MSEndpointMgr

ConfigMgr 2012 R2 – Prerequisites installation tool

If you’re looking for an fast and easy way to install the prerequisites for a new ConfigMgr 2012 R2 environment, this tool will help you in accomplishing just that. As ConfigMgr administrators, or if you’re new to ConfigMgr, we don’t want to spend hours on researching what needs to be enabled or installed on the servers before we can go ahead and perform the installation. The previous released version of this tool only supported ConfigMgr 2012 SP1. Some prerequisites for ConfigMgr 2012 R2 has changed, so I decided to update the previous version to support ConfigMgr 2012 R2 as more and more companies will start to migrate from ConfigMgr 2007 or upgrade from ConfigMgr 2012 SP1.
95_1

New features

2014-05-15: Version 1.3.0 has been released

  • Re-designed the user interface to feature tabs instead of buttons
  • Validation checks are now executed on first launch, some minor validation checks still exists for specific parts of the tool
  • Support for Windows Server 2008 R2 has been removed, supported platforms are now Windows Server 2012 and Windows Server 2012 R2

2014-01-14: Version 1.2.1 has been released

  • Added validation for checking of current user is a Schema Admin when extending the Schema
  • Added functionality to add Active Directory groups to the System Management container
  • Removed the need for the Active Directory powershell module, using System.DirectoryServices instead

Description

The tool has the following capabilities:

  • Sites
    Central Administration Site
    Primary Site
    Secondary Site
  • Site System Roles
    Management Point
    Distribution Point
    Application Catalog
    Enrollment Point
  • Other
    Extend Active Directory for ConfigMgr
    Install and configure WSUS
    Install Windows ADK
    System Management container creation

Download the ConfigMgr 2012 R2 Prerequisites installation tool

You’ll find the download link here on the TechNet Gallery.

Documentation

This tool will only run on Windows Server 2012 and Windows Server 2012 R2. You’ll not be able to run this tool on any of your Domain Controllers. The tool has 4 validation checks that are executed on first launch. It will check if the current user is a member of the local Administrators group, see if there’s any pending restart, check the Operating System if it’s supported and also check the PowerShell version if that’s supported.
Central Administration Site
Use this step to install all prerequisites for a new installation of a Central Administration Site. All the necessary Windows features will be installed. Once the Windows features have been installed, a verification process will start and output if a feature installation was successful or not. You can also choose to download the prerequisite files for the ConfigMgr setup.
Primary Site
Use this step to install all prerequisites for a new installation of a Primary Site. All the necessary Windows features will be installed. Once the Windows features have been installed, a verification process will start and output if a feature installation was successful or not. You can also choose to download the prerequisite files for the ConfigMgr setup.
Secondary Site
Use this step to install all prerequisites for a new installation of a Secondary Site. All the necessary Windows features will be installed. Once the Windows features have been installed, a verification process will start and output if a feature installation was successful or not.
Management Point
This step will install all the necessary Windows features for a Management Point installation. Once the Windows features have been installed, a verification process will start and output if a feature installation was successful or not.
Application Catalog
This step will install all the necessary Windows features for an Application Catalog installation. Once the Windows features have been installed, a verification process will start and output if a feature installation was successful or not.
Distribution Point
This step will install all the necessary Windows features for a Distribution Point installation. Once the Windows features have been installed, a verification process will start and output if a feature installation was successful or not.
Enrollment Point
This step will install all the necessary Windows features for either an Enrollment Point or an Enrollment Proxy Point. You’ll get to choose which site role to install the prerequisites for. Once the Windows features have been installed, a verification process will start and output if a feature installation was successful or not.
Extend Active Directory
In this step, you should enter the NetBIOS or FQDN of your Domain Controller holding the Schema Master FSMO role before you click on Extend. It’s important that you’re running the tool as a user with the proper access. The user account should be a member of the Schema Admins Active Directory group and have atleast local administrator rights on the Schema Master Domain Controller. When the correct name is entered, click on Extend. A connection to the entered server will be established if it passes the check that it really is your forests Schema Master. Once the connection is established and verified successfully, the schema in your Active Directory forest will be extended to support ConfigMgr.
Install WSUS
This will install all the necessary Windows features for Windows Server Updates Services (WSUS). You have the option to configure the WSUS installation with a Windows Internal Database (WID) or to use an existing SQL Server. If you select WID, the database will be put locally on the server the tool is running on. When using the SQL option, enter the SQL Server name (NetBIOS) and the Instance name. If the SQL Server is using the default instance, leave the Instance name field empty.
Install ADK
For those site systems that need the Windows Automated Deployment Kit 8.1 installed, use this step. You’ll have the option to choose to download the setup from the internet (Online) or to use an offline installer already available on the network/server (Offline). Bare in mind that the online installation will take some time to complete.
System Management Container
This tool can create the System Management container in Active Directory and add Active Directory groups with the proper permissions to it. Use this step if you’ve not created the System Management container yet. To do so, put a check mark in the Create the System Management container check box. Click on the Search button to search your domain for Active Directory groups, select the desired group and then by clicking OK the tool will go ahead and execute the configuration.

