How to install Endpoint Configuration Manager on HyperV VM

Microsoft integrates Configuration Manager into the Intune family of products, offering an integrated solution for managing all devices. This integration simplifies licensing and eliminates the need for complex migrations. Users can continue leveraging their existing Configuration Manager investments while tapping into the capabilities of the Microsoft cloud at their own pace. This is a comprehensive guide on How to install Endpoint Configuration Manager on HyperV VM. Please see The schema version of the database is from a newer version of wsus.

Note: The Microsoft Intune suite includes Configuration Manager, Endpoint Analytics, and Autopilot, offering an integrated solution for managing all your devices.

The diagram in Excalidraw depicts the four nodes I’ll utilize to install and test Configuration Manager extensively in my lab environment.

Please see How to configure Windows LAPS, How to deploy MBAM for BitLocker Administration, and how to fix SSO sign-in and non-routable domain issues.

On TechDADC01: Install ADDS, DNS, and DHCP

I assume you already have an Active Directory Environment. If not, create a New VM and install Windows Server. Afterwards, promote it to a Domain Controller (DC). Do not forget to join the Endpoint Configuration Manager Server to the domain.

Here are some links to install Active Directory “Setup a Domain Controller as Recommended by Microsoft“, How to install and configure Active Directory Domain Services on Windows Server 2022, and How to demote and remove a Domain Controller on Windows Servers.

Note: Whenever ADDS is installed, the DNS is also installed if you do not already one. But if you like to learn how to install DNS “How to Install and Configure a Standalone DNS Server, Why you should not use Public DNS in Production: Change DNS Server in Windows, and how to setup a Third-Party DNS Server on a Linux Server.

Install Dynamic Host Configuration protocol [DHCP]

In order not to make this blogpost so lengthy, I will only share relevant links: Here is how to install DHCP on Windows Server on 2019. See the steps to install DHCP on Windows Server 2022. Learn the DHCP specific reference console icon.

Also, see How to backup and restore a Windows DHCP Server via the DHCP Manager and PowerShell, and WDS and DHCP Deployment Scenarios: Configure DHCP Options 60, 66, and 67.

Create a Service Account

Let’s create a service account for your Configuration Manager installation. Since this is a lab environment, copy the default administrator account to create a new user object. Populate the object fields as shown below.

Enter your password and select password never expires

Click on “Finish” to complete the service account setup.

I will move this service account to the Managed Service account container. Right-click on the service account you have just created and select move. You can also drag and drop this account into the right “Managed Service Accounts” container.

We have successfully moved the count into my desired container (OU).

Create the System Management container

Next, we will need to create a System Container because the Configuration Manager will not automatically generate the necessary System Management container in Active Directory Domain Services when extending the schema. To do this, launch the ADSI Edit Tool to do this

Note: Make sure you are logged in with an account that has the permission to create all child objects in the System Container within Active Directory Domain Services.

Run ADSI Edit, and connect to the domain in which the site server resides. Right Click on ADSI Edit and click on “Connect To”.

On the connection settings, click OK. By default, it connects to the Domain Controller.

Expand Domain, expand , right-click CN=System, click New, and then click Object.

Select Container and click Next to proceed

In the Value box, type System Management, and then click Next.

Click Finish to complete the System Container Creation

Refresh the System Container to view the new object created

This can be viewed also from the Active Directory User and Computer Console. You will need the Advanced View option.

Set security permissions for the System Management container

You can also right click on the System Management Acccount in AD and delegate Control To Computer Object (AD server). Whatever method you choose to accomplish this is totally acceptable. But I will perform this task over ADSI.Edit Tool

In the console pane, expand the site server’s domain, expand DC=, and then expand CN=System. Right-click CN=System Management, and then click Properties.

In the CN=System Management Properties dialog box, click the Security tab, and then click Add to add the site server computer account.

Click on the Object Type

Select Computer and Click Ok

Search for the Server name in my case “TechDC01” and click Check Name and OK when found.

Grant the account Full Control permissions.

Click Advanced, select the site server’s computer account, and then click Edit.

Change from “this object only” to “This object and all descendant objects“

Click on Ok and Apply. Follow the prompts to ensure these changes are saved and close the ADSI.Edit wizard.

