Installing Secondary System Center Configuration Manager 2012 R2 SP 1 site

Posted: November 21, 2015 in SCCM

The primary site serves clients in well-connected networks.We can install secondary sites to extend the primary site for managing devices that have slow network connectivity to the primary site.If secondary site is not deployed, clients will submit inventories and download policies to the primary site that may be located in the remote location on a slow link.

You can  install secondary sites in SCCM 2012 in following scenarios:

  • More than 500 clients in a remote location
  • Need a local Management Point
  • Need a local Software Update Point
  • Need a local State Migration Point


In this post i simulated situation where 2 site exist,connected via VPN tunnel.I combined GNS3 and VMWare virtual machines.


Guide for creating site to site VPN can be found here.I covered installing primary SCCM site in this post

Preparing server where secondary SCCM 2012 site will be installed


Web Server (IIS)

  • Application Development:
    • ISAPI Extensions
  • Security:
    • Windows Authentication
  • IIS 6 Management Compatibility
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility\


  • Remote Differential Compression
  • BITS
  • .NET Framework 3.5
  • .NET Framework 4

You can install them using this PowerShell code:

install-windowsfeature web-server, Web-App-Dev,web-isapi-ext,web-windows-auth,web-mgmt-compat,web-metabase,web-wmi,rdc,bits,net-framework-core

Open ports 1433 and 4022 (SQL),135 (RPC/WMI) and 445 (SMB)

New-NetFirewallRule -Displayname "Allow port 1433" -direction inbound -LocalPort 1433 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 4022" -direction inbound -LocalPort 4022 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 135" -direction inbound -LocalPort 135 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 445" -direction inbound -LocalPort 445 -Protocol tcp -Action allow

Add SCCM server computer account (SCCM- to local administrator group of server where we will install secondary site (SCCM1 -

Run next commands on secondary (SCCM1) server

#to which computer SCCM needs to be added to Local Administrators Group

$Group = [ADSI]"WinNT://SCCM1/Administrators"

#computer which needs to be added to Administrator group to SCCM1 server

$Computer = [ADSI]"WinNT://$"

#Adding SCCM to Local Administrator groups in SCCM1 



Give the Secondary Site computer account (SCCM1) full control of the System Management container. This will allow the Secondary Site Server to publish information about itself to Active Directory

In Active Directory Users and Computers click View-Advanced Features:


In Object Types click computers


Add computer account of secondary server ang give it full controll


During installing primary site,we are prompted to choose folder where SCCM will download updates,among updates it will download SQL Server Express.

I copied content of this folder to shared folder on secondary  server (SCCM1) ,and gave SCCM and SCCM1 computer account (where main SCCM site is located) Full Control NTFS permissions

In this folder i copied SMSSETUP folder from installation media


Next,in SMSSETUP folder,create another folder Redist

During installation of primary site,on the Prerequisite Downloads page, wizard ask for folder location where to download the updates


From that location on primary (SCCM) server,copy all files to Redist folder on secondary server (SCCM1)


On primary server,from SCCM console click Administration-Sites-Create Secondary Site


Enter site code,name and server where secondary SCCM site will ne installed


Enter path to shared folder where installation files are located


New instance of SQL Server Express will be installed


Because we already installed IIS,don’t check Install and configure IIS,optionally,we can install branch cache,i am using self-signed certificate,it’s not advisable for production


Specify Drive Space for Distribution Point


Choose wether or not to set boundry groups.Boundaries represent network locations on the intranet where Configuration Manager clients are located. Boundary groups are logical groups of boundaries that provide clients access to resources


We can check installation status clicking on “Show Install Status”


Check sender.log file on primary server


And ConfigMgrSetup.log on root drive on secondary server (SCCM1)




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s