[mssms] RE: Running SCCM 2012 R2 HTTP clients in a HTTPS environment

[Jason Sandys]

Correct (although you don't have a secondary site for external users, you have 
an additional site system that is configured to handle internet traffic and 
clients).

If you have IBCM enabled and working, why wouldn't you just deploy client auth 
certs to your internal systems also so that could be managed if/when they roam 
off the internal network?

J

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Iacaruso, Mike
Sent: Friday, November 15, 2013 3:31 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Running SCCM 2012 R2 HTTP clients in a HTTPS environment

Understood, but I will have to add and additional server with the MP role in 
order to add HTTP communications. I currently have one site that has a primary 
site server that has all of the roles needed.  This is configured with a MP and 
DP that is HTTPS.  A secondary site for external users that is a MP/DP also 
setup with HTTPS.  So in order to have internal systems (domain network) that 
have no PKI cert installed to communicate with the site I need to add a new 
server that has a MP role communicating as HTTP?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mark Mears
Sent: Friday, November 15, 2013 4:21 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Running SCCM 2012 R2 HTTP clients in a HTTPS environment

You don't need to set up a new "site server" just a server with an MP role 
using HTTP only at the same site.  In CM12 you can have multiple MPs per site.

Thanks,
________________________________


Mark Mears
mark.me...@cireson.com<mailto:mark.me...@cireson.com%0d>
Phone: (757) 945-2651


[cid:image001.png@01CEAC8E.61A72300]<http://www.cireson.com/>


[cid:image002.jpg@01CEAC8E.61A72300]<http://twitter.com/teamcireson>  Check out 
our System Center App Store: www.cireson.com/app-store


________________________________



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Iacaruso, Mike
Sent: Friday, November 15, 2013 4:14 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Running SCCM 2012 R2 HTTP clients in a HTTPS environment

I am getting conflicting information from consultants and need to clarify.  In 
order to offer HTTP within the environment, I need to standup an additional 
site server and make that MP communicate HTTP, is that correct?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Friday, November 15, 2013 12:50 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Running SCCM 2012 R2 HTTP clients in a HTTPS environment

To work properly, correct.

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Iacaruso, Mike
Sent: Friday, November 15, 2013 11:43 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Running SCCM 2012 R2 HTTP clients in a HTTPS environment

So Jason with one MP set to HTTPS for client connections every system needs a 
client cert?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Friday, November 15, 2013 11:12 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Running SCCM 2012 R2 HTTP clients in a HTTPS environment

*nix management does *not* require HTTPS client communication. OSX does though.

Each client centric site role - MP, DP, SUP - can only communicate using either 
HTTPS *or* HTTP. Thus, if you only set up a single set of systems hosting these 
roles using HTTPS to support the OSX systems, then yes, every managed client 
will require a unique client auth cert. You can however, as eluded to, set up a 
second set of these systems that listen on HTTP. Clients will then choose the 
proper site system to communicate with based upon the presence of a client auth 
cert.

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Iacaruso, Mike
Sent: Friday, November 15, 2013 10:05 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Running SCCM 2012 R2 HTTP clients in a HTTPS environment

I am setting up our new SCCM 2012 R2 environment and have enabled HTTPS 
communications and configured certificates due to the Mac and Linux client 
requirement we have.  With this configured do all Windows systems need a 
certificate to communicate with the MP and DP?  I thought Windows systems can 
communicate with either HTTP or HTTPS.  Right now the only way to get Windows 
clients installed and communicating is by requesting and enrolling the Windows 
PKI cert.

Mike Iacaruso
Enterprise Desktop Engineer
Office of Technology Services
Towson University
410-704-3965
miacar...@towson.edu<mailto:miacar...@towson.edu>

<<inline: image001.png>>

<<inline: image002.jpg>>