Workplace vNext :: Part 6 :: Unattended Install ConfigMgr 2012 R2 in Windows Azure

This blog post shows you how to create a new VM with SQL Server pre-installed, make sure it automatically joins the Active Directory domain and install required Windows Features as well as Configuration Manager 2012 R2. It acts as a part in a bigger series about ‘Workplace vNext’ using Configuration Manager 2012 R2, Intune, ADFS and Azure Multifactor Authentication to provide the next generations Workplace. You can find the introduction post here with the complete index of all posts.

Forewords

I’ve always wanted to write some forewords so why not do it for my own blog post? The reason is that I think that this is really awesome. I mean really awesome. I’ve previously created hydration kit for ConfigMgr and there are others out there that does it as well. Such as Mikael ‘Mike the deployment bunny’ Nyström and Johan ‘the CfgMgr guru’ Arwidmark. And they do it well. It does however require from you that you have a machine or two with good performance disks (or that is just a good thing) and some fair amount of system RAM. You could also download the EVAL bits from Microsoft and install it yourself or download the preinstalled VHD from Microsoft. But still, you need a fair amount of RAM in your server/PC/laptop. With this solution you can run a Domain Controller, ADFS and ConfigMgr 2012 R2 with just 1GB RAM. Since all you need is an internet connection, the Azure PowerShell module and a Windows PC. That is pretty awesome if you ask me. Verry well, carry on!

Automatically Join the Domain During Provisioning

Just as we learned in the previous post we can, just as with regular OSD, specify a domain that a new VM should join during the first boot. We’ll do that with this VM as well. However this time we have a challenge with the fact that only the local administrator account is added to the SQL Server administrators group (well not group but have permissions) in SQL. But we’ll take care of that as well

There are some more questions to answer however. Such as a Microsoft Account that is used to download the evaulation files for ConfigMgr.

Create VM With SQL Server Pre-Installed

Okey so we need SQL for SCCM 2012 R2. The team at Microsoft provides us with VM templates with SQL pre-installed (yes, it is supported to pre-install SQL before you run a sysprep on a machine, awesome isn’t?) so why not use those images instead of having to install SQL as well? We’ll just select the image we would to use and make sure we use the latest version of that image. Yes yes, Microsoft patches their images in Windows Azure, odd is it not?

 (Get-AzureVMImage | Where Label -eq "SQL Server 2012 SP1 Standard on Windows Server 2012")[-1] 

When we use the Get-AzureVMImage command we get back an array with images. So we use “Where” (short for “Where-Object) and filter out so we only have left the images with the correct Label (and thus content). We still have an array with images and uses [-1] to specify “last” as the index in the array. That way we get the newest/most up2date image. Nothing new here from the other posts really, except the Label. Oh that’s right, we must fall back to Windows Server 2012 non-R2 since we prefer to use SQL 2012 SP1 over SQL 2008 R2 and that image in Windows Azure runs on Server 2012 non-R2. But that will do for sure!

In order to grant the domain administrator account (that we’ll use during SCCM installation) administrative permissions in SQL, we use PowerShell Remoting to connect (as the local administrator) to the VM once it is up and running. We can then run a SQL query against the SQL server to grant the domain administrator account sysadmin permissions in SQL.

USE [master]
GO
CREATE LOGIN [$DomainAdminUsernameAndDomain] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
GO
ALTER SERVER ROLE [sysadmin] ADD MEMBER [$DomainAdminUsernameAndDomain]
GO

Install Windows Features

To install .Net Framework 3.5.1 during a Task Sequence can be somewhat tricky. One need to specify the Windows Source location so that the installer can grab the source files for .Net Framework 3.5.1 from the SxS folder. We’ll that can be tricky in Windows Azure since we don’t have the ISO available. Lucky for us the installer can grab the files from Windows Update. And even more lucky for us is that SQL Server 2012 SP1 requires .Net Framework 3.5.1 and since that is installed already the same goes for .Net Framework. Yey more time for coffee!

There are however more Windows Roles and Features that we need to install. Since WSUS installation takes a little more time I’ve decided to split up the installation process into two parts. In contrast to a normal hydration of a single server installation of SCCM, one in Azure can’t leverage the WDS/PXE feature so we skip that. One might however, extend the network using the Site-to-Site VPN feature in Windows Azure and place one DP with PXE on the local on-premise corporate network.

