How to Set Up System Center on Windows Server 2016

How to Configure Windows Server 2016 System Center

Microsoft System Center is a suite of management products designed to provide unified monitoring, configuration management, data protection, and virtualization management for Windows-based environments. The main components are System Center Operations Manager (SCOM), System Center Configuration Manager (SCCM), System Center Data Protection Manager (DPM), System Center Virtual Machine Manager (VMM), System Center Service Manager (SCSM), and System Center Orchestrator (SCO). This tutorial provides an overview of preparing Windows Server 2016 infrastructure for System Center deployment, covering prerequisites, SQL Server preparation, service account creation, and initial component configuration for a typical small-to-medium enterprise installation.

Prerequisites and Planning

System Center components require dedicated Windows Server 2016 servers, SQL Server 2016 or later for their databases, and a set of dedicated service accounts in Active Directory. Before deploying any component, complete a capacity planning exercise to determine how many agents, managed devices, or virtual machines each component will monitor or manage. Ensure that domain DNS is functioning correctly, all servers can reach each other by fully qualified domain name, and time is synchronized across all servers. The System Center components communicate on specific TCP ports that must be opened in any intervening firewalls.

Step 1: Create System Center Service Accounts in Active Directory

Create dedicated service accounts for each System Center component. Using managed service accounts or Group Managed Service Accounts (gMSA) is recommended for automatic password management, but standard accounts are used here for clarity.

Import-Module ActiveDirectory

$ou = 'OU=Service Accounts,DC=corp,DC=local'
$pass = ConvertTo-SecureString 'S3rv!ceP@ss2016' -AsPlainText -Force

$accounts = @('svc-scom','svc-sccm','svc-dpm','svc-vmm','svc-scsm','svc-orch')
foreach ($acct in $accounts) {
    New-ADUser -Name $acct `
        -SamAccountName $acct `
        -UserPrincipalName "[email protected]" `
        -AccountPassword $pass `
        -PasswordNeverExpires $true `
        -CannotChangePassword $true `
        -Enabled $true `
        -Path $ou
    Write-Host "Created: $acct"
}

Step 2: Prepare SQL Server for System Center Databases

Each System Center component requires one or more SQL Server databases. Install SQL Server 2016 or 2019 on a dedicated server or on the same server for smaller environments. Configure SQL Server with the following settings that System Center requires.

# Set SQL Server max memory (leave headroom for the OS)
# Run in SQL Server Management Studio or via sqlcmd:
EXEC sp_configure 'show advanced options', 1
RECONFIGURE
EXEC sp_configure 'max server memory (MB)', 8192
RECONFIGURE

-- Enable CLR integration (required by SCCM and SCOM)
EXEC sp_configure 'clr enabled', 1
RECONFIGURE

-- Set tempdb to multiple files matching CPU core count
-- (adjust file paths and count as needed)
ALTER DATABASE tempdb ADD FILE (
    NAME = tempdev2,
    FILENAME = 'E:SQLDatatempdev2.ndf',
    SIZE = 512MB, FILEGROWTH = 64MB
)

Grant the System Center service accounts the required SQL Server permissions. Roles vary by component but dbcreator and sysadmin are typically required during setup.

-- Run in SQL Server Management Studio or sqlcmd
CREATE LOGIN [CORPsvc-scom] FROM WINDOWS
ALTER SERVER ROLE sysadmin ADD MEMBER [CORPsvc-scom]

CREATE LOGIN [CORPsvc-sccm] FROM WINDOWS
ALTER SERVER ROLE sysadmin ADD MEMBER [CORPsvc-sccm]

Step 3: Configure Windows Features Required by System Center

System Center components require several Windows features on their host servers. The exact requirements vary by component, but the following set covers the most common needs.

$features = @(
    'NET-Framework-45-Features',
    'NET-WCF-Services45',
    'NET-WCF-TCP-PortSharing45',
    'Web-Server',
    'Web-WebServer',
    'Web-Common-Http',
    'Web-Default-Doc',
    'Web-Dir-Browsing',
    'Web-Http-Errors',
    'Web-Static-Content',
    'Web-Asp-Net45',
    'Web-Net-Ext45',
    'Web-ISAPI-Ext',
    'Web-ISAPI-Filter',
    'Web-Mgmt-Console',
    'RSAT-AD-Tools'
)

Install-WindowsFeature -Name $features -IncludeManagementTools -Restart

Step 4: Configure the Windows Firewall for System Center Communications

Open the necessary firewall ports for System Center components to communicate with managed devices and with each other. The following rules cover the most commonly needed ports.

