Module 1 Lab Manual

Module 1 Labs : WorkshopPLUS - System Center Configuration Manager: Concepts and Adm...
Page 1 of 38
WorkshopPLUS - System Center Configuration Manager: Concepts and

Administration Advanced (1802)
Module 1, Lab 1, Exercise 1 - Configure the Prerequisites for Configuration

Manager Deployment
Scenario
The IT Project team in Contoso.com would like to check that all pre-requisites are met before deploying
Configuration Manager child primary site.
In this exercise you will:
• Verify the configuration of prerequisites for the Configuration Manager deployment
Switch to @lab.VirtualMachine(57291).SelectLink
 1. Log on to NYCPR2 using the following credentials:

- User name: Contoso\Administrator
- Password: T Pa$$w0rd
 Note: You may also use the Commands menu to automatically paste the virtual machine
default Password (Pa$$w0rd).
 2. Open Server Manager, click Manage, select Add Roles and Features.
 3. Click Next > button, until Server Roles are selected.
https://labondemand.com/LabProfile/Manual/40434 5/2/2018
Module 1 Labs : WorkshopPLUS - System Center Configuration Manager: Concepts and Adm... Page 2 of 38
 4. Verify the following role services are installed for Web Server (IIS) Role
◦ Common HTTP features (Exclude WebDAV Publishing)

◦ ASP.NET 3.5, and 4.6
◦ Windows Authentication
◦ IIS 6 Metabase Compatibility
◦ IIS 6 WMI Compatibility
 5. In Select features, verify that the following features are installed:
◦ .NET Framework 3.5

◦ .NET Framework 4.6
◦ Background Intelligent Transfer Service (BITS)
◾ IIS Server Extension
◦ Remote Differential Compression
 6. Click Cancel button to close Add Roles and Features Wizard window
Congratulations!
You have successfully:
• Verify the configuration of prerequisites for the Configuration Manager deployment
Click Next to advance to the next exercise.
Module 1, Lab 1, Exercise 2 - Verify Site Server permission on System

Management Container
Scenario
The IT Project team in Contoso has asked the Corp IT AD team to grant the new primary site server
computer account full control permission in System Management container. The IT Project team wants to
verify the Active Directory configuration before deploying the new primary site.
• Verify the primary site server to the System Management container and assign the appropriate
permissions to that object.
 1. Log on to NYCDC using the following credentials:
◦ User name: Contoso\Administrator

◦ Password: T Pa$$w0rd
 Note: In this lab environment, the Active Directory schema has already been extended for
Configuration Manager. If you need to extend the schema in your own environment, follow
these steps:
a. Execute EXTADSCH.exe on the DC
i. On your organization’s DC, from the Configuration Manager setup media,
navigate to SMSSETUP\BIN\X64 folder, and locate and run extadsch.exe.
ii. Browse to drive C:\ in Windows Explorer and open the ExtADSch.log file created
in the root of drive C, and verify the success of the operation by observing the
classes and attributes added to Active Directory Domain Services (AD DS) and
the message that confirms the successful extension of the schema.
b. Create a System Management container by using ADSIEDIT
i. On the DC, in the Run dialog box, type adsiedit.msc, and click OK.
ii. On the ADSI Edit console, right-click ADSI Edit and click OK to connect to the
default naming context.
iii. Expand Default naming context, expand the > DC=CONTOSO, DC=COM
container, and select the CN=System container.
iv. Create an object under CN=System with the type Container, and the name
System Management.
v. In the ADSI Edit console, verify that CN=System Management container appears
in the results pane and then close the console.
 2. In Server Manager, click Tools menu, select Active Directory Users and Computers.
 3. In Active Directory Users and Computers console,
a. Click View menu, select Advanced Features if it is not selected.
b. Expand CONTOSO.COM, expand System, right-click System Management and then select
Properties.
c. Select Security and click Advanced.
d. In the Advanced Security Settings for System Management dialog box, verify that NYCPR2
has Full Control access that applies to This object and all descendant objects.
e. Close all dialog boxes by clicking Cancel.
f. Close Active Directory Users and Computers console.
Congratulations!
• Verify the primary site server to the System Management container and assign the appropriate
permissions to that object.
Module 1, Lab 1, Exercise 3 - Install a Configuration Manager Child Primary

