anyweb

In Part 1 of this series we got our AD and SCCM servers ready, and then we installed System Center 2012 Configuration Manager as a standalone Primary site. Now we will configure the SCCM server further by adding some Windows Server roles necessary for the following Configuration Manager 2012 functionality, Software Update Point (SUP) and Operating System Deployment. Recommended Reading:- Planning for Software Updates in Configuration Manager - http://technet.micro...y/gg712696.aspx Prerequisites for Software Updates in Configuration Manager - http://technet.micro...y/hh237372.aspx Configuring Software Updates in Configuration Manager - http://technet.micro...y/gg712312.aspx Step 1. Add the WSUS Update Services 3.0 SP2 role Perform the following on the SCCM server as SMSadmin Before starting this step create a folder on D:\ called sources and share it as sources, give Everyone Read access. We'll need the WSUS role installed as part of the Software Update Point role installation in the next step, so start Server Manager and click on Roles, Add Roles. Select Windows Server Update Services and a window will pop up asking to add role services required for Windows Server Update Services (IIS Dynamic Content compression), click Add Required Role Services click next through the wizard, you'll see the Select Role Services window appear, click next again, at the confirmation click Install, the WSUS role will be downloaded (so you'll need a network connection to the Internet) after a while you'll see the Welcome to Windows Server Update Services 3.0 SP2 setup wizard appear click next (which is probably hidden behind the active window, so in your system tray find it and click on it to show the wizard otherwise you'll be twiddling your thumbs for a long time wondering whats going on) Accept the Eula and click next for Select Update Source, choose where to store the updates locally, select D:\sources\WSUS for database options choose Use an existing database server on this computer, click next it will connect to your SCCM SQL server instance, click next accept the web site preference, Use an existing Default website at the ready to install WSUS, click next click Finish when done. followed by cancelling the WSUS configuration Wizard. and close the Roles Wizard Step 2. Add Windows Deployment Services. Perform the following on the SCCM server as SMSadmin Update:- You no longer need to install the Windows Deployment Services Role because when you enable PXE support on the Distribution Point, the WDS Service will get installed (and configured) by ConfigMgr, so please skip this step unless you specifically want the RemoteInstall folder on a different drive. You can review this via the Distrmgr.log. In Server Manager, click Add roles select Windows Deployment Services and click next click Next, Next, and Install and click Close when done. Close Server Manager. Step 3. Add the SUP role Perform the following on the SCCM server as SMSadmin Note: In a Multi Hierarchy setup (CAS+Primaries+...) you must install a Top Level SUP on your CAS, and your Primaries and optionally on your Secondary site servers. In a standalone setup (such as we have here) we need to install the SUP on our Standalone Primary. In a multi Hierarchy the CAS SUP is the only SUP to sync directly with Microsoft Update to get the update catalog, all the SUPs on the Primaries sync with the CAS SUP. The Primary sites SUP is the only SUP which clients use to scan for Updates Compliance. Start up the ConfigMgr console, click on Administration in the Wunderbar, click on Site Configuration, and select Servers and Site System Roles, Right click on your server and choose Add Site System Role click next at the Add Site System Roles Wizard Select Software Update Point and click Next if you need to input proxy information, do it here next select Use this server as the Active Software Update Point and the wizard screen will expand as a result, leave the ports as they are (we didn't change them from the Default when we installed WSUS) to Specify Synchronization Settings, select Synchronize from Microsoft Update next we configure the Schedule and Alert settings, please enable both. leave the supersedence rules as they are, note the note about Service packs and Endpoint Protection updates. As we will be configuring System Center Endpoint Protection (SCEP) later in this series, let's add Definition Updates in the Classifications choice Remove the checkmarks from Office and Windows in the Products list, we will revisit this list after our first Sync. On the Languages screen, remove all checkmarks in all languages except English (well if you want other languages add them, but for me it's just English) click next at the summary and progress, review the completion message and click Close.

does it work if you deploy with windows 7 (not sp1) ?

