Creating Your Own Personal Hydration Solution – Part 4: Configuration Manager Infrastructure

Part 0 Introduction
Part 1 Setting Up
Part 2 First VM – Windows Router
Part 3 Domain Controller
Part 4 Configuration Manager Infrastructure

Configuration Manager 1511

After completing the first three parts of this series you would have a virtual lab with 4 separate network segments all connected to and routed through a Windows 2012 R2 server (RTR01) acting as the router. This server will also provide Internet access to any virtual machines that are connected to the 4 network segments.  You also would have an Active Directory domain controller (DC01) that provides DHCP and DNS services to the lab.

In Part 4 we are going to build out a Configuration Manager 1511 infrastructure.  This will include a Primary site server (CM16) and 2 Distribution Points (DP16a & DP16b).

This will probably be a long posting again.  Getting the Primary site server up and running will be a bit time consuming.

As in the prior parts of this series you can download a Zip file of my sample files and scripts here.

Here is an overview of how building the machines in this post will progress.

  1. Install of the Primary site server (CM16)
  2. Install of the 2 Distribution Points (DP16a & DP16b)
  3. Post-Build configuration of DP16a & b
  4. Post-Build configuration of CM16

Q. Why do we have to perform the post-build configuration of CM16 at the end of everything instead of directly after the build is completed?
A. It is a matter of getting everything place.  The post-build configuration of CM16 will include making DP16a & b site servers and distribution points.  So those servers need to be up and running before you can add them to the infrastructure.  To make matters a little more difficult, to add them to the SCCM site you need to make CM16 an administrator on both DPs.  So to add CM16 to the administrator’s group on each DP CM16 must already exist.


Preparing the Deployment Share

In the prior installments of this series we used Windows Server 2012 R2 as the operating system for our Windows router (RTR01) and our Domain Controller (DC01).  We will continue to use 2012 R2 for our Configuration Manager servers (CM16, DP16a, and DP16b).

CustomSettings.ini

We are going to add three new MacAddress code blocks to the CS.ini just like we did in prior installments.

Open the CustomSettings.ini file in the Control folder of your deployment share and add the following three code blocks.

[00:15:5D:20:15:03]
; DEMO-CM16
TaskSequenceID=CM16
SkipFinalSummary=YES
FinishAction=SHUTDOWN
SkipTaskSequence=YES

[00:15:5D:20:15:04]
; DEMO-DP16a
TaskSequenceID=DP00
SkipFinalSummary=YES
FinishAction=SHUTDOWN
SkipTaskSequence=YES

[00:15:5D:20:15:05]
; DEMO-DP16b
TaskSequenceID=DP00
SkipFinalSummary=YES
FinishAction=SHUTDOWN
SkipTaskSequence=YES

 

You will notice that both of our distribution points (DP16a & DP16b) are set to use the Task Sequence ID “DP00“.  Since both distribution points are configured identically, with the exception of the computer name and the IP address, we will use a single task sequence to build both of them.  The differences will be defined in the special CS.ini file “CustomSettings_DP00.ini” which we will create shortly.

Special CustomSettings.ini Files

Just like in the prior builds each task sequence has its own special custom settings INI file.  We will continue to use that same model.  Also, in a similar fashion to the “CustomSettings_DomainInfo.ini” that we used when building the Domain Controller we will use another INI to define the values needed when joining a computer to the domain.

CustomSettings_CM16.ini

The CM16 INI file is configured in the same maner as the one we used for DC01.  Based on the MacAddress it will set the variables used for the computer name and the IP address information.

[Settings]
Priority=MacAddress,Default
Properties=HydrationOSDComputerName

[Default]
; Windows Source
WindowsSource=%DEPLOYROOT%\Operating Systems\Srvr2012 R2-Eval\sources\sxs

[00:15:5D:20:15:03]
; DEMO-CM16
HydrationOSDComputerName=CM16
JoinWorkgroup=WORKGROUP
OSDAdapterCount=1
OSDAdapter0DNSServerList=192.168.11.2
OSDAdapter0Gateways=192.168.11.1
OSDAdapter0IPAddressList=192.168.11.4
OSDAdapter0SubnetMask=255.255.255.0
OSDAdapter0TCPIPNetBiosOptions=1

 

CustomSettings_DP00.ini

The DP00 INI does the same thing but since we’re using one task sequence to build multiple Distribution Points we are going to use multiple MacAddress code blocks.