Site
Scenario
After confirming that all prerequisites are met, the IT Project team in Contoso.com proceeds to install the
Configuration Manager child primary site.
• Perform the installation of a child primary site server

 2. Follow steps below:
a. Right click Start icon, click Run

b. Type \\NYCCAS\E$\Program Files\Microsoft Configuration Manager\cd.latest, click OK
c. Double click splash(.hta)
d. Click Install.
 3. Use the following settings to install a child primary site:
a. On the Before You Begin page, click Next

b. On the Getting Started page, select Install a Configuration Manager primary site and
click Next.
c. On the Product Key page, select Install the evaluation edition of this product and click
Next.
d. On the Product License Terms page, accept all license terms and click Next.
e. On the Prerequisite Downloads page, select Use previously downloaded files, type
\\NYCCAS\E$\Program Files\Microsoft Configuration Manager\cd.latest\redist in Path, and
click Next.
f. On the Server Language Selection page, click Next.
g. On the Client Language Selection page, click Next.
 Note: DO NOT select Use typical installation options for a stand-alone primary site.
 4. On Site and Installation Settings page, type the required information, then click Next.
a. Site code: PR2

b. Site name: Contoso Primary Site 2
c. Installation Folder: E:\Program Files\Microsoft Configuration Manager
d. Ensure that Install the Configuration Manager console is checked and click Next.
 5. On Primary Site Installation page, select Join the primary site to an existing hierarchy.
 6. Under Central administration site server (FQDN):, type NYCCAS.Contoso.com, and click Next.
 7. On Database Information page, review the default settings, and click Next.
 8. On Database Information page, change both paths to E:\ConfigMgrDB. Click Next.
 Note: In a production environment, it is recommended to use different LUNs/harddisks for

database and log files to achieve optimal performance.
 9. On SMS Provider Settings page, accept the default settings and click Next.
 10. On Client Computer Communication Settings page, select Configure the communication
method on each site system role and click Next.
 11. On Site System Roles page, verify that a management point and a distribution point will be
installed on NYCPR2.Contoso.com, and using HTTP for client connection. Click Next.
 12. On Settings Summary page, review all configured setting, and click Next.
 13. On Prerequisite Check page, wait for the prerequisite check to finish, verify that there is no error,
and ignore the warnings. Click Begin Install.
 Note: It may take up to 30 - 40 minutes for the installation to complete. After the site server
installation has completed, it will take a few additional minutes for replication with NYCCAS
to complete. The Configuration Manager console on NYCPR2 will be in read-only mode until
the replication has completed.
 14. Review all components are installed successfully.
a. Click Close.
b. On System Center Confituration Manager window, Click Exit
Module 1 Labs : WorkshopPLUS - System Center Configuration Manager: Concepts and A... Page 10 of 38
Congratulations!
• Perform the installation of a child primary site server
Module 1, Lab 1, Exercise 4 - Validate the Installation of the Primary Site
Scenario
The IT Project team in Contoso.com wants to examine the Site Status, Component Status nodes and review
any error messages related to the installation. The IT Project team also wants to view the installation logs
created by Prerequisite Checker and Configuration Manager setup to troubleshoot any installation related
errors.
• Verify that the Configuration Manager child primary site has installed successfully.

