Rebuilding the home lab – Part 4

Further progress on the home lab rebuild. It’s getting there. Still a little way to go though.

Day 9

OK, so now things are getting interesting. Today has seen a Microsoft SQL server on Ubuntu provisioned. SQL …. on Linux …. oh may days! Anyway, I followed the instructions on the Computing For Geeks blog. Installation was as easy as the document suggests. I was really impressed. A Windows 2019 Server (with desktop :() has been deployed for running SCCM. I just have a couple of bits to finish with the SQL server. I am going to enable Windows authentication via Kerberos which will allow me to create a FGPP for service accounts. I also need to mount and format the additional drive for data.

On the SCCM server, I have created a separate data partition, to prevent SCCM installing on the C partition, I have created a text file named NO_SMS_ON_DRIVE.SMS which will force SCCM to install on the D drive.

Day 10

Another day, more progress, using the blog post on Tech Community I was able to set up SQL on the Linux server to authenticate against Active Directory using a Managed Service account and Kerberos authentication. The one thing it did forget to do was grant access to the SQL server to the account I was using. This is normally done during installation on Windows. I can now tick off installing SQL on Linux and using Windows Authentication and a managed service off my list of things I’ve done. The ultimate test will be installing SCCM.

For SCCM I have now requested and installed the required Server Authentication certificate for allowing PKI authentication. It’s well worth making sure you have the PKI in place before deploying SCCM as it’s a nightmare to change at a later date. I have gone through and extended the AD schema ready for the SCCM installation, I have granted the SCCM server the required permissions for creating the objects it needs to create. This was done using the Microsoft Docs page.

SCCM installation can happily connect to the SQL database but it will not accept the path for the data files as they contain the “/” character, being Linux. This is seen by the installer as an invalid path and it will not proceed past this. It’s a shame as I really liked the idea of using SQL on Linux and it seems such a silly reason for it to be blocked.

Because the home lab is in the house, we have pets and it’s next to the kitchen, one of the other things I have done is put a cooker hood filter across the front of the rack. This does an excellent job of blocking dust, pet hair and other nasties from going in to the servers and power supplies. Obviously if the rack was in a datacenter somewhere this wouldn’t be required but I’ve found them to be cheap and very effective at protecting the servers.

Day 11

So, because the SQL on Linux did not work, I have now placed SQL Server on a Windows Server 2019 Core machine of its own. SQL Server was configured to use a Group Managed Service Account as per the AGPM deployment blog post. The command used to install SQL with the GMSA was as follows

Setup.exe /qs /ACTION=Install /FEATURES=SQLEngine /SQLSVCACCOUNT="LAB\gmsa-SQL$" /SQLSYSADMINACCOUNTS="LAB\Domain Admins" /AGTSVCACCOUNT="LAB\gmsa-SQL$" /TCPENABLED=1 /IACCEPTSQLSERVERLICENSETERMS /ASCOLLATION=SQL_Latin1_General_CP1_CI_AS /INSTANCEID="MSSQLSERVER" /INSTANCENAME="MSSQLSERVER"

I added the Domain Admins as SQL Sys Admin Accounts because as yet I’ve not begun delegating access in the lab. It is on my ‘To Do’ list though. I did create a data drive for the SCCM SQL data. This drive has a 64k allocation and is formatted using the new ReFS file system format.

On the SCCM server, I have added the Windows Assessment and Deployment Kit. I have only selected the Deployment Tools and User State Migration Tool to install. For an SCCM server I do not believe anything else is required. I have added the SQL Native Clients, set IIS to use the correct PKI issued certificate. From here, I was able to then complete the installation of SCCM. The installation took a whopping 3:56:52. I think my Hyper-V server is starting to struggle with RAM. Fingers crossed I can sort another host out soon. Once logged in to the console, Configuration Manager 1910 was already downloading! So the next stage will be to install that and then begin building the server deployment images.

In preparation for using SCCM for deploying images, software and managing updates, I have also added a Windows Server 2019 DHCP server. I will do a blog post on the configuration work that I do for updating DNS records via a service account.

Leave a Reply

Your email address will not be published. Required fields are marked *