Use the information in the following sections to help you manage site and hierarchy configurations in Microsoft System Center 2012 Configuration Manager.
- Manage the
SMS Provider Configuration for a Site
- Configure DCOM Permissions for
Remote Configuration Manager Console Connections
the Site Database to Use a SQL Server Cluster
- Configure Custom Locations for the
Site Database Files
the Site Database Configuration
- Manage Site
Components with the Configuration Manager Service Manager
- Perform a Site
Language Packs at Configuration Manager Sites
Manage the SMS Provider Configuration for a Site
The SMS Provider is a dynamic-link library file (smsprov.dll) that you install or uninstall by running System Center 2012 Configuration Manager Setup. At each Configuration Manager site, you can re-run Setup to change the SMS Provider configuration. To remove the last SMS Provider for a site, you must uninstall the site.
You can monitor the installation or removal of the SMS Provider by viewing the ConfigMgrSetup.log in the root folder of the site server on which you run Setup.
Use the following procedure to manage SMS Providers for a site.
To manage the SMS Provider configuration for a site
Configure DCOM Permissions for Remote Configuration Manager Console Connections
The user account that runs the Configuration Manager console requires permission to access the site database by using the SMS Provider. However, an administrative user who uses a remote Configuration Manager console also requires Remote Activation DCOM permissions on the site server computer and on the SMS Provider computer.
The SMS Admins group grants access to the SMS Provider and can also be used to grant the required DCOM permissions.
|The Configuration Manager console uses Windows Management Instrumentation (WMI) to connect to the SMS Provider, and WMI internally uses DCOM. Therefore, Configuration Manager requires permissions to activate a DCOM server on the SMS Provider computer if the Configuration Manager console is running on a computer other than the SMS Provider computer. By default, Remote Activation is granted only to the members of the built-in Administrators group. If you allow the SMS Admins group to have Remote Activation permission, a member of this group could attempt DCOM attacks against the SMS Provider computer. This configuration also increases the attack surface of the computer. To mitigate this threat, carefully monitor the membership of the SMS Admins group. For more information about the security risks associated with allowing remote activation, see DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1.|
Use the following procedure to configure each central administration site, primary site server, and each computer where the SMS Provider is installed to grant remote Configuration Manager console access for administrative users.
|The following procedure applies to Windows Server 2008 R2. If you have a different operating system version, refer to the documentation for your version about how to configure DCOM permissions if you cannot use the steps in this procedure.|
To configure DCOM permissions for remote Configuration Manager console connections (Windows Server 2008 R2)
Configure the Site Database to Use a SQL Server Cluster
System Center 2012 Configuration Manager supports the use of a virtual Microsoft SQL Server cluster instance to host the Configuration Manager site database. For a list of supported SQL Server versions and supported configurations for the SQL Server cluster, see the Configurations for the SQL Server Site Database section in the Supported Configurations for Configuration Manager topic.
Configuration Manager Setup does not create or configure the SQL Server cluster. The clustered SQL Server environment must be configured before it can be used to host the site database. When you use a SQL Server cluster, Configuration Manager automatically checks each hour for changes to the SQL Server cluster node. Changes in the configuration of the SQL Server node that affect Configuration Manager component installation, such as a node failover or the introduction of a new node to the SQL Server cluster, are automatically managed by Configuration Manager.
|When you use a clustered SQL Server instance to host the site database, the TCP/IP network communication protocol must be enabled for each SQL Server cluster node network connection. This is required to support Kerberos authentication. The named pipes communication protocol is not required, but can be used to troubleshoot Kerberos authentication issues. The network protocol settings are configured in SQL Server Configuration Manager under SQL Server Network Configuration.|
SMS Provider Considerations
How to Install Configuration Manager Using a Clustered SQL Server Instance
Configure Custom Locations for the Site Database Files
Configuration Manager supports custom locations for SQL Server database files.
- To use custom locations for files when you
use System Center 2012 Configuration Manager with no
service pack or with SP1, you can pre-create a SQL Server
database that uses non-default file locations. Next, when you
install a site, direct the site to use this pre-created database.
You cannot specify custom file locations during the install of a
site when you use either version of Configuration Manager to create
the site database.
- Beginning with System Center 2012 R2
Configuration Manager, when you install a new primary site or
central administration site, you can specify non-default file
locations and Configuration Manager will create the site database
using these locations. Optionally, you can still pre-create a
SQL Server database that uses non-default file locations and
then when you install the site specify that the site use that
Note The option to specify non-default file locations is not available when you use a SQL Server cluster.
Also, you can change the location of the site database files after a site installs. To change the location of files after the site installs, you must stop the Configuration Manager site and then edit the file location in SQL Server. Use the following procedure at an installed site to move the file location within an instance of SQL Server.
To change the file location for a site database:
Modify the Site Database Configuration
After you install a site, you can modify the configuration of the site database and site database server by running Setup on a central administration site server or primary site server. It is not supported to modify the database configuration for a secondary site.
|When you modify the database configuration for a site, Configuration Manager restarts or reinstalls Configuration Manager services on the site server and remote site system servers that communicate with the database.|
To modify the database configuration, you must run Setup on the site server and select the option Perform site maintenance or reset this site. Next, select the Modify SQL Server configuration option. You can change the following site database configurations:
- The Windows-based server that hosts the
- The instance of SQL Server in use on a server
that hosts the SQL Server database.
- The database name.
|Although the Setup wizard allows you to change the port configuration of the SQL Server Service Broker, Configuration Manager does not support changing the port for SQL Server after the site is installed. You can only configure the TCP port for SQL Server when you install a site.|
You can move the site database to a new instance of SQL Server on the same computer, or to a different computer that runs a supported version of SQL Server. If you move the site database, you must configure the following:
- When you move the site database to a new
computer, add the computer account of the site server to the
Local Administrators group on the computer that runs SQL
Server. If you use a SQL Server cluster for the site database, you
must add the computer account to the Local Administrators
group of each Windows Server cluster node computer.
