If you setup a GPO pointing to a specific sup server then you have to be sure that the client are assigned with this SUP in SCCM.
Else you will get error messages like the one you just posted. Verify the boundaries and your internal sup configuration (make sure that it accepts both http and https) Jeremy. Le 6 mars 2014 16:18, "Beardsley, James" <james.beards...@dhgllp.com> a écrit : > So I set up a GPP to do a WMI query to see if it could ping the internal > SUP and if it can, it changes the WUServer and WUStatusServer regkeys to > the internal SUP. That part is working correctly. However, now in the logs, > I get these messages. > > > > Group policy settings were overwritten by a higher authority (Domain > Controller) to: Server https://wsus03.corp.local:8531 and Policy ENABLED > > Failed to Add Update Source for WUAgent of type (2) and id > ({56BF6422-9A17-4B0F-BC39-8BD3C053FA9C}). Error = 0x87d00692. > > > > So it seems that setting it with GPP is going to cause this group policy > conflict. Any suggestions? > > > > *From:* listsad...@lists.myitforum.com [mailto: > listsad...@lists.myitforum.com] *On Behalf Of *Beardsley, James > *Sent:* Tuesday, March 04, 2014 5:22 PM > *To:* mssms@lists.myitforum.com > *Subject:* RE: [mssms] Clients incorrectly looking to DMZ SUP > > > > Ah I see. I was thinking that by default, clients in "Intranet" mode would > point to the internal SUP and "Internet" mode would go for the DMZ SUP. > > > > Thanks, I'll look into doing something with GPP's > > > > *From:* listsad...@lists.myitforum.com [ > mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On > Behalf Of *Jason Sandys > *Sent:* Tuesday, March 04, 2014 4:03 PM > *To:* mssms@lists.myitforum.com > *Subject:* RE: [mssms] Clients incorrectly looking to DMZ SUP > > > > OK, well then, there's no way to control which SUP client will use then. > SUP use, like MP use within a single primary site is not controlled by > location at all. The main use of multiple SUPs (and MPs) is availability. > The process for SUPs failing over from an inaccessible one to an accessible > one is different than that of MPs however and thus in this case, you need > to use group policy to manipulate the process. > > > > These two blog posts discuss this details: > > > http://blogs.technet.com/b/configmgrteam/archive/2013/03/27/software-update-points-in-cm2012sp1.aspx > > > http://blogs.technet.com/b/configmgrteam/archive/2013/03/27/group-policy-preferences-and-software-updates-in-cm2012sp1.aspx > > > > J > > > > *From:* listsad...@lists.myitforum.com [ > mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On > Behalf Of *Beardsley, James > *Sent:* Tuesday, March 4, 2014 2:27 PM > *To:* mssms@lists.myitforum.com > *Subject:* RE: [mssms] Clients incorrectly looking to DMZ SUP > > > > Both > > > > *From:* listsad...@lists.myitforum.com [ > mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On > Behalf Of *Jason Sandys > *Sent:* Tuesday, March 04, 2014 3:18 PM > *To:* mssms@lists.myitforum.com > *Subject:* RE: [mssms] Clients incorrectly looking to DMZ SUP > > > > Are both of your SUPs using HTTPS or just the one in the DMZ? > > > > J > > > > *From:* listsad...@lists.myitforum.com [ > mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On > Behalf Of *Beardsley, James > *Sent:* Tuesday, March 4, 2014 1:56 PM > *To:* mssms@lists.myitforum.com > *Subject:* RE: [mssms] Clients incorrectly looking to DMZ SUP > > > > That's what is odd. I used the same command line to install all clients. > That's why I don't understand the variation in configs > > > > ccmsetup.exe /UsePKICert SMSSITECODE=DHG SMSMP=https://<Site Server FQDN> > CCMHOSTNAME=externalsccm.example.com > FSP=sccmfsp.example.comRESETKEYINFORMATION=TRUE CCMFIRSTCERT=1 > > > > *From:* listsad...@lists.myitforum.com [ > mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On > Behalf Of *Trevor Sullivan > *Sent:* Tuesday, March 04, 2014 2:47 PM > *To:* mssms@lists.myitforum.com > *Subject:* RE: [mssms] Clients incorrectly looking to DMZ SUP > > > > James, > > > > You don't want to use a GPO to configure the SUP at all on 2007 or 2012. > The ConfigMgr client uses *local* Group Policy to set this. > > > > If the internal clients were not installed as Internet clients, then they > should not be receiving the address for the Internet-based Software Update > Point. What command line did you use to install the internal (*intranet*) > clients? > > > > http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_InternetSUP > > > > Cheers, > > Trevor Sullivan > > > > Internet-Based Software Update Point > > The Internet-based software update point accepts communication from client > computers on the Internet. You can create the Internet-based software > update point only when the active software update point is not configured > to accept communication from client computers on the Internet. You must > install the Internet-based software update point on a site system that is > remote from the site server, located in a perimeter network, and accessible > to Internet-based client computers. The Internet-based software update > point synchronizes with the active software update point at the same site > by default. When the Internet-based software update point is disconnected > from the active software update point, you can manually synchronize > software updates by using the export and import process. For more > information, see the Synchronize Software Updates from a Disconnected > Software Update > Point<http://technet.microsoft.com/en-us/library/912bfec1-fd19-4f56-a840-4ecd643c541b#SyncDisconnected> > section in this topic. > > > > > > *From:* listsad...