If you are using GPO to set the update server location, then it gets applied when you are on intranet over VPN. However, when Configmgr doesn't detect the intranet location during the lookup, it switches to internet. At this stage, wuahandler doesn't wait for a response from the Domain to validate the update server policy and simply skips the check and applies the CMG url for SUP location. Once the network state changes back to intranet, the check against the SUP location is not skipped anymore and the policy from GPO will take precedence. On a side note, don't apply the GPO for setting SUP location. Let ConfigMgr client settings do it for you.
SCCM Question with how Software Update scan works with CMG
Hi All
We have CMG in place. What i have noticed is that, when a machine is connected to the internet, SCCM picks this up and goes into Internet mode. Then after awhile, the local GPO policy "Specify intranet Microsoft update service location" gets changed from the onprem WSUS server location to CMG server.
Also the WUServer registry value will change to CMG as well.
So what happens when the machine is connected to companies VPN or back on company network.
Does the local GPO policy change back to the onprem WSUS server location automatically? (Lets assume there are no Domain GPO policies set to do this).
Thanks DM.
Microsoft Security | Intune | Configuration Manager | Other
2 answers
Sort by: Most helpful
-
-
Amandayou-MSFT 11,156 Reputation points
2021-12-23T06:45:29.43+00:00 Hi,
Haven't heard from you for some time, is Rahui's answer helpful to you? If it is helpful, please accept answer. It will make someone who has the similar issue easily find the answer.
If you have any other issues, please don't hesitate to let us know.
Thanks and have a nice day.
Best regards,
Amanda