Oh, so it is a "Feature" now. I did not realize that. Thanks.
On Tue, Aug 5, 2014 at 3:46 PM, Belcher, Daniel (US - Hermitage) < [email protected]> wrote: > Yes, otherwise it will just be self-signed. I just wrapped on having to > design something similar to this, give me some time to TechNet dive. Most > of this came from testing, logs, and discussions with MS employees though > rather than what I could research online. > > > > This blog from Adam Meltzer summarizes the selection process of MPs. > > > http://blogs.msdn.com/b/ameltzer/archive/2013/06/17/quick-summary-on-how-management-point-selection-works-in-flexible-formerly-native-mode-in-configuration-manager-2012.aspx > > > > The gist though is either make the HTTPS site less appealing to the client > or let the clients fail to HTTP. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Todd Hemsell > *Sent:* Tuesday, August 5, 2014 3:36 PM > *To:* [email protected] > *Subject:* Re: [mssms] Sanity check on management points and MDM > > > > Any documentation around this and what does "pki enabled" mean? Have a > cert? "but if it’s not PKI enabled it won’t use it and move to the next > MP (your unsecured). " > > > > > > On Tue, Aug 5, 2014 at 3:30 PM, Belcher, Daniel (US - Hermitage) < > [email protected]> wrote: > > It’s not exactly clean, but setting up 2 side by side MPs with one > secured and the other unsecured shouldn’t cause any major impact outside of > your clients native MP assessments. > > > > The largest headaches I’ve seen from this have come from the initial > client install more than anything, and that’s just a matter of pointing > them to the correct MP from the install string. > > > > I might be missing something here in terms of your end goal though that > complicates this more. However it is right, the client will prefer the > HTTPS, but if it’s not PKI enabled it won’t use it and move to the next MP > (your unsecured). > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Todd Hemsell > *Sent:* Tuesday, August 5, 2014 3:16 PM > *To:* [email protected] > *Subject:* Re: [mssms] Sanity check on management points and MDM > > > > too much complexity. I like to keep it simple and easy to maintain. > > > > I do not like to implement things where I am the only one that understands > them or can support them. > > > > On Tue, Aug 5, 2014 at 3:11 PM, Marcum, John <[email protected]> wrote: > > Another option… You could unpublish the HTTPS one if there's a way to > hard code it to the CE clients so they know where to go. > > > > > http://blogs.technet.com/b/michaelgriswold/archive/2014/04/22/how-to-get-clients-to-avoid-one-of-your-management-points.aspx > > > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Todd Hemsell > *Sent:* Tuesday, August 05, 2014 3:04 PM > *To:* [email protected] > *Subject:* Re: [mssms] Sanity check on management points and MDM > > > > well, so much for that. > > > > whoever added The requirement to use https before you can manage devices > needs to be horsewhipped. > > If I want to manage 50 Windows CE scan guns I need to deploy a cert to > every system in the enterprise and force them to use https instead of http. > Makes sense. > > > > On Tue, Aug 5, 2014 at 2:20 PM, Niall Brady <[email protected]> wrote: > > And thep prefer https over http > > Sent from my phone, please excuse any typo's as a result. > > > > > On 05 Aug 2014, at 20:50, "Marcum, John" <[email protected]> wrote: > > No. MP's don't use boundaries. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Todd Hemsell > *Sent:* Tuesday, August 05, 2014 1:48 PM > *To:* [email protected] > *Subject:* [mssms] Sanity check on management points and MDM > > > > Right now I have 1 management point using http > > > > Can I add an https management point for mobile devices on a separate > server and set the subnet the mobile devices are on to use the new > management point without affecting the existing systems and existing > management point? > > > > /Todd > > > ------------------------------ > > > Confidentiality Notice: This e-mail is from a law firm and may be > protected by the attorney-client or work product privileges. If you have > received this message in error, please notify the sender by replying to > this e-mail and then delete it from your computer. > > > ------------------------------ > > > Confidentiality Notice: This e-mail is from a law firm and may be > protected by the attorney-client or work product privileges. If you have > received this message in error, please notify the sender by replying to > this e-mail and then delete it from your computer. > > > > > > > ------------------------------ > > > Confidentiality Notice: This e-mail is from a law firm and may be > protected by the attorney-client or work product privileges. If you have > received this message in error, please notify the sender by replying to > this e-mail and then delete it from your computer. > > > ------------------------------ > > > Confidentiality Notice: This e-mail is from a law firm and may be > protected by the attorney-client or work product privileges. If you have > received this message in error, please notify the sender by replying to > this e-mail and then delete it from your computer. > > > > > > > > > > > > This message (including any attachments) contains confidential information > intended for a specific individual and purpose, and is protected by law. If > you are not the intended recipient, you should delete this message and any > disclosure, copying, or distribution of this message, or the taking of any > action based on it, by you is strictly prohibited. > > v.E.1 > > > > > > > > > > > > > > > >