Please see how to fix “Unable to connect to MSSQL Server after changing the Server name“, and how to fix “The schema version of the database is from a newer version of wsus“.

Extend Active Directory AD Schema

To enable all Configuration Manager features and functionality with minimal administrative overhead, extend the Active Directory schema for your lab or production environment.

Extending the schema permanently modifies the set of classes and attributes in your base Active Directory configuration and is done only once per forest. This action allows Configuration Manager to access components necessary for optimal functionality within your environment.

Note: Create a backup of the schema master domain controller’s system state. But I am using a VM, having a Checkpoint is sufficient for me. See how to How to Create a Snapshot on vSphere Web Client, How to create a Microsoft HyperV checkpoint, and the differences between Virtual Machine Snapshot vs Backup.

Please “Download ConfigMgr Setup File and Extract it” This involves you downloading the Configuration Manager to your PC, unzip and following the steps suggested in the right section below. I have discussed these steps and shared relevant link in the “Download ConfigMgr Update Files: Run setup downloader” section below.

Navigate to \SMSSETUP\BIN\X64 in the installation folder to locate the extadsch.exe file

Launch PowerShell as an Administrator and run the extadsch.exe

To verify the successful extension of the schema, review the extadsch.log located in the root folder of the system drive.

HyperV VM setup for Endpoint Configuration Manager

Note: As depicted in the architecture above. We will have to create a new VM [ConfigMgr01], and have SQL Server, Windows ADK, Windows Preinstallation Environment (WinPE), WSUS, WDS, Additional Features such as BITS etc installed on the server.

Setting up your environment for Configuration Manager requires some core components to support the installation of Configuration Manager. I will be installing Widows Server 2022 on a VM running in HyperV.

Also, see How to Create a Windows Server VM on HyperV, How to Add Another Hard Drive to a Virtual Machine in HyperV , and how to create local Backup Repository and Add HyperV to VBR Inventory.

On the HyperV manager, select the node and under the actions pane, click “New Virtual Machine”. Enter the VM information as shown below.

Specify the size of the Virtual Hard Disk and click Next

On the VM creation summary page, click finish

Enable Secure Boot for the VM and ensure you enable TPM as well.

Install Windows Server 2022

Ensure you have attached the ISO image as well to the VM. Click on connect to the VM to start the installation. Click on “Install Now” as shown below.

Windows Server 2022 is being installed.

You will be requrested to Enter your Administrators password. Enter it and click on Finish as shown below.

Install WSUS

Note: Microsoft does not recommend installing WSUS on a Domain Controller. This is just to show you the steps as I will rebuild my Lab all over again

Want to learn about the steps to install Windows Deployment Services (WDS), here are some exiting guides “ADK|WinPE|MDT: Deploy Windows with WDS“, How to migrate WDS and MDT to a new Windows Server, and how to fix “No valid offer received: WDS PXE-E16 error when booting clients“.

Download Configuration Manager Current Branch

Next, download Configuration Manager Current Branch. Please navigate to the URL and download Endpoint Configuration Manager version 2302.

Download SQL Server

Before proceeding to install SQL Server, it is worth taking a look at the supported version of SQL Server for Endpoint Configuration Manager. Since I am interested in ConfigMgr v2303. It makes sense to install the latest version of SQL to leverage the advanced features and longer term support. You can take a look at this Microsoft Guide for the SQL Server version that supports the version of ECM that you intend installing.

Current branch 2303 is supported for SQL server 2022 with Compatibility Level/Cardinality Estimation set to 150 on the Configuration Manager database. You can use this version of SQL Server for the following sites:

• A central administration site
• A primary site
• A secondary site

To download SQL Server, proceed to the URL. Click on download SQL Server on-premise as shown below.

You will be required to fill out your information and when complete. You should be able to download SQL Server as shown below.

Here are some realted guides: How to Install SQL Server 2022 Express and SQL Server Management Studio, how to encrypt Microsoft SQL Server Traffic, how to upgrade Microsoft SQL Server 2019 to 2022, and how to fix Microsoft SQL Evaluation period has expired: How to upgrade SQL Server instance.

