Installing new secondary MP, DP & SUP

Question

Hi,

I have a ConfigMgr 2012 (2002) with Primary site, MP, SUP and 2 DPs.

Work-group clients was manged by my site system until i switch to HTTPS.

now all my Work-group clients are undiscovered and un-managed.

Am planing to deploy another MP, DP and SUP for those with HTTP only.

will this work or there is another suggestion can be done?

Also i have a remote site (another domain) which i need to add them to my site system , can i manage them using the new MP?

solved 0
Samer Al Kari 2020-06-05T21:27:48+05:30 5 Answers 181 views Beginner
0

Answers ( 5 )

  2. Guru Vaidya
    1
    2020-06-15T04:19:43+05:30
    Reply

    So if I understood correctly , you are now using CA issues certs … there is no problem for domain joined machines since they receive the certs as part of GPO auto enrollment and the issue is for workgroup machines since they cannot auto enroll these certs.

    I think there is a possibility to issue the certs to workgroup machines as well, you may need to check with your PKI team , they might have specific template to be used for this with certain custom settings.

    Worth to check with PKI team.

    Best answer
  4. Anoop C Nair
    0
    2020-06-13T09:52:30+05:30
    Reply

    Any update on this thread? Hope this helps to answer your question.

    Let us know if there any other question

  6. Guru Vaidya
    1
    2020-06-06T09:26:53+05:30
    Reply

    When you say until you switched HTTPS :

    How were these work-group machines managed ? Did you use self signed ConfigMgr certs for agent communication ?

    Now when you switched to HTTPS, hope you are using / configured required PKI certs and that understanding i think you need to use appropriate client authentication certificate on your end points issued by your PKI should address the problem.

    • Samer Al Kari
      0
      2020-06-06T10:50:33+05:30
      Reply

      Hi Guru,
      Yes, i used to use self signed Cert, after switching to https, PKI cert been enrolled on all the domain end points, and that’s why i need a solution for my work-group clients as it wont be able to communicate with my CA to get the Cert.

  8. Anoop C Nair
    0
    2020-06-05T22:28:36+05:30
    Reply

    If you have trust between those domains then you can use the MP in the other domain to manage clients in a different domain.

    If there is no trust, then you might need build a separate MP,DP , SUP on that remote domain to manage clients from there

    Remote DP installation https://www.anoopcnair.com/remote-dp-installation-error-0x800706ba/

    New DP – https://www.anoopcnair.com/new-configuration-manager-distribution-point/
    New MP – https://www.anoopcnair.com/install-a-new-sccm-management-point-roles/

Leave an answer

Sorry, you do not have permission to answer to this question .