Nickolaj Andersen

Chief Technical Architect and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences such as Microsoft Ignite, NIC Conference and IT/Dev Connections including nordic user groups.

61 comments

  • I’m looking for the prerequisites for site migration point. I’m installing it on our additional DP server. I’m unable to find any docs on MS’s site for site migration point prerequisites. I’m able to capture a profile, but fails when restoring; this is a side-by-side scenario. The error message is “SMP Root share info response is empty OSDSMPClient” I need to make sure I have meet all the prerequisites for site-migration-point.
    Thanks,
    Sunshine

  • Hello Nickolaj,
    Thank you so much. Works like a charm. Excellent tool !!!!
    Regards,
    Carlos

  • Hey,
    Just wondering if there is a update in the works for SCCM 1511?
    Regards,
    Taylor.

  • This is a great tool!
    While using it for a new customer’s install we also got the error ‘Exception calling “IsInRole” with “1” argument(s): “The trust relationship between the primary domain and the trusted domain failed.” ‘
    I manually ran lines 317 and 318 and verified they work, but the actual IsInRole check on line 319 simply times out.
    We manually verified the computer had a valid trust relationship and the user was a local administrator. Then we commented out lines 317-323 and 325-332 so that the Validate-Elevated function simply returns “true”. After that the tool worked without issue.
    If I get an opportunity on this environment, I’ll test a few other PS/.NET methods of checking for admin rights and see if they work.

    • Hi Chad,
      Thanks! I’m aware of this issue, and it’s a problem in the .NET class if I’m not mistaken. Check the new version of the tool that works around this issue by overriding the error.
      Regards,
      Nickolaj

  • Hi
    I have the same issue as Karl where it complains about the trust relationship between the primary domain and the trusted domain failure.
    Thank you.

  • So, I’m currently in a 2003 domain. Schema is extended and adprep ran to upgrade everything to 2012 levels as required. I’m an Domain/Enterprise/Schema admin in AD and both groups are part of the local admin groups as well as specifically adding my account. I’m getting the error “exception calling ‘IsInRole’ with ‘1’ argument(s): ‘The trust relationship between the primary domain and the trusted domain failed” when the script gets to verifying my credentials. This is a fresh VM and I’ve joined and rejoined it to the domain and the error persists so the trust relationship isn’t the issue. Any ideas?

  • Nifty tool, however the new version does not work in our environment. Mainly because I’m not a domain or schema admin only a OU Admin. Our schema is already extended and I can have my machine added to the systems management container by the domain admin but It would be nice if it did that validation only if you tried to perform those functions rather than to use any portion of the tool. I grabbed the previous version and it works great so far.

  • Hi, great tool, but on “Other” features, i got a gate !
    ERROR: Current logged on user is not a member of the Domain Admins or Schema Admins group
    I’m logged with domain administrator (aka DOMAIN\Administrator) account … All rights are good, server is joined to DOMAIN …
    I don’t understand …
    But thanks for that script easy to use and, very useful !

  • Thanks for the Great tool Nickolaj, I’ve just used this tool to rebuild my lab .I just needed to manually install the ADK afterwards 🙂
    Thanks again!

  • I want to study SCCM without any coach (Self Study) can anyone pleae let me any best tutorial for self study other than CBT Nuggets tutorials

  • Dude thanks alot.
    I have rebuilt my test lab quite a few times this will save me so much time.

  • Hi Nickolaj,
    Already posted this issue on MS gallery, but figure I’d try here as well. Trying to run the utility on a fresh build 2012R2, domain-joined, with domain admin rights and logged into domain, from elevated PS window. The utility fails with following error:
    Exception calling “IsInRole” with “1” argument(s): “The trust relationship between the primary domain and the trusted domain failed.”
    At Z:\SUPPORT\Install-CM2012R2PrereqsGUI_1.3.0.ps1:319 char:9
    + if ($UserWP.IsInRole(“S-1-5-32-544”)) {
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : SystemException
    I even went as far as resetting the secure channel trust between the server and domain and still no luck. Issue can be duplicated on another server as well. DCDIAG shows no problems with domain trust or DCs. Even running it with local administrator account does not change the outcome.

