none
SCCM 2012 Primary/Secondary Site Configuration

    Question

  • Question about primary & secondary sites.

    Generally speaking, will if an SCCM 2012 set up contains both a primary site and a secondary site, will all clients proxy through the secondary site even if the boundaries are set up to have clients communicate directly with the primary site?

    In my configuration, we have a primary site linked to the 10.1.0.0/16 network and a secondary site linked to the 10.99.0.0/16 network.  When it was originally set up, there was only the primary site and all clients from both networks would communicate with that primary site.  Then I realized that I needed a distribution point on the 10.99.0.0/16 network for PXE boot purposes, so I set up a secondary site on that network.  Later on I noticed that all of my clients on the 10.1.0.0/16 network have a proxy management point listed in the Configuration Manager properties (in the client Control Panel) set to the name of the secondary server on the 10.99.0.0/16 network.  Those same devices have the Assigned Management Point set to the primary site on the 10.1.0.0/16 network.  My issue is those two networks are bridged over a 50Mb/s link rather than the 1Gb/s link found internally.  When the secondary server goes down, all the clients on the 10.1.0.0/16 network slow down so much they are nearly unusable, until the secondary server is brought back up.  This leads me to my question of wondering if I need to route all management data through a secondary server?  If so, I can set up a secondary server on the 10.1.0.0/16 network, but it seems a little redundant having a primary server on the same segment.  We are only managing 500 clients, so we really don't have much of a need for a robust server structure, unless Configuration Manger requires it.

    Thanks!

    Wednesday, January 30, 2013 1:59 PM

Answers

  • I decided to take a stand and remove the management point role on the secondary server last Friday and when I came into work today things were working as expected.  Most of my machines are marked as Active, the Software Center is populating correctly, remote control is re-established and software is being remotely installed as it was.  The SCCM configuration in the Control Panel is back to normal and all the Actions have re-appeared.

    So it does appear that the existence of a secondary site on the domain caused the problem.  I don't believe that changing the boundaries was the exact cause of the problem, but by doing so it must have confused the clients.  Since all of the clients in my main location were installed prior to the existence of the secondary site, that is why things were probably working just fine.

    Thanks to those who helped look into this.

    • Marked as answer by a.boell Monday, February 04, 2013 7:40 PM
    Monday, February 04, 2013 7:40 PM

All replies

  • Boundaries / boundary groups (site assignment) will tell the clients which MP to use.

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, January 30, 2013 2:36 PM
  • Boundaries / boundary groups (site assignment) will tell the clients which MP to use.

    Torsten Meringer | http://www.mssccmfaq.de

    Clarify one thing for me please.

    What if the clients are installed at the secondary site and later roam into the primary site? 

    Will they then use the DP of the primary but still the MP of the secondary?

    Thanks!

    Wednesday, January 30, 2013 2:49 PM
  • ... will all clients proxy through the secondary site even if the boundaries are set up to have clients communicate directly with the primary site?

    No (see Torsten's response).

    Remember though that in 2012, boundaries must be part of a boundary group also. Here's a blog post on this subject: http://blog.configmgrftw.com/?p=453

    Note that secondary site server's are single points of failure. If the secondary site server is unavailable, clients do not fallback to the MP in the primary site.

    Also, there is no need to have  secondary site in order to support a remote DP. Another note here is that client location of PXE servers has nothing to do with ConfigMgr and is completely outside the control of anything Microsoft even.

    Can you define "slow down so much they are nearly unusable"? A secondary site being unavailable will never affect a client's performance. Are there other things hosted on that server?


    Jason | http://blog.configmgrftw.com

    Wednesday, January 30, 2013 2:57 PM
  • Thank you for the responses.  To answer Jason's question, the slow down made all of the affected machines so slow that domain user logons were taking 15 minutes instead of the 15 - 30 seconds they normally do.  Once logged on, anything performed on the network was just slow.  As soon as the remote secondary server was restarted, all those problems went away.  The reason I believe that all traffic is being routed through that remote secondary server is because of the Configuration Manager Properties page (see below).  The ip of the machine where this was pulled from is 10.1.1.60; the ip of the primary site server is 10.1.1.39 and the ip of the secondary server is 10.99.1.2.

