SCCM Install New Distribution Point Role | ConfigMgr

Today, we will discuss SCCM Install New Distribution Point Role | ConfigMgr. Configuration Manager Distribution Point is the content\source files for client devices.

In this post, you shall learn how to install a New Distribution Point Role. Check out another blog, Learn How to Remove Distribution Point Role|SCCM|ConfigMgr.

What is a Distribution Point? A distribution point contains source files for clients to download. You can control content distribution using bandwidth, throttling, and scheduling options.

New Distribution Point Role Prerequisites

You need to confirm the operating system support for the SCCM Distribution Point installation. The following are some of the other prerequisites of SCCM DP.

Patch My PC

The SCCM Distribution Point server should be domain-joined, updated with the latest patches, and firewall ports opened between the site and the remote DP servers.

  • Windows Firewall should be configured to open connections from application WMI.

If you install SCCM DP on a server in an untrusted domain, you must follow some specific options as explained in the post. SCCM Untrusted Forest Issues Require The Site Server To Initiate Connection.

NOTE! – You have the option to install and configure IIS via the SCCM DP installation wizard, as shown below.

  • Windows Server roles and features
    • Remote Differential Compression
  • IIS configuration
    • Application Development:
      • ISAPI Extensions
  • Security:
    • Windows Authentication
  • IIS 6 Management Compatibility:
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility
  • Visual C++ Redistributable
  • To support PXE or multicast
    • Enable a PXE responder on a distribution point without Windows Deployment Service.
    • Install and configure the Windows Deployment Services (WDS) Windows Server role.
    • Ensure the SQL Server Native Client is installed and up to date for a multicast-enabled distribution point. For more information, see Prerequisite checks—SQL Server Native Client.

More details are available here.

Adaptiva

Add Site Server Account for DP Installation

Ensure your site server has administrative privileges on the remote distribution point server before starting the activity.

  • Add the Site Server Computer account to the DP server’s local administrator’s Group.
SCCM Install New Distribution Point Role | ConfigMgr - Fig.1
SCCM Install New Distribution Point Role | ConfigMgr – Fig.1

Add New Distribution Point | ConfigMgr

You can install the Distribution point from the Configuration Manager console. The following are the steps to install SCCM DP on a Windows server.

If you want to install a remote Distribution point and a new site system server, follow the steps.

NOTE! – When you already have a remote site system server and want to install remote DP on the existing site system, you can skip the following two steps.

  • Navigate \Administration\Overview\Site Configuration\Sites
  • Right-click the on-site server and select Create Site System Server
SCCM Install New Distribution Point Role | ConfigMgr - Fig.2
SCCM Install New Distribution Point Role | ConfigMgr – Fig.2

Enter remote DP server FQDN and click next.

Select the Windows Server name from the Active Directory connected to the primary server. If there is no trust between the domain’s Windows server and the primary server, you can directly enter the FQDN of the Windows Server where you want to install the remote DP role.

SCCM Install New Distribution Point Role | ConfigMgr - Fig.3
SCCM Install New Distribution Point Role | ConfigMgr – Fig.3

Navigate \Administration\Overview\Site Configuration\Servers and Site System Roles. Select the Site System server and Right Click on the server – Select Add Site System Roles.

Select Site Code from the drop-down menu. I want to connect the SCCM Remote DP on Windows 11 to the primary server, selecting the site code MEM (prior site code).

SCCM Install New Distribution Point Role | ConfigMgr - Fig.4
SCCM Install New Distribution Point Role | ConfigMgr – Fig.4

Click the NEXT to continue.

Use the site server’s computer account to install the site system – This is the account I added in this post’s prerequisite section.

Use another account for installing the site system – This option is very helpful when you have to install SCCM DP on Windows 11 PC that is domain joined into an untrusted forest.

Related Post SCCM Untrusted Forest Issues Require The Site Server To Initiate Connection.

SCCM Install New Distribution Point Role | ConfigMgr - Fig.5
SCCM Install New Distribution Point Role | ConfigMgr – Fig.5

Select Site System Role

Click NEXT on the proxy configuration page. Proxy is not required for this DP setup. Select the Distribution Point option and click the NEXT button.

