Let’s look at the installation of Configuration Manager (a.k.a SCCM) secondary server step by step guide. More details about SCCM secondary server installation are in the following sections. You can’t install a secondary server without a primary server.
Secondary sites support the maximum number of 15,000 desktops devices. I wouldn’t say I like secondary servers in ConfigMgr architecture (a.k.a) design mainly because it increases the complexity of SCCM infra.
NOTE! – Install a secondary site from within the SCCM console. Secondary sites don’t support a scripted command-line installation.
Prerequisites of ConfigMgr Secondary Site
Let’s have a quick go-through of the new SCCM secondary server installation prerequisites before starting the installation.
NOTE! As mentioned in the following section (Source Files for Secondary Site Installation), ensure the secondary site source files should be copied from the primary server to the secondary server.
Server OS Requirement for Secondary Server
You can install a Secondary server on Windows Server 2012 and later operating systems. You can’t install a secondary server on Windows 10 devices at all!
You can’t install a secondary server on domain controllers. Secondary site servers aren’t supported on any domain controller.
A two-way trust is required between the site servers installers like CAS, primary, and secondary servers.
User & Computer Access Rights Requirements
The user account *SCCM Admin account* that installs the site must have the following rights.
- Administrator on the following servers:
- The Secondary site server.
- Primary and SQL (?) System Accounts should be part of the local admin group of the secondary servers.
- The computer account of the parent primary site must be an Administrator on the secondary site server.
- The ConfigMgr secondary site server must meet all prerequisite configurations.
- More SQL related access rights are explained in the below section.
NOTE! – More details are available in Microsoft documentation here.
.net – Other Windows Server roles and feature
You need to ensure all the Windows Server roles and features-related prerequisites are in place for secondary server installation. More information here.
NOTE! – .NET Framework 4.0 is installed or enabled on the Configuration Manager secondary site server. This SQL version required for SCCM secondary site by SQL Server Express.
Secondary SQL DB Setup
Install SQL server DB for ConfigMgr | SCCM Server infrastructure. More Details “The Complete Guide for SQL 2017 Installation for SCCM.”
- Open Firewall Ports for the new infrastructure. More details about firewall port requirements for SCCM infrastructure.
Install ISS, Remote Differential & BITS
- Install Remote Differential & BITS. More details Install Remote Differential Compression & BITS for ConfigMgr.
- Install IIS for secondary SCCM server infra.
NOTE! – You can ignore the warning in ConfigMgrprereq.log file similar to the following.
BITS enabled; Warning; Background Intelligent Transfer Service (BITS) is required for the management point and distribution point site system roles. BITS is not installed, IIS 6 WMI compatibility component for IIS7 is not installed on this computer or the remote IIS host, or Setup was unable to verify remote IIS settings because IIS common components were not installed on the site server computer. Also, check if IIS/BITS services are running properly. Setup cannot continue until BITS is installed and enabled in the IIS settings.
SQL Server Access – Non SQL Express Installation
This is not required if you are installing SQL express version. The following setting is only required when the secondary site uses a previously installed instance of SQL Server to host the secondary site database:
NOTE! – If you choose to have Configuration Manager install SQL Server Express as part of the secondary site installation, ensure that the computer meets the requirements to run SQL Server Express.
The computer account of the parent primary site must have sysadmin rights on the instance of SQL Server on the secondary site server.
The Local System (NT AUTHORITY\SYSTEM) account of the secondary site server computer must have sysadmin rights on the instance of SQL Server on the secondary site server.
NOTE! – The Security Admin rights on the instance of SQL Server on the secondary site server for NT AUTHORITY\SYSTEM is not mandatory as per Microsoft docs. However, you need to provide additional permissions to the local system account on the new secondary server SQL DB in some scenarios.
Install a secondary site
You can install a secondary server from the parent primary server console. You don’t need to connect to the primary site that will be the parent site to the new secondary site. You can initiate the secondary server installation from any primary server from the same hierarchy.
- Launch SCCM console
- Navigate to \Administration\Overview\Site Configuration\Sites.
- Click on Create Secondary Site in the ribbon to start SCCM secondary installation.
Click on the Next button.
Specify Settings for a New Secondary Site
Let’s specify settings for a new SCCM secondary site.
- Enter the side code for the new secondary site.
- HS0 (Check out for the best practices here)
- Click on the Browse button to select the secondary site server from Active directory.
- Site Server Name -> MEMCMSecondary.memcm.com
- Enter the SCCM Secondary Site Name – This is a friendly name of your new secondary site.
- HTMD Secondary Site Server
- Installation folder – Select any drives apart from C Drive.
- D:\Program Files\Microsoft Configuration Manager\
Source Files for Secondary Site Installation
I recommend copying sources files to install a new secondary site from the primary server. Source file location is
- Use the source files from the following location on the primary server.
- The CD.Latest source file location includes a folder named Redist.
- Move this Redist folder as a subfolder under the SMSSETUP folder.
- Copy the following files from the Redist folder to the SMSSETUP\BIN\X64 folder:
Use the source files at the following location on the secondary site computer option – C:\Sources\Secondary Server Sources\Source\cd.latest.
SQL Installation Setup for Secondary Site
On the SQL Server Settings page, specify the version of SQL Server to use, and then configure related settings. As mentioned in the above section, I already installed SQL on the secondary server.
NOTE! – For more information on SQL express installation configuration, refer to the Microsoft docs.
- Select Use an existing SQL Server instance.
- All the following details are automatically populated from the previously entered details.
- SQL Server FQDN:MEMCMSecondary.memcm.com
- SQL Server instance: <Blank>
- ConfigMgr site database name: HS0
- SQL Server Broker port:4022
DP Selection for Secondary Site
Let’s select the Distribution Point secondary site for the secondary server.
- Enter the description of DP as part of secondary server installation:
- Secondary Site DP
- Select Install and Configure IIS if required by Configuration Manager.
- Click on NEXT to continue.
Select either HTTP or HTTPS communication settings between DP and clients. I have selected HTTP for the secondary server DP.
Click on NEXT to continue.
Select the Drive settings for Secondary site DP.
Drive space Reserve (MB): 50.
Primary Content Library Location: Automatic
Select the Content validation schedule for the SCCM Secondary Site Distribution Point.
Click the Next to continue.
Select or add a boundary group to the new secondary site DP.
Click Next, Next, and Close to complete the new SCCM Secondary server installation.
General The following information is used to verify installation prerequisites and install the secondary site. To verify the secondary site installation status, check the Site Hierarchy node in the Monitoring workspace. Site Identity Site code: HS0 Site server name: MEMCMSecondary.memcm.com Site name: HTMD Secondary Site Server Installation folder: C:\Program Files\Microsoft Configuration Manager\ Accounts Site server communication account: • Primary site connection: Secondary computer account • Secondary site connection: Primary computer account Site System Roles Management point: MEMCMSecondary.memcm.com Distribution point: MEMCMSecondary.memcm.com Installation Status Copy installation source from parent: No Source file location: C:\Sources\Secondary Server Sources\Source\cd.latest SQL Server Settings Install and configure SQL Server Express: No SQL Server FQDN: MEMCMSecondary.memcm.com SQL Server instance name: Site database name: CM_HS0 SQL Server Service Broker port: 4022 Boundary Groups Boundary Settings Boundary Groups
Status Check Secondary Server Installation
Navigate to \Administration\Overview\Site Configuration\Sites.
Click on the secondary site.
Click on the Show Install Status button from the ribbon to check the status of the secondary server installation.
Check the ConfigMgrPreReq.log on the primary server.
Once the prerequisite is completed successfully, Refer to the following logs on the new secondary server. The smstvc.log for secondary server installation-related log on secondary server C:\.
