locked
Automatic Client Upgrade for Internet-Based clients RRS feed

  • Question

  • I have a question for you about Automatic Client Upgrade, especially around internet-based clients (IBCM feature) 

    The scenario is

    • Configuration Manager 2012 R2 SP1 with CU2
    • PKI infrastructure, IBCM feature enabled and configured with internet-facing MP/DP/SUP
    • A number of non-domain joined WORKGROUP clients which are internet-based. These have been set up as internet clients on Configuration Manager by creating Workstation certificates for each client, and then installing the Configuration Manager client using the command line CCMSETUP.EXE /UsePKICert /NoCRLCheck /mp: https://<MyInternetFQDN> SMSSITECODE=ABC CCMHOSTNAME=<MyInternetFQDN> CCMALWAYSINF=1. Client work fine in this way.
    • These clients will never come onto the corporate network, i.e. will always be internet managed

    I now want to upgrade my site to version 1511. I have configured my site hierarchy settings to Automatic Client Upgrade

    My question is, will the site setting to Automatically Upgrade Clients work for such internet clients? I can’t find anything definitive online. I found an article which goes some way to explaining the auto-upgrade process. In it, it suggests that a scheduled task is configured, which ultimately runs ccmsetup with a bunch of options. In this example:

    Ccmsetup command line: "C:\WINDOWS\ccmsetup\ccmsetup.exe" /runservice "/AutoUpgrade" "/UpgradePackageVersion:4" "/UpgradeWinTask" "/usepkicert" "CCMHTTPPORT=80" "CCMHTTPSPORT=443" "CCMFIRSTCERT=1" SMSSITECODE="PRI" "/mp:http://<IntranetFQDN>" FSP="<IntranetFQDN>"

    In an internet client case, is it going to be smart enough to replace that /mp:http://SCCM2012PRI.russlab.com option with "/mp:https://<My External FQDN>? Other than that option, it’ll probably work, though also having the CCMHOSTNAME=<My External FQDN> CCMALWAYSINF=1 would also help.

    Does anyone have the definitive version of what will actually happen for such clients, or a way to ensure that they are upgraded, e.g. manually running the ccmsetup command with more appropriate options?

    Thanks

    Monday, March 14, 2016 9:59 AM

Answers

  • Hi,

    Haven't tried it on Internet based clients, but it will use exactly the command-line you specified to install the configmgr client in the first place, when you use Automatic Client Upgrade so if you specified HTTPS then that is what will be used.

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Monday, March 14, 2016 10:32 AM

All replies

  • Hello

    When you're dealing with Internet-only clients then yes the client needs to be manually/ scripted installed to specifically provide the client with the right information.

    Once the client is installed the normal CU packages can be used to upgrade the clients.
    Also, they must be trusted and must meet the requirements listed on

    TechNet: http://technet.microsoft.com/en-us/library/gg699362.aspx .

    That's it. 


    Regards, Regin Ravi

    Monday, March 14, 2016 10:17 AM
  • Hi,

    Haven't tried it on Internet based clients, but it will use exactly the command-line you specified to install the configmgr client in the first place, when you use Automatic Client Upgrade so if you specified HTTPS then that is what will be used.

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Monday, March 14, 2016 10:32 AM
  • Hi.

    I know this is a bit late to answer your question, but it might help others.

    I have just tested the Automatic Client Upgrade feature in my SCCM 1606 estate for the IBCM clients (our DMZ servers).

    It works fine. the AlwaysINF parameter is kept from looking through the logs, and they simply upgrade to the newer version of the client with no issue whatsoever, with all the same settings kept as before.

    No manual deployments are required. at least not on 1606 anyway.

    I'm pretty impressed to be honest as I didn't think it would work properly.

    Cheers

    Andrew

    Wednesday, September 7, 2016 11:11 AM
  •  i want to know that, after upgrading SCCM to 1702 and enabling the automatic client upgrade, will IBCM clients upgrade automatically (connected over internet) or need to install new client manually ???
    OR
    is it compulsory that IBCM clients need to come in intranet or manual installation of upgraded / new client????
    Wednesday, November 29, 2017 7:22 AM
  • Andrew answered that question above: "It works fine."

    Jason | https://home.configmgrftw.com | @jasonsandys

    Wednesday, November 29, 2017 3:32 PM