If you've been following my previous series of guides on System Center Configuration Manager 2012 Beta 1 and Beta 2, then you'll know where this is going, we are going to install System Center Configuration Manager 2012 from scratch and configure it, use it, test it, learn it. This is Part 1 of a series, to see the entire list please see this index. Technet Recommended Reading:- Release Notes for the System Center 2012 Configuration Manager - http://technet.micro...y/hh508784.aspx Fundamentals of Configuration Manager - http://technet.micro...y/gg682106.aspx Supported Configurations for Configuration Manager - http://technet.micro...y/gg682077.aspx Planning for Configuration Manager Sites and Hierarchy - http://technet.micro...y/gg682075.aspx Getting Started with Configuration Manager 2012 - http://technet.micro...y/gg682144.aspx What’s New in Configuration Manager - http://technet.micro...y/gg699359.aspx Planning for Site Systems in Configuration Manager - http://technet.micro...y/gg712282.aspx Install Sites and Create a Hierarchy for Configuration Manager - http://technet.micro...y/gg712320.aspx Technical Reference for Site Communications in Configuration Manager - http://technet.micro...y/gg712990.aspx Migrating from Configuration Manager 2007 to Configuration Manager 2012 - http://technet.micro...y/gg682006.aspx Frequently Asked Questions for Configuration Manager - http://technet.micro...y/gg682088.aspx Site Types Configuration Manager 2012 introduces the central administration site and some changes to primary and secondary sites. The following tables summaries these sites and how they compare to sites in Configuration Manager 2007. Central administration site The central administration site coordinates intersite data replication across the hierarchy by using Configuration Manager database replication. It also enables the administration of hierarchy-wide configurations for client agents, discovery, and other operations. Use this site for all administration and reporting for the hierarchy. Although this is the site at the top of the hierarchy in Configuration Manager 2012, it has the following differences from a central site in Configuration Manager 2007: Does not process client data. Does not accept client assignments. Does not support all site system roles. Participates in database replication Primary site Manages clients in well-connected networks. Primary sites in Configuration Manager 2012 have the following differences from primary sites in Configuration Manager 2007: Additional primary sites allow the hierarchy to support more clients. Cannot be tiered below other primary sites. No longer used as a boundary for client agent settings or security. Participates in database replication. Secondary site Controls content distribution for clients in remote locations across links that have limited network bandwidth. Secondary sites in Configuration Manager 2012 have the following differences from secondary sites in Configuration Manager 2007: SQL Server is required and SQL Server Express will be installed during site installation if required. A proxy management point and distribution point are automatically deployed during the site installation. Secondary sites can be tiered to support content distribution to remote locations. Participates in database replication. Hardware Requirements Note: The following page on Technet describes the recommended hardware requirements for a stand-alone Primary Server. Stand-alone primary site (SQL Server installed Locally) Up to 100,000 clients SQL Server is installed on the site server computer The following hardware requirements are recommended for a stand-alone Primary server. 8 cores (Intel Xeon E5504 or comparable CPU) 32 GB of RAM 550 GB hard disk space for the operating system, SQL Server, and all database files Step 1. Create the Lab Environment We are going to create a Standalone Primary Site in our LAB (creating a CAS and then another Primary is a bit more work, I may write up that process in the future), so let's get started, and to start off with I re-used/recycled my lab from Beta 2 by applying the day 1 snapshots effectively giving me a blank activated AD and blank SCCM 2012 server with the Operating System ready and activated. This is a huge advantage of doing labs in a virtual environment. The SCCM 2012 RC server for this lab has a C: partition (OS) and 150GB D: partition (DATA). The Domain Controller (AD1) is running Server 2008 R2, and is hosting the DHCP server and DNS roles. I chose to install Windows Server 2008 R2 standard as the server OS for SCCM 2012 RC. Once done I joined it to my domain (SERVER2008R2), verified DNS was working correctly via nslookup and was ready to begin the steps below. Create AD users: Note: Perform the following on the Active Directory Domain Controller server as Local Administrator In addition I created some accounts in AD, namely: * SMSadmin, a domain user * Testuser, a domain user * Testuser2, a domain user * Testuser3, a domain user * DomJoin, a domain user,(for joining computers to the domain) * ReportsUser, a domain user for reporting services. * ClientInstall, a domain user used when installing the Configuration Manager Client for Client Push. This user must be a local administrator on computers you want to install the Configuration Manager Client. * SCCMNAA, a domain user, (Network Access Account) used during OSD Create Local Administrator accounts: Note: Perform the following on