Active Directory Site Boundaries are “static”

Active Directory sites are the easiest way of defining ConfigMgr site boundaries, because they are based on physical segments. BUT besides that, you have to keep in mind that they are also static in two different ways: All the different subnets have to be manually included and configured in the Active Directory sites. Once an Active Directory Site Name is selected as an ConfigMgr Site Boundary, ConfigMgr will check on the selected Site Name. Even when you rename the Active Directory site! For more information about site boundaries:

How a client chooses a Distribution Point

Lately I get and see a lot of situations like this… Question: I created an extra Distribution Point (DP) on a remote location, but the clients on the remote location are still connecting to the standard DP. Why are these clients not connecting to their local DP? Answer: When there are more DP’s in the same site and/or boundary, by default, the client will first connect to the DP with BITS enabled and not the closest one. If you want the clients to connect to their local DP, you have to make the DP protected. …So I thought it might be handy to write in a few short steps how this process works. Step From Action 1 Client Sends a content location request to its …

Read more

Certificates needed for Native Mode

The biggest problem, for me, with Native Mode were all the certificates that were needed. That’s why I created an table for myself with the basic certificates that are needed for Native Mode and where to add them. The “Where to add” column is based on Windows Server 2008. ConfigMgr Component Use Where to add Primary Site Server Document Signing ConfigMgr > Site Management > Site Database > Properties Primary Site > Tab Site Mode Management Point, Proxy Management Point, Distribution Point, Software Update Point en (State Migration Point) Server Authentication (Web Server Template) IIS > -Right-click- Sites > Edit Bindings > HTTPS -Edit- Client computers Client Authentication (Computer Template) GPO > Policies > Computer Configuration > Windows Settings > Security Settings > Public Key …

Read more

Rename your ConfigMgr Primary Site

Once you have installed your ConfigMgr Primary Site it is not possible to change the name of your Primary Site. At least not through the console… But what if you made a mistake or your company changes it’s naming conventions?? Well there is one way to change it. First off all stop the SMS_EXECUTIVE Service. After that open the site control file (<Installation directory>\Microsoft Configuration Manager\inboxes\\Sitectrl.ct0) and search for BEGIN_SITE_DEFINITION. Close to that you will find your Primary Site name and you can change it (do not change anything else!!). After this save the file and start the SMS_EXECUTIVE Service again. Then after a few site refreshes your Primary Site name wil be changed. In some cases it could be possible that you also have …

Read more

ConfigMgr Backup in combination with WSUS

I noticed that the scheduled backup of ConfigMgr can conflict with the installation of WSUS. When you have WSUS 3.0 SP1 installed on the same machine as your ConfigMgr Site you can, at random occassions, get problems with your WSUS installation. This is what happens: During the execution of the ConfigMgr Backup it does some kind of a healthcheck. When it then notices that the SUP/WSUS is not responding good it will try to do an repair action of WSUS. At this point the problem starts, bacause the installer of WSUS 3.0 SP1 doesn’t have a repair function, so WSUS will get uninstalled… After this has happened you can get errors like “Sync failed: WSUS server not configured. Source: CWSyncMgr::DoSync SMS_WSUS_SYNC_MANAGER” in the ConfigMgr Site Status. …

Read more