 2. Click Start icon, expand Microsoft System Center., then click Configuration Manager Console.
 3. In Configuration Manager console, click Monitoring workspace.
a. Expand System Status, then click Site Status.

b. Verify Status colum of each site system roles. The Status should be OK.
 4. In Site Status node, under Site System Role colume, select Site server.
a. Click Show Messages on the ribbon. Click All.

b. Accept the default settings in Status Messages: Set Viewing Period window. Click OK.
 5. In Configuration Manager Status Message Viewer window, double-click any message and review
the details of the status message. Use Next and Previous button to view additional status message.
Locate Status Message 7828.
 Note: Look for Message ID 7828, which indicates that the initial site replication is done, and
the site is fully set up.
a. Click OK to close Status Message Details dialog box.

b. Close Configuration Manager Status Message Viewer window.
 6. Click Component Status node, and verify that there is no error in Status column.
 Note: The warning status can be ignored.
 7. Open Windows Explorer.
a. Navigate to drive C:\

b. Open ConfigMgrPrereq.log. Review the file and note any errors or warnings reported by
Prerequisite Checker.
c. Open C:\ConfigMgrSetup.log. Review the file and note any errors or warnings reported by
Setup.
d. You can also view the log files in cmtrace.exe tool, under E:\Program Files\Microsoft
Configuration Manager\Tools folder.
Congratulations!
• Verify that the Configuration Manager child primary site has installed successfully.
Module 1, Lab 2, Exercise 1 - Global Data Replication
Scenario
The IT Administrator of Contoso.com is keen to see the changes in site-to-site replication, and so decides
to create a new collection to start replication.
• Demonstrate how global data, such as collection defination, is replicated.
 1. Log on to NYCCFG using the following credentials:

 2. Click Configuration Manager Console icon from Taskbar.
 3. In Configuration Manager Console, click Assets and Compliance workspace. Right-click Device
Collections and select Create Device Collection.
 4. On the General page of Create Device Collection Wizard, configure as below, then click
Summary. Click OK for "Configuration Manager" warning message.
◦ Name: Collection in NYC Site

◦ Limiting Collection: All Desktop and Server Clients
 5. On Summary page, review the settings, click Next
 6. On Completion page, click Close

 9. In Configuration Manager Console, click Assets and Compliance workspace, click Device
Collections node.
 Note: You may need wait for about five minutes, and refresh Device Collections view on
NYCPR2 to see the new collection.
 Question: Will you see collection "Collection in NYC Site" in PR2 site? Why?
Answer: Collection definition is one part of Global Data, which will be replicated to all sites in
the hierarchy.
Congratulations!
• Demonstrated how global data, such as collection defination, is replicated.
Module 1, Lab 2, Exercise 2 - View Database Replication Status
Scenario
The IT Administrator in Contoso.com is interested in looking at how IT departments can use the
Configuration Manager console to view the database replication status between sites.
• Verify that the Configuration Manager databases have replicated successfully
 1. Log on to NYCCAS using the following credentials:

 3. In Configuration Manager Console, click Monitoring workspace and select Database Replication
node.
 4. On Results pane of Database Replication node, select the row where Child Site column is PR2.
Click Replication Link Analyzer from Ribbon.
 5. Review Replication Link Analyzer report.

 7. In Server Manager, click Tools menu, select Services.
 8. Right click SMS_EXECUTIVE service, select Stop.

node. Refresh the node after about 5 minutes. The Link State between CAS <-> PR2 will change to
Link Degraded.
 11. On Results pane of Database Replication node, select the row where Child Site column is PR2.
Click Replication Link Analyzer from Ribbon.
 12. View the Replication Link Analyzer result.
 13. Click Restart the SMS_EXECUTIVE service in CAS <-> PR2 Replication Link Analyzer window.
 14. Click Continue.
 15. Click OK in Replicaiton Link Analyzer window.
 16. Click Check to see if the problem is fixed in CAS <-> PR2 Replication Link Analyzer window.
 17. click Close to close Replication Link Analyzer window.
 18. Select database replication link CAS <-> PR2. Click Refresh in Ribbon. The Link State will change
back to Link Active in about 5 minutes.
 Here are some addtional information about Link State:
Link Active - No issues have been detected and communication across the site link is
currently active.
Link Degraded - Replication between the sites is functional, but at least one object that
needs to be replicated has been delayed. Monitor the links in this state and review
information from both sites involved for indications that the link might fail.
Link Failed - Replication between the sites is not functional.
 19. Right click empty space on Taskbar, select Show the desktop.
 20. Open ReplicationLinkAnalysis.log file to view the content.
 21. Double click ReplicationAnalysis.htm file to view the content.
Congratulations!
• View Database Replication Status
Module 1, Lab 2, Exercise 3 - Reinitialize DRS Replication
Scenario
Following an outage, the IT Administrator in Contoso.com wants to reinitialize the DRS Replication service
for Configuration Manager sites to replicate properly.
• Successfully reinitialize the DRS Replication service.

