Today, we will discuss SCCM Install New Distribution Point Role | ConfigMgr. Configuration Manager Distribution Point is the content\source files for client devices.
In this post, you shall learn how to install a New Distribution Point Role. Check out another blog, Learn How to Remove Distribution Point Role|SCCM|ConfigMgr.
What is a Distribution Point? A distribution point contains source files for clients to download. You can control content distribution using bandwidth, throttling, and scheduling options.
New Distribution Point Role Prerequisites
You need to confirm the operating system support for the SCCM Distribution Point installation. The following are some of the other prerequisites of SCCM DP.
The SCCM Distribution Point server should be domain-joined, updated with the latest patches, and firewall ports opened between the site and the remote DP servers.
- Windows Firewall should be configured to open connections from application WMI.
If you install SCCM DP on a server in an untrusted domain, you must follow some specific options as explained in the post. SCCM Untrusted Forest Issues Require The Site Server To Initiate Connection.
NOTE! – You have the option to install and configure IIS via the SCCM DP installation wizard, as shown below.
- Windows Server roles and features
- Remote Differential Compression
- IIS configuration
- Application Development:
- ISAPI Extensions
- Application Development:
- Security:
- Windows Authentication
- IIS 6 Management Compatibility:
- IIS 6 Metabase Compatibility
- IIS 6 WMI Compatibility
- Visual C++ Redistributable
- To support PXE or multicast
- Enable a PXE responder on a distribution point without Windows Deployment Service.
- Install and configure the Windows Deployment Services (WDS) Windows Server role.
- Ensure the SQL Server Native Client is installed and up to date for a multicast-enabled distribution point. For more information, see Prerequisite checks—SQL Server Native Client.
More details are available here.
Add Site Server Account for DP Installation
Ensure your site server has administrative privileges on the remote distribution point server before starting the activity.
- Add the Site Server Computer account to the DP server’s local administrator’s Group.
Add New Distribution Point | ConfigMgr
You can install the Distribution point from the Configuration Manager console. The following are the steps to install SCCM DP on a Windows server.
If you want to install a remote Distribution point and a new site system server, follow the steps.
NOTE! – When you already have a remote site system server and want to install remote DP on the existing site system, you can skip the following two steps.
- Navigate \Administration\Overview\Site Configuration\Sites
- Right-click the on-site server and select Create Site System Server
Enter remote DP server FQDN and click next.
Select the Windows Server name from the Active Directory connected to the primary server. If there is no trust between the domain’s Windows server and the primary server, you can directly enter the FQDN of the Windows Server where you want to install the remote DP role.
Navigate \Administration\Overview\Site Configuration\Servers and Site System Roles. Select the Site System server and Right Click on the server – Select Add Site System Roles.
Select Site Code from the drop-down menu. I want to connect the SCCM Remote DP on Windows 11 to the primary server, selecting the site code MEM (prior site code).
Click the NEXT to continue.
Use the site server’s computer account to install the site system – This is the account I added in this post’s prerequisite section.
Use another account for installing the site system – This option is very helpful when you have to install SCCM DP on Windows 11 PC that is domain joined into an untrusted forest.
Related Post – SCCM Untrusted Forest Issues Require The Site Server To Initiate Connection.
Select Site System Role
Click NEXT on the proxy configuration page. Proxy is not required for this DP setup. Select the Distribution Point option and click the NEXT button.
IIS, Branch Cache, LEDBAT settings
Select the Install & Configure IIS option (Recommended). You can select Branch Cache, LEDBAT, and the other options if you plan to use those.
Click on NEXT to continue.
Client Communication Settings
NOTE! – Configure how client devices communicate with the new distribution point: HTTP or HTTPS communication? I selected HTTP as the new distribution point setup. The previous post provides more details about HTTPS site system configuration.
HTTP – Doesn’t support mobile or Mac computers. Allow clients to connect anonymously. HTTPS – Requires computers to have a valid PKI client certificate.
