SCCM Install New Distribution Point Role | ConfigMgr

Configuration Manager Distribution Point is the content\source files for client devices. In this post, you shall learn how to install a New Distribution Point Role. Check out another blog, Learn How to Remove Distribution Point Role|SCCM|ConfigMgr.

NOTE! – What is Distribution Point? A distribution point contains source files for clients to download. You can control content distribution using bandwidth, throttling, and scheduling options.

Distribution Point Prerequisites

You need to confirm the operating system support for the SCCM Distribution Point installation. The following are some of the other prerequisites of SCCM DP.

The SCCM Distribution Point server should be domain joined. The server should be updated with the latest patches. The firewall ports should be opened between the site and the remote DP servers.

Patch My PC
  • Windows Firewall should be configured to open connections from application WMI.

If you install SCCM DP on a server that is in an untrusted domain, you will need to follow some specific options as explained in the post. SCCM Untrusted Forest Issues Require The Site Server To Initiate Connection.

NOTE! – You have an option to install and configure IIS via the SCCM DP installation wizard, as shown below.

  • Windows Server roles and features
    • Remote Differential Compression
  • IIS configuration
    • Application Development:
      • ISAPI Extensions
  • Security:
    • Windows Authentication
  • IIS 6 Management Compatibility:
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility
  • Visual C++ Redistributable
  • To support PXE or multicast
    • Enable a PXE responder on a distribution point without Windows Deployment Service.
    • Install and configure the Windows Deployment Services (WDS) Windows Server role.
    • For a multicast-enabled distribution point, ensure the SQL Server Native Client is installed and up to date. For more information, see Prerequisite checks – SQL Server Native Client.

More details are available here.

Add Site Server Account for DP Installation

Ensure your site server has administrative privileges on the remote distribution point server before starting the activity.

Adaptiva
  • Add Site Server Computer account to DP server’s local administrator’s Group.
Add server account to administrators group
Add server account to the administrator’s Group.

Add New Distribution Point | ConfigMgr

You can install the Distribution point from the Configuration Manager console. The following are the steps to install SCCM DP on a Windows server.

If you want to install a remote Distribution point and a new site system server, follow the steps.

NOTE! – When you already have a remote site system server and want to install remote DP on that already existing site system, you can skip the following two steps.

  • Navigate \Administration\Overview\Site Configuration\Sites
  • Right-click the on-site server and select Create Site System Server
Create Site System Server - New Distribution Point Role
Create Site System Server – Configuration Manager Distribution Point |New Distribution Point Role

Enter remote DP server FQDN and click next

Select the Windows Server name from Active Directory connected to the primary server. If there is no trust between the domain’s Windows server and the primary server, you can directly enter the FQDN of the Windows Server where you want to install the remote DP role.

Remote Site System Server - New Distribution Point Role
Remote Site System Server – New Distribution Point Role

Navigate \Administration\Overview\Site Configuration\Servers and Site System Roles. Select the Site System server and Right Click on the server – Select Add Site System Roles.

Select Site Code from the drop-down menu. I want to connect the SCCM Remote DP on Windows 11 to the primary server, selecting the site code MEM (prior site code).

Add Site System Role - Select Distribution Point
Add Site System Role – Select Distribution Point

Click the NEXT to continue.

Use the site server’s computer account to install the site system – This is the account that I have added in the prerequisite section of this post.

Use another account for installing the site system – This option is very helpful when you have to install SCCM DP on Windows 11 PC that is domain joined into an untrusted forest.

Related Post SCCM Untrusted Forest Issues Require The Site Server To Initiate Connection.

Add a New Distribution Point |Configuration Manger
Add a New Distribution Point |Configuration Manger

Select Site System Role

Click NEXT on the proxy configuration page. Proxy is not required for this DP setup. Select the Distribution Point option and click the NEXT button.

Select Distribution Point Option- New Distribution Point Role
Select Distribution Point OptionNew Distribution Point Role

IIS, Branch Cache, LEDBAT settings

Select Install & Configure IIS option (Recommended). You can select Branch Cache, LEDBAT, and the other options if you plan to use those.

