Microsoft System center configuration manager 2012 step by ......MICROSOFT SYSTEM CENTER...
Transcript of Microsoft System center configuration manager 2012 step by ......MICROSOFT SYSTEM CENTER...
Author
Mai Ali, MCSE Private Cloud
MICROSOFT SYSTEM CENTER
CONFIGURATION MANAGER
2012 STEP BY STEP
Abstract This document include step by step guide for Installing SCCM components including
Software distribution, Software updates and reporting.
Microsoft System center configuration manager 2012 step by step
1 | P a g e
Table of Contents Chapter 1 ..................................................................................................................................................... 5
Installing System Center Configuration Manager Server 2012 ............................................................. 5
Environmental Prerequisites for SCCM Server 2012 ......................................................................... 5
System Center Configuration Manager Server 2012 Prerequisites ................................................... 5
Active Directory Preparation for SCCM Server 2012 ......................................................................... 7
Extend the Active Directory schema for System Center Configuration Manager.......................... 11
Installing System Center Configuration Manager 2012 .................................................................... 11
Chapter 2 ................................................................................................................................................... 18
Configure System Center Configuration Manager 2012 ....................................................................... 18
Configure SCCM site boundary and boundary Group ..................................................................... 18
Configure SCCM Discovery Method .................................................................................................. 22
Configure SCCM Client Installation................................................................................................... 25
Configure System Center Configuration Manager Roles ................................................................. 28
Configure Client Agent Settings .......................................................................................................... 32
Chapter 3 ................................................................................................................................................... 36
Reporting in System Center Configuration Manager ........................................................................... 36
Configure Reporting Services Role in SCCM .................................................................................... 36
Configure Reporting in SCCM ............................................................................................................ 39
Chapter 4 ................................................................................................................................................... 42
Application Management in System Center Configuration Manager ................................................. 42
Deploy MSI Application using SCCM 2012 ....................................................................................... 42
Deploy EXE Application using SCCM 2012 ....................................................................................... 52
Chapter 5 ................................................................................................................................................... 65
Software Updates in System Center Configuration Manager .............................................................. 65
Install WSUS and WDS ........................................................................................................................ 65
Configure Software Update Point Role ............................................................................................... 69
Distribute software updates Using SCCM .......................................................................................... 76
Chapter 6 ................................................................................................................................................... 86
Operating System Deployment in System Center Configuration Manager ........................................ 86
Distribute Boot images to the Distribution Point ............................................................................... 88
Import captured Windows 7 WIM file ............................................................................................... 91
Distribute O.S image to the Distribution points ................................................................................. 93
Create Task Sequence ........................................................................................................................... 96
Microsoft System center configuration manager 2012 step by step
2 | P a g e
Create new collection for Deploy Windows 7 ................................................................................... 101
Import Computer Information .......................................................................................................... 103
Deploy Task Sequence ........................................................................................................................ 106
APPEDIX ................................................................................................................................................. 111
Firewall Ports for Configuration Manager .......................................................................................... 111
Ports Used by Configuration Manager Clients and Site Systems ................................................... 111
Asset Intelligence Synchronization Point -- > Microsoft ............................................................. 111
Asset Intelligence Synchronization Point -- > SQL Server.......................................................... 111
Application Catalog Web Service Point -- > SQL Server ............................................................ 111
Application Catalog Website Point -- > Application Catalog Web Service Point ..................... 111
Client -- > Application Catalog Website Point ............................................................................. 111
Client -- > Fallback Status Point .................................................................................................... 112
Client -- > Global Catalog Domain Controller ............................................................................. 113
Client -- > Management Point ........................................................................................................ 113
Client -- > Software Update Point ................................................................................................. 113
Client -- > State Migration Point ................................................................................................... 113
Client -- > System Health Validator .............................................................................................. 113
Configuration Manager Console -- > Client ................................................................................. 113
Configuration Manager Console -- > Internet ............................................................................. 114
Configuration Manager Console -- > Reporting Services Point ................................................. 114
Configuration Manager Console -- > Site Server ......................................................................... 114
Configuration Manager Console -- > SMS Provider ................................................................... 114
Configuration Manager Policy Module (Network Device Enrollment Service) -- > Certificate
Registration Point ........................................................................................................................... 114
Distribution Point -- > Management Point ................................................................................... 114
Endpoint Protection Point -- > Internet ........................................................................................ 114
Endpoint Protection Point -- > SQL Server .................................................................................. 115
Enrollment Proxy Point -- > Enrollment Point ............................................................................ 115
Enrollment Point -- > SQL Server ................................................................................................. 115
Exchange Server Connector -- > Exchange Online ...................................................................... 115
Exchange Server Connector -- > On Premises Exchange Server ............................................... 115
Mac Computer -- > Enrollment Proxy Point ................................................................................ 115
Management Point -- > Domain Controller .................................................................................. 115
Management Point < -- > Site Server ............................................................................................ 115
Management Point -- > SQL Server .............................................................................................. 116
Microsoft System center configuration manager 2012 step by step
3 | P a g e
Mobile Device -- > Enrollment Proxy Point .................................................................................. 116
Mobile Device -- > Windows Intune .............................................................................................. 116
Out of Band Service Point --> Enrollment Point ......................................................................... 116
Out of Band Service Point --> AMT Management Controller ................................................... 116
Out of Band Management Console --> AMT Management Controller ..................................... 116
Reporting Services Point -- > SQL Server .................................................................................... 116
Site Server < -- > Application Catalog Web Service Point .......................................................... 116
Site Server < -- > Application Catalog Website Point .................................................................. 116
Site Server < -- > Asset Intelligence Synchronization Point ........................................................ 117
Site Server -- > Client ..................................................................................................................... 117
Site Server -- > Cloud-Based Distribution Point .......................................................................... 117
Site Server -- > Distribution Point ................................................................................................. 117
Site Server -- > Domain Controller ............................................................................................... 117
Site Server < -- > Certificate Registration Point .......................................................................... 117
Site Server < -- > Endpoint Protection Point ................................................................................ 117
Site Server < -- > Enrollment Point ............................................................................................... 118
Site Server < -- > Enrollment Proxy Point .................................................................................... 118
Site Server < -- > Fallback Status Point ........................................................................................ 118
Site Server -- > Internet .................................................................................................................. 118
Site Server < -- > Issuing Certification Authority (CA) .............................................................. 118
Site Server < -- > Reporting Services Point .................................................................................. 118
Site Server < -- > Site Server .......................................................................................................... 119
Site Server -- > SQL Server ............................................................................................................ 119
Site Server -- > SMS Provider ........................................................................................................ 119
Site Server < -- > Software Update Point ...................................................................................... 119
Site Server < -- > State Migration Point ........................................................................................ 119
Site Server < -- > System Health Validator................................................................................... 120
SMS Provider -- > SQL Server ...................................................................................................... 120
Software Update Point -- > Internet .............................................................................................. 120
Software Update Point -- > Upstream WSUS Server .................................................................. 120
SQL Server --> SQL Server ........................................................................................................... 120
State Migration Point -- > SQL Server ......................................................................................... 120
Windows Intune Connector -- > Windows Intune ....................................................................... 120
Reference ................................................................................................................................................. 123
Microsoft System center configuration manager 2012 step by step
4 | P a g e
Mai Ali is a Senior Infrastructure Consultant, with a strong
focus in Microsoft, virtualization, Management solution
and Unified Communications area. Over 5 years' study
and hands on experience delivering small to large-scale
projects for different industries, mainly based on
Microsoft and other leading edge technologies, systems
applications and operations running on top of them. She
has Broad and mixed technical background in
infrastructure and communications field, systems
integration, Systems Management, security, as well as an
in-depth understanding of the business of computing
and networking. Currently her main tasks are Architectural design and delivery of Microsoft
environments, with specific focus on multi-vendor UC solutions, based on Microsoft System
Center 2007, Microsoft System Center 2012, Microsoft Lync 2013 with Enterprise Voice,
Office 365, Exchange Unified Messaging, migrations from Lync 2010 and OCS 2007, load
balancers, reverse proxy, firewall, Exchange UM.