Install SQL Server

Run the installer and select custom installation.

Click install as shown below

On the SQL Installation Center, click on “New SQL Server Standalone installation or add features to an existing installation”.

If you have a license, please enter it. Else, select “Specify a free edition”.

Accept the license terms and click on next to proceed

I am fine with the recommended option below. Click Next to proceed.

On the Install rule, click Next to proceed. I do not care about the Firewall warning as the SQL Server is on the same Configuration Manager server.

Uncheck the Azure Extension and click Next. On the next wizard, please select the features you want to install. This was why we did not choose the basic installation.

I am okay with the default instance.

Also ensure the right collation is selected. I do not have to worry about this as Microsoft uses SQL_Latin1_General_CP1_CI_AS which is the default for English United States. Please see “Change SQL Database Collation: ePO events DB and SQL server should match with ePO core collation“.

Note: You can enter the service account “configmgr” created above for the SQL Agent, database engine, SQL Server integration and the Analysis server. I will just leave them as default to show to demonstrate how the prerequisite check works. Please enter this account name and password, else you will fail the prerequiste check and will not be able to install Endpoint Configuration Manager if you leave the defaults.

Select “Windows Authentication Mode” as shown below. You can also add the service account you created above here. But I will do this over the SSMS.

On the ready to install wizard, click on “Install”

As you can see, our installation is complete.

Note: Don’t limit the system addressable memory for SQL Server.

Please see How to manually check and update SQL Server Management Studio, and How to uninstall Microsoft SQL Server Management Studio.

Install SQL Server Reporting Services

If closed, launch the SQL Server Installation Center. Navigate to Installation and click on “Install SQL Server Reporting Services” or Navigate to the following URL to download Install SQL Server Reporting Services.

Click On download as shown below.

Click on “Install Reporting Services”. Here are some related guides “Fix An error has occurred during report processing (rsProcessingAborted), how to Query MBAM to display the BitLocker Recovery report, and how to Visualize MBAM Recovery Audit Report with Python.

Enter a product key or chose the free edition. Click Next to proceed.

Accept the license terms and click on Next.

Click Next to proceed as we are installing the Reporting Services Only.

Hit the install button to start the installation.

Configure Report Server

When the installation completes, select Configure Report Server.

on the Report Server Configuration Manager, click on connect to connect to the Report Server.

Navigate to the Service Account and specifiy and account and password. Do not forget to click on “Apply”. You can exit for now.

Install SQL Server Management Studio (SSMS)

SQL Server Management Studio (SSMS) is a Microsoft application used for configuring, managing, and administering SQL Server databases. See How to install Microsoft SQL Server Management Studio.

To install SSMS, please navigate to the SQL Installation Center, click on “Install SQL Server Management Tools”. You will be redirected to the following URL to install the latest version of the SSMS tools.

Click on download SQL Server Management Studio (SSMS)

Click on “”Install” to install SQL Server Management Studio

When the installation completes, click on close as shown below.

Here is Install MSSQL 2019 Developer Edition and SSMS on Windows, and How to check the version of Windows ADK.

Download and Install ADK

The Windows Assessment and Deployment Kit (Windows ADK) comprises of a set of essential tools for customising Windows images intended for large-scale deployment.

Please refer to this link to learn about the versions of the Windows ADK that can be used with different versions of Configuration Manager when working with Microsoft Endpoint Configuration Manager.

These tools enable users to test the quality and performance of both the system and applications running on it. When deploying operating systems via Configuration Manager, the Windows ADK serves as a necessary external dependency.

Here is a guide on “What is ADK, MDT, Microsoft Endpoint Configuration Manager (SCCM), Intune, Autopilot, and WSUS“, and how to uninstall and upgrade ADK, WinPE, and MDT.

Double click on the downloaded Windows ADK to install it.

Click on Install. I am fine with the default features selected.

Finish the installation by closing the wizard below.

As you can see, we have the right Windows ADK verion installed on the server.

Learn How to perform vulnerability scan on Microsoft SQL Server, and How to Run Android Apps on Windows with BlueStacks.

