Site System Roles - Best Practices

Similar Messages

• SCCM Site System Roles - Installation/Configuration chronological order

  Hello folks,
  I have been reading quite a few documents in order to expertise my SCCM knowledge. I wonder is there any best practice that we need to follow while implementing the Site System Roles.. Like 1. SUP, 2. MP, 3. DP? and what makes the difference in doing so?
  Thanks,

  This cannot be answered in a single forums thread because there are too many factors involved (business needs, customer's environment, LAN/WAN setup, budget etc). Adding multiple roles will provide load balancing (kind of) and high availability (also
  kind of). 
  Torsten Meringer | http://www.mssccmfaq.de

• "Add Site System Role" is greyed out in the SCCM console

  SCCM 2012 R2 CU3
  Single Primary Site
  Issue where “Add Site System Role” is greyed out in the SCCM console. We can install roles through PowerShell, however in the console we cannot add roles, remove roles, or change the properties of the site server.
  The account we are using is full administrator in SCCM. It was used to install sccm infrastructure.
  Any suggestions
   

  Anything related to these?
  https://social.technet.microsoft.com/Forums/en-US/4226f698-1114-4a62-bc25-705788432955/add-site-system-roles-remove-roles-greyed-out?forum=configmanagergeneral
  https://social.technet.microsoft.com/Forums/en-US/76bb0064-9d5a-4b0e-b955-472fb5e9e833/the-add-site-system-role-is-grey-out-after-deleted-the-cloud-distribution-point?forum=configmanagerdeployment#5347193f-997b-41a6-8011-5320e3dd8a9e

• SCCM and ForeFront Endpoint Protection point site system role

  Thanks for looking at this......I am working with SCCM 2012, and ForeFront Endpoint Protection has been set up as an Endpoint Protection point site system role.  Up to now we just haven't had to mess with it much, it just has worked.  I
  have been busy packaging applications for the eager public. I have one pc that has had the Endpoint client self destruct.  Had to remove it via the control panel.  I next did a machine policy retrieval and evaluation cycle (among others) and sccm
  shows that it is aware that this particular machine needs FEP. It lists it as "To Be Installed".  How long will this take?  I have things set for "as soon as possible".   Am I at the mercy of Sccm?  Also, is there
  a way to force the install?  Thanks for any light you can shed on this!

  This will depend on your SCCM client policy settings to allow SCEP installation outside of maintenance windows (if you have any).
  It will also depend if you are using 2 hour deployment "randomizer" option in your SCCM client policy.
  Lastly, you can install it with BITS that have already been downloaded with SCCM client install.
  c:\windows\ccmsetup\scepintall.exe

• SCCM R2 CAS Missing "Add Site Systems Role" menu

  Working with SCCM R2 in a lab environment and I'm Stumped.  I expanded my primary site into a hierarchy and on the new CAS I don't have the add site systems role menu when connected to the CAS. 
  This is what I see when connected to the primary site:
  This is what I see when connected to the CAS:
  Logged on as the domain administrator account used to install both roles, full administrator on both sites.  I can't find any documentation that this is a designed change.
  Any Ideas?

  At this point that's not relevant, I'm not even getting the menu item to start the wizard.  I'm logged in with the account that did the installation yet it's almost like I have view-only permissions. I'm beginning to think there's a trust issue between
  my systems so I'm starting over (i.e. applying the snapshots before I installed) and resetting the trust for my CAS system.

• Add Site System Roles (Management Point)

  To resolve an issue I was having with the management point role I have removed it.
  I left it for an hour and then restarted the server and the role had been removed. When I tried to re-add the role the option is greyed out. I believe this is due to the Server being the primary site but am finding it hard to get any definitive answer on
  how to re-add the role.
  Currently my site has no management point.
  My question is HOW DO I RE-ADD THE ROLE OF "MANAGEMENT POINT"?
  Will the configuration management setup wizard allow me to do this, whilst retaining the current roles and config?

