Thanks for additional details. Very interesting environment... Cesar A. Meaning is NOT in words, but inside people! Dr. Myles Munroe My iPad takes half the blame for misspells.
> On Aug 5, 2014, at 6:39 PM, "Belcher, Daniel (US - Hermitage)" > <[email protected]> wrote: > > Haven't encountered any debilitating issues outside of improperly configured > client install strings. However in the non pki portions we are imaging out of > a different environment entirely. Only connecting to SCCM post build. We > have segments of the hierarchy performing OSD but they are generally all pki. > Our environment is rather diverse to say the least in use cases, but I've > not seen any non standard OSD headaches, at least not that I can recall. > > Daniel Belcher > From: elsalvoz > Sent: 8/5/2014 5:35 PM > To: [email protected] > Subject: Re: [mssms] Sanity check on management points and MDM > > Daniel, did you encountered any issues around imaging? or adding a HTTPS MP > internally addressed your OSD issues if you encountered any? > > > Thanks, > Cesar > > >> On Tue, Aug 5, 2014 at 2:12 PM, Belcher, Daniel (US - Hermitage) >> <[email protected]> wrote: >> Hah, I need to write up some scrubbed blogs on all I've been working on, but >> can't share out right as the company I work for loves it's confidentiality. >> Same reason I've been non-existent on these mail groups the past 2 years. >> >> Daniel Belcher >> From: Todd Hemsell >> Sent: 8/5/2014 3:55 PM >> >> To: [email protected] >> Subject: Re: [mssms] Sanity check on management points and MDM >> >> would really like to see your doc if you do not mind. >> I have a few good ones I could trade you :) >> >> >>> On Tue, Aug 5, 2014 at 3:46 PM, Belcher, Daniel (US - Hermitage) >>> <[email protected]> wrote: >>> Yes, otherwise it will just be self-signed. I just wrapped on having to >>> design something similar to this, give me some time to TechNet dive. Most >>> of this came from testing, logs, and discussions with MS employees though >>> rather than what I could research online. >>> >>> >>> >>> This blog from Adam Meltzer summarizes the selection process of MPs. >>> >>> http://blogs.msdn.com/b/ameltzer/archive/2013/06/17/quick-summary-on-how-management-point-selection-works-in-flexible-formerly-native-mode-in-configuration-manager-2012.aspx >>> >>> >>> >>> The gist though is either make the HTTPS site less appealing to the client >>> or let the clients fail to HTTP. >>> >>> >>> >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Todd Hemsell >>> Sent: Tuesday, August 5, 2014 3:36 PM >>> To: [email protected] >>> Subject: Re: [mssms] Sanity check on management points and MDM >>> >>> >>> >>> Any documentation around this and what does "pki enabled" mean? Have a >>> cert? "but if it’s not PKI enabled it won’t use it and move to the next MP >>> (your unsecured). " >>> >>> >>> >>> >>> >>> On Tue, Aug 5, 2014 at 3:30 PM, Belcher, Daniel (US - Hermitage) >>> <[email protected]> wrote: >>> >>> It’s not exactly clean, but setting up 2 side by side MPs with one secured >>> and the other unsecured shouldn’t cause any major impact outside of your >>> clients native MP assessments. >>> >>> >>> >>> The largest headaches I’ve seen from this have come from the initial client >>> install more than anything, and that’s just a matter of pointing them to >>> the correct MP from the install string. >>> >>> >>> >>> I might be missing something here in terms of your end goal though that >>> complicates this more. However it is right, the client will prefer the >>> HTTPS, but if it’s not PKI enabled it won’t use it and move to the next MP >>> (your unsecured). >>> >>> >>> >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Todd Hemsell >>> Sent: Tuesday, August 5, 2014 3:16 PM >>> To: [email protected] >>> Subject: Re: [mssms] Sanity check on management points and MDM >>> >>> >>> >>> too much complexity. I like to keep it simple and easy to maintain. >>> >>> >>> >>> I do not like to implement things where I am the only one that understands >>> them or can support them. >>> >>> >>> >>> On Tue, Aug 5, 2014 at 3:11 PM, Marcum, John <[email protected]> wrote: >>> >>> Another option… You could unpublish the HTTPS one if there's a way to hard >>> code it to the CE clients so they know where to go. >>> >>> >>> >>> http://blogs.technet.com/b/michaelgriswold/archive/2014/04/22/how-to-get-clients-to-avoid-one-of-your-management-points.aspx >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Todd Hemsell >>> Sent: Tuesday, August 05, 2014 3:04 PM >>> To: [email protected] >>> Subject: Re: [mssms] Sanity check on management points and MDM >>> >>> >>> >>> well, so much for that. >>> >>> >>> >>> whoever added The requirement to use https before you can manage devices >>> needs to be horsewhipped. >>> >>> If I want to manage 50 Windows CE scan guns I need to deploy a cert to >>> every system in the enterprise and force them to use https instead of http. >>> Makes sense. >>> >>> >>> >>> On Tue, Aug 5, 2014 at 2:20 PM, Niall Brady <[email protected]> wrote: >>> >>> And thep prefer https over http >>> >>> Sent from my phone, please excuse any typo's as a result. >>> >>> >>> >>> >>> On 05 Aug 2014, at 20:50, "Marcum, John" <[email protected]> wrote: >>> >>> No. MP's don't use boundaries. >>> >>> >>> >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Todd Hemsell >>> Sent: Tuesday, August 05, 2014 1:48 PM >>> To: [email protected] >>> Subject: [mssms] Sanity check on management points and MDM >>> >>> >>> >>> Right now I have 1 management point using http >>> >>> >>> >>> Can I add an https management point for mobile devices on a separate server >>> and set the subnet the mobile devices are on to use the new management >>> point without affecting the existing systems and existing management point? >>> >>> >>> >>> /Todd >>> >>> >>> >>> >>> Confidentiality Notice: This e-mail is from a law firm and may be protected >>> by the attorney-client or work product privileges. If you have received >>> this message in error, please notify the sender by replying to this e-mail >>> and then delete it from your computer. >>> >>> >>> >>> >>> Confidentiality Notice: This e-mail is from a law firm and may be protected >>> by the attorney-client or work product privileges. If you have received >>> this message in error, please notify the sender by replying to this e-mail >>> and then delete it from your computer. >>> >>> >>> >>> >>> >>> >>> >>> >>> Confidentiality Notice: This e-mail is from a law firm and may be protected >>> by the attorney-client or work product privileges. If you have received >>> this message in error, please notify the sender by replying to this e-mail >>> and then delete it from your computer. >>> >>> >>> >>> >>> Confidentiality Notice: This e-mail is from a law firm and may be protected >>> by the attorney-client or work product privileges. If you have received >>> this message in error, please notify the sender by replying to this e-mail >>> and then delete it from your computer. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> This message (including any attachments) contains confidential information >>> intended for a specific individual and purpose, and is protected by law. If >>> you are not the intended recipient, you should delete this message and any >>> disclosure, copying, or distribution of this message, or the taking of any >>> action based on it, by you is strictly prohibited. >>> >>> v.E.1 >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> >> >> > > >