Install Windows Preinstallation Environment

WinPE, or Windows Preinstallation Environment, is a lightweight Windows version utilized for deploying PCs, workstations, and servers, or troubleshooting offline operating systems. Initially designed solely for pre-installation tasks in deploying Microsoft Windows, WinPE replaced MS-DOS for this purpose

I downloaded but forgot to install this prerequisite and my prerequisite test failed for this component. Therefore, I added this section here so you do not have to experience this issue.

Double click on the Windows Preinstallation environment you have download. Click on Next to proceed.

Follow the prompt and click on install

We have successfully installed WinPE unto our server.

Download ConfigMgr Update Files: Run setup downloader

Before initiating the Configuration Manager setup to install or upgrade a site. Utilize the standalone setup downloader tool to download updated setup files. Execute the tool from the desired Configuration Manager version. Utilizing updated setup files ensures the installation employs the latest versions of essential installation files.

Note: When employing the setup downloader, designate a folder to store the files. Ensure that the account running the tool possesses Full Control permissions for the download folder.

Unpack the Endpoint Configuration Manager Setup File you have downloaded above. You may need to download 7Zip if you do not already have it. You can also run the downloader from the command prompt.

On a computer that has internet access, browse to the installation media for the version of Configuration Manager that you want to install. In the SMSSETUP\BIN\X64 subfolder, run Setupdl.exe.

Specify Download Path

Please specify the download path for the setup to store the updated installation files and then proceeds by selecting browse.

Create new folder for download

Now, click on Download

It verifies the files currently in the download folder, downloading only those that are missing or newer than existing files. Subfolders for downloaded languages and other required components are created as needed. When the download is complete the window will close automatically.

Install Required Roles for Endpoint Configuration Manager

The Internet Information Services (IIS) hosts various web content, offering flexibility and scalability. Configuration Manager utilizes it for numerous site system roles. Click On Add Roles and Features as shown below to install the needed roles.

Ensure you select all components that I have selected or contact the Microsoft Guide.

Click Next to select the required features

Install Features on the Endpoint Configuration manager Server

Please proceed to the Features selection and ensure all the below are selected.

BITS, the Background Intelligent Transfer Service facilitates asynchronous file transfers between a client and a server. It meters the flow of transfers in the foreground and background, preserving the responsiveness of other network applications.

Additionally, it automatically resumes file transfers if a transfer session is interrupted.

The Remote Differential Compression (RDC) is a set of APIs that applications can use to determine if any changes have been made to a set of files. RDC enables the application to replicate only the changed portions of a file, keeping network traffic to a minimum.

Yes, the server will not restart but I am found of checking this option. On the prompt, click “Yes” and hit the “install” button.

You can also close this window and monitor the progress from the Server Manager.

As you can see, the installation completed successfully.

Configure IIS filtering on distribution points

To distribute these files to client systems, configure request filtering for IIS on your distribution point as IIS blocks by default several types of file extensions and locations from access by HTTP or HTTPS communication.

Launch the IIS Manager to do via Tools on the Server Manager.

Verify that Features View is selected at the bottom of the Home screen. Navigate to IIS and open Request Filtering.

On the Actions pane, click Allow File Name Extension..

Type .msi into the dialog box and click OK.

As you can see below, we are permitting the .MSI extension.

See this comprehensive guide on Wyebot Wireless Intelligence Platform, How to fix BitLocker always prompting for Recovery Key, and How to set up Confluence Site and Spaces in Confluence Cloud.

Perform Prerequisite Check

Before installing or upgrading a Configuration Manager site, or before installing a site system role on a new server- Please utilize the standalone application (Prereqchk.exe) from the desired Configuration Manager version to verify server readiness. Use Prerequisite Checker to identify and resolve issues that could obstruct site or site system role installation.

Open a Windows command prompt as an administrator and change directory to one of the X64 source folders

To start Prerequisite Checker and run all prerequisite checks on the server, run the following command: prereqchk.exe /LOCAL

The Prerequisite Checker user interface creates a list of discovered problems in the Prerequisite result section.

I went ahead to fix the identified issues such as SQL Service Account, and installed WinPE.

As mentioned above, I actually downloaded this component but forgot to install it. Now I have it installed.

