ConfigMgr2012 SP2 /R2SP1: Preferred Management Points configuration and Secondary Sites


Today’s blog post is about a new option available in ConfigMgr 2012 SP2 / R2 SP1 to assign a Preferred Management Point in boundary groups. Before SP2 /R2 SP1, we had an option to install multiple management points in a primary site and one MP in a Secondary Site (Allowed only on Secondary Site Server). The MP selection was always in a specific order.

  • HTTPS Management Points in a Site.

  • Same Active Directory Forest

  • HTTP Managements

There is no control to let client machines communicate to a specific Management Point. Also multiple Management points were available for Fault Tolerance and could not be used Load Balancing.

Kind of not useful right? Yes. Now that's changed.

After lot of requests from customers around the globe, now a new feature has been added in SP2 / R2SP1, to assign Management Points to a Boundary group.

You can find more details about the feature documented in TechNet below.

https://technet.microsoft.com/en-us/ec3bae17-9b97-42d0-9c23-f634a3665606#BKMK_PreferredMP

To make the clients to choose their Preferred Management Points assigned to their respective boundary groups, you must configure the option below in Hierarchy Settings.

“In the Configuration Manager console, click Administration > Site Configuration > Sites > Hierarchy Settings. Then, on the General tab of the Hierarchy Settings, select Clients prefer to use management points specified in boundary groups.”

Hold on. Here is the catch. Whatever information provided above is applicable for the Assigned Sites which is Primary Sites.

Then what about secondary sites?

For Secondary Sites, the Assigned Site is always its Parent Primary Site. Then how it affects the Secondary Site clients?

Let us see with an example scenario.

Hierarchy:

=========

Central Admin Site: CAS

Primary Site: PR1

Site Server: Primary.contoso.com

Management Point: Primary.contoso.com, MP01.contoso.com 

Boundary Group 01 – with Primary.contoso.com

Boundary Group 02 – With MP01.contoso.com

Client 01 – Falls under Boundary Group 01

Client 02 – Falls under Boundary Group 02

Secondary Site: S01

Site Server & Management Point & DP: Secondary.contoso.com

Sec-BoundaryGroup 01 – with Secondary.contoso.com as MP and DP

Sec-BoundaryGroup02 – No MPs added (We have a DP added for Content Location)

Client 03 – Falls in Sec-BoundaryGroup 01

Client 04 – Falls in Sec-BoundaryGroup 02

Hierarchy setting: “Clients prefer to use management points specified in boundary groups” is selected.

 

With the above configured hierarchy, here's what the result would look like:

 

Client 01 Selects the Primary.contoso.com MP for communications.

Client 02 Selects the MP01.contoso.com for communications.

Client 03 Selects the Secondry.contoso.com for communications.

Client 04 Selects Primary.contoso.com (Assigned MP) for communications.

 

Client 04 is in Secondary Site boundary and how can it communicates with Primary MP. Correct. It should not. As per TechNet, the Preferred MP configuration in Boundary Group and the Hierarchy Setting “Clients prefer to use management points specified in boundary groups” affect the Assigned Site.

 

Here is the conclusion:

Irrespective of the option “Clients prefer to use management points specified in boundary groups” is selected or not selected, If the hierarchy contains a Secondary Site with multiple Boundary Groups associated with it for site assignment, each Boundary Group “MUST” have the Management Point of that Secondary Site is added.

A concern might arise here. In a secondary Site, we cannot have more than one MP and it can only be installed on the Site Server. We also have the DP role installed during the Site Installation.

So as per the above conclusion, if we add the Secondary MP (DP too) to multiple boundary groups assigned to a Secondary Site and when the client (Client 04 from above example) sends a content location request (Packages or Applications or Updates), it will receive the Location of both MP (DP ) and Local DPs added to the Boundary Group.

So when we add the Secondary Site MP to the remote Boundary Groups, mark it as “Slow” and the clients will see them as “Remote”. Until a specific deployment allows clients to download content from “Slow” Distribution Points, the clients wouldn't download the content from the DP marked as Remote.

 

Senthilkumar Pandurangan

Support Escalation Engineer | Microsoft System Center Configuration Manager

 

Disclaimer: This posting is provided "AS IS" with no warranties and confers no rights

Comments (2)

  1. Oswin says:

    Good Info

  2. ebru says:

    I have a primary SCCM site 2012 r2 SP1 CU2. My primary site in North America and I have several DP’s associated with IP range boundary groups . DPs are located all around the Europe and South America . This setting works well.
    I have tried to implement multiple preferred MP’s on SCCM primary site. I have installed MP role on one of the remote sites in Europe to a DP site system.
    Although I have used the option "Clients prefer to use management points specified in boundary groups" client randomly selects the Management point over remote locations. Correct IP range Boundary groups are assigned to the DP and MP.
    After implementation SCCM client all over the world start using the added MP randomly even though they are not in IP subnet range.
    Microsoft recommends to use AD boundaries instead of IP range but I am hesitant to switch to that because the reading on internet about not locating DP properly -particularly in OS deployment.
    If you can shed so light that would be great.

Skip to main content