Mai Ali has various Technology Certifications and Awards: Microsoft Certified Solutions
Expert (Communications, Server Infrastructure, Private Cloud, and Messaging), MCITP
(Office 365 Administrator), MCITP (Enterprise Administrator Windows 2008), MCITP
(Enterprise Messaging Administrator), MCITP (Lync Server 2010 Administrator), Microsoft
Certified Systems Engineer (Security, Messaging) Windows 2003, MCSA Windows 2012,
MCSA Windows 2008, MCSA (Security) Windows 2003, Citrix Certified Enterprise
Engineer, Cisco Certified Network Professional, Red Hat Certified Engineer, STS
Symantec Enterprise Vault 10.0 for Exchange and Symantec Certified Professional
Program Data Protection.
Mai Ali has been very involved with Windows Server based virtualization, communication
and Management solutions including Microsoft System Center, Microsoft Lync and Office
365. She is currently a prolific blogger at http://expertslab.wordpress.com and has done
many Scripts for automatic configuration on Microsoft TechNet Gallery. Mai likes giving
back via community forums: She has contributed thousands of posts to Microsoft System
Center, Microsoft Lync and Experts-Exchange community forums over the years.
Mai Ali’s Blog: http://expertslab.wordpress.com
Microsoft System center configuration manager 2012 step by step
5 | P a g e
Chapter 1
Installing System Center Configuration Manager
Server 2012 Posted on July 6, 2014 by Mai Ali
NOTE: Remember Configuration Manager Server 2012 Preview is not meant for live/production
environments {It’s for Lab and Show concepts and configuration}.
Setup System Center Configuration Manager Server 2012 on Windows Server 2012R2 step
by step. Here is an outline of what we will do:
1. Environmental Prerequisites for Configuration Manager Server 2012
2. Configuration Manager 2012 Prerequisites
3. Install Configuration Manager Server 2012
1. Prepare Active Directory.
2. Extend the Active Directory schema for Configuration Manager
3. Install Configuration Manager 2012
Environmental Prerequisites for SCCM Server 2012
1. Active Directory Services
2. DNS
3. SQL Server 2012 SP1 {for Details: http://expertslab.wordpress.com/2014/06/28/how-to-
install-sql-server-2012-standard-edition/}.
System Center Configuration Manager Server 2012 Prerequisites
On CCM Server– Install the Deployment Tools, Windows PE, and the User State
Migration tool from the Windows 8
ADK: http://www.microsoft.com/enus/download/details.aspx?id=30652
Microsoft System center configuration manager 2012 step by step
6 | P a g e
Open PowerShell as an Administrator and run the following cmdlet:
Import-Module ServerManager
Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-
WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-
Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-
Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-
Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-
Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-
Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat –Source
D:\sources\sxs
Microsoft System center configuration manager 2012 step by step
7 | P a g e
Active Directory Preparation for SCCM Server 2012
To create the System container for SCCM to publish its settings in the active directory,
follow the below steps:
1. Open the Adsiedit.msc.
2. Select the System container, click New, and select container.
3. In the value, Type System Management, click Next.
Microsoft System center configuration manager 2012 step by step
8 | P a g e
4. In the create object page, click Next then Finish
To Delegate the security permissions for SCCM server, open the Active
Directory Users and Computers.
1. Right click on the System Management object, and select delegate control.
2. In the welcome to delegation wizard, click Next.
Microsoft System center configuration manager 2012 step by step
9 | P a g e
3. In the object, set the object to computer, select the <CCM>, click Next.
4. In the task to delegate, select custom task.
5. In the delegate control of, select this folder and create new objects for the folder, click
Next.
Microsoft System center configuration manager 2012 step by step
10 | P a g e
6. In the permissions page, select full control, and click Next.
7. In the Delegation of Control page, click Finish.
Microsoft System center configuration manager 2012 step by step
11 | P a g e
Extend the Active Directory schema for System Center Configuration
Manager
Follow the below steps to extend active directory schema for SCCM:
1. Run the Command Prompt as Administrator, Run “cd D:\SMSSETUP\BIN\X64″ screen,
click Enter.
2. Run extadsh.exe, click Enter
Installing System Center Configuration Manager 2012
Follow the below steps to install SCCM primary site:
1. Run the setup.exe from the SCCM installation media.
2. In the Welcome screen, click Next.
Microsoft System center configuration manager 2012 step by step
12 | P a g e
3. In Getting Started Screen, select Install a Configuration Manager Primary Site then click
Next
4. In the license term page, Select Accept the license then click Next
5. Create a folder on C:\ Downloads and then specify the path to download the updates
Microsoft System center configuration manager 2012 step by step
13 | P a g e
6. In Server Language Selection screen, Click Next
7. In Client Language Selection Screen, Click Next
8. Enter site code “001″, site Name “HQ” and Installation Settings, install the site on
“C:\Program Files\Microsoft Configuration Manager”
Microsoft System center configuration manager 2012 step by step
14 | P a g e
9. In Primary Site Installation, Select Standalone site. Then click yes on information
window
10. In Database Information, Type SQL Server Name <CCM.lab.local>
11. In SMS provider settings, Click Next
Microsoft System center configuration manager 2012 step by step
15 | P a g e
12. In Client computer communication settings, select Configure the Communication method
on each site system role
13. In site system roles, Click Next
14. Click Next at the CEIP Screen then review Settings Summary
Microsoft System center configuration manager 2012 step by step
16 | P a g e
15. Click on Begin Install
16. After few minutes, The installation finish, click Close
17. Congratulations, you’ve installed System Center 2012 Configuration Manager SP1, Start
the Configmgr console
Microsoft System center configuration manager 2012 step by step
17 | P a g e
Microsoft System center configuration manager 2012 step by step
18 | P a g e
Chapter 2
Configure System Center Configuration Manager 2012
Configure SCCM site boundary and boundary Group
Posted on July 5, 2014 by Mai Ali
To configure SCCM site Boundary, Follow below steps
1. In the Administration section, select Boundaries, Click Create Boundary
2. In Type select Active Directory Site ,and In Active Directory site name, Select Browse
“Default-First-Site-Name”