Click on NEXT to continue.

IIS Configuration
IIS Configuration – New Configuration Manager Distribution Point

Client Communication Settings

NOTE! – Configure how client devices communicate with the new distribution point: HTTP or HTTPS communication? I selected HTTP as the new distribution point setup. More details about HTTPS site system configuration are available in the previous post.

HTTP – Doesn’t support mobile or Mac computers. Allow clients to connect anonymously. HTTPS – Requires computers to have a valid PKI client certificate.

DP and Client Communication
DP and Client Communication – Configuration Manager Distribution Point

Drive Letter Settings

Specify the Drive settings for the New SCCM Distribution Point (I have selected the default settings).

NOTE! – Do not use C drive content library location. Try to create a NO_SMS_ON_DRIVE.SMS (blank text file) in the drives you don’t want to use as a content library location.

➡➡To prevent the content library from being installed on a specific drive, create an empty file named NO_SMS_ON_DRIVE.SMS. Copy it to the industry’s root before the content library is created.

Drive Setting for new DP
Drive Setting for new DP

Other Configurations – PXE, Multicast

Enable PXE from the PXE settings page (Install Windows Deployment Services – WDS) and configure another PXE-related configuration from Microsoft doc. and Click Next.

Multicast from the Multicast configuration page and click Next. Content validation is the optional integration of the content distributed to Distribution Point and Click next.

Specify the boundary groups associated with the new Site system/Distribution point. Click NEXT, NEXT, and CLOSE to complete the creation of a unique Distribution Point from the Configuration Manager console.

Log Files to Confirm Installation of a New Distribution Point

Hman.log log file is the best place to check the progress of the SCCM (Configuration Manager) Distribution Point.

The following packages shall get deployed to all SCCM DPs by default. You don’t have to deploy these packages to your DPs.

  • Configuration Manager Client Upgrade Package
  • Configuration Manager Client Package
Install SCCM DP - MEMCM
Install SCCM DP – MEMCM – Configuration Manager Distribution Point
Server Info of site TP4 has changed. Update the DPInfo table in the database.
Distribution Points of site TP4 have changed. Update the DistributionPoints table in the database.
Inserted DP ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com. CRC:9190EA6C,PDP:0,PullDP:0
Publish Client Packages To New DP. DP's SiteCode is TP4, this site is TP4. DP Reports to SecondarySite = 0. Publish the client package

The following are Distmgr.log log file entries while building a new DP server in your configuration manager infrastructure.

