locked
Clients in untrusted forest picking up incorrect MPs RRS feed

  • Question

  • Hi

    I've set up a couple of servers in untrusted forest B that hold the MP and DP roles for a main site in forest A.

    This mostly seems fine and all clients have installed the agent and are showing up as expected in the console. However on some of the clients in forest B they are looking at a management point in forest A. Initially I realised this was probably because I'd forgotten to remove the /MP parameter specifying a particular Management Point in forest A. However this didn't seem to make any difference to some clients which did still find the correct MP in forest B. I removed it anyway as it was no longer required and re-pushed the client to affected machines (checking the uninstall client option as well for good measure) but when the client reinstalled, it still picked up an MP from Forest A. The effect of this is that several tabs are missing and only the machine and user policy option are available (although I am still able deploy standard packages).

    The only way I have found to prevent this happening (and instead find a correct local forest MP) is to select the use computer account radio button under the general tab of the untrusted forest entry in the AD Forests node of the console. This is instead of putting in the cross-forest credentials. Publishing, however now fails though, and in any case it seems like a bit of a kludge.

    Any idea what's up?

    Cheers

    Friday, September 25, 2015 1:42 PM

Answers

  • Well by default SCCM client in the same site will move around MP. 

    In SCCM 2012 r2 CU3 you can use regkey to assign MP to a client

    In SCCM 2012 r2 SP1 or SCCM 2012 SP2 you can use the boundary to assign the MP to a client.

    So if you have neither of these configure it's normal behavior that the clients move around. SCCM doesnt care about the client domain to assign it to a MP once the client as been approve in SCCM he can pick what ever MP he likes as they can all serve the client.


    • Edited by Frederick Dicaire Friday, September 25, 2015 1:46 PM
    • Marked as answer by SJBond Friday, September 25, 2015 2:13 PM
    Friday, September 25, 2015 1:45 PM

All replies

  • Hi,

    Update the site server with SCCM 2012 SP2 and SP2 CU1.

    New feature in SCCM 2012 SP2 and SP2 CU1.

    http://www.systemcenterdudes.com/sccm-2012-r2-sp1-new-features/


    Regards, kanna

    Friday, September 25, 2015 1:44 PM
  • Well by default SCCM client in the same site will move around MP. 

    In SCCM 2012 r2 CU3 you can use regkey to assign MP to a client

    In SCCM 2012 r2 SP1 or SCCM 2012 SP2 you can use the boundary to assign the MP to a client.

    So if you have neither of these configure it's normal behavior that the clients move around. SCCM doesnt care about the client domain to assign it to a MP once the client as been approve in SCCM he can pick what ever MP he likes as they can all serve the client.


    • Edited by Frederick Dicaire Friday, September 25, 2015 1:46 PM
    • Marked as answer by SJBond Friday, September 25, 2015 2:13 PM
    Friday, September 25, 2015 1:45 PM
  • OK, missed the option in the boundary properties to remove the unwanted servers. Thanks.
    • Edited by SJBond Friday, September 25, 2015 2:13 PM
    Friday, September 25, 2015 2:10 PM
  • /MP has *nothing* to do MP selection by the client. /MP is used by ccmsetup to locate a source to download the rest of the installation files from.

    As for MP affinity, while clients do prefer MPs in their own domain and forest, this is truly just a preference. There is unfortunately no public documentation or statements as to why a client may stray from this preference though.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Friday, September 25, 2015 4:16 PM
  • Well by default SCCM client in the same site will move around MP. 


    Well partially true. A client should prefer a MP in its own domain and ignore those from others.

    Torsten Meringer | http://www.mssccmfaq.de

    Sunday, September 27, 2015 8:16 AM