.
It took me a couple of days to finish my installation as I still had to configure my WSUS 3.0 to download the patches I need. September security patches from Microsoft will be the next in the queue