Issue with client communication
Question
Hi Guys,
I have a HTTPS MP created for CMG communication purpose. My intention was to ask all internet client machines to communicate to this newly created HTTPS MP and other intranet clients to my normal HTTP MP. But, post creation of HTTPS MP, 90% of my intranet clients started communicating with new MP (All clients are server OS machines). Some servers have client authentication certificate in place, all this servers are communicating to newly created MP with PKI client certificate. And some servers which does not have client authentication certificate are registering as self-signed with newly created HTTPS mp. I checked the boundary group settings for those servers, seems like boundary is configured to contact old HTTP MP. Can some explain why this is happening. I want all the intranet clients to be communicated with old HTTP MP. HTTPS MP is only meant for CMG clients. Can some help me out here.
Answers ( 4 )
Yes, that is correct. You might need to test these settings if you like
Thank you Anoop, I’ll check
I’m not in front of the console so I can’t take a screenshot and share it here.
However, I thought there is a checkbox somewhere in MP properties to allow on internet clients? Have you already configured this? If not, try that out for your HTTPS MP
Another one thing you can try is the preferred MP configuration. Have you already tried that also?
Well, I haven’t tried both. I think you are talking about this:-
On MP General tab, there is are options as “Allow internet and intranet connections” and “Allow internet only connections”
Another one is on hierarchy settings. There is an option to select ‘clients prefer to use management points specified in boundary groups’
I never used the above one, please guide me if these are the settings if you want me to try. Thank you Anoop