Microsoft System center configuration manager 2012 step by step
19 | P a g e
3. Click OK, The boundary is created.
To configure SCCM site Boundary Group, Follow below steps
1. Right click on Boundary Groups and choose Create Boundary Group
2. Give the Boundary Group a HQ Boundary Group, click on Add.
3. In the Add Boundaries window, place a check mark in “Default-First-Site-Name”
Boundary
Microsoft System center configuration manager 2012 step by step
20 | P a g e
4. click OK, It now appears in list of Boundaries which are a member of this Boundary
Group, click on References
5. Select “Use this Boundary Group for site assignment” then click on Add
Microsoft System center configuration manager 2012 step by step
21 | P a g e
6. Select site system “\\CCM.Lab.local” then click OK
7. click Apply
Microsoft System center configuration manager 2012 step by step
22 | P a g e
8. Now we have defined which site our clients can get assigned to via the Boundary Group,
and we have defined their content location
Configure SCCM Discovery Method
Posted on July 6, 2014 by Mai Ali
To allow SCCM to discover system, users and network resources and discovery method has
to be configured to discover those resources, follow the below steps to configure SCCM
Discovery Method:
1. Click on the Administration workspace, expand Overview, Hierarchy Configuration and
select Discovery Methods, you will find that Heartbeat Discovery is the only Method
Enabled by Default.
Microsoft System center configuration manager 2012 step by step
23 | P a g e
2. Enable the following discovery methods
a) Active Directory Forest Discovery
b) Active Directory System Discovery
c) Active Directory Group Discovery
d) Active Directory User Discovery
2. Right click on Active Directory Forest Discovery and choose Properties
3. Select “Enable Active Directory Forest Discovery” with two below options
Microsoft System center configuration manager 2012 step by step
24 | P a g e
4. Click Apply and Select yes to run Full Discovery question
5. Configure Active Directory System Discovery , Right click it and select Properties, the
properties page will show, Select Enable Active Directory System Discovery
6. Click on the Yellow StarBurst, then click Browse and select default Active Directory
Container
7. Select the options, Check two options “Only discover computers” and press OK
Microsoft System center configuration manager 2012 step by step
25 | P a g e
8. Same Previous Steps, to enable Active Directory User Discovery and Active Directory
Group Discovery.
Configure SCCM Client Installation
Posted on July 6, 2014 by Mai Ali
Follow the below steps to configure the SCCM client installation methods:
1. In Administration, click on Site Configuration, Sites, select our site, In the ribbon above
click on Settings, select Client Installation Settings then select Client Push Installation
2. On the general screen, Select “Enable Automatic site-wide client push installation”
Microsoft System center configuration manager 2012 step by step
26 | P a g e
3. Click on the Accounts tab, and select the yellow star, choose New Account
4. Type “Domain\username” the Client Push account, use Client Install account which we
created in Active Directory<Lab\CMAdmin>
Microsoft System center configuration manager 2012 step by step
27 | P a g e
5. Click on Verify and type in Network Path “\\CCM\Sources” to check.
6. Click Ok.
7. Click on Assets and Compliance and expand Devices, All Systems, Select Exchange
Server, Right click on “EX13″ and click Install Client.
8. Set Installation Options as exist in below screen
Microsoft System center configuration manager 2012 step by step
28 | P a g e
9. After some minutes the client is installed and refresh the view, you’ll notice is says
Client=Yes on “EX13″ which deploy agent on it.
Configure System Center Configuration Manager Roles
Posted on July 6, 2014 by Mai Ali
By default SCCM doesn’t install Application Catalog features which responsible to deploy
Applications, use the following steps to install Application Catalog features:
1. In Administration, click on Servers and Site System Roles and right click on Site Server,
choose Add Site System Roles.
Microsoft System center configuration manager 2012 step by step
29 | P a g e
2. In General and proxy screen, Click next.
3. Select both”Application Catalog website point” and “Application Catalog web service
point” roles.
4. In Application Catalog Web service point, click Next.
Microsoft System center configuration manager 2012 step by step
30 | P a g e
5. In Application Catalog Website Point settings, click Next.
6. Enter Organization name <Lab HQ> and pick a Color scheme for the Application
Catalog!
Microsoft System center configuration manager 2012 step by step
31 | P a g e
7. Confirm the settings, click next on summary screen.
8. Configuration roles finish now successfully.
Microsoft System center configuration manager 2012 step by step
32 | P a g e
Configure Client Agent Settings
Posted on July 6, 2014 by Mai Ali
Follow the below steps to configure the SCCM client setting:
1. In the Administration section click on Client Settings in the left pane, and select the
Default Client Settings listed, click Properties
2. Click on Client Policy and Set client policy polling interval to every 5 minutes as it’s a
LAB (the Default setting is 60 minutes), this means that every 5 minutes Client will
contact it’s Management Point for any new policy
Microsoft System center configuration manager 2012 step by step
33 | P a g e
3. Select Computer Agent and configure it as below
a) Click on Set Website for Default Application Catalog Website and set it to select
“use intranet FQDN”
b) Set Add default Application Catalog website to Internet Explorer trusted zone to
yes
Microsoft System center configuration manager 2012 step by step
34 | P a g e
c) Set the Organization Name Displayed in Software Center to “My Lab”
4. Set Software updates Scan schedule and deployment re-evaluation from 7 days to 1 day
5. Select User and Device Affinity and change Allow users to define their primary device to
Yes
Microsoft System center configuration manager 2012 step by step
35 | P a g e
6. Click Ok to save the Client Agent Settings.
Microsoft System center configuration manager 2012 step by step
36 | P a g e
Chapter 3
Reporting in System Center Configuration Manager
Microsoft System Center Configuration Manager 2012 reporting helps you to gather, organize,
and present information about users, hardware and software inventory, software updates, site
status, and other Configuration Manager operations in your organization. Reporting provides you
with a number of predefined reports that you can use as is or that you can modify to meet your
needs, or custom reports and dashboards can be created to meet your needs. To configure
Reporting in Configuration Manager, Here is an outline of what we will do:
1. Configure Reporting Services Role
2. Configure Reporting
Configure Reporting Services Role in SCCM
Posted on July 6, 2014 by Mai Ali
By default SCCM doesn’t install Reporting Services features which responsible to run
Reports, use the following steps to install Reporting Services features:
1. In the ConfigMgr console, click on Administration, Site Configuration, Servers and Site
System Roles, right click on our server and choose Add Site System Roles.
