close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video

If you are a large enterprise, don't miss our IT cost-cutting webinar!

Home

System Center

How to Install System Center Configuration Manager 2022

Michael Reinders

|
Windows

In early April 2022, Microsoft proudly announced System Center 2022. This is the latest version of the on-premises catalog of infrastructure server solutions for your company. System Center 2022 includes Microsoft Endpoint Manager (formerly Configuration Manager), Operations Manager (SCOM), Virtual Machine Manager (SCVMM), Orchestrator, Data Protection Manager (DPM), and Service Manager (SCSM).

In this post, I’ll be showing you how to install Microsoft Endpoint Configuration Manager 2103. Don’t let the name and version number confuse you, I’ll get to the naming changes below. I also have a separate post about how to install System Center Operations Manager 2022 (SCOM) on Petri.

The installation media (ISO) that comes with System Center 2022 includes the stable release version 2103 (released in March of 2021). During setup or after setup, you’ll have the ability to let Microsoft Endpoint Manager (MEM) download ‘feature updates’ from the current branch. This allows you to seamlessly run in-place upgrades to newer versions of Microsoft Endpoint Manager on each of your site servers. Newer versions include 2107, 2111, and the brand-new 2203 release!

Some history about System Center Configuration Manager

First, let’s go through some recent history of the product as the naming conventions can be confusing. Back in the day, System Center Configuration Manager (SCCM) followed the same update cadence as the rest of System Center (2012 R2, 2016, 2019, etc.).

A few years ago, starting in version 1910 (October 2019), Configuration Manager became a part of Microsoft Endpoint Manager. Microsoft started releasing more periodic updates to Microsoft Endpoint Manager, adopting the ‘branch’ nomenclature from other teams within Microsoft (Windows, Windows Server, etc.). Thus, the ‘Current Branch’ for Microsoft Endpoint Manager was born.

Microsoft Endpoint Manager is an integrated solution for managing all of your devices, and Microsoft brought together Configuration Manager and Intune without a complex migration and with simplified licensing. IT admins can continue to leverage their existing Configuration Manager investments while taking advantage of the power of the Microsoft cloud at their own pace.

Preparation and prerequisite tasks

There are several design scenarios and topologies you should consider before starting to implement Microsoft Endpoint Manager. For the purposes of this post, I’ll be following guidance that will enable you to set up a lab for evaluating Configuration Manager.

Now, let’s go through some preparation and prerequisite tasks (brace yourself…there are quite a few!).

First, a new container in your Active Directory domain needs to be created. For some reason, the Microsoft Endpoint Manager setup does not take care of this for you. You’ll need to open ‘ADSI Edit‘ and follow these steps:

  1. Expand your domain name, then right-click on the ‘CN=System‘ entry and click New -> Object.
  2. In the Create Object dialog box, click Container, then click Next.
  3. In the Value field, type in ‘System Management‘ and click Next.
  4. Click Finish to complete the steps.
Our new System Management container using ADSI Edit
Our new system management container using ADSI Edit

Next, we’ll give our new ‘site server’ computer account rights to the container:

  1. Back in ADSI Edit, right-click on CN=System Management and click Properties.
  2. Click the Security tab, then click Add to add the new site server computer account (WS22-SCCM-SS01). Give it Full Control permissions.
  3. Click Advanced, select the WS22-SCCM-SS01 computer account, and click Edit.
  4. In the Apply onto list, select ‘This object and all descendant objects.
  5. Click OK and close ADSI Edit.
Our Computer Account has Full Control permissions to the container
Our computer account has full control permissions to the container

Next, we will extend the Active Directory schema by using a utility included with the installation media – extadsch.exe.

  1. First, make sure you have a backup of your domain’s schema master domain controller’s system state, in case you’d need to revert to it.
  2. Browse to the \SMSSETUP\BIN\X64 folder in the ISO for Microsoft Endpoint Manager.
  3. Run extadsch.exe as an administrator.
  4. You can verify the schema was updated by reviewing the extadsch.log file located in the root folder of the system drive.

Moving on, we need to create a folder to store prerequisite files and additional installation media that will be downloaded during the setup installation. I’ll just create a folder off of the C: drive on my server.

Our new prerequisite and installation downloads folder
Our new prerequisite and installation downloads folder

The next step is to use PowerShell to enable ‘.NET Framework 3.5’. Run the following command in PowerShell.

Install-WindowsFeature Net-Framework-Core -Source d:\sources\sxs
We enabled .NET Framework 3.5 with PowerShell
We enabled .NET Framework 3.5

Then, we need to enable some more .NET Framework features, IIS Manager features, and Background Intelligent Transfer Service (BITS). Because I am using Windows Server 2022, .NET Framework 4.8 is already installed and enabled. This provides backward compatibility for older versions like 4.5.2, 4.6.x, etc.

