We’ll run quickly through the process of installing the server roles, as this has been covered previously and hasn’t changed all that much.

Remember to install the following components on your server before proceeding:
- WSUS 3.0 SP1
- PowerShell
- MBCA
- Report Viewer Redistributable

Before installing – run the Best Practice Analyzer. This tool is always your friend when dealing with SCMDM installs. It has been slightly revamped for the SP1 release, and I find it a positive touch that it also reports on what was found to be right about your current setup

I passed most of the checks, and ignored the rest. Not something I would recommend usually, but I’ll accept that SQL Server should not be installed on any SCMDM Server unless in a lab, and the errors I get regarding the DC and CA does not make sense. Apparently Windows Server 2008 is still a no-no as far as the BPA is concerned.

As stated previously the following roles/services are all installed on the same box, but as this test scenario does not focus on splitting them up I will have to live with this limitation. I’ll be installing the following roles:
- Enrollment Server
- Device Management Server
- Administrator Tools
- Self Service Portal

If you have installed SCMDM RTM before you’ll notice that there are few changes this time around. The only thing really is choosing which instance you want to add this server to. So the extra work is basically done when running ADConfig, and is an Active Directory thing. You’ll notice that I only have one available instance, even though I configured two instances only one of them is in this domain. But if you wanted to there is nothing preventing you from having multiple instances in the same domain. I don’t think I’ll be exploring that scenario at the moment, as it’s not that different from this scenario. If you figure this one out, you will be able to do the other as well

And although I’m only showing the installation on the EU instance, you’ll just have to trust me when I say I perform the same steps on the NA instance.

Remember to create the necessary DNS records, (for enrollment and self service portal), before proceeding to install.

Enrollment Server Install

No stopping here, just move along to the next install wizard.

Device Management Server

We’ll also need something to administrate our servers with.

Admin Tools

You’re probably getting tired of screenshots; just a few more and we’ll be finished for now.

Self Service Portal

And there we are. If you are happy with using your devices without a Gateway Server you can go ahead and enroll devices. If you want a Gateway as well that will be covered in the next part.

There is one more thing to do after all this is done before proceeding. Run the BPA and perform a Post-Deployment Scan. You may get different results, but I’m seeing the following:
- Warnings about being installed with other servers and roles.
- On the Device Management and Enrollment Server it is reported that the web sites/services are not reachable, and I’m advised to check the certificates. I do not know at the present time why I get these errors as I can reach the sites, and do not see any errors with the certificates either. Will post an update if I learn why I’m getting this.
- The Certification Authority reports an error about a missing group in Active Directory. (CERTSRV_DCOM_ACCESS) I think this might be related to the fact that I’m running all the CAs on Windows Server 2008, (as I know there has been some changes to the CA role in W2K8), but wouldn’t know for sure. I have tried following this KB article (http://support.microsoft.com/kb/927066), but it does not seem to remove the error in BPA.

In spite of these errors everything seems to work like it should though. But I thought I’d give you a heads-up in case you run into strange problems later on in your testing. I’ll try to investigate further what the causes are.