Setup PXE boot in SCCM

The following will get your site setup for PXE boot. The virtual environment I'll be taking screenshots from consists of two servers. Both are Server 2003 SP2 boxes. One is hosting AD, DNS, and DHCP. The other is a primary SCCM server. I'll be logged into the primary sccm server using an account that I setup, smsadmin, which has Domain Admin rights on the domain.

The first thing you need to do is install Windows Deployment Services on your SCCM server. Go to Add/Remove Programs, then Add/Remove Components, scroll down to the bottom of the list and select Windows Deployment Services.Then click Next.

After it's done installing you'll be prompted to reboot. After the reboot, launch the ConfigMgr console and go to Site Database -> Your Site -> Site Settings -> Site Systems -> Your Primary Server. At this point click on New Roles.

When the New Site Role Wizard comes up, click Next, then select PXE service point, and next again.

When you click Next, you'll be prompted about ports being opened. Just click yes and continue.

After clicking yes, you'll be presented with some settings. Personally the way I advertise task sequences I don't need a password prompt, so I uncheck the require a password box, and then check on what network adapters respond to PXE requests. After that click Next.

When asked about the account to use to connect to the database, I always choose to use the computer account, as well as using a self signed certificate. You might want to increase the year on the expiration date as well. After that click Next. Then on the next screen click Next again. After the role has been added, click the Close button.

Now that your PXE role is installed, you need to add the boot images to the pxe distribution point. (Both the x64 and x86 boot images.)

Making your ConfigMgr site operational

In my last post I put up tons of information on installing ConfigMgr. In this post I'll be putting up information on how to get your new site operational with client agents and such prior to actually having any client systems using your site.

Throughout this blog, we're only going to be working in the Site Management node.

You'll first want to right click your site name, and go to properties.

Once there, you'll want to head to the Advanced tab. In the advanced tab you'll want to check the boxes for "Publish this site in Active Directory" and "Publish the default management point in DNS". Once they're selected, press Ok.

Next, move down to the Boundaries section. Boundaries are extremely important in ConfigMgr to help manage your clients. You can create boundaries based on an IP Subnet, IP range, or an Active Directory site. So start out by click "New Boundary", enter a description, then put in either an IP Subnet, IP Range, or a AD Site name followed up by select if the boundary is connected to the Primary Site server by a slow connection or a fast connection.

Once your boundary is configured, click the Client Agents section. In this you should see the follow agents if you followed my previous guide.

Start out by double clicking the Hardware agent to configure it's settings. (The settings I put in here might not be the recommended, but it's what I use in my 1,000 client production environment and it works fine.) Change the schedule to custom, then click Customize and change the recurrence to 10 minutes. Then click Ok, and Ok.

The next agent that needs modified is the Computer Client agent. Double click it to open it up, and then start out by configuring the Network Access Account by click Set.

In my case I'm using a service account that I setup for ConfigMgr called smsadmin. Enter the information for your service account then click Ok.

Next ( and once again I point out that my settings work great in my environment but might not in yours) check the Policy polling interval to 2 and the state message reporting cycle to 4.

Now switch over to the Customization tab and enter whatever you want into the customizable fields.

On the BITS tab, I've disabled BITS by selecting the Not configured option. Obviously in your environment you might want this, but in my virtual environment I don't need it.

Finally switch over to the Restart tab and mine and my companies preferance is to have the restart countdown at 30 minutes and the final notification at 3.After setting that, click Ok to close out of the Client agent.

The next agent to configure is the Remote Tools agent. For this you'll want to create a security group containing all the users that you want to allow to remotely control any clients in your site. In my case I've got three security groups for this purpose that also tie into other ConfigMgr security settings. They are Desktop Administrators, Server Administrators, and Help Desk. Below you'll see pictures for each tab of the Remote Tools client, and you'll see where I've put these groups in. You'll just need to do something similair.

That's all the agents that I'm going to cover, next go down to Client Installation Methods, and double click Client Push Installation to configure it. You'll want to enable it, then select what type of systems to push the client to. In my case, I only want it to push to workstations since if a server system doesn't have BITS installed the server will reboot automatically. (Not good for production).

Next under accounts, list the accounts that ConfigMgr should try to use to push the client onto a workstation. In my environment I'm going to have it first try the smsadmin account, followed up by the local administrator on the box. 

After configuring Client Push, you should head to Discovery Methods so that ConfigMgr can find workstations and server to have as clients. Of course you can manually add clients to your site, but it's easier to combine client push and discovery. As long as you've configured your boundaries you don't need to worry about ConfigMgr getting out of control with installing clients and such. In the Discovery Methods section, set everything according to your environment. In my lab I've geared Active Directory towards working easily with ConfigMgr so all my stuff is pretty simple. But say your company has all your users split up in AD based on Country, State, and then City. If that's the case then you can add multiple discovery points like in the picture below. When it comes to how often ConfigMgr looks to AD, I prefer at most every hour. In some cases I have it set to every 5-10 minutes.

