Ah I see. I was thinking that by default, clients in "Intranet" mode would 
point to the internal SUP and "Internet" mode would go for the DMZ SUP.

Thanks, I'll look into doing something with GPP's

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: Tuesday, March 04, 2014 4:03 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Clients incorrectly looking to DMZ SUP

OK, well then, there's no way to control which SUP client will use then. SUP 
use, like MP use within a single primary site is not controlled by location at 
all. The main use of multiple SUPs (and MPs) is availability. The process for 
SUPs failing over from an inaccessible one to an accessible one is different 
than that of MPs however and thus in this case, you need to use group policy to 
manipulate the process.

These two blog posts discuss this details:
http://blogs.technet.com/b/configmgrteam/archive/2013/03/27/software-update-points-in-cm2012sp1.aspx
http://blogs.technet.com/b/configmgrteam/archive/2013/03/27/group-policy-preferences-and-software-updates-in-cm2012sp1.aspx

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Beardsley, James
Sent: Tuesday, March 4, 2014 2:27 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Clients incorrectly looking to DMZ SUP

Both

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Tuesday, March 04, 2014 3:18 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Clients incorrectly looking to DMZ SUP

Are both of your SUPs using HTTPS or just the one in the DMZ?

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Beardsley, James
Sent: Tuesday, March 4, 2014 1:56 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Clients incorrectly looking to DMZ SUP

That's what is odd. I used the same command line to install all clients. That's 
why I don't understand the variation in configs

ccmsetup.exe /UsePKICert SMSSITECODE=DHG SMSMP=https://<Site Server FQDN> 
CCMHOSTNAME=externalsccm.example.com FSP=sccmfsp.example.com 
RESETKEYINFORMATION=TRUE CCMFIRSTCERT=1

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Trevor Sullivan
Sent: Tuesday, March 04, 2014 2:47 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Clients incorrectly looking to DMZ SUP

James,

You don't want to use a GPO to configure the SUP at all on 2007 or 2012. The 
ConfigMgr client uses local Group Policy to set this.

If the internal clients were not installed as Internet clients, then they 
should not be receiving the address for the Internet-based Software Update 
Point. What command line did you use to install the internal (intranet) clients?

http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_InternetSUP

Cheers,
Trevor Sullivan

Internet-Based Software Update Point

The Internet-based software update point accepts communication from client 
computers on the Internet. You can create the Internet-based software update 
point only when the active software update point is not configured to accept 
communication from client computers on the Internet. You must install the 
Internet-based software update point on a site system that is remote from the 
site server, located in a perimeter network, and accessible to Internet-based 
client computers. The Internet-based software update point synchronizes with 
the active software update point at the same site by default. When the 
Internet-based software update point is disconnected from the active software 
update point, you can manually synchronize software updates by using the export 
and import process. For more information, see the Synchronize Software Updates 
from a Disconnected Software Update 
Point<http://technet.microsoft.com/en-us/library/912bfec1-fd19-4f56-a840-4ecd643c541b#SyncDisconnected>
 section in this topic.


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Beardsley, James
Sent: Tuesday, March 4, 2014 1:29 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Clients incorrectly looking to DMZ SUP

I have a SUP internally and then a DMZ SUP that is configured to use the 
internal SUP as its sync source. I'm coming across PC's that are on the 
internal network where both the WUServer regkey and the WUAHandler log are 
pointing to the DMZ SUP (and failing) instead of the internal SUP. What could 
be causing that? In CM07, I had a GPO that configured the server but when I 
migrated to 2012, I was under the impression that a GPO wasn't required any 
longer. I thought about putting the GPO back in place but by forcing all 
clients to look to the internal SUP, the external clients wouldn't be able to 
access it for software updates. So I'm trying to figure out where the mix-up is 
happening that is causing some clients on internal subnets to look to the DMZ 
SUP for its SU's. Is it based on boundaries? Do I have a boundary configuration 
issue?

Thanks,
James

________________________________

IRS Compliance: Any tax advice contained in this communication (including any 
attachments) is not intended or written to be used, and cannot be used, for the 
purpose of (i) avoiding penalties imposed under the Internal Revenue Code or 
applicable state or local tax law or (ii) promoting, marketing, or recommending 
to another party any transaction or matter addressed herein.

________________________________

Confidentiality Notice: This e-mail is intended only for the addressee named 
above. It contains information that is privileged, confidential or otherwise 
protected from use and disclosure. If you are not the intended recipient, you 
are hereby notified that any review, disclosure, copying, or dissemination of 
this transmission, or taking of any action in reliance on its contents, or 
other use is strictly prohibited. If you have received this transmission in 
error, please reply to the sender listed above immediately and permanently 
delete this message from your inbox. Thank you for your cooperation.


________________________________

IRS Compliance: Any tax advice contained in this communication (including any 
attachments) is not intended or written to be used, and cannot be used, for the 
purpose of (i) avoiding penalties imposed under the Internal Revenue Code or 
applicable state or local tax law or (ii) promoting, marketing, or recommending 
to another party any transaction or matter addressed herein.

________________________________

Confidentiality Notice: This e-mail is intended only for the addressee named 
above. It contains information that is privileged, confidential or otherwise 
protected from use and disclosure. If you are not the intended recipient, you 
are hereby notified that any review, disclosure, copying, or dissemination of 
this transmission, or taking of any action in reliance on its contents, or 
other use is strictly prohibited. If you have received this transmission in 
error, please reply to the sender listed above immediately and permanently 
delete this message from your inbox. Thank you for your cooperation.


________________________________

IRS Compliance: Any tax advice contained in this communication (including any 
attachments) is not intended or written to be used, and cannot be used, for the 
purpose of (i) avoiding penalties imposed under the Internal Revenue Code or 
applicable state or local tax law or (ii) promoting, marketing, or recommending 
to another party any transaction or matter addressed herein.

________________________________

Confidentiality Notice: This e-mail is intended only for the addressee named 
above. It contains information that is privileged, confidential or otherwise 
protected from use and disclosure. If you are not the intended recipient, you 
are hereby notified that any review, disclosure, copying, or dissemination of 
this transmission, or taking of any action in reliance on its contents, or 
other use is strictly prohibited. If you have received this transmission in 
error, please reply to the sender listed above immediately and permanently 
delete this message from your inbox. Thank you for your cooperation.


________________________________

IRS Compliance: Any tax advice contained in this communication (including any 
attachments) is not intended or written to be used, and cannot be used, for the 
purpose of (i) avoiding penalties imposed under the Internal Revenue Code or 
applicable state or local tax law or (ii) promoting, marketing, or recommending 
to another party any transaction or matter addressed herein.

________________________________

Confidentiality Notice: This e-mail is intended only for the addressee named 
above. It contains information that is privileged, confidential or otherwise 
protected from use and disclosure. If you are not the intended recipient, you 
are hereby notified that any review, disclosure, copying, or dissemination of 
this transmission, or taking of any action in reliance on its contents, or 
other use is strictly prohibited. If you have received this transmission in 
error, please reply to the sender listed above immediately and permanently 
delete this message from your inbox. Thank you for your cooperation.



Reply via email to