Drive Letter Settings
Specify the Drive settings for the New SCCM Distribution Point (I have selected the default settings).
NOTE! – Do not use the C drive content library location. Try to create a NO_SMS_ON_DRIVE.You don’t want to use SMS (blank text file) in the drives as a content library location.
To prevent the content library from being installed on a specific drive, create an empty file named NO_SMS_ON_DRIVE.SMS. Copy it to the industry’s root before the content library is created.
Other Configurations – PXE, Multicast
Enable PXE from the PXE settings page (Install Windows Deployment Services WDS), configure another PXE-related configuration from Microsoft doc. and Click Next.
Multicast from the Multicast configuration page and click Next. Content validation is the optional integration of the content distributed to the Distribution Point and Click Next.
Specify the boundary groups associated with the new Site system/Distribution point. Then, click NEXT, NEXT, and CLOSE to complete creating a unique Distribution Point from the Configuration Manager console.
Log Files to Confirm Installation of a New Distribution Point
Hman.log log file is the best place to check the progress of the SCCM (Configuration Manager) Distribution Point.
The following packages are automatically deployed to all SCCM DPs; you don’t have to deploy them to your DPs.
- Configuration Manager Client Upgrade Package
- Configuration Manager Client Package
Server Info of site TP4 has changed. Update the DPInfo table in the database. Distribution Points of site TP4 have changed. Update the DistributionPoints table in the database. Inserted DP ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com. CRC:9190EA6C,PDP:0,PullDP:0 Publish Client Packages To New DP. DP's SiteCode is TP4, this site is TP4. DP Reports to SecondarySite = 0. Publish the client package
The following are Distmgr.log log file entries while building a new DP server in your configuration manager infrastructure.
DP upgrade processing thread: Upgrading DP with ID 2. Thread 0x127c. Used 1 threads out of 50. Processing 2.INS DPID 2 - NAL Path ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ , ServerName = SCCMTP2.INTUNE.COM, DPDrive = , IsMulticast = 0, PXE = 0, RemoveWDS = 0, SccmPXE = 0 PullDP ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ is marked Uninstalled GetDPUsableDrives - ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ user(NT AUTHORITY\SYSTEM) runing application(SMS_DISTRIBUTION_MANAGER) from machine (SCCMTP2.Intune.com) is submitting SDK changes from site(TP4) Finished GetDPUsableDrives - ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ GetContentLibLocation - SCCMTP2.INTUNE.COM . . The distribution point ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ is not installed or upgraded yet. IISPortsList in the SCF is "80". IISSSLPortsList in the SCF is "443". . . DP settings have been updated to SCCMTP2.INTUNE.COM. Install Internet server= 1 Command line to install IIS: 'dism.exe /online /norestart /enable-feature /ignorecheck /featurename:"IIS-WebServerRole" /featurename:"IIS-WebServer" /featurename:"IIS-CommonHttpFeatures" /featurename:"IIS-StaticContent" /featurename:"IIS-DefaultDocument" /featurename:"IIS-DirectoryBrowsing" /featurename:"IIS-HttpErrors" /featurename:"IIS-HttpRedirect" /featurename:"IIS-WebServerManagementTools" /featurename:"IIS-IIS6ManagementCompatibility" /featurename:"IIS-Metabase" /featurename:"IIS-WindowsAuthentication" /featurename:"IIS-WMICompatibility" /featurename:"IIS-ISAPIExtensions" /featurename:"IIS-ManagementScriptingTools" /featurename:"MSRDC-Infrastructure" /featurename:"IIS-ManagementService" '. . . Finished updating DP setting from SCF to DP machine, configure branchcache, LEDBAT, DOINC - SCCMTP2.Intune.com Successfully updated configuration settings on server - SCCMTP2.Intune.com . . Finished GetDPUsableDrives - ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ CreateSignatureShare, connecting to DP Successfully created the directory for the signature export - \SCCMTP2.Intune.com\C$\SMSSIG$. Successfully created share SMSSIG$ on server SCCMTP2.Intune.com Share SMSPKGC$ exists on distribution point \SCCMTP2.Intune.com\SMSPKGC$ Finished GetContentLibLocation - SCCMTP2.Intune.com . . Enabling Anonymous access for virtual directory CCMTOKENAUTH_SMS_DP_SMSPKG$. Successfully created the virtual directory CCMTOKENAUTH_SMS_DP_SMSPKG$ for the physical path C:\SCCMContentLib. Successfully created the virtual directory SMS_DP_SMSSIG$ for the physical path C:\SMSSIG$.
