James,
You don't want to use a GPO to configure the SUP at all on 2007 or 2012. The ConfigMgr client uses local Group Policy to set this. If the internal clients were not installed as Internet clients, then they should not be receiving the address for the Internet-based Software Update Point. What command line did you use to install the internal (intranet) clients? http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_InternetSUP Cheers, Trevor Sullivan <javascript:void(0)> Internet-Based Software Update Point The Internet-based software update point accepts communication from client computers on the Internet. You can create the Internet-based software update point only when the active software update point is not configured to accept communication from client computers on the Internet. You must install the Internet-based software update point on a site system that is remote from the site server, located in a perimeter network, and accessible to Internet-based client computers. The Internet-based software update point synchronizes with the active software update point at the same site by default. When the Internet-based software update point is disconnected from the active software update point, you can manually synchronize software updates by using the export and import process. For more information, see the <http://technet.microsoft.com/en-us/library/912bfec1-fd19-4f56-a840-4ecd643c 541b#SyncDisconnected> Synchronize Software Updates from a Disconnected Software Update Point section in this topic. From: [email protected] [mailto:[email protected]] On Behalf Of Beardsley, James Sent: Tuesday, March 4, 2014 1:29 PM To: [email protected] Subject: [mssms] Clients incorrectly looking to DMZ SUP I have a SUP internally and then a DMZ SUP that is configured to use the internal SUP as its sync source. I'm coming across PC's that are on the internal network where both the WUServer regkey and the WUAHandler log are pointing to the DMZ SUP (and failing) instead of the internal SUP. What could be causing that? In CM07, I had a GPO that configured the server but when I migrated to 2012, I was under the impression that a GPO wasn't required any longer. I thought about putting the GPO back in place but by forcing all clients to look to the internal SUP, the external clients wouldn't be able to access it for software updates. So I'm trying to figure out where the mix-up is happening that is causing some clients on internal subnets to look to the DMZ SUP for its SU's. Is it based on boundaries? Do I have a boundary configuration issue? Thanks, James _____ IRS Compliance: Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties imposed under the Internal Revenue Code or applicable state or local tax law or (ii) promoting, marketing, or recommending to another party any transaction or matter addressed herein. _____ Confidentiality Notice: This e-mail is intended only for the addressee named above. It contains information that is privileged, confidential or otherwise protected from use and disclosure. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, or dissemination of this transmission, or taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please reply to the sender listed above immediately and permanently delete this message from your inbox. Thank you for your cooperation.
