Installing a secondary site in Configuration Manager 2012

Overview:

In this post, I'm going to go through the process of installing a secondary site in a Configuration Manager 2012 SP1 site.

My Environment:
  • CM12.CONTOSO.LOCAL = CM Primary Site Server (Sitecode is PRI)
  • CM12DEN.CONTOSO.LOCAL = This will be the new Secondary Site Server (Sitecode will be DEN)
  • AD Security Group Names All CM Servers = This is a security group that contains the computer accounts of my two ConfigMgr Servers. I use group policy preferences to put this group in the local administrators group on my ConfigMgr Servers. You can manually add the Computer account as a local admin if needed (We will go over this later in this post).
Prerequisites To Install Secondary Site:

Roles / Role Services Required for Secondary Site:

  • Web Server (IIS)
    • Application Development:
      • ISAPI Extensions
    • Security:
      • Windows Authentication
    • IIS 6 Management Compatibility
      • IIS 6 Metabase Compatibility
      • IIS 6 WMI Compatibility

Features Required for Secondary Site:

  • Remote Differential Compression
  • BITS
  • .NET Framework 3.5
  • .NET Framework 4

The following ports will need to be opened between the site server and remote secondary site server

  • TCP: 4022 (SQL), 1433 (SQL), 135 (RPC/WMI), 445 (SMB)

Give the Secondary Site Server Computer Account Permissions to the System Management container in AD.

My Thoughts On Secondary Sites:

If you are doing this in a lab for testing then ignore this part. In many cases a Distribution Point can suffice rather than installing a Secondary site. When using a Remote DP rather than a Secondary Site it reduces the complexity of the site. I would highly recommend starting with a DP before installing a Secondary Site and monitoring the link. Here's a few scenarios where it may make more sense to install a Secondary Site rather than a DP:

  • Large amount of clients (e.g. 500 - 1,000 +) in remote location
  • Very slow connection to a remote site
    • Need to control the upward flow of data from clients (e.g. Machine Policy, Software Inventory, Hardware Inventory) these actions don't use that much bandwidth

Here is a Forum Post on choosing between a Secondary Site and Remote Distribution Point that may help you

Performing The Secondary Site Install:

The first thing I did was install the required Roles & Features as mentioned above on CM12DEN server.

Install the Web Server (IIS) Role from Server Manager. You can uncheck the "Include management tools (if applicable)" box if you receive it.

1

Add the BITS feature on the next dialog. Go ahead and click the Add Features button this will ensure the required IIS role services are installed to support BITS:

2

Add the Remote Differential Compression Feature and .NET Framework 3.5 and 4 if it's not already Installed:

3

4

On the Role Services page for Web Server (IIS), Verify the required Role Services are Checked. In my case, I only had to check Windows Authentication and IIS 6 WMI Compatibility because BITS automatically had the others checked.

5

On the Confirmation page I checked "Restart the destination server automatically if required" then clicked Install.

Now that we have the required Roles and Features installed, we will need to make sure the computer account of the Primary Site Server has local administrative permissions on the server that's going to host our Secondary site. The reason the computer account of the Primary Site needs to be local administrator is because this account is used to initiate the installation of SQL Express and the ConfigMgr Site Components.

I used group Policy Preferences to add a Security Group that contained my Primary Site servers computer account to the local administrators group on my secondary site server. You could manually click add and select your Primary Site servers computer account though:

6

You will also need to give the Secondary Site Server computer account full control of the System Management container. This will allow the Secondary Site Server to publish information about itself to AD you can use "AD Users and Computers" in the advanced view or ADSI Edit (This is what I used). Make sure you choose the Advanced on the Permission Dialog and choose "This Object And All Descending Objects".

7

Now that the Prerequisites are done, we can start the "Create Secondary Site Wizard".

8

Enter the General Information about your Secondary Site:

9

I left the Default "Copy installation source files over the network from the parent site" for the "Installation Source Files".

I don't have SQL Server Enterprise/Standard on the Secondary Server (These cost money). Configuration Manager secondary sites can use SQL Server Express Edition which is free so I'm going to use this option. Notice you will need to allow ports 1433 and 4022 through the Firewall.