2. When Add site system roles wizard appears, click Next
Microsoft System center configuration manager 2012 step by step
37 | P a g e
3. Select Reporting Services Point, click next.
4. Specify some Reporting Services settings, click on Verify beside Database name
<CM_001>.
Microsoft System center configuration manager 2012 step by step
38 | P a g e
5. For User Name click on the Set drop down menu and select New Account, when
prompted for Windows User Account, enter the credentials of ReportsUser account Click
OK.
6. In Specify Reporting Services setting, click next.
7. Confirm the settings, click next on summary screen.
Microsoft System center configuration manager 2012 step by step
39 | P a g e
8. Reporting Services role is installed successfully.
Configure Reporting in SCCM
Posted on July 7, 2014 by Mai Ali
Now that the Reporting Services Point role is installed we need to do some configuration
before we can view reports.
1. In the Monitoring Space of ConfigMgr console click on Reports it will list 0 items.
2. In the Monitoring Space of ConfigMgr console click on Reporting, Click on link
http://CCM/Reports below Report Manager.
Microsoft System center configuration manager 2012 step by step
40 | P a g e
3. Click Folder Settings
4. Click New Role Assignment
5. In Group or Username Enter ReportsUser <lab\administrator> and give the user
permissions you want
Microsoft System center configuration manager 2012 step by step
41 | P a g e
6. Now we can see that the ReportsUser has all reporting roles
7. In the ConfigMgr console, expand reports, Select the All Collections report, right click it,
and choose Run.
8. A list of collections appears in the Report Viewer, you can drill down further into the
report by clicking on All Systems
Microsoft System center configuration manager 2012 step by step
42 | P a g e
Chapter 4
Application Management in System Center Configuration
Manager
Application management in Microsoft System Center 2012 Configuration Manager provides a
set of tools and resources that can help you to create, manage, deploy, and monitor applications
in the enterprise. Use the topics in the following section for detailed information about
application management in Configuration Manager. There are two type of deployment
Application:
1. Deploy MSI Application
2. Deploy EXE Application
Deploy MSI Application using SCCM 2012
Posted on July 6, 2014 by Mai Ali
To create a custom package for installing Xml Note, you will have to use the msi file to
create a package and program to distribute the package to the clients.
1. Copy the Xmlnotepad.msi to the folder <\\CCM\Sources\ Xmlnotepad.msi>
2. In the Configmgr Console, click on Software Library, Applications, in the ribbon click
on Create Application
3. When the Create Application wizard appears click on browse then point it to the UNC of
where the MSI is stored <\\CCM\Sources\ Xmlnotepad.msi>
Microsoft System center configuration manager 2012 step by step
43 | P a g e
4. Click next and you’ll get to the Imported Information screen
5. Click Next again to enter General Information about this application, verify that the
installation switches and click Next
Microsoft System center configuration manager 2012 step by step
44 | P a g e
6. In confirm the setting for this Application, click Next
7. Now Create Application finish Successfully
Microsoft System center configuration manager 2012 step by step
45 | P a g e
8. Now that we’ve created our first application, let’s distribute it to DP, select listed
application and in the ribbon above, and click on Distribute Content
9. The distribute content wizard appears, click Next
10. Review the content to distribute, click Next
11. In Specify the Content destination, Click Add
Microsoft System center configuration manager 2012 step by step
46 | P a g e
12. Select Distribution Point<CCM.Lab.local> and click OK
13. Click Next
Microsoft System center configuration manager 2012 step by step
47 | P a g e
14. Review the summary and click Next
15. Click close
Microsoft System center configuration manager 2012 step by step
48 | P a g e
16. Select Xml Notepad 2007 and in the ribbon, click on Deploy
17. When the wizard appears click on browse beside Collection, and choose Device
Collections <Temp>, Click OK
18. Click Next
Microsoft System center configuration manager 2012 step by step
49 | P a g e
19. In Deployment Settings, Action choose Install and Purpose chose Required for automatic
installation
20. In scheduling screen, Select “As soon as possible after the available time” then click Next
Microsoft System center configuration manager 2012 step by step
50 | P a g e
21. In User Experience Screen, Click Next
22. In Alert Screen, Click Next
Microsoft System center configuration manager 2012 step by step
51 | P a g e
23. Review the summary then proceed to the completion screen, click close
24. After few minutes, Application deploy successfully on the client
Microsoft System center configuration manager 2012 step by step
52 | P a g e
Deploy EXE Application using SCCM 2012
Posted on July 6, 2014 by Mai Ali
To create a custom package for installing WINRAR, you will have to use the EXE file to
create a package and program to distribute the package to the clients.
1. Copy the WINRAR.exe to the folder <\\CCM\Sources\ wrar390.exe>
2. In the ConfigMgr Console, click on Software Library, Applications, in the ribbon click
on Create Application
3. Choose “Manually specify the application information”, Click Next
4. Enter a name <Winrar> and click Next
5. In Application Catalog Screen, click Next
Microsoft System center configuration manager 2012 step by step
53 | P a g e
6. In Deployment Types, Click Add
7. In Content Screen, Enter the share location for the application source files on content
location “\\ccm\sources”, enter command to execute the installation, in this instance
wrar390.exe /s, Click Next
Microsoft System center configuration manager 2012 step by step
54 | P a g e
8. Add in a detection clause for the application, Click Next
9. Choose Installation behavior and click Next
Microsoft System center configuration manager 2012 step by step
55 | P a g e
10. Click Next all the way to the end of Create Deployment Type wizard
11. In Deployment Types Screen, Click Next
Microsoft System center configuration manager 2012 step by step
56 | P a g e
12. Confirm the settings of the application in summary screen
13. Click Close
Microsoft System center configuration manager 2012 step by step
57 | P a g e
14. Now that we’ve created our first application, let’s distribute it to DP, select listed
application and in the ribbon above, and click on Distribute Content
15. The distribute content wizard appears, click Next
16. Review the content to distribute, click Next
17. In Specify the Content destination, Click Add
Microsoft System center configuration manager 2012 step by step
58 | P a g e
18. Select Distribution Point<CCM.Lab.local> and click OK
19. Click Next
Microsoft System center configuration manager 2012 step by step
59 | P a g e
20. Review the summary and click Next
21. Click close
Microsoft System center configuration manager 2012 step by step
60 | P a g e
22. Select Winrar and in the ribbon, click on Deploy
23. When the wizard appears click on browse beside Collection, and choose Device
Collections <Temp>, Click OK
24. Click Next
Microsoft System center configuration manager 2012 step by step
61 | P a g e
25. In Deployment Settings, Action choose Install and Purpose chose Required for automatic
installation
26. In scheduling screen, Select “As soon as possible after the available time” then click Next
Microsoft System center configuration manager 2012 step by step
62 | P a g e
27. In User Experience Screen, Click Next
28. In Alert Screen, Click Next
Microsoft System center configuration manager 2012 step by step
63 | P a g e
29. Review the summary then proceed to the completion screen, click close
30. After few minutes, Application deploy successfully on the client.
Microsoft System center configuration manager 2012 step by step
64 | P a g e
Microsoft System center configuration manager 2012 step by step
65 | P a g e
Chapter 5
Software Updates in System Center Configuration Manager
Software updates in System Center 2012 Configuration Manager provides a set of tools and
resources that can help manage the complex task of tracking and applying software updates to
client computers in the enterprise. An effective software update management process is
necessary to maintain operational efficiency, overcome security issues, and maintain the stability
of the network infrastructure. However, because of the changing nature of technology and the
continual appearance of new security threats, effective software update management requires
consistent and continual attention.
