Blog

The SCConfigMgr ConfigMgr Prerequisite Tool

Having built many SCCM servers and hierarchies, we know that there are a fair number of prerequisites that need to be installed and configured prior to installing SCCM. For years now, I have been implementing these prerequisites largely by hand, with the exception of a Server Role and Features script a former colleague of mine wrote for ConfigMgr 2012 SP1. While revamping my personal lab, I needed to install a new build of SCCM Technical Preview, so I figured it was about time I tried out Nickolaj Andersen’s SCCM Prerequisite tool (https://www.scconfigmgr.com/configmgrprerequisitestool/). SCConfigMgr has become synonymous with premier community tools, and the ConfigMgr Prerequisite Tool is no exception!

To fully utilize this tool, there are some prerequisites we’ll need to complete before we start laying down the SCCM prerequisites that this tool is built to handle. The nice thing is that the prerequisites we need for this tool are already needed for the SCCM Site installation, so they shouldn’t be problematic to accomplish. Here’s the list:

  • SQL Server installed
  • SSRS Installed and DB created
  • SCCM Installation Media or CD.Latest folder backup
  • Windows Server media for .Net 3.5 binaries
  • A local folder created for WSUS
  • A folder for the SCCM Prerequisite Files, which are needed during the installation wizard.
  • An AD Security Group for the systems that will be publishing to AD

Once the above has been addressed, we can start using the tool. The first place to go is the “Settings” Tab which is where we will specify the “alternate source” to be used for .Net 3.5 installation, as well as the connection to our SQL Server. Fill out these fields to match the environment.

Settings -> Sources
Settings -> Connections

There is also a “Credentials” tab, which we can supply an account for remote installation of Roles and Feature, as well as the AD Schema Extension. I did not need this in my lab as my Primary Site Server hosts all the roles and I have already extended the Schema. If we are planning on using this for a production deployment, we’re probably going to need this one filled out, perhaps multiple times.

Settings -> Credentials

Now that our groundwork has been laid, we can move to the “Sites” tab. In the “Site Type” tab, select which type of Site Types we are installing. Check the box for “Retry failed Windows Feature installations with alternative source”. We configured the source in the “Settings” tab in the previous step.

Sites -> Site Type

Once that’s done, click install and let the magic happen!

Sites -> Site Type – Installing Features

On the “Prerequisite Files” tab, point the first option to the requested file (SETUPDL.EXE) on the SCCM Installation media, and then select the folder where we want the prerequisite files to be downloaded. Once complete, click the Start button to download the files. Once we get to installing SCCM, we will reference the folder when prompted.

Sites -> Prerequisite Files (Note: I used a backup of the CD.Latest folder)

The “Preferences” tab may just be my favorite. It will create the no_sms_on_drive.sms file on whatever drives we specify. I always forget this step, but now I won’t be able to!

Sites -> Preferences

Click on the “Roles” tab. Here we will be able to install the Server Roles and Features for the various SCCM Server Roles we will be installing throughout the hierarchy. Note that we can install locally, as well as remote. There is a “use alternate credentials” check box, but it is hidden in my image by the drop down. Note that if we are installing any of the SCCM Server Roles on the Site Server, they are not installed as part of the Sites -> Site Types installer, and will need to be run as needed.

Roles -> Role Selection

The “Directory” tab will prepare Active Directory for publishing. Select the “Schema” tab and then click on the “detect” button. This will determine which Domain Controller holds the Schema Master FISMO role.

In the second field, browse to the EXTADSCH.EXE file, which is the program that extends the Schema. There’s a good chance we’ll need to use the Alternative Credentials field as extending the AD Schema does require Schema Master rights, which, are not commonly assigned to User accounts. Once done, hit the “extend” button.

Directory -> Schema

The “Container” tab will create the “System Management” container, which is where the SCCM Site will publish the information about itself. Click the “detect” button to determine which server holds the PDC Emulator role. Again, we will probably need to specify an alternative credential here for the same reasons stated earlier. Once ready, click create!

Directory -> Container

In the “Permissions” tab, select the AD Security Group that will need rights to publish to AD. Click configure once the group has been selected.

Directory -> Permissions

The “ADK” tab allows us to select which version of ADK we wish to install. If we are going to be using ADK 1809, there are two options we will need to install. We’ll also need to specify where the stub installer will be downloaded to. There is also an Offline option that will download the entire payload to be used if installing SCCM on a system without internet access.

ADK – Online

The “SQL Server” tab allows us to configure and validate a variety of options.

Memory Minimum and Maximum:

SQL Server -> General

Validate Collation:

SQL Server -> Collation

Precreate the database:

SQL Server -> Database

And configure the maximum file sizes as pertains to SSRS:

SQL Server -> SSRS

Last, but certainly not least, go to the “WSUS” tab. This is where we will install the WSUS Role and configure the DB.

On the “Features” tab, select “SQL Server”. (Remember, friends don’t let friends use WID 😉) Click “install” to install the role.

WSUS -> Features

On the “Post-Install” tab, we will need to provide the FQDN of the SQL Server that will hold our SUSDB, the Instance name if we are not using the default (MSSQLSERVER), and the folder that WSUS will want to store its content in. Once supplied, click install.

WSUS -> Post-Install

Once all of that has been completed, we’ll be ready to install SCCM and any other servers in the hierarchy!

Clearly this tool is so much easier to use as it provides a “Single Pane of Glass” to install the SCCM installation prerequisites. We no longer need to hop around from ADSIEdit, Web Browser, AD Users and Computers, Server Manager, File Explorer, and PowerShell. I’ll be using this tool during my SCCM implementation engagements from now on! Thank you, Nickolaj, for such an excellent tool!

