locked
Off site Distribution Point RRS feed

  • Question

  • Hi All,

    Building a lab environment with the concept of Site A (Main Branch) and Site B (Remote location).

    Have 2 dedicated /leased lines , 2 CISCO Routers etc.   = = => See attached Network Diagram

    Site to Site VPN link has been configured and I can ping Site A and Site B.

    Now purpose was to use Site B as Remote DP in order to provide PXE support and OSD.

    Have tested the additional DP role with ON PREMISES machine (within the network of Site A)

    1. but how to setup for the remote site?

    2. How site B's computer running Server 2012 R2 can be part of domain hosted on Site A's server?

    3. Currently Site Boundaries are configured as AD DS (example.local running on Site A) = => Shall add site B IP addresses as well?

    An expert advise on this scenario ?


    N.A.Malik

    Saturday, August 15, 2015 9:46 PM

Answers

  • OK thanks you both Benoit and Peteris, I will continue further with domain membership and will try to sort it out.

    N.A.Malik

    • Marked as answer by N A Malik Monday, August 17, 2015 9:46 AM
    Monday, August 17, 2015 9:46 AM

All replies

  • First, install distribution point on remote server (http://prajwaldesai.com/setup-distribution-point-sccm-2012-r2/).

    Second, create Boundary Group for remote site and associate it with newly created distribution point (DP).

    Third, distribute all necessary content to remote DP, in the Task Sequence deployment choose to install only if local DP is available.

    Answers to Your questions:

    2. Yes, remote DP should be part of domain;

    3. If AD Sites are configured correctly, then You don't need to add IP addresses.

     
    Sunday, August 16, 2015 5:41 AM
  • First, install distribution point on remote server

    • Have checked already and this example demonstrates on locally connected machine.

    Second, create Boundary Group for remote site and associate it with newly created distribution point (DP).

    • Did you mean local IP address range? as this segment will be joined to AD located at Site A.

    Yes, remote DP should be part of domain;

    • This was my main question how to bind the remote locations machine to Site A active directory? If I was able to find this machine on AD site, then it would not be big deal to install DP on this machine. But in my case I am asking "How to link /enroll that particular machine which is currently  out of range from domain controller"


    N.A.Malik

    Sunday, August 16, 2015 10:05 AM
  • So do I understand correctly that subnets 192.168.10.x and 172.16.10.x both belong to Site A?

    If so then Your AD site structure doesn't map SCCM structure and in SCCM You have to build Boundary groups based on IP subnets / IP ranges.

    Create on boundary group with subnet 192.168.10.x and second with subnet 172.16.10.x.

    And then assign boundary group with subnet 172.16.10.x to Remote Site DP.

    Sunday, August 16, 2015 11:34 AM
  • So do I understand correctly that subnets 192.168.10.x and 172.16.10.x both belong to Site A?

    No, 192.168.10.x belong to Site A and 172.16.10.x represents Site B (as shown in diagram).

    But Site A's Server is hosting Active Directory and acting as Domain Controller (Example.local)

    Site B doesn't needs to have AD DS as this site would be part Example.local (located on Site A, this was the question I asked how a computer in a different subnet can be domain joined and  part of domain)


    N.A.Malik

    Sunday, August 16, 2015 3:05 PM
  • I asked how a computer in a different subnet can be domain joined and  part of domain

    There are no problems with joining a server to domain from different subnet. Just make sure that necessary ports are opened and DNS resolution works (I believe detailed instructions are out of scope of this forum).

    In previous post I answered how to configure SCCM boundaries

    Sunday, August 16, 2015 4:40 PM
  • What ports do you think are necessary to open on DC and remote server?

    N.A.Malik

    Sunday, August 16, 2015 7:54 PM
  • Sunday, August 16, 2015 7:57 PM
  • And the ports necessary for AD are here https://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396, You need those ports which have usage "User and Computer Authentication"
    Monday, August 17, 2015 5:26 AM
  • OK thanks you both Benoit and Peteris, I will continue further with domain membership and will try to sort it out.

    N.A.Malik

    • Marked as answer by N A Malik Monday, August 17, 2015 9:46 AM
    Monday, August 17, 2015 9:46 AM