At this point you should begin seeing clients in the All Systems collection. If you're not then you've prolly got some security settings messed up somewhere. A quick way of seeing if something is really wrong is by going to the System Status section in ConfigMgr. You might find a log were ConfigMgr is unable to find the System Management container. If that's the case then you need to give the computer name account that hosts your primary site full control over the System container in AD. You also need to make sure that your network access account has Administrative rights on any workstation in your domain. You can do this via GPO. From here you can start creating packages and advertisements, along with task sequences for OSD.

Installing ConfigMgr 2007 on Windows Server 2003 from scratch

For anyone out there that needs some help getting ConfigMgr07 installed, this is for you. Below you'll find complete step by step instructions on installing ConfigMg.

I'm creating these instructions from a virtual lab I have using Hyper-V. My virtual environment consists of two Windows Server 2003 SP2 32-bit servers that have every Windows update applied as of 10/23/09. Server1 which I'll refer to as CIGDC1 has the following roles installed...

• Domain Controller
• DNS Server
• DHCP Server (scope = 192.168.1.X)

Server2 which I'll refer to as CIGAPCCM will be the ConfigMgr primary site server. The instructions below will assume that you have the above already in place, and that you're going to be hosting the SQL server on the same system as the primary site server.

     Part 1

Installing SQL Server

For this section I'm installing SQL Server 2005 SP1 which is what came with ConfigMgr07. First start out by installing IIS. Go to Add/Remove Program in the Control Panel, then go to Add/Remove Windows Components, check the box next to Application Server, then click Next to install.

Now launch setup.exe from disc 1. Accept the terms, click Next, then Install

Setup will then install .NET 2, SQL Native Client, and Support files

When it's completed, click Next, then Next again

At this point, it will do a check to verify everything it needs is there, if anything is missing simply install the component. If all good, click Next.

When prompted enter your Name, Company, and Key then click Next.

You'll now want to select SQL Server Database Services, then click Next.

 For prompted on the name of an instance to great, I would suggest SystemCenter. Click Next

For a service account, use the built-in System account, click Next, then use Windows Authentication Mode.

On collation settings, choose Dictionary order, case-insensitive, for use with 1252 character set. Then click Next, next again, and then Install.

When it's finished installing, click Next, then Finish.

Now to wrap up installing SQL, install SP2. Launch the SP2 executable, click Next, accept the agreement and press next, then click next again, then next again, then next again, then (yes, again) next again, and finally Install.

SP2 will then sit and take forever to install....

Then you will be prompted for a reboot

After rebooting, you should have your SQL server wrapped up.

     Part 2

Installing ConfigMgr 2007

You should start out by opening up Active Directory and creating an OU structure and service account for ConfigMgr. My OU structure looks like this.

For a service account, create a new user called smsadmin, and give the account Domain Admin privileges and remove the membership to Domain Users. 

Now before installing ConfigMgr, there's a number of additional updates and processes you'll need to do. So here's the list of things that you'll need to do first.

• Extend the Active Directory Schema
• Apply update KB932303
• Install WSUS
• Server 2003 schannel hotfix
• WinRM v1.1
• Update MMC to 3.0
• Install BITS
• Enable WebDAV

I'll go ahead and hit the schema, BITS, and WebDAV. The rest, just double click the item and you'll get a link to go and download the patch needed. Pretty straightforward.

To extend the AD schema, you first need to get the file extadsch.exe and execute it on your domain controller. You'll need to do this using an account that has permission to do so. After executing it look in the C:\ drive for ExtADSch.log and then check to make sure you see "Seccuessfully extended the Active Directory schema" in there.

For BITS, go to Add/Remove Programs, then Add/Remove Components. Dig into Application Server -> Internet Information Services and then check Background Intelligent Transfer Service.

For WebDAV you're going to go to the same place, except this time dig a little farther into World Wide Web Service and check WebDAV Publishing.

After applying all the updates you might have to reboot before the prerequisite checker shows them all installed.

Once you've got all your prerequisites done, launch the setup again, and this time select the install link.

You'll then click Next,  Next again, accept the terms, click Next, and finally next again.

 

You'll now need to select Primary Site, followed up by clicking Next, then next again.

At this point, enter your product key, then click Next.

You'll now be prompted to choose where to install ConfigMgr. Some people might install it to a separate partition, in my case I'm just installing it to C:\. Choose where you want it installed, then click Next.

Now you get to determine your site code and name. I'm choosing CIG as my code and System Center VLab as the name.

On the next page, we're going to choose Mixed Mode. If you want to setup ConfigMgr in Native Mode you'll need to find some documentation somewhere else on that or wait until I post something about it.

On the agent selection page, just stick with what's already selected.

You'll now need to enter the address to your SQL server. It should be (if you followed all this step by step..) the name of your server and then the sql instance name. Mine is below. After clicking Next, click Next again.

On the management point page, make sure you install a management point, then click next.

Use the default port settings.

When prompted about getting the prerequisite components, you'll prolly want to download them unless you have them somewhere already. If that's the case point the setup to the location.

After that you should see the following screen displaying all the settings. If all looks good click Next.

You should then see it begin installing ConfigMgr

After installation has completed, click Next

Then click Finish