Now that SQL is all set, we can begin installing SCCM 2012 R2.
Before we start the installer, you're going to want to avoid a few Ps ITA. First, we need to tell SCCM not to use the C:\ drive for SMS.
Learned this here.
It may be necessary to turn off "hide extensions for known filetypes" so you can rename the file extension.
 |
| No admittance. |
Much like every other installer, there will be some agreement that you can't disagree with.
 |
| Not sure I can accept this |
Ten minutes and a few window flashes later, the installer informs you that a reboot is necessary. Jerk.
Another grueling reboot later, we continue with the ADK installation. Choose your location and click Next. I'm feeling like giving back, so I say yes to the Customer Experience Program and click Next. Another license to Accept. In French.
You will only need Deployment Tools, Windows PE, and USMT.
 |
| Make it so. |
Uncheck everything else and Install.
 |
| I hope you brought some snacks. |
After the installation is finished, Close.
We can open the SCCM installer and click Install. What else were we here for?
The initial installer screen has some interesting points. SQL is taken care of, but the FQDN is going to be your best friend. If you're here, there's no need to suffer you an explanation, but needless to say, SCCM references files and folders by FQDN paths 95% of the time. One of the things I do to help this is create a shortcut on Explorer for the E:\ drive via FQDN. In fact, I create shortcuts to drives on test computers and storage repositories--it's really that frequent.
 |
| If I could make that the default, I would. |
After you've reviewed, click Next. Unless you're doing something special, you can actually click it twice, since I'm using the default installation options. Fill in your license information and Next again. Feel free to review the license, then Accept and Next. Accept Accept Accept and Next.
This is your first chance to try the FQDN rule. I actually have the Prerequisite files saved, but I've pasted the FQDN link, though this is one case where it isn't required.
This is actually a great example of how to deal with the FQDN rule. Use the FQDN shortcut to the location of the Prerequisite files (or folder), and copy/paste the address.
 |
| Beware the red exclamation point! |
Notice the red exclamation point. It informs you whether your path is complete. After you've created and provided the installer with a path for/to the Prerequisite files, click Next. This process downloads about 250MB of freshness required for the installation. After some time it'll bring you to the language selection. I chose English and clicked Next, because "potty mouth" is the only other language I know. Not an option. I do the same for Client Language and click Next.
Next screen requires a little deliberation. Site code is how you refer to the server. Depending on your deployment, you may option to add additional servers later, and you'll want the reference to be simple. In our case, we have some remote locations, so I choose to call our site DS1 for "Darton Site 1." The logic behind this is that we have only a handful of remote sites that we may option to put such servers. If we had more than 10, I'd likely just make it D01 for "Darton 01," in order to preserve the tens space. Site name is also arbitrary. In this case this Site will be "Darton State College," and the first likely remote candidate will be "Darton Cordele Campus". Doesn't need to be complicated. Nothing else need be changed. Next.
On the next page, select Install as stand-alone site. Next. Click Yes on the warning, as the settings can be changed when the situation changes.
The next screen I just leave alone and click Next, since my FQDN pre-fills, and I don't have a need to change the Instance or dB names, nor the Broker port.
I just click Next on the following two pages as well, because the correct dB and server FQDN information is pre-filled again.
On the Client Computer Communications page, I am selecting "Configure the communication method on each site system role," as converting multiple servers (if you use multiple servers for different roles) will make this very complicated from a certificate standpoint. This can be converted over to HTTPS later, but my goal is to get the system working first.
 |
| You can't call security every time you get a complicated order. |
The next page lets you configure the very settings you unlocked by selecting the alternate communications option. I leave the settings on HTTP (I didn't even have an option) and click Next, since I only have one server at the moment.
The next page is the Customer Experience Improvement Program. Make a selection and click Next.
 |
| Giving something back. |
The following page is the summary. You'll probably get warnings about WSUS, firewall exception, AD permissions, and BITS, but they don't stop us from moving forward. Click Begin Install.
 |
| Give it some time. |
Might be a good time to go to lunch. According to the installer, it took roughly 15 minutes. Close it out.
