Installing the software prerequisites on the management, collection, and reporting server for a three-server topology
Applies To: Forefront Client Security
The management server has the following prerequisites:
IIS and ASP.NET
SQL Server 2005 with SP2 or SP1
MMC 3.0
GPMC with SP1
Before installing the prerequisites, verify that the server meets the hardware and operating system requirements and that you have installed all critical computer and security updates. As part of the updates, make sure that you have Windows Update Agent 2.0 or later. Windows Update Agent automatically updates itself to the latest version when you download updates from Microsoft.
In addition, you must do the following:
Configure Reporting Services and create the remote database.
Add the reporting server site to the Local intranet zone in Internet Explorer.
Install IIS and ASP.NET
To install IIS and ASP.NET
Click Start, point to Administrative Tools, and then click Manage Your Server.
In the Manage Your Server window, click Add or Remove a Role.
In the Configure Your Server wizard, click Next.
On the next page, click Application Server (IIS, ASP.NET), and then click Next.
On the next page, select the ASP.NET check box, and then complete the wizard.
Install SQL Server 2005 with SP2 or SP1
Because this is not the reporting database server, you should not use the default configuration of Reporting Services while installing SQL Server 2005. Later, you will configure Reporting Services and create the remote database.
About installing SQL Server 2005 on the management, collection, and reporting server
For information about installing SQL Server 2005, see SQL Server 2005 Books Online (https://go.microsoft.com/fwlink/?LinkId=77422).
When installing SQL Server 2005, you must do the following:
Install the following components: Database Services, Reporting Services, Integration Services, and Workstation components. (On the Components to Install page, select the Database Services, Reporting Services, Integration Services, and Workstation components check boxes.)
Install Reporting Services without configuring it. You will configure it in the following procedures. (On the Report Server Installation Options page, make sure that the Install but do not configure the server check box is selected.)
Use a domain user or network service account for the SQL Server and SQL Server Agent service accounts. It is recommended that you use a domain user account. (On the Service Account page of the wizard, click Domain user account.)
Have the SQL Server Agent service start automatically. (On the Service Account page, under Start services at the end of setup, select the SQL Server Agent check box.)
Use collation that is not case-sensitive. (On the Collation Settings page of the wizard, choose an option that is not case-sensitive.)
If you plan to use a secure connection for reports in Client Security, you should set up the SSL configuration while you are installing SQL Server. For more information, see SQL Server 2005 — Reporting Services at Microsoft TechNet (https://go.microsoft.com/fwlink/?LinkId=84767).
When installing SQL Server 2005, you should use Windows Authentication as the security mode. Windows Authentication mode is much more secure than mixed mode. (On the Authentication Mode page, select Windows Authentication Mode.)
To install SP2 or SP1 for SQL Server 2005
Do one of the following:
Download and install SP2 for SQL Server 2005 from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkID=84823).
Download and install SP1 for SQL Server 2005 from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=77417).
Configure the reporting server and create the remote database
Because Reporting Services and the reporting database are not on the same server, your installation of SQL Server on the reporting server requires additional configuration. As part of that configuration, you must create the reporting database on the remote server.
To configure the reporting server and create the remote database
On the management, collection, and reporting server, click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and click SQL Server Surface Area Configuration.
On the SQL Server 2005 Surface Area Configuration page, click Surface Area Configuration for Services and Connections.
In the Surface Area Configuration for Services and Connections dialog box, select Service under the Reporting Services component, and then verify that it is running. Click OK.
Click Surface Area Configuration for Features.
In the Surface Area Configuration for Features dialog box, select Scheduled Events and Report Delivery under the Reporting Services component, and then verify that it is enabled.
Select Web Service and HTTP Access under the Reporting Services component, and then verify that it is enabled.
Note
Because you have not yet configured Reporting Services, you cannot verify that Windows Integrated Security is enabled.
Click OK, and then close the SQL Server 2005 Surface Area Configuration page.
Click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click Reporting Services Configuration.