[Settings]
Priority=MacAddress,Default
Properties=HydrationOSDComputerName

[Default]
; Windows Source
WindowsSource=%DEPLOYROOT%\Operating Systems\Srvr2012 R2-Eval\sources\sxs

[00:15:5D:20:15:04]
; DEMO-DP16a
HydrationOSDComputerName=DP16a
JoinWorkgroup=WORKGROUP
OSDAdapterCount=1
OSDAdapter0DNSServerList=192.168.11.2
OSDAdapter0Gateways=192.168.11.1
OSDAdapter0IPAddressList=192.168.11.16
OSDAdapter0SubnetMask=255.255.255.0
OSDAdapter0TCPIPNetBiosOptions=1

[00:15:5D:20:15:05]
; DEMO-DP16b
HydrationOSDComputerName=DP16b
JoinWorkgroup=WORKGROUP
OSDAdapterCount=1
OSDAdapter0DNSServerList=192.168.11.2
OSDAdapter0Gateways=192.168.12.1
OSDAdapter0IPAddressList=192.168.12.16
OSDAdapter0SubnetMask=255.255.255.0
OSDAdapter0TCPIPNetBiosOptions=1

Using the above INI we can build multiple Distribution Points using the single task sequence.  This ensures that each DP is built and configured identically, but our INI file handles the differences that are needed for each server.

CustomSettings_DomainJoinInfo.ini

In Part 3 we used “CustomSettings_DomainInfo.ini” to define the variables used by MDT when promoting a server to a Domain Controller.  Now that our domain is running we are going to use  “CustomSettings_DomainJoinInfo.ini” to define the variables used by MDT when joining a server to an existing domain.

In your Control folder of your deployment share create a new INI named “CustomSettings_DomainJoinInfo.ini” and copy the following into it.

[Settings]
Priority=Default

[Default]
; Domain Join Information
JoinDomain=Demo.lab
DomainAdmin=Administrator
DomainAdminDomain=Demo
DomainAdminPassword=P@ssw0rd

The variables define what the name of the domain to join is as well as the account and password to use when joining.

Configuration Script

We will have configuration scripts to run post-build.  The order though is slightly different and will be explained in more detail when we get to the post-build configuration.

In the Scripts folder of your deployment share create a PowerShell script named “CM16_Step01-ConfigureServer.ps1” and “DP16_Step01-ConfigureServer.ps1“.  Use this code for each script.

CM16_Step01-ConfigureServer.ps1

# Import the SCCM PowerShell module
Import-Module (Join-Path $(Split-Path $env:SMS_ADMIN_UI_PATH) ConfigurationManager.psd1)

Set-Location C16:

# Create a DP group for all DPs
New-CMDistributionPointGroup -Name "All DPs" -Description "All CM16 Lab DPs"

# Adding Distribution Points
$DomainDNSname = $env:USERDNSDOMAIN
$Domainname = $env:USERDOMAIN
$ServerName = $env:COMPUTERNAME

New-CMSiteSystemServer -ServerName "DP16a.$DomainDNSname" -SiteCode C16
New-CMSiteSystemServer -ServerName "DP16b.$DomainDNSname" -SiteCode C16

Add-CMDistributionPoint -SiteSystemServerName "DP16a.$DomainDNSname" –SiteCode C16 –MinimumFreeSpaceMB 5000 –CertificateExpirationTimeUtc “March 21, 2016 9:47:22 AM”
Add-CMDistributionPoint -SiteSystemServerName "DP16b.$DomainDNSname" –SiteCode C16 –MinimumFreeSpaceMB 5000 –CertificateExpirationTimeUtc “March 21, 2016 9:47:22 AM”
Start-Sleep 120

Add-CMDistributionPointToGroup -DistributionPointName "DP16a.$DomainDNSname" -DistributionPointGroupName "All DPs"
Add-CMDistributionPointToGroup -DistributionPointName "DP16b.$DomainDNSname" -DistributionPointGroupName "All DPs"
Add-CMDistributionPointToGroup -DistributionPointName "CM16.$DomainDNSname" -DistributionPointGroupName "All DPs"

# Enabling Discovery methods
Set-CMDiscoveryMethod -ActiveDirectoryForestDiscovery -SiteCode C16 -EnableActiveDirectorySiteBoundaryCreation $True -Enabled $True -EnableSubnetBoundaryCreation $True
Set-CMDiscoveryMethod -ActiveDirectorySystemDiscovery -SiteCode C16 -DeltaDiscoveryIntervalMinutes 60 -Enabled $True -EnableDeltaDiscovery $True -EnableFilteringExpiredLogon $True
Invoke-CMForestDiscovery -SiteCode C16

New-CMBoundaryGroup -Name "LAN1 - Main Network"
New-CMBoundaryGroup -Name "LAN2 - Remote Network"
New-CMBoundaryGroup -Name "LAN3 - Remote Network"
New-CMBoundaryGroup -Name "LAN4 - Remote Network"
New-CMBoundaryGroup -Name "All Networks"

DP16_Step01-ConfigureServer.ps1

# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

$DomainDNSname = $env:USERDNSDOMAIN
$Domainname = $env:USERDOMAIN
$ServerName = $env:COMPUTERNAME

# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# Open the firewall ports on this DP
Write-Host "Opening firewall ports needed for a DP"
Write-Host "Opening TCP ports 135 and 445"
New-NetFirewallRule -DisplayName "SCCM 2016 DPs (TCP)" -Direction Inbound -Action Allow -LocalPort 135,445 -Protocol tcp
Write-Host ""
Write-Host "Opening UDP port 445"
New-NetFirewallRule -DisplayName "SCCM 2016 DPs (UDP)" -Direction Inbound -Action Allow -LocalPort 445 -Protocol udp
Write-Host "Done!"
Write-Host ""
Write-Host "Adding CM16 to the local Administrators group"
$groupname = 'Administrators'
$AdminGrp = [ADSI]("WinNT://$ServerName/$groupname,group")
$AdminGrp.psbase.Invoke("Add",([ADSI]"WinNT://$Domainname/CM16$").path)

# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Adding Applications

In Part 2 we manually added the Install-BGInfo application.  For the installation of Configuration Manager we have a number of applications that we need to add to our deployment share.  The download in this post includes the folder structure of the applications and a script that will import them into your deployment share.

First things first.  I want to thank Johan  for the scripts.  I’ve taken them from his hydration kit.

You have a couple of options when it comes to getting these applications and their binaries into your MDT deployment share.  If you download my Zip archive of sample files you will find the a folder structure for these Applications and the install scripts from Johan’s hydration kit.

To add the applications you can either 1) manually add them or 2) execute the script I included (Add-Applicatons.ps1).  This script will prompt you for your deployment share folder and will then import each application and configure the command line.

Add-Apps_Prompt

Add-Apps_Importing

As far as the binaries you can either add the applications and then copy the binaries into the source folders in the deployment share or you can copy them into the source folders from the extracted download of my sample files and then when you add them the binaries will carry over.

Personally, I have the binaries in the Source folders extracted from my download.  This way I can blow my deployment share away and repopulate the applications using the Add-Applications.ps1 script.

SQL 2014 SP1

  1. Copy the contents of the SQL 2014 evaluation ISO downloaded from the TechNet Evaluation Site to the Source folder inside Install – SQL Server 2014

If you are manually adding the applications to your deployment share use this as the command line:
cscript.exe Configure-SQL2014.wsf

SQL Firewall Rules

If you are manually adding the applications to your deployment share use this as the command line:
cscript.exe Install-OpenFirewallforSQL2014Communication.wsf

Windows ADK 10

  1. Run the ADK installer and select the option to download the ADK components
  2. Copy the ADK binaries to the Source folder inside Install – ADK 10

If you are manually adding the applications to your deployment share use this as the command line:
cscript.exe Install-ADK.wsf

Configuration Manager 1511

  1. Copy the contents of the SCCM 1511 download to the Source folder inside Install – ConfigMgr 2016 1511

If you are manually adding the applications to your deployment share use this as the command line:
cscript.exe Install-ConfigMgr2016.wsf

Setting AD Permissions for Configuration Manager

If you are manually adding the applications to your deployment share use this as the command line:
cscript.exe Configure-SetADPermissionsForConfigMgr2016.wsf

Extending the Schema

  1. Copy extadsch.exe from the SCCM 1511 download to the Source folder inside Configure – Extend AD for ConfigMgr 2016

If you are manually adding the applications to your deployment share use this as the command line:
cscript.exe Configure-ExtendADforConfigMgr2016.wsf


Creating the Task Sequences

Start by creating 2 basic server task sequences.  Be sure to set the Task Sequence IDs to “CM16” and “DP00”.

There are a number of additional steps that will need to be added to the basic server deployment task sequence.  To make things easier I’ve included the XML files for both task sequences.

In the download you will find a Control folder and inside that folder you will find the ts.xml files for each of the task sequences.  Copy the ts.xml file to the appropriate folder in your deployment share.  You will need to fix the package references because the GUIDs would be reset but that is easy enough to do.

CM16

After copying the XML file over when you edit the task sequence you will receive the following message.

Edit_Warning

This is normal and to be expected.  The XML contains references to package GUIDs from my deployment share.  Your deployment share will have different GUIDs.

If you click the Apply button  you will receive a warning that there are packages that could not be validated.  This is a simple way to ensure that you make all of the needed corrections.

ValidationWarning

Install Operating System
First you will need to re-point this step to your imported operating system.  Click the Browse button and select your OS.

CM16_Updating_TS-OS

Install – BGInfo
Select the Install – BGInfo action, click the Browse button and select the application.