the SCCM 2012 server as Local Administrator On the SCCM server add the SMSadmin user to the Local Administrators group (you can add the ClientInstall account also). Step 2. Download SCCM 2012 Release Candidate you can download it from Microsoft here. System requirements Supported Operating Systems: Windows Server 2003 R2 x64 editions, Windows Server 2008, Windows Server 2008 R2 Site System Requirements Site servers and site roles require 64-bit OS (distribution points are an exception)Branch Distribution Points Branch distribution points have been deprecated and replaced with standard distribution points that can be hosted on Configuration Manager 2012 client operating system platforms, with the exception of Windows XP Professional Service Pack 3 and Windows XP Tablet PC SP3 Standard DPs can run on Windows Server 32-bit but will not support advanced functionality Server Operating System Requirements Windows Server 2008 (64-bit) and Windows Server 2008 R2 Distribution points can run on Windows Server 2003 Client Operating System Requirements Windows XP professional SP3 – x86 and Windows XP SP2 pro for 64 bit systems Windows Vista SP2 (x86,x64) Windows Server 2003 R2 SP2 (x86,x64) Windows Server 2008 (x86,x64) Windows Server 2008 R2 (x86,x64) Windows 7 (x86,x64) Database Requirements SQL Server 2008 SP2 with CU 7 SQL Server 2008 R2 with SP1 and Cumulative Update 4 SQL Server Express 2008 r2 WITH SP1 and CU 3 is supported only on secondary sites SQL Reporting Services is ONLY reporting solution For Supported Configurations information, visit http://technet.microsoft.com/en-us/library/gg682077.aspx. Step 3. Create The System ManageMent Container Note: Perform the following on the Active Directory Domain Controller as a Domain Administrator Open ADSI Edit, click on Action, Connect To and click Ok, Double Click on Default Naming Context and the DC= that appears below it. Click on the + and scroll down to CN=System. Right Click on CN=System and choose New, Object Choose Container from the options, click Next and enter System Management as the value. Click Next and Finish. Press F5 to refresh ADSI Edit and you should now see the new System Management Container. Close ADSI Edit. Step 4. Delegate Permission to the System Management Container. Note: Perform the following on the Active Directory Domain Controller as a Domain Administrator Open Active Directory Users and Computers. Click on view, select Advanced Features. Select the System Management Container, and right click it, choose All Tasks and Delegate Control. When the Welcome to Delegation of Control Wizard appears click next, then click Add. click on Object Types, select Computers. Type in your SCCM server name and click on Check Names, it should resolve. Click Ok, then Next. Choose Create a Custom Task to Delegate, click next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected. click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in FULL CONTROL, and click next then Finish. Failure to do the above will mean that the System Management Container in AD will NOT POPULATE with ConfigMgr site info needed by the Clients and you will see many errors in your site status warning you of same. Note: Repeat the above for Each site server that you install in a Hierarchy. Step 5. Extend the Active Directory schema for Configuration Manager Note: Perform the following on the Active Directory Domain Controller as a Domain Administrator Note:- The Active Directory schema extensions for Configuration Manager 2012 are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for Configuration Manager 2012. Perform the below on your Active Directory server, simply browse the network to your sccm server \\sccm\d$ and locate the folder where you uncompressed SCCM 2012 and find \SMSSetup\Bin\x64\Extadsch.exe, right click and choose Run As Administrator. A command prompt window will appear briefly as the schema is extended, check in c:\ for a log file called ExtADSch.log it should look similar to this Step 6. Open TCP port 1433 and 4022 for SQL replication Note: Perform the following on the Active Directory Domain Controller as a Domain Administrator If you are setting up a hierarchy (CAS/Primary/etc) then on your AD server do the following, start Group Policy Management tool and create a new GPO, Select Computer Configuration, Policies, Windows Settings, Windows Firewall with Advanced Security and select Inbound Rules, choose New and follow the wizard for opening up TCP port 1433 as per this guide on Technet. Once done, repeat the above for Port 4022. Step 7. Install .NET 3.5.1 and WCF Activation Note: Perform the following on the SCCM 2012 server as SMSadmin In Server Manager select Features, Add Features, Select .NET Framework 3.5.1, also select WCF Activation and when prompted answer Add Required Role Services click next and next again Verify the following IIS components are installed in addition to the ones preselected by the wizard. answer yes to any additional prompts, then Click Next and Install and close when done. Step 8. Download and install .NET 4 Note: Perform the following on the SCCM 2012 server as SMSadmin Download .NET 4 from here (webinstall) or here (Standalone). Double click the file, After a while it will complete, Click Finish when done restart when prompted Note: In some scenarios, such as when IIS is installed or reconfigured after the .NET Framework version 4.0 is installed, you must explicitly enable ASP.NET version 