I wanted to install a fresh SCCM environment in my lab to play around with the new funky features in SCCM 1806. What better excuse to start from scratch and create a new blog post!
This guide will walk you through installing a fresh SCCM 1806 environment and demonstrate the site server active/passive functionality. As you can see from the design below, only the SCCM site servers are highly available. In a production environment you'd host the site database on a SQL cluster or AOAG, and have multiple site systems hosting the SCCM client facing roles (MP, DP, SUP etc). This guide will not cover installing the SQL server.
This guide will walk you through installing a fresh SCCM 1806 environment and demonstrate the site server active/passive functionality. As you can see from the design below, only the SCCM site servers are highly available. In a production environment you'd host the site database on a SQL cluster or AOAG, and have multiple site systems hosting the SCCM client facing roles (MP, DP, SUP etc). This guide will not cover installing the SQL server.
Prerequisites and Requirements
- Configure a separate SQL Instance (HA in production).
- Create a network location for site content library, read/write granted to site servers.
- Both site servers need to be on same domain.
- SCCM needs to be a standalone site.
- Both servers must use the same remote database.
- Both servers need sysadmin permissions on the site database SQL instance.
- Both servers must be local admin on each other.
- Both servers much be local admin on SQL server hosting site database.
Step-by-Step
1. Create SCCM user accounts
These accounts won't be used in this guide but are some of the standard accounts I use in a lab.
svc_cm_admin - default SCCM administrator account
svc_cm_djoin - domain join account
svc_cm_naa - network access account
svc_cm_push - client push account
2. Extend Active Directory schema
Run the extadsch.exe on a domain controller. extadsch.exe is provided on the SCCM installation media in: /SMSSETUP/BIN/X64
3. Create System Management container
- Log on as an account that has the Create All Child Objects permission on the System container in Active Directory Domain Services.
- Run ADSI Edit, and connect to the domain in which the site server resides.
- Expand Domain <computer fully qualified domain name>, expand <distinguished name>, right-click CN=System, click New, and then click Object.
- In the Create Object dialog box, select Container, and then click Next.
- In the Value box, type System Management, and then click Next.
- Click Finish.
- Grant the computer account of each SCCM site system full control over the container and all descendant objects.
4. Install all prerequisites on each of the servers.
Use the ConfigMgr Prerequisite tool to install all the required server roles applicable to each server.
5. Install the Windows ADK on each site server.
- Download and install the Windows 10 ADK from:
- Initiate the installation of SCCM on the active site server (LAB-CMSS-01)
- Enter product key
- Download installation prerequisite content
- Configure site settings
- Do not install DP or MP roles at this stage
- Once complete, configure discovery methods (forest discovery with boundary creation at a minimum) and then create a boundary group for your domain.
7. Manage content library
The content library needs to be moved to a resilient file server in order to enable site server high availability.
- Within the SCCM console Administration > Site Configuration > Sites
- Select the site and click Manage Content Library in the ribbon bar.
- Enter the UNC path to the network share to host the content library
- Monitor the distmgr.log for errors.
- The new location needs to be a directory within a share
- If the move fails initially, use the ConfigMgr service manager to restart the SMS_DISTRIBUTION_MANAGER component once you've resolved errors.
8. Install the passive site server.
Let's initiate the installation of the passive site server on LAB-CMSS-02.
- In the SCCM console Administration > Site Configuration > Sites
- Click Create Site System Server
- Enter the FQDN of the passive server and select the site.
- Select the role Site Server in passive mode
- Enter the path to source files, it's recommended to use the cd.latest folder in the site share.
- Enter the installation folder on the destination server.
- Monitor the installation progress in Monitoring > Site Server Status
- Click Show Status for more detail.
9. Install additional SMS Provider
By default, only the original site server has the SMS Provider role. If this server is offline, you can't connect to the site as no provider is available. When you add the site server in passive mode, the SMS Provider isn't automatically added. Add at least one additional SMS Provider role to your site for a highly available service.
I'll install the SMS Provider role on the passive site server (LAB-CMSS-02)
- On the active site server, load the SCCM setup wizard from media, or click Uninstall/Change when selecting SCCM in Control Panel > Program and Features
- Select Perform Site Maintenance or Reset This Site
- Choose Modify SMS Provider Configuration
- Choose Add a new SMS Provider and enter the FQDN of the passive site server.
- Complete setup wizard.
10. Install site system
This final step installs the management point and distribution point roles on the separate site system. In a production environment it's recommended to have additional site systems for resiliency.
- Navigate to Administration > Site Configuration > Servers and Site System Roles
- Click Create Site System Server
- Enter FQDN of site system and select site in drop down box
- Select Management Point and Distribution Point roles
- Complete the rest of the wizard with settings to meet your requirements.
Test site server promotion
To test your new site server high availability, see this short blog post:
Tom,
ReplyDeleteWell written documentation mate! "Distribution Point" role is missing once HA is installed and configured. If this statement is correct, update the documentation accordingly.
Regards,
Chris
Thanks Chris,
ReplyDeletePlease could you confirm what you mean by missing?
Both site servers don't have DP's installed, the DP role is installed on a separate site system. In production you'd have multiple site systems to provide further resilience.