@lists.myitforum.com [ > mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On > Behalf Of *Beardsley, James > *Sent:* Tuesday, March 4, 2014 1:29 PM > *To:* mssms@lists.myitforum.com > *Subject:* [mssms] Clients incorrectly looking to DMZ SUP > > > > I have a SUP internally and then a DMZ SUP that is configured to use the > internal SUP as its sync source. I'm coming across PC's that are on the > internal network where both the WUServer regkey and the WUAHandler log are > pointing to the DMZ SUP (and failing) instead of the internal SUP. What > could be causing that? In CM07, I had a GPO that configured the server but > when I migrated to 2012, I was under the impression that a GPO wasn't > required any longer. I thought about putting the GPO back in place but by > forcing all clients to look to the internal SUP, the external clients > wouldn't be able to access it for software updates. So I'm trying to figure > out where the mix-up is happening that is causing some clients on internal > subnets to look to the DMZ SUP for its SU's. Is it based on boundaries? Do > I have a boundary configuration issue? > > > > Thanks, > > James > > > ------------------------------ > > *IRS Compliance:* Any tax advice contained in this communication > (including any attachments) is not intended or written to be used, and > cannot be used, for the purpose of (i) avoiding penalties imposed under the > Internal Revenue Code or applicable state or local tax law or (ii) > promoting, marketing, or recommending to another party any transaction or > matter addressed herein. > ------------------------------ > > *Confidentiality Notice:* This e-mail is intended only for the addressee > named above. It contains information that is privileged, confidential or > otherwise protected from use and disclosure. If you are not the intended > recipient, you are hereby notified that any review, disclosure, copying, or > dissemination of this transmission, or taking of any action in reliance on > its contents, or other use is strictly prohibited. If you have received > this transmission in error, please reply to the sender listed above > immediately and permanently delete this message from your inbox. Thank you > for your cooperation. > > > > > ------------------------------ > > *IRS Compliance:* Any tax advice contained in this communication > (including any attachments) is not intended or written to be used, and > cannot be used, for the purpose of (i) avoiding penalties imposed under the > Internal Revenue Code or applicable state or local tax law or (ii) > promoting, marketing, or recommending to another party any transaction or > matter addressed herein. > ------------------------------ > > *Confidentiality Notice:* This e-mail is intended only for the addressee > named above. It contains information that is privileged, confidential or > otherwise protected from use and disclosure. If you are not the intended > recipient, you are hereby notified that any review, disclosure, copying, or > dissemination of this transmission, or taking of any action in reliance on > its contents, or other use is strictly prohibited. If you have received > this transmission in error, please reply to the sender listed above > immediately and permanently delete this message from your inbox. Thank you > for your cooperation. > > > > > ------------------------------ > > *IRS Compliance:* Any tax advice contained in this communication > (including any attachments) is not intended or written to be used, and > cannot be used, for the purpose of (i) avoiding penalties imposed under the > Internal Revenue Code or applicable state or local tax law or (ii) > promoting, marketing, or recommending to another party any transaction or > matter addressed herein. > ------------------------------ > > *Confidentiality Notice:* This e-mail is intended only for the addressee > named above. It contains information that is privileged, confidential or > otherwise protected from use and disclosure. If you are not the intended > recipient, you are hereby notified that any review, disclosure, copying, or > dissemination of this transmission, or taking of any action in reliance on > its contents, or other use is strictly prohibited. If you have received > this transmission in error, please reply to the sender listed above > immediately and permanently delete this message from your inbox. Thank you > for your cooperation. > > > > > ------------------------------ > > *IRS Compliance:* Any tax advice contained in this communication > (including any attachments) is not intended or written to be used, and > cannot be used, for the purpose of (i) avoiding penalties imposed under the > Internal Revenue Code or applicable state or local tax law or (ii) > promoting, marketing, or recommending to another party any transaction or > matter addressed herein. > ------------------------------ > > *Confidentiality Notice:* This e-mail is intended only for the addressee > named above. It contains information that is privileged, confidential or > otherwise protected from use and disclosure. If you are not the intended > recipient, you are hereby notified that any review, disclosure, copying, or > dissemination of this transmission, or taking of any action in reliance on > its contents, or other use is strictly prohibited. If you have received > this transmission in error, please reply to the sender listed above > immediately and permanently delete this message from your inbox. Thank you > for your cooperation. > > > ------------------------------ > > *IRS Compliance:* Any tax advice contained in this communication > (including any attachments) is not intended or written to be used, and > cannot be used, for the purpose of (i) avoiding penalties imposed under the > Internal Revenue Code or applicable state or local tax law or (ii) > promoting, marketing, or recommending to another party any transaction or > matter addressed herein. > ------------------------------ > > *Confidentiality Notice:* This e-mail is intended only for the addressee > named above. It contains information that is privileged, confidential or > otherwise protected from use and disclosure. If you are not the intended > recipient, you are hereby notified that any review, disclosure, copying, or > dissemination of this transmission, or taking of any action in reliance on > its contents, or other use is strictly prohibited. If you have received > this transmission in error, please reply to the sender listed above > immediately and permanently delete this message from your inbox. Thank you > for your cooperation. > >
