Installing the FCS Server in Single Server Architecture

  • Article

FCS with Single Server Architecture

System Requirements for FCS as mentioned in http://www.microsoft.com/forefront/clientsecurity/en/us/system-requirements.aspx depends on the type of topology to be deployed.

  1. Install IIS and ASP.NET (requires .Net Framework 2.0)
  2. Install the SQL Server 2005 (Minimum requirement is Windows Server 2003 SP1)
  3. Run the setup.exe from the installation CD
  4. SQL Server setup will install the required pre-requisites automatically
  5. Use the default instance name or if you are already running a default instance then name it something like "FCSInstance"
    1. On the Components to Install page, select the following check boxes:
  • SQL Server Database Services
  • Reporting Services
  • Integration Services
  • Workstation components
  1. On the Service Account page, under Start services at the end of setup, select the SQL Server Agent check box
  2. When installing SQL Server 2005, you should use Windows Authentication as the security mode
  3. Click Install to Finish the setup
  1. Install the SQL Server 2005 SP1 once you are done with the SQL Server installation
  2. Install the MMC 3.0 (http://www.microsoft.com/downloads/details.aspx?familyid=4C84F80B-908D-4B5D-8AA8-27B962566D9F&displaylang=en )
  3. Install the GPMC with SP1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en )
  4. Install the WSUS with SP1 (http://technet.microsoft.com/hi-in/wsus/bb466206(en-us).aspx )
  5. Configure the WSUS server to synchronize with Microsoft Update. Check http://technet.microsoft.com/en-us/library/bb404230.aspx for help on configuring the WSUS server
  6. Configure the Client machines using the group policy from your active directory DC
  7. Synchronize the WSUS server with Microsoft Update center before you start installing the Forefront Client Security
  8. Check if you can access the REPORTS and RESPORTSERVER virtual directory from the server. Type http://<FCSserver>/Reports and http://<FCSserver>/reportserver
  9. Run the FCSServersetup.exe from the FCS installation disk.
  10. Enter your/ company name and put organization
  11. Accept License Agreement
  12. Unselect all other roles accept "Distribution Role"
  13. Click Next and mention the path to install. Usually it takes the same path as WSUS installed

Note: In a multi server topology you have to run this role on a server with WSUS installed on it

  1. Go to the WSUS admin website http://<WSUS-server-name>/WSUSAdmin and go to updates. Verify that under products Forefront Client Security appears and also, check under updates that Definition Updates appears
  2. Click "Synchronize Now" and wait for WSUS to synchronize all FCS related definition updates from Microsoft Update Website. Depending on the link you have for the internet, it will take time accordingly.
  3. Go to your Domain Controller and Create the below 4 user account. These user accounts should have the following memberships
    1. DAS            (Domain User, Local Administrators group of the FCS Server)
    2. DTS            (Domain User, Local Administrators group of the FCS Server)
    3. Reporting        (Domain User)
    4. Action            (Domain User, Local Administrators group of the FCS Server)
  4. Now, go to your FCS Server and run the setup again
  5. Put your Name and Organization Name, then accept the License Agreement
  6. On Collection Server Page, enter the current server name (Let it be default). Also, put the DAS account which we created above as YOURDOMAIN\DAS and mention the password from the DAS account
  7. On Collection Database Page, enter the current server name with SQL instance name as LOCALHOSTNAME\SQLINSTANCENAME and also put the Database size you want to define. Now, put the reporting account which we created above as YOURDOMAIN\REPORTING and mention the password from the DAS account
  8. On Reporting Database Page, enter the current server name and also put the Database size you want to define. Now, put the DTS account which we created above as YOURDOMAIN\DTS and mention the password from the DAS account
  9. On Reporting Server Page, enter the Current Server Name and URL for reporting as mentioned in step 11 or leave it default (only for single server topology)
  10. One the Action page, mention YOURDOMAIN\action (Action is the username we created above) and password
  11. One the install Local page, mention the path where you would like to install client security files
  12. Verify settings and click Next
  13. Wait for all components to finish installation
  14. Click Finish
  15. Go to Start >Programs >Microsoft Forefront>Client Security>Microsoft Forefront Client Security Console
  16. Before you begin the Configuration wizard assign the following permissions to the below users on mentioned databases in SQL Server 2005
    1. Reporting     (db_owner permission on SystemCenterReporting and one point Databases)
    2. Action        (db_owner permission on one point Database)
  17. Once you are done with permissions come back to the wizard
  18. Click Next
  19. Now, remembering what all names we gave in the steps 6,7,8,9,10 mention them one by one in the wizard. Give the reporting username and password as well
  20. Click Next to verify the Name and users you provided
  21. Click next
  22. Wait everything to finish
  23. Now, approve the Client Update for Microsoft Forefront Client Security (1.0.1703.0) for Installation in WSUS Server
  24. Let it install on all the client machines and once it's installed they will start appearing in the reporting with 24hours from the FCS agent install.

Resources:

http://tarek-online.blogspot.com/2007_10_01_archive.html
www.Microsoft.com/clientsecurity
http://blogs.technet.com/clientsecurity/archive/2007/10/05/changes-to-fcs-client-wsus-installation-package.aspx