Installing Site System Roles in SCCM 2012 R2

Site System Roles are roles that can be installed to support management operations at a Configuration Manager 2012 R2 site. Any computer hosting a site system role is referred to as a site system server. You can assign multiple roles to one site system server. In this blog post we will look at the installation and configuration of Fallback Status Point and Management Point site sytem roles, to get an understanding of how to install site system roles in SCCM 2012 R2.

We will also review the Component Server, Site Server, Site System and Site Database Server site system roles. Installation and configuration of other site system roles, such as for example Software Update Point and Distribution Point, will be covered in separate blog posts, pertaining specifically to those roles.


Following is a table of available site system roles by site type
* Asset Intelligence synchronization point and Endpoint Protection point are supported by stand-alone primary sites.

Site System Role Central
Administration Site
Primary Site Secondary Site
Component server Supported Supported Supported
Distribution point Supported Supported
Management point Supported Supported
Site database server Supported Supported Supported
Site server Supported Supported Supported
Site system Supported Supported Supported
System Health Validator point Supported Supported
State migration point Supported Supported
Fallback status point Supported
Out of band service point Supported
Reporting Services point Supported Supported
Application Catalog web service point Supported
Application Catalog website point Supported
Mobile device enrollment proxy point Supported
Mobile device and AMT enrollment point Supported
Asset Intelligence synchronization point Supported
Endpoint Protection point Supported
Software update point Supported Supported Supported
Windows Intune Connector Supported Supported
Certificate registration point Supported Supported



1. Fallback Status Point


The fallback status point is an optional, but recommended site system role for client deployment. It tracks client installation and enables computers in the ConfigMgr site to send state messages during installation when they cannot communicate with a management point, or post installation if the clients have problems reaching the management point. In other words, two types of messages may occur, the normal messages that appear during client installation and assignment or those identifying unhealthy ConfigMgr 2012 clients, i.e. clients that are unmanaged because they cannot communicate with a Management Point post installation.


1.1 Installing Fallback Status Point


The Add Site System Roles Wizard is used to install all site system roles. Before launching the wizard, one should determine whether the role will be added to an existing server or a new server. For documentation purposes we will add the Fallback Status Point site system role to the site server, in other words to an existing server.

The fallback status point requires the default IIS configuration with the following additions; IIS 6 Management Compatibility and IIS 6 Metabase Compatibility.

1.1.1 Browse to Administration -> Site Configuration -> Servers and Site System Roles -> Site System Server then select Add Site System Roles in the right-click context menu

1.1.2 This will launch the Add Site System Roles Wizard.

Name – Since we selected a specific site system server to install a new role on, the name field will be populated and grayed out.

Site Code – This option is also grayed out, since the site system server is already part of a site.

Specify a FQDN for this site system for use on the Internet – You can supply the FQDN of the server if it will be addressable from the Internet.

Require the site server to initiate connections to this site system – For additional security purposes, you can designate that communication to site systems must be initiated from the site server itself rather than the site system pushing data back to the site server.

Site System Installation Account – You can install the site system by using the site server’s computer account, or a designated (local/domain) user account. The account you use to install the site system, must have local administrator privileges on the system you are installing the site system on. This account will also be used to pull data from the site system computer, if you configure the site system to require the site server to initiate connections to this site system.

Active Directory membership – Which forest/domain does the site system belong to.

By clicking next on the General page, you will be forwarded to the Proxy page. Here you can specify a proxy server the site system will use when connecting to the internet. Only the following site system roles can use a proxy server; Asset Intelligence synchronization point, Cloud-based distribution point, Exchange Server connector, Software updates point, Microsoft Intune connector. After you have installed a site system server, you can configure a proxy server by editing the properties for the site system server.

1.1.4 On the System Role Selection page, select the Fallback Status Point

Not much configuration can be done for the fallback status point.

Allow client connections – This setting is automatically configured.

The only option you can configure are the number of state messages that are allowed to be processed during the given time window. The default values are sufficient for most circumstances.

Once you have completed the installation of the Fallback Status Point, you can check its status in Monitoring -> System Status -> Site Status or Components Status

You can also review the following two logs,
SMSFSPSetup.log – It documents the prerequisites and starts the fsp.msi installation.
fspMSI.log – It provides the installation status of the fallback status point role.


2. Management Point


A management point functions as the primary point of contact between the SCCM 2012 R2 clients and the site server. All site servers that host clients must have at least one management point installed; this includes primary site servers and secondary site servers. Management Points facilitate communication between a client and site server by storing and providing settings and configuration (via the policy), deployments, content location information (finding which distribution points are available) to the client, and receiving data from the client such as status messages and inventory.

Each primary site can support up to 10 management points, while each secondary site supports a single management point that must be installed on the secondary site server. Each management point at a primary site can support up to 25 000 clients, while each management point at a secondary site can support up to 10 000 clients. Management points require a local installation of IIS, .Net Framework 4.5, BITS and access to the site database (for certain operations related to content location).


2.1 Installing Management Point


We will for documentation purposes install a remote Management Point. When a site system role is installed on a computer other than the site server, it is referred to as a remote site system. Similarly, any site system role on that server is referred to as remote. In other words, we will be installing the Management Point role on a computer other than the site server.

Management points require the following features and roles:

Features: .NET Framework 4.5 and BITS (with automatically selected options)
Roles: Web Server (IIS)
Application Development:
ISAPI Extensions
Windows Authentication
IIS 6 Management Compatibility:
IIS 6 Metabase Compatibility
IIS 6 WMI Compatibility

2.1.1 Browse to Administration -> Site Configuration -> Servers and Site System Roles then select Create Site System Server in the right-click context menu

2.1.2 Configure Name, Site code and other options on the General page. Keep in mind the requirements for the Site System Installation Account (as noted in step 1.1.2)

2.1.3 Click Next on the Proxy page
2.1.4 Select to add the management point role, and click Next to proceed to the Management Point page

2.1.5 On the Management Point Page, you can configure the following settings

  • Choose whether clients should communicate with the management point by HTTP or by HTTPS
  • Specify whether you want to receive an alert when the management point is unhealthy. Generated alerts can be found in the Monitoring workspace of the console.


2.1.6 On the Management Point Database Page, you can specify a database to use with the management point and you can specify the account that will be used to connect the management point to the specified SQL Server database. If you specify to use a database replica, the management point will request data from the SQL Server computer that hosts the database replica, and not the site database server. This will help lessen the load on the site database server, and can especially be useful in environments where there are large numbers of clients that make frequent requests for client policy.

2.1.7 Click close when the Wizard completes successfully

You can view management point status in Monitoring -> System Status -> Site Status or Components Status

You can also review the following three logs,

mpMSI.log – MSI log for the management point installation.
mpSetup.log – Shows which site and server the management point is configured to use.
mpcontrol.log – Reviews and checks the management point availability and status.

2.2 Proxy Management Points

A management point installed at a secondary site server is known as a proxy management point, since it is utilized as a proxy between the client and its assigned management point at a primary site. Proxy management points help reduce the impact on the WAN when clients are operating outside the boundaries of their assigned primary site but within the boundaries of a secondary site that is a child of their assigned primary site.


2.3 Preferred Management Points

This is a new feature of SCCM 2012 SP2 and SCCM 2012 R2 SP1. Using boundary groups you can provide clients with a list of preferred management points. Clients will try to use a preferred management point before using management points that are not associated with the clients boundary. To utilize this feature, perform the following actions.

2.3.1 Browse to Administration -> Site Configuration -> Sites, then select Hierarchy Settings in the ribbon bar

2.3.2 On the General Tab, select Clients prefer to use management points specified in boundary groups, then click Ok

2.3.3 Browse to Administration -> Hierarchy Configuration -> Boundary Groups. Then create a new boundary group, or edit the properties of an existing one.

2.3.4 On the References Tab, click Add to add management points

2.3.5 Select the management points you want to associate with the boundary group

2.3.6 Finally, click Apply and OK on the References Tab


3. Component Server


The component server role cannot be added manually, nor can it be manually removed. The component server role is installed automatically when you install a site system role (except for the Distribution Point role). This role is managed by the site server itself and will exist on any server that is running the SMS_Executive service within the hierarchy. The SMS_Executive service runs specified threads that support other roles.



4. Site Database Server


Server with Microsoft SQL Server installed, hosting the Configuration Manager site database. This database is used to store information about assets and site data. You can use the following two logs to gain insight into the health of the database server,

smsdbmon.log – Shows all activities such as inserts, updates, drops, and deletes from the SCCM 2012 R2 database.

smsprov.log – Shows the SQL transaction calls made from the ConfigMgr console or automation scripts via the SDK.


5. Site Server


Contains components and services required to run a central administration, primary, or secondary site. This role manages all functions of the site and interacts with all remote systems hosting site system roles for the site.


6. Site System


Supports both required and optional site system roles. Any server (or share) with an assigned role automatically receives this role. The site server itself will always be a site system as will any remote servers that are deployed to host various roles to provide services needed by the site.

1 Comment

  1. David


Comments are closed.