     

    There is nothing else installed on that server, it is a dedicated SCCM 2012 secondary server.

    Wednesday, January 30, 2013 7:58 PM
  • Here is my boundary setup.  Maybe you can see the flaw in my configuration.

    In my following post, I will show the properties of the boundary groups.

    Wednesday, January 30, 2013 8:08 PM
  • The West Point boundary group contains all the boundaries with the IP ranges containing 10.1.X.X

    The Beemer boundary group contains the single boundary with the IP range 10.99.0.0

    That is my boundary configurations.  The primary site server has the ip of 10.1.1.39 and the secondary server has the ip of 10.99.1.2.  The two networks are able to talk to one another, which is why I configured one as fast and the other as slow (hoping to force the correct server to connect).  Are there any obvious errors in the configuration?

    Wednesday, January 30, 2013 8:08 PM
  • Nothing is actually "routed" through the secondary site. ConfigMgr clients communicate with site roles at secondary sites like the MP, but this is only for ConfigMgr traffic so the only possible effect of a secondary site being down is to ConfigMgr functionality. Also, ConfigMgr clients in no way have a persistent connection with site systems or roles.

    What may have happened is that your clients began pulling content from the DP at the primary site thus causing a lot of WAN congestion. This is only possible *if* you had some active deployments and the secondary site was down long enough that clients began to use the DP at the primary.

    Back to your questions above which I missed:

    "What if the clients are installed at the secondary site and later roam into the primary site?" and "Will they then use the DP of the primary but still the MP of the secondary?"

    Where the client was installed at does not matter. Secondary site MP selection is all about content location boundary groups as is DP selection (see my blog post linked above). Thus, because they are using the same selection criteria, there is no way for them to use a DP at another location unless the content is not available locally but is at that alternate location or if somehow the DP were not responding from the local site and the client falls back to an alternate location (note that this fallback process for content is not instantaneous though and I *think* the timeout is something like eight hours before a client will try a fallback location).


    Jason | http://blog.configmgrftw.com

    Wednesday, January 30, 2013 8:12 PM
  • I have been doing a bit more research on the problem and ran across a forum asking about best practices on when to install a secondary site over just a distrubtion point (http://social.technet.microsoft.com/Forums/en-US/configmanagerdeployment/thread/e79e3f4d-0518-467c-8d7f-81cbb964b6c7/).  I have far fewer machines and users than the individual posting that question (while having a 50Mbps link), but I have my secondary server configured as a management point as well as a distribution point.  In fact, I have 9 roles configured for that site:

    • Component server
    • Distribution point
    • Management point
    • Site database server
    • Site server
    • Site system
    • Software update point
    • State migration point

    Do I have too many (or incorrect) roles configured?  I'm almost wondering if by me having my secondary site server configured as a management point if that is causing issues.  I really only needed something on the local network segment for PXE booting and Windows updates, which I believe could be handled without having the Management Point role configured.  What do you think?

    Thursday, January 31, 2013 7:10 PM
  • I decided to take a stand and remove the management point role on the secondary server last Friday and when I came into work today things were working as expected.  Most of my machines are marked as Active, the Software Center is populating correctly, remote control is re-established and software is being remotely installed as it was.  The SCCM configuration in the Control Panel is back to normal and all the Actions have re-appeared.

    So it does appear that the existence of a secondary site on the domain caused the problem.  I don't believe that changing the boundaries was the exact cause of the problem, but by doing so it must have confused the clients.  Since all of the clients in my main location were installed prior to the existence of the secondary site, that is why things were probably working just fine.

    Thanks to those who helped look into this.

    • Marked as answer by a.boell Monday, February 04, 2013 7:40 PM
    Monday, February 04, 2013 7:40 PM