Installing Secondary System Center Configuration Manager 2012 R2 SP 1 site

Posted: November 21, 2015 in SCCM
Tags:

The primary site serves clients in well-connected networks.We can install secondary sites to extend the primary site for managing devices that have slow network connectivity to the primary site.If secondary site is not deployed, clients will submit inventories and download policies to the primary site that may be located in the remote location on a slow link.

You can  install secondary sites in SCCM 2012 in following scenarios:

  • More than 500 clients in a remote location
  • Need a local Management Point
  • Need a local Software Update Point
  • Need a local State Migration Point

 

In this post i simulated situation where 2 site exist,connected via VPN tunnel.I combined GNS3 and VMWare virtual machines.

Untitled0

Guide for creating site to site VPN can be found here.I covered installing primary SCCM site in this post

Preparing server where secondary SCCM 2012 site will be installed

Roles:

Web Server (IIS)

  • Application Development:
    • ISAPI Extensions
  • Security:
    • Windows Authentication
  • IIS 6 Management Compatibility
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility\

Features:

  • Remote Differential Compression
  • BITS
  • .NET Framework 3.5
  • .NET Framework 4

You can install them using this PowerShell code:

install-windowsfeature web-server, Web-App-Dev,web-isapi-ext,web-windows-auth,web-mgmt-compat,web-metabase,web-wmi,rdc,bits,net-framework-core

Open ports 1433 and 4022 (SQL),135 (RPC/WMI) and 445 (SMB)

New-NetFirewallRule -Displayname "Allow port 1433" -direction inbound -LocalPort 1433 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 4022" -direction inbound -LocalPort 4022 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 135" -direction inbound -LocalPort 135 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 445" -direction inbound -LocalPort 445 -Protocol tcp -Action allow

Add SCCM server computer account (SCCM-192.168.10.11) to local administrator group of server where we will install secondary site (SCCM1 -192.168.30.11)

Run next commands on secondary (SCCM1) server

#to which computer SCCM needs to be added to Local Administrators Group

$Group = [ADSI]"WinNT://SCCM1/Administrators"

#computer which needs to be added to Administrator group to SCCM1 server

$Computer = [ADSI]"WinNT://test.com/SCCM$"

#Adding SCCM to Local Administrator groups in SCCM1 

$Group.Add($Computer.Path)

 

Give the Secondary Site computer account (SCCM1) full control of the System Management container. This will allow the Secondary Site Server to publish information about itself to Active Directory

In Active Directory Users and Computers click View-Advanced Features:

Untitled

In Object Types click computers

Untitled1

Add computer account of secondary server ang give it full controll

Untitled2.png

During installing primary site,we are prompted to choose folder where SCCM will download updates,among updates it will download SQL Server Express.

I copied content of this folder to shared folder on secondary  server (SCCM1) ,and gave SCCM and SCCM1 computer account (where main SCCM site is located) Full Control NTFS permissions

In this folder i copied SMSSETUP folder from installation media

Untitled.png

Next,in SMSSETUP folder,create another folder Redist

During installation of primary site,on the Prerequisite Downloads page, wizard ask for folder location where to download the updates

Untitled5

From that location on primary (SCCM) server,copy all files to Redist folder on secondary server (SCCM1)

Untitled0.png

On primary server,from SCCM console click Administration-Sites-Create Secondary Site

Untitled.png

Enter site code,name and server where secondary SCCM site will ne installed

Untitled0.png

Enter path to shared folder where installation files are located

Untitled0.png

New instance of SQL Server Express will be installed

Untitled.png

Because we already installed IIS,don’t check Install and configure IIS,optionally,we can install branch cache,i am using self-signed certificate,it’s not advisable for production

Untitled.png

Specify Drive Space for Distribution Point

Untitled.png

Choose wether or not to set boundry groups.Boundaries represent network locations on the intranet where Configuration Manager clients are located. Boundary groups are logical groups of boundaries that provide clients access to resources

Untitled.png

We can check installation status clicking on “Show Install Status”

Untitled.png

Check sender.log file on primary server

Untitled0.png

And ConfigMgrSetup.log on root drive on secondary server (SCCM1)

Untitled0.png

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s