Just completed a run-through of my first installation of FPSMC – Forefront Protection Server Management Console. Blogging this as other installs all use SQL Express, which in big organisations (the ones who need the console to manage FPE (Forefront Protection for Exchange) is going to be quite commonly the case I should imagine. (FPSMC also supports Sharepoint apparently). I’m no SQL guru, and permissions could probably be more locked down, but I didn’t have much success when I tried.
1. Create 2 SQL databases on a clustered or standalone instance of SQL 2008 named ‘FPSMCData’ and ‘FPSMCReport’, granting the installer owner permissions.
2. Create a SQL login for the installer, and grant them sysadmin and dbcreator roles.
NOTE: Sysadmin seems excessive rights – it is documented this way at http://technet.microsoft.com/en-us/library/gg507706.aspx, and fails if you just have dbcreator. Other, more liberal roles were not tested. It is also documented that the user needs local admin permissions on the SQL box, but this has not been found to be true so far. Microsoft have confirmed to me that some of the documentation for this product refers to beta versions of the product and are no longer accurate.
4. Install MS Chart Controls for.Net framework 3.5SP1 from http://go.microsoft.com/fwlink/?LinkId=202816 on a Windows 2008 x64 machine (see system requirements at http://technet.microsoft.com/en-us/library/gg507744.aspx)
5. Run FPSMC_setup.exe. Click Yes to install
6. Click Next
7. Choose Primary server and a password for replication between primary and backup (to be installed on another server against another SQL instance with the same DBs created)
8. Click Check prerequisites
9. If chart controls were not installed previously this warning will appear. Install from http://go.microsoft.com/fwlink/?LinkId=202816 and click retry.
10. Choose your SQL instance and enter credentials, click Test Logon
11. Without dbcreator permissions you will probably get the following error. Go to the properties of the login in SQL Management Studio and tick dbcreator (and sysadmin it seems). Or get your DBA to do this for you which is more commonly going to be the case.
12. If login is OK, click Next
13. Choose Microsoft update option then click Next
14. If SQL Server Agent isn’t started, you will get the following error – start the service on the SQL box through service.msc or SQL Management Studio. Also, if you don’t have sysadmin permissions you will probably get this error as well. Go to the properties of the login in SQL Management Studio and tick sysadmin. Or get your DBA to do this for you which is more commonly going to be the case.
15. Click Yes or No to prompt
16. Accept license agreement
17. Accept or amend install location
18. Click Install
19. Click Finish
20. Go to http://servername/fpsmconsole to view the console.
Next steps – lockdown to SSL not http:80, deploy agents, configure packages etc… part 2 coming soon…
Tim Coveney | LlamaIT