4.0. For example, on a 64-bit computer that runs the .NET Framework version 4.0.30319, run the following command:%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe –i –enable Step 9. Add BITS and Remote Differential Compression Note: Perform the following on the SCCM 2012 server as SMSadmin Finally, in Server Manager click on Add Features, place a selection mark in BITS and RDC. Step 10. Download Microsoft SQL Server 2008 SP2 CU7 (if you plan on using SQL Server 2008 R2 see 10.b below) Note: Perform the following on the SCCM 2012 server as SMSadmin The supported versions of SQL Server 2008 and SQL Server 2008 R2 are listed here on Technet:- http://technet.micro...nfigSQLDBconfig At the time of writing this guide I chose to use SQL Server 2008 SP2, CU6 with the hotfix mentioned below, that is fine for Release Candidate 1. If you are using RC2, then use CU7 instead of CU6 and the hotfix, or use SQL Server 2008 R2 SP1 CU4 as described in 10.b below). Be aware that If you use SQL Server Standard, your CAS will only be able to support 50k clients. Download SQL Server 2008 Standard (x86, x64) - DVD (English) from your provider (MSDN or Technet) the one I used was File Name: en_sql_server_2008_standard_x86_x64_dvd_x14-89155.iso Note: You can download the Trial version (180 days) from here. While you are at it download SQL Server 2008 SP2 from here - File Name: SQLServer2008SP2-KB2285068-x64-ENU.exe Next download CU7 , you can download CU7 from here. Next Download the CU6 from here Finally, you also need to Download 2603910 Step 10.b This step if you decide to use SQL Server 2008 R2. If you want to use this version then the supported version is SQL Server 2008 R2 SP1 CU4. Download the following from Technet:- File Name: en_sql_server_2008_r2_standard_x86_x64_ia64_dvd_521546.iso (4177 MB) Download Microsoft® SQL Server® 2008 R2 Service Pack 1 Download Cumulative update package 4 for SQL Server 2008 R2 Service Pack 1 Step 11. Install SQL Server 2008 Note: Perform the following on the SCCM 2012 server as SMSadmin Tip: If you use or plan on using a SQL named instance for your Configuration Manager 2012 installation you should configure the named instance with a static port since named instances are configured for dynamic ports by default during an SQL Installation. You can check this configuration by starting SQL Server Configuration Manager and by going to SQL Server Network Configuration, then check Protocols for Named_Instance (where Named_Instance is the instance you creade) and then check the details of the TCP/IP IP addresses of that Named Instance. For SQL Collation note that you must use (It is required whether you have a hierarchy of sites or a single site and regardless of the OS languages.):- SQL_Latin1_General_CP1_CI_AS To Install SQL server you can follow this guide but please install SQL on D:\Program Files... and when running setup.exe right click and choose Run as Administrator. After you install SQL Server 2008, you must install SP2 and then CU6 and finally install KB2603910. So install it in this order: SQL Server 2008 >> SQL Server 2008 SP2 >> SQL Server 2008 Cumulative Update 6 >> KB2603910 Note: CU7 is available and it's supposed to contain the above hotfix, however i have not tested it yet. Step 12. Install Configuration Manager 2012 Release Candidate. Note: Perform the following on the SCCM 2012 server as SMSadmin TIP: you can open C:\ConfigMgrSetup.log with Configuration Manager Trace Tool available in the extracted media to and review the contents of the file, it will inform you of any issues during installation. Uncompress the EXE by running it, then browse to where you uncompressed it and click on Splash.hta when the wizard appears, click on Install, click next at the warning and then select Install a Configuration Manager Primary Site at the EULA click accept Create a folder on D:\ called RC_Updates and then specify the path to download the updates Tip: If you don't have internet on your SCCM server then you can download the required updates on another computer by doing like so:- Open a command prompt with administrative permissions Navigate to .\Configuration Manager 2012 Install source\smssetup\bin\X64 Run SetupDL.exe target dir (in my example SetupDL.exe D:\RC_Updates) Click next at the Server Language screen and at the Client Language Screen enter your Site and Installation Settings, install the site on D:\ as per below screenshot select Standalone as the site type take note of the warning (ie: if will not be able to join it to an existing site heirarchy later) review the Database Information review the SMS provider settings review the Client computer communication settings, select Configure the Communication method on each site system role review the site system roles click next at the CEIP screen then review the summary take note of any warnings, if like mine (WSUS and SQL memory, we can fix them later, no problem) click on Begin Install now is a good time to look at the C:\ConfigMgrSetup.log with CMtrace, watch it for errors after a long install you should see the installer finish, click on Close reboot the SCCM server and then login again as SMSadmin start the Configmgr console congratulations, you've installed System Center 2012 Configuration Manager Note: This is Part 1 of a series of step-by-step Guides for Configuration Manager 2012. To view the entire list please see this index. This guide and all guides here are © windows-noob.com.