SCCM Install New Distribution Point Role | ConfigMgr - Fig.6
SCCM Install New Distribution Point Role | ConfigMgr – Fig.6

IIS, Branch Cache, LEDBAT settings

Select the Install & Configure IIS option (Recommended). You can select Branch Cache, LEDBAT, and the other options if you plan to use those.

Click on NEXT to continue.

SCCM Install New Distribution Point Role | ConfigMgr - Fig.7
SCCM Install New Distribution Point Role | ConfigMgr – Fig.7

Client Communication Settings

NOTE! – Configure how client devices communicate with the new distribution point: HTTP or HTTPS communication? I selected HTTP as the new distribution point setup. The previous post provides more details about HTTPS site system configuration.

HTTP – Doesn’t support mobile or Mac computers. Allow clients to connect anonymously. HTTPS – Requires computers to have a valid PKI client certificate.

SCCM Install New Distribution Point Role | ConfigMgr - Fig.8
SCCM Install New Distribution Point Role | ConfigMgr – Fig.8

Drive Letter Settings

Specify the Drive settings for the New SCCM Distribution Point (I have selected the default settings).

NOTE! – Do not use the C drive content library location. Try to create a NO_SMS_ON_DRIVE.You don’t want to use SMS (blank text file) in the drives as a content library location.

To prevent the content library from being installed on a specific drive, create an empty file named NO_SMS_ON_DRIVE.SMS. Copy it to the industry’s root before the content library is created.

SCCM Install New Distribution Point Role | ConfigMgr - Fig.9
SCCM Install New Distribution Point Role | ConfigMgr – Fig.9

Other Configurations – PXE, Multicast

Enable PXE from the PXE settings page (Install Windows Deployment Services WDS), configure another PXE-related configuration from Microsoft doc. and Click Next.

Multicast from the Multicast configuration page and click Next. Content validation is the optional integration of the content distributed to the Distribution Point and Click Next.

Specify the boundary groups associated with the new Site system/Distribution point. Then, click NEXT, NEXT, and CLOSE to complete creating a unique Distribution Point from the Configuration Manager console.

Log Files to Confirm Installation of a New Distribution Point

Hman.log log file is the best place to check the progress of the SCCM (Configuration Manager) Distribution Point.

The following packages are automatically deployed to all SCCM DPs; you don’t have to deploy them to your DPs.

  • Configuration Manager Client Upgrade Package
  • Configuration Manager Client Package
SCCM Install New Distribution Point Role | ConfigMgr - Fig.10
SCCM Install New Distribution Point Role | ConfigMgr – Fig.10
Server Info of site TP4 has changed. Update the DPInfo table in the database.
Distribution Points of site TP4 have changed. Update the DistributionPoints table in the database.
Inserted DP ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com. CRC:9190EA6C,PDP:0,PullDP:0
Publish Client Packages To New DP. DP's SiteCode is TP4, this site is TP4. DP Reports to SecondarySite = 0. Publish the client package

The following are Distmgr.log log file entries while building a new DP server in your configuration manager infrastructure.