 2. Click SQL Server Management Studio 17 icon on taskbar to launch it.
 3. In Microsoft SQL Sever Management Studio, connect to NYCPR2 as Database Engine.
 4. Click File, click New, and then click Query with Current Connection.
 5. Type the SQL command in the query window - T EXEC CM_PR2.dbo.spDrsSendSubscriptionInvalid

'PR2', 'CAS', 'Configuration Data'
 6. Click Query and then click Execute. The result will show 0. Record the timestamp when you see the
result.

 8. Click CMTrace.exe icon from Taskbar.
 9. In Configuration Manager Trace Log Tool window, click File and then click Open.
 10. Browse and open \\NYCCAS\SMS_CAS\Logs\rcmctrl.log file.
 11. Click Tools and then click Find.
 12. Search up for " T Checking if we need to create an initialization". You will find a message "Checking
if we need to create an initialization package for replication group Configuration Data for site
PR2" logged within 5 minutes after you execute the SQL command on NYCPR2.
 13. View the messages below "Checking if we need to create an initialization package for
replication group Configuration Data for site PR2". You will see BCP is used to export the global
configuration data tables to files.
 BCP - The bulk copy program utility (bcp) bulk copies data between an instance of
MicrosoftSQL Server and a data file in a user-specified format.
bcp Utility
https://msdn.microsoft.com/en-us/library/ms162802.aspx
 15. Browse and open \\NYCCAS\SMS_CAS\Logs\schedule.log file.
 16. Click Tools and then click Find
 17. Search up for " T DRS Initialization for Site [PR2]". You may see several "DRS Initialization for Site
[PR2]" messages in the log files, while the first related message should be within 5 - 10 minutes
after you execute the SQL command on NYCPR2.
 19. Browse and open *\\NYCCAS\SMS_CAS\Logs\sender.log*file.
 20. Click Tools and then click Find
 21. Search up for " T CabFiles\PR2_". You may see one message like "Package file = E:\Program
Files\Microsoft Configuration Manager\inboxes\rcm.box\CabFiles\PR2_.cab".
 22. View the messages below "Package file = E:\Program Files\Microsoft Configuration
Manager\inboxes\rcm.box\CabFiles\PR2_.cab".
 Note: You will find message like "Wrote 470192 bytes to

\\NYCPR2.CONTOSO.COM\SMS_SITE\1001LCAS.PCK at position 732160", before
message "Sending completed [E:\Program Files\Microsoft Configuration
Manager\inboxes\rcm.box\CabFiles\PR2_.cab". So you can calculate that the reinitilization
package size is 470192 + 732160 = 1202352 bytes, or about 1.2MB.

 24. If SQL Management Studio is closed, open SQL Server Management Studio 17 on taskbar to
launch it.
 25. In Microsoft SQL Sever Management Studio, connect to NYCPR2 as Database Engine.
 26. Click File, click New, and then click Query with Current Connection.
 27. Type the following SQL command in the query window - T Select top 1000 LogTime, LogText from
CM_PR2.dbo.vLogs where LogText like '%Invalid%' order by LogTime desc
 28. Click Query menu and then click Execute. The result will show you the trigger of the global
configuration data reinitilization.
 29. In Microsoft SQL Sever Management Studio, click File, click New, and then click Query with
Current Connection.
 30. Type the following SQL command in the query window - T Select top 1000 LogTime, LogText from
CM_PR2.dbo.vLogs where LogText like '%BCP%' order by LogTime desc
 31. Click Query menu and then click Execute. The result will show when the re-initialized global
configuration data package is applied.