We run the following command to install all the Windows Roles and Features:

Invoke-Command -Session $RemotePSSession -ScriptBlock { Install-WindowsFeature -Name NET-Framework-Core,RDC,BITS-IIS-Ext,FS-FileServer,Web-Mgmt-Tools,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,Web-WMI,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Static-Content,Web-Http-Redirect,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-Asp-Net,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,NET-WCF-HTTP-Activation45,NET-HTTP-Activation,NET-WCF-HTTP-Activation45 -IncludeManagementTools -Verbose } –Verbose

Later on we run:

Invoke-Command -Session $RemotePSSession -ScriptBlock {
Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementTools -Verbose
Start-Process -FilePath "C:\Program Files\Update Services\Tools\wsusutil.exe" -ArgumentList "postinstall CONTENT_DIR=C:\WSUS INSTANCE_NAME=$($using:VMName)" -Wait -Verbose
}

in order to install and run post-installation configuration of WSUS.

Configure SQL Server to Use Local System Account

Per default SQL Server in Windows Azure runs under the MSSQLServer NT Service account. That is however not supported for Configuration Manager so we must change that into a domain account or the local system account. I prefer the later when there is no explicit need to run the account as a domain account. Such need should be when needing to use Kerberos Constrained Delegation for instance.

We run the following command to alter the service:

Invoke-Command -Session $RemotePSSession -ScriptBlock {

[reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.SqlWmiManagement")
$wmi = New-Object ("Microsoft.SqlServer.Management.Smo.Wmi.ManagedComputer") $env:computername
$wmi.services | Where-Object {$_.Type -eq 'SqlServer' -or $_.Type -eq 'SQLAgent'} | ForEach-Object {$_.SetServiceAccount("LocalSystem","")}

}

Download Requirements

One thing I learned the hard way is that one can not start a BITS job in a Remote PowerShell Session. I figured that one out when I tried to download the ADK installation files as Assessment and Deployment Kit (for Windows) 8.1 is required for SCCM 2012 R2. Instead I had to use the WebClient in .Net Framework.

Invoke-Command -Session $RemotePSSession -ScriptBlock { if (!(Test-Path D:\Temp\)) { New-Item D:\Temp\ -type directory > $null }; $wc = New-Object System.Net.WebClient; $wc.DownloadFile("<a href="http://download.microsoft.com/download/6/A/E/6AEA92B0-A412-4622-983E-5B305D2EBE56/adk/adksetup.exe&quot;,&quot;D:\temp\adksetup.exe&quot;)">http://download.microsoft.com/download/6/A/E/6AEA92B0-A412-4622-983E-5B305D2EBE56/adk/adksetup.exe","D:\temp\adksetup.exe")</a> }

The same goes for the Evaluation bits for ConfigMgr 2012 R2.

Install ConfigMgr 2012 R2

Once we have everything in place it is time to install ConfigMgr 2012 R2. As known one can not install ConfigMgr 2012 R2 unattended using parameters to the setup.exe binary. Instead one can use my C# developed PowerShell module OR simply pass the script file (ini) content using a variable in PowerShell to the remote PowerShell session and use Out-File to write the data into a file.

The installation does indeed take some time. Therefore I have added a progress bar that calculates the number of rows in the log file that the installer writes to. It’s not an exact science but it will give you some figures…

One pretty cool thing is that it works perfectly even if your local connection to Internet is lost, it simply reconnects.

Important Disclaimer

As a side note, I do create the NO_SMS_ON_DRIVE.SMS file on D:, however if one should go ahead and reboot the server or if the server for some other reason would get a new temporary storage (D:) it is a good idea to recreate that file, or simple have a scheduled task that checks that the file exists. That did not however make it into the 1.0 version of the script.

Also, for my knowledge Microsoft still has to make this a supporter alternative so until that this is just “for fun”. Do try this at home, but not in production And a different side note. I’ve heard that Microsoft should have said that ConfigMgr is supported runnings as a VM so that VMware and XEN should be supported hypervisors but that they only test with Hyper-V or something like that. Well then “maybe” this should fall under that part too But again, no official statement that this should ever work in production!

All in all, it takes a little more than one hour when I’ve tried the script. It is a Large sized VM in Windows Azure so it is a good idea to turn off the Cloud Service (not only the VM/from within the OS!) when you don’t use it or you will loose credits fast.

Download the script here.

<<< Previous Post | Next Post >>>

/Tim

About The Author

Tim Nilimaa is a consultant with Lumagate in Sweden. He has been working with Configuration Manager for 8 years. His knowledge has been selected as a speaker at many events among them Microsoft Management Summit.