DP upgrade processing thread: Upgrading DP with ID 2. Thread 0x127c. Used 1 threads out of 50.
Processing 2.INS
DPID 2 - NAL Path ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ , ServerName = SCCMTP2.INTUNE.COM, DPDrive = , IsMulticast = 0, PXE = 0, RemoveWDS = 0, SccmPXE = 0
PullDP ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ is marked Uninstalled
GetDPUsableDrives - ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\
user(NT AUTHORITY\SYSTEM) runing application(SMS_DISTRIBUTION_MANAGER) from machine (SCCMTP2.Intune.com) is submitting SDK changes from site(TP4)
Finished GetDPUsableDrives - ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\
GetContentLibLocation - SCCMTP2.INTUNE.COM
.
.
The distribution point ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ is not installed or upgraded yet.
IISPortsList in the SCF is "80".
IISSSLPortsList in the SCF is "443".
.
.
DP settings have been updated to SCCMTP2.INTUNE.COM.
Install Internet server= 1
Command line to install IIS: 'dism.exe /online /norestart /enable-feature /ignorecheck /featurename:"IIS-WebServerRole" /featurename:"IIS-WebServer" /featurename:"IIS-CommonHttpFeatures" /featurename:"IIS-StaticContent" /featurename:"IIS-DefaultDocument" /featurename:"IIS-DirectoryBrowsing" /featurename:"IIS-HttpErrors" /featurename:"IIS-HttpRedirect" /featurename:"IIS-WebServerManagementTools" /featurename:"IIS-IIS6ManagementCompatibility"  /featurename:"IIS-Metabase" /featurename:"IIS-WindowsAuthentication"  /featurename:"IIS-WMICompatibility"  /featurename:"IIS-ISAPIExtensions" /featurename:"IIS-ManagementScriptingTools" /featurename:"MSRDC-Infrastructure" /featurename:"IIS-ManagementService" '.
.
.
Finished updating DP setting from SCF to DP machine, configure branchcache, LEDBAT, DOINC - SCCMTP2.Intune.com
Successfully updated configuration settings on server - SCCMTP2.Intune.com
.
.
Finished GetDPUsableDrives - ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\
CreateSignatureShare, connecting to DP
Successfully created the directory for the signature export - \SCCMTP2.Intune.com\C$\SMSSIG$.
Successfully created share SMSSIG$ on server SCCMTP2.Intune.com
Share SMSPKGC$ exists on distribution point \SCCMTP2.Intune.com\SMSPKGC$
Finished GetContentLibLocation - SCCMTP2.Intune.com
.
.
Enabling Anonymous access for virtual directory CCMTOKENAUTH_SMS_DP_SMSPKG$.
Successfully created the virtual directory CCMTOKENAUTH_SMS_DP_SMSPKG$ for the physical path C:\SCCMContentLib.
Successfully created the virtual directory SMS_DP_SMSSIG$ for the physical path C:\SMSSIG$.

Results – Configuration Manager Distribution Point

Navigate to \Monitoring\Overview\Distribution Status\Content Status and check the package status from MECM Console!

SCCM Install New Distribution Point Role | ConfigMgr - Fig.11
SCCM Install New Distribution Point Role | ConfigMgr – Fig.11

Resources

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

13 thoughts on “SCCM Install New Distribution Point Role | ConfigMgr”

  1. Hi Anoop,

    There is a dedicated standard DP in a remote site that has Multicast Enabled. There is no servers apart from this server that multicast enabled in the environment . Is any separate configuration required on the primary site ?

    Where i can see these logs ?
    McsISAPI.log
    McsMSI.log
    McsSetup.log
    McsPrv.log

    KT

    Reply
  2. Hi Anoop, Can you explain prerequisites again as i cant find remote differential compression (server 2019).

    thanks in advance

    Reply
  3. What if the new DP is to be in a different forest? To go around I tried installing the new DP under a Site System Installation Account that belongs to that other forest yet I see in configuration Status 2 failed packages and the rest sitting for 2 days In Progress.

    Reply
  4. Dear sir,
    I have configured a DP in workstation. Workstation is win 10 version 20h2. And after configuration contain distribution completed. But not able to deploy the image. I have enable pxe responder without WDS role. But some how not working. Please suggest.

    Reply
  5. Hi Anoop,

    Does clients in a new forest require to communicate back to the Primary site or is this where the DP comes in?
    We have no FW rules between the clients and the Primary site as they are on two different domains, but all the required ports are opened between DP (in new forest) and the Primary site.
    Reason I asked is because we are trying to deploy an agent to a server in a new forest and it keeps failing and ccm.log is showing the following:

    —> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN1\CM-PUSH-SVC (00000035)
    —> The device CLIENT02.domain.com does not exist on the network. Giving up
    —> Trying each entry in the SMS Client Remote Installation account list
    —> Attempting to connect to administrative share ‘\\CLIENT02\admin$’ using account ‘DOMAIN1\CM-PUSH-SVC’
    —> SspiEncodeStringsAsAuthIdentity succeeded!
    —> SspiExcludePackage succeeded!
    —> SspiMarshalAuthIdentity succeeded!
    —> NetUseAdd failed: 53: dwParamError = 0
    —> NTLM fallback is enabled

    Reply
  6. Where is the pervious Post about HTTPS? How do we find Previous Post?

    “More details about HTTPS site system configuration are available in the previous post.”

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.