![]() · The new features in Microsoft System Center 2012 Configuration Manager (SCCM 2012) are well worth the time and money it takes to migrate from System Center. How to install an SCCM Cloud Distribution Point.Download and own this SCCM Cloud Distribution Point Installation Guide in a single PDF file. Install Older Windows Xp Version Art . The PDF file is a 4.SCCM. Use our products page or use the button below to download it. A new nice feature in SCCM Current Branch 1702 is the ability to set the “Install Behaviour” on a deployment type to either automatically close specified.exe’s. “Configuration Manager Setup requires that the site server computer has administrative rights on the SQL Server and management point computers” in SCCM 2012. A cloud distribution point is an SCCM distribution point that is hosted in Microsoft Azure. The client will access it as a normal distribution point using port 4. SSL). Some benefits of using cloud distribution point are for clients on internet, fallback scenario or to quickly provision a distribution point if extra bandwidth is needed for a limited time. The whole process should take about an hour, a bit more if you’re not familiar with certificates which are a big part of this guide. Plan. If you’re unsure if cloud distribution point is the right choice for your organization, read the following Microsoft documentation which explains in detail the features and benefits. The article also lists what features are supported or not. Cost. We also suggest reading the Microsoft article explaining the cost of using cloud distribution point as this could be a show stopper for a small size business. Prerequisites for SCCM Cloud Distribution Point. An Azure Subscription. Your Windows Azure Subscription IDA self- signed or public key infrastructure (PKI) management certificate for communication from your primary site server to the Azure service (. A service certificate (PKI) that Configuration Manager clients use to connect to cloud distribution points and download content from them by using HTTPSDNS alias and a CNAME record in your DNS namespace for clients to resolve the name of the cloud service.Client Settings configured correctly.Client must have internet access.Boundary group must be configured.We will cover all those requirements in this post. . Certificates Requirements.To make an authenticated, secured (SSL) connection between your Primary Site installation and your Windows Azure subscription, you need to create your own management certificates, which can be self- signed or issued by a certification authority (CA). We recommend using a certification authority in a production environment. For testing (or lab) purpose you can use the self- sign certificate which is easier to implement. The high- level certificate requirements: Provide the . Azure. You must upload this certificate to Azure before you install a cloud distribution point. This certificate enables SCCM to access the Azure API. Provide the . pfx file of the management certificate to SCCM when you install the cloud distribution point. SCCM will store this certificate in the site database. Because the . pfx file contains the private key, you must provide the password to import this certificate file into SCCM. If you use a self- signed certificate, you must first export a certificate as a . Create a Self- Signed Certificate. Only follow this section if you are using a self- signed certificate. If you’ll be using a certificate from your certification authority (CA), jump to the next section. Open MMCOn the File Menu, choose Add/Remove Snap- in… select Certificates, and click Add. When prompted for what you want to manage certificates for, select Computer Account, click Next. Select Local Computer and then click Finish. Click OK to close the Add/Remove Snap- ins form. In the Certificate console. Go to Certificates (Local Computer) / Personal / Certificates. You should find a Server Authentication certificate there with the name of your server in the Issued To column. In our example, it’s the first one listed (CM0. SCDLab. org)We will export this certificate twice: One to get a . Cer file that we’ll upload to Windows Azure as the management certificate. The other to create a password- protected . Pfx file that we’ll use to configure the connection from our Primary Server to create the SCCM cloud distribution point. Export the . CER file: In the Certificates (Local Computer) console. Right- click your Server Authentification certificate (In our case: CM0. SCDLab. org)Choose All Tasks / Export. In the Certificates Export Wizard, choose Next. On the Export Private Key page, choose No do not export the private key, click Next. On the Export file format, select DER encoded binary X. CER), click Next. Save your certificate in a folder and close the Certificate Export Wizard. Export the . PFX file. On the Export Private Key page, choose Yes, export the private key, click Next. On the Export File Format page, select Personal Information Exchange – PKCS #1. PFX), click Next.On the Password page, specify a strong password to protect the exported certificate with its private key, click Next. Portable Office 2007 Sp2 Enterprise Essentials . On the File to Export page, specify the name of the file that you want to export, click Next. To close the wizard, click Finish in the Certificate Export Wizard page, click OKClose Certificates (Local Computer)The certificate is now ready to be imported to create an SCCM cloud distribution point. You can jump to the Azure Subscription section if you are not using a PKI server. Create and Issue a Custom Web Server Certificate Template on the Certification Authority (If using PKI only)If you just created a self- signed certificate, jump to the Azure Subscription section. This procedure creates a custom certificate template that is based on the web server certificate template. The certificate will be used for the installation of the SCCM cloud distribution point and the private key must be exportable as it will be asked during installation. Create and issue the custom web server certificate template on the certification authority. In Active Directory, create a security group named SCCM Site Servers that contain your SCCM Primary Site server computer account. On the server that is running the Certification Authority, open the Certification Authority console (certsrv. Certificate Templates and select Manage. The Certificate Templates management console opens. Right- click the Web Server template and then select Duplicate Template. In the Duplicate Template dialog box, ensure that Windows 2. Server, Enterprise Edition is selected in Certification Authority. In the General tab, enter a template name, like SCD SCCM Cloud DP. Change the validity period if needed. As a best- practice, the longer the validity period, the less secure is your certificate. In the Request Handling tab, select Allow private key to be exported. In the Security tab, remove the Enroll permission from the Enterprise Admins security group. Choose Add, enter SCCM Site Servers in the text box, and then choose OKSelect the Enroll and Read permission for this group. Choose OK, close Certificate Templates Console. Back in the Certification Authority (certsrv. Certificate Templates, select New / Certificate Template to Issue. In the Enable Certificate Templates dialog box, select the new template that you just created, SCD SCCM Cloud DP, click OKRequest the custom web server certificate on the Primary Site Server. This procedure requests and then installs the newly created custom web server certificate on the Primary Site prior to the SCCM cloud distribution point installation. Open MMCOn the File Menu, choose Add/Remove Snap- in… select Certificates, and click Add. When prompted for what you want to manage certificates for, select Computer Account, click Next. Select Local Computer and then click Finish. Click OK to close the Add/Remove Snap- ins. In the Add or Remove Snap- ins dialog box, choose OK. In the console, expand Certificates (Local Computer) / Personal / Certificates. Right- click Certificates, select All Tasks / Request New Certificate. On the Before You Begin page, click Next. If you see the Select Certificate Enrollment Policy page, choose Next. On the Request Certificates page, identify the SCD SCCM Cloud DP from the list of available certificates, and then select More information is required to enroll for this certificate. In the Certificate Properties dialog box, in the Subject tab. Subject name: in Type choose Common name. Value: Specify your service name and your domain name by using an FQDN format. For example: scdclouddp. Add. Alternative name: in Type choose DNSValue: Specify your service name and your domain name by using an FQDN format. For example: scdclouddp. Add. Click OK to close the Certificate Properties dialog box. On the Request Certificates page, select SCD SCCM Cloud DP from the list of available certificates, click Enroll. On the Certificates Installation Results page, wait until the certificate is installed, click Finish.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |