Prepare the Provisioning Engine Servers

Prepare the Provisioning Engine Servers

In this topic you will prepare the Provisioning Engine servers. Although it is not necessary to deploy more than one Provisioning Engine server, this configuration does provide additional fault tolerance and scalability.

Tasks

1. Prepare MPS01 and MPS02
2. Join the Fabrikam Domain
3. Install Internet Information Services (IIS) on MPS01 and MPS02
4. Ensure Inbound and Outbound DTC Access are Enabled on MPS01 and MPS02
5. Delegate Impersonation to Provisioning Engine Servers

Perform a default installation of Microsoft Windows Server 2003 R2. This requires you to first install Windows Server 2003 with SP1, then install Windows Server 2003 R2.

Prepare MPS01 and MPS02

Procedure DWSPV.20: To install Windows Server 2003 R2 on MPS01 and MPS02

1. Perform a default installation of Windows Server 2003, Standard Edition (with Service Pack 1 integrated), by using the CD boot method. Install the Support Tools from the Windows Server 2003 CD. Use appropriate naming conventions for your environment.
2. After Setup for Windows Server 2003 with SP1 is complete, log on to the computer as an administrator. Insert Disc 2 into your CD-ROM drive. Setup for Disc 2 should start automatically. If it does not start automatically, browse to Disk 2 (or the shared folder that contains the Setup files) and, in the \Cmpnents\R2 folder, click Setup2.exe. Follow the instructions on your screen to upgrade to R2.

Prepare the Provisioning Engine servers by enabling Remote Desktop, installing Microsoft .NET Framework 2.0, installing the Windows Server 2003 Support Tools, and installing the latest updates from Microsoft.

Procedure DWSPV.21: To prepare MPS01 and MPS02

1. Enable Remote Desktop. Click Start, point to Control Panel, click System, and then, on the Remote tab, select Enable Remote Desktop on this Computer.
2. Install the Microsoft .NET Framework 2.0.
3. Install Support Tools from the Support Tools directory on the Windows Server 2003 CD.
4. Apply any released updates to Windows Server 2003 by using Microsoft Update.

Warning

There are known compatibility issues with Windows Server 2003, SP2 and the Microsoft Provisioning System Engine. Do not install Windows Server 2003, SP2 on MPS01 and MPS02, as it may cause these servers to fail.

Join the Fabrikam Domain

After you have finished building and preparing the Provisioning Engine servers, you need to add the servers to the Fabrikam domain.

Procedure DWSPV.22: To add the servers to the Fabrikam domain and log on as Administrator@Fabrikam.com

Note

Joining a new domain will require you to restart the server.

1. Configure the local network interface to use the IP Addresses of AD01 and AD02 as Preferred and Alternative DNS server.
2. Join the server to the fabrikam domain.
3. Log on to the domain as Administrator@Fabrikam.com.

Install IIS on MPS01 and MPS02

You must install Internet Information Services (IIS), including Microsoft FrontPage 2002 Server Extensions, Network DTC, and Network COM+ Access on MPS01 and MPS02:

• As a prerequisite for provisioning Web sites and other services
• To enable network access for the Microsoft Distributed Transaction Coordinator (MSDTC) service on the Provisioning Engine server

Procedure DWSPV.23: To install IIS on MPS01 and MPS02

1. In Add or Remove Programs, click Add/Remove Windows Components.
2. On the Windows Components Wizard page, select the Application Server check box, and then click Details.
3. The following components should be selected:
   • Application Server Console
   • Enable network COM+ access
   • Enable network DTC access
   • Internet Information Services(IIS)
4. Select Internet Information Services (IIS), and then click Details. Verify that only the following components are selected:
   • Common Files
   • FrontPage 2002 Server Extensions
   • Internet Information Services Manager
   • World Wide Web Service
5. Follow the on-screen instructions to complete the deployment of these components.

Ensure Inbound and Outbound DTC Access are Enabled on MPS01 and MPS02

In this section, you ensure that Microsoft Distributed Transaction Coordinator (MSDTC) is properly configured to allow Network DTC access both Inbound and Outbound.

Procedure DWSPV.24: To ensure inbound and outbound DTC access are enabled on MPS01 and MPS02

1. On MPS01, click Start, point to All Programs, point to Administrative Tools, and then click Component Services.
2. Expand Component Services, and then expand Computers.
3. Right-click My Computer, and then select Properties.
4. Click the MSDTC tab.
5. Click Security Configuration.
6. Ensure that Network DTC Access is selected. Then, in the Transaction Manager Communication section, ensure that the Allow Inbound and Allow Outbound options are selected. Leave all other options as default.
7. Click OK to save the settings. Click Yes if you are prompted to restart the service.
8. Repeat steps 1-7 on MPS02.

Delegate Impersonation to Provisioning Engine Servers

Next, grant Kerberos services delegation to the Provisioning Engine servers, MPS01 and MPS02.

Procedure DWSPV.25: To delegate impersonation to Provisioning Engine servers

1. On AD01, click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

2. Expand the domain (fabrikam.com), and then click Computers.

3. Double-click MPS01.

4. Select the Trust Computer for Delegation check box, and then click OK.

   Note

   If your Active Directory directory service has already been configured for Native Mode, then the Trust Computer for Delegation check box does not appear. Instead, you must click the Delegation tab, and select Trust this computer for delegation to any service (Kerberos only).

5. At the Active Directory message, click OK, and then click OK again.

6. Restart MPS01.

7. Repeat steps 4 through 7 for MPS02.