locked
Secondary Site Client communication RRS feed

  • Question

  •  

    Dear All

    We have a SCCM 2012 setup with Primary site, CAS and several DP servers, this setup is across various countries and each country has DP servers. Due to network bandwidth issues in one of the countries we had to upgrade the DP server to secondary site to manage its clients.

    When we check the clients’ details it has updated the MP as the secondary site which is correct.

    But our concern is still these clients are communicating to the primary site server.

    Is there any way that we can set one countries clients only to communicate with its secondary site without having any communications with primary site?

    Is there a way to avoid the clients talking directly to primary site server, also the management point is currently mixed up in that country some clients are pointing P1 Management Point (Primary Server) and some of them are on S1 Management Point (Secondary Site Server).

    Please advice

    Thank you in advance

     

    Wednesday, June 4, 2014 9:37 AM

All replies

  • Hi,

    Client REgistration will always use the MP for the Primary Site, there is no way to prevent it.

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Wednesday, June 4, 2014 9:48 AM
  •  

    Hi Jorgen

    Thanks for the quick response. Unfortunately, country IT Manager on that site is pissed off with the bandwidth issue pointing directly to SCCM from Primary Site and Secondary Site or vice versa. We have already configured the BITS Settings, Boundaries Subnet on the site and even client settings still no luck to minimize the Bandwidth issue. Is there a way we can minimize the traffic causing by the client/site server (Secondary). By the way we have 1000 Clients on that site, and current bandwidth speed for Site1 to Site 2 is 4Mbps.

    Is there any workaround? Or is it possible to upgrade the Secondary Site Server to a separate Primary Server then point those clients residing in that site to the Second Primary Server?  

    Wednesday, June 4, 2014 10:05 AM
  • One more reason of this bandwidth issue between secondary and primary could SQL replication. You need to find out how much data is replicated between SQL DBs.

    I've seen this issues in some environments.

    Some thoughts about this is posted in my blog here. This can give you some tips.

    http://anoopcnair.com/2014/04/24/sccm-2012-database-replication-schedule-throtteling-option-grayed/


    Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM

    Wednesday, June 4, 2014 1:26 PM
  • WSUS traffic could possibly be another culprit here. Are you using software updates and if so, did you put a WSUS instance and SUP on the secondary site? I generally don't recommend this but if bandwidth is tight, it will cause traffic without them on the secondary.

    Jason | http://blog.configmgrftw.com

    Wednesday, June 4, 2014 2:35 PM
  • Hi Anoop,

    Actually, i have schedule the DB replication from Primary to Secondary, and Secondary to Primary server. the Schedule of replication is from Monday to Friday (6AM to 8PM) will be no replication will be made, also the rate limits is currently set to 1% of the bandwidth usage during 6am to 8pm. 

    Thursday, June 5, 2014 3:38 AM
  • Hi Jason,

    Yes, we have implemented SUP in the Central and Primary servers only, i have not yet configured the Seondary Site to have SUP role. Also i have notice that some the clients are not having the same Management Point even if the client is on the same location. For Example:

    Client 1 properties (Located in Singapore):

    Management Point: MY1(Primary Server - located in Malaysia)

    Configuration Manager Assigned Site: MY1

    Configuration Manager Installed Site: MY1

    Configuration Manager Resident Site: SG1 (Secondary Site Server - located in Singapore)

    Client 2 properties (Located in Singapore, same location with Client 1)

    Management Point: SG1 (Secondary Site Server - located in Singapore)

    Configuration Manager Assigned Site: MY1

    Configuration Manager Installed Site: MY1

    Configuration Manager Resident Site: SG1

    The concern now is how to avoid or prevent the clients from singapore site talking/communicating directly to the Primary Site (located in Malaysia) since we have put already a Secondary Server in Singapore? Even if i pushed the client installation to SG1 its not even reflecting, ans still pointing to MY1.

    Please advise.

    Thanks.

    Thursday, June 5, 2014 4:00 AM
  • Actually, i have schedule the DB replication from Primary to Secondary, and Secondary to Primary server. the Schedule of replication is from Monday to Friday (6AM to 8PM) will be no replication will be made, also the rate limits is currently set to 1% of the bandwidth usage during 6am to 8pm. 

    Have you done this from SQL server? Because, if I'm not wrong, we don't have option to throttle SQL replication from CM12 console. 

    Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM

    Thursday, June 5, 2014 5:01 AM
  • Hi Anoop,

    I have not done it on the SQL Server, but on the Primary Server in: Administration->Hierarchy Configuration->File Replication.

    Also i have read your blog regarding the SQL Replication. Your correct the SQL throttling is not enable between the Primary to Secondary server. So what now is the purpose of File Replication? 

    Also you may want to check my reply to Jason, regarding the client MP's. is there a way to prevent the Singapore clients communicating directly to the Primary site?  

    Thanks.

    Thursday, June 5, 2014 5:22 AM
  • Yes that is file replication. SQL replication can't be throttled (natively and I don't know how to throttle the same). For mp selection issue which you explained is known behaviour as mentioned in the above reply. Also make sure there is no boundary overlap for site assignment.

    However you can check the logs like locationservices.log to understand whether this is mp rotation or not. I've blog post which talks about mp rotation. This may give more idea.

    Www.anoopcnair.com/2014/03/07/configmgr-sccm-2012-mp-selection-forest-trust-related-bug/


    Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM




    Thursday, June 5, 2014 5:48 AM
  • Hi Anoop,

    Below is the LocationServices.log from the clients: (Pls take note MYHQKUL990708S is the Primary Server, while SGHQSDC990029S is the Secondary Site Server).

    Client1 (LocationServices.log):

    The MP name retrieved is 'MYHQKUL990708S.SD.com' with version '7804' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>'        
    MP 'MYHQKUL990708S.SD.com' is compatible        
    Current AD forest name is sdb.com, domain name is SD.com        
    Lookup Management Points from AD:        
    Name: 'MYHQKUL990708S.SD.com' HTTPS: 'N' ForestTrust: 'N'        
    Retrieved lookup MP(s) from AD        
    Default Management Points from AD:        
    Name: 'MYHQKUL990708S.SD.com' HTTPS: 'N' ForestTrust: 'N'        
    Persisting the default management points in WMI        
    Current AD forest name is sdb.com, domain name is SD.com        
    Current AD site of machine is SG-MT-PPS-1        
    Current AD forest name is sdb.com, domain name is SD.com        
    Begin checking Alternate Network Configuration        
    Finished checking Alternate Network Configuration        
    Default Management Points from MP:        
    Name: 'MYHQKUL990708S.SD.com' HTTPS: 'N' ForestTrust: 'Y'        
    Current AD forest name is sdb.com, domain name is SD.com        
    Persisted Default Management Point Locations locally        
    Current AD site of machine is SG-MT-PPS-1        
    Current AD forest name is sdb.com, domain name is SD.com        
    Begin checking Alternate Network Configuration        
    Finished checking Alternate Network Configuration        
    Retrieved proxy management point authentication info from AD.        
    Proxy Management Points from assigned MP:        
    Name: 'SGHQSDC990029S.SD.com' HTTPS: 'N' ForestTrust: 'Y'        
    Current AD forest name is sdb.com, domain name is SD.com        
    Attempting to retrieve local MPs from the assigned MP        
    Current AD site of machine is SG-MT-PPS-1        
    Current AD forest name is sdb.com, domain name is SD.com        
    Begin checking Alternate Network Configuration        
    Finished checking Alternate Network Configuration        
    Local Management Points from assigned MP:        
    Name: 'SGHQSDC990029S.SD.com' HTTPS: 'N' ForestTrust: 'Y'        
    Current AD forest name is sdb.com, domain name is SD.com        
    Current AD site of machine is SG-MT-PPS-1        
    Current AD forest name is sdb.com, domain name is SD.com        
    Begin checking Alternate Network Configuration        
    Finished checking Alternate Network Configuration        
    Group Policy Site Assignment key HKLM\Software\Microsoft\SMS\Mobile Client has changed, will attempt to re-assign the client.        
    Retrieved management point encryption info from AD.        
    Raising event:
    instance of CCM_CcmHttp_Status
    {
        ClientID = "GUID:FFFA1BBF-AC13-4C5B-A52B-19EADBCE4056";
        DateTime = "20140605004018.239000+000";
        HostName = "MYHQKUL990708S.SD.com";
        HRESULT = "0x00000000";
        ProcessID = 3856;
        StatusCode = 0;
        ThreadID = 4788;
    };
            6/5/2014 8:40:18 AM    4788 (0x12B4)
    Executing Task LSRefreshDefaultMPTask        
    Executing Task LSTimeOutRequestsTask        
    Attempting to retrieve lookup MP(s) from AD        
    Refreshing security settings over AD        
    The MP name retrieved is 'MYHQKUL990708S.SD.com' with version '7804' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>'        
    MP 'MYHQKUL990708S.SD.com' is compatible        
    Refreshed security settings over AD        
    Current AD forest name is sdb.com, domain name is SD.com        
    Lookup Management Points from AD:        
    Name: 'MYHQKUL990708S.SD.com' HTTPS: 'N' ForestTrust: 'N'        
    Retrieved lookup MP(s) from AD        
    No security settings update detected.        
    Default Management Points from AD:        
    Name: 'MYHQKUL990708S.SD.com' HTTPS: 'N' ForestTrust: 'N'        
    Persisting the default management points in WMI        
    Current AD forest name is sdb.com, domain name is SD.com        
    Current AD site of machine is SG-MT-PPS-1        
    Current AD forest name is sdb.com, domain name is SD.com        
    Begin checking Alternate Network Configuration        
    Finished checking Alternate Network Configuration        
    Executing Task LSRefreshLocationsTask        
    Default Management Points from MP:        
    Name: 'MYHQKUL990708S.SD.com' HTTPS: 'N' ForestTrust: 'Y'        
    Current AD forest name is sdb.com, domain name is SD.com        
    Persisted Default Management Point Locations locally        
    Current AD site of machine is SG-MT-PPS-1        
    Current AD forest name is sdb.com, domain name is SD.com        
    Begin checking Alternate Network Configuration        
    Finished checking Alternate Network Configuration        
    Retrieved proxy management point authentication info from AD.        
    Proxy Management Points from assigned MP:        
    Name: 'SGHQSDC990029S.SD.com' HTTPS: 'N' ForestTrust: 'Y'        
    Current AD forest name is sdb.com, domain name is SD.com        
    Attempting to retrieve local MPs from the assigned MP        
    Current AD site of machine is SG-MT-PPS-1        
    Current AD forest name is sdb.com, domain name is SD.com        
    Begin checking Alternate Network Configuration        
    Finished checking Alternate Network Configuration

    Client2 (LocationServices.log):

    1 proxy MP errors in the last 10 minutes, threshold is 5.        
    Executing Task LSRefreshLocationsTask        
    Executing Task LSSiteRoleCycleTask        
    1 assigned MP errors in the last 10 minutes, threshold is 5.        
    Executing Task LSRefreshDefaultMPTask        
    The MP name retrieved is 'MYHQKUL990708S.SD.com' with version '7804' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>'        
    MP 'MYHQKUL990708S.SD.com' is compatible        
    Refreshed security settings over AD        
    No security settings update detected.        
    Attempting to retrieve lookup MP(s) from AD        
    Lookup Management Points from AD:        
    Name: 'MYHQKUL990708S.SD.com' HTTPS: 'N' ForestTrust: 'N'        
    Retrieved lookup MP(s) from AD        
    Default Management Points from AD:        
    Name: 'MYHQKUL990708S.SD.com' HTTPS: 'N' ForestTrust: 'N'        
    Persisting the default management points in WMI        
    Current AD site of machine is SG-MT-Vantage-1        
    Executing Task LSRefreshLocationsTask        
    Default Management Points from MP:        
    Name: 'MYHQKUL990708S.SD.com' HTTPS: 'N' ForestTrust: 'Y'        
    Persisted Default Management Point Locations locally        
    Current AD site of machine is SG-MT-Vantage-1        
    Retrieved proxy management point authentication info from AD.        
    Proxy Management Points from assigned MP:        
    Name: 'SGHQSDC990029S.SD.com' HTTPS: 'N' ForestTrust: 'Y'        
    Attempting to retrieve local MPs from the assigned MP        
    Current AD site of machine is SG-MT-Vantage-1        
    Local Management Points from assigned MP:        
    Name: 'SGHQSDC990029S.SD.com' HTTPS: 'N' ForestTrust: 'Y'        
    Refreshing the Management Point List for site P01        
    Retrieved management point encryption info from AD.        
    Raising event:
    instance of CCM_CcmHttp_Status
    {
        ClientID = "GUID:4B3FBFA1-A59D-44B8-8B4B-C4783F4356B1";
        DateTime = "20140604120615.785000+000";
        HostName = "SGHQSDC990029S.SD.com";
        HRESULT = "0x00000000";
        ProcessID = 5676;
        StatusCode = 0;
        ThreadID = 9288;
    };
            
    Refreshing trusted key information        
    Refreshed Root Site Code from AD        
    Attempting to refresh TRK from AD        
    Failed to get TRK from AD        
    [CCMHTTP] ERROR: URL=http://MYHQKUL990708S.SD.com/SMS_MP/.sms_aut?MPKEYINFORMATIONEX, Port=80, Options=224, Code=12002, Text=ERROR_WINHTTP_TIMEOUT        
    Raising event:
    instance of CCM_CcmHttp_Status
    {
        ClientID = "GUID:4B3FBFA1-A59D-44B8-8B4B-C4783F4356B1";
        DateTime = "20140604120646.223000+000";
        HostName = "MYHQKUL990708S.SD.com";
        HRESULT = "0x80072ee2";
        ProcessID = 5676;
        StatusCode = 200;
        ThreadID = 9288;
    };
            
    Successfully sent location services HTTP failure message.        
    Executing Task LSSiteRoleCycleTask        
    MP MYHQKUL990708S capability is not available        
    Raising event:
    instance of CCM_CcmHttp_Status
    {
        ClientID = "GUID:4B3FBFA1-A59D-44B8-8B4B-C4783F4356B1";
        DateTime = "20140604120652.556000+000";
        HostName = "MYHQKUL990708S";
        HRESULT = "0x00000000";
        ProcessID = 5676;
        StatusCode = 0;
        ThreadID = 9288;
    };
            
    Persisting the management point authentication information in WMI        
    Persisted Management Point Authentication Information locally        
    Current AD site of machine is SG-MT-Vantage-1        
    1 assigned MP errors in the last 10 minutes, threshold is 5.        
    Current AD site of machine is SG-MT-Vantage-1        
    Retrieved management point encryption info from AD.        SD
    Updated FSP 'MYHQKUL990708S.SD.com' from AD to local.        
    Updating portal information.        
    Raising event:
    instance of CCM_CcmHttp_Status
    {
        ClientID = "GUID:4B3FBFA1-A59D-44B8-8B4B-C4783F4356B1";
        DateTime = "20140604120705.002000+000";
        HostName = "MYHQKUL990708S.SD.com";
        HRESULT = "0x00000000";
        ProcessID = 5676;
        StatusCode = 0;
        ThreadID = 9468;
    };
            
    Executing Task LSSiteRoleCycleTask        
    1 proxy MP errors in the last 10 minutes, threshold is 5.        
    Received reply of type PortalCertificateReply        
    The reply from location manager contains 1 certificates        
    Updating portal certificates        
    Successfully created context from the raw certificate.       

    Is there any logs that i need to check?

    Thanks.

    Thursday, June 5, 2014 7:19 AM
  • I think, it's getting assigned to proxy management point at SGP location. Isn't it? That is expected behaviour. Sorry please let me know the exact concern about MP selection.

    As I've mentioned in the blog post, you can check ClientLocation.log also to get more details about MP rotation. 


    Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM

    Thursday, June 5, 2014 7:30 AM
  • Hi Anoop,

    I have check both the clients, you are correct the 2 clients are currently connected to Proxy Management point of SGP. But how come, the clients are still using the MP of the Primary Server instead of the Secondary MP? 

    The concern here, is that IT Manager from Singapore wants to prevent direct communication of all singapore clients in the Primary Server here in Malaysia. That's why he is always blaming SCCM for causing the traffic.

    I know its impossible to that, unless the Secondary Site server in Singapore will be upgraded to a Primary Site Server dedicated to that site and point all Singaporean Clients on that server. 

    Any insights will much be appreciated. 

    Thanks.

    Thursday, June 5, 2014 8:52 AM
  • First you should find out what exactly is causing so much traffic. Client <--> MP traffic usually doesn't hurt because the amount of data transferred is very low.

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, June 5, 2014 9:17 AM