No that LocationAware does not reach into OSD, only Full blown ConfigMgr Clients can be controlled.
I wish I could take it down into the OSD layer but MP control in OSD in a DMZ, essentially tricky, sensitive, it’s not running a full blown Client. From: [email protected] [mailto:[email protected]] On Behalf Of CE5AR.ABREG0 Sent: 04 July 2014 15:38 To: [email protected] Subject: Re: [mssms] CM 2012 Role in DMZ Daniel, We have encountered the same issue and have even filed a bug. In our situation, it was due to host 'naming convetion', meaning that when a boot client request policy, it will get the list of MPs in alphabetical order and choose the first alpha from the list. Also, in a case where that MP was not online or could not respond, imaging fails. This is true when selecting dynamic or static MPs on you boot image. In our environment we have 2 restricted areas and just happens for our luck to have the top names alphabetically on the list of available MPs. Cesar A. Meaning is NOT in words, but inside people! Dr. Myles Munroe My iPad takes half the blame for misspells. On Jul 4, 2014, at 6:33 AM, Daniel Ratliff <[email protected] <mailto:[email protected]> > wrote: This sounds exactly like a problem we encountered this week on a new boot image for OSD. HTTPS MPs in the dmz get the first request for policies but don't offer any up on our new WinPE 5.0 boot image for R2. We need the boot image to hit the internal MPs first, but it won't because the are only HTTP. Is our only option make all the MPs HTTPS? Or use Location Aware? -----Original Message----- From: [email protected] <mailto:[email protected]> [[email protected] <mailto:[email protected]> ] Sent: Friday, July 04, 2014 08:34 AM Eastern Standard Time To: [email protected] <mailto:[email protected]> Subject: RE: [mssms] CM 2012 Role in DMZ Ah, thanks for clarification Kim! JEFF CARREON From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kim Oppalfens Sent: Friday, July 04, 2014 8:27 AM To: [email protected] <mailto:[email protected]> Subject: RE: [mssms] CM 2012 Role in DMZ Nope, not in that situation, client mp selection is site aware, not boundary aware. What Rob said is accurate for multiple mp's in a single site, as could be the case for a dmz mp. Sent from my Windows Phone _____ From: [email protected] <mailto:[email protected]> Sent: 4/07/2014 13:17 To: [email protected] <mailto:[email protected]> Subject: RE: [mssms] CM 2012 Role in DMZ So if I had a CAS, site A and Site B (Primary sites). 192.x assigned to Site A, 193.x assigned to site B, (with boundary group assignments) regardless, i would see my clients assigned to site A hitting site B’s MPs? Just really curious, bc I don’t think I’ve seen that behavior in our environment. JEFF CARREON From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of David O'Brien Sent: Friday, July 04, 2014 7:02 AM To: [email protected] <mailto:[email protected]> Subject: RE: [mssms] CM 2012 Role in DMZ MPs are NOT location aware, by default. MP selection has nothing to do with boundaries, at least not if we’re talking about Primary Sites only. It’s a different thing with Secondary Sites, there boundary groups come into play. So, of course, what Robert says is true here ;) Cheers David From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of [email protected] <mailto:[email protected]> Sent: Friday, July 4, 2014 8:53 PM To: [email protected] <mailto:[email protected]> Subject: RE: [mssms] CM 2012 Role in DMZ Is that true even if you have the boundaries and boundary groups set up for the site(s)? Clients from other sites would still hit other MPs on the other sites even though they’re not assign to the group they belong to? JEFF CARREON From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Robert Marshall Sent: Friday, July 04, 2014 4:29 AM To: [email protected] <mailto:[email protected]> Subject: RE: [mssms] CM 2012 Role in DMZ If you’ve got a full blown MP in your DMZ I know a way to make the Clients in the DMZ only use that MP, and not any MP Keep in mind Clients will use any MP in the hierarchy based on Forest\Domain\Security Realm, time of day and wind direction and maybe depends on what shirt John Marcum is wearing at that particular moment, really :) Robert From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Wallace Sent: 03 July 2014 06:31 To: [email protected] <mailto:[email protected]> Subject: Re: [mssms] CM 2012 Role in DMZ You'll need to have an account on that machine which is a local admin. You'll use this account for CM to be able to deploy the services. You will need to establish comms so that the site server can deploy to the DMZ machine. You'll likely want to configure site server initiated communications. This will cause the site server to poll the MP for inbox files rather than these being pushed through the firewall. For the SUP you will need to implement HTTPS (and should anyhow for other services) Regarding the MP you will need to provide access to the database. You can do this either by opening up the firewall, placing a replica in the DMZ or moving the MP behind the firewall and having some kind of proxy going on. For the catalog - not sure On 3 Jul 2014, at 06:08, "Roney George" <[email protected] <mailto:[email protected]> > wrote: Hi, I am planning for installing a MP, SUP, DP and App Catalog Role on a server in DMZ. Are there in How to document how this can be achieved on CM 2012 R2 , SQL 2012 R2 , and Roles are installed on Server 2012. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
