locked
DMZ internet-client Server RRS feed

  • Question

  • If the DMZ Server can not be a part of the internal domain will this work? The DMZ Server would be a DP running as a MP.

    Tuesday, January 29, 2013 2:44 PM

All replies

  • Yes, that will work, but a DP/MP has to be a domain member. A standalone / workgroup server cannot be used.

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, January 29, 2013 2:53 PM
  • I heard that as well but wanted someone to verify it. Do you know why that needs to be in a domain? I also heard that I need to have another certificate between the Primary and DMZ Server, is this correct?

    Tuesday, January 29, 2013 2:56 PM
  • Why? Because it's the way the product was designed. Certificates cannot exist "between machines". http://technet.microsoft.com/en-us/library/gg712701.aspx contains additional information.

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, January 29, 2013 3:13 PM
  • Ok so build a domain in the dmz and add this server to that domain. push the dp with mp roles to this server... configure as if it was apart of the domain with cert, fw rules, etc... and everything will work? Nothing else needs to be configured because it's not apart of the primary's domain?
    Tuesday, January 29, 2013 5:18 PM
  • And Torsten the reason I asked "Why it needs to be in a domain", what is going on in the background that requires this is so I can give a customer an answer rather then... because that is the way it was designed. When traffic is being sent over the network and specifically from DMZ to LAN a customer doesn't want to hear... because that is the way it was designed.
    Tuesday, January 29, 2013 7:58 PM
  • http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigAdDomains: "All System Center 2012 Configuration Manager site systems must be members of a Windows Active Directory domain that has a domain functional level of Windows 2000, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2."

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, January 29, 2013 8:22 PM
  • Thank you Torsten... I'm not doing this install for a couple weeks but I wanted to be prepared and be able to intelligently discuss the advantages and disadvantages of the two options. Thanks!
    Tuesday, January 29, 2013 8:38 PM