ConfigMgr2012 SP2 /R2SP1: Preferred Management Points configuration and Secondary Sites
Today’s blog post is about a new option available in ConfigMgr 2012 SP2 / R2 SP1 to assign a Preferred Management Point in boundary groups. Before SP2 /R2 SP1, we had an option to install multiple management points in a primary site and one MP in a Secondary Site (Allowed only on Secondary Site Server). The MP selection was always in a specific order.
HTTPS Management Points in a Site.
Same Active Directory Forest
There is no control to let client machines communicate to a specific Management Point. Also multiple Management points were available for Fault Tolerance and could not be used Load Balancing.
Kind of not useful right? Yes. Now that's changed.
After lot of requests from customers around the globe, now a new feature has been added in SP2 / R2SP1, to assign Management Points to a Boundary group.
You can find more details about the feature documented in TechNet below.
To make the clients to choose their Preferred Management Points assigned to their respective boundary groups, you must configure the option below in Hierarchy Settings.
“In the Configuration Manager console, click Administration > Site Configuration > Sites > Hierarchy Settings. Then, on the General tab of the Hierarchy Settings, select Clients prefer to use management points specified in boundary groups.”
Hold on. Here is the catch. Whatever information provided above is applicable for the Assigned Sites which is Primary Sites.
Then what about secondary sites?
For Secondary Sites, the Assigned Site is always its Parent Primary Site. Then how it affects the Secondary Site clients?
Let us see with an example scenario.
Central Admin Site: CAS
Primary Site: PR1
Site Server: Primary.contoso.com
Management Point: Primary.contoso.com, MP01.contoso.com
Boundary Group 01 – with Primary.contoso.com
Boundary Group 02 – With MP01.contoso.com
Client 01 – Falls under Boundary Group 01
Client 02 – Falls under Boundary Group 02
Secondary Site: S01
Site Server & Management Point & DP: Secondary.contoso.com
Sec-BoundaryGroup 01 – with Secondary.contoso.com as MP and DP
Sec-BoundaryGroup02 – No MPs added (We have a DP added for Content Location)
Client 03 – Falls in Sec-BoundaryGroup 01
Client 04 - Falls in Sec-BoundaryGroup 02
Hierarchy setting: “Clients prefer to use management points specified in boundary groups” is selected.
With the above configured hierarchy, here's what the result would look like:
Client 01 Selects the Primary.contoso.com MP for communications.
Client 02 Selects the MP01.contoso.com for communications.
Client 03 Selects the Secondry.contoso.com for communications.
Client 04 Selects Primary.contoso.com (Assigned MP) for communications.
Client 04 is in Secondary Site boundary and how can it communicates with Primary MP. Correct. It should not. As per TechNet, the Preferred MP configuration in Boundary Group and the Hierarchy Setting “Clients prefer to use management points specified in boundary groups” affect the Assigned Site.
Here is the conclusion:
Irrespective of the option “Clients prefer to use management points specified in boundary groups” is selected or not selected, If the hierarchy contains a Secondary Site with multiple Boundary Groups associated with it for site assignment, each Boundary Group “MUST” have the Management Point of that Secondary Site is added.
A concern might arise here. In a secondary Site, we cannot have more than one MP and it can only be installed on the Site Server. We also have the DP role installed during the Site Installation.
So as per the above conclusion, if we add the Secondary MP (DP too) to multiple boundary groups assigned to a Secondary Site and when the client (Client 04 from above example) sends a content location request (Packages or Applications or Updates), it will receive the Location of both MP (DP ) and Local DPs added to the Boundary Group.
So when we add the Secondary Site MP to the remote Boundary Groups, mark it as “Slow” and the clients will see them as “Remote”. Until a specific deployment allows clients to download content from “Slow” Distribution Points, the clients wouldn't download the content from the DP marked as Remote.
Support Escalation Engineer | Microsoft System Center Configuration Manager
Disclaimer: This posting is provided "AS IS" with no warranties and confers no rights