CM12 Notes
Notes taken this week while installing CM12 in the lab.
Main takeaways:
Make a CAS first - not unlike best practice recommendation of making a root forest over your domain. Should you ever need to add more sites, this will make like much easier.
Still looking for a good prerequisite site that tells you if a CAS needs to be local admin of a primary, or which IIS components are still needed on an MP (like webDAV is gone), or the CLR integration is enabled by CM itself now in SQL. That's something you needed to do on your own for DCM or for SQL replication to your MPs. So is there an overall list of such changes someplace?
Here are my notes for the week:
So I was about to install CM12 to a VM in the lab when I was reminded from the MVP list that you can't join up to a CAS later down the road.
This means I have to now install this VM as a CAS and make another VM to become a primary. And another to take on all roles.
These 3 servers are the minimum I need to do in order to really see what gets replicated to a CAS and how well all items offload from a primary.
Which means I need to go create 2 more VMs before I can do anything. PIA.
Deleted the SQL setup files figuring who would ever install old SQL2K8 again? So I get to recopy it all so I can install SQL on this new primary site.
And this primary site has less disk than the CAS, but I don't really want to make it the CAS since the server name is 2 and the other is 1. Who would think 2 to be a CAS over 1? And I don't want to rename. Maybe I can just shrink the other down the road.
Now I'm seeing that same issue yesterday when trying to get 2008 to install with SP1 slipstreamed. Even though I've preinstalled the SP1 setup tools, it tells me the PUSource isn't valid.
Idiot. It's PCUSource, not PCSource. There went an hour. No, that wasn't the problem. Still is doing it. Fine. Got it. POS.
Installing SQL – normally we leave the agent to manual and the browser disabled. Well, agent to auto if doing SQL replication, but for CM12, we're going to have to leave the browser service on from what I've read.
The CM12 install window opened behind the splash.hta file – probably not worth the time to submit a bug on it.
Stated the install and I've chosen the CAS option, not the default primary site option.
Remembered that these boxes need perms to the system mgmt. container, so I've gone and done that. Does the wizard remind you?
I already downloaded the prereqs so i choose the option to point to that source location (Also I've installed .NET 4 and defragged and did windows updates)
I've already opened 1433 and 4022 and Sqlservr.exe on the firewall. (And I've set the SQL Agent and Browser to auto during SQL setup).
I chose 006 as the site code, set site name to DEV CAS, chose to install to d:\CM12 – looks like I can't go back and change my mind on the site code, so I opened a bug on that.
And I'll allow a local console install. But I won't on the primary when I install it.
Normally, I pre-create the CM db to get the files, sizes and locations just right. But for this VM I won't, so it'll just make one with the default name of CM_006.
Why do i need remote differential compression? Fine, installing it. Must be that even though I may not stage packages here, it wants to park them to DPs and make use of RDC
12 minute install for CAS, not bad
Install primary: DEV as site code, DEV LL2 as site name, install to D:/CM12
Choosing no console for this child site – administer from the CAS
Odd that when I say I want to join an existing, it doesn't ask for FQDN but NetBIOS instead
Does CAS have to be a local admin of DEV??? I will just in case, because you got to figure if from the CAS console (not just opening DEV from the CAS), and you choose to install a role, the CAS would need perms to tell it to? Or could it just do that via SQL replication? Only way to know is remove it and try to install a role, I guess.
It sets snapshot to D:\ConfigMgrReplication which I'll change to D:\SQL2K8\CMReplication (since I install SQL to SQL2K8 or SQLR2)
Guess we have to be careful to not pick the stringent default of https communication for clients
I uncheck the MP and DP roles for the primary since i offload all roles, esp. IIS related. I hate that it wants to install them by default, but I suppose most shops want it.
I have installed RDC, but not WSUS which is just a warning. Since I know I need the WSUS console installed, I'll do that now. There, no warning.
Note that the CAS didn't need a WSUS console
After about 10 min I see global replication is done, but the link is still being configured
Looks like HINV\SINV\Metering and status msgs are still going via transactional replication. I assume that gets ripped out by RC.
contentlib - wtf is that? Why don't I get to pick the location for that folder since it's going to be sizable? I see Panu has a DCR that's closed and I made a comment on it on Connect.
30 min later I see that the link is ok and I can see status up and down (parent site config\child site config)
OK, how do I add my team's ad group to the full admins role? It shows only my id, but how do I add?
Oh, got it. just click on \Administration\Overview\Security and Permissions\Administrative Users
Cool, so when I use the console and connect directly to DEV, I see that my team's permissions are down there too; no need to recreate. These are global conditions for RBAC.
OK site settings. This is a lab, so let's set these on CAS:
Policy to 5 min
Compliance to 20 min
Give Company Name in
Love the defaults on restart, but for the lab, I'm setting 10/5
HINV set to every hour
Setting power mgmt to off; I don't plan to play with that in this lab
Setting remote control to off as well
Software deployment – I'm going to allow notificatons and set schedule to every 6 hours
Ouch – SINV is for entire drive by default?
Set SINV to look at just %programfiles% and %ProgramW6432%\ for *.exe and %programfiles(x86)% - wait – let's do just prgfls and on x64 coll, we set one, and x86 we set the other.
Disable metering
Software updates to every 6 hours scan, 6 hours re-evaluate, install ALL software updates, and within 1 hour
State msgs to every 5 min; hey, it's a lab
OK, just filed a bug (don't know how to specify DCR) for excluding %windir% on sinv –
Why don't they show the build number in the About ConfigMgr icon area? We're on 7561.
Looks like we no longer need to go enable CLR in SQL, CM12 does that for you. Had to do it before for MP replication and DCM.
CM3 is up. Ready to install IIS so it can become an MP.
I know I no longer need WebDAV, but what about ASP.NET? I assume Windows Authorization is still needed. But what about the old IIS WMI & Metabase Compatibility? What article tells me? I've been surfing for 30 min and can't find anything. I'm going to skip that and see if she blows up.
There is no defailt mgmt point, do you want this system to be the default? Huh? I thought we got rid of default. Or is that an RC thing?
And WTF, it offers the same old replica or remote SQL question for MPs. So I still need to go create a replica all by myself? And if not, is it going to automatically grant the right perms for the MP to come back to the primary? This sucks.