Results – Configuration Manager Distribution Point
Navigate to \Monitoring\Overview\Distribution Status\Content Status and check the package status from MECM Console!
Resources
- Install and configure distribution points in Configuration Manager – https://docs.microsoft.com/en-us/configmgr/core/servers/deploy/configure/install-and-configure-distribution-points
- Setting up HTTPS MP SUP SCCM Site Systems for Co-Management – https://www.anoopcnair.com/setting-up-https-mp-sup-sccm-site-systems/
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Hi Anoop,
There is a dedicated standard DP in a remote site that has Multicast Enabled. There is no servers apart from this server that multicast enabled in the environment . Is any separate configuration required on the primary site ?
Where i can see these logs ?
McsISAPI.log
McsMSI.log
McsSetup.log
McsPrv.log
KT
Dp and Multi cast … I never had that scenario … smsts log for osd … does that help https://techcommunity.microsoft.com/t5/premier-field-engineering/setting-up-multicasting-in-sccm/ba-p/321972
Hi Anoop, Can you explain prerequisites again as i cant find remote differential compression (server 2019).
thanks in advance
I think it’s there in 2019 server as well.. Check out the video training here https://youtu.be/02RUaUW1UWI
What if the new DP is to be in a different forest? To go around I tried installing the new DP under a Site System Installation Account that belongs to that other forest yet I see in configuration Status 2 failed packages and the rest sitting for 2 days In Progress.
Any help from the following thread? https://forum.howtomanagedevices.com/endpointmanager/osd/content-distribution-failure-on-a-newly-configured-dp/#comment-4750
Also worth raising a new question
Dear sir,
I have configured a DP in workstation. Workstation is win 10 version 20h2. And after configuration contain distribution completed. But not able to deploy the image. I have enable pxe responder without WDS role. But some how not working. Please suggest.
I normally check SMSPXE.log file on Windows 10 device to understand whether PXE is working fine or not.
Hi Anoop,
Does clients in a new forest require to communicate back to the Primary site or is this where the DP comes in?
We have no FW rules between the clients and the Primary site as they are on two different domains, but all the required ports are opened between DP (in new forest) and the Primary site.
Reason I asked is because we are trying to deploy an agent to a server in a new forest and it keeps failing and ccm.log is showing the following:
—> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN1\CM-PUSH-SVC (00000035)
—> The device CLIENT02.domain.com does not exist on the network. Giving up
—> Trying each entry in the SMS Client Remote Installation account list
—> Attempting to connect to administrative share ‘\\CLIENT02\admin$’ using account ‘DOMAIN1\CM-PUSH-SVC’
—> SspiEncodeStringsAsAuthIdentity succeeded!
—> SspiExcludePackage succeeded!
—> SspiMarshalAuthIdentity succeeded!
—> NetUseAdd failed: 53: dwParamError = 0
—> NTLM fallback is enabled
I think you are trying to push the client using the Client PUSH method and that needs a lot more permissions and ports opening. Refer https://www.anoopcnair.com/install-configmgr-client-using-client-push-installation-method-sccm/
is there any difference between a DP running on windows 10 / 11 and DP running on windows server?
Where is the pervious Post about HTTPS? How do we find Previous Post?
“More details about HTTPS site system configuration are available in the previous post.”
https://www.anoopcnair.com/setting-up-https-mp-sup-sccm-site-systems/ and https://www.anoopcnair.com/setting-up-https-mp-sup-sccm-site-systems/