You have now installed SCCM 2012 R2. Open Configuration Manager Console. There's a LOT here to do.
 |
| System Center 2012 R2 Configuration Manager |
I like to compress the bottom bar after. After using the bottom bar for a month, you get used to the icons.
Now we'll want to add the WDS and WSUS roles to the server. Go to the Server Manager, Roles, and Add Roles.
 |
| Click |
It is important that you do not do any configuration of the server roles–SCCM will not be able to use a configured server role. I probably should have done this before I installed SCCM, and after SQL. I did one final reboot, and now we can move on to configuration!
 |
| Looking good! |
Not as good as I thought. The Management Point isn't working. For the love of Pete.
 |
| Humility. |
 |
| Hope. |
So things are moving along. By the way, this didn't exactly take me 30 seconds to figure out. I probably pulled my hair for about a half an hour, seeing BITS in multiple lists of exhaustive fixes. They all mentioned BITS, so I turned it on and crossed my fingers.
When screwing around with R2, I found that it's necessary to install KB2905002.
 |
| Oh, Reginald–I disagree! |
The patch warned me that I should restart the server before installing, so I did. It also doesn't like it if you have SCCM running in the background.
 |
| Much better |
Unless you really have a complex setup, you can just click Next repeatedly until it gives you the option to Install.
|
| I should just say "Chong Li" instead of "Next" |
This update will take a bit. After I did this update, I had to do a great deal of busy work re-distributing content, but this being a fresh installation, all that was ahead of us anyway.
Next thing I do is detect the network and set boundaries. I didn't realize how important boundaries were until I set them up wrongly.
Go to Administration, and expand Hierarchy Configuration, then click Discovery Methods.
 |
| Discovery options. |
Darton has a forest with three domains–one parent and two untrusted sub-domains. For this, I use AD System Discovery. SCCM will only be managing the two child domains, so it is only necessary to add those.
Seeing the Chong Li picture repeating is distracting.
Opening Active Directory System Discovery, check Enable, click the yellow star, browse to select the container, leave Recursive search and Discover objects checked, and specify an account with AD Read permissions in the locations you need to discover. I choose the top level of each child.* After adding the necessary Locations, I limit the discovery. On the Options tab, to 720 days since last logon (omitting computers that haven't been logged in for two years). The Polling Schedule tab is automatically set to discover every 7 days, which is good enough for me.
*You could go as far as to select individual OUs, but that becomes exhaustive fast. I find it easier to get everything in each child domain, and then use inventory grouping to sort them into managed and unmanaged groups. It's WAY easier than trying to limit what you detect, especially considering how entries don't come back out of the database without a great deal of effort.
 |
| Self discovery? |
Once you click OK (or Apply then OK if you're OCD), a popup asks if you're ready to start discovery. Why not? This process will take ages, but runs in the background and doesn't intrude on anything else.
I also use Forest Discovery (I accidentally said Network when I first wrote this) to find the network boundaries. Opening Network Discovery, Enable, and check both Automatic options. This actually only takes a few minutes to detect the Boundaries, but we'll do it in the morning.
Next, go to the Active Directory Forests under Hierarchy Configuration, and add the subdomains. By default, it adds the domain that the server is on. Right click and Add Forest. Add every forest individually like you did for the previous entries. Ignore the domain account, which is only for Forest Discovery, and check the site name on the Publishing tab. Ignore the bottom checkbox unless your domain has trust, allowing domains to search other domains for the site server.
 |
| Forestry |
While I was preparing the previous portion of this blog, it was scanning the domains for devices, which can be seen on the Assets and Compliance section, under Device Collections.
 |
| Virtual devices bloat the numbers |
This took me through to the end of the day. The system will continue to accumulate and learn and understand about the domain you run overnight. We'll see how it looks in the morning.
No comments:
Post a Comment