Prerequisites

INSTALLING PREREQUISITES

Log into to the CM server, and we will start installation and configuration of the required prerequisites for Microsoft Endpoint Configuration Manager.

Disk Management

I've chosen to spread the load on multiple drives and as I mentioned in the beginning of Part 4, I have already prepared the Virtual Hard Disks. So the first thing we want to do here is make them online, assign drive letters and formatting them in NTFS file system.

NO_SMS_ON_DRIVE.SMS

Place a file named "NO_SMS_ON_DRIVE.SMS" in the root of each drive that shouldn’t be used by CM.

Step 1. Type "Disk" in the search line next to the start button, and click "Create and format hard disk partitions"

Step 2. All the disks is in a Offline state. So right-click on "Disk 1" and select "Online"

Step 3. Right-click on "Disk 1" and select "Initialize Disk"

Step 4. Leave everything default and click "OK"

Step 5. Right-click the striped area and select "New Simple Volume"

Step 6. Click "Next"

Step 7. Leave everything default and click "Next"

Step 8. Assign the drive letter and click "Next"

Step 9. Set file system to "NTFS", leave allocation unit size as "Default", give the volume label a descriptive name and click "Next"

Step 10. Verify the settings and click "Finish"

Step 11. Repeat step 2 to 10 for all the remaining Virtual Hard Disks and you should end up with something similar to the images below.

Step 12. Go to the "SQL Database" drive, create a folder called "Database" and add the "NO_SMS_ON_DRIVE.SMS" file to the root of this drive.

Step 13. Go to the "SQL Logs" drive, create a folder called "Logs" and add the "NO_SMS_ON_DRIVE.SMS" file to the root of this drive.

Step 14. Go to the "SQL TempDB" drive, create a folder called "Database" and add the "NO_SMS_ON_DRIVE.SMS" file to the root of this drive.

Step 15. Add the "NO_SMS_ON_DRIVE.SMS" file to the root of all remaining drives except the "Content Library" drive.

Firewall Configuration

Make sure that Windows Firewall is turned on. We need to add some inbound rules and I've gathered a list of the CM rules that I add with an GPO, I would also recommend you to open for Echo Request (ping) and Remote Desktop.

Server Roles & Features

We need to add a few Server Roles and Features to the CM server. Before adding the ".NET Framework 3.5" feature, we need to mount the "Windows Server 2019" media because we need a file from it.

Open Windows PowerShell in Administrator elevated mode and follow the steps below.

Step 1. To add the ".NET Framework 3.5" feature, run the below command. The source is the "Windows Server 2019" media, and the drive letter may therefore be different from the example below.

Install-WindowsFeature NET-Framework-Features -source D:\sources\sxs

Step 2. To add the remaining Server Roles and Features, run the below command.

Install-WindowsFeature Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-Net-Ext,Web-ISAPI-Ext,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Tools,Web-Mgmt-Compat,Web-Metabase,Web-WMI,BITS,RDC

Step 3. Ensure that the exit code says "Success" before moving on.

Windows 10 ADK & WinPE

Step 1. Start the Windows 10 ADK installation. Leave everything default and click "Next"

Step 2. Select "No" and click "Next"

Step 3. Click "Accept" to the License Agreement.

Step 4. Select "Deployment Tools" and "User State Migration Tool (USMT)" and click "Install"

Step 5. Click "Close"

Step 6. Start the WinPE installation. Leave everything default and click "Install"

Step 7. Click "Close"

ConfigMgr Accounts & Groups

Before we continue it's important that we create a few accounts and groups in our Active Directory. I'll be referring to the following accounts and groups throughout the blog post.

AD Schema Extension

Since this is a new environment with no previous Configuration Manager installations, we need to extend the Active Directory Schema, but first we'll have to mount the "Configuration Manager" media to the DC server.

Step 1. Add the "Configuration Manager" media to the DC server.

Step 2. Log into to the DC server with an account that is a member of the security group Schema Admins. Navigate to ".\SMSSETUP\BIN\X64\" on the mounted "Configuration Manager" media and execute "extadsch.exe"

Step 3. Verify that Active Directory Schema were successfully extended by checking the "ExtADSch.log" file which is located in the root of the system drive.

Step 4. Type "ADSI" in the search line next to the start button, and click "ADSI Edit"

Step 5. Right-click on "ADSI Edit" and select "Connect to..."

Step 6. Leave everything default and click "OK"

Step 7. Right-click on "CN=System" and create a new "Object..."

Step 8. Select the "Container" class and click "Next"

Step 9. Type "System Management" as the value and click "Next"

Step 10. Click "Finish"

Step 11. Right-click on "CN=System Management" and select "Properties"

Step 12. Go to the "Security" tab and click on "Advanced". Add the primary site server "CM" and the security group "CM Servers" that we created in our Active Directory earlier. Give them both "Full Control" and select "This object and all descendant objects" in the "Applies to:" list.

Click "Apply" and close the "ADSI Edit"

Windows Update

Before continuing with the SQL installation and configuration, it´s important to check for Windows Updates once again. The reason for this is that Windows Server 2019 probably need to re-apply the cumulative update in order for the new server roles and features to function correct.

Now that we have successfully installed and configured the required prerequisites for Microsoft Endpoint Configuration Manager, let's move on to the SQL installation and configuration.

Click "Next" below or click "SQL" in the menu to the left.