Installing Configuration Manager 2007 : Site Installation (part 4) - Installing Site Systems

3/25/2013 4:34:29 AM

5. Installing Site Systems

Site systems “make the world go ‘round” in the ConfigMgr world. As with most site configuration, almost all of these settings are configured once and typically do not require later modification. Each ConfigMgr site contains a site server and one or more site systems. Site systems are components of ConfigMgr, a number of which you may or may not desire to use. Although some components are required, most are optional, depending on the specific configuration. In smaller sites, all site systems (also called site roles) may be installed on a single server. Based on the options selected during site installation, ConfigMgr installs the following site systems automatically:

  • Component server— This site system does not have configurable options. Any site server running a site system requiring the ConfigMgr 2007 service will have the component server listed as a site system.

  • Distribution point— A distribution point is used to stage source installation files, driver package files, operating system images, and software updates for client use. By default, this is a standard distribution point, meaning that when clients request a location for content (installation files), ConfigMgr forwards a Universal Naming Convention (UNC) path to allow the client to access the data via service message blocks (SMBs).

    If you want to use Download and Execute for installation packages, you must enable the check box to allow clients to transfer content using BITS, HTTP, and HTTPS. This is often referred to as a BITS-enabled DP. When this check box is enabled, the client will access content from the distribution point using HTTP and use BITS to “trickle” the installation files to the local system. 

    You also can create a branch distribution point for a new site. Branch distribution points are described later in this section.

    Use the Group Membership section at the bottom of the Distribution Point Properties dialog box to create distribution point groups. This capability allows you to group DPs easily and becomes very helpful when sending content to distribution points. As an example, you can make a DP group of all your DPs in Europe, and then any time you need to send content to the Europe DPs, simply select the group rather than the tedious process of selecting each DP manually.

    The Multicast tab appears when ConfigMgr 2007 R2 is installed, and it’s only used during Operating System Deployment (OSD). From this tab, you may specify the User Datagram Protocol (UDP) ports to use, the transfer rate, and the maximum clients. You can also enable scheduled multicast. With scheduled multicast, you can configure the start delay from the time the first system requests content, as well as specify the minimum session size. When scheduled multicast is enabled, the multicast begins either when the Start Delay time is exceeded or the number of session requests to the DP is larger than the minimum session size, whichever comes first. Multicast requires distribution points that are BITS enabled. For additional information, check Microsoft’s documentation discussing multicast configurations for OSD at

    The Virtual Applications tab also appears with ConfigMgr 2007 R2 installed. Enable this option to configure application streaming to target computers. You must BITS-enable the distribution point to enable virtual application streaming.

  • Management point— If you will be assigning clients to this site, the MP role must be enabled. The management point is the primary connection point between clients and the ConfigMgr site. Depending on how many systems will use this MP, you may want to consider offloading the MP role from the site server. Each primary site has one active MP, which clients use to obtain policy, forward inventory, and the other client communication requirements. If you plan to manage mobile devices from this site, enable the check box to allow devices to use this management point.

    The MP can be configured to use a database replica. If the SQL database on your primary site is very busy all the time, you may consider configuring a SQL database replica and configuring the MP to use the replica for content information. By default, the MP computer account is configured to connect to the database. You may need to grant rights to allow this communication. Alternatively, you can specify an MP connection account to establish this communication if desired. 

  • Site server— This is a standard role added during every site server installation. No configuration is required.

  • Site system— A site system can be a server or share that supports the site. The site system may perform more than one role. It is highly recommended that you specify the FQDN for intranet clients (the FQDN must be specified for Internet-based clients).

    If you have multiple domains and do not use a fully replicated WINS or have a disjointed namespace, you may see errors in client logs where the client is unable to obtain content for a distribution. One of the first places to look to resolve this issue is whether you have specified an intranet FQDN. When the site is in native mode, the FQDN specified in the server certificate subject name must match the intranet FQDN specified in the Site System Properties page, as displayed in Figure 22.

    Figure 22. The ConfigMgr Site System Properties dialog box

    By default, the site server’s computer account is used to install the site system, although you can specify a different account on this page if desired.

    You can also specify the option Enable this site system as a protected site system. By checking this box, you then select the boundaries that can use this site system. For example, you may have a DP on a remote WAN, and you want to ensure that only systems in that remote site have the ability to access content from the DP, enable the protected site system, and select the boundaries to protect. Protected systems are used for DPs and state migration points.

    The final check box, Allow only site server initiated data transfers from this site system, can be used for systems that are configured for site system roles that are supported across forests. Checking this box forces the ConfigMgr site to use the Site System Installation account to connect to the remote site system. Even if a trust exists, the Site System Installation account will be used.

