Monday, December 7, 2009

DP Basics to Advanced- Step by Step

 
 
I will start with the basics here:

Requirements

  • OS - Windows Server 2000 SP4 or newer. Although not supported, in small offices you can sometimes get away with using a Windows XP desktop. There is a limit to 10 connections on a share, so this should only be used in offices with less than 10, and be thoroughly tested before put into production.
  • Permissions - SMS Site Server added to local Admin group on the server targeted to be the DP, and if a file share is used, the local admin group should have full rights, and authenticated users grated read permissions. This will ensure that the system accounts on the targeted PCs can access the packages.

Optional:

  • IIS installed with WebDav enabled – this is required if you are going to use BITS on the DP. Depending on the connection to targeted clients this may be a nice thing to have, but you must also consider the security risks of having IIS installed, and lock it down accordingly. This will allow the site to control the rate at which the package is copied to the local cache on the client, and allow the client to resume the download if the connection is lost instead of beginning the download again from scratch. This should be considered for any DP that remote, VPN, and Dialup users will use.

Considerations:
When choosing a server for a DP, and deciding whether to use a file share or accessing the entire server you must consider your end result. If you add the server, you will be giving SMS access to all drives, and creating a package share on each NTFS formatted drive, unless you create an empty file named No_SMS_on_drive.sms and place it on the root of that drive. SMS will place the packages on the drive that has the most free space available. This may change as drive space changes. If you are going to use this server for anything else besides a DP, such as a Reporting Point, you will have to add it as a site system. If you add a share you have created, you will force SMS to always use that location. This can be helpful if you need to ensure the path does not change from one DP to another, or you want to be able to find where the packages are being copied. I typically use a share called SMSPKG on all my file servers for this reason.

The second item, and maybe it should be the first, is space. My 1st DP only had 50 Gig of free space, and to this day I could still survive with that so long as I do not put my OSD images there. I now require a minimum of 40 Gig free on all DPs, and 250 Gig on my site server for packages. This is because I have all packages on my site server, but only what is needed on the other DPs. The big question is how much space are you going to need 2-3 years from now. There are some calculations out there but it all comes down to how much you need today, and how much will you grow. Between OSD images, Office packages, and 50-100 other applications you will need to have available in your site for your company, I believe the standard is to allow enough room for your package repositories to double in size. I know some companies require over 250 Gig on all DPs due to the amount of packages required for day to day business.

Last is which site you want to add the DP to. If you have only one site this is not an issue, but if you have multiple sites, you will need to create the DP in the same site as the clients it will serve. DPs from a child are visible to the parent site(s) so they can assign packages, but a child site cannot see or assign packages to DPs on a parent site.

Standard DP:

  • Add site server to local Administrators group on the select server
  • Create a share (If needed) and set permissions
  • Create an empty file named No_SMS_on_drive.sms and place it in the root of any drives you do not want used for packages if adding as a site system
  • From the SMS Console, go to
    System Management Server\Site Database\Site Hierarchy\"Site Name"\Site Settings\Site Systems
  • Right click on Site Systems, and choose New, Server (or Server Share depending on you need)
  • Click Set and enter the server name and share depending on your selection above, and click OK.
  • If you are running 2003 SP2, and have extended the schema, click Specify a Fully Qualified Host Name. This will allow clients to find the site systems using DNS, reducing network traffic.
  • Click the Distribution Point tab
  • Click Use this site system as a distribution point, this will enable the system as a DP
  • Click Enable BITS if you have IIS installed, and wish to use BITSs to send package

Protected DP:
Although Microsoft does not come out and say this, any remote DP should be protected unless you want to risk clients pulling their packages across WAN links, or you have 10+ Meg connections to all your offices. SMS 2003 is better at finding local DPs, but we will always get a black eye if we cause even one bandwidth issue. It is better if you can tell management that you know without a doubt that SMS is not filling up the pipe between offices.

  • Click Enable as a protected distribution point
  • Click the Configure boundaries button
  • Click the starburst button to add boundaries
  • Select the boundaries for your DP. You can select multiples if you use the Shift or CTRL key when you are clicking on the IDs, and click OK. Only boundaries specified for the site will be visible. If you are using AD Sites for your SMS Site boundaries, you will only see those sites listed as options for your DP. If you wish to use subnets for your boundaries that are not listed, you will need to add them to your SMS Site or Roaming boundaries.


Group membership:
You can add DPs to groups to make it easier to add large numbers of DPs to a package. This is very handy when you assign packages to certain DPs based on business use, department, locations, etc.. I have groups set up for Security Patches, and Sites so that when I create a package I can use the select group option and get all the DPs I need instead of selecting them one at a time.

From the Distribution Point tab in the Site System properties

To create a new Group:

  • Click on the starburst button
  • Enter the name of the new group
  • Click include this site system in this distribution point group
  • Click OK

To add a DP to an existing Group:

  • Click on the Group
  • Click the Change Membership button this will change entry for member to yes or no depending on the current value
  • You can also click the Properties button, and then click Include this system in this distribution point group. This window will also show you all the other systems that are currently members of this group.

Known Issue:
Antivirus may block copying of INF files; we have had to turn off scanning of the SMS Package folders when using McAfee. I do not recommend removing the Antivirus on any server or desktop as a resolution to any issue. If you run into problems with SMS accessing your DP, you may want to check your antivirus solution to ensure that it is not blocking access to the DP based on behavior such as remote access via HTTP, or a package that has a .INF (such as drivers in an OSD package).

Troubleshooting:
Once you have successfully added a DP, or any other site system, you should be able to see the status for this site in the Site Database\System Status\Site Status\"Site name"\Site System Status screen. The status should be listed as OK, and you should also see drive statistics such as free space.

A second place to look is SMS_SITE_COMPONENT_MANAGER. 1014 will show the system is being installed, and a 1015 message will indicate success for installing the site system. Any errors should be checked against the message codes in the download below from Microsoft.

If you have successfully created the DP, but your package is not being uploaded to the DP, check the message on the SMS_DISTRIBUTION_MANAGER component. If you are seeing access denied messages, they are most likely due to one of two issues; Antivirus is blocking the package(or part of it), or someone has changed the permissions on the DP.
-------------------
Enjoy,
26

No comments:

Post a Comment