PENDING Issue with multiple domains and MPs

[JimmyWoah]

Hello everyone,
I am experiencing an issue with the configuration of management points in our SCCM environment.
Below are the details of our configuration and the specific problem we are facing:

• Primary Site: MP1.domain1.com
• Domains:
  • domain1.com
  • domain2.com
  • domain3.com
• Management Points:
  • MP1.domain1.com (for domain1.com)
  • MP2.domain2.com (for domain2.com)
  • MP3.domain3.com (for domain3.com)

Despite the boundary groups being configured correctly, clients in the domain2.com and domain3.com domain continue to connect to the management point MP1.domain1.com
instead of MP2.domain2.com and MP3.domain3.com.

The AD scheme is extended in all these domains, and in the SCCM console under Sites/Configure Site Components/Management Point i have this settings:


During OSD in domain1.com i see this in smsts.log:

The clients contacting MP1.domain1.com and receive the list of all other MP and randomly try to use all of them.
In this case is trying to use MP2.domain2.com and it fails and then try to use another one until it can use MP1.domain1.com
This step is when during OSD the client is trying to receive the list of available task sequences.
To avoid this, i can only unflag the unnecessary MP from here:


And during OSD in domain1.com i can see what I want:


Unfortunately in domain2.com i see the client contacting his MP2.domain2.com and then use MP1.domain1.com:

The OSD can continue also with this MP, and I assume this is because the MP1 is also the primary site and the clients in domain2 can reach it.

I want every domain uses his MP, can you help me please?
Even after OSD, in LocationService.log the clients from domain2.com and domain3.com use the MP1.domain1.com and it works just because this MP is also the site.

 

[JimmyWoah]

I also noticed in AD under System/System Management I see:
MP2.domain2.com
MP1.domain1.com
MP3.domain3.com

MP1.domain1.com has the MSSMSDefaultMP attribute set "true" in all domains.

 

[Garth]

Exactly what boundaries are you using? Why do you care that clients talk to the other MPs? ConfigMgr doesn't care about AD layouts. so...

 

[JimmyWoah]

Exactly what boundaries are you using? Why do you care that clients talk to the other MPs? ConfigMgr doesn't care about AD layouts. so...

I use IP rage boundaries.
And I need clients in domain1 talk with the MP in domain1, not with the MP in domain2.

 

[Garth]

I use IP rage boundaries.
And I need clients in domain1 talk with the MP in domain1, not with the MP in domain2.

OK but exactly why can't a client from one domain talk to an MP in another? Are you sure that their is no overlapping boundaries?

 

[JimmyWoah]

OK but exactly why can't a client from one domain talk to an MP in another? Are you sure that their is no overlapping boundaries?

Uhm, I'm sorry Gath but I don't get your question. Why should a client talk with another MP in another domain when he has a MP in his domain?
However I can assure boundaries are ok: I have flagged the option "Clients prefer to use management points specified in boundary groups" and the Site System server option in Boundary Group contains his Management Point.

 

[Garth]

Uhm, I'm sorry Gath but I don't get your question. Why should a client talk with another MP in another domain when he has a MP in his domain?
However I can assure boundaries are ok: I have flagged the option "Clients prefer to use management points specified in boundary groups" and the Site System server option in Boundary Group contains his Management Point.

ConfigMgr per se doesn't care about domains. Therefore there is zero reasons to prevent clients from one domain talking to MP is another domain. So why are you putting any effort into preventing client from using any MP?

The amount of traffic between an MP and client is minimal at best. Now if the question if DP then that is a different story. And it will likely comeback that your boundaries are not right. The client side logs will tell you for sure.

 

[JimmyWoah]

ConfigMgr per se doesn't care about domains. Therefore there is zero reasons to prevent clients from one domain talking to MP is another domain. So why are you putting any effort into preventing client from using any MP?

The amount of traffic between an MP and client is minimal at best. Now if the question if DP then that is a different story. And it will likely comeback that your boundaries are not right. The client side logs will tell you for sure.

LocationServices.log says:



and this is because I unflagged the MP2.domain2.com in Management Point Component properties in SCCM console. Even if I set the regkey AllowedMPs with MP2.domain2.com, it talk with MP1.domain1.com

But if I flag all the MPs in Management Point Component properties in SCCM console:

1. the clients in domain1 try to talk randomly with all published MPs and they fail until they can reach his MP1.domain1.com. This also means it takes several minutes to get the task sequences list.
2. the clients in domain2 can talk with MPs in domain1 (because it is also the Site server and they can reach it) and also with his MP in domain2

That's why i would like all clients talk with their MP in their own domain.