To Configure Software Updates in Configuration Manager, Here is an outline of what we
will do:
1. Install Windows Server Update Services and Windows Deployment Services Role
2. Configure Software Update Point Role
3. Distribute software updates
Install WSUS and WDS
Posted on July 6, 2014 by Mai Ali
To install WSUS and WDS, follow the below steps
1. From Server Manager, click Add Roles and Features
2. On the Before you begin page, click Next.On Installation Type Screen and Screen
Selection, Click Next
Microsoft System center configuration manager 2012 step by step
66 | P a g e
3. On the Add Roles Wizard, Select Windows Server Update Services and Windows
Deployment Services
4. Click Next on the Windows Server Update Services page
5. Confirm in Role services of WSUS, Select ” WID Database, WSUS Services”, Click
Next
Microsoft System center configuration manager 2012 step by step
67 | P a g e
6. On content Screen, Enter path to download updates “c:\wsus” and Share this folder
7. Click Next on the Windows Deployment Services page
8. Confirm in Role services of WDS, Select ” Deployment Server, Transport Server”, Click
Next
Microsoft System center configuration manager 2012 step by step
68 | P a g e
9. Click Install on confirmation Page
10. Installation Role finish Successfully
11. Click on WSUS from start menu to finish installation
Microsoft System center configuration manager 2012 step by step
69 | P a g e
12. On WSUS configuration Screen Click Cancel
Configure Software Update Point Role
Posted on July 6, 2014 by Mai Ali
To configure Software Update Point Role, follow below steps
1. From the Configuration Manager console, click Administration, expand Site
Configuration and click Servers and Site System Roles, Right click the primary server
and click Add Site System Roles.
2. On the General page, click next and on proxy page, click next.
Microsoft System center configuration manager 2012 step by step
70 | P a g e
3. On the System Role Selection page, check Software update point
4. On the Software Update Point page, Select “WSUS is configured to use ports 8530 and
8531 for client communication”, click Next
Microsoft System center configuration manager 2012 step by step
71 | P a g e
5. Specify proxy settings if needed to connect to the internet to synchronize and download
content.
6. On the Synchronization source page, select to Synchronize from Microsoft Update. This
option is only available for stand-alone primary servers and for CAS servers. Secondary
servers and primary servers within a hierarchy are automatically configured to upstream
through their parent site.
7. Under WSUS reporting events, keep the default selection since Configuration Manager
doesn’t interpret WSUS reporting events.
Microsoft System center configuration manager 2012 step by step
72 | P a g e
8. On the Synchronization Schedule page, check to Enable synchronization on a schedule
and check to Alert when synchronization fails on any site in the hierarchy
9. On the Supersedence Rules page, if you click to immediately expire a superseded
software update, you will be able to see the expired updates in the Configuration
Manager console for a period of 7 days. Following that, expired updates that are not
associated with any deployment will be tomb-stoned.
10. You can select some time if you would need to wait before a superseded software update
is expired
Microsoft System center configuration manager 2012 step by step
73 | P a g e
11. On the Classifications page, select the classification you want to synchronize
12. On the Products page, select the products you want to synchronize
Microsoft System center configuration manager 2012 step by step
74 | P a g e
13. On the Languages page, select the language you want to synchronize
14. On the Summary page, click Next
Microsoft System center configuration manager 2012 step by step
75 | P a g e
15. On the Completion page, click Finish
16. From the Configuration Manager console and from the Administration tab, click All
Software Updates and click Synchronize Software Updates
17. Click Yes on the informational box
Microsoft System center configuration manager 2012 step by step
76 | P a g e
18. You can monitor the synchronization progress by checking wsyncmgr.log
19. Windows update download Successfully
Distribute software updates Using SCCM
Posted on July 7, 2014 by Mai Ali
Before starting distributing updates, WSUS needs to synchronize the list of updates from
the Microsoft updates catalog, then updates could be distributed to windows clients, to
distribute the updates follow the below steps:
1. In the ribbon, Select Software Library, Select on “All Software Updates” and then Click
on “Create Software Update Group”
Microsoft System center configuration manager 2012 step by step
77 | P a g e
2. Name “Windows 7 Updates” and click on Create
3. Click on Software Update Groups in the console, In ribbon, click Show Members to see
the updates in this group.
4. This lists the Software Updates contained in the Software Update Group
5. Select Windows 7 Updates Software Update Group and in the Ribbon click on Deploy.
Microsoft System center configuration manager 2012 step by step
78 | P a g e
6. Give it a name. On collection, select Browse and select “windows 7″ collection
7. Click Next
8. For Deployment Settings, set the type of deployment to Required and Detail level “Only
Success and error messages”.
Microsoft System center configuration manager 2012 step by step
79 | P a g e
9. For scheduling set the Time Based on to “Client local time”
10. For User Experience, Select “Software update Installation” and “System Restart”
Microsoft System center configuration manager 2012 step by step
80 | P a g e
11. Set Alerts client compliance is below the following to 95%
12. Set the Download Settings to “Download a Software Update from distribution point and
install”, click next
Microsoft System center configuration manager 2012 step by step
81 | P a g e
13. In Deployment Package page, Select create a new deployment package, and Set Package
Source Path “CCM\WSUS\Windows 7 updates”
14. On Distribution Point, Click Add
Microsoft System center configuration manager 2012 step by step
82 | P a g e
15. Select Distribution Point “CCM.Lab.local” from the list
16. On Distribution Point screen, click Next
Microsoft System center configuration manager 2012 step by step
83 | P a g e
17. For Download Location select Download Software Updates from the Internet, click Next
18. Select the English language and click Next
Microsoft System center configuration manager 2012 step by step
84 | P a g e
19. At the summary screen, click Next
20. The Deploy Software Update Wizard completed successfully
Microsoft System center configuration manager 2012 step by step
85 | P a g e
21. Finally, Downloaded and Deployed is “Yes”
Microsoft System center configuration manager 2012 step by step
86 | P a g e
Chapter 6
Operating System Deployment in System Center
Configuration Manager Posted on July 7, 2014 by Mai Ali
Below are the step by step instructions to Deploy Operating System using configuration
Manager Server 2012. Here is an outline of what we will do:
1. Add a WDS role on Configuration Manager server
2. Add a DHCP scope on Domain Controller
3. Configure Option 66 and 67 on DHCP {Option 66: FQDN OF SCCM Server,
Option 67: smsboot\x86\wdsnbp.com}
4. Enabled a PXE service point on Distribution Point under Configuration Manager 2012
site systems
5. Enabled Unknown computer support
Microsoft System center configuration manager 2012 step by step
87 | P a g e
6. Distributed both x86 and x64 Boot images to the Distribution Point
7. In Boot file properties, under Data Source tab checked the option : “Deploy this boot
image from the PXE service point “
8. Import Capture OS Image for Windows 7
9. Distributed O.S image to the distribution point
10. Created a task sequence to deploy the O.S image
11. Create Collection to deploy O.S image
12. For new clients, Import Computer Information
13. Assigned the task sequence to a Collection, under device collections.
14. Power on Client PC to Start O.S Deployment
Microsoft System center configuration manager 2012 step by step
88 | P a g e
Distribute Boot images to the Distribution Point
Posted on July 7, 2014 by Mai Ali
To distribute Boot image {both x86 and x64} to the distribution Points, follow below steps
1. Select Boot image (X86). In the ribbon above click on Distribute Content
2. When the Distribute Content Wizard appears, click Next
3. To specify the destination, click on Add
Microsoft System center configuration manager 2012 step by step
89 | P a g e
4. Select Distribution Point “CCM.Lab.local” from the list
5. On content destination screen, click Next
Microsoft System center configuration manager 2012 step by step
90 | P a g e
6. In summary page, click Next
7. The Distribution content complete successfully
Microsoft System center configuration manager 2012 step by step
91 | P a g e
Import captured Windows 7 WIM file
Posted on July 7, 2014 by Mai Ali
To import captured Windows 7 WIM file, follow below steps
1. In the Software Library, Operating Systems section of the ConfigMgr console, click
on Operating System Images, in ribbon, click Add Operating System Image
2. Browse to the UNC of of captured the image and select the captured wim
file<\\CCM\Sources\windows 7.wim>
Microsoft System center configuration manager 2012 step by step
92 | P a g e
3. Fill in some details about the image
4. click through the summary, progress to completion
Microsoft System center configuration manager 2012 step by step
93 | P a g e
5. Import finish Successfully
Distribute O.S image to the Distribution points
Posted on July 7, 2014 by Mai Ali
To distribute O.S image to the distribution Points, follow below steps
1. Select Windows 7 image. In the ribbon above click on Distribute Content
Microsoft System center configuration manager 2012 step by step
94 | P a g e
2. When the Distribute Content Wizard appears, click Next
3. To specify the destination, click on Add
4. Select Distribution Point “CCM.Lab.local” from the list
Microsoft System center configuration manager 2012 step by step
95 | P a g e
5. On content destination screen, click Next
6. In summary page, click Next
Microsoft System center configuration manager 2012 step by step
96 | P a g e
7. The Distribution content complete successfully
Create Task Sequence
Posted on July 7, 2014 by Mai Ali
To create Task Sequence, follow below steps
1. In Task Sequences, right click and choose Create Task Sequence.
Microsoft System center configuration manager 2012 step by step
97 | P a g e
2. Select “Install an existing image package”, click Next.
3. Fill in some details about the image and Click browse and select the X86 boot image,
click next to proceed.
Microsoft System center configuration manager 2012 step by step
98 | P a g e
4. Select the Windows 7 image by clicking on browse and set an administrator password,
unchecked “Partition and format the target computer before installing the operating
system”.
5. For the Configure the Network, select join the domain so click on browse beside join a
domain, specify the user <lab\administrator> that has permissions to join the domain.
6. In Install the Configuration Manager client Screen click on browse, Select “Configuration
Manager client package”, and click Next
Microsoft System center configuration manager 2012 step by step
99 | P a g e
7. For Configure State Migration, select “Microsoft Corporation USMT” package, Select
“user settings Locally” and click Next.
8. For Include Updates select All Software Updates.
Microsoft System center configuration manager 2012 step by step
100 | P a g e
9. In Install Applications Screen, Click Next
10. In Summary Page, Click Next
Microsoft System center configuration manager 2012 step by step
101 | P a g e
11. The Create Task Sequence Wizard completed Successfully
Create new collection for Deploy Windows 7
Posted on July 7, 2014 by Mai Ali
To create new collection for deploy windows7, follow below steps
1. In the ConfigMgr console, click on Assets and Compliance, select Device Collections,
and click on Create Device Collection in the Ribbon.
Microsoft System center configuration manager 2012 step by step
102 | P a g e
2. Fill in the collection details, Name “Windows 7″, limit it to All Systems
3. Membership Rules page, will not create any queries or any computers and Click Next.
4. In Summary page, click Next
Microsoft System center configuration manager 2012 step by step
103 | P a g e
5. The create Device collection wizard completed successfully
Import Computer Information
Posted on July 7, 2014 by Mai Ali
To import computer information for new PC, follow below steps
1. In Assets and Compliance, Select Devices. In Ribbon, Select “Import Computer
Information”
Microsoft System center configuration manager 2012 step by step
104 | P a g e
2. On Select Source page, Select “Import Single Computer”, and Click Next
3. Specify the information to import computer, Enter Computer Name “Client” and Mac
Address of Machine “00:0C:29:2C:B5:98″ that you want to import it
4. In Data Preview, Click Next
Microsoft System center configuration manager 2012 step by step
105 | P a g e
5. Choose Target Collection, Select “Add computer to the following Collection”, Click
Browse and select “Windows 7″
6. In Summary Page, Click Next
Microsoft System center configuration manager 2012 step by step
106 | P a g e
7. The Import Computer Information Wizard completed successfully
Deploy Task Sequence
Posted on July 7, 2014 by Mai Ali
To Deploy Task Sequence, follow below steps
1. In Assets and Compliance, Select “Windows 7″ collection. In Ribbon, Select Deploy, and
Click Task sequence
Microsoft System center configuration manager 2012 step by step
107 | P a g e
2. On General Page, Select collection “Windows 7″ and Click Next
3. In Deployment Settings, Change purpose to Available, and in Make available to
following select “configuration Manager clients, media and PXE”
4. In Scheduling Screen, Rerun behavior “Rerun if failed previous attempt”
Microsoft System center configuration manager 2012 step by step
108 | P a g e
5. In User Experience Page, Click Next
6. In Alerts Page, Click Next
Microsoft System center configuration manager 2012 step by step
109 | P a g e
7. In Distribution Points, Click Next
8. In Summary Screen, Click Next
9. The Deploy Software Wizard completely successfully
Microsoft System center configuration manager 2012 step by step
110 | P a g e
Microsoft System center configuration manager 2012 step by step
111 | P a g e
APPEDIX
Firewall Ports for Configuration Manager
Ports Used by Configuration Manager Clients and Site Systems
The following sections detail the ports used for communication in Configuration Manager. The
arrows in the section title, between the computers, represent the direction of the communication:
-- > indicates one computer initiates communication and the other computer always
responds
< -- > indicates that either computer can initiate communication
Asset Intelligence Synchronization Point -- > Microsoft
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443
Asset Intelligence Synchronization Point -- > SQL Server
Description UDP TCP
SQL over TCP -- 1433 (See note 2, Alternate Port Available)
Application Catalog Web Service Point -- > SQL Server
Description UDP TCP
SQL over TCP -- 1433 (See note 2, Alternate Port Available)
Application Catalog Website Point -- > Application Catalog Web Service Point
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available)
Client -- > Application Catalog Website Point
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available)
Client -- > Client
Microsoft System center configuration manager 2012 step by step
112 | P a g e
In addition to the ports listed in the following table, wake-up proxy also uses Internet Control
Message Protocol (ICMP) echo request messages from one client to another client when they are
configured for wake-up proxy. This communication is used to confirm whether the other client
computer is awake on the network. ICMP is sometimes referred to as TCP/IP ping commands.
ICMP does not have a UDP or TCP protocol number, and so it is not listed in the following
table. However, any host-based firewalls on these client computers or intervening network
devices within the subnet must permit ICMP traffic for wake-up proxy communication to
succeed.
Description UDP TCP
Wake on LAN 9 (See note 2, Alternate Port Available) --
Wake-up proxy 25536 (See note 2, Alternate Port Available) --
Client -- > Configuration Manager Policy Module (Network Device Enrollment Service)
Description UDP TCP
Hypertext Transfer Protocol (HTTP) 80
Secure Hypertext Transfer Protocol (HTTPS) -- 443
Client -- > Cloud-Based Distribution Point
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443
Client -- > Distribution Point
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available)
Client -- > Distribution Point Configured for Multicast
Description UDP TCP
Server Message Block (SMB) -- 445
Multicast Protocol 63000-64000 --
Client -- > Distribution Point Configured for PXE
Description UDP TCP
Dynamic Host Configuration Protocol (DHCP) 67 and 68 --
Trivial File Transfer Protocol (TFTP) 69 (See note 4 Trivial FTP (TFTP) Daemon) --
Boot Information Negotiation Layer (BINL) 4011 --
Client -- > Fallback Status Point
Description UDP TCP
Microsoft System center configuration manager 2012 step by step
113 | P a g e
Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available)
Client -- > Global Catalog Domain Controller
A Configuration Manager client does not contact a global catalog server when it is a workgroup
computer or when it is configured for Internet-only communication.
Description UDP TCP
Global Catalog LDAP -- 3268
Global Catalog LDAP SSL -- 3269
Client -- > Management Point
Description UDP TCP
Client notification (default communication before falling
back to HTTP or HTTPS)
-- 10123 (See note 2, Alternate
Port Available)
Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port
Available)
Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port
Available)
Client -- > Software Update Point
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 or 8530 (See note 3, Windows Server Update
Services)
Secure Hypertext Transfer Protocol
(HTTPS)
-- 443 or 8531 (See note 3, Windows Server Update
Services)
Client -- > State Migration Point
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available)
Server Message Block (SMB) -- 445
Client -- > System Health Validator
The client requires the ports established by the Windows Network Access Protection client,
which is dependent upon the enforcement client being used. For example, DHCP enforcement
will use ports UDP 67 and 68. IPsec enforcement will use ports TCP 80 or 443 to the Health
Registration Authority, port UDP 500 for IPsec negotiation and the additional ports needed for
the IPsec filters. For more information, see the Windows Network Access Protection
documentation.
Configuration Manager Console -- > Client
Description UDP TCP
Microsoft System center configuration manager 2012 step by step
114 | P a g e
Remote Control (control) -- 2701
Remote Assistance (RDP and RTC) -- 3389
Configuration Manager Console -- > Internet
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80
Configuration Manager Console -- > Reporting Services Point
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available)
Configuration Manager Console -- > Site Server
Description UDP TCP
RPC (initial connection to WMI to locate provider system) -- 135
Configuration Manager Console -- > SMS Provider
Description UDP TCP
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Configuration Manager Policy Module (Network Device Enrollment Service) -- > Certificate
Registration Point
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available)
Distribution Point -- > Management Point
A distribution point communicates to the management point in the following scenarios:
To report status of prestaged content
To report usage summary data
To report content validation
A pull distribution point reports package download status
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available)
Endpoint Protection Point -- > Internet
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80
Microsoft System center configuration manager 2012 step by step
115 | P a g e
Endpoint Protection Point -- > SQL Server
Description UDP TCP
SQL over TCP -- 1433 (See note 2, Alternate Port Available)
Enrollment Proxy Point -- > Enrollment Point
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available)
Enrollment Point -- > SQL Server
Description UDP TCP
SQL over TCP -- 1433 (See note 2, Alternate Port Available)
Exchange Server Connector -- > Exchange Online
Description UDP TCP
Windows Remote Management over HTTPS -- 5986
Exchange Server Connector -- > On Premises Exchange Server
Description UDP TCP
Windows Remote Management over HTTP -- 5985
Mac Computer -- > Enrollment Proxy Point
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443
Management Point -- > Domain Controller
Description UDP TCP
Lightweight Directory Access Protocol (LDAP) -- 389
LDAP (Secure Sockets Layer [SSL] connection) 636 636
Global Catalog LDAP -- 3268
Global Catalog LDAP SSL -- 3269
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Management Point < -- > Site Server
(See note 5, Communication between the site server and site systems)
Description UDP TCP
RPC Endpoint mapper -- 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Server Message Block (SMB) -- 445
Microsoft System center configuration manager 2012 step by step
116 | P a g e
Management Point -- > SQL Server
Description UDP TCP
SQL over TCP -- 1433 (See note 2, Alternate Port Available)
Mobile Device -- > Enrollment Proxy Point
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443
Mobile Device -- > Windows Intune
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443
Out of Band Service Point --> Enrollment Point
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443
Out of Band Service Point --> AMT Management Controller
Description UDP TCP
Power control, provisioning, and discovery -- 16993
Out of Band Management Console --> AMT Management Controller
Description UDP TCP
General management tasks -- 16993
Serial over LAN and IDE redirection -- 16995
Reporting Services Point -- > SQL Server
Description UDP TCP
SQL over TCP -- 1433 (See note 2, Alternate Port Available)
Site Server < -- > Application Catalog Web Service Point
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server < -- > Application Catalog Website Point
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Microsoft System center configuration manager 2012 step by step
117 | P a g e
Site Server < -- > Asset Intelligence Synchronization Point
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server -- > Client
Description UDP TCP
Wake on LAN 9 (See note 2, Alternate Port Available) --
Site Server -- > Cloud-Based Distribution Point
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443
Site Server -- > Distribution Point
(See note 5, Communication between the site server and site systems)
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server -- > Domain Controller
Description UDP TCP
Lightweight Directory Access Protocol (LDAP) -- 389
LDAP (Secure Sockets Layer [SSL] connection) 636 636
Global Catalog LDAP -- 3268
Global Catalog LDAP SSL -- 3269
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server < -- > Certificate Registration Point
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server < -- > Endpoint Protection Point
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Microsoft System center configuration manager 2012 step by step
118 | P a g e
Site Server < -- > Enrollment Point
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server < -- > Enrollment Proxy Point
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server < -- > Fallback Status Point
(See note 5, Communication between the site server and site systems)
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server -- > Internet
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 (See note 1, Proxy Server port)
Site Server < -- > Issuing Certification Authority (CA)
This communication is used when you deploy certificate profiles by using the certificate
registration point. The communication is not used for every site server in the hierarchy; it is used
only for the site server at the top of the hierarchy.
Description UDP TCP
RPC Endpoint Mapper 135 135
RPC (DCOM) -- DYNAMIC (See note 6, Dynamic ports)
Site Server < -- > Reporting Services Point
(See note 5, Communication between the site server and site systems)
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
Microsoft System center configuration manager 2012 step by step
119 | P a g e
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server < -- > Site Server
Description UDP TCP
Server Message Block (SMB) -- 445
Site Server -- > SQL Server
Description UDP TCP
SQL over TCP -- 1433 (See note 2, Alternate Port Available)
During the installation of a site that will use a remote SQL Server to host the site database, you must open
the following ports between the site server and the SQL Server:
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server -- > SMS Provider
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
Site Server < -- > Software Update Point
(See note 5, Communication between the site server and site systems)
Description UDP TCP
Server Message Block (SMB) -- 445
Hypertext Transfer Protocol (HTTP) -- 80 or 8530 (See note 3, Windows Server Update
Services)
Secure Hypertext Transfer Protocol
(HTTPS)
-- 443 or 8531 (See note 3, Windows Server Update
Services)
Site Server < -- > State Migration Point
(See note 5, Communication between the site server and site systems)
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
Microsoft System center configuration manager 2012 step by step
120 | P a g e
Site Server < -- > System Health Validator
(See note 5, Communication between the site server and site systems)
Description UDP TCP
Server Message Block (SMB) -- 445
RPC Endpoint Mapper 135 135
RPC -- DYNAMIC (See note 6, Dynamic ports)
SMS Provider -- > SQL Server
Description UDP TCP
SQL over TCP -- 1433 (See note 2, Alternate Port Available)
Software Update Point -- > Internet
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 (See note 1, Proxy Server port)
Software Update Point -- > Upstream WSUS Server
Description UDP TCP
Hypertext Transfer Protocol (HTTP) -- 80 or 8530 (See note 3, Windows Server Update
Services)
Secure Hypertext Transfer Protocol
(HTTPS)
-- 443 or 8531 (See note 3, Windows Server Update
Services)
SQL Server --> SQL Server
Intersite database replication requires the SQL Server at one site to communicate directly with
the SQL Server of its parent or child site.
Description UDP TCP
SQL Server Service -- 1433 (See note 2, Alternate Port Available)
SQL Server Service Broker -- 4022 (See note 2, Alternate Port Available)
Tip
Configuration Manager does not require the SQL Server Browser, which uses port UDP 1434.
State Migration Point -- > SQL Server
Description UDP TCP
SQL over TCP -- 1433 (See note 2, Alternate Port Available)
Windows Intune Connector -- > Windows Intune
Description UDP TCP
Secure Hypertext Transfer Protocol (HTTPS) -- 443
Microsoft System center configuration manager 2012 step by step
121 | P a g e
Notes for Ports Used by Configuration Manager Clients and Site Systems
1. Proxy Server port: This port cannot be configured but can be routed through a
configured proxy server.
2. Alternate Port Available: An alternate port can be defined within Configuration
Manager for this value. If a custom port has been defined, substitute that custom port
when defining the IP filter information for IPsec policies or for configuring firewalls.
3. Windows Server Update Services: WSUS can be installed either on the default Web
site (port 80) or a custom Web site (port 8530).
After installation, the port can be changed. You do not have to use the same port number
throughout the site hierarchy.
o If the HTTP port is 80, the HTTPS port must be 443.
o If the HTTP port is anything else, the HTTPS port must be 1 higher—for
example, 8530 and 8531.
4. Trivial FTP (TFTP) Daemon: The Trivial FTP (TFTP) Daemon system service does not
require a user name or password and is an integral part of the Windows Deployment
Services (WDS). The Trivial FTP Daemon service implements support for the TFTP
protocol defined by the following RFCs:
o RFC 350—TFTP
o RFC 2347—Option extension
o RFC 2348—Block size option
o RFC 2349—Time-out interval, and transfer size options
Trivial File Transfer Protocol is designed to support diskless boot environments. TFTP
Daemons listen on UDP port 69 but respond from a dynamically allocated high port.
Therefore, enabling this port will allow the TFTP service to receive incoming TFTP
requests but will not allow the selected server to respond to those requests. Allowing the
selected server to respond to inbound TFTP requests cannot be accomplished unless the
TFTP server is configured to respond from port 69.
5. Communication between the site server and site systems: By default, communication
between the site server and site systems is bi-directional. The site server initiates
communication to configure the site system, and then most site systems connect back to
the site server to send status information. Reporting service points and distribution points
do not send status information. If you select Require the site server to initiate
connections to this site system on the site system properties, after the site system is
installed, it will not initiate communication to the site server. Instead, the site server
Microsoft System center configuration manager 2012 step by step
122 | P a g e
initiates the connections and uses the Site System Installation Account for authentication
to the site system server.
6. Dynamic ports: Dynamic ports (also known as ephemeral ports) use a range of port
numbers, which is defined by the operating system version.
Microsoft System center configuration manager 2012 step by step
123 | P a g e
Reference TechNet Microsoft
http://technet.microsoft.com/en-us/evalcenter/dn205297.aspx
http://technet.microsoft.com/en-us/library/gg682129.aspx
http://www.microsoft.com/en-us/server-cloud/products/system-center-2012-r2-
configuration-manager/default.aspx#fbid=QM1QXL1UEfx
Other articles This eBook is part of a series of articles dedicated to Configuration and Troubleshooting System
Center Family.
They are actually written and hosted on Mai Ali’s Blog http://expertslab.wordpress.com
How to Install Operation Manager 2012R2 using PowerShell
Monitoring Lync Server using Operations Manager
Enable Proxy Agent for all SCOM Agents
Install and Import Management Pack from Disk
Error 25211″Failed to install performance counters”
Fix Agent not Monitored or Gray state