Client can't find its Management point

Having a site configuration with several MP's, a few in untrusted forest can be a challenge.
Especially combined with complex and firewall micro segmented network.

We had an issues with clients, that couln't find the correct MP during OSD and application delployment.  This resultet in time-out errors, causing the installation to fail.
The locationservice.log showed that the agent tried the entire MP list. one by one until it finally came to one it was able to communicate with.

We talked about setting a static reg key allowedMP like Annop also explains in his blog post below.
https://www.anoopcnair.com/sccm-mp-rotation-issue-sup-rotation-fix/

Setting the AllowedMP will enforce an agent always to communicate with the the MP in the registry, but it will at the same time remove the flexibility build in the agent.

So we decided a mixed solution.

First step was to solve the timeout issue during OSD.

  1. Set allowedMP in the begining of the OSD TS
  2. Remove allowedMP at the end of the OSD TS.
This solved the timeout issues installing applications during OSD

Next step was to solve the problem with agent suffling around MP, during normal application deployments.

Example:
A boundary is configured as a x.x.x.255 but it was actually a x.x.x.252
This misconfiguration resultet in agents not being able to locate the correct MP, as some fall outside the boundary configuration.


Overview:  How an agent finds the correct MP:
  1. MP1 and MP2 is member off a boundary group
  2. Boundary belong to boundary group
  3. Agent has an IP in boundary
  4. Agents gets MP list (MP1 og MP2) from boundary group
  5. Agents without boundary, wrong boundary or old agents. will receive the full MP list and suffles around till it finds the correct one to communicate with.





Monitor agents with "bad boundary" definitions.

We are corrently looking into a method to monitor agents, that receives the full MP list.
I will update the blog with info, when we're ready.

Comments

  1. If you want to know how to perform Windows Office 365 download, then follow these instructions. Open your browser and enter Office.com in the search bar. Once you visit the Office home page, log in to your account. Next, buy a Microsoft Office 365 subscription. Then, go back to the Office home page, click Install Office. Now, download and run the .exe file on your Windows. Go along with the on-screen guidelines to finish the installation of Office 365. Once installed, activate Office 365 by logging in to one of the apps and agreeing to the license agreement.

    ReplyDelete

Post a Comment

Popular posts from this blog

SCCM CB Monitoring | Deployment Reporting using SQL

PXEboot and DHCP option 82