# SCOM Agent (TCP 5723)
New-NetFirewallRule -DisplayName 'SCOM Agent' -Direction Inbound `
    -Protocol TCP -LocalPort 5723 -Action Allow

# SCCM Client (TCP/UDP 10123)
New-NetFirewallRule -DisplayName 'SCCM Client' -Direction Inbound `
    -Protocol TCP -LocalPort 10123 -Action Allow

# SCCM Distribution Point (TCP 80, 443)
New-NetFirewallRule -DisplayName 'SCCM DP HTTP' -Direction Inbound `
    -Protocol TCP -LocalPort 80,443 -Action Allow

# VMM Agent (TCP 5985, 5986)
New-NetFirewallRule -DisplayName 'VMM WinRM' -Direction Inbound `
    -Protocol TCP -LocalPort 5985,5986 -Action Allow

# DPM Agent (TCP 5718, 5719)
New-NetFirewallRule -DisplayName 'DPM Agent' -Direction Inbound `
    -Protocol TCP -LocalPort 5718,5719 -Action Allow

Step 5: Verify Active Directory Connectivity and DNS

All System Center servers must be joined to the domain and able to resolve each other by FQDN. Verify AD and DNS health before installation to prevent difficult-to-diagnose post-install failures.

# Check domain membership
(Get-WmiObject Win32_ComputerSystem).Domain

# Verify DNS resolution for all System Center servers
$servers = @('scom01.corp.local','sccm01.corp.local','dpm01.corp.local','vmm01.corp.local')
$servers | ForEach-Object {
    $result = Resolve-DnsName $_ -ErrorAction SilentlyContinue
    [PSCustomObject]@{ Server = $_; IP = $result.IPAddress; Status = if ($result) {'OK'} else {'FAIL'} }
} | Format-Table

# Test AD domain controller connectivity
nltest /dsgetdc:corp.local

Step 6: Install and Configure .NET Framework 4.6

System Center components require .NET Framework 4.6 or later. While Windows Server 2016 ships with .NET 4.6, verify it is installed and that the required features are enabled.

# Check installed .NET versions
Get-ChildItem 'HKLM:SOFTWAREMicrosoftNET Framework SetupNDP' -Recurse |
    Get-ItemProperty -Name Version,Release -ErrorAction SilentlyContinue |
    Where-Object { $_.PSChildName -match '^(?!S)p{L}'} |
    Select-Object PSChildName, Version, Release |
    Sort-Object -Property Version -Descending

# Ensure .NET 4.5 features are enabled
Get-WindowsFeature NET-Framework-45-Features

Step 7: Configure Group Policy for System Center Agent Deployment

Create a Group Policy Object to pre-configure managed machines for System Center agent installation. This includes allowing DCOM communications and configuring WMI access.

# Enable Remote Registry on managed computers (deploy via GPO or script)
Get-Service RemoteRegistry | Set-Service -StartupType Automatic
Start-Service RemoteRegistry

# Enable WMI through Windows Firewall (deploy via GPO)
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes

# Enable Remote Administration
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

Step 8: Install System Center Report Viewer

System Center console components require the Microsoft Report Viewer 2015 runtime and the SQL Server CLR types for displaying reports. Install these on the console machines.

# Download and install silently (adjust paths as needed)
Start-Process msiexec.exe -ArgumentList '/i SQLSysClrTypes.msi /qn /norestart' -Wait
Start-Process msiexec.exe -ArgumentList '/i ReportViewer.msi /qn /norestart' -Wait

# Verify installation
Get-WmiObject Win32_Product | Where-Object { $_.Name -like '*Report Viewer*' }

Step 9: Prepare the System Center License Key

System Center requires a valid license key entered during setup. Gather your product keys from the Microsoft Volume Licensing Service Center or your partner portal. Keep a record of each component key in a secure password manager or secrets vault for future reference during upgrades or reinstallations.

Step 10: Validate the Environment Before Installation

Run a final environment validation to confirm all prerequisites are in place before installing any System Center component.

# Check all required services are running
$services = @('W32tm','DNS','Netlogon','RemoteRegistry','WinRM')
$services | ForEach-Object {
    $svc = Get-Service $_ -ErrorAction SilentlyContinue
    [PSCustomObject]@{ Service = $_; Status = $svc.Status }
} | Format-Table

# Verify time synchronization (all servers must be within 5 minutes of DC)
w32tm /query /status

# Check SQL Server connectivity
Invoke-Command -ComputerName sql01.corp.local -ScriptBlock {
    Import-Module SQLPS -DisableNameChecking
    Invoke-Sqlcmd -Query "SELECT @@VERSION" -ServerInstance 'localhost'
}

Preparing a Windows Server 2016 environment for System Center requires careful attention to service accounts, SQL Server configuration, Windows features, firewall rules, and DNS health. By following the steps in this guide you have created the foundational infrastructure that all System Center components depend on. Thorough preparation now prevents the most common installation failures and upgrade complications later. Proceed to install individual System Center components in the recommended order: VMM first for virtualization infrastructure, then SCCM for client management, SCOM for monitoring, DPM for backup, SCSM for the service desk, and finally Orchestrator for runbook automation.