  • Site database server— This site system displays the SQL Server name and the SQL database name used by this ConfigMgr site. No configuration is required for the site database server.

As this discussion shows, Configuration Manager automatically configures many site systems, even when using a custom configuration for the ConfigMgr installation. Let’s look at the other site roles and using additional servers for site roles.

Use the Site Role Wizard to add more roles to an existing site system. Right-click the server name and then select New Roles to initiate the Site Role Wizard. The first step in the wizard allows you to configure the same options visible in Figure 8.22, which shows the Site System Properties dialog box. Verify the settings for this site and then click Next in the wizard to select additional roles. The rest of this section describes each of the remaining roles you can configure from the Site Role Wizard:

  • Fallback status point— Configure a fallback status point (FSP) before you begin to deploy clients. The FSP helps you verify successful client installation, identify client installation failures, and provide a method for clients to report when they are not able to contact a management point. The FSP also helps identify communication problems with clients in native mode.

    You can configure how many state messages to forward to your ConfigMgr site each throttle interval, thus preventing the FSP from overwhelming your ConfigMgr site. If your site is configured in native mode and you have specified an Internet FQDN, you can configure the FSP to allow intranet-only connections or both intranet and Internet connections.

    You may need to perform additional configurations to ensure that your clients use the FSP. The section “How to Assign the Fallback Status Point to Client Computers” in the ConfigMgr integrated help file provides additional information.

  • PXE service point— Use a PXE service point to leverage the Preboot Execution Environment (PXE) for ConfigMgr Operating System Deployment. When you enable the PXE service point, you receive notification that ConfigMgr will open UDP ports 67, 68, 69, and 4011 on the site system so it can respond to PXE requests.

    If you have ConfigMgr 2007 R2 installed, you also have the option to enable Unknown Computer Support. This allows you to deploy imaged systems not currently managed by ConfigMgr.

    Caution: Unknown Computer Support and the PXE Service Point

    Use extreme caution when using Unknown Computer Support and the PXE service point. When Unknown Computer Support is enabled, any unknown computers that boot to PXE will attempt to run mandatory task sequences. If you have mandatory task sequence advertisements for OSD, you may encounter unexpected results on a new (unknown) system, or an unhealthy ConfigMgr client. Automatically deploying an image to an unknown computer (which happens to be a critical web server for your company) may cause you to quickly dust off your resume. On the lighter side, it may also help you standardize on Windows! To prevent an unintentional operating system deployment to one or multiple systems, create a text file that contains the Media Access Control (MAC) addresses (one per line in the text file) for the systems to exclude and then store it on each PXE service point. Separate the MAC address elements with colons (for example, ab:cd:01:23:45:67). Also, in the Registry on each PXE service point, add a string value named MACIgnoreListFile at HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\PXE and point it to the full path to the text file. See for more information.

    You can also enable the option Require a password for computers that boot to PXE, which allows you to restrict PXE OS deployment to users who know the password (this typically is your service desk and on-site support teams).

    One final important step for configuring PXE is that you must either create a self-signed certificate or import a certificate. If your site is configured for native mode, you must import a certificate from a trusted root Certificate Authority.

  • Reporting point— Create a reporting point to view reports and dashboards for your site. Many ConfigMgr administrators also refer to this as web reporting. ConfigMgr contains over 300 built-in web reports. If you install ConfigMgr R2, you will have nearly 400 built-in web reports. You can also create additional web reports as required. You must install IIS prior to installing the reporting point.

    Review Figure 23 for reporting point configuration. The information shown is the default settings. Because the site code in Figure 8.23 is BXL, the report folder is SMSReporting_BXL by default. The report folder name will be part of the URL used to access the web reporting site.

    Figure 23. Creating a new reporting point

    Two types of rights are required for access to view web reports:

    • Add users and user groups to the local SMS Reporting Users security group on the server to grant them access to the Web Reporting site.

    • Grant the users or user groups class rights to view all web reports, or instance rights on specific reports, as needed.

  • Reporting services point— With ConfigMgr 2007 R2, you can optionally install a reporting services point as well. Install SQL Reporting Services (SRS) before attempting to configure a reporting services point.

    Note: Multiple Instances of SQL Reporting Services May Cause Issues

    If multiple instances of SRS exist on the same site, you may encounter unexpected results when installing a reporting services point. During installation, ConfigMgr queries WMI on the server for all instances of SQL Reporting Services, and it always installs the reporting services point on the first instance returned.