10

In my demo, I'm going to be using HTTP. If your using HTTPS you should request your certificates and edit the binding in IIS prior to completing this wizard!

11

I left the default on the remaining settings. You will want to create a Boundary and assign it to a Boundary Group for your secondary site though to ensure clients receive content from the appropriate DP.

Monitoring The Secondary Site Install:

The install can take a little time depending on the Computer Hardware and connectivity to the Primary Site Server. Here are some ways you can monitor the Installation.

13

The "Show Install Status" will give you a very nice overview of the installation status:

14

The Prerequisite log (ConfigMgrPrereq.log) can be found on the Primary Site Server at the root of the drive:

15

Once the Prerequisites have been complete and passed, you see view the Sender.log on the Primary site server. This log will show the process of copying the installation binaries from the Primary Site Server to the Secondary Site Server.

16

Once the installation binaries have been copied from the Primary Site to the Root drive of the Secondary Site Server, the actual install will begin. The installation will create a log file (ConfigMgrSetup.log) on the root of the secondary site server:

17

Verify the Install was Successful!

18

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of any included script samples are subject to the terms specified in the Terms of Use

Comments

  • Anonymous
    January 01, 2003
    Can I install it on a second domain ?There is already a SCCM server in one domain, but I want to install another SCCM server in another domain under the same forest. Thanks in advance.
  • Anonymous
    January 01, 2003
    @ Francisco, no it's not a requirement.
  • Anonymous
    January 01, 2003
    @ Mark, Yes will work. From TechNet: http://technet.microsoft.com/en-us/library/gg712320.aspx#BKMK_InstallSecondarySite

    When you choose the Use the source files at the following network location or Use the source files at the following location on the secondary site computer options, the location must contain the Redist subfolder with the prerequisite redistributable files, language packs, and the latest product updates for Setup. Use Setup Downloader to download the required files to the Redist folder before you install the secondary site. The secondary site installation will fail if the files are not available in the Redist subfolder. For more information about Setup Downloader, see Setup Downloader in this topic.
  • Anonymous
    January 01, 2003
    @ SSayeed, Yes you can if there is a 2 way trust. Why would you want to install another site if there is already one?
  • Anonymous
    May 12, 2014
    Thanks
  • Anonymous
    September 24, 2014
    Is there a way to seed the install files? I am about to depoly about 12 servers and want to make it part of the image.
  • Anonymous
    November 12, 2014
    hi, on your prerequisites you didn't mention anything about if the CCM client has to be install on the server that will be the secondary site. Is it necessary to the secondary site work fine or must be installed on the server??
  • Anonymous
    December 09, 2014
    HI we are trying to install SCCM 2012 sp1 on Windows 2012 but it fails with the below message :[Failed]:Setup failed to verify the Windows Installer version, or the installed version of Windows Installer does not meet the minimum requirement. Configuration Manager requires at least Windows Installer version 4.5.
  • Anonymous
    January 15, 2015
    Hi Justin, thanks for quick response. The reason I would like to install it on a secondary site is for split administration, while using the wsus updates from the primary site. I tried to do the installation, but couldn't do it. A lot of error messages appeared.
  • Anonymous
    January 15, 2015
    Btw, trust relationship exists between the domains.
  • Anonymous
    January 15, 2015
    Thanks for your article. Finally managed to install on the second site. Firewall on the local server was turned on.
  • Anonymous
    August 07, 2015
    Thanks, tons of problems till found this article. Adding the computer account to AD for the scecondary is not included in other resources and seems to fixed my problem.
  • Anonymous
    August 19, 2015
    The comment has been removed
  • Anonymous
    August 19, 2015
    @Kapil you would install this from you console and choose the secondary site in the site dropdown.
  • Anonymous
    September 04, 2015
    why it is not recommended to dis-join and rejoin SCCM secondary server from domain
    as it is giving trust relationship broken error
  • Anonymous
    August 24, 2016
    Can we disable windows firewall and service instead of creating SQL port rule. Please advise.Thank you,
  • Anonymous
    August 21, 2017
    Hi, i have 2 domains that have trust between them, i have sccm set up with DomainA with https. But i want to use sccm with domainB too. However i would have to use http there, can i use a secondary site to use http for sup and managment point for domainB while still using https in domainA?