In this topic you will prepare the Provisioning Engine servers. Although it is not necessary to deploy more than one Provisioning Engine server, this configuration does provide additional fault tolerance and scalability.
- Prepare MPS01 and MPS02
- Join the Fabrikam Domain
- Install Internet Information Services (IIS) on MPS01 and
- Ensure Inbound and Outbound DTC Access are Enabled on MPS01 and
- Delegate Impersonation to Provisioning Engine Servers
Prepare MPS01 and MPS02
Perform a default installation of Windows Server 2003 R2. This requires that you first install Windows Server 2003 with SP2, and then install Windows Server 2003 R2.
Procedure W08-DWSPV.20: To install Windows Server 2003 R2 on MPS01 and MPS02
Perform a default installation of Windows Server 2003, Standard Edition (with Service Pack 2 integrated), by using the CD boot method. Install the Support Tools from the Windows Server 2003 CD. Use appropriate naming conventions for your environment.
After Setup for Windows Server 2003 with SP2 is complete, log on to the computer as an administrator. Insert Disc 2 into your CD-ROM drive. Setup for Disc 2 should start automatically. If it does not start automatically, browse to Disk 2 (or the shared folder that contains the Setup files) and, in the \Cmpnents\R2 folder, run Setup2.exe. Follow the instructions to upgrade to R2.
Prepare the Provisioning Engine servers by enabling Remote Desktop, installing Microsoft .NET Framework 2.0 with SP1, installing the Windows Server 2003 Support Tools, and installing the latest updates from Microsoft.
Procedure W08-DWSPV.21: To prepare MPS01 and MPS02
Enable Remote Desktop by using Control Panel.
Install the Microsoft .NET Framework 2.0 with SP1.
Install Support Tools from the Support Tools directory on the Windows Server 2003 CD.
Apply any released updates to Windows Server 2003 by using Microsoft Update.
Join the Fabrikam Domain
After you have finished building and preparing the Provisioning Engine servers, you need to add the servers to the Fabrikam domain.
|Joining a new domain will require you to restart the server.|
Procedure W08-DWSPV.22: To add the servers to the Fabrikam domain and log on as Administrator@Fabrikam.com
Configure the local network interface to use the IP Addresses of AD01 and AD02 as Preferred and Alternative DNS server.
Join the server to the fabrikam domain.
Log on to the domain as Administrator@Fabrikam.com.
Install IIS on MPS01 and MPS02
You must install Internet Information Services (IIS), including Microsoft FrontPage 2002 Server Extensions, Network DTC, and Network COM+ Access on MPS01 and MPS02:
- As a prerequisite for provisioning Web sites and other
- To enable network access for the Microsoft Distributed
Transaction Coordinator (MSDTC) service on the Provisioning Engine
Procedure W08-DWSPV.23: To install IIS on MPS01 and MPS02
In Add or Remove Programs, click Add/Remove Windows Components.
Configure Details for Application Server. The following components should be selected:
- Application Server Console
- Enable network COM+ access
- Enable network DTC access
- Internet Information Services(IIS)
- Application Server Console
Configure Details for Internet Information Services(IIS). Verify that only the following components are selected:
- Common Files
- Internet Information Services Manager
- World Wide Web Service
- Common Files
Follow the on-screen instructions to complete the deployment of these components.
Ensure Inbound and Outbound DTC Access are Enabled on MPS01 and MPS02
In this section, you ensure that Microsoft Distributed Transaction Coordinator (MSDTC) is properly configured to allow Network DTC access both Inbound and Outbound.
Procedure W08-DWSPV.24: To ensure inbound and outbound DTC access are enabled on MPS01 and MPS02
On MPS01, open the Component Services console from Administrative Tools.
Expand Component Services, and then expand Computers. Right-click My Computer and select Properties to open the My Computer Properties page.
On the MSDTC tab, click Security Configuration and verify the following information:
- Ensure the Network DTC Access, Allow Inbound and
Allow Outbound check boxes are selected
- All other options are left as default.
- Ensure the Network DTC Access, Allow Inbound and Allow Outbound check boxes are selected
Follow the prompt to restart the MSDTC service.
Repeat these steps on MPS02.
Delegate Impersonation to Provisioning Engine Servers
Next, grant Kerberos services delegation to the Provisioning Engine servers, MPS01 and MPS02.
Procedure W08-DWSPV.25: To delegate impersonation to Provisioning Engine servers
On AD01, open Active Directory Users and Computers and expand fabrikam.com.
Navigate to Computers, and then double-click MPS01 to open its properties page.
Ensure the Trust Computer for Delegation check box is selected.
Note: If your Active Directory directory service has already been configured for Native Mode, then the Trust Computer for Delegation check box does not appear. Instead, you must click the Delegation tab, and select Trust this computer for delegation to any service (Kerberos only).
Follow the instructions and restart MPS01.
Repeat steps 2 through 4 for MPS02.