Using SQL Maintenance Plans to Backup SCCM CB

I had a client that we recently implemented SCCM CB for. Everything was running smoothly, but they were getting an alert at 2:01 AM everyday stating that their Management Point was unhealthy. After some basic diagnostics, I was able to determine that their MP was fine, but it was the Maintenance Task Backup function that was causing the problem.

Why would the backup break the MP?

It turns out that the native backup function actually stops all of the internal services of SCCM when the backup process starts. The MP Health detection saw that the MP services had stopped, and then fired off the alert before the MP services started back up. Disabling the MP Health alert stopped the emails from going out, but it didn’t solve the problem.

SQL based backups are supported by Microsoft, but his wasn’t always the case. Support for this process was enabled for SCCM 2012 SP1. But the inherent problem with this mechanism is that it doesn’t backup the required files for SCCM to recover from backup, namely the CD.Latest folder.

Fortunately, with a little PowerShell and some knowledge of SQL Management Studio, we can resolve this short coming.

Before we get started, I need to acknowledge the work of Steve Thompson @Steve_TSQL. The script used is his, although slightly modified for UNC share usage. It is really effective. Thanks for the help Steve! (https://stevethompsonmvp.wordpress.com/2016/05/31/configuration-manager-sql-server-backup-guidelines/)

The first step in setting up the backup mechanism is to create the folders that will be written to. They can be local or UNC, but the key step here is to ensure that the Service Account used by the SQL Native Client has “Read” permission on the CD.Latest folder and “Full Control” of the target folder.

Next, we need to open up SQL Management Studio and create the job that will handle the folder copy function:

powershell.exe -command “Get-ChildItem -Path ‘\\[ServerName]\SCCM_Content\backup\CDlatest\*.zip’ | Where-Object {$_.CreationTime -lt (Get-Date).AddDays(-7)} | Remove-Item | Add-Type -Assembly ‘System.IO.Compression.FileSystem’ -PassThru | Select -First 1 | % { [IO.Compression.ZIPFile]::CreateFromDirectory(‘\\[PrimarySiteServer]\SMS_[SiteCode]\cd.latest’, ‘\\[ServerName]\SCCM_Content\backup\CDlatest\CDLatestArchive’ + (Get-Date -format ‘yyyyMMddHHmm’) + ‘.zip’) }”

***Note*** You will need to change the [ServerName] and [PrimarySiteServer] to match your environment

***Pro Tip***

Paste the command in PowerShell ISE so you can tweak the script to fit your own network or local paths. Once you have it dialed in, you can copy it over to SQL Management Studio.

-Start by right clicking on the Jobs folder under SQL Server Agent:

***Note*** If the icon is not green, but red, this means the SQL Native Client service isn’t running. Check the services snap-in (services.msc) to see if it is running. If it isn’t, start it.

-Give the job a name (in this case “BackupDemo”):

-Click on the Steps tab, then select “New”

-Give your step a name, select “Operating system (CmdExec)” in the Type menu, then paste your command line string into the Command window. Once all that is done, click “OK”. Once that has closed, click “OK” again to complete the wizard.

You can manually run the job once you have added the command line by right clicking on the copy job and selecting “Start Job at Step..” This is advisable to try before completing the process to ensure your command has been crafted successfully and to validate permissions on the source and target folders.

Your results should look like this:

-Next, we will need to create our Maintenance Plan. Right click on the Maintenance Plans folder and select “Maintenance Plan Wizard”

-Select “Next”

-Give the plan a name, then hit the “Change..” button next to the Schedule field.

-Create a schedule that works for your organization. In this case, I am scheduling the plan to run once a day at midnight. Select OK when complete.

-The schedule created should now appear in the Schedule field. Click next to proceed.

-Select the following items:

              Clean Up History

              Execute SQL Server Agent Job

              Back Up Database (Full)

              Maintenance Cleanup Task

Click next once complete.

-Move the Execute SQL Server Agent Job to the last step. Click Next when complete.

-Change the “Remove historical data older than” options to 1 Week(s). Click next when complete.

-On the Define Back Up Database (Full Task) – General Tab, in the Database(s) drop down, select the “All user databases (excluding master, model, msdb, tempdb)” option. Click OK.

-On the Destination tab, put in your target folder for your SQL backups. Tick the “Create a sub-directory for each database” checkbox. Make sure the “Backup file extension” is set to “bak”

-On the options tab, select the “Compress backup” option in the “Set backup compression” drop down. Once that has been set, click Next.

-Type or paste in the backup target folder in the “Folder” field under “Search folder and delete files based on an extension”. Type in “bak” under “File extension”. Tick the check box for “Include first-level subfolders”. Change the option “Delete files older than the following” to 1 week(s). Click next when complete.

-Select the CD.Latest backup job we created earlier. Click next when complete.

-Enter a path that you wish to use for backup logs. Click next when complete.

-Review the Maintenance Plan. Go back and change anything that needs correction. Click Finish when complete.

-The Maintenance Plan will be created. If all is successful, you should be greeted by this window. Click Close when complete.

-And our new Maintenance Plan should now be listed under “Maintenance Plans”!

-You can manually kick off the Maintenance Plan by right clicking on it, then selecting “Execute”. This is a good thing to do just to make sure that everything has been configured correctly.

-If nothing impedes the backup process, the SQL backup target folder should start to populate with the compressed backups

And our CD.Latest backup target folder should look something like this:

There are way to configure email alerting with SQL Maintenance plans, but I have yet to implement the functionality. It may be advisable to configure them to ensure that your backups are running correctly.

Once you have validated that the functionality is there, we can now safely rely on this function. If there is sufficient storage to store both the SQL Backup and the Native backup, it may be wise to implement both. Sometimes the “Belt and Suspenders” approach makes sense.