How to Install System Center Configuration Manager Server 1511

In this post, I will cover set up Configuration Manager Server 1511 on Windows Server 2012R2 step by step. Here is an outline of what we will do:

  1. Environmental Prerequisites for Configuration Manager Server 1511
  2. Configuration Manager  1511 Prerequisites
  3. Install Configuration Manager Server 1511
    1. Prepare Active Directory.
    2. Extend the Active Directory schema for Configuration Manager
    3. Install Configuration Manager 1511

Environmental Prerequisites for SCCM Server 1511

  1. Active Directory Services
  2. DNS
  3. SQL Server 2014

Configuration Manager Server 1511 Prerequisites

07

  • Open PowerShell as an Administrator and run the following cmdlet:

Import-Module ServerManager

 

 

Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat

10

Prepare Active Directory to install SCCM Server 1511

To create the System container for SCCM to publish its settings in the active directory, follow the below steps:

  1. Open the Adsiedit.msc.

Capture

  1. Select the System container, click New, and select container.

341

  1. In the value, Type System Management, click Next.

350

  1. In the create object page, click Next then Finish

To Delegate the security permissions for SCCM server, open the Active Directory Users and Computers.

  1. Right click on the System Management object, and select delegate control.

Capture1

  1. In the welcome to delegation wizard, click Next.

370

  1. In the object, set the object to computer, select the <mai2016-cm>, click Next.

Capture2

  1. In the task to delegate, select custom task.

390

  1. In the delegate control of, select this folder and create new objects for the folder, click Next.

401

  1. In the permissions page, select full control, and click Next.

410

  1. In the Delegation of Control page, click Finish.

Capture3

Extend the Active Directory schema for Configuration Manager

Follow the below steps to extend active directory schema for SCCM:

  1. Run the Command Prompt as Administrator, Run “cd D:\SMSSETUP\BIN\X64” screen, click Enter. Run extadsh.exe, click Enter.

54

 

Installing Configuration manager 1511

Follow the below steps to install SCCM primary site:

  1. Run the setup.exe from the SCCM installation media and Click Install.

66

  1. In the Welcome screen, click Next.

68

  1. In Getting Started Screen, select Install a Configuration Manager Primary Site then click Next

69

  1. In the license term page, Select Accept the license then click Next

72 73

  1. Create a folder on C:\ Downloads and then specify the path to download the updates

7475

  1. In Server Language Selection screen, Click Next

76

  1. Enter site code “001”, site Name “HQ Site” and Installation Settings, install the site on “C:\Program Files\Microsoft Configuration Manager”

78

  1. In Primary Site Installation, Select Standalone site. Then click yes on information window

79

83

  1. In Database Information, Type SQL Server Name <mai2016-CM.FTC.local>

84

  1. On Database Information, Click Next

87

  1. In SMS provider settings, Click Next

88

  1. In Client computer communication settings, select Configure the Communication method on each site system role

90

  1. In site system roles, Click Next

91

  1. On Usage Page, Click Next

92

  1. On Service Connection Point Setup Page, Click Next

93

  1. Click Next at the CEIP Screen then review Settings Summary

95

  1. Click on Begin Install

107

  1. After few minutes, The installation finish, click Close

108

  1. Congratulations, you’ve installed System Center 1511 Configuration Manager, Start the Configmgr console

110

How to Install SQL Server 2014 Standard Edition

In this post, I will cover set up SQL Server 2014 on Windows Server 2012 R2 step by step
Follow below steps to install SQL Server 2014 Standard Edition

  1. Environmental Prerequisites for SQL Server 2014
  2. SQL Server 2014 Prerequisites
  3. Install SQL Server 2014

Environmental Prerequisites for SQL Server 2014

  1. Active Directory Directory Services
  2. DNS

SQL Server 2014 Prerequisites

Install .netFramework3.5 ” Server Manager> click Add roles and features>Add .NET Framework 3.5. >Click Install”

Install SQL Server 2014

  1. On <mai2016-ccm.Lab.local>, Once you launch the installer, Click installation from the left pane and select “New SQL Server stand-alone installation or add features to an existing installation”

12

  1. On Product Key Screen, Click Next

14

  1. Accept the license terms then click Next

15

  1. On Microsoft Update page, Click Next.

17

  1. On Install Rules page, Click Next.

22

  1. On Setup Role Screen, Select “SQL Server Feature Installation” Click Next.

19

  1. Select the features to install. Select the Database engine, Full-Text, Management tool, and Reporting Services. Click Next.