  • Asset Intelligence synchronization point— If you have Microsoft Software Assurance (SA), you can create an Asset Intelligence synchronization point to download Asset Intelligence catalog information and upload custom software title catalog information (if desired). To configure the synchronization point, you must obtain a certificate from Microsoft and import it during configuration. You can also specify a proxy server and proxy server account if your network requires proxy authentication. By default, the synchronization schedule runs every 7 days.

  • Out of Band service point— If you have systems with Intel Active Management Technology (AMT), enable the Out of Band service point to improve control of Wake On LAN and other remote management needs. AMT is a technology used in vPro; systems with vPro installed can be managed using the Out of Band (OOB) service point. OOB in this instance refers to systems that are connected on the LAN, but not running Windows (or you don’t have access remotely to Windows on the system). Using vPro, you can remotely connect to these systems, even while the system is powered off, provided all configurations are completed in advance.

    As displayed in Figure 8.24, you can configure the properties of the Out of Band service point role to increase or reduce the network and CPU utilization of the site due to the OOB service point. As an example, when you create and enable Wake On LAN for an advertisement, the OOB service point will wake all targeted vPro-enabled systems using the settings specified in Figure 24. Review the ConfigMgr help file for additional information regarding each property in Figure 8.24.

    Figure 24. Creating a new Out of Band service point

    Note: Provision Computers for AMT

    You must set up and configure (provision) AMT-based computers so ConfigMgr can manage them with the Out of Band service point. There are two types of provisioning:

    • Out of Band— A system without a ConfigMgr 2007 SP 1 client

    • In Band— A system with a healthy ConfigMgr 2007 SP 1 client

    Check the document at for a discussion of the provisioning process. The check list at specifies the steps to enable Out of Band Management in ConfigMgr 2007.

  • Server locator point— Create a server locator point (SLP) for clients to complete site assignment and find management points when they cannot find that information in Active Directory.

    • You have workgroup clients or clients from another Active Directory forest.

    • You have not extended Active Directory.

    • You have extended Active Directory, but have not configured all ConfigMgr sites to publish information to Active Directory.

    You do not need to install an SLP if all sites are configured for Internet-based client management (IBCM).

    Configure IIS on the site system before installing the SLP. When installing the SLP, you can choose to use the site database or a database replica. You can also specify a server locator point connection account if you require a different account than the SLP computer account. See the “Using Replicas and Offloading Site Roles” section for information on creating a database replica.

    Specifying the Server Locator Point

    You can specify the server locator point for clients using one of the following methods:

    • Manually publish the server locator point in WINS so that clients can automatically locate it. Client computers search WINS for the server locator point if the client.msi installation property SMSDIRECTORYLOOKUP=NOWINS has not been specified.

    • Assign the server locator point to clients during client installation, using the client.msi property SMSSLP=<server locator point name> on the CCMSetup command line.

      If the SLP needs to be added manually to WINS, such as when Computer Browsing in the domain is disabled, perform the following steps:

      Open a command prompt (Select Start -> Run, and then type cmd).

      At the command prompt, type netsh and then press Enter.

      Type wins and press Enter.

      Type server and then press Enter.

      To manage a remote WINS server, type server <\\<servername> or XXX.XXX.XXX.XXX>, specifying the NetBIOS name or IP address.

      Type the appropriate command on a single line, as in the following example:

      add name Name=SMS_SLP endchar=1A  rectype=0
      ip={<server locator point IP address>}

    Perform the following steps to validate the SLP was added to WINS successfully:

    Open a command prompt.

    At the command prompt, type netsh and then press Enter.

    Type wins and then press Enter.

    Type server and then press Enter.

    To manage a remote WINS server, type server <\\servername> or XXX.XXX.XXX.XXX>, specifying the NetBIOS name or IP address.

    Type the appropriate command, as in the following example:

    show name Name=SMS_SLP endchar=1A

  • Software update point— Create a software update point (SUP) to use the Software Updates feature of ConfigMgr. Configure IIS and install WSUS 3.0 SP 1 prior to adding this role. Your first SUP (usually installed on your central site) synchronizes with Microsoft Update over the Internet to obtain patch detection and download information. If you have multiple sites in your hierarchy, all child site SUPs will synchronize with the parent SUP. All primary sites must have an active SUP. Clients also connect to the active SUP (for its assigned site) to perform updates scanning to determine patch applicability.

    When creating the SUP role, specify the proxy server name and configure an SUP proxy server account if needed. You can configure this for both the central site to access Microsoft Update and for child sites to access SUP on their parent site. Also, be sure to enable the new SUP as the active SUP, so that clients can use it.