CM16_Updating_TS

Selecting_BGInfo

Repeat these steps to re-point these applications:

  • Install – SQL Server 2014
  • Configure – Open Firewall for SQL Server Communication
  • Install – ADK 10
  • Configure – Extend AD for ConfigMgr 2016
  • Configure – Set AD permissions for ConfigMgr 2016
  • Install – ConfigMgr 2016 1511

 

DP00

The task sequence for the Distribution Points is simpler than that of the primary site server but it too has a number of custom actions.  Again, copy the ts.xml file from my sample files and make the 2 corrections required.

Install Operating System
First you will need to re-point this step to your imported operating system.  Click the Browse button and select your OS.

Install – BGInfo
Select the Install – BGInfo action, click the Browse button and select the application.

DP00_TS


Creating the Virtual Machines

You will create a virtual machine with the following settings for the primary site server CM16.

CM16

Specifications

Virtual Machine Name DEMO-CM16
Memory 6144MB
Hard Disk 0
Hard Disk 1
80GB
400GB
Network LAN1
MAC Address 00:15:5D:20:15:03

DP16

You are going to create two virtual machines with these settings for the two Distribution Points.

Specifications

Virtual Machine Name DEMO-DP16a
Memory 1024MB
Hard Disk 0
Hard Disk 1
80GB
400GB
Network LAN1
MAC Address 00:15:5D:20:15:04

Specifications

Virtual Machine Name DEMO-DP16b
Memory 1024MB
Hard Disk 0
Hard Disk 1
80GB
400GB
Network LAN2
MAC Address 00:15:5D:20:15:05

Building the Virtual Machines

You can build the three servers in any order, but do NOT perform the post-build configuration until all three virtual machines have built successfully.

Once all three machines have been built, only then move on to the post-build configuration.  The reason for this is that the post-build configuration of the Distribution Points requires that CM16 exists so that its computer account can be added to the local administrators group.  Then the post-build configuration of CM16 requires that the two DPs exists so that they can be added as site servers to Configuration Manager.

Boot each virtual machine from the boot media for your deployment share.  Follow the MDT wizard prompts.  When building DP16b be sure to switch the deployment share selection to LAN2.

DP16b_MDTselection


Post-Build Configuration

Once all three virtual machines are built boot them all up and log in as Administrator (password is P@ssw0rd).

We are going to start with DP16a & DP16b first.

Log into each of the Distribution Points.  On the desktop you will find the post-build configuration script just like we have on the prior builds.

DP16_DesktopScript

Open an Administrative PowerShell prompt and execute DP16_Step01-ConfigureSCCM.ps1.  The script will open the firewall ports to allow server communication with the primary site server.  It will then add CM16 to the local Administrators group so that the primary site server can install the Distribution Point site role on the server.

DP16_Post-BuildScript

After you have completed the post-build configuration of DP16a and DP16b then log into CM16 to perform the post-build configuration of that server.

Here is the catch on configuring CM16 using the post-build configuration script.  You need to open the Configuration Manager console before you execute the script.  Once you open the console the SCCM PowerShell environment is initialized.  If you attempt to run the script without opening the console first the scripts will fail.  The PowerShell drive, CM16 in this lab will not exist until the console has opened and things have been initialized.

So open the Configuration Manager console and then minimize it.  (Besides it will be handy to have the console open to monitor the progress of the DP setup.)

Open an Administrative PowerShell prompt and run the post-build configuration script found on the desktop.

The script will:

Create a Distribution Point Group called “All DPs”

Add DP16a and DP16b as site servers with the Distribution Point role and add them to the “All DPs” group

CM16_AllDPs_Group

 

Enable Active Directory Forest and System Discovery

CM16_DiscoveryMethods

Create Boundary Groups for each of the LAN segments

CM16_BoundaryGroups

Getting the new Distribution Points settled in will take a few minutes.  During that time Configuration Manager will show it as “failed” in the console.  This is normal and expected.

CM16_DPs

This will clear after a few minutes once everything syncs up and settles into place.

CM16_DPs_SettledIn

That’s it!  You now have a multi-segment virtual lab environment for Configuration Manager 1511!


What is next?

I’ve received some requests for what to do next.

  • Building the lab using Server 2016 TP4
  • Building the lab on physical hardware (like Intel NUCs)
  • Demos or labs on different features of Configuration Manager
    • OS Deployment
    • OS Servicing
    • Site Servicing
    • Application Catalog / Software Center
  • Demo of Nomad Branch and PXE Everywhere
  • Demo of using IP Helpers for PXE booting across the router
  • Demo of using Boundary Groups to restrict clients to a specific DP
  • Adding other System Center products like Orchestrator

I hope you found this series helpful and informative.

Advertisements

Posted on January 8, 2016, in Configuration Manager, Hyper-V, MDT 2013, PowerShell, SCCM, Task Sequences, Training, Windows Server and tagged , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: