none
Primary Site Native Mode - Manage servers in separate non-trusted domain

    Question

  • Hi,

    We have successfully deployed SCCM in Native Mode to our Production/Test servers on the domain (ABC) and in workgroups.

    We have a separate 'Development' domain  (ABCTEST) which is not trusted with ABC however is accessible. I have tried installing a Secondary site however one of the pre-requisites is that there exist an account for the Site Address - which in our environment is not possible as the domains can not access each others user/computer objects.

    The other issue is the ABCTEST domain does not integrate with our PKI infrastructure and must be configured for Mixed Mode.

    From my research I have one of two options:

    a) Treat the servers in the ABCTEST domain as "Internet" clients and configure an Internet Management Point

    b) Create a separate SCCM environment (which I would prefer not to do for licensing reasons)

    c) Create a child site and exchange keys (See: http://social.technet.microsoft.com/Forums/en-US/configmgrgeneral/thread/338babfc-5968-4042-ab29-b670a706e21c/) - although I am not entirely sure how this works.

    Are there any other options I can take or out of the three above is the most recommended?

    ~D

    • Moved by Torsten [MVP]MVP Wednesday, February 15, 2012 7:15 AM moved to IBCM subforum (From:Configuration Manager Setup/Deployment)
    Wednesday, February 15, 2012 3:47 AM

Answers

  • I created a completely new deployment package and it worked - for some reason even though I had changed the schedule settings it did not recognise the changes in the original package.

    Thank you for referring me to the hotfix.

    ~D

    • Marked as answer by Sabrina Shen Wednesday, February 29, 2012 8:45 AM
    Monday, February 20, 2012 2:48 AM

All replies

  • How many client you've in ABCTEST domain? (if you've less number of clients) It would better if you can treat them as WORKGROUP clients (More details http://social.technet.microsoft.com/Forums/en-US/configmgribcm/thread/7d0aec41-c8b8-4da0-862e-069ce32e11a0).

    If you treat them as internet client then you will loss the following functionalities mentioned in the follwoing article (http://blogs.msdn.com/b/steverac/archive/2009/06/11/sccm-features-not-supported-through-ibcm.aspx).


    Anoop C Nair - @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    User Group:  ConfigMgr Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, February 15, 2012 6:12 AM
  • Hi Anoop,

    Currently we have under 25 servers in the ABCTEST domain - thank you for the suggestion of setting the servers up as workgroups.

    I have tested this on one server and the client installed successfully, when I attempted to roll out updates no execution occurred.

    Update Deployment was triggered however there was no download activity occurred (see UpdatesDeployment log excerpt)

    <![LOG[DetectJob completion received for assignment ({6574968A-AB0B-47B6-8647-6B69FCC73D3E})]LOG]!><time="15:33:04.065+-660" date="02-16-2012" component="UpdatesDeploymentAgent" context="" type="1" thread="6900" file="updatesassignment.cpp:1898">
    <![LOG[EnumerateUpdates for action (UpdateActionInstall) - Total visible updates = 0]LOG]!><time="15:33:04.080+-660" date="02-16-2012" component="UpdatesDeploymentAgent" context="" type="1" thread="8732" file="updatesmanager.cpp:1335">
    <![LOG[Assignment ({6574968A-AB0B-47B6-8647-6B69FCC73D3E}) received activation trigger]LOG]!><time="15:33:04.143+-660" date="02-16-2012" component="UpdatesDeploymentAgent" context="" type="1" thread="3300" file="updatesassignment.cpp:676">
    <![LOG[Operation (TriggerEnforce) already in progress. No need to activate.]LOG]!><time="15:33:04.143+-660" date="02-16-2012" component="UpdatesDeploymentAgent" context="" type="2" thread="3300" file="updatesassignment.cpp:682">

    ~D

    Thursday, February 16, 2012 6:08 AM
  • Are you having Win2k8 servers? If so, just go through the below thread. http://social.technet.microsoft.com/Forums/en-AU/configmgrsum/thread/516e287d-013b-463c-b44f-d3fb5eb23d76


    Anoop C Nair - @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    User Group:  ConfigMgr Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, February 16, 2012 7:19 AM
  • Hi Anoop,

    Yes we are using Win2k8 servers, I did install the hotix and reinstall the SCCM client afterwards however this still did not resolve the issue of the updates.

    The client is showing the same symptoms.

    ~D

    Sunday, February 19, 2012 11:00 PM
  • I created a completely new deployment package and it worked - for some reason even though I had changed the schedule settings it did not recognise the changes in the original package.

    Thank you for referring me to the hotfix.

    ~D

    • Marked as answer by Sabrina Shen Wednesday, February 29, 2012 8:45 AM
    Monday, February 20, 2012 2:48 AM