Category Archives: Management Point

Preferred Management Points

So, Config Manager version 5.00.8239.1000 is upon us. I wasn’t too excited about this, till I realised that you can now treat Management Points in the same way as Distribution Points for preferred Content Access.

It’s a very straight forward task, assuming you already have your boundaries configured. Personally, I already had all my Management Point and Distribution Point servers assigned to an AD site boundary, and set for FAST or SLOW accordingly.

Continue reading

Advertisements

Preferred Distribution Points

If you have a site distributed over a wide geographical area, you might find that you have problems with how clients retrieve their content. We had a situation to which I alluded here, namely a remote site downloading all its Config Manager data over a throttled WAN link.

Frankly, yuck.

Anyway as promised, I thought I’d put my thoughts into a blog relating to content access and remote sites.

My site already had two boundaries set. One for the main Config Manager geographical location (we’ll call it SCCM_Boundary1), and another for location elsewhere¬† in the United Kingdom (SCCM_Boundary2). These geographical locations are defined in AD as AD sites, so we’ll call them AD_Site1 (main) and AD_Site2 (remote) for ease here.

Continue reading

Deploying A New MP – Error 4957

So I finally managed to get a server deployed to a remote site, connected via a throttled WAN link. It only took three years or political style lobbying, before it was agreed that two or three hundred people pulling their monthly software updates down a capped WAN link probably needed to be changed.

I gleefully fell upon my server, and dived straight in. Admittedly this was a mistake. I haven’t setup a Management or Distribution Point for some time, and I had forgotten a couple of key points.

Namely pre-requisites, but they’re boring, right?

I dived in, just about remembered how to sort the web server certificate and the distribution point full private key; IIS was installed with the same options as per the existing Management Points. What could now go wrong? I sat back and basked in my all-encompassing glory.

Of course it didn’t work though. Now yes, Config Manager loves to chuck out errors the first time it does something, but when you’re still getting those errors an hour later, you’ve derped something.

Honestly boss, I've got this.

Honestly boss, I’ve got this.

Continue reading

Internet Facing Management Point

I’ve already covered the certificate creation, and use for the intranet web servers. This post is about setting up the Management Point on an existing server and configuring the Site System for internet access.

I have already requested the internet FQDN to be registered on a public DNS, and had port 443 opened on the firewall.

I requested the certificate and configured the SANs for both DNS internet and intranet FQDNs, like so:

Herping your certificate derp.

Herping your certificate derp.

I bound this to the IIS default website as HTTPS port 443. Easy!

Next up, I installed the Management Point (MP) role. Whilst i was on, I set the internet FQDN and configured it for both internet and intranet traffic; it is absolutely imperative that the specified internet FQN matches:

  • Publicly registered DNS name
  • The SAN specified on the certificate

Now I configured the MP for HTTPS and let it install. The server already acts as a Distribution Point (DP), so I didn’t need to adjust anything else in IIS in terms of features or roles.

However the SMS_MP_CONTROL MANAGER component started reporting errors. I drilled into the logs and found the following error “MP Control Manager detected management point is not responding to HTTP requests”.

Why must you taunt me?

Why must you taunt me?

I did some googling, but I couldn’t anything specific. It’s seemingly one of those generic codes… For some reason, I hit on the idea of adding the certificate I created for Config Manager clients, as the error in the logs did reference authentication. I gave the SMS_Executive a kick, and voil√°:

Swwwwweeeet!

Swwwwweeeet!

…and now the MP is happy and running with SSL enabled. It’s communicating on port 443 with code 200.