Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, October 7, 2015 11:11 AM
Hi everyone.
we have SCCM 2012 R2 SP1 CU1
the topology is 1 Primary Site with all the roles, 3 management points and 10 distribution points.
we use the Clients prefer to use management point specified in boundary group which works great for clients.
we even use the AllowedMPs registry on clients just to make sure each client will go to it's closest and best management point without waiting for the clients to decide it independently.
from computers in the the primary site's boundary everything works as expected.
from other computers everything also works great but OS deployment.
when we boot a computer from another site to PXE and WinPE loads - the MP is always the wrong one! it doesn't respects the logics of the ConfigMgr's clients in terms of management points. and there we start to have all the problems regarding OS deployments.
I saw some workarounds that show how to start a script when the WinPE loads and edits the local hosts file to talk to the closest MPs IP based on gateway and stuff like that... very UGLY!
anyone else had the same issue?
hoping to find a nicer solution...
thanks
Tamir Levy
All replies (11)
Wednesday, October 28, 2015 1:00 AM ✅Answered
TS PXE clients always use the MP that the PXE server uses. This is done to ensure that the PXE server and PXE client are consistent in what they try to do.
Consider this scenario:
1. The client PXE boots. The PXE server talks to MP1 and determines that there is a TS policy for the client.
2. The client starts. It then talks to MP2 to ask for TS policies. MP2 replies with a cached information, and thinks that there is no TS policy for the client.
To avoid this confusion, the TS client simply goes to the same MP that the PXE server just used.
Note that the TS client is capable of looking for the correct MP based on boundaries. For that, you need to use a boot media and specify the dynamic MP option.
I can see that the SCCM PXE Server/client interaction right now is not optimal for your case. I suggest that you contact support and file a change request. I think you should at least have the option to override the current PXE behavior and perform a dynamic MP lookup.
Wednesday, October 7, 2015 1:07 PM
What kind of boundaries are you using?
Jason | http://blog.configmgrftw.com | @jasonsandys
Wednesday, October 7, 2015 1:31 PM
IP Ranges and AD Sites
all of them are members of boundary groups and each boundary group has its own management point \ distribution point under the site system servers list
Tamir Levy
Wednesday, October 7, 2015 1:56 PM | 1 vote
If MP affinity via boundary groups works in WinPE -- which I'm not sure it does at all -- it won't ever work with AD Sites as boundaries because WinPE is not joined to a domain and thus is not part of an AD site.
As mentioned though, I doubt MP Affinity works in WinPE.
"it doesn't respects the logics of the ConfigMgr's clients in terms of management points"
Yep, that's because in WinPE, it's not using the ConfigMgr client. It's using a scaled down version embedded in WinPE that may not have been updated to use MP affinity. You'll have to probably open a support case to confirm that though.
Other than doing something similar to manipulating the hosts like blocking the traffic via the Windows Firewall in WinPE, I can't think of a work-around though. Using site based media should work as it allows you to specify an MP (and DP) and is the only other plausible work-around I can think of.
Jason | http://blog.configmgrftw.com | @jasonsandys
Monday, October 26, 2015 10:27 PM
Hi Jason.
I appreciate your help,
if the supported answer from SCCM is that there is no possibility to locate the right MP Out-of-box - then there is no real answer here. :/ the workaround is not satisfying at all.
I guess we need to contact MS for a feature request
Tamir Levy
Wednesday, January 11, 2017 7:15 PM | 6 votes
I've said for the following 5 years that the way they implment MPs.
Exact Quote because it's en-grained in my skull.
"When using PXE, the client will default and use the MP that is assigned to the DP".
Sounds great right? WRONGGGGGGGGGGGGG
WELL HA HA HA, today is my day.
The issue you might ask?
Lets say you have a global infra, with multiple management points. And you name them like ADC (Asia Data Center), NDC (North American Data Center), EDC, (Euro Data Center), I can go on. You get the idea. I've worked at 2 diff places in 5 years and both companies named them the same, thus the issue follows me.
Why don't you go have a peak here at this reg key on the DP Site Server.
HKLM\SOFTWARE\Microsoft\SMS\DP
REG_SZ - ManagementPoints...
LOOK HARD.
it will be alphabetical order.
so if you use more than one MP and you have one called ADC...
GUESS WHAT? If your DP is assigned to the local closest MP the client doesn't care, it's going to go look at what this reg key contains. Which will be ADC in my case.
So all my clients from NDC are looking at ADC to verify checksums. YOU KNOW HOW LONG THAT TAKES????? How many connection issues you get? APAC to NDC!!!!
I changed the regkey and put only the MPs I wanted it to use for that region and it's FUCKING FLYING. I can load a Task Sequence with over 40GB of checksums and it finishes in 5 seconds, compared to 7+ mins looking at APAC.
I'm taking the rest of the day off work.
To verify yourself who your client is looking at:
PXE Boot as normal and pick a task sequence.
Hit F8. CMTrace.
Look at x:\windows\temp\smsts.log
In my case it was looking at ADC!!!!!!
5 YEARS!!!!
For compliance I just configured a ConfigItem and deployed it out to each regions DPs to set the key correctly. It's working great.
Thanks to some amazing weed I had this morning something told me to go look at regedit. I just did a find for the ADC and it was the 2nd result.
Tuesday, February 21, 2017 12:46 PM
Thank you! just tried to set preffered mp to first place without deletion of others - works fine.
Thursday, May 18, 2017 11:21 AM
Thanks geekusa,
I had the issuse with a Primary server and a MP/DP in another untrusted domain.
When OSD´ing a computer in the untrusted domain, 3,5 minute was spend for the computer to look for a policy at MPs it couldnt reach.
Cleaning out the unreacheable MPs in HKLM\SOFTWARE\Microsoft\SMS\DP solved the issue!
Monday, April 23, 2018 3:14 PM
This seems to have worked for us, but how do you keep Configman from changing the Key back to all MP's in it?<style></style>
Thursday, October 4, 2018 7:15 PM
@GeekUSA THANK YOU!!! This has been bothering me for a long time. Not five years, but a long time. In our case, it wasn't much of an issue since we have really good (and MUCH shorter) WAN links. That was until recently when SCCM decided to put one of our MP's that is behind a firewall to the top of the list. I think this happened when we upgraded to 1806 a month or so ago. That is about the time I noticed our PXE clients taking forever to pull down policy and generate the Task Sequence selection list.
Thanks again, I owe you a beer!
Thursday, August 22, 2019 10:38 AM
Thank you !!!!!!!!!!!!!! very Much
It worked like a charm. Long time with the same problem now it works beautifully thanks to you !!!!
:D :D :D