On the Configuration Manager Prerequisite check, Click RUN Check again. As you can see this time, all errors are gone but warning are left. This will not hinder our Endpoint configuration as they are just warning.

Note: To review results after you close the tool, open the ConfigMgrPrereq.log file in the root of the system drive. The log file might contain more information that’s not displayed in the tool.

Install Configuration Manager

Note: You can utilize an installation script for an unattended command-line setup. When installing a secondary site, perform the installation directly from within the Configuration Manager console. It’s important to note that secondary sites do not support scripted command-line installations.

Before proceeding with the installation, add Configuration manager to the administraors group. This grants it elevated privileges for performing various system-level tasks and configurations without requiring individual permissions for each action.

Install Standalone Primary Site

Utilize the Configuration Manager splash setup file to install a new Configuration Manager site. This setup file guides you through the installation process. This wizard facilitates installing primary sites or central administration sites (CAS), as well as upgrading from evaluation to fully licensed installations.

Click on Install

Click On Next on the “Before you begin” wizard

Select “Install a Configuration Manager Primary Site”

I do not have a license for now. Therefore, I will select the evaluation edition and click Next to proceed

Accept all license terms and click Next

Now, we have to specify the ConfigMgr Update Files we download above. Else, this will take forever to download from Microsoft.

Choose Language

Select English and click Next on the Server language selection

Choose English and click Next on the Client language selection

Enter the site code. This is usually a three letter code. Also enter the Site name and click Next.

Select “Install the Primary site as a stand-alone site” and click Next

On the prompt, select Yes!

Click Next on the database information. I am fine with the database name chosen.

I am fine with the default paths. Click Next

On the SMS Provider Settings, click Next to proceed.

I currently do not have an SSL/TLS certificate. So I will select the below option to utilise HTTP.

Click next on the Site System Role

Click Next as well on the Diagnostic and Usage Data

On the Service connection point Setup, click Next as well.

Click Next on the Site Summary

Now, the system will run a prerequisite check itself this time. Now, we have no errors. Therefore, click on “Begin Installation” to install Endpoint Configuration Manager onto your Server.

The installation is in progress.

The installation took one hour, 17 minutes to complete as shown below. This depends on your system resources.

Launch Configuration manager Console

After installing Configuration Manager, use the Configuration Manager console to configure sites and clients, and to run and monitor management tasks. This console is the main point of administration, and lets you manage multiple sites.

Launch the Configuration Manager. From the Start Menu, click on “Configuration Manager Console”.

This will initiate connection to the Site database.

Below is the overview of the Microsoft Endpoint Configuration Manager.

Note: You can install the Configuration Manager console on additional computers, and restrict access and limit what administrative users can see in the console by using Configuration Manager role-based administration

Watch out for this guide on how to configure Active Directory forests for publishing, and How to configure Synology Active Insights.

Setup Windows 10 and 11 VM

Here you will have to setup Windows Device that you wish to manage with Endpoint Configuration manager. Unfortunately, this article is already too lengthy. Therefore, I will only share links: Here is How to Install Windows 10 on VMware Workstation, and how to run Windows 11 on HyperV.

Endpoint Configuration Manager Support for Windows Devices

Configuration Manager aims to promptly support each new Windows version 10 and Windows version 11 as soon as they become available. The support provided by Configuration Manager depends on the availability of each product, as they have separate development and release schedules.

Microsoft plans to release updates for Configuration Manager current branch a few times per year. With each update version receiving support for 18 months from its general availability release date.

Microsoft provides technical support throughout the entire support period. The availability of the latest current branch version determines two distinct servicing phases “Security and Critical Updates servicing phase and Security Updates (Only) servicing phase. For more information, please see this guide from Microsoft.

Conclusion

We have successfully deployed Microsft Endpoint configuration Manager in our lab. I you would like to deploy yours, thoroughly plan and test the management features.

Configuration Manager is a powerful management application with the potential to affect every PC in your organisation. When you deploy and manage Configuration Manager with careful planning and consideration of your business requirements, Configuration Manager can help reduce your administrative overhead and total cost of ownership.

I hope you found this article on how to install Endpoint Configuration Manager on HyperV VM very useful. Please feel free to leave a comment below.