Hi All, We are extremely excited to announce the availability of the release candidates for System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection (formerly known as Forefront Endpoint Protection 2012) today. Both releases are available through a single download package on the Microsoft Download Center. Special thanks to our Community Evaluation Program (CEP) and Technology Adoption Program customers, whose feedback was instrumental in achieving this important milestone. As the “Consumerization of IT” trend continues to grow, System Center 2012 Configuration Manager helps you deliver on the promise of empowering end users to be productive on any device, while still managing compliance of corporate assets. Its unified management infrastructure allows you to manage physical, virtual, and mobile environments – including the ability to deliver applications seamlessly across multiple devices for a single user. And with System Center 2012 Endpoint Protection built on that same infrastructure, you also get a single experience to distribute and update antimalware protection, monitor compliance, and remediate vulnerabilities. Configuration Manager, of course, also includes enhancements to administrative features that make you more efficient and effective, including the option to set automated discovery and remediation of non-compliant systems. In the Release Candidate, we’ve introduced some additional and enhanced capabilities, including: Improved endpoint protection functionality, with integrated setup, management and reporting for System Center 2012 Endpoint Protection. Improved application catalog design that provides a better, more responsive experience when requesting and downloading applications. New support for Windows Embedded devices, including Windows Embedded 7 SP1, POSReady 7, Windows 7 Think PC, and Windows Embedded Compact 7. Improved client status checks for Configuration Manager services and features. Improved compliance enforcement and tracking, with the ability to create dynamic collections of baseline compliance and the generation of hourly compliance summaries. Platform support for deep mobile device management of Nokia Symbian Belle devices. Pending a platform update by Nokia later this calendar year for these devices, customers will be able to try out the management of these Nokia devices with ConfigMgr. Additional scalability and performance improvements. In short, System Center 2012 Configuration Manager will help you achieve the right balance between minimizing risks and capitalizing on the benefits of consumer technologies. We have made some useful tools available for you to simplify the migration from System Center Configuration Manager 2007. For example, System Center 2012 Configuration Manager introduces a new way to manage applications. We call it the user-centric application model. (Take a look at this blog from Bill Anderson describing the benefits of this approach.) System Center Package Conversion Manager (PCM) will help you convert existing application packages in ConfigMgr 2007 to the new application model. PCM analyzes packages and programs to determine their readiness for conversion into the new application model. PCM will automatically convert many packages to applications, with deployment types and dependencies, as well as migrating collection properties to global settings and requirement rules. The Package Conversion Manager is available as a feature pack download here. A great way to start evaluating these releases is as part of a community of early adopters. Join our Community Evaluation Program (CEP) and you’ll get guidance from our product team and shared best practices from a community of peers. As always, you can find additional evaluation resources like How-to Videos, technical documentation, and blog articles on our TechCenter. Thanks and enjoy the RC! Adwait Joshi (AJ) Sr. Technical Product Manager Management and Security via > http://blogs.technet.com/b/server-cloud/archive/2011/10/25/system-center-2012-configuration-manager-release-candidate-is-here.aspx