- When you move the database to a new instance
on SQL Server, or to a new SQL Server computer, you must
enable common language runtime (CLR) integration. To enable CLR,
use SQL Server Management Studio to connect to the instance
of SQL Server that hosts the site database and run the
following stored procedure as a query: sp_configure ‘clr
|Before you move a database that has one or more database replicas for management points, you must first remove the database replicas. After you complete the database move, you can reconfigure database replicas. For more information see the Operations for Using Database Replicas section in the Configure Database Replicas for Management Points topic.|
After you have installed the Configuration Manager site, use the information in the following sections to help you manage a site database configuration. For information about planning site database configurations, see Planning for Database Servers in Configuration Manager.
How to Manage the SPN for SQL Server Site Database Servers
When you configure SQL Server to use the local system account to run SQL Server services, a Service Principal Name (SPN) for the account is automatically created in Active Directory Domain Services. When the local system account is not in use, you must manually register the SPN for the SQL Server service account.
You can register an SPN for the SQL Server service account of the site database server by using the Setspn tool. You must run the Setspn tool on a computer that resides in the domain of SQL Server, and it must use Domain Administrator credentials to run.
Use the following procedures as examples of how to manage the SPN for the SQL Server service account that uses the Setspn tool on Windows Server 2008 R2. For specific guidance about Setspn, see Setspn Overview, or similar documentation specific to your operating system.
|The following procedures reference the Setspn command-line tool. The Setspn command-line tool is included when you install Windows Server 2003 Support Tools from the product CD or from the Microsoft Download Center. For more information about how to install Windows Support Tools from the product CD, see Install Windows Support Tools.|
To manually create a domain user Service Principal Name (SPN) for the SQL Server service account
To verify the domain user SPN is registered correctly by using the Setspn command
To verify the domain user SPN is registered correctly when using the ADSIEdit MMC console
To change the SQL Server service account from local system to a domain user account
Manage Site Components with the Configuration Manager Service Manager
Use the Configuration Manager Service Manager to control System Center 2012 Configuration Manager services and to view the status of any Configuration Manager services or threads (referred to collectively as Configuration Manager components). Configuration Manager components can run on any site system. Components are managed the same way that you manage services in Windows; you can start, stop, pause, resume, or query Configuration Manager components.
A Configuration Manager service runs when there is something for it to do (typically, when a configuration file is written to a component's inbox). If you have to identify the component involved in an operation, you can use the Configuration Manager Service Manager to manipulate various Configuration Manager services and threads and then view the resulting change in the behavior of Configuration Manager. For example, you can stop Configuration Manager services one at a time until a particular response is eliminated. Doing so enables you to determine which service causes the behavior.
|The following procedure can be used to manipulate Configuration Manager component operation. If you want to modify the logging options of a component, see the Configure Logging Options by Using the Configuration Manager Service Manager section in the Technical Reference for Log Files in Configuration Manager topic.|
To use the Configuration Manager Service Manager
Perform a Site Reset
Configuration Manager uses a site reset to reapply the default file and registry permissions on a primary or central administration site server and to reinstall site components at a site. Secondary sites do not support a site reset. You can perform a manual site reset to restore these settings, and Configuration Manager runs a site reset automatically after you make a configuration change that requires this action.
For example, if there has been a change to the accounts used by Configuration Manager components, a manual site reset ensures the account details used by the components are correct and resets the access control lists (ACLs) used by remote site systems to access the site server. Or, if you modify the client or server languages that a site supports, Configuration Manager automatically runs a site reset because the reset is required before a site can use this change.
|A site reset does not reset access permissions to non-Configuration Manager objects.|
|A site reset reinstalls all site system roles at a site.|
During a site reset, Setup stops and restarts the SMS_SITE_COMPONENT_MANAGER service and the thread components of the SMS_EXECUTIVE service. Additionally, Setup removes, and then re-creates, the site system share folder and the SMS Executive component on the local computer and on remote site system computers. After Setup reinstalls the SMS_SITE_COMPONENT_MANAGER service, this service installs the SMS_EXECUTIVE and the SMS_SQL_MONITOR services. In addition, a site reset restores the following objects:
- The SMS or NAL registry keys,
and any default subkeys under these keys.
- The Configuration Manager file directory
tree, and any default files or subdirectories in this file
Permissions to Perform a Site Reset
How To Perform a Site Reset
Manage Language Packs at Configuration Manager Sites
Use the information in the following sections to help you manage server and client language packs for your Configuration Manager sites.
Add Language Packs to a Site
To add support for a server language pack or client language pack to a site, run Configuration Manager Setup and select the languages to use. When you add server language packs to a site they are made available for Configuration Manager console installations and applicable site system roles. When you add client language packs to a site, Configuration Manager adds them to the client installation source files so that new client installations, or upgrades, can add support for the current list of client languages.
How to add language packs during site installation: To add support for language packs to a new central administration site, or a primary site, use the appropriate procedure in the Install a Site Server section of the Install Sites and Create a Hierarchy for Configuration Manager topic. The procedures in that topic include the selection of language packs when you install a site.
How to modify the languages packs at a site: To add or remove support for language packs at a previously installed site, run Setup from the Configuration Manager installation folder on the site server.
Use the following procedure to modify the language packs that a site supports after the site is installed.
To modify the language packs that are supported at a site
Update Servers and Clients with New Language Packs
Use the information in the following sections and to add support for language packs.