In the this post we will be setting up your SCCM 2016 Site System roles. So what is a site system role and why do we need it? A site system role is added to extend the management functionality of the site. So basically if you want to be able to manage a particular type of object within SCCM 2016 we need to install a site system role for it.
The most common roles and the ones we will be installing today are the Application catalog website point, the Application catalog web service point and Fallback status point.
There are a quite a few different site system roles available and you don’t need to install all of them from the start. Instead we can just install them as we need them. As usual Microsoft has well documented the roles here. I will just list them below as per the above article just so you have a reference. You can skip through reading about all of these roles if you just want to get to the installation.
Configuration Manager site server. This role identifies the server where Configuration Manager Setup is run to install a site, or the server on which you install a secondary site.
Configuration Manager site system. This role is assigned to any computer on which you either install a site or install a site system role.
Configuration Manager component site system role. This role identifies a site system that runs an instance of the SMS Executive service, and is required to support other roles, like management points.
Configuration Manager site database server. This role is assigned to site system servers that hold an instance of the site database for a site.
SMS Provider. The SMS Provider role is assigned to each computer that hosts an instance of the SMS Provider, the interface between a Configuration Manager console and the site database. By default, this role installs automatically on the site server of a central administration site and primary sites.
Application Catalog web service point. A site system role that provides software information to the Application Catalog website from the Software Library.
Application Catalog website point. A site system role that provides users with a list of available software from the Application Catalog. If this role is to support computers on the internet it is best practice to put it in a perimeter network for better security.
Asset Intelligence synchronization point. A site system role that connects to Microsoft to download information for the Asset Intelligence catalog.
Certificate registration point. A site system role that communicates with a server that runs the Network Device Enrollment Service. This role manages device certificate requests that use the Simple Certificate Enrollment Protocol (SCEP).
Cloud management gateway connector point. A site system role for communicating with the cloud management gateway.
Distribution point. A site system role that contains source files for clients to download, such as application content, software packages, software updates, operating system images, and boot images.
Fallback status point. A site system role that helps you monitor client installation, and identify the clients that are unmanaged because they cannot communicate with their management point.
Endpoint Protection point. A site system role that Configuration Manager uses to accept the Endpoint Protection license terms, and to configure the default membership for Cloud Protection Service.
Enrollment point. A site system role that uses PKI certificates for Configuration Manager to enroll mobile devices and Mac computers.
Enrollment proxy point. A site system role that manages Configuration Manager enrollment requests from mobile devices and Mac computers.
When you support mobile devices on the Internet, install the enrollment proxy point in a perimeter network for security, and install the enrollment point on the intranet.
Exchange Server connector. For information about this role, see Manage mobile devices with System Center Configuration Manager and Exchange
Management point. A site system role that provides policy and service location information to clients, and receives configuration data from clients.
Management points can be set up to support HTTP or HTTPs, as well as to support mobile devices you manage with System Center Configuration Manager On-premises Mobile Device Management. You can use Database replicas for management points for System Center Configuration Manager to help reduce the CPU load placed on the site database server by management points as they service requests from clients.
Reporting services point. A site system role that integrates with SQL Server Reporting Services to create and manage reports for Configuration Manager.
Service connection point. A site system role that you use to manage mobile devices with Microsoft Intune and on-premises MDM. This role also uploads usage data from your site, and is required to make updates for Configuration Manager available in the Configuration Manager console.
Software update point. A site system role that integrates with Windows Server Update Services (WSUS) to provide software updates to Configuration Manager clients.
State migration point. A site system role that stores user state data when a computer is migrated to a new operating system.
System Health Validator point. Although this site system role remains visible in the Configuration Manager console, it is no longer used.
The process for installing site system roles is quite straight forward. I would however recommend doing your research before installing the role and ensure that it is required before you proceed. As I mentioned above today we will be installing the Application catalog website point, the Application catalog web service point and the Fallback status point.
So why these roles? We need the Application catalog web service point as this passes the software information to the Application catalog website point. Then after leveraging the SCCM client installed on user’s computers the Application catalog website point provides a software ‘menu’ to users that they can choose from for deployment. The Fallback status point is required as it allows you to monitor client software installations. It also allows you to see which clients are unmanaged.
To begin open your SCCM 2016 console and click on the Administration button. Then expand Site Configuration and click Sites. Then click on Add Site System Roles.
You can leave this page as the defaults and then click Next.
If you have proxy server setup and you want SCCM to go through it please check the box that states Use a proxy server when synchronizing information from the internet. Then enter your proxy server’s details.
Select the Site System Roles that we will be installing which are the Application Catalog web service point, the Application Catalog website point and the Fallback status point then click next.
Leave all the Fallback Status Point settings as the defaults and click Next.
We are going to use the default for the Application Catalog Web Service Point which is to use HTTP (port 80) so again leave the default settings as they are and click Next.
Do not change any of the IIS settings for the Application Catalog Web Service Point and click Next again.
Leave the default IIS settings for the Application Catalog Website Point and click Next.
Enter a name for your organisation and choose a colour. The colour is basically the website theme colour the user will see when they open the Application Catlog link. When ready, click Next.
Confirm that you are happy with all the settings in the Summary screen and click Next.
Verify that the installation was successful and click Close.
Lets check that the installation was successful by looking at the logs in C:\Program Files\Microsoft Configuration Manager\Logs. Open the file named awebsctl.log. Check that the http check shows the line returned hr=0, bFailed=0.
Next search for the below line that states that the status has changed from failed or unknown to online.
Within the same folder open a file named awebsvcMSI.log. Check for the presence of the line ‘Application Web Service — Installation Operation Completed Successfully.’
This concludes the post on setting up the Site System Roles and I hope that you found it useful. In our next post we will be looking at how you can deploy the SCCM 2016 client.