23

  1. On Instance Configuration Page, Click Next.

24

  1. On Server Configuration Page, Click Next

25

  1. Enter the domain account and password for the services <FTC\ftcadmin> then click Next.

27

  1. On Report Services Native mode, Select “Install and Configure”, Click Next.

28

  1. Copy the configuration file, click Install.

29

  1. After the successful installation, Click Close.

30

Top 10 IT problems Lepide Exchange Recovery Manager solves

Lepide Exchange Recovery Manager is an advanced EDB recovery tool that helps organizations recover data easily and quickly. Here are some common, yet difficult to overcome, Exchange issues you may encounter that Lepide Exchange Recovery Manager can easily correct:

  1. EDB and OST corruption issues – Administrators may encounter both EDB and OST corruption issues in the Exchange environment. Lepide Exchange Recovery Manger can easily recover both EDB files and OST files deals to help return the email communication flow back to normal.
    i1
  2. Native recovery difficulties – Generally, the native recovery features of Exchange vary depending on which version you use. In some versions, recovery related actions are to be performed using Shell cmdlets, which can be both difficult and time consuming. With Lepide Exchange Recovery Manger, the recovery procedure is same for all the Exchange versions – simply recover mailbox items in a matter of clicks.
  3. Knowing what the database will look like after recovery – Many third-party recovery tools, along with Exchange itself do not provide you with any previews into how the mailbox or item will look like after recovery. This leaves administrators unaware of how successful the recovery will be until they can actually view the recovered mailboxes and items. Lepide Exchange Recovery Manger provides a preview facility that allows you to see how mailboxes and items will look after the recovery.
    i2
  4. Requirement for brick-level backups – Many Exchange administrators opt for brick-level backups, without considering the cost or the possibility of backup corruption, because they perceive it to be safer. As Lepide Exchange Recovery Manager offers granular restoration of mailbox items, brick-level backups are not required.
  5. Lack of features for selective recovery – With native recovery methods you are unable to recover or migrate a few items. Instead your only option is to recovery or migrate the entire mailbox which is a waste of time, effort, and resources. Lepide Exchange Recovery Manger allows you to perform selective recovery and restore only what’s needed.
    i3
  6. Storage issues and large PST sizes – Unusually large email attachments consume a lot of space and create storage issues. Exporting large mailboxes to PST files also can be difficult because of the 2GB limit in older Outlook versions. Lepide Exchange Recovery Manger helps to extract attachments from emails and save them separately. It also provides an option to split large PST files into multiple files when they grow beyond a specified size while saving large mailboxes.
    i4
  7. Accidentally deleting emails – Users accidentally deleting emails can be a common occurrence in the Exchange database. Occasionally important items may be accidentally deleted and their recovery is necessary. Lepide Exchange Recovery Manager simplifies the retrieving such items.
    i5
  8. Possibility of downtime – Server downtime is to be expected during all Exchange recovery and migration processes when using native tools. With Lepide Exchange Recovery Manager, you can execute these operations with zero to minimum downtime by scheduling the recovery to run during out of office hours.
  9. Additional requirements like migration and backup restoration – Many Exchange tools, including the native ones, are recovery specific. Administrators will have to look elsewhere should they want to perform any migrations or recoveries from backups. Lepide Exchange Recovery Manger supports small-scale Exchange migrations (including cloud migrations), extraction of Exchange data from backups (created by Symantec, VERITAS, NT Backup, CA Arcserve, and HP), and extraction of attachments from various sources (EDB, PST, OST, Live Exchange, Office 365 mailboxes) without any additional infrastructure.
    i6
  10. Restore and Migrate from multiple EDBs simultaneously – Native solutions may help to recover or migrate data from an EDB or PST to another source, but they won’t allow you to search, restore and migrate from multiple EDBs simultaneously. Lepide Exchange Recovery Manager facilitates this and more.

Understanding SPF, DKIM and DMARC for Secure Messaging

Introduction

Email security is the utmost requirement of all organizations to protect confidential data from scammers and cyber criminals. Scammers always seem to find a way to trick end user to get hold of organizational confidential data that is available in the form of emails. Leveraging email systems to improve business productivity and communication puts you in a consistent war against spam, spoofing and phishing.

Being a messaging administrator, you need to plan for security of your messaging systems to secure email data. Apart from antivirus tools being installed on the server, following techniques can be leveraged to secure email messages.

  • Sender Policy Framework (SPF)
  • DomainKey Identified Mail (DKIM)
  • Domain-based Messaging Authentication, Reporting and Compliance (DMARC)

Sender Policy Framework (SPF)

Sender Policy Framework (SPF) allow you to identify which email servers are authorized to send emails for organizational SMTP domain. SPF is added as a TXT record and help prevent spoofing. A spoofed email message is modified to appear as if it originates from a sender other than the actual sender of the message. When a user sends an email, the sending server issues a command in the SMTP message header “From” and include the information of sending server.

Understanding SPF, DKIM and DMARC for Secure MessagingRecipient messaging system refers to SPF TXT record to determine whether a message from your domain is being received from authorized server that are being advertised in your DNS.

If you do not configure authorized servers for your organization that can send emails then the receiving email server can choose to reject the message as SPAM. The reason why the receiving server can reject your message as SPAM is because they cannot validate that the message comes from an authorized messaging server.

SPF record types were deprecated by the Internet Engineering Task Force (IETF) in 2014. Now weo leverage TXT records in DNS to publish SPF information

Configuring SPF in Office 365

If you are planning to leverage Office 365 emails then you need to add the following public DNS TXT record for sender policy framework.

