Daniel, We have encountered the same issue and have even filed a bug.
In our situation, it was due to host 'naming convetion', meaning that when a boot client request policy, it will get the list of MPs in alphabetical order and choose the first alpha from the list. Also, in a case where that MP was not online or could not respond, imaging fails. This is true when selecting dynamic or static MPs on you boot image. In our environment we have 2 restricted areas and just happens for our luck to have the top names alphabetically on the list of available MPs. Cesar A. Meaning is NOT in words, but inside people! Dr. Myles Munroe My iPad takes half the blame for misspells. > On Jul 4, 2014, at 6:33 AM, Daniel Ratliff <dratl...@humana.com> wrote: > > This sounds exactly like a problem we encountered this week on a new boot > image for OSD. > > HTTPS MPs in the dmz get the first request for policies but don't offer any > up on our new WinPE 5.0 boot image for R2. We need the boot image to hit the > internal MPs first, but it won't because the are only HTTP. > > Is our only option make all the MPs HTTPS? Or use Location Aware? > > -----Original Message----- > From: jeff.carr...@wellsfargo.com [jeff.carr...@wellsfargo.com] > Sent: Friday, July 04, 2014 08:34 AM Eastern Standard Time > To: mssms@lists.myitforum.com > Subject: RE: [mssms] CM 2012 Role in DMZ > > Ah, thanks for clarification Kim! > > > > > > > > > > JEFF CARREON > > > > > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kim Oppalfens > Sent: Friday, July 04, 2014 8:27 AM > To: mssms@lists.myitforum.com > Subject: RE: [mssms] CM 2012 Role in DMZ > > > > Nope, not in that situation, client mp selection is site aware, not boundary > aware. What Rob said is accurate for multiple mp's in a single site, as could > be the case for a dmz mp. > > Sent from my Windows Phone > > From: jeff.carr...@wellsfargo.com > Sent: 4/07/2014 13:17 > To: mssms@lists.myitforum.com > Subject: RE: [mssms] CM 2012 Role in DMZ > > So if I had a CAS, site A and Site B (Primary sites). 192.x assigned to > Site A, 193.x assigned to site B, (with boundary group assignments) > regardless, i would see my clients assigned to site A hitting site B’s MPs? > Just really curious, bc I don’t think I’ve seen that behavior in our > environment. > > > > > > > > > > > > JEFF CARREON > > > > > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of David O'Brien > Sent: Friday, July 04, 2014 7:02 AM > To: mssms@lists.myitforum.com > Subject: RE: [mssms] CM 2012 Role in DMZ > > > > MPs are NOT location aware, by default. MP selection has nothing to do with > boundaries, at least not if we’re talking about Primary Sites only. It’s a > different thing with Secondary Sites, there boundary groups come into play. > > > > So, of course, what Robert says is true here ;) > > > > Cheers > > David > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of jeff.carr...@wellsfargo.com > Sent: Friday, July 4, 2014 8:53 PM > To: mssms@lists.myitforum.com > Subject: RE: [mssms] CM 2012 Role in DMZ > > > > Is that true even if you have the boundaries and boundary groups set up for > the site(s)? Clients from other sites would still hit other MPs on the other > sites even though they’re not assign to the group they belong to? > > > > > > > > > > JEFF CARREON > > > > > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Robert Marshall > Sent: Friday, July 04, 2014 4:29 AM > To: mssms@lists.myitforum.com > Subject: RE: [mssms] CM 2012 Role in DMZ > > > > If you’ve got a full blown MP in your DMZ I know a way to make the Clients in > the DMZ only use that MP, and not any MP > > > > Keep in mind Clients will use any MP in the hierarchy based on > Forest\Domain\Security Realm, time of day and wind direction and maybe > depends on what shirt John Marcum is wearing at that particular moment, > really J > > > > Robert > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Jason Wallace > Sent: 03 July 2014 06:31 > To: mssms@lists.myitforum.com > Subject: Re: [mssms] CM 2012 Role in DMZ > > > > You'll need to have an account on that machine which is a local admin. You'll > use this account for CM to be able to deploy the services. > > > > You will need to establish comms so that the site server can deploy to the > DMZ machine. You'll likely want to configure site server initiated > communications. This will cause the site server to poll the MP for inbox > files rather than these being pushed through the firewall. > > > > For the SUP you will need to implement HTTPS (and should anyhow for other > services) > > > > Regarding the MP you will need to provide access to the database. You can do > this either by opening up the firewall, placing a replica in the DMZ or > moving the MP behind the firewall and having some kind of proxy going on. > > > > For the catalog - not sure > > > On 3 Jul 2014, at 06:08, "Roney George" <ronaldo.geo...@live.com> wrote: > > Hi, > > > > I am planning for installing a MP, SUP, DP and App Catalog Role on a server > in DMZ. > > > > Are there in How to document how this can be achieved on CM 2012 R2 , SQL > 2012 R2 , and Roles are installed on Server 2012. > > > > > > > > > > > > > > > > > > > > > > The information transmitted is intended only for the person or entity to > which it is addressed > and may contain CONFIDENTIAL material. If you receive this > material/information in error, > please contact the sender and delete or destroy the material/information. >
