Prerequisites
INSTALLING PREREQUISITES
Log into to the CM server, and we will start installation and configuration of the required prerequisites for Microsoft Endpoint Configuration Manager.
Disk Management
I've chosen to spread the load on multiple drives and as I mentioned in the beginning of Part 4, I have already prepared the Virtual Hard Disks. So the first thing we want to do here is make them online, assign drive letters and formatting them in NTFS file system.
I would recommend formatting the SQL drives in NTFS file system and allocation unit size (block size) must be 64K (Default is 4K)
Drive | Content | Size |
C:\ | Windows | 127GB |
E:\ | ConfigMgr | 200GB |
F:\ | SQL Database | 75GB |
G:\ | SQL Logs | 50GB |
H:\ | SQL TempDB | 50GB |
I:\ | Content Sources | 200GB |
J:\ | Content Library | 200GB |
NO_SMS_ON_DRIVE.SMS
Place a file named "NO_SMS_ON_DRIVE.SMS" in the root of each drive that shouldn’t be used by CM.
Step 1. Type "Disk" in the search line next to the start button, and click "Create and format hard disk partitions"
Step 2. All the disks is in a Offline state. So right-click on "Disk 1" and select "Online"
Step 3. Right-click on "Disk 1" and select "Initialize Disk"
Step 4. Leave everything default and click "OK"
Step 5. Right-click the striped area and select "New Simple Volume"
Step 6. Click "Next"
Step 7. Leave everything default and click "Next"
Step 8. Assign the drive letter and click "Next"
Step 9. Set file system to "NTFS", leave allocation unit size as "Default", give the volume label a descriptive name and click "Next"
I would recommend formatting the SQL drives in NTFS file system and allocation unit size (block size) must be 64K (Default is 4K)
Step 10. Verify the settings and click "Finish"
Step 11. Repeat step 2 to 10 for all the remaining Virtual Hard Disks and you should end up with something similar to the images below.
Step 12. Go to the "SQL Database" drive, create a folder called "Database" and add the "NO_SMS_ON_DRIVE.SMS" file to the root of this drive.
Step 13. Go to the "SQL Logs" drive, create a folder called "Logs" and add the "NO_SMS_ON_DRIVE.SMS" file to the root of this drive.
Step 14. Go to the "SQL TempDB" drive, create a folder called "Database" and add the "NO_SMS_ON_DRIVE.SMS" file to the root of this drive.
Step 15. Add the "NO_SMS_ON_DRIVE.SMS" file to the root of all remaining drives except the "Content Library" drive.
Firewall Configuration
Make sure that Windows Firewall is turned on. We need to add some inbound rules and I've gathered a list of the CM rules that I add with an GPO, I would also recommend you to open for Echo Request (ping) and Remote Desktop.
Name | Action | Protocol | Port |
ConfigMgr - Analysis Services | Allow | TCP | 2382, 2383 |
ConfigMgr - Boot Information Negotiation Layer | Allow | UDP | 4011 |
ConfigMgr - Client notification | Allow | TCP | 10123 |
ConfigMgr - Dynamic Host Configuration Protocol | Allow | UDP | 67, 68 |
ConfigMgr - Hypertext Transfer Protocol | Allow | TCP | 80, 8530 |
ConfigMgr - Multicast Protocol | Allow | UDP | 63000-64000 |
ConfigMgr - RPC Endpoint Mapper (TCP) | Allow | TCP | 135 |
ConfigMgr - RPC Endpoint Mapper (UDP) | Allow | UDP | 135 |
ConfigMgr - Secure Hypertext Transfer Protocol | Allow | TCP | 443, 8531 |
ConfigMgr - Server Message Block (SMB) | Allow | TCP | 445 |
ConfigMgr - SQL | Allow | TCP | 1433, 1434 |
ConfigMgr - SQL Broker | Allow | TCP | 4022 |
ConfigMgr - Trivial File Transfer Protocol | Allow | UDP | 69 |
ConfigMgr - Wake-on-Lan (WOL) | Allow | UDP | 9 |
ConfigMgr - Wake-up proxy | Allow | UDP | 25536 |
ConfigMgr - Windows Update Delta Content | Allow | TCP | 8005 |
Server Roles & Features
We need to add a few Server Roles and Features to the CM server. Before adding the ".NET Framework 3.5" feature, we need to mount the "Windows Server 2019" media because we need a file from it.