Record Type = TXT

TTL = 3600

Target = v=spf1 include:spf.protection.outlook.com -all

If you are using on premises Exchange server to send emails outside of your organizations then you need the following information for sender policy framework TXT record.

  • IP address
  • Domain Name
  • Enforcement Rule Information

Below is the format of SPF TXT record. SPF TXT record starts with v=SPF1

v=spf1 [<ip4>|<ip6>:<IP addresses>] [Include: <Domain Name>] <enforcement rule>

Let’s assume the public IP address of our exchange 2016 server is 124.11.113.12 and the SMTP domain is msexperttalk.com then the SPF TXT record will be as below.

v=spf1 ip4:124.11.113.12 include:msexperttalk.com -All

More information on how SPF prevent against spoofing can be found on TechNet.

SPF does not work when you have email forwarding setup on user mailbox. It’s recommended to use SPF in conjunction with other email authentication methods DKIM and DMARC

DomainKey Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) lets an organization take responsibility of an email message that is in transit and help validate domain identity. DKIM is a more advanced version of Sender Policy Framework (SPF) that helps validate that an email message came from the domain it appears to come from by leveraging cyrptographic authentication. DKIM adds a digital signature to email messages in the message header and authorize your domain to associate or sign its name to an email message. Email systems that receive email from your domain can use digital signature to help determine if incoming email that they receive from your domain is legitimate.

DKIM itself does not directly prevent, filter or identify any spam. It’s recommended to user DKIM in conjunction with SPF to have much better validation of email message

Configuring DKIM in Office 365

Follow the steps mentioned below to configure DKIM in Office 365.

Get-DKIMSigningConfig <Domain Name> | FL *CNAME

Understanding SPF, DKIM and DMARC for Secure MessagingThe output of the cmdlet contains the DKIMsigning configuration for CNAME records.

  • Add the 2 CNAME records in your DNS registrar. Below is the format of CNAME Records

Record Type = CNAME

Hostname = Selector1._domainkey.<Domain Name>

TTL = 3600

Target = Selector1-<Domain Name>._domainkey.<Tenant Name>

Record Type = CNAME

Hostname = Selector2._DomainKey.<Domain Name>

TTL = 3600

Target = Selector2-<Domain Name>._DomainKey.<Tenant Name>

  • Once the records have been added to public DNS, run the following cmdlet to enable DKIM in Office 365

New-DkimSigningConfig –DomainName <Domain Name> –Enabled $true

More details on DKIM can be found on TechNet.

Domain-based Message Authentication, Reporting & Compliance (DMARC)

Domain-based Message Authentication, Reporting & Compliance (DMARC) is an email authentication protocol builds on the SPF and DKIM protocols that add reporting capabilities to allow sender and receiver to improve and monitor protection of the domain from fraudulent email. DMARC policies are published in DNS as TXT record and advertise what an email receiver should do with non-aligned email message received from sender organization.

by default, Office 365 tenant is enabled from DMARC and evaluating messages. DMARC look for the following information in email header.

3

Authentication-results: protection.outlook.com; spf=pass / fail
(sender IP is x.x.x.x) smtp.mailfrom=sender@domain.com
dkim=none/pass (message not signed OR signature was verified) header.d=SenderDomain;Recipient; dmarc=none / pass
action=none

Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioning

I have been performing health check for one of my exchange 2013 organization and noticed few warning messages in application logs related to MSExchange ADAccess. The warning messages were related to a pointer of user object pointing to a database that no longer exist in exchange server. Below is the detailed warning message.

Process w3wp.exe (ECP) (PID=11448). Object [CN=Riaz Butt,OU=Test,DC=mscloudtalks,DC=com]. Property [PreviousDatabase] is set to value [mscloudtalks.com/Configuration/Deleted Objects/DB01
DEL:30e71668-0813-4277-b9dd-4513a506c10a], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.

Event log that was being captured by Applications logs on Exchange server was related to MSExchange ADAccess Event ID 2937.

Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioning Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioningThis issue needs to be fixed ASAP as it can cause service interruption to the user for which you are getting this warning error message. A quick check of user attributes in active directory confirmed the warning message and the reason why I was getting the warning message.

How to fix Event ID 2937 MSExchange ADAccess Warning?

  • Log in to domain controller and launch Active Directory Users and Computers
  • Make sure you have “Advanced Features” enabled from view menu.

Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioning

  • Browse to the OU where user account resides and go to the properties of the user account

Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioning

  • Click on Attribute Editor and search for the attribute “msExchPreviousHomeMDB

5

  • Clear the value and hit ok
  • Click on Apply to save the changes and wait for Active Directory replication or manually replicate the AD changes using the powershell cmdlet

C:\> Repadmin /Syncall /Force

Once the active directory replication is completed, you’ll not see any issues related to user database property pointing to a deleted object container. This will fix a lot of end user issues as well.

1 2