However, we need to add a few features that aren’t enabled by default. In Server Manager, go through and select all of these items:

  • Web Server (IIS)
    • Common HTTP Features
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • Static Content
      • HTTP Redirection
    • Health and Diagnostics
      • HTTP Logging
      • Logging Tools
      • Request Monitor
      • Tracing
  • Performance
    • Static Content Compression
    • Dynamic Content Compression
  • Security
    • Request Filtering
    • Basic Authentication
    • Client Certificate Mapping Authentication
    • IP and Domain Restrictions
    • URL Authorization
    • Windows Authentication
  • Application Development
    • .NET Extensibility 3.5
    • .NET Extensibility 4.5
    • ASP
    • ASP.NET 3.5
    • ASP.NET 4.5
    • ISAPI Extensions
    • ISAPI Filters
    • Server Side Includes
  • FTP Server
    • FTP Service
  • Management Tools
    • IIS Management Console
    • IIS 6 Management Compatibility
      • IIS 6 Metabase Compatibility
      • IIS 6 Management Console
      • IIS 6 Scripting Tools
      • IIS 6 WMI Compatibility
    • IIS 6 Management Scripts and Tools
    • Management Service

After that completes, we need to do one more thing – configuring IIS filtering on distribution points:

  1. Open IIS Manager and select the name of the server in the sidebar.
  2. Make sure ‘Features View’ is selected at the bottom and in the ‘IIS’ category of icons, open ‘Request Filtering’.
  3. In the Actions pane, click ‘Allow File Name Extension…’
  4. Type ‘.msi’ and click OK.
Allowing .msi extensions in IIS Manager's 'Request Filtering' menu
Allowing .msi extensions in IIS Manager’s ‘Request Filtering’ menu

Installing Microsoft Endpoint Configuration Manager

We are finally ready to start the installation process of Microsoft Endpoint Configuration Manager. You can download the installation media from the Volume License Service Center, the Microsoft 365 Admin Center, or, browse here to download an evaluation version.

The initial splash screen for Microsoft Endpoint Configuration Manager
The initial splash screen for Microsoft Endpoint Configuration Manager

Click the ‘Install’ link to get started. On the ‘Before you begin’ screen, click Next.

There are potentially HOURS worth of items you need to check before you begin installing Microsoft Endpoint Configuration Manager
There are potentially HOURS worth of items you need to check on this lovely screen…

On the ‘Available Setup Options’ screen, we are installing a Configuration Manager primary site and we want to choose more granular options, so we’ll leave the checkbox unchecked and click Next.

We'll use the default option of a stand-alone Configuration Manager primary site
We’ll use the default option of a stand-alone Configuration Manager primary site

Choose to install the evaluation edition or enter a product key if you have one. If you have an active Software Assurance agreement with Microsoft, you can also enter an expiration date for it.

Choosing an evaluation version or entering a compliant product key
Choosing an evaluation version or entering a compliant product key

Next, you can click Browse and locate the folder we created to download prerequisite and additional installation media for Setup.

Choosing a folder to house additional download files for the install
Choosing a folder to house additional download files for the install

Verify the correct server languages and client languages are selected, and click Next.

Choosing the languages for server and client reports in the console
Choosing the languages for server and client reports in the console

Enter in a Site code, the Site name, verify the installation folder is what you want, and click Next.

Configuring the site code and name settings
Configuring the site code and name settings

On the Primary Site Installation screen, we are going to choose the ‘Install the primary site as a stand-alone site’ as this is the first site server in the hierarchy. In the future, we could add a second primary site server ]– we would then choose the first option.

We're installing a stand-alone site as our primary, initial site server
We’re installing a stand-alone site as our primary, initial site server

The next screen allows us to enter our SQL Server information.

Here is where we enter the details of our SQL Server environment
Here is where we enter the details of our SQL Server environment

You can optionally choose to alter the path to the SQL database and log files if you desire.

We can choose alternate locations (preferred) for the SQL database and log files

Then, you choose where you want to install the ‘SMS Provider’ feature. Here, we’re going to choose the local server.

Choosing what server to install the SMS Provider service on
Choosing what server to install the SMS Provider service on

Then, we get to the ‘Client Computer Communication Settings’ screen. Typically, in a production environment, you would leave the first option selected – ‘All site system roles accept only HTTPS communication from clients’.