If you right click one of these and view all messages, what do they tell you .

Could be that the report isnt done yet (beta 2), what report was it i can check in my env and see do i have the same problem

Is the client push account a local administrator ?

Yes create a separate network for your testing with sccm 2012

try this, should work for configmgr 2012 too http://twitter.com/#!/HenkHoogendoorn/status/128476706049765376

go virtual, place the vm's in a virtual network separated from all others, its the way i do it, highly recommended

are you sure you followed the steps exactly as i specify in the guide ? anything you did differently ? you are testing with beta 2 right ?

and the moral of the story is, DNS must be working before trying OSD or anything else with ConfigMgr

create a user in AD called SMSadmin, add that user as a local administrator on member1 then try again as the SMSadmin user does it work then ?

did you add the computer account for Member1 to the local administrators group ? and are you attempting the setup as a local administrator user (SMSadmin, added to the local administrators group)

just like Peter says, nothing has been announced so third party support is where it is at

The flexible Windows 8 start screen The Windows Developer Preview has been out for a month, and I've had a chance to look more closely at its features. Here's an overview of details, small and large, many of which you haven't seen before. One feature I like about the new Start screen design is that it scales for different screen sizes. Here, for example, is a 1920 x 1080 24-inch display. It offers five rows of tiles instead of the three rows on a 1366 x 768 screen. The Magnifier utility is especially touch-friendly Use the new Magnifier control to zoom in on a page (in this case, a setting in the immersive Control Panel). You can pin individual items to the Start screen The absence of any serious Metro style apps makes it hard to judge the platform, but you can get some clues from the sample apps. For example, the Stocks app allows you to enter a stock symbol and then "pin" the real-time trading information for that stock to the front page. See more here > http://www.zdnet.com...nt;feature-roto

that wont work here as we are doing an offline mode in winpe (hardlinking) so no computer association is involved

do you want to deploy applications using a task sequence or what is your goal here ?

and the issue was what exactly ? (so others will know)

yup it's the way it's working with that R3 feature, just clean it up as described in that post and you'll be fine.

so you have an external dhcp server serving ip address's to these three boxe's right ? if so you'll have to configure dhcp helpers on it to point to the WDS options, try reading http://support.microsoft.com/default.aspx/kb/926172 and http://technet.microsoft.com/en-us/library/cc732351.aspx

having Windows Deployment Services appear as unconfigured is FINE, no problem at all. the server which i did the guides on above is showing just like that and is working great, what happens when you PXE boot ? what do you see on the client ? what does the SMSPXE.log file tell you while it's pxe booting ?

what does your smsts.log file say ? is binary differential enabled on the dp ?

of course it's possible, you can configure it to your hearts content, an example of light touch is using the Windows-noob.com FrontEnd HTA here.

