SCCM 2012 Step-by-step installation guide

Before deployment you have to:

– install IIS, BITS on your SCCM server
– open 1433 and 4022 ports on SQL Server
– create “System Management” container with right permissions
– extend AD schema
– check SQL Server settings

Read “How to..” below. Wait,wait and carefully read and check

Supported Configurations for Configuration Manager

Notice, only SCCM SP1 fully supports Windows 8 and Server 2012.

Microsoft is going to publish final release SP1 in January,2013 (i hope so). Now, it’s only SP1 Beta with  some bugs inside

To resolve error with installing NETFX3 feature on Windows Server 2012 use my previous post about preparation and installing DPM 2012


Open 1433 and 4022 ports on your SQL Server. Without this step you will receive an error “Firewall exception for SQL Server” 

netsh advfirewall firewall add rule name=”SQL Server” dir=in action=allow protocol=TCP localport=1433
netsh advfirewall firewall add rule name=”SQL Service Broker” dir=in action=allow protocol=TCP localport=4022


You need to install BITS and IIS services (default settings+IIS 6 WMI Compatibility) on your SCCM server

Install-WindowsFeature Web-Common-HTTP,Web-Default-Doc,Web-Dir-Browsing,Web-HTTP-Errors,Web-Static-Content,Web-HTTP-Redirect,Web-HTTP-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Stat-Compression,Web-Filtering,Web-ISAPI-Ext,Web-Mgmt-Tools

Install-WindowsFeature -Name BITS


SCCM does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services.

SCCM server account must have “Full Control” permisson on System Management container. You can add this permission leter, but SCMM installation will  detect warning “Verify site server permissions to publish to Active Directory” and let you to continue setup.

Open adsiedit.msc


Right click on “CN=System” and create new object


Select class “Container” and click “Next”containere

Type the name of container “System Management” and Nextnameofcontainer

Open your AD Users and Computers, change view to “Advanced feature”. advancedfeatureon

Go to System -> System Mananagement and click on “Delegate control..”delegation

Add your SCCM server to delegation of controladdingSCCMserv

Select “Create a custom task …”delegation_2

Click “Next”


Select “Full Control” and click “Next”



Extend AD schema for SCCM. If you have installed SCCM 2007, you do not have to extend AD schema!

Open extadsch.exe in YourCDdriveLetter:\SMSSETUP\BIN\X64extschema

Check result using log file C:\ExtAdSch.txtextschema_1


Check your SQL Server service account. By default, SQL sets build-in account to run SQL Server service. This account does not have necessary permissions (sysadmin role in SQL) that SCCM wants to see. For example, during installation SCCM interrupts with following error:

Fail to create SQL Server Certificate, ConfigMgr cannot be completed


To resolve this you have to temporarily change service account . In this example, my local account have sysadmin role in SQL Server. After successful SCCM installation do not forget to change it back.


SCCM requires SQL Server to reserve a minimum of 8 Gb of memory for the central administration site and primary site and a minimum of 4 Gb for the secondary site. Without SQL Server memory settings SCCM prerequisites checker will show you warning:

SQLServer is configured for unlimited memory usage

Just set minimum and maximum of memory in SQL Server settings using SQL Server Management Studio as shown on picture



1. Choose your deployment method and click “Next”. Do not choose typical installation. Some important settings are not covered in this method.sc_1

2. Type your product keysc_2

3. Accept all license termssc_3

4. Click on “Browse” to set path for downloaded required files or download them automatically using setting above and click “Next”sc_5

5. Select your SCCM languages and click “Next”sc_6

6. Select your client languages and click “Next”sc_7

7. Define Site code (xxx) and name , click “Next”sc_8

8. Join or create new primary site. Click “Next”sc_9

9. Define your SQL FQDN, instance name (just leave it blank) and database namesc_10

10. Click “Next” againsc_11

11. I don’t have a PKI infrastructure, so i choose use HTTP server communicationsc_12

12. Click “Next”sc_13

13. CEIP is a useful program, but now ” i don’t want to join…”. Click “Next”sc_14

14. Summary information. Click “Next”sc_15

15. I checked manually that my SCCM server have Full Control in “System Management” containter. WSUS SDK warning related with version of WSUS services. Just ignore it or update your WSUS.sc_16

16. Done!sccm_final

Don’t forget to update SCCM Server before your configuration! or just wait to SP1 release 🙂

Leave your comments! Thanks!

Installation guide for DPM 2012

DPM 2012 provides disk-based and tape-based data protection and recovery for servers and desktops. DPM can also centrally manage system state and Bare Metal Recovery. Now DPM available only in the System Center Package (Standard or Datacenter) with other great and very powerful products such as VMM, SCOM and others. You can download evaluation versions using this link .

Before installation:

  • Check DPM requirements: Software, Hardware, Network
  • Watch video “What’s New in DPM 2012” to understand all changes between prior versions DPM
  • Update your target servers
  • Update your remote SQL server if you planning to deploy DPM using existing database servers
  • Disable IE Enhanced Security (Server Dashboard – IE Enhanced Security Configuration – Off)ie_esc_off

I am not going to make an attention to planning and requirements for DPM 2012. However, during reading TechNet, I noticed some interesting things:


“DPM is not supported on the Turkish language version of any of the listed Windows Server versions.”

