MECM Installation series

The installation and configuration of a full MECM setup is a complex hence time consuming activity.
I have slides these steps in multiple blog articles to create a better overview

Prerequisites

Make sure before you start the following four Azure Resource Provider are enabled for your Azure subscription:

  • Microsoft.KeyVault
  • Microsoft.Storage
  • Microsoft.Network
  • Microsoft.Compute

If you forget about this, you will get (strange) error during the CMG Deployment task, see the appendix for these errors

Configuration of CMG

Azure Services

  1. In the MECM Console, navigate to Administration > Cloud Services > Azure Services
  2. Right mouse click on the node and select Configure Azure Services
  3. Next
  4. Browse
  5. Create
  6. Select “In 2 years” and sign in.
    You probably will receive some Internet Explorer errors that the site is not trusted.
    Add all the sites which popup to the IE Trusted Site window
    Continue running the script if you receive a Script error
  7. OK
  8. OK
  9. Browse
  10. Create
  11. Sign in
  12. OK
  13. OK
  14. Next
  15. Enable User Discovery, Next
  16. Next
  17. Close

The Azure Service has now been created

Cloud Management Gateway

  1. In the MECM Console, navigate to Administration > Cloud Services > Cloud Management Gateway
  2. Right mouse click on the node and select Create Cloud Management Gateway
  3. Sign in
  4. Next
  5. We will use the following settings:
    Region: UK South
    VM Instance: 1

    Click on [Browse] to upload the certificate
  6. Select the “MECM CMG Web” certificate
  7. Provide the password
  8. Click on [Certificates] next to “Certificates uploaded to the cloud service” to upload the trusted root certificate
  9. Add
  10. Select the “TrustedRootCertificate” file
  11. OK and Next
  12. Next
  13. Next
  14. Close

The Cloud Management Gateway is now being provision (this can take a while!)

If you receive a error, check during the CMG Deployment task, see the appendix for these errors

Site Communication Settings

  1. Goto Site Properties and [Communication Settings]
  2. Make sure HTTPS or HTTP (= enhanced HTTP) and “Use Configuration Manager-generated certificates for HTTP site systems” are both selected
  3. Click on [Set] to upload the Root Certificate
  4. Click on the new icon
  5. Select the “TrustedRootCertificate” file
  6. OK
  7. Deselect the “Clients Check the certificate revocation list (CRL) for site system”
    OK

CMG Connection Point

  1. In the MECM Console, navigate to Administration > Site Configuration > Site Sytems and Site Sytes Roles
  2. Right mouse click primary site server and select Add Site System Role
  3. Next
  4. Next
  5. Select “Cloud management gateway connection point”
  6. Next
  7. Next
  8. Next
  9. Close

Configure Cloud Attach

  1. In the MECM Console, navigate to Administration > Cloud Services > Cloud Attach
  2. Right mouse click on the node and select Configure Cloud Attach
  3. Sign In
  4. Next
  5. Yes
  6. Close
  7. Right mouse click on Properties
  8. Set Automatic enrollment in Intune to None
  9. Move all sliders to Intune, OK

  • See previous article if you missed it! Part 1 : Installation of MECM 2207 with CMG
  • Continue to Part 4: Installation of ConfigMgr client yet to be posted (stay tuned 📻)

Appendix – CMG Provision errors

You might get provisioning errors:

Check in the log file “CloudMgr.log” what is causing this:

As we can see you can get errors when there is no access to the Keyvault, Storage, Network and/or Compute Azure Resource Provider.

You can also see this when looking at the activity log on the targeted resource group:

Fix this by [Register] these provider

Now it’s registered

Delete the CMG instance

Re-run the wizard again after it has been deleted.

Comments are closed.