node. Verify the replication Link State between CAS <-> PR2 is Link Active.
 35. In Configuration Manager Console, click Monitoring workspace and select Site Hierarchy node.
Verify all sites are green.
Congratulations!
• Reinitialize DRS Replication
Module 1, Lab 3, Exercise 1 - Configure Certificates for Site System Roles with
IIS Installed
Scenario
The IT Administrator in Contoso.com is asked to configure the certificates on Site Server Roles that requires
IIS.
• Configure the required certificates on Site System roles requiring IIS

 2. In Server Manager console, click Tools menu, select Internet Information Services (IIS) Manager
to launch it.
 3. Expand NYCCFG (CONTOSO\administrator).
 4. Expand Sites, right-click Default Web Site and then select Edit Bindings.
 5. Click https type and select Edit
 6. On the Edit Site Binding dialog box, under SSL certificate, click Not selected to expand the
dropdown menu, and select the certificate "3B86E76921A1B6EA94DC028FD41359B692C8A597".
Click OK.
 Note: The select ceritificte 3B86E76921A1B6EA94DC028FD41359B692C8A597 is created

using ConfigMgr Web Server certificate template. You can click View in Edit Site Biding
dialog box, on the Certificate window, click Details tab, select Extensions Only in Show:
drop-down list, click Certificate Template Information in the Field column. You should see
the template name is ConfigMgr Web Server.

to launch it.
 9. Expand NYCCAS (CONTOSO\administrator).
 10. Expand Sites, right-click WSUS Administration and then select Edit Bindings.
 11. Click https type and select Edit
 12. On the Edit Site Binding dialog box, under SSL certificate, click Not selected to expand the
dropdown menu, and select the certificate start with "C716". Click OK.
 Note: The select ceritificte start with 8F44 is created using ConfigMgr Web Server certificate
template. You can click View in Edit Site Binding. diaglog box, on the Certificate window,
click Details tab, select Extensions Only in Show: drop-down list, click Certificate Template
Information in the Field column. You should see the template name is ConfigMgr Web
Server.

to launch it.
 15. Expand NYCDC (CONTOSO\administrator).
 16. Expand Sites, right-click Default Web Site, select Edit Bindings.
 17. Click Add.. button.
 18. In Add Site Binding dialog box, under Type, select https. Under SSL certificate, click Not selected
to expand the dropdown menu, and select the certificate start with "5444". Click OK. Click Close.
 Note: The select ceritificte is created using ConfigMgr Web Server certificate template. You
can click View in Edit Site Biding dialog box, on the Certificate window, click Details tab,
select Extensions Only in Show: drop-down list, click Certificate Template Information in
the Field column. You should see the template name is ConfigMgr Web Server.
Congratulations!
• Configure Certificates for Site System with IIS Installed
Module 1, Lab 3, Exercise 2 - Enable HTTPS for Client Communication
Scenario
After satisfying all the required certificate prerequisites, the IT Administrator of Contoso.com decides to
enable HTTPS client communication for the Configuration Manager site.
• Configure the Configuration Manager site to use HTTPS for client communication.

 3. Click Administration workspace, expand Site Configuration.
 4. Click Sites, select "NYC - Contoso NYC Primary Site" in result pane. Click Properties in the ribbon.
 5. Click Client Computer Communication tab, select HTTPS only. Click OK.
 6. Click Servers and Site System Roles, select \\NYCCFG.CONTOSO.COM
 7. Under Site System Roles, select Distribution point. Click Properties in the ribbon.
 8. Select Import certificate. Type the following information, then click OK.
◦ Certificate: \\nyccfg\e$\nyccfg_dpcert.pfx
 9. Click Yes if there is a warning "The certificate you spedified is already in use".

 11. Open Server Manager, click Tools menu, click Services.
 12. Right click SMS Agent Host service, select Restart.
 13. Log on to NYCCL1 using the following credentials:

 14. Right click Start icon, select Computer Management.
 15. Expand Services and Applications, click Services.


 23. Log on to NYCCL1 using the following credentials:

 24. Right click Start icon, click search, type Control Panel, then select Control Panel
 25. Click System and Security, then click Configuration Manager.
 26. Verify Client certificate property value is PKI.