DP upgrade processing thread: Upgrading DP with ID 2. Thread 0x127c. Used 1 threads out of 50.
Processing 2.INS
DPID 2 - NAL Path ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ , ServerName = SCCMTP2.INTUNE.COM, DPDrive = , IsMulticast = 0, PXE = 0, RemoveWDS = 0, SccmPXE = 0
PullDP ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ is marked Uninstalled
GetDPUsableDrives - ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\
user(NT AUTHORITY\SYSTEM) runing application(SMS_DISTRIBUTION_MANAGER) from machine (SCCMTP2.Intune.com) is submitting SDK changes from site(TP4)
Finished GetDPUsableDrives - ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\
GetContentLibLocation - SCCMTP2.INTUNE.COM
.
.
The distribution point ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\ is not installed or upgraded yet.
IISPortsList in the SCF is "80".
IISSSLPortsList in the SCF is "443".
.
.
DP settings have been updated to SCCMTP2.INTUNE.COM.
Install Internet server= 1
Command line to install IIS: 'dism.exe /online /norestart /enable-feature /ignorecheck /featurename:"IIS-WebServerRole" /featurename:"IIS-WebServer" /featurename:"IIS-CommonHttpFeatures" /featurename:"IIS-StaticContent" /featurename:"IIS-DefaultDocument" /featurename:"IIS-DirectoryBrowsing" /featurename:"IIS-HttpErrors" /featurename:"IIS-HttpRedirect" /featurename:"IIS-WebServerManagementTools" /featurename:"IIS-IIS6ManagementCompatibility"  /featurename:"IIS-Metabase" /featurename:"IIS-WindowsAuthentication"  /featurename:"IIS-WMICompatibility"  /featurename:"IIS-ISAPIExtensions" /featurename:"IIS-ManagementScriptingTools" /featurename:"MSRDC-Infrastructure" /featurename:"IIS-ManagementService" '.
.
.
Finished updating DP setting from SCF to DP machine, configure branchcache, LEDBAT, DOINC - SCCMTP2.Intune.com
Successfully updated configuration settings on server - SCCMTP2.Intune.com
.
.
Finished GetDPUsableDrives - ["Display=\SCCMTP2.Intune.com\"]MSWNET:["SMS_SITE=TP4"]\SCCMTP2.Intune.com\
CreateSignatureShare, connecting to DP
Successfully created the directory for the signature export - \SCCMTP2.Intune.com\C$\SMSSIG$.
Successfully created share SMSSIG$ on server SCCMTP2.Intune.com
Share SMSPKGC$ exists on distribution point \SCCMTP2.Intune.com\SMSPKGC$
Finished GetContentLibLocation - SCCMTP2.Intune.com
.
.
Enabling Anonymous access for virtual directory CCMTOKENAUTH_SMS_DP_SMSPKG$.
Successfully created the virtual directory CCMTOKENAUTH_SMS_DP_SMSPKG$ for the physical path C:\SCCMContentLib.
Successfully created the virtual directory SMS_DP_SMSSIG$ for the physical path C:\SMSSIG$.

Results – Configuration Manager Distribution Point

Navigate to \Monitoring\Overview\Distribution Status\Content Status and check the package status from MECM Console!

Successful Distribution of Packages  - New Distribution Point Role
Successful Distribution of Packages SCCM|Configuration Manager – New Distribution Point Role

Resources

13 thoughts on “SCCM Install New Distribution Point Role | ConfigMgr”

  1. Hi Anoop,

    There is a dedicated standard DP in a remote site that has Multicast Enabled. There is no servers apart from this server that multicast enabled in the environment . Is any separate configuration required on the primary site ?

    Where i can see these logs ?
    McsISAPI.log
    McsMSI.log
    McsSetup.log
    McsPrv.log

    KT

    Reply
  2. Hi Anoop, Can you explain prerequisites again as i cant find remote differential compression (server 2019).

    thanks in advance

    Reply
  3. What if the new DP is to be in a different forest? To go around I tried installing the new DP under a Site System Installation Account that belongs to that other forest yet I see in configuration Status 2 failed packages and the rest sitting for 2 days In Progress.

    Reply
  4. Dear sir,
    I have configured a DP in workstation. Workstation is win 10 version 20h2. And after configuration contain distribution completed. But not able to deploy the image. I have enable pxe responder without WDS role. But some how not working. Please suggest.

    Reply
  5. Hi Anoop,

    Does clients in a new forest require to communicate back to the Primary site or is this where the DP comes in?
    We have no FW rules between the clients and the Primary site as they are on two different domains, but all the required ports are opened between DP (in new forest) and the Primary site.
    Reason I asked is because we are trying to deploy an agent to a server in a new forest and it keeps failing and ccm.log is showing the following:

    —> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN1\CM-PUSH-SVC (00000035)
    —> The device CLIENT02.domain.com does not exist on the network. Giving up
    —> Trying each entry in the SMS Client Remote Installation account list
    —> Attempting to connect to administrative share ‘\\CLIENT02\admin$’ using account ‘DOMAIN1\CM-PUSH-SVC’
    —> SspiEncodeStringsAsAuthIdentity succeeded!
    —> SspiExcludePackage succeeded!
    —> SspiMarshalAuthIdentity succeeded!
    —> NetUseAdd failed: 53: dwParamError = 0
    —> NTLM fallback is enabled

    Reply
  6. Where is the pervious Post about HTTPS? How do we find Previous Post?

    “More details about HTTPS site system configuration are available in the previous post.”

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.