PENDING two CMs figthing in the site production environmet

[Manuel]

Hi all

I have in a production environment with 2 configuration manager servers that are part of the domain

each one has its population of installed agents

Each agent points to different sites with 3 different coded characters both are primary configuration manager

for example ABC and the other site is DEF

If my technicians manually install the CM agent without parameters, take the CM that is closer or respond

If my technicians install it by console it goes with parameterization and leaves them pointing

It turns out that currently in reinstallations made with just double click the installer has pointed to other sites

then in the console of the ABC site you can see the computer and it takes remote control but we see it active

and when you go to the computer you see that the computer points to the DEF

What alternatives do I have to make sure that this does not happen?

besides reinstalling clear is

 

[Garth]

First you should fix your boundaries so that they don't overlap, as it is not supported to have overlapping boundaries like that.

Next there isn't a lot more that you can do. Why have two sites in the first place? Why not just one?

 

[Manuel]

I totally agree with you in fixing my boundaries and avoiding this overlapping.

There is two configuration manager servers because one of them has several issues so my technical guy decided to deployed a new one and its CM agents will be deployed in July.

So my biggest concern appeared when I see that I can take remote control of a computer that has a CM agent installed and this cm agent is from the other site.

How can avoid it?, just fixing the boundaries, don’t you

I has a hunch that my technical guy just doble clicked the cm agent installer and did not use parameters to deploy it. So I think if he corrects this steps maybe it fix the remote control behavior.

 

[Edy]

Are you specifying MP and Site Code parameters when installing the client?
ccmsetup.exe /mp:SERVER SMSSITECODE=ABC/DEF

You can also create a script to uninstall and using the above command to resubscribe to the right site code.

Eg. Create a Package in Site DEF with a script to uninstall and reinstall client pointing to ABC.

Otherwise, use GPO to assign the Site Code of the clients to make all the same.

You need to turn off or clearly set up the boundaries so client knows which MP to connect to.

 

[Garth]

So my biggest concern appeared when I see that I can take remote control of a computer that has a CM agent installed and this cm agent is from the other site.

Why does this matter?

why are you not moving faster from one site to the other site? aka getting rid of the extra site?

 

[Manuel]

because the people who has to do it are too slow of doing it

So back to my question, do you know the reason for remte control did it?

I will lo check it again to get the reason

For now, I have several ways to check

 

[Garth]

if they have premission you can't prevent them from rc a computer.

 

[Manuel]

I understand what you said.

In addition, if they have any CM role allowing them to make any Support (remote control included)

 

[Edy]

I believe you can remote control because of the Network Discovery to find Computers in your Domain and import them to SCCM.

What about using the command that i wrote above to specify the MP to connect to.

 

[Manuel]

Hi Edy, that command I told them. and I suspect there would be a bunch of guys that maybe are no doing what need to do. I mean maybe they are not using using parameters

 

[Edy]

are you not using Task Sequence to image your computers?

 

[Manuel]

Not at all.

They prepared their computers using Acronis. I think

 

[Edy]

surely they can create a script to run in Acronis to install the SCCM Client. unless they are doing offline imaging...