Open Windows PowerShell in Administrator elevated mode and follow the steps below.
Step 1. To add the ".NET Framework 3.5" feature, run the below command. The source is the "Windows Server 2019" media, and the drive letter may therefore be different from the example below.
Step 2. To add the remaining Server Roles and Features, run the below command.
Step 3. Ensure that the exit code says "Success" before moving on.
Windows 10 ADK & WinPE
Windows 10 ADK and WinPE can be download from here (They are two separate downloads...)
Step 1. Start the Windows 10 ADK installation. Leave everything default and click "Next"
Step 2. Select "No" and click "Next"
Step 3. Click "Accept" to the License Agreement.
Step 4. Select "Deployment Tools" and "User State Migration Tool (USMT)" and click "Install"
Step 5. Click "Close"
Step 6. Start the WinPE installation. Leave everything default and click "Install"
Step 7. Click "Close"
ConfigMgr Accounts & Groups
Before we continue it's important that we create a few accounts and groups in our Active Directory. I'll be referring to the following accounts and groups throughout the blog post.
Name | Type | Description |
Svc.ClientPush | User | Service Account for Client Push Installation |
Svc.NetworkAccess | User | Service Account for Accessing Network Resources |
Svc.Sql | User | Service Account for SQL/Reporting |
Svc.TaskSequence | User | Service Account for Task Sequence/Domain Join |
CM Administrators | Group | Members in this group grants full permissions in Configuration Manager |
CM Servers | Group | This group contains all site system servers |
Add "CM Administrators" and "CM Servers" to the local administrator group on the site server. If you got multiple site servers I'll recommend you adding them with an GPO.
AD Schema Extension
Since this is a new environment with no previous Configuration Manager installations, we need to extend the Active Directory Schema, but first we'll have to mount the "Configuration Manager" media to the DC server.
Step 1. Add the "Configuration Manager" media to the DC server.
Step 2. Log into to the DC server with an account that is a member of the security group Schema Admins. Navigate to ".\SMSSETUP\BIN\X64\" on the mounted "Configuration Manager" media and execute "extadsch.exe"
Step 3. Verify that Active Directory Schema were successfully extended by checking the "ExtADSch.log" file which is located in the root of the system drive.
Step 4. Type "ADSI" in the search line next to the start button, and click "ADSI Edit"
Step 5. Right-click on "ADSI Edit" and select "Connect to..."
Step 6. Leave everything default and click "OK"
Step 7. Right-click on "CN=System" and create a new "Object..."
Step 8. Select the "Container" class and click "Next"
Step 9. Type "System Management" as the value and click "Next"
Step 10. Click "Finish"
Step 11. Right-click on "CN=System Management" and select "Properties"
Step 12. Go to the "Security" tab and click on "Advanced". Add the primary site server "CM" and the security group "CM Servers" that we created in our Active Directory earlier. Give them both "Full Control" and select "This object and all descendant objects" in the "Applies to:" list.
Click "Apply" and close the "ADSI Edit"
Windows Update
Before continuing with the SQL installation and configuration, it´s important to check for Windows Updates once again. The reason for this is that Windows Server 2019 probably need to re-apply the cumulative update in order for the new server roles and features to function correct.
The Windows Update process is covered in the main section. Click "Previous" below or click "Part 4 - Setting up Microsoft Endpoint Configuration Manager" in the menu to the left.
Now that we have successfully installed and configured the required prerequisites for Microsoft Endpoint Configuration Manager, let's move on to the SQL installation and configuration.
Click "Next" below or click "SQL" in the menu to the left.
Last updated