◦ Password: Pa$$w0rd
 28. In Configuration Manager console, click Assets and Compliance workspace. Click Devices.
 29. Right click menu bar on Client Activity, select Last Online Time.
 30. You should see all clients Icon are showing green, and the Last Online Time will be within 10
minutes after you restart SMS Agent service on NYCCFG. If not all clients icon are showing green,
wait for another 10 minutes before refresh. You may also check CcmNotificationAgent.log on the
SCCM client to verify if there is a "Successfully sent keep-alive message" message.
Congratulations!
• Enable HTTPS for Client Communication
Click Continue to advance to the next exercise.

Module 1 Lab Manual

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Module 1 Lab Manual

Transféré par

Droits d'auteur :

Formats disponibles

Module 1 Labs : WorkshopPLUS - System Center Configuration Manager: Concepts and Adm...

WorkshopPLUS - System Center Configuration Manager: Concepts and

Module 1, Lab 1, Exercise 1 - Configure the Prerequisites for Configuration

In this exercise you will:

• Verify the configuration of prerequisites for the Configuration Manager deployment

 1. Log on to NYCPR2 using the following credentials:

 3. Click Next > button, until Server Roles are selected.

◦ Common HTTP features (Exclude WebDAV Publishing)

 5. In Select features, verify that the following features are installed:

◦ .NET Framework 3.5

You have successfully:

• Verify the configuration of prerequisites for the Configuration Manager deployment

Click Next to advance to the next exercise.

Module 1, Lab 1, Exercise 2 - Verify Site Server permission on System

In this exercise you will:

 1. Log on to NYCDC using the following credentials:

◦ User name: Contoso\Administrator

 3. In Active Directory Users and Computers console,

a. Click View menu, select Advanced Features if it is not selected.

You have successfully:

Click Next to advance to the next exercise.

Module 1, Lab 1, Exercise 3 - Install a Configuration Manager Child Primary

In this exercise you will:

• Perform the installation of a child primary site server

 1. Log on to NYCPR2 using the following credentials:

◦ User name: Contoso\Administrator

 2. Follow steps below:

a. Right click Start icon, click Run

 3. Use the following settings to install a child primary site:

a. On the Before You Begin page, click Next

a. Site code: PR2

 8. On Database Information page, change both paths to E:\ConfigMgrDB. Click Next.

 Note: In a production environment, it is recommended to use different LUNs/harddisks for

 14. Review all components are installed successfully.

You have successfully:

• Perform the installation of a child primary site server

Click Next to advance to the next exercise.

Module 1, Lab 1, Exercise 4 - Validate the Installation of the Primary Site

In this exercise you will:

 1. Log on to NYCPR2 using the following credentials:

◦ User name: Contoso\Administrator

 3. In Configuration Manager console, click Monitoring workspace.

a. Expand System Status, then click Site Status.

a. Click Show Messages on the ribbon. Click All.

a. Click OK to close Status Message Details dialog box.

 Note: The warning status can be ignored.

 7. Open Windows Explorer.

a. Navigate to drive C:\

You have successfully:

Click Next to advance to the next exercise.

Module 1, Lab 2, Exercise 1 - Global Data Replication

In this exercise you will:

• Demonstrate how global data, such as collection defination, is replicated.

 1. Log on to NYCCFG using the following credentials:

◦ User name: Contoso\Administrator

 2. Click Configuration Manager Console icon from Taskbar.

◦ Name: Collection in NYC Site

 5. On Summary page, review the settings, click Next

 6. On Completion page, click Close

 7. Log on to NYCPR2 using the following credentials:

◦ User name: Contoso\Administrator

 8. Click Configuration Manager Console icon from Taskbar.

You have successfully:

• Demonstrated how global data, such as collection defination, is replicated.

 19. Browse and open \\NYCCAS\SMS_CAS\Logs\sender.logfile.