locked
Distribution Point, and Management Point selection flowchart, or explanation. RRS feed

  • Question

  • Is there a documented explanation on the process of management point and Distribution Point selection in an environment with several of each. I have been unable to find any useful information for System Center 2012 Configuration Manager.

    The only information i can find on management point selection is that every 25 hours, or if the client detects a network change it selects one from from its list, the closest one based on its forest membership.  Is there any more specific information on this? If I have two or more management points for the same site I don't want all of the clients trying to use only one management point because it is deemed closest in the forest.

    The same for Distribution Points, If i have several in one location serving one primary site, how do the clients select which distribution point that they use.

    Wednesday, February 20, 2013 4:38 PM

Answers

  • Is it okay to have multiple MP's that span across WAN links in a primary site? Will the client know to select the nearest one? How by boundary?

    Is it OK? Yes.

    Will clients know to select the nearest one? No.

    Multiple MPs are for availability and cross-forest only, there is no location awareness by any means.


    Jason | http://blog.configmgrftw.com

    • Proposed as answer by Webbeye Wednesday, March 13, 2013 5:56 PM
    • Marked as answer by Garth JonesMVP Tuesday, October 27, 2015 5:12 PM
    Wednesday, March 13, 2013 4:21 PM
  • MP selection is quite easy and outlined at http://technet.microsoft.com/en-us/library/gg699359.aspx#WhatsNew_Sites_and_Hierarchies under the Site System Roles section:

    "There is no longer a default management point at primary sites. Instead you can install multiple management points and the client will automatically select one, based on network location and capability (HTTPS or HTTP). This behavior supports a higher number of clients in a single site and provides redundancy, which was previously obtained by using a network load balancing (NLB) cluster. When the site contains some management points that support HTTPS client connections and some management points that support HTTP client connections, the client will connect to a management point that is configured for HTTPS when the client has a valid PKI certificate. "

    Note that network location in the above text refers to AD forest and no other criteria.

    For DPs, nothing has changed since 2007 and is outlined at http://technet.microsoft.com/en-us/library/gg712321.aspx


    Jason | http://blog.configmgrftw.com

    • Proposed as answer by Webbeye Wednesday, March 13, 2013 5:56 PM
    • Marked as answer by Garth JonesMVP Tuesday, October 27, 2015 5:12 PM
    Sunday, February 24, 2013 1:25 AM

All replies

  • The closest thing that I have seen are the SuperFlows. Found here.

    They are from the 2007 days but should still fulfill the info you are looking for.


    Wednesday, February 20, 2013 5:06 PM
  • A lot has changed from the 2007 days, for example NLB can no longer be used to load balance management points. Changes to distribution points as well, collections can be associated with Distribution point groups. So I am not sure I trust anything that is specifically referencing 2007.
    Wednesday, February 20, 2013 5:40 PM
  • Oh, I definitely agree. But this is the closest flowcharts I've seen. I think they can give you clues as to the deeper mechanics of how a client selects which MP or DP to go to for service.

    If the box doesn't fit, think out of it.

    Wednesday, February 20, 2013 8:25 PM
  • MP selection is quite easy and outlined at http://technet.microsoft.com/en-us/library/gg699359.aspx#WhatsNew_Sites_and_Hierarchies under the Site System Roles section:

    "There is no longer a default management point at primary sites. Instead you can install multiple management points and the client will automatically select one, based on network location and capability (HTTPS or HTTP). This behavior supports a higher number of clients in a single site and provides redundancy, which was previously obtained by using a network load balancing (NLB) cluster. When the site contains some management points that support HTTPS client connections and some management points that support HTTP client connections, the client will connect to a management point that is configured for HTTPS when the client has a valid PKI certificate. "

    Note that network location in the above text refers to AD forest and no other criteria.

    For DPs, nothing has changed since 2007 and is outlined at http://technet.microsoft.com/en-us/library/gg712321.aspx


    Jason | http://blog.configmgrftw.com

    • Proposed as answer by Webbeye Wednesday, March 13, 2013 5:56 PM
    • Marked as answer by Garth JonesMVP Tuesday, October 27, 2015 5:12 PM
    Sunday, February 24, 2013 1:25 AM
  • Jason, is there a flaw here that if there is an HTTP and HTTPS MP in the same site and the HTTPS MP is sat in a DMZ, when a client with the required cert is on the intranet it would want to communicate with this MP?  I see a problem in my lab environment where I am attempting OSD on a client using boot media without a cert and it fails to retrieve policy (0x80004005) due to it attempting to pull policy from the HTTPS enabled MP on a site system in the DMZ.

    Is it therefore logical to have a full Secondary Site in the DMZ - so that HTTPS management points are on a separate site to HTTP clients?

    Andy


    My Personal Blog: http://madluka.wordpress.com

    Wednesday, March 13, 2013 3:23 PM
  • Note that network location in the above text refers to AD forest and no other criteria.

    Hi Jason

    Is it okay to have multiple MP's that span across WAN links in a primary site? Will the client know to select the nearest one? How by boundary?

    Thanks

    Kev


    Kev :)

    Wednesday, March 13, 2013 4:18 PM
  • Is it okay to have multiple MP's that span across WAN links in a primary site? Will the client know to select the nearest one? How by boundary?

    Is it OK? Yes.

    Will clients know to select the nearest one? No.

    Multiple MPs are for availability and cross-forest only, there is no location awareness by any means.


    Jason | http://blog.configmgrftw.com

    • Proposed as answer by Webbeye Wednesday, March 13, 2013 5:56 PM
    • Marked as answer by Garth JonesMVP Tuesday, October 27, 2015 5:12 PM
    Wednesday, March 13, 2013 4:21 PM
  • Hello Jason,

    Just wondering would a MP over a WAN link offer anything worth while?

    Would it provide high availability? Would you recommend another configuration?

    Thanks

    Jack

    Wednesday, March 13, 2013 4:52 PM
  • It *could* provide some site resiliency but that would come at the cost of some increased WAN traffic because clients may cross the WAN to contact the MP -- there's no way to know for sure or control it. Client to MP traffic is generally very low, but it's still a consideration.


    Jason | http://blog.configmgrftw.com

    Wednesday, March 13, 2013 4:59 PM
  • So maybe then to improve site resiliency with the help of the existing servers across the WAN.. 

    For my ignorance, if there are 5 MP's in a site the client will get the list of MP's that is published to AD. How does the client select the MP it the uses? Is there any criteria it uses?

    Thanks again


    Kev :)


    • Edited by Webbeye Wednesday, March 13, 2013 5:39 PM
    Wednesday, March 13, 2013 5:39 PM
  • MP selection within the two MP lists (HTTPS enabled and non-HTTPS enabled) is essentially random.

    Jason | http://blog.configmgrftw.com

    Wednesday, March 13, 2013 5:47 PM