SCCM 2012 Client on
Linux and UNIX
Test machines I used
were SCCM 2012 w/SQL 2012 (VM) and Linux Unbutu 32bit 12.04 (VM) client
(details below)
First some standard
Microsoft stuff so you don’t have to search a great deal followed by what I
needed to do to get the client installed.
To install the client
for Linux and UNIX, you run a script on each Linux or UNIX computer. The script
is named install and supports command line properties that
modify the installation behavior and reference the client installation package.
The install script and client installation package must be located on the
client. The client installation package contains the Configuration Manager
client files for a specific Linux or UNIX operating system and platform. Each client
installation package contains all the necessary files to complete the client
installation and unlike Windows-based computers, does not download additional
files from a management point or other source location. After you install the
Configuration Manager client for Linux and UNIX, you do not need to reboot the
computer. As soon as the software installation is complete, the client is
operational. If you reboot the computer, the Configuration Manager client
restarts automatically.
Following is the
command format: ./install -mp <computer> -sitecode
<sitecode> <property #1> <property #2> <client
installation package>
Command line
|
Actions
|
./install –mp smsmp.contoso.com -sitecode
S01 ccm-Universal-x64.<build>.tar
|
·
install is the name of the script file that installs the client
for Linux and UNIX. This file is provided with the client software.
·
-mp smsmp.contoso.com specifies the initial management point that is used by
the client.
·
-sitecode S01 specifies the client is assigned to the site with the
site code of S01.
·
ccm-Universal-x64.<build>.tar is the name of the client installation
.tar package for this computer operating system, version, and CPU
architecture.
|
You can insert
additional command line properties before the command line property that
specifies the client installation .tar file. The client installation .tar file
must be specified last.
For a list of command
line options, see Command Line
Properties for Installing the Client on Linux and UNIX Servers.
Use the following
procedure as an example of how to install the client for Linux and UNIX.
Note
|
The following example procedure installs the
client from the cumulative update 1 release of the client for Linux and
UNIX on a Red Hat Enterprise Linux 5 (RHEL5) x64 computer. To
adjust this procedure for the operating systems that you use, replace the client
installation file (ccm-Universal-x64.<build>.tar) with the
applicable package for the computer where you are installing the client. Also
plan to use additional command line properties to meet your requirements.
|
- Copy the install script and the client
installation .tar file to a folder on the RHEL 5 x64 based
computer.
- On the RHEL5 computer, use root credentials
to run the following command to enable the script to run as a program: chmod
+x install
- Next, with root credentials, run the
following command to install the Configuration Manager client: ./install
–mp <hostname> -sitecode <code>
ccm-Universal-x64.<build>.tar
When you enter this command, use additional
command-line properties you require.
- After the script runs, validate the install by reviewing the /var/opt/microsoft/scxcm.log file. Additionally, you can confirm that the client is installed and communicating with the site by viewing details for the client in the Devices node of the Assets and Compliance workspace in the Configuration Manager console.
When you install the
client for Linux and UNIX on a Linux or UNIX computer, you run the install
script with command-line properties that specify the following:
- The client’s assigned site.
- The management point with which the client initially
communicates
- The client installation .tar file for the computer’s
operating system
- Additional configurations you require
The properties
described in the following table are available to modify the installation
behavior.
Note
|
Use the property -h to
display this list of supported properties.
|
Property
|
Required or optional
|
More information
|
||||
-mp <server FQDN>
|
Required
|
Specifies by FQDN, the management point
server that the client will use as an initial point of contact.
Specify the management point by FQDN.
|
||||
-sitecode <sitecode>
|
Required
|
Specifies the Configuration Manager primary
site to assign the Configuration Manager client to. Example: -sitecode
S01
|
||||
-fsp <server_FQDN>
|
Optional
|
Specifies by FQDN, the fallback status point
server that the client uses to submit state messages.
For more information about the fallback
status point, see the Determine Whether You Require a Fallback Status Point section
in the Determine the Site System Roles for Client Deployment
in Configuration Managertopic.
|
||||
-dir <directory>
|
Optional
|
Specifies an alternate location to install
the Configuration Manager client files.
By default, the client installs to the
following location: /opt/microsoft.
|
||||
-nostart
|
Optional
|
Prevents the automatic start of the
Configuration Manager client service, ccmexec.bin, after the
client installation completes.
After the client installs, you must start
the client service manually.
By default, the client service starts after
the client installation completes, and each time the computer restarts.
|
||||
-clean
|
Optional
|
Specifies the removal of all client files
and data from a previously installed client for Linux and UNIX, before the
new installation starts. This removes the client’s database and certificate
store.
|
||||
-keepdb
|
Optional
|
Specifies that the local client database is
retained, and reused when you reinstall a client. By default, when you
reinstall a client this database is deleted.
|
||||
-UsePKICert <parameter>
|
Optional
|
Specifies the full path and file name to a
X.509 PKI certificate in the Public Key Certificate Standard (PKCS#12)
format. This certificate is used for client authentication.
When you use -UsePKICert, you
must also supply the password associated with the PKCS#12 file by use of the-certpw command
line parameter.
If the certificate is not valid, or cannot
be found, the client falls back to use HTTP and a self-signed certificate.
If you do not use this property to specify a
PKI certificate, the client uses a self-signed certificate and all
communications to site systems are over HTTP.
Example: -UsePKICert <Full path
and filename> -certpw <password>
|
||||
-certpw <parameter>
|
Optional
|
Specifies the password associated with the
PKCS#12 file that you specified by use of the -UsePKICertproperty.
Example: -UsePKICert <Full path and
filename> -certpw <password>
|
||||
-NoCRLCheck
|
Optional
|
Specifies that a client should not check the
certificate revocation list (CRL) when it communicates over HTTPS by use of a
PKI certificate. When this option is not specified, the client checks the CRL
before establishing an HTTPS connection by use of PKI certificates. For more
information about client CRL checking, see Planning for PKI Certificate
Revocation.
Example: -UsePKICert <Full path
and filename> -certpw <password> -NoCRLCheck
|
||||
-rootkeypath <file location>
|
Optional
|
Specifies the full path and file name to the
Configuration Manager trusted root key. This property applies to clients that
use HTTP and HTTPS client communication. For more information, see Planning
for the Trusted Root Key.
Example: -rootkeypath <Full path
and filename>
|
||||
-httpport
|
Optional
|
Specifies the port that is configured on
management points that the client uses when communicating to management
points over HTTP. If the port is not specified, the default value of 80 is
used.
Example: -httpport 80
|
||||
-httpsport
|
Optional
|
Specifies the port that is configured on
management points that the client uses when communicating to management
points over HTTPS. If the port is not specified, the default value of 443 is
used.
Example: -UsePKICert <Full path
and certificate name> -httpsport 443
|
||||
-ignoreSHA256validation
|
Optional
|
Specifies that client installation skips
SHA-256 validation. Use this option when installing the client on operating
systems that did not release with a version of OpenSSL that supports SHA-256.
For more information, see the About Linux and UNIX Operating Systems That do not
Support SHA-256 section in thePlanning for Client Deployment for Linux and UNIX
Servers topic.
|
||||
-signcertpath <file location>
|
Optional
|
Specifies the full path and .cer file
name of the exported self-signed certificate on the site server. This
certificate is stored in the SMS certificate store and has
the Subject name Site Server and the friendly nameSite
Server Signing Certificate.
This certificate is used by the client for
all HTTP and HTTPS communications with management points and distribution
points.
Example: -signcertpath=<Full path
and file name>
|
||||
|
|
|
||||
-rootcerts
|
Optional
|
If multiple root certificates exist in the
Configuration Manager environment, you can specify additional root
certificates that the client might need to validate site system servers.
Example: -rootcerts=<Full path
and file name>,<Full path and file name>
|
Download Here:
Install Instructions:
Mac Client:
1. Download the Mac client msi file to a Windows
system
2. Run the msi and it will create a dmg file
under the default location “C:\Program Files (x86)\Microsoft\System Center 2012
Configuration Manager Mac Client” on the Windows system
3. Copy the dmg file to a network share or a
folder on a Mac computer
4. Access and open the dmg file on a Mac computer
and install the client using instructions in the online documentation. http://technet.microsoft.com/en-us/library/jj591553.aspx
Unix/Linux Clients:
5. Download the appropriate file for the
UNIX/Linux operating system you wish to manage to a Windows computer
6. The downloaded file is a self-extracting exe
and will extract tar files for the different versions of your operating system.
7. Copy the install script and the .tar file for
your computer’s operating system version to a folder on your UNIX/Linux
computer.
8. Install the client using instructions in the
online documentation.http://technet.microsoft.com/en-us/library/jj591553.aspx
So here is another fun
part – You need to copy your files extracted from the .exe download (After you
have extracted in Windows) to your Linux OS clients, Copy whichever architecture
.tar file and the install script. To do so:
1. Make sure SSH and PSCP are enabled on your
Linux client/server and Firewalls are appropriate. For the time being I
disabled my test machine firewall.
a. How to see if firewall is active or not
i. sudo
iptables –L –n
b. Sample output
c. How to save firewall rules
i. sudo iptables-save >firewall.rules
d. How to stop firewalls
i. sudo iptables –X
ii. sudo iptables –t nat –F
iii. sudo iptables –t nat -X
iv. sudo iptables –t mangle -F
v. sudo iptables –t mangle –X
vi. sudo iptables –P INPUT ACCEPT
vii. sudo iptables –P FORWARD ACCEPT
viii. sudo iptables –P OUTPUT ACCEPT
Command Line here - http://tech.firdooze.com/2009/11/12/how-to-copying-files-from-windows-to-linux-via-ssh-vice-versa/
a. Download
the executable (.exe) from the link and launch a command line from the working
directory you saved the PSCP executable.
b. BUT
WAIT THERE'S MORE…
c. Run
your command which should resemble the following
(Pscp c:\directory of
.tar files and script extracted download\ccm-linux client name
account@ipaddress of linux client(destination):/linux/destination/directory/)
i.e. pscp
E:\source\NonWindowsOSSCCMClients\ccm-Universalx86.1.0.0.4648.tar shawn@ipaddress:/home/shawn/Downloads/
shawn@ipaddress’s password:
Command line to enable script to run as a program. After you
download and move the script you need to enable the script w/execute privileges.
use root credentials
to run the following command to enable the script to run as a program: chmod
+x install
Command install line
Root@directory# ./install –mp servername.fqdn –sitecode ccm-client.tar
Following is the
command format: ./install -mp <computer> -sitecode
<sitecode> <property #1> <property #2> <client
installation package>
No comments:
Post a Comment