How to set up Content Replication on a Preferred Server running Windows Server 2012 R2

Version 17

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    Setting up Content Replication on a Preferred Server running Windows Server 2012 R2

    Content replication can be used to move large amounts of data from the core server to a preferred server, and also to allow endpoints to contact their preferred server on the local network for content rather than the core.

     

    HOW TO

    This tutorial can apply to any directory, including software distribution and AV definition files. For purposes of this tutorial, I chose to replicate my default patch downloads to the preferred server

    Preferred Server Setup


    Roles

     

    Once your server OS is installed, you must add two roles:

     

    • File Server
    • IIS

     

    Creating the file share

     

    To replicate the “patch” folder from your core to the Preferred Server, you must have the same directory structure on your target as you do on your core from the ldlogon folder down. Create those directories on the Preferred Server.

     

    Core

     

    Core patch path.png

     

    Preferred Server

     

    PS Patch Path.png

     

    Adding the Virtual Directory

     

    Open IIS Manager on your Preferred Server. Right click on the Default Website and select “Add Virtual Directory”.


    IIS Manager - Add Virtual Directory.png

     

    Give the directory an alias (I used “Patch”, as this is where my patches from the core will be replicated to) and select the physical path to that directory.

    Add VD Properties.png

     

    Click “Connect as…” and it should be set by default as “Application user (pass-through authentication)” – leave it that way.

    VD - Conenct As.png

    Click “Test Settings…”. It should look like below (don’t worry about the warning at this time):

    VD - Test Settings.png

     

    Editing Permissions on the Virtual Directory/Share

     

    Now we will set the permissions for the shares. Right-click on the virtual directory and select “Edit Permissions…”

    Permissions for share on VD.png

     

     

    If the folder is not already shared it should show as shared here:

    VD Share Properties.png

     

    Click the “Security” tab. The following accounts should be listed especially:

     

    • Everyone: Read & Execute, List folder contents, Read
    • IUSR: Read & Execute, List folder contents, Read
    • Network Service: Full Control, no “Special Permissions”
    • Administrators: Full Control, no “Special Permissions”

     

    To create the UNC share, click back to the “Sharing” tab and select “Advanced Sharing”. Check the “Share this folder” box, and click on the “Permissions” button at the bottom. Give one of the accounts from the last step full permissions to the share; This will be necessary for the Ivanti EPM Content replication tool to have rights to copy Antivirus pattern file content to the share. In this instance, I have used “Administrators”:

     

    VD Share Properties 2.png

     

    Once you have done that, click okay and exit out to your IIS Manager.

    Allowing Directory Browsing of the Virtual Directory

     

    Select your Virtual Directory and then open “Directory Browsing” in the right pane and enable it:

    VD Directory Browsing.png

    VD Directory Browsing 2.png

     

    Core

     

    Configure the Preferred Server in your Core Console

     

    On your core, go into “Configure->Preferred Server”.

    Core - Config PS.PNG

    In the right pane, right click and select “New preferred server”

    New PS.PNG

     

    Fill in the “Server Name”, and “Username” and “Password” fields to start (The “Description” field is optional)

    PS - Username and PW.PNG



     

    Click the “Test credentials…” button at the bottom, but we’re only going to test UNC credentials at this time (we have not set up the source in this pane yet):

    PS - Test Creds.PNG

     

    Make sure you save this configuration now and re-open it.

     

    The next item in the left column is “IP address ranges”. You can set these if you only want a specific IP range to use this share.

     

    Select the Replicator

    Please Note: The replicator will need to store a copy of all files to be replicated, and setting the preferred server itself as replicator may result in two copies of all files being stored on this replicator during the replication process. If the SMDCACHE directory and the destination are on different volumes, two copies of the files will be made and SDMCACHE on the root will need to be manually cleared. If SDMCACHE and the destination are on the same disk, this will not happen. To change the location of SDMCACHE, you can create a custom Client Connectivity setting and apply it to the replicator. The change to the setting is shown below:

     

    The next step is to select the replicator. In this example, I will use the Preferred Server itself to replicate the share.

     

    Highlight the system you wish to use and press the “Select” button in the bottom right corner. Its inventory information should populate in the fields:

    Selected Replicator.png

     

    Schedule the Replication Process

     

    You can set the “Run options and “Schedule” for when you want the replication process to run in the left column as well:

    Schedule Replication.PNG

     

    To set the replication schedule, select “Schedule” from the left column and then click the green plus icon on the toolbar in the resultant window:

    Schedule Replication 2.png

     

    For this example, I have selected the replication process to begin automatically on 10/4 at 1 AM, repeating every day at the same time, running until finished, and updating all preferred servers. You can change this to fit your needs. Hit save once you have the desired schedule set:

    Schedule Replication 3.png

    Set up Replication Sources

     

    Now we will set up the sources for replication. Click the “New” button to add a new source for replication:

    Replication  Sources.PNG

     

     

    Enter the name of the source, a description of the source, the UNC path for the source, and the username and password you wish to use:

     

    I always use UNC to test at this point, so just use UNC at this time (the warning is expected as I am using the same account I'm logged on to my core with):

    Replication  Sources Test Creds.PNG

     

    Next, select “Preferred Servers (Targets)” in the left column. You should see the preferred server you set up earlier listed. Make sure it is in the “Included” pane at the bottom (if it’s not there, highlight and click “Include”):

     

    The next column item is “Mirroring”. This option allows you to control what is in your shares on your Preferred Server.

    If you select “Mirroring”, when the data is replicated from the source (core) to the Preferred Server, it will over-write ANYTHING in the target directory, making the share on the Preferred Server a “mirror” of the share on the core.

     

    The next item is “Source representative”. This option allows you to choose a Windows-based, managed node to build file lists from the source (core) to the replicator. It must be low-latency, and have UNC access to the source even if it is HTTP-based. To designate, select a node from the list and press “Select”. It will fill in the inventory information of the system in the fields. Save after this is done:

     

    You should now see your source paths added to the preferred server:

     

    At this time, you should be able to test your HTTP connection:

    HTTP test.png

    If you see the same error as above don't worry. To ensure you have HTTP access, open a web browser and attempt to connect to the patch share on your preferred server:

     

    HTTP share access from WB.png

    You will now need to set up the “Write credentials”. Fill in the information and press “Test credentials”:

     

    You WILL need to set up write credentials to allow the replication process to write the information to the Preferred Server

     

    Press “Test” in the lower right hand corner to test:

    At this point, you are ready to replicate. In your console window, check to make sure all of the items are listed:

     

    Preferred Server:

    Sources:

     

    Replicators:

     

    All Tasks (replication tasks):

     

    If you want to check immediately to see if your replication is working, go to the “Pending Tasks” item. Right click on your item in the right pane, and select “Start content replication now…”.

     

    The resulting window will allow you to watch the process and make sure it completes as intended:

     

    At this point, you can physically check to make sure that the files copied from your core to the Preferred Server.

    If for any reason the replication fails on the first run, manually copy all of the files you want replicated from the source on the core to the share on the Preferred Server, then run the content replication again. This will usually clear up any errors you will see. If it does not, open a case with Ivanti Support to investigate