  I thought it was a permissions issue at first to. Signed into the server with the service account used to install SCCM and also explicitly named my domain account as a local admin despite me being a domain admin. Furthermore, I have access to remove the
  roles from the server and permission to add and remove roles to all other servers.
  Adding role
  In management console Administration>Site Configuration>Servers and Site System Roles
  This bring up the list of servers and when left clicked their roles. I right click on the server in question and the option to "add site system roles" is greyed out as are the sub-options under start and the option to delete.
  Will screen shot in the morning

• System Emails Best Practices

  Hi, I need a professional recommendation on what is the best practice when dealing with our customers system emails.
  I'm asking this because BC create all the workflows and system emails with the partner details, which I find really ridiculous.
  Then you have to go and change all of these emails to the client email. I realised lately that BC have a default email setting for system emails. I changed all these to my client email address, but still I'm receiving inquiry and they are getting my name somehow.
  This is very embarassing and I hate to see it happening again. Can someone please help me with what procedures I need to take to avoid this.
  As partners do we usually leave ourselves as administrators and receiving every workflow our client receives? What if you have 100 clients?
  Shouldnt BC add a "BC Partner" to users? like a super administrator in Joomla instead of being together with other administrator?
  Thanks
  Michel

  Hi Michel,
  The system is a framework in terms of site elements, so of course will have default information which you can choose to change or not (such as workflows).
  In terms of forms and notification emails:
  - Make sure you update forms notifications and emails
  - Make sure you update notification emails for mailing lists
  - Make sure the mass change for system emails is applied and you choose the correct template if you wish to for each one.
  For Workflows:
  - System comes with some basic ones and of course you can build your own.
  - Normally the thing you will do is modify or add your clients to "users" or their own role such as "busines name admin" for example. You may have multiple users and for them to have multiple roles. Under the new interface permisions control what they see and have access too.
  - Workflows are set to you for testing mainly, allowing you to get workflows and email notifications as you develop to see how things are shaping up and are working.
  - Go into workflows and change them so that emails / txts / steps go to the right people.
  You can find more information if you need to on workflows in the knowledgebase if you not gone through them already.

• Failover cluster File Server role best practices

  We recently implemented a Hyper-V Server Core 2012 R2 cluster with the sole purpose to run our server environment.  I started with our file servers and decided to create multiple file servers and put them in a cluster for high
  availability.  So now I have a cluster of VMs, which I have now learned is called a guest cluster, and I added the File Server role to this cluster.  It then struck me that I could have just as easily created the File Server role under my Hyper-V
  Server cluster and removed this extra virtual layer.  
  I'm reaching out to this community to see if there are any best practices on using the File Server role.  Are there any benefits to having a guest cluster provide file shares? Or am I making things overly complicated for no reason?
  Just to be clear, I'm just trying to make a simple Windows file server with folder shares that have security enabled on them for users to access internally. I'm using Hyper-V Core server 2012 R2 on my physical servers and right now I have Windows
  Server Standard 2012 R2 on the VMs in the guest cluster.
  Thanks for any information you can provide.

  Hi,
  Generally with Hyper-V VMs available, we will install all roles into virtual machines as that will be easy for management purpose.
  In your situation the host system is a server core, so it seems that manage file shares with a GUI is much better.
  I cannot find an article specifically regarding "best practices of setting up failover cluster". Here are 2 articles regarding build guest cluster (you have already done) and steps to create a file server cluster. 
  Hyper-V Guest Clustering Step-by-Step Guide
  http://blogs.technet.com/b/mghazai/archive/2009/12/12/hyper-v-guest-clustering-step-by-step-guide.aspx
  Failover Cluster Step-by-Step Guide: Configuring a Two-Node File Server Failover Cluster
  https://technet.microsoft.com/en-us/library/cc731844(v=ws.10).aspx
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Reporting site system role fails to install

  When I try to install the site system reporting role it shows success but looking at the status is shows critical. The srsrpsetup.log shows the following..
  <01/27/15 10:53:10> ====================================================================
  <01/27/15 10:53:10> SMSSRSRP Setup Started....
  <01/27/15 10:53:10> Parameters: C:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /install /siteserver:LOUSYSCNTR01 SMSSRSRP 0
  <01/27/15 10:53:10> Installing Pre Reqs for SMSSRSRP
  <01/27/15 10:53:10>         ======== Installing Pre Reqs for Role SMSSRSRP ========
  <01/27/15 10:53:10> Found 1 Pre Reqs for Role SMSSRSRP
  <01/27/15 10:53:10> Pre Req SqlNativeClient found.
  <01/27/15 10:53:10> SqlNativeClient already installed (Product Code: {3965C9F9-9B9A-4391-AC4B-8388210D3AA0}). Would not install again.
  <01/27/15 10:53:10> Pre Req SqlNativeClient is already installed. Skipping it.
  <01/27/15 10:53:10>         ======== Completed Installation of Pre Reqs for Role SMSSRSRP ========
  <01/27/15 10:53:10> Installing the SMSSRSRP
  <01/27/15 10:53:10> Passed OS version check.
  <01/27/15 10:53:10> .NET Framework 4.0 Full profile is installed.
  <01/27/15 10:53:10> Clean up old files
  <01/27/15 10:53:10> Deleting \\?\C:\Program Files\SMS_SRSRP, FAILED, Win32 Error = 2
  <01/27/15 10:53:10> Cannot delete old installation directory C:\Program Files\SMS_SRSRP. Error Code=2. Installation will continue.
  <01/27/15 10:53:10> No versions of SMSSRSRP are installed.  Installing new SMSSRSRP.
  <01/27/15 10:53:10> Enabling MSI logging.  srsrp.msi will log to C:\Program Files\Microsoft Configuration Manager\logs\srsrpMSI.log
  <01/27/15 10:53:10> Installing C:\Program Files\Microsoft Configuration Manager\bin\x64\srsrp.msi SRSRPINSTALLDIR="C:\Program Files\SMS_SRSRP" SRSRPLANGPACKFLAGS=0
  <01/27/15 10:53:12> srsrp.msi exited with return code: 0
  <01/27/15 10:53:12> Installation was successful.
  <01/27/15 10:53:12> Cannot register C:\Program Files\SMS_SRSRP\srsserver.dll, it doesn't exist
  <01/27/15 10:53:12> Cannot register C:\Program Files\SMS_SRSRP\srsserver.dll, it doesn't exist
  <01/27/15 10:53:12> Cannot register SRSRP interop DLL C:\Program Files\SMS_SRSRP\srsserver.dll. Installation cannot continue.
  <01/27/15 10:53:12> Fatal MSI Error - srsrp.msi could not be installed.
  <01/27/15 10:53:12> ~RoleSetup().

  Do the DLLs exist? Have you temporarily turn off AV and install the RP? what does srsrpMSI.log log say?
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• Portal System Transport (Best Practice)

  Hello,
  We have DEV, QA and PRD landscape. We have created systems that connect to backend ECC systems. Since the DEV and QA ECC system has one application server, we have created a portal system of type singe application server in the DEV Portal that points to DEV ECC system. Subsequently we have transported this portal system to QA portal and make it point to QA ECC.
  Now the Prd ECC systems is of type load balancing with multiple servers. The portal system that connects to Prd ECC system should also be of type Load Balancing. Now we cannot transport the QA portal system that connects to QA ECC system to prd since its of type Single Application Server.
  What will be the best strategy to create the portal system in prd portal that points to PRD ECC.
  1. Create the portal system freshly in Prd system of type Load Ballancing. Does it adhere to the best practise approach that suggest Not to Create anyting in prd system directly.
                                                     OR
  2, Is there any other way that should I follow to make sure that Best Practices for Portal Dvelepment is followed.
  Regards
  Deb

  I don't find it useful to transport system objects so I make them manually.

• Configuring AD Sites and Services best practice for multiple office site ?

  Hi People,
  Can anyone here please suggest me or share the link of what is the best practice in configuring the AD Sites and Service for single AD domain with multiple office sites ?
  I'd like to know more about the number and the direction of the connection between Domain Controllers in one site to the Data Center and vice versa.
  Thanks.
  /* Server Support Specialist */

  Hi People,
  Can anyone here please suggest me or share the link of what is the best practice in configuring the AD Sites and Service for single AD domain with multiple office sites ?
  This series can be useful:
  Active Directory Structure Guidelines – Part 1
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Development System Backup - Best Practice / Policy for offsite backups

  Hi, I have not found any recommendations from SAP on best practices/recommendations on backing up Development systems offsite and so would appreciate some input on what policies other companies have for backing up Development systems. We continuously make enhancements to our SAP systems and perform daily backups; however, we do not send any Development system backups offsite which I feel is a risk (losing development work, losing transport & change logs...).
  Does anyone know whether SAP have any recommendations on backuping up Development systems offsite? What policies does your company have?
  Thanks,
  Thomas

  Thomas,
  Your question does not mention consideration of both sides of the equation - you have mentioned the risk only.  What about the incremental cost of frequent backups stored offsite?  Shouldn't the question be how the 'frequent backup' cost matches up with the risk cost?
  I have never worked on an SAP system where the developers had so much unique work in progress that they could not reproduce their efforts in an acceptable amount of time, at a acceptable cost.  There is typically nothing in dev that is so valuable as to be irreplaceable (unlike production, where the loss of 'yesterday's' data is extremely costly).  Given the frequency that an offsite dev backup is actually required for a restore (seldom), and given that the value of the daily backed-up data is already so low, the actual risk cost is virtually zero.
  I have never seen SAP publish a 'best practice' in this area.  Every business is different; and I don't see how SAP could possibly make a meaningful recommendation that would fit yours.  In your business, the risk (the pro-rata cost of infrequently  needing to use offsite storage to replace or rebuild 'lost' low cost development work) may in fact outweigh the ongoing incremental costs of creating and maintaining offsite daily recovery media. Your company will have to perform that calculation to make the business decision.  I personally have never seen a situation where daily offsite backup storage of dev was even close to making  any kind of economic sense. 
  Best Regards,
  DB49

• Modifying SAP standard roles - best practice

  Hi,
  Is there a Best practice How-to guide for configuring SAP BPs roles for client use.  I know I shouldn't change the content delivered by SAP but I'm not quite sure what I should delta link copy into client namespace.
  I am implementing MSS.  Do I just delta link copy the Manager role into client namespace or I should make a delta link copy of the My Staff workset then make changes to the workset and assign it to a completely new ClientManager role?
  I have the TransportEP6Content how to guide but it doesn't say explicitly what is best parctice.  This doc references 'HowTo Use Business Packages in Enterprise Portal 6.0' but it isn't where it says it is on service marketplace.
  TIA,
  J

  Hi,
    'How to use Busiess Packages in Enterprise Portal 6.0' is available in this link.
  http://help.sap.com/bp_epv260/EP_EN/documentation/How-to_Guides/misc/Using_Business_Packages.pdf
  Check out for the best practices.
  Regards,
  Harini S

• Composite Release Roles Best Practice

  I have a question in regards to best practice for utilizing composite release roles.
  We had an issue recently where Purchasing Doc Type (M_BEST_BSA - BSART), Release Code (M_EINK_FRG - FRGCO) and Release Group (M_EINK_FRG - FRGCO), which are maintained at the task role were over written with blanks when derived from the template role.  The template role has these three fields maintained as blanks.  All other data is consisten from the template role to the task role with the exception of the Organizational Levls (ie Plant, Purchasing Org, Purchasing Group).  We then have a variety of task roles that make up the composite.
  Would it make sense to maintain these three fields as Org Level data at in the task role?
  What are our other options?
  Thanks for your assistance.

  We do have DEV, QA, PRD, Training and Sandbox environments.  Our standard practice is to develop in DEV (200) role out to the other DEV clients and then transport to QA for UAT.  I have come across on occasion where the roles are not consistant across all DEV clients and if development work was completed on a role in DEV that was not consistant with the production role then we would be fubar.  This did occur a few weeks back; however, it was caught in time.
  Chain of events went as follows
  1. Request submitted to remove a plant value
  2. Dev work completed and moved to QA.  Based on screen shots of UAT we can see that the three fields were yellow at this point (blank values)
  3. End user did not recognize the caution flags as they were only looking at org value to ensure plant was removed.
  4. Developer failed to highlight the unmaintained fields
  5. Roles moved to production which halted purchasing teams
  This hole thing is very confusing 
  My only guess was the development work was completed on an old role in the wrong dev client.  But then this opens up another issue.  Why was there an old role as standard practice is to move the new roles to all dev clients once completed.

• Site Maintenance Task Best Practice

  As per our understanding,  we need to either enable "Clear Install Flag" task or "Delete Inactive Client Discovery Data" task.
  please do let us know, what will be consequences if we enabled the both tasks & what are the best practices.
  Prashant Patil

  Clear Install Flag
  task is highly dependent on heartbeat discovery. If you install client on computer and heartbeat sent the information to Site making its Install flag as Active in Database and at later stage ,If you uninstall client,still the Install Flag will be active
  until it is discovered by heartbeat Discovery. When the client is not discovered by Heartbeat discovery,Install Flag will be cleared.
  As a thumb rule,When
  enabling this task, set the Client Rediscovery period to
  an interval longer than the Heartbeat Discovery schedule.
  More information about how Clear Install Flag works is given here  http://myitforum.com/cs2/blogs/jgilbert/archive/2008/10/18/client-is-installed-flag-explained.aspx
  Delete Inactive Client Discovery Data:
  suggest you to look at technet document,its clearly explained http://technet.microsoft.com/en-us/library/bb693646.aspx 
  Eswar Koneti | Configmgr blog:
  www.eskonr.com | Linkedin: Eswar Koneti
  | Twitter: Eskonr