Poor, poor Turkey 🙂 I do not know reason, but it is funny and I cannot understand “Why? Why only Turkish? We all love Turkey!)


«For the DPM database, DPM requires a dedicated instance of the 64-bit version of SQL Server 2012 or SQL Server 2008 R2 or SQL Server 2008 R2 SP1, Enterprise or Standard Edition»

Do not try to install DPM without SP1 to an existing SQL Server 2012 you will receive an error “Server 2008 SQL Instance required”


Open SQL Remote Ports using these commands to successful creating DPM instance. Just create .bat file, for example sqlports.bat and run as administrator. Also, you can check result using firewall.cpl

netsh advfirewall firewall add rule name=”Open Port 80″ dir=in action=allow protocol=TCP localport=80

@echo ========= SQL Server Ports ===================
@echo Enabling SQLServer default instance port 1433
netsh advfirewall firewall add rule name=”SQL Server” dir=in action=allow protocol=TCP localport=1433
@echo Enabling Dedicated Admin Connection port 1434
netsh advfirewall firewall add rule name=”SQL Admin Connection” dir=in action=allow protocol=TCP localport=1434
@echo Enabling Conventional SQL Server Service Broker port 4022
netsh advfirewall firewall add rule name=”SQL Service Broker” dir=in action=allow protocol=TCP localport=4022
@echo Enabling Transact SQL/RPC port 135
netsh advfirewall firewall add rule name=”SQL Debugger/RPC” dir=in action=allow protocol=TCP localport=135
@echo ========= Analysis Services Ports ==============
@echo Enabling SSAS Default Instance port 2383
netsh advfirewall firewall add rule name=”Analysis Services” dir=in action=allow protocol=TCP localport=2383
@echo Enabling SQL Server Browser Service port 2382
netsh advfirewall firewall add rule name=”SQL Browser” dir=in action=allow protocol=TCP localport=2382

@echo ========= Misc Applications ==============
@echo Enabling HTTP port 80
netsh advfirewall firewall add rule name=”HTTP” dir=in action=allow protocol=TCP localport=80
@echo Enabling SSL port 443
netsh advfirewall firewall add rule name=”SSL” dir=in action=allow protocol=TCP localport=443
@echo Enabling port for SQL Server Browser Service’s ‘Browse’ Button
netsh advfirewall firewall add rule name=”SQL Browser” dir=in action=allow protocol=UDP localport=1434
@echo Allowing multicast broadcast response on UDP (Browser Service Enumerations OK)
netsh firewall set multicastbroadcastresponse ENABLE


“The following are additional prerequisites for DPM: Microsoft .NET Framework 3.5 with Service Pack 1 (SP1)”

Using Server Manager, you can add NETFX3 feature to Server 2012, but it does not work.


You should use dism utility to add this feature 

  • Mount your Server 2012 image/cd (in this example, drive letter is D)
  • Press Win+Q, type cmd , right click and choose pin to taskbar
  • Run CMD as administrator and paste dism /online /enable-feature /featurename:NetFX3 /all /Source:d:\sources\sxs /LimitAccessnetfx3 dism



1. Choose “Run the prerequisite Checker” and check again all requirements. It’s very important step!


2. Click on “Data Protection Manager” to setup the core of DPM

3. Accept license terms


4. DPM says “Welcome” to you. Just click “Next”


5. DPM can install a dedicated instance of SQL Serverl 2008 R2 or you can choose your existing remote SQL instance . Don’t forget open all ports to communicate on SQL Server! (see information in the top of this article) I choose a dedicated instance and click “CHECK”


6. Make sure that your server meets all requirements and click “Next”


7. Paste your license key and click “Next”


8. On this stage you can change default path to installation. I agree with default paths and click “Next” again.


9. Choose password for DPM and SQL’s service accounts. Notice, if you are using remote instance DPM does not create any SQL service accounts


10. Choose a “Windows Update” to delivering updates


11. Choose “No, …” and click “Next”. On the summary page also click Next and wait while wizard setups DPM


12. After successful setup use Microsoft Windows Update (control /name Microsoft.WindowsUpdate) to install DPM latest CU (currently, CU3) or you can setup manually using this link


13. WIN+R – type services.cmd and check that main DPM service are running


14. You are ready to get started with DPM 2012. I’m planning to make a second part of this article about configuring DPM . Follow me and keep in touch! 🙂

P.S. System Center 2012 SP1 is available now:)

Look our my other posts:

Deploying DPM Agent 2012 to Untrusted or Workgroup Computers

How to upgrade DPM 2012 to DPM 2012 SP1?

How to update DPM agents to 4.1.3333.0 after upgrading to SP1?

How to fix “Replica is inconsistent” in DPM during backing up SQL 2012 DBs?

%d bloggers like this: