SCCM installation : install SQL and WSUS

introduction

in previous articles : we have discussed the first part of prerequisites of SCCM

in this articles we will keep working to install the remains part of prerequisites of SCCM which include :

open SCCM port
create account to manage SQL services
install SQL 2016
install SQL management studio
install WSUS

open SCCM Ports

These firewall ports are required for SCCM to properly manage clients. You need to specify these in your network / firewall to allow the traffic pass, and they must be open on sccm servers internal firewall as well.

File and Printer Sharing.
Windows Management Instrumentation (WMI)

Firewall Ports Client Network -> Configuration Manager Roles

67 UDP. PXE Distribution Point
68 UDP. PXE Distribution Point
69 UDP. PXE Distribution Point
80 TCP. Distribution Point, Fallback Status Point, Management point,
443 TCP. Distribution Point, Management point (secure)
4011 UDP. PXE Distribution Point
8530 TCP. Software Update Point.
8531 TCP. Software Update Point (secure).
10123 TCP. Management Point.

Firewall Ports Configuration Manager Roles -> Client Network

9 UDP. Site Server, required by Wake On Lan.

Optional SCCM Firewall Ports, nice to have.

These ports are optional and not required for Configuration Manager to manage clients. I still recommend to open them as they make the daily life of the SCCM administrator much easier.

Firewall Ports Client Network -> Configuration Manager Roles

445 TCP. Windows File Share. Required if you use ccmsetup /source: to specify client source.

Firewall Ports Configuration Manager Console -> Client Network

135 TCP. Windows Management Instrumentation
445 TCP. Windows File Share. This together with Right Click Tools makes it very easy for you to connect to client computers local hard drive when you troubleshoot a client.
2701 TCP. Enable remote control from Configuration Manager Console.
3389 TCP. Enable Remote Assistance and Remote Desktop.
ICMP Echo Request.

SQL ports

open TCP ports 1433 and 4022.

We will create Group policy object GPO to open all ports above ,

Please follow below steps

create account to manage SQL services

SQL services could be run local account >

but we recommend to run SQL services under specific domain account

open AD console and create account then make that account as member of local administrators of server SCCM141.pioneers.lab

now on SCCM server SCCM141.pioneers.lab open console local users and groups

Supported SQL Server for SCCM 1902

SCCM 1902 support the following SQL version :

SQL Server 2017 with CU2
SQL Server 2016 SP1, SP2
SQL Server 2016
SQL Server 2014 SP1,SP2,SP3

install SQL 2016

we will install SQL Server 2017 Enterprise edition

Mount the SQL server ISO.

then Run the SQL server setup (run as SQLadmin@pioneers.lab ).

On the installation window, click Installation and then click New SQL server stand-alone installation.

install reporting service

now it is time to install reporting service over SQL instance [SCCMinstance] that being installed above

Run the setup and click Install Reporting Services.

Installing SQL Server Management Studio

now we will download and install SQL Server Management Studio

Download the latest version of SSMS from

then Run the SSMS executable as administrator.

The Installation is simple, just click Install and wait for installation to complete. A reboot is required after installation.

Install WSUS Role

Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates.

You can use WSUS to fully manage the distribution of updates that are released through Microsoft Update to computers on your network.

If you are planning to deploy updates using SCCM, then you should install WSUS

To install WSUS on Windows Server >> launch Server Manager. Click Manage, click Add Roles and Features. Select Windows Server Update Services and click Next.