it varies depending on which method you are using, to find out more see this link on Technet http://technet.microsoft.com/en-us/library/gg682180.aspx Windows Firewall and Port Settings for Client Computers in Configuration Manager Updated: October 1, 2011 Applies To: System Center 2012 Configuration Manager [This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.] Client computers that run Windows Firewall might require exceptions to be defined to allow communications with System Center 2012 Configuration Manager site systems. These exceptions vary depending on the features of Configuration Manager that you intend to use. The following sections list the features of Configuration Manager which require exceptions to be made on the Windows Firewall and provide a procedure for configuring these exceptions. Modifying the Ports and Programs Permitted by Windows Firewall Programs and Ports that Configuration Manager Requires Ports Used During Configuration Manager Client Deployment The following tables list the ports that are used during the client installation process. Important If there is a firewall between the site system servers and the client computer, confirm whether the firewall permits traffic for the ports that are required for the client installation method that you choose. For example, firewalls often prevent client push installation from succeeding because they block Server Message Block (SMB) and Remote Procedure Calls (RPC). In this scenario, use a different client installation method, such as manual installation (running CCMSetup.exe) or Group Policy-based client installation. These alternative client installation methods do not require SMB or RPC. For information about how to configure Windows Firewall on the client computer, see Modifying the Ports and Programs Permitted by Windows Firewall. Ports that are used for all installation methods Description UDP TCP Hypertext Transfer Protocol (HTTP) from the client computer to a fallback status point, when a fallback status point is assigned to the client. -- 80 (See note 1, Alternate Port Available) Ports that are used with client push installation In addition to the ports listed in the following table, client push installation also uses Internet Control Message Protocol (ICMP) echo request messages from the site server to the client computer to confirm whether the client computer is available on the network. ICMP is sometimes referred to as TCP/IP ping commands. ICMP does not have a UDP or TCP protocol number, and so it is not listed in the following table. However, any intervening network devices, such as firewalls, must permit ICMP traffic for client push installation to succeed. Description UDP TCP Server Message Block (SMB) between the site server and client computer. -- 445 RPC endpoint mapper between the site server and the client computer. 135 135 RPC dynamic ports between the site server and the client computer. -- DYNAMIC Hypertext Transfer Protocol (HTTP) from the client computer to a management point when the connection is over HTTP. -- 80 (See note 1, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management point when the connection is over HTTPS. -- 443 (See note 1, Alternate Port Available) Ports that are used with software update point-based installation Description UDP TCP Hypertext Transfer Protocol (HTTP) from the client computer to the software update point. -- 80 or 8530 (See note 2, Windows Server Update Services) Secure Hypertext Transfer Protocol (HTTPS) from the client computer to the software update point. -- 443 or 8531 (See note 2, Windows Server Update Services) Server Message Block (SMB) between the source server and the client computer when you specify the CCMSetup command-line property /source:<Path>. -- 445 Ports that are used with Group Policy-based installation Description UDP TCP Secure Hypertext Transfer Protocol (HTTP) from the client computer to a native mode management point. -- 80 (See note 1, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management point when the connection is over HTTPS. -- 443 (See note 1, Alternate Port Available) Server Message Block (SMB) between the source server and the client computer when you specify the CCMSetup command-line property /source:<Path>. -- 445 Ports that are used with manual installation and logon script-based installation Description UDP TCP Server Message Block (SMB) between the client computer and a network share from which you run CCMSetup.exe. Note When you install System Center 2012 Configuration Manager, the client installation source files are copied and automatically shared from the <InstallationPath>\Client folder on management points. However, you can copy these files and create a new share on any computer on the network. Alternatively, you can eliminate this network traffic by running CCMSetup.exe locally, for example, by using removable media. -- 445 Hypertext Transfer Protocol (HTTP) from the client computer to a management point when the connection is over HTTP, and you do not specify the CCMSetup command-line property /source:<Path>. -- 80 (See note 1, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management point when the connection is over HTTPS, and you do not specify the CCMSetup command-line property /source:<Path>. -- 443 (See note 1, Alternate Port Available) Server Message Block (SMB) between the source server and the client computer when you specify the CCMSetup command-line property /source:<Path>. -- 445 Ports that are used with software distribution-based installation Description UDP TCP Server Message Block (SMB) between the distribution point and the client computer. Note -- 445 Hypertext Transfer Protocol (HTTP) from the client to a distribution point when the connection is over HTTP. -- 80 (See note 1, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) from the client to a distribution point when the connection is over HTTPS. -- 443 (See note 1, Alternate Port Available)