Determine If You Will Use FQDN Server Names
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Configuration Manager 2007 supports fully qualified domain names (FQDNs) for site system servers, as well as supporting short names such as the NetBIOS name or the host name.
A fully qualified domain name (FQDN) is a hierarchical naming format used with Domain Name System (DNS) to denote the location of a computer or resource in the DNS tree hierarchy. You can find more information about FQDNs and supported naming structures in the publicly available RFC 1035 ("Domain names: implementation and specification").
|Configuration Manager supports RFC 1123 for FQDNs, which excludes double-byte character sets for host names. The host name in the FQDN can include ASCII letters, digits, and the hyphen or dash character ('-'). Host names cannot be all numbers, but can have a leading digit. Host names must end and begin only with a letter or digit.|
Before you install Configuration Manager 2007 site system servers, determine whether you will configure them with FQDNs or short names. Refer to the following 4 conditions under which you should use FQDN server names:
Native mode and Internet-based client management
Mixed mode and automatically approving trusted clients
IPv6 and other environments that do not use WINS
Best practices for server name configuration
Native Mode and Internet-Based Client Management
You must use FQDNs for the site system servers that use PKI certificates that have only an FQDN in the Subject field or in the Subject Alternative Name field, as documented in Certificate Requirements for Native Mode.
Mixed Mode and Automatically Approving Trusted Computers
You must configure the site system server with the default management point role to use an FQDN if both of the following conditions apply:
The site has clients that are in a different domain to the site server's domain
Approval is configured with the option Automatically approve computers in trusted domains (recommended), which is the default configuration.
For more information, see About Client Approval in Configuration Manager.
IPv6 and Other Environments That Do Not Use WINS
You must use FQDNs for all site systems if you do not use WINS for name resolution. For more information, see Configuration Manager and Name Resolution.
Best Practices for Server Name Configuration
If you do not require FQDNs for server names in Configuration Manager 2007, the best practice is to use FQDN server names for the following benefits:
Name resolution will use DNS rather than WINS, and DNS can be more securely managed than WINS.
Authentication that requires name resolution will use the more secure authentication protocol of Kerberos, rather than NTLM.
Name resolution that uses DNS is more reliable than WINS when using a distributed infrastructure, multiple domains, or a disjointed namespace.
Registering CNAME (DNS Alias) FQDNs as Kerberos Service Principal Names (SPNs)
When Configuration Manager 2007 site systems are configured with an FQDN that is a CNAME (DNS alias) rather than the computer name registered in Active Directory Domain Services, the CNAME must be configured with a Kerberos service principal name (SPN) so that IIS authentication succeeds when required.
Use the Setspn tool included in Windows Server 2003 Support Tools to register the CNAMEs you configure for Configuration Manager 2007 site systems on the intranet (this procedure is not required for Internet FQDNs). For more information, see the following article that explains how to use SPNs when you configure Web applications that are hosted on IIS 6.0: http://go.microsoft.com/fwlink/?LinkId=94785.
If you using a network load balancing management point with an FQDN in a mixed mode environment, see How to Configure an SPN for NLB Management Point Site Systems.
TasksConfiguring DNS for Configuration Manager Site System Roles
How to Automatically Publish the Default Management Point to DNS
How to Configure the Internet FQDN of Site Systems that Support Internet-Based Client Management
How to Configure the Intranet FQDN of Site Systems
How to Manually Publish the Default Management Point to DNS
ConceptsCertificate Requirements for Native Mode
Configuration Manager Service Principal Name Requirements
Determine If You Need to Publish to DNS
Configuration Manager and Name Resolution
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.