    You must configure the SUP component after installing the SUP role. 

  • State migration point— Create a state migration point (SMP) to store user state migration data during reimaging or hardware replacement. Figure 25 shows configuring an SMP. You can see the directory D:\UserData is specified on the local drive of the ConfigMgr site. The Max Clients setting indicates the maximum number of clients that can be saved to the folder at any given time. Minimum Free Space prevents additional migration data from writing to the disk, if the drive falls below minimum free space.

    Figure 25. Creating a new state migration point

    Also in Figure 25, you can see the deletion policy is configured as 10 days, so that once the data has been successfully restored (and marked for deletion), the data is automatically removed after 10 days. If you check the box Enable restore-only mode, all requests for user state store will be refused for this SMP, although the SMP will remain operational for restore operations. 

  • System Health Validator point— Install a System Health Validator point if you will use ConfigMgr for Network Access Protection (NAP). Installing the role is very easy because there are no settings to configure! However, you must install this site system role on Windows Server 2008 configured with the Network Policy Server (NPS) role.

  • Branch distribution point— Create a branch distribution point (BDP) on a branch office computer to allow clients in that office to access content locally. Think of a small office with 10 computers—you may not want to install a dedicated server and primary or secondary ConfigMgr site. When you install a branch distribution point, systems in the branch office will still traverse the WAN for management point traffic (ConfigMgr machine policy, submitting inventory, and so on), which is nominal traffic. The branch distribution point allows systems to install software and software updates from a local distribution point, thus removing WAN traffic for those installations without incurring the overhead of another site at the remote location. You can install a branch distribution point on Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and newer Windows operating systems.

    Create a new site system  on a new server or workstation and then select Distribution Point as the role. (In order to create a branch distribution point, the target system must be a healthy ConfigMgr client.) Configure the next page of the wizard as shown in Figure 26 to create a branch distribution point. The example in Figure 8.26 allows ConfigMgr to determine which partition to use on the site system. If the site system has multiple partitions, you can specify a specific partition if desired. You can also reserve space on the drive for the operating system, to prevent ConfigMgr from using the entire drive. Figure 26 shows reserved space configured as 500MB. For additional information about configuring multicast and enabling virtual application streaming, review the bullet at the beginning of this section regarding distribution points.

    Figure 26. Creating a new branch distribution point

    Branch distribution points use BITS to download content from a standard BITS-enabled distribution point. If the standard BITS-enabled DP is configured with protected boundaries, the boundaries of the BDP must be included or else the BDP will not be able to download content from the standard DP. Another important consideration is that when a client accesses a BDP for content, the content is only accessed via SMB (not BITS).

Note: Comparing Distribution Points to Branch Distribution Points

After reviewing the information for both distribution points and branch distribution points, you may wonder which is best for you. And as almost all things technical, it depends. Consider BDPs for small-office scenarios. Here are a few points to consider:

  • The BDP depends on the ConfigMgr client to be installed and properly configured.

  • The BDP must be a member of the domain, and not a Windows 2000 system.

  • BDPs are not supported on Internet-based clients.

  • BDPs do not support multicast for OSD.

  • If a BDP is installed on a workstation operating system (for example, Windows XP or Vista), it is limited to 10 concurrent client connections.

Microsoft provides information about standard and branch distribution points at Another helpful document is at

Now that you know how to configure each site role, it’s important to know that you can offload site roles to reduce the load on your primary site server. For many environments, offloading roles may not be required. However, if you notice one role is using a large amount of bandwidth, or CPU cycles, consider offloading it by creating a new site system, as described in the next section.

PS4 game trailer XBox One game trailer
WiiU game trailer 3ds game trailer
Top 10 Video Game
-   Skyforge [PC] Open Beta Gameplay Trailer
-   Armored Warfare [PC] PvE Trailer
-   F1 2015 [PS4/XOne/PC] Features Trailer
-   Act of Aggression [PC] Pre-Order Trailer
-   Sword Coast Legends [PC] Campaign Creation E3 2015 Trailer
-   Sword Coast Legends [PC] Campaign Creation E3 2015 Dungeon Run Trailer
-   Naruto Shippuden: Ultimate Ninja Storm 4 Trailer
-   Danganronpa Another Episode: Ultra Despair Girls Trailer 2
-   Project X Zone 2 Trailer
-   Poly Bridge Early Access Trailer
-   Rodea The Sky Soldier Trailer
-   CABAL 2 Launch Trailer
-   The Smurfs Trailer
-   Act of Aggression Pre-Order Trailer
-   Project X Zone 2 [3DS] Trailer
Game of War | Kate Upton Commercial