Installing a secondary site in Configuration Manager 2012
In this post, I'm going to go through the process of installing a secondary site in a Configuration Manager 2012 SP1 site.
- CM12.CONTOSO.LOCAL = CM Primary Site Server (Sitecode is PRI)
- CM12DEN.CONTOSO.LOCAL = This will be the new Secondary Site Server (Sitecode will be DEN)
- AD Security Group Names All CM Servers = This is a security group that contains the computer accounts of my two ConfigMgr Servers. I use group policy preferences to put this group in the local administrators group on my ConfigMgr Servers. You can manually add the Computer account as a local admin if needed (We will go over this later in this post).
Prerequisites To Install Secondary Site:
Roles / Role Services Required for Secondary Site:
- Web Server (IIS)
- Application Development:
- ISAPI Extensions
- Windows Authentication
- IIS 6 Management Compatibility
- IIS 6 Metabase Compatibility
- IIS 6 WMI Compatibility
- Application Development:
Features Required for Secondary Site:
- Remote Differential Compression
- .NET Framework 3.5
- .NET Framework 4
The following ports will need to be opened between the site server and remote secondary site server
- TCP: 4022 (SQL), 1433 (SQL), 135 (RPC/WMI), 445 (SMB)
Give the Secondary Site Server Computer Account Permissions to the System Management container in AD.
My Thoughts On Secondary Sites:
If you are doing this in a lab for testing then ignore this part. In many cases a Distribution Point can suffice rather than installing a Secondary site. When using a Remote DP rather than a Secondary Site it reduces the complexity of the site. I would highly recommend starting with a DP before installing a Secondary Site and monitoring the link. Here's a few scenarios where it may make more sense to install a Secondary Site rather than a DP:
- Large amount of clients (e.g. 500 - 1,000 +) in remote location
- Very slow connection to a remote site
- Need to control the upward flow of data from clients (e.g. Machine Policy, Software Inventory, Hardware Inventory) these actions don't use that much bandwidth
Performing The Secondary Site Install:
The first thing I did was install the required Roles & Features as mentioned above on CM12DEN server.
Install the Web Server (IIS) Role from Server Manager. You can uncheck the "Include management tools (if applicable)" box if you receive it.
Add the BITS feature on the next dialog. Go ahead and click the Add Features button this will ensure the required IIS role services are installed to support BITS:
Add the Remote Differential Compression Feature and .NET Framework 3.5 and 4 if it's not already Installed:
On the Role Services page for Web Server (IIS), Verify the required Role Services are Checked. In my case, I only had to check Windows Authentication and IIS 6 WMI Compatibility because BITS automatically had the others checked.
On the Confirmation page I checked "Restart the destination server automatically if required" then clicked Install.
Now that we have the required Roles and Features installed, we will need to make sure the computer account of the Primary Site Server has local administrative permissions on the server that's going to host our Secondary site. The reason the computer account of the Primary Site needs to be local administrator is because this account is used to initiate the installation of SQL Express and the ConfigMgr Site Components.
I used group Policy Preferences to add a Security Group that contained my Primary Site servers computer account to the local administrators group on my secondary site server. You could manually click add and select your Primary Site servers computer account though:
You will also need to give the Secondary Site Server computer account full control of the System Management container. This will allow the Secondary Site Server to publish information about itself to AD you can use "AD Users and Computers" in the advanced view or ADSI Edit (This is what I used). Make sure you choose the Advanced on the Permission Dialog and choose "This Object And All Descending Objects".
Now that the Prerequisites are done, we can start the "Create Secondary Site Wizard".
Enter the General Information about your Secondary Site:
I left the Default "Copy installation source files over the network from the parent site" for the "Installation Source Files".
I don't have SQL Server Enterprise/Standard on the Secondary Server (These cost money). Configuration Manager secondary sites can use SQL Server Express Edition which is free so I'm going to use this option. Notice you will need to allow ports 1433 and 4022 through the Firewall.
In my demo, I'm going to be using HTTP. If your using HTTPS you should request your certificates and edit the binding in IIS prior to completing this wizard!
I left the default on the remaining settings. You will want to create a Boundary and assign it to a Boundary Group for your secondary site though to ensure clients receive content from the appropriate DP.
Monitoring The Secondary Site Install:
The install can take a little time depending on the Computer Hardware and connectivity to the Primary Site Server. Here are some ways you can monitor the Installation.
The "Show Install Status" will give you a very nice overview of the installation status:
The Prerequisite log (ConfigMgrPrereq.log) can be found on the Primary Site Server at the root of the drive:
Once the Prerequisites have been complete and passed, you see view the Sender.log on the Primary site server. This log will show the process of copying the installation binaries from the Primary Site Server to the Secondary Site Server.
Once the installation binaries have been copied from the Primary Site to the Root drive of the Secondary Site Server, the actual install will begin. The installation will create a log file (ConfigMgrSetup.log) on the root of the secondary site server:
Verify the Install was Successful!