    • Hi Karl,
      I’ve never seen this before, and all of my tests to see if the current user context is a member of the local Administrators group are working fine. Could you please try and copy the script to a local drive on the server that you’re going to run it on? It appears that you’re running it from a mapped network drive.
      If that doesn’t work, could you please run the following code snippet and paste me the results?
      $UserIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
      $UserWP = New-Object Security.Principal.WindowsPrincipal($UserIdentity)
      if ($UserWP.IsInRole(“S-1-5-32-544”)) {
      Write-Output “Member of Administrator group”
      }
      else {
      Write-Output “Not a member of Administrators group”
      }
      Regards,
      Nickolaj

      • At C:\support\test.ps1:4 char:15
        + Write-Output “Member of Administrator group”
        + ~
        Missing ‘)’ in method call.
        At C:\support\test.ps1:4 char:15
        + Write-Output “Member of Administrator group”
        + ~~~~~~
        Unexpected token ‘Member’ in expression or statement.
        At C:\support\test.ps1:4 char:15
        + Write-Output “Member of Administrator group”
        + ~~~~~~
        Missing closing ‘)’ after expression in ‘if’ statement.
        At C:\support\test.ps1:7 char:51
        + Write-Output “Not a member of Administrators group”
        + ~
        The string is missing the terminator: “.
        + CategoryInfo : ParserError: (:) [], ParseException
        + FullyQualifiedErrorId : MissingEndParenthesisInMethodCall

      • Hi Karl,
        Unfortunately the formatting in WordPress isn’t very great. You’d need to update all of the ” in the code that I pasted, by simply re-typing the character again.
        Regards,
        Nickolaj

      • Hi,
        I’ve run the test script as described and I’m still receiving the same error:
        Exception calling “IsInRole” with “1” argument(s): “The trust relationship between the primary domain and the trusted
        domain failed.

        At C:\SCCM 2012 R2\fix.ps1:3 char:5
        + if ($UserWP.IsInRole(“S-1-5-32-544”)) {
        + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : SystemException
        I havent installed any pre-req’s as I want to use the tool to let me know what I need.
        I have given the computer account Full Control of the System Management OU in ADU&C.
        This server is in a child domain.
        Any help would be much appreciated.
        Thanks,
        Hiten

      • Hi Hiten,
        What happens if you change the if condition row to
        if ($UserWP.IsInRole(“servername\Administrators”)) {
        Will it work then? From what I can understand, the API is throwing that error when it cannot find the group (most likely for other reasons as well). Unfortunately I don’t have a child domain set up in my lab environment, but I think I have to look into that when I get back from my vacation.
        Regards,
        Nickolaj

  • Thanks a lot for this amazing script. I’ll be showing it/using it AGAIN during my SCCM training session next week 🙂 beats the hell out of my checklist 🙂
    already used it twice for training, apreciated by trainees, especially after showing them steps required for a manual install!!!
    keep up the good work, and as a former ‘Setup and deployment’ MVP (back in the win7 beta days), i’ll send in a suggestion for you in the mail!!! you sure as hell deserve one for your sharing and technical investment in the comunity.
    hope to see that logo on your site soon 🙂
    Best regards form France,
    Pierre.

    • Hi Pierre,
      I’m speechless, thank you so much! These kinds of comments are why I do this (and of course other reasons as well). I’d be extremely grateful if you’d do that, thank you in advance. Let me know if you have any suggestions for improvements or stumble upon any bugs.
      Best regards,
      Nickolaj

  • Running the tool blind, meaning I honestly have NOT read a lot of the step by step directions to installing SCCM. Mainly due to time constraints. So feel free to tell me to RTFM!
    I’m installing a Primary site. All seems to be going well but i’m probably installing more than I need to as again, I haven’t RTFM.
    I’m on a virtual server which will host the SCCM, not a DC. I’m on the [Other] tab trying to extend Active Directory. I plugged in the SchemaMaster server name. When I hit Extend, it brings up a window that says to browse to the ‘\SMSSETUP\BIN\x64’
    What am I missing?

  • Hi, this is a great tool that I’ve used in the past.
    Thanks a lot for this!
    Now, I need to install SCCM 2012 on WIN 2008R2 for a new client.
    This configuration is supported by MSFT but not the latest release of this tool.
    Where can I find the 1.2.1 version of the tool?

  • HI I get as far as the Configuration Manager Setup Downloader and i get the same Error as the original
    It says “An Error Has occured while attempting to download or verify prerequisite components”
    Please help as i am about to give up!
    My setup:
    WIndows 2012 Domain Controller
    Windows 2012 Server (Only joined to DC nothing more and this is where i am carrying out the install)
    SQL server 2012 installed etc.