Select the current server in the Machine Name box, and then click Connect.
On the Report Services Configuration page, click Report Server Virtual Directory.
Next to the Name box, click New.
In the Create a New Virtual Directory, ensure that the Web site is Default Web Site, verify the default value ReportServer is entered, and then click OK.
Click Report Manager Virtual Directory.
Next to the Name box, click New.
In the Create a New Virtual Directory, make sure the Web site is Default Web Site, verify the default value Reports is entered, and then click OK.
Click Web Service Identity.
In the Report Server and the Report Manager boxes, configure the following:
For Windows Server 2003, select DefaultAppPool, and then click Apply.
For Windows Server 2008, select Report Server or Classic .Net AppPool, and then click Apply.
Click Database Setup.
In the Server Name box, enter the reporting database server, and then click Connect. You must have permission to create a database and configure roles on that server. The Reporting Services Configuration tool will use your credentials to create the database.
Important
For this step to succeed, you may need to disable the firewall on the reporting database server.
In the SQL Server Connection dialog box, click OK. Do not change the Credentials Type.
Next to Database Name, click New.
In the SQL Server Connection dialog box, keep the default values. Click OK.
In the Credentials Type box, select Windows Credentials. This is required for this version of Client Security.
In the Account Name and Password boxes, enter the domain user account and password that you want to use as the service account.
Click Apply.
In the SQL Server Connection dialog box, click OK. Do not change the Credentials Type.
Configure other settings as needed, and then verify the installation. For more information, see How to: Verify a Reporting Services Installation (https://go.microsoft.com/fwlink/?LinkId=85560).
Change the location for data and log files
After installing SQL Server 2005, you can change the location for SQL Server data and log files.
To change the location for data and log files
Open SQL Server Management Studio. (On the Start menu, click All Programs, click Microsoft SQL Server 2005, and then click SQL Server Management Studio.)
In the Connect to Server dialog box, click Connect.
Right-click the root server name node, and then click Properties.
In the Server Properties dialog box, under Select a page, click Database Settings.
In Database default locations, enter the locations you want to use for the data and log files, and then click OK.
Install MMC 3.0
To install MMC 3.0
- Install MMC 3.0 from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkID=77419).
Install GPMC with SP1
To install GPMC with SP1
- Install GPMC with SP1 from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=77421).
Add the reporting server site to the Local intranet zone in Internet Explorer
For SQL Server Reporting Services to function correctly, you must add the management, collection, and reporting server site to its own Local intranet zone.
Note
Internet Explorer maintains two different lists of sites for the Local intranet zone. One list is in effect when the enhanced security configuration is enabled, and a separate list is in effect when the enhanced security configuration is disabled. When you add a Web page to the Local intranet zone, you are adding it only to the list that is currently in effect.
To add the reporting server site to the Local intranet zone
In Internet Explorer, on the Tools menu, click Internet Options.
Click the Security tab, and then click the Local intranet zone.
Click the Sites button.
Click the Advanced button.
In the Add this website to the zone box, type the URL of the SQL Server Reporting Services site (for example, https://servername).
Click Add.
Grant permissions to the SQL Server Agent account
You must give permissions for the account under which the SQL Server Agent runs (on the reporting database) to the management, collection, and reporting server. By doing so, you will enable the SQL Server Agent account for the reporting database to access the collection database.
To determine what account the SQL Server Agent runs under
- On the reporting database server, open the Services console, double-click SQL Server Agent (MSSQLSERVER), and then click the Log On tab.
To grant permissions to the account
On the management, collection, and reporting server, add the computer account for the reporting database server (if the SQL Server Agent runs under the local system), or the domain account that the agent runs under, to the following group: SQLServer2005MSSQLUser $computername$ MSSQLSERVER
Note
To add a computer to a group, you must enable the object first. When adding the computer to the group, click Object Type in the Select Users, Computers, or Groups dialog box, and then select the Computers check box in the Object Types dialog box.