Clients check for the MP list every 25 hours to see if there were any changes. If there were changes, then the client will reset itself to use another MP. The same occurs when the client starts up (CCMExec service restart) or if something about the network changes.
Troy L. Martin | Product Manager, Management Infrastructure 1E | Run IT For Less US Mobile: +1 (678) 898-6147 UK Phone : +44 208 326 9141 [email protected]<mailto:[email protected]> | www.1e.com<http://www.1e.com/> Facebook<http://www.facebook.com/1eglobal> | Twitter<https://twitter.com/1e_global/> | YouTube<http://www.youtube.com/1enews> | Blogs<http://blogs.1e.com/> | RSS<http://blogs.1e.com/index.php/feed/> Please consider the environment before printing this e-mail From: [email protected] [mailto:[email protected]] On Behalf Of Justin Chalfant Sent: Monday, September 29, 2014 2:17 PM To: [email protected] Subject: [mssms] RE: Couple questions on IBCM I typically setup a MP to only take connection from the Internet only not Intranet and Internet this MP is typically in a DMZ. Boundaries have nothing to do with setting the client to Intranet or Internet mode it's based on the client being able to communicate with AD internally. That's why your internet clients are still Intranet. Here's a TechNet article going over the cert templates to create: http://technet.microsoft.com/en-us/library/gg682023 I also presented at a user group that goes over creating and issuing the templates you may find helpful: http://memug.wordpress.com/2014/08/08/replay-july-2014-memug/ Thanks, Justin Chalfant Premier Field Engineer - Configuration Manager Public Sector Microsoft Services Tel : (303) 846-2701 Email: [email protected]<mailto:[email protected]> If you have any feedback about my work, please let either myself or my manager Rusty Gray know at [email protected]<mailto:[email protected]> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kent, Mark Sent: Monday, September 29, 2014 9:31 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] Couple questions on IBCM We are looking at putting IBCM into production into the near future and I have two questions. The first involves communication. Our production environment has 3 MP's. I know that as you phase IBCM in that you should set them to both HTTP and HTTPS, and that the client will choose HTTPS first if it's available. Eventually I'd like to set all three to HTTPS only. My question is, I still want the clients to take advantage of intranet only communications while on the LAN (full SCCM features). I am assuming that when the client comes online, if it finds its IP in the normal boundaries, it assumes Intranet. In my test lab with a single MP and it set to HTTPs only, I noticed that the connection type is "Currently intranet" so I assume that's what it means. So if a client then comes in from the Internet, it will see its IP is not in a boundary and switch its connection to Internet (limited set of features). Does this make sense and is it correct? My second question is really about PKI and SCCM in general. I have been reading over some blog articles and the Technet pages on this, but just wondered if anyone had any links they can swear by. I know a little about PKI and I am not our PKI admin (we do have an Enterprise CA). I would like to understand a bit more about the passing of the certs, how they are used by SCCM, etc. Any additional insights are appreciated. Thanks! Mark Kent (MCP) Sr. Desktop Systems Engineer Computing & Technology Services - SUNY Buffalo State ________________________________ Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract.
