宇宙沸腾SCCM 2012 R2系列(3)配置CA,配置IIS,安装ADK 8.1
安装IIS和WSUS在crus-con-sccm1,crus-con-sccm2,crus-con-sccm3添加角色和功能
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751938QlIS.jpg
基于角色或功能的安装
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751940cm3g.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_13867519415Q1F.jpg
勾选IIS和Windows Server更新服务
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_13867519437C4K.jpg
在功能处勾选“后台智能传输服务”和“远程差分压缩”
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751945OL42.jpg
如下勾选IIS服务
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751946aRAT.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751948yr9w.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751949gchP.jpg
WSUS安装设置
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751951wav4.jpg
WID数据库和SQL数据库不可同时选择,这里勾选数据库
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751952brnC.jpg
设置C:\wsus为WSUS补丁下载的本地路径
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751954hN5A.jpg
检查与本地数据库连接状况,这里一定要写上本地计算机名称(如crus-con-sccm1,crus-con-sccm2,crus-con-sccm3)
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751955GDYz.jpg
安装完成后点击启动安装后任务。
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751956bvfe.jpg
安装成功
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751958kbvv.jpg
补充一下,如果在Windows 2012(非R2)安装WSUS时在这步会失败,应该是一个bug。这时可以用powershell命令完成该步骤:
For WID
%programfiles%\update services\tools\wsusutil.exe postinstall CONTENT_DIR=C:\Wsus
SQL Server databases
%programfiles%\update services\tools\wsusutil.exe postinstall CONTENT_DIR=C:\Wsus SQL_INSTANCE_NAME=
配置WebDAV
在crus-con-sccm1,crus-con-sccm2,crus-con-sccm3均要配置WebDAV。
进入IIS管理器
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751960blIL.jpg
展开到默认网站,双击“WebDAV创作规则”
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_13867519615uX7.jpg
添加创作规则
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751963tDLX.jpg
依次选择:全部内容,所有用户,读取
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751965msbm.jpg
点击WebDAV设置
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751966ut4S.jpg
将属性行为栏中的属性值全部更改为相反的值,然后点击“应用”
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_13867519681j0A.jpg
右边点击启用WebDAV
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751969kNQL.jpg
用记事本打开 C:\Windows\System32\inetsrv\config 目录下的 applicationHost文件
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751971xGAX.jpg
查找“.mdb”所在行,将“alllowen=false”更改为“allowed=true”,然后保存文件。
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751973Dc55.jpg
安装CA服务器
为crus-con-dc1添加CA角色
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751974EeaV.jpg
基于角色或功能的安装
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751976um3n.jpg
选择服务器
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751977zLzg.jpg
勾选AD证书服务
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_13867519791wqF.jpg
不选择功能
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751981e7Ku.jpg
勾选证书颁发机构
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751983DRd6.jpg
安装
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751985mdxL.jpg
点击配置证书服务
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751986GBVv.jpg
选择域管理员凭据
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751988fkOL.jpg
勾选证书颁发机构
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_13867519906Y9W.jpg
指定CA类型为企业CA
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751992keU2.jpg
选择根CA
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751993egJm.jpg
创建新私钥
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751995EAwe.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751997CjXx.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386751998Y3g2.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752000Oldc.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752002AdwN.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752003FNww.jpg
配置成功
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752005t6iq.jpg
为服务器添加证书
在crus-con-sccm1,crus-con-sccm2,crus-con-sccm3上为服务器添加证书
运行mmc
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752006Szk9.jpg
添加管理单元
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752008Pg5m.jpg
添加证书单元
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752010JeXC.jpg
选择“计算机账户”
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_13867520114fll.jpg
指定本地计算机
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752013BBgQ.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752015weL1.jpg
右键点击个人\证书,所有任务,申请新证书
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752017d66g.jpg
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_138675201851XI.jpg
AD注册策略,点击下一步
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752020b7is.jpg
勾选计算机
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752022hqOg.jpg
注册成功
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_13867520238i12.jpg
可以看到多了一个DC1-CA颁发的证书
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_13867520257nZ3.jpg
添加HTTPS绑定
在crus-con-sccm1,crus-con-sccm2,crus-con-sccm3均要配置HTTPS绑定。
进入IIS管理器,点击右侧绑定
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752027PThb.jpg
点击添加
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752028go68.jpg
选择类型为https,选定证书crus-con-sccm1.contoso.com
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752031THDX.jpg
点击确定后可看到https已被绑定
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752032bsKc.jpg
安装ADK 8.1
下面的地址下载的是一个在线安装程序,仍需要在线下载整个包。速度比较慢,可以事先下载好。
这里需要注意,SCCM 2012 R2不支持ADK 8.0,一定要下载下面这个版本:
http://www.microsoft.com/zh-cn/download/details.aspx?id=39982
在crus-con-sccm1,crus-con-sccm2,crus-con-sccm3均要安装这个工具包。
这里使用已经下载好的镜像
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752034BZiM.png
打开安装程序
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752035frHl.jpg
选择以下几个功能
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752037nn1h.jpg
安装完成
http://hyf1367.blog.运维网.com/attachment/201312/11/1079246_1386752039oN0h.jpg
页:
[1]