- SMS_BootStrap.log on secondary server C:\.
- ConfigMgrSetupWizard.log is not useful for secondary server installation.
- ConfigMgrSetup.log to validate the installation of the secondary server.
Successfully parsed C:\Sources\Secondary Server Sources\Source\cd.latest\SMSSETUP\install.map. $$<08-02-2020 07:20:55.469+0>
C:\Sources\Secondary Server Sources\Source\cd.latest\SMSSETUP\install.map build number "8968" is correct.
Elapsed time since startup
Running SMS Setup…
Successfully parsed C:\Sources\Secondary Server Sources\Source\cd.latest\SMSSETUP\install.map.
Started "C:\Sources\Secondary Server Sources\Source\cd.latest\SMSSETUP\bin\x64\SetupWPF.exe /script C:\SMS_BOOTSTRAP.ini /nouserinput" as PID 5192
- SMS_Bootstrap.CMD for secondary server automation.
NOTE! – The automation of the SCCM (ConfigMgr) secondary server is NOT supported. This is just for reference and troubleshooting purposes. SMC_Bootstrap.EXE is also required to perform this activity.
[Identification] Action=InstallSecondarySite [Options] SiteCode=HS0 SiteNumber=65538 SiteName=HTMD Secondary Site Server SMSInstallDir=C:\Program Files\Microsoft Configuration Manager\ ParentSiteCode=MEM ParentSiteServer=CMMEMCM.memcm.com AddressType=MS_LAN UseFQDN=1 [SQLConfigOptions] SQLServerName=MEMCMSecondary.memcm.com DatabaseName=CM_HS0 InstallSQLExpress=0 SQLSSBPort=4022 [HierarchyExpansionOption] ParentSiteNumber=1 ParentSQLServerName=SQLMEMCM.memcm.com ParentDatabaseName=CM_MEM ParentSQLServerSerializedCertificate=308201DD30820146A003020102021016CFF745AACFE5984DA4842764163839300D06092A864886F70D0101050500302D312B302906035504031322535342205472616E73706F7274205365637572697479204365727469666963617465301E170D3230303232383136303930305A170D3430303232383136303930305A302D312B3029060355040313225353 ParentSQLServerSSBCertificateHostSqlServerFqdn=emyBc3pUXh0mYYq+TT6uhTkMGs4= ParentSQLServerMachineSerializedCertificate=308202FC308201E4A00302010202107DDA8D0392C984B54BA1449D9206D5CE300D06092A864886F70D01010B0500301D311B30190603550403131253514C4D454D434D2E6D656D636D2E636F6D3020170D323030323237313534115737465A60AAF0EA ParentSiteServiceExchangeKey=0602000000A400005253413100080000010001004D93C23E370D56CDE7C62495967CC7442E853137530FE413AF63ADF1FE73E959E65BFDE6A1B71A3F02D5703DE22A9F42E3FE0BD6B78F6ACFDF2FBE6F2BFE05C6307F0D9F1895D22F22A8F1D30360F5B3EDB0FAF02ED7ED6F329FD7A48B8ECC2 ParentSQLServerSSBPort=4022 [Bootstrap] Action=Install SetupPath=\SMSSETUP\bin\x64\SetupWPF.exe BuildNumber=8968 InstallMapPath=\SMSSETUP\install.map SecurityMode=Advanced SetupSourcePath=C:\Sources\Secondary Server Sources\Source\cd.latest State=Looking for the SMS CD... StartTime=1596352855 WorkingDir=
The installation of a new SCCM secondary server has been completed successfully.
- Navigate to \Administration\Overview\Site Configuration\Sites
- Click on the new secondary server.
- Click on Show install status (secondary server installation).
State of ConfigMgr secondary site status from Site Configuration – Sites. State = Site Active.
- ConfigMgr Secondary server site folders:
Anoop is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.