locked
Binding All Unassigned vs IP RRS feed

  • Question

  • Hoping some IIS gurus out there can answer a question for me.

    Scenario:  Site Server with 2 IP's assigned to the NIC.  Hosting a Management Point, using SSL (443) on first IP, and the Application Catalog using a HOST A record for friendly name with SSL (443) on the second IP.  

    When setting up the bindings in IIS, I can specify the IP for the MP, however if I specify the IP for the Application Catalog I get the "Cannot connect to the application server" error when accessing the catalog.  I flip the binding for the Application Catalog to "All Unassigned" and everything works.

    Can someone explain why this happens?

    Thanks!

    Monday, March 31, 2014 3:22 PM

Answers

  • By default, they're not different web sites though. I guess that's the difference. Why are you changing the web site for the App Catalog web site point role?

    Also remember that supported means that they've tested it and accounted for the possible scenarios and anytime you deviate from what they've tested, YMMV even if it seems technically valid.


    Jason | http://blog.configmgrftw.com

    Tuesday, April 1, 2014 1:41 PM
  • That is a valid question!  For some reason I was under the impression you had to use a separate website.  Can't say I honestly recall why.  :-|  Going to remove the catalog roles, reset the certificate I am using for the Default Website to include the alias and re-install to default website.  That should certainly do the trick.. BRB.

    Thanks!

    Tuesday, April 1, 2014 1:58 PM

All replies

  • So to add more to this, I just noticed that when I add the IP directly to the binding for the MP it also stopped working.  Errors in the mpcontrol.log: Failed to send http request /SMS_MP/.sms_aut?MPLIST. Error 12030

    (12030 = The connection with the server was terminated abnormally)

    Monday, March 31, 2014 3:30 PM
  • Side question: Why would you assign multiple IPs to the same NIC on a site system? Are the IPs on the same subnet?

    Jason | http://blog.configmgrftw.com

    Monday, March 31, 2014 4:13 PM
  • Yeah, only have a single NIC in the server (this is lab setup BTW) and IP's are:

    192.168.0.11 and 192.168.0.12

    .11 is the main IP used for the MP via 443

    .12 was assigned explicitly for hosting the AppCatalog on same server via 443.

    I have done it this way in the past for a production SCCM 2012 SP1 and it worked fine (even added a 3rd for SRS).  I do recall having to leave one as All Unassigned, but no longer have access to that environment to take a closer look.

    Monday, March 31, 2014 4:26 PM
  • I don't really see the value in doing this (not that that should really matter although I'm curious) but I know it's totally unsupported.

    How are you changing the bindings on sub-directories of the main web site?


    Jason | http://blog.configmgrftw.com

    Monday, March 31, 2014 8:35 PM
  • MP and App catalog are on different websites.  No need to bind sub directories?  And this surely is a supported scenario as hosting multiple sites with different IP's on a single nic is nothing revolutionary.

    I am curious though how you handle this scenario though with a single server to host the MP and the App Catalog both using SSL over port 443?  Maybe there is a better way?  Dont know a way unless you change the SSL port for one or the other but could be something I am unaware of.

    Thanks!

    Tuesday, April 1, 2014 1:19 PM
  • By default, they're not different web sites though. I guess that's the difference. Why are you changing the web site for the App Catalog web site point role?

    Also remember that supported means that they've tested it and accounted for the possible scenarios and anytime you deviate from what they've tested, YMMV even if it seems technically valid.


    Jason | http://blog.configmgrftw.com

    Tuesday, April 1, 2014 1:41 PM
  • That is a valid question!  For some reason I was under the impression you had to use a separate website.  Can't say I honestly recall why.  :-|  Going to remove the catalog roles, reset the certificate I am using for the Default Website to include the alias and re-install to default website.  That should certainly do the trick.. BRB.

    Thanks!

    Tuesday, April 1, 2014 1:58 PM
  • As expected it all working normally now.  Need to go back now and dig up why I thought it needed to be a separate website!  Causing myself grief for no reason.  Thanks for the feedback Jason.
    Tuesday, April 1, 2014 2:11 PM
  • :-)

    Sometimes it just takes a few questions to sync up what you're seeing/doing with what I'm thinking you're seeing/doing.

    I'm sure there is a valid reason why they give you the ability to change the web site, probably having to do with security, but generally I find that when you deviate from standard/default configuration, you get non-standard/non-default problems.


    Jason | http://blog.configmgrftw.com

    Tuesday, April 1, 2014 2:23 PM
  • Completely agree. :-)  Thanks again.
    Tuesday, April 1, 2014 3:18 PM