How to Application Catalog Role in Configuration Manager 2012
How to / Nasıl Yaparım:
Software Catalog Web Service role requires the following to be installed on Windows 2008 Server system:
IIS 7.0 or IIS 7.5 Microsoft .NET Framework 3.5 or higher Server Roles -> Web Server -> Application Development -> ASP.NET (and related components) Server Roles -> Web Server -> IIS 6 Management Compatibility -> IIS 6 Metabase Compatibility Server Features -> .NET Framework Features -> WCF Activation
Software Catalog Web Site role requires the following to be installed on Windows 2008 Server system:
IIS 7.0 or IIS 7.5 Microsoft .NET Framework 3.5 or higher (Note: RC builds require .NET Framework 4.0) Server Roles -> Web Server -> Common HTTP Features -> Static Content Server Roles -> Web Server -> Common HTTP Features -> Default Document Server Roles -> Web Server -> Application Development -> ASP.NET (and related components) Server Roles -> Web Server -> Security -> Windows Authentication Server Roles -> Web Server -> IIS 6 Management Compatibility -> IIS 6 Metabase Compatibility
Install site roles
1. Navigate to Administration -> Site Operations -> Server and Site System Roles node
2. Either select "Add Site System Role" to an existing site system or add new site system server
3. Ensure site system properties (such as Intranet / Internet FQDN) are correct
4. Select "Application Catalog Web Service Point" and "Application Catalog Web Site Point"
5. Web service point settings page:
· Change "Client connections" to HTTP (default value is HTTPS)
· Set port 80 (default port is 443)
To utilize HTTPS for the roles, see the section below - How to set up HTTPS-enabled roles
6. Web site point settings page:
· Ensure web service path points to valid machine FQDN
· Set Web application name to desired value (this will be a part of url: http://<server>/<applicationname >
· Change "Client connections" to HTTP (default value is HTTPS)
· Set branding text to be displayed in the catalog
7. Select "Next ->" to proceed with role installation
Set up Client Agent Settings
Client Agent Settings define catalog URL available for the users and few other options necessary for catalog operation.
There are two options:
Configure default settings - the values will be applied to all clients in the hierarchy Configure custom settings - the values will only be applied for an assigned collection of machines or users
To setup Client settings:
1. Go to Administration -> Client Settings node and select either default or custom setting
2. Select Computer Agent -> Default Application Catalog website point -> Set Website
This setting dictates what catalog URL is enabled in Software Center on the clients
There are three options:
Select website point -> Auto detect: this option will let server backend determine the right url. Either the first catalog role on the client's assigned primary site (if primary has at least one catalog) or the first catalog role in the hierarchy (if primary doesn't have any catalog roles installed) will be selected.
Note: FQDN will be used to form the url. Users will be prompted for domain credentials due to default IE settings.
Select website point -> [one of the roles from the list]: this option will send the url of the form http://<selected role>:<port>/virtualdir/default.aspx to the clients.
Note: Netbios will be used to form the url
Specify a URL: the specified url will be sent out to the client machines
3. Computer Agent -> Add default Application Catalog website to Internet Explorer trusted sites zone
The URL will be added to the trusted sites list.
If this setting is left as False, users may not be able install from software catalog.
4. Set User and Device Affinity -> Allow user to define their primary devices
Set this to True to allow users select/use affinity to a specific machine via "My Systems" tab of the Software Catalog.
How to set up HTTPS-enabled roles
Use the following steps to setup the
Create SSL-enabled certificate
Requirements for the certificate:
· Web Server capability
· V2 template
· Signed with SHA1 or SHA256
· Subject name must match host name of the binding
To provision certificates, you can choose from one of the following options:
Option 1: Use Windows PKI infrastructure
1. Make sure you have CA installed in your environment.
· Open Certificate Authority management console
· Right-click on Certificate Templates folder and select "Manage Templates"
2. Right-click on Web Server template -> choose "Duplicate" -> select "Windows 2003" type
3. Set the following fields:
· General tab -> "Template name" -> set to a friendly name of the template, for example, ConfigMgr Web Server
· Subject Name tab -> select "Build from Active Directory information"
· Subject Name tab -> set "Subject name format" to "Common Name"
· Subject Name tab -> uncheck "Use Principle name"
· Security tab -> add machine account of the catalog server machine with Read and Enroll permissions
· Save the template.
4. Open Certificate Authority management console
· Right-click on Certificate Templates folder and select "New" -> "Certificate Template to issue"
· Select newly created template and hit "OK"
· On the catalog server machine, open Certificate Management Console (Open mmc.exe -> Add Snapin -> add Certificates node for the local machine)
· Right-click on "Personal" node and pick "Request new certificate"
5. Select certificate template and proceed through the wizard to generate certificate.
You now have SSL-enabled PKI cert available for use.
Option 2: Use self-signed certificate (less secure, not fully supported)
Create the certificate
1. Open IIS Manager (inetmgr.exe)
2. Navigate to the root node (computer name) and select "Server Certificates"
3. Right-click and select "Create new Self-signed certificate"
4. Type any friendly name and save new certificate
Assign certificate to the HTTPS binding
1. Open IIS Manager (inetmgr.exe).
2. Right-click on Default Web Site -> Edit Bindings
3. Select https (443) binding and click "Edit"
4. Select new certificate for the binding and save IIS settings
You are now ready to install catalog roles using HTTPS binding.
Install HTTPS-enabled catalog roles
· Follow the "Install site roles" steps above for installing catalog roles.
· Make sure to specify "HTTPS" in the role installation wizard.
Installing the catalog with custom ports
Set up IIS web site
The first step is to assign custom port to one of the IIS websites.
The steps below assume the same port for both web site and web service catalog roles. An Administrator can also choose to have these roles with different ports, in which case admin will just need to create two separate IIS websites and associate ports accordingly.
To create a new IIS website
1. Open IIS manager (inetmgr.exe)
2. Open new IIS website wizard
3. Fill in website name, new port, and path to empty physical folder.
Make sure appropriate firewall rules are created for the port.
You can always change the port later by browsing to "Edit Bindings" dialog for the created IIS web site.
Here's a sample of properties (assuming HTTP setup):
Once IIS website is created, it will appear on the left side of IIS manager.
Create roles with custom settings
1. Open catalog role wizard and fill in the following pieces of information:
· Web site name: the name of IIS website. In this example, the name is "Catalog Web Site
· Protocol: HTTP or HTTPS. In this example, protocol is HTTP
· Port: In the setup above, custom web site is set up with port 81
Catalog Web Service role:
Catalog Web Site role:
The catalog installation will NOT attempt to set up new port bindings. It will use existing binding for the IIS web site specified (default is "Default Web Site"). If the port specified in role installation wizard does not match the port in IIS, ConfigMgr will report failures in the role status.
2. Complete role installation wizard.
The roles should now be operational under custom port.
The new catalog URL is http://<machinename>:<port>/<virtualdir>.