  • Are you able to send me the version with Windows Server 2008 R2 Support? I have a client that is looking to install SCCM 2012 on 2008 R2

  • Hi,
    I’ve tested it on multiple 2012R2 machines with powershell 4.0 and it does not work.
    Without the Import-Module ServerManager it looks like this:
    https://ioan.in/rOrh
    If you add the ServerManager module before running the script it runs trough the steps but it does not install anything:
    https://ioan.in/oZa0
    I’ve looked at the code but i’m not a programmer, what I figured out is that it does not get to the Add-WindowsFeature Part

    • Hi Ioan,
      This is very odd, because PowerShell 4.0 should automatically (even back in 3.0) auto-load the required modules. This is why I’ve left out the Import-Module part from this script. All my testing has been done on clean Windows Server 2012 R2 installations with no configurations. I’ve even used it at various customers sites and I’ve never received any reports from other people that are using it, that this is an issue. Very strange anyway.
      Just to give it a try, could you please install a clean Windows Server 2012 R2 lab machine and see if you can replicate the issue on that machine?
      Regards,
      Nickolaj

      • Hi Nickolaj,
        I was puzzled by the modules not autoloading too, I’m using a ps commandlet for my deployment scripts and during deployment they do autoload the required modules.
        There may be a problem with my base deployment image but I cant think of what may cause this issue. I’ll try to build a new image from scratch and see what happens.
        I’ll report back here once I have it up and running.
        Thanks,
        Ioan 🙂

      • Make sure you run the script with the 64bit version of Powershell. This should resolve the Get-WindowsFeature errors.

  • Hi Nikolay,
    would it be possible to download the previous version with Server 2008 R2 support? (since you’ve written that the new version lacks the 2008’er support)
    Regards Mark

    • Hi Mark,
      Yes, send me an email and I’ll reply back with the older version. You’ll find my email on the About page here on the blog.
      Regards,
      Nickolaj

  • I feel the same…
    Check the following key for a value called ‘RebootPending’:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing
    See if there’s a value called ‘RebootRequired’:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
    Check if there’s a value called PendingFileRenameOperations present in:
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
    I am entering these records, and I find what you say … You should find it or not?

  • Hi when i run this tool on Server2008 R2 data centre edition SP1 it opens as a text file.
    When i do right click and run with powershell nothing happens
    My OS is all up-to-date
    plz help
    Eswar

    • Hi Eswar,
      You need to open an elevated PowerShell console (elevated means ‘Run as Administrator’). Then from within that PowerShell console, browse to where you’ve saved the script and execute it.
      Regards,
      Nickolaj

  • Thank you for the clarification …. that is exactly what I was hopping it will do. I just need to refresh my PS skills and be able to run the script…
    Again, Thank you for all that you do!!
    Regards,
    Petros

    • You’re welcome, and thank you for your support 🙂
      Actually I’m currently developing version 1.3.0 that will feature some new functionality. I’ll try to finish it as soon as possible, stay tuned!
      Regards,
      Nickolaj

  • Thank you for making this tool available … Very basic question below:
    do I run this script from my DC?
    Do I run it from my SCCM Primary server?
    can I run it from a machine that will be assigned as a DP?
    Thnak you

    • Hi Petros,
      You’re most welcome! You cannot run this tool from a Domain Controller (or atleast you shouldn’t be able to if the script works as it’s supposed to). My intention for this tool is that it should be executed on the server in mention that are about to become any of the site roles it can install the prerequisites for. Let’s take an example:
      If you’re installing a new Primary Site server, you’ll run the script on that machine. For the extending of Active Directory part, this can be done on any server (but not a Domain Controller). You’d of course be running the tool with proper rights to perform the action of extending Active Directory, or the extending will fail.
      I hope this helps, let me know if anything is unclear.
      Regards,
      Nickolaj

  • Thanks Nickolaj for a great tool!
    It would be perfect, if SCCM SQL Server prerequisites would also be configurable (such as set static tcp port, create necessary firewall ports rule, memory allocation).
    Greets

    • Hi Andi,
      You’re welcome! I’ll look into these suggestions and see what I can come up with, a new version of this tool is coming out very soon 🙂
      Regards,
      Nickolaj

  • this tool is saying that a reboot is pending, even after I rebooted the system several times. I am trying this tool on windows server 2008 R2 Sp1 for installing prerequisites of primary site. Kindly help

    • Hi Sameer,
      That sounds odd, could you check the following:
      Check the following key for a value called ‘RebootPending’:
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing
      See if there’s a value called ‘RebootRequired’:
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
      Check if there’s a value called PendingFileRenameOperations present in:
      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
      Regards,
      Nickolaj

      • hay man, i got permission Issue, already domain admin, and local computer admin

      • Hi Sharafat,
        Did you elevate the PowerShell console before you ran the script? Right-click on the PowerShell icon in the task bar and select ‘Run as Administrator’.
        Regards,
        Nickolaj

Sponsors