However, for these ‘lab’ purposes, I won’t be acquiring an SSL/PKI certificate required for secure client communications. So, I will choose the second option – ‘Configure the communication method on each site system role’ and leave the checkbox unchecked.

Choosing our Client Computer Communication Settings
Choosing our Client Computer Communication Settings

On the ‘Site System Roles’ page (who said installing System Center Configuration Manager was a piece of cake?), let’s leave the defaults in place – install a management point and distribution point on the local server (site server).

Here we choose some Site System Role locations
Here we choose some Site System Role locations

For the ‘Service Connection Point Setup’ phase, this is where you get to join the Current Branch of Microsoft Endpoint Manager. Periodically, in the MEM console, Feature Updates will be advertised, allowing you to centrally and seamlessly upgrade your site servers to more recent versions like 2107, 2111, and the brand new 2203.

So, here we’ll be choosing ‘Yes, let’s get connected’ and let Setup install the service connection point on our server.

Here we are installing a Service Connection Point to join the Current Branch
Here we are installing a Service Connection Point to join the Current Branch

Then, WOW! We are at the ‘Settings Summary’ screen. Go ahead and verify all the information, then click Next.

We need to double-check the Settings Summary for Microsoft Endpoint Configuration Manager
Settings Summary – Double-check everything and click Next!

Honestly, the most troublesome and tedious phase of Setup is next – the Prerequisite Checks. When I first ran this blind the other day, my jaw dropped when I saw how many warnings and errors (hard stops) I encountered.

I was able to find all the necessary documentation on Microsoft’s website that allowed me to perform many of the preparatory steps listed above. And honestly, after going through all these steps, it really boggles my mind why so many of these innocuous steps are NOT handled by the Setup program.

Another note – you may see prerequisite warnings or failures related to items in the Windows Assessment and Deployment Kit (ADK). If that happens, you need to visit this site to download and install two items:

  • Windows ADK for Windows 10, version 2004
  • Windows PE add-on for the ADK, version 2004

This should get you in the right place.

So, after I ran through this, I only have 3 items as warnings:

  • Windows Server Update Services (WSUS) on site server
  • SQL Server Native Client version
  • SQL Server process memory allocation

Looking at the details, I don’t believe any of these are going to pose a problem. WSUS should get installed as part of the Setup, and the SQL items don’t look difficult. Let’s click that ‘Begin Install‘ button!

The Setup process for Microsoft Endpoint Configuration Manager is progressing
The setup process is progressing smoothly and steadily 😉

Well, after 21 minutes and 37 seconds of nail-biting, we are apparently good!

Core setup for Microsoft Endpoint Configuration Manager has completed
Core setup has been completed – Let’s fire up that Console!

As you can see, the ‘Core’ phase of Setup is complete. The remaining tasks are being handled in the background and can be monitored in the Configuration Manager console. Let’s give it a go!

Getting started with the Configuration Manager console

Click the Start button, click the Expand link under ‘Recently added’, and behold – a plethora of new programs to see and play with!

Server Manager and other programs now appear in the Windows Start Menu
Look at all the wholesome goodies we get to play with!

Click on ‘Configuration Manager Console.’

The Microsoft Endpoint Configuration Manager Console in its full glory
The Microsoft Endpoint Configuration Manager Console in its full glory

There you have it! Microsoft Endpoint Configuration Manager version 2103. As the final step I’ll cover in this post, let’s install the latest hotfix rollup for version 2103.

  1. Click the Administration category in the lower left, then click Updates and Servicing.
  2. You’ll see there are three items available to install: The rollup for the version we’re on, and then the next two feature updates (Version 2203 is rolling out to customers over time). Eventually, my install will see ‘Configuration Manager 2203’ as an option.
  3. Click on the ‘Configuration Manager 2103 Hotfix Rollup’ item and click the Download button on the top toolbar.
  4. Wait a few minutes and click the ‘Refresh’ button. Now, the item’s state shows as ‘Ready to install.’ Now, click ‘Install Update Pack.’
We're installing the latest Hotfix Rollup for Configuration Manager 2103
We’re installing the latest Hotfix Rollup for Configuration Manager 2103

Eventually, it will finish.

Conclusion

And there you have it! We just got done installing our initial primary, standalone site of Microsoft Endpoint Configuration Manager 2103. In case you’re not aware, there are a LOT of next steps to follow, including upgrading to the latest version, setting up all your configurations for your users, your devices and your connections to Azure, setting up an Azure Cloud Management Gateway (CMG) and other related tasks, and testing! Hopefully, this article assisted you in getting the ball rolling for you and your organization.

Article saved!

Access saved content from your profile page. View Saved