Skip to main content
How to Install Clients on Linux and UNIX Computers in Configuration Manager

Updated: May 1, 2013

Applies To: System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager

noteNote
The information in this topic applies only to System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager.

Before you can manage a Linux or UNIX server with Configuration Manager, you must install the Configuration Manager client for Linux and UNIX on each Linux or UNIX computer. You can accomplish the installation of the client manually on each computer, or use a shell script that installs the client remotely. Configuration Manager does not support the use of client push installation for Linux or UNIX servers. Optionally you can configure a Runbook for System Center 2012 Orchestrator to automate the install of the client on the Linux or UNIX server.

Regardless of the installation method you use, the install process requires the use of a script named install to manage the install process. This script is included when you download the Client for Linux and UNIX.

The install script for the Configuration Manager client for Linux and UNIX supports command line properties. Some command line properties are required, while others are optional. For example, when you install the client, you must specify a management point from the site that is used by the Linux or UNIX server for its initial contact with the site. For the complete list of command line properties, see Command Line Properties for Installing the Client on Linux and UNIX Servers.

After you install the client, you specify Client Settings in the Configuration Manager console to configure the client agent in the same way you would windows-based clients. For more information, see the Client Settings for Linux and UNIX Servers section in the How to Manage Linux and UNIX Clients in Configuration Manager topic.

Use the following sections to help you install the client for Linux and UNIX:

About Client Installation Packages and the Universal Agent

To install the client for Linux and UNIX on a specific platform, you must use the applicable client installation package for the computer where you install the client. Applicable client installation packages are included as part of each client download from the Microsoft Download Center. In addition to client installation packages, the client download includes the install script that manages the installation of the client on each computer.

  • Prior to cumulative update 1, each operating system and platform requires the use of an operating system and platform specific client installation package. The operating system and platform are identified in the name of each client installation package.

  • Beginning with cumulative update 1, the installation packages from the Universal Agent replace the separate client installation packages for several Linux operating systems. However, not all supported operating systems are supported by the Universal Agent. Versions of Linux that are not supported by the Universal Agent and all versions of UNIX continue to require the use of client installation packages that are specific to each operating system and platform.

When you install a client, you can use the same process and command line properties regardless of the client installation package you use.

For information about the operating systems, platforms, and client installation packages that are supported by each release of the Configuration Manager client for Linux and UNIX, see the Client Requirements for Linux and UNIX Servers section in the Supported Configurations for Configuration Manager topic.

Install the Client on Linux and UNIX Servers

To install the client for Linux and UNIX, you run a script on each Linux or UNIX computer. The script is named install and supports command line properties that modify the installation behavior and reference the client installation package. The install script and client installation package must be located on the client. The client installation package contains the Configuration Manager client files for a specific Linux or UNIX operating system and platform.

Each client installation package contains all the necessary files to complete the client installation and unlike Windows-based computers, does not download additional files from a management point or other source location.

After you install the Configuration Manager client for Linux and UNIX, you do not need to reboot the computer. As soon as the software installation is complete, the client is operational. If you reboot the computer, the Configuration Manager client restarts automatically.

The installed client runs with root credentials. Root credentials are required to collect hardware inventory and perform software deployments.

Following is the command format: ./install -mp <computer> -sitecode <sitecode> <property #1> <property #2> <client installation package>

 

Command line Actions

./install –mp smsmp.contoso.com -sitecode S01 ccm-Universal-x64.<build>.tar

  • install is the name of the script file that installs the client for Linux and UNIX. This file is provided with the client software.

  • -mp smsmp.contoso.com specifies the initial management point that is used by the client.

  • -sitecode S01 specifies the client is assigned to the site with the site code of S01.

  • ccm-Universal-x64.<build>.tar is the name of the client installation .tar package for this computer operating system, version, and CPU architecture.

You can insert additional command line properties before the command line property that specifies the client installation .tar file. The client installation .tar file must be specified last.

For a list of command line options, see Command Line Properties for Installing the Client on Linux and UNIX Servers.

Use the following procedure as an example of how to install the client for Linux and UNIX.

noteNote
The following example procedure installs the client from the cumulative update 1 release of the client for Linux and UNIX on a Red Hat Enterprise Linux 5 (RHEL5) x64 computer. To adjust this procedure for the operating systems that you use, replace the client installation file (ccm-Universal-x64.<build>.tar) with the applicable package for the computer where you are installing the client. Also plan to use additional command line properties to meet your requirements.

To install the Configuration Manager Client on Linux and UNIX servers
  1. Copy the install script and the client installation .tar file to a folder on the RHEL 5 x64 based computer.

  2. On the RHEL5 computer, run the following command to enable the script to run as a program: chmod +x install

    ImportantImportant
    You must use root credentials to install the client.

  3. Next, run the following command to install the Configuration Manager client: ./install –mp <hostname> -sitecode <code> ccm-Universal-x64.<build>.tar

    When you enter this command, use additional command-line properties you require.

  4. After the script runs, validate the install by reviewing the /var/opt/microsoft/scxcm.log file. Additionally, you can confirm that the client is installed and communicating with the site by viewing details for the client in the Devices node of the Assets and Compliance workspace in the Configuration Manager console.

Command Line Properties for Installing the Client on Linux and UNIX Servers

When you install the client for Linux and UNIX on a Linux or UNIX computer, you run the install script with command-line properties that specify the following:

  • The client’s assigned site.

  • The management point with which the client initially communicates

  • The client installation .tar file for the computer’s operating system

  • Additional configurations you require

The properties described in the following table are available to modify the installation behavior.

noteNote
Use the property -h to display this list of supported properties.

 

Property Required or optional More information

-mp <server FQDN>

Required

Specifies by FQDN, the management point server that the client will use as an initial point of contact.

ImportantImportant
This property does not specify the management point to which the client will become assigned after installation.

noteNote
When you use the -mp property to specify a management point that is configured to accept only HTTPS client connections, you must also use the -UsePKICert property.

Specify the management point by FQDN.

-sitecode <sitecode>

Required

Specifies the Configuration Manager primary site to assign the Configuration Manager client to.

Example: -sitecode S01

-fsp <server_FQDN>

Optional

noteNote
Beginning with cumulative update 1, the Configuration Manager client for Linux and UNIX supports the use of fallback status points.

Specifies by FQDN, the fallback status point server that the client uses to submit state messages.

For more information about the fallback status point, see the Determine Whether You Require a Fallback Status Point section in the Determine the Site System Roles for Client Deployment in Configuration Manager topic.

-dir <directory>

Optional

Specifies an alternate location to install the Configuration Manager client files.

By default, the client installs to the following location: /opt/microsoft.

-nostart

Optional

Prevents the automatic start of the Configuration Manager client service, ccmexec.bin, after the client installation completes.

After the client installs, you must start the client service manually.

By default, the client service starts after the client installation completes, and each time the computer restarts.

-clean

Optional

Specifies the removal of all client files and data from a previously installed client for Linux and UNIX, before the new installation starts. This removes the client’s database and certificate store.

-keepdb

Optional

Specifies that the local client database is retained, and reused when you reinstall a client. By default, when you reinstall a client this database is deleted.

-UsePKICert <parameter>

Optional

Specifies the full path and file name to a X.509 PKI certificate in the Public Key Certificate Standard (PKCS#12) format. This certificate is used for client authentication.

When you use -UsePKICert, you must also supply the password associated with the PKCS#12 file by use of the -certpw command line parameter.

If the certificate is not valid, or cannot be found, the client falls back to use HTTP and a self-signed certificate.

If you do not use this property to specify a PKI certificate, the client uses a self-signed certificate and all communications to site systems are over HTTP.

noteNote
You must specify this property when you install a client and use the -mp property to specify a management point that is configured to accept only HTTPS client connections.

Example: -UsePKICert <Full path and filename> -certpw <password>

-certpw <parameter>

Optional

Specifies the password associated with the PKCS#12 file that you specified by use of the -UsePKICert property.

Example: -UsePKICert <Full path and filename> -certpw <password>

-NoCRLCheck

Optional

Specifies that a client should not check the certificate revocation list (CRL) when it communicates over HTTPS by use of a PKI certificate. When this option is not specified, the client checks the CRL before establishing an HTTPS connection by use of PKI certificates. For more information about client CRL checking, see Planning for PKI Certificate Revocation.

Example: -UsePKICert <Full path and filename> -certpw <password> -NoCRLCheck

-rootkeypath <file location>

Optional

Specifies the full path and file name to the Configuration Manager trusted root key. This property applies to clients that use HTTP and HTTPS client communication. For more information, see Planning for the Trusted Root Key.

Example: -rootkeypath <Full path and filename>

-httpport

Optional

Specifies the port that is configured on management points that the client uses when communicating to management points over HTTP. If the port is not specified, the default value of 80 is used.

Example: -httpport 80

-httpsport

Optional

Specifies the port that is configured on management points that the client uses when communicating to management points over HTTPS. If the port is not specified, the default value of 443 is used.

Example: -UsePKICert <Full path and certificate name> -httpsport 443

-ignoreSHA256validation

Optional

Specifies that client installation skips SHA-256 validation. Use this option when installing the client on operating systems that did not release with a version of OpenSSL that supports SHA-256. For more information, see the About Linux and UNIX Operating Systems That do not Support SHA-256 section in the Planning for Client Deployment for Linux and UNIX Servers topic.

-signcertpath <file location>

Optional

Specifies the full path and .cer file name of the exported self-signed certificate on the site server. This certificate is stored in the SMS certificate store and has the Subject name Site Server and the friendly name Site Server Signing Certificate.

This certificate is used by the client for all HTTP and HTTPS communications with management points and distribution points.

Example: -signcertpath=<Full path and file name>

-rootcerts

Optional

If multiple root certificates exist in the Configuration Manager environment, you can specify additional root certificates that the client might need to validate site system servers.

Example: -rootcerts=<Full path and file name>,<Full path and file name>

Upgrade the Client on Linux and UNIX Servers

You can upgrade the version of the client for Linux and UNIX on a computer to a newer client version without first uninstalling the current client. To do so, install the new client installation package on the computer while using the -keepdb command line property. When the client for Linux and UNIX installs, it overwrites existing client data with the new client files. However, the –keepdb command line property directs the install process to retain the clients unique identifier (GUID), local database of information, and certificate store. This information is then used by the new client installation.

For example, you have a RHEL5 x64 computer that runs the client from the original release of the Configuration Manager client for Linux and UNIX. To upgrade this client to the client version from cumulative update 1, you manually run the install script to install the applicable client package from cumulative update 1, with the addition of the –keepdb command line switch. The command line you use resembles the following: ./install –mp <hostname> -sitecode <code> -keepdb ccm-Universal-x64.<build>.tar

How to use a Software Deployment to Upgrade the Client on Linux and UNIX Servers

You can use a software deployment to upgrade the client for Linux and UNIX to a new client version. However, the Configuration Manager client cannot directly run the installation script to install the new client because the installation of a new client must first uninstall the current client. This would end the Configuration Manager client process that runs the installation script before the installation of the new client begins. To successfully use a software deployment to install the new client, you must schedule the installation to start at a future time and to be run by the operating system’s built-in scheduling capabilities.

To accomplish this, use a software deployment to first copy the files for the new client installation package to the client computer, and then deploy and run a script to schedule the client installation process. The script uses the operating system’s built-in at command to delay its start. Then, when the script runs, its operation is managed by the client operating system and not the Configuration Manager client on the computer. This allows the command line called by the script to first uninstall the Configuration Manager client and then install the new client, completing the process of upgrade of the client on the Linux or UNIX computer. After the upgrade completes, the upgraded client remains managed by Configuration Manager.

Use the following procedure to help you configure a software deployment to upgrade the client for Linux and UNIX. The following steps and examples upgrade a RHEL5 x64 computer that runs the initial release of the client to the cumulative update 1 client version.

To use a software deployment to upgrade the client on Linux and UNIX servers
  1. Copy the new client installation package file to the computer that runs the Configuration Manager client that you plan to upgrade.

    For example, you might place the client installation package and install script for cumulative update 1 in the following location on the client computer: /tmp/PATCH

  2. Create a script to manage the upgrade of the Configuration Manager client, and then place a copy of the script in the same folder on the client computer as the client installation files from step 1.

    The script does not require a specific name, but must contain command lines sufficient to use the client installation files from a local folder on the client computer, and to install the client installation package by using the –keepdb command line property. You use the –keepdb command line property to maintain the unique identifier of the current client for use by the new client you are installing.

    For example, you create a script named upgrade.sh that contains the following lines, and then copy it to the /tmp/PATCH folder on the client computer:

    #!/bin/sh
    #
    /tmp/PATCH/install -sitecode <code> -mp <hostname> -keepdb /tmp/PATCH/ccm-Universal-x64.<build>.tar
    
  3. Use software deployment to have each client use the computers built-in at command to run the upgrade.sh script with a short delay before the script runs.

    For example, use the following command line to run the script: at –f /tmp/upgrade.sh –m now + 5 minutes

After the client successfully schedules the upgrade.sh script to run, the client submits a status message indicating the software deployment completed successfully. However, the actual client installation is then managed by the computer, after the delay. After the client upgrade completes, validate the install by reviewing the /var/opt/microsoft/scxcm.log file on the client computer. Additionally, you can confirm that the client is installed and communicating with the site by viewing details for the client in the Devices node of the Assets and Compliance workspace in the Configuration Manager console.

Uninstalling the Client from Linux and UNIX Servers

To uninstall the Configuration Manager client for Linux and UNIX you use the uninstall utility, uninstall. By default, this file is located in the /opt/microsoft/configmgr/bin/ folder on the client computer. This uninstall command does not support any command line parameters and will remove all files related to the client software from the server.

To uninstall the client, use the following command line: /opt/microsoft/configmgr/bin/uninstall

You do not have to reboot the computer after you uninstall the Configuration Manager client for Linux and UNIX.

Configure Request Ports for the Client for Linux and UNIX

Similar to Windows-based clients, the Configuration Manager client for Linux and UNIX uses HTTP and HTTPS to communicate with Configuration Manager site systems. The ports that the Configuration Manager client uses to communicate are referred to as a request ports.

When you install the Configuration Manager client for Linux and UNIX, you can change the clients default request ports by specifying the -httpport and -httpsport installation properties. When you do not specify the installation property and a custom value, the client uses the default values. The default values are 80 for HTTP traffic and 443 for HTTPS traffic.

After you install the client, you cannot change its request port configuration. Instead, to change the port configuration you must reinstall the client and specify the new port configuration. When you reinstall the client to change the request port numbers, run the install command similar to the new client install, but use the additional command line property of -keepdb. This switch instructs the installation to retain the client database and files including the clients GUID and certificate store.

For more information about client communication port numbers, see How to Configure Client Communication Port Numbers in Configuration Manager.

Configure the Client for Linux and UNIX to Locate Management Points

When you install the Configuration Manager client for Linux and UNIX, you must specify a management point to use as an initial point of contact.

The Configuration Manager client for Linux and UNIX contacts this management point at the time the client installs. If the client fails to contact the management point, the client software continues to retry until successful.

For more information about how clients locate management points, see the section Locating Management Points section in the How to Assign Clients to a Site in Configuration Manager topic.

-----
For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
-----